Basic logic for signing/verifying requests

api/funkwhale_api/federation/factories.py

@@ -0,0 +1,30 @@
+import factory
+import requests
+import requests_http_signature
+
+from funkwhale_api.factories import registry
+
+from . import signing
+
+
+registry.register(signing.get_key_pair, name='federation.KeyPair')
+
+
+@registry.register(name='federation.SignatureAuth')
+class SignatureAuthFactory(factory.Factory):
+    algorithm = 'rsa-sha256'
+    key = factory.LazyFunction(lambda: signing.get_key_pair()[0])
+    key_id = factory.Faker('url')
+
+    class Meta:
+        model = requests_http_signature.HTTPSignatureAuth
+
+
+@registry.register(name='federation.SignedRequest')
+class SignedRequestFactory(factory.Factory):
+    url = factory.Faker('url')
+    method = 'get'
+    auth = factory.SubFactory(SignatureAuthFactory)
+
+    class Meta:
+        model = requests.Request

api/funkwhale_api/federation/signing.py

@@ -0,0 +1,21 @@
+from cryptography.hazmat.primitives import serialization as crypto_serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.backends import default_backend as crypto_default_backend
+
+
+def get_key_pair(size=2048):
+    key = rsa.generate_private_key(
+        backend=crypto_default_backend(),
+        public_exponent=65537,
+        key_size=size
+    )
+    private_key = key.private_bytes(
+        crypto_serialization.Encoding.PEM,
+        crypto_serialization.PrivateFormat.PKCS8,
+        crypto_serialization.NoEncryption())
+    public_key = key.public_key().public_bytes(
+        crypto_serialization.Encoding.PEM,
+        crypto_serialization.PublicFormat.PKCS1
+    )
+
+    return private_key, public_key