bovine.crypto

This module includes wrappers for creating cryptographic identities and the functionality to verify signatures of http requests. BovineClient and BovineActor take care of making properly signed requests.

bovine.crypto.build_validate_http_signature(key_retriever)[source]

Creates a validate_signature function. validate_signature takes the request as parameter and returns the owner if the http signature is valid.

Parameters:: key_retriever – A coroutine that given a key id returns a tuple public_key, owner. Here public_key is assumed to be PEM encoded and owner is an URI. In the Fediverse use case, owner will be the actor id.

Example

async def retrieve(key_id):
    async with aiohttp.ClientSession() as session:
        response = await session.get(key_id)
        data = await response.json()
        key = data.get("publicKey", {})
        return key.get("publicKeyPem"), key.get("owner")

validator = build_validate_http_signature(retrieve)

validator then accepts as argument a werzeug.wrappers.Request object.

bovine.crypto.build_validate_http_signature_raw(key_retriever)[source]: Creates a validate_signature function. validate_signature takes (method, url, headers, body) as parameters and returns the owner if the http signature is valid. The rest of behavior is as build_validate_http_signature.

bovine.crypto.generate_ed25519_private_key() → str[source]: Returns a multicodec/multibase encoded ed25519 private key

bovine.crypto.generate_rsa_public_private_key() → Tuple[str, str][source]

Generates a new pair of RSA public and private keys.

Returns:: pem encoded public and private key

bovine.crypto.private_key_to_did_key(private_key_str: str) → str[source]

Computes public key in did key form of Ed25519 private key

Parameters:: private_key_str – multibase/multicodec encoded Ed25519 private key
Returns:: did:key

async bovine.crypto.validate_moo_auth_signature(request, domain) → Tuple[str | None, str | None][source]

Validates the Moo-Auth-1 signature of the request. Returns the did-key if the signature is valid.

Parameters:

request – The request to validate the signature for.
domain – The domain the request is made to.

Returns:

On success the did key and domain, on failure None, None When no domain is passed the did key and None is returned

class bovine.crypto.http_signature.HttpSignature[source]

Helper class to build http signatures

Usage: Add fields used for signature with with_fields. Then use build_signature or verify depending on use case.

build_message()[source]: Builds the message

build_signature(key_id: str, private_key: str)[source]: Returns the signature string when signed with private_key

property headers: Headers as specified when building http signature

verify(public_key: str, signature: str)[source]: Verifies signature

with_field(field_name, field_value)[source]: Adds a field to be used when building a http signature

class bovine.crypto.signature.Signature(key_id: str, algorithm: str, headers: dict, signature: str)[source]

Helper class to parse HTTP Signatures

property fields: List[str]: Returns the fields that are used when building the signature

static from_signature_header(header)[source]

Takes the signature header and turns into Signature object

The header is assumed of the for key=value,… The keys keyId, algorithm, headers, and signature are parsed. If algorithm is absent it is assumed to be rsa-sha256. The other keys are required.