WIP: put a shape on a LDPSourceKeyPair model (#236)
Didn't get much time today but just to get something up that can be looked at (it is missing a lot but just to move the discussion a long).
@calummackervoy, I am wondering if this what you had in mind? A model on the djangoldp
core side which re-uses the RSAKey
model? Following your logic in #236 (comment 56015), if a LDPSource
has a linked key pair, then it is "trusted" and incoming requests can be verified using the locally stored public key part. The management command will easy the UX of importing a key and linking it with a source (I will also prepare something on the Django admin side too).
Sooo, then I can imagine when we receive requests, we can pull out the @id
, do a lookup with something like LDPSourceKeyPair.objects.get(source=id)
and if we find nothing, then we know to reject. Otherwise, we can verify.
And yeah, I can use a check against settings.SITE_URL
to know if the key pair matches the local server. Then I can use that key pair to sign outgoing requests.
With some feedback on this, I can hammer it out and then can get onto the signing/verifying code shortly after.