aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick/server/SignatureManager.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-10-01 17:58:46 +0300
committerGravatar Vitaly Takmazov2018-10-03 09:06:00 +0300
commitbac87790c6d044e3bfe9781dd285dfa4b33e49ee (patch)
treecafe620a09bf41c85a5c6512ee2611f45b0ab3c1 /juick-server/src/main/java/com/juick/server/SignatureManager.java
parente04371500a9dd469f02024f63ef39117f8a4d649 (diff)
ActivityPub: HTTP Signatures and autoaccept followers
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/SignatureManager.java')
-rw-r--r--juick-server/src/main/java/com/juick/server/SignatureManager.java79
1 files changed, 79 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/SignatureManager.java b/juick-server/src/main/java/com/juick/server/SignatureManager.java
new file mode 100644
index 00000000..d89919f0
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/SignatureManager.java
@@ -0,0 +1,79 @@
+package com.juick.server;
+
+import com.juick.server.api.activity.model.Context;
+import com.juick.server.api.activity.model.Person;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+import org.tomitribe.auth.signatures.Signature;
+import org.tomitribe.auth.signatures.Signer;
+import org.tomitribe.auth.signatures.Verifier;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.net.URI;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class SignatureManager {
+ private static final Logger logger = LoggerFactory.getLogger(ActivityPubManager.class);
+ @Inject
+ private KeystoreManager keystoreManager;
+
+ public void post(Person from, Person to, Context data) throws IOException {
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox());
+ URI inbox = uriComponentsBuilder.build().toUri();
+ Instant now = Instant.now();
+ String requestDate = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneId.of("UTC")).format(now);
+ Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null,
+ "(request-target)", "host", "date");
+ Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature);
+ Map<String, String> headers = new HashMap<>();
+ headers.put("host", inbox.getHost());
+ headers.put("date", requestDate);
+ Signature signature = signer.sign("POST", inbox.getPath(), headers);
+ HttpHeaders requestHeaders = new HttpHeaders();
+ requestHeaders.add("Content-Type", Context.ACTIVITY_JSON_MEDIA_TYPE);
+ requestHeaders.add("Date", requestDate);
+ requestHeaders.add("Signature", signature.toString().substring(10));
+ HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders);
+ //boolean valid = verifySignature(Signature.fromString(requestHeaders.getFirst("Signature")),
+ // keystoreManager.getPublicKey(), "POST", inbox.getPath(), headers);
+ ResponseEntity<Void> response = new RestTemplate().postForEntity(inbox, request, Void.class);
+ logger.info("accepted follower: {}", response.getStatusCode().is2xxSuccessful());
+ }
+ public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
+ Context context = getContext(actor);
+ if (context instanceof Person) {
+ Person person = (Person) context;
+ Key key = KeystoreManager.publicKeyOf(person);
+ logger.info("data signed by person with key {}", key);
+ Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
+ try {
+ boolean result = verifier.verify(method, path, headers);
+ logger.info("signature is valid: {}", result);
+ return result;
+ } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
+ logger.info("signature exception", e);
+ return false;
+ }
+ }
+ logger.info("person not found");
+ return false;
+ }
+ public Context getContext(URI contextUri) {
+ return new RestTemplate().getForEntity(contextUri, Context.class).getBody();
+ }
+}