aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/main/java/com/juick/server/SignatureManager.java26
-rw-r--r--src/main/java/com/juick/server/api/activity/Profile.java5
-rw-r--r--src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java7
3 files changed, 24 insertions, 14 deletions
diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java
index b3b7a301..26e482ad 100644
--- a/src/main/java/com/juick/server/SignatureManager.java
+++ b/src/main/java/com/juick/server/SignatureManager.java
@@ -1,11 +1,14 @@
package com.juick.server;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.juick.User;
import com.juick.server.api.activity.model.Context;
import com.juick.server.api.activity.model.objects.Person;
import com.juick.server.api.webfinger.model.Account;
import com.juick.server.api.webfinger.model.Link;
+import com.juick.service.UserService;
import com.juick.util.DateFormattersHolder;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
@@ -41,7 +44,7 @@ public class SignatureManager {
@Inject
private ObjectMapper jsonMapper;
@Inject
- private ApplicationEventPublisher applicationEventPublisher;
+ private UserService userService;
@Inject
private RestTemplate apClient;
@@ -70,23 +73,28 @@ public class SignatureManager {
logger.info("accepted follower: {}", response.getStatusCodeValue());
}
- public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
- Optional<Context> context = getContext(actor);
+ public User verifySignature(String method, String path, Map<String, String> headers) throws IOException {
+ Signature signature = Signature.fromString(headers.get("signature"));
+ Optional<Context> context = getContext(URI.create(signature.getKeyId()));
if (context.isPresent() && context.get() instanceof Person) {
Person person = (Person) context.get();
Key key = KeystoreManager.publicKeyOf(person);
- Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
+
+ Verifier verifier = new Verifier(key, signature);
try {
boolean result = verifier.verify(method, path, headers);
logger.info("signature is valid: {}", result);
- return result;
+ User user = new User();
+ user.setUri(URI.create(person.getId()));
+ if (key.equals(keystoreManager.getPublicKey())) {
+ return userService.getUserByName(person.getName());
+ }
+ return user;
} catch (NoSuchAlgorithmException | SignatureException | IOException e) {
- logger.info("signature exception", e);
- return false;
+ throw new IOException("Invalid signature");
}
}
- logger.info("person not found");
- return false;
+ throw new IOException("Person not found");
}
public Optional<Context> getContext(URI contextUri) {
Context context = apClient.getForEntity(contextUri, Context.class).getBody();
diff --git a/src/main/java/com/juick/server/api/activity/Profile.java b/src/main/java/com/juick/server/api/activity/Profile.java
index 305b7c4a..2614cded 100644
--- a/src/main/java/com/juick/server/api/activity/Profile.java
+++ b/src/main/java/com/juick/server/api/activity/Profile.java
@@ -268,9 +268,10 @@ public class Profile {
headers.put("content-type", contentType);
headers.put("user-agent", userAgent);
headers.put("accept-encoding", acceptEncoding);
- boolean valid = signatureManager.verifySignature(signature, URI.create(activity.getActor()), "POST",
+ headers.put("signature", signature);
+ User signedUser = signatureManager.verifySignature( "POST",
componentsBuilder.getPath(), headers);
- if (valid) {
+ if ((StringUtils.isNotEmpty(signedUser.getUri().toString()) && signedUser.getUri().equals(URI.create(activity.getActor()))) || !signedUser.isAnonymous()) {
if (activity instanceof Follow) {
Follow followRequest = (Follow) activity;
String actor = followRequest.getActor();
diff --git a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
index 9215d09a..2fd5a2a7 100644
--- a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
+++ b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
@@ -30,6 +30,7 @@ import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;
+import javax.annotation.Nonnull;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
@@ -59,9 +60,9 @@ public class HashParamAuthenticationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(
- HttpServletRequest request,
- HttpServletResponse response,
- FilterChain filterChain) throws ServletException, IOException {
+ @Nonnull HttpServletRequest request,
+ @Nonnull HttpServletResponse response,
+ @Nonnull FilterChain filterChain) throws ServletException, IOException {
String hash = getHashFromRequest(request);