diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/SignatureManager.java')
| -rw-r--r-- | juick-server/src/main/java/com/juick/server/SignatureManager.java | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/SignatureManager.java b/juick-server/src/main/java/com/juick/server/SignatureManager.java new file mode 100644 index 00000000..d89919f0 --- /dev/null +++ b/juick-server/src/main/java/com/juick/server/SignatureManager.java @@ -0,0 +1,79 @@ +package com.juick.server; + +import com.juick.server.api.activity.model.Context; +import com.juick.server.api.activity.model.Person; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.UriComponentsBuilder; +import org.tomitribe.auth.signatures.Signature; +import org.tomitribe.auth.signatures.Signer; +import org.tomitribe.auth.signatures.Verifier; + +import javax.inject.Inject; +import java.io.IOException; +import java.net.URI; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.time.Instant; +import java.time.ZoneId; +import java.time.format.DateTimeFormatter; +import java.util.HashMap; +import java.util.Map; + +@Component +public class SignatureManager { + private static final Logger logger = LoggerFactory.getLogger(ActivityPubManager.class); + @Inject + private KeystoreManager keystoreManager; + + public void post(Person from, Person to, Context data) throws IOException { + UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox()); + URI inbox = uriComponentsBuilder.build().toUri(); + Instant now = Instant.now(); + String requestDate = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneId.of("UTC")).format(now); + Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null, + "(request-target)", "host", "date"); + Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature); + Map<String, String> headers = new HashMap<>(); + headers.put("host", inbox.getHost()); + headers.put("date", requestDate); + Signature signature = signer.sign("POST", inbox.getPath(), headers); + HttpHeaders requestHeaders = new HttpHeaders(); + requestHeaders.add("Content-Type", Context.ACTIVITY_JSON_MEDIA_TYPE); + requestHeaders.add("Date", requestDate); + requestHeaders.add("Signature", signature.toString().substring(10)); + HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders); + //boolean valid = verifySignature(Signature.fromString(requestHeaders.getFirst("Signature")), + // keystoreManager.getPublicKey(), "POST", inbox.getPath(), headers); + ResponseEntity<Void> response = new RestTemplate().postForEntity(inbox, request, Void.class); + logger.info("accepted follower: {}", response.getStatusCode().is2xxSuccessful()); + } + public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) { + Context context = getContext(actor); + if (context instanceof Person) { + Person person = (Person) context; + Key key = KeystoreManager.publicKeyOf(person); + logger.info("data signed by person with key {}", key); + Verifier verifier = new Verifier(key, Signature.fromString(signatureString)); + try { + boolean result = verifier.verify(method, path, headers); + logger.info("signature is valid: {}", result); + return result; + } catch (NoSuchAlgorithmException | SignatureException | IOException e) { + logger.info("signature exception", e); + return false; + } + } + logger.info("person not found"); + return false; + } + public Context getContext(URI contextUri) { + return new RestTemplate().getForEntity(contextUri, Context.class).getBody(); + } +} |