aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/SignatureManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/SignatureManager.java')
-rw-r--r--src/main/java/com/juick/SignatureManager.java42
1 files changed, 32 insertions, 10 deletions
diff --git a/src/main/java/com/juick/SignatureManager.java b/src/main/java/com/juick/SignatureManager.java
index fc92f39a..fed6c368 100644
--- a/src/main/java/com/juick/SignatureManager.java
+++ b/src/main/java/com/juick/SignatureManager.java
@@ -26,6 +26,7 @@ import com.juick.www.api.activity.model.Context;
import com.juick.www.api.activity.model.objects.Person;
import com.juick.www.api.webfinger.model.Account;
import com.juick.www.api.webfinger.model.Link;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
@@ -34,6 +35,8 @@ import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;
+import org.tomitribe.auth.signatures.Base64;
+import org.tomitribe.auth.signatures.MissingRequiredHeaderException;
import org.tomitribe.auth.signatures.Signature;
import org.tomitribe.auth.signatures.Signer;
import org.tomitribe.auth.signatures.Verifier;
@@ -43,10 +46,13 @@ import javax.inject.Inject;
import java.io.IOException;
import java.net.URI;
import java.security.Key;
+import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.time.Instant;
+import java.util.Arrays;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Optional;
@@ -63,35 +69,51 @@ public class SignatureManager {
@Inject
private RestTemplate apClient;
- public void post(Person from, Person to, Context data) throws IOException {
+ public void post(Person from, Person to, Context data) throws IOException, NoSuchAlgorithmException {
UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox());
URI inbox = uriComponentsBuilder.build().toUri();
Instant now = Instant.now();
String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
String host = inbox.getPort() > 0 ? String.format("%s:%d", inbox.getHost(), inbox.getPort()) : inbox.getHost();
- String signatureString = addSignature(from, host, "POST", inbox.getPath(), requestDate);
+ var finalContext = Context.build(data);
+ var payload = jsonMapper.writeValueAsString(finalContext);
+ final byte[] digest = MessageDigest.getInstance("SHA-256").digest(payload.getBytes()); // (1)
+ final String digestHeader = "SHA-256=" + new String(Base64.encodeBase64(digest));
+ String signatureString = addSignature(from, host, "POST", inbox.getPath(), requestDate, digestHeader);
HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.add("Content-Type", Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE);
requestHeaders.add("Date", requestDate);
requestHeaders.add("Host", host);
+ requestHeaders.add("Digest", digestHeader);
requestHeaders.add("Signature", signatureString);
- HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders);
- logger.info("Sending context to {}: {}", to.getId(), jsonMapper.writeValueAsString(data));
+ HttpEntity<Context> request = new HttpEntity<>(finalContext, requestHeaders);
+ logger.info("Sending context to {}: {}", to.getId(), payload);
ResponseEntity<Void> response = apClient.postForEntity(inbox, request, Void.class);
logger.info("Remote response: {}", response.getStatusCodeValue());
}
- public String addSignature(Person from, String host, String method, String path, String dateString) throws IOException {
- return addSignature(from, host, method, path, dateString, keystoreManager);
+ public String addSignature(Person from, String host, String method,
+ String path, String dateString, String digestHeader)
+ throws IOException {
+ return addSignature(from, host, method, path, dateString,
+ digestHeader, keystoreManager);
}
- public String addSignature(Person from, String host, String method, String path, String dateString, KeystoreManager keystoreManager) throws IOException {
- Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null,
- "(request-target)", "host", "date");
+ public String addSignature(Person from, String host, String method,
+ String path, String dateString, String digestHeader,
+ KeystoreManager keystoreManager) throws IOException {
+ List<String> requiredHeaders = StringUtils.isEmpty(digestHeader) ?
+ Arrays.asList("(request-target)", "host", "date")
+ : Arrays.asList("(request-target)", "host", "date", "digest");
+ Signature templateSignature = new Signature(from.getPublicKey().getId(),
+ "rsa-sha256", null, requiredHeaders);
Map<String, String> headers = new HashMap<>();
headers.put("host", host);
headers.put("date", dateString);
+ if (StringUtils.isNotEmpty(digestHeader)) {
+ headers.put("digest", digestHeader);
+ }
Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature);
Signature signature = signer.sign(method, path, headers);
// remove "Signature: " from result
@@ -122,7 +144,7 @@ public class SignatureManager {
} else {
return AnonymousUser.INSTANCE;
}
- } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
+ } catch (NoSuchAlgorithmException | SignatureException | MissingRequiredHeaderException | IOException e) {
logger.warn("Invalid signature {}", signatureString);
}
} else {