diff options
Diffstat (limited to 'src/main/java/com/juick/server/SignatureManager.java')
-rw-r--r-- | src/main/java/com/juick/server/SignatureManager.java | 171 |
1 files changed, 0 insertions, 171 deletions
diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java deleted file mode 100644 index 602b4285..00000000 --- a/src/main/java/com/juick/server/SignatureManager.java +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (C) 2008-2019, Juick - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -package com.juick.server; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.juick.model.User; -import com.juick.model.AnonymousUser; -import com.juick.www.api.activity.model.Context; -import com.juick.www.api.activity.model.objects.Person; -import com.juick.www.api.webfinger.model.Account; -import com.juick.www.api.webfinger.model.Link; -import com.juick.service.UserService; -import com.juick.util.DateFormattersHolder; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Component; -import org.springframework.web.client.RestTemplate; -import org.springframework.web.util.UriComponentsBuilder; -import org.tomitribe.auth.signatures.Signature; -import org.tomitribe.auth.signatures.Signer; -import org.tomitribe.auth.signatures.Verifier; -import rocks.xmpp.addr.Jid; - -import javax.inject.Inject; -import java.io.IOException; -import java.net.URI; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.SignatureException; -import java.time.Instant; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; - -import static com.juick.www.api.activity.model.Context.ACTIVITY_MEDIA_TYPE; - -@Component -public class SignatureManager { - private static final Logger logger = LoggerFactory.getLogger("ActivityPub"); - @Inject - private KeystoreManager keystoreManager; - @Inject - private ObjectMapper jsonMapper; - @Inject - private UserService userService; - @Inject - private RestTemplate apClient; - - public void post(Person from, Person to, Context data) throws IOException { - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox()); - URI inbox = uriComponentsBuilder.build().toUri(); - Instant now = Instant.now(); - String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now); - String host = inbox.getPort() > 0 ? String.format("%s:%d", inbox.getHost(), inbox.getPort()) : inbox.getHost(); - String signatureString = addSignature(from, host, "POST", inbox.getPath(), requestDate); - - HttpHeaders requestHeaders = new HttpHeaders(); - requestHeaders.add("Content-Type", Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE); - requestHeaders.add("Date", requestDate); - requestHeaders.add("Host", host); - requestHeaders.add("Signature", signatureString); - HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders); - logger.info("Sending context to {}: {}", to.getId(), jsonMapper.writeValueAsString(data)); - ResponseEntity<Void> response = apClient.postForEntity(inbox, request, Void.class); - logger.info("Remote response: {}", response.getStatusCodeValue()); - } - - public String addSignature(Person from, String host, String method, String path, String dateString) throws IOException { - return addSignature(from, host, method, path, dateString, keystoreManager); - } - - public String addSignature(Person from, String host, String method, String path, String dateString, KeystoreManager keystoreManager) throws IOException { - Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null, - "(request-target)", "host", "date"); - Map<String, String> headers = new HashMap<>(); - headers.put("host", host); - headers.put("date", dateString); - Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature); - Signature signature = signer.sign(method, path, headers); - // remove "Signature: " from result - return signature.toString().substring(10); - } - - public User verifySignature(String method, String path, Map<String, String> headers) { - String signatureString = headers.get("signature"); - logger.info("Signature: {}", signatureString); - Signature signature = Signature.fromString(signatureString); - Optional<Context> context = getContext(UriComponentsBuilder.fromUriString(signature.getKeyId()) - .fragment(null).build().toUri()); - if (context.isPresent() && context.get() instanceof Person) { - Person person = (Person) context.get(); - Key key = KeystoreManager.publicKeyOf(person); - - Verifier verifier = new Verifier(key, signature); - try { - boolean result = verifier.verify(method, path, headers); - logger.info("signature of {} is valid: {}", signature.getKeyId(), result); - if (result) { - User user = new User(); - user.setUri(URI.create(person.getId())); - if (key.equals(keystoreManager.getPublicKey())) { - return userService.getUserByName(person.getName()); - } - return user; - } else { - return AnonymousUser.INSTANCE; - } - } catch (NoSuchAlgorithmException | SignatureException | IOException e) { - logger.warn("Invalid signature {}", signatureString); - } - } else { - logger.warn("Unknown keyId"); - } - return AnonymousUser.INSTANCE; - } - public Optional<Context> getContext(URI contextUri) { - try { - Context context = apClient.getForEntity(contextUri, Context.class).getBody(); - if (context == null) { - logger.warn("Cannot identify {}", contextUri); - return Optional.empty(); - } - return Optional.of(context); - } catch (Exception e) { - logger.warn("REST Exception on {}: {}", contextUri, e.getMessage()); - } - return Optional.empty(); - } - public Optional<Context> discoverPerson(String acct) { - Jid acctId = Jid.of(acct); - URI resourceUri = UriComponentsBuilder.fromPath("/.well-known/webfinger") - .host(acctId.getDomain()) - .scheme("https") - .queryParam("resource", String.format("%s", acctId.toEscapedString())).build().toUri(); - HttpHeaders headers = new HttpHeaders(); - headers.add("Accept", "application/jrd+json"); - HttpEntity<Void> webfingerRequest = new HttpEntity<>(headers); - ResponseEntity<Account> response = apClient.exchange( - resourceUri, HttpMethod.GET, webfingerRequest, Account.class); - if (response.getStatusCode().is2xxSuccessful()) { - Account acctData = response.getBody(); - if (acctData != null) { - for (Link l : acctData.getLinks()) { - if (l.getRel().equals("self") && l.getType().equals(ACTIVITY_MEDIA_TYPE)) { - return getContext(URI.create(l.getHref())); - } - } - } - } - return Optional.empty(); - } -} |