aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/server/SignatureManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/server/SignatureManager.java')
-rw-r--r--src/main/java/com/juick/server/SignatureManager.java26
1 files changed, 17 insertions, 9 deletions
diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java
index b3b7a301..26e482ad 100644
--- a/src/main/java/com/juick/server/SignatureManager.java
+++ b/src/main/java/com/juick/server/SignatureManager.java
@@ -1,11 +1,14 @@
package com.juick.server;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.juick.User;
import com.juick.server.api.activity.model.Context;
import com.juick.server.api.activity.model.objects.Person;
import com.juick.server.api.webfinger.model.Account;
import com.juick.server.api.webfinger.model.Link;
+import com.juick.service.UserService;
import com.juick.util.DateFormattersHolder;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
@@ -41,7 +44,7 @@ public class SignatureManager {
@Inject
private ObjectMapper jsonMapper;
@Inject
- private ApplicationEventPublisher applicationEventPublisher;
+ private UserService userService;
@Inject
private RestTemplate apClient;
@@ -70,23 +73,28 @@ public class SignatureManager {
logger.info("accepted follower: {}", response.getStatusCodeValue());
}
- public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
- Optional<Context> context = getContext(actor);
+ public User verifySignature(String method, String path, Map<String, String> headers) throws IOException {
+ Signature signature = Signature.fromString(headers.get("signature"));
+ Optional<Context> context = getContext(URI.create(signature.getKeyId()));
if (context.isPresent() && context.get() instanceof Person) {
Person person = (Person) context.get();
Key key = KeystoreManager.publicKeyOf(person);
- Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
+
+ Verifier verifier = new Verifier(key, signature);
try {
boolean result = verifier.verify(method, path, headers);
logger.info("signature is valid: {}", result);
- return result;
+ User user = new User();
+ user.setUri(URI.create(person.getId()));
+ if (key.equals(keystoreManager.getPublicKey())) {
+ return userService.getUserByName(person.getName());
+ }
+ return user;
} catch (NoSuchAlgorithmException | SignatureException | IOException e) {
- logger.info("signature exception", e);
- return false;
+ throw new IOException("Invalid signature");
}
}
- logger.info("person not found");
- return false;
+ throw new IOException("Person not found");
}
public Optional<Context> getContext(URI contextUri) {
Context context = apClient.getForEntity(contextUri, Context.class).getBody();