1 files changed, 113 insertions, 0 deletions

diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java
new file mode 100644
index 00000000..b3b7a301
--- /dev/null
+++ b/src/main/java/com/juick/server/SignatureManager.java
@@ -0,0 +1,113 @@
+package com.juick.server;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.juick.server.api.activity.model.Context;
+import com.juick.server.api.activity.model.objects.Person;
+import com.juick.server.api.webfinger.model.Account;
+import com.juick.server.api.webfinger.model.Link;
+import com.juick.util.DateFormattersHolder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+import org.tomitribe.auth.signatures.Signature;
+import org.tomitribe.auth.signatures.Signer;
+import org.tomitribe.auth.signatures.Verifier;
+import rocks.xmpp.addr.Jid;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.net.URI;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import static com.juick.server.api.activity.model.Context.ACTIVITY_MEDIA_TYPE;
+
+@Component
+public class SignatureManager {
+    private static final Logger logger = LoggerFactory.getLogger(ActivityPubManager.class);
+    @Inject
+    private KeystoreManager keystoreManager;
+    @Inject
+    private ObjectMapper jsonMapper;
+    @Inject
+    private ApplicationEventPublisher applicationEventPublisher;
+    @Inject
+    private RestTemplate apClient;
+
+    public void post(Person from, Person to, Context data) throws IOException {
+        UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox());
+        URI inbox = uriComponentsBuilder.build().toUri();
+        Instant now = Instant.now();
+        String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
+        Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null,
+                "(request-target)", "host", "date");
+        Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature);
+        Map<String, String> headers = new HashMap<>();
+        headers.put("host", inbox.getHost());
+        headers.put("date", requestDate);
+        Signature signature = signer.sign("POST", inbox.getPath(), headers);
+        HttpHeaders requestHeaders = new HttpHeaders();
+        requestHeaders.add("Content-Type", Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE);
+        requestHeaders.add("Date", requestDate);
+        requestHeaders.add("Signature", signature.toString().substring(10));
+        HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders);
+        //boolean valid = verifySignature(Signature.fromString(requestHeaders.getFirst("Signature")),
+        //      keystoreManager.getPublicKey(), "POST", inbox.getPath(), headers);
+        logger.info("Sending context: {}", jsonMapper.writeValueAsString(data));
+        logger.info("Request date: {}", requestDate);
+        ResponseEntity<Void> response = apClient.postForEntity(inbox, request, Void.class);
+        logger.info("accepted follower: {}", response.getStatusCodeValue());
+
+    }
+    public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
+        Optional<Context> context = getContext(actor);
+        if (context.isPresent() && context.get() instanceof Person) {
+            Person person = (Person) context.get();
+            Key key = KeystoreManager.publicKeyOf(person);
+            Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
+            try {
+                boolean result = verifier.verify(method, path, headers);
+                logger.info("signature is valid: {}", result);
+                return result;
+            } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
+                logger.info("signature exception", e);
+                return false;
+            }
+        }
+        logger.info("person not found");
+        return false;
+    }
+    public Optional<Context> getContext(URI contextUri) {
+        Context context = apClient.getForEntity(contextUri, Context.class).getBody();
+        if (context == null) {
+            logger.warn("Cannot identify {}", contextUri);
+            return Optional.empty();
+        }
+        return Optional.of(context);
+    }
+    public Optional<Context> discoverPerson(String acct) {
+        Jid acctId = Jid.of(acct);
+        URI resourceUri = UriComponentsBuilder.fromUriString(
+                String.format("https://%s/.well-known/webfinger?resource=acct:%s", acctId.getDomain(), acct)).build().toUri();
+        Account acctData = apClient.getForEntity(resourceUri, Account.class).getBody();
+        if (acctData != null) {
+            for (Link l : acctData.getLinks()) {
+                if (l.getRel().equals("self") && l.getType().equals(ACTIVITY_MEDIA_TYPE)) {
+                    return getContext(URI.create(l.getHref()));
+                }
+            }
+        }
+        return Optional.empty();
+    }
+}