1 files changed, 17 insertions, 9 deletions

diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java
index b3b7a301..26e482ad 100644
--- a/src/main/java/com/juick/server/SignatureManager.java
+++ b/src/main/java/com/juick/server/SignatureManager.java
@@ -1,11 +1,14 @@
 package com.juick.server;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.juick.User;
 import com.juick.server.api.activity.model.Context;
 import com.juick.server.api.activity.model.objects.Person;
 import com.juick.server.api.webfinger.model.Account;
 import com.juick.server.api.webfinger.model.Link;
+import com.juick.service.UserService;
 import com.juick.util.DateFormattersHolder;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationEventPublisher;
@@ -41,7 +44,7 @@ public class SignatureManager {
     @Inject
     private ObjectMapper jsonMapper;
     @Inject
-    private ApplicationEventPublisher applicationEventPublisher;
+    private UserService userService;
     @Inject
     private RestTemplate apClient;
 
@@ -70,23 +73,28 @@ public class SignatureManager {
         logger.info("accepted follower: {}", response.getStatusCodeValue());
 
     }
-    public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
-        Optional<Context> context = getContext(actor);
+    public User verifySignature(String method, String path, Map<String, String> headers) throws IOException {
+        Signature signature = Signature.fromString(headers.get("signature"));
+        Optional<Context> context = getContext(URI.create(signature.getKeyId()));
         if (context.isPresent() && context.get() instanceof Person) {
             Person person = (Person) context.get();
             Key key = KeystoreManager.publicKeyOf(person);
-            Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
+
+            Verifier verifier = new Verifier(key, signature);
             try {
                 boolean result = verifier.verify(method, path, headers);
                 logger.info("signature is valid: {}", result);
-                return result;
+                User user = new User();
+                user.setUri(URI.create(person.getId()));
+                if (key.equals(keystoreManager.getPublicKey())) {
+                    return userService.getUserByName(person.getName());
+                }
+                return user;
             } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
-                logger.info("signature exception", e);
-                return false;
+                throw new IOException("Invalid signature");
             }
         }
-        logger.info("person not found");
-        return false;
+        throw new IOException("Person not found");
     }
     public Optional<Context> getContext(URI contextUri) {
         Context context = apClient.getForEntity(contextUri, Context.class).getBody();