diff options
Diffstat (limited to 'src/main/java/com/juick/server/SignatureManager.java')
-rw-r--r-- | src/main/java/com/juick/server/SignatureManager.java | 60 |
1 files changed, 41 insertions, 19 deletions
diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java index 9ecdaad5..23f5c37a 100644 --- a/src/main/java/com/juick/server/SignatureManager.java +++ b/src/main/java/com/juick/server/SignatureManager.java @@ -2,6 +2,7 @@ package com.juick.server; import com.fasterxml.jackson.databind.ObjectMapper; import com.juick.User; +import com.juick.model.AnonymousUser; import com.juick.server.api.activity.model.Context; import com.juick.server.api.activity.model.objects.Person; import com.juick.server.api.webfinger.model.Account; @@ -11,7 +12,6 @@ import com.juick.util.DateFormattersHolder; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationEventPublisher; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; @@ -53,28 +53,43 @@ public class SignatureManager { URI inbox = uriComponentsBuilder.build().toUri(); Instant now = Instant.now(); String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now); - Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null, - "(request-target)", "host", "date"); - Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature); - Map<String, String> headers = new HashMap<>(); - headers.put("host", inbox.getHost()); - headers.put("date", requestDate); - Signature signature = signer.sign("POST", inbox.getPath(), headers); + String host = inbox.getPort() > 0 ? String.format("%s:%d", inbox.getHost(), inbox.getPort()) : inbox.getHost(); + String signatureString = addSignature(from, host, "POST", inbox.getPath(), requestDate); + HttpHeaders requestHeaders = new HttpHeaders(); requestHeaders.add("Content-Type", Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE); requestHeaders.add("Date", requestDate); - requestHeaders.add("Signature", signature.toString().substring(10)); + requestHeaders.add("Host", host); + requestHeaders.add("Signature", signatureString); HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders); - //boolean valid = verifySignature(Signature.fromString(requestHeaders.getFirst("Signature")), - // keystoreManager.getPublicKey(), "POST", inbox.getPath(), headers); logger.info("Sending context: {}", jsonMapper.writeValueAsString(data)); logger.info("Request date: {}", requestDate); ResponseEntity<Void> response = apClient.postForEntity(inbox, request, Void.class); logger.info("accepted follower: {}", response.getStatusCodeValue()); + } + + public String addSignature(Person from, String host, String method, String path, String dateString) throws IOException { + return addSignature(from, host, method, path, dateString, keystoreManager); + } + public String addSignature(Person from, String host, String method, String path, String dateString, KeystoreManager keystoreManager) throws IOException { + Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null, + "(request-target)", "host", "date"); + Map<String, String> headers = new HashMap<>(); + headers.put("host", host); + headers.put("date", dateString); + Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature); + Signature signature = signer.sign(method, path, headers); + // remove "Signature: " from result + return signature.toString().substring(10); } + public User verifySignature(String method, String path, Map<String, String> headers) throws IOException { - Signature signature = Signature.fromString(headers.get("signature")); + String signatureString = headers.get("signature"); + if (StringUtils.isEmpty(signatureString)) { + return AnonymousUser.INSTANCE; + } + Signature signature = Signature.fromString(signatureString); Optional<Context> context = getContext(URI.create(signature.getKeyId())); if (context.isPresent() && context.get() instanceof Person) { Person person = (Person) context.get(); @@ -84,12 +99,16 @@ public class SignatureManager { try { boolean result = verifier.verify(method, path, headers); logger.info("signature is valid: {}", result); - User user = new User(); - user.setUri(URI.create(person.getId())); - if (key.equals(keystoreManager.getPublicKey())) { - return userService.getUserByName(person.getName()); + if (result) { + User user = new User(); + user.setUri(URI.create(person.getId())); + if (key.equals(keystoreManager.getPublicKey())) { + return userService.getUserByName(person.getName()); + } + return user; + } else { + return AnonymousUser.INSTANCE; } - return user; } catch (NoSuchAlgorithmException | SignatureException | IOException e) { throw new IOException("Invalid signature"); } @@ -110,9 +129,12 @@ public class SignatureManager { return Optional.empty(); } public Optional<Context> discoverPerson(String acct) { - Jid acctId = Jid.of(acct); + String[] accountParts = acct.split(":", 2); + String account = accountParts[0]; + int port = accountParts.length > 1 ? Integer.valueOf(accountParts[1]) : 80; + Jid acctId = Jid.of(account); URI resourceUri = UriComponentsBuilder.fromUriString( - String.format("https://%s/.well-known/webfinger?resource=acct:%s", acctId.getDomain(), acct)).build().toUri(); + String.format("http://%s:%d/.well-known/webfinger?resource=acct:%s", acctId.getDomain(), port, account)).build().toUri(); Account acctData = apClient.getForEntity(resourceUri, Account.class).getBody(); if (acctData != null) { for (Link l : acctData.getLinks()) { |