aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/service
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/service')
-rw-r--r--src/main/java/com/juick/service/ActivityPubService.java65
-rw-r--r--src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java10
2 files changed, 5 insertions, 70 deletions
diff --git a/src/main/java/com/juick/service/ActivityPubService.java b/src/main/java/com/juick/service/ActivityPubService.java
index c2d3f1e7..f89f3261 100644
--- a/src/main/java/com/juick/service/ActivityPubService.java
+++ b/src/main/java/com/juick/service/ActivityPubService.java
@@ -18,10 +18,8 @@
package com.juick.service;
import com.fasterxml.jackson.databind.ObjectMapper;
-import com.juick.KeystoreManager;
import com.juick.model.AnonymousUser;
import com.juick.model.User;
-import com.juick.service.activities.DeleteUserEvent;
import com.juick.util.DateFormattersHolder;
import com.juick.www.api.activity.model.Context;
import com.juick.www.api.activity.model.objects.Actor;
@@ -29,12 +27,10 @@ import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
-import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.Cacheable;
-import org.springframework.context.ApplicationEventPublisher;
import org.springframework.core.convert.ConversionService;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.http.HttpHeaders;
@@ -43,21 +39,15 @@ import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import org.tomitribe.auth.signatures.Base64;
-import org.tomitribe.auth.signatures.MissingRequiredHeaderException;
-import org.tomitribe.auth.signatures.Signature;
-import org.tomitribe.auth.signatures.Verifier;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import java.io.IOException;
import java.net.URI;
-import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.security.SignatureException;
import java.time.Instant;
import java.util.List;
-import java.util.Map;
import java.util.Optional;
@Repository
@@ -76,10 +66,6 @@ public class ActivityPubService extends BaseJdbcService implements SocialService
@Inject
private SignatureService signatureService;
@Inject
- private ApplicationEventPublisher applicationEventPublisher;
- @Inject
- private KeystoreManager keystoreManager;
- @Inject
private User serviceUser;
@Inject
private ConversionService conversionService;
@@ -182,55 +168,4 @@ public class ActivityPubService extends BaseJdbcService implements SocialService
return response.code();
}
}
-
- public User verifyActor(String method, String path, Map<String, String> headers) {
- String signatureString = headers.get("signature");
- if (StringUtils.isNotEmpty(signatureString)) {
- try {
- Signature signature = Signature.fromString(signatureString);
- var keyId = UriComponentsBuilder.fromUriString(signature.getKeyId()).fragment(null).build().toUri();
- var user = getUserByAccountUri(keyId.toASCIIString());
- Key key = null;
- Actor actor = null;
- if (!user.isAnonymous()) {
- // local user
- key = keystoreManager.getPublicKey();
- } else {
- var context = get(keyId);
- if (context.isPresent()) {
- actor = (Actor) context.get();
- key = KeystoreManager.publicKeyOf(actor);
- }
- }
- if (key != null) {
- Verifier verifier = new Verifier(key, signature);
- try {
- boolean result = verifier.verify(method.toLowerCase(), path, headers);
- if (result) {
- if (!user.isAnonymous()) {
- return user;
- } else {
- if (actor != null) {
- User person = new User();
- person.setUri(URI.create(actor.getId()));
- if (actor.isSuspended()) {
- logger.info("{} is suspended, deleting", actor.getId());
- applicationEventPublisher
- .publishEvent(new DeleteUserEvent(this, actor.getId()));
- }
- return person;
- }
- }
- }
- } catch (NoSuchAlgorithmException | SignatureException | MissingRequiredHeaderException
- | IOException e) {
- logger.warn("Verification error for {}: {}", signature.getKeyId(), e.getMessage());
- }
- }
- } catch (Exception ex) {
-
- }
- }
- return AnonymousUser.INSTANCE;
- }
}
diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
index 55c87383..30cb1512 100644
--- a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
+++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
@@ -17,8 +17,8 @@
package com.juick.service.security;
+import com.juick.ActivityPubManager;
import com.juick.model.User;
-import com.juick.service.ActivityPubService;
import com.juick.service.UserService;
import com.juick.service.security.entities.JuickUser;
import jakarta.servlet.FilterChain;
@@ -37,13 +37,13 @@ import java.util.stream.Collectors;
public class HTTPSignatureAuthenticationFilter extends BaseAuthenticationFilter {
- private final ActivityPubService signatureManager;
+ private final ActivityPubManager activityPubManager;
private final UserService userService;
public HTTPSignatureAuthenticationFilter(
- final ActivityPubService activityPubService,
+ final ActivityPubManager activityPubManager,
final UserService userService) {
- this.signatureManager = activityPubService;
+ this.activityPubManager = activityPubManager;
this.userService = userService;
}
@@ -54,7 +54,7 @@ public class HTTPSignatureAuthenticationFilter extends BaseAuthenticationFilter
Map<String, String> headers = Collections.list(request.getHeaderNames())
.stream()
.collect(Collectors.toMap(String::toLowerCase, request::getHeader));
- var user = signatureManager.verifyActor(request.getMethod(), request.getRequestURI(), headers);
+ var user = activityPubManager.verifyActor(request.getMethod(), request.getRequestURI(), headers);
String userUri = user.getUri().toString();
if (!user.isAnonymous() || userUri.length() > 0) {
if (userUri.length() == 0) {