diff options
Diffstat (limited to 'src/main/java/com/juick/service')
-rw-r--r-- | src/main/java/com/juick/service/ActivityPubService.java | 65 | ||||
-rw-r--r-- | src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java | 10 |
2 files changed, 5 insertions, 70 deletions
diff --git a/src/main/java/com/juick/service/ActivityPubService.java b/src/main/java/com/juick/service/ActivityPubService.java index c2d3f1e7..f89f3261 100644 --- a/src/main/java/com/juick/service/ActivityPubService.java +++ b/src/main/java/com/juick/service/ActivityPubService.java @@ -18,10 +18,8 @@ package com.juick.service; import com.fasterxml.jackson.databind.ObjectMapper; -import com.juick.KeystoreManager; import com.juick.model.AnonymousUser; import com.juick.model.User; -import com.juick.service.activities.DeleteUserEvent; import com.juick.util.DateFormattersHolder; import com.juick.www.api.activity.model.Context; import com.juick.www.api.activity.model.objects.Actor; @@ -29,12 +27,10 @@ import okhttp3.MediaType; import okhttp3.OkHttpClient; import okhttp3.Request; import okhttp3.RequestBody; -import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.cache.annotation.Cacheable; -import org.springframework.context.ApplicationEventPublisher; import org.springframework.core.convert.ConversionService; import org.springframework.dao.DuplicateKeyException; import org.springframework.http.HttpHeaders; @@ -43,21 +39,15 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.tomitribe.auth.signatures.Base64; -import org.tomitribe.auth.signatures.MissingRequiredHeaderException; -import org.tomitribe.auth.signatures.Signature; -import org.tomitribe.auth.signatures.Verifier; import javax.annotation.Nonnull; import javax.inject.Inject; import java.io.IOException; import java.net.URI; -import java.security.Key; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.SignatureException; import java.time.Instant; import java.util.List; -import java.util.Map; import java.util.Optional; @Repository @@ -76,10 +66,6 @@ public class ActivityPubService extends BaseJdbcService implements SocialService @Inject private SignatureService signatureService; @Inject - private ApplicationEventPublisher applicationEventPublisher; - @Inject - private KeystoreManager keystoreManager; - @Inject private User serviceUser; @Inject private ConversionService conversionService; @@ -182,55 +168,4 @@ public class ActivityPubService extends BaseJdbcService implements SocialService return response.code(); } } - - public User verifyActor(String method, String path, Map<String, String> headers) { - String signatureString = headers.get("signature"); - if (StringUtils.isNotEmpty(signatureString)) { - try { - Signature signature = Signature.fromString(signatureString); - var keyId = UriComponentsBuilder.fromUriString(signature.getKeyId()).fragment(null).build().toUri(); - var user = getUserByAccountUri(keyId.toASCIIString()); - Key key = null; - Actor actor = null; - if (!user.isAnonymous()) { - // local user - key = keystoreManager.getPublicKey(); - } else { - var context = get(keyId); - if (context.isPresent()) { - actor = (Actor) context.get(); - key = KeystoreManager.publicKeyOf(actor); - } - } - if (key != null) { - Verifier verifier = new Verifier(key, signature); - try { - boolean result = verifier.verify(method.toLowerCase(), path, headers); - if (result) { - if (!user.isAnonymous()) { - return user; - } else { - if (actor != null) { - User person = new User(); - person.setUri(URI.create(actor.getId())); - if (actor.isSuspended()) { - logger.info("{} is suspended, deleting", actor.getId()); - applicationEventPublisher - .publishEvent(new DeleteUserEvent(this, actor.getId())); - } - return person; - } - } - } - } catch (NoSuchAlgorithmException | SignatureException | MissingRequiredHeaderException - | IOException e) { - logger.warn("Verification error for {}: {}", signature.getKeyId(), e.getMessage()); - } - } - } catch (Exception ex) { - - } - } - return AnonymousUser.INSTANCE; - } } diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java index 55c87383..30cb1512 100644 --- a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java +++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java @@ -17,8 +17,8 @@ package com.juick.service.security; +import com.juick.ActivityPubManager; import com.juick.model.User; -import com.juick.service.ActivityPubService; import com.juick.service.UserService; import com.juick.service.security.entities.JuickUser; import jakarta.servlet.FilterChain; @@ -37,13 +37,13 @@ import java.util.stream.Collectors; public class HTTPSignatureAuthenticationFilter extends BaseAuthenticationFilter { - private final ActivityPubService signatureManager; + private final ActivityPubManager activityPubManager; private final UserService userService; public HTTPSignatureAuthenticationFilter( - final ActivityPubService activityPubService, + final ActivityPubManager activityPubManager, final UserService userService) { - this.signatureManager = activityPubService; + this.activityPubManager = activityPubManager; this.userService = userService; } @@ -54,7 +54,7 @@ public class HTTPSignatureAuthenticationFilter extends BaseAuthenticationFilter Map<String, String> headers = Collections.list(request.getHeaderNames()) .stream() .collect(Collectors.toMap(String::toLowerCase, request::getHeader)); - var user = signatureManager.verifyActor(request.getMethod(), request.getRequestURI(), headers); + var user = activityPubManager.verifyActor(request.getMethod(), request.getRequestURI(), headers); String userUri = user.getUri().toString(); if (!user.isAnonymous() || userUri.length() > 0) { if (userUri.length() == 0) { |