From 7ada4dd49efc3607780f20ed25546e4223f2cb89 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Wed, 28 Feb 2024 23:44:21 +0300 Subject: ActivityPub: we are using RSA signatures --- src/main/java/com/juick/ActivityPubManager.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/juick/ActivityPubManager.java b/src/main/java/com/juick/ActivityPubManager.java index f4b87b05..e4087308 100644 --- a/src/main/java/com/juick/ActivityPubManager.java +++ b/src/main/java/com/juick/ActivityPubManager.java @@ -49,6 +49,7 @@ import org.springframework.core.convert.ConversionService; import org.springframework.http.MediaType; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; +import org.tomitribe.auth.signatures.Algorithm; import org.tomitribe.auth.signatures.MissingRequiredHeaderException; import org.tomitribe.auth.signatures.Signature; import org.tomitribe.auth.signatures.Verifier; @@ -434,7 +435,7 @@ public class ActivityPubManager implements ActivityListener, NotificationListene public User verifyActor(String method, String path, Map headers) { String signatureString = headers.get("signature"); if (StringUtils.isNotEmpty(signatureString)) { - Signature signature = Signature.fromString(signatureString); + Signature signature = Signature.fromString(signatureString, Algorithm.RSA_SHA256); var keyId = UriComponentsBuilder.fromUriString(signature.getKeyId()).fragment(null).build().toUri(); var user = activityPubService.getUserByAccountUri(keyId.toASCIIString()); Key key = null; -- cgit v1.2.3