From cdd03aa64548810591e043fb59a287a1b36c92ba Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 5 Jan 2023 11:00:50 +0300
Subject: ActivityPub: signed GET requests, fix Signature verification
---
.../java/com/juick/service/SignatureService.java | 57 ++++++++++++++++++++++
1 file changed, 57 insertions(+)
create mode 100644 src/main/java/com/juick/service/SignatureService.java
(limited to 'src/main/java/com/juick/service/SignatureService.java')
diff --git a/src/main/java/com/juick/service/SignatureService.java b/src/main/java/com/juick/service/SignatureService.java
new file mode 100644
index 00000000..12d9d67b
--- /dev/null
+++ b/src/main/java/com/juick/service/SignatureService.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2008-2022, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+package com.juick.service;
+
+import com.juick.KeystoreManager;
+import com.juick.www.api.activity.model.objects.Actor;
+import org.apache.commons.lang3.StringUtils;
+import org.tomitribe.auth.signatures.*;
+import java.io.IOException;
+import java.util.*;
+
+public class SignatureService {
+
+ private KeystoreManager keystoreManager;
+
+ public SignatureService(KeystoreManager keystoreManager) {
+ this.keystoreManager = keystoreManager;
+ }
+
+ public String addSignature(Actor from, String host, String method, String path, String dateString,
+ String digestHeader) throws IOException {
+ return addSignature(from, host, method, path, dateString, digestHeader, keystoreManager);
+ }
+
+ public String addSignature(Actor from, String host, String method, String path, String dateString,
+ String digestHeader, KeystoreManager keystoreManager) throws IOException {
+ List requiredHeaders = StringUtils.isEmpty(digestHeader)
+ ? Arrays.asList("(request-target)", "host", "date")
+ : Arrays.asList("(request-target)", "host", "date", "digest");
+ Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null, requiredHeaders);
+ Map headers = new HashMap<>();
+ headers.put("host", host);
+ headers.put("date", dateString);
+ if (StringUtils.isNotEmpty(digestHeader)) {
+ headers.put("digest", digestHeader);
+ }
+ Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature);
+ Signature signature = signer.sign(method.toLowerCase(), path, headers);
+ // remove "Signature: " from result
+ return signature.toString().substring(10);
+ }
+}
--
cgit v1.2.3