1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
package com.juick.server;
import com.juick.server.api.activity.model.Context;
import com.juick.server.api.activity.model.Person;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;
import org.tomitribe.auth.signatures.Signature;
import org.tomitribe.auth.signatures.Signer;
import org.tomitribe.auth.signatures.Verifier;
import javax.inject.Inject;
import java.io.IOException;
import java.net.URI;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.HashMap;
import java.util.Map;
@Component
public class SignatureManager {
private static final Logger logger = LoggerFactory.getLogger(ActivityPubManager.class);
@Inject
private KeystoreManager keystoreManager;
public void post(Person from, Person to, Context data) throws IOException {
UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox());
URI inbox = uriComponentsBuilder.build().toUri();
Instant now = Instant.now();
String requestDate = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneId.of("UTC")).format(now);
Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null,
"(request-target)", "host", "date");
Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature);
Map<String, String> headers = new HashMap<>();
headers.put("host", inbox.getHost());
headers.put("date", requestDate);
Signature signature = signer.sign("POST", inbox.getPath(), headers);
HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.add("Content-Type", Context.ACTIVITY_JSON_MEDIA_TYPE);
requestHeaders.add("Date", requestDate);
requestHeaders.add("Signature", signature.toString().substring(10));
HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders);
//boolean valid = verifySignature(Signature.fromString(requestHeaders.getFirst("Signature")),
// keystoreManager.getPublicKey(), "POST", inbox.getPath(), headers);
ResponseEntity<Void> response = new RestTemplate().postForEntity(inbox, request, Void.class);
logger.info("accepted follower: {}", response.getStatusCode().is2xxSuccessful());
}
public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
Context context = getContext(actor);
if (context instanceof Person) {
Person person = (Person) context;
Key key = KeystoreManager.publicKeyOf(person);
logger.info("data signed by person with key {}", key);
Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
try {
boolean result = verifier.verify(method, path, headers);
logger.info("signature is valid: {}", result);
return result;
} catch (NoSuchAlgorithmException | SignatureException | IOException e) {
logger.info("signature exception", e);
return false;
}
}
logger.info("person not found");
return false;
}
public Context getContext(URI contextUri) {
return new RestTemplate().getForEntity(contextUri, Context.class).getBody();
}
}
|