aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/server/SignatureManager.java
blob: b3b7a30182d9841f09d0b31a3a5d1dba0a3f3b5c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package com.juick.server;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.juick.server.api.activity.model.Context;
import com.juick.server.api.activity.model.objects.Person;
import com.juick.server.api.webfinger.model.Account;
import com.juick.server.api.webfinger.model.Link;
import com.juick.util.DateFormattersHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;
import org.tomitribe.auth.signatures.Signature;
import org.tomitribe.auth.signatures.Signer;
import org.tomitribe.auth.signatures.Verifier;
import rocks.xmpp.addr.Jid;

import javax.inject.Inject;
import java.io.IOException;
import java.net.URI;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;

import static com.juick.server.api.activity.model.Context.ACTIVITY_MEDIA_TYPE;

@Component
public class SignatureManager {
    private static final Logger logger = LoggerFactory.getLogger(ActivityPubManager.class);
    @Inject
    private KeystoreManager keystoreManager;
    @Inject
    private ObjectMapper jsonMapper;
    @Inject
    private ApplicationEventPublisher applicationEventPublisher;
    @Inject
    private RestTemplate apClient;

    public void post(Person from, Person to, Context data) throws IOException {
        UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(to.getInbox());
        URI inbox = uriComponentsBuilder.build().toUri();
        Instant now = Instant.now();
        String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
        Signature templateSignature = new Signature(from.getPublicKey().getId(), "rsa-sha256", null,
                "(request-target)", "host", "date");
        Signer signer = new Signer(keystoreManager.getPrivateKey(), templateSignature);
        Map<String, String> headers = new HashMap<>();
        headers.put("host", inbox.getHost());
        headers.put("date", requestDate);
        Signature signature = signer.sign("POST", inbox.getPath(), headers);
        HttpHeaders requestHeaders = new HttpHeaders();
        requestHeaders.add("Content-Type", Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE);
        requestHeaders.add("Date", requestDate);
        requestHeaders.add("Signature", signature.toString().substring(10));
        HttpEntity<Context> request = new HttpEntity<>(Context.build(data), requestHeaders);
        //boolean valid = verifySignature(Signature.fromString(requestHeaders.getFirst("Signature")),
        //      keystoreManager.getPublicKey(), "POST", inbox.getPath(), headers);
        logger.info("Sending context: {}", jsonMapper.writeValueAsString(data));
        logger.info("Request date: {}", requestDate);
        ResponseEntity<Void> response = apClient.postForEntity(inbox, request, Void.class);
        logger.info("accepted follower: {}", response.getStatusCodeValue());

    }
    public boolean verifySignature(String signatureString, URI actor, String method, String path, Map<String, String> headers) {
        Optional<Context> context = getContext(actor);
        if (context.isPresent() && context.get() instanceof Person) {
            Person person = (Person) context.get();
            Key key = KeystoreManager.publicKeyOf(person);
            Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
            try {
                boolean result = verifier.verify(method, path, headers);
                logger.info("signature is valid: {}", result);
                return result;
            } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
                logger.info("signature exception", e);
                return false;
            }
        }
        logger.info("person not found");
        return false;
    }
    public Optional<Context> getContext(URI contextUri) {
        Context context = apClient.getForEntity(contextUri, Context.class).getBody();
        if (context == null) {
            logger.warn("Cannot identify {}", contextUri);
            return Optional.empty();
        }
        return Optional.of(context);
    }
    public Optional<Context> discoverPerson(String acct) {
        Jid acctId = Jid.of(acct);
        URI resourceUri = UriComponentsBuilder.fromUriString(
                String.format("https://%s/.well-known/webfinger?resource=acct:%s", acctId.getDomain(), acct)).build().toUri();
        Account acctData = apClient.getForEntity(resourceUri, Account.class).getBody();
        if (acctData != null) {
            for (Link l : acctData.getLinks()) {
                if (l.getRel().equals("self") && l.getType().equals(ACTIVITY_MEDIA_TYPE)) {
                    return getContext(URI.create(l.getHref()));
                }
            }
        }
        return Optional.empty();
    }
}