summaryrefslogtreecommitdiff
path: root/application.rb
diff options
context:
space:
mode:
authorpdp8 <pdp8@pdp8.info>2023-05-04 17:52:56 +0200
committerpdp8 <pdp8@pdp8.info>2023-05-04 17:52:56 +0200
commit7340bf4afb5c0ca8f3d72db8848222508bb8807c (patch)
tree9176951f7fa9b4e3753acbe70c2c8d74ff7a8a37 /application.rb
parent437fadbf926f1811a0ef6b6897b3fd841c2242d5 (diff)
local signature accept
Diffstat (limited to 'application.rb')
-rw-r--r--application.rb70
1 files changed, 31 insertions, 39 deletions
diff --git a/application.rb b/application.rb
index ab42c1f..c821876 100644
--- a/application.rb
+++ b/application.rb
@@ -158,16 +158,17 @@ class Application
body = object.to_json
digest = "SHA-256=" + sha256.base64digest(body)
- signed_string = "(request-target): post /inbox\nhost: #{uri.host}\ndate: #{date}\ndigest: #{digest}"
+ signed_string = "(request-target): post /inbox\nhost: #{uri.host}\ndate: #{date}\ndigest: #{digest}\ncontent-type: application/activity+json"
+ puts signed_string
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
- signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="' + signature + '"'
+ signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="' + signature + '"'
uri = URI.parse(get(url)["inbox"])
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
header = {
- 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
- 'Content-Type' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+ # 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+ 'Content-Type' => 'application/activity+json',
'Host' => uri.host,
'Date' => date,
'Digest' => digest,
@@ -178,8 +179,8 @@ class Application
request.body = body
response = http.request(request)
- # puts(response.body, response.code)
- puts(response.code)
+ puts(response.body, response.code)
+ # puts(response.code)
# puts(response.body["signed_string"])
# puts(response.body["signature"])
end
@@ -200,42 +201,33 @@ class Application
def verify env
# https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb
- puts env
- # puts env.select { |k, v| k.match(/^HTTP_/) }
- # puts env["HTTP_SIGNATURE"] # .split(',').each do |pair|
- begin
- signature_params = {}
- env["HTTP_SIGNATURE"].split(',').each do |pair|
- k, v = pair.split('=')
- signature_params[k] = v.gsub('"', '')
- end
+ # TODO verify digest
+ signature_params = {}
+ env["HTTP_SIGNATURE"].split(',').each do |pair|
+ k, v = pair.split('=')
+ signature_params[k] = v.gsub('"', '')
+ end
- # puts signature_params
- key_id = signature_params['keyId']
- headers = signature_params['headers']
- signature = Base64.decode64(signature_params['signature'])
+ key_id = signature_params['keyId']
+ headers = signature_params['headers']
+ signature = Base64.decode64(signature_params['signature'])
- actor = get key_id
- key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
+ actor = get key_id
+ key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
- comparison = headers.split(' ').map do |signed_params_name|
- if signed_params_name == '(request-target)'
- '(request-target): post /inbox'
- elsif signed_params_name == 'content-type'
- "#{signed_params_name}: #{env["CONTENT_TYPE"]}"
- else
- "#{signed_params_name}: #{env["HTTP_" + signed_params_name.upcase]}"
- end
- end.join("\n")
-
- puts comparison
- # key.verify(OpenSSL::Digest::SHA256.new, signature, comparison)
- key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison)
- rescue => e
- puts e.class
- # puts e.message
- false
- end
+ comparison = headers.split(' ').map do |signed_params_name|
+ if signed_params_name == '(request-target)'
+ '(request-target): post /inbox'
+ elsif signed_params_name == 'content-type'
+ "#{signed_params_name}: #{env["CONTENT_TYPE"]}"
+ else
+ "#{signed_params_name}: #{env["HTTP_" + signed_params_name.upcase]}"
+ end
+ end.join("\n")
+
+ puts comparison
+ puts env["HTTP_SIGNATURE"]
+ key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison)
end
def get url