summaryrefslogtreecommitdiff
path: root/application.rb
diff options
context:
space:
mode:
authorpdp8 <pdp8@pdp8.info>2023-04-23 16:37:01 +0200
committerpdp8 <pdp8@pdp8.info>2023-04-23 16:37:01 +0200
commitb2b88253f5cc4221b01ed860b02ae156941e03ce (patch)
tree5f7515c52f5937dc594ed460bb20a1e12567d4e7 /application.rb
parentf8afb7dec94bf9248b4032b7e95549361f190f3c (diff)
http signatures (beware of encodings!)
Diffstat (limited to 'application.rb')
-rw-r--r--application.rb49
1 files changed, 28 insertions, 21 deletions
diff --git a/application.rb b/application.rb
index 6abf490..7618855 100644
--- a/application.rb
+++ b/application.rb
@@ -1,6 +1,7 @@
require 'json'
require 'net/http'
require 'uri'
+require 'base64'
USER = "pdp8"
WWW_DOMAIN = "pdp8.info"
@@ -26,29 +27,35 @@ class Application
when "/inbox"
type = "text/plain"
signature_header = {}
- env["HTTP_SIGNATURE"].split(',').each do |pair|
- k, v = pair.split('=')
- signature_header[k] = v.gsub('"', '')
- end
- key_id = signature_header['keyId']
- headers = signature_header['headers']
- signature = Base64.decode64(signature_header['signature'])
- uri = URI(key_id)
- res = Net::HTTP.get_response(uri)
- actor = JSON.parse(res.body)
- key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
+ if env["HTTP_SIGNATURE"].split(',')
+ env["HTTP_SIGNATURE"].split(',').each do |pair|
+ k, v = pair.split('=')
+ signature_header[k] = v.gsub('"', '')
+ end
+ key_id = signature_header['keyId']
+ headers = signature_header['headers']
+ signature = Base64.urlsafe_decode64(signature_header['signature'].encode("ascii-8bit"))
+ uri = URI(key_id)
+ res = Net::HTTP.get_response(uri)
+ actor = JSON.parse(res.body)
+ key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
- comparison_string = headers.split(' ').map do |signed_header_name|
- if signed_header_name == '(request-target)'
- '(request-target): post /inbox'
+ comparison_string = headers.split(' ').map do |signed_header_name|
+ if signed_header_name == '(request-target)'
+ '(request-target): post /inbox'
+ else
+ "#{signed_header_name}: #{env["HTTP_" + signed_header_name.upcase]}"
+ end
+ end.join("\n")
+ if key.verify(OpenSSL::Digest::SHA256.new, signature, comparison_string.encode("ascii-8bit"))
+ input = JSON.parse(env["rack.input"].gets)
+ # p input
+ code = 200
+ response = "OK"
else
- "#{signed_header_name}: #{env["HTTP_" + signed_header_name.upcase]}"
+ code = 401
+ response = 'Request signature could not be verified'
end
- end.join("\n")
- if key.verify(OpenSSL::Digest::SHA256.new, signature, comparison_string)
- input = JSON.parse(env["rack.input"].gets)
- code = 200
- response = "OK"
else
code = 401
response = 'Request signature could not be verified'
@@ -105,7 +112,7 @@ class Application
{
"type": "PropertyValue",
"name": "Matrix",
- "value": "<a rel=\"me\" href=\"https://matrix.to/#/#{MATRIX}\">MATRIX</a>"
+ "value": "<a rel=\"me\" href=\"https://matrix.to/#/#{MATRIX}\">#{MATRIX}</a>"
}
],
"publicKey" => {