From 7340bf4afb5c0ca8f3d72db8848222508bb8807c Mon Sep 17 00:00:00 2001 From: pdp8 Date: Thu, 4 May 2023 17:52:56 +0200 Subject: local signature accept --- application.rb | 70 ++++++++++++++++++++++++++-------------------------------- 1 file changed, 31 insertions(+), 39 deletions(-) diff --git a/application.rb b/application.rb index ab42c1f..c821876 100644 --- a/application.rb +++ b/application.rb @@ -158,16 +158,17 @@ class Application body = object.to_json digest = "SHA-256=" + sha256.base64digest(body) - signed_string = "(request-target): post /inbox\nhost: #{uri.host}\ndate: #{date}\ndigest: #{digest}" + signed_string = "(request-target): post /inbox\nhost: #{uri.host}\ndate: #{date}\ndigest: #{digest}\ncontent-type: application/activity+json" + puts signed_string signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string)) - signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="' + signature + '"' + signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="' + signature + '"' uri = URI.parse(get(url)["inbox"]) http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true header = { - 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', - 'Content-Type' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', + # 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', + 'Content-Type' => 'application/activity+json', 'Host' => uri.host, 'Date' => date, 'Digest' => digest, @@ -178,8 +179,8 @@ class Application request.body = body response = http.request(request) - # puts(response.body, response.code) - puts(response.code) + puts(response.body, response.code) + # puts(response.code) # puts(response.body["signed_string"]) # puts(response.body["signature"]) end @@ -200,42 +201,33 @@ class Application def verify env # https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb - puts env - # puts env.select { |k, v| k.match(/^HTTP_/) } - # puts env["HTTP_SIGNATURE"] # .split(',').each do |pair| - begin - signature_params = {} - env["HTTP_SIGNATURE"].split(',').each do |pair| - k, v = pair.split('=') - signature_params[k] = v.gsub('"', '') - end + # TODO verify digest + signature_params = {} + env["HTTP_SIGNATURE"].split(',').each do |pair| + k, v = pair.split('=') + signature_params[k] = v.gsub('"', '') + end - # puts signature_params - key_id = signature_params['keyId'] - headers = signature_params['headers'] - signature = Base64.decode64(signature_params['signature']) + key_id = signature_params['keyId'] + headers = signature_params['headers'] + signature = Base64.decode64(signature_params['signature']) - actor = get key_id - key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem']) + actor = get key_id + key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem']) - comparison = headers.split(' ').map do |signed_params_name| - if signed_params_name == '(request-target)' - '(request-target): post /inbox' - elsif signed_params_name == 'content-type' - "#{signed_params_name}: #{env["CONTENT_TYPE"]}" - else - "#{signed_params_name}: #{env["HTTP_" + signed_params_name.upcase]}" - end - end.join("\n") - - puts comparison - # key.verify(OpenSSL::Digest::SHA256.new, signature, comparison) - key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison) - rescue => e - puts e.class - # puts e.message - false - end + comparison = headers.split(' ').map do |signed_params_name| + if signed_params_name == '(request-target)' + '(request-target): post /inbox' + elsif signed_params_name == 'content-type' + "#{signed_params_name}: #{env["CONTENT_TYPE"]}" + else + "#{signed_params_name}: #{env["HTTP_" + signed_params_name.upcase]}" + end + end.join("\n") + + puts comparison + puts env["HTTP_SIGNATURE"] + key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison) end def get url -- cgit v1.2.3