diff options
| author | FChannel <> | 2021-06-06 18:34:24 -0700 |
|---|---|---|
| committer | FChannel <> | 2021-06-06 18:34:24 -0700 |
| commit | f3a73b3a9f8b7895eeb54f007bde72126eae56d2 (patch) | |
| tree | 53911524a5423a47faa1cce714a0a34b40adfae8 /verification.go | |
| parent | 96f71a374a9b7f7982a1ca750a33b87034aad46c (diff) | |
basic header signature conversion
Diffstat (limited to 'verification.go')
| -rw-r--r-- | verification.go | 77 |
1 files changed, 70 insertions, 7 deletions
diff --git a/verification.go b/verification.go index 86b539e..3215688 100644 --- a/verification.go +++ b/verification.go @@ -18,6 +18,7 @@ import crand "crypto/rand" import "io/ioutil" import "strings" import "net/http" +import "regexp" type Verify struct { Type string @@ -33,6 +34,12 @@ type VerifyCooldown struct { Time int } +type Signature struct { + KeyId string + Headers []string + Signature string +} + func DeleteBoardMod(db *sql.DB, verify Verify) { query := `select code from boardaccess where identifier=$1 and board=$1` @@ -597,13 +604,38 @@ func ActivityVerify(actor Actor, signature string, verify string) error { } func VerifyHeaderSignature(r *http.Request, actor Actor) bool { - method := strings.ToLower(r.Method) - path := r.URL.Path - host := r.Host - date := r.Header.Get("Date") - encSig := r.Header.Get("Signature") + s := ParseHeaderSignature(r.Header.Get("Signature")) + + var method string + var path string + var host string + var date string + + var sig string + for _, e := range s.Headers { + if e == "(request-target)" { + method = strings.ToLower(r.Method) + path = r.URL.Path + sig += "(request-target): " + method + " " + path + "\\n" + continue + } - sig := fmt.Sprintf("(request-target): %s %s\\nhost: %s\\ndate: %s", method, path, host, date) + if e == "host" { + host = r.Host + sig += "host: " + host + "\\n" + continue + } + + if e == "date" { + date = r.Header.Get("date") + sig += "date: " + date + continue + } + } + + if s.KeyId != actor.PublicKey.Id { + return false + } t, _ := time.Parse(time.RFC1123, date) @@ -611,9 +643,40 @@ func VerifyHeaderSignature(r *http.Request, actor Actor) bool { return false } - if ActivityVerify(actor, encSig, sig) != nil { + if ActivityVerify(actor, s.Signature, sig) != nil { return false } return true } + +func ParseHeaderSignature(signature string) Signature { + var nsig Signature + + keyId := regexp.MustCompile(`keyId=`) + headers := regexp.MustCompile(`headers=`) + sig := regexp.MustCompile(`signature=`) + + signature = strings.ReplaceAll(signature, "\"", "") + parts := strings.Split(signature, ",") + + for _, e := range parts { + if keyId.MatchString(e) { + nsig.KeyId = keyId.ReplaceAllString(e, "") + continue + } + + if headers.MatchString(e) { + header := headers.ReplaceAllString(e, "") + nsig.Headers = strings.Split(header, " ") + continue + } + + if sig.MatchString(e) { + nsig.Signature = sig.ReplaceAllString(e, "") + continue + } + } + + return nsig +} |