1 files changed, 28 insertions, 1 deletions

diff --git a/verification.go b/verification.go
index 8c6cf98..e193746 100644
--- a/verification.go
+++ b/verification.go
@@ -17,6 +17,7 @@ import "encoding/base64"
 import crand "crypto/rand"
 import "io/ioutil"
 import "strings"
+import "net/http"
 
 type Verify struct {
 	Type string
@@ -578,10 +579,14 @@ func ActivitySign(db *sql.DB, actor Actor, signature string) string {
 	return ""
 }
 
-func ActivityVerify(db *sql.DB, actor Actor, signature string, verify string) error {
+func ActivityVerify(actor Actor, signature string, verify string) error {
 
 	sig, _ := base64.StdEncoding.DecodeString(signature)
 
+	if actor.PublicKey.PublicKeyPem == "" {
+		actor = FingerActor(actor.Id)
+	}
+
 	block, _ := pem.Decode([]byte(actor.PublicKey.PublicKeyPem))
 	pub, _ := x509.ParsePKIXPublicKey(block.Bytes)
 
@@ -590,3 +595,25 @@ func ActivityVerify(db *sql.DB, actor Actor, signature string, verify string) er
 
 	return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA256, hashed.Sum(nil), sig)
 }
+
+func VerifyHeaderSignature(r *http.Request, actor Actor) bool {
+	method := strings.ToLower(r.Method)
+	path := r.URL.Path
+	host := r.Host
+	date := r.Header.Get("Date")
+	encSig := r.Header.Get("Signature")
+
+	sig := fmt.Sprintf("(request-target): %s %s\\nhost: %s\\ndate: %s", method, path, host, date)
+
+	t, _ := time.Parse(time.RFC1123, date)
+
+	if(time.Now().Sub(t).Seconds() > 30) {
+		return false
+	}
+	
+	if ActivityVerify(actor, sig, encSig) != nil {
+		return false
+	}
+	
+	return true
+}