From 8d9218e8cd7f18808bbd6b60e8a489cee967efb4 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Fri, 4 Jun 2021 16:02:52 -0700 Subject: added verfication based on signature header with pem keys --- verification.go | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'verification.go') diff --git a/verification.go b/verification.go index 8c6cf98..e193746 100644 --- a/verification.go +++ b/verification.go @@ -17,6 +17,7 @@ import "encoding/base64" import crand "crypto/rand" import "io/ioutil" import "strings" +import "net/http" type Verify struct { Type string @@ -578,10 +579,14 @@ func ActivitySign(db *sql.DB, actor Actor, signature string) string { return "" } -func ActivityVerify(db *sql.DB, actor Actor, signature string, verify string) error { +func ActivityVerify(actor Actor, signature string, verify string) error { sig, _ := base64.StdEncoding.DecodeString(signature) + if actor.PublicKey.PublicKeyPem == "" { + actor = FingerActor(actor.Id) + } + block, _ := pem.Decode([]byte(actor.PublicKey.PublicKeyPem)) pub, _ := x509.ParsePKIXPublicKey(block.Bytes) @@ -590,3 +595,25 @@ func ActivityVerify(db *sql.DB, actor Actor, signature string, verify string) er return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA256, hashed.Sum(nil), sig) } + +func VerifyHeaderSignature(r *http.Request, actor Actor) bool { + method := strings.ToLower(r.Method) + path := r.URL.Path + host := r.Host + date := r.Header.Get("Date") + encSig := r.Header.Get("Signature") + + sig := fmt.Sprintf("(request-target): %s %s\\nhost: %s\\ndate: %s", method, path, host, date) + + t, _ := time.Parse(time.RFC1123, date) + + if(time.Now().Sub(t).Seconds() > 30) { + return false + } + + if ActivityVerify(actor, sig, encSig) != nil { + return false + } + + return true +} -- cgit v1.2.3