aboutsummaryrefslogtreecommitdiff
path: root/db/pem.go
blob: 66bf25a47f1f123357e39e8553e381a1f7d89f01 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

package db

import (
	"crypto"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"strings"
	"time"

	"github.com/FChannel0/FChannel-Server/activitypub"
	"github.com/FChannel0/FChannel-Server/webfinger"
	"github.com/gofiber/fiber/v2"
)

func VerifyHeaderSignature(ctx *fiber.Ctx, actor activitypub.Actor) bool {
	s := activitypub.ParseHeaderSignature(ctx.Get("Signature"))

	var method string
	var path string
	var host string
	var date string
	var digest string
	var contentLength string

	var sig string
	for i, e := range s.Headers {
		var nl string
		if i < len(s.Headers)-1 {
			nl = "\n"
		}

		switch e {
		case "(request-target)":
			method = strings.ToLower(ctx.Method())
			path = ctx.Path()
			sig += "(request-target): " + method + " " + path + "" + nl
			break
		case "host":
			host = ctx.Hostname()
			sig += "host: " + host + "" + nl
			break
		case "date":
			date = ctx.Get("date")
			sig += "date: " + date + "" + nl
			break
		case "digest":
			digest = ctx.Get("digest")
			sig += "digest: " + digest + "" + nl
			break
		case "content-length":
			contentLength = ctx.Get("content-length")
			sig += "content-length: " + contentLength + "" + nl
			break
		}
	}

	if s.KeyId != actor.PublicKey.Id {
		return false
	}

	t, _ := time.Parse(time.RFC1123, date)

	if time.Now().UTC().Sub(t).Seconds() > 75 {
		return false
	}

	if ActivityVerify(actor, s.Signature, sig) != nil {
		return false
	}

	return true
}

func ActivityVerify(actor activitypub.Actor, signature string, verify string) error {
	sig, _ := base64.StdEncoding.DecodeString(signature)

	if actor.PublicKey.PublicKeyPem == "" {
		_actor, err := webfinger.FingerActor(actor.Id)
		if err != nil {
			return err
		}
		actor = _actor
	}

	block, _ := pem.Decode([]byte(actor.PublicKey.PublicKeyPem))
	pub, _ := x509.ParsePKIXPublicKey(block.Bytes)

	hashed := sha256.New()
	hashed.Write([]byte(verify))

	return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA256, hashed.Sum(nil), sig)
}