Rename cavage singing func, add import for server
All checks were successful
/ docker (push) Successful in 4m1s
All checks were successful
/ docker (push) Successful in 4m1s
This commit is contained in:
parent
5e13817563
commit
08f6de0bd7
SSH key fingerprint:
SHA256:9VAo09aaVNTWKzPW7Hq2LW+ox9OdwmTSHRoD4mlz1yI
39 changed files with 2035 additions and 364 deletions
|
|
@ -2,8 +2,6 @@ package webshared
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/ed25519"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
|
|
@ -11,12 +9,11 @@ import (
|
|||
"slices"
|
||||
"time"
|
||||
|
||||
"github.com/go-fed/httpsig"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/yaronf/httpsign"
|
||||
|
||||
"git.mstar.dev/mstar/linstrom/config"
|
||||
"git.mstar.dev/mstar/linstrom/shared"
|
||||
"git.mstar.dev/mstar/linstrom/storage-new/models"
|
||||
)
|
||||
|
||||
/*
|
||||
|
|
@ -78,55 +75,32 @@ func RequestSignedRFC9421(
|
|||
func RequestSignedCavage(
|
||||
method, target string,
|
||||
body []byte,
|
||||
keyId string,
|
||||
privateKeyBytes []byte,
|
||||
useEd bool,
|
||||
actor *models.User,
|
||||
) (*http.Response, error) {
|
||||
req, err := http.NewRequest(method, target, bytes.NewBuffer(slices.Clone(body)))
|
||||
req, err := NewRequest(method, target, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
applyDefaultHeaders(req)
|
||||
var prefs []httpsig.Algorithm
|
||||
var key crypto.PrivateKey
|
||||
if useEd {
|
||||
log.Debug().Msg("Using ed25519 cavage")
|
||||
prefs = append(prefs, httpsig.ED25519)
|
||||
key = ed25519.PrivateKey(privateKeyBytes)
|
||||
req.Header.Add("Accept", "application/activity+json")
|
||||
|
||||
var keyBytes []byte
|
||||
if config.GlobalConfig.Experimental.UseEd25519Keys {
|
||||
keyBytes = actor.PrivateKeyEd
|
||||
} else {
|
||||
log.Debug().Msg("Using RSA cavage")
|
||||
// prefs = append(prefs, httpsig.RSA_SHA512, httpsig.RSA_SHA256)
|
||||
prefs = append(prefs, httpsig.RSA_SHA256)
|
||||
tempKey, err := x509.ParsePKCS1PrivateKey(privateKeyBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key = tempKey
|
||||
keyBytes = actor.PrivateKeyRsa
|
||||
}
|
||||
digestAlgorithm := httpsig.DigestSha256
|
||||
headersToSign := []string{httpsig.RequestTarget, "date", "host", "user-agent"}
|
||||
if len(body) > 0 {
|
||||
headersToSign = append(headersToSign, "digest")
|
||||
log.Debug().Msg("Non-empty body, adding digest")
|
||||
} else {
|
||||
// Just to ensure the signer doesn't fuck up
|
||||
body = nil
|
||||
}
|
||||
signer, chosenAlgorithm, err := httpsig.NewSigner(
|
||||
prefs,
|
||||
digestAlgorithm,
|
||||
headersToSign,
|
||||
httpsig.Signature,
|
||||
int64(time.Hour),
|
||||
|
||||
// Sign and send
|
||||
err = SignRequest(
|
||||
req,
|
||||
actor.ID+"#main-key",
|
||||
keyBytes,
|
||||
body,
|
||||
)
|
||||
// err = webshared.SignRequestWithHttpsig(req, linstromActor.ID+"#main-key", keyBytes, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
log.Debug().Any("algorithm", chosenAlgorithm).Msg("Signer chose algorithm")
|
||||
if err = signer.SignRequest(key, keyId, req, body); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
log.Debug().Any("headers", req.Header).Msg("Request post signing")
|
||||
return RequestClient.Do(req)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue