More work on getting auth fetch verification working

2025-04-20 22:10:35 +02:00 · 2025-04-20 22:10:35 +02:00 · 9957ba8302
commit 9957ba8302
parent 7eac1db475
12 changed files with 434 additions and 205 deletions
--- a/web/shared/client.go
+++ b/web/shared/client.go
@ -43,14 +43,14 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
 	var signedString string
 	var usedHeaders []string
 	if config.GlobalConfig.Experimental.UseEd25519Keys {
-		tmp, tmp2, err := CreateSignatureED(method, r.URL, mappedHeaders, privateKeyBytes)
+		tmp, tmp2, err := CreateSignatureED(method, r.URL, headers, privateKeyBytes)
 		if err != nil {
 			return err
 		}
 		signedString = tmp
 		usedHeaders = tmp2
 	} else {
-		tmp, tmp2, err := CreateSignatureRSA(method, r.URL, mappedHeaders, privateKeyBytes)
+		tmp, tmp2, err := CreateSignatureRSA(method, r.URL, headers, privateKeyBytes)
 		if err != nil {
 			return err
 		}
--- a/web/shared/signing.go
+++ b/web/shared/signing.go
@ -2,9 +2,11 @@ package webshared

 import (
 	"encoding/base64"
+	"net/http"
 	"net/url"
 	"strings"

+	"git.mstar.dev/mstar/goutils/maputils"
 	"github.com/rs/zerolog/log"

 	"git.mstar.dev/mstar/linstrom/config"
@ -17,7 +19,7 @@ import (
 func CreateSignatureRSA(
 	method string,
 	target *url.URL,
-	headers map[string]string,
+	headers http.Header,
 	privateKeyBytes []byte,
 ) (string, []string, error) {
 	message, usedHeaders := genPreSignatureString(method, target, headers)
@ -42,7 +44,7 @@ func CreateSignatureRSA(
 func CreateSignatureED(
 	method string,
 	target *url.URL,
-	headers map[string]string,
+	headers http.Header,
 	privateKeyBytes []byte,
 ) (string, []string, error) {
 	message, usedHeaders := genPreSignatureString(method, target, headers)
@ -56,24 +58,37 @@ func CreateSignatureED(
 func genPreSignatureString(
 	method string,
 	target *url.URL,
-	headers map[string]string,
+	headers http.Header,
 ) (string, []string) {
-	dataBuilder := strings.Builder{}
-	dataBuilder.WriteString("(request-target): ")
-	dataBuilder.WriteString(strings.ToLower(method) + " ")
-	dataBuilder.WriteString(target.Path + "\n")
-	dataBuilder.WriteString("host: ")
-	dataBuilder.WriteString(target.Host + "\n")
-	// dataBuilder.WriteString("algorithm: rsa-sha256\n")
-	// usedHeaders := []string{"(request-target)", "algorithm"}
 	usedHeaders := []string{"(request-target)", "host"}
-	for k, v := range headers {
-		dataBuilder.WriteString(k + ": " + v + "\n")
-		usedHeaders = append(usedHeaders, k)
+	usedHeaders = append(usedHeaders, maputils.KeysFromMap(headers)...)
+	return GenerateStringToSign(method, target.Host, target.Path, headers, usedHeaders), usedHeaders
+}
+
+func GenerateStringToSign(
+	method string,
+	host string,
+	path string,
+	headers http.Header,
+	headerOrder []string,
+) string {
+	dataBuilder := strings.Builder{}
+	for _, v := range headerOrder {
+		v = strings.ToLower(v)
+		switch v {
+		case "(request-target)":
+			dataBuilder.WriteString(v + ": " + strings.ToLower(method) + " " + path + "\n")
+		case "host":
+			dataBuilder.WriteString(v + ": " + host + "\n")
+		default:
+			dataBuilder.WriteString(v + ": " + headers.Get(v) + "\n")
+		}
+		// dataBuilder.WriteString(k + ": " + v + "\n")
+		// usedHeaders = append(usedHeaders, k)
 	}
 	tmp := strings.TrimSuffix(dataBuilder.String(), "\n")
 	log.Debug().Str("Raw signature string", tmp).Send()
-	return tmp, usedHeaders
+	return tmp
 }

 // Generate the content of the "Signature" header based on