Current state

2025-04-13 20:10:19 +02:00 · 2025-04-13 20:10:19 +02:00 · f4e876a4b1
commit f4e876a4b1
parent e3a97170a9
10 changed files with 191 additions and 20 deletions
--- a/web/shared/client.go
+++ b/web/shared/client.go
@ -1,13 +1,17 @@
 package webshared

 import (
+	"crypto"
+	"crypto/ed25519"
 	"crypto/sha256"
+	"crypto/x509"
 	"io"
 	"net/http"
 	"strings"
 	"time"

 	"git.mstar.dev/mstar/goutils/maputils"
+	"github.com/go-fed/httpsig"
 	"github.com/rs/zerolog/log"

 	"git.mstar.dev/mstar/linstrom/config"
@ -66,7 +70,6 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
 		signedString = tmp
 		usedHeaders = tmp2
 	}
-	log.Debug().Str("string-to-sign", signedString).Any("headers", mappedHeaders).Send()
 	signature := CreateSignatureHeaderContent(
 		keyId,
 		signedString,
@ -77,6 +80,46 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
 	return nil
 }

+func SignWithHttpsig(r *http.Request, keyId string, privateKeyBytes, postBody []byte) error {
+	var privateKey crypto.PrivateKey
+	var preferredAlgorithm []httpsig.Algorithm
+	var digestMethod httpsig.DigestAlgorithm
+	if config.GlobalConfig.Experimental.UseEd25519Keys {
+		log.Debug().Msg("Using ed25519")
+		preferredAlgorithm = []httpsig.Algorithm{httpsig.ED25519}
+		privateKey = ed25519.PrivateKey(privateKeyBytes)
+		digestMethod = httpsig.DigestSha512
+	} else {
+		log.Debug().Msg("Using rsa")
+		preferredAlgorithm = []httpsig.Algorithm{httpsig.RSA_SHA256}
+		key, err := x509.ParsePKCS1PrivateKey(privateKeyBytes)
+		if err != nil {
+			return err
+		}
+		privateKey = key
+		digestMethod = httpsig.DigestSha256
+	}
+	headers := []string{httpsig.RequestTarget, "date", "host"}
+	if postBody != nil {
+		headers = append(headers, "digest")
+	}
+	signer, _, err := httpsig.NewSigner(
+		preferredAlgorithm,
+		digestMethod,
+		headers,
+		httpsig.Signature, time.Now().Add(time.Minute).Unix())
+	if err != nil {
+		return err
+	}
+	err = signer.SignRequest(
+		privateKey,
+		config.GlobalConfig.General.GetFullPublicUrl()+"/api/activitypub/user/"+keyId, r, postBody)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func applyBodyHash(headers http.Header, body []byte) error {
 	if body == nil {
 		return nil
--- a/web/shared/signing.go
+++ b/web/shared/signing.go
@ -46,13 +46,14 @@ func genPreSignatureString(method, target string, headers map[string]string) (st
 	dataBuilder.WriteString("(request-target): ")
 	dataBuilder.WriteString(strings.ToLower(method) + " ")
 	dataBuilder.WriteString(target + "\n")
-	dataBuilder.WriteString("algorithm: rsa-sha256\n")
-	usedHeaders := []string{"(request-target)", "algorithm"}
+	// dataBuilder.WriteString("algorithm: rsa-sha256\n")
+	// usedHeaders := []string{"(request-target)", "algorithm"}
+	usedHeaders := []string{"(request-target)"}
 	for k, v := range headers {
 		dataBuilder.WriteString(k + ": " + v + "\n")
 		usedHeaders = append(usedHeaders, k)
 	}
-	tmp := dataBuilder.String()
+	tmp := strings.TrimSuffix(dataBuilder.String(), "\n")
 	log.Debug().Str("Raw signature string", tmp).Send()
 	return tmp, usedHeaders
 }
@ -73,7 +74,11 @@ func CreateSignatureHeaderContent(userId string, hash string, headerNames ...str
 			builder.WriteRune(' ')
 		}
 	}
-	builder.WriteString("\",algorithm=\"rsa-sha256\",signature=\"")
+	if config.GlobalConfig.Experimental.UseEd25519Keys {
+		builder.WriteString("\",algorithm=\"ed-sha512\",signature=\"")
+	} else {
+		builder.WriteString("\",algorithm=\"rsa-sha256\",signature=\"")
+	}
 	builder.WriteString(hash)
 	builder.WriteRune('"')