This commit is contained in:
parent
e3a97170a9
commit
f4e876a4b1
SSH key fingerprint:
SHA256:vkXfS9FG2pVNVfvDrzd1VW9n8VJzqqdKQGljxxX8uK8
10 changed files with 191 additions and 20 deletions
|
|
@ -1,13 +1,17 @@
|
|||
package webshared
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/ed25519"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.mstar.dev/mstar/goutils/maputils"
|
||||
"github.com/go-fed/httpsig"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
||||
"git.mstar.dev/mstar/linstrom/config"
|
||||
|
|
@ -66,7 +70,6 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
|
|||
signedString = tmp
|
||||
usedHeaders = tmp2
|
||||
}
|
||||
log.Debug().Str("string-to-sign", signedString).Any("headers", mappedHeaders).Send()
|
||||
signature := CreateSignatureHeaderContent(
|
||||
keyId,
|
||||
signedString,
|
||||
|
|
@ -77,6 +80,46 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
|
|||
return nil
|
||||
}
|
||||
|
||||
func SignWithHttpsig(r *http.Request, keyId string, privateKeyBytes, postBody []byte) error {
|
||||
var privateKey crypto.PrivateKey
|
||||
var preferredAlgorithm []httpsig.Algorithm
|
||||
var digestMethod httpsig.DigestAlgorithm
|
||||
if config.GlobalConfig.Experimental.UseEd25519Keys {
|
||||
log.Debug().Msg("Using ed25519")
|
||||
preferredAlgorithm = []httpsig.Algorithm{httpsig.ED25519}
|
||||
privateKey = ed25519.PrivateKey(privateKeyBytes)
|
||||
digestMethod = httpsig.DigestSha512
|
||||
} else {
|
||||
log.Debug().Msg("Using rsa")
|
||||
preferredAlgorithm = []httpsig.Algorithm{httpsig.RSA_SHA256}
|
||||
key, err := x509.ParsePKCS1PrivateKey(privateKeyBytes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
privateKey = key
|
||||
digestMethod = httpsig.DigestSha256
|
||||
}
|
||||
headers := []string{httpsig.RequestTarget, "date", "host"}
|
||||
if postBody != nil {
|
||||
headers = append(headers, "digest")
|
||||
}
|
||||
signer, _, err := httpsig.NewSigner(
|
||||
preferredAlgorithm,
|
||||
digestMethod,
|
||||
headers,
|
||||
httpsig.Signature, time.Now().Add(time.Minute).Unix())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = signer.SignRequest(
|
||||
privateKey,
|
||||
config.GlobalConfig.General.GetFullPublicUrl()+"/api/activitypub/user/"+keyId, r, postBody)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func applyBodyHash(headers http.Header, body []byte) error {
|
||||
if body == nil {
|
||||
return nil
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue