2020-09-24 13:53:21 +00:00
|
|
|
use crate::ActorType;
|
2020-08-01 13:25:17 +00:00
|
|
|
use activitystreams::unparsed::UnparsedMutExt;
|
2020-07-17 21:11:07 +00:00
|
|
|
use activitystreams_ext::UnparsedExtension;
|
2020-07-01 12:54:29 +00:00
|
|
|
use actix_web::{client::ClientRequest, HttpRequest};
|
2020-08-11 14:31:05 +00:00
|
|
|
use anyhow::{anyhow, Context};
|
2020-07-01 12:54:29 +00:00
|
|
|
use http_signature_normalization_actix::{
|
|
|
|
digest::{DigestClient, SignExt},
|
|
|
|
Config,
|
|
|
|
};
|
2020-09-01 14:25:34 +00:00
|
|
|
use lemmy_utils::{location_info, LemmyError};
|
2020-05-05 14:30:13 +00:00
|
|
|
use log::debug;
|
2020-05-16 14:04:08 +00:00
|
|
|
use openssl::{
|
|
|
|
hash::MessageDigest,
|
|
|
|
pkey::PKey,
|
|
|
|
sign::{Signer, Verifier},
|
|
|
|
};
|
2020-05-05 14:30:13 +00:00
|
|
|
use serde::{Deserialize, Serialize};
|
2020-07-01 12:54:29 +00:00
|
|
|
use sha2::{Digest, Sha256};
|
2020-08-31 13:48:02 +00:00
|
|
|
use url::Url;
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-04-19 17:35:40 +00:00
|
|
|
lazy_static! {
|
|
|
|
static ref HTTP_SIG_CONFIG: Config = Config::new();
|
|
|
|
}
|
|
|
|
|
2020-04-18 18:54:20 +00:00
|
|
|
/// Signs request headers with the given keypair.
|
2020-07-01 12:54:29 +00:00
|
|
|
pub async fn sign(
|
|
|
|
request: ClientRequest,
|
|
|
|
activity: String,
|
2020-08-31 13:48:02 +00:00
|
|
|
actor_id: &Url,
|
|
|
|
private_key: String,
|
2020-07-01 12:54:29 +00:00
|
|
|
) -> Result<DigestClient<String>, LemmyError> {
|
2020-08-31 13:48:02 +00:00
|
|
|
let signing_key_id = format!("{}#main-key", actor_id);
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-07-01 12:54:29 +00:00
|
|
|
let digest_client = request
|
|
|
|
.signature_with_digest(
|
|
|
|
HTTP_SIG_CONFIG.clone(),
|
|
|
|
signing_key_id,
|
|
|
|
Sha256::new(),
|
|
|
|
activity,
|
|
|
|
move |signing_string| {
|
|
|
|
let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
|
2020-08-11 14:31:05 +00:00
|
|
|
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
|
|
|
|
signer.update(signing_string.as_bytes())?;
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-07-01 12:54:29 +00:00
|
|
|
Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
|
|
|
|
},
|
|
|
|
)
|
|
|
|
.await?;
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-07-01 12:54:29 +00:00
|
|
|
Ok(digest_client)
|
2020-04-18 18:54:20 +00:00
|
|
|
}
|
2020-04-10 13:50:40 +00:00
|
|
|
|
2020-07-01 12:54:29 +00:00
|
|
|
pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {
|
2020-08-11 14:31:05 +00:00
|
|
|
let public_key = actor.public_key().context(location_info!())?;
|
2020-04-19 17:35:40 +00:00
|
|
|
let verified = HTTP_SIG_CONFIG
|
|
|
|
.begin_verify(
|
2020-07-01 12:54:29 +00:00
|
|
|
request.method(),
|
|
|
|
request.uri().path_and_query(),
|
|
|
|
request.headers().clone(),
|
2020-04-19 17:35:40 +00:00
|
|
|
)?
|
2020-07-01 12:54:29 +00:00
|
|
|
.verify(|signature, signing_string| -> Result<bool, LemmyError> {
|
2020-04-19 17:35:40 +00:00
|
|
|
debug!(
|
|
|
|
"Verifying with key {}, message {}",
|
2020-08-11 14:31:05 +00:00
|
|
|
&public_key, &signing_string
|
2020-04-19 17:35:40 +00:00
|
|
|
);
|
2020-08-11 14:31:05 +00:00
|
|
|
let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
|
|
|
|
let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
|
|
|
|
verifier.update(&signing_string.as_bytes())?;
|
2020-04-19 17:35:40 +00:00
|
|
|
Ok(verifier.verify(&base64::decode(signature)?)?)
|
|
|
|
})?;
|
|
|
|
|
|
|
|
if verified {
|
|
|
|
debug!("verified signature for {}", &request.uri());
|
|
|
|
Ok(())
|
|
|
|
} else {
|
2020-08-01 14:04:42 +00:00
|
|
|
Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())
|
2020-04-19 17:35:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-04-10 13:50:40 +00:00
|
|
|
// The following is taken from here:
|
|
|
|
// https://docs.rs/activitystreams/0.5.0-alpha.17/activitystreams/ext/index.html
|
|
|
|
|
2020-04-17 15:33:55 +00:00
|
|
|
#[derive(Clone, Debug, Default, Deserialize, Serialize)]
|
2020-04-10 13:50:40 +00:00
|
|
|
#[serde(rename_all = "camelCase")]
|
|
|
|
pub struct PublicKey {
|
|
|
|
pub id: String,
|
|
|
|
pub owner: String,
|
|
|
|
pub public_key_pem: String,
|
|
|
|
}
|
|
|
|
|
2020-04-17 15:33:55 +00:00
|
|
|
#[derive(Clone, Debug, Default, Deserialize, Serialize)]
|
2020-04-10 13:50:40 +00:00
|
|
|
#[serde(rename_all = "camelCase")]
|
|
|
|
pub struct PublicKeyExtension {
|
|
|
|
pub public_key: PublicKey,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl PublicKey {
|
|
|
|
pub fn to_ext(&self) -> PublicKeyExtension {
|
|
|
|
PublicKeyExtension {
|
|
|
|
public_key: self.to_owned(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-17 21:11:07 +00:00
|
|
|
impl<U> UnparsedExtension<U> for PublicKeyExtension
|
|
|
|
where
|
|
|
|
U: UnparsedMutExt,
|
|
|
|
{
|
|
|
|
type Error = serde_json::Error;
|
|
|
|
|
|
|
|
fn try_from_unparsed(unparsed_mut: &mut U) -> Result<Self, Self::Error> {
|
|
|
|
Ok(PublicKeyExtension {
|
|
|
|
public_key: unparsed_mut.remove("publicKey")?,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
fn try_into_unparsed(self, unparsed_mut: &mut U) -> Result<(), Self::Error> {
|
|
|
|
unparsed_mut.insert("publicKey", self.public_key)?;
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|