git.squeep.com Git - akkoma/blob - lib/pleroma/web/http_signatures/http_signatures.ex

   1 # https://tools.ietf.org/html/draft-cavage-http-signatures-08
   2 defmodule Pleroma.Web.HTTPSignatures do
   3   alias Pleroma.User
   4
   5   def split_signature(sig) do
   6     default = %{"headers" => "date"}
   7
   8     sig = sig
   9     |> String.trim()
  10     |> String.split(",")
  11     |> Enum.reduce(default, fn(part, acc) ->
  12       [key | rest] = String.split(part, "=")
  13       value = Enum.join(rest, "=")
  14       Map.put(acc, key, String.trim(value, "\""))
  15     end)
  16
  17     Map.put(sig, "headers", String.split(sig["headers"], ~r/\s/))
  18   end
  19
  20   def validate(headers, signature, public_key) do
  21     sigstring = build_signing_string(headers, signature["headers"])
  22     {:ok, sig} = Base.decode64(signature["signature"])
  23     :public_key.verify(sigstring, :sha256, sig, public_key)
  24   end
  25
  26   def validate_conn(conn) do
  27     # TODO: How to get the right key and see if it is actually valid for that request.
  28     # For now, fetch the key for the actor.
  29     with actor_id <- conn.params["actor"],
  30          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
  31       validate_conn(conn, public_key)
  32     else
  33       _ -> false
  34     end
  35   end
  36
  37   def validate_conn(conn, public_key) do
  38     headers = Enum.into(conn.req_headers, %{})
  39     signature = split_signature(headers["signature"])
  40     validate(headers, signature, public_key)
  41   end
  42
  43   def build_signing_string(headers, used_headers) do
  44     used_headers
  45     |> Enum.map(fn (header) -> "#{header}: #{headers[header]}" end)
  46     |> Enum.join("\n")
  47   end
  48 end