AkkomaGang/http_signatures
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Compare commits

base: AkkomaGang:ecad901ccf85d99e15d0e52a640beead63321bae
Branches Tags
AkkomaGang:main
AkkomaGang:master
...
compare: AkkomaGang:f1c72225a02aa1915021f6a5c6f19a6e3c12783f
Branches Tags
AkkomaGang:main
AkkomaGang:master

13 commits
ecad901ccf ... f1c72225a0

Author SHA1 Message Date
Floatingghost
f1c72225a0 Update version, tool versions 2024-06-12 18:20:28 +01:00
Natsu Kagami
fd7c4b6d3a Formatting 2024-06-12 18:18:37 +01:00
Natsu Kagami
87c8622d62 Add tests for special headers 2024-06-12 18:18:37 +01:00
Natsu Kagami
d29930f310 Implement support for special headers (created) and (expires) 2024-06-12 18:18:37 +01:00
lain
a97f558d82 Merge branch 'otp26' into 'master' 
OTP26 support

See merge request pleroma/elixir-libraries/http_signatures!6
 2023-12-30 07:02:52 +00:00
lain
cd38cd6b88 Merge branch 'master' into 'otp26' 
# Conflicts:
#   .gitignore
 2023-12-23 11:22:18 +00:00
Mark Felder
9c473ef097 Ignore mix.lock 2023-12-22 18:42:03 -05:00
Mark Felder
9c7049f439 Credo should ignore these lines 2023-12-22 18:37:48 -05:00
Haelwenn
44ceebe5f2 Merge branch 'mix-lock' into 'master' 
.gitignore: mix.lock

See merge request pleroma/elixir-libraries/http_signatures!7
 2023-12-21 21:43:45 +00:00
Haelwenn (lanodan) Monnier
9b2b5fbb48 .gitignore: mix.lock 2023-12-21 22:42:16 +01:00
Mark Felder
0424ad2f8c OTP26 support 2023-12-21 17:16:17 +00:00
Haelwenn
65aab775d7 Merge branch 'reuse' into 'master' 
Make repository REUSE compliant

See merge request pleroma/elixir-libraries/http_signatures!5
 2022-07-21 15:49:50 +00:00
Haelwenn
a7e807e0e0 Merge branch '2022-03-deps' into 'master' 
Update dependencies

See merge request pleroma/elixir-libraries/http_signatures!4
 2022-07-21 15:48:27 +00:00
6 changed files with 96 additions and 10 deletions
Show stats Expand all files Collapse all files

4
.gitignore vendored
View file

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-FileCopyrightText: 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: LGPL-3.0-only
# The directory Mix will write compiled artifacts to.
@ -25,3 +25,5 @@ erl_crash.dump
# Ignore package tarball (built via "mix hex.build").
http_signatures-*.tar
# Counter-productive for libraries
/mix.lock

2
.tool-versions Normal file
View file

@ -0,0 +1,2 @@
elixir 1.17.0-otp-27
erlang 27.0

2
config/config.exs
View file

@ -1,7 +1,7 @@
# SPDX-FileCopyrightText: 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: LGPL-3.0-only
use Mix.Config
import Config
config :http_signatures, adapter: HTTPSignatures.NullAdapter

32
lib/http_signatures/http_signatures.ex
View file

@ -27,7 +27,14 @@ defmodule HTTPSignatures do
end
def validate(headers, signature, public_key) do
sigstring = build_signing_string(headers, signature["headers"])
sigstring =
build_signing_string(
headers,
signature["headers"],
signature["created"],
signature["expires"]
)
Logger.debug("Signature: #{signature["signature"]}")
Logger.debug("Sigstring: #{sigstring}")
{:ok, sig} = Base.decode64(signature["signature"])
@ -71,13 +78,23 @@ defmodule HTTPSignatures do
end
end
def build_signing_string(headers, used_headers) do
def build_signing_string(headers, used_headers, created, expires) do
used_headers
|> Enum.map_join("\n", fn header -> "#{header}: #{headers[header]}" end)
|> Enum.map_join("\n", fn
"(created)" -> "(created): #{created}"
"(expires)" -> "(expires): #{expires}"
header -> "#{header}: #{headers[header]}"
end)
end
def sign(private_key, key_id, headers) do
sigstring = build_signing_string(headers, Map.keys(headers))
sigstring =
build_signing_string(
headers,
Enum.sort(Map.keys(headers)),
headers["(created)"],
headers["(expires)"]
)
signature =
:public_key.sign(sigstring, :sha256, private_key)
@ -86,9 +103,12 @@ defmodule HTTPSignatures do
[
keyId: key_id,
algorithm: "rsa-sha256",
headers: Map.keys(headers) |> Enum.join(" "),
signature: signature
headers: Map.keys(headers) |> Enum.sort() |> Enum.join(" "),
signature: signature,
created: headers["(created)"],
expires: headers["(expires)"]
]
|> Enum.filter(fn {_, v} -> v != nil end)
|> Enum.map_join(",", fn {k, v} -> "#{k}=\"#{v}\"" end)
end
end

2
mix.exs
View file

@ -8,7 +8,7 @@ defmodule HttpSignatures.MixProject do
[
app: :http_signatures,
description: "Library for manipulating and validating HTTP signatures",
version: "0.1.1",
version: "0.1.3",
elixir: "~> 1.7",
elixirc_options: [warnings_as_errors: true],
elixirc_paths: elixirc_paths(Mix.env()),

64
test/http_signatures_test.exs
View file

@ -16,6 +16,10 @@ defmodule HttpSignaturesTest do
"(request-target)" => "post /foo?param=value&pet=dog",
"host" => "example.com",
"date" => "Thu, 05 Jan 2014 21:31:40 GMT",
# the same date, in unix timestamp
"(created)" => "1388957500",
# 10000 seconds later
"(expires)" => "1388967500",
"content-type" => "application/json",
"digest" => "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=",
"content-length" => "18"
@ -29,6 +33,16 @@ defmodule HttpSignaturesTest do
keyId="Test",algorithm="rsa-sha256",headers="(request-target) host date",signature="HUxc9BS3P/kPhSmJo+0pQ4IsCo007vkv6bUm4Qehrx+B1Eo4Mq5/6KylET72ZpMUS80XvjlOPjKzxfeTQj4DiKbAzwJAb4HX3qX6obQTa00/qPDXlMepD2JtTw33yNnm/0xV7fQuvILN/ys+378Ysi082+4xBQFwvhNvSoVsGv4="
"""
# IO.puts HTTPSignatures.sign(@private_key, "Test", %{
# "(request-target)" => "post /foo?param=value&pet=dog",
# "host" => "example.com",
# "(created)" => "1388957500", # the same date, in unix timestamp
# "(expires)" => "1388967500", # 10000 seconds later
# })
@timestamped_signature """
keyId="Test",algorithm="rsa-sha256",headers="(created) (expires) (request-target) host",signature="rR4LdJSX1ZkmFmh9HUxQt0DFFPuYfvaV+mVMhEws6fMkxHO2AE0vAteYp22T7DFRYcCiXoLrqp+53aKaCX1ade2KZM7obKJ78fMZ4jETqUM9P/ziSHCIEmnNohWoGrCkpU775AXmh0A7lsfKeNLYqdYkS6G85asxn1QGWzeE4O8=",created="1388957500",expires="1388967500"
"""
@all_headers_signature """
keyId="Test",algorithm="rsa-sha256",headers="(request-target) host date content-type digest content-length",signature="Ef7MlxLXoBovhil3AlyjtBwAL9g4TN3tibLj7uuNB3CROat/9KaeQ4hW2NiJ+pZ6HQEOx9vYZAyi+7cmIkmJszJCut5kQLAwuX+Ms/mUFvpKlSo9StS2bMXDBNjOh4Auj774GFj4gwjS+3NhFeoqyr/MuN6HsEnkvn6zdgfE2i0="
"""
@ -55,6 +69,11 @@ defmodule HttpSignaturesTest do
assert HTTPSignatures.validate(@headers, signature, @public_key)
end
test "validates the timestamped case" do
signature = HTTPSignatures.split_signature(@timestamped_signature)
assert HTTPSignatures.validate(@headers, signature, @public_key)
end
test "validates the all-headers case" do
signature = HTTPSignatures.split_signature(@all_headers_signature)
assert HTTPSignatures.validate(@headers, signature, @public_key)
@ -62,7 +81,24 @@ defmodule HttpSignaturesTest do
test "it contructs a signing string" do
expected = "date: Thu, 05 Jan 2014 21:31:40 GMT\ncontent-length: 18"
assert expected == HTTPSignatures.build_signing_string(@headers, ["date", "content-length"])
assert expected ==
HTTPSignatures.build_signing_string(
@headers,
["date", "content-length"],
@headers["(created)"],
@headers["(expires)"]
)
expected = "(created): 1388957500\n(expires): 1388967500\ncontent-length: 18"
assert expected ==
HTTPSignatures.build_signing_string(
@headers,
["(created)", "(expires)", "content-length"],
@headers["(created)"],
@headers["(expires)"]
)
end
test "it parses the http signature for a conn" do
@ -208,4 +244,30 @@ defmodule HttpSignaturesTest do
assert HTTPSignatures.validate_conn(conn)
end
test "Signatures are stable on OTP26+ with undefined Map.keys/1 ordering" do
user_ap_id = ~s|https://mastodon.social/users/lambadalambda#main-key|
# credo:disable-for-lines:10 Credo.Check.Readability.MaxLineLength
private_key =
{:RSAPrivateKey, :"two-prime",
28_756_005_415_572_484_042_763_333_825_843_542_309_845_812_712_410_557_401_080_975_665_944_065_546_687_053_162_744_064_118_733_269_231_397_398_437_337_112_118_822_093_392_471_512_223_279_218_516_015_781_047_498_524_701_011_344_834_660_702_300_339_866_912_903_829_480_780_711_421_965_266_995_321_160_936_070_443_834_148_409_010_341_833_400_730_167_696_056_399_186_720_243_079_891_586_296_037_178_998_225_766_461_225_833_387_132_735_728_367_079_742_073_397_917_419_922_243_432_508_105_117_797_420_565_462_233_617_076_268_056_263_255_047_301_378_690_482_484_074_947_841_896_587_287_731_635_988_553_127_288_143_474_145_525_724_255_965_068_001_976_777_796_779_533_346_344_982_614_532_834_052_163_179_471_788_571_859_959_462_813_779_224_935_806_760_043_776_072_659_926_191_283_296_091_970_506_062_030_984_091_470_929_266_003_011,
65_537,
25_233_957_481_263_615_321_105_929_907_140_426_297_194_450_296_637_489_603_371_636_030_768_012_109_037_222_140_003_526_671_473_370_973_612_835_255_371_123_456_268_345_987_778_455_955_579_105_800_632_735_218_909_015_602_715_449_920_523_322_539_825_529_794_789_191_349_004_359_581_262_836_335_214_000_723_765_372_612_446_022_890_653_506_246_486_594_506_922_860_631_830_586_989_403_926_452_005_709_205_303_322_232_716_957_756_646_692_607_039_707_869_476_684_696_402_780_134_400_419_892_792_178_031_077_409_586_563_911_414_056_442_023_360_496_531_178_932_232_960_305_935_443_131_268_902_698_561_476_776_016_479_175_692_849_949_462_150_713_017_077_076_502_024_471_442_627_225_940_981_940_235_409_308_119_456_929_193_383_984_043_313_294_569_986_326_805_396_849_905_695_401_341_785_041_176_269_677_759_870_702_155_638_035_216_833,
177_783_479_898_101_225_090_255_510_574_083_286_496_133_004_386_710_828_810_208_011_585_370_522_423_888_313_371_324_368_555_961_532_882_416_417_904_776_985_934_672_514_976_013_258_017_209_904_688_467_121_759_107_569_488_391_607_820_963_070_360_845_953_724_899_435_077_154_851_205_162_368_630_793_919_412_726_847_267_327_206_524_298_869_094_621_709_415_910_252_626_752_919_831_010_415_748_000_011_171_076_295_507,
161_747_342_509_294_677_375_914_222_076_718_822_400_941_009_725_673_497_592_218_662_627_801_812_486_196_781_966_854_364_060_860_604_565_261_653_867_622_254_133_771_945_941_570_294_029_162_561_824_060_451_304_312_080_304_336_296_778_308_854_167_291_375_658_502_471_854_680_814_450_977_871_287_689_807_234_161_418_665_899_011_960_362_411_939_434_739_945_865_837_893_017_653_193_120_275_492_634_544_890_342_133_073,
123_805_792_744_090_236_231_352_842_624_633_216_540_229_399_990_922_616_477_243_136_560_183_183_131_724_655_293_252_252_262_470_488_414_492_620_912_707_582_908_471_838_976_307_567_979_117_793_613_942_520_560_353_851_471_393_328_796_571_914_616_150_395_685_653_681_393_507_030_443_145_175_121_546_663_534_758_084_477_982_611_022_208_463_716_823_171_582_964_249_502_302_157_684_475_706_308_237_675_051_295_467_455,
43_886_525_847_998_503_945_839_856_828_481_836_213_643_179_195_598_305_296_013_431_479_127_391_086_402_355_569_138_109_796_454_266_603_284_903_628_088_849_398_152_688_446_724_796_197_973_185_747_828_599_800_010_336_328_664_846_259_546_333_289_634_484_977_333_276_691_333_662_550_426_301_283_819_829_290_902_213_203_488_353_612_145_267_697_743_695_099_217_027_471_712_771_550_117_715_775_974_296_614_737_687_265,
90_283_918_084_263_940_362_515_004_232_322_731_054_469_960_381_679_586_824_438_807_054_374_237_285_157_945_298_098_405_267_918_780_650_461_768_149_536_719_331_445_672_754_509_549_303_377_662_269_991_550_734_109_336_424_702_266_640_645_630_618_719_389_738_627_119_442_677_159_263_798_411_854_553_104_387_445_904_992_891_045_248_551_150_818_831_926_648_119_173_927_771_126_688_710_466_061_199_827_928_052_600_203,
:asn1_NOVALUE}
headers = %{host: "test.test", "content-length": 100}
expected_signature =
~s|keyId="https://mastodon.social/users/lambadalambda#main-key",algorithm="rsa-sha256",headers="content-length host",signature="sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A=="|
signature = HTTPSignatures.sign(private_key, user_ap_id, headers)
assert signature == expected_signature
end
end