From 9cefbaf01625cbb4b892ce2b767f79ceb155110b Mon Sep 17 00:00:00 2001 From: Roger Braun Date: Mon, 18 Sep 2017 11:39:57 +0200 Subject: [PATCH] Start of HTTP Signatures. --- .../web/http_signatures/http_signatures.ex | 27 +++++++++++ test/web/http_sigs/http_sig_test.exs | 48 +++++++++++++++++++ test/web/http_sigs/priv.key | 15 ++++++ test/web/http_sigs/pub.key | 6 +++ 4 files changed, 96 insertions(+) create mode 100644 lib/pleroma/web/http_signatures/http_signatures.ex create mode 100644 test/web/http_sigs/http_sig_test.exs create mode 100644 test/web/http_sigs/priv.key create mode 100644 test/web/http_sigs/pub.key diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex new file mode 100644 index 000000000..e2210285e --- /dev/null +++ b/lib/pleroma/web/http_signatures/http_signatures.ex @@ -0,0 +1,27 @@ +# https://tools.ietf.org/html/draft-cavage-http-signatures-08 +defmodule Pleroma.Web.HTTPSignatures do + def split_signature(sig) do + default = %{"headers" => ["date"]} + + sig + |> String.trim() + |> String.split(",") + |> Enum.reduce(default, fn(part, acc) -> + [key | rest] = String.split(part, "=") + value = Enum.join(rest, "=") + Map.put(acc, key, String.trim(value, "\"")) + end) + end + + def validate(headers, signature, public_key) do + sigstring = build_signing_string(headers, signature["headers"]) + {:ok, sig} = Base.decode64(signature["signature"]) + verify = :public_key.verify(sigstring, :sha256, sig, public_key) + end + + def build_signing_string(headers, used_headers) do + used_headers + |> Enum.map(fn (header) -> "#{header}: #{headers[header]}" end) + |> Enum.join("\n") + end +end diff --git a/test/web/http_sigs/http_sig_test.exs b/test/web/http_sigs/http_sig_test.exs new file mode 100644 index 000000000..a06c9ec3d --- /dev/null +++ b/test/web/http_sigs/http_sig_test.exs @@ -0,0 +1,48 @@ +# http signatures +# Test data from https://tools.ietf.org/html/draft-cavage-http-signatures-08#appendix-C +defmodule Pleroma.Web.HTTPSignaturesTest do + use Pleroma.DataCase + alias Pleroma.Web.HTTPSignatures + + @private_key (hd(:public_key.pem_decode(File.read!("test/web/http_sigs/priv.key"))) + |> :public_key.pem_entry_decode()) + + @public_key (hd(:public_key.pem_decode(File.read!("test/web/http_sigs/pub.key"))) + |> :public_key.pem_entry_decode()) + + @headers %{ + "(request-target)" => "post /foo?param=value&pet=dog", + "host" => "example.com", + "date" => "Thu, 05 Jan 2014 21:31:40 GMT", + "content-type" => "application/json", + "digest" => "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=", + "content-length" => "18" + } + + @body "{\"hello\": \"world\"}" + + @default_signature """ + keyId="Test",algorithm="rsa-sha256",signature="jKyvPcxB4JbmYY4mByyBY7cZfNl4OW9HpFQlG7N4YcJPteKTu4MWCLyk+gIr0wDgqtLWf9NLpMAMimdfsH7FSWGfbMFSrsVTHNTk0rK3usrfFnti1dxsM4jl0kYJCKTGI/UWkqiaxwNiKqGcdlEDrTcUhhsFsOIo8VhddmZTZ8w=" + """ + + test "split up a signature" do + expected = %{ + "keyId" => "Test", + "algorithm" => "rsa-sha256", + "signature" => "jKyvPcxB4JbmYY4mByyBY7cZfNl4OW9HpFQlG7N4YcJPteKTu4MWCLyk+gIr0wDgqtLWf9NLpMAMimdfsH7FSWGfbMFSrsVTHNTk0rK3usrfFnti1dxsM4jl0kYJCKTGI/UWkqiaxwNiKqGcdlEDrTcUhhsFsOIo8VhddmZTZ8w=", + "headers" => ["date"] + } + + assert HTTPSignatures.split_signature(@default_signature) == expected + end + + test "validates the default case" do + signature = HTTPSignatures.split_signature(@default_signature) + assert HTTPSignatures.validate(@headers, signature, @public_key) + end + + test "it contructs a signing string" do + expected = "date: Thu, 05 Jan 2014 21:31:40 GMT\ncontent-length: 18" + assert expected == HTTPSignatures.build_signing_string(@headers, ["date", "content-length"]) + end +end diff --git a/test/web/http_sigs/priv.key b/test/web/http_sigs/priv.key new file mode 100644 index 000000000..425518a06 --- /dev/null +++ b/test/web/http_sigs/priv.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF +NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F +UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB +AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA +QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK +kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg +f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u +412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc +mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7 +kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA +gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW +G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI +7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA== +-----END RSA PRIVATE KEY----- diff --git a/test/web/http_sigs/pub.key b/test/web/http_sigs/pub.key new file mode 100644 index 000000000..b3bbf6cb9 --- /dev/null +++ b/test/web/http_sigs/pub.key @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3 +6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6 +Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw +oYi+1hqp1fIekaxsyQIDAQAB +-----END PUBLIC KEY-----