WIP

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/service/http_signatures/http_signatures.ex

@@ -1,6 +1,6 @@
 # https://tools.ietf.org/html/draft-cavage-http-signatures-08
 defmodule Eventos.Service.HTTPSignatures do
-  alias Eventos.Accounts.Account
+  alias Eventos.Actors.Actor
   alias Eventos.Service.ActivityPub
   require Logger
 
@@ -25,52 +25,44 @@ defmodule Eventos.Service.HTTPSignatures do
     Logger.debug("Signature: #{signature["signature"]}")
     Logger.debug("Sigstring: #{sigstring}")
     {:ok, sig} = Base.decode64(signature["signature"])
-    Logger.debug(inspect sig)
-    Logger.debug(inspect public_key)
-    case ExPublicKey.verify(sigstring, sig, public_key) do
-      {:ok, sig_valid} ->
-        sig_valid
-      {:error, err} ->
-        Logger.error(err)
-        false
-    end
+    :public_key.verify(sigstring, :sha256, sig, public_key)
   end
 
   def validate_conn(conn) do
     # TODO: How to get the right key and see if it is actually valid for that request.
     # For now, fetch the key for the actor.
     with actor_id <- conn.params["actor"],
-         {:ok, public_key} <- Account.get_public_key_for_url(actor_id) do
-      case HTTPSign.verify(conn, public_key) do
-        {:ok, conn} ->
-          true
-        _ ->
-        Logger.debug("Could not validate, re-fetching user and trying one more time")
+         {:ok, public_key_code} <- Actor.get_public_key_for_url(actor_id),
+         [public_key] = :public_key.pem_decode(public_key_code),
+         public_key = :public_key.pem_entry_decode(public_key) do
+      if validate_conn(conn, public_key) do
+        true
+      else
+        Logger.info("Could not validate request, re-fetching user and trying one more time")
         # Fetch user anew and try one more time
         with actor_id <- conn.params["actor"],
-             {:ok, _user} <- ActivityPub.make_account_from_url(actor_id),
-             {:ok, public_key} <- Account.get_public_key_for_url(actor_id) do
-          case HTTPSign.verify(conn, public_key) do
-            {:ok, conn} ->
-              true
-            {:error, :forbidden} ->
-              false
-          end
+             {:ok, _actor} <- ActivityPub.make_actor_from_url(actor_id),
+             {:ok, public_key_code} <- Actor.get_public_key_for_url(actor_id),
+             [public_key] = :public_key.pem_decode(public_key_code),
+             public_key = :public_key.pem_entry_decode(public_key) do
+            validate_conn(conn, public_key)
         end
       end
     else
       e ->
-        Logger.debug("Could not public key!")
+        Logger.debug("Could not found url for actor!")
         Logger.debug(inspect e)
         false
     end
   end
 
-#  def validate_conn(conn, public_key) do
-#    headers = Enum.into(conn.req_headers, %{})
-#    signature = split_signature(headers["signature"])
-#    validate(headers, signature, public_key)
-#  end
+  def validate_conn(conn, public_key) do
+    headers = Enum.into(conn.req_headers, %{})
+    [host_without_port, _] = String.split(headers["host"], ":")
+    headers = Map.put(headers, "host", host_without_port)
+    signature = split_signature(headers["signature"])
+    validate(headers, signature, public_key)
+  end
 
   def build_signing_string(headers, used_headers) do
     used_headers
@@ -78,35 +70,24 @@ defmodule Eventos.Service.HTTPSignatures do
     |> Enum.join("\n")
   end
 
-  def sign(account, headers) do
-    sigstring = build_signing_string(headers, Map.keys(headers))
+  def sign(actor, headers) do
+    with {:ok, private_key_code} = Actor.get_private_key_for_actor(actor),
+         [private_key] = :public_key.pem_decode(private_key_code),
+         private_key = :public_key.pem_entry_decode(private_key) do
+      sigstring = build_signing_string(headers, Map.keys(headers))
 
-    {:ok, private_key} = Account.get_private_key_for_account(account)
+      signature =
+        :public_key.sign(sigstring, :sha256, private_key)
+        |> Base.encode64()
 
-    Logger.debug("private_key")
-    Logger.debug(inspect private_key)
-    Logger.debug("sigstring")
-    Logger.debug(inspect sigstring)
-    {:ok, signature} = HTTPSign.Crypto.sign(:rsa, sigstring, private_key)
-    Logger.debug(inspect signature)
-
-    signature = Base.encode64(signature)
-
-    sign = [
-      keyId: account.url <> "#main-key",
-      algorithm: "rsa-sha256",
-      headers: Map.keys(headers) |> Enum.join(" "),
-      signature: signature
-    ]
-    |> Enum.map(fn {k, v} -> "#{k}=\"#{v}\"" end)
-    |> Enum.join(",")
-
-    Logger.debug("sign")
-    Logger.debug(inspect sign)
-    {:ok, public_key} = Account.get_public_key_for_account(account)
-    Logger.debug("inspect split signature inside sign")
-    Logger.debug(inspect split_signature(sign))
-    Logger.debug(inspect validate(headers, split_signature(sign), public_key))
-    sign
+      [
+        keyId: actor.url <> "#main-key",
+        algorithm: "rsa-sha256",
+        headers: Map.keys(headers) |> Enum.join(" "),
+        signature: signature
+      ]
+      |> Enum.map(fn {k, v} -> "#{k}=\"#{v}\"" end)
+      |> Enum.join(",")
+    end
   end
 end