aboutsummaryrefslogtreecommitdiff
path: root/registry
diff options
context:
space:
mode:
Diffstat (limited to 'registry')
-rw-r--r--registry/registry.go70
1 files changed, 30 insertions, 40 deletions
diff --git a/registry/registry.go b/registry/registry.go
index 6733c74..1901f0c 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -3,9 +3,6 @@ package registry
import (
"bytes"
"context"
- "crypto"
- "crypto/rand"
- "crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
@@ -288,51 +285,44 @@ func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, fol
request.Header.Get("host"),
).Debugf("signing request")
- digestBytes := sha256.Sum256([]byte(signedString))
-
- fmt.Println()
- fmt.Println()
- fmt.Println("'" + signedString + "'")
- fmt.Println()
- fmt.Println()
+ //manual mode
+ // digestBytes := sha256.Sum256([]byte(signedString))
+ // r.mu.Lock()
+ // signature, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digestBytes[:])
+ // if err != nil {
+ // return err
+ // }
- r.mu.Lock()
- signature, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digestBytes[:])
- if err != nil {
- return err
- }
+ // // TODO sanity check: decode our own public key from our PEM representation and attempt to verify
+ // err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, digestBytes[:], signature)
+ // if err != nil {
+ // return err
+ // } else {
+ // r.log.With("type", "delivery").Debugf("verified own signature")
+ // }
+ // r.mu.Unlock()
- // sanity check: decode our own public key from our PEM representation and attempt to verify
+ // b64sig := base64.StdEncoding.Strict().EncodeToString(signature)
+ // var header = `keyId="` + actorKeyUrl.String() + `",algorithm="hs2019",headers="(request-target) date digest host",signature="` + b64sig + `"`
+ // request.Header.Add("Signature", header)
- err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, digestBytes[:], signature)
+ //http sig signing code - broken?
+ r.mu.Lock()
+ prefs := []httpsig.Algorithm{}
+ digestAlgorithm := httpsig.DigestSha256
+ // The "Date" and "Digest" headers must already be set on r, as well as r.URL.
+ headersToSign := []string{httpsig.RequestTarget, "host", "date", "digest", "content-type"}
+ signer, _, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature, 100)
if err != nil {
return err
- } else {
- r.log.With("type", "delivery").Debugf("verified own signature")
}
+ // To sign the digest, we need to give the signer a copy of the body...
+ // ...but it is optional, no digest will be signed if given "nil"
+ // body := nil
+ // If r were a http.ResponseWriter, call SignResponse instead.
+ err = signer.SignRequest(privKey, actorKeyUrl.String(), request, jsonData)
r.mu.Unlock()
- b64sig := base64.StdEncoding.Strict().EncodeToString(signature)
- var header = `keyId="` + actorKeyUrl.String() + `",algorithm="hs2019",headers="(request-target) date digest host",signature="` + b64sig + `"`
- request.Header.Add("Signature", header)
-
- //http sig signing code - broken?
- // r.mu.Lock()
- // prefs := []httpsig.Algorithm{}
- // digestAlgorithm := httpsig.DigestSha256
- // // The "Date" and "Digest" headers must already be set on r, as well as r.URL.
- // headersToSign := []string{httpsig.RequestTarget, "host", "date", "digest", "content-type"}
- // signer, _, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature, 100)
- // if err != nil {
- // return err
- // }
- // // To sign the digest, we need to give the signer a copy of the body...
- // // ...but it is optional, no digest will be signed if given "nil"
- // // body := nil
- // // If r were a http.ResponseWriter, call SignResponse instead.
- // err = signer.SignRequest(privKey, actorKeyUrl.String(), request, jsonData)
- // r.mu.Unlock()
-
// // HACK
// oldSig := request.Header.Get("signature")
// request.Header.Set("signature", strings.ReplaceAll(oldSig, "hs2019", "rsa-sha256"))