feat: HttpSignatureを自作ライブラリに変更

2023-10-19 11:30:07 +09:00 · 2023-10-19 11:30:07 +09:00 · 22a2f4aee5
parent b221b55fdf
commit 22a2f4aee5
3 changed files with 39 additions and 18 deletions
--- a/build.gradle.kts
+++ b/build.gradle.kts
@ -73,6 +73,18 @@ tasks.create<GenerateTask>("openApiGenerateMastodonCompatibleApi", GenerateTask:

 repositories {
    mavenCentral()
+    maven {
+        url = uri("https://git.usbharu.dev/api/packages/usbharu/maven")
+    }
+    maven {
+        name = "GitHubPackages"
+        url = uri("https://maven.pkg.github.com/usbharu/http-signature")
+        credentials {
+
+            username = project.findProperty("gpr.user") as String? ?: System.getenv("USERNAME")
+            password = project.findProperty("gpr.key") as String? ?: System.getenv("TOKEN")
+        }
+    }
 }

 kotlin {
@ -125,7 +137,7 @@ dependencies {
    implementation("software.amazon.awssdk:s3:2.20.157")
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3")
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor:1.7.3")
-
+    implementation("dev.usbharu:http-signature:1.0.0")

    implementation("io.ktor:ktor-client-logging-jvm:$ktor_version")

--- a/src/main/kotlin/dev/usbharu/hideout/config/ActivityPubConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/config/ActivityPubConfig.kt
@ -4,6 +4,8 @@ import com.fasterxml.jackson.annotation.JsonInclude
 import com.fasterxml.jackson.databind.DeserializationFeature
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
+import dev.usbharu.httpsignature.sign.HttpSignatureSigner
+import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
 import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@ -26,4 +28,7 @@ class ActivityPubConfig {
    @Bean
    @Qualifier("http")
    fun dateTimeFormatter(): DateTimeFormatter = DateTimeFormatter.ofPattern("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US)
+
+    @Bean
+    fun httpSignatureSigner(): HttpSignatureSigner = RsaSha256HttpSignatureSigner()
 }
--- a/src/main/kotlin/dev/usbharu/hideout/service/ap/APRequestServiceImpl.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/service/ap/APRequestServiceImpl.kt
@ -3,15 +3,19 @@ package dev.usbharu.hideout.service.ap
 import com.fasterxml.jackson.databind.ObjectMapper
 import dev.usbharu.hideout.domain.model.ap.Object
 import dev.usbharu.hideout.domain.model.hideout.entity.User
-import dev.usbharu.hideout.service.signature.HttpSignatureSigner
-import dev.usbharu.hideout.service.signature.Key
 import dev.usbharu.hideout.util.Base64Util
 import dev.usbharu.hideout.util.HttpUtil.Activity
 import dev.usbharu.hideout.util.RsaUtil
+import dev.usbharu.httpsignature.common.HttpHeaders
+import dev.usbharu.httpsignature.common.HttpMethod
+import dev.usbharu.httpsignature.common.HttpRequest
+import dev.usbharu.httpsignature.common.PrivateKey
+import dev.usbharu.httpsignature.sign.HttpSignatureSigner
 import io.ktor.client.*
 import io.ktor.client.request.*
 import io.ktor.client.statement.*
 import io.ktor.http.*
+import io.ktor.util.*
 import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.stereotype.Service
 import java.net.URL
@ -46,14 +50,14 @@ class APRequestServiceImpl(
        }

        val sign = httpSignatureSigner.sign(
-            url = url,
-            method = HttpMethod.Get,
-            headers = headers,
-            requestBody = "",
-            keyPair = Key(
+            httpRequest = HttpRequest(
+                url = u,
+                headers = HttpHeaders(headers.toMap()),
+                dev.usbharu.httpsignature.common.HttpMethod.GET
+            ),
+            privateKey = PrivateKey(
                keyId = "${signer.url}#pubkey",
                privateKey = RsaUtil.decodeRsaPrivateKeyPem(signer.privateKey),
-                publicKey = RsaUtil.decodeRsaPublicKeyPem(signer.publicKey)
            ),
            signHeaders = listOf("(request-target)", "date", "host", "accept")
        )
@ -61,7 +65,8 @@ class APRequestServiceImpl(
        val bodyAsText = httpClient.get(url) {
            headers {
                headers {
-                    appendAll(sign.headers)
+                    appendAll(headers)
+                    append("Signature", sign.signatureHeader)
                    remove("Host")
                }
            }
@ -114,14 +119,12 @@ class APRequestServiceImpl(
        }

        val sign = httpSignatureSigner.sign(
-            url = url,
-            method = HttpMethod.Post,
-            headers = headers,
-            requestBody = "",
-            keyPair = Key(
+            httpRequest = HttpRequest(
+                u, HttpHeaders(headers.toMap()), HttpMethod.POST
+            ),
+            privateKey = PrivateKey(
                keyId = "${signer.url}#pubkey",
-                privateKey = RsaUtil.decodeRsaPrivateKeyPem(signer.privateKey),
-                publicKey = RsaUtil.decodeRsaPublicKeyPem(signer.publicKey)
+                privateKey = RsaUtil.decodeRsaPrivateKeyPem(signer.privateKey)
            ),
            signHeaders = listOf("(request-target)", "date", "host", "digest")
        )
@ -129,7 +132,8 @@ class APRequestServiceImpl(
        return httpClient.post(url) {
            headers {
                headers {
-                    appendAll(sign.headers)
+                    appendAll(headers)
+                    append("Signature", sign.signatureHeader)
                }
            }
            setBody(requestBody)