From c7d3b2d86871922d39893533ad98112c05c2ad33 Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Thu, 19 Oct 2023 11:30:07 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20HttpSignature=E3=82=92=E8=87=AA?= =?UTF-8?q?=E4=BD=9C=E3=83=A9=E3=82=A4=E3=83=96=E3=83=A9=E3=83=AA=E3=81=AB?= =?UTF-8?q?=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.gradle.kts | 14 ++++++- .../hideout/config/ActivityPubConfig.kt | 5 +++ .../service/ap/APRequestServiceImpl.kt | 38 ++++++++++--------- 3 files changed, 39 insertions(+), 18 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 289e4815..fc741492 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -73,6 +73,18 @@ tasks.create("openApiGenerateMastodonCompatibleApi", GenerateTask: repositories { mavenCentral() + maven { + url = uri("https://git.usbharu.dev/api/packages/usbharu/maven") + } + maven { + name = "GitHubPackages" + url = uri("https://maven.pkg.github.com/usbharu/http-signature") + credentials { + + username = project.findProperty("gpr.user") as String? ?: System.getenv("USERNAME") + password = project.findProperty("gpr.key") as String? ?: System.getenv("TOKEN") + } + } } kotlin { @@ -125,7 +137,7 @@ dependencies { implementation("software.amazon.awssdk:s3:2.20.157") implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3") implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor:1.7.3") - + implementation("dev.usbharu:http-signature:1.0.0") implementation("io.ktor:ktor-client-logging-jvm:$ktor_version") diff --git a/src/main/kotlin/dev/usbharu/hideout/config/ActivityPubConfig.kt b/src/main/kotlin/dev/usbharu/hideout/config/ActivityPubConfig.kt index e9786a1f..8d83c5dd 100644 --- a/src/main/kotlin/dev/usbharu/hideout/config/ActivityPubConfig.kt +++ b/src/main/kotlin/dev/usbharu/hideout/config/ActivityPubConfig.kt @@ -4,6 +4,8 @@ import com.fasterxml.jackson.annotation.JsonInclude import com.fasterxml.jackson.databind.DeserializationFeature import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper +import dev.usbharu.httpsignature.sign.HttpSignatureSigner +import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner import org.springframework.beans.factory.annotation.Qualifier import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration @@ -26,4 +28,7 @@ class ActivityPubConfig { @Bean @Qualifier("http") fun dateTimeFormatter(): DateTimeFormatter = DateTimeFormatter.ofPattern("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US) + + @Bean + fun httpSignatureSigner(): HttpSignatureSigner = RsaSha256HttpSignatureSigner() } diff --git a/src/main/kotlin/dev/usbharu/hideout/service/ap/APRequestServiceImpl.kt b/src/main/kotlin/dev/usbharu/hideout/service/ap/APRequestServiceImpl.kt index 4d8e227d..ba1c55ae 100644 --- a/src/main/kotlin/dev/usbharu/hideout/service/ap/APRequestServiceImpl.kt +++ b/src/main/kotlin/dev/usbharu/hideout/service/ap/APRequestServiceImpl.kt @@ -3,15 +3,19 @@ package dev.usbharu.hideout.service.ap import com.fasterxml.jackson.databind.ObjectMapper import dev.usbharu.hideout.domain.model.ap.Object import dev.usbharu.hideout.domain.model.hideout.entity.User -import dev.usbharu.hideout.service.signature.HttpSignatureSigner -import dev.usbharu.hideout.service.signature.Key import dev.usbharu.hideout.util.Base64Util import dev.usbharu.hideout.util.HttpUtil.Activity import dev.usbharu.hideout.util.RsaUtil +import dev.usbharu.httpsignature.common.HttpHeaders +import dev.usbharu.httpsignature.common.HttpMethod +import dev.usbharu.httpsignature.common.HttpRequest +import dev.usbharu.httpsignature.common.PrivateKey +import dev.usbharu.httpsignature.sign.HttpSignatureSigner import io.ktor.client.* import io.ktor.client.request.* import io.ktor.client.statement.* import io.ktor.http.* +import io.ktor.util.* import org.springframework.beans.factory.annotation.Qualifier import org.springframework.stereotype.Service import java.net.URL @@ -46,14 +50,14 @@ class APRequestServiceImpl( } val sign = httpSignatureSigner.sign( - url = url, - method = HttpMethod.Get, - headers = headers, - requestBody = "", - keyPair = Key( + httpRequest = HttpRequest( + url = u, + headers = HttpHeaders(headers.toMap()), + dev.usbharu.httpsignature.common.HttpMethod.GET + ), + privateKey = PrivateKey( keyId = "${signer.url}#pubkey", privateKey = RsaUtil.decodeRsaPrivateKeyPem(signer.privateKey), - publicKey = RsaUtil.decodeRsaPublicKeyPem(signer.publicKey) ), signHeaders = listOf("(request-target)", "date", "host", "accept") ) @@ -61,7 +65,8 @@ class APRequestServiceImpl( val bodyAsText = httpClient.get(url) { headers { headers { - appendAll(sign.headers) + appendAll(headers) + append("Signature", sign.signatureHeader) remove("Host") } } @@ -114,14 +119,12 @@ class APRequestServiceImpl( } val sign = httpSignatureSigner.sign( - url = url, - method = HttpMethod.Post, - headers = headers, - requestBody = "", - keyPair = Key( + httpRequest = HttpRequest( + u, HttpHeaders(headers.toMap()), HttpMethod.POST + ), + privateKey = PrivateKey( keyId = "${signer.url}#pubkey", - privateKey = RsaUtil.decodeRsaPrivateKeyPem(signer.privateKey), - publicKey = RsaUtil.decodeRsaPublicKeyPem(signer.publicKey) + privateKey = RsaUtil.decodeRsaPrivateKeyPem(signer.privateKey) ), signHeaders = listOf("(request-target)", "date", "host", "digest") ) @@ -129,7 +132,8 @@ class APRequestServiceImpl( return httpClient.post(url) { headers { headers { - appendAll(sign.headers) + appendAll(headers) + append("Signature", sign.signatureHeader) } } setBody(requestBody)