@ -60,23 +60,26 @@ module SignatureVerification
signature = Base64 . decode64 ( signature_params [ 'signature' ] )
signature = Base64 . decode64 ( signature_params [ 'signature' ] )
compare_signed_string = build_signed_string ( signature_params [ 'headers' ] )
compare_signed_string = build_signed_string ( signature_params [ 'headers' ] )
if account . keypair . public_key . verify ( OpenSSL :: Digest :: SHA256 . new , signature , compare_signed_string )
return account unless verify_signature ( account , signature , compare_signed_string ) . nil?
@signed_request_account = account
@signed_request_account
elsif account . possibly_stale?
account = account . refresh!
if account . keypair . public_key . verify ( OpenSSL :: Digest :: SHA256 . new , signature , compare_signed_string )
account_stoplight = Stoplight ( " source: #{ request . ip } " ) { account . possibly_stale? ? account . refresh! : account_refresh_key ( account ) }
@signed_request_account = account
. with_fallback { nil }
@signed_request_account
. with_threshold ( 1 )
else
. with_cool_off_time ( 5 . minutes . seconds )
@signature_verification_failure_reason = " Verification failed for #{ account . username } @ #{ account . domain } #{ account . uri } "
. with_error_handler { | error , handle | error . is_a? ( HTTP :: Error ) ? handle . call ( error ) : raise ( error ) }
@signed_request_account = nil
end
account = account_stoplight . run
else
@signature_verification_failure_reason = " Verification failed for #{ account . username } @ #{ account . domain } #{ account . uri } "
if account . nil?
@signature_verification_failure_reason = " Public key not found for key #{ signature_params [ 'keyId' ] } "
@signed_request_account = nil
@signed_request_account = nil
return
end
end
return account unless verify_signature ( account , signature , compare_signed_string ) . nil?
@signature_verification_failure_reason = " Verification failed for #{ account . username } @ #{ account . domain } #{ account . uri } "
@signed_request_account = nil
end
end
def request_body
def request_body
@ -85,6 +88,15 @@ module SignatureVerification
private
private
def verify_signature ( account , signature , compare_signed_string )
if account . keypair . public_key . verify ( OpenSSL :: Digest :: SHA256 . new , signature , compare_signed_string )
@signed_request_account = account
@signed_request_account
end
rescue OpenSSL :: PKey :: RSAError
nil
end
def build_signed_string ( signed_headers )
def build_signed_string ( signed_headers )
signed_headers = 'date' if signed_headers . blank?
signed_headers = 'date' if signed_headers . blank?
@ -131,4 +143,9 @@ module SignatureVerification
account
account
end
end
end
end
def account_refresh_key ( account )
return if account . local? || ! account . activitypub?
ActivityPub :: FetchRemoteAccountService . new . call ( account . uri , only_key : true )
end
end
end