Blob

Date:
Message:
apub: remove unused http sig header list
Actions:
History | Blame | Raw File
1 package apub

3 import (

4 	"bytes"

5 	"crypto"

6 	"crypto/rand"

7 	"crypto/rsa"

8 	"crypto/sha256"

9 	"encoding/base64"

10 	"fmt"

11 	"io"

12 	"net/http"

13 	"strings"

14 	"time"

15 )

17 // Sign signs the given HTTP request with the matching private key of the

18 // public key available at pubkeyURL.

19 func Sign(req *http.Request, key *rsa.PrivateKey, pubkeyURL string) error {

20 	if pubkeyURL == "" {

21 		return fmt.Errorf("no pubkey url")

22 	}

23 	date := time.Now().UTC().Format(http.TimeFormat)

24 	req.Header.Set("Date", date)

25 	hash := sha256.New()

26 	toSign := []string{"(request-target)", "host", "date"}

27 	fmt.Fprintln(hash, "(request-target):", strings.ToLower(req.Method), req.URL.Path)

28 	fmt.Fprintln(hash, "host:", req.URL.Hostname())

29 	fmt.Fprintf(hash, "date: %s", date)

31 	if req.Body != nil {

32 		// we're adding one more entry to our signature, so one more line.

33 		fmt.Fprint(hash, "\n")

34 		buf := &bytes.Buffer{}

35 		io.Copy(buf, req.Body)

36 		req.Body.Close()

37 		req.Body = io.NopCloser(buf)

38 		digest := sha256.Sum256(buf.Bytes())

39 		d := "SHA-256=" + base64.StdEncoding.EncodeToString(digest[:])

40 		toSign = append(toSign, "digest")

41 		fmt.Fprintf(hash, "digest: %s", d)

42 		req.Header.Set("Digest", d)

43 	}

44 	sig, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, hash.Sum(nil))

45 	if err != nil {

46 		return err

47 	}

48 	bsig := base64.StdEncoding.EncodeToString(sig)

50 	val := fmt.Sprintf("keyId=%q,algorithm=%q,headers=%q,signature=%q", pubkeyURL, "rsa-sha256", strings.Join(toSign, " "), bsig)

51 	req.Header.Set("Signature", val)

52 	return nil

53 }

55 type signature struct {

56 	keyID     string

57 	algorithm string

58 	headers   string

59 	signature string

60 }

62 func parseSignatureHeader(line string) (signature, error) {

63 	var sig signature

64 	for _, v := range strings.Split(line, ",") {

65 		name, val, ok := strings.Cut(v, "=")

66 		if !ok {

67 			return sig, fmt.Errorf("bad field: %s from %s", v, line)

68 		}

69 		val = strings.Trim(val, `"`)

70 		switch name {

71 		case "keyId":

72 			sig.keyID = val

73 		case "algorithm":

74 			sig.algorithm = val

75 		case "headers":

76 			sig.headers = val

77 		case "signature":

78 			sig.signature = val

79 		default:

80 			return signature{}, fmt.Errorf("bad field name %s", name)

81 		}

82 	}

84 	if sig.keyID == "" {

85 		return sig, fmt.Errorf("missing signature field keyId")

86 	} else if sig.algorithm == "" {

87 		return sig, fmt.Errorf("missing signature field algorithm")

88 	} else if sig.headers == "" {

89 		return sig, fmt.Errorf("missing signature field headers")

90 	} else if sig.signature == "" {

91 		return sig, fmt.Errorf("missing signature field signature")

92 	}

93 	return sig, nil

94 }