3 files changed, 59 insertions, 1 deletions
diff --git a/activitypub.c b/activitypub.c
index cebefca..7a30010 100644
--- a/activitypub.c
+++ b/activitypub.c
@@ -594,7 +594,10 @@ int process_message(snac *snac, char *msg, char *req)
    }
    /* check the signature */
-    /* ... */
+    if (!check_signature(snac, req)) {
+        snac_log(snac, xs_fmt("bad signature"));
+        return 1;
+    }
    if (strcmp(type, "Follow") == 0) {
        xs *reply = msg_accept(snac, msg, actor);
diff --git a/http.c b/http.c
index 7c9b598..8062806 100644
--- a/http.c
+++ b/http.c
@@ -99,3 +99,57 @@ d_char *http_signed_request(snac *snac, char *method, char *url,
    return response;
 }
+int check_signature(snac *snac, char *req)
+/* check the signature */
+{
+    char *sig_hdr = xs_dict_get(req, "signature");
+    xs *keyId = NULL;
+    xs *headers = NULL;
+    xs *signature = NULL;
+    char *pubkey;
+    char *p;
+    {
+        /* extract the values */
+        xs *l = xs_split(sig_hdr, ",");
+        char *v;
+        p = l;
+        while (xs_list_iter(&p, &v)) {
+            if (xs_startswith(v, "keyId"))
+                keyId = xs_crop(xs_dup(v), 7, -1);
+            else
+            if (xs_startswith(v, "headers"))
+                headers = xs_crop(xs_dup(v), 9, -1);
+            else
+            if (xs_startswith(v, "signature"))
+                signature = xs_crop(xs_dup(v), 12, -1);
+        }
+    }
+    if (keyId == NULL || headers == NULL || signature == NULL) {
+        snac_debug(snac, 1, xs_fmt("bad signature header"));
+        return 0;
+    }
+    /* strip the # from the keyId */
+    if ((p = strchr(keyId, '#')) != NULL)
+        *p = '\0';
+    /* the actor must already be here */
+    xs *actor = NULL;
+    if (!valid_status(actor_get(snac, keyId, &actor))) {
+        snac_debug(snac, 1, xs_fmt("check_signature unknown actor %s", keyId));
+        return 0;
+    }
+    if ((p = xs_dict_get(actor, "publicKey")) == NULL ||
+        ((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
+        snac_debug(snac, 1, xs_fmt("cannot get pubkey from actor %s", keyId));
+        return 0;
+    }
+    return 1;
+}
diff --git a/snac.h b/snac.h
index 368c9ad..392f57d 100644
--- a/snac.h
+++ b/snac.h
@@ -94,6 +94,7 @@ d_char *http_signed_request(snac *snac, char *method, char *url,
                        d_char *headers,
                        d_char *body, int b_size,
                        int *status, d_char **payload, int *p_size);
+int check_signature(snac *snac, char *req);
 void httpd(void);

diff --git a/activitypub.c b/activitypub.c index cebefca..7a30010 100644 --- a/activitypub.c +++ b/activitypub.c
@@ -594,7 +594,10 @@ int process_message(snac snac, char msg, char *req)
594	}	594	}
595		595
596	/* check the signature */	596	/* check the signature */
597	/* ... */	597	if (!check_signature(snac, req)) {
		598	snac_log(snac, xs_fmt("bad signature"));
		599	return 1;
		600	}
598		601
599	if (strcmp(type, "Follow") == 0) {	602	if (strcmp(type, "Follow") == 0) {
600	xs *reply = msg_accept(snac, msg, actor);	603	xs *reply = msg_accept(snac, msg, actor);


diff --git a/http.c b/http.c index 7c9b598..8062806 100644 --- a/http.c +++ b/http.c
@@ -99,3 +99,57 @@ d_char http_signed_request(snac snac, char method, char url,
99		99
100	return response;	100	return response;
101	}	101	}
		102
		103
		104	int check_signature(snac snac, char req)
		105	/* check the signature */
		106	{
		107	char *sig_hdr = xs_dict_get(req, "signature");
		108	xs *keyId = NULL;
		109	xs *headers = NULL;
		110	xs *signature = NULL;
		111	char *pubkey;
		112	char *p;
		113
		114	{
		115	/* extract the values */
		116	xs *l = xs_split(sig_hdr, ",");
		117	char *v;
		118
		119	p = l;
		120	while (xs_list_iter(&p, &v)) {
		121	if (xs_startswith(v, "keyId"))
		122	keyId = xs_crop(xs_dup(v), 7, -1);
		123	else
		124	if (xs_startswith(v, "headers"))
		125	headers = xs_crop(xs_dup(v), 9, -1);
		126	else
		127	if (xs_startswith(v, "signature"))
		128	signature = xs_crop(xs_dup(v), 12, -1);
		129	}
		130	}
		131
		132	if (keyId == NULL \|\| headers == NULL \|\| signature == NULL) {
		133	snac_debug(snac, 1, xs_fmt("bad signature header"));
		134	return 0;
		135	}
		136
		137	/* strip the # from the keyId */
		138	if ((p = strchr(keyId, '#')) != NULL)
		139	*p = '\0';
		140
		141	/* the actor must already be here */
		142	xs *actor = NULL;
		143	if (!valid_status(actor_get(snac, keyId, &actor))) {
		144	snac_debug(snac, 1, xs_fmt("check_signature unknown actor %s", keyId));
		145	return 0;
		146	}
		147
		148	if ((p = xs_dict_get(actor, "publicKey")) == NULL \|\|
		149	((pubkey = xs_dict_get(p, "publicKeyPem")) == NULL)) {
		150	snac_debug(snac, 1, xs_fmt("cannot get pubkey from actor %s", keyId));
		151	return 0;
		152	}
		153
		154	return 1;
		155	}


diff --git a/snac.h b/snac.h index 368c9ad..392f57d 100644 --- a/snac.h +++ b/snac.h
@@ -94,6 +94,7 @@ d_char http_signed_request(snac snac, char method, char url,
94	d_char *headers,	94	d_char *headers,
95	d_char *body, int b_size,	95	d_char *body, int b_size,
96	int status, d_char payload, int p_size);	96	int status, d_char payload, int p_size);
		97	int check_signature(snac snac, char req);
97		98
98	void httpd(void);	99	void httpd(void);
99		100