diff --git a/util/src/main/java/edu/sjsu/moth/util/HttpSignature.java b/util/src/main/java/edu/sjsu/moth/util/HttpSignature.java index 30f42050..b8a19b6c 100644 --- a/util/src/main/java/edu/sjsu/moth/util/HttpSignature.java +++ b/util/src/main/java/edu/sjsu/moth/util/HttpSignature.java @@ -1,9 +1,5 @@ package edu.sjsu.moth.util; -import lombok.extern.apachecommons.CommonsLog; -import org.springframework.http.HttpHeaders; -import org.springframework.web.reactive.function.client.WebClient; - import java.net.URI; import java.security.InvalidKeyException; import java.security.KeyFactory; @@ -23,6 +19,11 @@ import java.util.regex.Pattern; import java.util.stream.Collectors; +import org.springframework.http.HttpHeaders; +import org.springframework.web.reactive.function.client.WebClient; + +import lombok.extern.apachecommons.CommonsLog; + /* * routines to support HTTP Signatures * @@ -34,8 +35,12 @@ @CommonsLog public class HttpSignature { + private HttpSignature() { + throw new IllegalStateException("This is a utility class. You shouldn't instantiate it."); + } + public static final String REQUEST_TARGET = "(request-target)"; - static public final Pattern HTTP_HEADER_FIELDS_PATTERN = Pattern.compile( + public static final Pattern HTTP_HEADER_FIELDS_PATTERN = Pattern.compile( "(?\\p{Alnum}+)=\"(?([^\"])*)\""); public static Signature newSigner() { @@ -59,11 +64,11 @@ public static MessageDigest newSHA256Digest() { } public static WebClient.Builder signHeaders(WebClient.Builder clientBuilder, List headers, - PrivateKey signingKey, String keyUri) { + PrivateKey signingKey, String keyUri) { clientBuilder.filter((request, next) -> { try { String sigLine = generateSignatureHeader(request.method().name(), request.url(), request.headers(), - headers, signingKey, keyUri); + headers, signingKey, keyUri); request.headers().add("Signature", sigLine); } catch (InvalidKeyException | SignatureException e) { log.error("couldn't sign request", e); @@ -75,7 +80,7 @@ public static WebClient.Builder signHeaders(WebClient.Builder clientBuilder, Lis } static String generateSignatureHeader(String requestMethod, URI requestURI, HttpHeaders requestHeaders, - List headers, PrivateKey signingKey, String keyUri) throws SignatureException, InvalidKeyException { + List headers, PrivateKey signingKey, String keyUri) throws SignatureException, InvalidKeyException { var toSign = generateHeadersToSign(requestMethod, requestURI, requestHeaders, headers); var signer = newSigner(); signer.initSign(signingKey); @@ -85,7 +90,7 @@ static String generateSignatureHeader(String requestMethod, URI requestURI, Http } private static byte[] generateHeadersToSign(String requestMethod, URI requestURI, HttpHeaders requestHeaders, - List headers) { + List headers) { var toSign = headers.stream().map(h -> { if (h.equalsIgnoreCase(REQUEST_TARGET)) { var uri = requestURI; @@ -102,15 +107,13 @@ private static byte[] generateHeadersToSign(String requestMethod, URI requestURI } public static boolean validateSignatureHeader(String method, URI uri, HttpHeaders headers, String signedHeaders, - PublicKey publicKey, String signature) throws InvalidKeyException, + PublicKey publicKey, String signature) throws InvalidKeyException, SignatureException { var toValidate = generateHeadersToSign(method, uri, headers, List.of(signedHeaders.split(" "))); var signer = newSigner(); - String sigLine = null; signer.initVerify(publicKey); signer.update(toValidate); return signer.verify(Base64.getMimeDecoder().decode(signature)); - } public static PublicKey pemToPublicKey(String publicKeyPEM) { @@ -147,6 +150,6 @@ public static Map extractFields(String sig) { public static void addDigest(HttpHeaders headers, byte[] body) { // https://docs.joinmastodon.org/spec/security/ says we should use SHA-256 headers.add("Digest", - "sha-256=%s".formatted(Base64.getMimeEncoder().encodeToString(newSHA256Digest().digest(body)))); + "sha-256=%s".formatted(Base64.getMimeEncoder().encodeToString(newSHA256Digest().digest(body)))); } }