From 6268b7e0eb400c1b5e227a73e6faee0f1e476db4 Mon Sep 17 00:00:00 2001 From: Roger Braun Date: Mon, 18 Sep 2017 18:10:21 +0200 Subject: [PATCH] HTTP Signatures: Work with all test vectors. --- .../web/http_signatures/http_signatures.ex | 6 ++++-- test/web/http_sigs/http_sig_test.exs | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex index e2210285e..65a344e0b 100644 --- a/lib/pleroma/web/http_signatures/http_signatures.ex +++ b/lib/pleroma/web/http_signatures/http_signatures.ex @@ -1,9 +1,9 @@ # https://tools.ietf.org/html/draft-cavage-http-signatures-08 defmodule Pleroma.Web.HTTPSignatures do def split_signature(sig) do - default = %{"headers" => ["date"]} + default = %{"headers" => "date"} - sig + sig = sig |> String.trim() |> String.split(",") |> Enum.reduce(default, fn(part, acc) -> @@ -11,6 +11,8 @@ def split_signature(sig) do value = Enum.join(rest, "=") Map.put(acc, key, String.trim(value, "\"")) end) + + Map.put(sig, "headers", String.split(sig["headers"], ~r/\s/)) end def validate(headers, signature, public_key) do diff --git a/test/web/http_sigs/http_sig_test.exs b/test/web/http_sigs/http_sig_test.exs index a06c9ec3d..d684060fc 100644 --- a/test/web/http_sigs/http_sig_test.exs +++ b/test/web/http_sigs/http_sig_test.exs @@ -25,6 +25,14 @@ defmodule Pleroma.Web.HTTPSignaturesTest do keyId="Test",algorithm="rsa-sha256",signature="jKyvPcxB4JbmYY4mByyBY7cZfNl4OW9HpFQlG7N4YcJPteKTu4MWCLyk+gIr0wDgqtLWf9NLpMAMimdfsH7FSWGfbMFSrsVTHNTk0rK3usrfFnti1dxsM4jl0kYJCKTGI/UWkqiaxwNiKqGcdlEDrTcUhhsFsOIo8VhddmZTZ8w=" """ + @basic_signature """ + keyId="Test",algorithm="rsa-sha256",headers="(request-target) host date",signature="HUxc9BS3P/kPhSmJo+0pQ4IsCo007vkv6bUm4Qehrx+B1Eo4Mq5/6KylET72ZpMUS80XvjlOPjKzxfeTQj4DiKbAzwJAb4HX3qX6obQTa00/qPDXlMepD2JtTw33yNnm/0xV7fQuvILN/ys+378Ysi082+4xBQFwvhNvSoVsGv4=" + """ + + @all_headers_signature """ + keyId="Test",algorithm="rsa-sha256",headers="(request-target) host date content-type digest content-length",signature="Ef7MlxLXoBovhil3AlyjtBwAL9g4TN3tibLj7uuNB3CROat/9KaeQ4hW2NiJ+pZ6HQEOx9vYZAyi+7cmIkmJszJCut5kQLAwuX+Ms/mUFvpKlSo9StS2bMXDBNjOh4Auj774GFj4gwjS+3NhFeoqyr/MuN6HsEnkvn6zdgfE2i0=" + """ + test "split up a signature" do expected = %{ "keyId" => "Test", @@ -41,6 +49,16 @@ test "validates the default case" do assert HTTPSignatures.validate(@headers, signature, @public_key) end + test "validates the basic case" do + signature = HTTPSignatures.split_signature(@basic_signature) + assert HTTPSignatures.validate(@headers, signature, @public_key) + end + + test "validates the all-headers case" do + signature = HTTPSignatures.split_signature(@all_headers_signature) + assert HTTPSignatures.validate(@headers, signature, @public_key) + end + test "it contructs a signing string" do expected = "date: Thu, 05 Jan 2014 21:31:40 GMT\ncontent-length: 18" assert expected == HTTPSignatures.build_signing_string(@headers, ["date", "content-length"])