added digest to call signature

2020-11-20 20:21:44 -05:00 · 2020-11-20 20:21:44 -05:00 · a965b013e3
commit a965b013e3
parent fbfef2d37b
2 changed files with 21 additions and 7 deletions
--- a/src/BirdsiteLive.Domain/ActivityPubService.cs
+++ b/src/BirdsiteLive.Domain/ActivityPubService.cs
@ -2,6 +2,7 @@
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using BirdsiteLive.ActivityPub;
@ -88,9 +89,10 @@ namespace BirdsiteLive.Domain

            var date = DateTime.UtcNow.ToUniversalTime();
            var httpDate = date.ToString("r");
-            var signature = _cryptoService.SignAndGetSignatureHeader(date, actorUrl, targetHost, usedInbox);

-            
+            var digest = ComputeSha256Hash(json);
+
+            var signature = _cryptoService.SignAndGetSignatureHeader(date, actorUrl, targetHost, digest, usedInbox);

            var client = new HttpClient();
            var httpRequestMessage = new HttpRequestMessage
@ -101,7 +103,8 @@ namespace BirdsiteLive.Domain
                {
                    {"Host", targetHost},
                    {"Date", httpDate},
-                    {"Signature", signature}
+                    {"Signature", signature},
+                    {"Digest", $"SHA-256={digest}"}
                },
                Content = new StringContent(json, Encoding.UTF8, "application/ld+json")
            };
@ -109,5 +112,16 @@ namespace BirdsiteLive.Domain
            var response = await client.SendAsync(httpRequestMessage);
            return response.StatusCode;
        }
+
+        static string ComputeSha256Hash(string rawData)
+        {
+            // Create a SHA256   
+            using (SHA256 sha256Hash = SHA256.Create())
+            {
+                // ComputeHash - returns byte array  
+                byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(rawData));
+                return Convert.ToBase64String(bytes);
+            }
+        }
    }
 }
--- a/src/BirdsiteLive.Domain/CryptoService.cs
+++ b/src/BirdsiteLive.Domain/CryptoService.cs
@ -7,7 +7,7 @@ namespace BirdsiteLive.Domain
    public interface ICryptoService
    {
        string GetUserPem(string id);
-        string SignAndGetSignatureHeader(DateTime date, string actor, string host, string inbox = null);
+        string SignAndGetSignatureHeader(DateTime date, string actor, string host, string digest, string inbox);
    }

    public class CryptoService : ICryptoService
@ -33,7 +33,7 @@ namespace BirdsiteLive.Domain
        /// <param name="actor">in the form of https://domain.io/actor</param>
        /// <param name="host">in the form of domain.io</param>
        /// <returns></returns>
-        public string SignAndGetSignatureHeader(DateTime date, string actor, string targethost, string inbox = null)
+        public string SignAndGetSignatureHeader(DateTime date, string actor, string targethost, string digest, string inbox)
        {
            var usedInbox = "/inbox";
            if (!string.IsNullOrWhiteSpace(inbox))
@ -41,12 +41,12 @@ namespace BirdsiteLive.Domain

            var httpDate = date.ToString("r");

-            var signedString = $"(request-target): post {usedInbox}\nhost: {targethost}\ndate: {httpDate}";
+            var signedString = $"(request-target): post {usedInbox}\nhost: {targethost}\ndate: {httpDate}\ndigest: SHA-256={digest}";
            var signedStringBytes = Encoding.UTF8.GetBytes(signedString);
            var signature = _magicKeyFactory.GetMagicKey().Sign(signedStringBytes);
            var sig64 = Convert.ToBase64String(signature);

-            var header = "keyId=\"" + actor + "\",headers=\"(request-target) host date\",signature=\"" + sig64 + "\"";
+            var header = "keyId=\"" + actor + "\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest\",signature=\"" + sig64 + "\"";
            return header;
        }
    }