init

Foxchat.Core/Federation/RequestSigningService.cs

@@ -0,0 +1,78 @@
+using System.Globalization;
+using System.Security.Cryptography;
+using System.Text;
+using Foxchat.Core.Database;
+using Microsoft.AspNetCore.WebUtilities;
+using NodaTime;
+using NodaTime.Text;
+using Serilog;
+
+namespace Foxchat.Core.Federation;
+
+public partial class RequestSigningService(ILogger logger, IClock clock, IDatabaseContext context, CoreConfig config)
+{
+    private readonly ILogger _logger = logger.ForContext<RequestSigningService>();
+    private readonly IClock _clock = clock;
+    private readonly CoreConfig _config = config;
+    private readonly RSA _rsa = context.GetInstanceKeysAsync().GetAwaiter().GetResult();
+    private readonly HttpClient _httpClient = new();
+
+    public string GenerateSignature(SignatureData data)
+    {
+        var plaintext = GeneratePlaintext(data);
+        var plaintextBytes = Encoding.UTF8.GetBytes(plaintext);
+        var hash = SHA256.HashData(plaintextBytes);
+
+        var formatter = new RSAPKCS1SignatureFormatter(_rsa);
+        formatter.SetHashAlgorithm(nameof(SHA256));
+        var signature = formatter.CreateSignature(hash);
+
+        _logger.Debug("Generated signature for {Host} {RequestPath}: {Signature}", data.Host, data.RequestPath, WebEncoders.Base64UrlEncode(signature));
+        return WebEncoders.Base64UrlEncode(signature);
+    }
+
+    public bool VerifySignature(
+        string publicKey, string encodedSignature, string dateHeader, string host, string requestPath, int? contentLength, string? userId)
+    {
+        var rsa = RSA.Create();
+        rsa.ImportFromPem(publicKey);
+
+        var now = _clock.GetCurrentInstant();
+        var time = ParseTime(dateHeader);
+        if ((now + Duration.FromMinutes(1)) < time)
+        {
+            // TODO: replace this with specific exception type
+            throw new Exception("Request was made in the future");
+        }
+        else if ((now - Duration.FromMinutes(1)) > time)
+        {
+            // TODO: replace this with specific exception type
+            throw new Exception("Request was made too long ago");
+        }
+
+        var plaintext = GeneratePlaintext(new SignatureData(time, host, requestPath, contentLength, userId));
+        var plaintextBytes = Encoding.UTF8.GetBytes(plaintext);
+        var hash = SHA256.HashData(plaintextBytes);
+        var signature = WebEncoders.Base64UrlDecode(encodedSignature);
+
+        var deformatter = new RSAPKCS1SignatureDeformatter(rsa);
+        deformatter.SetHashAlgorithm(nameof(SHA256));
+
+        return deformatter.VerifySignature(hash, signature);
+    }
+
+    private static string GeneratePlaintext(SignatureData data)
+    {
+        var time = FormatTime(data.Time);
+        var contentLength = data.ContentLength != null ? data.ContentLength.ToString() : "";
+        var userId = data.UserId ?? "";
+
+        Log.Information("Plaintext string: {Plaintext}", $"{time}:{data.Host}:{data.RequestPath}:{contentLength}:{userId}");
+
+        return $"{time}:{data.Host}:{data.RequestPath}:{contentLength}:{userId}";
+    }
+
+    private static readonly InstantPattern _pattern = InstantPattern.Create("ddd, dd MMM yyyy HH:mm:ss 'GMT'", CultureInfo.GetCultureInfo("en-US"));
+    private static string FormatTime(Instant time) => _pattern.Format(time);
+    private static Instant ParseTime(string header) => _pattern.Parse(header).GetValueOrThrow();
+}