versia-go/pkg/lysand/signature_data.go

package lysand

import (
	"crypto/ed25519"
	"encoding/base64"
	"fmt"
	"net/url"
	"strings"
)

type SignatureData struct {
	// RequestMethod is the *lowercase* HTTP method of the request
	RequestMethod string
	// Nonce is a random byte array, used to prevent replay attacks
	Nonce string
	// RawPath is the path of the request, without the query string
	URL *url.URL
	// Digest is the SHA-256 hash of the request body
	Digest []byte
}

func NewSignatureData(method, nonce string, u *url.URL, digest []byte) *SignatureData {
	return &SignatureData{
		RequestMethod: method,
		Nonce:         nonce,
		URL:           u,
		Digest:        digest,
	}
}

func (s *SignatureData) String() string {
	return fmt.Sprintf("%s %s?%s %s %s", strings.ToLower(s.RequestMethod), s.URL.Path, s.URL.RawQuery, s.Nonce, base64.StdEncoding.EncodeToString(s.Digest))
}

func (s *SignatureData) Validate(pubKey ed25519.PublicKey, signature []byte) bool {
	return ed25519.Verify(pubKey, []byte(s.String()), signature)
}

func (s *SignatureData) Sign(privKey ed25519.PrivateKey) []byte {
	return ed25519.Sign(privKey, []byte(s.String()))
}

type Signer struct {
	PrivateKey ed25519.PrivateKey
	UserURL    *url.URL
}

func (s Signer) Sign(signatureData SignatureData) *FederationHeaders {
	return &FederationHeaders{
		SignedBy:  s.UserURL,
		Nonce:     signatureData.Nonce,
		Signature: signatureData.Sign(s.PrivateKey),
	}
}

type Verifier struct {
	PublicKey ed25519.PublicKey
}

func (v Verifier) Verify(method string, u *url.URL, body []byte, fedHeaders *FederationHeaders) bool {
	sigData := NewSignatureData(method, fedHeaders.Nonce, u, hashSHA256(body))

	return sigData.Validate(v.PublicKey, fedHeaders.Signature)
}
refactor!: WD-4 signatures 2024-08-15 19:22:17 +02:00			`package lysand`

			`import (`
			`"crypto/ed25519"`
			`"encoding/base64"`
			`"fmt"`
			`"net/url"`
			`"strings"`
			`)`

			`type SignatureData struct {`
			`// RequestMethod is the lowercase HTTP method of the request`
			`RequestMethod string`
			`// Nonce is a random byte array, used to prevent replay attacks`
			`Nonce string`
			`// RawPath is the path of the request, without the query string`
			`URL *url.URL`
			`// Digest is the SHA-256 hash of the request body`
			`Digest []byte`
			`}`

			`func NewSignatureData(method, nonce string, u url.URL, digest []byte) SignatureData {`
			`return &SignatureData{`
			`RequestMethod: method,`
			`Nonce: nonce,`
			`URL: u,`
			`Digest: digest,`
			`}`
			`}`

			`func (s *SignatureData) String() string {`
			`return fmt.Sprintf("%s %s?%s %s %s", strings.ToLower(s.RequestMethod), s.URL.Path, s.URL.RawQuery, s.Nonce, base64.StdEncoding.EncodeToString(s.Digest))`
			`}`

			`func (s *SignatureData) Validate(pubKey ed25519.PublicKey, signature []byte) bool {`
			`return ed25519.Verify(pubKey, []byte(s.String()), signature)`
			`}`

			`func (s *SignatureData) Sign(privKey ed25519.PrivateKey) []byte {`
			`return ed25519.Sign(privKey, []byte(s.String()))`
			`}`

			`type Signer struct {`
			`PrivateKey ed25519.PrivateKey`
			`UserURL *url.URL`
			`}`

			`func (s Signer) Sign(signatureData SignatureData) *FederationHeaders {`
			`return &FederationHeaders{`
			`SignedBy: s.UserURL,`
			`Nonce: signatureData.Nonce,`
			`Signature: signatureData.Sign(s.PrivateKey),`
			`}`
			`}`

			`type Verifier struct {`
			`PublicKey ed25519.PublicKey`
			`}`

			`func (v Verifier) Verify(method string, u url.URL, body []byte, fedHeaders FederationHeaders) bool {`
			`sigData := NewSignatureData(method, fedHeaders.Nonce, u, hashSHA256(body))`

			`return sigData.Validate(v.PublicKey, fedHeaders.Signature)`
			`}`