http signature and example

actions/say_hello.lua

@@ -0,0 +1,37 @@
+event: ["say_hello"]
+priority: 1
+
+local port = ctx.msg.path_segments[2]
+
+local date = tostring(time.now())
+local body = '{"title":"Hello Message","type":"msg","text":"Hello"}'
+
+--local signature_string = "date: " .. date .. "\n" .. body
+signature_string = "a"
+log.trace("signature string", signature_string)
+
+-- from torchbear/src/lua_bindings/crypto/mod.rs at line 129
+local key = crypto.sign.load_secret("+qEY1pRSYy7gTfJ58GLrDQTuhgiTf49Cy9yEgvix3vHGkq2b5t55E36RPtVYgnTn+2SF0Of8nEeVOyTvcvlnnQ==")
+
+local signature = key:sign_detached(signature_string)
+
+local signature_header = 'keyId="alice",algorithm="rsa-sha256",signature="' .. signature .. '"'
+
+local response = ClientRequest.build()
+    :method("POST")
+    :uri("http://localhost:" .. port .. "/")
+    :headers({
+      ["content-type"] = "application/json",
+      ["date"] = date,
+      ["signature"] = signature_header,
+    })
+    :send_with_body(body)
+
+--local inspect = require "inspect"
+
+return {
+    headers = {
+        ["content-type"] = "application/json",
+    },
+    body = '{"message":"said hello"}'
+}

actions/send_key_action.lua

@@ -49,15 +49,25 @@ if not private_key then
     }
 end
 
-log.trace("Key exists")
+local public_key
+do
+  local file_content = fs.read_file("content/" .. public_uuid)
+  local header, content = split_yaml_header(file_content)
+  public_key = content
+end
+
+local port = req.path_segments[2]
 
-print(private_key)
+log.info("sending public key", public_key, "to port", port)
 
 local new_todo = ClientRequest.build()
     :method("POST")
-    :uri("http://localhost:3001/")
-    :headers({ ["content-type"] = "application/json" })
-    :send_with_body('{"title":"recieved key","type":"key","text":"' .. tostring(private_key) .. '"}')
+    :uri("http://localhost:" .. port .. "/")
+    :headers({
+      ["content-type"] = "application/json",
+      ["lighttouch-identity"] = "alice",
+    })
+    :send_with_body('{"title":"recieved key","type":"key","text":"' .. public_key .. '"}')
 
 return {
     headers = {

actions/verify_signature.lua

@@ -0,0 +1,49 @@
+event: ["reqProcess"]
+priority: 1
+
+-- TODO: the headers part of the signature header is being ignored.
+-- every header listed in headers, separated with spaces, must be included
+
+local header = req.headers["signature"]
+log.trace("signature header", header)
+
+if not header then log.info("Unsigned Request") return end
+
+local keys = {
+  alice = "xpKtm+beeRN+kT7VWIJ05/tkhdDn/JxHlTsk73L5Z50="
+}
+
+local keyId, signature = header:match('keyId="(%a+)".+signature="([^"]+)"')
+log.debug("keyId", keyId)
+log.debug("signature", signature)
+
+--[=[
+local sig_parts = {}
+for _, part in ipairs(header:split(",")) do
+  local ps = part:split("=")
+  -- remove start and end quotes (doesn't handle escape sequences)
+  sig_parts[ps[1]] = ps[2]:sub(2, -2)
+end
+
+log.trace("signature parts")
+for k, v in pairs(sig_parts) do
+  log.debug(k, v)
+end
+
+local signature = sig_parts.signature
+]=]
+
+local key = crypto.sign.load_public(keys[keyId])
+log.trace("public key for", keyId, key)
+
+local signature_string = "date: " .. req.headers.date .. "\n" .. req.body_raw
+signature_string = "a"
+log.trace("signature string", signature_string)
+
+local is_valid = key:verify_detached(signature_string, signature)
+if is_valid then
+  log.info("request signature is valid")
+else
+  log.warn("invalid request signature")
+end
+

events.txt

@@ -1,3 +1,4 @@
 key_generation_request
 witness_request
 send_key
+say_hello

rules/say_hello_rule.lua

@@ -0,0 +1,6 @@
+if req.method == "GET"
+and #req.path_segments == 2
+and req.path_segments[1] == "say_hello"
+then
+  events["say_hello"]:trigger()
+end

rules/send_key_rule.lua

@@ -1,5 +1,5 @@
 if req.method == "GET"
-and #req.path_segments == 1
+and #req.path_segments == 2
 and req.path_segments[1]:match("send_key") -- TODO: make it a known type, not just any word
 then
     events["send_key"]:trigger(req)