From b8bc2304038cb5253176ce47329f8d88dd794268 Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 30 Mar 2020 01:06:13 -0500 Subject: [PATCH] Move sign, verify to threadpool --- Cargo.lock | 70 ++++++++++++++++++-------------------- Cargo.toml | 3 ++ src/error.rs | 2 +- src/middleware/verifier.rs | 22 +++++++----- src/requests.rs | 54 ++++++++++++++++++++--------- 5 files changed, 90 insertions(+), 61 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fd9babd..737a980 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -411,9 +411,9 @@ dependencies = [ [[package]] name = "async-trait" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21a03abb7c9b93ae229356151a083d26218c0358866a2a59d4280c856e9482e6" +checksum = "991d0a1a3e790c835fd54ab41742a59251338d8c7577fe7d7f0170c7072be708" dependencies = [ "proc-macro2", "quote", @@ -801,9 +801,9 @@ dependencies = [ [[package]] name = "derive_more" -version = "0.99.3" +version = "0.99.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a806e96c59a76a5ba6e18735b6cf833344671e61e7863f2edb5c518ea2cac95c" +checksum = "e2323f3f47db9a0e77ce7a300605d8d2098597fc451ed1a97bb1f6411bb550a7" dependencies = [ "proc-macro2", "quote", @@ -1077,9 +1077,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d5c295d1c0c68e4e42003d75f908f5e16a1edd1cbe0b0d02e4dc2006a384f47" +checksum = "7938e6aa2a31df4e21f224dc84704bd31c089a6d1355c535b03667371cccc843" dependencies = [ "bytes", "fnv", @@ -1115,9 +1115,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.1.8" +version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1010591b26bbfe835e9faeabeb11866061cc7dcebffd56ad7d0942d0e61aefd8" +checksum = "725cf19794cf90aa94e65050cb4191ff5d8fa87a498383774c47b332e3af952e" dependencies = [ "libc", ] @@ -1159,9 +1159,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b708cc7f06493459026f53b9a61a7a121a5d1ec6238dee58ea4941132b30156b" +checksum = "28d569972648b2c512421b5f2a405ad6ac9666547189d0c5477a3f200f3e02f9" dependencies = [ "bytes", "fnv", @@ -1171,8 +1171,7 @@ dependencies = [ [[package]] name = "http-signature-normalization" version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "257835255b5d40c6de712d90e56dc874ca5da2816121e7b9f3cfc7b3a55a5714" +source = "git+https://git.asonix.dog/Aardwolf/http-signature-normalization#a38b6aa1edad3cda6970a064d36779aba2f1f2f7" dependencies = [ "chrono", "thiserror", @@ -1181,8 +1180,7 @@ dependencies = [ [[package]] name = "http-signature-normalization-actix" version = "0.3.0-alpha.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cb648b09e044851e0afb1056af9bdaf723264ae5967647959ded12bedde4c30" +source = "git+https://git.asonix.dog/Aardwolf/http-signature-normalization#a38b6aa1edad3cda6970a064d36779aba2f1f2f7" dependencies = [ "actix-http", "actix-web", @@ -1269,9 +1267,9 @@ checksum = "b8b7a7c0c47db5545ed3fef7468ee7bb5b74691498139e4b3f6a20685dc6dd8e" [[package]] name = "js-sys" -version = "0.3.36" +version = "0.3.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cb931d43e71f560c81badb0191596562bafad2be06a3f9025b845c847c60df5" +checksum = "6a27d435371a2fa5b6d2b028a74bbdb1234f308da363226a2854ca3ff8ba7055" dependencies = [ "wasm-bindgen", ] @@ -1993,9 +1991,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.11" +version = "0.16.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "741ba1704ae21999c00942f9f5944f801e977f54302af346b596287599ad1862" +checksum = "1ba5a8ec64ee89a76c98c549af81ff14813df09c3e6dc4766c3856da48597a0c" dependencies = [ "cc", "lazy_static", @@ -2203,9 +2201,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.48" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9371ade75d4c2d6cb154141b9752cf3781ec9c05e0e5cf35060e1e70ee7b9c25" +checksum = "78a7a12c167809363ec3bd7329fc0a3369056996de43c4b37ef3cd54a6ce4867" dependencies = [ "itoa", "ryu", @@ -2512,18 +2510,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.13" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3711fd1c4e75b3eff12ba5c40dba762b6b65c5476e8174c1a664772060c49bf" +checksum = "f0570dc61221295909abdb95c739f2e74325e14293b2026b0a7e195091ec54ae" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.13" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae2b85ba4c9aa32dd3343bd80eb8d22e9b54b7688c17ea3907f236885353b233" +checksum = "227362df41d566be41a28f64401e07a043157c21c14b9785a0d8e256f940a8fd" dependencies = [ "proc-macro2", "quote", @@ -2832,9 +2830,9 @@ checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" [[package]] name = "wasm-bindgen" -version = "0.2.59" +version = "0.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3557c397ab5a8e347d434782bcd31fc1483d927a6826804cec05cc792ee2519d" +checksum = "2cc57ce05287f8376e998cbddfb4c8cb43b84a7ec55cf4551d7c00eef317a47f" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2842,9 +2840,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.59" +version = "0.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0da9c9a19850d3af6df1cb9574970b566d617ecfaf36eb0b706b6f3ef9bd2f8" +checksum = "d967d37bf6c16cca2973ca3af071d0a2523392e4a594548155d89a678f4237cd" dependencies = [ "bumpalo", "lazy_static", @@ -2857,9 +2855,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.59" +version = "0.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f6fde1d36e75a714b5fe0cffbb78978f222ea6baebb726af13c78869fdb4205" +checksum = "8bd151b63e1ea881bb742cd20e1d6127cef28399558f3b5d415289bc41eee3a4" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2867,9 +2865,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.59" +version = "0.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25bda4168030a6412ea8a047e27238cadf56f0e53516e1e83fec0a8b7c786f6d" +checksum = "d68a5b36eef1be7868f668632863292e37739656a80fc4b9acec7b0bd35a4931" dependencies = [ "proc-macro2", "quote", @@ -2880,15 +2878,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.59" +version = "0.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc9f36ad51f25b0219a3d4d13b90eb44cd075dff8b6280cca015775d7acaddd8" +checksum = "daf76fe7d25ac79748a37538b7daeed1c7a6867c92d3245c12c6222e4a20d639" [[package]] name = "web-sys" -version = "0.3.36" +version = "0.3.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "721c6263e2c66fd44501cc5efbfa2b7dfa775d13e4ea38c46299646ed1f9c70a" +checksum = "2d6f51648d8c56c366144378a33290049eafdd784071077f6fe37dae64c1c4cb" dependencies = [ "js-sys", "wasm-bindgen", diff --git a/Cargo.toml b/Cargo.toml index ee5e057..210dcd1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,3 +56,6 @@ ructe = { version = "0.9.2", features = ["sass", "mime03"] } [profile.dev.package.rsa] opt-level = 3 + +[patch.crates-io] +http-signature-normalization-actix = { git = "https://git.asonix.dog/Aardwolf/http-signature-normalization" } diff --git a/src/error.rs b/src/error.rs index 4515681..2c16796 100644 --- a/src/error.rs +++ b/src/error.rs @@ -28,7 +28,7 @@ pub enum MyError { #[error("Couldn't perform IO, {0}")] Io(#[from] Error), - #[error("Couldn't sign string")] + #[error("Couldn't sign string, {0}")] Rsa(rsa::errors::Error), #[error("Couldn't do the json thing")] diff --git a/src/middleware/verifier.rs b/src/middleware/verifier.rs index f0a23ad..f5fe2ff 100644 --- a/src/middleware/verifier.rs +++ b/src/middleware/verifier.rs @@ -1,5 +1,6 @@ use crate::{data::ActorCache, error::MyError, requests::Requests}; use activitystreams::primitives::XsdAnyUri; +use actix_web::web; use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm}; use log::{error, warn}; use rsa::{hash::Hashes, padding::PaddingScheme, PublicKey, RSAPublicKey}; @@ -33,15 +34,20 @@ impl MyVerify { } }; - let decoded = base64::decode(signature)?; - let hashed = Sha256::digest(signing_string.as_bytes()); + web::block(move || { + let decoded = base64::decode(signature)?; + let hashed = Sha256::digest(signing_string.as_bytes()); - public_key.verify( - PaddingScheme::PKCS1v15, - Some(&Hashes::SHA2_256), - &hashed, - &decoded, - )?; + public_key.verify( + PaddingScheme::PKCS1v15, + Some(&Hashes::SHA2_256), + &hashed, + &decoded, + )?; + + Ok(()) as Result<(), MyError> + }) + .await?; Ok(true) } diff --git a/src/requests.rs b/src/requests.rs index 2c84e14..6310ea9 100644 --- a/src/requests.rs +++ b/src/requests.rs @@ -31,14 +31,19 @@ impl Requests { where T: serde::de::DeserializeOwned, { + let signer = self.signer(); + let mut res = self .client .get(url) .header("Accept", "application/activity+json") .header("User-Agent", self.user_agent.as_str()) - .signature(&self.config, &self.key_id, |signing_string| { - self.sign(signing_string) - })? + .signature( + self.config.clone(), + self.key_id.clone(), + move |signing_string| signer.sign(signing_string), + ) + .await? .send() .await .map_err(|e| { @@ -50,7 +55,7 @@ impl Requests { if let Ok(bytes) = res.body().await { if let Ok(s) = String::from_utf8(bytes.as_ref().to_vec()) { if !s.is_empty() { - error!("Response, {}", s); + error!("Response from {}, {}", url, s); } } } @@ -66,14 +71,19 @@ impl Requests { pub async fn fetch_bytes(&self, url: &str) -> Result<(String, Bytes), MyError> { info!("Fetching bytes for {}", url); + let signer = self.signer(); + let mut res = self .client .get(url) .header("Accept", "application/activity+json") .header("User-Agent", self.user_agent.as_str()) - .signature(&self.config, &self.key_id, |signing_string| { - self.sign(signing_string) - })? + .signature( + self.config.clone(), + self.key_id.clone(), + move |signing_string| signer.sign(signing_string), + ) + .await? .send() .await .map_err(|e| { @@ -95,7 +105,7 @@ impl Requests { if let Ok(bytes) = res.body().await { if let Ok(s) = String::from_utf8(bytes.as_ref().to_vec()) { if !s.is_empty() { - error!("Response, {}", s); + error!("Response from {}, {}", url, s); } } } @@ -118,8 +128,7 @@ impl Requests { where T: serde::ser::Serialize, { - let mut digest = Sha256::new(); - + let signer = self.signer(); let item_string = serde_json::to_string(item)?; let mut res = self @@ -129,12 +138,13 @@ impl Requests { .header("Content-Type", "application/activity+json") .header("User-Agent", self.user_agent.as_str()) .signature_with_digest( - &self.config, - &self.key_id, - &mut digest, + self.config.clone(), + self.key_id.clone(), + Sha256::new(), item_string, - |signing_string| self.sign(signing_string), - )? + move |signing_string| signer.sign(signing_string), + ) + .await? .send() .await .map_err(|e| { @@ -146,7 +156,7 @@ impl Requests { if let Ok(bytes) = res.body().await { if let Ok(s) = String::from_utf8(bytes.as_ref().to_vec()) { if !s.is_empty() { - error!("Response, {}", s); + error!("Response from {}, {}", inbox.as_str(), s); } } } @@ -156,6 +166,18 @@ impl Requests { Ok(()) } + fn signer(&self) -> Signer { + Signer { + private_key: self.private_key.clone(), + } + } +} + +struct Signer { + private_key: RSAPrivateKey, +} + +impl Signer { fn sign(&self, signing_string: &str) -> Result { let hashed = Sha256::digest(signing_string.as_bytes()); let bytes =