1 defmodule Pleroma.Web.Salmon do
2 @httpoison Application.get_env(:pleroma, :httpoison)
6 alias Pleroma.Web.OStatus.ActivityRepresenter
11 doc = XML.parse_document(salmon)
13 {:xmlObj, :string, data} = :xmerl_xpath.string('string(//me:data[1])', doc)
14 {:xmlObj, :string, sig} = :xmerl_xpath.string('string(//me:sig[1])', doc)
15 {:xmlObj, :string, alg} = :xmerl_xpath.string('string(//me:alg[1])', doc)
16 {:xmlObj, :string, encoding} = :xmerl_xpath.string('string(//me:encoding[1])', doc)
17 {:xmlObj, :string, type} = :xmerl_xpath.string('string(//me:data[1]/@type)', doc)
19 {:ok, data} = Base.url_decode64(to_string(data), ignore: :whitespace)
20 {:ok, sig} = Base.url_decode64(to_string(sig), ignore: :whitespace)
22 encoding = to_string(encoding)
23 type = to_string(type)
25 [data, type, encoding, alg, sig]
28 def fetch_magic_key(salmon) do
29 with [data, _, _, _, _] <- decode(salmon),
30 doc <- XML.parse_document(data),
31 uri when not is_nil(uri) <- XML.string_from_xpath("/entry/author[1]/uri", doc),
32 {:ok, public_key} <- User.get_public_key_for_ap_id(uri),
33 magic_key <- encode_key(public_key) do
38 def decode_and_validate(magickey, salmon) do
39 [data, type, encoding, alg, sig] = decode(salmon)
42 [data, type, encoding, alg]
43 |> Enum.map(&Base.url_encode64/1)
46 key = decode_key(magickey)
48 verify = :public_key.verify(signed_text, :sha256, sig, key)
57 def decode_key("RSA." <> magickey) do
58 make_integer = fn bin ->
59 list = :erlang.binary_to_list(bin)
60 Enum.reduce(list, 0, fn el, acc -> acc <<< 8 ||| el end)
66 |> Enum.map(fn n -> Base.url_decode64!(n, padding: false) end)
67 |> Enum.map(make_integer)
69 {:RSAPublicKey, modulus, exponent}
72 def encode_key({:RSAPublicKey, modulus, exponent}) do
73 modulus_enc = :binary.encode_unsigned(modulus) |> Base.url_encode64()
74 exponent_enc = :binary.encode_unsigned(exponent) |> Base.url_encode64()
76 "RSA.#{modulus_enc}.#{exponent_enc}"
79 # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
80 # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
82 _ = :public_key.generate_key({:rsa, 2048, 65537})
84 def generate_rsa_pem do
85 key = :public_key.generate_key({:rsa, 2048, 65537})
86 entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
87 pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
92 def generate_rsa_pem do
93 port = Port.open({:spawn, "openssl genrsa"}, [:binary])
97 {^port, {:data, pem}} -> {:ok, pem}
102 if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
110 def keys_from_pem(pem) do
111 [private_key_code] = :public_key.pem_decode(pem)
112 private_key = :public_key.pem_entry_decode(private_key_code)
113 {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
114 public_key = {:RSAPublicKey, modulus, exponent}
115 {:ok, private_key, public_key}
118 def encode(private_key, doc) do
119 type = "application/atom+xml"
120 encoding = "base64url"
124 [doc, type, encoding, alg]
125 |> Enum.map(&Base.url_encode64/1)
130 |> :public_key.sign(:sha256, private_key)
132 |> Base.url_encode64()
136 |> Base.url_encode64()
138 # Don't need proper xml building, these strings are safe to leave unescaped
140 <?xml version="1.0" encoding="UTF-8"?>
141 <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
142 <me:data type="application/atom+xml">#{doc_base64}</me:data>
143 <me:encoding>#{encoding}</me:encoding>
144 <me:alg>#{alg}</me:alg>
145 <me:sig>#{signature}</me:sig>
152 def remote_users(%{data: %{"to" => to} = data}) do
153 to = to ++ (data["cc"] || [])
156 |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end)
157 |> Enum.filter(fn user -> user && !user.local end)
160 defp send_to_user(%{info: %{salmon: salmon}}, feed, poster) do
161 with {:ok, %{status: code}} <-
165 [{"Content-Type", "application/magic-envelope+xml"}],
172 Logger.debug(fn -> "Pushed to #{salmon}, code #{code}" end)
174 e -> Logger.debug(fn -> "Pushing Salmon to #{salmon} failed, #{inspect(e)}" end)
178 defp send_to_user(_, _, _), do: nil
180 @supported_activities [
188 def publish(user, activity, poster \\ &@httpoison.post/4)
190 def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
191 when type in @supported_activities do
192 feed = ActivityRepresenter.to_simple_form(activity, user, true)
196 ActivityRepresenter.wrap_with_entry(feed)
197 |> :xmerl.export_simple(:xmerl_xml)
200 {:ok, private, _} = keys_from_pem(keys)
201 {:ok, feed} = encode(private, feed)
203 remote_users(activity)
204 |> Enum.each(fn remote_user ->
206 Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
207 send_to_user(remote_user, feed, poster)
213 def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)