1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Salmon do
6 @httpoison Application.get_env(:pleroma, :httpoison)
10 alias Pleroma.Web.OStatus.ActivityRepresenter
15 doc = XML.parse_document(salmon)
17 {:xmlObj, :string, data} = :xmerl_xpath.string('string(//me:data[1])', doc)
18 {:xmlObj, :string, sig} = :xmerl_xpath.string('string(//me:sig[1])', doc)
19 {:xmlObj, :string, alg} = :xmerl_xpath.string('string(//me:alg[1])', doc)
20 {:xmlObj, :string, encoding} = :xmerl_xpath.string('string(//me:encoding[1])', doc)
21 {:xmlObj, :string, type} = :xmerl_xpath.string('string(//me:data[1]/@type)', doc)
23 {:ok, data} = Base.url_decode64(to_string(data), ignore: :whitespace)
24 {:ok, sig} = Base.url_decode64(to_string(sig), ignore: :whitespace)
26 encoding = to_string(encoding)
27 type = to_string(type)
29 [data, type, encoding, alg, sig]
32 def fetch_magic_key(salmon) do
33 with [data, _, _, _, _] <- decode(salmon),
34 doc <- XML.parse_document(data),
35 uri when not is_nil(uri) <- XML.string_from_xpath("/entry/author[1]/uri", doc),
36 {:ok, public_key} <- User.get_public_key_for_ap_id(uri),
37 magic_key <- encode_key(public_key) do
42 def decode_and_validate(magickey, salmon) do
43 [data, type, encoding, alg, sig] = decode(salmon)
46 [data, type, encoding, alg]
47 |> Enum.map(&Base.url_encode64/1)
50 key = decode_key(magickey)
52 verify = :public_key.verify(signed_text, :sha256, sig, key)
61 def decode_key("RSA." <> magickey) do
62 make_integer = fn bin ->
63 list = :erlang.binary_to_list(bin)
64 Enum.reduce(list, 0, fn el, acc -> acc <<< 8 ||| el end)
70 |> Enum.map(fn n -> Base.url_decode64!(n, padding: false) end)
71 |> Enum.map(make_integer)
73 {:RSAPublicKey, modulus, exponent}
76 def encode_key({:RSAPublicKey, modulus, exponent}) do
77 modulus_enc = :binary.encode_unsigned(modulus) |> Base.url_encode64()
78 exponent_enc = :binary.encode_unsigned(exponent) |> Base.url_encode64()
80 "RSA.#{modulus_enc}.#{exponent_enc}"
83 # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
84 # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
86 _ = :public_key.generate_key({:rsa, 2048, 65537})
88 def generate_rsa_pem do
89 key = :public_key.generate_key({:rsa, 2048, 65537})
90 entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
91 pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
96 def generate_rsa_pem do
97 port = Port.open({:spawn, "openssl genrsa"}, [:binary])
101 {^port, {:data, pem}} -> {:ok, pem}
106 if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
114 def keys_from_pem(pem) do
115 [private_key_code] = :public_key.pem_decode(pem)
116 private_key = :public_key.pem_entry_decode(private_key_code)
117 {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
118 public_key = {:RSAPublicKey, modulus, exponent}
119 {:ok, private_key, public_key}
122 def encode(private_key, doc) do
123 type = "application/atom+xml"
124 encoding = "base64url"
128 [doc, type, encoding, alg]
129 |> Enum.map(&Base.url_encode64/1)
134 |> :public_key.sign(:sha256, private_key)
136 |> Base.url_encode64()
140 |> Base.url_encode64()
142 # Don't need proper xml building, these strings are safe to leave unescaped
144 <?xml version="1.0" encoding="UTF-8"?>
145 <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
146 <me:data type="application/atom+xml">#{doc_base64}</me:data>
147 <me:encoding>#{encoding}</me:encoding>
148 <me:alg>#{alg}</me:alg>
149 <me:sig>#{signature}</me:sig>
156 def remote_users(%{data: %{"to" => to} = data}) do
157 to = to ++ (data["cc"] || [])
160 |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end)
161 |> Enum.filter(fn user -> user && !user.local end)
164 # push an activity to remote accounts
166 defp send_to_user(%{info: %{salmon: salmon}}, feed, poster),
167 do: send_to_user(salmon, feed, poster)
169 defp send_to_user(url, feed, poster) when is_binary(url) do
170 with {:ok, %{status: code}} <-
174 [{"Content-Type", "application/magic-envelope+xml"}]
176 Logger.debug(fn -> "Pushed to #{url}, code #{code}" end)
178 e -> Logger.debug(fn -> "Pushing Salmon to #{url} failed, #{inspect(e)}" end)
182 defp send_to_user(_, _, _), do: nil
184 @supported_activities [
194 Publishes an activity to remote accounts
196 @spec publish(User.t(), Pleroma.Activity.t(), Pleroma.HTTP.t()) :: none
197 def publish(user, activity, poster \\ &@httpoison.post/3)
199 def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
200 when type in @supported_activities do
201 feed = ActivityRepresenter.to_simple_form(activity, user, true)
205 ActivityRepresenter.wrap_with_entry(feed)
206 |> :xmerl.export_simple(:xmerl_xml)
209 {:ok, private, _} = keys_from_pem(keys)
210 {:ok, feed} = encode(private, feed)
212 remote_users(activity)
213 |> Enum.each(fn remote_user ->
215 Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
216 send_to_user(remote_user, feed, poster)
222 def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)