--- /dev/null
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Keys do
+ # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
+ # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
+ try do
+ _ = :public_key.generate_key({:rsa, 2048, 65_537})
+
+ def generate_rsa_pem do
+ key = :public_key.generate_key({:rsa, 2048, 65_537})
+ entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
+ pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
+ {:ok, pem}
+ end
+ rescue
+ _ ->
+ def generate_rsa_pem do
+ port = Port.open({:spawn, "openssl genrsa"}, [:binary])
+
+ {:ok, pem} =
+ receive do
+ {^port, {:data, pem}} -> {:ok, pem}
+ end
+
+ Port.close(port)
+
+ if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
+ {:ok, pem}
+ else
+ :error
+ end
+ end
+ end
+
+ def keys_from_pem(pem) do
+ [private_key_code] = :public_key.pem_decode(pem)
+ private_key = :public_key.pem_entry_decode(private_key_code)
+ {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
+ public_key = {:RSAPublicKey, modulus, exponent}
+ {:ok, private_key, public_key}
+ end
+end
defmodule Pleroma.Signature do
@behaviour HTTPSignatures.Adapter
+ alias Pleroma.Keys
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.ActivityPub.Utils
- alias Pleroma.Web.Salmon
- alias Pleroma.Web.WebFinger
def fetch_public_key(conn) do
with actor_id <- Utils.get_ap_id(conn.params["actor"]),
end
def sign(%User{} = user, headers) do
- with {:ok, %{info: %{keys: keys}}} <- WebFinger.ensure_keys_present(user),
- {:ok, private_key, _} <- Salmon.keys_from_pem(keys) do
+ with {:ok, %{info: %{keys: keys}}} <- User.ensure_keys_present(user),
+ {:ok, private_key, _} <- Keys.keys_from_pem(keys) do
HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
end
end
alias Comeonin.Pbkdf2
alias Pleroma.Activity
+ alias Pleroma.Keys
alias Pleroma.Notification
alias Pleroma.Object
alias Pleroma.Registration
}
}
end
+
+ def ensure_keys_present(user) do
+ info = user.info
+
+ if info.keys do
+ {:ok, user}
+ else
+ {:ok, pem} = Keys.generate_rsa_pem()
+
+ info_cng =
+ info
+ |> User.Info.set_keys(pem)
+
+ cng =
+ Ecto.Changeset.change(user)
+ |> Ecto.Changeset.put_embed(:info, info_cng)
+
+ update_and_set_cache(cng)
+ end
+ end
end
def user(conn, %{"nickname" => nickname}) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(UserView.render("user.json", %{user: user}))
def following(conn, %{"nickname" => nickname, "page" => page}) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
{page, _} = Integer.parse(page)
conn
def following(conn, %{"nickname" => nickname}) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(UserView.render("following.json", %{user: user}))
def followers(conn, %{"nickname" => nickname, "page" => page}) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
{page, _} = Integer.parse(page)
conn
def followers(conn, %{"nickname" => nickname}) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(UserView.render("followers.json", %{user: user}))
def outbox(conn, %{"nickname" => nickname} = params) do
with %User{} = user <- User.get_cached_by_nickname(nickname),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(UserView.render("outbox.json", %{user: user, max_id: params["max_id"]}))
def relay(conn, _params) do
with %User{} = user <- Relay.get_actor(),
- {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+ {:ok, user} <- User.ensure_keys_present(user) do
conn
|> put_resp_header("content-type", "application/activity+json")
|> json(UserView.render("user.json", %{user: user}))
defmodule Pleroma.Web.ActivityPub.UserView do
use Pleroma.Web, :view
+ alias Pleroma.Keys
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.Endpoint
alias Pleroma.Web.Router.Helpers
- alias Pleroma.Web.Salmon
- alias Pleroma.Web.WebFinger
import Ecto.Query
# the instance itself is not a Person, but instead an Application
def render("user.json", %{user: %{nickname: nil} = user}) do
- {:ok, user} = WebFinger.ensure_keys_present(user)
- {:ok, _, public_key} = Salmon.keys_from_pem(user.info.keys)
+ {:ok, user} = User.ensure_keys_present(user)
+ {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
public_key = :public_key.pem_encode([public_key])
end
def render("user.json", %{user: user}) do
- {:ok, user} = WebFinger.ensure_keys_present(user)
- {:ok, _, public_key} = Salmon.keys_from_pem(user.info.keys)
+ {:ok, user} = User.ensure_keys_present(user)
+ {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
public_key = :public_key.pem_encode([public_key])
alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.Federator.Publisher
alias Pleroma.Web.Federator.RetryQueue
- alias Pleroma.Web.WebFinger
alias Pleroma.Web.Websub
require Logger
def perform(:publish, activity) do
Logger.debug(fn -> "Running publish for #{activity.data["id"]}" end)
- with actor when not is_nil(actor) <- User.get_cached_by_ap_id(activity.data["actor"]) do
- {:ok, actor} = WebFinger.ensure_keys_present(actor)
-
+ with %User{} = actor <- User.get_cached_by_ap_id(activity.data["actor"]),
+ {:ok, actor} <- User.ensure_keys_present(actor) do
Publisher.publish(actor, activity)
end
end
use Bitwise
alias Pleroma.Activity
+ alias Pleroma.Keys
alias Pleroma.Instances
alias Pleroma.User
alias Pleroma.Web.ActivityPub.Visibility
"RSA.#{modulus_enc}.#{exponent_enc}"
end
- # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
- # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
- try do
- _ = :public_key.generate_key({:rsa, 2048, 65_537})
-
- def generate_rsa_pem do
- key = :public_key.generate_key({:rsa, 2048, 65_537})
- entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
- pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
- {:ok, pem}
- end
- rescue
- _ ->
- def generate_rsa_pem do
- port = Port.open({:spawn, "openssl genrsa"}, [:binary])
-
- {:ok, pem} =
- receive do
- {^port, {:data, pem}} -> {:ok, pem}
- end
-
- Port.close(port)
-
- if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
- {:ok, pem}
- else
- :error
- end
- end
- end
-
- def keys_from_pem(pem) do
- [private_key_code] = :public_key.pem_decode(pem)
- private_key = :public_key.pem_entry_decode(private_key_code)
- {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
- public_key = {:RSAPublicKey, modulus, exponent}
- {:ok, private_key, public_key}
- end
-
def encode(private_key, doc) do
type = "application/atom+xml"
encoding = "base64url"
|> :xmerl.export_simple(:xmerl_xml)
|> to_string
- {:ok, private, _} = keys_from_pem(keys)
+ {:ok, private, _} = Keys.keys_from_pem(keys)
{:ok, feed} = encode(private, feed)
remote_users = remote_users(activity)
def publish(%{id: id}, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
def gather_webfinger_links(%User{} = user) do
- {:ok, _private, public} = keys_from_pem(user.info.keys)
+ {:ok, _private, public} = Keys.keys_from_pem(user.info.keys)
magic_key = encode_key(public)
[
alias Pleroma.User
alias Pleroma.Web
alias Pleroma.Web.Federator.Publisher
- alias Pleroma.Web.Salmon
alias Pleroma.Web.XML
alias Pleroma.XmlBuilder
require Jason
end
def represent_user(user, "JSON") do
- {:ok, user} = ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
%{
"subject" => "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}",
end
def represent_user(user, "XML") do
- {:ok, user} = ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
links =
gather_links(user)
|> XmlBuilder.to_doc()
end
- # This seems a better fit in Salmon
- def ensure_keys_present(user) do
- info = user.info
-
- if info.keys do
- {:ok, user}
- else
- {:ok, pem} = Salmon.generate_rsa_pem()
-
- info_cng =
- info
- |> User.Info.set_keys(pem)
-
- cng =
- Ecto.Changeset.change(user)
- |> Ecto.Changeset.put_embed(:info, info_cng)
-
- User.update_and_set_cache(cng)
- end
- end
-
defp get_magic_key(magic_key) do
"data:application/magic-public-key," <> magic_key = magic_key
{:ok, magic_key}
--- /dev/null
+defmodule Pleroma.KeysTest do
+ use Pleroma.DataCase
+
+ alias Pleroma.Keys
+
+ test "generates an RSA private key pem" do
+ {:ok, key} = Keys.generate_rsa_pem()
+
+ assert is_binary(key)
+ assert Regex.match?(~r/RSA/, key)
+ end
+
+ test "returns a public and private key from a pem" do
+ pem = File.read!("test/fixtures/private_key.pem")
+ {:ok, private, public} = Keys.keys_from_pem(pem)
+
+ assert elem(private, 0) == :RSAPrivateKey
+ assert elem(public, 0) == :RSAPublicKey
+ end
+end
refute user.info.confirmation_token
end
end
+
+ describe "ensure_keys_present" do
+ test "it creates keys for a user and stores them in info" do
+ user = insert(:user)
+ refute is_binary(user.info.keys)
+ {:ok, user} = User.ensure_keys_present(user)
+ assert is_binary(user.info.keys)
+ end
+
+ test "it doesn't create keys if there already are some" do
+ user = insert(:user, %{info: %{keys: "xxx"}})
+ {:ok, user} = User.ensure_keys_present(user)
+ assert user.info.keys == "xxx"
+ end
+ end
end
describe "update" do
test "it creates an update activity with the new user data" do
user = insert(:user)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
user_data = Pleroma.Web.ActivityPub.UserView.render("user.json", %{user: user})
{:ok, update} =
use Pleroma.DataCase
import Pleroma.Factory
+ alias Pleroma.User
alias Pleroma.Web.ActivityPub.UserView
test "Renders a user, including the public key" do
user = insert(:user)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
test "Does not add an avatar image if the user hasn't set one" do
user = insert(:user)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
refute result["icon"]
}
)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
assert result["icon"]["url"] == "https://someurl"
describe "endpoints" do
test "local users have a usable endpoints structure" do
user = insert(:user)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
test "remote users have an empty endpoints structure" do
user = insert(:user, local: false)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
test "instance users do not expose oAuth endpoints" do
user = insert(:user, nickname: nil, local: true)
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
result = UserView.render("user.json", %{user: user})
defmodule Pleroma.Web.Salmon.SalmonTest do
use Pleroma.DataCase
alias Pleroma.Activity
+ alias Pleroma.Keys
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.Web.Federator.Publisher
assert Salmon.decode_and_validate(@wrong_magickey, salmon) == :error
end
- test "generates an RSA private key pem" do
- {:ok, key} = Salmon.generate_rsa_pem()
- assert is_binary(key)
- assert Regex.match?(~r/RSA/, key)
- end
-
test "it encodes a magic key from a public key" do
key = Salmon.decode_key(@magickey)
magic_key = Salmon.encode_key(key)
_key = Salmon.decode_key(@magickey_friendica)
end
- test "returns a public and private key from a pem" do
- pem = File.read!("test/fixtures/private_key.pem")
- {:ok, private, public} = Salmon.keys_from_pem(pem)
-
- assert elem(private, 0) == :RSAPrivateKey
- assert elem(public, 0) == :RSAPublicKey
- end
-
test "encodes an xml payload with a private key" do
doc = File.read!("test/fixtures/incoming_note_activity.xml")
pem = File.read!("test/fixtures/private_key.pem")
- {:ok, private, public} = Salmon.keys_from_pem(pem)
+ {:ok, private, public} = Keys.keys_from_pem(pem)
# Let's try a roundtrip.
{:ok, salmon} = Salmon.encode(private, doc)
{:ok, activity} = Repo.insert(%Activity{data: activity_data, recipients: activity_data["to"]})
user = User.get_cached_by_ap_id(activity.data["actor"])
- {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user)
+ {:ok, user} = User.ensure_keys_present(user)
Salmon.publish(user, activity)
assert template == "http://status.alpicola.com/main/xrd?uri={uri}"
end
end
-
- describe "ensure_keys_present" do
- test "it creates keys for a user and stores them in info" do
- user = insert(:user)
- refute is_binary(user.info.keys)
- {:ok, user} = WebFinger.ensure_keys_present(user)
- assert is_binary(user.info.keys)
- end
-
- test "it doesn't create keys if there already are some" do
- user = insert(:user, %{info: %{keys: "xxx"}})
- {:ok, user} = WebFinger.ensure_keys_present(user)
- assert user.info.keys == "xxx"
- end
- end
end
projects / akkoma / commitdiff