logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

signature.ex (4521B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Signature do
  6.   @behaviour HTTPSignatures.Adapter
  8.   alias Pleroma.EctoType.ActivityPub.ObjectValidators
  9.   alias Pleroma.Keys
  10.   alias Pleroma.User
  11.   alias Pleroma.Web.ActivityPub.ActivityPub
  13.   import Plug.Conn, only: [put_req_header: 3]
  15.   @http_signatures_impl Application.compile_env(
  16.                           :pleroma,
  17.                           [__MODULE__, :http_signatures_impl],
  18.                           HTTPSignatures
  19.                         )
  21.   @known_suffixes ["/publickey", "/main-key"]
  23.   def key_id_to_actor_id(key_id) do
  24.     uri =
  25.       key_id
  26.       |> URI.parse()
  27.       |> Map.put(:fragment, nil)
  28.       |> remove_suffix(@known_suffixes)
  30.     maybe_ap_id = URI.to_string(uri)
  32.     case ObjectValidators.ObjectID.cast(maybe_ap_id) do
  33.       {:ok, ap_id} ->
  34.         {:ok, ap_id}
  36.       _ ->
  37.         case Pleroma.Web.WebFinger.finger(maybe_ap_id) do
  38.           {:ok, %{"ap_id" => ap_id}} -> {:ok, ap_id}
  39.           _ -> {:error, maybe_ap_id}
  40.         end
  41.     end
  42.   end
  44.   defp remove_suffix(uri, [test | rest]) do
  45.     if not is_nil(uri.path) and String.ends_with?(uri.path, test) do
  46.       Map.put(uri, :path, String.replace(uri.path, test, ""))
  47.     else
  48.       remove_suffix(uri, rest)
  49.     end
  50.   end
  52.   defp remove_suffix(uri, []), do: uri
  54.   def fetch_public_key(conn) do
  55.     with {:ok, actor_id} <- get_actor_id(conn),
  56.          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
  57.       {:ok, public_key}
  58.     else
  59.       e ->
  60.         {:error, e}
  61.     end
  62.   end
  64.   def refetch_public_key(conn) do
  65.     with {:ok, actor_id} <- get_actor_id(conn),
  66.          {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
  67.          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
  68.       {:ok, public_key}
  69.     else
  70.       e ->
  71.         {:error, e}
  72.     end
  73.   end
  75.   def get_actor_id(conn) do
  76.     with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
  77.          {:ok, actor_id} <- key_id_to_actor_id(kid) do
  78.       {:ok, actor_id}
  79.     else
  80.       e ->
  81.         {:error, e}
  82.     end
  83.   end
  85.   def sign(%User{keys: keys} = user, headers) do
  86.     with {:ok, private_key, _} <- Keys.keys_from_pem(keys) do
  87.       HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
  88.     end
  89.   end
  91.   def signed_date, do: signed_date(NaiveDateTime.utc_now())
  93.   def signed_date(%NaiveDateTime{} = date) do
  94.     Timex.format!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
  95.   end
  97.   @spec validate_signature(Plug.Conn.t(), String.t()) :: boolean()
  98.   def validate_signature(%Plug.Conn{} = conn, request_target) do
  99.     # Newer drafts for HTTP signatures now use @request-target instead of the
  100.     # old (request-target). We'll now support both for incoming signatures.
  101.     conn =
  102.       conn
  103.       |> put_req_header("(request-target)", request_target)
  104.       |> put_req_header("@request-target", request_target)
  106.     @http_signatures_impl.validate_conn(conn)
  107.   end
  109.   @spec validate_signature(Plug.Conn.t()) :: boolean()
  110.   def validate_signature(%Plug.Conn{} = conn) do
  111.     # This (request-target) is non-standard, but many implementations do it
  112.     # this way due to a misinterpretation of
  113.     # https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-06
  114.     # "path" was interpreted as not having the query, though later examples
  115.     # show that it must be the absolute path + query. This behavior is kept to
  116.     # make sure most software (Pleroma itself, Mastodon, and probably others)
  117.     # do not break.
  118.     request_target = Enum.join([String.downcase(conn.method), conn.request_path], " ")
  120.     # This is the proper way to build the @request-target, as expected by
  121.     # many HTTP signature libraries, clarified in the following draft:
  122.     # https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-11.html#section-2.2.6
  123.     # It is the same as before, but containing the query part as well.
  124.     proper_target = Enum.join([request_target, "?", conn.query_string], "")
  126.     cond do
  127.       # Normal, non-standard behavior but expected by Pleroma and more.
  128.       validate_signature(conn, request_target) ->
  129.         true
  131.       # Has query string and the previous one failed: let's try the standard.
  132.       conn.query_string != "" ->
  133.         validate_signature(conn, proper_target)
  135.       # If there's no query string and signature fails, it's rotten.
  136.       true ->
  137.         false
  138.     end
  139.   end
  140. end