logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

signature.ex (4565B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Signature do
  6.   @behaviour Pleroma.Signature.API
  7.   @behaviour HTTPSignatures.Adapter
  9.   alias Pleroma.EctoType.ActivityPub.ObjectValidators
  10.   alias Pleroma.Keys
  11.   alias Pleroma.User
  12.   alias Pleroma.Web.ActivityPub.ActivityPub
  14.   import Plug.Conn, only: [put_req_header: 3]
  16.   @http_signatures_impl Application.compile_env(
  17.                           :pleroma,
  18.                           [__MODULE__, :http_signatures_impl],
  19.                           HTTPSignatures
  20.                         )
  22.   @known_suffixes ["/publickey", "/main-key"]
  24.   def key_id_to_actor_id(key_id) do
  25.     uri =
  26.       key_id
  27.       |> URI.parse()
  28.       |> Map.put(:fragment, nil)
  29.       |> remove_suffix(@known_suffixes)
  31.     maybe_ap_id = URI.to_string(uri)
  33.     case ObjectValidators.ObjectID.cast(maybe_ap_id) do
  34.       {:ok, ap_id} ->
  35.         {:ok, ap_id}
  37.       _ ->
  38.         case Pleroma.Web.WebFinger.finger(maybe_ap_id) do
  39.           {:ok, %{"ap_id" => ap_id}} -> {:ok, ap_id}
  40.           _ -> {:error, maybe_ap_id}
  41.         end
  42.     end
  43.   end
  45.   defp remove_suffix(uri, [test | rest]) do
  46.     if not is_nil(uri.path) and String.ends_with?(uri.path, test) do
  47.       Map.put(uri, :path, String.replace(uri.path, test, ""))
  48.     else
  49.       remove_suffix(uri, rest)
  50.     end
  51.   end
  53.   defp remove_suffix(uri, []), do: uri
  55.   def fetch_public_key(conn) do
  56.     with {:ok, actor_id} <- get_actor_id(conn),
  57.          {:ok, public_key} <- User.get_or_fetch_public_key_for_ap_id(actor_id) do
  58.       {:ok, public_key}
  59.     else
  60.       e ->
  61.         {:error, e}
  62.     end
  63.   end
  65.   def refetch_public_key(conn) do
  66.     with {:ok, actor_id} <- get_actor_id(conn),
  67.          {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
  68.          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
  69.       {:ok, public_key}
  70.     else
  71.       e ->
  72.         {:error, e}
  73.     end
  74.   end
  76.   def get_actor_id(conn) do
  77.     with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
  78.          {:ok, actor_id} <- key_id_to_actor_id(kid) do
  79.       {:ok, actor_id}
  80.     else
  81.       e ->
  82.         {:error, e}
  83.     end
  84.   end
  86.   def sign(%User{keys: keys} = user, headers) do
  87.     with {:ok, private_key, _} <- Keys.keys_from_pem(keys) do
  88.       HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
  89.     end
  90.   end
  92.   def signed_date, do: signed_date(NaiveDateTime.utc_now())
  94.   def signed_date(%NaiveDateTime{} = date) do
  95.     Timex.format!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
  96.   end
  98.   @spec validate_signature(Plug.Conn.t(), String.t()) :: boolean()
  99.   def validate_signature(%Plug.Conn{} = conn, request_target) do
  100.     # Newer drafts for HTTP signatures now use @request-target instead of the
  101.     # old (request-target). We'll now support both for incoming signatures.
  102.     conn =
  103.       conn
  104.       |> put_req_header("(request-target)", request_target)
  105.       |> put_req_header("@request-target", request_target)
  107.     @http_signatures_impl.validate_conn(conn)
  108.   end
  110.   @spec validate_signature(Plug.Conn.t()) :: boolean()
  111.   def validate_signature(%Plug.Conn{} = conn) do
  112.     # This (request-target) is non-standard, but many implementations do it
  113.     # this way due to a misinterpretation of
  114.     # https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-06
  115.     # "path" was interpreted as not having the query, though later examples
  116.     # show that it must be the absolute path + query. This behavior is kept to
  117.     # make sure most software (Pleroma itself, Mastodon, and probably others)
  118.     # do not break.
  119.     request_target = Enum.join([String.downcase(conn.method), conn.request_path], " ")
  121.     # This is the proper way to build the @request-target, as expected by
  122.     # many HTTP signature libraries, clarified in the following draft:
  123.     # https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-11.html#section-2.2.6
  124.     # It is the same as before, but containing the query part as well.
  125.     proper_target = Enum.join([request_target, "?", conn.query_string], "")
  127.     cond do
  128.       # Normal, non-standard behavior but expected by Pleroma and more.
  129.       validate_signature(conn, request_target) ->
  130.         true
  132.       # Has query string and the previous one failed: let's try the standard.
  133.       conn.query_string != "" ->
  134.         validate_signature(conn, proper_target)
  136.       # If there's no query string and signature fails, it's rotten.
  137.       true ->
  138.         false
  139.     end
  140.   end
  141. end