mastodon-glitch/app/lib/activitypub/linked_data_signature.rb

# frozen_string_literal: true

class ActivityPub::LinkedDataSignature
  include JsonLdHelper

  CONTEXT = 'https://w3id.org/identity/v1'
  SIGNATURE_CONTEXT = 'https://w3id.org/security/v1'

  def initialize(json)
    @json = json.with_indifferent_access
  end

  def verify_actor!
    return unless @json['signature'].is_a?(Hash)

    type        = @json['signature']['type']
    creator_uri = @json['signature']['creator']
    signature   = @json['signature']['signatureValue']

    return unless type == 'RsaSignature2017'

    creator = ActivityPub::TagManager.instance.uri_to_actor(creator_uri)
    creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri) if creator&.public_key.blank?

    return if creator.nil?

    options_hash   = hash(@json['signature'].without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))
    document_hash  = hash(@json.without('signature'))
    to_be_verified = options_hash + document_hash

    creator if creator.keypair.public_key.verify(OpenSSL::Digest.new('SHA256'), Base64.decode64(signature), to_be_verified)
  rescue OpenSSL::PKey::RSAError
    false
  end

  def sign!(creator, sign_with: nil)
    options = {
      'type' => 'RsaSignature2017',
      'creator' => ActivityPub::TagManager.instance.key_uri_for(creator),
      'created' => Time.now.utc.iso8601,
    }

    options_hash  = hash(options.without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))
    document_hash = hash(@json.without('signature'))
    to_be_signed  = options_hash + document_hash
    keypair       = sign_with.present? ? OpenSSL::PKey::RSA.new(sign_with) : creator.keypair

    signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_signed))

    # Mastodon's context is either an array or a single URL
    context_with_security = Array(@json['@context'])
    context_with_security << 'https://w3id.org/security/v1'
    context_with_security.uniq!
    context_with_security = context_with_security.first if context_with_security.size == 1

    @json.merge('signature' => options.merge('signatureValue' => signature), '@context' => context_with_security)
  end

  private

  def hash(obj)
    Digest::SHA256.hexdigest(canonicalize(obj))
  end
end
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`# frozen_string_literal: true`

			`class ActivityPub::LinkedDataSignature`
			`include JsonLdHelper`

			`CONTEXT = 'https://w3id.org/identity/v1'`
Fix security context sometimes not being added in LD-Signed activities (#31871) 2024-09-12 12:58:12 +00:00			`SIGNATURE_CONTEXT = 'https://w3id.org/security/v1'`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00
			`def initialize(json)`
Allow Symbol keyed Hash in LinkedDataSignature (#4715) SerializarbleResource#as_json serializes to Symbol keyed Hash, but current implementation of LinkedDataSignature expects String keyed Hash. So it generates broken payload. 2017-08-27 11:35:01 +00:00			`@json = json.with_indifferent_access`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`end`

Refactor ActivityPub handling to prepare for non-Account actors (#19212) * Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor` 2022-09-21 20:45:57 +00:00			`def verify_actor!`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`return unless @json['signature'].is_a?(Hash)`

			`type = @json['signature']['type']`
			`creator_uri = @json['signature']['creator']`
			`signature = @json['signature']['signatureValue']`

			`return unless type == 'RsaSignature2017'`

Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-10-20 08:45:46 +00:00			`creator = ActivityPub::TagManager.instance.uri_to_actor(creator_uri)`
Merge pull request from GHSA-3fjr-858r-92rw * Fix insufficient origin validation * Bump version to 4.3.0-alpha.1 2024-02-01 14:56:46 +00:00			`creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri) if creator&.public_key.blank?`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00
			`return if creator.nil?`

			`options_hash = hash(@json['signature'].without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))`
			`document_hash = hash(@json.without('signature'))`
			`to_be_verified = options_hash + document_hash`

Autofix Rubocop Style/IfUnlessModifier (#23697) 2023-02-18 11:37:47 +00:00			`creator if creator.keypair.public_key.verify(OpenSSL::Digest.new('SHA256'), Base64.decode64(signature), to_be_verified)`
Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-10-20 08:45:46 +00:00			`rescue OpenSSL::PKey::RSAError`
			`false`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`end`

Add CLI task for rotating keys (#8466) * If an Update is signed with known key, skip re-following procedure Because it means the remote actor did not lose their database * Add CLI method for rotating keys bin/tootctl accounts rotate [USERNAME] Generates a new RSA key per account and sends out an Update activity signed with the old key. * Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts * Skip suspended accounts in key rotation 2018-08-26 18:21:03 +00:00			`def sign!(creator, sign_with: nil)`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`options = {`
Autofix Rubocop remaining Layout rules (#23679) 2023-02-20 05:58:28 +00:00			`'type' => 'RsaSignature2017',`
Refactor ActivityPub handling to prepare for non-Account actors (#19212) * Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor` 2022-09-21 20:45:57 +00:00			`'creator' => ActivityPub::TagManager.instance.key_uri_for(creator),`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`'created' => Time.now.utc.iso8601,`
			`}`

			`options_hash = hash(options.without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))`
			`document_hash = hash(@json.without('signature'))`
			`to_be_signed = options_hash + document_hash`
Add CLI task for rotating keys (#8466) * If an Update is signed with known key, skip re-following procedure Because it means the remote actor did not lose their database * Add CLI method for rotating keys bin/tootctl accounts rotate [USERNAME] Generates a new RSA key per account and sends out an Update activity signed with the old key. * Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts * Skip suspended accounts in key rotation 2018-08-26 18:21:03 +00:00			`keypair = sign_with.present? ? OpenSSL::PKey::RSA.new(sign_with) : creator.keypair`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00
Bump rubocop from 0.86.0 to 0.88.0 (#14412) * Bump rubocop from 0.86.0 to 0.88.0 Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.88.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.88.0) Signed-off-by: dependabot[bot] <support@github.com> * Fix for latest RuboCop Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> 2020-09-01 01:04:00 +00:00			`signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_signed))`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00
Fix security context sometimes not being added in LD-Signed activities (#31871) 2024-09-12 12:58:12 +00:00			`# Mastodon's context is either an array or a single URL`
			`context_with_security = Array(@json['@context'])`
			`context_with_security << 'https://w3id.org/security/v1'`
			`context_with_security.uniq!`
			`context_with_security = context_with_security.first if context_with_security.size == 1`

			`@json.merge('signature' => options.merge('signatureValue' => signature), '@context' => context_with_security)`
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context 2017-08-26 11:47:38 +00:00			`end`

			`private`

			`def hash(obj)`
			`Digest::SHA256.hexdigest(canonicalize(obj))`
			`end`
			`end`