closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4153 Commits
4 Branches
567 MiB
Tree: bb4d005a83
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bb4d005a83'
${ noResults }
mastodon/app/lib/activitypub/linked_data_signature.rb

56 lines
1.7 KiB
Raw Normal View History

Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
7 years ago
Allow Symbol keyed Hash in LinkedDataSignature (#4715) SerializarbleResource#as_json serializes to Symbol keyed Hash, but current implementation of LinkedDataSignature expects String keyed Hash. So it generates broken payload.
7 years ago
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
7 years ago
Remove identity context from output of LinkedDataSignature (#4753)
7 years ago
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class ActivityPub::LinkedDataSignature
  4.   include JsonLdHelper
  5. 

  6.   CONTEXT = 'https://w3id.org/identity/v1'
  7. 

  8.   def initialize(json)
  9.     @json = json.with_indifferent_access
  10.   end
  11. 

  12.   def verify_account!
  13.     return unless @json['signature'].is_a?(Hash)
  14. 

  15.     type        = @json['signature']['type']
  16.     creator_uri = @json['signature']['creator']
  17.     signature   = @json['signature']['signatureValue']
  18. 

  19.     return unless type == 'RsaSignature2017'
  20. 

  21.     creator   = ActivityPub::TagManager.instance.uri_to_resource(creator_uri, Account)
  22.     creator ||= ActivityPub::FetchRemoteKeyService.new.call(creator_uri)
  23. 

  24.     return if creator.nil?
  25. 

  26.     options_hash   = hash(@json['signature'].without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))
  27.     document_hash  = hash(@json.without('signature'))
  28.     to_be_verified = options_hash + document_hash
  29. 

  30.     if creator.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(signature), to_be_verified)
  31.       creator
  32.     end
  33.   end
  34. 

  35.   def sign!(creator)
  36.     options = {
  37.       'type'    => 'RsaSignature2017',
  38.       'creator' => [ActivityPub::TagManager.instance.uri_for(creator), '#main-key'].join,
  39.       'created' => Time.now.utc.iso8601,
  40.     }
  41. 

  42.     options_hash  = hash(options.without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))
  43.     document_hash = hash(@json.without('signature'))
  44.     to_be_signed  = options_hash + document_hash
  45. 

  46.     signature = Base64.strict_encode64(creator.keypair.sign(OpenSSL::Digest::SHA256.new, to_be_signed))
  47. 

  48.     @json.merge('signature' => options.merge('signatureValue' => signature))
  49.   end
  50. 

  51.   private
  52. 

  53.   def hash(obj)
  54.     Digest::SHA256.hexdigest(canonicalize(obj))
  55.   end
  56. end