closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10054 Commits
4 Branches
567 MiB
Tree: c8d11b8bdb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c8d11b8bdb'
${ noResults }
mastodon/spec/lib/activitypub/linked_data_signature_spec.rb

86 lines
2.3 KiB
Raw Normal View History

Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
6 years ago
Slightly reduce RAM usage (#7301) * No need to re-require sidekiq plugins, they are required via Gemfile * Add derailed_benchmarks tool, no need to require TTY gems in Gemfile * Replace ruby-oembed with FetchOEmbedService Reduce startup by 45382 allocated objects * Remove preloaded JSON-LD in favour of caching HTTP responses Reduce boot RAM by about 6 MiB * Fix tests * Fix test suite by stubbing out JSON-LD contexts
6 years ago
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
6 years ago
Fixed code quality issues (#15541) * Added .deepsource.toml * Removed bad use of `alias` * Fixed operand order in the binary expression * Prefixed unused method arguments with an underscore * Replaced the old OpenSSL algorithmic constants with the newer strings initializers. * Removed unnecessary UTF-8 encoding comment
3 years ago
Add handling of Linked Data Signatures in payloads (#4687) * Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
6 years ago
 
  1. require 'rails_helper'
  2. 

  3. RSpec.describe ActivityPub::LinkedDataSignature do
  4.   include JsonLdHelper
  5. 

  6.   let!(:sender) { Fabricate(:account, uri: 'http://example.com/alice') }
  7. 

  8.   let(:raw_json) do
  9.     {
  10.       '@context' => 'https://www.w3.org/ns/activitystreams',
  11.       'id' => 'http://example.com/hello-world',
  12.     }
  13.   end
  14. 

  15.   let(:json) { raw_json.merge('signature' => signature) }
  16. 

  17.   subject { described_class.new(json) }
  18. 

  19.   before do
  20.     stub_jsonld_contexts!
  21.   end
  22. 

  23.   describe '#verify_account!' do
  24.     context 'when signature matches' do
  25.       let(:raw_signature) do
  26.         {
  27.           'creator' => 'http://example.com/alice',
  28.           'created' => '2017-09-23T20:21:34Z',
  29.         }
  30.       end
  31. 

  32.       let(:signature) { raw_signature.merge('type' => 'RsaSignature2017', 'signatureValue' => sign(sender, raw_signature, raw_json)) }
  33. 

  34.       it 'returns creator' do
  35.         expect(subject.verify_account!).to eq sender
  36.       end
  37.     end
  38. 

  39.     context 'when signature is missing' do
  40.       let(:signature) { nil }
  41. 

  42.       it 'returns nil' do
  43.         expect(subject.verify_account!).to be_nil
  44.       end
  45.     end
  46. 

  47.     context 'when signature is tampered' do
  48.       let(:raw_signature) do
  49.         {
  50.           'creator' => 'http://example.com/alice',
  51.           'created' => '2017-09-23T20:21:34Z',
  52.         }
  53.       end
  54. 

  55.       let(:signature) { raw_signature.merge('type' => 'RsaSignature2017', 'signatureValue' => 's69F3mfddd99dGjmvjdjjs81e12jn121Gkm1') }
  56. 

  57.       it 'returns nil' do
  58.         expect(subject.verify_account!).to be_nil
  59.       end
  60.     end
  61.   end
  62. 

  63.   describe '#sign!' do
  64.     subject { described_class.new(raw_json).sign!(sender) }
  65. 

  66.     it 'returns a hash' do
  67.       expect(subject).to be_a Hash
  68.     end
  69. 

  70.     it 'contains signature' do
  71.       expect(subject['signature']).to be_a Hash
  72.       expect(subject['signature']['signatureValue']).to be_present
  73.     end
  74. 

  75.     it 'can be verified again' do
  76.       expect(described_class.new(subject).verify_account!).to eq sender
  77.     end
  78.   end
  79. 

  80.   def sign(from_account, options, document)
  81.     options_hash   = Digest::SHA256.hexdigest(canonicalize(options.merge('@context' => ActivityPub::LinkedDataSignature::CONTEXT)))
  82.     document_hash  = Digest::SHA256.hexdigest(canonicalize(document))
  83.     to_be_verified = options_hash + document_hash
  84.     Base64.strict_encode64(from_account.keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_verified))
  85.   end
  86. end