lemmy/server/src/apub/extensions/signatures.rs

use crate::{apub::ActorType, LemmyError};
use activitystreams::unparsed::UnparsedMutExt;
use activitystreams_ext::UnparsedExtension;
use actix_web::{client::ClientRequest, HttpRequest};
use anyhow::{anyhow, Context};
use http_signature_normalization_actix::{
  digest::{DigestClient, SignExt},
  Config,
};
use lemmy_utils::location_info;
use log::debug;
use openssl::{
  hash::MessageDigest,
  pkey::PKey,
  sign::{Signer, Verifier},
};
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};

lazy_static! {
  static ref HTTP_SIG_CONFIG: Config = Config::new();
}

/// Signs request headers with the given keypair.
pub async fn sign(
  request: ClientRequest,
  actor: &dyn ActorType,
  activity: String,
) -> Result<DigestClient<String>, LemmyError> {
  let signing_key_id = format!("{}#main-key", actor.actor_id()?);
  let private_key = actor.private_key().context(location_info!())?;

  let digest_client = request
    .signature_with_digest(
      HTTP_SIG_CONFIG.clone(),
      signing_key_id,
      Sha256::new(),
      activity,
      move |signing_string| {
        let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
        let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
        signer.update(signing_string.as_bytes())?;

        Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
      },
    )
    .await?;

  Ok(digest_client)
}

pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {
  let public_key = actor.public_key().context(location_info!())?;
  let verified = HTTP_SIG_CONFIG
    .begin_verify(
      request.method(),
      request.uri().path_and_query(),
      request.headers().clone(),
    )?
    .verify(|signature, signing_string| -> Result<bool, LemmyError> {
      debug!(
        "Verifying with key {}, message {}",
        &public_key, &signing_string
      );
      let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
      let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
      verifier.update(&signing_string.as_bytes())?;
      Ok(verifier.verify(&base64::decode(signature)?)?)
    })?;

  if verified {
    debug!("verified signature for {}", &request.uri());
    Ok(())
  } else {
    Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())
  }
}

// The following is taken from here:
// https://docs.rs/activitystreams/0.5.0-alpha.17/activitystreams/ext/index.html

#[derive(Clone, Debug, Default, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublicKey {
  pub id: String,
  pub owner: String,
  pub public_key_pem: String,
}

#[derive(Clone, Debug, Default, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublicKeyExtension {
  pub public_key: PublicKey,
}

impl PublicKey {
  pub fn to_ext(&self) -> PublicKeyExtension {
    PublicKeyExtension {
      public_key: self.to_owned(),
    }
  }
}

impl<U> UnparsedExtension<U> for PublicKeyExtension
where
  U: UnparsedMutExt,
{
  type Error = serde_json::Error;

  fn try_from_unparsed(unparsed_mut: &mut U) -> Result<Self, Self::Error> {
    Ok(PublicKeyExtension {
      public_key: unparsed_mut.remove("publicKey")?,
    })
  }

  fn try_into_unparsed(self, unparsed_mut: &mut U) -> Result<(), Self::Error> {
    unparsed_mut.insert("publicKey", self.public_key)?;
    Ok(())
  }
}
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`use crate::{apub::ActorType, LemmyError};`
Update activitystreams to 0.7.0-alpha.3 (from crates.io) 2020-08-01 13:25:17 +00:00			`use activitystreams::unparsed::UnparsedMutExt;`
Update activitystreams library to latest version (#71) Merge branch 'main' into more-upgrade-apub-3 Update activitystreams library to latest version Remove remaining usages of old activitystreams library Migrate community inbox and user inbox Migrate private message Migrate post Migrate community activities Migrate extensions to new activitystreams library Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71 2020-07-17 21:11:07 +00:00			`use activitystreams_ext::UnparsedExtension;`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`use actix_web::{client::ClientRequest, HttpRequest};`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`use anyhow::{anyhow, Context};`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`use http_signature_normalization_actix::{`
			`digest::{DigestClient, SignExt},`
			`Config,`
			`};`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`use lemmy_utils::location_info;`
Federate community category and nsfw 2020-05-05 14:30:13 +00:00			`use log::debug;`
Rework imports 2020-05-16 14:04:08 +00:00			`use openssl::{`
			`hash::MessageDigest,`
			`pkey::PKey,`
			`sign::{Signer, Verifier},`
			`};`
Federate community category and nsfw 2020-05-05 14:30:13 +00:00			`use serde::{Deserialize, Serialize};`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`use sha2::{Digest, Sha256};`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`lazy_static! {`
			`static ref HTTP_SIG_CONFIG: Config = Config::new();`
			`}`

Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00			`/// Signs request headers with the given keypair.`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`pub async fn sign(`
			`request: ClientRequest,`
			`actor: &dyn ActorType,`
			`activity: String,`
			`) -> Result<DigestClient<String>, LemmyError> {`
Update activitystreams library to latest version (#71) Merge branch 'main' into more-upgrade-apub-3 Update activitystreams library to latest version Remove remaining usages of old activitystreams library Migrate community inbox and user inbox Migrate private message Migrate post Migrate community activities Migrate extensions to new activitystreams library Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71 2020-07-17 21:11:07 +00:00			`let signing_key_id = format!("{}#main-key", actor.actor_id()?);`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let private_key = actor.private_key().context(location_info!())?;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`let digest_client = request`
			`.signature_with_digest(`
			`HTTP_SIG_CONFIG.clone(),`
			`signing_key_id,`
			`Sha256::new(),`
			`activity,`
			`move \|signing_string\| {`
			`let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;`
			`signer.update(signing_string.as_bytes())?;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>`
			`},`
			`)`
			`.await?;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`Ok(digest_client)`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00			`}`
Federate actor public keys 2020-04-10 13:50:40 +00:00
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let public_key = actor.public_key().context(location_info!())?;`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`let verified = HTTP_SIG_CONFIG`
			`.begin_verify(`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`request.method(),`
			`request.uri().path_and_query(),`
			`request.headers().clone(),`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`)?`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`.verify(\|signature, signing_string\| -> Result<bool, LemmyError> {`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`debug!(`
			`"Verifying with key {}, message {}",`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`&public_key, &signing_string`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`);`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;`
			`let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;`
			`verifier.update(&signing_string.as_bytes())?;`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`Ok(verifier.verify(&base64::decode(signature)?)?)`
			`})?;`

			`if verified {`
			`debug!("verified signature for {}", &request.uri());`
			`Ok(())`
			`} else {`
Migrate from failure to anyhow and thiserror (#1042) * Migrate from failure to anyhow and thiserror * Replace 'format_err!' to 'anyhow!' 2020-08-01 14:04:42 +00:00			`Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`}`
			`}`

Federate actor public keys 2020-04-10 13:50:40 +00:00			`// The following is taken from here:`
			`// https://docs.rs/activitystreams/0.5.0-alpha.17/activitystreams/ext/index.html`

Added documentation for most functions 2020-04-17 15:33:55 +00:00			`#[derive(Clone, Debug, Default, Deserialize, Serialize)]`
Federate actor public keys 2020-04-10 13:50:40 +00:00			`#[serde(rename_all = "camelCase")]`
			`pub struct PublicKey {`
			`pub id: String,`
			`pub owner: String,`
			`pub public_key_pem: String,`
			`}`

Added documentation for most functions 2020-04-17 15:33:55 +00:00			`#[derive(Clone, Debug, Default, Deserialize, Serialize)]`
Federate actor public keys 2020-04-10 13:50:40 +00:00			`#[serde(rename_all = "camelCase")]`
			`pub struct PublicKeyExtension {`
			`pub public_key: PublicKey,`
			`}`

			`impl PublicKey {`
			`pub fn to_ext(&self) -> PublicKeyExtension {`
			`PublicKeyExtension {`
			`public_key: self.to_owned(),`
			`}`
			`}`
			`}`

Update activitystreams library to latest version (#71) Merge branch 'main' into more-upgrade-apub-3 Update activitystreams library to latest version Remove remaining usages of old activitystreams library Migrate community inbox and user inbox Migrate private message Migrate post Migrate community activities Migrate extensions to new activitystreams library Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71 2020-07-17 21:11:07 +00:00			`impl<U> UnparsedExtension<U> for PublicKeyExtension`
			`where`
			`U: UnparsedMutExt,`
			`{`
			`type Error = serde_json::Error;`

			`fn try_from_unparsed(unparsed_mut: &mut U) -> Result<Self, Self::Error> {`
			`Ok(PublicKeyExtension {`
			`public_key: unparsed_mut.remove("publicKey")?,`
			`})`
			`}`

			`fn try_into_unparsed(self, unparsed_mut: &mut U) -> Result<(), Self::Error> {`
			`unparsed_mut.insert("publicKey", self.public_key)?;`
			`Ok(())`
			`}`
			`}`