lemmy/crates/apub_lib/src/signatures.rs

use actix_web::HttpRequest;
use anyhow::anyhow;
use http::{header::HeaderName, HeaderMap, HeaderValue};
use http_signature_normalization_actix::Config as ConfigActix;
use http_signature_normalization_reqwest::prelude::{Config, SignExt};
use lemmy_utils::LemmyError;
use log::debug;
use openssl::{
  hash::MessageDigest,
  pkey::PKey,
  sign::{Signer, Verifier},
};
use reqwest::{Client, Response};
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
use std::{collections::BTreeMap, str::FromStr};
use url::Url;

lazy_static! {
  static ref CONFIG2: ConfigActix = ConfigActix::new();
  static ref HTTP_SIG_CONFIG: Config = Config::new();
}

/// Creates an HTTP post request to `inbox_url`, with the given `client` and `headers`, and
/// `activity` as request body. The request is signed with `private_key` and then sent.
pub async fn sign_and_send(
  client: &Client,
  headers: BTreeMap<String, String>,
  inbox_url: &Url,
  activity: String,
  actor_id: &Url,
  private_key: String,
) -> Result<Response, LemmyError> {
  let signing_key_id = format!("{}#main-key", actor_id);

  let mut header_map = HeaderMap::new();
  for h in headers {
    header_map.insert(
      HeaderName::from_str(h.0.as_str())?,
      HeaderValue::from_str(h.1.as_str())?,
    );
  }
  let response = client
    .post(&inbox_url.to_string())
    .headers(header_map)
    .signature_with_digest(
      HTTP_SIG_CONFIG.clone(),
      signing_key_id,
      Sha256::new(),
      activity,
      move |signing_string| {
        let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
        let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
        signer.update(signing_string.as_bytes())?;

        Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
      },
    )
    .await?;

  Ok(response)
}

/// Verifies the HTTP signature on an incoming inbox request.
pub fn verify_signature(request: &HttpRequest, public_key: &str) -> Result<(), LemmyError> {
  let verified = CONFIG2
    .begin_verify(
      request.method(),
      request.uri().path_and_query(),
      request.headers().clone(),
    )?
    .verify(|signature, signing_string| -> Result<bool, LemmyError> {
      debug!(
        "Verifying with key {}, message {}",
        &public_key, &signing_string
      );
      let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
      let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
      verifier.update(signing_string.as_bytes())?;
      Ok(verifier.verify(&base64::decode(signature)?)?)
    })?;

  if verified {
    debug!("verified signature for {}", &request.uri());
    Ok(())
  } else {
    Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())
  }
}

#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublicKey {
  pub id: String,
  pub owner: Url,
  pub public_key_pem: String,
}
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`use actix_web::HttpRequest;`
Apub inbox rewrite (#1652) * start to implement apub inbox routing lib * got something that almost works * it compiles! * implemented some more * move library code to separate crate (most of it) * convert private message handlers * convert all comment receivers (except undo comment) * convert post receiver * add verify trait * convert community receivers * add cc field for all activities which i forgot before * convert inbox functions, add missing checks * convert undo like/dislike receivers * convert undo_delete and undo_remove receivers * move block/unblock activities * convert remaining activity receivers * reimplement http signature verification and other checks * also use actor type for routing, VerifyActivity and SendActivity traits * cleanup and restructure apub_receive code * wip: try to fix activity routing * implement a (very bad) derive macro for activityhandler * working activity routing! * rework pm verify(), fix tests and confirm manually also remove inbox username check which was broken * rework following verify(), fix tests and test manually * fix post/comment create/update, rework voting * Rewrite remove/delete post/comment, fix tests, test manually * Rework and fix (un)block user, announce, update post * some code cleanup * rework delete/remove activity receivers (still quite messy) * rewrite, test and fix add/remove mod, update community handlers * add docs for ActivityHandler derive macro * dont try to compile macro comments 2021-07-17 16:08:46 +00:00			`use anyhow::anyhow;`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`use http::{header::HeaderName, HeaderMap, HeaderValue};`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`use http_signature_normalization_actix::Config as ConfigActix;`
			`use http_signature_normalization_reqwest::prelude::{Config, SignExt};`
Apub inbox rewrite (#1652) * start to implement apub inbox routing lib * got something that almost works * it compiles! * implemented some more * move library code to separate crate (most of it) * convert private message handlers * convert all comment receivers (except undo comment) * convert post receiver * add verify trait * convert community receivers * add cc field for all activities which i forgot before * convert inbox functions, add missing checks * convert undo like/dislike receivers * convert undo_delete and undo_remove receivers * move block/unblock activities * convert remaining activity receivers * reimplement http signature verification and other checks * also use actor type for routing, VerifyActivity and SendActivity traits * cleanup and restructure apub_receive code * wip: try to fix activity routing * implement a (very bad) derive macro for activityhandler * working activity routing! * rework pm verify(), fix tests and confirm manually also remove inbox username check which was broken * rework following verify(), fix tests and test manually * fix post/comment create/update, rework voting * Rewrite remove/delete post/comment, fix tests, test manually * Rework and fix (un)block user, announce, update post * some code cleanup * rework delete/remove activity receivers (still quite messy) * rewrite, test and fix add/remove mod, update community handlers * add docs for ActivityHandler derive macro * dont try to compile macro comments 2021-07-17 16:08:46 +00:00			`use lemmy_utils::LemmyError;`
Federate community category and nsfw 2020-05-05 14:30:13 +00:00			`use log::debug;`
Rework imports 2020-05-16 14:04:08 +00:00			`use openssl::{`
			`hash::MessageDigest,`
			`pkey::PKey,`
			`sign::{Signer, Verifier},`
			`};`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`use reqwest::{Client, Response};`
Federate community category and nsfw 2020-05-05 14:30:13 +00:00			`use serde::{Deserialize, Serialize};`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`use sha2::{Digest, Sha256};`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`use std::{collections::BTreeMap, str::FromStr};`
implement ActivitySender actor (#89) Merge pull request 'Adding unique ap_ids. Fixes #1100' (#90) from unique_ap_ids into activity-sender Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/90 Adding back in on_conflict. Trying to add back in the on_conflict_do_nothing. Trying to reduce delay time. Removing createFakes. Removing some unit tests. Adding comment jest timeout. Fixing tests again. Fixing tests again. Merge branch 'activity-sender' into unique_ap_ids_2 Replace actix client with reqwest to speed up federation tests Trying to fix tests again. Fixing unit tests. Fixing some broken unit tests, not done yet. Adding uniques. Adding unique ap_ids. Fixes #1100 use proper sql functionality for upsert added logging in fetcher, replace post/comment::create with upsert no need to do an actual update in post/comment::upsert Merge branch 'main' into activity-sender implement upsert for user/community reuse http client got it working attempt to use background-jobs crate rewrite with proper error handling and less boilerplate remove do_send, dont return errors from activity_sender WIP: implement ActivitySender actor Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/89 2020-08-31 13:48:02 +00:00			`use url::Url;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`lazy_static! {`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`static ref CONFIG2: ConfigActix = ConfigActix::new();`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`static ref HTTP_SIG_CONFIG: Config = Config::new();`
			`}`

Create rustdoc for activitypub code 2020-10-19 14:29:35 +00:00			/// Creates an HTTP post request to `inbox_url`, with the given `client` and `headers`, and
			/// `activity` as request body. The request is signed with `private_key` and then sent.
Move code to apub library (#1795) * Remove dependency of apub_lib on LemmyContext * Move ApubObject trait to library * Reorganize files in apub lib * Move ActorType, signatures, activity_queue to apub library 2021-10-06 20:20:05 +00:00			`pub async fn sign_and_send(`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`client: &Client,`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`headers: BTreeMap<String, String>,`
Create rustdoc for activitypub code 2020-10-19 14:29:35 +00:00			`inbox_url: &Url,`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`activity: String,`
implement ActivitySender actor (#89) Merge pull request 'Adding unique ap_ids. Fixes #1100' (#90) from unique_ap_ids into activity-sender Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/90 Adding back in on_conflict. Trying to add back in the on_conflict_do_nothing. Trying to reduce delay time. Removing createFakes. Removing some unit tests. Adding comment jest timeout. Fixing tests again. Fixing tests again. Merge branch 'activity-sender' into unique_ap_ids_2 Replace actix client with reqwest to speed up federation tests Trying to fix tests again. Fixing unit tests. Fixing some broken unit tests, not done yet. Adding uniques. Adding unique ap_ids. Fixes #1100 use proper sql functionality for upsert added logging in fetcher, replace post/comment::create with upsert no need to do an actual update in post/comment::upsert Merge branch 'main' into activity-sender implement upsert for user/community reuse http client got it working attempt to use background-jobs crate rewrite with proper error handling and less boilerplate remove do_send, dont return errors from activity_sender WIP: implement ActivitySender actor Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/89 2020-08-31 13:48:02 +00:00			`actor_id: &Url,`
			`private_key: String,`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`) -> Result<Response, LemmyError> {`
implement ActivitySender actor (#89) Merge pull request 'Adding unique ap_ids. Fixes #1100' (#90) from unique_ap_ids into activity-sender Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/90 Adding back in on_conflict. Trying to add back in the on_conflict_do_nothing. Trying to reduce delay time. Removing createFakes. Removing some unit tests. Adding comment jest timeout. Fixing tests again. Fixing tests again. Merge branch 'activity-sender' into unique_ap_ids_2 Replace actix client with reqwest to speed up federation tests Trying to fix tests again. Fixing unit tests. Fixing some broken unit tests, not done yet. Adding uniques. Adding unique ap_ids. Fixes #1100 use proper sql functionality for upsert added logging in fetcher, replace post/comment::create with upsert no need to do an actual update in post/comment::upsert Merge branch 'main' into activity-sender implement upsert for user/community reuse http client got it working attempt to use background-jobs crate rewrite with proper error handling and less boilerplate remove do_send, dont return errors from activity_sender WIP: implement ActivitySender actor Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/89 2020-08-31 13:48:02 +00:00			`let signing_key_id = format!("{}#main-key", actor_id);`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`let mut header_map = HeaderMap::new();`
			`for h in headers {`
			`header_map.insert(`
			`HeaderName::from_str(h.0.as_str())?,`
			`HeaderValue::from_str(h.1.as_str())?,`
			`);`
			`}`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`let response = client`
Create rustdoc for activitypub code 2020-10-19 14:29:35 +00:00			`.post(&inbox_url.to_string())`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`.headers(header_map)`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`.signature_with_digest(`
			`HTTP_SIG_CONFIG.clone(),`
			`signing_key_id,`
			`Sha256::new(),`
			`activity,`
			`move \|signing_string\| {`
			`let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;`
			`let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;`
			`signer.update(signing_string.as_bytes())?;`

			`Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>`
			`},`
			`)`
			`.await?;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`Ok(response)`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00			`}`
Federate actor public keys 2020-04-10 13:50:40 +00:00
Create rustdoc for activitypub code 2020-10-19 14:29:35 +00:00			`/// Verifies the HTTP signature on an incoming inbox request.`
Move code to apub library (#1795) * Remove dependency of apub_lib on LemmyContext * Move ApubObject trait to library * Reorganize files in apub lib * Move ActorType, signatures, activity_queue to apub library 2021-10-06 20:20:05 +00:00			`pub fn verify_signature(request: &HttpRequest, public_key: &str) -> Result<(), LemmyError> {`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`let verified = CONFIG2`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`.begin_verify(`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`request.method(),`
			`request.uri().path_and_query(),`
			`request.headers().clone(),`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`)?`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`.verify(\|signature, signing_string\| -> Result<bool, LemmyError> {`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`debug!(`
			`"Verifying with key {}, message {}",`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`&public_key, &signing_string`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`);`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;`
			`let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;`
Running clippy --fix (#1647) 2021-07-05 16:07:26 +00:00			`verifier.update(signing_string.as_bytes())?;`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`Ok(verifier.verify(&base64::decode(signature)?)?)`
			`})?;`

			`if verified {`
			`debug!("verified signature for {}", &request.uri());`
			`Ok(())`
			`} else {`
Migrate from failure to anyhow and thiserror (#1042) * Migrate from failure to anyhow and thiserror * Replace 'format_err!' to 'anyhow!' 2020-08-01 14:04:42 +00:00			`Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`}`
			`}`

Use Url type for ap_id fields in database (fixes #1364) (#1371) 2021-01-27 16:42:23 +00:00			`#[derive(Clone, Debug, Deserialize, Serialize)]`
Federate actor public keys 2020-04-10 13:50:40 +00:00			`#[serde(rename_all = "camelCase")]`
			`pub struct PublicKey {`
			`pub id: String,`
Use Url type for ap_id fields in database (fixes #1364) (#1371) 2021-01-27 16:42:23 +00:00			`pub owner: Url,`
Federate actor public keys 2020-04-10 13:50:40 +00:00			`pub public_key_pem: String,`
			`}`