From 11c5838947815ff00c4fb8a8ebf01a6fe846e6b4 Mon Sep 17 00:00:00 2001 From: Floatingghost Date: Wed, 30 Oct 2024 12:44:01 +0000 Subject: [PATCH] standardise local key id generation --- lib/pleroma/signature.ex | 2 +- lib/pleroma/user/signing_key.ex | 10 +++++++++- lib/pleroma/web/activity_pub/views/user_view.ex | 4 ++-- .../migrations/20240625220752_move_signing_keys.exs | 3 ++- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/signature.ex b/lib/pleroma/signature.ex index 25fad22f7..bc3baf433 100644 --- a/lib/pleroma/signature.ex +++ b/lib/pleroma/signature.ex @@ -47,7 +47,7 @@ defmodule Pleroma.Signature do def sign(%User{} = user, headers) do with {:ok, private_key} <- SigningKey.private_key(user) do - HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers) + HTTPSignatures.sign(private_key, SigningKey.local_key_id(user.ap_id), headers) end end diff --git a/lib/pleroma/user/signing_key.ex b/lib/pleroma/user/signing_key.ex index f88faf70f..f25489068 100644 --- a/lib/pleroma/user/signing_key.ex +++ b/lib/pleroma/user/signing_key.ex @@ -91,7 +91,15 @@ defmodule Pleroma.User.SigningKey do |> change() |> put_change(:public_key, local_pem) |> put_change(:private_key, private_pem) - |> put_change(:key_id, ap_id <> "#main-key") + |> put_change(:key_id, local_key_id(ap_id)) + end + + @spec local_key_id(String.t()) :: String.t() + @doc """ + Given an AP ID, return the key ID for the local user. + """ + def local_key_id(ap_id) do + ap_id <> "#main-key" end @spec private_pem_to_public_pem(binary) :: {:ok, binary()} | {:error, String.t()} diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index ad6aeaff2..2ca31fc3c 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -49,7 +49,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "url" => user.ap_id, "manuallyApprovesFollowers" => false, "publicKey" => %{ - "id" => "#{user.ap_id}#main-key", + "id" => User.SigningKey.local_key_id(user.ap_id), "owner" => user.ap_id, "publicKeyPem" => public_key }, @@ -97,7 +97,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "url" => user.ap_id, "manuallyApprovesFollowers" => user.is_locked, "publicKey" => %{ - "id" => "#{user.ap_id}#main-key", + "id" => User.SigningKey.local_key_id(user.ap_id), "owner" => user.ap_id, "publicKeyPem" => public_key }, diff --git a/priv/repo/migrations/20240625220752_move_signing_keys.exs b/priv/repo/migrations/20240625220752_move_signing_keys.exs index 4e8eef6c9..9104b7c29 100644 --- a/priv/repo/migrations/20240625220752_move_signing_keys.exs +++ b/priv/repo/migrations/20240625220752_move_signing_keys.exs @@ -15,6 +15,7 @@ defmodule Pleroma.Repo.Migrations.MoveSigningKeys do Repo.stream(query, timeout: :infinity) |> Enum.each(fn %User{id: user_id, keys: private_key, local: true, ap_id: ap_id} -> + IO.puts("Migrating user #{user_id}") # we can precompute the public key here... # we do use it on every user view which makes it a bit of a dos attack vector # so we should probably cache it @@ -23,7 +24,7 @@ defmodule Pleroma.Repo.Migrations.MoveSigningKeys do key = %User.SigningKey{ user_id: user_id, public_key: public_key, - key_id: "#{ap_id}#main-key", + key_id: User.SigningKey.local_key_id(ap_id), private_key: private_key }