kopia lustrzana https://github.com/snarfed/bridgy-fed
drop User.k256_pem, use arroba's AtpRepo.signing_key/rotation_key instead
rodzic
ac06e0fef3
commit
165a403353
|
@ -145,7 +145,6 @@ class ATProto(User, Protocol):
|
|||
through subscribeRepos and then deliver it to AppView(s), which will
|
||||
notify recipients as necessary.
|
||||
"""
|
||||
# TODO
|
||||
if url.rstrip('/') != common.host_url().rstrip('/'):
|
||||
logger.info(f'Target PDS {url} is not us')
|
||||
return False
|
||||
|
@ -170,7 +169,6 @@ class ATProto(User, Protocol):
|
|||
if pds.rstrip('/') != url.rstrip('/'):
|
||||
logger.warning(f'{user_key} {user.atproto_did} PDS {pds} is not us')
|
||||
return False
|
||||
did_plc = None
|
||||
repo = storage.load_repo(user.atproto_did)
|
||||
|
||||
else:
|
||||
|
|
21
models.py
21
models.py
|
@ -78,7 +78,7 @@ def _validate_atproto_did(prop, val):
|
|||
class User(StringIdModel, metaclass=ProtocolUserMeta):
|
||||
"""Abstract base class for a Bridgy Fed user.
|
||||
|
||||
Stores multiple keypairs needed for the supported protocols. Currently:
|
||||
Stores some protocols' keypairs. Currently:
|
||||
|
||||
* RSA keypair for ActivityPub HTTP Signatures
|
||||
properties: mod, public_exponent, private_exponent, all encoded as
|
||||
|
@ -86,15 +86,13 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
|
|||
section 5.1 of the Magic Signatures spec
|
||||
https://tools.ietf.org/html/draft-cavage-http-signatures-12
|
||||
|
||||
* K-256 keypair for AT Protocol's signing key
|
||||
property: k256_pem, PEM encoded
|
||||
https://atproto.com/guides/overview#account-portability
|
||||
* *Not* K-256 signing or rotation keys for AT Protocol, those are stored in
|
||||
:class:`arroba.datastore_storage.AtpRepo` entities
|
||||
"""
|
||||
obj_key = ndb.KeyProperty(kind='Object') # user profile
|
||||
mod = ndb.StringProperty()
|
||||
public_exponent = ndb.StringProperty()
|
||||
private_exponent = ndb.StringProperty()
|
||||
k256_pem = ndb.BlobProperty()
|
||||
use_instead = ndb.KeyProperty()
|
||||
atproto_did = ndb.StringProperty(validator=_validate_atproto_did)
|
||||
|
||||
|
@ -168,14 +166,6 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
|
|||
'private_exponent': long_to_base64(key.d),
|
||||
})
|
||||
|
||||
if cls.LABEL != 'atproto':
|
||||
privkey = arroba.util.new_key()
|
||||
kwargs['k256_pem'] = privkey.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.PKCS8,
|
||||
encryption_algorithm=serialization.NoEncryption(),
|
||||
)
|
||||
|
||||
user = cls(id=id, **kwargs)
|
||||
try:
|
||||
user.put()
|
||||
|
@ -249,11 +239,6 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
|
|||
base64_to_long(str(self.private_exponent))))
|
||||
return rsa.exportKey(format='PEM')
|
||||
|
||||
def k256_key(self):
|
||||
"""Returns: :class:`ec.EllipticCurvePrivateKey`"""
|
||||
assert self.k256_pem
|
||||
return serialization.load_pem_private_key(self.k256_pem, password=None)
|
||||
|
||||
def name(self):
|
||||
"""Returns this user's human-readable name, eg 'Ryan Barrett'."""
|
||||
if self.obj and self.obj.as1:
|
||||
|
|
|
@ -34,16 +34,11 @@ class UserTest(TestCase):
|
|||
assert user.mod
|
||||
assert user.public_exponent
|
||||
assert user.private_exponent
|
||||
assert user.k256_key
|
||||
|
||||
# check that we can load the keys
|
||||
assert user.public_pem()
|
||||
assert user.private_pem()
|
||||
|
||||
k256_key = user.k256_key()
|
||||
self.assertIsInstance(k256_key, ec.EllipticCurvePrivateKey)
|
||||
self.assertIsInstance(k256_key.curve, ec.SECP256K1)
|
||||
|
||||
# direct should get set even if the user exists
|
||||
same = Fake.get_or_create('a.b', direct=True)
|
||||
user.direct = True
|
||||
|
|
|
@ -257,7 +257,6 @@ class TestCase(unittest.TestCase, testutil.Asserts):
|
|||
mod=global_user.mod,
|
||||
public_exponent=global_user.public_exponent,
|
||||
private_exponent=global_user.private_exponent,
|
||||
k256_pem=global_user.k256_pem,
|
||||
obj_key=obj_key,
|
||||
**kwargs)
|
||||
user.put()
|
||||
|
@ -415,7 +414,7 @@ class TestCase(unittest.TestCase, testutil.Asserts):
|
|||
self.assert_equals(obj_as2, got.as2())
|
||||
|
||||
# generated, computed, etc
|
||||
ignore = ['created', 'mod', 'obj_key', 'k256_pem', 'private_exponent',
|
||||
ignore = ['created', 'mod', 'obj_key', 'private_exponent',
|
||||
'public_exponent', 'readable_id', 'updated']
|
||||
for prop in ignore:
|
||||
assert prop not in props
|
||||
|
@ -427,9 +426,6 @@ class TestCase(unittest.TestCase, testutil.Asserts):
|
|||
assert got.private_exponent
|
||||
assert got.public_exponent
|
||||
|
||||
if cls != ATProto:
|
||||
assert got.k256_pem
|
||||
|
||||
return got
|
||||
|
||||
def assert_equals(self, expected, actual, msg=None, ignore=(), **kwargs):
|
||||
|
|
Ładowanie…
Reference in New Issue