kopia lustrzana https://github.com/snarfed/bridgy-fed
drop User.k256_pem, use arroba's AtpRepo.signing_key/rotation_key instead
rodzic
ac06e0fef3
commit
165a403353
|
@ -145,7 +145,6 @@ class ATProto(User, Protocol):
|
||||||
through subscribeRepos and then deliver it to AppView(s), which will
|
through subscribeRepos and then deliver it to AppView(s), which will
|
||||||
notify recipients as necessary.
|
notify recipients as necessary.
|
||||||
"""
|
"""
|
||||||
# TODO
|
|
||||||
if url.rstrip('/') != common.host_url().rstrip('/'):
|
if url.rstrip('/') != common.host_url().rstrip('/'):
|
||||||
logger.info(f'Target PDS {url} is not us')
|
logger.info(f'Target PDS {url} is not us')
|
||||||
return False
|
return False
|
||||||
|
@ -170,7 +169,6 @@ class ATProto(User, Protocol):
|
||||||
if pds.rstrip('/') != url.rstrip('/'):
|
if pds.rstrip('/') != url.rstrip('/'):
|
||||||
logger.warning(f'{user_key} {user.atproto_did} PDS {pds} is not us')
|
logger.warning(f'{user_key} {user.atproto_did} PDS {pds} is not us')
|
||||||
return False
|
return False
|
||||||
did_plc = None
|
|
||||||
repo = storage.load_repo(user.atproto_did)
|
repo = storage.load_repo(user.atproto_did)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
21
models.py
21
models.py
|
@ -78,7 +78,7 @@ def _validate_atproto_did(prop, val):
|
||||||
class User(StringIdModel, metaclass=ProtocolUserMeta):
|
class User(StringIdModel, metaclass=ProtocolUserMeta):
|
||||||
"""Abstract base class for a Bridgy Fed user.
|
"""Abstract base class for a Bridgy Fed user.
|
||||||
|
|
||||||
Stores multiple keypairs needed for the supported protocols. Currently:
|
Stores some protocols' keypairs. Currently:
|
||||||
|
|
||||||
* RSA keypair for ActivityPub HTTP Signatures
|
* RSA keypair for ActivityPub HTTP Signatures
|
||||||
properties: mod, public_exponent, private_exponent, all encoded as
|
properties: mod, public_exponent, private_exponent, all encoded as
|
||||||
|
@ -86,15 +86,13 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
|
||||||
section 5.1 of the Magic Signatures spec
|
section 5.1 of the Magic Signatures spec
|
||||||
https://tools.ietf.org/html/draft-cavage-http-signatures-12
|
https://tools.ietf.org/html/draft-cavage-http-signatures-12
|
||||||
|
|
||||||
* K-256 keypair for AT Protocol's signing key
|
* *Not* K-256 signing or rotation keys for AT Protocol, those are stored in
|
||||||
property: k256_pem, PEM encoded
|
:class:`arroba.datastore_storage.AtpRepo` entities
|
||||||
https://atproto.com/guides/overview#account-portability
|
|
||||||
"""
|
"""
|
||||||
obj_key = ndb.KeyProperty(kind='Object') # user profile
|
obj_key = ndb.KeyProperty(kind='Object') # user profile
|
||||||
mod = ndb.StringProperty()
|
mod = ndb.StringProperty()
|
||||||
public_exponent = ndb.StringProperty()
|
public_exponent = ndb.StringProperty()
|
||||||
private_exponent = ndb.StringProperty()
|
private_exponent = ndb.StringProperty()
|
||||||
k256_pem = ndb.BlobProperty()
|
|
||||||
use_instead = ndb.KeyProperty()
|
use_instead = ndb.KeyProperty()
|
||||||
atproto_did = ndb.StringProperty(validator=_validate_atproto_did)
|
atproto_did = ndb.StringProperty(validator=_validate_atproto_did)
|
||||||
|
|
||||||
|
@ -168,14 +166,6 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
|
||||||
'private_exponent': long_to_base64(key.d),
|
'private_exponent': long_to_base64(key.d),
|
||||||
})
|
})
|
||||||
|
|
||||||
if cls.LABEL != 'atproto':
|
|
||||||
privkey = arroba.util.new_key()
|
|
||||||
kwargs['k256_pem'] = privkey.private_bytes(
|
|
||||||
encoding=serialization.Encoding.PEM,
|
|
||||||
format=serialization.PrivateFormat.PKCS8,
|
|
||||||
encryption_algorithm=serialization.NoEncryption(),
|
|
||||||
)
|
|
||||||
|
|
||||||
user = cls(id=id, **kwargs)
|
user = cls(id=id, **kwargs)
|
||||||
try:
|
try:
|
||||||
user.put()
|
user.put()
|
||||||
|
@ -249,11 +239,6 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
|
||||||
base64_to_long(str(self.private_exponent))))
|
base64_to_long(str(self.private_exponent))))
|
||||||
return rsa.exportKey(format='PEM')
|
return rsa.exportKey(format='PEM')
|
||||||
|
|
||||||
def k256_key(self):
|
|
||||||
"""Returns: :class:`ec.EllipticCurvePrivateKey`"""
|
|
||||||
assert self.k256_pem
|
|
||||||
return serialization.load_pem_private_key(self.k256_pem, password=None)
|
|
||||||
|
|
||||||
def name(self):
|
def name(self):
|
||||||
"""Returns this user's human-readable name, eg 'Ryan Barrett'."""
|
"""Returns this user's human-readable name, eg 'Ryan Barrett'."""
|
||||||
if self.obj and self.obj.as1:
|
if self.obj and self.obj.as1:
|
||||||
|
|
|
@ -34,16 +34,11 @@ class UserTest(TestCase):
|
||||||
assert user.mod
|
assert user.mod
|
||||||
assert user.public_exponent
|
assert user.public_exponent
|
||||||
assert user.private_exponent
|
assert user.private_exponent
|
||||||
assert user.k256_key
|
|
||||||
|
|
||||||
# check that we can load the keys
|
# check that we can load the keys
|
||||||
assert user.public_pem()
|
assert user.public_pem()
|
||||||
assert user.private_pem()
|
assert user.private_pem()
|
||||||
|
|
||||||
k256_key = user.k256_key()
|
|
||||||
self.assertIsInstance(k256_key, ec.EllipticCurvePrivateKey)
|
|
||||||
self.assertIsInstance(k256_key.curve, ec.SECP256K1)
|
|
||||||
|
|
||||||
# direct should get set even if the user exists
|
# direct should get set even if the user exists
|
||||||
same = Fake.get_or_create('a.b', direct=True)
|
same = Fake.get_or_create('a.b', direct=True)
|
||||||
user.direct = True
|
user.direct = True
|
||||||
|
|
|
@ -257,7 +257,6 @@ class TestCase(unittest.TestCase, testutil.Asserts):
|
||||||
mod=global_user.mod,
|
mod=global_user.mod,
|
||||||
public_exponent=global_user.public_exponent,
|
public_exponent=global_user.public_exponent,
|
||||||
private_exponent=global_user.private_exponent,
|
private_exponent=global_user.private_exponent,
|
||||||
k256_pem=global_user.k256_pem,
|
|
||||||
obj_key=obj_key,
|
obj_key=obj_key,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
user.put()
|
user.put()
|
||||||
|
@ -415,7 +414,7 @@ class TestCase(unittest.TestCase, testutil.Asserts):
|
||||||
self.assert_equals(obj_as2, got.as2())
|
self.assert_equals(obj_as2, got.as2())
|
||||||
|
|
||||||
# generated, computed, etc
|
# generated, computed, etc
|
||||||
ignore = ['created', 'mod', 'obj_key', 'k256_pem', 'private_exponent',
|
ignore = ['created', 'mod', 'obj_key', 'private_exponent',
|
||||||
'public_exponent', 'readable_id', 'updated']
|
'public_exponent', 'readable_id', 'updated']
|
||||||
for prop in ignore:
|
for prop in ignore:
|
||||||
assert prop not in props
|
assert prop not in props
|
||||||
|
@ -427,9 +426,6 @@ class TestCase(unittest.TestCase, testutil.Asserts):
|
||||||
assert got.private_exponent
|
assert got.private_exponent
|
||||||
assert got.public_exponent
|
assert got.public_exponent
|
||||||
|
|
||||||
if cls != ATProto:
|
|
||||||
assert got.k256_pem
|
|
||||||
|
|
||||||
return got
|
return got
|
||||||
|
|
||||||
def assert_equals(self, expected, actual, msg=None, ignore=(), **kwargs):
|
def assert_equals(self, expected, actual, msg=None, ignore=(), **kwargs):
|
||||||
|
|
Ładowanie…
Reference in New Issue