5f88d56d96
* 1. ed25519キーペアを発行・Personとして公開鍵を送受信 * validate additionalPublicKeys * getAuthUserFromApIdはmainを選ぶ * ✌️ * fix * signatureAlgorithm * set publicKeyCache lifetime * refresh * httpMessageSignatureAcceptable * ED25519_SIGNED_ALGORITHM * ED25519_PUBLIC_KEY_SIGNATURE_ALGORITHM * remove sign additionalPublicKeys signature requirements * httpMessageSignaturesSupported * httpMessageSignaturesImplementationLevel * httpMessageSignaturesImplementationLevel: '01' * perf(federation): Use hint for getAuthUserFromApId (#13470) * Hint for getAuthUserFromApId * とどのつまりこれでいいのか? * use @misskey-dev/node-http-message-signatures * fix * signedPost, signedGet * ap-request.tsを復活させる * remove digest prerender * fix test? * fix test * add httpMessageSignaturesImplementationLevel to FederationInstance * ManyToOne * fetchPersonWithRenewal * exactKey * ✌️ * use const * use gen-key-pair fn. from '@misskey-dev/node-http-message-signatures' * update node-http-message-signatures * fix * @misskey-dev/node-http-message-signatures@0.0.0-alpha.11 * getAuthUserFromApIdでupdatePersonの頻度を増やす * cacheRaw.date * use requiredInputs https://github.com/misskey-dev/misskey/pull/13464#discussion_r1509964359 * update @misskey-dev/node-http-message-signatures * clean up * err msg * fix(backend): fetchInstanceMetadataのLockが永遠に解除されない問題を修正 Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com> * fix httpMessageSignaturesImplementationLevel validation * fix test * fix * comment * comment * improve test * fix * use Promise.all in genRSAAndEd25519KeyPair * refreshAndprepareEd25519KeyPair * refreshAndfindKey * commetn * refactor public keys add * digestプリレンダを復活させる RFC実装時にどうするか考える * fix, async * fix * !== true * use save * Deliver update person when new key generated (not tested) https://github.com/misskey-dev/misskey/pull/13464#issuecomment-1977049061 * 循環参照で落ちるのを解消? * fix? * Revert "fix?" This reverts commit0082f6f8e8
. * a * logger * log * change logger * 秘密鍵の変更は、フラグではなく鍵を引き回すようにする * addAllKnowingSharedInboxRecipe * nanka meccha kaeta * delivre * キャッシュ有効チェックはロック取得前に行う * @misskey-dev/node-http-message-signatures@0.0.3 * PrivateKeyPem * getLocalUserPrivateKey * fix test * if * fix ap-request * update node-http-message-signatures * fix type error * update package * fix type * update package * retry no key * @misskey-dev/node-http-message-signatures@0.0.8 * fix type error * log keyid * logger * db-resolver * JSON.stringify * HTTP Signatureがなかったり使えなかったりしそうな場合にLD Signatureを活用するように * inbox-delayed use actor if no signature * ユーザーとキーの同一性チェックはhostの一致にする * log signature parse err * save array * とりあえずtryで囲っておく * fetchPersonWithRenewalでエラーが起きたら古いデータを返す * use transactionalEntityManager * fix spdx * @misskey-dev/node-http-message-signatures@0.0.10 * add comment * fix * publicKeyに配列が入ってもいいようにする https://github.com/misskey-dev/misskey/pull/13950 * define additionalPublicKeys * fix * merge fix * refreshAndprepareEd25519KeyPair → refreshAndPrepareEd25519KeyPair * remove gen-key-pair.ts * defaultMaxListeners = 512 * Revert "defaultMaxListeners = 512" This reverts commitf2c412c180
. * genRSAAndEd25519KeyPairではキーを直列に生成する? * maxConcurrency: 8 * maxConcurrency: 16 * maxConcurrency: 8 * Revert "genRSAAndEd25519KeyPairではキーを直列に生成する?" This reverts commitd0aada55c1
. * maxWorkers: '90%' * Revert "maxWorkers: '90%'" This reverts commit9e0a93f110
. * e2e/timelines.tsで個々のテストに対するtimeoutを削除, maxConcurrency: 32 * better error handling of this.userPublickeysRepository.delete * better comment * set result to keypairEntityCache * deliverJobConcurrency: 16, deliverJobPerSec: 1024, inboxJobConcurrency: 4 * inboxJobPerSec: 64 * delete request.headers['host']; * fix * // node-fetch will generate this for us. if we keep 'Host', it won't change with redirects! * move delete host * modify comment * modify comment * fix correct → collect * refreshAndfindKey → refreshAndFindKey * modify comment * modify attachLdSignature * getApId, InboxProcessorService * TODO * [skip ci] add CHANGELOG --------- Co-authored-by: MeiMei <30769358+mei23@users.noreply.github.com> Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
90 lines
3 KiB
TypeScript
90 lines
3 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: syuilo and misskey-project
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
import * as assert from 'assert';
|
|
import { verifyDraftSignature, parseRequestSignature, genEd25519KeyPair, genRsaKeyPair, importPrivateKey } from '@misskey-dev/node-http-message-signatures';
|
|
import { createSignedGet, createSignedPost } from '@/core/activitypub/ApRequestService.js';
|
|
|
|
export const buildParsedSignature = (signingString: string, signature: string, algorithm: string) => {
|
|
return {
|
|
scheme: 'Signature',
|
|
params: {
|
|
keyId: 'KeyID', // dummy, not used for verify
|
|
algorithm: algorithm,
|
|
headers: ['(request-target)', 'date', 'host', 'digest'], // dummy, not used for verify
|
|
signature: signature,
|
|
},
|
|
signingString: signingString,
|
|
algorithm: algorithm.toUpperCase(),
|
|
keyId: 'KeyID', // dummy, not used for verify
|
|
};
|
|
};
|
|
|
|
async function getKeyPair(level: string) {
|
|
if (level === '00') {
|
|
return await genRsaKeyPair();
|
|
} else if (level === '01') {
|
|
return await genEd25519KeyPair();
|
|
}
|
|
throw new Error('Invalid level');
|
|
}
|
|
|
|
describe('ap-request post', () => {
|
|
const url = 'https://example.com/inbox';
|
|
const activity = { a: 1 };
|
|
const body = JSON.stringify(activity);
|
|
const headers = {
|
|
'User-Agent': 'UA',
|
|
};
|
|
|
|
describe.each(['00', '01'])('createSignedPost with verify', (level) => {
|
|
test('pem', async () => {
|
|
const keypair = await getKeyPair(level);
|
|
const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
|
|
|
|
const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
|
|
|
|
const parsed = parseRequestSignature(req.request);
|
|
expect(parsed.version).toBe('draft');
|
|
expect(Array.isArray(parsed.value)).toBe(false);
|
|
const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
|
|
assert.deepStrictEqual(verify, true);
|
|
});
|
|
test('imported', async () => {
|
|
const keypair = await getKeyPair(level);
|
|
const key = { keyId: 'x', 'privateKey': await importPrivateKey(keypair.privateKey) };
|
|
|
|
const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
|
|
|
|
const parsed = parseRequestSignature(req.request);
|
|
expect(parsed.version).toBe('draft');
|
|
expect(Array.isArray(parsed.value)).toBe(false);
|
|
const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
|
|
assert.deepStrictEqual(verify, true);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('ap-request get', () => {
|
|
describe.each(['00', '01'])('createSignedGet with verify', (level) => {
|
|
test('pass', async () => {
|
|
const keypair = await getKeyPair(level);
|
|
const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
|
|
const url = 'https://example.com/outbox';
|
|
const headers = {
|
|
'User-Agent': 'UA',
|
|
};
|
|
|
|
const req = await createSignedGet({ level, key, url, additionalHeaders: headers });
|
|
|
|
const parsed = parseRequestSignature(req.request);
|
|
expect(parsed.version).toBe('draft');
|
|
expect(Array.isArray(parsed.value)).toBe(false);
|
|
const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
|
|
assert.deepStrictEqual(verify, true);
|
|
});
|
|
});
|
|
});
|