Create pub/priv keypair for federation (#17071)
* add logic for creating pub/priv keypair for federation * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * make fmt * Update modules/activitypub/keypair.go Co-authored-by: delvh <dev.lh@web.de> * add tests * fix revert * more tests * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * make fmt Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
parent
37b29319aa
commit
e9a9c20d52
2 changed files with 111 additions and 0 deletions
48
modules/activitypub/keypair.go
Normal file
48
modules/activitypub/keypair.go
Normal file
|
@ -0,0 +1,48 @@
|
|||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package activitypub
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
)
|
||||
|
||||
const rsaBits = 2048
|
||||
|
||||
// GenerateKeyPair generates a public and private keypair for signing actions by users for activitypub purposes
|
||||
func GenerateKeyPair() (string, string, error) {
|
||||
priv, _ := rsa.GenerateKey(rand.Reader, rsaBits)
|
||||
privPem, err := pemBlockForPriv(priv)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
pubPem, err := pemBlockForPub(&priv.PublicKey)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
return privPem, pubPem, nil
|
||||
}
|
||||
|
||||
func pemBlockForPriv(priv *rsa.PrivateKey) (string, error) {
|
||||
privBytes := pem.EncodeToMemory(&pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(priv),
|
||||
})
|
||||
return string(privBytes), nil
|
||||
}
|
||||
|
||||
func pemBlockForPub(pub *rsa.PublicKey) (string, error) {
|
||||
pubASN1, err := x509.MarshalPKIXPublicKey(pub)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
pubBytes := pem.EncodeToMemory(&pem.Block{
|
||||
Type: "PUBLIC KEY",
|
||||
Bytes: pubASN1,
|
||||
})
|
||||
return string(pubBytes), nil
|
||||
}
|
63
modules/activitypub/keypair_test.go
Normal file
63
modules/activitypub/keypair_test.go
Normal file
|
@ -0,0 +1,63 @@
|
|||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package activitypub
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"regexp"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestKeygen(t *testing.T) {
|
||||
priv, pub, err := GenerateKeyPair()
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.NotEmpty(t, priv)
|
||||
assert.NotEmpty(t, pub)
|
||||
|
||||
assert.Regexp(t, regexp.MustCompile("^-----BEGIN RSA PRIVATE KEY-----.*"), priv)
|
||||
assert.Regexp(t, regexp.MustCompile("^-----BEGIN PUBLIC KEY-----.*"), pub)
|
||||
|
||||
}
|
||||
|
||||
func TestSignUsingKeys(t *testing.T) {
|
||||
priv, pub, err := GenerateKeyPair()
|
||||
assert.NoError(t, err)
|
||||
|
||||
privPem, _ := pem.Decode([]byte(priv))
|
||||
if privPem == nil || privPem.Type != "RSA PRIVATE KEY" {
|
||||
t.Fatal("key is wrong type")
|
||||
}
|
||||
|
||||
privParsed, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
|
||||
assert.NoError(t, err)
|
||||
|
||||
pubPem, _ := pem.Decode([]byte(pub))
|
||||
if pubPem == nil || pubPem.Type != "PUBLIC KEY" {
|
||||
t.Fatal("key failed to decode")
|
||||
}
|
||||
|
||||
pubParsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Sign
|
||||
msg := "activity pub is great!"
|
||||
h := sha256.New()
|
||||
h.Write([]byte(msg))
|
||||
d := h.Sum(nil)
|
||||
sig, err := rsa.SignPKCS1v15(rand.Reader, privParsed, crypto.SHA256, d)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Verify
|
||||
err = rsa.VerifyPKCS1v15(pubParsed.(*rsa.PublicKey), crypto.SHA256, d, sig)
|
||||
assert.NoError(t, err)
|
||||
}
|
Loading…
Reference in a new issue