Added Activitypub_RSA

Fixed #35 and related serious issues
We now have proper ActivityPub profiles

ActivityPubPlugin.php

@@ -232,6 +232,7 @@ class ActivityPubPlugin extends Plugin
     {
         $schema = Schema::get();
         $schema->ensureTable('Activitypub_profile', Activitypub_profile::schemaDef());
+        $schema->ensureTable('Activitypub_rsa', Activitypub_rsa::schemaDef());
         $schema->ensureTable('Activitypub_pending_follow_requests', Activitypub_pending_follow_requests::schemaDef());
         return true;
     }
@@ -250,17 +251,18 @@ class ActivityPubPlugin extends Plugin
     */
     public static function extractWebfingerIds($text, $preMention='@')
     {
-        $wmatches = array();
+        $wmatches = [];
         $result = preg_match_all(
                     '/(?<!\S)'.preg_quote($preMention, '/').'('.Nickname::WEBFINGER_FMT.')/',
-                                $text,
-                                $wmatches,
-                                PREG_OFFSET_CAPTURE
+                    $text,
+                    $wmatches,
+                    PREG_OFFSET_CAPTURE
                 );
         if ($result === false) {
             common_log(LOG_ERR, __METHOD__ . ': Error parsing webfinger IDs from text (preg_last_error=='.preg_last_error().').');
-        } elseif (count($wmatches)) {
-            common_debug(sprintf('Found %d matches for WebFinger IDs: %s', count($wmatches), _ve($wmatches)));
+            return [];
+        } elseif ($n_matches = count($wmatches)) {
+            common_debug(sprintf('Found %d matches for WebFinger IDs: %s', $n_matches, _ve($wmatches)));
         }
         return $wmatches[1];
     }
@@ -497,7 +499,7 @@ class ActivityPubPlugin extends Plugin
      */
     public function onStartSubscribe(Profile $profile, Profile $other)
     {
-        if (!$profile->isLocal() || $other->isLocal()) {
+        if (!$profile->isLocal() && $other->isLocal()) {
             return true;
         }
 
@@ -524,7 +526,7 @@ class ActivityPubPlugin extends Plugin
      */
     public function onStartUnsubscribe(Profile $profile, Profile $other)
     {
-        if (!$profile->isLocal() || $other->isLocal()) {
+        if (!$profile->isLocal() && $other->isLocal()) {
             return true;
         }
 
@@ -724,6 +726,10 @@ class ActivityPubPlugin extends Plugin
 
         $profile = Profile::getKV($notice->profile_id);
 
+        if (!$profile->isLocal()) {
+            return true;
+        }
+
         $other = array();
         try {
             $other[] = Activitypub_profile::from_profile($notice->getProfile());

actions/inbox/Create.php

@@ -44,7 +44,7 @@ if (!isset($data->object->content)) {
 if (!isset($data->object->url)) {
     ActivityPubReturn::error("Object url was not specified.");
 } elseif (!filter_var($data->object->url, FILTER_VALIDATE_URL)) {
-    ActivityPubReturn::error("Invalid Object Url.");
+    ActivityPubReturn::error("Invalid Object URL.");
 }
 if (!isset($data->object->to)) {
     ActivityPubReturn::error("Object To was not specified.");

classes/Activitypub_profile.php

@@ -42,8 +42,6 @@ class Activitypub_profile extends Profile
 {
     public $__table = 'Activitypub_profile';
 
-    protected $_profile = null;
-
     /**
      * Return table definition for Schema setup and DB_DataObject usage.
      *
@@ -83,6 +81,9 @@ class Activitypub_profile extends Profile
     {
         $uri = ActivityPubPlugin::actor_uri($profile);
         $id = $profile->getID();
+        $rsa = new Activitypub_rsa();
+        $public_key = $rsa->ensure_public_key($profile);
+        unset($rsa);
         $res = [
             '@context' => [
                 "https://www.w3.org/ns/activitystreams",
@@ -112,6 +113,11 @@ class Activitypub_profile extends Profile
             'summary'           => ($desc = $profile->getDescription()) == null ? "" : $desc,
             'url'               => $profile->getUrl(),
             'manuallyApprovesFollowers' => false,
+            'publicKey' => [
+                'id'    => $uri."#main-key",
+                'owner' => $uri,
+                'publicKeyPem' => $public_key
+            ],
             'tag' => [],
             'attachment' => [],
             'icon' => [
@@ -122,7 +128,7 @@ class Activitypub_profile extends Profile
         ];
 
         if ($profile->isLocal()) {
-            $res['endpoints']['sharedInbox'] = common_local_url("apSharedInbox", array("id" => $id));
+            $res['endpoints']['sharedInbox'] = common_local_url('apSharedInbox');
         } else {
             $aprofile = new Activitypub_profile();
             $aprofile = $aprofile->from_profile($profile);
@@ -133,7 +139,7 @@ class Activitypub_profile extends Profile
     }
 
     /**
-     * Insert the current objects variables into the database
+     * Insert the current object variables into the database
      *
      * @author Diogo Cordeiro <diogo@fc.up.pt>
      * @access public

classes/Activitypub_rsa.php

@@ -0,0 +1,140 @@
+<?php
+/**
+ * GNU social - a federating social network
+ *
+ * ActivityPubPlugin implementation for GNU Social
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category  Plugin
+ * @package   GNUsocial
+ * @author    Diogo Cordeiro <diogo@fc.up.pt>
+ * @author    Daniel Supernault <danielsupernault@gmail.com>
+ * @copyright 2018 Free Software Foundation http://fsf.org
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link      https://www.gnu.org/software/social/
+ */
+if (!defined('GNUSOCIAL')) {
+    exit(1);
+}
+
+/**
+ * ActivityPub Keys System
+ *
+ * @category  Plugin
+ * @package   GNUsocial
+ * @author    Diogo Cordeiro <diogo@fc.up.pt>
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link      http://www.gnu.org/software/social/
+ */
+class Activitypub_rsa extends Managed_DataObject
+{
+    public $__table = 'Activitypub_rsa';
+
+    /**
+     * Return table definition for Schema setup and DB_DataObject usage.
+     *
+     * @author Diogo Cordeiro <diogo@fc.up.pt>
+     * @return array array of column definitions
+     */
+    public static function schemaDef()
+    {
+        return [
+                'fields' => [
+                    'profile_id'  => ['type' => 'integer'],
+                    'private_key' => ['type' => 'varchar',  'length'   => 191],
+                    'public_key'  => ['type' => 'varchar',  'length'   => 191],
+                    'created'     => ['type' => 'datetime', 'not null' => true],
+                    'modified'    => ['type' => 'datetime', 'not null' => true],
+                ],
+                'primary key' => ['profile_id'],
+                'unique keys' => [
+                    'Activitypub_rsa_profile_id_key'  => ['profile_id'],
+                    'Activitypub_rsa_private_key_key' => ['private_key'],
+                    'Activitypub_rsa_public_key_key'  => ['public_key'],
+                ],
+                'foreign keys' => [
+                    'Activitypub_profile_profile_id_fkey' => ['profile', ['profile_id' => 'id']],
+                ],
+        ];
+    }
+
+    /**
+     * Guarantees a Public Key for a given profile.
+     *
+     * @author Diogo Cordeiro <diogo@fc.up.pt>
+     * @param Profile $profile
+     * @return string The public key
+     * @throws Exception It should never occur
+     */
+    public function ensure_public_key($profile)
+    {
+        $this->profile_id = $profile->getID();
+        $apRSA = self::getKV('profile_id', $this->profile_id);
+        if (!$apRSA instanceof Activitypub_rsa) {
+            // No existing key pair for this profile
+            if ($profile->isLocal()) {
+                self::generate_keys($this->private_key, $this->public_key);
+                $this->store_keys();
+            } else {
+                throw new Exception('No Keys for this Profile. That\'s odd.');
+            }
+        }
+        return $apRSA->public_key;
+    }
+
+    /**
+     * Insert the current object variables into the database.
+     *
+     * @author Diogo Cordeiro <diogo@fc.up.pt>
+     * @access public
+     * @throws ServerException
+     */
+    public function store_keys()
+    {
+        $this->created = $this->modified = common_sql_now();
+        $ok = $this->insert();
+        if ($ok === false) {
+            $profile->query('ROLLBACK');
+            throw new ServerException('Cannot save ActivityPub RSA.');
+        }
+    }
+
+    /**
+     * Generates a pair of RSA keys.
+     *
+     * @author PHP Manual Contributed Notes <dirt@awoms.com>
+     * @param string $private_key in/out
+     * @param string $public_key in/out
+     */
+    public static function generate_keys(&$private_key, &$public_key)
+    {
+        $config = [
+            'digest_alg'       => 'sha512',
+            'private_key_bits' => 2048,
+            'private_key_type' => OPENSSL_KEYTYPE_RSA,
+        ];
+
+        // Create the private and public key
+        $res = openssl_pkey_new($config);
+
+        // Extract the private key from $res to $private_key
+        openssl_pkey_export($res, $private_key);
+
+        // Extract the public key from $res to $pubKey
+        $pubKey = openssl_pkey_get_details($res);
+        $public_key = $pubKey["key"];
+        unset($pubKey);
+    }
+}

utils/explorer.php

@@ -91,7 +91,7 @@ class Activitypub_explorer
     private function ensure_proper_remote_uri($url)
     {
         $client    = new HTTPClient();
-        $headers   = array();
+        $headers   = [];
         $headers[] = 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
         $headers[] = 'User-Agent: GNUSocialBot v0.1 - https://gnu.io/social';
         $response  = $client->get($url, $headers);
@@ -118,35 +118,29 @@ class Activitypub_explorer
     private function grab_local_user($uri, $online = false)
     {
         // Ensure proper remote URI
-        // If an exceptiong ocurrs here it's better to just leave everything
+        // If an exception occurs here it's better to just leave everything
         // break than to continue processing
         if ($online && $this->ensure_proper_remote_uri($uri)) {
             $uri = $this->temp_res["id"];
         }
-        try {
-            // Try standard ActivityPub route
-            // Is this a filthy little mudblood?
-            $aprofile = Activitypub_profile::getKV("uri", $uri);
-            if ($aprofile instanceof Activitypub_profile) {
-                $profile = $aprofile->local_profile();
-            } else {
-                // Nope, this potential local user is not a remote user.
-                // Let's check for pure blood!
-                $profile = User::getByNickname($this->temp_res["preferredUsername"])->getProfile();
-            }
+
+        // Try standard ActivityPub route
+        // Is this a known filthy little mudblood?
+        $aprofile = Activitypub_profile::getKV("uri", $uri);
+        if ($aprofile instanceof Activitypub_profile) {
+            $profile = $aprofile->local_profile();
 
             // We found something!
             $this->discovered_actor_profiles[]= $profile;
             unset($this->temp_res); // IMPORTANT to avoid _dangerous_ noise in the Explorer system
             return true;
-        } catch (Exception $e) {
-            // We can safely ignore every exception here as we are returning false
-            // when it fails the lookup for existing local representation
         }
+
         // If offline grabbing failed, attempt again with online resources
         if (!$online) {
-            $this->grab_local_user($uri, true);
+            return $this->grab_local_user($uri, true);
         }
+
         return false;
     }
 
@@ -202,6 +196,7 @@ class Activitypub_explorer
      */
     private function store_profile($res)
     {
+        // ActivityPub Profile
         $aprofile                 = new Activitypub_profile;
         $aprofile->uri            = $res['id'];
         $aprofile->nickname       = $res['preferredUsername'];
@@ -211,8 +206,15 @@ class Activitypub_explorer
         $aprofile->sharedInboxuri = isset($res['endpoints']['sharedInbox']) ? $res['endpoints']['sharedInbox'] : $res['inbox'];
 
         $aprofile->do_insert();
+        $profile = $aprofile->local_profile();
 
-        return $aprofile->local_profile();
+        // Public Key
+        $apRSA = new Activitypub_rsa();
+        $apRSA->profile_id = $profile->getID();
+        $apRSA->public_key = $res['publicKey']['publicKeyPem'];
+        $apRSA->store_keys();
+
+        return $profile;
     }
 
     /**
@@ -225,7 +227,7 @@ class Activitypub_explorer
      */
     private static function validate_remote_response($res)
     {
-        if (!isset($res['id'], $res['preferredUsername'], $res['name'], $res['summary'], $res['inbox'])) {
+        if (!isset($res['id'], $res['preferredUsername'], $res['name'], $res['summary'], $res['inbox'], $res['publicKey']['publicKeyPem'])) {
             return false;
         }
 

utils/postman.php

@@ -52,7 +52,7 @@ class Activitypub_postman
      * Create a postman to deliver something to someone
      *
      * @author Diogo Cordeiro <diogo@fc.up.pt>
-     * @param Profile of sender
+     * @param Profile $from Profile of sender
      * @param Activitypub_profile $to array of destinataries
      */
     public function __construct($from, $to = [])
@@ -73,7 +73,7 @@ class Activitypub_postman
      */
     public function follow()
     {
-        $data = Activitypub_follow::follow_to_array($this->actor->getUrl(), $this->to[0]->getUrl());
+        $data = Activitypub_follow::follow_to_array(ActivityPubPlugin::actor_uri($this->actor), $this->to[0]->getUrl());
         $this->client->setBody(json_encode($data));
         $res = $this->client->post($this->to[0]->get_inbox(), $this->headers);
         $res_body = json_decode($res->getBody());
@@ -102,8 +102,8 @@ class Activitypub_postman
     {
         $data = Activitypub_undo::undo_to_array(
                          Activitypub_follow::follow_to_array(
-                             $this->actor->getUrl(),
-                                                              $this->to[0]->getUrl()
+                             ActivityPubPlugin::actor_uri($this->actor),
+                             $this->to[0]->getUrl()
                          )
                         );
         $this->client->setBody(json_encode($data));
@@ -130,7 +130,7 @@ class Activitypub_postman
     public function like($notice)
     {
         $data = Activitypub_like::like_to_array(
-                    $this->actor->getUrl(),
+                    ActivityPubPlugin::actor_uri($this->actor),
                          Activitypub_notice::notice_to_array($notice)
                         );
         $this->client->setBody(json_encode($data));
@@ -149,10 +149,10 @@ class Activitypub_postman
     {
         $data = Activitypub_undo::undo_to_array(
                          Activitypub_like::like_to_array(
-                             $this->actor->getUrl(),
+                             ActivityPubPlugin::actor_uri($this->actor),
                           Activitypub_notice::notice_to_array($notice)
                          )
-                        );
+                );
         $this->client->setBody(json_encode($data));
         foreach ($this->to_inbox() as $inbox) {
             $this->client->post($inbox, $this->headers);
@@ -169,9 +169,9 @@ class Activitypub_postman
     {
         $data = Activitypub_create::create_to_array(
                     $notice->getUri(),
-                                                             $this->actor->getUrl(),
-                                                             Activitypub_notice::notice_to_array($notice)
-                                                            );
+                    ActivityPubPlugin::actor_uri($this->actor),
+                    Activitypub_notice::notice_to_array($notice)
+                );
         if (isset($notice->reply_to)) {
             $data["object"]["reply_to"] = $notice->getParent()->getUri();
         }
@@ -190,7 +190,7 @@ class Activitypub_postman
     public function announce($notice)
     {
         $data = Activitypub_announce::announce_to_array(
-                         $this->actor->getUrl(),
+                         ActivityPubPlugin::actor_uri($this->actor),
                          Activitypub_notice::notice_to_array($notice)
                         );
         $this->client->setBody(json_encode($data));
@@ -236,7 +236,12 @@ class Activitypub_postman
     {
         $to_inboxes = array();
         foreach ($this->to as $to_profile) {
-            $to_inboxes[] = $to_profile->get_inbox();
+            $i = $to_profile->get_inbox();
+            // Prevent delivering to self
+            if ($i == [common_local_url('apSharedInbox')]) {
+                continue;
+            }
+            $to_inboxes[] = $i;
         }
 
         return array_unique($to_inboxes);