gnu-social/plugins/ActivityPub/Entity/ActivityPubCryptKey.php

189 lines
6.5 KiB
PHP

<?php
// {{{ License
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
// }}}
/**
* ActivityPub Assymetric Key Storage System
*
* @package GNUsocial
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @author Hugo Sales <hugo@fc.up.pt>
* @copyright 2018-2019 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
namespace Plugin\ActivityPub\Entity;
class ActivityPubCryptKey
{
// {{{ Autocode
// }}} Autocode
/**
* Private key getter
*
* @param Profile $profile
*
* @throws Exception Throws exception if tries to fetch a private key of an actor we don't own
*
* @return string The private key
*/
public function get_private_key(Profile $profile): string
{
$this->profile_id = $profile->getID();
$apRSA = self::getKV('profile_id', $this->profile_id);
if (!$apRSA instanceof Activitypub_rsa) {
// Nonexistent key pair for this profile
if ($profile->isLocal()) {
self::generate_keys($this->private_key, $this->public_key);
$this->store_keys();
$apRSA->private_key = $this->private_key;
} else {
throw new Exception('This is a remote Profile, there is no Private Key for this Profile.');
}
}
return $apRSA->private_key;
}
/**
* Guarantees a Public Key for a given profile.
*
* @param Profile $profile
* @param bool $fetch=true Should attempt to fetch keys from a remote profile?
*
* @throws ServerException It should never occur, but if so, we break everything!
* @throws Exception
*
* @return string The public key
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function ensure_public_key(Profile $profile, bool $fetch = true): string
{
$this->profile_id = $profile->getID();
$apRSA = self::getKV('profile_id', $this->profile_id);
if (!$apRSA instanceof Activitypub_rsa) {
// No existing key pair for this profile
if ($profile->isLocal()) {
self::generate_keys($this->private_key, $this->public_key);
$this->store_keys();
$apRSA->public_key = $this->public_key;
} else {
// ASSERT: This should never happen, but try to recover!
common_log(LOG_ERR, 'Activitypub_rsa: An impossible thing has happened... Please let the devs know that it entered in line 116 at Activitypub_rsa.php');
if ($fetch) {
$res = Activitypub_explorer::get_remote_user_activity($profile->getUri());
Activitypub_rsa::update_public_key($profile, $res['publicKey']['publicKeyPem']);
return self::ensure_public_key($profile, false);
} else {
throw new ServerException('Activitypub_rsa: Failed to find keys for given profile. That should have not happened!');
}
}
}
return $apRSA->public_key;
}
/**
* Insert the current object variables into the database.
*
* @throws ServerException
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public function store_keys(): void
{
$this->created = $this->modified = common_sql_now();
$ok = $this->insert();
if ($ok === false) {
throw new ServerException('Cannot save ActivityPub RSA.');
}
}
/**
* Generates a pair of RSA keys.
*
* @param string $private_key out
* @param string $public_key out
*
* @author PHP Manual Contributed Notes <dirt@awoms.com>
*/
public static function generate_keys(?string &$private_key, ?string &$public_key): void
{
$config = [
'digest_alg' => 'sha512',
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
];
// Create the private and public key
$res = openssl_pkey_new($config);
// Extract the private key from $res to $private_key
openssl_pkey_export($res, $private_key);
// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$public_key = $pubKey['key'];
unset($pubKey);
}
/**
* Update public key.
*
* @param Activitypub_profile|Profile $profile
* @param string $public_key
*
* @throws Exception
*
* @author Diogo Cordeiro <diogo@fc.up.pt>
*/
public static function update_public_key($profile, string $public_key): void
{
// Public Key
$apRSA = new Activitypub_rsa();
$apRSA->profile_id = $profile->getID();
$apRSA->public_key = $public_key;
$apRSA->created = common_sql_now();
if (!$apRSA->update()) {
$apRSA->insert();
}
}
public static function schemaDef()
{
return [
'name' => 'activitypub_crypt_key',
'description' => 'assymetric key storage for activitypub',
'fields' => [
'gsactor_id' => ['type' => 'int', 'not null' => true],
'private_key' => ['type' => 'text'],
'public_key' => ['type' => 'text', 'not null' => true],
'created' => ['type' => 'datetime', 'description' => 'date this record was created'],
'modified' => ['type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'],
],
'primary key' => ['gsactor_id'],
'foreign keys' => [
'activitypub_rsa_gsactor_id_fkey' => ['gsactor', ['gsactor_id' => 'id']],
],
];
}
}