nocebo/diaspora_federation
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

static legacy signature order

Browse source
This commit is contained in:
Benjamin Neff 2016-02-01 22:27:12 +01:00
parent b19e1b8e52
commit cfbf401585
7 changed files with 41 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/diaspora_federation/entities/comment.rb
View file

@ -4,6 +4,10 @@ module DiasporaFederation
# #
# @see Validators::CommentValidator # @see Validators::CommentValidator
class Comment < Entity class Comment < Entity
# old signature order
# @deprecated
LEGACY_SIGNATURE_ORDER = %i(guid parent_guid text diaspora_id).freeze
# @!attribute [r] guid # @!attribute [r] guid
# a random string of at least 16 chars. # a random string of at least 16 chars.
# @see Validation::Rule::Guid # @see Validation::Rule::Guid

4
lib/diaspora_federation/entities/like.rb
View file

@ -4,6 +4,10 @@ module DiasporaFederation
# #
# @see Validators::LikeValidator # @see Validators::LikeValidator
class Like < Entity class Like < Entity
# old signature order
# @deprecated
LEGACY_SIGNATURE_ORDER = %i(positive guid parent_type parent_guid diaspora_id).freeze
# @!attribute [r] positive # @!attribute [r] positive
# If +true+ set a like, if +false+, set a dislike (dislikes are currently not # If +true+ set a like, if +false+, set a dislike (dislikes are currently not
# implemented in the Diaspora frontend). # implemented in the Diaspora frontend).

4
lib/diaspora_federation/entities/message.rb
View file

@ -4,6 +4,10 @@ module DiasporaFederation
# #
# @see Validators::MessageValidator # @see Validators::MessageValidator
class Message < Entity class Message < Entity
# old signature order
# @deprecated
LEGACY_SIGNATURE_ORDER = %i(guid parent_guid text created_at diaspora_id conversation_guid).freeze
# @!attribute [r] guid # @!attribute [r] guid
# a random string of at least 16 chars. # a random string of at least 16 chars.
# @see Validation::Rule::Guid # @see Validation::Rule::Guid

4
lib/diaspora_federation/entities/participation.rb
View file

@ -4,6 +4,10 @@ module DiasporaFederation
# #
# @see Validators::Participation # @see Validators::Participation
class Participation < Entity class Participation < Entity
# old signature order
# @deprecated
LEGACY_SIGNATURE_ORDER = %i(guid parent_type parent_guid diaspora_id).freeze
# @!attribute [r] guid # @!attribute [r] guid
# a random string of at least 16 chars. # a random string of at least 16 chars.
# @see Validation::Rule::Guid # @see Validation::Rule::Guid

4
lib/diaspora_federation/entities/poll_participation.rb
View file

@ -4,6 +4,10 @@ module DiasporaFederation
# #
# @see Validators::PollParticipationValidator # @see Validators::PollParticipationValidator
class PollParticipation < Entity class PollParticipation < Entity
# old signature order
# @deprecated
LEGACY_SIGNATURE_ORDER = %i(guid parent_guid diaspora_id poll_answer_guid).freeze
# @!attribute [r] guid # @!attribute [r] guid
# a random string of at least 16 chars. # a random string of at least 16 chars.
# @see Validation::Rule::Guid # @see Validation::Rule::Guid

11
lib/diaspora_federation/entities/relayable.rb
View file

@ -109,7 +109,7 @@ module DiasporaFederation
# @param [Hash] hash data to sign # @param [Hash] hash data to sign
# @return [String] A Base64 encoded signature of #signable_string with key # @return [String] A Base64 encoded signature of #signable_string with key
def sign_with_key(privkey, hash) def sign_with_key(privkey, hash)
Base64.strict_encode64(privkey.sign(DIGEST, signable_string(hash))) Base64.strict_encode64(privkey.sign(DIGEST, legacy_signature_data(hash)))
end end
# Check that signature is a correct signature # Check that signature is a correct signature
@ -123,17 +123,16 @@ module DiasporaFederation
return false return false
end end
validity = pubkey.verify(DIGEST, Base64.decode64(signature), signable_string(data)) validity = pubkey.verify(DIGEST, Base64.decode64(signature), legacy_signature_data(data))
logger.info "event=verify_signature status=complete guid=#{guid} validity=#{validity}" logger.info "event=verify_signature status=complete guid=#{guid} validity=#{validity}"
validity validity
end end
# @param [Hash] hash data to sign # @param [Hash] hash data to sign
# @return [String] signature data string # @return [String] signature data string
def signable_string(hash) # @deprecated
hash.map {|name, value| def legacy_signature_data(hash)
value.to_s unless name =~ /signature/ self.class::LEGACY_SIGNATURE_ORDER.map {|name| hash[name] }.join(";")
}.compact.join(";")
end end
# Exception raised when creating the author_signature failes, because the private key was not found # Exception raised when creating the author_signature failes, because the private key was not found

26
spec/lib/diaspora_federation/entities/relayable_spec.rb
View file

@ -12,6 +12,8 @@ module DiasporaFederation
} }
class SomeRelayable < Entity class SomeRelayable < Entity
LEGACY_SIGNATURE_ORDER = %i(guid diaspora_id parent_guid).freeze
property :guid property :guid
property :diaspora_id, xml_name: :diaspora_handle property :diaspora_id, xml_name: :diaspora_handle
@ -22,15 +24,19 @@ module DiasporaFederation
end end
end end
def legacy_sign_with_key(privkey, hash)
Base64.strict_encode64(privkey.sign(OpenSSL::Digest::SHA256.new, hash.values.join(";")))
end
describe "#verify_signatures" do describe "#verify_signatures" do
it "doesn't raise anything if correct data were passed" do def legacy_signature_data
%i(guid diaspora_id parent_guid).map {|name| hash[name] }.join(";")
end
def sign_with_key(privkey, signature_data)
Base64.strict_encode64(privkey.sign(OpenSSL::Digest::SHA256.new, signature_data))
end
it "doesn't raise anything if correct signatures with legacy-string were passed" do
signed_hash = hash.dup signed_hash = hash.dup
signed_hash[:author_signature] = legacy_sign_with_key(author_pkey, hash) signed_hash[:author_signature] = sign_with_key(author_pkey, legacy_signature_data)
signed_hash[:parent_author_signature] = legacy_sign_with_key(parent_pkey, hash) signed_hash[:parent_author_signature] = sign_with_key(parent_pkey, legacy_signature_data)
expect(DiasporaFederation.callbacks).to receive(:trigger).with( expect(DiasporaFederation.callbacks).to receive(:trigger).with(
:fetch_public_key_by_diaspora_id, hash[:diaspora_id] :fetch_public_key_by_diaspora_id, hash[:diaspora_id]
@ -70,7 +76,7 @@ module DiasporaFederation
end end
it "raises when no public key for parent author was fetched" do it "raises when no public key for parent author was fetched" do
hash[:author_signature] = legacy_sign_with_key(author_pkey, hash) hash[:author_signature] = sign_with_key(author_pkey, legacy_signature_data)
expect(DiasporaFederation.callbacks).to receive(:trigger).with( expect(DiasporaFederation.callbacks).to receive(:trigger).with(
:fetch_public_key_by_diaspora_id, hash[:diaspora_id] :fetch_public_key_by_diaspora_id, hash[:diaspora_id]
@ -90,7 +96,7 @@ module DiasporaFederation
end end
it "raises when bad parent author signature was passed" do it "raises when bad parent author signature was passed" do
hash[:author_signature] = legacy_sign_with_key(author_pkey, hash) hash[:author_signature] = sign_with_key(author_pkey, legacy_signature_data)
hash[:parent_author_signature] = nil hash[:parent_author_signature] = nil
expect(DiasporaFederation.callbacks).to receive(:trigger).with( expect(DiasporaFederation.callbacks).to receive(:trigger).with(
@ -111,7 +117,7 @@ module DiasporaFederation
end end
it "doesn't raise if parent_author_signature isn't set but we're on upstream federation" do it "doesn't raise if parent_author_signature isn't set but we're on upstream federation" do
hash[:author_signature] = legacy_sign_with_key(author_pkey, hash) hash[:author_signature] = sign_with_key(author_pkey, legacy_signature_data)
hash[:parent_author_signature] = nil hash[:parent_author_signature] = nil
expect(DiasporaFederation.callbacks).to receive(:trigger).with( expect(DiasporaFederation.callbacks).to receive(:trigger).with(