Create pub/priv keypair for federation (#17071)

* add logic for creating pub/priv keypair for federation * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * make fmt * Update modules/activitypub/keypair.go Co-authored-by: delvh <dev.lh@web.de> * add tests * fix revert * more tests * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * make fmt Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de>
3 years ago · e9a9c20d52
parent 37b29319aa
commit e9a9c20d52
2 changed files with 111 additions and 0 deletions
--- a/modules/activitypub/keypair.go
+++ b/modules/activitypub/keypair.go
@ -0,0 +1,48 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activitypub
 import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 )
 const rsaBits = 2048
 // GenerateKeyPair generates a public and private keypair for signing actions by users for activitypub purposes
 func GenerateKeyPair() (string, string, error) {
 	priv, _ := rsa.GenerateKey(rand.Reader, rsaBits)
 	privPem, err := pemBlockForPriv(priv)
 	if err != nil {
 		return "", "", err
 	}
 	pubPem, err := pemBlockForPub(&priv.PublicKey)
 	if err != nil {
 		return "", "", err
 	}
 	return privPem, pubPem, nil
 }
 func pemBlockForPriv(priv *rsa.PrivateKey) (string, error) {
 	privBytes := pem.EncodeToMemory(&pem.Block{
 		Type:  "RSA PRIVATE KEY",
 		Bytes: x509.MarshalPKCS1PrivateKey(priv),
 	})
 	return string(privBytes), nil
 }
 func pemBlockForPub(pub *rsa.PublicKey) (string, error) {
 	pubASN1, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
 		return "", err
 	}
 	pubBytes := pem.EncodeToMemory(&pem.Block{
 		Type:  "PUBLIC KEY",
 		Bytes: pubASN1,
 	})
 	return string(pubBytes), nil
 }
--- a/modules/activitypub/keypair_test.go
+++ b/modules/activitypub/keypair_test.go
@ -0,0 +1,63 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activitypub
 import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/pem"
 	"regexp"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestKeygen(t *testing.T) {
 	priv, pub, err := GenerateKeyPair()
 	assert.NoError(t, err)
 	assert.NotEmpty(t, priv)
 	assert.NotEmpty(t, pub)
 	assert.Regexp(t, regexp.MustCompile("^-----BEGIN RSA PRIVATE KEY-----.*"), priv)
 	assert.Regexp(t, regexp.MustCompile("^-----BEGIN PUBLIC KEY-----.*"), pub)
 }
 func TestSignUsingKeys(t *testing.T) {
 	priv, pub, err := GenerateKeyPair()
 	assert.NoError(t, err)
 	privPem, _ := pem.Decode([]byte(priv))
 	if privPem == nil || privPem.Type != "RSA PRIVATE KEY" {
 		t.Fatal("key is wrong type")
 	}
 	privParsed, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
 	assert.NoError(t, err)
 	pubPem, _ := pem.Decode([]byte(pub))
 	if pubPem == nil || pubPem.Type != "PUBLIC KEY" {
 		t.Fatal("key failed to decode")
 	}
 	pubParsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes)
 	assert.NoError(t, err)
 	// Sign
 	msg := "activity pub is great!"
 	h := sha256.New()
 	h.Write([]byte(msg))
 	d := h.Sum(nil)
 	sig, err := rsa.SignPKCS1v15(rand.Reader, privParsed, crypto.SHA256, d)
 	assert.NoError(t, err)
 	// Verify
 	err = rsa.VerifyPKCS1v15(pubParsed.(*rsa.PublicKey), crypto.SHA256, d, sig)
 	assert.NoError(t, err)
 }