Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create pub/priv keypair for federation #17071

Merged
merged 13 commits into from
Sep 28, 2021
48 changes: 48 additions & 0 deletions modules/activitypub/keypair.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package activitypub

import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
)

const rsaBits = 2048

// GenerateKeyPair generates a public and private keypair for signing actions by users for activitypub purposes
func GenerateKeyPair() (string, string, error) {
priv, _ := rsa.GenerateKey(rand.Reader, rsaBits)
privPem, err := pemBlockForPriv(priv)
if err != nil {
return "", "", err
}
pubPem, err := pemBlockForPub(&priv.PublicKey)
if err != nil {
return "", "", err
}
return privPem, pubPem, nil
}

func pemBlockForPriv(priv *rsa.PrivateKey) (string, error) {
techknowlogick marked this conversation as resolved.
Show resolved Hide resolved
privBytes := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(priv),
})
return string(privBytes), nil
}

func pemBlockForPub(pub *rsa.PublicKey) (string, error) {
pubASN1, err := x509.MarshalPKIXPublicKey(pub)
if err != nil {
return "", err
}
pubBytes := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: pubASN1,
})
return string(pubBytes), nil
}
63 changes: 63 additions & 0 deletions modules/activitypub/keypair_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package activitypub

import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"regexp"
"testing"

"github.com/stretchr/testify/assert"
)

func TestKeygen(t *testing.T) {
priv, pub, err := GenerateKeyPair()
assert.NoError(t, err)

assert.NotEmpty(t, priv)
assert.NotEmpty(t, pub)

assert.Regexp(t, regexp.MustCompile("^-----BEGIN RSA PRIVATE KEY-----.*"), priv)
assert.Regexp(t, regexp.MustCompile("^-----BEGIN PUBLIC KEY-----.*"), pub)
techknowlogick marked this conversation as resolved.
Show resolved Hide resolved

}

func TestSignUsingKeys(t *testing.T) {
priv, pub, err := GenerateKeyPair()
assert.NoError(t, err)

privPem, _ := pem.Decode([]byte(priv))
if privPem == nil || privPem.Type != "RSA PRIVATE KEY" {
t.Fatal("key is wrong type")
}

privParsed, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
assert.NoError(t, err)

pubPem, _ := pem.Decode([]byte(pub))
if pubPem == nil || pubPem.Type != "PUBLIC KEY" {
t.Fatal("key failed to decode")
}

pubParsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes)
assert.NoError(t, err)

// Sign
msg := "activity pub is great!"
h := sha256.New()
h.Write([]byte(msg))
d := h.Sum(nil)
sig, err := rsa.SignPKCS1v15(rand.Reader, privParsed, crypto.SHA256, d)
assert.NoError(t, err)

// Verify
err = rsa.VerifyPKCS1v15(pubParsed.(*rsa.PublicKey), crypto.SHA256, d, sig)
assert.NoError(t, err)
techknowlogick marked this conversation as resolved.
Show resolved Hide resolved
}