From 6e4def4cc5c95ad7c54952fdd2a5763994593d2a Mon Sep 17 00:00:00 2001
From: Kitaiti Makoto <KitaitiMakoto@gmail.com>
Date: Thu, 23 Sep 2021 21:43:58 +0900
Subject: [PATCH] Implement Signer for Instance

---
 plume-models/src/instance.rs |  63 +++++++++++++++++++--
 po/plume/plume.pot           | 104 +++++++++++++++++------------------
 2 files changed, 109 insertions(+), 58 deletions(-)

diff --git a/plume-models/src/instance.rs b/plume-models/src/instance.rs
index 77f6f1b0..ee30f291 100644
--- a/plume-models/src/instance.rs
+++ b/plume-models/src/instance.rs
@@ -9,11 +9,21 @@ use crate::{
 use activitypub::{actor::Service, CustomObject};
 use chrono::NaiveDateTime;
 use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl};
+use openssl::{
+    hash::MessageDigest,
+    pkey::{PKey, Private},
+    rsa::Rsa,
+    sign,
+};
 use plume_common::{
-    activity_pub::{sign::gen_keypair, ApSignature, PublicKey},
+    activity_pub::{
+        sign::{gen_keypair, Signer},
+        ApSignature, PublicKey,
+    },
     utils::md_to_html,
 };
 use std::sync::RwLock;
+use tracing::warn;
 
 pub type CustomService = CustomObject<ApSignature, Service>;
 
@@ -270,13 +280,26 @@ impl Instance {
             .map_err(Error::from)
     }
 
+    pub fn get_keypair(&self) -> Result<PKey<Private>> {
+        PKey::from_rsa(Rsa::private_key_from_pem(
+            self.private_key.clone()?.as_ref(),
+        )?)
+        .map_err(Error::from)
+    }
+
+    /// This is experimental and might change in the future.
+    /// Currently "!" sign is used but it's not decided.
+    pub fn ap_url(&self) -> String {
+        ap_url(&format!(
+            "{}/!/{}",
+            Self::get_local().unwrap().public_domain,
+            self.public_domain
+        ))
+    }
+
     pub fn to_activity(&self) -> Result<CustomService> {
         let mut actor = Service::default();
-        let id = ap_url(&format!(
-            "{}/!/{}",
-            Self::get_local()?.public_domain,
-            self.public_domain
-        ));
+        let id = self.ap_url();
         actor.object_props.set_id_string(id.clone())?;
         actor.object_props.set_name_string(self.name.clone())?;
 
@@ -324,6 +347,34 @@ impl NewInstance {
     }
 }
 
+impl Signer for Instance {
+    type Error = Error;
+
+    fn get_key_id(&self) -> String {
+        format!("{}#main-key", self.ap_url())
+    }
+
+    fn sign(&self, to_sign: &str) -> Result<Vec<u8>> {
+        let key = self.get_keypair()?;
+        let mut signer = sign::Signer::new(MessageDigest::sha256(), &key)?;
+        signer.update(to_sign.as_bytes())?;
+        signer.sign_to_vec().map_err(Error::from)
+    }
+
+    fn verify(&self, data: &str, signature: &[u8]) -> Result<bool> {
+        if self.public_key.is_none() {
+            warn!("missing public key for {}", self.public_domain);
+            return Err(Error::Signature);
+        }
+        let key = PKey::from_rsa(Rsa::public_key_from_pem(
+            self.public_key.clone().unwrap().as_ref(),
+        )?)?;
+        let mut verifier = sign::Verifier::new(MessageDigest::sha256(), &key)?;
+        verifier.update(data.as_bytes())?;
+        verifier.verify(&signature).map_err(Error::from)
+    }
+}
+
 #[cfg(test)]
 pub(crate) mod tests {
     use super::*;
diff --git a/po/plume/plume.pot b/po/plume/plume.pot
index 8d82c5b3..e42cefd7 100644
--- a/po/plume/plume.pot
+++ b/po/plume/plume.pot
@@ -60,83 +60,83 @@ msgstr ""
 msgid "Optional"
 msgstr ""
 
-# src/routes/blogs.rs:63
+# src/routes/blogs.rs:67
 msgid "To create a new blog, you need to be logged in"
 msgstr ""
 
-# src/routes/blogs.rs:102
+# src/routes/blogs.rs:109
 msgid "A blog with the same name already exists."
 msgstr ""
 
-# src/routes/blogs.rs:140
+# src/routes/blogs.rs:147
 msgid "Your blog was successfully created!"
 msgstr ""
 
-# src/routes/blogs.rs:159
+# src/routes/blogs.rs:165
 msgid "Your blog was deleted."
 msgstr ""
 
-# src/routes/blogs.rs:167
+# src/routes/blogs.rs:173
 msgid "You are not allowed to delete this blog."
 msgstr ""
 
-# src/routes/blogs.rs:218
+# src/routes/blogs.rs:223
 msgid "You are not allowed to edit this blog."
 msgstr ""
 
-# src/routes/blogs.rs:274
+# src/routes/blogs.rs:279
 msgid "You can't use this media as a blog icon."
 msgstr ""
 
-# src/routes/blogs.rs:292
+# src/routes/blogs.rs:297
 msgid "You can't use this media as a blog banner."
 msgstr ""
 
-# src/routes/blogs.rs:326
+# src/routes/blogs.rs:331
 msgid "Your blog information have been updated."
 msgstr ""
 
-# src/routes/comments.rs:99
+# src/routes/comments.rs:100
 msgid "Your comment has been posted."
 msgstr ""
 
-# src/routes/comments.rs:178
+# src/routes/comments.rs:177
 msgid "Your comment has been deleted."
 msgstr ""
 
-# src/routes/instance.rs:118
+# src/routes/instance.rs:147
 msgid "Instance settings have been saved."
 msgstr ""
 
-# src/routes/instance.rs:150
+# src/routes/instance.rs:180
 msgid "{} has been unblocked."
 msgstr ""
 
-# src/routes/instance.rs:152
+# src/routes/instance.rs:182
 msgid "{} has been blocked."
 msgstr ""
 
-# src/routes/instance.rs:201
+# src/routes/instance.rs:233
 msgid "Blocks deleted"
 msgstr ""
 
-# src/routes/instance.rs:216
+# src/routes/instance.rs:249
 msgid "Email already blocked"
 msgstr ""
 
-# src/routes/instance.rs:221
+# src/routes/instance.rs:254
 msgid "Email Blocked"
 msgstr ""
 
-# src/routes/instance.rs:312
+# src/routes/instance.rs:347
 msgid "You can't change your own rights."
 msgstr ""
 
-# src/routes/instance.rs:323
+# src/routes/instance.rs:358
 msgid "You are not allowed to take this action."
 msgstr ""
 
-# src/routes/instance.rs:359
+# src/routes/instance.rs:393
 msgid "Done."
 msgstr ""
 
@@ -144,23 +144,23 @@ msgstr ""
 msgid "To like a post, you need to be logged in"
 msgstr ""
 
-# src/routes/medias.rs:145
+# src/routes/medias.rs:158
 msgid "Your media have been deleted."
 msgstr ""
 
-# src/routes/medias.rs:150
+# src/routes/medias.rs:163
 msgid "You are not allowed to delete this media."
 msgstr ""
 
-# src/routes/medias.rs:167
+# src/routes/medias.rs:180
 msgid "Your avatar has been updated."
 msgstr ""
 
-# src/routes/medias.rs:172
+# src/routes/medias.rs:185
 msgid "You are not allowed to use this media."
 msgstr ""
 
-# src/routes/notifications.rs:28
+# src/routes/notifications.rs:29
 msgid "To see your notifications, you need to be logged in"
 msgstr ""
 
@@ -168,51 +168,51 @@ msgstr ""
 msgid "This post isn't published yet."
 msgstr ""
 
-# src/routes/posts.rs:126
+# src/routes/posts.rs:125
 msgid "To write a new post, you need to be logged in"
 msgstr ""
 
-# src/routes/posts.rs:143
+# src/routes/posts.rs:146
 msgid "You are not an author of this blog."
 msgstr ""
 
-# src/routes/posts.rs:150
+# src/routes/posts.rs:153
 msgid "New post"
 msgstr ""
 
-# src/routes/posts.rs:195
+# src/routes/posts.rs:198
 msgid "Edit {0}"
 msgstr ""
 
-# src/routes/posts.rs:264
+# src/routes/posts.rs:267
 msgid "You are not allowed to publish on this blog."
 msgstr ""
 
-# src/routes/posts.rs:363
+# src/routes/posts.rs:367
 msgid "Your article has been updated."
 msgstr ""
 
-# src/routes/posts.rs:553
+# src/routes/posts.rs:556
 msgid "Your article has been saved."
 msgstr ""
 
-# src/routes/posts.rs:560
+# src/routes/posts.rs:563
 msgid "New article"
 msgstr ""
 
-# src/routes/posts.rs:597
+# src/routes/posts.rs:601
 msgid "You are not allowed to delete this article."
 msgstr ""
 
-# src/routes/posts.rs:622
+# src/routes/posts.rs:625
 msgid "Your article has been deleted."
 msgstr ""
 
-# src/routes/posts.rs:627
+# src/routes/posts.rs:630
 msgid "It looks like the article you tried to delete doesn't exist. Maybe it is already gone?"
 msgstr ""
 
-# src/routes/posts.rs:667
+# src/routes/posts.rs:672
 msgid "Couldn't obtain enough information about your account. Please make sure your username is correct."
 msgstr ""
 
@@ -220,63 +220,63 @@ msgstr ""
 msgid "To reshare a post, you need to be logged in"
 msgstr ""
 
-# src/routes/session.rs:88
+# src/routes/session.rs:95
 msgid "You are now connected."
 msgstr ""
 
-# src/routes/session.rs:109
+# src/routes/session.rs:116
 msgid "You are now logged off."
 msgstr ""
 
-# src/routes/session.rs:154
+# src/routes/session.rs:162
 msgid "Password reset"
 msgstr ""
 
-# src/routes/session.rs:155
+# src/routes/session.rs:163
 msgid "Here is the link to reset your password: {0}"
 msgstr ""
 
-# src/routes/session.rs:215
+# src/routes/session.rs:235
 msgid "Your password was successfully reset."
 msgstr ""
 
-# src/routes/user.rs:142
+# src/routes/user.rs:74
 msgid "To access your dashboard, you need to be logged in"
 msgstr ""
 
-# src/routes/user.rs:164
+# src/routes/user.rs:96
 msgid "You are no longer following {}."
 msgstr ""
 
-# src/routes/user.rs:181
+# src/routes/user.rs:113
 msgid "You are now following {}."
 msgstr ""
 
-# src/routes/user.rs:261
+# src/routes/user.rs:190
 msgid "To subscribe to someone, you need to be logged in"
 msgstr ""
 
-# src/routes/user.rs:365
+# src/routes/user.rs:299
 msgid "To edit your profile, you need to be logged in"
 msgstr ""
 
-# src/routes/user.rs:411
+# src/routes/user.rs:345
 msgid "Your profile has been updated."
 msgstr ""
 
-# src/routes/user.rs:438
+# src/routes/user.rs:373
 msgid "Your account has been deleted."
 msgstr ""
 
-# src/routes/user.rs:444
+# src/routes/user.rs:379
 msgid "You can't delete someone else's account."
 msgstr ""
 
-# src/routes/user.rs:528
+# src/routes/user.rs:463
 msgid "Registrations are closed on this instance."
 msgstr ""
 
-# src/routes/user.rs:551
+# src/routes/user.rs:486
 msgid "Your account has been created. Now you just need to log in, before you can use it."
 msgstr ""