UNPKG

@fedify/fedify

Version:

An ActivityPub server framework

fedify.dev

fedify-dev/fedify

287 lines (286 loc) • 12.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
import { Temporal } from "@js-temporal/polyfill"; import "urlpattern-polyfill"; globalThis.addEventListener = () => {}; import { n as version, t as name } from "./deno-DMg4SgCb.mjs"; import { n as fetchKey, o as validateCryptoKey } from "./key-BAQuZEU1.mjs"; import { n as preloadedOnlyDocumentLoader } from "./public-audience-DYFHzm_c.mjs"; import { r as normalizeOutgoingActivityJsonLd } from "./outgoing-jsonld-CNmZLixq.mjs"; import { Activity, DataIntegrityProof, Multikey, getTypeId } from "@fedify/vocab"; import { SpanStatusCode, trace } from "@opentelemetry/api"; import { getLogger } from "@logtape/logtape"; import { encodeHex } from "byte-encodings/hex"; import serialize from "json-canon"; //#region src/sig/proof.ts const logger = getLogger([ "fedify", "sig", "proof" ]); /** * Checks if the given JSON-LD document has a DataIntegrityProof-like object, * without fully deserializing it into vocabulary classes. * @param jsonLd The JSON-LD document to check. * @returns `true` if the document has a proof-like object; `false` otherwise. * @since 2.2.0 */ function hasProofLike(jsonLd) { if (typeof jsonLd !== "object" || jsonLd == null) return false; const record = jsonLd; const proof = record.proof ?? record["https://w3id.org/security#proof"]; const getField = (source, compact, expanded) => source[compact] ?? source[expanded]; const isReference = (value) => { if (typeof value === "string") return true; if (Array.isArray(value)) return value.some(isReference); return typeof value === "object" && value != null && ("id" in value && typeof value.id === "string" || "@id" in value && typeof value["@id"] === "string" || "@value" in value && typeof value["@value"] === "string"); }; const hasType = (value) => { if (typeof value === "string") return value === "DataIntegrityProof" || value === "https://w3id.org/security#DataIntegrityProof"; if (Array.isArray(value)) return value.some(hasType); return false; }; const isProofLike = (value) => { if (typeof value !== "object" || value == null) return false; const proofRecord = value; return hasType(proofRecord.type ?? proofRecord["@type"]) && isReference(getField(proofRecord, "verificationMethod", "https://w3id.org/security#verificationMethod")) && isReference(getField(proofRecord, "proofPurpose", "https://w3id.org/security#proofPurpose")) && isReference(getField(proofRecord, "proofValue", "https://w3id.org/security#proofValue")); }; return Array.isArray(proof) ? proof.some(isProofLike) : isProofLike(proof); } /** * Creates a proof for the given object. * @param object The object to create a proof for. * @param privateKey The private key to sign the proof with. * @param keyId The key ID to use in the proof. It will be used by the verifier. * @param options Additional options. See also {@link CreateProofOptions}. * @returns The created proof. * @throws {TypeError} If the private key is invalid or unsupported. * @since 0.10.0 */ async function createProof(object, privateKey, keyId, { contextLoader, context, created } = {}) { validateCryptoKey(privateKey, "private"); if (privateKey.algorithm.name !== "Ed25519") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name); let compactMsg = await object.clone({ proofs: [] }).toJsonLd({ format: "compact", contextLoader, context }); compactMsg = await normalizeOutgoingActivityJsonLd(compactMsg, contextLoader); const msgCanon = serialize(compactMsg); const encoder = new TextEncoder(); const msgBytes = encoder.encode(msgCanon); const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes); created ??= Temporal.Now.instant(); const proofCanon = serialize({ "@context": compactMsg["@context"], type: "DataIntegrityProof", cryptosuite: "eddsa-jcs-2022", verificationMethod: keyId.href, proofPurpose: "assertionMethod", created: created.toString() }); const proofBytes = encoder.encode(proofCanon); const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes); const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength); digest.set(new Uint8Array(proofDigest), 0); digest.set(new Uint8Array(msgDigest), proofDigest.byteLength); const sig = await crypto.subtle.sign("Ed25519", privateKey, digest); return new DataIntegrityProof({ cryptosuite: "eddsa-jcs-2022", verificationMethod: keyId, proofPurpose: "assertionMethod", created: created ?? Temporal.Now.instant(), proofValue: new Uint8Array(sig) }); } /** * Signs the given object with the private key and returns the signed object. * @param object The object to create a proof for. * @param privateKey The private key to sign the proof with. * @param keyId The key ID to use in the proof. It will be used by the verifier. * @param options Additional options. See also {@link SignObjectOptions}. * @returns The signed object. * @throws {TypeError} If the private key is invalid or unsupported. * @since 0.10.0 */ async function signObject(object, privateKey, keyId, options = {}) { return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("object_integrity_proofs.sign", { attributes: { "activitypub.object.type": getTypeId(object).href } }, async (span) => { try { if (object.id != null) span.setAttribute("activitypub.object.id", object.id.href); const existingProofs = []; for await (const proof of object.getProofs(options)) existingProofs.push(proof); const proof = await createProof(object, privateKey, keyId, options); if (span.isRecording()) { if (proof.cryptosuite != null) span.setAttribute("object_integrity_proofs.cryptosuite", proof.cryptosuite); if (proof.verificationMethodId != null) span.setAttribute("object_integrity_proofs.key_id", proof.verificationMethodId.href); if (proof.proofValue != null) span.setAttribute("object_integrity_proofs.signature", encodeHex(proof.proofValue)); } return object.clone({ proofs: [...existingProofs, proof] }); } catch (error) { span.setStatus({ code: SpanStatusCode.ERROR, message: String(error) }); throw error; } finally { span.end(); } }); } /** * Verifies the given proof for the object. * @param jsonLd The JSON-LD object to verify the proof for. If it contains * any proofs, they will be ignored. * @param proof The proof to verify. * @param options Additional options. See also {@link VerifyProofOptions}. * @returns The public key that was used to sign the proof, or `null` if the * proof is invalid. * @since 0.10.0 */ async function verifyProof(jsonLd, proof, options = {}) { return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("object_integrity_proofs.verify", async (span) => { if (span.isRecording()) { if (proof.cryptosuite != null) span.setAttribute("object_integrity_proofs.cryptosuite", proof.cryptosuite); if (proof.verificationMethodId != null) span.setAttribute("object_integrity_proofs.key_id", proof.verificationMethodId.href); if (proof.proofValue != null) span.setAttribute("object_integrity_proofs.signature", encodeHex(proof.proofValue)); } try { const key = await verifyProofInternal(jsonLd, proof, options); if (key == null) span.setStatus({ code: SpanStatusCode.ERROR }); return key; } catch (error) { span.setStatus({ code: SpanStatusCode.ERROR, message: String(error) }); throw error; } finally { span.end(); } }); } async function verifyProofInternal(jsonLd, proof, options) { if (typeof jsonLd !== "object" || jsonLd == null || Array.isArray(jsonLd) || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null; const publicKeyPromise = fetchKey(proof.verificationMethodId, Multikey, options); const proofConfig = { "@context": jsonLd["@context"], type: "DataIntegrityProof", cryptosuite: proof.cryptosuite, verificationMethod: proof.verificationMethodId.href, proofPurpose: proof.proofPurpose, created: proof.created.toString() }; const encoder = new TextEncoder(); const proofBytes = encoder.encode(serialize(proofConfig)); const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes); const msg = { ...jsonLd }; if ("proof" in msg) delete msg.proof; if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"]; let fetchedKey; try { fetchedKey = await publicKeyPromise; } catch (error) { logger.debug("Failed to get the key (verificationMethod) for the proof:\n{proof}", { proof, keyId: proof.verificationMethodId.href, error }); return null; } const publicKey = fetchedKey.key; if (publicKey == null) { logger.debug("Failed to get the key (verificationMethod) for the proof:\n{proof}", { proof, keyId: proof.verificationMethodId.href }); return null; } if (publicKey.publicKey.algorithm.name !== "Ed25519") { if (fetchedKey.cached) { logger.debug("The cached key (verificationMethod) for the proof is not a valid Ed25519 key:\n{keyId}; retrying with the freshly fetched key...", { proof, keyId: proof.verificationMethodId.href }); return await verifyProof(jsonLd, proof, { ...options, keyCache: { get: () => Promise.resolve(void 0), set: async (keyId, key) => await options.keyCache?.set(keyId, key) } }); } logger.debug("The fetched key (verificationMethod) for the proof is not a valid Ed25519 key:\n{keyId}", { proof, keyId: proof.verificationMethodId.href }); return null; } const digest = new Uint8Array(proofDigest.byteLength + 32); digest.set(new Uint8Array(proofDigest), 0); const proofValue = proof.proofValue; const verifyCandidate = async (candidate) => { const msgBytes = encoder.encode(serialize(candidate)); const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes); digest.set(new Uint8Array(msgDigest), proofDigest.byteLength); return await crypto.subtle.verify("Ed25519", publicKey.publicKey, proofValue.slice(), digest); }; if (await verifyCandidate(msg)) return publicKey; const normalized = await normalizeOutgoingActivityJsonLd(msg, preloadedOnlyDocumentLoader); if (normalized !== msg && await verifyCandidate(normalized)) return publicKey; if (fetchedKey.cached) { logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", { keyId: proof.verificationMethodId.href, proof }); return await verifyProof(jsonLd, proof, { ...options, keyCache: { get: () => Promise.resolve(void 0), set: async (keyId, key) => await options.keyCache?.set(keyId, key) } }); } logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", { keyId: proof.verificationMethodId.href, proof }); return null; } /** * Verifies the given object. It will verify all the proofs in the object, * and succeed only if all the proofs are valid and all attributions and * actors are authenticated by the proofs. * @template T The type of the object to verify. * @param cls The class of the object to verify. It must be a subclass of * the {@link Object}. * @param jsonLd The JSON-LD object to verify. It's assumed that the object * is a compacted JSON-LD representation of a `T` with `@context`. * @param options Additional options. See also {@link VerifyObjectOptions}. * @returns The object if it's verified, or `null` if it's not. * @throws {TypeError} If the object is invalid or unsupported. * @since 0.10.0 */ async function verifyObject(cls, jsonLd, options = {}) { const logger = getLogger([ "fedify", "sig", "proof" ]); const object = await cls.fromJsonLd(jsonLd, options); const attributions = new Set(object.attributionIds.map((uri) => uri.href)); if (object instanceof Activity) for (const uri of object.actorIds) attributions.add(uri.href); for await (const proof of object.getProofs(options)) { const key = await verifyProof(jsonLd, proof, options); if (key === null) return null; if (key.controllerId == null) { logger.debug("Key {keyId} does not have a controller.", { keyId: key.id?.href }); continue; } attributions.delete(key.controllerId.href); } if (attributions.size > 0) { logger.debug("Some attributions are not authenticated by the proofs: {attributions}.", { attributions: [...attributions] }); return null; } return object; } //#endregion export { verifyProof as a, verifyObject as i, hasProofLike as n, signObject as r, createProof as t };