diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-08-26 20:21:03 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-26 20:21:03 +0200 |
commit | cabdbb7f9c1df8007749d07a2e186bb3ad35f62b (patch) | |
tree | 68e2ea8b16dc6fbf3d63f09b3301a0c4ad8edc39 /app/lib/activitypub/linked_data_signature.rb | |
parent | 8adf485c0fc553fafc6af70144c3f3954dac2307 (diff) |
Add CLI task for rotating keys (#8466)
* If an Update is signed with known key, skip re-following procedure Because it means the remote actor did *not* lose their database * Add CLI method for rotating keys bin/tootctl accounts rotate [USERNAME] Generates a new RSA key per account and sends out an Update activity signed with the old key. * Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts * Skip suspended accounts in key rotation
Diffstat (limited to 'app/lib/activitypub/linked_data_signature.rb')
-rw-r--r-- | app/lib/activitypub/linked_data_signature.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/app/lib/activitypub/linked_data_signature.rb b/app/lib/activitypub/linked_data_signature.rb index 16142a6ff..f52a8f406 100644 --- a/app/lib/activitypub/linked_data_signature.rb +++ b/app/lib/activitypub/linked_data_signature.rb @@ -32,7 +32,7 @@ class ActivityPub::LinkedDataSignature end end - def sign!(creator) + def sign!(creator, sign_with: nil) options = { 'type' => 'RsaSignature2017', 'creator' => [ActivityPub::TagManager.instance.uri_for(creator), '#main-key'].join, @@ -42,8 +42,9 @@ class ActivityPub::LinkedDataSignature options_hash = hash(options.without('type', 'id', 'signatureValue').merge('@context' => CONTEXT)) document_hash = hash(@json.without('signature')) to_be_signed = options_hash + document_hash + keypair = sign_with.present? ? OpenSSL::PKey::RSA.new(sign_with) : creator.keypair - signature = Base64.strict_encode64(creator.keypair.sign(OpenSSL::Digest::SHA256.new, to_be_signed)) + signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest::SHA256.new, to_be_signed)) @json.merge('signature' => options.merge('signatureValue' => signature)) end |