mastodon/app/services/activitypub/fetch_remote_key_service.rb

# frozen_string_literal: true

class ActivityPub::FetchRemoteKeyService < BaseService
  include JsonLdHelper

  # Returns account that owns the key
  def call(uri, id: true, prefetched_body: nil)
    if prefetched_body.nil?
      if id
        @json = fetch_resource_without_id_validation(uri)
        if person?
          @json = fetch_resource(@json['id'], true)
        elsif uri != @json['id']
          return
        end
      else
        @json = fetch_resource(uri, id)
      end
    else
      @json = body_to_json(prefetched_body)
    end

    return unless supported_context?(@json) && expected_type?
    return find_account(@json['id'], @json) if person?

    @owner = fetch_resource(owner_uri, true)

    return unless supported_context?(@owner) && confirmed_owner?

    find_account(owner_uri, @owner)
  end

  private

  def find_account(uri, prefetched_body)
    account   = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)
    account ||= ActivityPub::FetchRemoteAccountService.new.call(uri, prefetched_body: prefetched_body)
    account
  end

  def expected_type?
    person? || public_key?
  end

  def person?
    @json['type'] == 'Person'
  end

  def public_key?
    @json['publicKeyPem'].present? && @json['owner'].present?
  end

  def owner_uri
    @owner_uri ||= value_or_id(@json['owner'])
  end

  def confirmed_owner?
    @owner['type'] == 'Person' && value_or_id(@owner['publicKey']) == @json['id']
  end
end
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key 2017-08-21 22:57:34 +02:00			`# frozen_string_literal: true`

			`class ActivityPub::FetchRemoteKeyService < BaseService`
			`include JsonLdHelper`

			`# Returns account that owns the key`
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are. 2017-10-04 08:13:48 +09:00			`def call(uri, id: true, prefetched_body: nil)`
			`if prefetched_body.nil?`
			`if id`
			`@json = fetch_resource_without_id_validation(uri)`
			`if person?`
			`@json = fetch_resource(@json['id'], true)`
			`elsif uri != @json['id']`
			`return`
			`end`
			`else`
			`@json = fetch_resource(uri, id)`
			`end`
			`else`
			`@json = body_to_json(prefetched_body)`
			`end`
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key 2017-08-21 22:57:34 +02:00
			`return unless supported_context?(@json) && expected_type?`
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are. 2017-10-04 08:13:48 +09:00			`return find_account(@json['id'], @json) if person?`
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key 2017-08-21 22:57:34 +02:00
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are. 2017-10-04 08:13:48 +09:00			`@owner = fetch_resource(owner_uri, true)`
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key 2017-08-21 22:57:34 +02:00
			`return unless supported_context?(@owner) && confirmed_owner?`

			`find_account(owner_uri, @owner)`
			`end`

			`private`

Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are. 2017-10-04 08:13:48 +09:00			`def find_account(uri, prefetched_body)`
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key 2017-08-21 22:57:34 +02:00			`account = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)`
Validate id of ActivityPub representations (#5114) Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are. 2017-10-04 08:13:48 +09:00			`account \|\|= ActivityPub::FetchRemoteAccountService.new.call(uri, prefetched_body: prefetched_body)`
Support more variations of ActivityPub keyId in signature (#4630) - Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key 2017-08-21 22:57:34 +02:00			`account`
			`end`

			`def expected_type?`
			`person? \|\| public_key?`
			`end`

			`def person?`
			`@json['type'] == 'Person'`
			`end`

			`def public_key?`
			`@json['publicKeyPem'].present? && @json['owner'].present?`
			`end`

			`def owner_uri`
			`@owner_uri \|\|= value_or_id(@json['owner'])`
			`end`

			`def confirmed_owner?`
			`@owner['type'] == 'Person' && value_or_id(@owner['publicKey']) == @json['id']`
			`end`
			`end`