wordpress-activitypub/tests/test-class-activitypub-rest-post-signature-verification.php

<?php

class Test_Activitypub_Signature_Verification extends WP_UnitTestCase {
	public function test_activity_signature() {
		// Activity for generate_digest
		$post = \wp_insert_post(
			array(
				'post_author' => 1,
				'post_content' => 'hello world',
			)
		);
		$remote_actor = \get_author_posts_url( 2 );
		$activitypub_post = \Activitypub\Transformer_Manager::get_transformer( get_post( $post ) )->transform( get_post( $post ) )->to_object();
		$activitypub_activity = new Activitypub\Activity\Activity( 'Create' );
		$activitypub_activity->set_type( 'Create' );
		$activitypub_activity->set_object( $activitypub_post );
		$activitypub_activity->add_cc( $remote_actor );
		$activity = $activitypub_activity->to_json();

		// generate_digest & generate_signature
		$digest = Activitypub\Signature::generate_digest( $activity );
		$date = gmdate( 'D, d M Y H:i:s T' );
		$signature = Activitypub\Signature::generate_signature( 1, 'POST', $remote_actor, $date, $digest );

		$this->assertRegExp( '/keyId="http:\/\/example\.org\/\?author=1#main-key",algorithm="rsa-sha256",headers="\(request-target\) host date digest",signature="[^"]*"/', $signature );

		//  Signed headers
		$url_parts = wp_parse_url( $remote_actor );
		$route = $url_parts['path'] . '?' . $url_parts['query'];
		$host = $url_parts['host'];

		$headers = array(
			'digest' => array( $digest ),
			'signature' => array( $signature ),
			'date' => array( $date ),
			'host' => array( $host ),
			'(request-target)' => array( 'post ' . $route ),
		);

		// Start verification
		// parse_signature_header, get_signed_data, get_public_key
		$signature_block = Activitypub\Signature::parse_signature_header( $headers['signature'][0] );
		$signed_headers = $signature_block['headers'];
		$signed_data = Activitypub\Signature::get_signed_data( $signed_headers, $signature_block, $headers );

		$user = Activitypub\Collection\Users::get_by_id( 1 );

		$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );

		// signature_verification
		$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, 'rsa-sha256' ) > 0;
		$this->assertTrue( $verified );
	}

	public function test_rest_activity_signature() {
		add_filter(
			'pre_get_remote_metadata_by_actor',
			function( $json, $actor ) {
				$user = Activitypub\Collection\Users::get_by_id( 1 );
				$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );
				// return ActivityPub Profile with signature
				return array(
					'id' => $actor,
					'type' => 'Person',
					'publicKey' => array(
						'id' => $actor . '#main-key',
						'owner' => $actor,
						'publicKeyPem' => $public_key,
					),
				);
			},
			10,
			2
		);

		// Activity Object
		$post = \wp_insert_post(
			array(
				'post_author' => 1,
				'post_content' => 'hello world',
			)
		);
		$remote_actor = \get_author_posts_url( 2 );
		$remote_actor_inbox = Activitypub\get_rest_url_by_path( '/inbox' );
		$activitypub_post = \Activitypub\Transformer_Manager::get_transformer( get_post( $post ) )->transform( get_post( $post ) )->to_object();
		$activitypub_activity = new Activitypub\Activity\Activity();
		$activitypub_activity->set_type( 'Create' );
		$activitypub_activity->set_object( $activitypub_post );
		$activitypub_activity->add_cc( $remote_actor_inbox );
		$activity = $activitypub_activity->to_json();

		// generate_digest & generate_signature
		$digest = Activitypub\Signature::generate_digest( $activity );
		$date = gmdate( 'D, d M Y H:i:s T' );
		$signature = Activitypub\Signature::generate_signature( 1, 'POST', $remote_actor_inbox, $date, $digest );

		//  Signed headers
		$url_parts = wp_parse_url( $remote_actor_inbox );
		$route = $url_parts['path'] . '?' . $url_parts['query'];
		$host = $url_parts['host'];

		$request = new WP_REST_Request( 'POST', $route );
		$request->set_header( 'content-type', 'application/activity+json' );
		$request->set_header( 'digest', $digest );
		$request->set_header( 'signature', $signature );
		$request->set_header( 'date', $date );
		$request->set_header( 'host', $host );
		$request->set_body( $activity );

		// Start verification
		$verified = \Activitypub\Signature::verify_http_signature( $request );
		$this->assertTrue( $verified );

		remove_filter( 'pre_get_remote_metadata_by_actor', array( get_called_class(), 'pre_get_remote_key' ), 10, 2 );
	}
}
test_activity_signature 2023-05-31 14:35:58 +02:00			`<?php`

added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`class Test_Activitypub_Signature_Verification extends WP_UnitTestCase {`
test_activity_signature 2023-05-31 14:35:58 +02:00			`public function test_activity_signature() {`
			`// Activity for generate_digest`
			`$post = \wp_insert_post(`
			`array(`
			`'post_author' => 1,`
			`'post_content' => 'hello world',`
			`)`
			`);`
			`$remote_actor = \get_author_posts_url( 2 );`
wip 2023-11-19 20:37:49 +01:00			`$activitypub_post = \Activitypub\Transformer_Manager::get_transformer( get_post( $post ) )->transform( get_post( $post ) )->to_object();`
use transformer instead of post-model 2023-07-03 17:59:42 +02:00			`$activitypub_activity = new Activitypub\Activity\Activity( 'Create' );`
			`$activitypub_activity->set_type( 'Create' );`
			`$activitypub_activity->set_object( $activitypub_post );`
test_activity_signature 2023-05-31 14:35:58 +02:00			`$activitypub_activity->add_cc( $remote_actor );`
			`$activity = $activitypub_activity->to_json();`

			`// generate_digest & generate_signature`
			`$digest = Activitypub\Signature::generate_digest( $activity );`
			`$date = gmdate( 'D, d M Y H:i:s T' );`
			`$signature = Activitypub\Signature::generate_signature( 1, 'POST', $remote_actor, $date, $digest );`

add signature regex test 2023-06-01 08:05:19 +02:00			`$this->assertRegExp( '/keyId="http:\/\/example\.org\/\?author=1#main-key",algorithm="rsa-sha256",headers="\(request-target\) host date digest",signature="[^"]*"/', $signature );`

test_activity_signature 2023-05-31 14:35:58 +02:00			`// Signed headers`
			`$url_parts = wp_parse_url( $remote_actor );`
			`$route = $url_parts['path'] . '?' . $url_parts['query'];`
			`$host = $url_parts['host'];`

			`$headers = array(`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`'digest' => array( $digest ),`
			`'signature' => array( $signature ),`
			`'date' => array( $date ),`
			`'host' => array( $host ),`
			`'(request-target)' => array( 'post ' . $route ),`
test_activity_signature 2023-05-31 14:35:58 +02:00			`);`

			`// Start verification`
			`// parse_signature_header, get_signed_data, get_public_key`
Fix some signature and application user issues (#410) * Fix some signature and application user issues * it seems that firefish needs at least an inbox also for application users * prepare domain change * use https * fix PHPDoc * remove image check --------- Co-authored-by: Matt Wiebe <wiebe@automattic.com> 2023-09-01 18:32:56 +02:00			`$signature_block = Activitypub\Signature::parse_signature_header( $headers['signature'][0] );`
test_activity_signature 2023-05-31 14:35:58 +02:00			`$signed_headers = $signature_block['headers'];`
			`$signed_data = Activitypub\Signature::get_signed_data( $signed_headers, $signature_block, $headers );`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00
use collection instead of factory 2023-07-03 11:20:44 +02:00			`$user = Activitypub\Collection\Users::get_by_id( 1 );`
updated signature feature to new structure 2023-06-01 11:45:07 +02:00
Store keypairs as options keyed to user IDs. (#416) 2023-09-07 22:04:39 +02:00			`$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );`
test_activity_signature 2023-05-31 14:35:58 +02:00
			`// signature_verification`
			`$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, 'rsa-sha256' ) > 0;`
add signature regex test 2023-06-01 08:05:19 +02:00			`$this->assertTrue( $verified );`
test_activity_signature 2023-05-31 14:35:58 +02:00			`}`

added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`public function test_rest_activity_signature() {`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`add_filter(`
			`'pre_get_remote_metadata_by_actor',`
			`function( $json, $actor ) {`
use collection instead of factory 2023-07-03 11:20:44 +02:00			`$user = Activitypub\Collection\Users::get_by_id( 1 );`
Store keypairs as options keyed to user IDs. (#416) 2023-09-07 22:04:39 +02:00			`$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`// return ActivityPub Profile with signature`
			`return array(`
			`'id' => $actor,`
			`'type' => 'Person',`
			`'publicKey' => array(`
			`'id' => $actor . '#main-key',`
			`'owner' => $actor,`
updated signature feature to new structure 2023-06-01 11:45:07 +02:00			`'publicKeyPem' => $public_key,`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`),`
			`);`
			`},`
			`10,`
			`2`
			`);`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00
			`// Activity Object`
			`$post = \wp_insert_post(`
			`array(`
			`'post_author' => 1,`
			`'post_content' => 'hello world',`
			`)`
			`);`
			`$remote_actor = \get_author_posts_url( 2 );`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`$remote_actor_inbox = Activitypub\get_rest_url_by_path( '/inbox' );`
wip 2023-11-19 20:37:49 +01:00			`$activitypub_post = \Activitypub\Transformer_Manager::get_transformer( get_post( $post ) )->transform( get_post( $post ) )->to_object();`
use transformer instead of post-model 2023-07-03 17:59:42 +02:00			`$activitypub_activity = new Activitypub\Activity\Activity();`
			`$activitypub_activity->set_type( 'Create' );`
			`$activitypub_activity->set_object( $activitypub_post );`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`$activitypub_activity->add_cc( $remote_actor_inbox );`
			`$activity = $activitypub_activity->to_json();`

			`// generate_digest & generate_signature`
			`$digest = Activitypub\Signature::generate_digest( $activity );`
			`$date = gmdate( 'D, d M Y H:i:s T' );`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`$signature = Activitypub\Signature::generate_signature( 1, 'POST', $remote_actor_inbox, $date, $digest );`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00
			`// Signed headers`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`$url_parts = wp_parse_url( $remote_actor_inbox );`
			`$route = $url_parts['path'] . '?' . $url_parts['query'];`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`$host = $url_parts['host'];`

some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`$request = new WP_REST_Request( 'POST', $route );`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`$request->set_header( 'content-type', 'application/activity+json' );`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`$request->set_header( 'digest', $digest );`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`$request->set_header( 'signature', $signature );`
			`$request->set_header( 'date', $date );`
			`$request->set_header( 'host', $host );`
			`$request->set_body( $activity );`

			`// Start verification`
			`$verified = \Activitypub\Signature::verify_http_signature( $request );`
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`$this->assertTrue( $verified );`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00
some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00			`remove_filter( 'pre_get_remote_metadata_by_actor', array( get_called_class(), 'pre_get_remote_key' ), 10, 2 );`
added test and pre_get_remote_key filter 2023-06-01 07:23:40 +02:00			`}`
test_activity_signature 2023-05-31 14:35:58 +02:00			`}`