diaspora_federation 0.0.8 → 0.0.9

data/lib/diaspora_federation/entities/status_message.rb

@@ -0,0 +1,55 @@
+module DiasporaFederation
+  module Entities
+    # this entity represents a status message sent by a user
+    #
+    # @see Validators::StatusMessageValidator
+    class StatusMessage < Entity
+      # @!attribute [r] raw_message
+      #   text of the status message composed by the user
+      #   @return [String] text of the status message
+      property :raw_message
+
+      # @!attribute [r] photos
+      #   optional photos attached to the status message
+      #   @return [[Entities::Photo]] photos
+      entity :photos, [Entities::Photo], default: []
+
+      # @!attribute [r] location
+      #   optional location attached to the status message
+      #   @return [Entities::Location] location
+      entity :location, Entities::Location, default: nil
+
+      # @!attribute [r] poll
+      #   optional poll attached to the status message
+      #   @return [Entities::Poll] poll
+      entity :poll, Entities::Poll, default: nil
+
+      # @!attribute [r] guid
+      #   a random string of at least 16 chars.
+      #   @see Validation::Rule::Guid
+      #   @return [String] status message guid
+      property :guid
+
+      # @!attribute [r] diaspora_id
+      #   The diaspora ID of the person who posts the status message
+      #   @see Person#diaspora_id
+      #   @return [String] diaspora ID
+      property :diaspora_id, xml_name: :diaspora_handle
+
+      # @!attribute [r] public
+      #   shows whether the status message is visible to everyone or only to some aspects
+      #   @return [Boolean] is it public
+      property :public, default: false
+
+      # @!attribute [r] created_at
+      #   status message entity creation time
+      #   @return [Time] creation time
+      property :created_at, default: -> { Time.now.utc }
+
+      # @!attribute [r] provider_display_name
+      #   a string that describes a means by which a user has posted the status message
+      #   @return [String] provider display name
+      property :provider_display_name, default: nil
+    end
+  end
+end

data/lib/diaspora_federation/entity.rb

@@ -6,7 +6,7 @@ module DiasporaFederation
   #
   # Any entity also provides the means to serialize itself and all nested
   # entities to XML (for deserialization from XML to +Entity+ instances, see
-  # {XmlPayload}).
+  # {Salmon::XmlPayload}).
   #
   # @abstract Subclass and specify properties to implement various entities.
   #
@@ -76,19 +76,18 @@ module DiasporaFederation
     # {http://www.rubydoc.info/gems/nokogiri/Nokogiri/XML/Element Nokogiri::XML::Element}s
     #
     # @see Nokogiri::XML::Node.to_xml
-    # @see XmlPayload.pack
+    # @see XmlPayload#pack
     #
     # @return [Nokogiri::XML::Element] root element containing properties as child elements
     def to_xml
       entity_xml
     end
 
-    # some of this is from Rails "Inflector.demodulize" and "Inflector.undersore"
+    # Makes an underscored, lowercase form of the class name
+    # @return [String] entity name
     def self.entity_name
       name.rpartition("::").last.tap do |word|
-        word.gsub!(/([A-Z\d]+)([A-Z][a-z])/, '\1_\2')
-        word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
-        word.tr!("-", "_")
+        word.gsub!(/(.)([A-Z])/, '\1_\2')
         word.downcase!
       end
     end

data/lib/diaspora_federation/fetcher.rb

@@ -1,6 +1,5 @@
 require "faraday"
 require "faraday_middleware/response/follow_redirects"
-require "typhoeus/adapters/faraday"
 
 module DiasporaFederation
   # A wrapper for {https://github.com/lostisland/faraday Faraday} used for
@@ -32,7 +31,7 @@ module DiasporaFederation
 
       @connection = Faraday::Connection.new(options) do |builder|
         builder.use FaradayMiddleware::FollowRedirects, limit: 4
-        builder.adapter :typhoeus
+        builder.adapter Faraday.default_adapter
       end
 
       @connection.headers["User-Agent"] = "DiasporaFederation/#{DiasporaFederation::VERSION}"

data/lib/diaspora_federation/properties_dsl.rb

@@ -68,17 +68,27 @@ module DiasporaFederation
 
     private
 
+    def determine_xml_name(name, type, opts={})
+      raise ArgumentError, "xml_name is not supported for nested entities" if type != String && opts.has_key?(:xml_name)
+
+      if type == String
+        if opts.has_key? :xml_name
+          raise InvalidName, "invalid xml_name" unless name_valid?(opts[:xml_name])
+          opts[:xml_name]
+        else
+          name
+        end
+      elsif type.instance_of?(Array)
+        type.first.entity_name.to_sym
+      elsif type.ancestors.include?(Entity)
+        type.entity_name.to_sym
+      end
+    end
+
     def define_property(name, type, opts={})
       raise InvalidName unless name_valid?(name)
 
-      xml_name = name
-      if opts.has_key? :xml_name
-        raise ArgumentError, "xml_name is not supported for nested entities" unless type == String
-        xml_name = opts[:xml_name]
-        raise InvalidName, "invalid xml_name" unless name_valid?(xml_name)
-      end
-
-      class_props << {name: name, xml_name: xml_name, type: type}
+      class_props << {name: name, xml_name: determine_xml_name(name, type, opts), type: type}
       default_props[name] = opts[:default] if opts.has_key? :default
 
       instance_eval { attr_reader name }

data/lib/diaspora_federation/salmon.rb

@@ -0,0 +1,17 @@
+module DiasporaFederation
+  # This module contains a Diaspora*-specific implementation of parts of the
+  # {http://www.salmon-protocol.org/ Salmon Protocol}.
+  module Salmon
+    # XML namespace url
+    XMLNS = "https://joindiaspora.com/protocol"
+  end
+end
+
+require "base64"
+
+require "diaspora_federation/salmon/aes"
+require "diaspora_federation/salmon/exceptions"
+require "diaspora_federation/salmon/xml_payload"
+require "diaspora_federation/salmon/magic_envelope"
+require "diaspora_federation/salmon/slap"
+require "diaspora_federation/salmon/encrypted_slap"

data/lib/diaspora_federation/salmon/aes.rb

@@ -0,0 +1,58 @@
+module DiasporaFederation
+  module Salmon
+    # class for AES encryption and decryption
+    class AES
+      # OpenSSL aes cipher definition
+      CIPHER = "AES-256-CBC"
+
+      # generates a random AES key and initialization vector
+      # @return [Hash] { key: "...", iv: "..." }
+      def self.generate_key_and_iv
+        cipher = OpenSSL::Cipher.new(CIPHER)
+        {key: cipher.random_key, iv: cipher.random_iv}
+      end
+
+      # encrypts the given data with an AES cipher defined by the given key
+      # and iv and returns the resulting ciphertext base64 strict_encoded.
+      # @param [String] data plain input
+      # @param [String] key AES key
+      # @param [String] iv AES initialization vector
+      # @return [String] base64 encoded ciphertext
+      # @raise [ArgumentError] if any of the arguments is missing or not the correct type
+      def self.encrypt(data, key, iv)
+        raise ArgumentError unless data.instance_of?(String) &&
+                                   key.instance_of?(String) &&
+                                   iv.instance_of?(String)
+
+        cipher = OpenSSL::Cipher.new(CIPHER)
+        cipher.encrypt
+        cipher.key = key
+        cipher.iv = iv
+
+        ciphertext = cipher.update(data) + cipher.final
+
+        Base64.strict_encode64(ciphertext)
+      end
+
+      # decrypts the given ciphertext with an AES cipher defined by the given key
+      # and iv. +ciphertext+ is expected to be base64 encoded
+      # @param [String] ciphertext input data
+      # @param [String] key AES key
+      # @param [String] iv AES initialization vector
+      # @return [String] decrypted plain message
+      # @raise [ArgumentError] if any of the arguments is missing or not the correct type
+      def self.decrypt(ciphertext, key, iv)
+        raise ArgumentError unless ciphertext.instance_of?(String) &&
+                                   key.instance_of?(String) &&
+                                   iv.instance_of?(String)
+
+        decipher = OpenSSL::Cipher.new(CIPHER)
+        decipher.decrypt
+        decipher.key = key
+        decipher.iv = iv
+
+        decipher.update(Base64.decode64(ciphertext)) + decipher.final
+      end
+    end
+  end
+end

data/lib/diaspora_federation/salmon/encrypted_slap.rb

@@ -0,0 +1,187 @@
+module DiasporaFederation
+  module Salmon
+    # +EncryptedSlap+ provides class methods for generating and parsing encrypted
+    # Slaps. (In principle the same as  {Slap}, but with encryption.)
+    #
+    # The basic encryption mechanism used here is based on the knowledge that
+    # asymmetrical encryption is slow and symmetrical encryption is fast. Keeping in
+    # mind that a message we want to de-/encrypt may greatly vary in length,
+    # performance considerations must play a part of this scheme.
+    #
+    # A Diaspora*-flavored encrypted magic-enveloped XML message looks like the following:
+    #
+    #   <?xml version="1.0" encoding="UTF-8"?>
+    #   <diaspora xmlns="https://joindiaspora.com/protocol" xmlns:me="http://salmon-protocol.org/ns/magic-env">
+    #     <encrypted_header>{encrypted_header}</encrypted_header>
+    #     {magic_envelope with encrypted data}
+    #   </diaspora>
+    #
+    # The encrypted header is encoded in JSON like this (when in plain text):
+    #
+    #   {
+    #     "aes_key"    => "...",
+    #     "ciphertext" => "..."
+    #   }
+    #
+    # +aes_key+ is encrypted using the recipients public key, and contains the AES
+    # +key+ and +iv+ used to encrypt the +ciphertext+ also encoded as JSON.
+    #
+    #   {
+    #     "key" => "...",
+    #     "iv"  => "..."
+    #   }
+    #
+    # +ciphertext+, once decrypted, contains the +author_id+, +aes_key+ and +iv+
+    # relevant to the decryption of the data in the magic_envelope and the
+    # verification of its signature.
+    #
+    # The decrypted cyphertext has this XML structure:
+    #
+    #   <decrypted_header>
+    #     <iv>{iv}</iv>
+    #     <aes_key>{aes_key}</aes_key>
+    #     <author_id>{author_id}</author_id>
+    #   </decrypted_header>
+    #
+    # Finally, before decrypting the magic envelope payload, the signature should
+    # first be verified.
+    #
+    # @example Generating an encrypted Salmon Slap
+    #   author_id = "author@pod.example.tld"
+    #   author_privkey = however_you_retrieve_the_authors_private_key(author_id)
+    #   recipient_pubkey = however_you_retrieve_the_recipients_public_key()
+    #   entity = YourEntity.new(attr: "val")
+    #
+    #   slap_xml = EncryptedSlap.generate_xml(author_id, author_privkey, entity, recipient_pubkey)
+    #
+    # @example Parsing a Salmon Slap
+    #   recipient_privkey = however_you_retrieve_the_recipients_private_key()
+    #   slap = EncryptedSlap.from_xml(slap_xml, recipient_privkey)
+    #   author_pubkey = however_you_retrieve_the_authors_public_key(slap.author_id)
+    #
+    #   entity = slap.entity(author_pubkey)
+    #
+    class EncryptedSlap
+      # Creates a Slap instance from the data within the given XML string
+      # containing an encrypted payload.
+      #
+      # @param [String] slap_xml encrypted Salmon xml
+      # @param [OpenSSL::PKey::RSA] pkey recipient private_key for decryption
+      #
+      # @return [Slap] new Slap instance
+      #
+      # @raise [ArgumentError] if any of the arguments is of the wrong type
+      # @raise [MissingHeader] if the +encrypted_header+ element is missing in the XML
+      # @raise [MissingMagicEnvelope] if the +me:env+ element is missing in the XML
+      def self.from_xml(slap_xml, pkey)
+        raise ArgumentError unless slap_xml.instance_of?(String) && pkey.instance_of?(OpenSSL::PKey::RSA)
+        doc = Nokogiri::XML::Document.parse(slap_xml)
+
+        Slap.new.tap do |slap|
+          header_elem = doc.at_xpath("d:diaspora/d:encrypted_header", Slap::NS)
+          raise MissingHeader if header_elem.nil?
+          header = header_data(header_elem.content, pkey)
+          slap.author_id = header[:author_id]
+          slap.cipher_params = {key: Base64.decode64(header[:aes_key]), iv: Base64.decode64(header[:iv])}
+
+          slap.add_magic_env_from_doc(doc)
+        end
+      end
+
+      # Creates an encrypted Salmon Slap and returns the XML string.
+      #
+      # @param [String] author_id Diaspora* handle of the author
+      # @param [OpenSSL::PKey::RSA] pkey sender private key for signing the magic envelope
+      # @param [Entity] entity payload
+      # @param [OpenSSL::PKey::RSA] pubkey recipient public key for encrypting the AES key
+      # @return [String] Salmon XML string
+      # @raise [ArgumentError] if any of the arguments is of the wrong type
+      def self.generate_xml(author_id, pkey, entity, pubkey)
+        raise ArgumentError unless author_id.instance_of?(String) &&
+                                   pkey.instance_of?(OpenSSL::PKey::RSA) &&
+                                   entity.is_a?(Entity) &&
+                                   pubkey.instance_of?(OpenSSL::PKey::RSA)
+
+        Slap.build_xml do |xml|
+          magic_envelope = MagicEnvelope.new(pkey, entity)
+          envelope_key = magic_envelope.encrypt!
+
+          encrypted_header(author_id, envelope_key, pubkey, xml)
+          magic_envelope.envelop(xml)
+        end
+      end
+
+      # decrypts and reads the data from the encrypted XML header
+      # @param [String] data base64 encoded, encrypted header data
+      # @param [OpenSSL::PKey::RSA] pkey private key for decryption
+      # @return [Hash] { iv: "...", aes_key: "...", author_id: "..." }
+      def self.header_data(data, pkey)
+        header_elem = decrypt_header(data, pkey)
+        raise InvalidHeader unless header_elem.name == "decrypted_header"
+
+        iv = header_elem.at_xpath("iv").content
+        key = header_elem.at_xpath("aes_key").content
+        author_id = header_elem.at_xpath("author_id").content
+
+        {iv: iv, aes_key: key, author_id: author_id}
+      end
+      private_class_method :header_data
+
+      # decrypts the xml header
+      # @param [String] data base64 encoded, encrypted header data
+      # @param [OpenSSL::PKey::RSA] pkey private key for decryption
+      # @return [Nokogiri::XML::Element] header xml document
+      def self.decrypt_header(data, pkey)
+        cipher_header = JSON.parse(Base64.decode64(data))
+        key = JSON.parse(pkey.private_decrypt(Base64.decode64(cipher_header["aes_key"])))
+
+        xml = AES.decrypt(cipher_header["ciphertext"], Base64.decode64(key["key"]), Base64.decode64(key["iv"]))
+        Nokogiri::XML::Document.parse(xml).root
+      end
+      private_class_method :decrypt_header
+
+      # encrypt the header xml with an AES cipher and encrypt the cipher params
+      # with the recipients public_key
+      # @param [String] author_id diaspora_handle
+      # @param [Hash] envelope_key envelope cipher params
+      # @param [OpenSSL::PKey::RSA] pubkey recipient public_key
+      # @param [Nokogiri::XML::Element] xml parent element for inserting in XML document
+      def self.encrypted_header(author_id, envelope_key, pubkey, xml)
+        data = header_xml(author_id, strict_base64_encode(envelope_key))
+        key = AES.generate_key_and_iv
+        ciphertext = AES.encrypt(data, key[:key], key[:iv])
+
+        json_key = JSON.generate(strict_base64_encode(key))
+        encrypted_key = Base64.strict_encode64(pubkey.public_encrypt(json_key))
+
+        json_header = JSON.generate(aes_key: encrypted_key, ciphertext: ciphertext)
+
+        xml.encrypted_header(Base64.strict_encode64(json_header))
+      end
+      private_class_method :encrypted_header
+
+      # generate the header xml string, including the author, aes_key and iv
+      # @param [String] author_id diaspora_handle of the author
+      # @param [Hash] envelope_key { key: "...", iv: "..." } (values in base64)
+      # @return [String] header XML string
+      def self.header_xml(author_id, envelope_key)
+        builder = Nokogiri::XML::Builder.new do |xml|
+          xml.decrypted_header {
+            xml.iv(envelope_key[:iv])
+            xml.aes_key(envelope_key[:key])
+            xml.author_id(author_id)
+          }
+        end
+        builder.to_xml.strip
+      end
+      private_class_method :header_xml
+
+      # @param [Hash] hash { key: "...", iv: "..." }
+      # @return [Hash] encoded hash: { key: "...", iv: "..." }
+      def self.strict_base64_encode(hash)
+        Hash[hash.map {|k, v| [k, Base64.strict_encode64(v)] }]
+      end
+      private_class_method :strict_base64_encode
+    end
+  end
+end

data/lib/diaspora_federation/salmon/exceptions.rb

@@ -0,0 +1,50 @@
+module DiasporaFederation
+  module Salmon
+    # Raised, if the element containing the Magic Envelope is missing from the XML
+    class MissingMagicEnvelope < RuntimeError
+    end
+
+    # Raised, if the element containing the author is empty.
+    class MissingAuthor < RuntimeError
+    end
+
+    # Raised, if the element containing the header is missing from the XML
+    class MissingHeader < RuntimeError
+    end
+
+    # Raised if the decrypted header has an unexpected XML structure
+    class InvalidHeader < RuntimeError
+    end
+
+    # Raised, if the Magic Envelope XML structure is malformed.
+    class InvalidEnvelope < RuntimeError
+    end
+
+    # Raised, if the calculated signature doesn't match the one contained in the
+    # Magic Envelope.
+    class InvalidSignature < RuntimeError
+    end
+
+    # Raised, if the parsed Magic Envelope specifies an unhandled algorithm.
+    class InvalidAlgorithm < RuntimeError
+    end
+
+    # Raised, if the parsed Magic Envelope specifies an unhandled encoding.
+    class InvalidEncoding < RuntimeError
+    end
+
+    # Raised, if the XML structure of the parsed document doesn't resemble the
+    # expected structure.
+    class InvalidStructure < RuntimeError
+    end
+
+    # Raised, if the entity name in the XML is invalid
+    class InvalidEntityName < RuntimeError
+    end
+
+    # Raised, if the entity contained within the XML cannot be mapped to a
+    # defined {Entity} subclass.
+    class UnknownEntity < RuntimeError
+    end
+  end
+end