drop User.k256_pem, use arroba's AtpRepo.signing_key/rotation_key ins…

…tead
snarfed · Sep 9, 2023 · 165a403 · 165a403
1 parent ac06e0f
commit 165a403
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 30 deletions.
diff --git a/atproto.py b/atproto.py
@@ -145,7 +145,6 @@ def send(cls, obj, url, log_data=True):
         through subscribeRepos and then deliver it to AppView(s), which will
         notify recipients as necessary.
         """
-        # TODO
         if url.rstrip('/') != common.host_url().rstrip('/'):
             logger.info(f'Target PDS {url} is not us')
             return False
@@ -170,7 +169,6 @@ def send(cls, obj, url, log_data=True):
             if pds.rstrip('/') != url.rstrip('/'):
                 logger.warning(f'{user_key} {user.atproto_did} PDS {pds} is not us')
                 return False
-            did_plc = None
             repo = storage.load_repo(user.atproto_did)
 
         else:

diff --git a/models.py b/models.py
@@ -78,23 +78,21 @@ def _validate_atproto_did(prop, val):
 class User(StringIdModel, metaclass=ProtocolUserMeta):
     """Abstract base class for a Bridgy Fed user.
 
-    Stores multiple keypairs needed for the supported protocols. Currently:
+    Stores some protocols' keypairs. Currently:
 
     * RSA keypair for ActivityPub HTTP Signatures
       properties: mod, public_exponent, private_exponent, all encoded as
         base64url (ie URL-safe base64) strings as described in RFC 4648 and
         section 5.1 of the Magic Signatures spec
       https://tools.ietf.org/html/draft-cavage-http-signatures-12
 
-    * K-256 keypair for AT Protocol's signing key
-      property: k256_pem, PEM encoded
-      https://atproto.com/guides/overview#account-portability
+    * *Not* K-256 signing or rotation keys for AT Protocol, those are stored in
+      :class:`arroba.datastore_storage.AtpRepo` entities
     """
     obj_key = ndb.KeyProperty(kind='Object')  # user profile
     mod = ndb.StringProperty()
     public_exponent = ndb.StringProperty()
     private_exponent = ndb.StringProperty()
-    k256_pem = ndb.BlobProperty()
     use_instead = ndb.KeyProperty()
     atproto_did = ndb.StringProperty(validator=_validate_atproto_did)
 
@@ -168,14 +166,6 @@ def get_or_create(cls, id, **kwargs):
                     'private_exponent': long_to_base64(key.d),
             })
 
-        if cls.LABEL != 'atproto':
-            privkey = arroba.util.new_key()
-            kwargs['k256_pem'] = privkey.private_bytes(
-                encoding=serialization.Encoding.PEM,
-                format=serialization.PrivateFormat.PKCS8,
-                encryption_algorithm=serialization.NoEncryption(),
-            )
-
         user = cls(id=id, **kwargs)
         try:
             user.put()
@@ -249,11 +239,6 @@ def private_pem(self):
                              base64_to_long(str(self.private_exponent))))
         return rsa.exportKey(format='PEM')
 
-    def k256_key(self):
-        """Returns: :class:`ec.EllipticCurvePrivateKey`"""
-        assert self.k256_pem
-        return serialization.load_pem_private_key(self.k256_pem, password=None)
-
     def name(self):
         """Returns this user's human-readable name, eg 'Ryan Barrett'."""
         if self.obj and self.obj.as1:

diff --git a/tests/test_models.py b/tests/test_models.py
@@ -34,16 +34,11 @@ def test_get_or_create(self):
         assert user.mod
         assert user.public_exponent
         assert user.private_exponent
-        assert user.k256_key
 
         # check that we can load the keys
         assert user.public_pem()
         assert user.private_pem()
 
-        k256_key = user.k256_key()
-        self.assertIsInstance(k256_key, ec.EllipticCurvePrivateKey)
-        self.assertIsInstance(k256_key.curve, ec.SECP256K1)
-
         # direct should get set even if the user exists
         same = Fake.get_or_create('a.b', direct=True)
         user.direct = True

diff --git a/tests/testutil.py b/tests/testutil.py
@@ -257,7 +257,6 @@ def make_user(self, id, cls=Web, **kwargs):
                    mod=global_user.mod,
                    public_exponent=global_user.public_exponent,
                    private_exponent=global_user.private_exponent,
-                   k256_pem=global_user.k256_pem,
                    obj_key=obj_key,
                    **kwargs)
         user.put()
@@ -415,7 +414,7 @@ def assert_user(self, cls, id, **props):
             self.assert_equals(obj_as2, got.as2())
 
         # generated, computed, etc
-        ignore = ['created', 'mod', 'obj_key', 'k256_pem', 'private_exponent',
+        ignore = ['created', 'mod', 'obj_key', 'private_exponent',
                   'public_exponent', 'readable_id', 'updated']
         for prop in ignore:
             assert prop not in props
@@ -427,9 +426,6 @@ def assert_user(self, cls, id, **props):
             assert got.private_exponent
             assert got.public_exponent
 
-        if cls != ATProto:
-            assert got.k256_pem
-
         return got
 
     def assert_equals(self, expected, actual, msg=None, ignore=(), **kwargs):