From 165a4033536c9ec407d7d48eea1449937b973520 Mon Sep 17 00:00:00 2001 From: Ryan Barrett Date: Fri, 8 Sep 2023 21:52:46 -0700 Subject: [PATCH] drop User.k256_pem, use arroba's AtpRepo.signing_key/rotation_key instead --- atproto.py | 2 -- models.py | 21 +++------------------ tests/test_models.py | 5 ----- tests/testutil.py | 6 +----- 4 files changed, 4 insertions(+), 30 deletions(-) diff --git a/atproto.py b/atproto.py index b62299a9..52a69409 100644 --- a/atproto.py +++ b/atproto.py @@ -145,7 +145,6 @@ def send(cls, obj, url, log_data=True): through subscribeRepos and then deliver it to AppView(s), which will notify recipients as necessary. """ - # TODO if url.rstrip('/') != common.host_url().rstrip('/'): logger.info(f'Target PDS {url} is not us') return False @@ -170,7 +169,6 @@ def send(cls, obj, url, log_data=True): if pds.rstrip('/') != url.rstrip('/'): logger.warning(f'{user_key} {user.atproto_did} PDS {pds} is not us') return False - did_plc = None repo = storage.load_repo(user.atproto_did) else: diff --git a/models.py b/models.py index c7cc6a40..d33a7e58 100644 --- a/models.py +++ b/models.py @@ -78,7 +78,7 @@ def _validate_atproto_did(prop, val): class User(StringIdModel, metaclass=ProtocolUserMeta): """Abstract base class for a Bridgy Fed user. - Stores multiple keypairs needed for the supported protocols. Currently: + Stores some protocols' keypairs. Currently: * RSA keypair for ActivityPub HTTP Signatures properties: mod, public_exponent, private_exponent, all encoded as @@ -86,15 +86,13 @@ class User(StringIdModel, metaclass=ProtocolUserMeta): section 5.1 of the Magic Signatures spec https://tools.ietf.org/html/draft-cavage-http-signatures-12 - * K-256 keypair for AT Protocol's signing key - property: k256_pem, PEM encoded - https://atproto.com/guides/overview#account-portability + * *Not* K-256 signing or rotation keys for AT Protocol, those are stored in + :class:`arroba.datastore_storage.AtpRepo` entities """ obj_key = ndb.KeyProperty(kind='Object') # user profile mod = ndb.StringProperty() public_exponent = ndb.StringProperty() private_exponent = ndb.StringProperty() - k256_pem = ndb.BlobProperty() use_instead = ndb.KeyProperty() atproto_did = ndb.StringProperty(validator=_validate_atproto_did) @@ -168,14 +166,6 @@ def get_or_create(cls, id, **kwargs): 'private_exponent': long_to_base64(key.d), }) - if cls.LABEL != 'atproto': - privkey = arroba.util.new_key() - kwargs['k256_pem'] = privkey.private_bytes( - encoding=serialization.Encoding.PEM, - format=serialization.PrivateFormat.PKCS8, - encryption_algorithm=serialization.NoEncryption(), - ) - user = cls(id=id, **kwargs) try: user.put() @@ -249,11 +239,6 @@ def private_pem(self): base64_to_long(str(self.private_exponent)))) return rsa.exportKey(format='PEM') - def k256_key(self): - """Returns: :class:`ec.EllipticCurvePrivateKey`""" - assert self.k256_pem - return serialization.load_pem_private_key(self.k256_pem, password=None) - def name(self): """Returns this user's human-readable name, eg 'Ryan Barrett'.""" if self.obj and self.obj.as1: diff --git a/tests/test_models.py b/tests/test_models.py index 39b99bb2..1e2a5180 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -34,16 +34,11 @@ def test_get_or_create(self): assert user.mod assert user.public_exponent assert user.private_exponent - assert user.k256_key # check that we can load the keys assert user.public_pem() assert user.private_pem() - k256_key = user.k256_key() - self.assertIsInstance(k256_key, ec.EllipticCurvePrivateKey) - self.assertIsInstance(k256_key.curve, ec.SECP256K1) - # direct should get set even if the user exists same = Fake.get_or_create('a.b', direct=True) user.direct = True diff --git a/tests/testutil.py b/tests/testutil.py index c1de2423..f84977f8 100644 --- a/tests/testutil.py +++ b/tests/testutil.py @@ -257,7 +257,6 @@ def make_user(self, id, cls=Web, **kwargs): mod=global_user.mod, public_exponent=global_user.public_exponent, private_exponent=global_user.private_exponent, - k256_pem=global_user.k256_pem, obj_key=obj_key, **kwargs) user.put() @@ -415,7 +414,7 @@ def assert_user(self, cls, id, **props): self.assert_equals(obj_as2, got.as2()) # generated, computed, etc - ignore = ['created', 'mod', 'obj_key', 'k256_pem', 'private_exponent', + ignore = ['created', 'mod', 'obj_key', 'private_exponent', 'public_exponent', 'readable_id', 'updated'] for prop in ignore: assert prop not in props @@ -427,9 +426,6 @@ def assert_user(self, cls, id, **props): assert got.private_exponent assert got.public_exponent - if cls != ATProto: - assert got.k256_pem - return got def assert_equals(self, expected, actual, msg=None, ignore=(), **kwargs):