Add E2EE API (#13820)

spec/fabricators/device_fabricator.rb

@@ -0,0 +1,8 @@
+Fabricator(:device) do
+  access_token
+  account
+  device_id        { Faker::Number.number(digits: 5) }
+  name             { Faker::App.name }
+  fingerprint_key  { Base64.strict_encode64(Ed25519::SigningKey.generate.verify_key.to_bytes) }
+  identity_key     { Base64.strict_encode64(Ed25519::SigningKey.generate.verify_key.to_bytes) }
+end

spec/fabricators/encrypted_message_fabricator.rb

@@ -0,0 +1,8 @@
+Fabricator(:encrypted_message) do
+  device
+  from_account
+  from_device_id   { Faker::Number.number(digits: 5) }
+  type             0
+  body             ""
+  message_franking ""
+end

spec/fabricators/one_time_key_fabricator.rb

@@ -0,0 +1,11 @@
+Fabricator(:one_time_key) do
+  device
+  key_id { Faker::Alphanumeric.alphanumeric(number: 10) }
+  key    { Base64.strict_encode64(Ed25519::SigningKey.generate.verify_key.to_bytes) }
+
+  signature do |attrs|
+    signing_key = Ed25519::SigningKey.generate
+    attrs[:device].update(fingerprint_key: Base64.strict_encode64(signing_key.verify_key.to_bytes))
+    Base64.strict_encode64(signing_key.sign(attrs[:key]))
+  end
+end

spec/fabricators/system_key_fabricator.rb

@@ -0,0 +1,3 @@
+Fabricator(:system_key) do
+
+end

spec/lib/activitypub/activity/create_spec.rb

@@ -579,6 +579,62 @@ RSpec.describe ActivityPub::Activity::Create do
       end
     end
 
+    context 'with an encrypted message' do
+      let(:recipient) { Fabricate(:account) }
+      let(:target_device) { Fabricate(:device, account: recipient) }
+
+      subject { described_class.new(json, sender, delivery: true, delivered_to_account_id: recipient.id) }
+
+      let(:object_json) do
+        {
+          id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join,
+          type: 'EncryptedMessage',
+          attributedTo: {
+            type: 'Device',
+            deviceId: '1234',
+          },
+          to: {
+            type: 'Device',
+            deviceId: target_device.device_id,
+          },
+          messageType: 1,
+          cipherText: 'Foo',
+          messageFranking: 'Baz678',
+          digest: {
+            digestAlgorithm: 'Bar456',
+            digestValue: 'Foo123',
+          },
+        }
+      end
+
+      before do
+        subject.perform
+      end
+
+      it 'creates an encrypted message' do
+        encrypted_message = target_device.encrypted_messages.reload.first
+
+        expect(encrypted_message).to_not be_nil
+        expect(encrypted_message.from_device_id).to eq '1234'
+        expect(encrypted_message.from_account).to eq sender
+        expect(encrypted_message.type).to eq 1
+        expect(encrypted_message.body).to eq 'Foo'
+        expect(encrypted_message.digest).to eq 'Foo123'
+      end
+
+      it 'creates a message franking' do
+        encrypted_message = target_device.encrypted_messages.reload.first
+        message_franking  = encrypted_message.message_franking
+
+        crypt = ActiveSupport::MessageEncryptor.new(SystemKey.current_key, serializer: Oj)
+        json  = crypt.decrypt_and_verify(message_franking)
+
+        expect(json['source_account_id']).to eq sender.id
+        expect(json['target_account_id']).to eq recipient.id
+        expect(json['original_franking']).to eq 'Baz678'
+      end
+    end
+
     context 'when sender is followed by local users' do
       subject { described_class.new(json, sender, delivery: true) }
 

spec/models/device_spec.rb

@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe Device, type: :model do
+
+end

spec/models/encrypted_message_spec.rb

@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe EncryptedMessage, type: :model do
+
+end

spec/models/one_time_key_spec.rb

@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe OneTimeKey, type: :model do
+
+end

spec/models/system_key_spec.rb

@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe SystemKey, type: :model do
+
+end