Add Chef package registry (#22554)

This PR implements a [Chef registry](https://chef.io/) to manage
cookbooks. This package type was a bit complicated because Chef uses RSA
signed requests as authentication with the registry.


![grafik](https://user-images.githubusercontent.com/1666336/213747995-46819fd8-c3d6-45a2-afd4-a4c3c8505a4a.png)


![grafik](https://user-images.githubusercontent.com/1666336/213748145-d01c9e81-d4dd-41e3-a3cc-8241862c3166.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

modules/activitypub/keypair.go

@@ -1,47 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package activitypub
-
-import (
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-)
-
-const rsaBits = 2048
-
-// GenerateKeyPair generates a public and private keypair for signing actions by users for activitypub purposes
-func GenerateKeyPair() (string, string, error) {
-	priv, _ := rsa.GenerateKey(rand.Reader, rsaBits)
-	privPem, err := pemBlockForPriv(priv)
-	if err != nil {
-		return "", "", err
-	}
-	pubPem, err := pemBlockForPub(&priv.PublicKey)
-	if err != nil {
-		return "", "", err
-	}
-	return privPem, pubPem, nil
-}
-
-func pemBlockForPriv(priv *rsa.PrivateKey) (string, error) {
-	privBytes := pem.EncodeToMemory(&pem.Block{
-		Type:  "RSA PRIVATE KEY",
-		Bytes: x509.MarshalPKCS1PrivateKey(priv),
-	})
-	return string(privBytes), nil
-}
-
-func pemBlockForPub(pub *rsa.PublicKey) (string, error) {
-	pubASN1, err := x509.MarshalPKIXPublicKey(pub)
-	if err != nil {
-		return "", err
-	}
-	pubBytes := pem.EncodeToMemory(&pem.Block{
-		Type:  "PUBLIC KEY",
-		Bytes: pubASN1,
-	})
-	return string(pubBytes), nil
-}

modules/activitypub/keypair_test.go

@@ -1,61 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package activitypub
-
-import (
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/pem"
-	"regexp"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestKeygen(t *testing.T) {
-	priv, pub, err := GenerateKeyPair()
-	assert.NoError(t, err)
-
-	assert.NotEmpty(t, priv)
-	assert.NotEmpty(t, pub)
-
-	assert.Regexp(t, regexp.MustCompile("^-----BEGIN RSA PRIVATE KEY-----.*"), priv)
-	assert.Regexp(t, regexp.MustCompile("^-----BEGIN PUBLIC KEY-----.*"), pub)
-}
-
-func TestSignUsingKeys(t *testing.T) {
-	priv, pub, err := GenerateKeyPair()
-	assert.NoError(t, err)
-
-	privPem, _ := pem.Decode([]byte(priv))
-	if privPem == nil || privPem.Type != "RSA PRIVATE KEY" {
-		t.Fatal("key is wrong type")
-	}
-
-	privParsed, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
-	assert.NoError(t, err)
-
-	pubPem, _ := pem.Decode([]byte(pub))
-	if pubPem == nil || pubPem.Type != "PUBLIC KEY" {
-		t.Fatal("key failed to decode")
-	}
-
-	pubParsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes)
-	assert.NoError(t, err)
-
-	// Sign
-	msg := "activity pub is great!"
-	h := sha256.New()
-	h.Write([]byte(msg))
-	d := h.Sum(nil)
-	sig, err := rsa.SignPKCS1v15(rand.Reader, privParsed, crypto.SHA256, d)
-	assert.NoError(t, err)
-
-	// Verify
-	err = rsa.VerifyPKCS1v15(pubParsed.(*rsa.PublicKey), crypto.SHA256, d, sig)
-	assert.NoError(t, err)
-}

modules/activitypub/user_settings.go

@@ -5,8 +5,11 @@ package activitypub
 
 import (
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/util"
 )
 
+const rsaBits = 2048
+
 // GetKeyPair function returns a user's private and public keys
 func GetKeyPair(user *user_model.User) (pub, priv string, err error) {
 	var settings map[string]*user_model.Setting
@@ -14,7 +17,7 @@ func GetKeyPair(user *user_model.User) (pub, priv string, err error) {
 	if err != nil {
 		return
 	} else if len(settings) == 0 {
-		if priv, pub, err = GenerateKeyPair(); err != nil {
+		if priv, pub, err = util.GenerateKeyPair(rsaBits); err != nil {
 			return
 		}
 		if err = user_model.SetUserSetting(user.ID, user_model.UserActivityPubPrivPem, priv); err != nil {