Improved signature handling & instance actor (#8275)

This PR is part of https://codeberg.org/forgejo/forgejo/pulls/4767

It improves the signature handling:
1. move logic to a service (might be used from other services as well)
2. make a clear difference between ` ReqHTTPUserSignature` and `ReqHTTPUserOrInstanceSignature`
3. improve test ability (activitypub/client & distant_federation_server_mock

Adjust instance actor
1. name &
2. webfinger

## Strategy for next PRs is

Integration tests are in the driving seat.

I will step by step add integration tests form original PR and add code required by the integration test changes.

## Meta

Proposal howto process large PRs can be discussed here: https://codeberg.org/forgejo-contrib/federation/pulls/37

Current state with rendered diagrams can be found here: https://codeberg.org/meissa/federation/src/branch/merge-large-pr/doc/merge-large-pr.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8275
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>

modules/activitypub/client.go

@@ -89,6 +89,7 @@ func NewClientFactory() (c *ClientFactory, err error) {
 
 type APClientFactory interface {
 	WithKeys(ctx context.Context, user *user_model.User, pubID string) (APClient, error)
+	WithKeysDirect(ctx context.Context, privateKey, pubID string) (APClient, error)
 }
 
 // Client struct
@@ -103,12 +104,8 @@ type Client struct {
 }
 
 // NewRequest function
-func (cf *ClientFactory) WithKeys(ctx context.Context, user *user_model.User, pubID string) (APClient, error) {
-	priv, err := GetPrivateKey(ctx, user)
-	if err != nil {
-		return nil, err
-	}
-	privPem, _ := pem.Decode([]byte(priv))
+func (cf *ClientFactory) WithKeysDirect(ctx context.Context, privateKey, pubID string) (APClient, error) {
+	privPem, _ := pem.Decode([]byte(privateKey))
 	privParsed, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
 	if err != nil {
 		return nil, err
@@ -126,6 +123,14 @@ func (cf *ClientFactory) WithKeys(ctx context.Context, user *user_model.User, pu
 	return &c, nil
 }
 
+func (cf *ClientFactory) WithKeys(ctx context.Context, user *user_model.User, pubID string) (APClient, error) {
+	priv, err := GetPrivateKey(ctx, user)
+	if err != nil {
+		return nil, err
+	}
+	return cf.WithKeysDirect(ctx, priv, pubID)
+}
+
 // NewRequest function
 func (c *Client) newRequest(method string, b []byte, to string) (req *http.Request, err error) {
 	buf := bytes.NewBuffer(b)
@@ -149,12 +154,14 @@ func (c *Client) Post(b []byte, to string) (resp *http.Response, err error) {
 		return nil, err
 	}
 
-	signer, _, err := httpsig.NewSigner(c.algs, c.digestAlg, c.postHeaders, httpsig.Signature, httpsigExpirationTime)
-	if err != nil {
-		return nil, err
-	}
-	if err := signer.SignRequest(c.priv, c.pubID, req, b); err != nil {
-		return nil, err
+	if c.pubID != "" {
+		signer, _, err := httpsig.NewSigner(c.algs, c.digestAlg, c.postHeaders, httpsig.Signature, httpsigExpirationTime)
+		if err != nil {
+			return nil, err
+		}
+		if err := signer.SignRequest(c.priv, c.pubID, req, b); err != nil {
+			return nil, err
+		}
 	}
 
 	resp, err = c.client.Do(req)
@@ -167,12 +174,15 @@ func (c *Client) Get(to string) (resp *http.Response, err error) {
 	if req, err = c.newRequest(http.MethodGet, nil, to); err != nil {
 		return nil, err
 	}
-	signer, _, err := httpsig.NewSigner(c.algs, c.digestAlg, c.getHeaders, httpsig.Signature, httpsigExpirationTime)
-	if err != nil {
-		return nil, err
-	}
-	if err := signer.SignRequest(c.priv, c.pubID, req, nil); err != nil {
-		return nil, err
+
+	if c.pubID != "" {
+		signer, _, err := httpsig.NewSigner(c.algs, c.digestAlg, c.getHeaders, httpsig.Signature, httpsigExpirationTime)
+		if err != nil {
+			return nil, err
+		}
+		if err := signer.SignRequest(c.priv, c.pubID, req, nil); err != nil {
+			return nil, err
+		}
 	}
 
 	resp, err = c.client.Do(req)