LD signatures will now be checked when receiving messages

This commit is contained in:
Michael 2018-09-21 03:39:32 +00:00
parent 752b5fe284
commit 355346298b
3 changed files with 39 additions and 4 deletions

View file

@ -688,7 +688,22 @@ class ActivityPub
logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG); logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG);
$public = in_array(0, $receivers); $unsigned = true;
if (LDSignature::isSigned($activity)) {
if (!LDSignature::isVerified($activity)) {
logger('Invalid signature. Quitting here.', LOGGER_DEBUG);
return [];
}
logger('Valid signature.', LOGGER_DEBUG);
$unsigned = false;
} elseif (!in_array(0, $receivers)) {
/// @todo Add some checks to only accept unsigned private posts directly from the actor
$unsigned = false;
logger('Private post without signature.', LOGGER_DEBUG);
} else {
logger('Public post without signature. Object data will be fetched.', LOGGER_DEBUG);
}
if (is_string($activity['object'])) { if (is_string($activity['object'])) {
$object_url = $activity['object']; $object_url = $activity['object'];
@ -701,7 +716,7 @@ class ActivityPub
// Fetch the content only on activities where this matters // Fetch the content only on activities where this matters
if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) { if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) {
$object_data = self::fetchObject($object_url, $activity['object']); $object_data = self::fetchObject($object_url, $activity['object'], $unsigned);
if (empty($object_data)) { if (empty($object_data)) {
logger("Object data couldn't be processed", LOGGER_DEBUG); logger("Object data couldn't be processed", LOGGER_DEBUG);
return []; return [];
@ -896,9 +911,9 @@ class ActivityPub
return $object_data; return $object_data;
} }
private static function fetchObject($object_url, $object = [], $public = true) private static function fetchObject($object_url, $object = [], $unsigned = true)
{ {
if ($public) { if ($unsigned) {
$data = self::fetchContent($object_url); $data = self::fetchContent($object_url);
if (empty($data)) { if (empty($data)) {
logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG); logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG);

View file

@ -393,10 +393,12 @@ class HTTPSignature
$profile = ActivityPub::fetchprofile($url); $profile = ActivityPub::fetchprofile($url);
if (!empty($profile)) { if (!empty($profile)) {
logger('Taking key from id ' . $id, LOGGER_DEBUG);
return $profile['pubkey']; return $profile['pubkey'];
} elseif ($url != $actor) { } elseif ($url != $actor) {
$profile = ActivityPub::fetchprofile($actor); $profile = ActivityPub::fetchprofile($actor);
if (!empty($profile)) { if (!empty($profile)) {
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
return $profile['pubkey']; return $profile['pubkey'];
} }
} }

View file

@ -20,6 +20,24 @@ class LDSignature
} }
if (empty($pubkey)) { if (empty($pubkey)) {
/*
$creator = $data['signature']['creator'];
$actor = JsonLD::fetchElement($data, 'actor', 'id');
$url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator);
$profile = ActivityPub::fetchprofile($url);
if (!empty($profile)) {
logger('Taking key from creator ' . $creator, LOGGER_DEBUG);
} elseif ($url != $actor) {
$profile = ActivityPub::fetchprofile($actor);
if (empty($profile)) {
return false;
}
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
}
*/
$actor = JsonLD::fetchElement($data, 'actor', 'id'); $actor = JsonLD::fetchElement($data, 'actor', 'id');
if (empty($actor)) { if (empty($actor)) {
return false; return false;