mirror of
https://github.com/friendica/friendica
synced 2025-05-01 19:04:23 +02:00
Improvements to signature check, private posts do work now again
This commit is contained in:
Michael
parent
4c224fbddd
commit
b44fc62708
5 changed files with 166 additions and 97 deletions
|
|
@ -266,7 +266,7 @@ class HTTPSignature
|
|||
return;
|
||||
}
|
||||
|
||||
$content = json_encode($data);
|
||||
$content = json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
||||
|
||||
// Header data that is about to be signed.
|
||||
$host = parse_url($target, PHP_URL_HOST);
|
||||
|
|
@ -290,7 +290,7 @@ class HTTPSignature
|
|||
logger('Transmit to ' . $target . ' returned ' . $return_code);
|
||||
}
|
||||
|
||||
public static function verifyAP($content, $http_headers)
|
||||
public static function getSigner($content, $http_headers)
|
||||
{
|
||||
$object = json_decode($content, true);
|
||||
|
||||
|
|
@ -355,7 +355,7 @@ class HTTPSignature
|
|||
return false;
|
||||
}
|
||||
|
||||
if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key, $algorithm)) {
|
||||
if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key['pubkey'], $algorithm)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -383,8 +383,7 @@ class HTTPSignature
|
|||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
return $key['url'];
|
||||
}
|
||||
|
||||
private static function fetchKey($id, $actor)
|
||||
|
|
@ -394,12 +393,12 @@ class HTTPSignature
|
|||
$profile = ActivityPub::fetchprofile($url);
|
||||
if (!empty($profile)) {
|
||||
logger('Taking key from id ' . $id, LOGGER_DEBUG);
|
||||
return $profile['pubkey'];
|
||||
return ['url' => $url, 'pubkey' => $profile['pubkey']];
|
||||
} elseif ($url != $actor) {
|
||||
$profile = ActivityPub::fetchprofile($actor);
|
||||
if (!empty($profile)) {
|
||||
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
||||
return $profile['pubkey'];
|
||||
return ['url' => $actor, 'pubkey' => $profile['pubkey']];
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -40,11 +40,26 @@ class JsonLD
|
|||
return $data;
|
||||
}
|
||||
|
||||
private static function objectify($element)
|
||||
{
|
||||
if (is_array($element)) {
|
||||
$keys = array_keys($element);
|
||||
if (is_int(array_pop($keys))) {
|
||||
return array_map('objectify', $element);
|
||||
} else {
|
||||
return (object)array_map('objectify', $element);
|
||||
}
|
||||
} else {
|
||||
return $element;
|
||||
}
|
||||
}
|
||||
|
||||
public static function normalize($json)
|
||||
{
|
||||
jsonld_set_document_loader('Friendica\Util\JsonLD::documentLoader');
|
||||
|
||||
$jsonobj = json_decode(json_encode($json));
|
||||
// $jsonobj = array_map('Friendica\Util\JsonLD::objectify', $json);
|
||||
$jsonobj = json_decode(json_encode($json, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
|
||||
|
||||
return jsonld_normalize($jsonobj, array('algorithm' => 'URDNA2015', 'format' => 'application/nquads'));
|
||||
}
|
||||
|
|
@ -59,11 +74,11 @@ class JsonLD
|
|||
'vcard' => (object)['@id' => 'http://www.w3.org/2006/vcard/ns#', '@type' => '@id'],
|
||||
'uuid' => (object)['@id' => 'http://schema.org/identifier', '@type' => '@id']];
|
||||
|
||||
$jsonobj = json_decode(json_encode($json));
|
||||
$jsonobj = json_decode(json_encode($json, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
|
||||
|
||||
$compacted = jsonld_compact($jsonobj, $context);
|
||||
|
||||
return json_decode(json_encode($compacted), true);
|
||||
return json_decode(json_encode($compacted, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE), true);
|
||||
}
|
||||
|
||||
public static function fetchElement($array, $element, $key, $type = null, $type_value = null)
|
||||
|
|
|
|||
|
|
@ -13,50 +13,52 @@ class LDSignature
|
|||
return !empty($data['signature']);
|
||||
}
|
||||
|
||||
public static function isVerified($data, $pubkey = null)
|
||||
public static function getSigner($data)
|
||||
{
|
||||
if (!self::isSigned($data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (empty($pubkey)) {
|
||||
/*
|
||||
$creator = $data['signature']['creator'];
|
||||
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
||||
$creator = $data['signature']['creator'];
|
||||
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
||||
|
||||
$url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator);
|
||||
$url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator);
|
||||
|
||||
$profile = ActivityPub::fetchprofile($url);
|
||||
if (!empty($profile)) {
|
||||
logger('Taking key from creator ' . $creator, LOGGER_DEBUG);
|
||||
} elseif ($url != $actor) {
|
||||
$profile = ActivityPub::fetchprofile($actor);
|
||||
if (empty($profile)) {
|
||||
return false;
|
||||
}
|
||||
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
||||
$profile = ActivityPub::fetchprofile($url);
|
||||
if (!empty($profile)) {
|
||||
logger('Taking key from creator ' . $creator, LOGGER_DEBUG);
|
||||
} elseif ($url != $actor) {
|
||||
$profile = ActivityPub::fetchprofile($actor);
|
||||
if (empty($profile)) {
|
||||
return false;
|
||||
}
|
||||
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
||||
}
|
||||
|
||||
*/
|
||||
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
||||
if (empty($actor)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$profile = ActivityPub::fetchprofile($actor);
|
||||
if (empty($profile['pubkey'])) {
|
||||
return false;
|
||||
}
|
||||
$pubkey = $profile['pubkey'];
|
||||
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
||||
if (empty($actor)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$profile = ActivityPub::fetchprofile($actor);
|
||||
if (empty($profile['pubkey'])) {
|
||||
return false;
|
||||
}
|
||||
$pubkey = $profile['pubkey'];
|
||||
|
||||
$ohash = self::hash(self::signable_options($data['signature']));
|
||||
$dhash = self::hash(self::signable_data($data));
|
||||
|
||||
$x = Crypto::rsaVerify($ohash . $dhash, base64_decode($data['signature']['signatureValue']), $pubkey);
|
||||
logger('LD-verify: ' . intval($x));
|
||||
|
||||
return $x;
|
||||
if (empty($x)) {
|
||||
return false;
|
||||
} else {
|
||||
return $actor;
|
||||
}
|
||||
}
|
||||
|
||||
public static function sign($data, $owner)
|
||||
|
|
@ -65,7 +67,7 @@ class LDSignature
|
|||
'type' => 'RsaSignature2017',
|
||||
'nonce' => random_string(64),
|
||||
'creator' => $owner['url'] . '#main-key',
|
||||
'created' => DateTimeFormat::utcNow()
|
||||
'created' => DateTimeFormat::utcNow(DateTimeFormat::ATOM)
|
||||
];
|
||||
|
||||
$ohash = self::hash(self::signable_options($options));
|
||||
|
|
@ -78,15 +80,8 @@ class LDSignature
|
|||
|
||||
private static function signable_data($data)
|
||||
{
|
||||
$newdata = [];
|
||||
if (!empty($data)) {
|
||||
foreach ($data as $k => $v) {
|
||||
if (!in_array($k, ['signature'])) {
|
||||
$newdata[$k] = $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $newdata;
|
||||
unset($data['signature']);
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -95,7 +90,7 @@ class LDSignature
|
|||
$newopts = ['@context' => 'https://w3id.org/identity/v1'];
|
||||
if (!empty($options)) {
|
||||
foreach ($options as $k => $v) {
|
||||
if (!in_array($k, ['type','id','signatureValue'])) {
|
||||
if (!in_array($k, ['type', 'id', 'signatureValue'])) {
|
||||
$newopts[$k] = $v;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue