aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2024-01-13 20:38:34 +0000
committerMario <mario@mariovavti.com>2024-01-13 20:38:34 +0000
commitfa7aa6cedb83279252d1e26bb58227a6f99df9ed (patch)
tree5db025c66abd519d20cc6afdb35b32e72f09a0ce
parent6df98f2fad7741af341f4e74fd2e2f28f21bf373 (diff)
downloadvolse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.gz
volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.bz2
volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.zip
start checking integrity proofs, remove signature prior to verify, iterate trough the array to find the desired ekey in actor_store()
-rw-r--r--Zotlabs/Lib/Activity.php12
-rw-r--r--Zotlabs/Lib/ActivityStreams.php56
-rw-r--r--Zotlabs/Lib/JcsEddsa2022.php3
3 files changed, 57 insertions, 14 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 93f50fc56..6c680c56e 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -1757,14 +1757,12 @@ class Activity {
}
$epubkey = '';
- // TODO: We should probably also deal with arrays here.
- // It is not clear yet which key we want to store if we got more than one though.
- if (isset($person_obj['assertionMethod']['publicKeyMultibase'])) {
- if ($person_obj['id'] === $person_obj['assertionMethod']['controller']) {
+ foreach($person_obj['assertionMethod'] as $am) {
+ if ($person_obj['id'] === $am['controller'] &&
+ $am['type'] === 'Multikey' &&
+ str_starts_with($am['publicKeyMultibase'], 'z6Mk')
+ ) {
$epubkey = $person_obj['assertionMethod']['publicKeyMultibase'];
- if ($person_obj['assertionMethod']['type'] === 'Multikey') {
- $epubkey = $person_obj['assertionMethod']['publicKeyMultibase'];
- }
}
}
diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php
index c32f82e33..98fc73462 100644
--- a/Zotlabs/Lib/ActivityStreams.php
+++ b/Zotlabs/Lib/ActivityStreams.php
@@ -24,7 +24,7 @@ class ActivityStreams {
public $origin = null;
public $owner = null;
public $signer = null;
- public $ldsig = null;
+ public $sig = null;
public $sigok = false;
public $recips = null;
public $raw_recips = null;
@@ -97,11 +97,19 @@ class ActivityStreams {
$this->origin = $this->get_compound_property('origin');
$this->recips = $this->collect_recips();
- $this->ldsig = $this->get_compound_property('signature');
- if ($this->ldsig) {
- $this->signer = $this->get_actor('creator', $this->ldsig);
- if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) {
- $this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']);
+ $this->sig = $this->get_compound_property('proof');
+ if ($this->sig) {
+ $this->checkEddsaSignature(); // will set signer and sigok if everything works out
+ }
+
+ // Try LDSignatures if edsig failed
+ if (!$this->sigok) {
+ $this->sig = $this->get_compound_property('signature');
+ if ($this->sig) {
+ $this->signer = $this->get_actor('creator', $this->sig);
+ if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) {
+ $this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']);
+ }
}
}
@@ -490,4 +498,40 @@ class ActivityStreams {
}
+ public function checkEddsaSignature() {
+ $signer = $this->get_property_obj('verificationMethod', $this->sig);
+
+ $parseUrl = parse_url($signer);
+ if (!empty($parseUrl['fragment']) && str_starts_with($parseUrl['fragment'],'z6Mk')) {
+ $publicKey = $parseUrl['fragment'];
+ unset($parseUrl['fragment']);
+ unset($parseUrl['query']);
+ }
+
+ $url = unparse_url($parseUrl);
+ //$this->signer = [ 'id' => $url ];
+
+ $hublocs = Activity::get_actor_hublocs($url);
+ $hasStoredKey = false;
+ if ($hublocs) {
+ foreach ($hublocs as $hubloc) {
+ if ($publicKey && $hubloc['xchan_epubkey'] === $publicKey) {
+ $hasStoredKey = true;
+ break;
+ }
+ }
+ }
+ if (!$hasStoredKey) {
+ $this->signer = Activity::get_actor($url);
+ if ($this->signer
+ && !empty($this->signer['assertionMethod'])
+ && !empty($this->signer['assertionMethod']['publicKeyMultibase'])) {
+ $publicKey = $this->signer['assertionMethod']['publicKeyMultibase'];
+ }
+ }
+ if ($publicKey) {
+ $this->sigok = (new JcsEddsa2022)->verify($this->data, $publicKey);
+ }
+ }
+
}
diff --git a/Zotlabs/Lib/JcsEddsa2022.php b/Zotlabs/Lib/JcsEddsa2022.php
index 425627b62..14f16c94b 100644
--- a/Zotlabs/Lib/JcsEddsa2022.php
+++ b/Zotlabs/Lib/JcsEddsa2022.php
@@ -37,6 +37,7 @@ class JcsEddsa2022 {
if (!str_starts_with($encodedSignature,'z')) {
return false;
}
+
$encodedSignature = substr($encodedSignature, 1);
$optionsHash = $this->hash($this->signableOptions($data['proof']), true);
$dataHash = $this->hash($this->signableData($data),true);
@@ -58,7 +59,7 @@ class JcsEddsa2022 {
$signableData = [];
if ($data) {
foreach ($data as $k => $v) {
- if ($k != 'proof') {
+ if (!in_array($k, ['proof', 'signature'])) {
$signableData[$k] = $v;
}
}