diff options
author | Mario <mario@mariovavti.com> | 2024-01-13 20:38:34 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2024-01-13 20:38:34 +0000 |
commit | fa7aa6cedb83279252d1e26bb58227a6f99df9ed (patch) | |
tree | 5db025c66abd519d20cc6afdb35b32e72f09a0ce | |
parent | 6df98f2fad7741af341f4e74fd2e2f28f21bf373 (diff) | |
download | volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.gz volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.bz2 volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.zip |
start checking integrity proofs, remove signature prior to verify, iterate trough the array to find the desired ekey in actor_store()
-rw-r--r-- | Zotlabs/Lib/Activity.php | 12 | ||||
-rw-r--r-- | Zotlabs/Lib/ActivityStreams.php | 56 | ||||
-rw-r--r-- | Zotlabs/Lib/JcsEddsa2022.php | 3 |
3 files changed, 57 insertions, 14 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 93f50fc56..6c680c56e 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -1757,14 +1757,12 @@ class Activity { } $epubkey = ''; - // TODO: We should probably also deal with arrays here. - // It is not clear yet which key we want to store if we got more than one though. - if (isset($person_obj['assertionMethod']['publicKeyMultibase'])) { - if ($person_obj['id'] === $person_obj['assertionMethod']['controller']) { + foreach($person_obj['assertionMethod'] as $am) { + if ($person_obj['id'] === $am['controller'] && + $am['type'] === 'Multikey' && + str_starts_with($am['publicKeyMultibase'], 'z6Mk') + ) { $epubkey = $person_obj['assertionMethod']['publicKeyMultibase']; - if ($person_obj['assertionMethod']['type'] === 'Multikey') { - $epubkey = $person_obj['assertionMethod']['publicKeyMultibase']; - } } } diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php index c32f82e33..98fc73462 100644 --- a/Zotlabs/Lib/ActivityStreams.php +++ b/Zotlabs/Lib/ActivityStreams.php @@ -24,7 +24,7 @@ class ActivityStreams { public $origin = null; public $owner = null; public $signer = null; - public $ldsig = null; + public $sig = null; public $sigok = false; public $recips = null; public $raw_recips = null; @@ -97,11 +97,19 @@ class ActivityStreams { $this->origin = $this->get_compound_property('origin'); $this->recips = $this->collect_recips(); - $this->ldsig = $this->get_compound_property('signature'); - if ($this->ldsig) { - $this->signer = $this->get_actor('creator', $this->ldsig); - if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) { - $this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']); + $this->sig = $this->get_compound_property('proof'); + if ($this->sig) { + $this->checkEddsaSignature(); // will set signer and sigok if everything works out + } + + // Try LDSignatures if edsig failed + if (!$this->sigok) { + $this->sig = $this->get_compound_property('signature'); + if ($this->sig) { + $this->signer = $this->get_actor('creator', $this->sig); + if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) { + $this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']); + } } } @@ -490,4 +498,40 @@ class ActivityStreams { } + public function checkEddsaSignature() { + $signer = $this->get_property_obj('verificationMethod', $this->sig); + + $parseUrl = parse_url($signer); + if (!empty($parseUrl['fragment']) && str_starts_with($parseUrl['fragment'],'z6Mk')) { + $publicKey = $parseUrl['fragment']; + unset($parseUrl['fragment']); + unset($parseUrl['query']); + } + + $url = unparse_url($parseUrl); + //$this->signer = [ 'id' => $url ]; + + $hublocs = Activity::get_actor_hublocs($url); + $hasStoredKey = false; + if ($hublocs) { + foreach ($hublocs as $hubloc) { + if ($publicKey && $hubloc['xchan_epubkey'] === $publicKey) { + $hasStoredKey = true; + break; + } + } + } + if (!$hasStoredKey) { + $this->signer = Activity::get_actor($url); + if ($this->signer + && !empty($this->signer['assertionMethod']) + && !empty($this->signer['assertionMethod']['publicKeyMultibase'])) { + $publicKey = $this->signer['assertionMethod']['publicKeyMultibase']; + } + } + if ($publicKey) { + $this->sigok = (new JcsEddsa2022)->verify($this->data, $publicKey); + } + } + } diff --git a/Zotlabs/Lib/JcsEddsa2022.php b/Zotlabs/Lib/JcsEddsa2022.php index 425627b62..14f16c94b 100644 --- a/Zotlabs/Lib/JcsEddsa2022.php +++ b/Zotlabs/Lib/JcsEddsa2022.php @@ -37,6 +37,7 @@ class JcsEddsa2022 { if (!str_starts_with($encodedSignature,'z')) { return false; } + $encodedSignature = substr($encodedSignature, 1); $optionsHash = $this->hash($this->signableOptions($data['proof']), true); $dataHash = $this->hash($this->signableData($data),true); @@ -58,7 +59,7 @@ class JcsEddsa2022 { $signableData = []; if ($data) { foreach ($data as $k => $v) { - if ($k != 'proof') { + if (!in_array($k, ['proof', 'signature'])) { $signableData[$k] = $v; } } |