diff options
author | Mario <mario@mariovavti.com> | 2024-01-13 20:38:34 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2024-01-13 20:38:34 +0000 |
commit | fa7aa6cedb83279252d1e26bb58227a6f99df9ed (patch) | |
tree | 5db025c66abd519d20cc6afdb35b32e72f09a0ce /Zotlabs/Lib/ActivityStreams.php | |
parent | 6df98f2fad7741af341f4e74fd2e2f28f21bf373 (diff) | |
download | volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.gz volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.bz2 volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.zip |
start checking integrity proofs, remove signature prior to verify, iterate trough the array to find the desired ekey in actor_store()
Diffstat (limited to 'Zotlabs/Lib/ActivityStreams.php')
-rw-r--r-- | Zotlabs/Lib/ActivityStreams.php | 56 |
1 files changed, 50 insertions, 6 deletions
diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php index c32f82e33..98fc73462 100644 --- a/Zotlabs/Lib/ActivityStreams.php +++ b/Zotlabs/Lib/ActivityStreams.php @@ -24,7 +24,7 @@ class ActivityStreams { public $origin = null; public $owner = null; public $signer = null; - public $ldsig = null; + public $sig = null; public $sigok = false; public $recips = null; public $raw_recips = null; @@ -97,11 +97,19 @@ class ActivityStreams { $this->origin = $this->get_compound_property('origin'); $this->recips = $this->collect_recips(); - $this->ldsig = $this->get_compound_property('signature'); - if ($this->ldsig) { - $this->signer = $this->get_actor('creator', $this->ldsig); - if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) { - $this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']); + $this->sig = $this->get_compound_property('proof'); + if ($this->sig) { + $this->checkEddsaSignature(); // will set signer and sigok if everything works out + } + + // Try LDSignatures if edsig failed + if (!$this->sigok) { + $this->sig = $this->get_compound_property('signature'); + if ($this->sig) { + $this->signer = $this->get_actor('creator', $this->sig); + if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) { + $this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']); + } } } @@ -490,4 +498,40 @@ class ActivityStreams { } + public function checkEddsaSignature() { + $signer = $this->get_property_obj('verificationMethod', $this->sig); + + $parseUrl = parse_url($signer); + if (!empty($parseUrl['fragment']) && str_starts_with($parseUrl['fragment'],'z6Mk')) { + $publicKey = $parseUrl['fragment']; + unset($parseUrl['fragment']); + unset($parseUrl['query']); + } + + $url = unparse_url($parseUrl); + //$this->signer = [ 'id' => $url ]; + + $hublocs = Activity::get_actor_hublocs($url); + $hasStoredKey = false; + if ($hublocs) { + foreach ($hublocs as $hubloc) { + if ($publicKey && $hubloc['xchan_epubkey'] === $publicKey) { + $hasStoredKey = true; + break; + } + } + } + if (!$hasStoredKey) { + $this->signer = Activity::get_actor($url); + if ($this->signer + && !empty($this->signer['assertionMethod']) + && !empty($this->signer['assertionMethod']['publicKeyMultibase'])) { + $publicKey = $this->signer['assertionMethod']['publicKeyMultibase']; + } + } + if ($publicKey) { + $this->sigok = (new JcsEddsa2022)->verify($this->data, $publicKey); + } + } + } |