start checking integrity proofs, remove signature prior to verify, iterate trough the array to find the desired ekey in actor_store()

author: Mario <mario@mariovavti.com> 2024-01-13 20:38:34 +0000
committer: Mario <mario@mariovavti.com> 2024-01-13 20:38:34 +0000
commit: fa7aa6cedb83279252d1e26bb58227a6f99df9ed (patch)
tree: 5db025c66abd519d20cc6afdb35b32e72f09a0ce /Zotlabs
parent: 6df98f2fad7741af341f4e74fd2e2f28f21bf373 (diff)
download: volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.gz
volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.bz2
volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.zip
3 files changed, 57 insertions, 14 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 93f50fc56..6c680c56e 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -1757,14 +1757,12 @@ class Activity {
 		}
 
 		$epubkey = '';
-		// TODO: We should probably also deal with arrays here.
-		// It is not clear yet which key we want to store if we got more than one though.
-		if (isset($person_obj['assertionMethod']['publicKeyMultibase'])) {
-			if ($person_obj['id'] === $person_obj['assertionMethod']['controller']) {
+		foreach($person_obj['assertionMethod'] as $am) {
+			if ($person_obj['id'] === $am['controller'] &&
+				$am['type'] === 'Multikey' &&
+				str_starts_with($am['publicKeyMultibase'], 'z6Mk')
+			) {
 				$epubkey = $person_obj['assertionMethod']['publicKeyMultibase'];
-				if ($person_obj['assertionMethod']['type'] === 'Multikey') {
-					$epubkey = $person_obj['assertionMethod']['publicKeyMultibase'];
-				}
 			}
 		}
 
diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php
index c32f82e33..98fc73462 100644
--- a/Zotlabs/Lib/ActivityStreams.php
+++ b/Zotlabs/Lib/ActivityStreams.php
@@ -24,7 +24,7 @@ class ActivityStreams {
 	public $origin = null;
 	public $owner = null;
 	public $signer = null;
-	public $ldsig = null;
+	public $sig = null;
 	public $sigok = false;
 	public $recips = null;
 	public $raw_recips = null;
@@ -97,11 +97,19 @@ class ActivityStreams {
 			$this->origin = $this->get_compound_property('origin');
 			$this->recips = $this->collect_recips();
 
-			$this->ldsig = $this->get_compound_property('signature');
-			if ($this->ldsig) {
-				$this->signer = $this->get_actor('creator', $this->ldsig);
-				if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) {
-					$this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']);
+			$this->sig = $this->get_compound_property('proof');
+			if ($this->sig) {
+				$this->checkEddsaSignature(); // will set signer and sigok if everything works out
+			}
+
+			// Try LDSignatures if edsig failed
+			if (!$this->sigok) {
+				$this->sig = $this->get_compound_property('signature');
+				if ($this->sig) {
+					$this->signer = $this->get_actor('creator', $this->sig);
+					if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) {
+						$this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']);
+					}
 				}
 			}
 
@@ -490,4 +498,40 @@ class ActivityStreams {
 
 	}
 
+	public function checkEddsaSignature() {
+		$signer = $this->get_property_obj('verificationMethod', $this->sig);
+
+		$parseUrl = parse_url($signer);
+		if (!empty($parseUrl['fragment']) && str_starts_with($parseUrl['fragment'],'z6Mk')) {
+			$publicKey = $parseUrl['fragment'];
+			unset($parseUrl['fragment']);
+			unset($parseUrl['query']);
+		}
+
+		$url = unparse_url($parseUrl);
+		//$this->signer = [ 'id' => $url ];
+
+		$hublocs = Activity::get_actor_hublocs($url);
+		$hasStoredKey = false;
+		if ($hublocs) {
+			foreach ($hublocs as $hubloc) {
+				if ($publicKey && $hubloc['xchan_epubkey'] === $publicKey) {
+					$hasStoredKey = true;
+					break;
+				}
+			}
+		}
+		if (!$hasStoredKey) {
+			$this->signer = Activity::get_actor($url);
+			if ($this->signer
+				&& !empty($this->signer['assertionMethod'])
+				&& !empty($this->signer['assertionMethod']['publicKeyMultibase'])) {
+				$publicKey = $this->signer['assertionMethod']['publicKeyMultibase'];
+			}
+		}
+		if ($publicKey) {
+			$this->sigok = (new JcsEddsa2022)->verify($this->data, $publicKey);
+		}
+	}
+
 }
diff --git a/Zotlabs/Lib/JcsEddsa2022.php b/Zotlabs/Lib/JcsEddsa2022.php
index 425627b62..14f16c94b 100644
--- a/Zotlabs/Lib/JcsEddsa2022.php
+++ b/Zotlabs/Lib/JcsEddsa2022.php
@@ -37,6 +37,7 @@ class JcsEddsa2022 {
 		if (!str_starts_with($encodedSignature,'z')) {
 			return false;
 		}
+
 		$encodedSignature = substr($encodedSignature, 1);
 		$optionsHash = $this->hash($this->signableOptions($data['proof']), true);
 		$dataHash = $this->hash($this->signableData($data),true);
@@ -58,7 +59,7 @@ class JcsEddsa2022 {
 		$signableData = [];
 		if ($data) {
 			foreach ($data as $k => $v) {
-				if ($k != 'proof') {
+				if (!in_array($k, ['proof', 'signature'])) {
 					$signableData[$k] = $v;
 				}
 			}
author	Mario <mario@mariovavti.com>	2024-01-13 20:38:34 +0000
committer	Mario <mario@mariovavti.com>	2024-01-13 20:38:34 +0000
commit	fa7aa6cedb83279252d1e26bb58227a6f99df9ed (patch)
tree	5db025c66abd519d20cc6afdb35b32e72f09a0ce /Zotlabs
parent	6df98f2fad7741af341f4e74fd2e2f28f21bf373 (diff)
download	volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.gz volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.tar.bz2 volse-hubzilla-fa7aa6cedb83279252d1e26bb58227a6f99df9ed.zip