LD signatures will now be checked when receiving messages
This commit is contained in:
		
					parent
					
						
							
								752b5fe284
							
						
					
				
			
			
				commit
				
					
						355346298b
					
				
			
		
					 3 changed files with 39 additions and 4 deletions
				
			
		|  | @ -688,7 +688,22 @@ class ActivityPub | ||||||
| 
 | 
 | ||||||
| 		logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG); | 		logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG); | ||||||
| 
 | 
 | ||||||
| 		$public = in_array(0, $receivers); | 		$unsigned = true; | ||||||
|  | 
 | ||||||
|  | 		if (LDSignature::isSigned($activity)) { | ||||||
|  | 			if (!LDSignature::isVerified($activity)) { | ||||||
|  | 				logger('Invalid signature. Quitting here.', LOGGER_DEBUG); | ||||||
|  | 				return []; | ||||||
|  | 			} | ||||||
|  | 			logger('Valid signature.', LOGGER_DEBUG); | ||||||
|  | 			$unsigned = false; | ||||||
|  | 		} elseif (!in_array(0, $receivers)) { | ||||||
|  | 			/// @todo Add some checks to only accept unsigned private posts directly from the actor
 | ||||||
|  | 			$unsigned = false; | ||||||
|  | 			logger('Private post without signature.', LOGGER_DEBUG); | ||||||
|  | 		} else { | ||||||
|  | 			logger('Public post without signature. Object data will be fetched.', LOGGER_DEBUG); | ||||||
|  | 		} | ||||||
| 
 | 
 | ||||||
| 		if (is_string($activity['object'])) { | 		if (is_string($activity['object'])) { | ||||||
| 			$object_url = $activity['object']; | 			$object_url = $activity['object']; | ||||||
|  | @ -701,7 +716,7 @@ class ActivityPub | ||||||
| 
 | 
 | ||||||
| 		// Fetch the content only on activities where this matters
 | 		// Fetch the content only on activities where this matters
 | ||||||
| 		if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) { | 		if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) { | ||||||
| 			$object_data = self::fetchObject($object_url, $activity['object']); | 			$object_data = self::fetchObject($object_url, $activity['object'], $unsigned); | ||||||
| 			if (empty($object_data)) { | 			if (empty($object_data)) { | ||||||
| 				logger("Object data couldn't be processed", LOGGER_DEBUG); | 				logger("Object data couldn't be processed", LOGGER_DEBUG); | ||||||
| 				return []; | 				return []; | ||||||
|  | @ -896,9 +911,9 @@ class ActivityPub | ||||||
| 		return $object_data; | 		return $object_data; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	private static function fetchObject($object_url, $object = [], $public = true) | 	private static function fetchObject($object_url, $object = [], $unsigned = true) | ||||||
| 	{ | 	{ | ||||||
| 		if ($public) { | 		if ($unsigned) { | ||||||
| 			$data = self::fetchContent($object_url); | 			$data = self::fetchContent($object_url); | ||||||
| 			if (empty($data)) { | 			if (empty($data)) { | ||||||
| 				logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG); | 				logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG); | ||||||
|  |  | ||||||
|  | @ -393,10 +393,12 @@ class HTTPSignature | ||||||
| 
 | 
 | ||||||
| 		$profile = ActivityPub::fetchprofile($url); | 		$profile = ActivityPub::fetchprofile($url); | ||||||
| 		if (!empty($profile)) { | 		if (!empty($profile)) { | ||||||
|  | 			logger('Taking key from id ' . $id, LOGGER_DEBUG); | ||||||
| 			return $profile['pubkey']; | 			return $profile['pubkey']; | ||||||
| 		} elseif ($url != $actor) { | 		} elseif ($url != $actor) { | ||||||
| 			$profile = ActivityPub::fetchprofile($actor); | 			$profile = ActivityPub::fetchprofile($actor); | ||||||
| 			if (!empty($profile)) { | 			if (!empty($profile)) { | ||||||
|  | 				logger('Taking key from actor ' . $actor, LOGGER_DEBUG); | ||||||
| 				return $profile['pubkey']; | 				return $profile['pubkey']; | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
|  | @ -20,6 +20,24 @@ class LDSignature | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		if (empty($pubkey)) { | 		if (empty($pubkey)) { | ||||||
|  | /* | ||||||
|  | 			$creator = $data['signature']['creator']; | ||||||
|  | 			$actor = JsonLD::fetchElement($data, 'actor', 'id'); | ||||||
|  | 
 | ||||||
|  | 			$url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator); | ||||||
|  | 
 | ||||||
|  | 			$profile = ActivityPub::fetchprofile($url); | ||||||
|  | 			if (!empty($profile)) { | ||||||
|  | 				logger('Taking key from creator ' . $creator, LOGGER_DEBUG); | ||||||
|  | 			} elseif ($url != $actor) { | ||||||
|  | 				$profile = ActivityPub::fetchprofile($actor); | ||||||
|  | 				if (empty($profile)) { | ||||||
|  | 					return false; | ||||||
|  | 				} | ||||||
|  | 				logger('Taking key from actor ' . $actor, LOGGER_DEBUG); | ||||||
|  | 			} | ||||||
|  | 
 | ||||||
|  | */ | ||||||
| 			$actor = JsonLD::fetchElement($data, 'actor', 'id'); | 			$actor = JsonLD::fetchElement($data, 'actor', 'id'); | ||||||
| 			if (empty($actor)) { | 			if (empty($actor)) { | ||||||
| 				return false; | 				return false; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue