Merge pull request #6798 from annando/key-warning

Added warning about an empty key
This commit is contained in:
Philipp 2019-03-04 08:30:20 +01:00 committed by GitHub
commit e157c89dc7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions

View file

@ -1209,6 +1209,16 @@ class Transmitter
{ {
$owner = User::getOwnerDataById($uid); $owner = User::getOwnerDataById($uid);
if (empty($owner)) {
Logger::error('No owner data found, the deletion message cannot be processed.', ['user' => $uid]);
return false;
}
if (empty($owner['uprvkey'])) {
Logger::error('No private key for owner found, the deletion message cannot be processed.', ['user' => $uid]);
return false;
}
$data = ['@context' => ActivityPub::CONTEXT, $data = ['@context' => ActivityPub::CONTEXT,
'id' => System::baseUrl() . '/activity/' . System::createGUID(), 'id' => System::baseUrl() . '/activity/' . System::createGUID(),
'type' => 'Delete', 'type' => 'Delete',

View file

@ -7,6 +7,7 @@ namespace Friendica\Util;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System;
use ASN_BASE; use ASN_BASE;
use ASNValue; use ASNValue;
@ -24,6 +25,9 @@ class Crypto
*/ */
public static function rsaSign($data, $key, $alg = 'sha256') public static function rsaSign($data, $key, $alg = 'sha256')
{ {
if (empty($key)) {
Logger::warning('Empty key parameter', ['callstack' => System::callstack()]);
}
openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
return $sig; return $sig;
} }
@ -37,6 +41,9 @@ class Crypto
*/ */
public static function rsaVerify($data, $sig, $key, $alg = 'sha256') public static function rsaVerify($data, $sig, $key, $alg = 'sha256')
{ {
if (empty($key)) {
Logger::warning('Empty key parameter', ['callstack' => System::callstack()]);
}
return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
} }