From 3237dab1a419c08ebcbe3948c33247b91308eae8 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 3 Mar 2019 07:01:11 +0000 Subject: [PATCH 1/3] Added warning about an empty key --- src/Util/Crypto.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php index 2ab97e5373..54c3049ca7 100644 --- a/src/Util/Crypto.php +++ b/src/Util/Crypto.php @@ -24,6 +24,9 @@ class Crypto */ public static function rsaSign($data, $key, $alg = 'sha256') { + if (empty($key)) { + logger::warning('Empty key parameter', ['callstack' => System::callstack()]); + } openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); return $sig; } @@ -37,6 +40,9 @@ class Crypto */ public static function rsaVerify($data, $sig, $key, $alg = 'sha256') { + if (empty($key)) { + logger::warning('Empty key parameter', ['callstack' => System::callstack()]); + } return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } From 888e2ce2a969f25c8c32e057dc0f8a17421fbc71 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 3 Mar 2019 07:05:57 +0000 Subject: [PATCH 2/3] Added forgotten "use" --- src/Util/Crypto.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php index 54c3049ca7..1e4672887e 100644 --- a/src/Util/Crypto.php +++ b/src/Util/Crypto.php @@ -7,6 +7,7 @@ namespace Friendica\Util; use Friendica\Core\Config; use Friendica\Core\Hook; use Friendica\Core\Logger; +use Friendica\Core\System; use ASN_BASE; use ASNValue; From a911baf8e5461fdf1e8e32525f35135ce90e1ae4 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 4 Mar 2019 06:52:43 +0000 Subject: [PATCH 3/3] Avoid transmitting a deletion message when we don't have a key --- src/Protocol/ActivityPub/Transmitter.php | 10 ++++++++++ src/Util/Crypto.php | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/Protocol/ActivityPub/Transmitter.php b/src/Protocol/ActivityPub/Transmitter.php index 7d33fb2dc5..f2df43e854 100644 --- a/src/Protocol/ActivityPub/Transmitter.php +++ b/src/Protocol/ActivityPub/Transmitter.php @@ -1209,6 +1209,16 @@ class Transmitter { $owner = User::getOwnerDataById($uid); + if (empty($owner)) { + Logger::error('No owner data found, the deletion message cannot be processed.', ['user' => $uid]); + return false; + } + + if (empty($owner['uprvkey'])) { + Logger::error('No private key for owner found, the deletion message cannot be processed.', ['user' => $uid]); + return false; + } + $data = ['@context' => ActivityPub::CONTEXT, 'id' => System::baseUrl() . '/activity/' . System::createGUID(), 'type' => 'Delete', diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php index 1e4672887e..78f7c349a7 100644 --- a/src/Util/Crypto.php +++ b/src/Util/Crypto.php @@ -26,7 +26,7 @@ class Crypto public static function rsaSign($data, $key, $alg = 'sha256') { if (empty($key)) { - logger::warning('Empty key parameter', ['callstack' => System::callstack()]); + Logger::warning('Empty key parameter', ['callstack' => System::callstack()]); } openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); return $sig; @@ -42,7 +42,7 @@ class Crypto public static function rsaVerify($data, $sig, $key, $alg = 'sha256') { if (empty($key)) { - logger::warning('Empty key parameter', ['callstack' => System::callstack()]); + Logger::warning('Empty key parameter', ['callstack' => System::callstack()]); } return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); }