Improvements to signature check, private posts do work now again
This commit is contained in:
parent
4c224fbddd
commit
b44fc62708
|
@ -25,14 +25,14 @@ class Inbox extends BaseModule
|
||||||
System::httpExit(400);
|
System::httpExit(400);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (HTTPSignature::verifyAP($postdata, $_SERVER)) {
|
if (HTTPSignature::getSigner($postdata, $_SERVER)) {
|
||||||
$filename = 'signed-activitypub';
|
$filename = 'signed-activitypub';
|
||||||
} else {
|
} else {
|
||||||
$filename = 'failed-activitypub';
|
$filename = 'failed-activitypub';
|
||||||
}
|
}
|
||||||
|
|
||||||
$tempfile = tempnam(get_temppath(), $filename);
|
$tempfile = tempnam(get_temppath(), $filename);
|
||||||
file_put_contents($tempfile, json_encode(['argv' => $a->argv, 'header' => $_SERVER, 'body' => $postdata]));
|
file_put_contents($tempfile, json_encode(['argv' => $a->argv, 'header' => $_SERVER, 'body' => $postdata], JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
|
||||||
|
|
||||||
logger('Incoming message stored under ' . $tempfile);
|
logger('Incoming message stored under ' . $tempfile);
|
||||||
|
|
||||||
|
|
|
@ -122,10 +122,49 @@ class ActivityPub
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function fetchPermissionBlockFromConversation($item)
|
||||||
|
{
|
||||||
|
if (empty($item['thr-parent'])) {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
$condition = ['item-uri' => $item['thr-parent'], 'protocol' => Conversation::PARCEL_ACTIVITYPUB];
|
||||||
|
$conversation = DBA::selectFirst('conversation', ['source'], $condition);
|
||||||
|
if (!DBA::isResult($conversation)) {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
$activity = json_decode($conversation['source'], true);
|
||||||
|
|
||||||
|
$actor = JsonLD::fetchElement($activity, 'actor', 'id');
|
||||||
|
$profile = ActivityPub::fetchprofile($actor);
|
||||||
|
|
||||||
|
$permissions = [];
|
||||||
|
|
||||||
|
$elements = ['to', 'cc', 'bto', 'bcc'];
|
||||||
|
foreach ($elements as $element) {
|
||||||
|
if (empty($activity[$element])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (is_string($activity[$element])) {
|
||||||
|
$activity[$element] = [$activity[$element]];
|
||||||
|
}
|
||||||
|
foreach ($activity[$element] as $receiver) {
|
||||||
|
if ($receiver == $profile['followers']) {
|
||||||
|
$receiver = System::baseUrl() . '/followers/' . $item['author-nick'];
|
||||||
|
}
|
||||||
|
$permissions[$element][] = $receiver;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $permissions;
|
||||||
|
}
|
||||||
|
|
||||||
public static function createPermissionBlockForItem($item)
|
public static function createPermissionBlockForItem($item)
|
||||||
{
|
{
|
||||||
$data = ['to' => [], 'cc' => []];
|
$data = ['to' => [], 'cc' => []];
|
||||||
|
|
||||||
|
$data = array_merge($data, self::fetchPermissionBlockFromConversation($item));
|
||||||
|
|
||||||
$terms = Term::tagArrayFromItemId($item['id']);
|
$terms = Term::tagArrayFromItemId($item['id']);
|
||||||
|
|
||||||
if (!$item['private']) {
|
if (!$item['private']) {
|
||||||
|
@ -146,6 +185,7 @@ class ActivityPub
|
||||||
$receiver_list = Item::enumeratePermissions($item);
|
$receiver_list = Item::enumeratePermissions($item);
|
||||||
|
|
||||||
$mentioned = [];
|
$mentioned = [];
|
||||||
|
$contacts = [];
|
||||||
|
|
||||||
foreach ($terms as $term) {
|
foreach ($terms as $term) {
|
||||||
if ($term['type'] != TERM_MENTION) {
|
if ($term['type'] != TERM_MENTION) {
|
||||||
|
@ -155,12 +195,16 @@ class ActivityPub
|
||||||
if (!empty($cid) && in_array($cid, $receiver_list)) {
|
if (!empty($cid) && in_array($cid, $receiver_list)) {
|
||||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid, 'network' => Protocol::ACTIVITYPUB]);
|
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid, 'network' => Protocol::ACTIVITYPUB]);
|
||||||
$data['to'][] = $contact['url'];
|
$data['to'][] = $contact['url'];
|
||||||
|
$contacts[$contact['url']] = $contact['url'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($receiver_list as $receiver) {
|
foreach ($receiver_list as $receiver) {
|
||||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => $receiver, 'network' => Protocol::ACTIVITYPUB]);
|
$contact = DBA::selectFirst('contact', ['url'], ['id' => $receiver, 'network' => Protocol::ACTIVITYPUB]);
|
||||||
$data['cc'][] = $contact['url'];
|
if (empty($contacts[$contact['url']])) {
|
||||||
|
$data['cc'][] = $contact['url'];
|
||||||
|
$contacts[$contact['url']] = $contact['url'];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($data['to'])) {
|
if (empty($data['to'])) {
|
||||||
|
@ -213,7 +257,6 @@ class ActivityPub
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$receiver_list = Item::enumeratePermissions($item);
|
$receiver_list = Item::enumeratePermissions($item);
|
||||||
|
|
||||||
$mentioned = [];
|
$mentioned = [];
|
||||||
|
|
||||||
foreach ($terms as $term) {
|
foreach ($terms as $term) {
|
||||||
|
@ -224,7 +267,7 @@ class ActivityPub
|
||||||
if (!empty($cid) && in_array($cid, $receiver_list)) {
|
if (!empty($cid) && in_array($cid, $receiver_list)) {
|
||||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid, 'network' => Protocol::ACTIVITYPUB]);
|
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid, 'network' => Protocol::ACTIVITYPUB]);
|
||||||
$profile = self::fetchprofile($contact['url']);
|
$profile = self::fetchprofile($contact['url']);
|
||||||
if (!empty($profile['network'])) {
|
if (!empty($profile)) {
|
||||||
$target = defaults($profile, 'sharedinbox', $profile['inbox']);
|
$target = defaults($profile, 'sharedinbox', $profile['inbox']);
|
||||||
$inboxes[$target] = $target;
|
$inboxes[$target] = $target;
|
||||||
}
|
}
|
||||||
|
@ -234,7 +277,7 @@ class ActivityPub
|
||||||
foreach ($receiver_list as $receiver) {
|
foreach ($receiver_list as $receiver) {
|
||||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => $receiver, 'network' => Protocol::ACTIVITYPUB]);
|
$contact = DBA::selectFirst('contact', ['url'], ['id' => $receiver, 'network' => Protocol::ACTIVITYPUB]);
|
||||||
$profile = self::fetchprofile($contact['url']);
|
$profile = self::fetchprofile($contact['url']);
|
||||||
if (!empty($profile['network'])) {
|
if (!empty($profile)) {
|
||||||
$target = defaults($profile, 'sharedinbox', $profile['inbox']);
|
$target = defaults($profile, 'sharedinbox', $profile['inbox']);
|
||||||
$inboxes[$target] = $target;
|
$inboxes[$target] = $target;
|
||||||
}
|
}
|
||||||
|
@ -276,8 +319,8 @@ class ActivityPub
|
||||||
'conversation' => 'ostatus:conversation',
|
'conversation' => 'ostatus:conversation',
|
||||||
'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri']]];
|
'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri']]];
|
||||||
|
|
||||||
$data['type'] = 'Create';
|
|
||||||
$data['id'] = $item['uri'] . '#activity';
|
$data['id'] = $item['uri'] . '#activity';
|
||||||
|
$data['type'] = 'Create';
|
||||||
$data['actor'] = $item['author-link'];
|
$data['actor'] = $item['author-link'];
|
||||||
|
|
||||||
$data['published'] = DateTimeFormat::utc($item["created"]."+00:00", DateTimeFormat::ATOM);
|
$data['published'] = DateTimeFormat::utc($item["created"]."+00:00", DateTimeFormat::ATOM);
|
||||||
|
@ -339,13 +382,27 @@ class ActivityPub
|
||||||
public static function createNote($item)
|
public static function createNote($item)
|
||||||
{
|
{
|
||||||
$data = [];
|
$data = [];
|
||||||
$data['type'] = 'Note';
|
|
||||||
$data['id'] = $item['uri'];
|
$data['id'] = $item['uri'];
|
||||||
|
$data['type'] = 'Note';
|
||||||
|
$data['summary'] = null; // Ignore by now
|
||||||
|
|
||||||
if ($item['uri'] != $item['thr-parent']) {
|
if ($item['uri'] != $item['thr-parent']) {
|
||||||
$data['inReplyTo'] = $item['thr-parent'];
|
$data['inReplyTo'] = $item['thr-parent'];
|
||||||
|
} else {
|
||||||
|
$data['inReplyTo'] = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$data['published'] = DateTimeFormat::utc($item["created"]."+00:00", DateTimeFormat::ATOM);
|
||||||
|
|
||||||
|
if ($item["created"] != $item["edited"]) {
|
||||||
|
$data['updated'] = DateTimeFormat::utc($item["edited"]."+00:00", DateTimeFormat::ATOM);
|
||||||
|
}
|
||||||
|
|
||||||
|
$data['url'] = $item['uri'];
|
||||||
|
$data['attributedTo'] = $item['author-link'];
|
||||||
|
$data['actor'] = $item['author-link'];
|
||||||
|
$data['sensitive'] = false; // - Query NSFW
|
||||||
|
|
||||||
$conversation = DBA::selectFirst('conversation', ['conversation-uri'], ['item-uri' => $item['parent-uri']]);
|
$conversation = DBA::selectFirst('conversation', ['conversation-uri'], ['item-uri' => $item['parent-uri']]);
|
||||||
if (DBA::isResult($conversation) && !empty($conversation['conversation-uri'])) {
|
if (DBA::isResult($conversation) && !empty($conversation['conversation-uri'])) {
|
||||||
$conversation_uri = $conversation['conversation-uri'];
|
$conversation_uri = $conversation['conversation-uri'];
|
||||||
|
@ -353,24 +410,19 @@ class ActivityPub
|
||||||
$conversation_uri = $item['parent-uri'];
|
$conversation_uri = $item['parent-uri'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$data['context'] = $data['conversation'] = $conversation_uri;
|
$data['conversation'] = $conversation_uri;
|
||||||
$data['actor'] = $item['author-link'];
|
|
||||||
$data = array_merge($data, ActivityPub::createPermissionBlockForItem($item));
|
|
||||||
$data['published'] = DateTimeFormat::utc($item["created"]."+00:00", DateTimeFormat::ATOM);
|
|
||||||
|
|
||||||
if ($item["created"] != $item["edited"]) {
|
if (!empty($item['title'])) {
|
||||||
$data['updated'] = DateTimeFormat::utc($item["edited"]."+00:00", DateTimeFormat::ATOM);
|
$data['name'] = BBCode::convert($item['title'], false, 7);
|
||||||
}
|
}
|
||||||
|
|
||||||
$data['attributedTo'] = $item['author-link'];
|
|
||||||
$data['name'] = BBCode::convert($item['title'], false, 7);
|
|
||||||
$data['content'] = BBCode::convert($item['body'], false, 7);
|
$data['content'] = BBCode::convert($item['body'], false, 7);
|
||||||
$data['source'] = ['content' => $item['body'], 'mediaType' => "text/bbcode"];
|
$data['source'] = ['content' => $item['body'], 'mediaType' => "text/bbcode"];
|
||||||
$data['summary'] = ''; // Ignore by now
|
|
||||||
$data['sensitive'] = false; // - Query NSFW
|
|
||||||
//$data['emoji'] = []; // Ignore by now
|
|
||||||
$data['tag'] = self::createTagList($item);
|
|
||||||
$data['attachment'] = []; // @ToDo
|
$data['attachment'] = []; // @ToDo
|
||||||
|
$data['tag'] = self::createTagList($item);
|
||||||
|
$data = array_merge($data, ActivityPub::createPermissionBlockForItem($item));
|
||||||
|
|
||||||
|
//$data['emoji'] = []; // Ignore by now
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -643,21 +695,45 @@ class ActivityPub
|
||||||
|
|
||||||
public static function processInbox($body, $header, $uid)
|
public static function processInbox($body, $header, $uid)
|
||||||
{
|
{
|
||||||
logger('Incoming message for user ' . $uid, LOGGER_DEBUG);
|
$http_signer = HTTPSignature::getSigner($body, $header);
|
||||||
|
if (empty($http_signer)) {
|
||||||
if (!HTTPSignature::verifyAP($body, $header)) {
|
logger('Invalid HTTP signature, message will be discarded.', LOGGER_DEBUG);
|
||||||
logger('Invalid signature, message will be discarded.', LOGGER_DEBUG);
|
|
||||||
return;
|
return;
|
||||||
|
} else {
|
||||||
|
logger('HTTP signature is signed by ' . $http_signer, LOGGER_DEBUG);
|
||||||
}
|
}
|
||||||
|
|
||||||
$activity = json_decode($body, true);
|
$activity = json_decode($body, true);
|
||||||
|
|
||||||
if (!is_array($activity)) {
|
$actor = JsonLD::fetchElement($activity, 'actor', 'id');
|
||||||
|
logger('Message for user ' . $uid . ' is from actor ' . $actor, LOGGER_DEBUG);
|
||||||
|
|
||||||
|
if (empty($activity)) {
|
||||||
logger('Invalid body.', LOGGER_DEBUG);
|
logger('Invalid body.', LOGGER_DEBUG);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
self::processActivity($activity, $body, $uid);
|
if (LDSignature::isSigned($activity)) {
|
||||||
|
$ld_signer = LDSignature::getSigner($activity);
|
||||||
|
if (!empty($ld_signer)) {
|
||||||
|
logger('JSON-LD signature is signed by ' . $ld_signer, LOGGER_DEBUG);
|
||||||
|
$trust_source = true;
|
||||||
|
} elseif ($actor == $http_signer) {
|
||||||
|
logger('Bad JSON-LD signature, but HTTP signer fits the actor.', LOGGER_DEBUG);
|
||||||
|
$trust_source = true;
|
||||||
|
} else {
|
||||||
|
logger('Invalid JSON-LD signature.', LOGGER_DEBUG);
|
||||||
|
$trust_source = false;
|
||||||
|
}
|
||||||
|
} elseif ($actor == $http_signer) {
|
||||||
|
logger('Trusting post without JSON-LD signature, The actor fits the HTTP signer.', LOGGER_DEBUG);
|
||||||
|
$trust_source = true;
|
||||||
|
} else {
|
||||||
|
logger('No JSON-LD signature, different actor.', LOGGER_DEBUG);
|
||||||
|
$trust_source = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
self::processActivity($activity, $body, $uid, $trust_source);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function fetchOutbox($url, $uid)
|
public static function fetchOutbox($url, $uid)
|
||||||
|
@ -679,11 +755,11 @@ class ActivityPub
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($items as $activity) {
|
foreach ($items as $activity) {
|
||||||
self::processActivity($activity, '', $uid);
|
self::processActivity($activity, '', $uid, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function prepareObjectData($activity, $uid)
|
private static function prepareObjectData($activity, $uid, $trust_source)
|
||||||
{
|
{
|
||||||
$actor = JsonLD::fetchElement($activity, 'actor', 'id');
|
$actor = JsonLD::fetchElement($activity, 'actor', 'id');
|
||||||
if (empty($actor)) {
|
if (empty($actor)) {
|
||||||
|
@ -703,23 +779,6 @@ class ActivityPub
|
||||||
|
|
||||||
logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG);
|
logger('Receivers: ' . json_encode($receivers), LOGGER_DEBUG);
|
||||||
|
|
||||||
$unsigned = true;
|
|
||||||
|
|
||||||
if (LDSignature::isSigned($activity)) {
|
|
||||||
if (!LDSignature::isVerified($activity)) {
|
|
||||||
logger('Invalid signature. Quitting here.', LOGGER_DEBUG);
|
|
||||||
return [];
|
|
||||||
}
|
|
||||||
logger('Valid signature.', LOGGER_DEBUG);
|
|
||||||
$unsigned = false;
|
|
||||||
} elseif (!in_array(0, $receivers)) {
|
|
||||||
/// @todo Add some checks to only accept unsigned private posts directly from the actor
|
|
||||||
$unsigned = false;
|
|
||||||
logger('Private post without signature.', LOGGER_DEBUG);
|
|
||||||
} else {
|
|
||||||
logger('Public post without signature. Object data will be fetched.', LOGGER_DEBUG);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_string($activity['object'])) {
|
if (is_string($activity['object'])) {
|
||||||
$object_url = $activity['object'];
|
$object_url = $activity['object'];
|
||||||
} elseif (!empty($activity['object']['id'])) {
|
} elseif (!empty($activity['object']['id'])) {
|
||||||
|
@ -731,7 +790,7 @@ class ActivityPub
|
||||||
|
|
||||||
// Fetch the content only on activities where this matters
|
// Fetch the content only on activities where this matters
|
||||||
if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) {
|
if (in_array($activity['type'], ['Create', 'Update', 'Announce'])) {
|
||||||
$object_data = self::fetchObject($object_url, $activity['object'], $unsigned);
|
$object_data = self::fetchObject($object_url, $activity['object'], $trust_source);
|
||||||
if (empty($object_data)) {
|
if (empty($object_data)) {
|
||||||
logger("Object data couldn't be processed", LOGGER_DEBUG);
|
logger("Object data couldn't be processed", LOGGER_DEBUG);
|
||||||
return [];
|
return [];
|
||||||
|
@ -767,7 +826,7 @@ class ActivityPub
|
||||||
return $object_data;
|
return $object_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function processActivity($activity, $body = '', $uid = null)
|
private static function processActivity($activity, $body = '', $uid = null, $trust_source = false)
|
||||||
{
|
{
|
||||||
if (empty($activity['type'])) {
|
if (empty($activity['type'])) {
|
||||||
logger('Empty type', LOGGER_DEBUG);
|
logger('Empty type', LOGGER_DEBUG);
|
||||||
|
@ -793,7 +852,7 @@ class ActivityPub
|
||||||
|
|
||||||
logger('Processing activity: ' . $activity['type'], LOGGER_DEBUG);
|
logger('Processing activity: ' . $activity['type'], LOGGER_DEBUG);
|
||||||
|
|
||||||
$object_data = self::prepareObjectData($activity, $uid);
|
$object_data = self::prepareObjectData($activity, $uid, $trust_source);
|
||||||
if (empty($object_data)) {
|
if (empty($object_data)) {
|
||||||
logger('No object data found', LOGGER_DEBUG);
|
logger('No object data found', LOGGER_DEBUG);
|
||||||
return;
|
return;
|
||||||
|
@ -935,14 +994,15 @@ class ActivityPub
|
||||||
return $object_data;
|
return $object_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function fetchObject($object_url, $object = [], $unsigned = true)
|
private static function fetchObject($object_url, $object = [], $trust_source = false)
|
||||||
{
|
{
|
||||||
if ($unsigned) {
|
if (!$trust_source || is_string($object)) {
|
||||||
$data = self::fetchContent($object_url);
|
$data = self::fetchContent($object_url);
|
||||||
if (empty($data)) {
|
if (empty($data)) {
|
||||||
logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG);
|
logger('Empty content for ' . $object_url . ', check if content is available locally.', LOGGER_DEBUG);
|
||||||
$data = $object_url;
|
$data = $object_url;
|
||||||
$data = $object;
|
} else {
|
||||||
|
logger('Fetched content for ' . $object_url, LOGGER_DEBUG);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
logger('Using original object for url ' . $object_url, LOGGER_DEBUG);
|
logger('Using original object for url ' . $object_url, LOGGER_DEBUG);
|
||||||
|
|
|
@ -266,7 +266,7 @@ class HTTPSignature
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$content = json_encode($data);
|
$content = json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
||||||
|
|
||||||
// Header data that is about to be signed.
|
// Header data that is about to be signed.
|
||||||
$host = parse_url($target, PHP_URL_HOST);
|
$host = parse_url($target, PHP_URL_HOST);
|
||||||
|
@ -290,7 +290,7 @@ class HTTPSignature
|
||||||
logger('Transmit to ' . $target . ' returned ' . $return_code);
|
logger('Transmit to ' . $target . ' returned ' . $return_code);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function verifyAP($content, $http_headers)
|
public static function getSigner($content, $http_headers)
|
||||||
{
|
{
|
||||||
$object = json_decode($content, true);
|
$object = json_decode($content, true);
|
||||||
|
|
||||||
|
@ -355,7 +355,7 @@ class HTTPSignature
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key, $algorithm)) {
|
if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key['pubkey'], $algorithm)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -383,8 +383,7 @@ class HTTPSignature
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return $key['url'];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function fetchKey($id, $actor)
|
private static function fetchKey($id, $actor)
|
||||||
|
@ -394,12 +393,12 @@ class HTTPSignature
|
||||||
$profile = ActivityPub::fetchprofile($url);
|
$profile = ActivityPub::fetchprofile($url);
|
||||||
if (!empty($profile)) {
|
if (!empty($profile)) {
|
||||||
logger('Taking key from id ' . $id, LOGGER_DEBUG);
|
logger('Taking key from id ' . $id, LOGGER_DEBUG);
|
||||||
return $profile['pubkey'];
|
return ['url' => $url, 'pubkey' => $profile['pubkey']];
|
||||||
} elseif ($url != $actor) {
|
} elseif ($url != $actor) {
|
||||||
$profile = ActivityPub::fetchprofile($actor);
|
$profile = ActivityPub::fetchprofile($actor);
|
||||||
if (!empty($profile)) {
|
if (!empty($profile)) {
|
||||||
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
||||||
return $profile['pubkey'];
|
return ['url' => $actor, 'pubkey' => $profile['pubkey']];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -40,11 +40,26 @@ class JsonLD
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static function objectify($element)
|
||||||
|
{
|
||||||
|
if (is_array($element)) {
|
||||||
|
$keys = array_keys($element);
|
||||||
|
if (is_int(array_pop($keys))) {
|
||||||
|
return array_map('objectify', $element);
|
||||||
|
} else {
|
||||||
|
return (object)array_map('objectify', $element);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return $element;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static function normalize($json)
|
public static function normalize($json)
|
||||||
{
|
{
|
||||||
jsonld_set_document_loader('Friendica\Util\JsonLD::documentLoader');
|
jsonld_set_document_loader('Friendica\Util\JsonLD::documentLoader');
|
||||||
|
|
||||||
$jsonobj = json_decode(json_encode($json));
|
// $jsonobj = array_map('Friendica\Util\JsonLD::objectify', $json);
|
||||||
|
$jsonobj = json_decode(json_encode($json, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
|
||||||
|
|
||||||
return jsonld_normalize($jsonobj, array('algorithm' => 'URDNA2015', 'format' => 'application/nquads'));
|
return jsonld_normalize($jsonobj, array('algorithm' => 'URDNA2015', 'format' => 'application/nquads'));
|
||||||
}
|
}
|
||||||
|
@ -59,11 +74,11 @@ class JsonLD
|
||||||
'vcard' => (object)['@id' => 'http://www.w3.org/2006/vcard/ns#', '@type' => '@id'],
|
'vcard' => (object)['@id' => 'http://www.w3.org/2006/vcard/ns#', '@type' => '@id'],
|
||||||
'uuid' => (object)['@id' => 'http://schema.org/identifier', '@type' => '@id']];
|
'uuid' => (object)['@id' => 'http://schema.org/identifier', '@type' => '@id']];
|
||||||
|
|
||||||
$jsonobj = json_decode(json_encode($json));
|
$jsonobj = json_decode(json_encode($json, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
|
||||||
|
|
||||||
$compacted = jsonld_compact($jsonobj, $context);
|
$compacted = jsonld_compact($jsonobj, $context);
|
||||||
|
|
||||||
return json_decode(json_encode($compacted), true);
|
return json_decode(json_encode($compacted, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function fetchElement($array, $element, $key, $type = null, $type_value = null)
|
public static function fetchElement($array, $element, $key, $type = null, $type_value = null)
|
||||||
|
|
|
@ -13,50 +13,52 @@ class LDSignature
|
||||||
return !empty($data['signature']);
|
return !empty($data['signature']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function isVerified($data, $pubkey = null)
|
public static function getSigner($data)
|
||||||
{
|
{
|
||||||
if (!self::isSigned($data)) {
|
if (!self::isSigned($data)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($pubkey)) {
|
|
||||||
/*
|
/*
|
||||||
$creator = $data['signature']['creator'];
|
$creator = $data['signature']['creator'];
|
||||||
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
||||||
|
|
||||||
$url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator);
|
$url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator);
|
||||||
|
|
||||||
$profile = ActivityPub::fetchprofile($url);
|
$profile = ActivityPub::fetchprofile($url);
|
||||||
if (!empty($profile)) {
|
if (!empty($profile)) {
|
||||||
logger('Taking key from creator ' . $creator, LOGGER_DEBUG);
|
logger('Taking key from creator ' . $creator, LOGGER_DEBUG);
|
||||||
} elseif ($url != $actor) {
|
} elseif ($url != $actor) {
|
||||||
$profile = ActivityPub::fetchprofile($actor);
|
$profile = ActivityPub::fetchprofile($actor);
|
||||||
if (empty($profile)) {
|
if (empty($profile)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
|
||||||
}
|
}
|
||||||
|
logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
*/
|
*/
|
||||||
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
$actor = JsonLD::fetchElement($data, 'actor', 'id');
|
||||||
if (empty($actor)) {
|
if (empty($actor)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
|
|
||||||
$profile = ActivityPub::fetchprofile($actor);
|
|
||||||
if (empty($profile['pubkey'])) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$pubkey = $profile['pubkey'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$profile = ActivityPub::fetchprofile($actor);
|
||||||
|
if (empty($profile['pubkey'])) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$pubkey = $profile['pubkey'];
|
||||||
|
|
||||||
$ohash = self::hash(self::signable_options($data['signature']));
|
$ohash = self::hash(self::signable_options($data['signature']));
|
||||||
$dhash = self::hash(self::signable_data($data));
|
$dhash = self::hash(self::signable_data($data));
|
||||||
|
|
||||||
$x = Crypto::rsaVerify($ohash . $dhash, base64_decode($data['signature']['signatureValue']), $pubkey);
|
$x = Crypto::rsaVerify($ohash . $dhash, base64_decode($data['signature']['signatureValue']), $pubkey);
|
||||||
logger('LD-verify: ' . intval($x));
|
logger('LD-verify: ' . intval($x));
|
||||||
|
|
||||||
return $x;
|
if (empty($x)) {
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return $actor;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function sign($data, $owner)
|
public static function sign($data, $owner)
|
||||||
|
@ -65,7 +67,7 @@ class LDSignature
|
||||||
'type' => 'RsaSignature2017',
|
'type' => 'RsaSignature2017',
|
||||||
'nonce' => random_string(64),
|
'nonce' => random_string(64),
|
||||||
'creator' => $owner['url'] . '#main-key',
|
'creator' => $owner['url'] . '#main-key',
|
||||||
'created' => DateTimeFormat::utcNow()
|
'created' => DateTimeFormat::utcNow(DateTimeFormat::ATOM)
|
||||||
];
|
];
|
||||||
|
|
||||||
$ohash = self::hash(self::signable_options($options));
|
$ohash = self::hash(self::signable_options($options));
|
||||||
|
@ -78,15 +80,8 @@ class LDSignature
|
||||||
|
|
||||||
private static function signable_data($data)
|
private static function signable_data($data)
|
||||||
{
|
{
|
||||||
$newdata = [];
|
unset($data['signature']);
|
||||||
if (!empty($data)) {
|
return $data;
|
||||||
foreach ($data as $k => $v) {
|
|
||||||
if (!in_array($k, ['signature'])) {
|
|
||||||
$newdata[$k] = $v;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $newdata;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -95,7 +90,7 @@ class LDSignature
|
||||||
$newopts = ['@context' => 'https://w3id.org/identity/v1'];
|
$newopts = ['@context' => 'https://w3id.org/identity/v1'];
|
||||||
if (!empty($options)) {
|
if (!empty($options)) {
|
||||||
foreach ($options as $k => $v) {
|
foreach ($options as $k => $v) {
|
||||||
if (!in_array($k, ['type','id','signatureValue'])) {
|
if (!in_array($k, ['type', 'id', 'signatureValue'])) {
|
||||||
$newopts[$k] = $v;
|
$newopts[$k] = $v;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue