Merge remote-tracking branch 'upstream/master' into develop

[friendica.git] / src / Util / LDSignature.php
diff --git a/src/Util/LDSignature.php b/src/Util/LDSignature.php

index a52d84e478a36e803ccb8401e3b564d43fa258df..e53590cf312cc2da5852bfe1bb473415ba3d6261 100644 (file)
--- a/src/Util/LDSignature.php
+++ b/src/Util/LDSignature.php
@@ -2,10 +2,17 @@
  
  namespace Friendica\Util;
  
+use Friendica\Core\Logger;
  use Friendica\Util\JsonLD;
  use Friendica\Util\DateTimeFormat;
  use Friendica\Protocol\ActivityPub;
+use Friendica\Model\APContact;
  
+/**
+ * @brief Implements JSON-LD signatures
+ *
+ * Ported from Osada: https://framagit.org/macgirvin/osada
+ */
  class LDSignature
  {
         public static function isSigned($data)
@@ -13,50 +20,34 @@ class LDSignature
                 return !empty($data['signature']);
         }
  
-       public static function isVerified($data, $pubkey = null)
+       public static function getSigner($data)
         {
                 if (!self::isSigned($data)) {
                         return false;
                 }
  
-               if (empty($pubkey)) {
-/*
-                       $creator = $data['signature']['creator'];
-                       $actor = JsonLD::fetchElement($data, 'actor', 'id');
-
-                       $url = (strpos($creator, '#') ? substr($creator, 0, strpos($creator, '#')) : $creator);
-
-                       $profile = ActivityPub::fetchprofile($url);
-                       if (!empty($profile)) {
-                               logger('Taking key from creator ' . $creator, LOGGER_DEBUG);
-                       } elseif ($url != $actor) {
-                               $profile = ActivityPub::fetchprofile($actor);
-                               if (empty($profile)) {
-                                       return false;
-                               }
-                               logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
-                       }
-
-*/
-                       $actor = JsonLD::fetchElement($data, 'actor', 'id');
-                       if (empty($actor)) {
-                               return false;
-                       }
-
-                       $profile = ActivityPub::fetchprofile($actor);
-                       if (empty($profile['pubkey'])) {
-                               return false;
-                       }
-                       $pubkey = $profile['pubkey'];
+               $actor = JsonLD::fetchElement($data, 'actor', 'id');
+               if (empty($actor)) {
+                       return false;
+               }
+
+               $profile = APContact::getByURL($actor);
+               if (empty($profile['pubkey'])) {
+                       return false;
                 }
+               $pubkey = $profile['pubkey'];
  
-               $ohash = self::hash(self::signable_options($data['signature']));
-               $dhash = self::hash(self::signable_data($data));
+               $ohash = self::hash(self::signableOptions($data['signature']));
+               $dhash = self::hash(self::signableData($data));
  
                 $x = Crypto::rsaVerify($ohash . $dhash, base64_decode($data['signature']['signatureValue']), $pubkey);
-               logger('LD-verify: ' . intval($x));
+               Logger::log('LD-verify: ' . intval($x));
  
-               return $x;
+               if (empty($x)) {
+                       return false;
+               } else {
+                       return $actor;
+               }
         }
  
         public static function sign($data, $owner)
@@ -65,42 +56,31 @@ class LDSignature
                         'type' => 'RsaSignature2017',
                         'nonce' => random_string(64),
                         'creator' => $owner['url'] . '#main-key',
-                       'created' => DateTimeFormat::utcNow()
+                       'created' => DateTimeFormat::utcNow(DateTimeFormat::ATOM)
                 ];
  
-               $ohash = self::hash(self::signable_options($options));
-               $dhash = self::hash(self::signable_data($data));
+               $ohash = self::hash(self::signableOptions($options));
+               $dhash = self::hash(self::signableData($data));
                 $options['signatureValue'] = base64_encode(Crypto::rsaSign($ohash . $dhash, $owner['uprvkey']));
  
                 return array_merge($data, ['signature' => $options]);
         }
  
-
-       private static function signable_data($data)
+       private static function signableData($data)
         {
-               $newdata = [];
-               if (!empty($data)) {
-                       foreach ($data as $k => $v) {
-                               if (!in_array($k, ['signature'])) {
-                                       $newdata[$k] = $v;
-                               }
-                       }
-               }
-               return $newdata;
+               unset($data['signature']);
+               return $data;
         }
  
-
-       private static function signable_options($options)
+       private static function signableOptions($options)
         {
                 $newopts = ['@context' => 'https://w3id.org/identity/v1'];
-               if (!empty($options)) {
-                       foreach ($options as $k => $v) {
-                               if (!in_array($k, ['type','id','signatureValue'])) {
-                                       $newopts[$k] = $v;
-                               }
-                       }
-               }
-               return $newopts;
+
+               unset($options['type']);
+               unset($options['id']);
+               unset($options['signatureValue']);
+
+               return array_merge($newopts, $options);
         }
  
         private static function hash($obj)