X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FLDSignature.php;h=9762b837f3bca737269d4ca87f78d95d5f45f855;hb=5accf11c8d5ca529e80d70999e759f63747e3733;hp=7288b584c78a7984e68ec737cabd570f2e197c94;hpb=752b5fe28464c7f1dec79132b6ef74ae71420d8b;p=friendica.git

diff --git a/src/Util/LDSignature.php b/src/Util/LDSignature.php
index 7288b584c7..9762b837f3 100644
--- a/src/Util/LDSignature.php
+++ b/src/Util/LDSignature.php
@@ -2,10 +2,14 @@
 
 namespace Friendica\Util;
 
-use Friendica\Util\JsonLD;
-use Friendica\Util\DateTimeFormat;
-use Friendica\Protocol\ActivityPub;
-
+use Friendica\Core\Logger;
+use Friendica\Model\APContact;
+
+/**
+ * @brief Implements JSON-LD signatures
+ *
+ * Ported from Osada: https://framagit.org/macgirvin/osada
+ */
 class LDSignature
 {
 	public static function isSigned($data)
@@ -13,76 +17,67 @@ class LDSignature
 		return !empty($data['signature']);
 	}
 
-	public static function isVerified($data, $pubkey = null)
+	public static function getSigner($data)
 	{
 		if (!self::isSigned($data)) {
 			return false;
 		}
 
-		if (empty($pubkey)) {
-			$actor = JsonLD::fetchElement($data, 'actor', 'id');
-			if (empty($actor)) {
-				return false;
-			}
-
-			$profile = ActivityPub::fetchprofile($actor);
-			if (empty($profile['pubkey'])) {
-				return false;
-			}
-			$pubkey = $profile['pubkey'];
+		$actor = JsonLD::fetchElement($data, 'actor', 'id');
+		if (empty($actor) || !is_string($actor)) {
+			return false;
 		}
 
-		$ohash = self::hash(self::signable_options($data['signature']));
-		$dhash = self::hash(self::signable_data($data));
+		$profile = APContact::getByURL($actor);
+		if (empty($profile['pubkey'])) {
+			return false;
+		}
+		$pubkey = $profile['pubkey'];
+
+		$ohash = self::hash(self::signableOptions($data['signature']));
+		$dhash = self::hash(self::signableData($data));
 
 		$x = Crypto::rsaVerify($ohash . $dhash, base64_decode($data['signature']['signatureValue']), $pubkey);
-		logger('LD-verify: ' . intval($x));
+		Logger::log('LD-verify: ' . intval($x));
 
-		return $x;
+		if (empty($x)) {
+			return false;
+		} else {
+			return $actor;
+		}
 	}
 
 	public static function sign($data, $owner)
 	{
 		$options = [
 			'type' => 'RsaSignature2017',
-			'nonce' => random_string(64),
+			'nonce' => Strings::getRandomHex(64),
 			'creator' => $owner['url'] . '#main-key',
-			'created' => DateTimeFormat::utcNow()
+			'created' => DateTimeFormat::utcNow(DateTimeFormat::ATOM)
 		];
 
-		$ohash = self::hash(self::signable_options($options));
-		$dhash = self::hash(self::signable_data($data));
+		$ohash = self::hash(self::signableOptions($options));
+		$dhash = self::hash(self::signableData($data));
 		$options['signatureValue'] = base64_encode(Crypto::rsaSign($ohash . $dhash, $owner['uprvkey']));
 
 		return array_merge($data, ['signature' => $options]);
 	}
 
-
-	private static function signable_data($data)
+	private static function signableData($data)
 	{
-		$newdata = [];
-		if (!empty($data)) {
-			foreach ($data as $k => $v) {
-				if (!in_array($k, ['signature'])) {
-					$newdata[$k] = $v;
-				}
-			}
-		}
-		return $newdata;
+		unset($data['signature']);
+		return $data;
 	}
 
-
-	private static function signable_options($options)
+	private static function signableOptions($options)
 	{
 		$newopts = ['@context' => 'https://w3id.org/identity/v1'];
-		if (!empty($options)) {
-			foreach ($options as $k => $v) {
-				if (!in_array($k, ['type','id','signatureValue'])) {
-					$newopts[$k] = $v;
-				}
-			}
-		}
-		return $newopts;
+
+		unset($options['type']);
+		unset($options['id']);
+		unset($options['signatureValue']);
+
+		return array_merge($newopts, $options);
 	}
 
 	private static function hash($obj)