mirror
/
activitypub-single-php-file
kopia lustrzana https://gitlab.com/edent/activitypub-single-php-file
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Check keyId against actor's public key

merge-requests/5/head
Terence Eden 2024-03-07 21:40:50 +00:00
rodzic c2f14fc910
commit 3231a4fc52
1 zmienionych plików z 35 dodań i 25 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

60
index.php
Wyświetl plik

@ -1555,33 +1555,42 @@ HTML;
$userData = getDataFromURl( $publicKeyURL ); $userData = getDataFromURl( $publicKeyURL );
$publicKey = $userData["publicKey"]["publicKeyPem"]; $publicKey = $userData["publicKey"]["publicKeyPem"];
// Get the remaining parts // Check that the actor's key is the same as the key used to sign the message
$signature = base64_decode( $signatureParts["signature"] ); // Get the actor's public key
$algorithm = $signatureParts["algorithm"]; $actorData = getDataFromURl( $body["actor"] );
$actorPublicKey = $actorData["publicKey"]["publicKeyPem"];
// There might be many different signing algorithms if ( $publicKey != $actorPublicKey ) {
// TODO: Find a way to transform these automatically
// See https://github.com/superseriousbusiness/gotosocial/issues/1186#issuecomment-1976166659 and https://github.com/snarfed/bridgy-fed/issues/430 for hs2019
if ( "hs2019" == $algorithm ) {
$algorithm = "sha256";
}
// Finally! Calculate whether the signature is valid
// Returns 1 if verified, 0 if not, false or -1 if an error occurred
$verified = openssl_verify(
$signatureString,
$signature,
$publicKey,
$algorithm
);
// Convert to boolean
if ( $verified === 1 ) {
$verified = true;
} elseif ( $verified === 0 ) {
$verified = false; $verified = false;
} else { } else {
$verified = null; // Get the remaining parts
$signature = base64_decode( $signatureParts["signature"] );
$algorithm = $signatureParts["algorithm"];
// There might be many different signing algorithms
// TODO: Find a way to transform these automatically
// See https://github.com/superseriousbusiness/gotosocial/issues/1186#issuecomment-1976166659 and https://github.com/snarfed/bridgy-fed/issues/430 for hs2019
if ( "hs2019" == $algorithm ) {
$algorithm = "sha256";
}
// Finally! Calculate whether the signature is valid
// Returns 1 if verified, 0 if not, false or -1 if an error occurred
$verified = openssl_verify(
$signatureString,
$signature,
$publicKey,
$algorithm
);
// Convert to boolean
if ( $verified === 1 ) {
$verified = true;
} elseif ( $verified === 0 ) {
$verified = false;
} else {
$verified = null;
}
} }
// Filename for the log // Filename for the log
@ -1595,7 +1604,8 @@ HTML;
"Calculated signatureString:\n" . print_r( $signatureString, true ) . "\n\n" . "Calculated signatureString:\n" . print_r( $signatureString, true ) . "\n\n" .
"Calculated algorithm:\n" . print_r( $algorithm, true ) . "\n\n" . "Calculated algorithm:\n" . print_r( $algorithm, true ) . "\n\n" .
"publicKeyURL:\n" . print_r( $publicKeyURL, true ) . "\n\n" . "publicKeyURL:\n" . print_r( $publicKeyURL, true ) . "\n\n" .
"publicKey:\n" . print_r( $publicKey, true ) . "\n" "publicKey:\n" . print_r( $publicKey, true ) . "\n\n" .
"actorPublicKey:\n" . print_r( $actorPublicKey, true ) . "\n"
); );
return $verified; return $verified;