Merge pull request #444 from nextcloud/backport/433/alpha1

[alpha1] create object even if it can't be signed

context/w3id.org.identity.v1.json

@@ -0,0 +1 @@
+{"contextUrl":null,"document":"{\n  \"@context\": {\n    \"id\": \"@id\",\n    \"type\": \"@type\",\n\n    \"cred\": \"https:\/\/w3id.org\/credentials#\",\n    \"dc\": \"http:\/\/purl.org\/dc\/terms\/\",\n    \"identity\": \"https:\/\/w3id.org\/identity#\",\n    \"perm\": \"https:\/\/w3id.org\/permissions#\",\n    \"ps\": \"https:\/\/w3id.org\/payswarm#\",\n    \"rdf\": \"http:\/\/www.w3.org\/1999\/02\/22-rdf-syntax-ns#\",\n    \"rdfs\": \"http:\/\/www.w3.org\/2000\/01\/rdf-schema#\",\n    \"sec\": \"https:\/\/w3id.org\/security#\",\n    \"schema\": \"http:\/\/schema.org\/\",\n    \"xsd\": \"http:\/\/www.w3.org\/2001\/XMLSchema#\",\n\n    \"Group\": \"https:\/\/www.w3.org\/ns\/activitystreams#Group\",\n\n    \"claim\": {\"@id\": \"cred:claim\", \"@type\": \"@id\"},\n    \"credential\": {\"@id\": \"cred:credential\", \"@type\": \"@id\"},\n    \"issued\": {\"@id\": \"cred:issued\", \"@type\": \"xsd:dateTime\"},\n    \"issuer\": {\"@id\": \"cred:issuer\", \"@type\": \"@id\"},\n    \"recipient\": {\"@id\": \"cred:recipient\", \"@type\": \"@id\"},\n    \"Credential\": \"cred:Credential\",\n    \"CryptographicKeyCredential\": \"cred:CryptographicKeyCredential\",\n\n    \"about\": {\"@id\": \"schema:about\", \"@type\": \"@id\"},\n    \"address\": {\"@id\": \"schema:address\", \"@type\": \"@id\"},\n    \"addressCountry\": \"schema:addressCountry\",\n    \"addressLocality\": \"schema:addressLocality\",\n    \"addressRegion\": \"schema:addressRegion\",\n    \"comment\": \"rdfs:comment\",\n    \"created\": {\"@id\": \"dc:created\", \"@type\": \"xsd:dateTime\"},\n    \"creator\": {\"@id\": \"dc:creator\", \"@type\": \"@id\"},\n    \"description\": \"schema:description\",\n    \"email\": \"schema:email\",\n    \"familyName\": \"schema:familyName\",\n    \"givenName\": \"schema:givenName\",\n    \"image\": {\"@id\": \"schema:image\", \"@type\": \"@id\"},\n    \"label\": \"rdfs:label\",\n    \"name\": \"schema:name\",\n    \"postalCode\": \"schema:postalCode\",\n    \"streetAddress\": \"schema:streetAddress\",\n    \"title\": \"dc:title\",\n    \"url\": {\"@id\": \"schema:url\", \"@type\": \"@id\"},\n    \"Person\": \"schema:Person\",\n    \"PostalAddress\": \"schema:PostalAddress\",\n    \"Organization\": \"schema:Organization\",\n\n    \"identityService\": {\"@id\": \"identity:identityService\", \"@type\": \"@id\"},\n    \"idp\": {\"@id\": \"identity:idp\", \"@type\": \"@id\"},\n    \"Identity\": \"identity:Identity\",\n\n    \"paymentProcessor\": \"ps:processor\",\n    \"preferences\": {\"@id\": \"ps:preferences\", \"@type\": \"@vocab\"},\n\n    \"cipherAlgorithm\": \"sec:cipherAlgorithm\",\n    \"cipherData\": \"sec:cipherData\",\n    \"cipherKey\": \"sec:cipherKey\",\n    \"digestAlgorithm\": \"sec:digestAlgorithm\",\n    \"digestValue\": \"sec:digestValue\",\n    \"domain\": \"sec:domain\",\n    \"expires\": {\"@id\": \"sec:expiration\", \"@type\": \"xsd:dateTime\"},\n    \"initializationVector\": \"sec:initializationVector\",\n    \"member\": {\"@id\": \"schema:member\", \"@type\": \"@id\"},\n    \"memberOf\": {\"@id\": \"schema:memberOf\", \"@type\": \"@id\"},\n    \"nonce\": \"sec:nonce\",\n    \"normalizationAlgorithm\": \"sec:normalizationAlgorithm\",\n    \"owner\": {\"@id\": \"sec:owner\", \"@type\": \"@id\"},\n    \"password\": \"sec:password\",\n    \"privateKey\": {\"@id\": \"sec:privateKey\", \"@type\": \"@id\"},\n    \"privateKeyPem\": \"sec:privateKeyPem\",\n    \"publicKey\": {\"@id\": \"sec:publicKey\", \"@type\": \"@id\"},\n    \"publicKeyPem\": \"sec:publicKeyPem\",\n    \"publicKeyService\": {\"@id\": \"sec:publicKeyService\", \"@type\": \"@id\"},\n    \"revoked\": {\"@id\": \"sec:revoked\", \"@type\": \"xsd:dateTime\"},\n    \"signature\": \"sec:signature\",\n    \"signatureAlgorithm\": \"sec:signatureAlgorithm\",\n    \"signatureValue\": \"sec:signatureValue\",\n    \"CryptographicKey\": \"sec:Key\",\n    \"EncryptedMessage\": \"sec:EncryptedMessage\",\n    \"GraphSignature2012\": \"sec:GraphSignature2012\",\n    \"LinkedDataSignature2015\": \"sec:LinkedDataSignature2015\",\n\n    \"accessControl\": {\"@id\": \"perm:accessControl\", \"@type\": \"@id\"},\n    \"writePermission\": {\"@id\": \"perm:writePermission\", \"@type\": \"@id\"}\n  }\n}\n","documentUrl":"https:\/\/web-payments.org\/contexts\/identity-v1.jsonld"}

context/w3id.org.security.v1.json

@@ -0,0 +1 @@
+{"contextUrl":null,"document":"{\n  \"@context\": {\n    \"id\": \"@id\",\n    \"type\": \"@type\",\n\n    \"dc\": \"http:\/\/purl.org\/dc\/terms\/\",\n    \"sec\": \"https:\/\/w3id.org\/security#\",\n    \"xsd\": \"http:\/\/www.w3.org\/2001\/XMLSchema#\",\n\n    \"EcdsaKoblitzSignature2016\": \"sec:EcdsaKoblitzSignature2016\",\n    \"Ed25519Signature2018\": \"sec:Ed25519Signature2018\",\n    \"EncryptedMessage\": \"sec:EncryptedMessage\",\n    \"GraphSignature2012\": \"sec:GraphSignature2012\",\n    \"LinkedDataSignature2015\": \"sec:LinkedDataSignature2015\",\n    \"LinkedDataSignature2016\": \"sec:LinkedDataSignature2016\",\n    \"CryptographicKey\": \"sec:Key\",\n\n    \"authenticationTag\": \"sec:authenticationTag\",\n    \"canonicalizationAlgorithm\": \"sec:canonicalizationAlgorithm\",\n    \"cipherAlgorithm\": \"sec:cipherAlgorithm\",\n    \"cipherData\": \"sec:cipherData\",\n    \"cipherKey\": \"sec:cipherKey\",\n    \"created\": {\"@id\": \"dc:created\", \"@type\": \"xsd:dateTime\"},\n    \"creator\": {\"@id\": \"dc:creator\", \"@type\": \"@id\"},\n    \"digestAlgorithm\": \"sec:digestAlgorithm\",\n    \"digestValue\": \"sec:digestValue\",\n    \"domain\": \"sec:domain\",\n    \"encryptionKey\": \"sec:encryptionKey\",\n    \"expiration\": {\"@id\": \"sec:expiration\", \"@type\": \"xsd:dateTime\"},\n    \"expires\": {\"@id\": \"sec:expiration\", \"@type\": \"xsd:dateTime\"},\n    \"initializationVector\": \"sec:initializationVector\",\n    \"iterationCount\": \"sec:iterationCount\",\n    \"nonce\": \"sec:nonce\",\n    \"normalizationAlgorithm\": \"sec:normalizationAlgorithm\",\n    \"owner\": {\"@id\": \"sec:owner\", \"@type\": \"@id\"},\n    \"password\": \"sec:password\",\n    \"privateKey\": {\"@id\": \"sec:privateKey\", \"@type\": \"@id\"},\n    \"privateKeyPem\": \"sec:privateKeyPem\",\n    \"publicKey\": {\"@id\": \"sec:publicKey\", \"@type\": \"@id\"},\n    \"publicKeyBase58\": \"sec:publicKeyBase58\",\n    \"publicKeyPem\": \"sec:publicKeyPem\",\n    \"publicKeyWif\": \"sec:publicKeyWif\",\n    \"publicKeyService\": {\"@id\": \"sec:publicKeyService\", \"@type\": \"@id\"},\n    \"revoked\": {\"@id\": \"sec:revoked\", \"@type\": \"xsd:dateTime\"},\n    \"salt\": \"sec:salt\",\n    \"signature\": \"sec:signature\",\n    \"signatureAlgorithm\": \"sec:signingAlgorithm\",\n    \"signatureValue\": \"sec:signatureValue\"\n  }\n}\n","documentUrl":"https:\/\/web-payments.org\/contexts\/security-v1.jsonld"}

lib/Model/LinkedDataSignature.php

@@ -32,9 +32,12 @@ namespace OCA\Social\Model;
 
 
 use daita\MySmallPhpTools\Traits\TArrayTools;
+use JsonLdException;
 use JsonSerializable;
 use OCA\Social\Exceptions\LinkedDataSignatureMissingException;
 use OCA\Social\Model\ActivityPub\ACore;
+use OCA\Social\Service\SignatureService;
+use stdClass;
 
 
 /**
@@ -78,6 +81,7 @@ class LinkedDataSignature implements JsonSerializable {
 	public function __construct() {
 	}
 
+
 	/**
 	 * @return string
 	 */
@@ -96,6 +100,7 @@ class LinkedDataSignature implements JsonSerializable {
 		return $this;
 	}
 
+
 	/**
 	 * @return string
 	 */
@@ -305,8 +310,9 @@ class LinkedDataSignature implements JsonSerializable {
 		$res = jsonld_normalize(
 			$object,
 			[
-				'algorithm' => 'URDNA2015',
-				'format'    => 'application/nquads'
+				'algorithm'      => 'URDNA2015',
+				'format'         => 'application/nquads',
+				'documentLoader' => [SignatureService::class, 'documentLoader']
 			]
 		);
 

lib/Service/SignatureService.php

@@ -35,10 +35,13 @@ use daita\MySmallPhpTools\Model\Request;
 use daita\MySmallPhpTools\Traits\TArrayTools;
 use DateTime;
 use Exception;
+use JsonLdException;
+use OCA\Social\AppInfo\Application;
 use OCA\Social\Db\ActorsRequest;
 use OCA\Social\Exceptions\ActorDoesNotExistException;
 use OCA\Social\Exceptions\InvalidOriginException;
 use OCA\Social\Exceptions\InvalidResourceException;
+use OCA\Social\Exceptions\ItemUnknownException;
 use OCA\Social\Exceptions\LinkedDataSignatureMissingException;
 use OCA\Social\Exceptions\RedundancyLimitException;
 use OCA\Social\Exceptions\RequestContentException;
@@ -48,12 +51,16 @@ use OCA\Social\Exceptions\RequestServerException;
 use OCA\Social\Exceptions\SignatureException;
 use OCA\Social\Exceptions\SignatureIsGoneException;
 use OCA\Social\Exceptions\SocialAppConfigException;
-use OCA\Social\Exceptions\ItemUnknownException;
 use OCA\Social\Model\ActivityPub\ACore;
 use OCA\Social\Model\ActivityPub\Actor\Person;
 use OCA\Social\Model\LinkedDataSignature;
 use OCA\Social\Model\RequestQueue;
+use OCP\Files\NotFoundException;
+use OCP\Files\NotPermittedException;
+use OCP\Files\SimpleFS\ISimpleFile;
+use OCP\Files\SimpleFS\ISimpleFolder;
 use OCP\IRequest;
+use stdClass;
 
 class SignatureService {
 
@@ -256,7 +263,7 @@ class SignatureService {
 		try {
 			$signature->sign();
 			$object->setSignature($signature);
-		} catch (LinkedDataSignatureMissingException $e) {
+		} catch (Exception $e) {
 		}
 	}
 
@@ -412,5 +419,113 @@ class SignatureService {
 		}
 	}
 
+
+	/**
+	 * @param string $url
+	 *
+	 * @return stdClass
+	 * @throws NotPermittedException
+	 * @throws JsonLdException
+	 */
+	public static function documentLoader($url): stdClass {
+		$recursion = 0;
+		$x = debug_backtrace();
+		if ($x) {
+			foreach ($x as $n) {
+				if ($n['function'] === __FUNCTION__) {
+					$recursion++;
+				}
+			}
+		}
+
+		if ($recursion > 5) {
+			exit();
+		}
+
+		$folder = self::getContextCacheFolder();
+		$filename = parse_url($url, PHP_URL_HOST) . parse_url($url, PHP_URL_PATH);
+		$filename = str_replace('/', '.', $filename) . '.json';
+
+		try {
+			$cache = $folder->getFile($filename);
+			self::updateContextCacheDocument($cache, $url);
+
+			$data = json_decode($cache->getContent());
+		} catch (NotFoundException $e) {
+			$data = self::generateContextCacheDocument($folder, $filename, $url);
+		}
+
+		return $data;
+	}
+
+
+	/**
+	 * @return ISimpleFolder
+	 * @throws NotPermittedException
+	 */
+	private static function getContextCacheFolder(): ISimpleFolder {
+		$path = 'context';
+
+		$appData = \OC::$server->getAppDataDir(Application::APP_NAME);
+		try {
+			$folder = $appData->getFolder($path);
+		} catch (NotFoundException $e) {
+			$folder = $appData->newFolder($path);
+		}
+
+		return $folder;
+	}
+
+
+	/**
+	 * @param ISimpleFolder $folder
+	 * @param string $filename
+	 *
+	 * @param string $url
+	 *
+	 * @return stdClass
+	 * @throws JsonLdException
+	 * @throws NotPermittedException
+	 */
+	private static function generateContextCacheDocument(
+		ISimpleFolder $folder, string $filename, string $url
+	): stdClass {
+
+		try {
+			$data = jsonld_default_document_loader($url);
+			$content = json_encode($data);
+		} catch (JsonLdException $e) {
+			$context = file_get_contents(__DIR__ . '/../../context/' . $filename);
+			if (is_bool($context)) {
+				throw $e;
+			}
+
+			$content = $context;
+			$data = json_decode($context);
+		}
+
+		$cache = $folder->newFile($filename);
+		$cache->putContent($content);
+
+		return $data;
+	}
+
+
+	/**
+	 * @param ISimpleFile $cache
+	 * @param string $url
+	 *
+	 * @throws NotPermittedException
+	 */
+	private static function updateContextCacheDocument(ISimpleFile $cache, string $url) {
+		if ($cache->getMTime() < (time() - 98765)) {
+			try {
+				$data = jsonld_default_document_loader($url);
+				$cache->putContent(json_encode($data));
+			} catch (JsonLdException $e) {
+			}
+		}
+	}
+
 }