[ActivityPub][RSA] Revision, increase type scrictness and improve docs
This commit is contained in:
parent
73af7be061
commit
e7778bd5d7
@ -70,16 +70,15 @@ class Activitypub_rsa extends Managed_DataObject
|
|||||||
* Private key getter
|
* Private key getter
|
||||||
*
|
*
|
||||||
* @param Profile $profile
|
* @param Profile $profile
|
||||||
* @return string
|
* @return string The private key
|
||||||
* @throws ServerException
|
* @throws Exception Throws exception if tries to fetch a private key of an actor we don't own
|
||||||
* @throws Exception
|
|
||||||
*/
|
*/
|
||||||
public function get_private_key(Profile $profile): string
|
public function get_private_key(Profile $profile): string
|
||||||
{
|
{
|
||||||
$this->profile_id = $profile->getID();
|
$this->profile_id = $profile->getID();
|
||||||
$apRSA = self::getKV('profile_id', $this->profile_id);
|
$apRSA = self::getKV('profile_id', $this->profile_id);
|
||||||
if (!$apRSA instanceof Activitypub_rsa) {
|
if (!$apRSA instanceof Activitypub_rsa) {
|
||||||
// No existing key pair for this profile
|
// Nonexistent key pair for this profile
|
||||||
if ($profile->isLocal()) {
|
if ($profile->isLocal()) {
|
||||||
self::generate_keys($this->private_key, $this->public_key);
|
self::generate_keys($this->private_key, $this->public_key);
|
||||||
$this->store_keys();
|
$this->store_keys();
|
||||||
@ -95,7 +94,7 @@ class Activitypub_rsa extends Managed_DataObject
|
|||||||
* Guarantees a Public Key for a given profile.
|
* Guarantees a Public Key for a given profile.
|
||||||
*
|
*
|
||||||
* @param Profile $profile
|
* @param Profile $profile
|
||||||
* @param bool $fetch
|
* @param bool $fetch=true Should attempt to fetch keys from a remote profile?
|
||||||
* @return string The public key
|
* @return string The public key
|
||||||
* @throws ServerException It should never occur, but if so, we break everything!
|
* @throws ServerException It should never occur, but if so, we break everything!
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
|
@ -21,7 +21,17 @@
|
|||||||
|
|
||||||
class HttpSignature
|
class HttpSignature
|
||||||
{
|
{
|
||||||
public static function sign($user, $url, $body = false, $addlHeaders = [])
|
/**
|
||||||
|
* Sign a message with an Actor
|
||||||
|
*
|
||||||
|
* @param Profile $user Actor signing
|
||||||
|
* @param string $url Inbox url
|
||||||
|
* @param string|bool $body Data to sign (optional)
|
||||||
|
* @param array $addlHeaders Additional headers (optional)
|
||||||
|
* @return array Headers to be used in curl
|
||||||
|
* @throws Exception Attempted to sign something that belongs to an Actor we don't own
|
||||||
|
*/
|
||||||
|
public static function sign(Profile $user, string $url, $body = false, array $addlHeaders = []): array
|
||||||
{
|
{
|
||||||
$digest = false;
|
$digest = false;
|
||||||
if ($body) {
|
if ($body) {
|
||||||
@ -32,6 +42,7 @@ class HttpSignature
|
|||||||
$stringToSign = self::_headersToSigningString($headers);
|
$stringToSign = self::_headersToSigningString($headers);
|
||||||
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
|
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
|
||||||
$actor_private_key = new Activitypub_rsa();
|
$actor_private_key = new Activitypub_rsa();
|
||||||
|
// Intentionally unhandled exception, we want this to explode if that happens as it would be a bug
|
||||||
$actor_private_key = $actor_private_key->get_private_key($user);
|
$actor_private_key = $actor_private_key->get_private_key($user);
|
||||||
$key = openssl_pkey_get_private($actor_private_key);
|
$key = openssl_pkey_get_private($actor_private_key);
|
||||||
openssl_sign($stringToSign, $signature, $key, OPENSSL_ALGO_SHA256);
|
openssl_sign($stringToSign, $signature, $key, OPENSSL_ALGO_SHA256);
|
||||||
@ -43,7 +54,11 @@ class HttpSignature
|
|||||||
return self::_headersToCurlArray($headers);
|
return self::_headersToCurlArray($headers);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function _digest($body)
|
/**
|
||||||
|
* @param mixed $body
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
private static function _digest($body): string
|
||||||
{
|
{
|
||||||
if (is_array($body)) {
|
if (is_array($body)) {
|
||||||
$body = json_encode($body);
|
$body = json_encode($body);
|
||||||
@ -51,7 +66,13 @@ class HttpSignature
|
|||||||
return base64_encode(hash('sha256', $body, true));
|
return base64_encode(hash('sha256', $body, true));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static function _headersToSign($url, $digest = false)
|
/**
|
||||||
|
* @param string $url
|
||||||
|
* @param mixed $digest
|
||||||
|
* @return array
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
protected static function _headersToSign(string $url, $digest = false): array
|
||||||
{
|
{
|
||||||
$date = new DateTime('UTC');
|
$date = new DateTime('UTC');
|
||||||
|
|
||||||
@ -60,7 +81,7 @@ class HttpSignature
|
|||||||
'Date' => $date->format('D, d M Y H:i:s \G\M\T'),
|
'Date' => $date->format('D, d M Y H:i:s \G\M\T'),
|
||||||
'Host' => parse_url($url, PHP_URL_HOST),
|
'Host' => parse_url($url, PHP_URL_HOST),
|
||||||
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/json',
|
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/json',
|
||||||
'User-Agent' => 'GNU social ActivityPub Plugin - https://gnu.io/social',
|
'User-Agent' => 'GNU social ActivityPub Plugin - '.GNUSOCIAL_ENGINE_URL,
|
||||||
'Content-Type' => 'application/activity+json'
|
'Content-Type' => 'application/activity+json'
|
||||||
];
|
];
|
||||||
|
|
||||||
@ -71,21 +92,33 @@ class HttpSignature
|
|||||||
return $headers;
|
return $headers;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function _headersToSigningString($headers)
|
/**
|
||||||
|
* @param array $headers
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
private static function _headersToSigningString(array $headers): string
|
||||||
{
|
{
|
||||||
return implode("\n", array_map(function ($k, $v) {
|
return implode("\n", array_map(function ($k, $v) {
|
||||||
return strtolower($k) . ': ' . $v;
|
return strtolower($k) . ': ' . $v;
|
||||||
}, array_keys($headers), $headers));
|
}, array_keys($headers), $headers));
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function _headersToCurlArray($headers)
|
/**
|
||||||
|
* @param array $headers
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
private static function _headersToCurlArray(array $headers): array
|
||||||
{
|
{
|
||||||
return array_map(function ($k, $v) {
|
return array_map(function ($k, $v) {
|
||||||
return "$k: $v";
|
return "$k: $v";
|
||||||
}, array_keys($headers), $headers);
|
}, array_keys($headers), $headers);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function parseSignatureHeader($signature)
|
/**
|
||||||
|
* @param string $signature
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public static function parseSignatureHeader(string $signature): array
|
||||||
{
|
{
|
||||||
$parts = explode(',', $signature);
|
$parts = explode(',', $signature);
|
||||||
$signatureData = [];
|
$signatureData = [];
|
||||||
@ -117,7 +150,15 @@ class HttpSignature
|
|||||||
return $signatureData;
|
return $signatureData;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function verify($publicKey, $signatureData, $inputHeaders, $path, $body)
|
/**
|
||||||
|
* @param $publicKey
|
||||||
|
* @param $signatureData
|
||||||
|
* @param $inputHeaders
|
||||||
|
* @param $path
|
||||||
|
* @param $body
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public static function verify($publicKey, $signatureData, $inputHeaders, $path, $body): array
|
||||||
{
|
{
|
||||||
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
|
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
|
||||||
$headersToSign = [];
|
$headersToSign = [];
|
||||||
|
Loading…
Reference in New Issue
Block a user