eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

[TESTS] Added unit tests

Browse Source
This commit is contained in:
Daniel
2020-10-16 01:07:01 +01:00
committed by Hugo Sales
parent d53fef09a8
commit 95f95d2dd8
29 changed files with 716 additions and 477 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
plugins/ActivityPub/lib/httpsignature.php
View File

@@ -14,22 +14,25 @@
*
* @category Network
* @package Nautilus
*
* @author Aaron Parecki <aaron@parecki.com>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://github.com/aaronpk/Nautilus/blob/master/app/ActivityPub/HTTPSignature.php
*
* @see https://github.com/aaronpk/Nautilus/blob/master/app/ActivityPub/HTTPSignature.php
*/
class HttpSignature
class httpsignature
{
/**
* Sign a message with an Actor
*
* @param Profile $user Actor signing
* @param string $url Inbox url
* @param string|bool $body Data to sign (optional)
* @param array $addlHeaders Additional headers (optional)
* @return array Headers to be used in curl
* @param Profile $user Actor signing
* @param string $url Inbox url
* @param bool|string $body Data to sign (optional)
* @param array $addlHeaders Additional headers (optional)
*
* @throws Exception Attempted to sign something that belongs to an Actor we don't own
*
* @return array Headers to be used in curl
*/
public static function sign(Profile $user, string $url, $body = false, array $addlHeaders = []): array
{
@@ -37,16 +40,16 @@ class HttpSignature
if ($body) {
$digest = self::_digest($body);
}
$headers = self::_headersToSign($url, $digest);
$headers = array_merge($headers, $addlHeaders);
$stringToSign = self::_headersToSigningString($headers);
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
$headers = self::_headersToSign($url, $digest);
$headers = array_merge($headers, $addlHeaders);
$stringToSign = self::_headersToSigningString($headers);
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
$actor_private_key = new Activitypub_rsa();
// Intentionally unhandled exception, we want this to explode if that happens as it would be a bug
$actor_private_key = $actor_private_key->get_private_key($user);
$key = openssl_pkey_get_private($actor_private_key);
$key = openssl_pkey_get_private($actor_private_key);
openssl_sign($stringToSign, $signature, $key, OPENSSL_ALGO_SHA256);
$signature = base64_encode($signature);
$signature = base64_encode($signature);
$signatureHeader = 'keyId="' . $user->getUri() . '#public-key' . '",headers="' . $signedHeaders . '",algorithm="rsa-sha256",signature="' . $signature . '"';
unset($headers['(request-target)']);
$headers['Signature'] = $signatureHeader;
@@ -56,6 +59,7 @@ class HttpSignature
/**
* @param mixed $body
*
* @return string
*/
private static function _digest($body): string
@@ -68,9 +72,11 @@ class HttpSignature
/**
* @param string $url
* @param mixed $digest
* @return array
* @param mixed $digest
*
* @throws Exception
*
* @return array
*/
protected static function _headersToSign(string $url, $digest = false): array
{
@@ -78,11 +84,11 @@ class HttpSignature
$headers = [
'(request-target)' => 'post ' . parse_url($url, PHP_URL_PATH),
'Date' => $date->format('D, d M Y H:i:s \G\M\T'),
'Host' => parse_url($url, PHP_URL_HOST),
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/json',
'User-Agent' => 'GNU social ActivityPub Plugin - '.GNUSOCIAL_ENGINE_URL,
'Content-Type' => 'application/activity+json'
'Date' => $date->format('D, d M Y H:i:s \G\M\T'),
'Host' => parse_url($url, PHP_URL_HOST),
'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/json',
'User-Agent' => 'GNU social ActivityPub Plugin - ' . GNUSOCIAL_ENGINE_URL,
'Content-Type' => 'application/activity+json',
];
if ($digest) {
@@ -94,6 +100,7 @@ class HttpSignature
/**
* @param array $headers
*
* @return string
*/
private static function _headersToSigningString(array $headers): string
@@ -105,22 +112,24 @@ class HttpSignature
/**
* @param array $headers
*
* @return array
*/
private static function _headersToCurlArray(array $headers): array
{
return array_map(function ($k, $v) {
return "$k: $v";
return "{$k}: {$v}";
}, array_keys($headers), $headers);
}
/**
* @param string $signature
*
* @return array
*/
public static function parseSignatureHeader(string $signature): array
{
$parts = explode(',', $signature);
$parts = explode(',', $signature);
$signatureData = [];
foreach ($parts as $part) {
@@ -131,19 +140,19 @@ class HttpSignature
if (!isset($signatureData['keyId'])) {
return [
'error' => 'No keyId was found in the signature header. Found: ' . implode(', ', array_keys($signatureData))
'error' => 'No keyId was found in the signature header. Found: ' . implode(', ', array_keys($signatureData)),
];
}
if (!filter_var($signatureData['keyId'], FILTER_VALIDATE_URL)) {
return [
'error' => 'keyId is not a URL: ' . $signatureData['keyId']
'error' => 'keyId is not a URL: ' . $signatureData['keyId'],
];
}
if (!isset($signatureData['headers']) || !isset($signatureData['signature'])) {
return [
'error' => 'Signature is missing headers or signature parts'
'error' => 'Signature is missing headers or signature parts',
];
}
@@ -156,14 +165,15 @@ class HttpSignature
* @param $inputHeaders
* @param $path
* @param $body
*
* @return array
*/
public static function verify($publicKey, $signatureData, $inputHeaders, $path, $body): array
{
// We need this because the used Request headers fields specified by Signature are in lower case.
$headersContent = array_change_key_case($inputHeaders, CASE_LOWER);
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
$headersToSign = [];
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
$headersToSign = [];
foreach (explode(' ', $signatureData['headers']) as $h) {
if ($h == '(request-target)') {
$headersToSign[$h] = 'post ' . $path;