Updated sig check 2
This commit is contained in:
parent
1c27891f15
commit
faf8ccaaf8
|
@ -215,6 +215,31 @@ exports.getModule = class ActivityPubWebHandler extends WebHandlerModule {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_getAssociatedActors(objectActorId, signatureActorId, cb) {
|
||||||
|
signatureActorId = async.waterfall(
|
||||||
|
[
|
||||||
|
callback => {
|
||||||
|
Actor.fromId(objectActorId, (err, objectActor) => {
|
||||||
|
return callback(err, objectActor);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
(objectActor, callback) => {
|
||||||
|
// shortcut
|
||||||
|
if (objectActorId === signatureActorId) {
|
||||||
|
return callback(null, objectActor, objectActor);
|
||||||
|
}
|
||||||
|
|
||||||
|
Actor.fromId(signatureActorId, (err, signatureActor) => {
|
||||||
|
return callback(err, objectActor, signatureActor);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
],
|
||||||
|
(err, objectActor, signatureActor) => {
|
||||||
|
return cb(err, objectActor, signatureActor);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
_inboxPostHandler(req, resp, signature, inboxType) {
|
_inboxPostHandler(req, resp, signature, inboxType) {
|
||||||
EnigAssert(signature, 'Called without signature!');
|
EnigAssert(signature, 'Called without signature!');
|
||||||
EnigAssert(signature.keyId, 'No keyId in signature!');
|
EnigAssert(signature.keyId, 'No keyId in signature!');
|
||||||
|
@ -239,10 +264,15 @@ exports.getModule = class ActivityPubWebHandler extends WebHandlerModule {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fetch and validate the signature of the remote Actor
|
// Fetch and validate the signature of the remote Actor
|
||||||
Actor.fromId(getActorId(activity), (err, remoteActor) => {
|
this._getAssociatedActors(
|
||||||
|
getActorId(activity),
|
||||||
|
signature.keyId.split('#', 1)[0], // trim #main-key
|
||||||
|
(err, remoteActor, signatureActor) => {
|
||||||
|
//Actor.fromId(getActorId(activity), (err, remoteActor) => {
|
||||||
// validate sig up front
|
// validate sig up front
|
||||||
const httpSigValidated =
|
const httpSigValidated =
|
||||||
remoteActor && this._validateActorSignature(remoteActor, signature);
|
remoteActor &&
|
||||||
|
this._validateActorSignature(signatureActor, signature);
|
||||||
if (activity.type !== WellKnownActivity.Delete && !httpSigValidated) {
|
if (activity.type !== WellKnownActivity.Delete && !httpSigValidated) {
|
||||||
return this.webServer.accessDenied(resp);
|
return this.webServer.accessDenied(resp);
|
||||||
}
|
}
|
||||||
|
@ -288,7 +318,11 @@ exports.getModule = class ActivityPubWebHandler extends WebHandlerModule {
|
||||||
case WellKnownActivity.Follow:
|
case WellKnownActivity.Follow:
|
||||||
// Follow requests are only allowed directly
|
// Follow requests are only allowed directly
|
||||||
if (Collections.Inbox === inboxType) {
|
if (Collections.Inbox === inboxType) {
|
||||||
return this._inboxFollowActivity(resp, remoteActor, activity);
|
return this._inboxFollowActivity(
|
||||||
|
resp,
|
||||||
|
remoteActor,
|
||||||
|
activity
|
||||||
|
);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -321,7 +355,8 @@ exports.getModule = class ActivityPubWebHandler extends WebHandlerModule {
|
||||||
}
|
}
|
||||||
|
|
||||||
return this.webServer.notImplemented(resp);
|
return this.webServer.notImplemented(resp);
|
||||||
});
|
}
|
||||||
|
);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -801,17 +836,17 @@ exports.getModule = class ActivityPubWebHandler extends WebHandlerModule {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// if (signature.keyId !== pubKey.id) {
|
if (signature.keyId !== pubKey.id) {
|
||||||
// this.log.warn(
|
this.log.warn(
|
||||||
// {
|
{
|
||||||
// actorId: actor.id,
|
actorId: actor.id,
|
||||||
// signatureKeyId: signature.keyId,
|
signatureKeyId: signature.keyId,
|
||||||
// actorPubKeyId: pubKey.id,
|
actorPubKeyId: pubKey.id,
|
||||||
// },
|
},
|
||||||
// 'Key ID mismatch'
|
'Key ID mismatch'
|
||||||
// );
|
);
|
||||||
// return false;
|
return false;
|
||||||
// }
|
}
|
||||||
|
|
||||||
if (!httpSignature.verifySignature(signature, pubKey.publicKeyPem)) {
|
if (!httpSignature.verifySignature(signature, pubKey.publicKeyPem)) {
|
||||||
this.log.warn(
|
this.log.warn(
|
||||||
|
|
Loading…
Reference in New Issue