FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Activity

Move signature type check to activitypub::authentication module

Browse source
This commit is contained in:
silverpill 2022-11-23 11:40:36 +00:00
parent 3b092631ca
commit 473147ed04
3 changed files with 30 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/activitypub/authentication.rs
View file

@ -9,7 +9,7 @@ use crate::http_signatures::verify::{
verify_http_signature,
HttpSignatureVerificationError as HttpSignatureError,
};
use crate::identity::did::Did;
use crate::identity::{did::Did, signatures::SignatureType};
use crate::json_signatures::verify::{
get_json_signature,
verify_ed25519_json_signature,
@ -38,6 +38,9 @@ pub enum AuthenticationError {
#[error("no JSON signature")]
NoJsonSignature,
#[error("invalid JSON signature type")]
InvalidJsonSignatureType,
#[error("invalid key ID")]
InvalidKeyId(#[from] url::ParseError),
@ -51,7 +54,7 @@ pub enum AuthenticationError {
InvalidPublicKey(#[from] rsa::pkcs8::Error),
#[error("actor and request signer do not match")]
InvalidSigner,
UnexpectedSigner,
}
fn key_id_to_actor_id(key_id: &str) -> Result<String, AuthenticationError> {
@ -116,6 +119,9 @@ pub async fn verify_signed_activity(
let actor_profile = match signature_data.signer {
JsonSigner::ActorKeyId(ref key_id) => {
if signature_data.signature_type != SignatureType::JcsRsaSignature {
return Err(AuthenticationError::InvalidJsonSignatureType);
};
let actor_id = key_id_to_actor_id(key_id)?;
let actor_profile = match get_or_import_profile_by_actor_id(
db_client,
@ -151,21 +157,30 @@ pub async fn verify_signed_activity(
);
};
if let Some(profile) = profiles.pop() {
match did {
Did::Key(did_key) => {
match signature_data.signature_type {
SignatureType::JcsEd25519Signature => {
let did_key = match did {
Did::Key(did_key) => did_key,
_ => return Err(AuthenticationError::InvalidJsonSignatureType),
};
verify_ed25519_json_signature(
&did_key,
&signature_data.message,
&signature_data.signature,
)?;
},
Did::Pkh(did_pkh) => {
SignatureType::JcsEip191Signature => {
let did_pkh = match did {
Did::Pkh(did_pkh) => did_pkh,
_ => return Err(AuthenticationError::InvalidJsonSignatureType),
};
verify_eip191_json_signature(
&did_pkh,
&signature_data.message,
&signature_data.signature,
)?;
},
_ => return Err(AuthenticationError::InvalidJsonSignatureType),
};
profile
} else {

2
src/activitypub/receiver.rs
View file

@ -141,7 +141,7 @@ fn require_actor_signature(actor_id: &str, signer_id: &str)
signer_id,
actor_id,
);
return Err(AuthenticationError::InvalidSigner);
return Err(AuthenticationError::UnexpectedSigner);
};
Ok(())
}

23
src/json_signatures/verify.rs
View file

@ -1,5 +1,8 @@
use std::str::FromStr;
use rsa::RsaPublicKey;
use serde_json::Value;
use url::Url;
use crate::ethereum::identity::verify_eip191_signature;
use crate::identity::{
@ -74,20 +77,12 @@ pub fn get_json_signature(
};
let signature_type = proof.proof_type.parse()
.map_err(|_| VerificationError::InvalidProof("unsupported proof type"))?;
let signer = match signature_type {
SignatureType::JcsEip191Signature => {
let did_pkh: DidPkh = proof.verification_method.parse()
.map_err(|_| VerificationError::InvalidProof("invalid DID"))?;
JsonSigner::Did(Did::Pkh(did_pkh))
},
SignatureType::JcsEd25519Signature => {
let did_key: DidKey = proof.verification_method.parse()
.map_err(|_| VerificationError::InvalidProof("invalid DID"))?;
JsonSigner::Did(Did::Key(did_key))
},
SignatureType::JcsRsaSignature => {
JsonSigner::ActorKeyId(proof.verification_method)
},
let signer = if let Ok(did) = Did::from_str(&proof.verification_method) {
JsonSigner::Did(did)
} else if Url::parse(&proof.verification_method).is_ok() {
JsonSigner::ActorKeyId(proof.verification_method)
} else {
return Err(VerificationError::InvalidProof("unsupported verification method"));
};
let message = canonicalize_object(&object)?;
let signature = decode_multibase_base58btc(&proof.proof_value)?;