diff --git a/src/activitypub/authentication.rs b/src/activitypub/authentication.rs index f55ab41..9a2e9e6 100644 --- a/src/activitypub/authentication.rs +++ b/src/activitypub/authentication.rs @@ -91,15 +91,15 @@ pub async fn verify_signed_request( Err(other_error) => return Err(other_error.into()), }; - let actor_id = key_id_to_actor_id(&signature_data.key_id)?; - let actor_profile = if no_fetch { - get_profile_by_remote_actor_id(db_client, &actor_id).await? + let signer_id = key_id_to_actor_id(&signature_data.key_id)?; + let signer = if no_fetch { + get_profile_by_remote_actor_id(db_client, &signer_id).await? } else { match get_or_import_profile_by_actor_id( db_client, &config.instance(), &config.media_dir(), - &actor_id, + &signer_id, ).await { Ok(profile) => profile, Err(HandlerError::DatabaseError(error)) => return Err(error.into()), @@ -108,13 +108,14 @@ pub async fn verify_signed_request( }, } }; - let actor = actor_profile.actor_json.as_ref() - .ok_or(AuthenticationError::ActorError("local signer"))?; - let public_key = deserialize_public_key(&actor.public_key.public_key_pem)?; + let signer_actor = signer.actor_json.as_ref() + .expect("request should be signed by remote actor"); + let signer_key = + deserialize_public_key(&signer_actor.public_key.public_key_pem)?; - verify_http_signature(&signature_data, &public_key)?; + verify_http_signature(&signature_data, &signer_key)?; - Ok(actor_profile) + Ok(signer) } pub async fn verify_signed_activity( @@ -122,6 +123,8 @@ pub async fn verify_signed_activity( db_client: &impl GenericClient, activity: &Value, ) -> Result { + let actor_id = activity["actor"].as_str() + .ok_or(AuthenticationError::ActorError("unknown actor"))?; let signature_data = match get_json_signature(activity) { Ok(signature_data) => signature_data, Err(JsonSignatureError::NoProof) => { @@ -130,17 +133,17 @@ pub async fn verify_signed_activity( Err(other_error) => return Err(other_error.into()), }; - let actor_profile = match signature_data.signer { + let signer = match signature_data.signer { JsonSigner::ActorKeyId(ref key_id) => { if signature_data.signature_type != SignatureType::JcsRsaSignature { return Err(AuthenticationError::InvalidJsonSignatureType); }; - let actor_id = key_id_to_actor_id(key_id)?; - let actor_profile = match get_or_import_profile_by_actor_id( + let signer_id = key_id_to_actor_id(key_id)?; + let signer = match get_or_import_profile_by_actor_id( db_client, &config.instance(), &config.media_dir(), - &actor_id, + &signer_id, ).await { Ok(profile) => profile, Err(HandlerError::DatabaseError(error)) => { @@ -150,12 +153,12 @@ pub async fn verify_signed_activity( return Err(AuthenticationError::ImportError(other_error.to_string())); }, }; - let actor = actor_profile.actor_json.as_ref() - .ok_or(AuthenticationError::ActorError("local signer"))?; - let public_key = - deserialize_public_key(&actor.public_key.public_key_pem)?; - verify_rsa_json_signature(&signature_data, &public_key)?; - actor_profile + let signer_actor = signer.actor_json.as_ref() + .expect("activity should be signed by remote actor"); + let signer_key = + deserialize_public_key(&signer_actor.public_key.public_key_pem)?; + verify_rsa_json_signature(&signature_data, &signer_key)?; + signer }, JsonSigner::Did(did) => { let profiles: Vec<_> = search_profiles_by_did_only(db_client, &did) @@ -169,9 +172,7 @@ pub async fn verify_signed_activity( profiles.len(), ); }; - let actor_id = activity["actor"].as_str() - .ok_or(AuthenticationError::ActorError("unknown actor"))?; - let actor_profile = profiles.iter() + let signer = profiles.iter() .find(|profile| profile.actor_id(&config.instance_url()) == actor_id) // Use first profile with a given DID // if none of them matches actor @@ -205,11 +206,11 @@ pub async fn verify_signed_activity( _ => return Err(AuthenticationError::InvalidJsonSignatureType), }; - actor_profile + signer }, }; - Ok(actor_profile) + Ok(signer) } #[cfg(test)]