FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Packages Projects Releases Activity

Accept minisign identity proofs from other instances

Browse source
This commit is contained in:
silverpill 2022-11-10 18:05:20 +00:00
parent 38bb3e38e9
commit f4aebdfdb2
1 changed files with 23 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
src/activitypub/actors/attachments.rs
View file

@ -14,6 +14,7 @@ use crate::frontend::get_subscription_page_url;
use crate::identity::{ use crate::identity::{
claims::create_identity_claim, claims::create_identity_claim,
did::Did, did::Did,
minisign::{verify_minisign_identity_proof, IDENTITY_PROOF_MINISIGN},
}; };
use crate::models::profiles::types::{ use crate::models::profiles::types::{
ExtraField, ExtraField,
@ -45,24 +46,34 @@ pub fn parse_identity_proof(
}; };
let proof_type = attachment.signature_algorithm.as_ref() let proof_type = attachment.signature_algorithm.as_ref()
.ok_or(ValidationError("missing proof type"))?; .ok_or(ValidationError("missing proof type"))?;
if proof_type != ETHEREUM_EIP191_PROOF {
return Err(ValidationError("unknown proof type"));
};
let did = attachment.name.parse::<Did>() let did = attachment.name.parse::<Did>()
.map_err(|_| ValidationError("invalid did"))?; .map_err(|_| ValidationError("invalid did"))?;
let message = create_identity_claim(actor_id, &did) let message = create_identity_claim(actor_id, &did)
.map_err(|_| ValidationError("invalid claim"))?; .map_err(|_| ValidationError("invalid claim"))?;
let did_pkh = match did {
Did::Pkh(ref did_pkh) => did_pkh,
_ => return Err(ValidationError("invalid proof issuer")),
};
let signature = attachment.signature_value.as_ref() let signature = attachment.signature_value.as_ref()
.ok_or(ValidationError("missing signature"))?; .ok_or(ValidationError("missing signature"))?;
verify_eip191_identity_proof( match did {
did_pkh, Did::Key(ref did_key) => {
&message, if proof_type != IDENTITY_PROOF_MINISIGN {
signature, return Err(ValidationError("unknown proof type"));
).map_err(|_| ValidationError("invalid identity proof"))?; };
verify_minisign_identity_proof(
did_key,
&message,
&signature,
).map_err(|_| ValidationError("invalid identity proof"))?;
},
Did::Pkh(ref did_pkh) => {
if proof_type != ETHEREUM_EIP191_PROOF {
return Err(ValidationError("unknown proof type"));
};
verify_eip191_identity_proof(
did_pkh,
&message,
signature,
).map_err(|_| ValidationError("invalid identity proof"))?;
},
};
let proof = IdentityProof { let proof = IdentityProof {
issuer: did, issuer: did,
proof_type: proof_type.to_string(), proof_type: proof_type.to_string(),