Signer.php 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  5. *
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license GNU AGPL version 3 or any later version
  11. *
  12. * This program is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License as
  14. * published by the Free Software Foundation, either version 3 of the
  15. * License, or (at your option) any later version.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24. *
  25. */
  26. namespace OC\Security\IdentityProof;
  27. use OCP\AppFramework\Utility\ITimeFactory;
  28. use OCP\IUser;
  29. use OCP\IUserManager;
  30. class Signer {
  31. /** @var Manager */
  32. private $keyManager;
  33. /** @var ITimeFactory */
  34. private $timeFactory;
  35. /** @var IUserManager */
  36. private $userManager;
  37. /**
  38. * @param Manager $keyManager
  39. * @param ITimeFactory $timeFactory
  40. * @param IUserManager $userManager
  41. */
  42. public function __construct(Manager $keyManager,
  43. ITimeFactory $timeFactory,
  44. IUserManager $userManager) {
  45. $this->keyManager = $keyManager;
  46. $this->timeFactory = $timeFactory;
  47. $this->userManager = $userManager;
  48. }
  49. /**
  50. * Returns a signed blob for $data
  51. *
  52. * @param string $type
  53. * @param array $data
  54. * @param IUser $user
  55. * @return array ['message', 'signature']
  56. */
  57. public function sign(string $type, array $data, IUser $user): array {
  58. $privateKey = $this->keyManager->getKey($user)->getPrivate();
  59. $data = [
  60. 'data' => $data,
  61. 'type' => $type,
  62. 'signer' => $user->getCloudId(),
  63. 'timestamp' => $this->timeFactory->getTime(),
  64. ];
  65. openssl_sign(json_encode($data), $signature, $privateKey, OPENSSL_ALGO_SHA512);
  66. return [
  67. 'message' => $data,
  68. 'signature' => base64_encode($signature),
  69. ];
  70. }
  71. /**
  72. * Whether the data is signed properly
  73. *
  74. * @param array $data
  75. * @return bool
  76. */
  77. public function verify(array $data): bool {
  78. if (isset($data['message'])
  79. && isset($data['signature'])
  80. && isset($data['message']['signer'])
  81. ) {
  82. $location = strrpos($data['message']['signer'], '@');
  83. $userId = substr($data['message']['signer'], 0, $location);
  84. $user = $this->userManager->get($userId);
  85. if ($user !== null) {
  86. $key = $this->keyManager->getKey($user);
  87. return openssl_verify(
  88. json_encode($data['message']),
  89. base64_decode($data['signature']),
  90. $key->getPublic(),
  91. OPENSSL_ALGO_SHA512
  92. ) === 1;
  93. }
  94. }
  95. return false;
  96. }
  97. }