Signer.php 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  5. *
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Roeland Jago Douma <roeland@famdouma.nl>
  8. *
  9. * @license GNU AGPL version 3 or any later version
  10. *
  11. * This program is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License as
  13. * published by the Free Software Foundation, either version 3 of the
  14. * License, or (at your option) any later version.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  23. *
  24. */
  25. namespace OC\Security\IdentityProof;
  26. use OCP\AppFramework\Utility\ITimeFactory;
  27. use OCP\IUser;
  28. use OCP\IUserManager;
  29. class Signer {
  30. /** @var Manager */
  31. private $keyManager;
  32. /** @var ITimeFactory */
  33. private $timeFactory;
  34. /** @var IUserManager */
  35. private $userManager;
  36. /**
  37. * @param Manager $keyManager
  38. * @param ITimeFactory $timeFactory
  39. * @param IUserManager $userManager
  40. */
  41. public function __construct(Manager $keyManager,
  42. ITimeFactory $timeFactory,
  43. IUserManager $userManager) {
  44. $this->keyManager = $keyManager;
  45. $this->timeFactory = $timeFactory;
  46. $this->userManager = $userManager;
  47. }
  48. /**
  49. * Returns a signed blob for $data
  50. *
  51. * @param string $type
  52. * @param array $data
  53. * @param IUser $user
  54. * @return array ['message', 'signature']
  55. */
  56. public function sign(string $type, array $data, IUser $user): array {
  57. $privateKey = $this->keyManager->getKey($user)->getPrivate();
  58. $data = [
  59. 'data' => $data,
  60. 'type' => $type,
  61. 'signer' => $user->getCloudId(),
  62. 'timestamp' => $this->timeFactory->getTime(),
  63. ];
  64. openssl_sign(json_encode($data), $signature, $privateKey, OPENSSL_ALGO_SHA512);
  65. return [
  66. 'message' => $data,
  67. 'signature' => base64_encode($signature),
  68. ];
  69. }
  70. /**
  71. * Whether the data is signed properly
  72. *
  73. * @param array $data
  74. * @return bool
  75. */
  76. public function verify(array $data): bool {
  77. if(isset($data['message'])
  78. && isset($data['signature'])
  79. && isset($data['message']['signer'])
  80. ) {
  81. $location = strrpos($data['message']['signer'], '@');
  82. $userId = substr($data['message']['signer'], 0, $location);
  83. $user = $this->userManager->get($userId);
  84. if($user !== null) {
  85. $key = $this->keyManager->getKey($user);
  86. return (bool)openssl_verify(
  87. json_encode($data['message']),
  88. base64_decode($data['signature']),
  89. $key->getPublic(),
  90. OPENSSL_ALGO_SHA512
  91. );
  92. }
  93. }
  94. return false;
  95. }
  96. }