Signer.php 2.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  5. *
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license GNU AGPL version 3 or any later version
  11. *
  12. * This program is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License as
  14. * published by the Free Software Foundation, either version 3 of the
  15. * License, or (at your option) any later version.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24. *
  25. */
  26. namespace OC\Security\IdentityProof;
  27. use OCP\AppFramework\Utility\ITimeFactory;
  28. use OCP\IUser;
  29. use OCP\IUserManager;
  30. class Signer {
  31. public function __construct(
  32. private Manager $keyManager,
  33. private ITimeFactory $timeFactory,
  34. private IUserManager $userManager,
  35. ) {
  36. }
  37. /**
  38. * Returns a signed blob for $data
  39. *
  40. * @return array ['message', 'signature']
  41. */
  42. public function sign(string $type, array $data, IUser $user): array {
  43. $privateKey = $this->keyManager->getKey($user)->getPrivate();
  44. $data = [
  45. 'data' => $data,
  46. 'type' => $type,
  47. 'signer' => $user->getCloudId(),
  48. 'timestamp' => $this->timeFactory->getTime(),
  49. ];
  50. openssl_sign(json_encode($data), $signature, $privateKey, OPENSSL_ALGO_SHA512);
  51. return [
  52. 'message' => $data,
  53. 'signature' => base64_encode($signature),
  54. ];
  55. }
  56. /**
  57. * Whether the data is signed properly
  58. *
  59. */
  60. public function verify(array $data): bool {
  61. if (isset($data['message']['signer'])
  62. && isset($data['signature'])
  63. ) {
  64. $location = strrpos($data['message']['signer'], '@');
  65. $userId = substr($data['message']['signer'], 0, $location);
  66. $user = $this->userManager->get($userId);
  67. if ($user !== null) {
  68. $key = $this->keyManager->getKey($user);
  69. return openssl_verify(
  70. json_encode($data['message']),
  71. base64_decode($data['signature']),
  72. $key->getPublic(),
  73. OPENSSL_ALGO_SHA512
  74. ) === 1;
  75. }
  76. }
  77. return false;
  78. }
  79. }