mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71964 Commits
413 Branches
Tree: e42f511412
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e42f511412'
${ noResults }
nextcloud/lib/private/Security/IdentityProof/Signer.php

Signer.php 2.4KB
Raw Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>

  7.  *

  8.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  9.  * @author Lukas Reschke <lukas@statuscode.ch>

  10.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  11.  *

  12.  * @license GNU AGPL version 3 or any later version

  13.  *

  14.  * This program is free software: you can redistribute it and/or modify

  15.  * it under the terms of the GNU Affero General Public License as

  16.  * published by the Free Software Foundation, either version 3 of the

  17.  * License, or (at your option) any later version.

  18.  *

  19.  * This program is distributed in the hope that it will be useful,

  20.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  21.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  22.  * GNU Affero General Public License for more details.

  23.  *

  24.  * You should have received a copy of the GNU Affero General Public License

  25.  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  26.  *

  27.  */

  28. namespace OC\Security\IdentityProof;

  29. 

  30. use OCP\AppFramework\Utility\ITimeFactory;

  31. use OCP\IUser;

  32. use OCP\IUserManager;

  33. 

  34. class Signer {

  35. 	public function __construct(

  36. 		private Manager $keyManager,

  37. 		private ITimeFactory $timeFactory,

  38. 		private IUserManager $userManager,

  39. 	) {

  40. 	}

  41. 

  42. 	/**

  43. 	 * Returns a signed blob for $data

  44. 	 *

  45. 	 * @return array ['message', 'signature']

  46. 	 */

  47. 	public function sign(string $type, array $data, IUser $user): array {

  48. 		$privateKey = $this->keyManager->getKey($user)->getPrivate();

  49. 		$data = [

  50. 			'data' => $data,

  51. 			'type' => $type,

  52. 			'signer' => $user->getCloudId(),

  53. 			'timestamp' => $this->timeFactory->getTime(),

  54. 		];

  55. 		openssl_sign(json_encode($data), $signature, $privateKey, OPENSSL_ALGO_SHA512);

  56. 

  57. 		return [

  58. 			'message' => $data,

  59. 			'signature' => base64_encode($signature),

  60. 		];

  61. 	}

  62. 

  63. 	/**

  64. 	 * Whether the data is signed properly

  65. 	 *

  66. 	 */

  67. 	public function verify(array $data): bool {

  68. 		if (isset($data['message']['signer'])

  69. 			&& isset($data['signature'])

  70. 		) {

  71. 			$location = strrpos($data['message']['signer'], '@');

  72. 			$userId = substr($data['message']['signer'], 0, $location);

  73. 

  74. 			$user = $this->userManager->get($userId);

  75. 			if ($user !== null) {

  76. 				$key = $this->keyManager->getKey($user);

  77. 				return (bool)openssl_verify(

  78. 					json_encode($data['message']),

  79. 					base64_decode($data['signature']),

  80. 					$key->getPublic(),

  81. 					OPENSSL_ALGO_SHA512

  82. 				);

  83. 			}

  84. 		}

  85. 

  86. 		return false;

  87. 	}

  88. }