Merge pull request #8666 from nextcloud/strict_idproof
Make \OC\Security\IdentityProof strict
This commit is contained in:
Morris Jobke
GitHub
commit
d0de8e4905
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
/**
|
/**
|
||||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||||
*
|
*
|
||||||
|
|
@ -33,16 +34,16 @@ class Key {
|
||||||
* @param string $publicKey
|
* @param string $publicKey
|
||||||
* @param string $privateKey
|
* @param string $privateKey
|
||||||
*/
|
*/
|
||||||
public function __construct($publicKey, $privateKey) {
|
public function __construct(string $publicKey, string $privateKey) {
|
||||||
$this->publicKey = $publicKey;
|
$this->publicKey = $publicKey;
|
||||||
$this->privateKey = $privateKey;
|
$this->privateKey = $privateKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPrivate() {
|
public function getPrivate(): string {
|
||||||
return $this->privateKey;
|
return $this->privateKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPublic() {
|
public function getPublic(): string {
|
||||||
return $this->publicKey;
|
return $this->publicKey;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
/**
|
/**
|
||||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||||
*
|
*
|
||||||
|
|
@ -59,7 +60,7 @@ class Manager {
|
||||||
*
|
*
|
||||||
* @return array [$publicKey, $privateKey]
|
* @return array [$publicKey, $privateKey]
|
||||||
*/
|
*/
|
||||||
protected function generateKeyPair() {
|
protected function generateKeyPair(): array {
|
||||||
$config = [
|
$config = [
|
||||||
'digest_alg' => 'sha512',
|
'digest_alg' => 'sha512',
|
||||||
'private_key_bits' => 2048,
|
'private_key_bits' => 2048,
|
||||||
|
|
@ -83,7 +84,7 @@ class Manager {
|
||||||
* @param string $id key id
|
* @param string $id key id
|
||||||
* @return Key
|
* @return Key
|
||||||
*/
|
*/
|
||||||
protected function generateKey($id) {
|
protected function generateKey(string $id): Key {
|
||||||
list($publicKey, $privateKey) = $this->generateKeyPair();
|
list($publicKey, $privateKey) = $this->generateKeyPair();
|
||||||
|
|
||||||
// Write the private and public key to the disk
|
// Write the private and public key to the disk
|
||||||
|
|
@ -105,7 +106,7 @@ class Manager {
|
||||||
* @param string $id
|
* @param string $id
|
||||||
* @return Key
|
* @return Key
|
||||||
*/
|
*/
|
||||||
protected function retrieveKey($id) {
|
protected function retrieveKey(string $id): Key {
|
||||||
try {
|
try {
|
||||||
$folder = $this->appData->getFolder($id);
|
$folder = $this->appData->getFolder($id);
|
||||||
$privateKey = $this->crypto->decrypt(
|
$privateKey = $this->crypto->decrypt(
|
||||||
|
|
@ -124,7 +125,7 @@ class Manager {
|
||||||
* @param IUser $user
|
* @param IUser $user
|
||||||
* @return Key
|
* @return Key
|
||||||
*/
|
*/
|
||||||
public function getKey(IUser $user) {
|
public function getKey(IUser $user): Key {
|
||||||
$uid = $user->getUID();
|
$uid = $user->getUID();
|
||||||
return $this->retrieveKey('user-' . $uid);
|
return $this->retrieveKey('user-' . $uid);
|
||||||
}
|
}
|
||||||
|
|
@ -135,7 +136,7 @@ class Manager {
|
||||||
* @return Key
|
* @return Key
|
||||||
* @throws \RuntimeException
|
* @throws \RuntimeException
|
||||||
*/
|
*/
|
||||||
public function getSystemKey() {
|
public function getSystemKey(): Key {
|
||||||
$instanceId = $this->config->getSystemValue('instanceid', null);
|
$instanceId = $this->config->getSystemValue('instanceid', null);
|
||||||
if ($instanceId === null) {
|
if ($instanceId === null) {
|
||||||
throw new \RuntimeException('no instance id!');
|
throw new \RuntimeException('no instance id!');
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
/**
|
/**
|
||||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||||
*
|
*
|
||||||
|
|
@ -57,7 +58,7 @@ class Signer {
|
||||||
* @param IUser $user
|
* @param IUser $user
|
||||||
* @return array ['message', 'signature']
|
* @return array ['message', 'signature']
|
||||||
*/
|
*/
|
||||||
public function sign($type, array $data, IUser $user) {
|
public function sign(string $type, array $data, IUser $user): array {
|
||||||
$privateKey = $this->keyManager->getKey($user)->getPrivate();
|
$privateKey = $this->keyManager->getKey($user)->getPrivate();
|
||||||
$data = [
|
$data = [
|
||||||
'data' => $data,
|
'data' => $data,
|
||||||
|
|
@ -79,7 +80,7 @@ class Signer {
|
||||||
* @param array $data
|
* @param array $data
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function verify(array $data) {
|
public function verify(array $data): bool {
|
||||||
if(isset($data['message'])
|
if(isset($data['message'])
|
||||||
&& isset($data['signature'])
|
&& isset($data['signature'])
|
||||||
&& isset($data['message']['signer'])
|
&& isset($data['message']['signer'])
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue