* * @author Lukas Reschke * @author Roeland Jago Douma * * @license GNU AGPL version 3 or any later version * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . * */ namespace OC\Security\IdentityProof; use OCP\AppFramework\Utility\ITimeFactory; use OCP\IUser; use OCP\IUserManager; class Signer { /** @var Manager */ private $keyManager; /** @var ITimeFactory */ private $timeFactory; /** @var IUserManager */ private $userManager; /** * @param Manager $keyManager * @param ITimeFactory $timeFactory * @param IUserManager $userManager */ public function __construct(Manager $keyManager, ITimeFactory $timeFactory, IUserManager $userManager) { $this->keyManager = $keyManager; $this->timeFactory = $timeFactory; $this->userManager = $userManager; } /** * Returns a signed blob for $data * * @param string $type * @param array $data * @param IUser $user * @return array ['message', 'signature'] */ public function sign($type, array $data, IUser $user) { $privateKey = $this->keyManager->getKey($user)->getPrivate(); $data = [ 'data' => $data, 'type' => $type, 'signer' => $user->getCloudId(), 'timestamp' => $this->timeFactory->getTime(), ]; openssl_sign(json_encode($data), $signature, $privateKey, OPENSSL_ALGO_SHA512); return [ 'message' => $data, 'signature' => base64_encode($signature), ]; } /** * Whether the data is signed properly * * @param array $data * @return bool */ public function verify(array $data) { if(isset($data['message']) && isset($data['signature']) && isset($data['message']['signer']) ) { $location = strrpos($data['message']['signer'], '@'); $userId = substr($data['message']['signer'], 0, $location); $user = $this->userManager->get($userId); if($user !== null) { $key = $this->keyManager->getKey($user); return (bool)openssl_verify( json_encode($data['message']), base64_decode($data['signature']), $key->getPublic(), OPENSSL_ALGO_SHA512 ); } } return false; } }