fix public key re-fetch logic
This commit is contained in:
parent
78a75171c2
commit
5eb9a263e2
1 changed files with 7 additions and 11 deletions
|
@ -118,19 +118,15 @@ export class InboxProcessorService implements OnApplicationShutdown {
|
||||||
// HTTP-Signatureの検証
|
// HTTP-Signatureの検証
|
||||||
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||||
|
|
||||||
// また、signatureのsignerは、activity.actorと一致する必要がある
|
if (!httpSignatureValidated) {
|
||||||
if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
|
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
|
||||||
let renewKeyFailed = true;
|
if (authUser.key != null) {
|
||||||
|
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
||||||
if (!httpSignatureValidated) {
|
|
||||||
authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
|
|
||||||
|
|
||||||
if (authUser.key != null) {
|
|
||||||
httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
|
|
||||||
renewKeyFailed = false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// また、signatureのsignerは、activity.actorと一致する必要がある
|
||||||
|
if (!httpSignatureValidated || authUser.user.uri !== getApId(activity.actor)) {
|
||||||
// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
|
// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
|
||||||
const ldSignature = activity.signature;
|
const ldSignature = activity.signature;
|
||||||
if (ldSignature) {
|
if (ldSignature) {
|
||||||
|
|
Loading…
Reference in a new issue