Refactor VerifySignature to improve UUID and SHA512 validation, removing unnecessary exception handling for invalid parameters.

https://github.com/nosial/Socialbox-PHP/issues/45
This commit is contained in:
netkas 2025-03-12 20:50:00 -04:00
parent 97f2c17282
commit 3be5cd104d
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 20 additions and 10 deletions

View file

@ -4,8 +4,6 @@
use InvalidArgumentException;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Classes\Validator;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Interfaces\SerializableInterface;
@ -32,10 +30,6 @@
{
throw new MissingRpcArgumentException('signature_uuid');
}
elseif(!Validator::validateUuid($rpcRequest->getParameter('signature_uuid')))
{
throw new InvalidRpcArgumentException('signature_uuid', 'Invalid UUID V4');
}
if(!$rpcRequest->containsParameter('signature'))
{
@ -46,10 +40,6 @@
{
throw new MissingRpcArgumentException('sha512');
}
elseif(!Cryptography::validateSha512($rpcRequest->getParameter('sha512')))
{
throw new InvalidRpcArgumentException('sha512', 'Invalid SHA512');
}
// Parse the peer address
try

View file

@ -789,6 +789,16 @@
*/
public static function verifyTimedSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
{
if(!Validator::validateUuid($signatureUuid))
{
return SignatureVerificationStatus::INVALID;
}
if(!Cryptography::validateSha512($messageHash))
{
return SignatureVerificationStatus::INVALID;
}
// Resolve the peer signature key
try
{
@ -838,6 +848,16 @@
*/
public static function verifySignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash): SignatureVerificationStatus
{
if(!Validator::validateUuid($signatureUuid))
{
return SignatureVerificationStatus::INVALID;
}
if(!Cryptography::validateSha512($messageHash))
{
return SignatureVerificationStatus::INVALID;
}
try
{
$signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);