Refactor VerifySignature to improve UUID and SHA512 validation, removing unnecessary exception handling for invalid parameters.

https://github.com/nosial/Socialbox-PHP/issues/45
2025-03-12 20:50:00 -04:00 · 2025-03-12 20:50:00 -04:00 · 3be5cd104d
commit 3be5cd104d
parent 97f2c17282
2 changed files with 20 additions and 10 deletions
--- a/src/Socialbox/Classes/StandardMethods/Core/VerifySignature.php
+++ b/src/Socialbox/Classes/StandardMethods/Core/VerifySignature.php
@ -4,8 +4,6 @@

    use InvalidArgumentException;
    use Socialbox\Abstracts\Method;
-    use Socialbox\Classes\Cryptography;
-    use Socialbox\Classes\Validator;
    use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
    use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
    use Socialbox\Interfaces\SerializableInterface;
@ -32,10 +30,6 @@
            {
                throw new MissingRpcArgumentException('signature_uuid');
            }
-            elseif(!Validator::validateUuid($rpcRequest->getParameter('signature_uuid')))
-            {
-                throw new InvalidRpcArgumentException('signature_uuid', 'Invalid UUID V4');
-            }

            if(!$rpcRequest->containsParameter('signature'))
            {
@ -46,10 +40,6 @@
            {
                throw new MissingRpcArgumentException('sha512');
            }
-            elseif(!Cryptography::validateSha512($rpcRequest->getParameter('sha512')))
-            {
-                throw new InvalidRpcArgumentException('sha512', 'Invalid SHA512');
-            }

            // Parse the peer address
            try
--- a/src/Socialbox/Socialbox.php
+++ b/src/Socialbox/Socialbox.php
@ -789,6 +789,16 @@
         */
        public static function verifyTimedSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus
        {
+            if(!Validator::validateUuid($signatureUuid))
+            {
+                return SignatureVerificationStatus::INVALID;
+            }
+
+            if(!Cryptography::validateSha512($messageHash))
+            {
+                return SignatureVerificationStatus::INVALID;
+            }
+
            // Resolve the peer signature key
            try
            {
@ -838,6 +848,16 @@
         */
        public static function verifySignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash): SignatureVerificationStatus
        {
+            if(!Validator::validateUuid($signatureUuid))
+            {
+                return SignatureVerificationStatus::INVALID;
+            }
+
+            if(!Cryptography::validateSha512($messageHash))
+            {
+                return SignatureVerificationStatus::INVALID;
+            }
+
            try
            {
                $signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);