From 3be5cd104d46fbc721e5e054fd34983fdd46f111 Mon Sep 17 00:00:00 2001 From: netkas Date: Wed, 12 Mar 2025 20:50:00 -0400 Subject: [PATCH] Refactor VerifySignature to improve UUID and SHA512 validation, removing unnecessary exception handling for invalid parameters. https://github.com/nosial/Socialbox-PHP/issues/45 --- .../StandardMethods/Core/VerifySignature.php | 10 ---------- src/Socialbox/Socialbox.php | 20 +++++++++++++++++++ 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/src/Socialbox/Classes/StandardMethods/Core/VerifySignature.php b/src/Socialbox/Classes/StandardMethods/Core/VerifySignature.php index f8e2633..a01000c 100644 --- a/src/Socialbox/Classes/StandardMethods/Core/VerifySignature.php +++ b/src/Socialbox/Classes/StandardMethods/Core/VerifySignature.php @@ -4,8 +4,6 @@ use InvalidArgumentException; use Socialbox\Abstracts\Method; - use Socialbox\Classes\Cryptography; - use Socialbox\Classes\Validator; use Socialbox\Exceptions\Standard\InvalidRpcArgumentException; use Socialbox\Exceptions\Standard\MissingRpcArgumentException; use Socialbox\Interfaces\SerializableInterface; @@ -32,10 +30,6 @@ { throw new MissingRpcArgumentException('signature_uuid'); } - elseif(!Validator::validateUuid($rpcRequest->getParameter('signature_uuid'))) - { - throw new InvalidRpcArgumentException('signature_uuid', 'Invalid UUID V4'); - } if(!$rpcRequest->containsParameter('signature')) { @@ -46,10 +40,6 @@ { throw new MissingRpcArgumentException('sha512'); } - elseif(!Cryptography::validateSha512($rpcRequest->getParameter('sha512'))) - { - throw new InvalidRpcArgumentException('sha512', 'Invalid SHA512'); - } // Parse the peer address try diff --git a/src/Socialbox/Socialbox.php b/src/Socialbox/Socialbox.php index f2a6469..0c011b6 100644 --- a/src/Socialbox/Socialbox.php +++ b/src/Socialbox/Socialbox.php @@ -789,6 +789,16 @@ */ public static function verifyTimedSignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash, int $signatureTime): SignatureVerificationStatus { + if(!Validator::validateUuid($signatureUuid)) + { + return SignatureVerificationStatus::INVALID; + } + + if(!Cryptography::validateSha512($messageHash)) + { + return SignatureVerificationStatus::INVALID; + } + // Resolve the peer signature key try { @@ -838,6 +848,16 @@ */ public static function verifySignature(PeerAddress|string $signingPeer, string $signatureUuid, string $signature, string $messageHash): SignatureVerificationStatus { + if(!Validator::validateUuid($signatureUuid)) + { + return SignatureVerificationStatus::INVALID; + } + + if(!Cryptography::validateSha512($messageHash)) + { + return SignatureVerificationStatus::INVALID; + } + try { $signingKey = self::resolvePeerSignature($signingPeer, $signatureUuid);