protected function verifySignature()
{
$publicAccountKey = PublicKey::formatPEM(SocialRecordManager::retrieveSocialRecord($this->headers[SONIC_HEADER__SOURCE_GID])->getAccountPublicKey());
if (!Signature::verifySignature($this->getStringForRequestSignature(), $publicAccountKey, $this->headers[SONIC_HEADER__SIGNATURE])) {
throw new MalformedRequestHeaderException("Invalid request signature!");
} else {
return true;
}
}
/**
* Creates a GlobalID from a $key and $salt.
*
* @param $key the publicKey
* @param $salt the salt
*
* @return the GlobalID
*/
public static function createGID($key, $salt)
{
$gid = null;
$key = PublicKey::exportKey($key);
// headers, trailers, and linebreaks have to be deleted
$gid = strtoupper(hash_pbkdf2(self::$HASH_ALGORITHM, $key, $salt, self::$ITERATIONS));
$gid = self::convBase($gid, "0123456789ABCDEF", "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ");
return $gid;
}
/**
* Serialization method for SocialRecord
*
* @return The serialized SocialRecord (String)
*/
public function getJSONString()
{
$json = '{' . '"@context":"' . SocialRecord::JSONLD_CONTEXT . '",' . '"@type":"' . SocialRecord::JSONLD_TYPE . '",' . '"type":"' . $this->type . '",' . '"globalID":"' . $this->globalID . '",' . '"platformGID":"' . $this->platformGID . '",' . '"displayName":"' . $this->displayName . '",' . '"profileLocation":"' . $this->profileLocation . '",' . '"personalPublicKey":"' . PublicKey::exportKey($this->personalPublicKey) . '",' . '"accountPublicKey":"' . PublicKey::exportKey($this->accountPublicKey) . '",' . '"salt":"' . $this->salt . '",' . '"datetime":"' . $this->datetime . '",' . '"active":' . $this->active . ',' . '"keyRevocationList":[';
foreach ($this->keyRevocationList as $krc) {
$json .= $krc->getJSONString();
if ($krc !== end($this->keyRevocationList)) {
$json .= ',';
}
}
$json .= ']}';
return $json;
}
/**
* Retrieves a SocialRecord for a given GlobalID from the GSLS. The signed JWT stored in the GSLS will be retrieved, the payloads verified, and the enclosed SocialRecord object will be returned.
*
* @param $gid The GlobalID to resolve
* @param $raw If set to true, the signed JWT will be returned instead of the SocialRecrod
*
* @throws SocialRecordNotFoundException
* @throws SocialRecordIntegrityException
* @throws Exception
*
* @return SocialRecord object
*/
public static function getSocialRecord($gid, $raw = false)
{
$ch = curl_init(Configuration::getPrimaryGSLSNode() . '/' . $gid);
if (Configuration::getCurlVerbose() >= 2) {
curl_setopt($ch, CURLOPT_VERBOSE, 1);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, Configuration::getGSLSTimeout());
$result = curl_exec($ch);
if (curl_errno($ch) != CURLE_OK) {
$ch = curl_init(Configuration::getSecondaryGSLSNode() . '/' . $gid);
if (Configuration::getCurlVerbose() >= 2) {
curl_setopt($ch, CURLOPT_VERBOSE, 1);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPGET, 1);
$result = curl_exec($ch);
if (curl_errno($ch) != CURLE_OK) {
throw new \Exception('Connection error: ' . curl_error($ch));
}
}
$result = json_decode($result);
curl_close($ch);
if ($result->responseCode != 200) {
if ($result->responseCode == 404) {
throw new SocialRecordNotFoundException($result->message);
} else {
throw new \Exception($result->message);
}
} else {
// verify JWT and extract SocialRecord
$signer = new Sha512();
$token = (new Parser())->parse((string) $result->socialRecord);
$socialRecord = json_decode(base64_decode($token->getClaim('socialRecord')));
$personalPublicKey = PublicKey::formatPEM($socialRecord->personalPublicKey);
try {
$token->verify($signer, $personalPublicKey);
} catch (\Exception $e) {
throw new SocialRecordIntegrityException('SocialRecord integrity compromised: ' . $e->getMessage());
}
if ($raw) {
return $token;
} else {
return SocialRecordBuilder::buildFromJSON(json_encode($socialRecord, JSON_UNESCAPED_SLASHES));
}
}
}
/**
* Creates a SocialRecord object from a JSON String
*
* @param $json (String) The serialized SocialRecord
*
* @return SocialRecord
*/
public static function buildFromJSON($json)
{
$jsonObject = json_decode($json);
if (!property_exists($jsonObject, 'platformGID')) {
throw new SocialRecordFormatException('SocialRecord: Property platformGID missing!');
}
if (!property_exists($jsonObject, 'globalID')) {
throw new SocialRecordFormatException('SocialRecord: Property globalID missing!');
}
if (!property_exists($jsonObject, 'type')) {
throw new SocialRecordFormatException('SocialRecord: Property type missing!');
}
if (!property_exists($jsonObject, 'displayName')) {
throw new SocialRecordFormatException('SocialRecord: Property displayName missing!');
}
if (!property_exists($jsonObject, 'profileLocation')) {
throw new SocialRecordFormatException('SocialRecord: Property profileLocation missing!');
}
if (!property_exists($jsonObject, 'personalPublicKey')) {
throw new SocialRecordFormatException('SocialRecord: Property personalPublicKey missing!');
}
if (!property_exists($jsonObject, 'accountPublicKey')) {
throw new SocialRecordFormatException('SocialRecord: Property accountPublicKey missing!');
}
if (!property_exists($jsonObject, 'salt')) {
throw new SocialRecordFormatException('SocialRecord: Property salt missing!');
}
if (!property_exists($jsonObject, 'datetime')) {
throw new SocialRecordFormatException('SocialRecord: Property datetime missing!');
}
if (!property_exists($jsonObject, 'active')) {
throw new SocialRecordFormatException('SocialRecord: Property active missing!');
}
if (!property_exists($jsonObject, 'keyRevocationList')) {
throw new SocialRecordFormatException('SocialRecord: Property keyRevocationList missing!');
}
$krl = array();
foreach ($jsonObject->keyRevocationList as $krc) {
$krl[] = KeyRevocationCertificateBuilder::buildFromJSON($krc);
}
return (new SocialRecordBuilder())->type($jsonObject->type)->globalID($jsonObject->globalID)->platformGID($jsonObject->platformGID)->displayName($jsonObject->displayName)->profileLocation($jsonObject->profileLocation)->personalPublicKey(PublicKey::formatPEM($jsonObject->personalPublicKey))->accountPublicKey(PublicKey::formatPEM($jsonObject->accountPublicKey))->salt($jsonObject->salt)->datetime($jsonObject->datetime)->active($jsonObject->active)->keyRevocationList($krl)->build();
}