protected function verifySignature()
{
$publicAccountKey = PublicKey::formatPEM(SocialRecordManager::retrieveSocialRecord($this->headers[SONIC_HEADER__SOURCE_GID])->getAccountPublicKey());
if (!Signature::verifySignature($this->getStringForRequestSignature(), $publicAccountKey, $this->headers[SONIC_HEADER__SIGNATURE])) {
throw new MalformedRequestHeaderException("Invalid request signature!");
} else {
return true;
}
}
public function __construct(SocialRecordBuilder $builder)
{
$this->setType($builder->getType());
$this->setGlobalID($builder->getGlobalID());
$this->setPlatformGID($builder->getPlatformGID());
$this->setDisplayName($builder->getDisplayName());
$this->setProfileLocation($builder->getProfileLocation());
$this->setPersonalPublicKey(PublicKey::formatPEM($builder->getPersonalPublicKey()));
$this->setAccountPublicKey(PublicKey::formatPEM($builder->getAccountPublicKey()));
$this->setSalt($builder->getSalt());
$this->setDatetime($builder->getDatetime());
$this->setActive($builder->getActive());
$this->setKeyRevocationList($builder->getKeyRevocationList());
}
/**
* Retrieves a SocialRecord for a given GlobalID from the GSLS. The signed JWT stored in the GSLS will be retrieved, the payloads verified, and the enclosed SocialRecord object will be returned.
*
* @param $gid The GlobalID to resolve
* @param $raw If set to true, the signed JWT will be returned instead of the SocialRecrod
*
* @throws SocialRecordNotFoundException
* @throws SocialRecordIntegrityException
* @throws Exception
*
* @return SocialRecord object
*/
public static function getSocialRecord($gid, $raw = false)
{
$ch = curl_init(Configuration::getPrimaryGSLSNode() . '/' . $gid);
if (Configuration::getCurlVerbose() >= 2) {
curl_setopt($ch, CURLOPT_VERBOSE, 1);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, Configuration::getGSLSTimeout());
$result = curl_exec($ch);
if (curl_errno($ch) != CURLE_OK) {
$ch = curl_init(Configuration::getSecondaryGSLSNode() . '/' . $gid);
if (Configuration::getCurlVerbose() >= 2) {
curl_setopt($ch, CURLOPT_VERBOSE, 1);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPGET, 1);
$result = curl_exec($ch);
if (curl_errno($ch) != CURLE_OK) {
throw new \Exception('Connection error: ' . curl_error($ch));
}
}
$result = json_decode($result);
curl_close($ch);
if ($result->responseCode != 200) {
if ($result->responseCode == 404) {
throw new SocialRecordNotFoundException($result->message);
} else {
throw new \Exception($result->message);
}
} else {
// verify JWT and extract SocialRecord
$signer = new Sha512();
$token = (new Parser())->parse((string) $result->socialRecord);
$socialRecord = json_decode(base64_decode($token->getClaim('socialRecord')));
$personalPublicKey = PublicKey::formatPEM($socialRecord->personalPublicKey);
try {
$token->verify($signer, $personalPublicKey);
} catch (\Exception $e) {
throw new SocialRecordIntegrityException('SocialRecord integrity compromised: ' . $e->getMessage());
}
if ($raw) {
return $token;
} else {
return SocialRecordBuilder::buildFromJSON(json_encode($socialRecord, JSON_UNESCAPED_SLASHES));
}
}
}
/**
* Creates a SocialRecord object from a JSON String
*
* @param $json (String) The serialized SocialRecord
*
* @return SocialRecord
*/
public static function buildFromJSON($json)
{
$jsonObject = json_decode($json);
if (!property_exists($jsonObject, 'platformGID')) {
throw new SocialRecordFormatException('SocialRecord: Property platformGID missing!');
}
if (!property_exists($jsonObject, 'globalID')) {
throw new SocialRecordFormatException('SocialRecord: Property globalID missing!');
}
if (!property_exists($jsonObject, 'type')) {
throw new SocialRecordFormatException('SocialRecord: Property type missing!');
}
if (!property_exists($jsonObject, 'displayName')) {
throw new SocialRecordFormatException('SocialRecord: Property displayName missing!');
}
if (!property_exists($jsonObject, 'profileLocation')) {
throw new SocialRecordFormatException('SocialRecord: Property profileLocation missing!');
}
if (!property_exists($jsonObject, 'personalPublicKey')) {
throw new SocialRecordFormatException('SocialRecord: Property personalPublicKey missing!');
}
if (!property_exists($jsonObject, 'accountPublicKey')) {
throw new SocialRecordFormatException('SocialRecord: Property accountPublicKey missing!');
}
if (!property_exists($jsonObject, 'salt')) {
throw new SocialRecordFormatException('SocialRecord: Property salt missing!');
}
if (!property_exists($jsonObject, 'datetime')) {
throw new SocialRecordFormatException('SocialRecord: Property datetime missing!');
}
if (!property_exists($jsonObject, 'active')) {
throw new SocialRecordFormatException('SocialRecord: Property active missing!');
}
if (!property_exists($jsonObject, 'keyRevocationList')) {
throw new SocialRecordFormatException('SocialRecord: Property keyRevocationList missing!');
}
$krl = array();
foreach ($jsonObject->keyRevocationList as $krc) {
$krl[] = KeyRevocationCertificateBuilder::buildFromJSON($krc);
}
return (new SocialRecordBuilder())->type($jsonObject->type)->globalID($jsonObject->globalID)->platformGID($jsonObject->platformGID)->displayName($jsonObject->displayName)->profileLocation($jsonObject->profileLocation)->personalPublicKey(PublicKey::formatPEM($jsonObject->personalPublicKey))->accountPublicKey(PublicKey::formatPEM($jsonObject->accountPublicKey))->salt($jsonObject->salt)->datetime($jsonObject->datetime)->active($jsonObject->active)->keyRevocationList($krl)->build();
}