From 71b7c31958e2ce11a4b5a11a5c282ca3bdcb41dc Mon Sep 17 00:00:00 2001
From: Mar0xy <marie@kaifa.ch>
Date: Fri, 20 Oct 2023 12:50:56 +0200
Subject: upd: refetch user keys on signature failure

Reference: https://github.com/misskey-dev/misskey/pull/12051
---
 .../src/queue/processors/InboxProcessorService.ts        | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'packages/backend/src/queue')

diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts
index 89d4ea503e..f51c9f140d 100644
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@@ -104,12 +104,24 @@ export class InboxProcessorService {
 		}
 
 		// HTTP-Signatureの検証
-		const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
+		let httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
 
 		// また、signatureのsignerは、activity.actorと一致する必要がある
 		if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
+			let renewKeyFailed = false;
+			
+			if (!httpSignatureValidated) {
+				authUser.key = await this.apDbResolverService.refetchPublicKeyForApId(authUser.user);
+
+				if (authUser.key != null) {
+					httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
+				} else {
+					renewKeyFailed = true;
+				}
+			}
+
 			// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
-			if (activity.signature) {
+			if (activity.signature && renewKeyFailed) {
 				if (activity.signature.type !== 'RsaSignature2017') {
 					throw new Bull.UnrecoverableError(`skip: unsupported LD-signature type ${activity.signature.type}`);
 				}
-- 
cgit v1.2.3-freya