LCOV - merged.info - lib/encryption/utils/json_signature_check

LCOV - code coverage report

Current view:	top level - lib/encryption/utils - json_signature_check_extension.dart (source / functions)		Coverage	Total	Hit
Test:	merged.info	Lines:	92.3 %	13	12
Test Date:	2025-10-13 02:23:18	Functions:	-	0	0

            Line data    Source code

       1              : /*
       2              :  *   Famedly Matrix SDK
       3              :  *   Copyright (C) 2020, 2021 Famedly GmbH
       4              :  *
       5              :  *   This program is free software: you can redistribute it and/or modify
       6              :  *   it under the terms of the GNU Affero General Public License as
       7              :  *   published by the Free Software Foundation, either version 3 of the
       8              :  *   License, or (at your option) any later version.
       9              :  *
      10              :  *   This program is distributed in the hope that it will be useful,
      11              :  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
      12              :  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
      13              :  *   GNU Affero General Public License for more details.
      14              :  *
      15              :  *   You should have received a copy of the GNU Affero General Public License
      16              :  *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
      17              :  */
      18              : 
      19              : import 'package:canonical_json/canonical_json.dart';
      20              : import 'package:vodozemac/vodozemac.dart' as vod;
      21              : 
      22              : import 'package:matrix/matrix.dart';
      23              : 
      24              : extension JsonSignatureCheckExtension on Map<String, dynamic> {
      25              :   /// Checks the signature of a signed json object.
      26           10 :   bool checkJsonSignature(String key, String userId, String deviceId) {
      27           10 :     final signatures = this['signatures'];
      28              :     if (signatures == null ||
      29           10 :         signatures is! Map<String, dynamic> ||
      30           10 :         !signatures.containsKey(userId)) {
      31              :       return false;
      32              :     }
      33           10 :     remove('unsigned');
      34           10 :     remove('signatures');
      35           30 :     if (!signatures[userId].containsKey('ed25519:$deviceId')) return false;
      36           30 :     final String signature = signatures[userId]['ed25519:$deviceId'];
      37           10 :     final canonical = canonicalJson.encode(this);
      38           10 :     final message = String.fromCharCodes(canonical);
      39              :     var isValid = false;
      40              :     try {
      41           20 :       vod.Ed25519PublicKey.fromBase64(key).verify(
      42              :         message: message,
      43           10 :         signature: vod.Ed25519Signature.fromBase64(signature),
      44              :       );
      45              :       isValid = true;
      46              :     } catch (e, s) {
      47              :       isValid = false;
      48            0 :       Logs().w('[Vodozemac] Signature check failed', e, s);
      49              :     }
      50              :     return isValid;
      51              :   }
      52              : }

Generated by: LCOV version 2.0-1