This commit switches the default signature algorithm to
ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium
optional again, and we only pull it in to use it for verifying incomming
signatures. If sodium is not installed, we throw on Ed25519 signatures
instead. At least it is easy for most people to make their Nextcloud
install fully RFC compliant by installing sodium.
I also renamed all the Ed25519 function names to be more precis, using
Jwks for the JSON Web Keys, and RFC9421 for the http-signature code,
where it is needed to distinguish from draft-cavage signatures.
Signed-off-by: Micke Nordin <kano@sunet.se>
Use constants instead of 0/1
Also fix PHPDoc to use correct return values.
Co-authored-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Micke Nordin <kano@sunet.se>
ocm:keys:list list known keys with their slot and kid
ocm:keys:stage generate a pending key, advertise via JWKS
ocm:keys:activate promote pending -> active, demote previous active
ocm:keys:retire delete the retiring key (kid stops resolving)
Plus the autoloader regen covering the new classes from this branch.
Signed-off-by: Micke Nordin <kano@sunet.se>
