This commit switches the default signature algorithm to
ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium
optional again, and we only pull it in to use it for verifying incomming
signatures. If sodium is not installed, we throw on Ed25519 signatures
instead. At least it is easy for most people to make their Nextcloud
install fully RFC compliant by installing sodium.
I also renamed all the Ed25519 function names to be more precis, using
Jwks for the JSON Web Keys, and RFC9421 for the http-signature code,
where it is needed to distinguish from draft-cavage signatures.
Signed-off-by: Micke Nordin <kano@sunet.se>
OCM dual-stack integration of RFC 9421 alongside the existing cavage
publicKey path:
- OCMSignatoryManager: Ed25519 active/pending/retiring slot rotation
backed by numbered pool appkeys, getRemoteKey for inbound JWK lookup
with per-origin cache + cache-miss refetch, and getLocalEd25519Jwks
for the JWKS endpoint.
- Rfc9421SignatoryManager: per-call wrapper that swaps in the Ed25519
signatory and toggles `rfc9421.format`.
- OCMJwksHandler: serves /.well-known/jwks.json (RFC 7517) when signing
is enabled.
- OCMDiscoveryService: advertises `http-sig` in capabilities when
signing is enabled, and picks the signature scheme on outbound based
on the remote's advertised capabilities.
- Application.php: register the JWKS well-known handler.
Signed-off-by: Micke Nordin <kano@sunet.se>
