upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
nextcloud/core/Command/OCM/ActivateKey.php
Micke Nordin 1bad4fe238 fix: Make sodium optional 
This commit switches the default signature algorithm to
ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium
optional again, and we only pull it in to use it for verifying incomming
signatures. If sodium is not installed, we throw on Ed25519 signatures
instead. At least it is easy for most people to make their Nextcloud
install fully RFC compliant by installing sodium.

I also renamed all the Ed25519 function names to be more precis, using
Jwks for the JSON Web Keys, and RFC9421 for the http-signature code,
where it is needed to distinguish from draft-cavage signatures.

Signed-off-by: Micke Nordin <kano@sunet.se>
2026-05-27 11:03:55 +02:00

42 lines
1.2 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\Core\Command\OCM;
use OC\Core\Command\Base;
use OC\OCM\OCMSignatoryManager;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
class ActivateKey extends Base {
public function __construct(
private readonly OCMSignatoryManager $signatoryManager,
) {
parent::__construct();
}
#[\Override]
protected function configure(): void {
$this
->setName('ocm:keys:activate')
->setDescription('promote the staged JWKS key to active; the previous active key moves to retiring');
}
#[\Override]
protected function execute(InputInterface $input, OutputInterface $output): int {
try {
$this->signatoryManager->activateStagedJwksKey();
} catch (\RuntimeException $e) {
$output->writeln('<error>' . $e->getMessage() . '</error>');
return self::FAILURE;
}
$output->writeln('<info>Staged key promoted to active.</info>');
$output->writeln('Run <info>occ ocm:keys:retire</info> once any in-flight signatures using the previous key have been verified.');
return self::SUCCESS;
}
}
Reference in a new issue View git blame Copy permalink