Comments (5)
Yes, but I believe this is removing it from a copy of the original input, unless you have a use case that illustrates an actual issue created because of that. That said, the code would probably work using input['@context']
instead of input.delete('@context')
.
from json-ld.
Yes, I did run into this issue with an actual use case. Mastodon signs (some of) its activities by using Linked-Data Signatures, so it uses JSON::LD::API.toRdf
to normalize its activities to be signed.
Because not all consumers handle JSON-LD, we ensure that our payloads can be processed as plain JSON, so we attach the signature (computed on the normalized object) to the original hash object.
A recent PR aiming to fix a bug in Mastodon introduces nested contexts, which strips a @context
from the input object and cause its meaning to change and the signature to be wrong: mastodon/mastodon#18354
The signature is basically computed like this:
def canonicalize(json)
graph = RDF::Graph.new << JSON::LD::API.toRdf(json, documentLoader: method(:load_jsonld_context))
graph.dump(:normalize)
end
def hash(obj)
Digest::SHA256.hexdigest(canonicalize(obj))
end
def sign!(creator, sign_with: nil)
options = {
'type' => 'RsaSignature2017',
'creator' => [ActivityPub::TagManager.instance.uri_for(creator), '#main-key'].join,
'created' => Time.now.utc.iso8601,
}
options_hash = hash(options.without('type', 'id', 'signatureValue').merge('@context' => CONTEXT))
document_hash = hash(@json.without('signature'))
to_be_signed = options_hash + document_hash
keypair = sign_with.present? ? OpenSSL::PKey::RSA.new(sign_with) : creator.keypair
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_signed))
@json.merge('signature' => options.merge('signatureValue' => signature))
end
I can easily work around this issue by building my object differently or doing a deep_dup
on the input, but this was fairly surprising behavior.
from json-ld.
I'll get an update out shortly with a fix. Thanks for the use case.
from json-ld.
I pushed a fix to the develop branch. If that solves your issues, I'll push a new release out.
from json-ld.
It does solve it! Thank you for the quick fix!
from json-ld.
Related Issues (20)
- NameError: uninitialized constant JSON::LD::Writer HOT 3
- Problem with framing and bases HOT 1
- Debugging does not work HOT 2
- Error always mentions stdin, and not the real filename HOT 6
- @base not working for integer value in JSON HOT 1
- Failing test as of 2017-09-22 HOT 4
- --no-compact-to-relative option HOT 1
- RDF Dataset Normalization HOT 1
- Over a minute to create a graph HOT 7
- Certificate verification errors HOT 1
- Tutorial or example ? HOT 3
- schema.org seems to break JSON::LD::Reader HOT 4
- @id in JSON LD prevent matching HOT 3
- problem when compacting IRIs that contain `@` HOT 1
- Schema data no longer found in a non-deterministic manner HOT 4
- Blank @id for embedded schema.org JSON-LD in webpage? HOT 10
- Framing JSON-LD Star HOT 8
- gen_context script usage HOT 5
- Using "@container" : "@type"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json-ld.