From 743221b90189acd74570dc3330adc1d0457fcd16 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 14 Sep 2019 20:06:08 +0100
Subject: [PATCH] Check continuity of public key

---
 webinterface.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/webinterface.py b/webinterface.py
index 90b315a3..ce31ad28 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -74,6 +74,19 @@ def updateAvatarImageCache(session,baseDir: str,httpPrefix: str,actor: str,avata
         sessionHeaders = {'Accept': 'application/activity+json; profile="https://www.w3.org/ns/activitystreams"'}
         personJson = getJson(session,actor,sessionHeaders,None,__version__,httpPrefix,None)
         if personJson:
+            if not personJson.get('id'):
+                return None
+            if not personJson.get('publicKey'):
+                return None
+            if not personJson['publicKey'].get('publicKeyPem'):
+                return None
+            if personJson['id']!=actor:
+                return None
+            if not personCache.get(actor):
+                return None
+            if personCache[actor]['actor']['publicKey']['publicKeyPem']!=personJson['publicKey']['publicKeyPem']:
+                print("ERROR: public keys don't match when downloading actor for "+actor)
+                return None
             storePersonInCache(baseDir,actor,personJson,personCache)
             return getPersonAvatarUrl(baseDir,actor,personCache)
         return None