From cbe520ca2bd73a4e281105ca8579645c8786b080 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 22 Nov 2023 23:02:24 +0300
Subject: ActivityPub: handle all exceptions in signature verification

---
 src/main/java/com/juick/ActivityPubManager.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/main/java/com/juick/ActivityPubManager.java b/src/main/java/com/juick/ActivityPubManager.java
index 33cc458b..f234969b 100644
--- a/src/main/java/com/juick/ActivityPubManager.java
+++ b/src/main/java/com/juick/ActivityPubManager.java
@@ -462,8 +462,8 @@ public class ActivityPubManager implements ActivityListener, NotificationListene
                 }
             }
             if (key != null) {
-                Verifier verifier = new Verifier(key, signature);
                 try {
+                    Verifier verifier = new Verifier(key, signature);
                     boolean result = verifier.verify(method.toLowerCase(), path, headers);
                     if (result) {
                         if (!user.isAnonymous()) {
@@ -481,8 +481,7 @@ public class ActivityPubManager implements ActivityListener, NotificationListene
                             }
                         }
                     }
-                } catch (NoSuchAlgorithmException | SignatureException | MissingRequiredHeaderException
-                         | IOException e) {
+                } catch (Exception e) {
                     logger.warn("Verification error for {}: {}", signature.getKeyId(), e.getMessage());
                 }
             }
-- 
cgit v1.2.3