4053f2f2b4
When we verify an HTTP signature, * If we know the key, check in the DB whether we know the actor lists it. If it doesn't, and there's room left for keys, HTTP GET the actor and update the DB accordingly. * If we know the key but had to update it, do the same, check usage in DB and update DB if needed * If we don't know the key, record usage in DB However, * If we're GETing a key and discovering it's a shared key, we GET the actor to verify it lists the key. When we don't know the key at all yet, that's fine (can be further optimized but it's marginal), but if it's a key we do know, it means we already know the actor and for now it's enough for us to rely only on the DB to test usage.
26 lines
420 B
Text
26 lines
420 B
Text
VerifKey
|
|
ident Text
|
|
instance InstanceId
|
|
expires UTCTime Maybe
|
|
public ByteString
|
|
sharer RemoteSharerId Maybe
|
|
|
|
UniqueVerifKey ident
|
|
|
|
VerifKeySharedUsage
|
|
key VerifKeyId
|
|
user RemoteSharerId
|
|
|
|
UniqueVerifKeySharedUsage key user
|
|
|
|
RemoteSharer
|
|
ident Text
|
|
instance InstanceId
|
|
inbox Text
|
|
|
|
UniqueRemoteSharer ident
|
|
|
|
Instance
|
|
host Text
|
|
|
|
UniqueInstance host
|