From 2da0f9502668bcd10d78cba9afa73386ea326c78 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Fri, 16 Feb 2024 03:43:35 +0100
Subject: [PATCH] [backend/federation] Verify actor publicKey host

---
 .../Core/Federation/ActivityStreams/Types/ASActor.cs          | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Iceshrimp.Backend/Core/Federation/ActivityStreams/Types/ASActor.cs b/Iceshrimp.Backend/Core/Federation/ActivityStreams/Types/ASActor.cs
index 1fb01134..a5f062c9 100644
--- a/Iceshrimp.Backend/Core/Federation/ActivityStreams/Types/ASActor.cs
+++ b/Iceshrimp.Backend/Core/Federation/ActivityStreams/Types/ASActor.cs
@@ -128,7 +128,9 @@ public class ASActor : ASObject {
 		    !Regex.IsMatch(Username, @"^\w([\w-.]*\w)?$"))
 			throw new Exception("Actor username is invalid");
 
-		//TODO: validate publicKey id host
+		var publicKeyId = PublicKey?.Id ?? throw new Exception("Invalid actor: missing PublicKey?.Id");
+		if (new Uri(publicKeyId).Host != new Uri(uri).Host)
+			throw new Exception("Invalid actor: public key id / actor id host mismatch");
 
 		DisplayName = DisplayName switch {
 			{ Length: > 0 } => DisplayName.Truncate(DisplayNameLength),