mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 06:35:15 +00:00
httpsig - return an array with all the different signing possibilities enumerated
This commit is contained in:
parent
2b898537d7
commit
18c57eeaa0
1 changed files with 21 additions and 8 deletions
|
@ -27,10 +27,18 @@ class HTTPSig {
|
|||
$body = $data;
|
||||
$headers = null;
|
||||
|
||||
$result = [
|
||||
'signer' => '',
|
||||
'header_signed' => false,
|
||||
'header_valid' => false,
|
||||
'content_signed' => false,
|
||||
'content_valid' => false
|
||||
];
|
||||
|
||||
// decide if $data arrived via controller submission or curl
|
||||
if(is_array($data) && $data['header']) {
|
||||
if(! $data['success'])
|
||||
return false;
|
||||
return $result;
|
||||
$h = new \Zotlabs\Web\HTTPHeaders($data['header']);
|
||||
$headers = $h->fetcharr();
|
||||
$body = $data['body'];
|
||||
|
@ -59,7 +67,9 @@ class HTTPSig {
|
|||
}
|
||||
|
||||
if(! $sig_block)
|
||||
return null;
|
||||
return $result;
|
||||
|
||||
$result['header_signed'] = true;
|
||||
|
||||
$signed_headers = $sig_block['headers'];
|
||||
if(! $signed_headers)
|
||||
|
@ -79,6 +89,7 @@ class HTTPSig {
|
|||
}
|
||||
|
||||
if(! $key) {
|
||||
$result['signer'] = $sig_block['keyId'];
|
||||
$key = self::get_activitypub_key($sig_block['keyId']);
|
||||
}
|
||||
|
||||
|
@ -88,21 +99,23 @@ class HTTPSig {
|
|||
$x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm);
|
||||
|
||||
if($x === false)
|
||||
return $x;
|
||||
return $result;
|
||||
|
||||
$result['header_valid'] = true;
|
||||
|
||||
if(in_array('digest',$signed_headers)) {
|
||||
$result['content_signed'] = true;
|
||||
$digest = explode('=', $headers['digest']);
|
||||
if($digest[0] === 'SHA-256')
|
||||
$hashalg = 'sha256';
|
||||
|
||||
// The explode operation will have stripped the '=' padding, so compare against unpadded base64
|
||||
if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1])
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) {
|
||||
$result['content_valid'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
return $x;
|
||||
return $result;
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue