From f1593477c4d1cab8fcb33f6d768cb7ac4cd1e2c3 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 15 Jul 2020 04:10:02 -0700
Subject: [PATCH] hubloc confusion

---
 Zotlabs/Lib/Zotfinger.php |  1 -
 Zotlabs/Web/HTTPSig.php   | 26 +++++++++++++++++---------
 Zotlabs/Zot6/Receiver.php |  7 +++++--
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php
index 542a61b26..78f2607b5 100644
--- a/Zotlabs/Lib/Zotfinger.php
+++ b/Zotlabs/Lib/Zotfinger.php
@@ -37,7 +37,6 @@ class Zotfinger {
 		$redirects = 0;
 		$x = z_post_url($resource,$data,$redirects, [ 'headers' => $h  ] );
 
-
 		if ($x['success']) {
 
 			$result['signature'] = HTTPSig::verify($x);
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 3183a39b1..97f539e65 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -88,7 +88,7 @@ class HTTPSig {
 
 	// See draft-cavage-http-signatures-10
 
-	static function verify($data,$key = '') {
+	static function verify($data,$key = '', $keytype = '') {
 
 		$body      = $data;
 		$headers   = null;
@@ -170,7 +170,7 @@ class HTTPSig {
 
 		$result['signer'] = $sig_block['keyId'];
 
-		$fkey = self::get_key($key,$result['signer']);
+		$fkey = self::get_key($key,$keytype,$result['signer']);
 
 		if (! ($fkey && $fkey['public_key'])) {
 			return $result;
@@ -185,7 +185,7 @@ class HTTPSig {
 			// try again, ignoring the local actor (xchan) cache and refetching the key
 			// from its source
 			
-			$fkey = self::get_key($key,$result['signer'],true);
+			$fkey = self::get_key($key,$keytype,$result['signer'],true);
 
 			if ($fkey && $fkey['public_key']) {
 				$y = Crypto::verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm);
@@ -230,7 +230,7 @@ class HTTPSig {
 		return $result;
 	}
 
-	static function get_key($key,$id,$force = false) {
+	static function get_key($key,$keytype,$id,$force = false) {
 
 		if ($key) {
 			if (function_exists($key)) {
@@ -239,14 +239,22 @@ class HTTPSig {
 			return [ 'public_key' => $key ];
 		}
 
+		if ($keytype === 'zot6') {
+			$key = self::get_zotfinger_key($id,$force);
+			if ($key) {
+				return $key;
+			}
+		}
+		
+
 		if (strpos($id,'#') === false) {
 			$key = self::get_webfinger_key($id,$force);
+			if ($key) {
+				return $key;
+			}			
 		}
 
-		if (! $key) {
-			$key = self::get_activitystreams_key($id,$force);
-		}
-
+		$key = self::get_activitystreams_key($id,$force);
 		return $key;
 
 	}
@@ -353,7 +361,7 @@ class HTTPSig {
 	function get_zotfinger_key($id,$force = false) {
 
 		if (! $force) {
-			$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' ",
+			$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network = 'zot6'",
 				dbesc(str_replace('acct:','',$id)),
 				dbesc($id)
 			);
diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php
index 50273e4dd..fee90eccf 100644
--- a/Zotlabs/Zot6/Receiver.php
+++ b/Zotlabs/Zot6/Receiver.php
@@ -163,16 +163,19 @@ class Receiver {
 
 		$result = false;
 
-		$this->sigdata = HTTPSig::verify($this->rawdata);
+		$this->sigdata = HTTPSig::verify($this->rawdata, EMPTY_STR, 'zot6');
 
 		if ($this->sigdata && $this->sigdata['header_signed'] && $this->sigdata['header_valid']) {
 			$result = true;
 
+			
+
+
 			// It is OK to not have signed content - not all messages provide content.
 			// But if it is signed, it has to be valid
 
 			if (($this->sigdata['content_signed']) && (! $this->sigdata['content_valid'])) {
-					$result = false;
+				$result = false;
 			}
 		}
 		return $result;