mopping up fep-8b32, also added FEP-2c59

.gitignore

@@ -49,12 +49,15 @@ view/theme/*
 view/theme/redbasic/schema/default.php
 # Doxygen API documentation, run 'doxygen util/Doxyfile' to generate it
 doc/html/
-# zotsh configuration files
-.zotshrc
+# nsh configuration files
+.nshrc
 # external repositories for themes/addons
 extend/
 # files generated by phpunit
+.phpunit.result.cache
 tests/results/
+tests/.phpunit.result.cache
+tests/.phpunit.cache
 
 ## exclude IDE files
 # config files and folders from Eclipse
@@ -69,10 +72,6 @@ nbproject/
 *.kdev4
 # PHPStorm
 .idea/
-.phpunit.result.cache
-tests/.phpunit.result.cache
-tests/.phpunit.cache
-
 
 ## composer
 # locally installed composer binary

Code/Lib/Activity.php

@@ -1679,6 +1679,7 @@ class Activity
                 $ret['outbox'] = z_root() . '/outbox/' . $c['channel_address'];
                 $ret['followers'] = z_root() . '/followers/' . $c['channel_address'];
                 $ret['following'] = z_root() . '/following/' . $c['channel_address'];
+                $ret['webfinger'] = 'acct:' . $c['channel_address'] . '@' . App::get_hostname();
                 $ret['wall'] = z_root() . '/outbox/' . $c['channel_address'];
 
                 $ret['endpoints'] = [
@@ -4862,7 +4863,8 @@ class Activity
             'https://w3id.org/security/v1',
             'https://www.w3.org/ns/did/v1',
             'https://w3id.org/security/multikey/v1',
-        //    'https://w3id.org/security/data-integrity/v1',
+            'https://w3id.org/security/data-integrity/v1',
+            'https://purl.archive.org/socialweb/webfinger',
             self::ap_schema($contextType)
         ]];
     }

Code/Module/Inbox.php

@@ -68,11 +68,15 @@ class Inbox extends Controller
         // By convention, fediverse server-to-server communications require a valid HTTP Signature
         // which includes a signed digest header.
 
-        if (!($hsig['header_signed'] && $hsig['header_valid'] && $hsig['content_signed'] && $hsig['content_valid'])) {
-            http_status_exit(403, 'Permission denied');
-        }
 
         $AS = new ActivityStreams($data, portable_id: $hsig['portable_id']);
+        // FEP-8b32 valid object signatures take priority over HTTP-Signatures
+        if (!$AS->sigok) {
+            if (!($hsig['header_signed'] && $hsig['header_valid'] && $hsig['content_signed'] && $hsig['content_valid'])) {
+                http_status_exit(403, 'Permission denied');
+            }
+        }
+
         if (
             $AS->is_valid() && $AS->type === 'Announce' && is_array($AS->obj)
             && array_key_exists('object', $AS->obj) && array_key_exists('actor', $AS->obj)

util/nsh

@@ -24,8 +24,6 @@ USER = None
 PASSWD = None
 VERIFY_SSL=True
 
-
-
 class Completer():
 
     matches  = []