aboutsummaryrefslogblamecommitdiffstats
path: root/Zotlabs/Lib/JSalmon.php
blob: bed7484329effeef8c84c026b17aae7e7af0c4e8 (plain) (tree)
1
2
3
4
5
6
7
8
9


                      
                        

               
                                                                                        
 
                                                                                             





                                                                                                             
                                                                                                        
 
                                                                                           






                                                  
                                                       
                                                                           


                         


































                                                                                                                          
 
<?php

namespace Zotlabs\Lib;

use Zotlabs\Web\HTTPSig;

class JSalmon {

	static function sign($data,$key_id,$key,$data_type = 'application/x-zot+json') {

		$data      = base64url_encode(json_encode($data,true),true); // strip padding
		$encoding  = 'base64url';
		$algorithm = 'RSA-SHA256';

		$data = preg_replace('/\s+/','',$data);

		// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods

		$precomputed = '.' . base64url_encode($data_type,true) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng';

		$signature  = base64url_encode(rsa_sign($data . $precomputed, $key), true);

		return ([
			'signed'    => true,
			'data'      => $data,
			'data_type' => $data_type,
			'encoding'  => $encoding,
			'alg'       => $algorithm,
			'sigs'      => [
				'value'  => $signature,
				'key_id' => base64url_encode($key_id, true)
			]
		]);

	}

	static function verify($x) {

		logger('verify');
		$ret = [ 'results' => [] ];

		if(! is_array($x)) {
			return $false;
		}
		if(! ( array_key_exists('signed',$x) && $x['signed'])) {
			return $false;
		}

		$signed_data = preg_replace('/\s+/','',$x['data']) . '.' 
			. base64url_encode($x['data_type'],true) . '.' 
			. base64url_encode($x['encoding'],true) . '.' 
			. base64url_encode($x['alg'],true);

		$key = HTTPSig::get_key(EMPTY_STR,base64url_decode($x['sigs']['key_id']));
		 logger('key: ' . print_r($key,true));
		if($key['portable_id'] && $key['public_key']) {
			if(rsa_verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) {
				logger('verified');
				$ret = [ 'success' => true, 'signer' => $key['portable_id'], 'hubloc' => $key['hubloc'] ];
			}
		}

		return $ret;

	}

	static function unpack($data) {
		return json_decode(base64url_decode($data),true);
	}


}