diff options
| author | zotlabs <mike@macgirvin.com> | 2017-09-20 21:20:00 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-09-20 21:20:00 -0700 |
| commit | 24a9c3ba79cc7639a9cc6082c13dfedbc989bc8d (patch) | |
| tree | 5479aaf0310fe44dbc2f10ddf1f7db1c8704aeff | |
| parent | c4261b9c4b234cd3b2f377160c38a3aac5186690 (diff) | |
| download | volse-hubzilla-24a9c3ba79cc7639a9cc6082c13dfedbc989bc8d.tar.gz volse-hubzilla-24a9c3ba79cc7639a9cc6082c13dfedbc989bc8d.tar.bz2 volse-hubzilla-24a9c3ba79cc7639a9cc6082c13dfedbc989bc8d.zip | |
add more signature logging
| -rw-r--r-- | Zotlabs/Lib/LDSignatures.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 31ffd71f1..d500799c0 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -12,7 +12,10 @@ class LDSignatures { $ohash = self::hash(self::signable_options($data['signature'])); $dhash = self::hash(self::signable_data($data)); - return rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + $x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + logger('LD-verify: ' . intval($x)); + + return $x; } static function dopplesign(&$data,$channel) { diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 6526fa7c8..28a7b3b55 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -48,7 +48,7 @@ class HTTPSig { else { $headers = []; $headers['(request-target)'] = - $_SERVER['REQUEST_METHOD'] . ' ' . + strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; foreach($_SERVER as $k => $v) { if(strpos($k,'HTTP_') === 0) { @@ -70,6 +70,8 @@ class HTTPSig { if(! $sig_block) return $result; + logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA); + $result['header_signed'] = true; $signed_headers = $sig_block['headers']; @@ -110,6 +112,8 @@ class HTTPSig { $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); + logger('verified: ' . $x, LOGGER_DEBUG); + if($x === false) return $result; @@ -130,6 +134,8 @@ class HTTPSig { } } + logger('Content_Valid: ' . $result['content_valid']); + return $result; } |