diff options
| author | zotlabs <mike@macgirvin.com> | 2018-01-16 18:15:58 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2018-01-16 18:15:58 -0800 |
| commit | 2de1285121b5f0260699a93249bab11dc74edec5 (patch) | |
| tree | 42a1dbf54c60e08ac73e3481b95b5e26c829958f /Zotlabs/Web/HTTPSig.php | |
| parent | 82306682c601688041ccfd9a7b259bc607301a37 (diff) | |
| download | volse-hubzilla-2de1285121b5f0260699a93249bab11dc74edec5.tar.gz volse-hubzilla-2de1285121b5f0260699a93249bab11dc74edec5.tar.bz2 volse-hubzilla-2de1285121b5f0260699a93249bab11dc74edec5.zip | |
z6 deliver
Diffstat (limited to 'Zotlabs/Web/HTTPSig.php')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 63033ce5e..ef03dac94 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -137,6 +137,21 @@ class HTTPSig { } } + + if(in_array('x-zot-digest',$signed_headers)) { + $result['content_signed'] = true; + $digest = explode('=', $headers['x-zot-digest']); + if($digest[0] === 'SHA-256') + $hashalg = 'sha256'; + if($digest[0] === 'SHA-512') + $hashalg = 'sha512'; + + // The explode operation will have stripped the '=' padding, so compare against unpadded base64 + if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) { + $result['content_valid'] = true; + } + } + logger('Content_Valid: ' . $result['content_valid']); return $result; |