diff options
author | zotlabs <mike@macgirvin.com> | 2017-08-20 18:30:12 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-08-20 18:30:12 -0700 |
commit | 18c57eeaa03fedf9156369a10abe17bf61179adb (patch) | |
tree | a56fa19a424e7a687c019b33a75b6dc335d4dcf2 /Zotlabs/Web/HTTPSig.php | |
parent | 2b898537d72b94c98a149811f2a8dd72bcddcda1 (diff) | |
download | volse-hubzilla-18c57eeaa03fedf9156369a10abe17bf61179adb.tar.gz volse-hubzilla-18c57eeaa03fedf9156369a10abe17bf61179adb.tar.bz2 volse-hubzilla-18c57eeaa03fedf9156369a10abe17bf61179adb.zip |
httpsig - return an array with all the different signing possibilities enumerated
Diffstat (limited to 'Zotlabs/Web/HTTPSig.php')
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 48adf4ad2..537cd52a1 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -27,10 +27,18 @@ class HTTPSig { $body = $data; $headers = null; + $result = [ + 'signer' => '', + 'header_signed' => false, + 'header_valid' => false, + 'content_signed' => false, + 'content_valid' => false + ]; + // decide if $data arrived via controller submission or curl if(is_array($data) && $data['header']) { if(! $data['success']) - return false; + return $result; $h = new \Zotlabs\Web\HTTPHeaders($data['header']); $headers = $h->fetcharr(); $body = $data['body']; @@ -59,7 +67,9 @@ class HTTPSig { } if(! $sig_block) - return null; + return $result; + + $result['header_signed'] = true; $signed_headers = $sig_block['headers']; if(! $signed_headers) @@ -79,6 +89,7 @@ class HTTPSig { } if(! $key) { + $result['signer'] = $sig_block['keyId']; $key = self::get_activitypub_key($sig_block['keyId']); } @@ -88,21 +99,23 @@ class HTTPSig { $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); if($x === false) - return $x; + return $result; + + $result['header_valid'] = true; if(in_array('digest',$signed_headers)) { + $result['content_signed'] = true; $digest = explode('=', $headers['digest']); if($digest[0] === 'SHA-256') $hashalg = 'sha256'; // The explode operation will have stripped the '=' padding, so compare against unpadded base64 - if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) - return true; - else - return false; + if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) { + $result['content_valid'] = true; + } } - return $x; + return $result; } |