aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-01-16 18:15:58 -0800
committerzotlabs <mike@macgirvin.com>2018-01-16 18:15:58 -0800
commit2de1285121b5f0260699a93249bab11dc74edec5 (patch)
tree42a1dbf54c60e08ac73e3481b95b5e26c829958f /Zotlabs/Web
parent82306682c601688041ccfd9a7b259bc607301a37 (diff)
downloadvolse-hubzilla-2de1285121b5f0260699a93249bab11dc74edec5.tar.gz
volse-hubzilla-2de1285121b5f0260699a93249bab11dc74edec5.tar.bz2
volse-hubzilla-2de1285121b5f0260699a93249bab11dc74edec5.zip
z6 deliver
Diffstat (limited to 'Zotlabs/Web')
-rw-r--r--Zotlabs/Web/HTTPSig.php15
1 files changed, 15 insertions, 0 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 63033ce5e..ef03dac94 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -137,6 +137,21 @@ class HTTPSig {
}
}
+
+ if(in_array('x-zot-digest',$signed_headers)) {
+ $result['content_signed'] = true;
+ $digest = explode('=', $headers['x-zot-digest']);
+ if($digest[0] === 'SHA-256')
+ $hashalg = 'sha256';
+ if($digest[0] === 'SHA-512')
+ $hashalg = 'sha512';
+
+ // The explode operation will have stripped the '=' padding, so compare against unpadded base64
+ if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
+ $result['content_valid'] = true;
+ }
+ }
+
logger('Content_Valid: ' . $result['content_valid']);
return $result;