some more prep work for Zot VI - some of this will need to be undone or at least re-arranged later but we need to bootstrap a test environment.

2 files changed, 13 insertions, 5 deletions

diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index e9e262125..2b139a2a1 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -126,9 +126,16 @@ class HTTPSig {
 
 	function get_activitypub_key($id) {
 
-		$x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
-			dbesc($id)
-		);
+		if(strpos($id,'acct:') === 0) {
+			$x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+				dbesc(str_replace('acct:','',$id))
+			);
+		}
+		else {
+			$x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
+				dbesc($id)
+			);
+		}
 
 		if($x && $x[0]['xchan_pubkey']) {
 			return ($x[0]['xchan_pubkey']);
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index 865e78517..e205b136f 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -120,9 +120,10 @@ class Finger {
 			return $ret;
 		}
 
-		$verify = \Zotlabs\Web\HTTPSig::verify($result);
-		
 		$x = json_decode($result['body'], true);
+
+		$verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '');
+		
 		if($x && (! $verify['header_valid'])) {
 			$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
 			if($signed_token) {