composer update http message signer to version 0.2.3

author: Mario Vavti <mario@mariovavti.com> 2025-07-14 15:35:03 +0200
committer: Mario Vavti <mario@mariovavti.com> 2025-07-14 15:35:03 +0200
commit: b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4 (patch)
tree: 61bb7676fdda57e4145ac5b73eaf0ce19d6bdff3 /vendor
parent: d566199423afb23882121994a9e480393aaf9fc3 (diff)
download: volse-hubzilla-b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4.tar.gz
volse-hubzilla-b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4.tar.bz2
volse-hubzilla-b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4.zip
4 files changed, 57 insertions, 31 deletions
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index de089f123..2728b340b 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -1112,17 +1112,17 @@
         },
         {
             "name": "macgirvin/http-message-signer",
-            "version": "v0.2.2",
-            "version_normalized": "0.2.2.0",
+            "version": "v0.2.3",
+            "version_normalized": "0.2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/macgirvin/HTTP-Message-Signer.git",
-                "reference": "47604de860b822cd202dcd8b1da910d6c84720ab"
+                "reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/47604de860b822cd202dcd8b1da910d6c84720ab",
-                "reference": "47604de860b822cd202dcd8b1da910d6c84720ab",
+                "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/35b42f0a2b84b3a300badeaa437128f5897b57fe",
+                "reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe",
                 "shasum": ""
             },
             "require": {
@@ -1137,7 +1137,7 @@
             "require-dev": {
                 "phpunit/phpunit": "^10.0"
             },
-            "time": "2025-07-10T01:13:05+00:00",
+            "time": "2025-07-13T20:25:22+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -1152,7 +1152,7 @@
             "description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests",
             "support": {
                 "issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues",
-                "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.2"
+                "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.3"
             },
             "install-path": "../macgirvin/http-message-signer"
         },
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index fe56b9d2d..871f948ee 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => 'zotlabs/hubzilla',
         'pretty_version' => 'dev-10.4RC',
         'version' => 'dev-10.4RC',
-        'reference' => '43ebf69d09a9cd779a9fcc70ea642632bb0aeeae',
+        'reference' => 'd566199423afb23882121994a9e480393aaf9fc3',
         'type' => 'application',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -146,9 +146,9 @@
             'dev_requirement' => false,
         ),
         'macgirvin/http-message-signer' => array(
-            'pretty_version' => 'v0.2.2',
-            'version' => '0.2.2.0',
-            'reference' => '47604de860b822cd202dcd8b1da910d6c84720ab',
+            'pretty_version' => 'v0.2.3',
+            'version' => '0.2.3.0',
+            'reference' => '35b42f0a2b84b3a300badeaa437128f5897b57fe',
             'type' => 'library',
             'install_path' => __DIR__ . '/../macgirvin/http-message-signer',
             'aliases' => array(),
@@ -499,7 +499,7 @@
         'zotlabs/hubzilla' => array(
             'pretty_version' => 'dev-10.4RC',
             'version' => 'dev-10.4RC',
-            'reference' => '43ebf69d09a9cd779a9fcc70ea642632bb0aeeae',
+            'reference' => 'd566199423afb23882121994a9e480393aaf9fc3',
             'type' => 'application',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
diff --git a/vendor/macgirvin/http-message-signer/README.md b/vendor/macgirvin/http-message-signer/README.md
index cd1aab1aa..7501f77d1 100644
--- a/vendor/macgirvin/http-message-signer/README.md
+++ b/vendor/macgirvin/http-message-signer/README.md
@@ -120,7 +120,7 @@ To sign or verify an HTTP Response, use a ResponseInterface as the provided `$in
 ## Known issues
 Currently not implemented is the special handling of the `cookie` and `set-cookie` headers when using the `sf` modifier. For further information please see https://httpwg.org/http-extensions/draft-ietf-httpbis-retrofit.html and https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-20 (or later). It is planned to implement this once RFC6265bis is finalised as a new RFC.
 
-Also not currently implemented are some of the many signature algorithms; as we're currently focused primarily on rsa-sha256 and ed25519. 
+Also not currently implemented are some of the signature algorithms; as we're currently focused primarily on rsa-sha256 and ed25519; and coverage of some algorithms in PHP is limited. 
 
 Pull requests welcome. 
 
diff --git a/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php b/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php
index 31c481f22..6aba8f7d6 100644
--- a/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php
+++ b/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php
@@ -364,28 +364,54 @@ class HttpMessageSigner
 
     private function getFieldValue($fieldName, MessageInterface $interface, $headers, $parameters ): array
     {
-        // The $interface has no single method to extract this, so build it from
-        // the avilable components.
-        $targetUri = $interface->getUri()->getScheme() . '://' . $interface->getUri()->getAuthority()
-        . $interface->getUri()->getPath() . $interface->getUri()->getQuery();
-
-        $value = match ($fieldName) {
-            '@signature-params' => ['', ''],
-            '@method' => ['"@method"', strtoupper($interface->getMethod())],
-            '@authority' => ['"@authority"', $interface->getUri()->getAuthority()],
-            '@scheme' => ['"@scheme"', strtolower($interface->getUri()->getScheme())],
-            '@target-uri' => ['"@target-uri"', $targetUri],
-            '@request-target' => ['"@request-target"', $interface->getRequestTarget()],
-            '@path' => ['"@path"', $interface->getUri()->getPath()],
-            '@query' => ['"@query"', $interface->getUri()->getQuery()],
-            '@query-param' => $this->getQueryParam($interface, $parameters) ?? ['', ''],
-            '@status' => ['"@status"', '"@status": ' . $interface->getStatusCode()],
-            default => ['"' . $fieldName . '"', trim($headers[$fieldName] ?? '')],
-        };
+        if ($interface instanceof RequestInterface) {
+            // The $interface has no single method to extract the target-uri, so build it from
+            // the available components.
+            $targetUri = $interface->getUri()->getScheme() . '://' . $this->getAuthority($interface)
+                . $interface->getUri()->getPath() . $interface->getUri()->getQuery();
+
+            $value = match ($fieldName) {
+                '@signature-params' => ['', ''],
+                '@method' => ['"@method"', strtoupper($interface->getMethod())],
+                '@authority' => ['"@authority"', $this->getAuthority($interface)],
+                '@scheme' => ['"@scheme"', strtolower($interface->getUri()->getScheme())],
+                '@target-uri' => ['"@target-uri"', $targetUri],
+                '@request-target' => ['"@request-target"', $interface->getRequestTarget()],
+                '@path' => ['"@path"', $interface->getUri()->getPath()],
+                '@query' => ['"@query"', $interface->getUri()->getQuery()],
+                '@query-param' => $this->getQueryParam($interface, $parameters) ?? ['', ''],
+                default => ['"' . $fieldName . '"', trim($headers[$fieldName] ?? '')],
+            };
+        }
+        else {
+            $value = match ($fieldName) {
+                '@signature-params' => ['', ''],
+                '@status' => ['"@status"', '"@status": ' . $interface->getStatusCode()],
+                default => ['"' . $fieldName . '"', trim($headers[$fieldName] ?? '')],
+            };
+        }
+
         return $value;
     }
 
     /**
+     * The interface getAuthority() method requires additional filtering for RFC-9421.
+     * It must be lowercase and must not contain a port value.
+     * @param MessageInterface $interface
+     * @return string
+     * @throws UnprocessableSignatureException
+     */
+    protected function getAuthority(MessageInterface $interface): string
+    {
+        if (method_exists($interface, 'getUri')) {
+            $authority = strtolower($interface->getUri()->getAuthority());
+            $authority = explode($authority, ':');
+            return $authority[0];
+        }
+        throw new UnprocessableSignatureException('Unable to extract authority from MessageInterface');
+    }
+
+    /**
      * @param string $query
      * @return array|null
      *
author	Mario Vavti <mario@mariovavti.com>	2025-07-14 15:35:03 +0200
committer	Mario Vavti <mario@mariovavti.com>	2025-07-14 15:35:03 +0200
commit	b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4 (patch)
tree	61bb7676fdda57e4145ac5b73eaf0ce19d6bdff3 /vendor
parent	d566199423afb23882121994a9e480393aaf9fc3 (diff)
download	volse-hubzilla-b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4.tar.gz volse-hubzilla-b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4.tar.bz2 volse-hubzilla-b6b4eb4c22fd91c9f5d263d2a5b5af7eb44492c4.zip