diff options
-rw-r--r-- | Zotlabs/Lib/LDSignatures.php | 5 | ||||
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 31ffd71f1..d500799c0 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -12,7 +12,10 @@ class LDSignatures { $ohash = self::hash(self::signable_options($data['signature'])); $dhash = self::hash(self::signable_data($data)); - return rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + $x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + logger('LD-verify: ' . intval($x)); + + return $x; } static function dopplesign(&$data,$channel) { diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 6526fa7c8..28a7b3b55 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -48,7 +48,7 @@ class HTTPSig { else { $headers = []; $headers['(request-target)'] = - $_SERVER['REQUEST_METHOD'] . ' ' . + strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; foreach($_SERVER as $k => $v) { if(strpos($k,'HTTP_') === 0) { @@ -70,6 +70,8 @@ class HTTPSig { if(! $sig_block) return $result; + logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA); + $result['header_signed'] = true; $signed_headers = $sig_block['headers']; @@ -110,6 +112,8 @@ class HTTPSig { $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); + logger('verified: ' . $x, LOGGER_DEBUG); + if($x === false) return $result; @@ -130,6 +134,8 @@ class HTTPSig { } } + logger('Content_Valid: ' . $result['content_valid']); + return $result; } |