diff options
| -rw-r--r-- | composer.lock | 12 | ||||
| -rw-r--r-- | vendor/composer/installed.json | 14 | ||||
| -rw-r--r-- | vendor/composer/installed.php | 10 | ||||
| -rw-r--r-- | vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php | 36 |
4 files changed, 36 insertions, 36 deletions
diff --git a/composer.lock b/composer.lock index d96066d56..d09aabf44 100644 --- a/composer.lock +++ b/composer.lock @@ -1081,16 +1081,16 @@ }, { "name": "macgirvin/http-message-signer", - "version": "v0.2.1", + "version": "v0.2.2", "source": { "type": "git", "url": "https://github.com/macgirvin/HTTP-Message-Signer.git", - "reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9" + "reference": "47604de860b822cd202dcd8b1da910d6c84720ab" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/55ea393671c58bb6b93445b5f3ee8ba41154f0c9", - "reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9", + "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/47604de860b822cd202dcd8b1da910d6c84720ab", + "reference": "47604de860b822cd202dcd8b1da910d6c84720ab", "shasum": "" }, "require": { @@ -1118,9 +1118,9 @@ "description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests", "support": { "issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues", - "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.1" + "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.2" }, - "time": "2025-07-05T00:38:21+00:00" + "time": "2025-07-10T01:13:05+00:00" }, { "name": "michelf/php-markdown", diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index caae8bc82..de089f123 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -1112,17 +1112,17 @@ }, { "name": "macgirvin/http-message-signer", - "version": "v0.2.1", - "version_normalized": "0.2.1.0", + "version": "v0.2.2", + "version_normalized": "0.2.2.0", "source": { "type": "git", "url": "https://github.com/macgirvin/HTTP-Message-Signer.git", - "reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9" + "reference": "47604de860b822cd202dcd8b1da910d6c84720ab" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/55ea393671c58bb6b93445b5f3ee8ba41154f0c9", - "reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9", + "url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/47604de860b822cd202dcd8b1da910d6c84720ab", + "reference": "47604de860b822cd202dcd8b1da910d6c84720ab", "shasum": "" }, "require": { @@ -1137,7 +1137,7 @@ "require-dev": { "phpunit/phpunit": "^10.0" }, - "time": "2025-07-05T00:38:21+00:00", + "time": "2025-07-10T01:13:05+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -1152,7 +1152,7 @@ "description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests", "support": { "issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues", - "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.1" + "source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.2" }, "install-path": "../macgirvin/http-message-signer" }, diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index 115299154..fe56b9d2d 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'zotlabs/hubzilla', 'pretty_version' => 'dev-10.4RC', 'version' => 'dev-10.4RC', - 'reference' => '1162615c52d562b96220be3d12c27d410feb74a6', + 'reference' => '43ebf69d09a9cd779a9fcc70ea642632bb0aeeae', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -146,9 +146,9 @@ 'dev_requirement' => false, ), 'macgirvin/http-message-signer' => array( - 'pretty_version' => 'v0.2.1', - 'version' => '0.2.1.0', - 'reference' => '55ea393671c58bb6b93445b5f3ee8ba41154f0c9', + 'pretty_version' => 'v0.2.2', + 'version' => '0.2.2.0', + 'reference' => '47604de860b822cd202dcd8b1da910d6c84720ab', 'type' => 'library', 'install_path' => __DIR__ . '/../macgirvin/http-message-signer', 'aliases' => array(), @@ -499,7 +499,7 @@ 'zotlabs/hubzilla' => array( 'pretty_version' => 'dev-10.4RC', 'version' => 'dev-10.4RC', - 'reference' => '1162615c52d562b96220be3d12c27d410feb74a6', + 'reference' => '43ebf69d09a9cd779a9fcc70ea642632bb0aeeae', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), diff --git a/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php b/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php index ae1b5cd18..31c481f22 100644 --- a/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php +++ b/vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php @@ -278,21 +278,6 @@ class HttpMessageSigner } $sigDict = $this->parseStructuredDict($headers['signature']); - if ($sigDict->isNotEmpty()) { - $indices = $sigDict->indices(); - foreach ($indices as $index) { - [$dictName, $members] = $sigDict->getByIndex($index); - if ($members instanceof Item) { - $signatures[$dictName] = $members->value(); - } - if ($members instanceof InnerList) { - $innerIndices = $members->indices(); - foreach ($innerIndices as $innerIndex) { - $signatures[$dictName][] = $members->getByIndex($innerIndex); - } - } - } - } foreach ($signatureComponents as $dictName => $dictComponents) { $namedSignatureComponents = $signatureComponents[$dictName]; @@ -304,7 +289,7 @@ class HttpMessageSigner } $decodedSig = base64_decode(trim($sigDict[$dictName]->__toString(), ':')); - return $this->verifySignature($signatureBase, $decodedSig, $params['alg'] ?? $this->algorithm); + return $this->verifySignature($signatureBase, $decodedSig, $parameters['alg'] ?? $this->algorithm); } return false; } @@ -379,12 +364,17 @@ class HttpMessageSigner private function getFieldValue($fieldName, MessageInterface $interface, $headers, $parameters ): array { + // The $interface has no single method to extract this, so build it from + // the avilable components. + $targetUri = $interface->getUri()->getScheme() . '://' . $interface->getUri()->getAuthority() + . $interface->getUri()->getPath() . $interface->getUri()->getQuery(); + $value = match ($fieldName) { '@signature-params' => ['', ''], '@method' => ['"@method"', strtoupper($interface->getMethod())], '@authority' => ['"@authority"', $interface->getUri()->getAuthority()], '@scheme' => ['"@scheme"', strtolower($interface->getUri()->getScheme())], - '@target-uri' => ['"target-uri"', $interface->getUri()->__toString()], + '@target-uri' => ['"@target-uri"', $targetUri], '@request-target' => ['"@request-target"', $interface->getRequestTarget()], '@path' => ['"@path"', $interface->getUri()->getPath()], '@query' => ['"@query"', $interface->getUri()->getQuery()], @@ -502,6 +492,7 @@ class HttpMessageSigner { return match ($this->algorithm) { 'rsa-v1_5-sha256' => $this->rsaSign($data), + 'rsa-v1_5-sha512' => $this->rsa512Sign($data), 'rsa-sha256' => $this->rsaSign($data), 'rsa-pss-sha512' => $this->pssSign($data), 'ed25519' => $this->ed25519Sign($data), @@ -515,6 +506,8 @@ class HttpMessageSigner return match ($alg) { 'rsa-v1_5-sha256' => openssl_verify($data, $signature, $this->publicKey, OPENSSL_ALGO_SHA256) === 1, + 'rsa-v1_5-sha512' => openssl_verify($data, $signature, $this->publicKey, + OPENSSL_ALGO_SHA512) === 1, 'rsa-sha256' => openssl_verify($data, $signature, $this->publicKey, OPENSSL_ALGO_SHA256) === 1, 'rsa-pss-sha512' => $this->pssVerify($data, $signature), @@ -536,6 +529,13 @@ class HttpMessageSigner } return base64_encode($signature); } + private function rsa512Sign(string $data): string + { + if (!openssl_sign($data, $signature, $this->privateKey, OPENSSL_ALGO_SHA512)) { + throw new UnProcessableSignatureException("RSA signing failed"); + } + return base64_encode($signature); + } private function pssSign(string $data): string { @@ -565,7 +565,7 @@ class HttpMessageSigner private function pssVerify(string $data, $signature): bool { $rsa = new RSA(); - if ($rsa->loadKey($this->publicKey) !== true) { + if (!$rsa->loadKey($this->publicKey)) { throw new UnprocessableSignatureException("PSS loadkey failure"); }; $rsa->setHash('sha512'); |