diff options
Diffstat (limited to 'Zotlabs/Web/HTTPSig.php')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 6526fa7c8..986e10d73 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -20,7 +20,7 @@ class HTTPSig { return $digest; } - // See draft-cavage-http-signatures-07 + // See draft-cavage-http-signatures-08 static function verify($data,$key = '') { @@ -48,7 +48,7 @@ class HTTPSig { else { $headers = []; $headers['(request-target)'] = - $_SERVER['REQUEST_METHOD'] . ' ' . + strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; foreach($_SERVER as $k => $v) { if(strpos($k,'HTTP_') === 0) { @@ -70,6 +70,8 @@ class HTTPSig { if(! $sig_block) return $result; + logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA); + $result['header_signed'] = true; $signed_headers = $sig_block['headers']; @@ -110,6 +112,8 @@ class HTTPSig { $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); + logger('verified: ' . $x, LOGGER_DEBUG); + if($x === false) return $result; @@ -130,6 +134,8 @@ class HTTPSig { } } + logger('Content_Valid: ' . $result['content_valid']); + return $result; } |