aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web/HTTPSig.php
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Web/HTTPSig.php')
-rw-r--r--Zotlabs/Web/HTTPSig.php45
1 files changed, 25 insertions, 20 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 792556a10..35b18c763 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -3,8 +3,9 @@
namespace Zotlabs\Web;
use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Crypto;
+use Zotlabs\Lib\Keyutils;
use Zotlabs\Lib\Webfinger;
-use Zotlabs\Web\HTTPHeaders;
use Zotlabs\Lib\Libzot;
/**
@@ -151,30 +152,32 @@ class HTTPSig {
$result['signer'] = $sig_block['keyId'];
- $key = self::get_key($key,$keytype,$result['signer']);
+ $cached_key = self::get_key($key,$keytype,$result['signer']);
- if(! ($key && $key['public_key'])) {
+ if(! ($cached_key && $cached_key['public_key'])) {
return $result;
}
- $x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm);
+ $x = Crypto::verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm);
logger('verified: ' . $x, LOGGER_DEBUG);
+ $fetched_key = '';
+
if(! $x) {
// try again, ignoring the local actor (xchan) cache and refetching the key
// from its source
- $fkey = self::get_key($key,$keytype,$result['signer'],true);
+ $fetched_key = self::get_key($key,$keytype,$result['signer'],true);
- if ($fkey && $fkey['public_key']) {
- $y = rsa_verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm);
+ if ($fetched_key && $fetched_key['public_key']) {
+ $y = Crypto::verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm);
logger('verified: (cache reload) ' . $x, LOGGER_DEBUG);
}
if (! $y) {
- logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fkey['public_key']) ? '' : ' no key'));
+ logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fetched_key['public_key']) ? '' : ' no key'));
$sig_block['signature'] = base64_encode($sig_block['signature']);
logger('affected sigblock: ' . print_r($sig_block,true));
logger('headers: ' . print_r($headers,true));
@@ -184,6 +187,8 @@ class HTTPSig {
}
+ $key = (($fetched_key) ? $fetched_key : $cached_key);
+
$result['portable_id'] = $key['portable_id'];
$result['header_valid'] = true;
@@ -223,7 +228,7 @@ class HTTPSig {
}
if($keytype === 'zot6') {
- $key = self::get_zotfinger_key($id,$force);
+ $key = self::get_zotfinger_key($id);
if($key) {
return $key;
}
@@ -242,13 +247,13 @@ class HTTPSig {
}
- function convertKey($key) {
+ static function convertKey($key) {
- if(strstr($key,'RSA ')) {
- return rsatopem($key);
+ if(strstr($key,'RSA ')) {
+ return Keyutils::rsaToPem($key);
}
elseif(substr($key,0,5) === 'data:') {
- return convert_salmon_key($key);
+ return Keyutils::convertSalmonKey($key);
}
else {
return $key;
@@ -265,7 +270,7 @@ class HTTPSig {
* false if no pub key found, otherwise return the pub key
*/
- function get_activitystreams_key($id) {
+ static function get_activitystreams_key($id) {
// remove fragment
@@ -296,7 +301,7 @@ class HTTPSig {
}
- function get_webfinger_key($id) {
+ static function get_webfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s'",
dbesc(str_replace('acct:','',$id)),
@@ -331,7 +336,7 @@ class HTTPSig {
return (($key['public_key']) ? $key : false);
}
- function get_zotfinger_key($id) {
+ static function get_zotfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network = 'zot6'",
dbesc(str_replace('acct:','',$id)),
@@ -413,7 +418,7 @@ class HTTPSig {
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
if($encryption) {
- $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
+ $x = Crypto::encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
if(is_array($x)) {
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
}
@@ -453,7 +458,7 @@ class HTTPSig {
foreach($headers as $h) {
header($h);
}
- }
+ }
}
@@ -487,7 +492,7 @@ class HTTPSig {
$headers = rtrim($headers,"\n");
}
- $sig = base64_encode(rsa_sign($headers,$prvkey,$alg));
+ $sig = base64_encode(Crypto::sign($headers,$prvkey,$alg));
$ret['headers'] = $fields;
$ret['signature'] = $sig;
@@ -563,7 +568,7 @@ class HTTPSig {
$data = $matches[1];
if($iv && $key && $alg && $data) {
- return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
+ return Crypto::unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
}
return '';
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-19 11:56:13 +0000