diff options
Diffstat (limited to 'Zotlabs/Web/HTTPSig.php')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 46 |
1 files changed, 43 insertions, 3 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 7c289ff5f..ce56ae46b 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -2,6 +2,7 @@ namespace Zotlabs\Web; +use App; use DateTime; use DateTimeZone; use Zotlabs\Lib\Activity; @@ -11,6 +12,7 @@ use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Webfinger; use Zotlabs\Lib\Zotfinger; use Zotlabs\Lib\Libzot; +use HttpSignature\HttpMessageSigner; /** * @brief Implements HTTP Signatures per draft-cavage-http-signatures-10. @@ -88,7 +90,7 @@ class HTTPSig { // See draft-cavage-http-signatures-10 - static function verify($data, $key = '', $keytype = '') { + public static function verify($data, $key = '', $keytype = '') { $body = $data; $headers = null; @@ -102,11 +104,49 @@ class HTTPSig { 'content_valid' => false ]; - $headers = self::find_headers($data, $body); - if (!$headers) + if (!$headers) { return $result; + } + + if (array_key_exists('signature-input', $headers) && array_key_exists('signature', $headers)) { + $found = preg_match('/keyid="(.*?)"/', $headers['signature-input'], $matches); + $keyId = ($found) ? $matches[1] : ''; + + if (!$keyId) { + return $result; + } + + $found = preg_match('/alg="(.*?)"/', $headers['signature-input'], $matches); + $alg = ($found) ? $matches[1] : null; + + $keyInfo = self::get_key($key, $keytype, $keyId); + $publicKey = $keyInfo['public_key']; + + $messageSigner = new HttpMessageSigner(); + + $messageSigner->setPublicKey($publicKey); + $messageSigner->setAlgorithm($alg); + $messageSigner->setKeyId($keyId); + + $messageSigner->setNonce(preg_match('/nonce="(.*?)"/', $headers['signature-input'], $matches) ? $matches[1] : ''); + $messageSigner->setTag(preg_match('/tag="(.*?)"/', $headers['signature-input'], $matches) ? $matches[1] : ''); + $messageSigner->setCreated(preg_match('/created=([0-9]+)/', $headers['signature-input'], $matches) ? $matches[1] : ''); + $messageSigner->setExpires(preg_match('/expires=([0-9]+)/', $headers['signature-input'], $matches) ? $matches[1] : ''); + + $verified = $messageSigner->verifyRequest(App::$request); + logger('verified (RFC9421): ' . (($verified) ? 'true' : 'false'), LOGGER_DEBUG); + + return [ + 'signer' => $keyId, + 'portable_id' => $keyInfo['portable_id'] ?? '', + 'header_signed' => true, + 'header_valid' => $verified, + 'content_signed' => array_key_exists('content-digest', $headers), + 'content_valid' => $verified + ]; + } if (is_array($body)) { btlogger('body is array:' . print_r($body, true)); |