aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Daemon/Notifier.php4
-rw-r--r--Zotlabs/Web/HTTPSig.php21
2 files changed, 20 insertions, 5 deletions
diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php
index b168db5ae..957b859af 100644
--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
@@ -618,8 +618,8 @@ class Notifier {
$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
}
if($packet_type === 'keychange') {
- $packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
$pmsg = get_pconfig($channel['channel_id'],'system','keychange');
+ $packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
}
elseif($packet_type === 'request') {
$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
@@ -640,7 +640,7 @@ class Notifier {
}
else {
$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
- $packet = zot_build_packet($channel,'notify',$env,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);
+ $packet = zot6_build_packet($channel,'notify',$env, json_encode($encoded_item), (($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);
queue_insert(
[
'hash' => $hash,
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 63033ce5e..a27edb73d 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -137,7 +137,22 @@ class HTTPSig {
}
}
- logger('Content_Valid: ' . $result['content_valid']);
+
+ if(in_array('x-zot-digest',$signed_headers)) {
+ $result['content_signed'] = true;
+ $digest = explode('=', $headers['x-zot-digest']);
+ if($digest[0] === 'SHA-256')
+ $hashalg = 'sha256';
+ if($digest[0] === 'SHA-512')
+ $hashalg = 'sha512';
+
+ // The explode operation will have stripped the '=' padding, so compare against unpadded base64
+ if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
+ $result['content_valid'] = true;
+ }
+ }
+
+ logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false'));
return $result;
@@ -194,8 +209,8 @@ class HTTPSig {
. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
if($crypt_key) {
- $x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg);
- $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'];
+ $x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo);
+ $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
}
if($auth) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 20:14:02 +0000