aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php50
1 files changed, 23 insertions, 27 deletions
diff --git a/include/zot.php b/include/zot.php
index 1ab858480..d97fe8113 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -219,11 +219,11 @@ function zot_zot($url, $data, $channel = null) {
$headers['X-Zot-Token'] = random_string();
$hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false);
$headers['X-Zot-Digest'] = 'SHA-256=' . $hash;
- \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
+ $h = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,false,'sha512');
}
$redirects = 0;
- return z_post_url($url, array('data' => $data),$redirects,((is_empty($headers)) ? [] : [ 'headers' => $headers ]));
+ return z_post_url($url, array('data' => $data),$redirects,((empty($h)) ? [] : [ 'headers' => $h ]));
}
/**
@@ -4982,30 +4982,26 @@ function zot6_check_sig() {
$ret = [ 'success' => false ];
- foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
- if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
- if($head !== 'HTTP_AUTHORIZATION') {
- $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
- continue;
- }
-
- $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
- if($sigblock) {
- $keyId = $sigblock['keyId'];
-
- if($keyId) {
- $r = q("select hubloc.*, site_crypto from hubloc left join site on hubloc_url = site_url
- where hubloc_addr = '%s' ",
- dbesc(str_replace('acct:','',$keyId))
- );
- if($r) {
- foreach($r as $hubloc) {
- $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
- if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) {
- $ret['hubloc'] = $hubloc;
- $ret['success'] = true;
- return $ret;
- }
+logger('server: ' . print_r($_SERVER,true));
+
+ if(array_key_exists('HTTP_SIGNATURE',$_SERVER)) {
+logger('parsing signature header');
+ $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER['HTTP_SIGNATURE']);
+ if($sigblock) {
+ $keyId = $sigblock['keyId'];
+
+ if($keyId) {
+ $r = q("select hubloc.*, site_crypto from hubloc left join site on hubloc_url = site_url
+ where hubloc_addr = '%s' ",
+ dbesc(str_replace('acct:','',$keyId))
+ );
+ if($r) {
+ foreach($r as $hubloc) {
+ $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
+ if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) {
+ $ret['hubloc'] = $hubloc;
+ $ret['success'] = true;
+ return $ret;
}
}
}
@@ -5028,7 +5024,7 @@ function zot_reply_notify($data) {
if($zret['success'] && $zret['hubloc'] && $zret['hubloc']['hubloc_guid'] === $data['sender']['guid']) {
logger('zot6_delivery');
logger('zot6_data: ' . print_r($data,true),LOGGER_DATA);
- $x = zot_import($data,$data['sender']['url']);
+ $x = zot_import([ 'body' => json_encode($data) ],$data['sender']['url']);
if($x) {
$x = crypto_encapsulate(json_encode($x),$zret['hubloc']['hubloc_sitekey'],zot_best_algorithm($zret['hubloc']['site_crypto']));
$ret['delivery_report'] = $x;