From 3c19648a56497433e5871f465e50660b06bd9f0f Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 21 Dec 2020 21:31:52 +0000 Subject: fix issue where an array was passed to get_key() instead of a string (cherry picked from commit 81a1aedeb9a4e07c3d1e11905ad3e2434d635e86) --- Zotlabs/Web/HTTPSig.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 792556a10..1f6979191 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -151,13 +151,13 @@ class HTTPSig { $result['signer'] = $sig_block['keyId']; - $key = self::get_key($key,$keytype,$result['signer']); + $cached_key = self::get_key($key,$keytype,$result['signer']); - if(! ($key && $key['public_key'])) { + if(! ($cached_key && $cached_key['public_key'])) { return $result; } - $x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm); + $x = rsa_verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm); logger('verified: ' . $x, LOGGER_DEBUG); @@ -166,15 +166,15 @@ class HTTPSig { // try again, ignoring the local actor (xchan) cache and refetching the key // from its source - $fkey = self::get_key($key,$keytype,$result['signer'],true); + $fetched_key = self::get_key($key,$keytype,$result['signer'],true); - if ($fkey && $fkey['public_key']) { - $y = rsa_verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm); + if ($fetched_key && $fetched_key['public_key']) { + $y = rsa_verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm); logger('verified: (cache reload) ' . $x, LOGGER_DEBUG); } if (! $y) { - logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fkey['public_key']) ? '' : ' no key')); + logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fetched_key['public_key']) ? '' : ' no key')); $sig_block['signature'] = base64_encode($sig_block['signature']); logger('affected sigblock: ' . print_r($sig_block,true)); logger('headers: ' . print_r($headers,true)); @@ -184,6 +184,8 @@ class HTTPSig { } + $key = (($fetched_key) ? $fetched_key : $cached_key); + $result['portable_id'] = $key['portable_id']; $result['header_valid'] = true; @@ -244,7 +246,7 @@ class HTTPSig { function convertKey($key) { - if(strstr($key,'RSA ')) { + if(strstr($key,'RSA ')) { return rsatopem($key); } elseif(substr($key,0,5) === 'data:') { @@ -453,7 +455,7 @@ class HTTPSig { foreach($headers as $h) { header($h); } - } + } } -- cgit v1.2.3