- if (!empty($ret['signature']) && !empty($ret['algorithm']) && empty($ret['headers'])) {
- $ret['headers'] = ['date'];
+ // if the header is encrypted, decrypt with (default) site private key and continue
+ if (!empty($headers['iv'])) {
+ $header = self::decryptSigheader($headers, DI::config()->get('system', 'prvkey'));
+ return self::parseSigheader($header);
+ }
+
+ $return = [
+ 'keyId' => $headers['keyId'] ?? '',
+ 'algorithm' => $headers['algorithm'] ?? 'rsa-sha256',
+ 'created' => $headers['created'] ?? null,
+ 'expires' => $headers['expires'] ?? null,
+ 'headers' => explode(' ', $headers['headers'] ?? ''),
+ 'signature' => base64_decode(preg_replace('/\s+/', '', $headers['signature'] ?? '')),
+ ];
+
+ if (!empty($return['signature']) && !empty($return['algorithm']) && empty($return['headers'])) {
+ $return['headers'] = ['date'];