]> git.mxchange.org Git - friendica.git/blobdiff - src/Util/HTTPSignature.php
Cleaned code
[friendica.git] / src / Util / HTTPSignature.php
index 2d8254eeb801e15c1aa731abe23b905d0a47d4e0..aba280cf1dc57fd54205a915e7bfe6db21b8b374 100644 (file)
@@ -16,6 +16,9 @@ use Friendica\Protocol\ActivityPub;
  *
  * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Web/HTTPSig.php
  *
+ * Other parts of the code for HTTP signing are taken from the Osada project.
+ * https://framagit.org/macgirvin/osada
+ *
  * @see https://tools.ietf.org/html/draft-cavage-http-signatures-07
  */
 
@@ -266,7 +269,7 @@ class HTTPSignature
                        return;
                }
 
-               $content = json_encode($data);
+               $content = json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
 
                // Header data that is about to be signed.
                $host = parse_url($target, PHP_URL_HOST);
@@ -290,7 +293,7 @@ class HTTPSignature
                logger('Transmit to ' . $target . ' returned ' . $return_code);
        }
 
-       public static function verifyAP($content, $http_headers)
+       public static function getSigner($content, $http_headers)
        {
                $object = json_decode($content, true);
 
@@ -355,7 +358,7 @@ class HTTPSignature
                        return false;
                }
 
-               if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key, $algorithm)) {
+               if (!Crypto::rsaVerify($signed_data, $sig_block['signature'], $key['pubkey'], $algorithm)) {
                        return false;
                }
 
@@ -383,8 +386,7 @@ class HTTPSignature
                        }
                }
 
-               return true;
-
+               return $key['url'];
        }
 
        private static function fetchKey($id, $actor)
@@ -394,12 +396,12 @@ class HTTPSignature
                $profile = ActivityPub::fetchprofile($url);
                if (!empty($profile)) {
                        logger('Taking key from id ' . $id, LOGGER_DEBUG);
-                       return $profile['pubkey'];
+                       return ['url' => $url, 'pubkey' => $profile['pubkey']];
                } elseif ($url != $actor) {
                        $profile = ActivityPub::fetchprofile($actor);
                        if (!empty($profile)) {
                                logger('Taking key from actor ' . $actor, LOGGER_DEBUG);
-                               return $profile['pubkey'];
+                               return ['url' => $actor, 'pubkey' => $profile['pubkey']];
                        }
                }