Fix headers (string to array) and make sure the signature doesn't change

author Philipp <admin@philipp.info>

Wed, 25 Aug 2021 11:45:00 +0000 (13:45 +0200)

committer Philipp <admin@philipp.info>

Wed, 25 Aug 2021 12:22:43 +0000 (14:22 +0200)
author Philipp <admin@philipp.info>
Wed, 25 Aug 2021 11:45:00 +0000 (13:45 +0200)
committer Philipp <admin@philipp.info>
Wed, 25 Aug 2021 12:22:43 +0000 (14:22 +0200)
diff --git a/src/Module/Magic.php b/src/Module/Magic.php

index 45fde43f64657bc334958ca85eef3f2fac3908c6..12747dca7cca63a6180006dc663b4b07c5ec990a 100644 (file)
--- a/src/Module/Magic.php
+++ b/src/Module/Magic.php
@@ -88,9 +88,10 @@ class Magic extends BaseModule
                         $exp = explode('/profile/', $contact['url']);
                         $basepath = $exp[0];
  
-                       $header = [];
-                       $header['Accept'] = 'application/x-dfrn+json, application/x-zot+json';
-                       $header['X-Open-Web-Auth'] = Strings::getRandomHex();
+                       $header = [
+                               'Accept'                  => ['application/x-dfrn+json', 'application/x-zot+json'],
+                               'X-Open-Web-Auth' => [Strings::getRandomHex()],
+                       ];
  
                         // Create a header that is signed with the local users private key.
                         $header = HTTPSignature::createSig(
diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php

index cf3e1294f2054b3f10a1a34615b3a063284ba735..eab778b82027f92d3d30dacfb4895cecea9e77e4 100644 (file)
--- a/src/Util/HTTPSignature.php
+++ b/src/Util/HTTPSignature.php
@@ -140,6 +140,9 @@ class HTTPSignature
         public static function createSig($head, $prvkey, $keyid = 'Key')
         {
                 $return_headers = [];
+               if (!empty($head)) {
+                       $return_headers = $head;
+               }
  
                 $alg = 'sha512';
                 $algorithm = 'rsa-sha512';
@@ -149,15 +152,7 @@ class HTTPSignature
                 $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm
                         . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
  
-               $sighead = 'Authorization: Signature ' . $headerval;
-
-               if ($head) {
-                       foreach ($head as $k => $v) {
-                               $return_headers[] = $k . ': ' . $v;
-                       }
-               }
-
-               $return_headers[] = $sighead;
+               $return_headers['Authorization'] = ['Signature ' . $headerval];
  
                 return $return_headers;
         }
@@ -176,6 +171,9 @@ class HTTPSignature
                 $fields  = '';
  
                 foreach ($head as $k => $v) {
+                       if (is_array($v)) {
+                               $v = implode(', ', $v);
+                       }
                         $headers .= strtolower($k) . ': ' . trim($v) . "\n";
                         if ($fields) {
                                 $fields .= ' ';
diff --git a/tests/src/Util/HTTPSignatureTest.php b/tests/src/Util/HTTPSignatureTest.php

index 02f04ec01c1b24d6c0f8cc1cbdc8700c09696bf6..a2d1389759304832501b552a418870f0f4b96f20 100644 (file)
--- a/tests/src/Util/HTTPSignatureTest.php
+++ b/tests/src/Util/HTTPSignatureTest.php
@@ -124,8 +124,8 @@ G1vVmRgkLDqhc4+r3wDz3qy6JpV7tg==
  -----END PRIVATE KEY-----',
                                 'keyId'  => 'acct:admin@friendica.local',
                                 'header' => [
-                                       'Accept'          => 'application/x-dfrn+json, application/x-zot+json',
-                                       'X-Open-Web-Auth' => '1dde649b855fd1aae542a91c4edd8c3a7a4c59d8eaf3136cdee05dfc16a30bac',
+                                       'Accept'          => ['application/x-dfrn+json', 'application/x-zot+json'],
+                                       'X-Open-Web-Auth' => ['1dde649b855fd1aae542a91c4edd8c3a7a4c59d8eaf3136cdee05dfc16a30bac'],
                                 ],
                                 'signature' => 'Signature keyId="acct:admin@friendica.local",algorithm="rsa-sha512",headers="accept x-open-web-auth",signature="cb09/wdmRdFhrQUczL0lR6LTkVh8qb/vYh70DFCW40QrzvuUYHzJ+GqqJW6tcCb2rXP4t+aobWKfZ4wFMBtVbejAiCgF01pzEBJfDevdyu7khlfKo+Gtw1CGk4/0so1QmqASeHdlG3ID3GnmuovqZn2v5f5D+1UAJ6Pu6mtAXrGRntoEM/oqYBAsRrMtDSDAE4tnOSDu2YfVJJLfyUX1ZWjUK0ejZXZ0YTDJwU8PqRcRX17NhBaDq82dEHlfhD7I/aOclwVbfKIi5Ud619XCxPq0sAAYso17MhUm40oBCJVze2x4pswJhv9IFYohtR5G/fKkz2eosu3xeRflvGicS4JdclhTRgCGWDy10DV76FiXiS5N2clLXreHItWEXlZKZx6m9zAZoEX92VRnc4BY4jDsRR89Pl88hELaxiNipviyHS7XYZTRnkLM+nvtOcxkHSCbEs7oGw+AX+pLHoU5otNOqy+ZbXQ1cUvFOBYZmYdX3DiWaLfBKraakPkslJuU3yJu95X1qYmQTpOZDR4Ma/yf5fmWJh5D9ywnXxxd6RaupoO6HTtIl6gmsfcsyZNi5hRbbgPI3BiQwGYVGF6qzJpEOMzEyHyAuFeanhicc8b+P+DCwXni5sjM7ntKwShbCBP80KHSdoumORin3/PYgHCmHZVv71N0HNlPZnyVzZw="',
                         ]
@@ -147,7 +147,6 @@ G1vVmRgkLDqhc4+r3wDz3qy6JpV7tg==
         public function testSignHeader(string $privKey, string $keyId, array $header, string $signature)
         {
                 $signed = HTTPSignature::createSig($header, $privKey, $keyId);
-               print_r($signed);
-               self::assertEquals($signature, substr($signed[2], strlen('Authorization: ')));
+               self::assertEquals($signature, $signed['Authorization'][0]);
         }
  }
author	Philipp <admin@philipp.info>
	Wed, 25 Aug 2021 11:45:00 +0000 (13:45 +0200)
committer	Philipp <admin@philipp.info>
	Wed, 25 Aug 2021 12:22:43 +0000 (14:22 +0200)
src/Module/Magic.php		patch \| blob \| history
src/Util/HTTPSignature.php		patch \| blob \| history
tests/src/Util/HTTPSignatureTest.php		patch \| blob \| history