From 737f3eb55338a2d196b281114b9bb72e0a53168c Mon Sep 17 00:00:00 2001
From: Diogo Cordeiro <diogo@fc.up.pt>
Date: Sun, 28 Jun 2020 00:58:16 +0100
Subject: [PATCH] [ActivityPub][HTTPSignatures] Fix verify

---
 plugins/ActivityPub/lib/httpsignature.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/plugins/ActivityPub/lib/httpsignature.php b/plugins/ActivityPub/lib/httpsignature.php
index cfb49327a9..6a5b96e4e0 100644
--- a/plugins/ActivityPub/lib/httpsignature.php
+++ b/plugins/ActivityPub/lib/httpsignature.php
@@ -160,6 +160,8 @@ class HttpSignature
      */
     public static function verify($publicKey, $signatureData, $inputHeaders, $path, $body): array
     {
+        // We need this because the used Request headers fields specified by Signature are in lower case.
+        $headersContent = array_change_key_case($inputHeaders, CASE_LOWER);
         $digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
         $headersToSign = [];
         foreach (explode(' ', $signatureData['headers']) as $h) {
@@ -167,8 +169,8 @@ class HttpSignature
                 $headersToSign[$h] = 'post ' . $path;
             } elseif ($h == 'digest') {
                 $headersToSign[$h] = $digest;
-            } elseif (isset($inputHeaders[$h][0])) {
-                $headersToSign[$h] = $inputHeaders[$h];
+            } elseif (isset($headersContent[$h][0])) {
+                $headersToSign[$h] = $headersContent[$h];
             }
         }
         $signingString = self::_headersToSigningString($headersToSign);