[PLUGIN][ActivityPub][HTTPSignatures] Fix wrong assumption that sha512 is used in hs2019

This commit is contained in:
Diogo Peralta Cordeiro 2022-02-18 15:17:21 +00:00
parent 7a59d5a002
commit ebbd8bf1e4
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0

View File

@ -143,11 +143,7 @@ class HTTPSignature
{ {
// We need this because the used Request headers fields specified by Signature are in lower case. // We need this because the used Request headers fields specified by Signature are in lower case.
$headersContent = array_change_key_case($inputHeaders, \CASE_LOWER); $headersContent = array_change_key_case($inputHeaders, \CASE_LOWER);
if ($signatureData['algorithm'] == 'hs2019') {
$digest = 'SHA-512=' . base64_encode(hash('sha512', $body, true));
} else {
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true)); $digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
}
$headersToSign = []; $headersToSign = [];
foreach (explode(' ', $signatureData['headers']) as $h) { foreach (explode(' ', $signatureData['headers']) as $h) {
if ($h == '(request-target)') { if ($h == '(request-target)') {
@ -164,11 +160,7 @@ class HTTPSignature
} }
$signingString = self::_headersToSigningString($headersToSign); $signingString = self::_headersToSigningString($headersToSign);
if ($signatureData['algorithm'] == 'hs2019') {
$verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, \OPENSSL_ALGO_SHA512);
} else {
$verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, \OPENSSL_ALGO_SHA256); $verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, \OPENSSL_ALGO_SHA256);
}
return [$verified, $signingString]; return [$verified, $signingString];
} }