forked from GNUsocial/gnu-social
[PLUGIN][ActivityPub][HTTPSignatures] Fix wrong assumption that sha512 is used in hs2019
This commit is contained in:
parent
7a59d5a002
commit
ebbd8bf1e4
@ -143,11 +143,7 @@ class HTTPSignature
|
|||||||
{
|
{
|
||||||
// We need this because the used Request headers fields specified by Signature are in lower case.
|
// We need this because the used Request headers fields specified by Signature are in lower case.
|
||||||
$headersContent = array_change_key_case($inputHeaders, \CASE_LOWER);
|
$headersContent = array_change_key_case($inputHeaders, \CASE_LOWER);
|
||||||
if ($signatureData['algorithm'] == 'hs2019') {
|
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
|
||||||
$digest = 'SHA-512=' . base64_encode(hash('sha512', $body, true));
|
|
||||||
} else {
|
|
||||||
$digest = 'SHA-256=' . base64_encode(hash('sha256', $body, true));
|
|
||||||
}
|
|
||||||
$headersToSign = [];
|
$headersToSign = [];
|
||||||
foreach (explode(' ', $signatureData['headers']) as $h) {
|
foreach (explode(' ', $signatureData['headers']) as $h) {
|
||||||
if ($h == '(request-target)') {
|
if ($h == '(request-target)') {
|
||||||
@ -164,11 +160,7 @@ class HTTPSignature
|
|||||||
}
|
}
|
||||||
$signingString = self::_headersToSigningString($headersToSign);
|
$signingString = self::_headersToSigningString($headersToSign);
|
||||||
|
|
||||||
if ($signatureData['algorithm'] == 'hs2019') {
|
$verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, \OPENSSL_ALGO_SHA256);
|
||||||
$verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, \OPENSSL_ALGO_SHA512);
|
|
||||||
} else {
|
|
||||||
$verified = openssl_verify($signingString, base64_decode($signatureData['signature']), $publicKey, \OPENSSL_ALGO_SHA256);
|
|
||||||
}
|
|
||||||
|
|
||||||
return [$verified, $signingString];
|
return [$verified, $signingString];
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user