diff options
author | Maxence Lange <maxence@artificial-owl.com> | 2021-03-18 18:10:48 -0100 |
---|---|---|
committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2021-03-19 11:35:02 +0000 |
commit | 90ac2a6b2687d4949635cd2001db8bf292f38100 (patch) | |
tree | 9c453180401b24bf5d77511e8886896977bf7e36 /lib/Service/SignatureService.php | |
parent | fe878f61fea98b429b3373a4778a96a1f27516f2 (diff) |
check content-length and digest
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Diffstat (limited to 'lib/Service/SignatureService.php')
-rw-r--r-- | lib/Service/SignatureService.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/Service/SignatureService.php b/lib/Service/SignatureService.php index f76ab2ad..71855e1a 100644 --- a/lib/Service/SignatureService.php +++ b/lib/Service/SignatureService.php @@ -256,6 +256,14 @@ class SignatureService { throw new SignatureException('object is too old'); } + if (strlen($data) !== (int)$request->getHeader('content-length')) { + throw new SignatureException('issue with content-length'); + } + + if ($this->generateDigest($data) !== $request->getHeader('digest')) { + throw new SignatureException('issue with digest'); + } + try { return $this->checkRequestSignature($request, $data); } catch (RequestContentException $e) { @@ -379,9 +387,6 @@ class SignatureService { $signed = base64_decode($sign['signature']); $estimated = $this->generateEstimatedSignature($headers, $request); - // TODO: check digest - // $this->generateDigest($data); - try { $publicKey = $this->retrieveKey($keyId); $this->checkRequestSignatureUsingPublicKey($publicKey, $sign, $estimated, $signed); |