diff options
| author | Maxence Lange <maxence@artificial-owl.com> | 2019-07-11 18:55:00 -0100 |
|---|---|---|
| committer | Maxence Lange <maxence@artificial-owl.com> | 2019-07-11 18:55:00 -0100 |
| commit | c64f502718e8d31a4ee7cf1a00cb0cdd260e9eff (patch) | |
| tree | 8f5845f4f7d25a05c00907a283113c61284c3fd2 /lib | |
| parent | 7fccfc23257b6103e999ec90a8120b8f5cc69521 (diff) | |
cleaner signature process
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Service/SignatureService.php | 71 |
1 files changed, 48 insertions, 23 deletions
diff --git a/lib/Service/SignatureService.php b/lib/Service/SignatureService.php index 637c2de8..e29a7210 100644 --- a/lib/Service/SignatureService.php +++ b/lib/Service/SignatureService.php @@ -154,31 +154,57 @@ class SignatureService { $localActor = $this->actorsRequest->getFromId($queue->getAuthor()); -// $localActorLink = -// $this->configService->getSocialUrl() . '@' . $localActor->getPreferredUsername(); + $headersElements = ['content-length', 'date', 'host', 'digest']; + $allElements = [ + '(request-target)' => 'post ' . $path->getPath(), + 'date' => $date, + 'host' => $path->getAddress(), + 'digest' => $this->generateDigest($request->getDataBody()), + 'content-length' => strlen($request->getDataBody()) + ]; + + $signing = $this->generateHeaders($headersElements, $allElements, $request); + openssl_sign($signing, $signed, $localActor->getPrivateKey(), OPENSSL_ALGO_SHA256); - $digest = $this->generateDigest($request->getDataBody()); - $contentSize = strlen($request->getDataBody()); + $signed = base64_encode($signed); + $signature = $this->generateSignature($headersElements, $localActor->getId(), $signed); - $signature = ''; -// $signature .= "(request-target): post " . $path->getPath() . "\n"; - $signature .= 'content-length: ' . $contentSize . "\n"; - $signature .= 'date: ' . $date . "\n"; - $signature .= 'digest: ' . $digest . "\n"; - $signature .= 'host: ' . $path->getAddress(); + $request->addHeader('Signature: ' . $signature); + } - openssl_sign($signature, $signed, $localActor->getPrivateKey(), OPENSSL_ALGO_SHA256); - $signed = base64_encode($signed); - $header = 'keyId="' . $localActor->getId() . '#main-key' - . '",algorithm="rsa-sha256",headers="content-length date digest host",signature="' - . $signed . '"'; + /** + * @param array $elements + * @param array $data + * @param Request $request + * + * @return string + */ + private function generateHeaders(array $elements, array $data, Request $request): string { + $signingElements = []; + foreach ($elements as $element) { + $signingElements[] = $element . ': ' . $data[$element]; + $request->addHeader($element . ': ' . $data[$element]); + } + + return implode("\n", $signingElements); + } + - $request->addHeader('Content-length: ' . $contentSize); - $request->addHeader('Host: ' . $path->getAddress()); - $request->addHeader('Date: ' . $date); - $request->addHeader('Digest: ' . $digest); - $request->addHeader('Signature: ' . $header); + /** + * @param array $elements + * @param string $actorId + * @param string $signed + * + * @return array + */ + private function generateSignature(array $elements, string $actorId, string $signed): string { + $signatureElements[] = 'keyId="' . $actorId . '#main-key"'; + $signatureElements[] = 'algorithm="rsa-sha256"'; + $signatureElements[] = 'headers="' . implode(' ', $elements) . '"'; + $signatureElements[] = 'signature="' . $signed . '"'; + + return implode(',', $signatureElements); } @@ -360,8 +386,8 @@ class SignatureService { if ($publicKey === '' || openssl_verify($estimated, $signed, $publicKey, $algorithm) !== 1) { throw new SignatureException( - 'signature cannot be checked key: ' . $publicKey . ' - algo: ' . $algorithm - . ' - estimated: ' . $estimated + 'signature cannot be checked - signed: ' . $signed . ' - key: ' . $publicKey + . ' - algo: ' . $algorithm . ' - estimated: ' . $estimated ); } @@ -473,7 +499,6 @@ class SignatureService { ); } - /** * @param array $sign * |