From bbe59a942a2e51071e12043e472f6056a6642743 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 18 Mar 2021 18:10:48 -0100
Subject: check content-length and digest

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 lib/Service/SignatureService.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/Service/SignatureService.php b/lib/Service/SignatureService.php
index f76ab2ad..71855e1a 100644
--- a/lib/Service/SignatureService.php
+++ b/lib/Service/SignatureService.php
@@ -256,6 +256,14 @@ class SignatureService {
 			throw new SignatureException('object is too old');
 		}
 
+		if (strlen($data) !== (int)$request->getHeader('content-length')) {
+			throw new SignatureException('issue with content-length');
+		}
+
+		if ($this->generateDigest($data) !== $request->getHeader('digest')) {
+			throw new SignatureException('issue with digest');
+		}
+
 		try {
 			return $this->checkRequestSignature($request, $data);
 		} catch (RequestContentException $e) {
@@ -379,9 +387,6 @@ class SignatureService {
 		$signed = base64_decode($sign['signature']);
 		$estimated = $this->generateEstimatedSignature($headers, $request);
 
-		// TODO: check digest
-		//	$this->generateDigest($data);
-
 		try {
 			$publicKey = $this->retrieveKey($keyId);
 			$this->checkRequestSignatureUsingPublicKey($publicKey, $sign, $estimated, $signed);
-- 
cgit v1.2.3