add openss_verify method and openssl_error_string

This commit is contained in:
Django Doucet 2022-03-19 20:19:59 -06:00
parent 99630a58bb
commit 1f6e1cf37c

View file

@ -129,12 +129,12 @@ class Signature {
return false; return false;
} }
// Split it into its parts ( keyId, headers and signature ) // Split signature into its parts
$signature_parts = self::splitSignature( $header_data['signature'][0] ); $signature_parts = self::splitSignature( $header_data['signature'][0] );
if ( !count( $signature_parts ) ) { if ( !count( $signature_parts ) ) {
return false; return false;
} }
extract( $signature_parts ); extract( $signature_parts );// $keyId, $algorithm, $headers, $signature
// Fetch the public key linked from keyId // Fetch the public key linked from keyId
$actor = \strip_fragment_from_url( $keyId ); $actor = \strip_fragment_from_url( $keyId );
@ -143,7 +143,7 @@ class Signature {
if (! is_wp_error( $publicKeyPem ) ) { if (! is_wp_error( $publicKeyPem ) ) {
$pkey = \openssl_pkey_get_details( \openssl_pkey_get_public( $publicKeyPem ) ); $pkey = \openssl_pkey_get_details( \openssl_pkey_get_public( $publicKeyPem ) );
$digest_gen = 'SHA-256=' . \base64_encode( \hash( 'sha256', $body, true ) ); $digest_gen = 'SHA-256=' . \base64_encode( \hash( 'sha256', $body, true ) );
if ( $digest_gen !== $header_data['digest'][0] ) { if ( ! isset( $header_data['digest'][0] ) || ( $digest_gen !== $header_data['digest'][0] ) ) {
return false; return false;
} }
@ -154,21 +154,41 @@ class Signature {
$request $request
); );
// Verify that string using the public key and the original // 2 methods because neither works ¯\_(ツ)_/¯
// signature. // phpseclib method
$rsa = RSA::createKey() $rsa = RSA::createKey()
->loadPublicKey( $pkey['key']) ->loadPublicKey( $pkey['key'])
->withHash('sha256'); ->withHash('sha256');
$verified = $rsa->verify( $signing_headers, \base64_decode( $signature ) );
$verified = $rsa->verify( $data_plain, \base64_decode( $signature ) ); if ( $verified > 0 ) {
\error_log( '$rsa->verify: //return true;' );
if ( '1' === $verified ) {
return true; return true;
} else { } else {
while ( $ossl_error = openssl_error_string() ) {
\error_log( '$rsa->verify(): ' . $ossl_error );
}
$activity = \json_decode( $body );
\error_log( 'activity->type: ' . print_r( $activity->type, true ) );
return false;
}
// openssl method
$verified = \openssl_verify( $signing_headers,
\base64_decode( \normalize_whitespace( $signature ) ),
$pkey['key'],
\OPENSSL_ALGO_SHA256
);
if ( $verified > 0 ) {
\error_log( 'openssl_verify: //return true;' );
return true;
} else {
while ( $ossl_error = openssl_error_string() ) {
\error_log( 'openssl_error_string(): ' . $ossl_error );
}
return false; return false;
} }
} }
return true; return false;
} }
/** /**