add openss_verify method and openssl_error_string
This commit is contained in:
parent
99630a58bb
commit
1f6e1cf37c
1 changed files with 33 additions and 13 deletions
|
@ -129,21 +129,21 @@ class Signature {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Split it into its parts ( keyId, headers and signature )
|
// Split signature into its parts
|
||||||
$signature_parts = self::splitSignature( $header_data['signature'][0] );
|
$signature_parts = self::splitSignature( $header_data['signature'][0] );
|
||||||
if ( !count($signature_parts ) ) {
|
if ( !count( $signature_parts ) ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
extract( $signature_parts );
|
extract( $signature_parts );// $keyId, $algorithm, $headers, $signature
|
||||||
|
|
||||||
// Fetch the public key linked from keyId
|
// Fetch the public key linked from keyId
|
||||||
$actor = \strip_fragment_from_url( $keyId );
|
$actor = \strip_fragment_from_url( $keyId );
|
||||||
$publicKeyPem = \Activitypub\get_publickey_by_actor( $actor, $keyId );
|
$publicKeyPem = \Activitypub\get_publickey_by_actor( $actor, $keyId );
|
||||||
|
|
||||||
if (! is_wp_error( $publicKeyPem ) ) {
|
if (! is_wp_error( $publicKeyPem ) ) {
|
||||||
$pkey = \openssl_pkey_get_details( \openssl_pkey_get_public( $publicKeyPem ) );
|
$pkey = \openssl_pkey_get_details( \openssl_pkey_get_public( $publicKeyPem ) );
|
||||||
$digest_gen = 'SHA-256=' . \base64_encode( \hash( 'sha256', $body, true ) );
|
$digest_gen = 'SHA-256=' . \base64_encode( \hash( 'sha256', $body, true ) );
|
||||||
if ( $digest_gen !== $header_data['digest'][0] ) {
|
if ( ! isset( $header_data['digest'][0] ) || ( $digest_gen !== $header_data['digest'][0] ) ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -154,21 +154,41 @@ class Signature {
|
||||||
$request
|
$request
|
||||||
);
|
);
|
||||||
|
|
||||||
// Verify that string using the public key and the original
|
// 2 methods because neither works ¯\_(ツ)_/¯
|
||||||
// signature.
|
// phpseclib method
|
||||||
$rsa = RSA::createKey()
|
$rsa = RSA::createKey()
|
||||||
->loadPublicKey( $pkey['key'])
|
->loadPublicKey( $pkey['key'])
|
||||||
->withHash('sha256');
|
->withHash('sha256');
|
||||||
|
$verified = $rsa->verify( $signing_headers, \base64_decode( $signature ) );
|
||||||
$verified = $rsa->verify( $data_plain, \base64_decode( $signature ) );
|
if ( $verified > 0 ) {
|
||||||
|
\error_log( '$rsa->verify: //return true;' );
|
||||||
if ( '1' === $verified ) {
|
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
|
while ( $ossl_error = openssl_error_string() ) {
|
||||||
|
\error_log( '$rsa->verify(): ' . $ossl_error );
|
||||||
|
}
|
||||||
|
$activity = \json_decode( $body );
|
||||||
|
\error_log( 'activity->type: ' . print_r( $activity->type, true ) );
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// openssl method
|
||||||
|
$verified = \openssl_verify( $signing_headers,
|
||||||
|
\base64_decode( \normalize_whitespace( $signature ) ),
|
||||||
|
$pkey['key'],
|
||||||
|
\OPENSSL_ALGO_SHA256
|
||||||
|
);
|
||||||
|
if ( $verified > 0 ) {
|
||||||
|
\error_log( 'openssl_verify: //return true;' );
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
while ( $ossl_error = openssl_error_string() ) {
|
||||||
|
\error_log( 'openssl_error_string(): ' . $ossl_error );
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue