From 0271b578448ce139aff5a7f4017406c2c41aadad Mon Sep 17 00:00:00 2001
From: Django Doucet <djunglelabs@gmail.com>
Date: Wed, 9 Dec 2020 22:23:05 -0500
Subject: [PATCH 1/3] add digest header

---
 includes/class-signature.php | 19 ++++++++++++++++---
 includes/functions.php       |  4 +++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/includes/class-signature.php b/includes/class-signature.php
index 3dffb10..a2836f0 100644
--- a/includes/class-signature.php
+++ b/includes/class-signature.php
@@ -70,7 +70,7 @@ class Signature {
 		\update_user_meta( $user_id, 'magic_sig_public_key', $detail['key'] );
 	}
 
-	public static function generate_signature( $user_id, $url, $date ) {
+	public static function generate_signature( $user_id, $url, $date, $digest = null ) {
 		$key = self::get_private_key( $user_id );
 
 		$url_parts = \wp_parse_url( $url );
@@ -88,7 +88,11 @@ class Signature {
 			$path .= '?' . $url_parts['query'];
 		}
 
-		$signed_string = "(request-target): post $path\nhost: $host\ndate: $date";
+		if ( ! empty( $digest ) ) {
+			$signed_string = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest";
+		} else {
+			$signed_string = "(request-target): post $path\nhost: $host\ndate: $date";
+		}
 
 		$signature = null;
 		\openssl_sign( $signed_string, $signature, $key, \OPENSSL_ALGO_SHA256 );
@@ -96,10 +100,19 @@ class Signature {
 
 		$key_id = \get_author_posts_url( $user_id ) . '#main-key';
 
-		return \sprintf( 'keyId="%s",algorithm="rsa-sha256",headers="(request-target) host date",signature="%s"', $key_id, $signature );
+		if ( ! empty( $digest ) ) {
+			return \sprintf( 'keyId="%s",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="%s"', $key_id, $signature );
+		} else {
+			return \sprintf( 'keyId="%s",algorithm="rsa-sha256",headers="(request-target) host date",signature="%s"', $key_id, $signature );
+		}
 	}
 
 	public static function verify_signature( $headers, $signature ) {
 
 	}
+
+	public static function generate_digest( $body ) {
+		$digest = \base64_encode(  \hash('sha256', $body, true ) ); // phpcs:ignore
+		return "$digest";
+	}
 }
diff --git a/includes/functions.php b/includes/functions.php
index 43cc40e..3143eee 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -23,7 +23,8 @@ function get_context() {
 
 function safe_remote_post( $url, $body, $user_id ) {
 	$date = \gmdate( 'D, d M Y H:i:s T' );
-	$signature = \Activitypub\Signature::generate_signature( $user_id, $url, $date );
+	$digest = \Activitypub\Signature::generate_digest( $body );
+	$signature = \Activitypub\Signature::generate_signature( $user_id, $url, $date, $digest );
 
 	$wp_version = \get_bloginfo( 'version' );
 	$user_agent = \apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . \get_bloginfo( 'url' ) );
@@ -35,6 +36,7 @@ function safe_remote_post( $url, $body, $user_id ) {
 		'headers' => array(
 			'Accept' => 'application/activity+json',
 			'Content-Type' => 'application/activity+json',
+			'Digest' => "SHA-256=$digest",
 			'Signature' => $signature,
 			'Date' => $date,
 		),

From 91f9c1e2639a77cf3f0edbf958baa25d803df0ae Mon Sep 17 00:00:00 2001
From: Django Doucet <djunglelabs@gmail.com>
Date: Sun, 13 Dec 2020 23:40:44 -0500
Subject: [PATCH 2/3] Fix Unfollow action - The type is Undo

---
 includes/rest/class-inbox.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php
index ad033e7..7f77e14 100644
--- a/includes/rest/class-inbox.php
+++ b/includes/rest/class-inbox.php
@@ -16,7 +16,7 @@ class Inbox {
 		\add_action( 'rest_api_init', array( '\Activitypub\Rest\Inbox', 'register_routes' ) );
 		\add_filter( 'rest_pre_serve_request', array( '\Activitypub\Rest\Inbox', 'serve_request' ), 11, 4 );
 		\add_action( 'activitypub_inbox_follow', array( '\Activitypub\Rest\Inbox', 'handle_follow' ), 10, 2 );
-		\add_action( 'activitypub_inbox_unfollow', array( '\Activitypub\Rest\Inbox', 'handle_unfollow' ), 10, 2 );
+		\add_action( 'activitypub_inbox_undo', array( '\Activitypub\Rest\Inbox', 'handle_unfollow' ), 10, 2 );
 		//\add_action( 'activitypub_inbox_like', array( '\Activitypub\Rest\Inbox', 'handle_reaction' ), 10, 2 );
 		//\add_action( 'activitypub_inbox_announce', array( '\Activitypub\Rest\Inbox', 'handle_reaction' ), 10, 2 );
 		\add_action( 'activitypub_inbox_create', array( '\Activitypub\Rest\Inbox', 'handle_create' ), 10, 2 );

From c0033d8819dce14b850d62f513a0587b0cd7b7fb Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@gmail.com>
Date: Thu, 17 Dec 2020 17:39:35 +0100
Subject: [PATCH 3/3] fix WP coding standard issue

---
 includes/class-signature.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/class-signature.php b/includes/class-signature.php
index a2836f0..5caf884 100644
--- a/includes/class-signature.php
+++ b/includes/class-signature.php
@@ -112,7 +112,7 @@ class Signature {
 	}
 
 	public static function generate_digest( $body ) {
-		$digest = \base64_encode(  \hash('sha256', $body, true ) ); // phpcs:ignore
+		$digest = \base64_encode( \hash( 'sha256', $body, true ) ); // phpcs:ignore
 		return "$digest";
 	}
 }