use WP_Error
This commit is contained in:
Matthias Pfefferle
parent
378f5dacdc
commit
c42edfce68
1 changed files with 7 additions and 6 deletions
|
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
namespace Activitypub;
|
||||
|
||||
use WP_Error;
|
||||
use DateTime;
|
||||
use DateTimeZone;
|
||||
|
||||
|
|
@ -142,7 +143,7 @@ class Signature {
|
|||
}
|
||||
|
||||
if ( ! isset( $headers['signature'] ) ) {
|
||||
return new \WP_Error( 'activitypub_signature', 'Request not signed', array( 'status' => 403 ) );
|
||||
return new WP_Error( 'activitypub_signature', 'Request not signed', array( 'status' => 403 ) );
|
||||
}
|
||||
|
||||
if ( array_key_exists( 'signature', $headers ) ) {
|
||||
|
|
@ -152,7 +153,7 @@ class Signature {
|
|||
}
|
||||
|
||||
if ( ! isset( $signature_block ) || ! $signature_block ) {
|
||||
return new \WP_Error( 'activitypub_signature', 'Incompatible request signature. keyId and signature are required', array( 'status' => 403 ) );
|
||||
return new WP_Error( 'activitypub_signature', 'Incompatible request signature. keyId and signature are required', array( 'status' => 403 ) );
|
||||
}
|
||||
|
||||
$signed_headers = $signature_block['headers'];
|
||||
|
|
@ -162,12 +163,12 @@ class Signature {
|
|||
|
||||
$signed_data = self::get_signed_data( $signed_headers, $signature_block, $headers );
|
||||
if ( ! $signed_data ) {
|
||||
return new \WP_Error( 'activitypub_signature', 'Signed request date outside acceptable time window', array( 'status' => 403 ) );
|
||||
return new WP_Error( 'activitypub_signature', 'Signed request date outside acceptable time window', array( 'status' => 403 ) );
|
||||
}
|
||||
|
||||
$algorithm = self::get_signature_algorithm( $signature_block );
|
||||
if ( ! $algorithm ) {
|
||||
return new \WP_Error( 'activitypub_signature', 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', array( 'status' => 403 ) );
|
||||
return new WP_Error( 'activitypub_signature', 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', array( 'status' => 403 ) );
|
||||
}
|
||||
|
||||
if ( \in_array( 'digest', $signed_headers, true ) && isset( $body ) ) {
|
||||
|
|
@ -183,7 +184,7 @@ class Signature {
|
|||
}
|
||||
|
||||
if ( \base64_encode( \hash( $hashalg, $body, true ) ) !== $digest[1] ) { // phpcs:ignore
|
||||
return new \WP_Error( 'activitypub_signature', 'Invalid Digest header', array( 'status' => 403 ) );
|
||||
return new WP_Error( 'activitypub_signature', 'Invalid Digest header', array( 'status' => 403 ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -193,7 +194,7 @@ class Signature {
|
|||
}
|
||||
$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, $algorithm ) > 0;
|
||||
if ( ! $verified ) {
|
||||
return new \WP_Error( 'activitypub_signature', 'Invalid signature', array( 'status' => 403 ) );
|
||||
return new WP_Error( 'activitypub_signature', 'Invalid signature', array( 'status' => 403 ) );
|
||||
}
|
||||
return $verified;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue