From fc1b89561e7f6e07a2e726db6d5f8d265bcac92e Mon Sep 17 00:00:00 2001
From: Django Doucet <mediaformat.ux@gmail.com>
Date: Wed, 10 May 2023 19:46:52 -0600
Subject: [PATCH] If WP_REST_Request set actor for get_remote_key()

---
 includes/class-signature.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/includes/class-signature.php b/includes/class-signature.php
index c958379..7c948f9 100644
--- a/includes/class-signature.php
+++ b/includes/class-signature.php
@@ -143,10 +143,12 @@ class Signature {
 	public static function verify_http_signature( $request ) {
 		if ( is_object( $request ) ) { // REST Request object
 			$headers = $request->get_headers();
+			$actor = isset( json_decode( $request->get_body() )->actor ) ? json_decode( $request->get_body() )->actor : '';
 			$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /' . rest_get_url_prefix() . $request->get_route();
 		} else {
 			$request = self::format_server_request( $request );
 			$headers = $request['headers']; // $_SERVER array
+			$actor = null;
 			$headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0];
 		}
 
@@ -196,7 +198,11 @@ class Signature {
 			}
 		}
 
-		$public_key = self::get_remote_key( $signature_block['keyId'] );
+		if ( $actor ) {
+			$public_key = self::get_remote_key( $actor );
+		} else {
+			$public_key = self::get_remote_key( $signature_block['keyId'] );
+		}
 		if ( \is_wp_error( $public_key ) ) {
 			return $public_key;
 		}