Sign requests for public-keys

index.php

@@ -170,9 +170,9 @@
 			                     "name" => "{$realName}",
 			                  "summary" => "{$summary}",
 			                      "url" => "https://{$server}/{$username}",
-			"manuallyApprovesFollowers" =>  true,
+			"manuallyApprovesFollowers" =>  false,
 			             "discoverable" =>  true,
-			                "published" => "2024-02-29T12:34:00Z",
+			                "published" => "2024-02-29T12:34:56Z",
 			"icon" => [
 				     "type" => "Image",
 				"mediaType" => "image/png",
@@ -1032,11 +1032,35 @@ HTML;
 		//	This is usually in the form `https://example.com/user/username#main-key`
 		//	This is to differentiate if the user has multiple keys
 		//	TODO: Check the actual key
-		// This request does not need to be signed. But it does need to specify that it wants a JSON response
-		$context   = stream_context_create(
-			[ "http" => [ "header" => "Accept: application/activity+json" ] ] 
-		);
-		$userJSON  = file_get_contents( $publicKeyURL, false, $context );
+		// This request does not need to be signed normally.  
+		//	Some servers will only respond to signed requests.
+		//	It need to specify that it wants a JSON response
+
+		$publicKeyURL_host  = parse_url( $publicKeyURL, PHP_URL_HOST );
+		$publicKeyURL_path  = parse_url( $publicKeyURL, PHP_URL_PATH );
+
+		//	Request the JSON representation of the the user
+		$ch = curl_init( $publicKeyURL );
+
+		//	Generate signed headers for this request
+		$headers  = generate_signed_headers( null, $publicKeyURL_host, $publicKeyURL_path, "GET" );
+
+		// Set cURL options
+		curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt( $ch, CURLOPT_HTTPHEADER,     $headers );
+
+		// Execute the cURL session
+		$userJSON = curl_exec( $ch );
+
+		// Check for errors
+		if (curl_errno($ch)) {
+			// Handle cURL error
+			die();
+		} 
+		
+		// Close cURL session
+		curl_close($ch);
+
 		$userData  = json_decode( $userJSON, true );
 		$publicKey = $userData["publicKey"]["publicKeyPem"];