Move signing to its own function
rodzic
a4360594df
commit
74bf3d1a68
116
index.php
116
index.php
|
@ -222,42 +222,14 @@
|
||||||
"object" => "https://{$server}/{$username}",
|
"object" => "https://{$server}/{$username}",
|
||||||
]
|
]
|
||||||
];
|
];
|
||||||
$message_json = json_encode( $message );
|
|
||||||
|
|
||||||
// The Accept is sent to the server of the user who requested the follow
|
// The Accept is sent to the server of the user who requested the follow
|
||||||
// TODO: The path doesn't *always* end with/inbox
|
// TODO: The path doesn't *always* end with/inbox
|
||||||
$host = $inbox_host;
|
$host = $inbox_host;
|
||||||
$path = parse_url( $inbox_actor, PHP_URL_PATH ) . "/inbox";
|
$path = parse_url( $inbox_actor, PHP_URL_PATH ) . "/inbox";
|
||||||
|
|
||||||
// Set up signing
|
// Get the signed headers
|
||||||
$keyId = "https://{$server}/{$username}#main-key";
|
$headers = generate_signed_headers( $message, $host, $path );
|
||||||
|
|
||||||
// Generate signing variables
|
|
||||||
$hash = hash( 'sha256', $message_json, true );
|
|
||||||
$digest = base64_encode( $hash );
|
|
||||||
$date = date( 'D, d M Y H:i:s \G\M\T' );
|
|
||||||
|
|
||||||
$signer = openssl_get_privatekey( $key_private );
|
|
||||||
$stringToSign = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest";
|
|
||||||
openssl_sign(
|
|
||||||
$stringToSign,
|
|
||||||
$signature,
|
|
||||||
$signer,
|
|
||||||
OPENSSL_ALGO_SHA256
|
|
||||||
);
|
|
||||||
$signature_b64 = base64_encode( $signature );
|
|
||||||
|
|
||||||
$header = 'keyId="' . $keyId . '",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="' . $signature_b64 . '"';
|
|
||||||
|
|
||||||
// Header for POST reply
|
|
||||||
$headers = array(
|
|
||||||
"Host: {$host}",
|
|
||||||
"Date: {$date}",
|
|
||||||
"Digest: SHA-256={$digest}",
|
|
||||||
"Signature: {$header}",
|
|
||||||
"Content-Type: application/activity+json",
|
|
||||||
"Accept: application/activity+json",
|
|
||||||
);
|
|
||||||
|
|
||||||
// Specify the URL of the remote server's inbox
|
// Specify the URL of the remote server's inbox
|
||||||
// TODO: The path doesn't *always* end with /inbox
|
// TODO: The path doesn't *always* end with /inbox
|
||||||
|
@ -267,7 +239,7 @@
|
||||||
$ch = curl_init( $remoteServerUrl );
|
$ch = curl_init( $remoteServerUrl );
|
||||||
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
||||||
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
|
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
|
||||||
curl_setopt( $ch, CURLOPT_POSTFIELDS, $message_json );
|
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode($message) );
|
||||||
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );
|
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );
|
||||||
$response = curl_exec( $ch );
|
$response = curl_exec( $ch );
|
||||||
|
|
||||||
|
@ -290,6 +262,53 @@
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function generate_signed_headers( $message, $host, $path ) {
|
||||||
|
global $server, $username, $key_private;
|
||||||
|
|
||||||
|
// Encode the message to JSON
|
||||||
|
$message_json = json_encode( $message );
|
||||||
|
|
||||||
|
// Location of the Public Key
|
||||||
|
$keyId = "https://{$server}/{$username}#main-key";
|
||||||
|
|
||||||
|
// Generate signing variables
|
||||||
|
$hash = hash( 'sha256', $message_json, true );
|
||||||
|
$digest = base64_encode( $hash );
|
||||||
|
$date = date( 'D, d M Y H:i:s \G\M\T' );
|
||||||
|
|
||||||
|
// Get the Private Key
|
||||||
|
$signer = openssl_get_privatekey( $key_private );
|
||||||
|
|
||||||
|
// Sign the path, host, date, and digest
|
||||||
|
$stringToSign = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest";
|
||||||
|
|
||||||
|
// The signing function returns the variable $signature
|
||||||
|
// https://www.php.net/manual/en/function.openssl-sign.php
|
||||||
|
openssl_sign(
|
||||||
|
$stringToSign,
|
||||||
|
$signature,
|
||||||
|
$signer,
|
||||||
|
OPENSSL_ALGO_SHA256
|
||||||
|
);
|
||||||
|
// Encode the signature
|
||||||
|
$signature_b64 = base64_encode( $signature );
|
||||||
|
|
||||||
|
// Full signature header
|
||||||
|
$signature_header = 'keyId="' . $keyId . '",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="' . $signature_b64 . '"';
|
||||||
|
|
||||||
|
// Header for POST reply
|
||||||
|
$headers = array(
|
||||||
|
"Host: {$host}",
|
||||||
|
"Date: {$date}",
|
||||||
|
"Digest: SHA-256={$digest}",
|
||||||
|
"Signature: {$signature_header}",
|
||||||
|
"Content-Type: application/activity+json",
|
||||||
|
"Accept: application/activity+json",
|
||||||
|
);
|
||||||
|
|
||||||
|
return $headers;
|
||||||
|
}
|
||||||
|
|
||||||
function write() {
|
function write() {
|
||||||
// Display an HTML form for the user to enter a message.
|
// Display an HTML form for the user to enter a message.
|
||||||
echo <<< HTML
|
echo <<< HTML
|
||||||
|
@ -361,7 +380,6 @@ HTML;
|
||||||
],
|
],
|
||||||
"object" => $note
|
"object" => $note
|
||||||
];
|
];
|
||||||
$message_json = json_encode($message);
|
|
||||||
|
|
||||||
// Create the context for the permalink
|
// Create the context for the permalink
|
||||||
$note = [ "@context" => "https://www.w3.org/ns/activitystreams", ...$note ];
|
$note = [ "@context" => "https://www.w3.org/ns/activitystreams", ...$note ];
|
||||||
|
@ -386,35 +404,8 @@ HTML;
|
||||||
foreach ( $hosts as $host ) {
|
foreach ( $hosts as $host ) {
|
||||||
$path = '/inbox';
|
$path = '/inbox';
|
||||||
|
|
||||||
// Set up signing
|
// Get the signed headers
|
||||||
$privateKey = $key_private;
|
$headers = generate_signed_headers( $message, $host, $path );
|
||||||
$keyId = "https://{$server}/{$username}#main-key";
|
|
||||||
|
|
||||||
$hash = hash( "sha256", $message_json, true );
|
|
||||||
$digest = base64_encode( $hash );
|
|
||||||
$date = date( 'D, d M Y H:i:s \G\M\T' );
|
|
||||||
|
|
||||||
$signer = openssl_get_privatekey( $key_private );
|
|
||||||
$stringToSign = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest";
|
|
||||||
openssl_sign(
|
|
||||||
$stringToSign,
|
|
||||||
$signature,
|
|
||||||
$signer,
|
|
||||||
OPENSSL_ALGO_SHA256
|
|
||||||
);
|
|
||||||
$signature_b64 = base64_encode( $signature );
|
|
||||||
|
|
||||||
$header = 'keyId="' . $keyId . '",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="' . $signature_b64 . '"';
|
|
||||||
|
|
||||||
// Header for POST reply
|
|
||||||
$headers = array(
|
|
||||||
"Host: {$host}",
|
|
||||||
"Date: {$date}",
|
|
||||||
"Digest: SHA-256={$digest}",
|
|
||||||
"Signature: {$header}",
|
|
||||||
"Content-Type: application/activity+json",
|
|
||||||
"Accept: application/activity+json",
|
|
||||||
);
|
|
||||||
|
|
||||||
// Specify the URL of the remote server
|
// Specify the URL of the remote server
|
||||||
$remoteServerUrl = "https://{$host}{$path}";
|
$remoteServerUrl = "https://{$host}{$path}";
|
||||||
|
@ -424,7 +415,7 @@ HTML;
|
||||||
|
|
||||||
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
||||||
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
|
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
|
||||||
curl_setopt( $ch, CURLOPT_POSTFIELDS, $message_json );
|
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode($message) );
|
||||||
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );
|
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );
|
||||||
|
|
||||||
// Add the handle to the multi-handle
|
// Add the handle to the multi-handle
|
||||||
|
@ -447,6 +438,7 @@ HTML;
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// "One to stun, two to kill, three to make sure"
|
||||||
die();
|
die();
|
||||||
die();
|
die();
|
||||||
die();
|
die();
|
Ładowanie…
Reference in New Issue