Better casing of signature verification
rodzic
5e6a98dee3
commit
cd145915be
15
index.php
15
index.php
|
@ -775,10 +775,12 @@ HTML;
|
||||||
|
|
||||||
// Get the headers send with the request
|
// Get the headers send with the request
|
||||||
$headers = getallheaders();
|
$headers = getallheaders();
|
||||||
|
// Ensure the header keys match the format expected by the signature
|
||||||
|
$headers = array_change_key_case( $headers, CASE_LOWER );
|
||||||
|
|
||||||
// Validate the timestamp is within ±30 seconds
|
// Validate the timestamp is within ±30 seconds
|
||||||
if ( !isset( $headers["Date"] ) ) { return null; } // No date set
|
if ( !isset( $headers["date"] ) ) { return null; } // No date set
|
||||||
$dateHeader = $headers["Date"];
|
$dateHeader = $headers["date"];
|
||||||
$headerDatetime = DateTime::createFromFormat('D, d M Y H:i:s T', $dateHeader);
|
$headerDatetime = DateTime::createFromFormat('D, d M Y H:i:s T', $dateHeader);
|
||||||
$currentDatetime = new DateTime();
|
$currentDatetime = new DateTime();
|
||||||
|
|
||||||
|
@ -802,7 +804,7 @@ HTML;
|
||||||
|
|
||||||
// Validate the Digest
|
// Validate the Digest
|
||||||
// It is the hash of the raw input string, in binary, encoded as base64
|
// It is the hash of the raw input string, in binary, encoded as base64
|
||||||
$digestString = $headers["Digest"];
|
$digestString = $headers["digest"];
|
||||||
// Usually in the form `SHA-256=Ofv56Jm9rlowLR9zTkfeMGLUG1JYQZj0up3aRPZgT0c=`
|
// Usually in the form `SHA-256=Ofv56Jm9rlowLR9zTkfeMGLUG1JYQZj0up3aRPZgT0c=`
|
||||||
// The Base64 encoding may have multiple `=` at the end. So split this at the first `=`
|
// The Base64 encoding may have multiple `=` at the end. So split this at the first `=`
|
||||||
$digestData = explode( "=", $digestString, 2 );
|
$digestData = explode( "=", $digestString, 2 );
|
||||||
|
@ -839,7 +841,7 @@ HTML;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Examine the signature
|
// Examine the signature
|
||||||
$signatureHeader = $headers["Signature"];
|
$signatureHeader = $headers["signature"];
|
||||||
|
|
||||||
// Extract key information from the Signature header
|
// Extract key information from the Signature header
|
||||||
$signatureParts = [];
|
$signatureParts = [];
|
||||||
|
@ -856,14 +858,13 @@ HTML;
|
||||||
foreach ($signatureHeaders as $signatureHeader) {
|
foreach ($signatureHeaders as $signatureHeader) {
|
||||||
if ( "(request-target)" == $signatureHeader ) {
|
if ( "(request-target)" == $signatureHeader ) {
|
||||||
$method = strtolower( $_SERVER["REQUEST_METHOD"] );
|
$method = strtolower( $_SERVER["REQUEST_METHOD"] );
|
||||||
$target = strtolower( $_SERVER["REQUEST_URI"] );
|
$target = $_SERVER["REQUEST_URI"];
|
||||||
$signatureString .= "(request-target): {$method} {$target}\n";
|
$signatureString .= "(request-target): {$method} {$target}\n";
|
||||||
} else if ( "host" == $signatureHeader ) {
|
} else if ( "host" == $signatureHeader ) {
|
||||||
$host = strtolower( $_SERVER["HTTP_HOST"] );
|
$host = strtolower( $_SERVER["HTTP_HOST"] );
|
||||||
$signatureString .= "host: {$host}\n";
|
$signatureString .= "host: {$host}\n";
|
||||||
} else {
|
} else {
|
||||||
// In the HTTP header, the keys use Title Case
|
$signatureString .= "{$signatureHeader}: " . $headers[$signatureHeader] . "\n";
|
||||||
$signatureString .= "{$signatureHeader}: " . $headers[ ucwords( $signatureHeader, "-" ) ] . "\n";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Ładowanie…
Reference in New Issue