updated plugin ActivityPub version 5.8.0
This commit is contained in:
Gitium
@ -11,7 +11,7 @@ use WP_Error;
|
||||
use DateTime;
|
||||
use DateTimeZone;
|
||||
use WP_REST_Request;
|
||||
use Activitypub\Collection\Users;
|
||||
use Activitypub\Collection\Actors;
|
||||
|
||||
/**
|
||||
* ActivityPub Signature Class.
|
||||
@ -193,7 +193,7 @@ class Signature {
|
||||
* @return string The signature.
|
||||
*/
|
||||
public static function generate_signature( $user_id, $http_method, $url, $date, $digest = null ) {
|
||||
$user = Users::get_by_id( $user_id );
|
||||
$user = Actors::get_by_id( $user_id );
|
||||
$key = self::get_private_key_for( $user->get__id() );
|
||||
|
||||
$url_parts = \wp_parse_url( $url );
|
||||
@ -223,7 +223,7 @@ class Signature {
|
||||
\openssl_sign( $signed_string, $signature, $key, \OPENSSL_ALGO_SHA256 );
|
||||
$signature = \base64_encode( $signature ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
|
||||
|
||||
$key_id = $user->get_url() . '#main-key';
|
||||
$key_id = $user->get_id() . '#main-key';
|
||||
|
||||
if ( ! empty( $digest ) ) {
|
||||
return \sprintf( 'keyId="%s",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="%s"', $key_id, $signature );
|
||||
@ -267,24 +267,15 @@ class Signature {
|
||||
$headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0];
|
||||
}
|
||||
|
||||
if ( ! isset( $headers['signature'] ) ) {
|
||||
return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 401 ) );
|
||||
}
|
||||
|
||||
if ( array_key_exists( 'signature', $headers ) ) {
|
||||
$signature_block = self::parse_signature_header( $headers['signature'][0] );
|
||||
} elseif ( array_key_exists( 'authorization', $headers ) ) {
|
||||
$signature_block = self::parse_signature_header( $headers['authorization'][0] );
|
||||
}
|
||||
|
||||
if ( ! isset( $signature_block ) || ! $signature_block ) {
|
||||
} else {
|
||||
return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 401 ) );
|
||||
}
|
||||
|
||||
$signed_headers = $signature_block['headers'];
|
||||
if ( ! $signed_headers ) {
|
||||
$signed_headers = array( 'date' );
|
||||
}
|
||||
|
||||
$signed_data = self::get_signed_data( $signed_headers, $signature_block, $headers );
|
||||
if ( ! $signed_data ) {
|
||||
@ -321,7 +312,6 @@ class Signature {
|
||||
}
|
||||
|
||||
$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, $algorithm ) > 0;
|
||||
|
||||
if ( ! $verified ) {
|
||||
return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 401 ) );
|
||||
}
|
||||
@ -333,7 +323,7 @@ class Signature {
|
||||
*
|
||||
* @param string $key_id The URL to the public key.
|
||||
*
|
||||
* @return WP_Error|string The public key or WP_Error.
|
||||
* @return resource|WP_Error The public key resource or WP_Error.
|
||||
*/
|
||||
public static function get_remote_key( $key_id ) {
|
||||
$actor = get_remote_metadata_by_actor( strip_fragment_from_url( $key_id ) );
|
||||
@ -344,9 +334,14 @@ class Signature {
|
||||
array( 'status' => 401 )
|
||||
);
|
||||
}
|
||||
|
||||
if ( isset( $actor['publicKey']['publicKeyPem'] ) ) {
|
||||
return \rtrim( $actor['publicKey']['publicKeyPem'] );
|
||||
$key_resource = \openssl_pkey_get_public( \rtrim( $actor['publicKey']['publicKeyPem'] ) );
|
||||
if ( $key_resource ) {
|
||||
return $key_resource;
|
||||
}
|
||||
}
|
||||
|
||||
return new WP_Error(
|
||||
'activitypub_no_remote_key_found',
|
||||
__( 'No Public-Key found', 'activitypub' ),
|
||||
@ -403,7 +398,7 @@ class Signature {
|
||||
$parsed_header['signature'] = \base64_decode( preg_replace( '/\s+/', '', trim( $matches[1] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
|
||||
}
|
||||
|
||||
if ( ( $parsed_header['signature'] ) && ( $parsed_header['algorithm'] ) && ( ! $parsed_header['headers'] ) ) {
|
||||
if ( empty( $parsed_header['headers'] ) ) {
|
||||
$parsed_header['headers'] = array( 'date' );
|
||||
}
|
||||
|
||||
@ -461,6 +456,10 @@ class Signature {
|
||||
}
|
||||
}
|
||||
if ( 'date' === $header ) {
|
||||
if ( empty( $headers[ $header ][0] ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Allow a bit of leeway for misconfigured clocks.
|
||||
$d = new DateTime( $headers[ $header ][0] );
|
||||
$d->setTimeZone( new DateTimeZone( 'UTC' ) );
|
||||
@ -474,7 +473,10 @@ class Signature {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
$signed_data .= $header . ': ' . $headers[ $header ][0] . "\n";
|
||||
|
||||
if ( ! empty( $headers[ $header ][0] ) ) {
|
||||
$signed_data .= $header . ': ' . $headers[ $header ][0] . "\n";
|
||||
}
|
||||
}
|
||||
return \rtrim( $signed_data, "\n" );
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user