TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

update macgirvin/http-message-signer to version 2.2

Browse Source
This commit is contained in:
Mario Vavti
2025-07-10 11:36:38 +02:00
parent 43ebf69d09
commit 52291fd371
4 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
composer.lock generated
View File

@@ -1081,16 +1081,16 @@
},
{
"name": "macgirvin/http-message-signer",
"version": "v0.2.1",
"version": "v0.2.2",
"source": {
"type": "git",
"url": "https://github.com/macgirvin/HTTP-Message-Signer.git",
"reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9"
"reference": "47604de860b822cd202dcd8b1da910d6c84720ab"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/55ea393671c58bb6b93445b5f3ee8ba41154f0c9",
"reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/47604de860b822cd202dcd8b1da910d6c84720ab",
"reference": "47604de860b822cd202dcd8b1da910d6c84720ab",
"shasum": ""
},
"require": {
@@ -1118,9 +1118,9 @@
"description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests",
"support": {
"issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues",
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.1"
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.2"
},
"time": "2025-07-05T00:38:21+00:00"
"time": "2025-07-10T01:13:05+00:00"
},
{
"name": "michelf/php-markdown",

14
vendor/composer/installed.json vendored
View File

@@ -1112,17 +1112,17 @@
},
{
"name": "macgirvin/http-message-signer",
"version": "v0.2.1",
"version_normalized": "0.2.1.0",
"version": "v0.2.2",
"version_normalized": "0.2.2.0",
"source": {
"type": "git",
"url": "https://github.com/macgirvin/HTTP-Message-Signer.git",
"reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9"
"reference": "47604de860b822cd202dcd8b1da910d6c84720ab"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/55ea393671c58bb6b93445b5f3ee8ba41154f0c9",
"reference": "55ea393671c58bb6b93445b5f3ee8ba41154f0c9",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/47604de860b822cd202dcd8b1da910d6c84720ab",
"reference": "47604de860b822cd202dcd8b1da910d6c84720ab",
"shasum": ""
},
"require": {
@@ -1137,7 +1137,7 @@
"require-dev": {
"phpunit/phpunit": "^10.0"
},
"time": "2025-07-05T00:38:21+00:00",
"time": "2025-07-10T01:13:05+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -1152,7 +1152,7 @@
"description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests",
"support": {
"issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues",
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.1"
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.2"
},
"install-path": "../macgirvin/http-message-signer"
},

10
vendor/composer/installed.php vendored
View File

@@ -3,7 +3,7 @@
'name' => 'zotlabs/hubzilla',
'pretty_version' => 'dev-10.4RC',
'version' => 'dev-10.4RC',
'reference' => '1162615c52d562b96220be3d12c27d410feb74a6',
'reference' => '43ebf69d09a9cd779a9fcc70ea642632bb0aeeae',
'type' => 'application',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@@ -146,9 +146,9 @@
'dev_requirement' => false,
),
'macgirvin/http-message-signer' => array(
'pretty_version' => 'v0.2.1',
'version' => '0.2.1.0',
'reference' => '55ea393671c58bb6b93445b5f3ee8ba41154f0c9',
'pretty_version' => 'v0.2.2',
'version' => '0.2.2.0',
'reference' => '47604de860b822cd202dcd8b1da910d6c84720ab',
'type' => 'library',
'install_path' => __DIR__ . '/../macgirvin/http-message-signer',
'aliases' => array(),
@@ -499,7 +499,7 @@
'zotlabs/hubzilla' => array(
'pretty_version' => 'dev-10.4RC',
'version' => 'dev-10.4RC',
'reference' => '1162615c52d562b96220be3d12c27d410feb74a6',
'reference' => '43ebf69d09a9cd779a9fcc70ea642632bb0aeeae',
'type' => 'application',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),

36
vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php vendored
View File

@@ -278,21 +278,6 @@ class HttpMessageSigner
}
$sigDict = $this->parseStructuredDict($headers['signature']);
if ($sigDict->isNotEmpty()) {
$indices = $sigDict->indices();
foreach ($indices as $index) {
[$dictName, $members] = $sigDict->getByIndex($index);
if ($members instanceof Item) {
$signatures[$dictName] = $members->value();
}
if ($members instanceof InnerList) {
$innerIndices = $members->indices();
foreach ($innerIndices as $innerIndex) {
$signatures[$dictName][] = $members->getByIndex($innerIndex);
}
}
}
}
foreach ($signatureComponents as $dictName => $dictComponents) {
$namedSignatureComponents = $signatureComponents[$dictName];
@@ -304,7 +289,7 @@ class HttpMessageSigner
}
$decodedSig = base64_decode(trim($sigDict[$dictName]->__toString(), ':'));
return $this->verifySignature($signatureBase, $decodedSig, $params['alg'] ?? $this->algorithm);
return $this->verifySignature($signatureBase, $decodedSig, $parameters['alg'] ?? $this->algorithm);
}
return false;
}
@@ -379,12 +364,17 @@ class HttpMessageSigner
private function getFieldValue($fieldName, MessageInterface $interface, $headers, $parameters ): array
{
// The $interface has no single method to extract this, so build it from
// the avilable components.
$targetUri = $interface->getUri()->getScheme() . '://' . $interface->getUri()->getAuthority()
. $interface->getUri()->getPath() . $interface->getUri()->getQuery();
$value = match ($fieldName) {
'@signature-params' => ['', ''],
'@method' => ['"@method"', strtoupper($interface->getMethod())],
'@authority' => ['"@authority"', $interface->getUri()->getAuthority()],
'@scheme' => ['"@scheme"', strtolower($interface->getUri()->getScheme())],
'@target-uri' => ['"target-uri"', $interface->getUri()->__toString()],
'@target-uri' => ['"@target-uri"', $targetUri],
'@request-target' => ['"@request-target"', $interface->getRequestTarget()],
'@path' => ['"@path"', $interface->getUri()->getPath()],
'@query' => ['"@query"', $interface->getUri()->getQuery()],
@@ -502,6 +492,7 @@ class HttpMessageSigner
{
return match ($this->algorithm) {
'rsa-v1_5-sha256' => $this->rsaSign($data),
'rsa-v1_5-sha512' => $this->rsa512Sign($data),
'rsa-sha256' => $this->rsaSign($data),
'rsa-pss-sha512' => $this->pssSign($data),
'ed25519' => $this->ed25519Sign($data),
@@ -515,6 +506,8 @@ class HttpMessageSigner
return match ($alg) {
'rsa-v1_5-sha256' => openssl_verify($data, $signature, $this->publicKey,
OPENSSL_ALGO_SHA256) === 1,
'rsa-v1_5-sha512' => openssl_verify($data, $signature, $this->publicKey,
OPENSSL_ALGO_SHA512) === 1,
'rsa-sha256' => openssl_verify($data, $signature, $this->publicKey,
OPENSSL_ALGO_SHA256) === 1,
'rsa-pss-sha512' => $this->pssVerify($data, $signature),
@@ -536,6 +529,13 @@ class HttpMessageSigner
}
return base64_encode($signature);
}
private function rsa512Sign(string $data): string
{
if (!openssl_sign($data, $signature, $this->privateKey, OPENSSL_ALGO_SHA512)) {
throw new UnProcessableSignatureException("RSA signing failed");
}
return base64_encode($signature);
}
private function pssSign(string $data): string
{
@@ -565,7 +565,7 @@ class HttpMessageSigner
private function pssVerify(string $data, $signature): bool
{
$rsa = new RSA();
if ($rsa->loadKey($this->publicKey) !== true) {
if (!$rsa->loadKey($this->publicKey)) {
throw new UnprocessableSignatureException("PSS loadkey failure");
};
$rsa->setHash('sha512');