From bebe7cca77ff9641cade21ffdbc296949f5b2ca3 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 6 Apr 2019 13:29:37 -0600 Subject: [PATCH] Remove deprecated http sig library --- .../ActivityPub/Concern/HTTPSignature.php | 94 ------- app/Util/HTTPSignatures/Algorithm.php | 34 --- .../HTTPSignatures/AlgorithmException.php | 7 - .../HTTPSignatures/AlgorithmInterface.php | 19 -- app/Util/HTTPSignatures/Context.php | 119 -------- app/Util/HTTPSignatures/Exception.php | 7 - .../HTTPSignatures/GuzzleHttpSignatures.php | 41 --- app/Util/HTTPSignatures/HeaderList.php | 48 ---- app/Util/HTTPSignatures/HmacAlgorithm.php | 36 --- app/Util/HTTPSignatures/Key.php | 260 ------------------ app/Util/HTTPSignatures/KeyException.php | 7 - app/Util/HTTPSignatures/KeyStore.php | 36 --- app/Util/HTTPSignatures/KeyStoreException.php | 7 - app/Util/HTTPSignatures/KeyStoreInterface.php | 15 - app/Util/HTTPSignatures/RsaAlgorithm.php | 64 ----- app/Util/HTTPSignatures/Signature.php | 38 --- .../HTTPSignatures/SignatureParameters.php | 49 ---- .../SignatureParametersParser.php | 111 -------- .../SignatureParseException.php | 7 - .../SignedHeaderNotPresentException.php | 7 - app/Util/HTTPSignatures/Signer.php | 104 ------- app/Util/HTTPSignatures/SigningString.php | 89 ------ app/Util/HTTPSignatures/Verification.php | 202 -------------- app/Util/HTTPSignatures/Verifier.php | 31 --- 24 files changed, 1432 deletions(-) delete mode 100644 app/Util/ActivityPub/Concern/HTTPSignature.php delete mode 100755 app/Util/HTTPSignatures/Algorithm.php delete mode 100755 app/Util/HTTPSignatures/AlgorithmException.php delete mode 100755 app/Util/HTTPSignatures/AlgorithmInterface.php delete mode 100755 app/Util/HTTPSignatures/Context.php delete mode 100755 app/Util/HTTPSignatures/Exception.php delete mode 100644 app/Util/HTTPSignatures/GuzzleHttpSignatures.php delete mode 100755 app/Util/HTTPSignatures/HeaderList.php delete mode 100755 app/Util/HTTPSignatures/HmacAlgorithm.php delete mode 100755 app/Util/HTTPSignatures/Key.php delete mode 100755 app/Util/HTTPSignatures/KeyException.php delete mode 100755 app/Util/HTTPSignatures/KeyStore.php delete mode 100755 app/Util/HTTPSignatures/KeyStoreException.php delete mode 100755 app/Util/HTTPSignatures/KeyStoreInterface.php delete mode 100755 app/Util/HTTPSignatures/RsaAlgorithm.php delete mode 100755 app/Util/HTTPSignatures/Signature.php delete mode 100755 app/Util/HTTPSignatures/SignatureParameters.php delete mode 100755 app/Util/HTTPSignatures/SignatureParametersParser.php delete mode 100755 app/Util/HTTPSignatures/SignatureParseException.php delete mode 100755 app/Util/HTTPSignatures/SignedHeaderNotPresentException.php delete mode 100755 app/Util/HTTPSignatures/Signer.php delete mode 100755 app/Util/HTTPSignatures/SigningString.php delete mode 100755 app/Util/HTTPSignatures/Verification.php delete mode 100755 app/Util/HTTPSignatures/Verifier.php diff --git a/app/Util/ActivityPub/Concern/HTTPSignature.php b/app/Util/ActivityPub/Concern/HTTPSignature.php deleted file mode 100644 index 9e041aa3c..000000000 --- a/app/Util/ActivityPub/Concern/HTTPSignature.php +++ /dev/null @@ -1,94 +0,0 @@ -is_url === false) { - return true; - } - - $url = $this->profile; - - try { - $url = filter_var($url, FILTER_VALIDATE_URL); - $parsed = parse_url($url, PHP_URL_HOST); - if (!$parsed || in_array($parsed, $this->localhosts)) { - return false; - } - } catch (Exception $e) { - return false; - } - - return true; - } - - public function fetchPublicKey($profile, bool $is_url = true) - { - $this->profile = $profile; - $this->is_url = $is_url; - $valid = $this->validateUrl(); - if (!$valid) { - throw new \Exception('Invalid URL provided'); - } - if ($is_url && isset($profile->public_key) && $profile->public_key) { - return $profile->public_key; - } - - try { - $url = $this->profile; - $res = Zttp::timeout(30)->withHeaders([ - 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', - 'User-Agent' => 'PixelFedBot v0.1 - https://pixelfed.org', - ])->get($url); - $actor = json_decode($res->getBody(), true); - } catch (Exception $e) { - throw new Exception('Unable to fetch public key'); - } - - return $actor['publicKey']['publicKeyPem']; - } - - public function sendSignedObject($senderProfile, $url, $body) - { - $profile = $senderProfile; - $context = new Context([ - 'keys' => [$profile->keyId() => $profile->private_key], - 'algorithm' => 'rsa-sha256', - 'headers' => ['(request-target)', 'Date'], - ]); - - $handlerStack = GuzzleHttpSignatures::defaultHandlerFromContext($context); - $client = new Client(['handler' => $handlerStack]); - - $headers = [ - 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', - 'Date' => date('D, d M Y h:i:s').' GMT', - 'Content-Type' => 'application/activity+json', - 'User-Agent' => 'PixelFedBot - https://pixelfed.org', - ]; - - $response = $client->post($url, [ - 'options' => [ - 'allow_redirects' => false, - 'verify' => true, - 'timeout' => 30, - ], - 'headers' => $headers, - 'body' => $body, - ]); - - return $response->getBody(); - } -} diff --git a/app/Util/HTTPSignatures/Algorithm.php b/app/Util/HTTPSignatures/Algorithm.php deleted file mode 100755 index 0ba7188bf..000000000 --- a/app/Util/HTTPSignatures/Algorithm.php +++ /dev/null @@ -1,34 +0,0 @@ - keySecret - $this->keys = $args['keys']; - } elseif (isset($args['keyStore'])) { - $this->setKeyStore($args['keyStore']); - } - - // algorithm for signing; not necessary for verifying. - if (isset($args['algorithm'])) { - $this->algorithm = Algorithm::create($args['algorithm']); - } - // headers list for signing; not necessary for verifying. - if (isset($args['headers'])) { - $this->headers = $args['headers']; - } - - // signingKeyId specifies the key used for signing messages. - if (isset($args['signingKeyId'])) { - $this->signingKeyId = $args['signingKeyId']; - } elseif (isset($args['keys']) && 1 === count($args['keys'])) { - list($this->signingKeyId) = array_keys($args['keys']); // first key - } - } - - /** - * @return Signer - * - * @throws Exception - */ - public function signer() - { - return new Signer( - $this->signingKey(), - $this->algorithm, - $this->headerList() - ); - } - - /** - * @return Verifier - */ - public function verifier() - { - return new Verifier($this->keyStore()); - } - - /** - * @return Key - * - * @throws Exception - * @throws KeyStoreException - */ - private function signingKey() - { - if (isset($this->signingKeyId)) { - return $this->keyStore()->fetch($this->signingKeyId); - } else { - throw new Exception('no implicit or specified signing key'); - } - } - - /** - * @return HeaderList - */ - private function headerList() - { - return new HeaderList($this->headers); - } - - /** - * @return KeyStore - */ - private function keyStore() - { - if (empty($this->keyStore)) { - $this->keyStore = new KeyStore($this->keys); - } - - return $this->keyStore; - } - - /** - * @param KeyStoreInterface $keyStore - */ - private function setKeyStore(KeyStoreInterface $keyStore) - { - $this->keyStore = $keyStore; - } -} diff --git a/app/Util/HTTPSignatures/Exception.php b/app/Util/HTTPSignatures/Exception.php deleted file mode 100755 index c41918dc5..000000000 --- a/app/Util/HTTPSignatures/Exception.php +++ /dev/null @@ -1,7 +0,0 @@ -push(self::middlewareFromContext($context)); - - return $stack; - } - - /** - * @param Context $context - * @return \Closure - */ - public static function middlewareFromContext(Context $context) - { - return function (callable $handler) use ($context) - { - return function ( - Request $request, - array $options - ) use ($handler, $context) - { - $request = $context->signer()->sign($request); - return $handler($request, $options); - }; - }; - } -} \ No newline at end of file diff --git a/app/Util/HTTPSignatures/HeaderList.php b/app/Util/HTTPSignatures/HeaderList.php deleted file mode 100755 index 7dad4c134..000000000 --- a/app/Util/HTTPSignatures/HeaderList.php +++ /dev/null @@ -1,48 +0,0 @@ -names = array_map( - [$this, 'normalize'], - $names - ); - } - - /** - * @param $string - * - * @return HeaderList - */ - public static function fromString($string) - { - return new static(explode(' ', $string)); - } - - /** - * @return string - */ - public function string() - { - return implode(' ', $this->names); - } - - /** - * @param $name - * - * @return string - */ - private function normalize($name) - { - return strtolower($name); - } -} diff --git a/app/Util/HTTPSignatures/HmacAlgorithm.php b/app/Util/HTTPSignatures/HmacAlgorithm.php deleted file mode 100755 index a83f7b77c..000000000 --- a/app/Util/HTTPSignatures/HmacAlgorithm.php +++ /dev/null @@ -1,36 +0,0 @@ -digestName = $digestName; - } - - /** - * @return string - */ - public function name() - { - return sprintf('hmac-%s', $this->digestName); - } - - /** - * @param string $key - * @param string $data - * - * @return string - */ - public function sign($secret, $data) - { - return hash_hmac($this->digestName, $data, $secret, true); - } -} diff --git a/app/Util/HTTPSignatures/Key.php b/app/Util/HTTPSignatures/Key.php deleted file mode 100755 index 6d576c735..000000000 --- a/app/Util/HTTPSignatures/Key.php +++ /dev/null @@ -1,260 +0,0 @@ -id = $id; - if (Key::hasX509Certificate($item) || Key::hasPublicKey($item)) { - $publicKey = Key::getPublicKey($item); - } else { - $publicKey = null; - } - if (Key::hasPrivateKey($item)) { - $privateKey = Key::getPrivateKey($item); - } else { - $privateKey = null; - } - if (($publicKey || $privateKey)) { - $this->type = 'asymmetric'; - if ($publicKey && $privateKey) { - $publicKeyPEM = openssl_pkey_get_details($publicKey)['key']; - $privateKeyPublicPEM = openssl_pkey_get_details($privateKey)['key']; - if ($privateKeyPublicPEM != $publicKeyPEM) { - throw new KeyException('Supplied Certificate and Key are not related'); - } - } - $this->privateKey = $privateKey; - $this->publicKey = $publicKey; - $this->secret = null; - } else { - $this->type = 'secret'; - $this->secret = $item; - $this->publicKey = null; - $this->privateKey = null; - } - } - - /** - * Retrieves private key resource from a input string or - * array of strings. - * - * @param string|array $object PEM-format Private Key or file path to same - * - * @return resource|false - */ - public static function getPrivateKey($object) - { - if (is_array($object)) { - foreach ($object as $candidateKey) { - $privateKey = Key::getPrivateKey($candidateKey); - if ($privateKey) { - return $privateKey; - } - } - } else { - // OpenSSL libraries don't have detection methods, so try..catch - try { - $privateKey = openssl_get_privatekey($object); - - return $privateKey; - } catch (\Exception $e) { - return null; - } - } - } - - /** - * Retrieves public key resource from a input string or - * array of strings. - * - * @param string|array $object PEM-format Public Key or file path to same - * - * @return resource|false - */ - public static function getPublicKey($object) - { - if (is_array($object)) { - // If we implement key rotation in future, this should add to a collection - foreach ($object as $candidateKey) { - $publicKey = Key::getPublicKey($candidateKey); - if ($publicKey) { - return $publicKey; - } - } - } else { - // OpenSSL libraries don't have detection methods, so try..catch - try { - $publicKey = openssl_get_publickey($object); - - return $publicKey; - } catch (\Exception $e) { - return null; - } - } - } - - /** - * Signing HTTP Messages 'keyId' field. - * - * @return string - * - * @throws KeyException - */ - public function getId() - { - return $this->id; - } - - /** - * Retrieve Verifying Key - Public Key for Asymmetric/PKI, or shared secret for HMAC. - * - * @return string Shared Secret or PEM-format Public Key - * - * @throws KeyException - */ - public function getVerifyingKey() - { - switch ($this->type) { - case 'asymmetric': - if ($this->publicKey) { - return openssl_pkey_get_details($this->publicKey)['key']; - } else { - return null; - } - break; - case 'secret': - return $this->secret; - default: - throw new KeyException("Unknown key type $this->type"); - } - } - - /** - * Retrieve Signing Key - Private Key for Asymmetric/PKI, or shared secret for HMAC. - * - * @return string Shared Secret or PEM-format Private Key - * - * @throws KeyException - */ - public function getSigningKey() - { - switch ($this->type) { - case 'asymmetric': - if ($this->privateKey) { - openssl_pkey_export($this->privateKey, $pem); - - return $pem; - } else { - return null; - } - break; - case 'secret': - return $this->secret; - default: - throw new KeyException("Unknown key type $this->type"); - } - } - - /** - * @return string 'secret' for HMAC or 'asymmetric' - */ - public function getType() - { - return $this->type; - } - - /** - * Test if $object is, points to or contains, X.509 PEM-format certificate. - * - * @param string|array $object PEM Format X.509 Certificate or file path to one - * - * @return bool - */ - public static function hasX509Certificate($object) - { - if (is_array($object)) { - foreach ($object as $candidateCertificate) { - $result = Key::hasX509Certificate($candidateCertificate); - if ($result) { - return $result; - } - } - } else { - // OpenSSL libraries don't have detection methods, so try..catch - try { - openssl_x509_export($object, $null); - - return true; - } catch (\Exception $e) { - return false; - } - } - } - - /** - * Test if $object is, points to or contains, PEM-format Public Key. - * - * @param string|array $object PEM-format Public Key or file path to one - * - * @return bool - */ - public static function hasPublicKey($object) - { - if (is_array($object)) { - foreach ($object as $candidatePublicKey) { - $result = Key::hasPublicKey($candidatePublicKey); - if ($result) { - return $result; - } - } - } else { - return false == !openssl_pkey_get_public($object); - } - } - - /** - * Test if $object is, points to or contains, PEM-format Private Key. - * - * @param string|array $object PEM-format Private Key or file path to one - * - * @return bool - */ - public static function hasPrivateKey($object) - { - if (is_array($object)) { - foreach ($object as $candidatePrivateKey) { - $result = Key::hasPrivateKey($candidatePrivateKey); - if ($result) { - return $result; - } - } - } else { - return false != openssl_pkey_get_private($object); - } - } -} diff --git a/app/Util/HTTPSignatures/KeyException.php b/app/Util/HTTPSignatures/KeyException.php deleted file mode 100755 index 0b56d1ddd..000000000 --- a/app/Util/HTTPSignatures/KeyException.php +++ /dev/null @@ -1,7 +0,0 @@ -keys = []; - foreach ($keys as $id => $key) { - $this->keys[$id] = new Key($id, $key); - } - } - - /** - * @param string $keyId - * - * @return Key - * - * @throws KeyStoreException - */ - public function fetch($keyId) - { - if (isset($this->keys[$keyId])) { - return $this->keys[$keyId]; - } else { - throw new KeyStoreException("Key '$keyId' not found"); - } - } -} diff --git a/app/Util/HTTPSignatures/KeyStoreException.php b/app/Util/HTTPSignatures/KeyStoreException.php deleted file mode 100755 index 9e982394b..000000000 --- a/app/Util/HTTPSignatures/KeyStoreException.php +++ /dev/null @@ -1,7 +0,0 @@ -digestName = $digestName; - } - - /** - * @return string - */ - public function name() - { - return sprintf('rsa-%s', $this->digestName); - } - - /** - * @param string $key - * @param string $data - * - * @return string - * - * @throws \HttpSignatures\AlgorithmException - */ - public function sign($signingKey, $data) - { - $algo = $this->getRsaHashAlgo($this->digestName); - if (!openssl_get_privatekey($signingKey)) { - throw new AlgorithmException("OpenSSL doesn't understand the supplied key (not valid or not found)"); - } - $signature = ''; - openssl_sign($data, $signature, $signingKey, $algo); - - return $signature; - } - - public function verify($message, $signature, $verifyingKey) - { - $algo = $this->getRsaHashAlgo($this->digestName); - - return openssl_verify($message, base64_decode($signature), $verifyingKey, $algo); - } - - private function getRsaHashAlgo($digestName) - { - switch ($digestName) { - case 'sha256': - return OPENSSL_ALGO_SHA256; - case 'sha1': - return OPENSSL_ALGO_SHA1; - default: - throw new HttpSignatures\AlgorithmException($digestName.' is not a supported hash format'); - } - } -} diff --git a/app/Util/HTTPSignatures/Signature.php b/app/Util/HTTPSignatures/Signature.php deleted file mode 100755 index 5397d1508..000000000 --- a/app/Util/HTTPSignatures/Signature.php +++ /dev/null @@ -1,38 +0,0 @@ -key = $key; - $this->algorithm = $algorithm; - $this->signingString = new SigningString($headerList, $message); - } - - public function string() - { - return $this->algorithm->sign( - $this->key->getSigningKey(), - $this->signingString->string() - ); - } -} diff --git a/app/Util/HTTPSignatures/SignatureParameters.php b/app/Util/HTTPSignatures/SignatureParameters.php deleted file mode 100755 index 41387c723..000000000 --- a/app/Util/HTTPSignatures/SignatureParameters.php +++ /dev/null @@ -1,49 +0,0 @@ -key = $key; - $this->algorithm = $algorithm; - $this->headerList = $headerList; - $this->signature = $signature; - } - - /** - * @return string - */ - public function string() - { - return implode(',', $this->parameterComponents()); - } - - /** - * @return array - */ - private function parameterComponents() - { - return [ - sprintf('keyId="%s"', $this->key->getId()), - sprintf('algorithm="%s"', $this->algorithm->name()), - sprintf('headers="%s"', $this->headerList->string()), - sprintf('signature="%s"', $this->signatureBase64()), - ]; - } - - /** - * @return string - */ - private function signatureBase64() - { - return base64_encode($this->signature->string()); - } -} diff --git a/app/Util/HTTPSignatures/SignatureParametersParser.php b/app/Util/HTTPSignatures/SignatureParametersParser.php deleted file mode 100755 index b7ea25cb4..000000000 --- a/app/Util/HTTPSignatures/SignatureParametersParser.php +++ /dev/null @@ -1,111 +0,0 @@ -input = $input; - } - - /** - * @return array - */ - public function parse() - { - $result = $this->pairsToAssociative( - $this->arrayOfPairs() - ); - $this->validate($result); - - return $result; - } - - /** - * @param array $pairs - * - * @return array - */ - private function pairsToAssociative($pairs) - { - $result = []; - foreach ($pairs as $pair) { - $result[$pair[0]] = $pair[1]; - } - - return $result; - } - - /** - * @return array - */ - private function arrayOfPairs() - { - return array_map( - [$this, 'pair'], - $this->segments() - ); - } - - /** - * @return array - */ - private function segments() - { - return explode(',', $this->input); - } - - /** - * @param $segment - * - * @return array - * - * @throws SignatureParseException - */ - private function pair($segment) - { - $segmentPattern = '/\A(keyId|algorithm|headers|signature)="(.*)"\z/'; - $matches = []; - $result = preg_match($segmentPattern, $segment, $matches); - if (1 !== $result) { - throw new SignatureParseException("Signature parameters segment '$segment' invalid"); - } - array_shift($matches); - - return $matches; - } - - /** - * @param $result - * - * @throws SignatureParseException - */ - private function validate($result) - { - $this->validateAllKeysArePresent($result); - } - - /** - * @param $result - * - * @throws SignatureParseException - */ - private function validateAllKeysArePresent($result) - { - // Regexp in pair() ensures no unwanted keys exist. - // Ensure that all wanted keys exist. - $wanted = ['keyId', 'algorithm', 'headers', 'signature']; - $missing = array_diff($wanted, array_keys($result)); - if (!empty($missing)) { - $csv = implode(', ', $missing); - throw new SignatureParseException("Missing keys $csv"); - } - } -} diff --git a/app/Util/HTTPSignatures/SignatureParseException.php b/app/Util/HTTPSignatures/SignatureParseException.php deleted file mode 100755 index c32dab502..000000000 --- a/app/Util/HTTPSignatures/SignatureParseException.php +++ /dev/null @@ -1,7 +0,0 @@ -key = $key; - $this->algorithm = $algorithm; - $this->headerList = $headerList; - } - - /** - * @param RequestInterface $message - * - * @return RequestInterface - */ - public function sign($message) - { - $signatureParameters = $this->signatureParameters($message); - $message = $message->withAddedHeader('Signature', $signatureParameters->string()); - $message = $message->withAddedHeader('Authorization', 'Signature '.$signatureParameters->string()); - - return $message; - } - - /** - * @param RequestInterface $message - * - * @return RequestInterface - */ - public function signWithDigest($message) - { - $message = $this->addDigest($message); - - return $this->sign($message); - } - - /** - * @param RequestInterface $message - * - * @return RequestInterface - */ - private function addDigest($message) - { - if (!array_search('digest', $this->headerList->names)) { - $this->headerList->names[] = 'digest'; - } - $message = $message->withoutHeader('Digest') - ->withHeader( - 'Digest', - 'SHA-256='.base64_encode(hash('sha256', $message->getBody(), true)) - ); - - return $message; - } - - /** - * @param RequestInterface $message - * - * @return SignatureParameters - */ - private function signatureParameters($message) - { - return new SignatureParameters( - $this->key, - $this->algorithm, - $this->headerList, - $this->signature($message) - ); - } - - /** - * @param RequestInterface $message - * - * @return Signature - */ - private function signature($message) - { - return new Signature( - $message, - $this->key, - $this->algorithm, - $this->headerList - ); - } -} diff --git a/app/Util/HTTPSignatures/SigningString.php b/app/Util/HTTPSignatures/SigningString.php deleted file mode 100755 index 9a453852a..000000000 --- a/app/Util/HTTPSignatures/SigningString.php +++ /dev/null @@ -1,89 +0,0 @@ -headerList = $headerList; - $this->message = $message; - } - - /** - * @return string - */ - public function string() - { - return implode("\n", $this->lines()); - } - - /** - * @return array - */ - private function lines() - { - return array_map( - [$this, 'line'], - $this->headerList->names - ); - } - - /** - * @param string $name - * - * @return string - * - * @throws SignedHeaderNotPresentException - */ - private function line($name) - { - if ('(request-target)' == $name) { - return $this->requestTargetLine(); - } else { - return sprintf('%s: %s', $name, $this->headerValue($name)); - } - } - - /** - * @param string $name - * - * @return string - * - * @throws SignedHeaderNotPresentException - */ - private function headerValue($name) - { - if ($this->message->hasHeader($name)) { - $header = $this->message->getHeader($name); - - return end($header); - } else { - throw new SignedHeaderNotPresentException("Header '$name' not in message"); - } - } - - /** - * @return string - */ - private function requestTargetLine() - { - return sprintf( - '(request-target): %s %s', - strtolower($this->message->getMethod()), - $this->message->getRequestTarget() - ); - } -} diff --git a/app/Util/HTTPSignatures/Verification.php b/app/Util/HTTPSignatures/Verification.php deleted file mode 100755 index 85ece7cf8..000000000 --- a/app/Util/HTTPSignatures/Verification.php +++ /dev/null @@ -1,202 +0,0 @@ -message = $message; - $this->keyStore = $keyStore; - } - - /** - * @return bool - */ - public function isValid() - { - return $this->hasSignatureHeader() && $this->signatureMatches(); - } - - /** - * @return bool - */ - private function signatureMatches() - { - try { - $key = $this->key(); - switch ($key->getType()) { - case 'secret': - $random = random_bytes(32); - $expectedResult = hash_hmac( - 'sha256', $this->expectedSignatureBase64(), - $random, - true - ); - $providedResult = hash_hmac( - 'sha256', $this->providedSignatureBase64(), - $random, - true - ); - - return $expectedResult === $providedResult; - case 'asymmetric': - $signedString = new SigningString( - $this->headerList(), - $this->message - ); - $hashAlgo = explode('-', $this->parameter('algorithm'))[1]; - $algorithm = new RsaAlgorithm($hashAlgo); - $result = $algorithm->verify( - $signedString->string(), - $this->parameter('signature'), - $key->getVerifyingKey()); - - return $result; - default: - throw new Exception("Unknown key type '".$key->getType()."', cannot verify"); - } - } catch (SignatureParseException $e) { - return false; - } catch (KeyStoreException $e) { - return false; - } catch (SignedHeaderNotPresentException $e) { - return false; - } - } - - /** - * @return string - */ - private function expectedSignatureBase64() - { - return base64_encode($this->expectedSignature()->string()); - } - - /** - * @return Signature - */ - private function expectedSignature() - { - return new Signature( - $this->message, - $this->key(), - $this->algorithm(), - $this->headerList() - ); - } - - /** - * @return string - */ - private function providedSignatureBase64() - { - return $this->parameter('signature'); - } - - /** - * @return Key - */ - private function key() - { - return $this->keyStore->fetch($this->parameter('keyId')); - } - - /** - * @return HmacAlgorithm - */ - private function algorithm() - { - return Algorithm::create($this->parameter('algorithm')); - } - - /** - * @return HeaderList - */ - private function headerList() - { - return HeaderList::fromString($this->parameter('headers')); - } - - /** - * @param string $name - * - * @return string - * - * @throws Exception - */ - private function parameter($name) - { - $parameters = $this->parameters(); - if (!isset($parameters[$name])) { - throw new Exception("Signature parameters does not contain '$name'"); - } - - return $parameters[$name]; - } - - /** - * @return array - */ - private function parameters() - { - if (!isset($this->_parameters)) { - $parser = new SignatureParametersParser($this->signatureHeader()); - $this->_parameters = $parser->parse(); - } - - return $this->_parameters; - } - - /** - * @return bool - */ - private function hasSignatureHeader() - { - return $this->message->hasHeader('Signature') || $this->message->hasHeader('Authorization'); - } - - /** - * @return string - * - * @throws Exception - */ - private function signatureHeader() - { - if ($signature = $this->fetchHeader('Signature')) { - return $signature; - } elseif ($authorization = $this->fetchHeader('Authorization')) { - return substr($authorization, strlen('Signature ')); - } else { - throw new Exception('HTTP message has no Signature or Authorization header'); - } - } - - /** - * @param $name - * - * @return string|null - */ - private function fetchHeader($name) - { - // grab the most recently set header. - $header = $this->message->getHeader($name); - - return end($header); - } -} diff --git a/app/Util/HTTPSignatures/Verifier.php b/app/Util/HTTPSignatures/Verifier.php deleted file mode 100755 index ccf260eea..000000000 --- a/app/Util/HTTPSignatures/Verifier.php +++ /dev/null @@ -1,31 +0,0 @@ -keyStore = $keyStore; - } - - /** - * @param RequestInterface $message - * - * @return bool - */ - public function isValid($message) - { - $verification = new Verification($message, $this->keyStore); - - return $verification->isValid(); - } -}