Server - HTTP signature - Enforce extraction pattern extension for hyphen

landrok · landrok · commit edad3328bfdd · 2020-11-06T16:40:18.000+01:00
diff --git a/src/ActivityPhp/Server/Http/HttpSignature.php b/src/ActivityPhp/Server/Http/HttpSignature.php
@@ -51,8 +51,6 @@ class HttpSignature
 
     /**
      * Inject a server instance
-     * 
-     * @param \ActivityPhp\Server $server
      */
     public function __construct(Server $server)
     {
@@ -65,7 +63,7 @@ public function __construct(Server $server)
      * @param  \Symfony\Component\HttpFoundation\Request $request
      * @return bool True if signature has been verified. Otherwise false 
      */
-    public function verify(Request $request)
+    public function verify(Request $request): bool
     {
         // Read the Signature header,
         $signature = $request->headers->get('signature');
diff --git a/tests/ActivityPhp/Server/HttpSignatureTest.php b/tests/ActivityPhp/Server/HttpSignatureTest.php
@@ -123,6 +123,21 @@ public function testSplittingSignature()
             'headers' =>  ' host date',
             'signature' => 'FbVtmZhMWrfbqQpXf1v86+ie/fL8Ng4O67PePKvxChnUtV7J8N6lndQcNfXcDuKDJ4Nda6gKUQabAF2JK2qeYPNZNJ1AdAa5Lak3hQd+rAbdMJdvQpzGhAaSWK6atqOTH9v2CWdjAQbzvY0nOfGiw3ymtDSvTL0pVlIvq116uMtci0WOHeIbuBSyzM23liJmBomlm4EeB3/V1BVWY2MwaQ1cHVzxR7epP6XYts3C1KbZrdMKxhlWJFLdbLy0YGu5HRkYZepAh2q2NriSikNg8YTJ67owgQv/LqhFKnObgZU6np54fBMSpg7eAdWSIbhhg1a/WHtzFicc9cgoWMRhEg==',
         ]);
+
+        // Split a signature with headers (headers contains hyphens), algorithm. 
+        // For informtion, the following signature is false, no problem here as
+        // we're only testing split HTTP signature component. Verification is 
+        // made after
+        $signature = 'keyId="http://localhost:8001/accounts/bob#main-key",algorithm="rsa-sha256",headers="(request-target) host content-type digest date",signature="FbVtmZhMWrfbqQpXf1v86+ie/fL8Ng4O67PePKvxChnUtV7J8N6lndQcNfXcDuKDJ4Nda6gKUQabAF2JK2qeYPNZNJ1AdAa5Lak3hQd+rAbdMJdvQpzGhAaSWK6atqOTH9v2CWdjAQbzvY0nOfGiw3ymtDSvTL0pVlIvq116uMtci0WOHeIbuBSyzM23liJmBomlm4EeB3/V1BVWY2MwaQ1cHVzxR7epP6XYts3C1KbZrdMKxhlWJFLdbLy0YGu5HRkYZepAh2q2NriSikNg8YTJ67owgQv/LqhFKnObgZU6np54fBMSpg7eAdWSIbhhg1a/WHtzFicc9cgoWMRhEg=="';
+    
+        $split = $verifier->splitSignature($signature);
+        
+        $this->assertEquals($split, [ 
+            'keyId' => 'http://localhost:8001/accounts/bob#main-key',
+            'algorithm' => 'rsa-sha256',
+            'headers' =>  ' host content-type digest date',
+            'signature' => 'FbVtmZhMWrfbqQpXf1v86+ie/fL8Ng4O67PePKvxChnUtV7J8N6lndQcNfXcDuKDJ4Nda6gKUQabAF2JK2qeYPNZNJ1AdAa5Lak3hQd+rAbdMJdvQpzGhAaSWK6atqOTH9v2CWdjAQbzvY0nOfGiw3ymtDSvTL0pVlIvq116uMtci0WOHeIbuBSyzM23liJmBomlm4EeB3/V1BVWY2MwaQ1cHVzxR7epP6XYts3C1KbZrdMKxhlWJFLdbLy0YGu5HRkYZepAh2q2NriSikNg8YTJ67owgQv/LqhFKnObgZU6np54fBMSpg7eAdWSIbhhg1a/WHtzFicc9cgoWMRhEg==',
+        ]);
     }
 
     /**
