|
22 | 22 | */ |
23 | 23 | class Http_Message_Signature implements Signature_Standard { |
24 | 24 |
|
| 25 | + /** |
| 26 | + * Digest algorithms. |
| 27 | + * |
| 28 | + * @var string[] |
| 29 | + */ |
| 30 | + private $digest_algorithms = array( |
| 31 | + 'sha-256' => 'sha256', |
| 32 | + 'sha-512' => 'sha512', |
| 33 | + ); |
| 34 | + |
25 | 35 | /** |
26 | 36 | * Generate RFC-9421 compliant Signature-Input and Signature headers for an outgoing HTTP request. |
27 | 37 | * |
@@ -105,7 +115,7 @@ public function verify( array $headers, $body = null ) { |
105 | 115 | * @return string The digest. |
106 | 116 | */ |
107 | 117 | public function generate_digest( $body ) { |
108 | | - return 'SHA-256=:' . \base64_encode( \hash( 'sha256', $body, true ) ) . ':'; |
| 118 | + return 'sha-256=:' . \base64_encode( \hash( 'sha256', $body, true ) ) . ':'; |
109 | 119 | } |
110 | 120 |
|
111 | 121 | /** |
@@ -216,16 +226,11 @@ private function verify_content_digest( $headers, $body ) { |
216 | 226 | if ( \preg_match( '/^([a-z0-9-]+)=:(.+):$/i', $digest, $matches ) ) { |
217 | 227 | list( , $alg, $encoded ) = $matches; |
218 | 228 |
|
219 | | - $map = array( |
220 | | - 'SHA-256' => 'sha256', |
221 | | - 'SHA-512' => 'sha512', |
222 | | - ); |
223 | | - |
224 | | - if ( ! isset( $map[ $alg ] ) ) { |
225 | | - return new \WP_Error( 'unsupported_digest', 'WordPress supports SHA-256 and SHA-512 in Digest header. Offered algorithm: ' . $alg ); |
| 229 | + if ( ! isset( $this->digest_algorithms[ $alg ] ) ) { |
| 230 | + return new \WP_Error( 'unsupported_digest', 'WordPress supports sha-256 and sha-512 in Digest header. Offered algorithm: ' . $alg ); |
226 | 231 | } |
227 | 232 |
|
228 | | - if ( \hash_equals( $encoded, \base64_encode( \hash( $map[ $alg ], $body, true ) ) ) ) { |
| 233 | + if ( \hash_equals( $encoded, \base64_encode( \hash( $this->digest_algorithms[ $alg ], $body, true ) ) ) ) { |
229 | 234 | return true; |
230 | 235 | } |
231 | 236 | } |
|
0 commit comments