nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-27 02:54:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

verify required headers are signed

Browse Source
This commit is contained in:
Rob Ostensen 2012-03-11 00:11:44 -06:00 committed by Andrew McMillan
parent db57e81b8d
commit ff006ce319
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
inc/iSchedule.php
View File

@ -34,10 +34,10 @@ class iSchedule
private $failOnError = true;
private $subdomainsOK = true;
private $remote_public_key ;
private $required_headers = Array ( 'Host', // draft 01 section 7.1 required headers
'Originator',
'Recipient',
'Content-Type' );
private $required_headers = Array ( 'host', // draft 01 section 7.1 required headers
'originator',
'recipient',
'content-type' );
private $disallowed_headers = Array ( 'connection', // draft 01 section 7.1 disallowed headers
'keep-alive',
'dkim-signature',
@ -538,10 +538,17 @@ class iSchedule
if ( ! isset ( $dkim['h'] ) )
return 'missing list of signed headers';
$this->signed_headers = preg_split ( '/:/', $dkim['h'] );
$sh = Array ();
foreach ( $this->signed_headers as $h )
{
$sh[] = strtolower ( $h );
if ( in_array ( strtolower ( $h ), $this->disallowed_headers ) )
return "$h is NOT allowed in signed header fields per RFC4871 or iSchedule";
}
foreach ( $this->required_headers as $h )
if ( ! in_array ( strtolower ( $h ), $sh ) )
return "$h is REQUIRED but missing in signed header fields per iSchedule";
// body hash REQUIRED
if ( ! isset ( $dkim['bh'] ) )
return 'missing body signature';