Signature: Add option to use RFC-9421 signatures #1858
Merged
+318
−79
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Refactored the signature verification logic in Signature::verify_http_signature to delegate to new standard-specific classes. Added Draft_Cavage_Signature and Http_Message_Signature classes implementing a new Signature_Standard interface, supporting both the legacy draft-cavage and new HTTP Message Signature (RFC 9421) standards. Deprecated and stubbed out legacy parsing and verification helpers in class-signature.php. This improves maintainability and prepares for broader signature standard support.
Refactored the signature verification logic to support multiple signature labels by parsing and verifying each label individually. Extracted parsing and verification steps into dedicated private methods for better modularity and maintainability. Improved error handling and signature base string construction.
Replaces unqualified WP_Error references with fully qualified \WP_Error in the Signature class.
Renamed class-draft-cavenage-signature.php to class-draft-cavage-signature.php to correct a typo. Updated date header handling for better clarity and reliability, and fixed regex modifiers for 'created' and 'expires' fields.
Moved digest verification logic into a new private method verify_content_digest, which now supports the Content-Digest header with multiple algorithms.
This update adds handling for the '@scheme' and '@request-target' pseudo-headers in the HTTP message signature base construction. It also improves query string handling and ensures correct formatting of signature parameters, quoting non-numeric values as needed.
Adds support for the @query-param component in signature base string construction and ensures all components are quoted in the @signature-params field. Also updates parameter quoting to properly escape backslashes and double quotes per RFC 9421.
Introduced a call to reset the $_SERVER superglobal in tear_down to ensure test isolation. Also set specific $_SERVER values in the signature header test to better simulate HTTP request context.
Refines parsing of signature components to support query parameters per RFC-9421, updates signature base construction, and enhances test coverage for GET requests with query parameters. Also updates test URIs to use dynamic REST prefixes and namespaces for better compatibility.
…rdpress-activitypub into add/basic-rfc-9421
Co-authored-by: Copilot <[email protected]>
…rdpress-activitypub into add/basic-rfc-9421
github-actions
bot
added
[Feature] Signature
[Feature] WP Admin
[Status] In Progress
labels
|
|
Updated both Draft_Cavage_Signature and Http_Message_Signature classes to consistently use fully qualified PHP function names (e.g., \is_wp_error, \explode, \array_map). Changed several protected methods to private for encapsulation. Moved RSA-PSS algorithm version check into the verify_algorithm method for better separation of concerns and renamed resolve_algorithm to verify_algorithm for clarity.
It was missing wrapping colons.
11 tasks
There was a problem hiding this comment.
Pull Request Overview
This PR adds optional support for RFC‑9421 compliant signatures for outgoing ActivityPub requests and provides a fallback using the Draft‑Cavage signature method. Key changes include updating the test suite to use the new signature routines, adding a new admin setting for toggling signature format, and introducing updated implementations for the signature interfaces and classes.
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/includes/class-test-signature.php | Updated tests to expect deprecation warnings and use the new signature class |
| includes/wp-admin/class-settings.php | Added registration for the new RFC‑9421 signature option |
| includes/wp-admin/class-advanced-settings-fields.php | Added a new settings field to toggle the modern signature format |
| includes/signature/interface-signature-standard.php | Extended the interface to include RFC‑9421 signature and digest generation |
| includes/signature/class-http-message-signature.php | Introduced RFC‑9421 compliant signing with updated signature base string |
| includes/signature/class-draft-cavage-signature.php | Updated draft signature implementation with its own digest generation |
| includes/class-signature.php | Refactored request signing to choose between the two signature methods |
| includes/class-http.php | Reworked HTTP request creation to integrate the new signing approach |
Comments suppressed due to low confidence (2)
includes/signature/class-http-message-signature.php:319
- Consider updating the docblock for get_signature_base_string to clarify how the $headers argument is merged with $params when $components is a list, ensuring the behavior aligns with the intended RFC‑9421 specifications.
private function get_signature_base_string( $components, $params, $headers = array() ) {
includes/signature/class-draft-cavage-signature.php:129
- Verify that the digest format returned here (using 'sha256=' without surrounding colons) is the intended format for draft signatures and remains consistent with how the rest of the system expects the digest to be formatted.
return 'sha256=' . \base64_encode( \hash( 'sha256', $body, true ) );
pfefferle
reviewed
Jun 26, 2025
pfefferle
reviewed
Jun 26, 2025
pfefferle
reviewed
Jun 26, 2025
pfefferle
reviewed
Jun 26, 2025
pfefferle
reviewed
Jun 26, 2025
pfefferle
reviewed
Jun 26, 2025
Co-authored-by: Matthias Pfefferle <[email protected]>
In sign_request, return immediately if 'key_id' or 'private_key' are not set in the arguments. This prevents potential errors when required signing information is absent. Props @pfefferle.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow-up to #1849.
Proposed changes:
Other information:
Testing instructions:
Changelog entry
Changelog Entry Details
Significance
Type
Message
Optional support for RFC-9421 style signatures for outgoing activities, including retry with Draft-Cavage-style signature.