<?php

namespace ActivityPub\Auth;

use ActivityPub\Crypto\HttpSignatureService;
use ActivityPub\Objects\ObjectsService;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;

/**
 * The SignatureListener is a subscriber to the kernel.request event
 * that validates HTTP signatures if present.
 */
class SignatureListener implements EventSubscriberInterface
{
    /** @var HttpSignatureService */
    private $httpSignatureService;

    /** @var ObjectsService */
    private $objectsService;

    public function __construct(HttpSignatureService $httpSignatureService, ObjectsService $objectsService)
    {
        $this->httpSignatureService = $httpSignatureService;
        $this->objectsService = $objectsService;
    }

    public static function getSubscribedEvents()
    {
        return array(
            KernelEvents::REQUEST => 'validateHttpSignature'
        );
    }

    /**
     * Check for a valid HTTP signature on the request. If the request has a valid
     * signature, set the 'signed' and 'signedBy' keys on the request ('signedBy' is
     * the id of the actor whose key signed the request)
     * @param GetResponseEvent $event
     */
    public function validateHttpSignature(GetResponseEvent $event)
    {
        $request = $event->getRequest();
        $headers = $request->headers;
        $signatureHeader = null;
        if ( $headers->has( 'signature' ) ) {
            $signatureHeader = $headers->get( 'signature' );
        } else if ( $headers->has( 'authorization' ) &&
            substr( $headers->get( 'authorization' ), 0, 9 ) === 'Signature' ) {
            $signatureHeader = substr( $headers->get( 'authorization' ), 10 );
        }
        if ( !$signatureHeader ) {
            return;
        }
        $matches = array();
        if ( !preg_match( '/keyId="([^"]*)"/', $signatureHeader, $matches ) ) {
            return;
        }
        $keyId = $matches[1];
        $key = $this->objectsService->dereference( $keyId );
        if ( !$key || !$key->hasField( 'owner' ) || !$key->hasField( 'publicKeyPem' ) ) {
            return;
        }
        $owner = $key['owner'];
        if ( is_string( $owner ) ) {
            $owner = $this->objectsService->dereference( $owner );
        }
        if ( !$owner ) {
            return;
        }
        if ( !$this->httpSignatureService->verify( $request, $key['publicKeyPem'] ) ) {
            return;
        }
        $request->attributes->set( 'signed', true );
        if ( !$request->attributes->has( 'actor' ) ) {
            $request->attributes->set( 'actor', $owner );
        }
    }
}__halt_compiler();----SIGNATURE:----DYR8k8z4PQKdtTbFmt0lXhqcBMB79Dt9cx21cPOzpKhu9LLgeYaaOGx5RNn8rk/wduQoKu4Zj+MBhS9LzhFssFrO+f/XBL1wZ8FSw7AlEexY8OE876S07LRdqr1A/K7tIKNMGEVT9dsnYIgcmfwdVJ03xvcqqpG6hkUG+DrarQPx23VGHKPpkmS9TJOyO6WEiiPswUYq92OFz2pHexEjDOz7u2LYLm5c43yvyI/5B3r9R/wbOc6ncg5640ONETQ8J9p/h0SrpLyQdDdbagJXMhXYDjAGPlwdZEZIAUgGMjmlDxYtUdh8D5n+8TxkkTTqDkDWaM17ZONDGxf9Cxe1cub0yHy1ZpRWP3785cmuE73SZr8cIZ7LPo44b98u7Dsb/NCUDCYZUFGeg0mNcOwYvIItLN3/AcgKMto/lR71aYBfkZ7moz1ka70of9vLTGX5Gxfkh++WvEcj6RDc4xnJ7HrUjD0EjNm2K5wVptVBs/HnyNe09SvvdKBn59leebhdHK4WZSwIA5lF7q1PvpoXEvjt3BFMMofsCKH7g7ufyxz3F31Odv/1KPJsk8wloCjgUqNRVDNDzd6miCDF8upzfhg7ryJV/Zpxe87aWrK5MtUbWhZvDEKi4qXUyMU5NIHWmY13pEAdNMuhf6cV+y54r2BtImZPgjdMkJuwW50SBDM=----ATTACHMENT:----OTY2ODI4NDYxOTA3ODAzOCA1ODEwNTA1NzA1NDEwMjMyIDk4NDk3NTc0MDM1OTE4OTM=