diff options
Diffstat (limited to 'plugins/OStatus')
| -rw-r--r-- | plugins/OStatus/classes/HubSub.php | 2 | ||||
| -rw-r--r-- | plugins/OStatus/classes/Magicsig.php | 20 | ||||
| -rw-r--r-- | plugins/OStatus/classes/Ostatus_profile.php | 6 | ||||
| -rw-r--r-- | plugins/OStatus/lib/magicenvelope.php | 22 | ||||
| -rw-r--r-- | plugins/OStatus/lib/salmon.php | 16 | ||||
| -rw-r--r-- | plugins/OStatus/lib/salmonaction.php | 27 |
6 files changed, 64 insertions, 29 deletions
diff --git a/plugins/OStatus/classes/HubSub.php b/plugins/OStatus/classes/HubSub.php index 1ac181fee..e599d83a9 100644 --- a/plugins/OStatus/classes/HubSub.php +++ b/plugins/OStatus/classes/HubSub.php @@ -99,7 +99,7 @@ class HubSub extends Memcached_DataObject return array_keys($this->keyTypes()); } - function sequenceKeys() + function sequenceKey() { return array(false, false, false); } diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php index 751527c81..96900d876 100644 --- a/plugins/OStatus/classes/Magicsig.php +++ b/plugins/OStatus/classes/Magicsig.php @@ -50,7 +50,11 @@ class Magicsig extends Memcached_DataObject public /*static*/ function staticGet($k, $v=null) { $obj = parent::staticGet(__CLASS__, $k, $v); - return Magicsig::fromString($obj->keypair); + if (!empty($obj)) { + return Magicsig::fromString($obj->keypair); + } + + return $obj; } @@ -84,6 +88,10 @@ class Magicsig extends Memcached_DataObject return array('user_id' => 'K'); } + function sequenceKey() { + return array(false, false, false); + } + function insert() { $this->keypair = $this->toString(); @@ -173,14 +181,15 @@ class Magicsig extends Memcached_DataObject switch ($this->alg) { case 'RSA-SHA256': - return 'sha256'; + return 'magicsig_sha256'; } } public function sign($bytes) { - $sig = $this->_rsa->createSign($bytes, null, 'sha256'); + $hash = $this->getHash(); + $sig = $this->_rsa->createSign($bytes, null, $hash); if ($this->_rsa->isError()) { $error = $this->_rsa->getLastError(); common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage()); @@ -192,7 +201,8 @@ class Magicsig extends Memcached_DataObject public function verify($signed_bytes, $signature) { - $result = $this->_rsa->validateSign($signed_bytes, $signature, null, 'sha256'); + $hash = $this->getHash(); + $result = $this->_rsa->validateSign($signed_bytes, $signature, null, $hash); if ($this->_rsa->isError()) { $error = $this->keypair->getLastError(); common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage()); @@ -205,7 +215,7 @@ class Magicsig extends Memcached_DataObject // Define a sha256 function for hashing // (Crypt_RSA should really be updated to use hash() ) -function sha256($bytes) +function magicsig_sha256($bytes) { return hash('sha256', $bytes); } diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index 35539bff7..7b1aec76b 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -1288,9 +1288,9 @@ class Ostatus_profile extends Memcached_DataObject $disco = new Discovery(); - $result = $disco->lookup($addr); - - if (!$result) { + try { + $result = $disco->lookup($addr); + } catch (Exception $e) { self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), null); return null; } diff --git a/plugins/OStatus/lib/magicenvelope.php b/plugins/OStatus/lib/magicenvelope.php index f33119b8f..230d81ba1 100644 --- a/plugins/OStatus/lib/magicenvelope.php +++ b/plugins/OStatus/lib/magicenvelope.php @@ -83,6 +83,28 @@ class MagicEnvelope } + public function toXML($env) { + $dom = new DOMDocument(); + + $envelope = $dom->createElementNS(MagicEnvelope::NS, 'me:env'); + $envelope->setAttribute('xmlns:me', MagicEnvelope::NS); + $data = $dom->createElementNS(MagicEnvelope::NS, 'me:data', $env['data']); + $data->setAttribute('type', $env['data_type']); + $envelope->appendChild($data); + $enc = $dom->createElementNS(MagicEnvelope::NS, 'me:encoding', $env['encoding']); + $envelope->appendChild($enc); + $alg = $dom->createElementNS(MagicEnvelope::NS, 'me:alg', $env['alg']); + $envelope->appendChild($alg); + $sig = $dom->createElementNS(MagicEnvelope::NS, 'me:sig', $env['sig']); + $envelope->appendChild($sig); + + $dom->appendChild($envelope); + + + return $dom->saveXML(); + } + + public function unfold($env) { $dom = new DOMDocument(); diff --git a/plugins/OStatus/lib/salmon.php b/plugins/OStatus/lib/salmon.php index 6e2459544..3d3341bc6 100644 --- a/plugins/OStatus/lib/salmon.php +++ b/plugins/OStatus/lib/salmon.php @@ -48,11 +48,14 @@ class Salmon return false; } - if (!common_config('ostatus', 'skip_signatures')) { + try { $xml = $this->createMagicEnv($xml, $actor); + } catch (Exception $e) { + common_log(LOG_ERR, "Salmon unable to sign: " . $e->getMessage()); + return false; } - $headers = array('Content-Type: application/atom+xml'); + $headers = array('Content-Type: application/magic-envelope+xml'); try { $client = new HTTPClient(); @@ -72,7 +75,6 @@ class Salmon public function createMagicEnv($text, $actor) { - common_log(LOG_DEBUG, "Got actor as : ". print_r($actor, true)); $magic_env = new MagicEnvelope(); $user = User::staticGet('id', $actor->id); @@ -84,7 +86,6 @@ class Salmon $magickey = new Magicsig(); $magickey->generate($user->id); } - common_log(LOG_DEBUG, "Salmon: Loaded key for ". $user->id); } else { throw new Exception("Salmon invalid actor for signing"); } @@ -92,18 +93,17 @@ class Salmon try { $env = $magic_env->signMessage($text, 'application/atom+xml', $magickey->toString()); } catch (Exception $e) { - common_log(LOG_ERR, "Salmon signing failed: ". $e->getMessage()); return $text; } - return $magic_env->unfold($env); + return $magic_env->toXML($env); } - public function verifyMagicEnv($dom) + public function verifyMagicEnv($text) { $magic_env = new MagicEnvelope(); - $env = $magic_env->fromDom($dom); + $env = $magic_env->parse($text); return $magic_env->verify($env); } diff --git a/plugins/OStatus/lib/salmonaction.php b/plugins/OStatus/lib/salmonaction.php index a03169101..fa9dc3b1d 100644 --- a/plugins/OStatus/lib/salmonaction.php +++ b/plugins/OStatus/lib/salmonaction.php @@ -41,29 +41,32 @@ class SalmonAction extends Action $this->clientError(_m('This method requires a POST.')); } - if (empty($_SERVER['CONTENT_TYPE']) || $_SERVER['CONTENT_TYPE'] != 'application/atom+xml') { - $this->clientError(_m('Salmon requires application/atom+xml')); + if (empty($_SERVER['CONTENT_TYPE']) || $_SERVER['CONTENT_TYPE'] != 'application/magic-envelope+xml') { + $this->clientError(_m('Salmon requires application/magic-envelope+xml')); } $xml = file_get_contents('php://input'); - $dom = DOMDocument::loadXML($xml); + // Check the signature + $salmon = new Salmon; + if (!$salmon->verifyMagicEnv($xml)) { + common_log(LOG_DEBUG, "Salmon signature verification failed."); + $this->clientError(_m('Salmon signature verification failed.')); + } else { + $magic_env = new MagicEnvelope(); + $env = $magic_env->parse($xml); + $xml = $magic_env->unfold($env); + } + + + $dom = DOMDocument::loadXML($xml); if ($dom->documentElement->namespaceURI != Activity::ATOM || $dom->documentElement->localName != 'entry') { common_log(LOG_DEBUG, "Got invalid Salmon post: $xml"); $this->clientError(_m('Salmon post must be an Atom entry.')); } - // Check the signature - $salmon = new Salmon; - if (!common_config('ostatus', 'skip_signatures')) { - if (!$salmon->verifyMagicEnv($dom)) { - common_log(LOG_DEBUG, "Salmon signature verification failed."); - $this->clientError(_m('Salmon signature verification failed.')); - } - } - $this->act = new Activity($dom->documentElement); return true; } |