include/salmon.php

   1 <?php
   2
   3 require_once('library/asn1.php');
   4
   5 function salmon_key($pubkey) {
   6         $lines = explode("\n",$pubkey);
   7         unset($lines[0]);
   8         unset($lines[count($lines)]);
   9         $x = base64_decode(implode('',$lines));
  10
  11         $r = ASN_BASE::parseASNString($x);
  12
  13         $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData;
  14         $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData;
  15
  16
  17         return 'RSA' . '.' . $m . '.' . $e ;
  18 }
  19
  20
  21 function base64url_encode($s) {
  22         return strtr(base64_encode($s),'+/','-_');
  23 }
  24
  25 function base64url_decode($s) {
  26         return base64_decode(strtr($s,'-_','+/'));
  27 }
  28
  29 function get_salmon_key($uri,$keyhash) {
  30         $ret = array();
  31
  32         logger('Fetching salmon key');
  33
  34         $arr = lrdd($uri);
  35
  36         if(is_array($arr)) {
  37                 foreach($arr as $a) {
  38                         if($a['@attributes']['rel'] === 'magic-public-key') {
  39                                 $ret[] = $a['@attributes']['href'];
  40                         }
  41                 }
  42         }
  43         else {
  44                 return '';
  45         }
  46
  47         // We have found at least one key URL
  48         // If it's inline, parse it - otherwise get the key
  49
  50         if(count($ret)) {
  51                 for($x = 0; $x < count($ret); $x ++) {
  52                         if(substr($ret[$x],0,5) === 'data:') {
  53                                 if(strstr($ret[$x],','))
  54                                         $ret[$x] = substr($ret[$x],strpos($ret[$x],',')+1);
  55                                 else
  56                                         $ret[$x] = substr($ret[$x],5);
  57                         }
  58                         else
  59                                 $ret[$x] = fetch_url($ret[$x]);
  60                 }
  61         }
  62
  63
  64         logger('Key located: ' . print_r($ret,true));
  65
  66         if(count($ret) == 1) {
  67
  68                 // We only found one one key so we don't care if the hash matches.
  69                 // If it's the wrong key we'll find out soon enough because
  70                 // message verification will fail. This also covers some older
  71                 // software which don't supply a keyhash. As long as they only
  72                 // have one key we'll be right.
  73
  74                 return $ret[0];
  75         }
  76         else {
  77                 foreach($ret as $a) {
  78                         $hash = base64url_encode(hash('sha256',$a));
  79                         if($hash == $keyhash)
  80                                 return $a;
  81                 }
  82         }
  83
  84         return '';
  85 }
  86
  87
  88
  89 function slapper($owner,$url,$slap) {
  90
  91         logger('slapper called. Data: ' . $slap);
  92
  93         // does contact have a salmon endpoint?
  94
  95         if(! strlen($url))
  96                 return;
  97
  98         // add all namespaces to item
  99
 100 $namespaces = <<< EOT
 101 <entry xmlns="http://www.w3.org/2005/Atom"
 102       xmlns:thr="http://purl.org/syndication/thread/1.0"
 103       xmlns:at="http://purl.org/atompub/tombstones/1.0"
 104       xmlns:media="http://purl.org/syndication/atommedia"
 105       xmlns:dfrn="http://purl.org/macgirvin/dfrn/1.0"
 106       xmlns:as="http://activitystrea.ms/spec/1.0/"
 107       xmlns:georss="http://www.georss.org/georss"
 108       xmlns:poco="http://portablecontacts.net/spec/1.0" >
 109 EOT;
 110
 111         $slap = str_replace('<entry>',$namespaces,$slap);
 112
 113         // create a magic envelope
 114
 115         $data      = base64url_encode($slap);
 116         $data_type = 'application/atom+xml';
 117         $encoding  = 'base64url';
 118         $algorithm = 'RSA-SHA256';
 119         $keyhash   = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])));
 120
 121         // Setup RSA stuff to PKCS#1 sign the data
 122
 123         set_include_path(get_include_path() . PATH_SEPARATOR . 'phpsec');
 124
 125         require_once('phpsec/Crypt/RSA.php');
 126
 127     $rsa = new CRYPT_RSA();
 128     $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
 129     $rsa->setHash('sha256');
 130         $rsa->loadKey($owner['sprvkey']);
 131
 132         // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
 133
 134         $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
 135
 136         $signature  = base64url_encode($rsa->sign($data . $precomputed));
 137
 138         $signature2  = base64url_encode($rsa->sign($data));
 139
 140         $salmon_tpl = load_view_file('view/magicsig.tpl');
 141         $salmon = replace_macros($salmon_tpl,array(
 142                 '$data'      => $data,
 143                 '$encoding'  => $encoding,
 144                 '$algorithm' => $algorithm,
 145                 '$keyhash'   => $keyhash,
 146                 '$signature' => $signature
 147         ));
 148
 149         // slap them
 150         post_url($url,$salmon, array(
 151                 'Content-type: application/magic-envelope+xml',
 152                 'Content-length: ' . strlen($salmon)
 153         ));
 154
 155         $a = get_app();
 156         $return_code = trim($a->get_curl_code());
 157
 158         // check for success, e.g. 2xx
 159
 160         if(substr($return_code,0,1) !== '2') {
 161
 162                 // Entirely likely that their salmon implementation is
 163                 // non-compliant. Let's try once more, this time only signing
 164                 // the data, without the precomputed blob
 165
 166                 $salmon = replace_macros($salmon_tpl,array(
 167                         '$data'      => $data,
 168                         '$encoding'  => $encoding,
 169                         '$algorithm' => $algorithm,
 170                         '$keyhash'   => $keyhash,
 171                         '$signature' => $signature2
 172                 ));
 173
 174                 // slap them
 175                 post_url($url,$salmon, array(
 176                         'Content-type: application/magic-envelope+xml',
 177                         'Content-length: ' . strlen($salmon)
 178                 ));
 179                 $return_code = trim($a->get_curl_code());
 180
 181         }
 182         logger('slapper returned ' . $return_code);
 183         return;
 184 }
 185