- // an empty DFRN-ID tells us that it had been a request via AP from a Friendica contact
- if (!empty($contact['protocol'])) {
- $protocol = $contact['protocol'];
- } elseif (($contact['network'] === Protocol::DFRN) && empty($dfrn_id)) {
- $protocol = Contact::getProtocol($contact['url'], $contact['network']);
- } else {
- $protocol = $contact['network'];
- }
-
- if ($protocol === Protocol::DFRN) {
- /*
- * Generate a key pair for all further communications with this person.
- * We have a keypair for every contact, and a site key for unknown people.
- * This provides a means to carry on relationships with other people if
- * any single key is compromised. It is a robust key. We're much more
- * worried about key leakage than anybody cracking it.
- */
- $res = Crypto::newKeypair(4096);
-
- $private_key = $res['prvkey'];
- $public_key = $res['pubkey'];
-
- // Save the private key. Send them the public key.
- $fields = ['prvkey' => $private_key, 'protocol' => Protocol::DFRN];
- DBA::update('contact', $fields, ['id' => $contact_id]);
-
- $params = [];
-
- /*
- * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
- * site private key (person on the other end can decrypt it with our site public key).
- * Then encrypt our profile URL with the other person's site public key. They can decrypt
- * it with their site private key. If the decryption on the other end fails for either
- * item, it indicates tampering or key failure on at least one site and we will not be
- * able to provide a secure communication pathway.
- *
- * If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
- * or later) then we encrypt the personal public key we send them using AES-256-CBC and a
- * random key which is encrypted with their site public key.
- */
-
- $src_aes_key = openssl_random_pseudo_bytes(64);
-
- $result = '';
- openssl_private_encrypt($dfrn_id, $result, $user['prvkey']);
-
- $params['dfrn_id'] = bin2hex($result);
- $params['public_key'] = $public_key;
-
- $my_url = System::baseUrl() . '/profile/' . $user['nickname'];
-
- openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
- $params['source_url'] = bin2hex($params['source_url']);
-
- if ($aes_allow && function_exists('openssl_encrypt')) {
- openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
- $params['aes_key'] = bin2hex($params['aes_key']);
- $params['public_key'] = bin2hex(openssl_encrypt($public_key, 'AES-256-CBC', $src_aes_key));
- }
-
- $params['dfrn_version'] = DFRN_PROTOCOL_VERSION;
- if ($duplex == 1) {
- $params['duplex'] = 1;
- }
-
- if ($user['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
- $params['page'] = 1;
- }
-
- if ($user['page-flags'] == User::PAGE_FLAGS_PRVGROUP) {
- $params['page'] = 2;
- }
-
- Logger::log('Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params, true), Logger::DATA);