// add relevant contacts so they can use this
// There is a lot of debug stuff in here because this is quite a
// add relevant contacts so they can use this
// There is a lot of debug stuff in here because this is quite a
-
- $debugging = get_config('system','debugging');
- if($debugging)
- file_put_contents('salmon.out','New Salmon: ' . $xml . "\n",FILE_APPEND);
+
+ logger('mod-salmon: new salmon ' . $xml);
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
$dom = simplexml_load_string($xml,'SimpleXMLElement',0,NAMESPACE_SALMON_ME);
$dom = simplexml_load_string($xml,'SimpleXMLElement',0,NAMESPACE_SALMON_ME);
}
// Stash the signature away for now. We have to find their key or it won't be good for anything.
$signature = base64url_decode($base->sig);
}
// Stash the signature away for now. We have to find their key or it won't be good for anything.
$signature = base64url_decode($base->sig);
$data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data);
$data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data);
- $signed_data = $data;
- // . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
- // decode it
- $data = base64url_decode($data);
+ // If we're talking to status.net or one of their ilk, they aren't following the magic envelope spec
+ // and only signed the data element. We'll be nice and let them validate anyway.
- if($debugging)
- file_put_contents('salmon.out', "\n" . 'Signed data:>>>' . $signed_data . "<<<\n" , FILE_APPEND);
+ $stnet_signed_data = $data;
+ $signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
+
+ // decode the data
+ $data = base64url_decode($data);
// Remove the xml declaration
$data = preg_replace('/\<\?xml[^\?].*\?\>/','',$data);
// Remove the xml declaration
$data = preg_replace('/\<\?xml[^\?].*\?\>/','',$data);
- // Once we have the author URI, go to the web and find their public key
+ // Once we have the author URI, go to the web and try to find their public key
+
+ logger('mod-salmon: Fetching key for ' . $author_link );
$rsa->exponent = new Math_BigInteger($e, 256);
// We should have everything we need now. Let's see if it verifies.
$rsa->exponent = new Math_BigInteger($e, 256);
// We should have everything we need now. Let's see if it verifies.
- if($debugging)
- file_put_contents('salmon.out',"\n" . 'Message did not verify. Discarding.' . "\n", FILE_APPEND);
- salmon_return(500);
+ logger('mod-salmon: message did not verify using protocol. Trying statusnet hack.');
+ $verify = $rsa->verify($stnet_signed_data,$signature);
+ }
+
+ if(! $verify) {
+ logger('mod-salmon: Message did not verify. Discarding.');
+ salmon_return(400);
- $r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND `lrdd` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND ( `url` = '%s' OR `lrdd` = '%s')
+ AND `uid` = %d LIMIT 1",
+ dbesc($author_link),
- consume_feed($feedxml,$importer,$r[0],$hub);
+ // consume_feed will only accept a follow activity from this person if there is no contact record.
+
+ consume_feed($feedxml,$importer,((count($r)) ? $r[0] : null),$hub);