- /**
- * encrypts data via AES
- *
- * @param string $data The data that is to be encrypted
- * @param string $key The AES key
- *
- * @return string encrypted data
- */
- private static function aesEncrypt($data, $key)
- {
- return openssl_encrypt($data, 'aes-128-ecb', $key, OPENSSL_RAW_DATA);
- }
-
- /**
- * decrypts data via AES
- *
- * @param string $encrypted The encrypted data
- * @param string $key The AES key
- *
- * @return string decrypted data
- */
- public static function aesDecrypt($encrypted, $key)
- {
- return openssl_decrypt($encrypted, 'aes-128-ecb', $key, OPENSSL_RAW_DATA);
- }
-
- /**
- * Delivers the atom content to the contacts
- *
- * @param array $owner Owner record
- * @param array $contact Contact record of the receiver
- * @param string $atom Content that will be transmitted
- * @param bool $dissolve (to be documented)
- *
- * @return int Deliver status. Negative values mean an error.
- * @throws \Friendica\Network\HTTPException\InternalServerErrorException
- * @throws \ImagickException
- * @todo Add array type-hint for $owner, $contact
- */
- public static function deliver($owner, $contact, $atom, $dissolve = false)
- {
- $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
-
- if ($contact['duplex'] && $contact['dfrn-id']) {
- $idtosend = '0:' . $orig_id;
- }
- if ($contact['duplex'] && $contact['issued-id']) {
- $idtosend = '1:' . $orig_id;
- }
-
- $rino = DI::config()->get('system', 'rino_encrypt');
- $rino = intval($rino);
-
- Logger::log("Local rino version: ". $rino, Logger::DEBUG);
-
- $ssl_val = intval(DI::config()->get('system', 'ssl_policy'));
-
- switch ($ssl_val) {
- case BaseURL::SSL_POLICY_FULL:
- $ssl_policy = 'full';
- break;
- case BaseURL::SSL_POLICY_SELFSIGN:
- $ssl_policy = 'self';
- break;
- case BaseURL::SSL_POLICY_NONE:
- default:
- $ssl_policy = 'none';
- break;
- }
-
- $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : '');
-
- Logger::log('dfrn_deliver: ' . $url);
-
- $curlResult = DI::httpRequest()->get($url);
-
- if ($curlResult->isTimeout()) {
- return -2; // timed out
- }
-
- $xml = $curlResult->getBody();
-
- $curl_stat = $curlResult->getReturnCode();
- if (empty($curl_stat)) {
- return -3; // timed out
- }
-
- Logger::log('dfrn_deliver: ' . $xml, Logger::DATA);
-
- if (empty($xml)) {
- return 3;
- }
-
- if (strpos($xml, '<?xml') === false) {
- Logger::log('dfrn_deliver: no valid XML returned');
- Logger::log('dfrn_deliver: returned XML: ' . $xml, Logger::DATA);
- return 3;
- }
-
- $res = XML::parseString($xml);
-
- if (!is_object($res) || (intval($res->status) != 0) || !strlen($res->challenge) || !strlen($res->dfrn_id)) {
- if (empty($res->status)) {
- $status = 3;
- } else {
- $status = $res->status;
- }
-
- return $status;
- }
-
- $postvars = [];
- $sent_dfrn_id = hex2bin((string) $res->dfrn_id);
- $challenge = hex2bin((string) $res->challenge);
- $perm = (($res->perm) ? $res->perm : null);
- $dfrn_version = floatval($res->dfrn_version ?: 2.0);
- $rino_remote_version = intval($res->rino);
- $page = (($owner['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? 1 : 0);
-
- Logger::log("Remote rino version: ".$rino_remote_version." for ".$contact["url"], Logger::DEBUG);
-
- if ($owner['page-flags'] == User::PAGE_FLAGS_PRVGROUP) {
- $page = 2;
- }
-
- $final_dfrn_id = '';
-
- if ($perm) {
- if ((($perm == 'rw') && !intval($contact['writable']))
- || (($perm == 'r') && intval($contact['writable']))
- ) {
- DBA::update('contact', ['writable' => ($perm == 'rw')], ['id' => $contact['id']]);
-
- $contact['writable'] = (string) 1 - intval($contact['writable']);
- }
- }
-
- if (($contact['duplex'] && strlen($contact['pubkey']))
- || ($owner['page-flags'] == User::PAGE_FLAGS_COMMUNITY && strlen($contact['pubkey']))
- || ($contact['rel'] == Contact::SHARING && strlen($contact['pubkey']))
- ) {
- openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
- openssl_public_decrypt($challenge, $postvars['challenge'], $contact['pubkey']);
- } else {
- openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
- openssl_private_decrypt($challenge, $postvars['challenge'], $contact['prvkey']);
- }
-
- $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-
- if (strpos($final_dfrn_id, ':') == 1) {
- $final_dfrn_id = substr($final_dfrn_id, 2);
- }
-
- if ($final_dfrn_id != $orig_id) {
- Logger::log('dfrn_deliver: wrong dfrn_id.');
- // did not decode properly - cannot trust this site
- return 3;
- }
-
- $postvars['dfrn_id'] = $idtosend;
- $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION;
- if ($dissolve) {
- $postvars['dissolve'] = '1';
- }
-
- if ((($contact['rel']) && ($contact['rel'] != Contact::SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == User::PAGE_FLAGS_COMMUNITY)) {
- $postvars['data'] = $atom;
- $postvars['perm'] = 'rw';
- } else {
- $postvars['data'] = str_replace('<dfrn:comment-allow>1', '<dfrn:comment-allow>0', $atom);
- $postvars['perm'] = 'r';
- }
-
- $postvars['ssl_policy'] = $ssl_policy;
-
- if ($page) {
- $postvars['page'] = $page;
- }
-
-
- if ($rino > 0 && $rino_remote_version > 0 && (! $dissolve)) {
- Logger::log('rino version: '. $rino_remote_version);
-
- switch ($rino_remote_version) {
- case 1:
- $key = openssl_random_pseudo_bytes(16);
- $data = self::aesEncrypt($postvars['data'], $key);
- break;
-
- default:
- Logger::log("rino: invalid requested version '$rino_remote_version'");
- return -8;
- }
-
- $postvars['rino'] = $rino_remote_version;
- $postvars['data'] = bin2hex($data);
-
- if ($dfrn_version >= 2.1) {
- if (($contact['duplex'] && strlen($contact['pubkey']))
- || ($owner['page-flags'] == User::PAGE_FLAGS_COMMUNITY && strlen($contact['pubkey']))
- || ($contact['rel'] == Contact::SHARING && strlen($contact['pubkey']))
- ) {
- openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
- } else {
- openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
- }
- } else {
- if (($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == User::PAGE_FLAGS_COMMUNITY)) {
- openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
- } else {
- openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
- }
- }
-
- Logger::log('md5 rawkey ' . md5($postvars['key']));
-
- $postvars['key'] = bin2hex($postvars['key']);
- }
-
-
- Logger::debug('dfrn_deliver', ['post' => $postvars]);
-
- $postResult = DI::httpRequest()->post($contact['notify'], $postvars);
-
- $xml = $postResult->getBody();
-
- Logger::log('dfrn_deliver: ' . "RECEIVED: " . $xml, Logger::DATA);
-
- $curl_stat = $postResult->getReturnCode();
- if (empty($curl_stat) || empty($xml)) {
- return -9; // timed out
- }
-
- if (($curl_stat == 503) && $postResult->inHeader('retry-after')) {
- return -10;
- }
-
- if (strpos($xml, '<?xml') === false) {
- Logger::log('dfrn_deliver: phase 2: no valid XML returned');
- Logger::log('dfrn_deliver: phase 2: returned XML: ' . $xml, Logger::DATA);
- return 3;
- }
-
- $res = XML::parseString($xml);
-
- if (!isset($res->status)) {
- return -11;
- }
-
- // Possibly old servers had returned an empty value when everything was okay
- if (empty($res->status)) {
- $res->status = 200;
- }
-
- if (!empty($res->message)) {
- Logger::log('Delivery returned status '.$res->status.' - '.$res->message, Logger::DEBUG);
- }
-
- return intval($res->status);
- }
-