return($signature);
}
+ /**
+ * @brief verify the envelope and return the verified data
+ *
+ * @param string $envelope The magic envelope
+ *
+ * @return string verified data
+ */
+ private function verify_magic_envelope($envelope) {
+
+ $basedom = parse_xml_string($envelope, false);
+
+ if (!is_object($basedom)) {
+ logger("Envelope is no XML file");
+ return false;
+ }
+
+ $children = $basedom->children('http://salmon-protocol.org/ns/magic-env');
+
+ if (sizeof($children) == 0) {
+ logger("XML has no children");
+ return false;
+ }
+
+ $handle = "";
+
+ $data = base64url_decode($children->data);
+ $type = $children->data->attributes()->type[0];
+
+ $encoding = $children->encoding;
+
+ $alg = $children->alg;
+
+ $sig = base64url_decode($children->sig);
+ $key_id = $children->sig->attributes()->key_id[0];
+ if ($key_id != "")
+ $handle = base64url_decode($key_id);
+
+ $b64url_data = base64url_encode($data);
+ $msg = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data);
+
+ $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
+
+ $key = self::key($handle);
+
+ $verify = rsa_verify($signable_data, $sig, $key);
+ if (!$verify) {
+ logger('Message did not verify. Discarding.');
+ return false;
+ }
+
+ return $data;
+ }
+
/**
* @brief: Decodes incoming Diaspora message
*
return array('message' => (string)$inner_decrypted,
'author' => unxmlify($author_link),
'key' => (string)$key);
-
}
$data = parse_xml_string($msg["message"], false);
- if (!is_object($data))
+ if (!is_object($data)) {
+ logger("No valid XML ".$msg["message"], LOGGER_DEBUG);
return false;
+ }
$first_child = $data->getName();
}
}
- if ($fieldname == "author_signature")
+ if (($fieldname == "author_signature") AND ($entry != ""))
$author_signature = base64_decode($entry);
- elseif ($fieldname == "parent_author_signature")
+ elseif (($fieldname == "parent_author_signature") AND ($entry != ""))
$parent_author_signature = base64_decode($entry);
- elseif ($fieldname != "target_author_signature") {
+ elseif (!in_array($fieldname, array("author_signature", "parent_author_signature", "target_author_signature"))) {
if ($signed_data != "") {
$signed_data .= ";";
$signed_data_parent .= ";";
return true;
// No author_signature? This is a must, so we quit.
- if (!isset($author_signature))
+ if (!isset($author_signature)) {
+ logger("No author signature for type ".$type." - Message: ".$msg["message"], LOGGER_DEBUG);
return false;
+ }
if (isset($parent_author_signature)) {
$key = self::key($msg["author"]);
- if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256"))
+ if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) {
+ logger("No valid parent author signature for author ".$msg["author"]. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$parent_author_signature, LOGGER_DEBUG);
return false;
+ }
}
$key = self::key($fields->author);
- return rsa_verify($signed_data, $author_signature, $key, "sha256");
+ if (!rsa_verify($signed_data, $author_signature, $key, "sha256")) {
+ logger("No valid author signature for author ".$msg["author"]. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$author_signature, LOGGER_DEBUG);
+ return false;
+ } else
+ return true;
}
/**
if ($level > 5)
return false;
- // This will work for Diaspora and newer Friendica servers
- $source_url = $server."/p/".$guid.".xml";
- $x = fetch_url($source_url);
- if(!$x)
- return false;
+ // This will work for new Diaspora servers and Friendica servers from 3.5
+ $source_url = $server."/fetch/post/".$guid;
+ logger("Fetch post from ".$source_url, LOGGER_DEBUG);
+
+ $envelope = fetch_url($source_url);
+ if($envelope) {
+ logger("Envelope was fetched.", LOGGER_DEBUG);
+ $x = self::verify_magic_envelope($envelope);
+ if (!$x)
+ logger("Envelope could not be verified.", LOGGER_DEBUG);
+ else
+ logger("Envelope was verified.", LOGGER_DEBUG);
+ } else
+ $x = false;
+
+ // This will work for older Diaspora and Friendica servers
+ if (!$x) {
+ $source_url = $server."/p/".$guid.".xml";
+ logger("Fetch post from ".$source_url, LOGGER_DEBUG);
+
+ $x = fetch_url($source_url);
+ if(!$x)
+ return false;
+ }
$source_xml = parse_xml_string($x, false);
if ($source_xml->post->reshare) {
// Reshare of a reshare - old Diaspora version
+ logger("Message is a reshare", LOGGER_DEBUG);
return self::message($source_xml->post->reshare->root_guid, $server, ++$level);
} elseif ($source_xml->getName() == "reshare") {
// Reshare of a reshare - new Diaspora version
+ logger("Message is a new reshare", LOGGER_DEBUG);
return self::message($source_xml->root_guid, $server, ++$level);
}
$author = (string)$source_xml->author;
// If this isn't a "status_message" then quit
- if (!$author)
+ if (!$author) {
+ logger("Message doesn't seem to be a status message", LOGGER_DEBUG);
return false;
+ }
$msg = array("message" => $x, "author" => $author);
if(intval($def_gid))
group_add_member($importer["uid"], "", $contact_record["id"], $def_gid);
+ update_contact_avatar($ret["photo"], $importer['uid'], $contact_record["id"], true);
+
if($importer["page-flags"] == PAGE_NORMAL) {
$hash = random_string().(string)time(); // Generate a confirm_key
if (!$r) {
$server = "https://".substr($orig_author, strpos($orig_author, "@") + 1);
- logger("1st try: reshared message ".$guid." will be fetched from original server: ".$server);
+ logger("1st try: reshared message ".$guid." will be fetched via SSL from the server ".$server);
$item_id = self::store_by_guid($guid, $server);
if (!$item_id) {
$server = "http://".substr($orig_author, strpos($orig_author, "@") + 1);
- logger("2nd try: reshared message ".$guid." will be fetched from original server: ".$server);
+ logger("2nd try: reshared message ".$guid." will be fetched without SLL from the server ".$server);
$item_id = self::store_by_guid($guid, $server);
}
- // Deactivated by now since there is a risk that someone could manipulate postings through this method
-/* if (!$item_id) {
- $server = "https://".substr($author, strpos($author, "@") + 1);
- logger("3rd try: reshared message ".$guid." will be fetched from sharer's server: ".$server);
- $item_id = self::store_by_guid($guid, $server);
- }
- if (!$item_id) {
- $server = "http://".substr($author, strpos($author, "@") + 1);
- logger("4th try: reshared message ".$guid." will be fetched from sharer's server: ".$server);
- $item_id = self::store_by_guid($guid, $server);
- }
-*/
if ($item_id) {
$r = q("SELECT `body`, `tag`, `app`, `created`, `object-type`, `uri`, `guid`,
`author-name`, `author-link`, `author-avatar`
return $nick."@".substr(App::get_baseurl(), strpos(App::get_baseurl(),"://") + 3);
}
+ /**
+ * @brief Creates the envelope for the "fetch" endpoint
+ *
+ * @param string $msg The message that is to be transmitted
+ * @param array $user The record of the sender
+ *
+ * @return string The envelope
+ */
+
+ public static function build_magic_envelope($msg, $user) {
+
+ $b64url_data = base64url_encode($msg);
+ $data = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data);
+
+ $key_id = base64url_encode(diaspora::my_handle($user));
+ $type = "application/xml";
+ $encoding = "base64url";
+ $alg = "RSA-SHA256";
+ $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
+ $signature = rsa_sign($signable_data, $user["prvkey"]);
+ $sig = base64url_encode($signature);
+
+ $xmldata = array("me:env" => array("me:data" => $data,
+ "@attributes" => array("type" => $type),
+ "me:encoding" => $encoding,
+ "me:alg" => $alg,
+ "me:sig" => $sig,
+ "@attributes2" => array("key_id" => $key_id)));
+
+ $namespaces = array("me" => "http://salmon-protocol.org/ns/magic-env");
+
+ return xml::from_array($xmldata, $xml, false, $namespaces);
+ }
+
/**
* @brief Creates the envelope for a public message
*
$sig = base64url_encode($signature);
$xmldata = array("diaspora" => array("header" => array("author_id" => $handle),
- "me:env" => array("me:encoding" => "base64url",
- "me:alg" => "RSA-SHA256",
- "me:data" => $data,
- "@attributes" => array("type" => "application/xml"),
- "me:sig" => $sig)));
+ "me:env" => array("me:encoding" => $encoding,
+ "me:alg" => $alg,
+ "me:data" => $data,
+ "@attributes" => array("type" => $type),
+ "me:sig" => $sig)));
$namespaces = array("" => "https://joindiaspora.com/protocol",
"me" => "http://salmon-protocol.org/ns/magic-env");
$cipher_json = base64_encode($encrypted_header_json_object);
$xmldata = array("diaspora" => array("encrypted_header" => $cipher_json,
- "me:env" => array("me:encoding" => "base64url",
- "me:alg" => "RSA-SHA256",
+ "me:env" => array("me:encoding" => $encoding,
+ "me:alg" => $alg,
"me:data" => $data,
- "@attributes" => array("type" => "application/xml"),
+ "@attributes" => array("type" => $type),
"me:sig" => $sig)));
$namespaces = array("" => "https://joindiaspora.com/protocol",
}
+ /**
+ * @brief Build the post xml
+ *
+ * @param string $type The message type
+ * @param array $message The message data
+ *
+ * @return string The post XML
+ */
+ public static function build_post_xml($type, $message) {
+
+ $data = array("XML" => array("post" => array($type => $message)));
+ return xml::from_array($data, $xml);
+ }
+
/**
* @brief Builds and transmit messages
*
*/
private function build_and_transmit($owner, $contact, $type, $message, $public_batch = false, $guid = "", $spool = false) {
- $data = array("XML" => array("post" => array($type => $message)));
-
- $msg = xml::from_array($data, $xml);
+ $msg = self::build_post_xml($type, $message);
logger('message: '.$msg, LOGGER_DATA);
logger('send guid '.$guid, LOGGER_DEBUG);
}
/**
- * @brief Sends a post
+ * @brief Create a post (status message or reshare)
*
* @param array $item The item that will be exported
* @param array $owner the array of the item owner
- * @param array $contact Target of the communication
- * @param bool $public_batch Is it a public post?
*
- * @return int The result of the transmission
+ * @return array
+ * 'type' -> Message type ("status_message" or "reshare")
+ * 'message' -> Array of XML elements of the status
*/
- public static function send_status($item, $owner, $contact, $public_batch = false) {
+ public static function build_status($item, $owner) {
$myaddr = self::my_handle($owner);
$type = "status_message";
}
+ return array("type" => $type, "message" => $message);
+ }
- return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]);
+ /**
+ * @brief Sends a post
+ *
+ * @param array $item The item that will be exported
+ * @param array $owner the array of the item owner
+ * @param array $contact Target of the communication
+ * @param bool $public_batch Is it a public post?
+ *
+ * @return int The result of the transmission
+ */
+ public static function send_status($item, $owner, $contact, $public_batch = false) {
+
+ $status = diaspora::build_status($item, $owner);
+
+ return self::build_and_transmit($owner, $contact, $status["type"], $status["message"], $public_batch, $item["guid"]);
}
/**