Merge remote-tracking branch 'upstream/master' into social-master

[quix0rs-gnu-social.git] / plugins / OStatus / lib / magicenvelope.php

diff --git a/plugins/OStatus/lib/magicenvelope.php b/plugins/OStatus/lib/magicenvelope.php
index 84ba2ba2965bdd091af635256357cf77cf6f0b78..09b0f452f9f6ffee98f564d620334a4b48a0493d 100644 (file)
--- a/plugins/OStatus/lib/magicenvelope.php
+++ b/plugins/OStatus/lib/magicenvelope.php
@@ -76,6 +76,10 @@ class MagicEnvelope
             $magicsig = new Magicsig();
             $magicsig->user_id = $profile->id;
             $magicsig->importKeys($keypair);
+            // save the public key for this profile in our database.
+            // TODO: If the profile generates a new key remotely, we must be able to replace
+            //       this (of course after callback-verification).
+            $magicsig->insert();
         } elseif (!$magicsig instanceof Magicsig) { // No discovery request, so we'll give up.
             throw new ServerException(sprintf('No public key found for profile (id==%d)', $profile->id));
         }
@@ -153,21 +157,23 @@ class MagicEnvelope
      * @param <type> $text
      * @param <type> $mimetype
      * @param Magicsig $magicsig    Magicsig with private key available.
+     *
      * @return MagicEnvelope object with all properties set
+     *
+     * @throws Exception of various kinds on signing failure
      */
-    public static function signMessage($text, $mimetype, Magicsig $magicsig)
+    public function signMessage($text, $mimetype, Magicsig $magicsig)
     {
-        $magic_env = new MagicEnvelope();
+        assert($magicsig->privateKey instanceof Crypt_RSA);
 
         // Prepare text and metadata for signing
-        $magic_env->data      = Magicsig::base64_url_encode($text);
-        $magic_env->data_type = $mimetype;
-        $magic_env->encoding  = self::ENCODING;
-        $magic_env->alg       = $magicsig->getName();
-        // Get the actual signature
-        $magic_env->sig = $magicsig->sign($magic_env->signingText());
+        $this->data = Magicsig::base64_url_encode($text);
+        $this->data_type = $mimetype;
+        $this->encoding  = self::ENCODING;
+        $this->alg       = $magicsig->getName();
 
-        return $magic_env;
+        // Get the actual signature
+        $this->sig = $magicsig->sign($this->signingText());
     }
 
     /**
@@ -182,11 +188,10 @@ class MagicEnvelope
         $xs->element('me:data', array('type' => $this->data_type), $this->data);
         $xs->element('me:encoding', null, $this->encoding);
         $xs->element('me:alg', null, $this->alg);
-        $xs->element('me:sig', null, $this->sig);
+        $xs->element('me:sig', null, $this->getSignature());
         $xs->elementEnd('me:env');
 
         $string =  $xs->getString();
-        common_debug('MagicEnvelope XML: ' . $string);
         return $string;
     }
 
@@ -220,7 +225,7 @@ class MagicEnvelope
             $prov->appendChild($enc);
             $alg = $dom->createElementNS(self::NS, 'me:alg', $this->alg);
             $prov->appendChild($alg);
-            $sig = $dom->createElementNS(self::NS, 'me:sig', $this->sig);
+            $sig = $dom->createElementNS(self::NS, 'me:sig', $this->getSignature());
             $prov->appendChild($sig);
     
             $dom->documentElement->appendChild($prov);
@@ -231,6 +236,11 @@ class MagicEnvelope
         return $dom;
     }
 
+    public function getSignature()
+    {
+        return $this->sig;
+    }
+
     /**
      * Find the author URI referenced in the payload Atom entry.
      *
@@ -264,23 +274,23 @@ class MagicEnvelope
     public function verify(Profile $profile)
     {
         if ($this->alg != 'RSA-SHA256') {
-            common_log(LOG_DEBUG, "Salmon error: bad algorithm");
+            common_debug("Salmon error: bad algorithm");
             return false;
         }
 
         if ($this->encoding != self::ENCODING) {
-            common_log(LOG_DEBUG, "Salmon error: bad encoding");
+            common_debug("Salmon error: bad encoding");
             return false;
         }
 
         try {
             $magicsig = $this->getKeyPair($profile, true);    // Do discovery too if necessary
         } catch (Exception $e) {
-            common_log(LOG_DEBUG, "Salmon error: ".$e->getMessage());
+            common_debug("Salmon error: ".$e->getMessage());
             return false;
         }
 
-        return $magicsig->verify($this->signingText(), $this->sig);
+        return $magicsig->verify($this->signingText(), $this->getSignature());
     }
 
     /**
@@ -326,24 +336,22 @@ class MagicEnvelope
      * @param string $text XML fragment to sign, assumed to be Atom
      * @param User $user User who cryptographically signs $text
      *
-     * @return string XML string representation of magic envelope
+     * @return MagicEnvelope object complete with signature
      *
      * @throws Exception on bad profile input or key generation problems
-     * @fixme if signing fails, this seems to return the original text without warning. Is there a reason for this?
      */
     public static function signAsUser($text, User $user)
     {
         // Find already stored key
         $magicsig = Magicsig::getKV('user_id', $user->id);
         if (!$magicsig instanceof Magicsig) {
-            // No keypair yet, let's generate one.
-            $magicsig = new Magicsig();
-            $magicsig->generate($user);
+            $magicsig = Magicsig::generate($user);
         }
+        assert($magicsig instanceof Magicsig);
+        assert($magicsig->privateKey instanceof Crypt_RSA);
 
-        $magic_env = self::signMessage($text, 'application/atom+xml', $magicsig);
-
-        assert($magic_env instanceof MagicEnvelope);
+        $magic_env = new MagicEnvelope();
+        $magic_env->signMessage($text, 'application/atom+xml', $magicsig);
 
         return $magic_env;
     }