throw new Exception(_m('Unable to locate signer public key.'));
}
+ /**
+ * The current MagicEnvelope spec as used in StatusNet 0.9.7 and later
+ * includes both the original data and some signing metadata fields as
+ * the input plaintext for the signature hash.
+ *
+ * @param array $env
+ * @return string
+ */
+ public function signingText($env) {
+ return implode('.', array($env['data'], // this field is pre-base64'd
+ Magicsig::base64_url_encode($env['data_type']),
+ Magicsig::base64_url_encode($env['encoding']),
+ Magicsig::base64_url_encode($env['alg'])));
+ }
+ /**
+ *
+ * @param <type> $text
+ * @param <type> $mimetype
+ * @param <type> $keypair
+ * @return array: associative array of envelope properties
+ * @fixme it might be easier to work with storing envelope data these in the object instead of passing arrays around
+ */
public function signMessage($text, $mimetype, $keypair)
{
$signature_alg = Magicsig::fromString($keypair);
$armored_text = Magicsig::base64_url_encode($text);
-
- return array(
+ $env = array(
'data' => $armored_text,
'encoding' => MagicEnvelope::ENCODING,
'data_type' => $mimetype,
- 'sig' => $signature_alg->sign($armored_text),
+ 'sig' => '',
'alg' => $signature_alg->getName()
);
+
+ $env['sig'] = $signature_alg->sign($this->signingText($env));
+
+ return $env;
}
+ /**
+ * Create an <me:env> XML representation of the envelope.
+ *
+ * @param array $env associative array with envelope data
+ * @return string representation of XML document
+ * @fixme it might be easier to work with storing envelope data these in the object instead of passing arrays around
+ */
public function toXML($env) {
$xs = new XMLStringer();
$xs->startXML();
return $string;
}
+ /**
+ * Extract the contained XML payload, and insert a copy of the envelope
+ * signature data as an <me:provenance> section.
+ *
+ * @param array $env associative array with envelope data
+ * @return string representation of modified XML document
+ *
+ * @fixme in case of XML parsing errors, this will spew to the error log or output
+ * @fixme it might be easier to work with storing envelope data these in the object instead of passing arrays around
+ */
public function unfold($env)
{
$dom = new DOMDocument();
return $dom->saveXML();
}
+ /**
+ * Find the author URI referenced in the given Atom entry.
+ *
+ * @param string $text string containing Atom entry XML
+ * @return mixed URI string or false if XML parsing fails, or null if no author URI can be found
+ *
+ * @fixme XML parsing failures will spew to error logs/output
+ */
public function getAuthor($text) {
$doc = new DOMDocument();
if (!$doc->loadXML($text)) {
}
}
+ /**
+ * Check if the author in the Atom entry fragment claims to match
+ * the given identifier URI.
+ *
+ * @param string $text string containing Atom entry XML
+ * @param string $signer_uri
+ * @return boolean
+ */
public function checkAuthor($text, $signer_uri)
{
return ($this->getAuthor($text) == $signer_uri);
}
+ /**
+ * Attempt to verify cryptographic signing for parsed envelope data.
+ * Requires network access to retrieve public key referenced by the envelope signer.
+ *
+ * Details of failure conditions are dumped to output log and not exposed to caller.
+ *
+ * @param array $env array representation of magic envelope data, as returned from MagicEnvelope::parse()
+ * @return boolean
+ *
+ * @fixme it might be easier to work with storing envelope data these in the object instead of passing arrays around
+ */
public function verify($env)
{
if ($env['alg'] != 'RSA-SHA256') {
return false;
}
- return $verifier->verify($env['data'], $env['sig']);
+ return $verifier->verify($this->signingText($env), $env['sig']);
}
+ /**
+ * Extract envelope data from an XML document containing an <me:env> or <me:provenance> element.
+ *
+ * @param string XML source
+ * @return mixed associative array of envelope data, or false on unrecognized input
+ *
+ * @fixme it might be easier to work with storing envelope data these in the object instead of passing arrays around
+ * @fixme will spew errors to logs or output in case of XML parse errors
+ * @fixme may give fatal errors if some elements are missing or invalid XML
+ * @fixme calling DOMDocument::loadXML statically triggers warnings in strict mode
+ */
public function parse($text)
{
$dom = DOMDocument::loadXML($text);
return $this->fromDom($dom);
}
+ /**
+ * Extract envelope data from an XML document containing an <me:env> or <me:provenance> element.
+ *
+ * @param DOMDocument $dom
+ * @return mixed associative array of envelope data, or false on unrecognized input
+ *
+ * @fixme it might be easier to work with storing envelope data these in the object instead of passing arrays around
+ * @fixme may give fatal errors if some elements are missing
+ */
public function fromDom($dom)
{
$env_element = $dom->getElementsByTagNameNS(MagicEnvelope::NS, 'env')->item(0);
);
}
}
+
+/**
+ * Variant of MagicEnvelope using the earlier signature form listed in the MagicEnvelope
+ * spec in early 2010; this was used in StatusNet up through 0.9.6, so for backwards compatiblity
+ * we still need to accept and sometimes send this format.
+ */
+class MagicEnvelopeCompat extends MagicEnvelope {
+
+ /**
+ * StatusNet through 0.9.6 used an earlier version of the MagicEnvelope spec
+ * which used only the input data, without the additional fields, as the plaintext
+ * for signing.
+ *
+ * @param array $env
+ * @return string
+ */
+ public function signingText($env) {
+ return $env['data'];
+ }
+}
+
projects / quix0rs-gnu-social.git / blobdiff