X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fdiaspora.php;h=8598ca7949ca511d7c5426aab3520f49c6e16dac;hb=0ed93df91fcf6cfc1d65ee3e013e4f79eae55ef7;hp=84aed81471f1b63a2b56e38fbc54d7bacc65c9cf;hpb=49c19a3c00ea11b8c6b1839f4c7d9f4165c9353f;p=friendica.git diff --git a/include/diaspora.php b/include/diaspora.php index 84aed81471..8598ca7949 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -100,6 +100,59 @@ class diaspora { return($signature); } + /** + * @brief verify the envelope and return the verified data + * + * @param string $envelope The magic envelope + * + * @return string verified data + */ + private function verify_magic_envelope($envelope) { + + $basedom = parse_xml_string($envelope, false); + + if (!is_object($basedom)) { + logger("Envelope is no XML file"); + return false; + } + + $children = $basedom->children('http://salmon-protocol.org/ns/magic-env'); + + if (sizeof($children) == 0) { + logger("XML has no children"); + return false; + } + + $handle = ""; + + $data = base64url_decode($children->data); + $type = $children->data->attributes()->type[0]; + + $encoding = $children->encoding; + + $alg = $children->alg; + + $sig = base64url_decode($children->sig); + $key_id = $children->sig->attributes()->key_id[0]; + if ($key_id != "") + $handle = base64url_decode($key_id); + + $b64url_data = base64url_encode($data); + $msg = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data); + + $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); + + $key = self::key($handle); + + $verify = rsa_verify($signable_data, $sig, $key); + if (!$verify) { + logger('Message did not verify. Discarding.'); + return false; + } + + return $data; + } + /** * @brief: Decodes incoming Diaspora message * @@ -233,7 +286,6 @@ class diaspora { return array('message' => (string)$inner_decrypted, 'author' => unxmlify($author_link), 'key' => (string)$key); - } @@ -360,8 +412,10 @@ class diaspora { $data = parse_xml_string($msg["message"], false); - if (!is_object($data)) + if (!is_object($data)) { + logger("No valid XML ".$msg["message"], LOGGER_DEBUG); return false; + } $first_child = $data->getName(); @@ -422,11 +476,11 @@ class diaspora { } } - if ($fieldname == "author_signature") + if (($fieldname == "author_signature") AND ($entry != "")) $author_signature = base64_decode($entry); - elseif ($fieldname == "parent_author_signature") + elseif (($fieldname == "parent_author_signature") AND ($entry != "")) $parent_author_signature = base64_decode($entry); - elseif ($fieldname != "target_author_signature") { + elseif (!in_array($fieldname, array("author_signature", "parent_author_signature", "target_author_signature"))) { if ($signed_data != "") { $signed_data .= ";"; $signed_data_parent .= ";"; @@ -451,19 +505,27 @@ class diaspora { return true; // No author_signature? This is a must, so we quit. - if (!isset($author_signature)) + if (!isset($author_signature)) { + logger("No author signature for type ".$type." - Message: ".$msg["message"], LOGGER_DEBUG); return false; + } if (isset($parent_author_signature)) { $key = self::key($msg["author"]); - if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) + if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) { + logger("No valid parent author signature for author ".$msg["author"]. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$parent_author_signature, LOGGER_DEBUG); return false; + } } $key = self::key($fields->author); - return rsa_verify($signed_data, $author_signature, $key, "sha256"); + if (!rsa_verify($signed_data, $author_signature, $key, "sha256")) { + logger("No valid author signature for author ".$msg["author"]. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$author_signature, LOGGER_DEBUG); + return false; + } else + return true; } /** @@ -806,11 +868,30 @@ class diaspora { if ($level > 5) return false; - // This will work for Diaspora and newer Friendica servers - $source_url = $server."/p/".$guid.".xml"; - $x = fetch_url($source_url); - if(!$x) - return false; + // This will work for new Diaspora servers and Friendica servers from 3.5 + $source_url = $server."/fetch/post/".$guid; + logger("Fetch post from ".$source_url, LOGGER_DEBUG); + + $envelope = fetch_url($source_url); + if($envelope) { + logger("Envelope was fetched.", LOGGER_DEBUG); + $x = self::verify_magic_envelope($envelope); + if (!$x) + logger("Envelope could not be verified.", LOGGER_DEBUG); + else + logger("Envelope was verified.", LOGGER_DEBUG); + } else + $x = false; + + // This will work for older Diaspora and Friendica servers + if (!$x) { + $source_url = $server."/p/".$guid.".xml"; + logger("Fetch post from ".$source_url, LOGGER_DEBUG); + + $x = fetch_url($source_url); + if(!$x) + return false; + } $source_xml = parse_xml_string($x, false); @@ -819,9 +900,11 @@ class diaspora { if ($source_xml->post->reshare) { // Reshare of a reshare - old Diaspora version + logger("Message is a reshare", LOGGER_DEBUG); return self::message($source_xml->post->reshare->root_guid, $server, ++$level); } elseif ($source_xml->getName() == "reshare") { // Reshare of a reshare - new Diaspora version + logger("Message is a new reshare", LOGGER_DEBUG); return self::message($source_xml->root_guid, $server, ++$level); } @@ -834,8 +917,10 @@ class diaspora { $author = (string)$source_xml->author; // If this isn't a "status_message" then quit - if (!$author) + if (!$author) { + logger("Message doesn't seem to be a status message", LOGGER_DEBUG); return false; + } $msg = array("message" => $x, "author" => $author); @@ -1809,6 +1894,8 @@ class diaspora { if(intval($def_gid)) group_add_member($importer["uid"], "", $contact_record["id"], $def_gid); + update_contact_avatar($ret["photo"], $importer['uid'], $contact_record["id"], true); + if($importer["page-flags"] == PAGE_NORMAL) { $hash = random_string().(string)time(); // Generate a confirm_key @@ -1900,27 +1987,15 @@ class diaspora { if (!$r) { $server = "https://".substr($orig_author, strpos($orig_author, "@") + 1); - logger("1st try: reshared message ".$guid." will be fetched from original server: ".$server); + logger("1st try: reshared message ".$guid." will be fetched via SSL from the server ".$server); $item_id = self::store_by_guid($guid, $server); if (!$item_id) { $server = "http://".substr($orig_author, strpos($orig_author, "@") + 1); - logger("2nd try: reshared message ".$guid." will be fetched from original server: ".$server); + logger("2nd try: reshared message ".$guid." will be fetched without SLL from the server ".$server); $item_id = self::store_by_guid($guid, $server); } - // Deactivated by now since there is a risk that someone could manipulate postings through this method -/* if (!$item_id) { - $server = "https://".substr($author, strpos($author, "@") + 1); - logger("3rd try: reshared message ".$guid." will be fetched from sharer's server: ".$server); - $item_id = self::store_by_guid($guid, $server); - } - if (!$item_id) { - $server = "http://".substr($author, strpos($author, "@") + 1); - logger("4th try: reshared message ".$guid." will be fetched from sharer's server: ".$server); - $item_id = self::store_by_guid($guid, $server); - } -*/ if ($item_id) { $r = q("SELECT `body`, `tag`, `app`, `created`, `object-type`, `uri`, `guid`, `author-name`, `author-link`, `author-avatar` @@ -2244,6 +2319,40 @@ class diaspora { return $nick."@".substr(App::get_baseurl(), strpos(App::get_baseurl(),"://") + 3); } + /** + * @brief Creates the envelope for the "fetch" endpoint + * + * @param string $msg The message that is to be transmitted + * @param array $user The record of the sender + * + * @return string The envelope + */ + + public static function build_magic_envelope($msg, $user) { + + $b64url_data = base64url_encode($msg); + $data = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data); + + $key_id = base64url_encode(diaspora::my_handle($user)); + $type = "application/xml"; + $encoding = "base64url"; + $alg = "RSA-SHA256"; + $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); + $signature = rsa_sign($signable_data, $user["prvkey"]); + $sig = base64url_encode($signature); + + $xmldata = array("me:env" => array("me:data" => $data, + "@attributes" => array("type" => $type), + "me:encoding" => $encoding, + "me:alg" => $alg, + "me:sig" => $sig, + "@attributes2" => array("key_id" => $key_id))); + + $namespaces = array("me" => "http://salmon-protocol.org/ns/magic-env"); + + return xml::from_array($xmldata, $xml, false, $namespaces); + } + /** * @brief Creates the envelope for a public message * @@ -2275,11 +2384,11 @@ class diaspora { $sig = base64url_encode($signature); $xmldata = array("diaspora" => array("header" => array("author_id" => $handle), - "me:env" => array("me:encoding" => "base64url", - "me:alg" => "RSA-SHA256", - "me:data" => $data, - "@attributes" => array("type" => "application/xml"), - "me:sig" => $sig))); + "me:env" => array("me:encoding" => $encoding, + "me:alg" => $alg, + "me:data" => $data, + "@attributes" => array("type" => $type), + "me:sig" => $sig))); $namespaces = array("" => "https://joindiaspora.com/protocol", "me" => "http://salmon-protocol.org/ns/magic-env"); @@ -2365,10 +2474,10 @@ class diaspora { $cipher_json = base64_encode($encrypted_header_json_object); $xmldata = array("diaspora" => array("encrypted_header" => $cipher_json, - "me:env" => array("me:encoding" => "base64url", - "me:alg" => "RSA-SHA256", + "me:env" => array("me:encoding" => $encoding, + "me:alg" => $alg, "me:data" => $data, - "@attributes" => array("type" => "application/xml"), + "@attributes" => array("type" => $type), "me:sig" => $sig))); $namespaces = array("" => "https://joindiaspora.com/protocol", @@ -2486,6 +2595,20 @@ class diaspora { } + /** + * @brief Build the post xml + * + * @param string $type The message type + * @param array $message The message data + * + * @return string The post XML + */ + public static function build_post_xml($type, $message) { + + $data = array("XML" => array("post" => array($type => $message))); + return xml::from_array($data, $xml); + } + /** * @brief Builds and transmit messages * @@ -2501,9 +2624,7 @@ class diaspora { */ private function build_and_transmit($owner, $contact, $type, $message, $public_batch = false, $guid = "", $spool = false) { - $data = array("XML" => array("post" => array($type => $message))); - - $msg = xml::from_array($data, $xml); + $msg = self::build_post_xml($type, $message); logger('message: '.$msg, LOGGER_DATA); logger('send guid '.$guid, LOGGER_DEBUG); @@ -2635,16 +2756,16 @@ class diaspora { } /** - * @brief Sends a post + * @brief Create a post (status message or reshare) * * @param array $item The item that will be exported * @param array $owner the array of the item owner - * @param array $contact Target of the communication - * @param bool $public_batch Is it a public post? * - * @return int The result of the transmission + * @return array + * 'type' -> Message type ("status_message" or "reshare") + * 'message' -> Array of XML elements of the status */ - public static function send_status($item, $owner, $contact, $public_batch = false) { + public static function build_status($item, $owner) { $myaddr = self::my_handle($owner); @@ -2707,8 +2828,24 @@ class diaspora { $type = "status_message"; } + return array("type" => $type, "message" => $message); + } - return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); + /** + * @brief Sends a post + * + * @param array $item The item that will be exported + * @param array $owner the array of the item owner + * @param array $contact Target of the communication + * @param bool $public_batch Is it a public post? + * + * @return int The result of the transmission + */ + public static function send_status($item, $owner, $contact, $public_batch = false) { + + $status = diaspora::build_status($item, $owner); + + return self::build_and_transmit($owner, $contact, $status["type"], $status["message"], $public_batch, $item["guid"]); } /**