X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsalmon.php;h=3d525f51ad36d0a2d55349937c140e404f8b56ea;hb=fe3dfbee5638dd2988bd8b126652b3138572f02c;hp=7f4c32265c641a826ea6012dae9a79eb79126f83;hpb=c16f314ec348205f4741e0171335168720e652d2;p=friendica.git diff --git a/include/salmon.php b/include/salmon.php old mode 100644 new mode 100755 index 7f4c32265c..3d525f51ad --- a/include/salmon.php +++ b/include/salmon.php @@ -1,37 +1,13 @@ asnData[1]->asnData[0]->asnData[0]->asnData; - $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData; - - - return 'RSA' . '.' . $m . '.' . $e ; -} - - -function base64url_encode($s) { - return strtr(base64_encode($s),'+/','-_'); -} - -function base64url_decode($s) { - return base64_decode(strtr($s,'-_','+/')); -} function get_salmon_key($uri,$keyhash) { $ret = array(); - $debugging = get_config('system','debugging'); - if($debugging) - file_put_contents('salmon.out', "\n" . 'Fetch key' . "\n", FILE_APPEND); + logger('Fetching salmon key'); $arr = lrdd($uri); @@ -62,8 +38,8 @@ function get_salmon_key($uri,$keyhash) { } } - if($debugging) - file_put_contents('salmon.out', "\n" . 'Key located: ' . print_r($ret,true) . "\n", FILE_APPEND); + + logger('Key located: ' . print_r($ret,true)); if(count($ret) == 1) { @@ -88,13 +64,21 @@ function get_salmon_key($uri,$keyhash) { -function slapper($owner,$contact,$slap) { +function slapper($owner,$url,$slap) { + logger('slapper called. Data: ' . $slap); // does contact have a salmon endpoint? - if(! strlen($contact['notify'])) + if(! strlen($url)) + return; + + + if(! $owner['sprvkey']) { + logger(sprintf("slapper: user '%s' (%d) does not have a salmon private key. Send failed.", + $owner['username'],$owner['uid'])); return; + } // add all namespaces to item @@ -106,7 +90,9 @@ $namespaces = <<< EOT xmlns:dfrn="http://purl.org/macgirvin/dfrn/1.0" xmlns:as="http://activitystrea.ms/spec/1.0/" xmlns:georss="http://www.georss.org/georss" - xmlns:poco="http://portablecontacts.net/spec/1.0" > + xmlns:poco="http://portablecontacts.net/spec/1.0" + xmlns:ostatus="http://ostatus.org/schema/1.0" + xmlns:statusnet="http://status.net/schema/api/1/" > > EOT; $slap = str_replace('',$namespaces,$slap); @@ -117,22 +103,20 @@ EOT; $data_type = 'application/atom+xml'; $encoding = 'base64url'; $algorithm = 'RSA-SHA256'; - $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey']))); + $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true); - // Setup RSA stuff to PKCS#1 sign the data + // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods - set_include_path(get_include_path() . PATH_SEPARATOR . 'phpsec'); + $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - require_once('phpsec/Crypt/RSA.php'); + $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),$owner['sprvkey'])); - $rsa = new CRYPT_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); - $rsa->loadKey($owner['sprvkey']); + $signature2 = base64url_encode(rsa_sign($data . $precomputed,$owner['sprvkey'])); - $signature = base64url_encode($rsa->sign($data)); + $signature3 = base64url_encode(rsa_sign($data,$owner['sprvkey'])); + + $salmon_tpl = get_markup_template('magicsig.tpl'); - $salmon_tpl = load_view_file('view/magicsig.tpl'); $salmon = replace_macros($salmon_tpl,array( '$data' => $data, '$encoding' => $encoding, @@ -142,13 +126,70 @@ EOT; )); // slap them - post_url($contact['notify'],$salmon, array( + post_url($url,$salmon, array( 'Content-type: application/magic-envelope+xml', 'Content-length: ' . strlen($salmon) )); $a = get_app(); - echo "CURL returned: " . $a->get_curl_code() . "\n"; - - return; -} \ No newline at end of file + $return_code = $a->get_curl_code(); + + // check for success, e.g. 2xx + + if($return_code > 299) { + + logger('slapper: compliant salmon failed. Falling back to status.net hack2'); + + // Entirely likely that their salmon implementation is + // non-compliant. Let's try once more, this time only signing + // the data, without stripping '=' chars + + $salmon = replace_macros($salmon_tpl,array( + '$data' => $data, + '$encoding' => $encoding, + '$algorithm' => $algorithm, + '$keyhash' => $keyhash, + '$signature' => $signature2 + )); + + // slap them + post_url($url,$salmon, array( + 'Content-type: application/magic-envelope+xml', + 'Content-length: ' . strlen($salmon) + )); + $return_code = $a->get_curl_code(); + + + if($return_code > 299) { + + logger('slapper: compliant salmon failed. Falling back to status.net hack3'); + + // Entirely likely that their salmon implementation is + // non-compliant. Let's try once more, this time only signing + // the data, without the precomputed blob + + $salmon = replace_macros($salmon_tpl,array( + '$data' => $data, + '$encoding' => $encoding, + '$algorithm' => $algorithm, + '$keyhash' => $keyhash, + '$signature' => $signature3 + )); + + // slap them + post_url($url,$salmon, array( + 'Content-type: application/magic-envelope+xml', + 'Content-length: ' . strlen($salmon) + )); + $return_code = $a->get_curl_code(); + } + } + logger('slapper returned ' . $return_code); + if(! $return_code) + return(-1); + if(($return_code == 503) && (stristr($a->get_curl_headers(),'retry-after'))) + return(-1); + + return ((($return_code >= 200) && ($return_code < 300)) ? 0 : 1); +} +