X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsalmon.php;h=8341b902a7a874b3db3e140d32478bda9b564962;hb=18bd7f5eb7153726d616297981e04816798b5463;hp=c1af1a8526312539dcc2f9a458cdbab7db0cb2fd;hpb=0b221e8945ae785dc706d8ea9a9e8e25532c0096;p=friendica.git diff --git a/include/salmon.php b/include/salmon.php index c1af1a8526..8341b902a7 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -1,60 +1,14 @@ asnData[1]->asnData[0]->asnData[0]->asnData; - $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData; - - - return 'RSA' . '.' . $m . '.' . $e ; -} - - -function base64url_encode($s, $strip_padding = false) { - - $s = strtr(base64_encode($s),'+/','-_'); - - if($strip_padding) - $s = str_replace('=','',$s); - - return $s; -} - -function base64url_decode($s) { - -/* - * // Placeholder for new rev of salmon which strips base64 padding. - * // PHP base64_decode handles the un-padded input without requiring this step - * // Uncomment if you find you need it. - * - * $l = strlen($s); - * if(! strpos($s,'=')) { - * $m = $l % 4; - * if($m == 2) - * $s .= '=='; - * if($m == 3) - * $s .= '='; - * } - * - */ - - return base64_decode(strtr($s,'-_','+/')); -} +require_once('include/crypto.php'); +require_once('include/Probe.php'); function get_salmon_key($uri,$keyhash) { $ret = array(); - logger('Fetching salmon key'); + logger('Fetching salmon key for '.$uri); - $arr = lrdd($uri); + $arr = Probe::lrdd($uri); if(is_array($arr)) { foreach($arr as $a) { @@ -89,10 +43,10 @@ function get_salmon_key($uri,$keyhash) { if(count($ret) == 1) { // We only found one one key so we don't care if the hash matches. - // If it's the wrong key we'll find out soon enough because - // message verification will fail. This also covers some older + // If it's the wrong key we'll find out soon enough because + // message verification will fail. This also covers some older // software which don't supply a keyhash. As long as they only - // have one key we'll be right. + // have one key we'll be right. return $ret[0]; } @@ -107,62 +61,44 @@ function get_salmon_key($uri,$keyhash) { return ''; } - - -function slapper($owner,$url,$slap) { - logger('slapper called. Data: ' . $slap); - // does contact have a salmon endpoint? +function slapper($owner,$url,$slap) { + + // does contact have a salmon endpoint? if(! strlen($url)) return; - // add all namespaces to item - -$namespaces = <<< EOT - > -EOT; - - $slap = str_replace('',$namespaces,$slap); - + + if(! $owner['sprvkey']) { + logger(sprintf("user '%s' (%d) does not have a salmon private key. Send failed.", + $owner['username'],$owner['uid'])); + return; + } + + logger('slapper called for '.$url.'. Data: ' . $slap); + // create a magic envelope $data = base64url_encode($slap); $data_type = 'application/atom+xml'; $encoding = 'base64url'; $algorithm = 'RSA-SHA256'; - $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey']))); - - // Setup RSA stuff to PKCS#1 sign the data - - set_include_path(get_include_path() . PATH_SEPARATOR . 'library' . PATH_SEPARATOR . 'phpsec'); - - require_once('library/phpsec/Crypt/RSA.php'); - - $rsa = new CRYPT_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); - $rsa->loadKey($owner['sprvkey']); + $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true); // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode($rsa->sign($data . $precomputed)); + $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),$owner['sprvkey'])); + + $signature2 = base64url_encode(rsa_sign($data . $precomputed,$owner['sprvkey'])); - $signature2 = base64url_encode($rsa->sign($data)); + $signature3 = base64url_encode(rsa_sign($data,$owner['sprvkey'])); $salmon_tpl = get_markup_template('magicsig.tpl'); + $salmon = replace_macros($salmon_tpl,array( '$data' => $data, '$encoding' => $encoding, @@ -171,7 +107,7 @@ EOT; '$signature' => $signature )); - // slap them + // slap them post_url($url,$salmon, array( 'Content-type: application/magic-envelope+xml', 'Content-length: ' . strlen($salmon) @@ -184,11 +120,11 @@ EOT; if($return_code > 299) { - logger('slapper: compliant salmon failed. Falling back to status.net hack'); + logger('compliant salmon failed. Falling back to status.net hack2'); // Entirely likely that their salmon implementation is // non-compliant. Let's try once more, this time only signing - // the data, without the precomputed blob + // the data, without stripping '=' chars $salmon = replace_macros($salmon_tpl,array( '$data' => $data, @@ -198,17 +134,44 @@ EOT; '$signature' => $signature2 )); - // slap them + // slap them post_url($url,$salmon, array( 'Content-type: application/magic-envelope+xml', 'Content-length: ' . strlen($salmon) )); $return_code = $a->get_curl_code(); + + if($return_code > 299) { + + logger('compliant salmon failed. Falling back to status.net hack3'); + + // Entirely likely that their salmon implementation is + // non-compliant. Let's try once more, this time only signing + // the data, without the precomputed blob + + $salmon = replace_macros($salmon_tpl,array( + '$data' => $data, + '$encoding' => $encoding, + '$algorithm' => $algorithm, + '$keyhash' => $keyhash, + '$signature' => $signature3 + )); + + // slap them + post_url($url,$salmon, array( + 'Content-type: application/magic-envelope+xml', + 'Content-length: ' . strlen($salmon) + )); + $return_code = $a->get_curl_code(); + } } - logger('slapper returned ' . $return_code); + logger('slapper for '.$url.' returned ' . $return_code); if(! $return_code) return(-1); + if(($return_code == 503) && (stristr($a->get_curl_headers(),'retry-after'))) + return(-1); + return ((($return_code >= 200) && ($return_code < 300)) ? 0 : 1); }