X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsalmon.php;h=8341b902a7a874b3db3e140d32478bda9b564962;hb=497fd34026fbaa83b11a64d3a0a6e20f1360e5d6;hp=2838f2cbbf81afcd27168410c64bd5dcb18579a1;hpb=b376f215337e4bee7320a0df8fc3d9b1beb2f289;p=friendica.git diff --git a/include/salmon.php b/include/salmon.php index 2838f2cbbf..8341b902a7 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -1,37 +1,14 @@ asnData[1]->asnData[0]->asnData[0]->asnData; - $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData; - - - return 'RSA' . '.' . $m . '.' . $e ; -} - - -function base64url_encode($s) { - return strtr(base64_encode($s),'+/','-_'); -} - -function base64url_decode($s) { - return base64_decode(strtr($s,'-_','+/')); -} +require_once('include/crypto.php'); +require_once('include/Probe.php'); function get_salmon_key($uri,$keyhash) { $ret = array(); - logger('Fetching salmon key'); + logger('Fetching salmon key for '.$uri); - $arr = lrdd($uri); + $arr = Probe::lrdd($uri); if(is_array($arr)) { foreach($arr as $a) { @@ -66,10 +43,10 @@ function get_salmon_key($uri,$keyhash) { if(count($ret) == 1) { // We only found one one key so we don't care if the hash matches. - // If it's the wrong key we'll find out soon enough because - // message verification will fail. This also covers some older + // If it's the wrong key we'll find out soon enough because + // message verification will fail. This also covers some older // software which don't supply a keyhash. As long as they only - // have one key we'll be right. + // have one key we'll be right. return $ret[0]; } @@ -84,60 +61,44 @@ function get_salmon_key($uri,$keyhash) { return ''; } - - -function slapper($owner,$url,$slap) { - logger('slapper called. Data: ' . $slap); - // does contact have a salmon endpoint? +function slapper($owner,$url,$slap) { + + // does contact have a salmon endpoint? if(! strlen($url)) return; - // add all namespaces to item - -$namespaces = <<< EOT - -EOT; - - $slap = str_replace('',$namespaces,$slap); - + + if(! $owner['sprvkey']) { + logger(sprintf("user '%s' (%d) does not have a salmon private key. Send failed.", + $owner['username'],$owner['uid'])); + return; + } + + logger('slapper called for '.$url.'. Data: ' . $slap); + // create a magic envelope $data = base64url_encode($slap); $data_type = 'application/atom+xml'; $encoding = 'base64url'; $algorithm = 'RSA-SHA256'; - $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey']))); - - // Setup RSA stuff to PKCS#1 sign the data - - set_include_path(get_include_path() . PATH_SEPARATOR . 'phpsec'); - - require_once('phpsec/Crypt/RSA.php'); - - $rsa = new CRYPT_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); - $rsa->loadKey($owner['sprvkey']); + $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true); // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode($rsa->sign($data . $precomputed)); + $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),$owner['sprvkey'])); + + $signature2 = base64url_encode(rsa_sign($data . $precomputed,$owner['sprvkey'])); + + $signature3 = base64url_encode(rsa_sign($data,$owner['sprvkey'])); - $signature2 = base64url_encode($rsa->sign($data)); + $salmon_tpl = get_markup_template('magicsig.tpl'); - $salmon_tpl = load_view_file('view/magicsig.tpl'); $salmon = replace_macros($salmon_tpl,array( '$data' => $data, '$encoding' => $encoding, @@ -146,22 +107,24 @@ EOT; '$signature' => $signature )); - // slap them + // slap them post_url($url,$salmon, array( 'Content-type: application/magic-envelope+xml', 'Content-length: ' . strlen($salmon) )); $a = get_app(); - $return_code = trim($a->get_curl_code()); + $return_code = $a->get_curl_code(); // check for success, e.g. 2xx - if(substr($return_code,0,1) !== '2') { + if($return_code > 299) { + + logger('compliant salmon failed. Falling back to status.net hack2'); // Entirely likely that their salmon implementation is // non-compliant. Let's try once more, this time only signing - // the data, without the precomputed blob + // the data, without stripping '=' chars $salmon = replace_macros($salmon_tpl,array( '$data' => $data, @@ -171,15 +134,44 @@ EOT; '$signature' => $signature2 )); - // slap them + // slap them post_url($url,$salmon, array( 'Content-type: application/magic-envelope+xml', 'Content-length: ' . strlen($salmon) )); - $return_code = trim($a->get_curl_code()); + $return_code = $a->get_curl_code(); + + + if($return_code > 299) { + + logger('compliant salmon failed. Falling back to status.net hack3'); + // Entirely likely that their salmon implementation is + // non-compliant. Let's try once more, this time only signing + // the data, without the precomputed blob + + $salmon = replace_macros($salmon_tpl,array( + '$data' => $data, + '$encoding' => $encoding, + '$algorithm' => $algorithm, + '$keyhash' => $keyhash, + '$signature' => $signature3 + )); + + // slap them + post_url($url,$salmon, array( + 'Content-type: application/magic-envelope+xml', + 'Content-length: ' . strlen($salmon) + )); + $return_code = $a->get_curl_code(); + } } - logger('slapper returned ' . $return_code); - return; + logger('slapper for '.$url.' returned ' . $return_code); + if(! $return_code) + return(-1); + if(($return_code == 503) && (stristr($a->get_curl_headers(),'retry-after'))) + return(-1); + + return ((($return_code >= 200) && ($return_code < 300)) ? 0 : 1); }