X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FOStatus%2Flib%2Fmagicenvelope.php;h=e97eb2be2ca64be8e4894481fff61265f25341fb;hb=220b51d8be61e9bd316567f3ad03fffdbc4b7526;hp=6d3956cb9bea8b7b17d92fbde3269cf4f1200113;hpb=51d1535f155c1178d8d17a40f06b6d9f7df9ff98;p=quix0rs-gnu-social.git diff --git a/plugins/OStatus/lib/magicenvelope.php b/plugins/OStatus/lib/magicenvelope.php index 6d3956cb9b..e97eb2be2c 100644 --- a/plugins/OStatus/lib/magicenvelope.php +++ b/plugins/OStatus/lib/magicenvelope.php @@ -26,7 +26,6 @@ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 * @link http://status.net/ */ - class MagicEnvelope { const ENCODING = 'base64url'; @@ -57,29 +56,42 @@ class MagicEnvelope } catch (Exception $e) { return false; } - if ($xrd->links) { - if ($link = Discovery::getService($xrd->links, Magicsig::PUBLICKEYREL)) { - $keypair = false; - $parts = explode(',', $link['href']); + $link = $xrd->get(Magicsig::PUBLICKEYREL); + if (!is_null($link)) { + $keypair = false; + $parts = explode(',', $link->href); + if (count($parts) == 2) { + $keypair = $parts[1]; + } else { + // Backwards compatibility check for separator bug in 0.9.0 + $parts = explode(';', $link->href); if (count($parts) == 2) { $keypair = $parts[1]; - } else { - // Backwards compatibility check for separator bug in 0.9.0 - $parts = explode(';', $link['href']); - if (count($parts) == 2) { - $keypair = $parts[1]; - } } + } - if ($keypair) { - return $keypair; - } + if ($keypair) { + return $keypair; } } // TRANS: Exception. throw new Exception(_m('Unable to locate signer public key.')); } + /** + * The current MagicEnvelope spec as used in StatusNet 0.9.7 and later + * includes both the original data and some signing metadata fields as + * the input plaintext for the signature hash. + * + * @param array $env + * @return string + */ + public function signingText($env) { + return implode('.', array($env['data'], // this field is pre-base64'd + Magicsig::base64_url_encode($env['data_type']), + Magicsig::base64_url_encode($env['encoding']), + Magicsig::base64_url_encode($env['alg']))); + } /** * @@ -93,14 +105,17 @@ class MagicEnvelope { $signature_alg = Magicsig::fromString($keypair); $armored_text = Magicsig::base64_url_encode($text); - - return array( + $env = array( 'data' => $armored_text, 'encoding' => MagicEnvelope::ENCODING, 'data_type' => $mimetype, - 'sig' => $signature_alg->sign($armored_text), + 'sig' => '', 'alg' => $signature_alg->getName() ); + + $env['sig'] = $signature_alg->sign($this->signingText($env)); + + return $env; } /** @@ -239,7 +254,7 @@ class MagicEnvelope return false; } - return $verifier->verify($env['data'], $env['sig']); + return $verifier->verify($this->signingText($env), $env['sig']); } /** @@ -290,3 +305,23 @@ class MagicEnvelope ); } } + +/** + * Variant of MagicEnvelope using the earlier signature form listed in the MagicEnvelope + * spec in early 2010; this was used in StatusNet up through 0.9.6, so for backwards compatiblity + * we still need to accept and sometimes send this format. + */ +class MagicEnvelopeCompat extends MagicEnvelope { + + /** + * StatusNet through 0.9.6 used an earlier version of the MagicEnvelope spec + * which used only the input data, without the additional fields, as the plaintext + * for signing. + * + * @param array $env + * @return string + */ + public function signingText($env) { + return $env['data']; + } +}