X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FHTTPSignature.php;h=07ff5e805d9b3293c921786d7ac195ac6ea02ff5;hb=e447375cddb847edbc9d4486be3938674ae66b8c;hp=1d2e7d9f76b6a692e15c7453397c914e012c6593;hpb=5583c070e068d2551adcb9c496c82fb2845f5f7f;p=friendica.git diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php index 1d2e7d9f76..07ff5e805d 100644 --- a/src/Util/HTTPSignature.php +++ b/src/Util/HTTPSignature.php @@ -7,6 +7,7 @@ namespace Friendica\Util; use Friendica\BaseObject; use Friendica\Core\Config; +use Friendica\Core\Logger; use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Model\APContact; @@ -59,7 +60,7 @@ class HTTPSignature $sig_block = self::parseSigheader($headers['authorization']); if (!$sig_block) { - logger('no signature provided.'); + Logger::log('no signature provided.'); return $result; } @@ -89,7 +90,7 @@ class HTTPSignature $key = $key($sig_block['keyId']); } - logger('Got keyID ' . $sig_block['keyId']); + Logger::log('Got keyID ' . $sig_block['keyId'], Logger::DEBUG); if (!$key) { return $result; @@ -97,7 +98,7 @@ class HTTPSignature $x = Crypto::rsaVerify($signed_data, $sig_block['signature'], $key, $algorithm); - logger('verified: ' . $x, LOGGER_DEBUG); + Logger::log('verified: ' . $x, Logger::DEBUG); if (!$x) { return $result; @@ -203,6 +204,8 @@ class HTTPSignature if (preg_match('/algorithm="(.*?)"/ism', $header, $matches)) { $ret['algorithm'] = $matches[1]; + } else { + $ret['algorithm'] = 'rsa-sha256'; } if (preg_match('/headers="(.*?)"/ism', $header, $matches)) { @@ -307,11 +310,59 @@ class HTTPSignature $postResult = Network::post($target, $content, $headers); $return_code = $postResult->getReturnCode(); - logger('Transmit to ' . $target . ' returned ' . $return_code); + Logger::log('Transmit to ' . $target . ' returned ' . $return_code, Logger::DEBUG); return ($return_code >= 200) && ($return_code <= 299); } + /** + * @brief Fetches JSON data for a user + * + * @param string $request request url + * @param integer $uid User id of the requester + * + * @return array JSON array + */ + public static function fetch($request, $uid) + { + $owner = User::getOwnerDataById($uid); + + if (!$owner) { + return; + } + + // Header data that is about to be signed. + $host = parse_url($request, PHP_URL_HOST); + $path = parse_url($request, PHP_URL_PATH); + + $headers = ['Host: ' . $host]; + + $signed_data = "(request-target): get " . $path . "\nhost: " . $host; + + $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); + + $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) host",signature="' . $signature . '"'; + + $headers[] = 'Accept: application/activity+json, application/ld+json'; + + $curlResult = Network::curl($request, false, $redirects, ['header' => $headers]); + $return_code = $curlResult->getReturnCode(); + + Logger::log('Fetched for user ' . $uid . ' from ' . $request . ' returned ' . $return_code, Logger::DEBUG); + + if (!$curlResult->isSuccess() || empty($curlResult->getBody())) { + return false; + } + + $content = json_decode($curlResult->getBody(), true); + + if (empty($content) || !is_array($content)) { + return false; + } + + return $content; + } + /** * @brief Gets a signer from a given HTTP request * @@ -406,6 +457,8 @@ class HTTPSignature } } + /// @todo Check if the signed date field is in an acceptable range + // Check the content-length when it is part of the signed data if (in_array('content-length', $sig_block['headers'])) { if (strlen($content) != $headers['content-length']) { @@ -430,12 +483,12 @@ class HTTPSignature $profile = APContact::getByURL($url); if (!empty($profile)) { - logger('Taking key from id ' . $id, LOGGER_DEBUG); + Logger::log('Taking key from id ' . $id, Logger::DEBUG); return ['url' => $url, 'pubkey' => $profile['pubkey']]; } elseif ($url != $actor) { $profile = APContact::getByURL($actor); if (!empty($profile)) { - logger('Taking key from actor ' . $actor, LOGGER_DEBUG); + Logger::log('Taking key from actor ' . $actor, Logger::DEBUG); return ['url' => $actor, 'pubkey' => $profile['pubkey']]; } }