From 1d15145993a00d1db1057dacf71f3783cd16c119 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 6 Jan 2011 00:01:42 +0000 Subject: [PATCH] Salmon signature checks on incoming slaps now check both old and new signature formats. --- plugins/OStatus/lib/salmon.php | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/plugins/OStatus/lib/salmon.php b/plugins/OStatus/lib/salmon.php index 5535049203..2f5772a844 100644 --- a/plugins/OStatus/lib/salmon.php +++ b/plugins/OStatus/lib/salmon.php @@ -52,8 +52,7 @@ class Salmon return false; } - $classes = array('MagicEnvelope', 'MagicEnvelopeCompat'); - foreach ($classes as $class) { + foreach ($this->formatClasses() as $class) { try { $envelope = $this->createMagicEnv($xml, $actor, $class); } catch (Exception $e) { @@ -83,6 +82,15 @@ class Salmon return false; } + /** + * List the magic envelope signature class variants in the order we try them. + * Multiples are needed for backwards-compat with StatusNet prior to 0.9.7, + * which used a draft version of the magic envelope spec. + */ + protected function formatClasses() { + return array('MagicEnvelope', 'MagicEnvelopeCompat'); + } + /** * Encode the given string as a signed MagicEnvelope XML document, * using the keypair for the given local user profile. @@ -129,6 +137,7 @@ class Salmon /** * Check if the given magic envelope is well-formed and correctly signed. * Needs to have network access to fetch public keys over the web. + * Both current and back-compat signature formats will be checked. * * Side effects: exceptions and caching updates may occur during network * fetches. @@ -141,10 +150,16 @@ class Salmon */ public function verifyMagicEnv($text) { - $magic_env = new MagicEnvelope(); + foreach ($this->formatClasses() as $class) { + $magic_env = new $class(); - $env = $magic_env->parse($text); + $env = $magic_env->parse($text); - return $magic_env->verify($env); + if ($magic_env->verify($env)) { + return true; + } + } + + return false; } } -- 2.39.5