Salmon signature checks on incoming slaps now check both old and new signature formats.
This commit is contained in:
parent
437ac120b0
commit
1d15145993
@ -52,8 +52,7 @@ class Salmon
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$classes = array('MagicEnvelope', 'MagicEnvelopeCompat');
|
foreach ($this->formatClasses() as $class) {
|
||||||
foreach ($classes as $class) {
|
|
||||||
try {
|
try {
|
||||||
$envelope = $this->createMagicEnv($xml, $actor, $class);
|
$envelope = $this->createMagicEnv($xml, $actor, $class);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
@ -83,6 +82,15 @@ class Salmon
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* List the magic envelope signature class variants in the order we try them.
|
||||||
|
* Multiples are needed for backwards-compat with StatusNet prior to 0.9.7,
|
||||||
|
* which used a draft version of the magic envelope spec.
|
||||||
|
*/
|
||||||
|
protected function formatClasses() {
|
||||||
|
return array('MagicEnvelope', 'MagicEnvelopeCompat');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Encode the given string as a signed MagicEnvelope XML document,
|
* Encode the given string as a signed MagicEnvelope XML document,
|
||||||
* using the keypair for the given local user profile.
|
* using the keypair for the given local user profile.
|
||||||
@ -129,6 +137,7 @@ class Salmon
|
|||||||
/**
|
/**
|
||||||
* Check if the given magic envelope is well-formed and correctly signed.
|
* Check if the given magic envelope is well-formed and correctly signed.
|
||||||
* Needs to have network access to fetch public keys over the web.
|
* Needs to have network access to fetch public keys over the web.
|
||||||
|
* Both current and back-compat signature formats will be checked.
|
||||||
*
|
*
|
||||||
* Side effects: exceptions and caching updates may occur during network
|
* Side effects: exceptions and caching updates may occur during network
|
||||||
* fetches.
|
* fetches.
|
||||||
@ -141,10 +150,16 @@ class Salmon
|
|||||||
*/
|
*/
|
||||||
public function verifyMagicEnv($text)
|
public function verifyMagicEnv($text)
|
||||||
{
|
{
|
||||||
$magic_env = new MagicEnvelope();
|
foreach ($this->formatClasses() as $class) {
|
||||||
|
$magic_env = new $class();
|
||||||
|
|
||||||
$env = $magic_env->parse($text);
|
$env = $magic_env->parse($text);
|
||||||
|
|
||||||
return $magic_env->verify($env);
|
if ($magic_env->verify($env)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user