GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
16,739 Commits 8 Branches 4 Tags 309 MiB
Commit Graph

47 Commits

Author SHA1 Message Date
Mikael Nordfeldth af1b0915f4 Magic signature discovery and envelope changes 2015-10-04 17:26:35 +02:00
Mikael Nordfeldth 2aed59a02a Diaspora plugin is almost there (for remote salmon slaps at least) 2015-10-04 12:06:48 +02:00
Mikael Nordfeldth 9b461db4da Send the entire XMLStringer object in MagicEnvelope events. 2015-10-04 09:59:01 +02:00
Mikael Nordfeldth 184293c634 Break out MagicEnvelope->toXML() functionality to allow for plugin flexibility 2015-10-04 00:17:07 +02:00
Mikael Nordfeldth 30a4393afa Move around some code related to Magic_envelope and signing 2015-10-03 23:35:46 +02:00
Mikael Nordfeldth 24b1e26406 MagicEnvelope called DOMDocument::loadXML statically 
but apparently we shouldn't do this, despite recommended on https://secure.php.net/manual/en/domdocument.loadxml.php
 2015-07-10 23:24:50 +02:00
Mikael Nordfeldth aeaee388bf Store remote magicsig public keys locally 2015-01-24 13:06:09 +01:00
Mikael Nordfeldth d350a20e1f Less verbose debugging (also don't log private keys) 
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
 2014-06-03 12:53:04 +02:00
Mikael Nordfeldth 0bc122ff58 Magicsig::generate is now static 
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
 2014-06-02 21:50:40 +02:00
Mikael Nordfeldth 537dff7987 Salmon posts can only be made for local users. More typing! 
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
 2014-06-02 19:46:42 +02:00
Mikael Nordfeldth 78805d113a MagicEnvelope discoverKeyPair now returns string 
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
 2014-06-02 18:31:48 +02:00
Mikael Nordfeldth d44588f98b Only use a Profile in MagicEnvelope keypair retrieval 
So we _know_ there is a profile for the submitter we're about to verify.
 2014-06-02 16:12:26 +02:00
Mikael Nordfeldth 993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth 75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth 411f3b86a4 Use locally cached Salmon keys for profiles 
Please note that we're not yet actually caching them ourselves.
 2014-05-31 12:51:51 +02:00
Mikael Nordfeldth 0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth 03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth 41773d3f67 MagicEnvelope object orientation (no passing arrays) 
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
 2014-05-27 12:01:12 +02:00
Mikael Nordfeldth 14251d26ad Make MagicEnvelope self-reference 
Also, a stricer typing for DOMDocument in fromDom parsing function.
 2014-05-27 10:18:36 +02:00
Mikael Nordfeldth 54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth ba10da27da Should not normalize Salmon author URIs. 
It's normalized in Discovery->lookup later anyway.
 2014-05-26 14:20:42 +02:00
Mikael Nordfeldth 8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth 1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00
Mikael Nordfeldth a7e748479c Fixed regression in OStatus sub from WebFinger/XML_XRD update 
XML_XRD::getAll requires arguments (at least relation). If one really
want all links, just get the 'links' array. It's public!

Also, not all XML_XRD_Element_Link were migrated from the previous
array style.
 2013-09-30 23:33:28 +02:00
Mikael Nordfeldth a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD 
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
 2013-09-30 22:04:52 +02:00
Siebrand Mazeland b83e0fd0e8 Update translator documentation. 
i18n fixes (gettext domain).
L10n updates.
Whitespace updates.
Some tabs to spaces.
 2011-04-11 00:39:51 +02:00
Brion Vibber 946a4ac17b Add test cases for internal change in Salmon signing; fix for the new code. 
Updated sig passes Tuomas's verifier, which is a good sign
 2011-01-05 23:26:39 +00:00
Brion Vibber 51d1535f15 Added doc comments on Salmon magicsig-related stuff to help in figuring out what's going on 2011-01-05 14:05:59 -08:00
Siebrand Mazeland 5a6f616206 * i18n/L10n update 
* translator comments added
* remove superfluous whitespace
 2010-09-19 15:17:36 +02:00
Siebrand Mazeland 1bfbe9badf * i18n/L10n updates and FIXMEs added 
* whitespace fixes
 2010-09-03 01:35:04 +02:00
James Walker c8a706081e strip whitespace from me:data and me:sig (per spec) 2010-08-07 09:48:21 -04:00
James Walker 8120842780 Fix for #2429 - move OStatus XML writing to XMLStringer 2010-08-02 16:42:28 -04:00
James Walker 3227122ac3 move base64_url_(encode|decode) to static functions in Magicsig 2010-03-26 10:43:41 -07:00
James Walker 10410907a0 A bit safer checking in the keypair parsing 2010-03-24 14:27:35 -04:00
James Walker 512e511053 fix invalid separator in magic-public-key XRD and matching parsing. 2010-03-11 14:49:12 -05:00
James Walker 06612e35e4 remove hard-coded me:env check in magicenvelope 2010-03-11 14:49:12 -05:00
James Walker 89582e7226 base64_encode/decode -> base64_url_encode/decode 2010-03-11 14:49:12 -05:00
James Walker ddc4a7d2ff Catch a previously uncaught exception and add some additional debug logs for signature verification 2010-03-04 01:46:34 -05:00
James Walker e4c462570f move salmon posting to send application/magic-envelope+xml per http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-salmon-00.html#RPF 2010-02-26 15:39:58 -05:00
James Walker 223ebc765c move signing to take a local actor profile and use local keys 2010-02-26 14:22:49 -05:00
James Walker ab8bb4d79e more cleanup 2010-02-26 04:07:58 -05:00
James Walker 84d0c865c4 salmon actually fetching remote keypairs 2010-02-26 03:25:51 -05:00
James Walker 855692141d use a real keypair from discovery 2010-02-25 23:38:25 -05:00
James Walker e62e49ed3b adding some exception handling for magicenv parsing 2010-02-25 17:09:54 -05:00
James Walker 9494b0e5d7 magicsig shuffling 2010-02-22 23:30:32 -05:00
James Walker e0388cc1d3 adding magic sig stuff 2010-02-22 09:05:32 -05:00