GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
18,361 Commits 8 Branches 4 Tags 310 MiB
ef17f3ea7d
Commit Graph

54 Commits

Author SHA1 Message Date
Diogo Cordeiro
0c2c3ec862 [CORE] Plugin API now extends a new Module API 2019-08-24 01:59:33 +01:00
Mikael Nordfeldth
ad7ebd1a8c Even more phpseclib update related stuff. 2016-06-25 20:34:28 +02:00
Mikael Nordfeldth
3a8ce99a9d Magicsig call for phpseclib\Math\BigInteger fixed 2016-06-17 23:47:00 +02:00
Mikael Nordfeldth
1839082f95 OStatus Magicsig adaptations to new phpseclib 
Some constants have changed and the way to call RSA->sign(...) too.
 2016-06-17 23:43:24 +02:00
Mikael Nordfeldth
a1d064129a Handle namespaces for new phpseclib 2016-06-17 23:21:34 +02:00
Mikael Nordfeldth
f4ed171397 Make Magicsig capable of loading public PKCS1 keys 2015-10-04 17:22:19 +02:00
Mikael Nordfeldth
57943cad99 Magicsig gets toFingerprint output 
We give this as a lowercase, sha256 hexadecimal digest of the string:
TYPE + "." + BASE64(modulus as bytes) + "." + BASE64(exponent as bytes)

Where TYPE in all our cases up until now at least are "RSA"
 2015-06-06 14:35:48 +02:00
Mikael Nordfeldth
c5f79fd2f3 Magicsig gets toFingerprint function. 2015-06-06 14:33:43 +02:00
Mikael Nordfeldth
e212f2ae77 Moved Diaspora specific metadata to own plugin 2015-06-06 13:49:27 +02:00
Mikael Nordfeldth
cce808b27c const'ifying bits and sigalg 
Also we should move away from 1024 bit keys as soon as we can.
 2015-01-24 12:18:55 +01:00
Mikael Nordfeldth
29ac42addd Diaspora public key published in WebFinger 2014-11-06 21:05:31 +01:00
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys) 
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
 2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
aaef11077d Default of Magicsig keypair toString should be secure 
Prevent crappy coders from leaking private keys.
 2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static 
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
 2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing! 
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
 2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
56194b3cd9 Magicsig importKeys finetuning and getHash() use 2014-06-02 16:11:15 +02:00
Mikael Nordfeldth
00b2bddc7c Clarify it's not base64, but base64url, encoding in Magicsig 2014-06-02 14:51:15 +02:00
Mikael Nordfeldth
c1dc13bef0 Magicsig warning message would fail to get bits 2014-06-02 13:35:29 +02:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays) 
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
 2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
2ea5f00666 Success debugging was too much noise 2014-05-05 18:59:44 +02:00
Mikael Nordfeldth
960baae1d1 More debugging in Magicsig class verify method 2014-05-05 17:48:21 +02:00
Mikael Nordfeldth
8b04bcb310 Prepare for >1024 RSA keys for Salmon signatures 2014-03-02 11:47:38 +01:00
Mikael Nordfeldth
6f4c572389 Unnecessary UTF-8 declaration for database 2013-08-20 09:43:23 +02:00
Mikael Nordfeldth
7e4718a4eb IMPORTANT - fixed Magicsig to properly overload getKV (prev. staticGet) 
In commit e95f77d34c Magicsig lost the 'staticGet' function (later renamed to getKV in 2a4dc77a63 ), which was important to properly initialize the Magicsig object (fromString)
 2013-08-18 19:07:18 +02:00
Mikael Nordfeldth
1710a619a8 Magicsig class now Managed_DataObject with nicer schemaDef 2013-08-18 15:31:18 +02:00
Mikael Nordfeldth
e95f77d34c Updating all Memcached_DataObject extended classes to Managed_DataObject 
In some brief tests, this causes no problems.

In this state however, you would need to modify DB_DataObject to have a static declaration of staticget (and probably pkeyGet). The next commit will change the staticGet overload to a unique function name (like getKV for getKeyValue), which means we can properly call the function by PHP Strict Standards.
 2013-08-18 12:32:32 +02:00
Brion Vibber
51d1535f15 Added doc comments on Salmon magicsig-related stuff to help in figuring out what's going on 2011-01-05 14:05:59 -08:00
Brion Vibber
69b13cb279 Normalize execution guards on OStatus php files; mostly helps cut down on annoying 'class not found' errors when something spiders the dirs. :P 2010-10-08 10:42:59 -07:00
Siebrand Mazeland
5a6f616206 * i18n/L10n update 
* translator comments added
* remove superfluous whitespace
 2010-09-19 15:17:36 +02:00
Siebrand Mazeland
1bfbe9badf * i18n/L10n updates and FIXMEs added 
* whitespace fixes
 2010-09-03 01:35:04 +02:00
James Walker
3227122ac3 move base64_url_(encode|decode) to static functions in Magicsig 2010-03-26 10:43:41 -07:00
James Walker
9e0b9857f4 Make sure we're requiring the library 2010-03-24 15:26:03 -04:00
James Walker
cfca789b34 Updated Math_Biginteger from upstream - removing safe* workarounds 2010-03-24 15:18:41 -04:00
James Walker
c4273f0ef3 Check for 0.9.0 bad keys from old Crypt_RSA library 2010-03-24 15:15:20 -04:00
Brion Vibber
27bfd1211d Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached. 
Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.
 2010-03-22 12:17:45 -07:00
James Walker
99ca84e68e changing keypair to text to hold a full 1024bit keypair 2010-03-13 15:46:54 -05:00
James Walker
135c0c8a7f cleaning up key generation 2010-03-12 21:44:18 -05:00
James Walker
4e44cf906b converting key generation to new crypt library 2010-03-12 20:02:00 -05:00
James Walker
c5bb41176e converted toString to new crypt library 2010-03-12 19:42:48 -05:00
James Walker
23d44c7d59 converted sign, verify and fromString to new crypt lib 2010-03-12 19:34:45 -05:00
Brion Vibber
9e9ab23e1f Fixes for updating indices, charset/collation and engine type on plugin-created tables. 
Under MySQL, new tables will be created as InnoDB with UTF-8 (utf8/utf8_bin) same as core tables.
Existing plugin tables will have table engine and default charset/collation updated, and string columns will have charset updated, at checkschema time.

Switched from 'DESCRIBE' to INFORMATION_SCHEMA for pulling column information in order to get charset. A second hit to INFORMATION_SCHEMA is also needed to get table properties.

Indices were only being created at table creation time, which ain't so hot. Now also adding/dropping indices when they change.

Fixed up some schema defs in OStatus plugin that were a bit flaky, causing extra alter tables to be run.

TODO: Generalize this infrastructure a bit more up to base schema & pg schema classes.
 2010-03-12 13:16:32 -08:00
Brion Vibber
45e8819c1b Fix a bunch of notice & warning-level messages that were breaking my inter-instance communications 2010-03-01 16:35:36 -08:00
James Walker
831eb0d2b6 renaming sha256 to prevent conflict 2010-02-26 18:27:13 -05:00
James Walker
ee7603b09f better return check in Magicsig::staticGet() 2010-02-26 17:53:27 -05:00
James Walker
6ee7660a58 should be sequenceKey (singular) 2010-02-26 16:51:50 -05:00
James Walker
0ecf435dc5 adding sequenceKeys() to magicsig 2010-02-26 16:50:00 -05:00
James Walker
223ebc765c move signing to take a local actor profile and use local keys 2010-02-26 14:22:49 -05:00
James Walker
0afb09ad64 er. right. 2010-02-25 23:37:59 -05:00
James Walker
1fe031844c er typo 2010-02-22 23:44:33 -05:00