forked from GNUsocial/gnu-social
Merge branch 'testing' into 0.9.x
This commit is contained in:
Evan Prodromou
@@ -99,7 +99,7 @@ class HubSub extends Memcached_DataObject
|
||||
return array_keys($this->keyTypes());
|
||||
}
|
||||
|
||||
function sequenceKeys()
|
||||
function sequenceKey()
|
||||
{
|
||||
return array(false, false, false);
|
||||
}
|
||||
|
||||
@@ -50,7 +50,11 @@ class Magicsig extends Memcached_DataObject
|
||||
public /*static*/ function staticGet($k, $v=null)
|
||||
{
|
||||
$obj = parent::staticGet(__CLASS__, $k, $v);
|
||||
return Magicsig::fromString($obj->keypair);
|
||||
if (!empty($obj)) {
|
||||
return Magicsig::fromString($obj->keypair);
|
||||
}
|
||||
|
||||
return $obj;
|
||||
}
|
||||
|
||||
|
||||
@@ -84,6 +88,10 @@ class Magicsig extends Memcached_DataObject
|
||||
return array('user_id' => 'K');
|
||||
}
|
||||
|
||||
function sequenceKey() {
|
||||
return array(false, false, false);
|
||||
}
|
||||
|
||||
function insert()
|
||||
{
|
||||
$this->keypair = $this->toString();
|
||||
@@ -173,14 +181,15 @@ class Magicsig extends Memcached_DataObject
|
||||
switch ($this->alg) {
|
||||
|
||||
case 'RSA-SHA256':
|
||||
return 'sha256';
|
||||
return 'magicsig_sha256';
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public function sign($bytes)
|
||||
{
|
||||
$sig = $this->_rsa->createSign($bytes, null, 'sha256');
|
||||
$hash = $this->getHash();
|
||||
$sig = $this->_rsa->createSign($bytes, null, $hash);
|
||||
if ($this->_rsa->isError()) {
|
||||
$error = $this->_rsa->getLastError();
|
||||
common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage());
|
||||
@@ -192,7 +201,8 @@ class Magicsig extends Memcached_DataObject
|
||||
|
||||
public function verify($signed_bytes, $signature)
|
||||
{
|
||||
$result = $this->_rsa->validateSign($signed_bytes, $signature, null, 'sha256');
|
||||
$hash = $this->getHash();
|
||||
$result = $this->_rsa->validateSign($signed_bytes, $signature, null, $hash);
|
||||
if ($this->_rsa->isError()) {
|
||||
$error = $this->keypair->getLastError();
|
||||
common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage());
|
||||
@@ -205,7 +215,7 @@ class Magicsig extends Memcached_DataObject
|
||||
|
||||
// Define a sha256 function for hashing
|
||||
// (Crypt_RSA should really be updated to use hash() )
|
||||
function sha256($bytes)
|
||||
function magicsig_sha256($bytes)
|
||||
{
|
||||
return hash('sha256', $bytes);
|
||||
}
|
||||
|
||||
@@ -1288,9 +1288,9 @@ class Ostatus_profile extends Memcached_DataObject
|
||||
|
||||
$disco = new Discovery();
|
||||
|
||||
$result = $disco->lookup($addr);
|
||||
|
||||
if (!$result) {
|
||||
try {
|
||||
$result = $disco->lookup($addr);
|
||||
} catch (Exception $e) {
|
||||
self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), null);
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -83,6 +83,28 @@ class MagicEnvelope
|
||||
|
||||
}
|
||||
|
||||
public function toXML($env) {
|
||||
$dom = new DOMDocument();
|
||||
|
||||
$envelope = $dom->createElementNS(MagicEnvelope::NS, 'me:env');
|
||||
$envelope->setAttribute('xmlns:me', MagicEnvelope::NS);
|
||||
$data = $dom->createElementNS(MagicEnvelope::NS, 'me:data', $env['data']);
|
||||
$data->setAttribute('type', $env['data_type']);
|
||||
$envelope->appendChild($data);
|
||||
$enc = $dom->createElementNS(MagicEnvelope::NS, 'me:encoding', $env['encoding']);
|
||||
$envelope->appendChild($enc);
|
||||
$alg = $dom->createElementNS(MagicEnvelope::NS, 'me:alg', $env['alg']);
|
||||
$envelope->appendChild($alg);
|
||||
$sig = $dom->createElementNS(MagicEnvelope::NS, 'me:sig', $env['sig']);
|
||||
$envelope->appendChild($sig);
|
||||
|
||||
$dom->appendChild($envelope);
|
||||
|
||||
|
||||
return $dom->saveXML();
|
||||
}
|
||||
|
||||
|
||||
public function unfold($env)
|
||||
{
|
||||
$dom = new DOMDocument();
|
||||
|
||||
@@ -48,11 +48,14 @@ class Salmon
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!common_config('ostatus', 'skip_signatures')) {
|
||||
try {
|
||||
$xml = $this->createMagicEnv($xml, $actor);
|
||||
} catch (Exception $e) {
|
||||
common_log(LOG_ERR, "Salmon unable to sign: " . $e->getMessage());
|
||||
return false;
|
||||
}
|
||||
|
||||
$headers = array('Content-Type: application/atom+xml');
|
||||
$headers = array('Content-Type: application/magic-envelope+xml');
|
||||
|
||||
try {
|
||||
$client = new HTTPClient();
|
||||
@@ -72,7 +75,6 @@ class Salmon
|
||||
|
||||
public function createMagicEnv($text, $actor)
|
||||
{
|
||||
common_log(LOG_DEBUG, "Got actor as : ". print_r($actor, true));
|
||||
$magic_env = new MagicEnvelope();
|
||||
|
||||
$user = User::staticGet('id', $actor->id);
|
||||
@@ -84,7 +86,6 @@ class Salmon
|
||||
$magickey = new Magicsig();
|
||||
$magickey->generate($user->id);
|
||||
}
|
||||
common_log(LOG_DEBUG, "Salmon: Loaded key for ". $user->id);
|
||||
} else {
|
||||
throw new Exception("Salmon invalid actor for signing");
|
||||
}
|
||||
@@ -92,18 +93,17 @@ class Salmon
|
||||
try {
|
||||
$env = $magic_env->signMessage($text, 'application/atom+xml', $magickey->toString());
|
||||
} catch (Exception $e) {
|
||||
common_log(LOG_ERR, "Salmon signing failed: ". $e->getMessage());
|
||||
return $text;
|
||||
}
|
||||
return $magic_env->unfold($env);
|
||||
return $magic_env->toXML($env);
|
||||
}
|
||||
|
||||
|
||||
public function verifyMagicEnv($dom)
|
||||
public function verifyMagicEnv($text)
|
||||
{
|
||||
$magic_env = new MagicEnvelope();
|
||||
|
||||
$env = $magic_env->fromDom($dom);
|
||||
$env = $magic_env->parse($text);
|
||||
|
||||
return $magic_env->verify($env);
|
||||
}
|
||||
|
||||
@@ -41,29 +41,32 @@ class SalmonAction extends Action
|
||||
$this->clientError(_m('This method requires a POST.'));
|
||||
}
|
||||
|
||||
if (empty($_SERVER['CONTENT_TYPE']) || $_SERVER['CONTENT_TYPE'] != 'application/atom+xml') {
|
||||
$this->clientError(_m('Salmon requires application/atom+xml'));
|
||||
if (empty($_SERVER['CONTENT_TYPE']) || $_SERVER['CONTENT_TYPE'] != 'application/magic-envelope+xml') {
|
||||
$this->clientError(_m('Salmon requires application/magic-envelope+xml'));
|
||||
}
|
||||
|
||||
$xml = file_get_contents('php://input');
|
||||
|
||||
$dom = DOMDocument::loadXML($xml);
|
||||
|
||||
// Check the signature
|
||||
$salmon = new Salmon;
|
||||
if (!$salmon->verifyMagicEnv($xml)) {
|
||||
common_log(LOG_DEBUG, "Salmon signature verification failed.");
|
||||
$this->clientError(_m('Salmon signature verification failed.'));
|
||||
} else {
|
||||
$magic_env = new MagicEnvelope();
|
||||
$env = $magic_env->parse($xml);
|
||||
$xml = $magic_env->unfold($env);
|
||||
}
|
||||
|
||||
|
||||
$dom = DOMDocument::loadXML($xml);
|
||||
if ($dom->documentElement->namespaceURI != Activity::ATOM ||
|
||||
$dom->documentElement->localName != 'entry') {
|
||||
common_log(LOG_DEBUG, "Got invalid Salmon post: $xml");
|
||||
$this->clientError(_m('Salmon post must be an Atom entry.'));
|
||||
}
|
||||
|
||||
// Check the signature
|
||||
$salmon = new Salmon;
|
||||
if (!common_config('ostatus', 'skip_signatures')) {
|
||||
if (!$salmon->verifyMagicEnv($dom)) {
|
||||
common_log(LOG_DEBUG, "Salmon signature verification failed.");
|
||||
$this->clientError(_m('Salmon signature verification failed.'));
|
||||
}
|
||||
}
|
||||
|
||||
$this->act = new Activity($dom->documentElement);
|
||||
return true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user