salmon protocol changes magicsig draft-experimental, fixes to hostxrd
This commit is contained in:
parent
12d5482fc1
commit
2abcf76ec1
7
boot.php
7
boot.php
|
@ -320,13 +320,12 @@ class App {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Special handling for the webfinger/lrdd host XRD file
|
* Special handling for the webfinger/lrdd host XRD file
|
||||||
* Just spit out the contents and exit.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if($this->cmd === '.well-known/host-meta') {
|
if($this->cmd === '.well-known/host-meta') {
|
||||||
require_once('include/hostxrd.php');
|
$this->argc = 1;
|
||||||
hostxrd();
|
$this->argv = array('hostxrd');
|
||||||
// NOTREACHED
|
$this->module = 'hostxrd';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -110,7 +110,7 @@ EOT;
|
||||||
$data_type = 'application/atom+xml';
|
$data_type = 'application/atom+xml';
|
||||||
$encoding = 'base64url';
|
$encoding = 'base64url';
|
||||||
$algorithm = 'RSA-SHA256';
|
$algorithm = 'RSA-SHA256';
|
||||||
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])));
|
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
|
||||||
|
|
||||||
// Setup RSA stuff to PKCS#1 sign the data
|
// Setup RSA stuff to PKCS#1 sign the data
|
||||||
|
|
||||||
|
@ -127,11 +127,14 @@ EOT;
|
||||||
|
|
||||||
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
|
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
|
||||||
|
|
||||||
$signature = base64url_encode($rsa->sign($data . $precomputed));
|
$signature = base64url_encode($rsa->sign(str_replace('=','',$data . $precomputed),true));
|
||||||
|
|
||||||
$signature2 = base64url_encode($rsa->sign($data));
|
$signature2 = base64url_encode($rsa->sign($data . $precomputed));
|
||||||
|
|
||||||
|
$signature3 = base64url_encode($rsa->sign($data));
|
||||||
|
|
||||||
$salmon_tpl = get_markup_template('magicsig.tpl');
|
$salmon_tpl = get_markup_template('magicsig.tpl');
|
||||||
|
|
||||||
$salmon = replace_macros($salmon_tpl,array(
|
$salmon = replace_macros($salmon_tpl,array(
|
||||||
'$data' => $data,
|
'$data' => $data,
|
||||||
'$encoding' => $encoding,
|
'$encoding' => $encoding,
|
||||||
|
@ -153,11 +156,11 @@ EOT;
|
||||||
|
|
||||||
if($return_code > 299) {
|
if($return_code > 299) {
|
||||||
|
|
||||||
logger('slapper: compliant salmon failed. Falling back to status.net hack');
|
logger('slapper: compliant salmon failed. Falling back to status.net hack2');
|
||||||
|
|
||||||
// Entirely likely that their salmon implementation is
|
// Entirely likely that their salmon implementation is
|
||||||
// non-compliant. Let's try once more, this time only signing
|
// non-compliant. Let's try once more, this time only signing
|
||||||
// the data, without the precomputed blob
|
// the data, without stripping '=' chars
|
||||||
|
|
||||||
$salmon = replace_macros($salmon_tpl,array(
|
$salmon = replace_macros($salmon_tpl,array(
|
||||||
'$data' => $data,
|
'$data' => $data,
|
||||||
|
@ -174,6 +177,30 @@ EOT;
|
||||||
));
|
));
|
||||||
$return_code = $a->get_curl_code();
|
$return_code = $a->get_curl_code();
|
||||||
|
|
||||||
|
|
||||||
|
if($return_code > 299) {
|
||||||
|
|
||||||
|
logger('slapper: compliant salmon failed. Falling back to status.net hack3');
|
||||||
|
|
||||||
|
// Entirely likely that their salmon implementation is
|
||||||
|
// non-compliant. Let's try once more, this time only signing
|
||||||
|
// the data, without the precomputed blob
|
||||||
|
|
||||||
|
$salmon = replace_macros($salmon_tpl,array(
|
||||||
|
'$data' => $data,
|
||||||
|
'$encoding' => $encoding,
|
||||||
|
'$algorithm' => $algorithm,
|
||||||
|
'$keyhash' => $keyhash,
|
||||||
|
'$signature' => $signature3
|
||||||
|
));
|
||||||
|
|
||||||
|
// slap them
|
||||||
|
post_url($url,$salmon, array(
|
||||||
|
'Content-type: application/magic-envelope+xml',
|
||||||
|
'Content-length: ' . strlen($salmon)
|
||||||
|
));
|
||||||
|
$return_code = $a->get_curl_code();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
logger('slapper returned ' . $return_code);
|
logger('slapper returned ' . $return_code);
|
||||||
if(! $return_code)
|
if(! $return_code)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
function hostxrd() {
|
function hostxrd_init(&$a) {
|
||||||
header('Access-Control-Allow-Origin: *');
|
header('Access-Control-Allow-Origin: *');
|
||||||
header("Content-type: text/xml");
|
header("Content-type: text/xml");
|
||||||
$tpl = file_get_contents('view/xrd_host.tpl');
|
$tpl = file_get_contents('view/xrd_host.tpl');
|
|
@ -72,12 +72,16 @@ function salmon_post(&$a) {
|
||||||
$encoding = $base->encoding;
|
$encoding = $base->encoding;
|
||||||
$alg = $base->alg;
|
$alg = $base->alg;
|
||||||
|
|
||||||
// If we're talking to status.net or one of their ilk, they aren't following the magic envelope spec
|
// Salmon magic signatures have evolved and there is no way of knowing ahead of time which
|
||||||
// and only signed the data element. We'll be nice and let them validate anyway.
|
// flavour we have. We'll try and verify it regardless.
|
||||||
|
|
||||||
$stnet_signed_data = $data;
|
$stnet_signed_data = $data;
|
||||||
|
|
||||||
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
|
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
|
||||||
|
|
||||||
|
$compliant_format = str_replace('=','',$signed_data);
|
||||||
|
|
||||||
|
|
||||||
// decode the data
|
// decode the data
|
||||||
$data = base64url_decode($data);
|
$data = base64url_decode($data);
|
||||||
|
|
||||||
|
@ -150,13 +154,16 @@ function salmon_post(&$a) {
|
||||||
$rsa->exponent = new Math_BigInteger($e, 256);
|
$rsa->exponent = new Math_BigInteger($e, 256);
|
||||||
|
|
||||||
// We should have everything we need now. Let's see if it verifies.
|
// We should have everything we need now. Let's see if it verifies.
|
||||||
// If it fails with the proper data format, try again using just the data
|
|
||||||
// (e.g. status.net)
|
|
||||||
|
|
||||||
$verify = $rsa->verify($signed_data,$signature);
|
$verify = $rsa->verify($compliant_format,$signature);
|
||||||
|
|
||||||
if(! $verify) {
|
if(! $verify) {
|
||||||
logger('mod-salmon: message did not verify using protocol. Trying statusnet hack.');
|
logger('mod-salmon: message did not verify using protocol. Trying padding hack.');
|
||||||
|
$verify = $rsa->verify($signed_data,$signature);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(! $verify) {
|
||||||
|
logger('mod-salmon: message did not verify using padding. Trying old statusnet hack.');
|
||||||
$verify = $rsa->verify($stnet_signed_data,$signature);
|
$verify = $rsa->verify($stnet_signed_data,$signature);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ function xrd_content(&$a) {
|
||||||
if(! count($r))
|
if(! count($r))
|
||||||
killme();
|
killme();
|
||||||
|
|
||||||
$salmon_key = salmon_key($r[0]['spubkey']);
|
$salmon_key = str_replace('=','',salmon_key($r[0]['spubkey']));
|
||||||
|
|
||||||
header('Access-Control-Allow-Origin: *');
|
header('Access-Control-Allow-Origin: *');
|
||||||
header("Content-type: text/xml");
|
header("Content-type: text/xml");
|
||||||
|
|
|
@ -5,5 +5,5 @@ $data
|
||||||
</me:data>
|
</me:data>
|
||||||
<me:encoding>$encoding</me:encoding>
|
<me:encoding>$encoding</me:encoding>
|
||||||
<me:alg>$algorithm</me:alg>
|
<me:alg>$algorithm</me:alg>
|
||||||
<me:sig keyhash="$keyhash">$signature</me:sig>
|
<me:sig key_id="$keyhash">$signature</me:sig>
|
||||||
</me:env>
|
</me:env>
|
||||||
|
|
Loading…
Reference in a new issue