salmon protocol changes magicsig draft-experimental, fixes to hostxrd
This commit is contained in:
Friendika
parent
12d5482fc1
commit
2abcf76ec1
6 changed files with 51 additions and 18 deletions
11
mod/hostxrd.php
Normal file
11
mod/hostxrd.php
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
<?php
|
||||
|
||||
function hostxrd_init(&$a) {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header("Content-type: text/xml");
|
||||
$tpl = file_get_contents('view/xrd_host.tpl');
|
||||
echo str_replace(array('$zroot','$domain'),array(z_root(),z_path()),$tpl);
|
||||
session_write_close();
|
||||
exit();
|
||||
|
||||
}
|
||||
|
|
@ -72,12 +72,16 @@ function salmon_post(&$a) {
|
|||
$encoding = $base->encoding;
|
||||
$alg = $base->alg;
|
||||
|
||||
// If we're talking to status.net or one of their ilk, they aren't following the magic envelope spec
|
||||
// and only signed the data element. We'll be nice and let them validate anyway.
|
||||
// Salmon magic signatures have evolved and there is no way of knowing ahead of time which
|
||||
// flavour we have. We'll try and verify it regardless.
|
||||
|
||||
$stnet_signed_data = $data;
|
||||
|
||||
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
|
||||
|
||||
$compliant_format = str_replace('=','',$signed_data);
|
||||
|
||||
|
||||
// decode the data
|
||||
$data = base64url_decode($data);
|
||||
|
||||
|
|
@ -150,13 +154,16 @@ function salmon_post(&$a) {
|
|||
$rsa->exponent = new Math_BigInteger($e, 256);
|
||||
|
||||
// We should have everything we need now. Let's see if it verifies.
|
||||
// If it fails with the proper data format, try again using just the data
|
||||
// (e.g. status.net)
|
||||
|
||||
$verify = $rsa->verify($signed_data,$signature);
|
||||
$verify = $rsa->verify($compliant_format,$signature);
|
||||
|
||||
if(! $verify) {
|
||||
logger('mod-salmon: message did not verify using protocol. Trying statusnet hack.');
|
||||
logger('mod-salmon: message did not verify using protocol. Trying padding hack.');
|
||||
$verify = $rsa->verify($signed_data,$signature);
|
||||
}
|
||||
|
||||
if(! $verify) {
|
||||
logger('mod-salmon: message did not verify using padding. Trying old statusnet hack.');
|
||||
$verify = $rsa->verify($stnet_signed_data,$signature);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ function xrd_content(&$a) {
|
|||
if(! count($r))
|
||||
killme();
|
||||
|
||||
$salmon_key = salmon_key($r[0]['spubkey']);
|
||||
$salmon_key = str_replace('=','',salmon_key($r[0]['spubkey']));
|
||||
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header("Content-type: text/xml");
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue