salmon protocol changes magicsig draft-experimental, fixes to hostxrd
This commit is contained in:
parent
12d5482fc1
commit
2abcf76ec1
6 changed files with 51 additions and 18 deletions
7
boot.php
7
boot.php
|
@ -320,13 +320,12 @@ class App {
|
|||
|
||||
/**
|
||||
* Special handling for the webfinger/lrdd host XRD file
|
||||
* Just spit out the contents and exit.
|
||||
*/
|
||||
|
||||
if($this->cmd === '.well-known/host-meta') {
|
||||
require_once('include/hostxrd.php');
|
||||
hostxrd();
|
||||
// NOTREACHED
|
||||
$this->argc = 1;
|
||||
$this->argv = array('hostxrd');
|
||||
$this->module = 'hostxrd';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -110,7 +110,7 @@ EOT;
|
|||
$data_type = 'application/atom+xml';
|
||||
$encoding = 'base64url';
|
||||
$algorithm = 'RSA-SHA256';
|
||||
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])));
|
||||
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
|
||||
|
||||
// Setup RSA stuff to PKCS#1 sign the data
|
||||
|
||||
|
@ -127,11 +127,14 @@ EOT;
|
|||
|
||||
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
|
||||
|
||||
$signature = base64url_encode($rsa->sign($data . $precomputed));
|
||||
$signature = base64url_encode($rsa->sign(str_replace('=','',$data . $precomputed),true));
|
||||
|
||||
$signature2 = base64url_encode($rsa->sign($data));
|
||||
$signature2 = base64url_encode($rsa->sign($data . $precomputed));
|
||||
|
||||
$signature3 = base64url_encode($rsa->sign($data));
|
||||
|
||||
$salmon_tpl = get_markup_template('magicsig.tpl');
|
||||
|
||||
$salmon = replace_macros($salmon_tpl,array(
|
||||
'$data' => $data,
|
||||
'$encoding' => $encoding,
|
||||
|
@ -153,11 +156,11 @@ EOT;
|
|||
|
||||
if($return_code > 299) {
|
||||
|
||||
logger('slapper: compliant salmon failed. Falling back to status.net hack');
|
||||
logger('slapper: compliant salmon failed. Falling back to status.net hack2');
|
||||
|
||||
// Entirely likely that their salmon implementation is
|
||||
// non-compliant. Let's try once more, this time only signing
|
||||
// the data, without the precomputed blob
|
||||
// the data, without stripping '=' chars
|
||||
|
||||
$salmon = replace_macros($salmon_tpl,array(
|
||||
'$data' => $data,
|
||||
|
@ -174,6 +177,30 @@ EOT;
|
|||
));
|
||||
$return_code = $a->get_curl_code();
|
||||
|
||||
|
||||
if($return_code > 299) {
|
||||
|
||||
logger('slapper: compliant salmon failed. Falling back to status.net hack3');
|
||||
|
||||
// Entirely likely that their salmon implementation is
|
||||
// non-compliant. Let's try once more, this time only signing
|
||||
// the data, without the precomputed blob
|
||||
|
||||
$salmon = replace_macros($salmon_tpl,array(
|
||||
'$data' => $data,
|
||||
'$encoding' => $encoding,
|
||||
'$algorithm' => $algorithm,
|
||||
'$keyhash' => $keyhash,
|
||||
'$signature' => $signature3
|
||||
));
|
||||
|
||||
// slap them
|
||||
post_url($url,$salmon, array(
|
||||
'Content-type: application/magic-envelope+xml',
|
||||
'Content-length: ' . strlen($salmon)
|
||||
));
|
||||
$return_code = $a->get_curl_code();
|
||||
}
|
||||
}
|
||||
logger('slapper returned ' . $return_code);
|
||||
if(! $return_code)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
function hostxrd() {
|
||||
function hostxrd_init(&$a) {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header("Content-type: text/xml");
|
||||
$tpl = file_get_contents('view/xrd_host.tpl');
|
|
@ -72,12 +72,16 @@ function salmon_post(&$a) {
|
|||
$encoding = $base->encoding;
|
||||
$alg = $base->alg;
|
||||
|
||||
// If we're talking to status.net or one of their ilk, they aren't following the magic envelope spec
|
||||
// and only signed the data element. We'll be nice and let them validate anyway.
|
||||
// Salmon magic signatures have evolved and there is no way of knowing ahead of time which
|
||||
// flavour we have. We'll try and verify it regardless.
|
||||
|
||||
$stnet_signed_data = $data;
|
||||
|
||||
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
|
||||
|
||||
$compliant_format = str_replace('=','',$signed_data);
|
||||
|
||||
|
||||
// decode the data
|
||||
$data = base64url_decode($data);
|
||||
|
||||
|
@ -150,13 +154,16 @@ function salmon_post(&$a) {
|
|||
$rsa->exponent = new Math_BigInteger($e, 256);
|
||||
|
||||
// We should have everything we need now. Let's see if it verifies.
|
||||
// If it fails with the proper data format, try again using just the data
|
||||
// (e.g. status.net)
|
||||
|
||||
$verify = $rsa->verify($signed_data,$signature);
|
||||
$verify = $rsa->verify($compliant_format,$signature);
|
||||
|
||||
if(! $verify) {
|
||||
logger('mod-salmon: message did not verify using protocol. Trying statusnet hack.');
|
||||
logger('mod-salmon: message did not verify using protocol. Trying padding hack.');
|
||||
$verify = $rsa->verify($signed_data,$signature);
|
||||
}
|
||||
|
||||
if(! $verify) {
|
||||
logger('mod-salmon: message did not verify using padding. Trying old statusnet hack.');
|
||||
$verify = $rsa->verify($stnet_signed_data,$signature);
|
||||
}
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ function xrd_content(&$a) {
|
|||
if(! count($r))
|
||||
killme();
|
||||
|
||||
$salmon_key = salmon_key($r[0]['spubkey']);
|
||||
$salmon_key = str_replace('=','',salmon_key($r[0]['spubkey']));
|
||||
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header("Content-type: text/xml");
|
||||
|
|
|
@ -5,5 +5,5 @@ $data
|
|||
</me:data>
|
||||
<me:encoding>$encoding</me:encoding>
|
||||
<me:alg>$algorithm</me:alg>
|
||||
<me:sig keyhash="$keyhash">$signature</me:sig>
|
||||
<me:sig key_id="$keyhash">$signature</me:sig>
|
||||
</me:env>
|
||||
|
|
Loading…
Reference in a new issue