magic-envelope verification, status.net appears to do it wrong.

Ultimately we need to do it right (or why bother having a spec?),
and fallback to doing it wrong if we're talking to a broken system - which
ironically seems to include most of the federated social web projects.

include/items.php

@@ -139,7 +139,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) {
 	}
 
 	$salmon = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $owner_nick) . '" />' . "\n" ; 
-	$salmon = ''; // remove this line when salmon handler is finished
+//	$salmon = ''; // remove this line when salmon handler is finished
 
 	$atom .= replace_macros($feed_template, array(
 		'$feed_id'      => xmlify($a->get_baseurl() . '/profile/' . $owner_nick),

include/salmon.php

@@ -16,3 +16,112 @@ function salmon_key($pubkey) {
 
 	return 'RSA' . '.' . $m . '.' . $e ;
 }
+
+
+function base64url_encode($s) {
+	return strtr(base64_encode($s),'+/','-_');
+}
+
+function base64url_decode($s) {
+	return base64_decode(strtr($s,'-_','+/'));
+}
+
+function get_salmon_key($uri,$keyhash) {
+	$ret = array();
+
+	$debugging = get_config('system','debugging');
+	if($debugging)		
+		file_put_contents('salmon.out', "\n" . 'Fetch key' . "\n", FILE_APPEND);
+
+	if(strstr($uri,'@')) {	
+		$arr = webfinger($uri);
+		if($debugging)
+			file_put_contents('salmon.out', "\n" . 'Fetch key from webfinger' . "\n", FILE_APPEND);
+	}
+	else {
+		$html = fetch_url($uri);
+		$a = get_app();
+		$h = $a->get_curl_headers();
+		if($debugging)
+			file_put_contents('salmon.out', "\n" . 'Fetch key via HTML header: ' . $h . "\n", FILE_APPEND);
+
+		$l = explode("\n",$h);
+		if(count($l)) {
+			foreach($l as $line) {
+				
+				if($debugging)
+					file_put_contents('salmon.out', "\n" . $line . "\n", FILE_APPEND);
+				if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) {
+					$link = $matches[1];
+					if($debugging)
+						file_put_contents('salmon.out', "\n" . 'Fetch key via Link from header: ' . $link . "\n", FILE_APPEND);
+					break;
+				}
+			}
+		}
+	}
+
+	if(! isset($link)) {
+		require_once('library/HTML5/Parser.php');
+		$dom = HTML5_Parser::parse($html);
+
+		if(! $dom)
+			return '';
+
+		$items = $dom->getElementsByTagName('link');
+
+		foreach($items as $item) {
+			$x = $item->getAttribute('rel');
+			if($x == "lrdd") {
+				$link = $item->getAttribute('href');
+				if($debugging)
+					file_put_contents('salmon.out', "\n" . 'Fetch key via HTML body' . $link . "\n", FILE_APPEND);
+				break;
+			}
+		}
+	}
+
+	if(! isset($link))
+		return '';
+
+	$arr = fetch_xrd_links($link);
+
+	if($arr) {
+		foreach($arr as $a) {
+			if($a['@attributes']['rel'] === 'magic-public-key') {
+				$ret[] = $a['@attributes']['href'];
+			}
+		}
+	}
+	if(count($ret)) {
+		for($x = 0; $x < count($ret); $x ++) {
+			if(substr($ret[$x],0,5) === 'data:') {
+				if(strstr($ret[$x],','))
+					$ret[$x] = substr($ret[$x],strpos($ret[$x],',')+1);
+				else
+					$ret[$x] = substr($ret[$x],5);
+			}
+			else
+				$ret[$x] = fetch_url($ret[$x]);
+		}
+	}
+	if($debugging)
+		file_put_contents('salmon.out', "\n" . 'Key located: ' . print_r($ret,true) . "\n", FILE_APPEND);
+
+	if(count($ret) == 1) {
+		return $ret[0];
+	}
+	else {
+		foreach($ret as $a) {
+			$hash = base64url_encode(hash('sha256',$a));
+			if($hash == $keyhash)
+				return $a;
+		}
+	}
+
+	return '';
+}
+
+	
+		
+