salmon protocol changes magicsig draft-experimental, fixes to hostxrd

This commit is contained in:
Friendika 2011-08-04 22:37:45 -07:00
parent 12d5482fc1
commit 2abcf76ec1
6 changed files with 51 additions and 18 deletions

View file

@ -320,13 +320,12 @@ class App {
/**
* Special handling for the webfinger/lrdd host XRD file
* Just spit out the contents and exit.
*/
if($this->cmd === '.well-known/host-meta') {
require_once('include/hostxrd.php');
hostxrd();
// NOTREACHED
$this->argc = 1;
$this->argv = array('hostxrd');
$this->module = 'hostxrd';
}
/**

View file

@ -110,7 +110,7 @@ EOT;
$data_type = 'application/atom+xml';
$encoding = 'base64url';
$algorithm = 'RSA-SHA256';
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])));
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
// Setup RSA stuff to PKCS#1 sign the data
@ -127,11 +127,14 @@ EOT;
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
$signature = base64url_encode($rsa->sign($data . $precomputed));
$signature = base64url_encode($rsa->sign(str_replace('=','',$data . $precomputed),true));
$signature2 = base64url_encode($rsa->sign($data));
$signature2 = base64url_encode($rsa->sign($data . $precomputed));
$signature3 = base64url_encode($rsa->sign($data));
$salmon_tpl = get_markup_template('magicsig.tpl');
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
'$encoding' => $encoding,
@ -153,11 +156,11 @@ EOT;
if($return_code > 299) {
logger('slapper: compliant salmon failed. Falling back to status.net hack');
logger('slapper: compliant salmon failed. Falling back to status.net hack2');
// Entirely likely that their salmon implementation is
// non-compliant. Let's try once more, this time only signing
// the data, without the precomputed blob
// the data, without stripping '=' chars
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
@ -174,6 +177,30 @@ EOT;
));
$return_code = $a->get_curl_code();
if($return_code > 299) {
logger('slapper: compliant salmon failed. Falling back to status.net hack3');
// Entirely likely that their salmon implementation is
// non-compliant. Let's try once more, this time only signing
// the data, without the precomputed blob
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
'$encoding' => $encoding,
'$algorithm' => $algorithm,
'$keyhash' => $keyhash,
'$signature' => $signature3
));
// slap them
post_url($url,$salmon, array(
'Content-type: application/magic-envelope+xml',
'Content-length: ' . strlen($salmon)
));
$return_code = $a->get_curl_code();
}
}
logger('slapper returned ' . $return_code);
if(! $return_code)

View file

@ -1,6 +1,6 @@
<?php
function hostxrd() {
function hostxrd_init(&$a) {
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = file_get_contents('view/xrd_host.tpl');

View file

@ -72,12 +72,16 @@ function salmon_post(&$a) {
$encoding = $base->encoding;
$alg = $base->alg;
// If we're talking to status.net or one of their ilk, they aren't following the magic envelope spec
// and only signed the data element. We'll be nice and let them validate anyway.
// Salmon magic signatures have evolved and there is no way of knowing ahead of time which
// flavour we have. We'll try and verify it regardless.
$stnet_signed_data = $data;
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
$compliant_format = str_replace('=','',$signed_data);
// decode the data
$data = base64url_decode($data);
@ -150,13 +154,16 @@ function salmon_post(&$a) {
$rsa->exponent = new Math_BigInteger($e, 256);
// We should have everything we need now. Let's see if it verifies.
// If it fails with the proper data format, try again using just the data
// (e.g. status.net)
$verify = $rsa->verify($signed_data,$signature);
$verify = $rsa->verify($compliant_format,$signature);
if(! $verify) {
logger('mod-salmon: message did not verify using protocol. Trying statusnet hack.');
logger('mod-salmon: message did not verify using protocol. Trying padding hack.');
$verify = $rsa->verify($signed_data,$signature);
}
if(! $verify) {
logger('mod-salmon: message did not verify using padding. Trying old statusnet hack.');
$verify = $rsa->verify($stnet_signed_data,$signature);
}

View file

@ -23,7 +23,7 @@ function xrd_content(&$a) {
if(! count($r))
killme();
$salmon_key = salmon_key($r[0]['spubkey']);
$salmon_key = str_replace('=','',salmon_key($r[0]['spubkey']));
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");

View file

@ -5,5 +5,5 @@ $data
</me:data>
<me:encoding>$encoding</me:encoding>
<me:alg>$algorithm</me:alg>
<me:sig keyhash="$keyhash">$signature</me:sig>
<me:sig key_id="$keyhash">$signature</me:sig>
</me:env>