diff options
| author | friendica <info@friendica.com> | 2012-11-02 01:44:27 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-11-02 01:44:27 -0700 |
| commit | 8ae77d2984771992fe34e76893ac933b1f433812 (patch) | |
| tree | bc17528b7904b32742e93e4deedfeec1f288c7aa | |
| parent | 9bb1b7e3ed4cb297b0d2536725ddb510ef48aafc (diff) | |
| download | volse-hubzilla-8ae77d2984771992fe34e76893ac933b1f433812.tar.gz volse-hubzilla-8ae77d2984771992fe34e76893ac933b1f433812.tar.bz2 volse-hubzilla-8ae77d2984771992fe34e76893ac933b1f433812.zip | |
verify all the signatures before adding contact
| -rw-r--r-- | include/follow.php | 3 | ||||
| -rw-r--r-- | include/zot.php | 19 | ||||
| -rw-r--r-- | mod/zfinger.php | 2 |
3 files changed, 20 insertions, 4 deletions
diff --git a/include/follow.php b/include/follow.php index 9cf501ef4..2b65e389e 100644 --- a/include/follow.php +++ b/include/follow.php @@ -70,6 +70,9 @@ function new_contact($uid,$url,$channel,$interactive = false) { $x = import_xchan_from_json($j); + if(! $x['success']) + return $x; + // Do we already have an abook entry? // go directly to the abook edit page. diff --git a/include/zot.php b/include/zot.php index 2f11eb299..b577493b3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -188,10 +188,16 @@ function zot_register_hub($arr) { function import_xchan_from_json($j) { + $ret = array('success' => false); + $xchan_hash = base64url_encode(hash('whirlpool',$j->guid . $j->guid_sig, true)); $import_photos = false; -// FIXME - verify the signature + if(! rsa_verify($j->guid,base64url_decode($j->guid_sig),$j->key)) { + logger('import_xchan_from_json: Unable to verify channel signature for ' . $j->address); + $ret['message'] = t('Unable to verify channel signature'); + return $ret; + } $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($xchan_hash) @@ -248,6 +254,12 @@ function import_xchan_from_json($j) { if($j->locations) { foreach($j->locations as $location) { + if(! rsa_verify($location->url,base64url_decode($location->url_sig),$j->key)) { + logger('import_xchan_from_json: Unable to verify site signature for ' . $location->url); + $ret['message'] .= sprintf( t('Unable to verify site signature for %s'), $location->url) . EOL; + continue; + } + $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_url = '%s' limit 1", dbesc($xchan_hash), dbesc($location->url) @@ -261,7 +273,6 @@ function import_xchan_from_json($j) { } continue; } -// FIXME verify the signature $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_flags, hubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey) values ( '%s','%s','%s','%s', %d ,'%s','%s','%s','%s','%s')", @@ -281,4 +292,8 @@ function import_xchan_from_json($j) { } + if(! x($ret,'message')) { + $ret['success'] = true; + } + return $ret; }
\ No newline at end of file diff --git a/mod/zfinger.php b/mod/zfinger.php index 0dd709ecc..c1ab8dc7d 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -54,8 +54,6 @@ function zfinger_init(&$a) { // Communication details - $ret['hash'] = $e['xchan_hash']; - $ret['calc'] = base64url_encode(hash('whirlpool',$e['xchan_guid'] . $e['xchan_guid_sig'],true)); $ret['guid'] = $e['xchan_guid']; $ret['guid_sig'] = $e['xchan_guid_sig']; $ret['key'] = $e['xchan_pubkey']; |