diff options
author | zotlabs <mike@macgirvin.com> | 2017-09-21 23:37:13 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-09-21 23:37:13 -0700 |
commit | 3456c192feeab9495693e2cbdcff16fe99bff932 (patch) | |
tree | 27fa0ae14133ee25e1773996daad2ea496046996 /include | |
parent | ae5a1362a7ea864cafc2ecc652863eeb9939742c (diff) | |
download | volse-hubzilla-3456c192feeab9495693e2cbdcff16fe99bff932.tar.gz volse-hubzilla-3456c192feeab9495693e2cbdcff16fe99bff932.tar.bz2 volse-hubzilla-3456c192feeab9495693e2cbdcff16fe99bff932.zip |
encrypt delivery reports. This will cause a bit of consternation because this is not backward compatible and older sites will see some incorrect delivery reports from newer sites until the next upgrade; as their systems will not know how to read the ecnrypted final reports.
Diffstat (limited to 'include')
-rw-r--r-- | include/zot.php | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/include/zot.php b/include/zot.php index c8321c2ae..f03445781 100644 --- a/include/zot.php +++ b/include/zot.php @@ -977,6 +977,18 @@ function zot_process_response($hub, $arr, $outq) { } if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) { + + if(array_key_exists('iv',$x['delivery_report'])) { + $j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey')); + if($j) { + $x['delivery_report'] = json_decode($j,true); + } + if(! (is_array($x['delivery_report']) && count($x['delivery_report']))) { + logger('encrypted delivery report could not be decrypted'); + return; + } + } + foreach($x['delivery_report'] as $xx) { if(is_array($xx) && array_key_exists('message_id',$xx) && delivery_report_is_storable($xx)) { q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ", @@ -1048,13 +1060,15 @@ function zot_fetch($arr) { foreach($ret_hubs as $ret_hub) { + $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); + $data = [ 'type' => 'pickup', 'url' => z_root(), 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), 'callback' => z_root() . '/post', - 'secret' => $arr['secret'], - 'secret_sig' => base64url_encode(rsa_sign($arr['secret'], get_config('system','prvkey'))) + 'secret' => $secret, + 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) ]; $algorithm = zot_best_algorithm($ret_hub['site_crypto']); @@ -1064,8 +1078,11 @@ function zot_fetch($arr) { $result = zot_import($fetch, $arr['sender']['url']); - if($result) + if($result) { + $result = crypto_encapsulate(json_encode($result),$ret_hub['hubloc_sitekey'], $algorithm); return $result; + } + } return; |