aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Daemon/Queue.php4
-rw-r--r--Zotlabs/Web/HTTPSig.php15
-rw-r--r--include/queue_fn.php19
-rw-r--r--include/zot.php75
4 files changed, 102 insertions, 11 deletions
diff --git a/Zotlabs/Daemon/Queue.php b/Zotlabs/Daemon/Queue.php
index 17d150250..1bab582bc 100644
--- a/Zotlabs/Daemon/Queue.php
+++ b/Zotlabs/Daemon/Queue.php
@@ -13,8 +13,8 @@ class Queue {
require_once('include/bbcode.php');
- if(argc() > 1)
- $queue_id = argv(1);
+ if($argc > 1)
+ $queue_id = $argv[1];
else
$queue_id = 0;
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 63033ce5e..ef03dac94 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -137,6 +137,21 @@ class HTTPSig {
}
}
+
+ if(in_array('x-zot-digest',$signed_headers)) {
+ $result['content_signed'] = true;
+ $digest = explode('=', $headers['x-zot-digest']);
+ if($digest[0] === 'SHA-256')
+ $hashalg = 'sha256';
+ if($digest[0] === 'SHA-512')
+ $hashalg = 'sha512';
+
+ // The explode operation will have stripped the '=' padding, so compare against unpadded base64
+ if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
+ $result['content_valid'] = true;
+ }
+ }
+
logger('Content_Valid: ' . $result['content_valid']);
return $result;
diff --git a/include/queue_fn.php b/include/queue_fn.php
index 5fb0d5f1e..d1c50de67 100644
--- a/include/queue_fn.php
+++ b/include/queue_fn.php
@@ -216,7 +216,24 @@ function queue_deliver($outq, $immediate = false) {
// normal zot delivery
logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG);
- $result = zot_zot($outq['outq_posturl'],$outq['outq_notify']);
+
+ $channel = null;
+
+ if($outq['outq_msg']) {
+ $msg = json_decode($outq['outq_notify'],true);
+ $msg['pickup'] = [ 'notify' => json_decode($outq['outq_notify'],true), 'message' => json_decode($outq['outq_msg'],true) ];
+ $msg = json_encode($msg);
+ if($outq['outq_channel']) {
+ $channel = channelx_by_n($outq['outq_channel']);
+ }
+ }
+ else {
+ $msg = $outq['outq_notify'];
+ }
+
+ $result = zot_zot($outq['outq_posturl'],$msg,$channel);
+
+
if($result['success']) {
logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
zot_process_response($outq['outq_posturl'],$result, $outq);
diff --git a/include/zot.php b/include/zot.php
index 8e3d03ad8..d97fe8113 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -211,8 +211,19 @@ function zot_best_algorithm($methods) {
* @param array $data
* @return array see z_post_url() for returned data format
*/
-function zot_zot($url, $data) {
- return z_post_url($url, array('data' => $data));
+function zot_zot($url, $data, $channel = null) {
+
+ $headers = [];
+
+ if($channel) {
+ $headers['X-Zot-Token'] = random_string();
+ $hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false);
+ $headers['X-Zot-Digest'] = 'SHA-256=' . $hash;
+ $h = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,false,'sha512');
+ }
+
+ $redirects = 0;
+ return z_post_url($url, array('data' => $data),$redirects,((empty($h)) ? [] : [ 'headers' => $h ]));
}
/**
@@ -4967,21 +4978,69 @@ function zot_reply_refresh($sender, $recipients) {
}
+function zot6_check_sig() {
+
+ $ret = [ 'success' => false ];
+
+logger('server: ' . print_r($_SERVER,true));
+
+ if(array_key_exists('HTTP_SIGNATURE',$_SERVER)) {
+logger('parsing signature header');
+ $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER['HTTP_SIGNATURE']);
+ if($sigblock) {
+ $keyId = $sigblock['keyId'];
+
+ if($keyId) {
+ $r = q("select hubloc.*, site_crypto from hubloc left join site on hubloc_url = site_url
+ where hubloc_addr = '%s' ",
+ dbesc(str_replace('acct:','',$keyId))
+ );
+ if($r) {
+ foreach($r as $hubloc) {
+ $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
+ if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) {
+ $ret['hubloc'] = $hubloc;
+ $ret['success'] = true;
+ return $ret;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ return $ret;
+}
+
function zot_reply_notify($data) {
$ret = array('success' => false);
logger('notify received from ' . $data['sender']['url']);
- $async = get_config('system','queued_fetch');
+ // handle zot6 delivery
- if($async) {
- // add to receive queue
- // qreceive_add($data);
+ $zret = zot6_check_sig();
+ if($zret['success'] && $zret['hubloc'] && $zret['hubloc']['hubloc_guid'] === $data['sender']['guid']) {
+ logger('zot6_delivery');
+ logger('zot6_data: ' . print_r($data,true),LOGGER_DATA);
+ $x = zot_import([ 'body' => json_encode($data) ],$data['sender']['url']);
+ if($x) {
+ $x = crypto_encapsulate(json_encode($x),$zret['hubloc']['hubloc_sitekey'],zot_best_algorithm($zret['hubloc']['site_crypto']));
+ $ret['delivery_report'] = $x;
+ }
}
else {
- $x = zot_fetch($data);
- $ret['delivery_report'] = $x;
+ $async = get_config('system','queued_fetch');
+
+ if($async) {
+ // add to receive queue
+ // qreceive_add($data);
+ }
+ else {
+ $x = zot_fetch($data);
+ $ret['delivery_report'] = $x;
+ }
}
$ret['success'] = true;