diff options
Diffstat (limited to 'Zotlabs/Web')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 66 | ||||
| -rw-r--r-- | Zotlabs/Web/Router.php | 1 | ||||
| -rw-r--r-- | Zotlabs/Web/WebServer.php | 28 |
3 files changed, 86 insertions, 9 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 6526fa7c8..445ba200b 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -20,7 +20,7 @@ class HTTPSig { return $digest; } - // See draft-cavage-http-signatures-07 + // See draft-cavage-http-signatures-08 static function verify($data,$key = '') { @@ -48,7 +48,7 @@ class HTTPSig { else { $headers = []; $headers['(request-target)'] = - $_SERVER['REQUEST_METHOD'] . ' ' . + strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; foreach($_SERVER as $k => $v) { if(strpos($k,'HTTP_') === 0) { @@ -67,8 +67,12 @@ class HTTPSig { $sig_block = self::parse_sigheader($headers['authorization']); } - if(! $sig_block) + if(! $sig_block) { + logger('no signature provided.'); return $result; + } + + logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA); $result['header_signed'] = true; @@ -110,6 +114,8 @@ class HTTPSig { $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); + logger('verified: ' . $x, LOGGER_DEBUG); + if($x === false) return $result; @@ -130,6 +136,8 @@ class HTTPSig { } } + logger('Content_Valid: ' . $result['content_valid']); + return $result; } @@ -167,7 +175,8 @@ class HTTPSig { - static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256') { + static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', + $crypt_key = null, $crypt_algo = 'aes256ctr') { $return_headers = []; @@ -178,15 +187,21 @@ class HTTPSig { $algorithm = 'rsa-sha512'; } - $x = self::sign($request,$head,$prvkey,$alg); + $x = self::sign($request,$head,$prvkey,$alg); - if($auth) { - $sighead = 'Authorization: Signature keyId="' . $keyid . '",algorithm="' . $algorithm + $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; + + if($crypt_key) { + $x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg); + $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data']; + } + + if($auth) { + $sighead = 'Authorization: Signature ' . $headerval; } else { - $sighead = 'Signature: keyId="' . $keyid . '",algorithm="' . $algorithm - . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; + $sighead = 'Signature: ' . $headerval; } if($head) { @@ -241,8 +256,15 @@ class HTTPSig { } static function parse_sigheader($header) { + $ret = []; $matches = []; + + // if the header is encrypted, decrypt with (default) site private key and continue + + if(preg_match('/iv="(.*?)"/ism',$header,$matches)) + $header = self::decrypt_sigheader($header); + if(preg_match('/keyId="(.*?)"/ism',$header,$matches)) $ret['keyId'] = $matches[1]; if(preg_match('/algorithm="(.*?)"/ism',$header,$matches)) @@ -259,6 +281,32 @@ class HTTPSig { } + static function decrypt_sigheader($header,$prvkey = null) { + + $iv = $key = $alg = $data = null; + + if(! $prvkey) { + $prvkey = get_config('system','prvkey'); + } + + $matches = []; + + if(preg_match('/iv="(.*?)"/ism',$header,$matches)) + $iv = $matches[1]; + if(preg_match('/key="(.*?)"/ism',$header,$matches)) + $key = $matches[1]; + if(preg_match('/alg="(.*?)"/ism',$header,$matches)) + $alg = $matches[1]; + if(preg_match('/data="(.*?)"/ism',$header,$matches)) + $data = $matches[1]; + + if($iv && $key && $alg && $data) { + return crypto_unencapsulate([ 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); + } + return ''; + + } + } diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 710aa2844..9486130cb 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -178,6 +178,7 @@ class Router { */ if(\App::$module_loaded) { + \App::$page['page_title'] = \App::$module; $placeholder = ''; diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index d517eda49..0ee735818 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -111,6 +111,34 @@ class WebServer { $Router = new Router($a); + /* Initialise the Link: response header if this is a channel page. + * This cannot be done inside the channel module because some protocol + * addons over-ride the module functions and these links are common + * to all protocol drivers; thus doing it here avoids duplication. + */ + + if (( \App::$module === 'channel' ) && argc() > 1) { + \App::$channel_links = [ + [ + 'rel' => 'lrdd', + 'type' => 'application/xrd+xml', + 'url' => z_root() . '/xrd?f=&uri=acct%3A' . argv(1) . '%40' . \App::get_hostname() + ], + [ + 'rel' => 'jrd', + 'type' => 'application/jrd+json', + 'url' => z_root() . '/.well-known/webfinger?f=&resource=acct%3A' . argv(1) . '%40' . \App::get_hostname() + ], + ]; + $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; + call_hooks('channel_links', $x ); + \App::$channel_links = $x['channel_links']; + header('Link: ' . \App::get_channel_links()); + } + + + + /* initialise content region */ if(! x(\App::$page, 'content')) |