4 files changed, 101 insertions, 25 deletions

diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php
index d500799c0..6d7127cde 100644
--- a/Zotlabs/Lib/LDSignatures.php
+++ b/Zotlabs/Lib/LDSignatures.php
@@ -88,8 +88,16 @@ class LDSignatures {
 			return '';
 
 		jsonld_set_document_loader('jsonld_document_loader');
+	
+		try {
+			$d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
+		}
+		catch (\Exception $e) {
+			logger('normalise error:' . print_r($e,true));
+			logger('normalise error: ' . print_r($data,true));
+		}
 
-		return jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
+		return $d;
 	}
 
 	static function salmon_sign($data,$channel) {
diff --git a/Zotlabs/Lib/SConfig.php b/Zotlabs/Lib/SConfig.php
new file mode 100644
index 000000000..ca0d133b2
--- /dev/null
+++ b/Zotlabs/Lib/SConfig.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+// account configuration storage is built on top of the under-utilised xconfig
+
+class SConfig {
+
+	static public function Load($server_id) {
+		return XConfig::Load('s_' . $server_id);
+	}
+
+	static public function Get($server_id,$family,$key,$default = false) {
+		return XConfig::Get('s_' . $server_id,$family,$key, $default);
+	}
+
+	static public function Set($server_id,$family,$key,$value) {
+		return XConfig::Set('s_' . $server_id,$family,$key,$value);
+	}
+
+	static public function Delete($server_id,$family,$key) {
+		return XConfig::Delete('s_' . $server_id,$family,$key);
+	}
+
+}
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index 769b36ce4..9c5f6653b 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -33,6 +33,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		// $type = 
 		//  ''   =>  standard ACL request
 		//  'g'  =>  Groups only ACL request
+		//  'f'  =>  forums only ACL request
 		//  'c'  =>  Connections only ACL request or editor (textarea) mention request
 		// $_REQUEST['search'] contains ACL search text.
 
@@ -56,12 +57,12 @@ class Acl extends \Zotlabs\Web\Controller {
 			$search = $_REQUEST['query'];
 		}
 	
-		if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
+		if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ])))
 			killme();
 
 		$permitted = [];
 
-		if(in_array($type, [ 'm', 'a', 'c' ])) {
+		if(in_array($type, [ 'm', 'a', 'c', 'f' ])) {
 
 			// These queries require permission checking. We'll create a simple array of xchan_hash for those with
 			// the requisite permissions which we can check against. 
@@ -154,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-		if($type == '' || $type == 'c') {
+		if($type == '' || $type == 'c' || $type === 'f') {
 
 			$extra_channels_sql  = ''; 
 
@@ -336,12 +337,12 @@ class Acl extends \Zotlabs\Web\Controller {
 					$g['nick'] = $t[0] . '@';
 				}
 
-				if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
+				if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) {
 					$contacts[] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
-						"name"     => $g['name'] . '+',
-						"id"	   => $g['id'] . '+',
+						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
+						"id"	   => $g['id'] . (($type === 'f') ? '' : '+'),
 						"xid"      => $g['hash'],
 						"link"     => $g['nick'],
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
@@ -350,18 +351,20 @@ class Acl extends \Zotlabs\Web\Controller {
 						"label"    => t('network')
 					);
 				}
-				$contacts[] = array(
-					"type"     => "c",
-					"photo"    => $g['micro'],
-					"name"     => $g['name'],
-					"id"	   => $g['id'],
-					"xid"      => $g['hash'],
-					"link"     => $g['nick'],
-					"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
-					"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-					"taggable" => '',
-					"label"    => '',
-				);
+				if($type !== 'f') {
+					$contacts[] = array(
+						"type"     => "c",
+						"photo"    => $g['micro'],
+						"name"     => $g['name'],
+						"id"	   => $g['id'],
+						"xid"      => $g['hash'],
+						"link"     => $g['nick'],
+						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
+						"taggable" => '',
+						"label"    => '',
+					);
+				}
 			}			
 		}
 			
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 8062764fb..445ba200b 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -175,7 +175,8 @@ class HTTPSig {
 
 
 
-	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256') {
+	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', 
+		$crypt_key = null, $crypt_algo = 'aes256ctr') {
 
 		$return_headers = [];
 
@@ -186,15 +187,21 @@ class HTTPSig {
 			$algorithm = 'rsa-sha512';
 		}
 
-		$x = self::sign($request,$head,$prvkey,$alg);			
+		$x = self::sign($request,$head,$prvkey,$alg);
 
-		if($auth) {
-			$sighead = 'Authorization: Signature keyId="' . $keyid . '",algorithm="' . $algorithm
+		$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm
 			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+
+		if($crypt_key) {
+			$x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg);
+			$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'];
+		}
+			
+		if($auth) {
+			$sighead = 'Authorization: Signature ' . $headerval;
 		}
 		else {
-			$sighead = 'Signature: keyId="' . $keyid . '",algorithm="' . $algorithm
-			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+			$sighead = 'Signature: ' . $headerval;
 		}
 
 		if($head) {
@@ -249,8 +256,15 @@ class HTTPSig {
 	}
 
 	static function parse_sigheader($header) {
+
 		$ret = [];
 		$matches = [];
+
+		// if the header is encrypted, decrypt with (default) site private key and continue
+
+		if(preg_match('/iv="(.*?)"/ism',$header,$matches))
+			$header = self::decrypt_sigheader($header);
+
 		if(preg_match('/keyId="(.*?)"/ism',$header,$matches))
 			$ret['keyId'] = $matches[1];
 		if(preg_match('/algorithm="(.*?)"/ism',$header,$matches))
@@ -267,6 +281,32 @@ class HTTPSig {
 	}
 
 
+	static function decrypt_sigheader($header,$prvkey = null) {
+
+		$iv = $key = $alg = $data = null;
+
+		if(! $prvkey) {
+			$prvkey = get_config('system','prvkey');
+		}
+
+		$matches = [];
+
+		if(preg_match('/iv="(.*?)"/ism',$header,$matches))
+			$iv = $matches[1];
+		if(preg_match('/key="(.*?)"/ism',$header,$matches))
+			$key = $matches[1];
+		if(preg_match('/alg="(.*?)"/ism',$header,$matches))
+			$alg = $matches[1];
+		if(preg_match('/data="(.*?)"/ism',$header,$matches))
+			$data = $matches[1];
+
+		if($iv && $key && $alg && $data) {
+			return crypto_unencapsulate([ 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
+		}
+ 		return '';
+
+	}
+
 }