diff options
Diffstat (limited to 'include/salmon.php')
| -rw-r--r-- | include/salmon.php | 95 |
1 files changed, 33 insertions, 62 deletions
diff --git a/include/salmon.php b/include/salmon.php index 473432f25..4043b4f1d 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -1,53 +1,8 @@ <?php -require_once('library/asn1.php'); +require_once('include/crypto.php'); -function salmon_key($pubkey) { - $lines = explode("\n",$pubkey); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('',$lines)); - $r = ASN_BASE::parseASNString($x); - - $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData; - $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData; - - - return 'RSA' . '.' . $m . '.' . $e ; -} - - -function base64url_encode($s, $strip_padding = false) { - - $s = strtr(base64_encode($s),'+/','-_'); - - if($strip_padding) - $s = str_replace('=','',$s); - - return $s; -} - -function base64url_decode($s) { - -/* - * // Placeholder for new rev of salmon which strips base64 padding. - * // PHP base64_decode handles the un-padded input without requiring this step - * // Uncomment if you find you need it. - * - * $l = strlen($s); - * if(! strpos($s,'=')) { - * $m = $l % 4; - * if($m == 2) - * $s .= '=='; - * if($m == 3) - * $s .= '='; - * } - * - */ - - return base64_decode(strtr($s,'-_','+/')); -} function get_salmon_key($uri,$keyhash) { $ret = array(); @@ -141,28 +96,20 @@ EOT; $data_type = 'application/atom+xml'; $encoding = 'base64url'; $algorithm = 'RSA-SHA256'; - $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey']))); - - // Setup RSA stuff to PKCS#1 sign the data - - set_include_path(get_include_path() . PATH_SEPARATOR . 'library/phpsec'); - - require_once('library/phpsec/Crypt/RSA.php'); - - $rsa = new CRYPT_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); - $rsa->loadKey($owner['sprvkey']); + $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true); // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode($rsa->sign($data . $precomputed)); + $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']); + + $signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']); - $signature2 = base64url_encode($rsa->sign($data)); + $signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']); $salmon_tpl = get_markup_template('magicsig.tpl'); + $salmon = replace_macros($salmon_tpl,array( '$data' => $data, '$encoding' => $encoding, @@ -184,11 +131,11 @@ EOT; if($return_code > 299) { - logger('slapper: compliant salmon failed. Falling back to status.net hack'); + logger('slapper: compliant salmon failed. Falling back to status.net hack2'); // Entirely likely that their salmon implementation is // non-compliant. Let's try once more, this time only signing - // the data, without the precomputed blob + // the data, without stripping '=' chars $salmon = replace_macros($salmon_tpl,array( '$data' => $data, @@ -205,6 +152,30 @@ EOT; )); $return_code = $a->get_curl_code(); + + if($return_code > 299) { + + logger('slapper: compliant salmon failed. Falling back to status.net hack3'); + + // Entirely likely that their salmon implementation is + // non-compliant. Let's try once more, this time only signing + // the data, without the precomputed blob + + $salmon = replace_macros($salmon_tpl,array( + '$data' => $data, + '$encoding' => $encoding, + '$algorithm' => $algorithm, + '$keyhash' => $keyhash, + '$signature' => $signature3 + )); + + // slap them + post_url($url,$salmon, array( + 'Content-type: application/magic-envelope+xml', + 'Content-length: ' . strlen($salmon) + )); + $return_code = $a->get_curl_code(); + } } logger('slapper returned ' . $return_code); if(! $return_code) |