1 files changed, 46 insertions, 1 deletions

diff --git a/include/zot.php b/include/zot.php
index 8bbc4a969..f9682237e 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -122,7 +122,8 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
 		],
 		'callback' => '/post',
 		'version' => ZOT_REVISION,
-		'encryption' => crypto_methods()
+		'encryption' => crypto_methods(),
+		'signing' => signing_methods()
 	];
 
 	if ($recipients) {
@@ -3757,6 +3758,50 @@ function zot_reply_message_request($data) {
 	json_return_and_die($ret);
 }
 
+function zot_rekey_request($sender,$data) {
+
+	$ret = array('success' => false);
+
+	//	newsig is newkey signed with oldkey
+
+	// The original xchan will remain. In Zot/Receiver we will have imported the new xchan and hubloc to verify
+	// the packet authenticity. What we will do now is verify that the keychange operation was signed by the 
+	// oldkey, and if so change all the abook, abconfig, group, and permission elements which reference the 
+	// old xchan_hash. 
+
+	if((! $data['old_key']) && (! $data['new_key']) && (! $data['new_sig']))
+		json_return_and_die($ret);
+
+	$oldhash = make_xchan_hash($data['old_guid'],$data['old_guid_sig']);
+
+	$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+		dbesc($oldhash)
+	);
+
+	if(! $r) {
+		json_return_and_die($ret);
+	}
+
+	$xchan = $r[0];
+
+	if(! rsa_verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) {
+		json_return_and_die($ret);
+	}
+
+	$newhash = make_xchan_hash($sender['guid'],$sender['guid_sig']);
+
+	$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+		dbesc($newhash)
+	);
+
+	$newxchan = $r[0];
+
+	xchan_change_key($xchan,$newxchan,$data);
+
+	$ret['success'] = true;
+	json_return_and_die($ret);
+}
+
 
 function zotinfo($arr) {