From 121ee48963f7da0aec45b94163d68f23a36c7744 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 27 Dec 2013 21:19:23 -0800 Subject: sslify - remove the redirect fallback - as it gets called occasionally and creates mixed content exceptions. Let's see how we go without it. Also a doc update. --- doc/html/post_8php.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/html/post_8php.html') diff --git a/doc/html/post_8php.html b/doc/html/post_8php.html index 518ca703d..ca5ac2fb3 100644 --- a/doc/html/post_8php.html +++ b/doc/html/post_8php.html @@ -141,7 +141,7 @@ Functions

The sender of this packet is an arbitrary/random site channel. The recipients will be a single recipient corresponding to the guid and guid_sig we have associated with the requesting auth identity

{ "type":"auth_check", "sender":{ "guid":"kgVFf_...", "guid_sig":"PT9-TApz...", "url":"http:\/\/podunk.edu", "url_sig":"T8Bp7j..." }, "recipients":{ { "guid":"ZHSqb...", "guid_sig":"JsAAXi..." } } "callback":"\/post", "version":1, "secret":"1eaa661", "secret_sig":"eKV968b1..." }

auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the destination channel's private key and base64url encoded. If everything checks out, a json packet is returned:

-

{ "success":1, "confirm":"q0Ysovd1u..." "service_class":(optional) }

+

{ "success":1, "confirm":"q0Ysovd1u..." "service_class":(optional) "level":(optional) }

'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is a string whose contents are not defined by protocol. Example: "basic" or "gold".

-- cgit v1.2.3 From 064962ff82701d9d415a351a91354a0cdf949bd5 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 14 Feb 2014 12:25:27 -0800 Subject: doc and assets update. There is what seems to be a controversial powerpoint in this checkin. The powerpoint is of course *open source* even if powerpoint itself is not. The source file is available for your examination and revision. --- doc/html/post_8php.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/html/post_8php.html') diff --git a/doc/html/post_8php.html b/doc/html/post_8php.html index ca5ac2fb3..0c0745a3a 100644 --- a/doc/html/post_8php.html +++ b/doc/html/post_8php.html @@ -162,8 +162,8 @@ Functions

post_post(&$a) zot communications and messaging

Sender HTTP posts to this endpoint ($site/post typically) with 'data' parameter set to json zot message packet. This packet is optionally encrypted, which we will discover if the json has an 'iv' element. $contents => array( 'alg' => 'aes256cbc', 'iv' => initialisation vector, 'key' => decryption key, 'data' => encrypted data); $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. Currently only 'aes256cbc' is used, but this is extensible should that algorithm prove inadequate.

Once decrypted, one will find the normal json_encoded zot message packet.

-

Defined packet types are: notify, purge, refresh, auth_check, ping, and pickup

-

Standard packet: (used by notify, purge, refresh, and auth_check)

+

Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup

+

Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check)

{ "type": "notify", "sender":{ "guid":"kgVFf_1...", "guid_sig":"PT9-TApzp...", "url":"http:\/\/podunk.edu", "url_sig":"T8Bp7j5...", }, "recipients": { optional recipient array }, "callback":"\/post", "version":1, "secret":"1eaa...", "secret_sig": "df89025470fac8..." }

Signature fields are all signed with the sender channel private key and base64url encoded. Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates a public message or visible to all potential listeners on this site.

"pickup" packet: The pickup packet is sent in response to a notify packet from another site

-- cgit v1.2.3