mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 16:35:13 +00:00
Merge branch 'dev' into release
This commit is contained in:
zotlabs
commit
543027dc42
3 changed files with 22 additions and 12 deletions
|
|
@ -37,7 +37,6 @@ class Zotfinger {
|
||||||
$redirects = 0;
|
$redirects = 0;
|
||||||
$x = z_post_url($resource,$data,$redirects, [ 'headers' => $h ] );
|
$x = z_post_url($resource,$data,$redirects, [ 'headers' => $h ] );
|
||||||
|
|
||||||
|
|
||||||
if ($x['success']) {
|
if ($x['success']) {
|
||||||
|
|
||||||
$result['signature'] = HTTPSig::verify($x);
|
$result['signature'] = HTTPSig::verify($x);
|
||||||
|
|
|
||||||
|
|
@ -88,7 +88,7 @@ class HTTPSig {
|
||||||
|
|
||||||
// See draft-cavage-http-signatures-10
|
// See draft-cavage-http-signatures-10
|
||||||
|
|
||||||
static function verify($data,$key = '') {
|
static function verify($data,$key = '', $keytype = '') {
|
||||||
|
|
||||||
$body = $data;
|
$body = $data;
|
||||||
$headers = null;
|
$headers = null;
|
||||||
|
|
@ -170,7 +170,7 @@ class HTTPSig {
|
||||||
|
|
||||||
$result['signer'] = $sig_block['keyId'];
|
$result['signer'] = $sig_block['keyId'];
|
||||||
|
|
||||||
$fkey = self::get_key($key,$result['signer']);
|
$fkey = self::get_key($key,$keytype,$result['signer']);
|
||||||
|
|
||||||
if (! ($fkey && $fkey['public_key'])) {
|
if (! ($fkey && $fkey['public_key'])) {
|
||||||
return $result;
|
return $result;
|
||||||
|
|
@ -185,7 +185,7 @@ class HTTPSig {
|
||||||
// try again, ignoring the local actor (xchan) cache and refetching the key
|
// try again, ignoring the local actor (xchan) cache and refetching the key
|
||||||
// from its source
|
// from its source
|
||||||
|
|
||||||
$fkey = self::get_key($key,$result['signer'],true);
|
$fkey = self::get_key($key,$keytype,$result['signer'],true);
|
||||||
|
|
||||||
if ($fkey && $fkey['public_key']) {
|
if ($fkey && $fkey['public_key']) {
|
||||||
$y = Crypto::verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm);
|
$y = Crypto::verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm);
|
||||||
|
|
@ -230,7 +230,7 @@ class HTTPSig {
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static function get_key($key,$id,$force = false) {
|
static function get_key($key,$keytype,$id,$force = false) {
|
||||||
|
|
||||||
if ($key) {
|
if ($key) {
|
||||||
if (function_exists($key)) {
|
if (function_exists($key)) {
|
||||||
|
|
@ -239,14 +239,22 @@ class HTTPSig {
|
||||||
return [ 'public_key' => $key ];
|
return [ 'public_key' => $key ];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($keytype === 'zot6') {
|
||||||
|
$key = self::get_zotfinger_key($id,$force);
|
||||||
|
if ($key) {
|
||||||
|
return $key;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if (strpos($id,'#') === false) {
|
if (strpos($id,'#') === false) {
|
||||||
$key = self::get_webfinger_key($id,$force);
|
$key = self::get_webfinger_key($id,$force);
|
||||||
|
if ($key) {
|
||||||
|
return $key;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! $key) {
|
$key = self::get_activitystreams_key($id,$force);
|
||||||
$key = self::get_activitystreams_key($id,$force);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $key;
|
return $key;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -353,7 +361,7 @@ class HTTPSig {
|
||||||
function get_zotfinger_key($id,$force = false) {
|
function get_zotfinger_key($id,$force = false) {
|
||||||
|
|
||||||
if (! $force) {
|
if (! $force) {
|
||||||
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' ",
|
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network = 'zot6'",
|
||||||
dbesc(str_replace('acct:','',$id)),
|
dbesc(str_replace('acct:','',$id)),
|
||||||
dbesc($id)
|
dbesc($id)
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -163,16 +163,19 @@ class Receiver {
|
||||||
|
|
||||||
$result = false;
|
$result = false;
|
||||||
|
|
||||||
$this->sigdata = HTTPSig::verify($this->rawdata);
|
$this->sigdata = HTTPSig::verify($this->rawdata, EMPTY_STR, 'zot6');
|
||||||
|
|
||||||
if ($this->sigdata && $this->sigdata['header_signed'] && $this->sigdata['header_valid']) {
|
if ($this->sigdata && $this->sigdata['header_signed'] && $this->sigdata['header_valid']) {
|
||||||
$result = true;
|
$result = true;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// It is OK to not have signed content - not all messages provide content.
|
// It is OK to not have signed content - not all messages provide content.
|
||||||
// But if it is signed, it has to be valid
|
// But if it is signed, it has to be valid
|
||||||
|
|
||||||
if (($this->sigdata['content_signed']) && (! $this->sigdata['content_valid'])) {
|
if (($this->sigdata['content_signed']) && (! $this->sigdata['content_valid'])) {
|
||||||
$result = false;
|
$result = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue