rino landing
This commit is contained in:
parent
67e827e128
commit
99bbc29747
3 changed files with 78 additions and 7 deletions
24
boot.php
24
boot.php
|
@ -1544,3 +1544,27 @@ function gravatar_img($email) {
|
|||
return $url;
|
||||
}}
|
||||
|
||||
if(! function_exists('aes_decrypt')) {
|
||||
function aes_decrypt($val,$ky)
|
||||
{
|
||||
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
||||
for($a=0;$a<strlen($ky);$a++)
|
||||
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
|
||||
$mode = MCRYPT_MODE_ECB;
|
||||
$enc = MCRYPT_RIJNDAEL_128;
|
||||
$dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
|
||||
return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
|
||||
}}
|
||||
|
||||
|
||||
if(! function_exists('aes_encrypt')) {
|
||||
function aes_encrypt($val,$ky)
|
||||
{
|
||||
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
||||
for($a=0;$a<strlen($ky);$a++)
|
||||
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
|
||||
$mode=MCRYPT_MODE_ECB;
|
||||
$enc=MCRYPT_RIJNDAEL_128;
|
||||
$val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
|
||||
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
|
||||
}}
|
|
@ -658,7 +658,14 @@ function dfrn_deliver($owner,$contact,$atom) {
|
|||
if($contact['duplex'] && $contact['issued-id'])
|
||||
$idtosend = '1:' . $orig_id;
|
||||
|
||||
$url = $contact['notify'] . '?dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION ;
|
||||
$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
|
||||
|
||||
$rino_enable = get_config('system','rino_encrypt');
|
||||
|
||||
if(! $rino_enable)
|
||||
$rino = 0;
|
||||
|
||||
$url = $contact['notify'] . '?dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
|
||||
|
||||
logger('dfrn_deliver: ' . $url);
|
||||
|
||||
|
@ -681,6 +688,7 @@ function dfrn_deliver($owner,$contact,$atom) {
|
|||
$postvars = array();
|
||||
$sent_dfrn_id = hex2bin($res->dfrn_id);
|
||||
$challenge = hex2bin($res->challenge);
|
||||
$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
|
||||
|
||||
$final_dfrn_id = '';
|
||||
|
||||
|
@ -718,9 +726,29 @@ function dfrn_deliver($owner,$contact,$atom) {
|
|||
$postvars['data'] = str_replace('<dfrn:comment-allow>1','<dfrn:comment-allow>0',$atom);
|
||||
}
|
||||
|
||||
if($rino && rino_allowed) {
|
||||
$key = substr(random_string(),0,16);
|
||||
$data = bin2hex(aes_encrypt($postvars['data'],$key));
|
||||
$postvars['data'] = $data;
|
||||
logger('rino: sent key = ' . $key);
|
||||
|
||||
if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
|
||||
openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']);
|
||||
}
|
||||
else {
|
||||
openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']);
|
||||
}
|
||||
|
||||
logger('md5 rawkey ' . md5($postvars['key']));
|
||||
|
||||
$postvars['key'] = bin2hex($postvars['key']);
|
||||
}
|
||||
|
||||
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
|
||||
|
||||
$xml = post_url($contact['notify'],$postvars);
|
||||
|
||||
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true) . "\n" . "RECEIVING: " . $xml, LOGGER_DATA);
|
||||
logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA);
|
||||
|
||||
$curl_stat = $a->get_curl_code();
|
||||
if((! $curl_stat) || (! strlen($xml)))
|
||||
|
|
|
@ -6,10 +6,11 @@ require_once('include/items.php');
|
|||
|
||||
function dfrn_notify_post(&$a) {
|
||||
|
||||
$dfrn_id = notags(trim($_POST['dfrn_id']));
|
||||
$dfrn_version = (float) $_POST['dfrn_version'];
|
||||
$challenge = notags(trim($_POST['challenge']));
|
||||
$data = $_POST['data'];
|
||||
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : '');
|
||||
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
|
||||
$challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
|
||||
$data = ((x($_POST,'data')) ? $_POST['data'] : '');
|
||||
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
|
||||
|
||||
$direction = (-1);
|
||||
if(strpos($dfrn_id,':') == 1) {
|
||||
|
@ -50,7 +51,8 @@ function dfrn_notify_post(&$a) {
|
|||
}
|
||||
|
||||
|
||||
$r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact`
|
||||
$r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`,
|
||||
`contact`.`pubkey` AS `cpubkey`, `contact`.`prvkey` AS `cprvkey`, `user`.* FROM `contact`
|
||||
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
|
||||
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
|
||||
|
@ -76,6 +78,23 @@ function dfrn_notify_post(&$a) {
|
|||
//NOTREACHED
|
||||
}
|
||||
|
||||
if(strlen($key)) {
|
||||
$rawkey = hex2bin(trim($key));
|
||||
logger('rino: md5 raw key: ' . md5($rawkey));
|
||||
$final_key = '';
|
||||
|
||||
if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) {
|
||||
openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
|
||||
}
|
||||
else {
|
||||
openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
|
||||
}
|
||||
|
||||
logger('rino: received key : ' . $final_key);
|
||||
$data = aes_decrypt(hex2bin($data),$final_key);
|
||||
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
||||
}
|
||||
|
||||
// Consume notification feed. This may differ from consuming a public feed in several ways
|
||||
// - might contain email
|
||||
// - might contain remote followup to our message
|
||||
|
|
Loading…
Reference in a new issue