We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 1d151459 authored by Brion Vibber's avatar Brion Vibber

Salmon signature checks on incoming slaps now check both old and new signature formats.

parent 437ac120
......@@ -52,8 +52,7 @@ class Salmon
return false;
}
$classes = array('MagicEnvelope', 'MagicEnvelopeCompat');
foreach ($classes as $class) {
foreach ($this->formatClasses() as $class) {
try {
$envelope = $this->createMagicEnv($xml, $actor, $class);
} catch (Exception $e) {
......@@ -83,6 +82,15 @@ class Salmon
return false;
}
/**
* List the magic envelope signature class variants in the order we try them.
* Multiples are needed for backwards-compat with StatusNet prior to 0.9.7,
* which used a draft version of the magic envelope spec.
*/
protected function formatClasses() {
return array('MagicEnvelope', 'MagicEnvelopeCompat');
}
/**
* Encode the given string as a signed MagicEnvelope XML document,
* using the keypair for the given local user profile.
......@@ -129,6 +137,7 @@ class Salmon
/**
* Check if the given magic envelope is well-formed and correctly signed.
* Needs to have network access to fetch public keys over the web.
* Both current and back-compat signature formats will be checked.
*
* Side effects: exceptions and caching updates may occur during network
* fetches.
......@@ -141,10 +150,16 @@ class Salmon
*/
public function verifyMagicEnv($text)
{
$magic_env = new MagicEnvelope();
foreach ($this->formatClasses() as $class) {
$magic_env = new $class();
$env = $magic_env->parse($text);
$env = $magic_env->parse($text);
return $magic_env->verify($env);
if ($magic_env->verify($env)) {
return true;
}
}
return false;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment