public function getKeyPair($signer_uri) { $disco = new Discovery(); try { $xrd = $disco->lookup($signer_uri); } catch (Exception $e) { return false; } if ($xrd->links) { if ($link = Discovery::getService($xrd->links, Magicsig::PUBLICKEYREL)) { $keypair = false; $parts = explode(',', $link['href']); if (count($parts) == 2) { $keypair = $parts[1]; } else { // Backwards compatibility check for separator bug in 0.9.0 $parts = explode(';', $link['href']); if (count($parts) == 2) { $keypair = $parts[1]; } } if ($keypair) { return $keypair; } } } throw new Exception('Unable to locate signer public key'); }
static function getServiceDocument($remote) { $discovery = new Discovery(); $xrd = $discovery->lookup($remote); if (empty($xrd)) { // TRANS: Exception thrown when a service document could not be located account move. // TRANS: %s is the remote site. throw new Exception(sprintf(_("Cannot find XRD for %s."), $remote)); } $svcDocUrl = null; $username = null; foreach ($xrd->links as $link) { if ($link['rel'] == 'http://apinamespace.org/atom' && $link['type'] == 'application/atomsvc+xml') { $svcDocUrl = $link['href']; if (!empty($link['property'])) { foreach ($link['property'] as $property) { if ($property['type'] == 'http://apinamespace.org/atom/username') { $username = $property['value']; break; } } } break; } } if (empty($svcDocUrl)) { // TRANS: Exception thrown when an account could not be located when it should be moved. // TRANS: %s is the remote site. throw new Exception(sprintf(_("No AtomPub API service for %s."), $remote)); } return array($svcDocUrl, $username); }
static function getServiceDocument($remote) { $discovery = new Discovery(); $xrd = $discovery->lookup($remote); if (empty($xrd)) { // TRANS: Exception thrown when a service document could not be located account move. // TRANS: %s is the remote site. throw new Exception(sprintf(_("Cannot find XRD for %s."), $remote)); } $svcDocUrl = null; $username = null; $link = $xrd->links->get('http://apinamespace.org/atom', 'application/atomsvc+xml'); if (!is_null($link)) { $svcDocUrl = $link->href; if (isset($link['http://apinamespace.org/atom/username'])) { $username = $link['http://apinamespace.org/atom/username']; break; } } if (empty($svcDocUrl)) { // TRANS: Exception thrown when an account could not be located when it should be moved. // TRANS: %s is the remote site. throw new Exception(sprintf(_("No AtomPub API service for %s."), $remote)); } return array($svcDocUrl, $username); }
function connectWebfinger($acct) { $target_profile = $this->targetProfile(); $disco = new Discovery(); $xrd = $disco->lookup($acct); $link = $xrd->get('http://ostatus.org/schema/1.0/tag'); if (!is_null($link)) { // We found a URL - let's redirect! if (!empty($link->template)) { $url = Discovery::applyTemplate($link->template, $target_profile); } else { $url = $link->href; } common_log(LOG_INFO, "Sending remote subscriber {$acct} to {$url}"); common_redirect($url, 303); } // TRANS: Client error displayed when remote profile address could not be confirmed. $this->clientError(_m('Could not confirm remote profile address.')); }
function connectWebfinger($acct) { $target_profile = $this->targetProfile(); $disco = new Discovery(); $result = $disco->lookup($acct); if (!$result) { // TRANS: Client error displayed when remote profile could not be looked up. $this->clientError(_m('Could not look up OStatus account profile.')); } foreach ($result->links as $link) { if ($link['rel'] == 'http://ostatus.org/schema/1.0/tag') { // We found a URL - let's redirect! $url = Discovery::applyTemplate($link['template'], $target_profile); common_log(LOG_INFO, "Sending remote subscriber {$acct} to {$url}"); common_redirect($url, 303); } } // TRANS: Client error displayed when remote profile address could not be confirmed. $this->clientError(_m('Could not confirm remote profile address.')); }
/** * Look up, and if necessary create, an Ostatus_profile for the remote * entity with the given webfinger address. * This should never return null -- you will either get an object or * an exception will be thrown. * * @param string $addr webfinger address * @return Ostatus_profile * @throws Exception on error conditions * @throws OStatusShadowException if this reference would obscure a local user/group */ public static function ensureWebfinger($addr) { // First, try the cache $uri = self::cacheGet(sprintf('ostatus_profile:webfinger:%s', $addr)); if ($uri !== false) { if (is_null($uri)) { // Negative cache entry // TRANS: Exception. throw new Exception(_m('Not a valid webfinger address.')); } $oprofile = Ostatus_profile::getKV('uri', $uri); if ($oprofile instanceof Ostatus_profile) { return $oprofile; } } // Try looking it up $oprofile = Ostatus_profile::getKV('uri', Discovery::normalize($addr)); if ($oprofile instanceof Ostatus_profile) { self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->getUri()); return $oprofile; } // Now, try some discovery $disco = new Discovery(); try { $xrd = $disco->lookup($addr); } catch (Exception $e) { // Save negative cache entry so we don't waste time looking it up again. // @todo FIXME: Distinguish temporary failures? self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), null); // TRANS: Exception. throw new Exception(_m('Not a valid webfinger address.')); } $hints = array_merge(array('webfinger' => $addr), DiscoveryHints::fromXRD($xrd)); // If there's an Hcard, let's grab its info if (array_key_exists('hcard', $hints)) { if (!array_key_exists('profileurl', $hints) || $hints['hcard'] != $hints['profileurl']) { $hcardHints = DiscoveryHints::fromHcardUrl($hints['hcard']); $hints = array_merge($hcardHints, $hints); } } // If we got a feed URL, try that $feedUrl = null; if (array_key_exists('feedurl', $hints)) { $feedUrl = $hints['feedurl']; try { common_log(LOG_INFO, "Discovery on acct:{$addr} with feed URL " . $hints['feedurl']); $oprofile = self::ensureFeedURL($hints['feedurl'], $hints); self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->getUri()); return $oprofile; } catch (Exception $e) { common_log(LOG_WARNING, "Failed creating profile from feed URL '{$feedUrl}': " . $e->getMessage()); // keep looking } } // If we got a profile page, try that! $profileUrl = null; if (array_key_exists('profileurl', $hints)) { $profileUrl = $hints['profileurl']; try { common_log(LOG_INFO, "Discovery on acct:{$addr} with profile URL {$profileUrl}"); $oprofile = self::ensureProfileURL($hints['profileurl'], $hints); self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->getUri()); return $oprofile; } catch (OStatusShadowException $e) { // We've ended up with a remote reference to a local user or group. // @todo FIXME: Ideally we should be able to say who it was so we can // go back and refer to it the regular way throw $e; } catch (Exception $e) { common_log(LOG_WARNING, "Failed creating profile from profile URL '{$profileUrl}': " . $e->getMessage()); // keep looking // // @todo FIXME: This means an error discovering from profile page // may give us a corrupt entry using the webfinger URI, which // will obscure the correct page-keyed profile later on. } } // XXX: try hcard // XXX: try FOAF if (array_key_exists('salmon', $hints)) { $salmonEndpoint = $hints['salmon']; // An account URL, a salmon endpoint, and a dream? Not much to go // on, but let's give it a try $uri = 'acct:' . $addr; $profile = new Profile(); $profile->nickname = self::nicknameFromUri($uri); $profile->created = common_sql_now(); if (!is_null($profileUrl)) { $profile->profileurl = $profileUrl; } $profile_id = $profile->insert(); if ($profile_id === false) { common_log_db_error($profile, 'INSERT', __FILE__); // TRANS: Exception. %s is a webfinger address. throw new Exception(sprintf(_m('Could not save profile for "%s".'), $addr)); } $oprofile = new Ostatus_profile(); $oprofile->uri = $uri; $oprofile->salmonuri = $salmonEndpoint; $oprofile->profile_id = $profile_id; $oprofile->created = common_sql_now(); if (!is_null($feedUrl)) { $oprofile->feeduri = $feedUrl; } $result = $oprofile->insert(); if ($result === false) { $profile->delete(); common_log_db_error($oprofile, 'INSERT', __FILE__); // TRANS: Exception. %s is a webfinger address. throw new Exception(sprintf(_m('Could not save OStatus profile for "%s".'), $addr)); } self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->getUri()); return $oprofile; } // TRANS: Exception. %s is a webfinger address. throw new Exception(sprintf(_m('Could not find a valid profile for "%s".'), $addr)); }
/** * Get the Salmon keypair from a URI, uses XRD Discovery etc. Reasonably * you'll only get the public key ;) * * The string will (hopefully) be formatted as described in Magicsig specification: * https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#anchor13 * * @return string formatted as Magicsig keypair */ public function discoverKeyPair(Profile $profile) { $signer_uri = $profile->getUri(); if (empty($signer_uri)) { throw new ServerException(sprintf('Profile missing URI (id==%d)', $profile->id)); } $disco = new Discovery(); // Throws exception on lookup problems $xrd = $disco->lookup($signer_uri); $link = $xrd->get(Magicsig::PUBLICKEYREL); if (is_null($link)) { // TRANS: Exception. throw new Exception(_m('Unable to locate signer public key.')); } // We have a public key element, let's hope it has proper key data. $keypair = false; $parts = explode(',', $link->href); if (count($parts) == 2) { $keypair = $parts[1]; } else { // Backwards compatibility check for separator bug in 0.9.0 $parts = explode(';', $link->href); if (count($parts) == 2) { $keypair = $parts[1]; } } if ($keypair === false) { // For debugging clarity. Keypair did not pass count()-check above. // TRANS: Exception when public key was not properly formatted. throw new Exception(_m('Incorrectly formatted public key element.')); } return $keypair; }
/** * Look up, and if necessary create, an Ostatus_profile for the remote * entity with the given webfinger address. * This should never return null -- you will either get an object or * an exception will be thrown. * * @param string $addr webfinger address * @return Ostatus_profile * @throws Exception on error conditions * @throws OStatusShadowException if this reference would obscure a local user/group */ public static function updateWebfinger($addr) { $disco = new Discovery(); try { $xrd = $disco->lookup($addr); } catch (Exception $e) { // Save negative cache entry so we don't waste time looking it up again. // @fixme distinguish temporary failures? self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), null); // TRANS: Exception. throw new Exception(_m('Not a valid webfinger address.')); } $hints = array('webfinger' => $addr); $dhints = DiscoveryHints::fromXRD($xrd); $hints = array_merge($hints, $dhints); // If there's an Hcard, let's grab its info if (array_key_exists('hcard', $hints)) { if (!array_key_exists('profileurl', $hints) || $hints['hcard'] != $hints['profileurl']) { $hcardHints = DiscoveryHints::fromHcardUrl($hints['hcard']); $hints = array_merge($hcardHints, $hints); } } // If we got a feed URL, try that if (array_key_exists('feedurl', $hints)) { try { common_log(LOG_INFO, "Discovery on acct:{$addr} with feed URL " . $hints['feedurl']); $oprofile = self::ensureFeedURL($hints['feedurl'], $hints); self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->uri); return $oprofile; } catch (Exception $e) { common_log(LOG_WARNING, "Failed creating profile from feed URL '{$feedUrl}': " . $e->getMessage()); // keep looking } } // If we got a profile page, try that! if (array_key_exists('profileurl', $hints)) { try { common_log(LOG_INFO, "Discovery on acct:{$addr} with profile URL {$profileUrl}"); $oprofile = self::ensureProfileURL($hints['profileurl'], $hints); self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->uri); return $oprofile; } catch (OStatusShadowException $e) { // We've ended up with a remote reference to a local user or group. // @fixme ideally we should be able to say who it was so we can // go back and refer to it the regular way throw $e; } catch (Exception $e) { common_log(LOG_WARNING, "Failed creating profile from profile URL '{$profileUrl}': " . $e->getMessage()); // keep looking // // @fixme this means an error discovering from profile page // may give us a corrupt entry using the webfinger URI, which // will obscure the correct page-keyed profile later on. } } throw new Exception(sprintf(_m('Could not find a valid profile for "%s".'), $addr)); }
$feedurl = null; $salmonuri = null; // @fixme will bork where the URI isn't the profile URL for now $discover = new FeedDiscovery(); try { $feedurl = $discover->discoverFromURL($oprofile->uri); $salmonuri = $discover->getAtomLink(Salmon::REL_SALMON) ?: $discover->getAtomLink(Salmon::NS_REPLIES); // NS_REPLIES is deprecated if (empty($salmonuri)) { throw new FeedSubNoSalmonException('No salmon upstream URI was found'); } } catch (FeedSubException $e) { $acct = $oprofile->localProfile()->getAcctUri(); print "Could not discover feeds HTML response, trying reconstructed acct URI: {$acct}\n"; $disco = new Discovery(); $xrd = $disco->lookup($acct); $hints = DiscoveryHints::fromXRD($xrd); if (empty($feedurl) && !array_key_exists('feedurl', $hints)) { throw new FeedSubNoFeedException($acct); } $feedurl = $feedurl ?: $hints['feedurl']; $salmonuri = array_key_exists('salmon', $hints) ? $hints['salmon'] : $salmonuri; // get the hub data too and put it in the FeedDiscovery object $discover->discoverFromFeedUrl($feedurl); } $huburi = $discover->getHubLink(); print " Feed URL: {$feedurl}\n"; print " Hub URL: {$huburi}\n"; print " Salmon URL: {$salmonuri}\n"; if ($feedurl != $oprofile->feeduri || $salmonuri != $oprofile->salmonuri) { print "\n";
/** * Get the Salmon keypair from a URI, uses XRD Discovery etc. Reasonably * you'll only get the public key ;) * * The string will (hopefully) be formatted as described in Magicsig specification: * https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#anchor13 * * @return string formatted as Magicsig keypair */ public function discoverKeyPair(Profile $profile) { $signer_uri = $profile->getUri(); if (empty($signer_uri)) { throw new ServerException(sprintf('Profile missing URI (id==%d)', $profile->getID())); } $disco = new Discovery(); // Throws exception on lookup problems try { $xrd = $disco->lookup($signer_uri); } catch (Exception $e) { // Diaspora seems to require us to request the acct: uri $xrd = $disco->lookup($profile->getAcctUri()); } common_debug('Will try to find magic-public-key from XRD of profile id==' . $profile->getID()); $pubkey = null; if (Event::handle('MagicsigPublicKeyFromXRD', array($xrd, &$pubkey))) { $link = $xrd->get(Magicsig::PUBLICKEYREL); if (is_null($link)) { // TRANS: Exception. throw new Exception(_m('Unable to locate signer public key.')); } $pubkey = $link->href; } if (empty($pubkey)) { throw new ServerException('Empty Magicsig public key. A bug?'); } // We have a public key element, let's hope it has proper key data. $keypair = false; $parts = explode(',', $pubkey); if (count($parts) == 2) { $keypair = $parts[1]; } else { // Backwards compatibility check for separator bug in 0.9.0 $parts = explode(';', $pubkey); if (count($parts) == 2) { $keypair = $parts[1]; } } if ($keypair === false) { // For debugging clarity. Keypair did not pass count()-check above. // TRANS: Exception when public key was not properly formatted. throw new Exception(_m('Incorrectly formatted public key element.')); } return $keypair; }
function ensureProfiles() { try { $this->oprofile = Ostatus_profile::getActorProfile($this->activity); if (!$this->oprofile instanceof Ostatus_profile) { throw new UnknownUriException($this->activity->actor->id); } } catch (UnknownUriException $e) { // Apparently we didn't find the Profile object based on our URI, // so OStatus doesn't have it with this URI in ostatus_profile. // Try to look it up again, remote side may have changed from http to https // or maybe publish an acct: URI now instead of an http: URL. // // Steps: // 1. Check the newly received URI. Who does it say it is? // 2. Compare these alleged identities to our local database. // 3. If we found any locally stored identities, ask it about its aliases. // 4. Do any of the aliases from our known identity match the recently introduced one? // // Example: We have stored http://example.com/user/1 but this URI says https://example.com/user/1 common_debug('No local Profile object found for a magicsigned activity author URI: ' . $e->object_uri); $disco = new Discovery(); $xrd = $disco->lookup($e->object_uri); // Step 1: We got a bunch of discovery data for https://example.com/user/1 which includes // aliases https://example.com/user and hopefully our original http://example.com/user/1 too $all_ids = array_merge(array($xrd->subject), $xrd->aliases); if (!in_array($e->object_uri, $all_ids)) { common_debug('The activity author URI we got was not listed itself when doing discovery on it.'); throw $e; } // Go through each reported alias from lookup to see if we know this already foreach ($all_ids as $aliased_uri) { $oprofile = Ostatus_profile::getKV('uri', $aliased_uri); if (!$oprofile instanceof Ostatus_profile) { continue; // unknown locally, check the next alias } // Step 2: We found the alleged http://example.com/user/1 URI in our local database, // but this can't be trusted yet because anyone can publish any alias. common_debug('Found a local Ostatus_profile for "' . $e->object_uri . '" with this URI: ' . $aliased_uri); // We found an existing OStatus profile, but is it really the same? Do a callback to the URI's origin // Step 3: lookup our previously known http://example.com/user/1 webfinger etc. $xrd = $disco->lookup($oprofile->getUri()); // getUri returns ->uri, which we filtered on earlier $doublecheck_aliases = array_merge(array($xrd->subject), $xrd->aliases); common_debug('Trying to match known "' . $aliased_uri . '" against its returned aliases: ' . implode(' ', $doublecheck_aliases)); // if we find our original URI here, it is a legitimate alias // Step 4: Is the newly introduced https://example.com/user/1 URI in the list of aliases // presented by http://example.com/user/1 (i.e. do they both say they are the same identity?) if (in_array($e->object_uri, $doublecheck_aliases)) { $oprofile->updateUriKeys($e->object_uri, DiscoveryHints::fromXRD($xrd)); $this->oprofile = $oprofile; break; // don't iterate through aliases anymore } } // We might end up here after $all_ids is iterated through without a $this->oprofile value, if (!$this->oprofile instanceof Ostatus_profile) { common_debug("We do not have a local profile to connect to this activity's author. Let's create one."); // ensureActivityObjectProfile throws exception on failure $this->oprofile = Ostatus_profile::ensureActivityObjectProfile($this->activity->actor); } } assert($this->oprofile instanceof Ostatus_profile); $this->actor = $this->oprofile->localProfile(); }