Permalink
Browse files

MDL-12492: Thanks to Nigel McNie, this addresses a problem which prev…

…ents hosts from re-keying when their keys expire.
  • Loading branch information...
1 parent bc19824 commit 5a3951e035b23157b5256308f836325d6eb75fe6 donal committed Feb 15, 2008
Showing with 30 additions and 25 deletions.
  1. +0 −9 mnet/environment.php
  2. +13 −2 mnet/lib.php
  3. +17 −14 mnet/xmlrpc/server.php
View
@@ -167,15 +167,6 @@ function get_public_key() {
$this->keypair['publickey'] = openssl_pkey_get_public($this->keypair['certificate']);
return $this->keypair['publickey'];
}
-
- /**
- * Note that the openssl_sign function computes the sha1 hash, and then
- * signs the hash.
- */
- function sign_message($message) {
- $bool = openssl_sign($message, $signature, $this->get_private_key());
- return $signature;
- }
}
?>
View
@@ -127,12 +127,23 @@ function mnet_set_public_key($uri, $key = null) {
* site
*
* @param string $message The data you want to sign
+ * @param resource $privatekey The private key to sign the response with
* @return string An XML-DSig document
*/
-function mnet_sign_message($message) {
+function mnet_sign_message($message, $privatekey = null) {
global $CFG, $MNET;
$digest = sha1($message);
- $sig = $MNET->sign_message($message);
+
+ // If the user hasn't supplied a private key (for example, one of our older,
+ // expired private keys, we get the current default private key and use that.
+ if ($privatekey == null) {
+ $privatekey = $MNET->get_private_key();
+ }
+
+ // The '$sig' value below is returned by reference.
+ // We initialize it first to stop my IDE from complaining.
+ $sig = '';
+ $bool = openssl_sign($message, $sig, $privatekey); // TODO: On failure?
$message = '<?xml version="1.0" encoding="iso-8859-1"?>
<signedMessage>
View
@@ -162,6 +162,7 @@ function mnet_server_strip_wrappers($HTTP_RAW_POST_DATA) {
if ($isOpen) {
// It's an older code, sir, but it checks out
$push_current_key = true;
+ break;
}
}
}
@@ -189,7 +190,7 @@ function mnet_server_strip_wrappers($HTTP_RAW_POST_DATA) {
if($push_current_key) {
// NOTE: Here, we use the 'mnet_server_fault_xml' to avoid
// get_string being called on our public_key
- exit(mnet_server_fault_xml(7025, $MNET->public_key));
+ exit(mnet_server_fault_xml(7025, $MNET->public_key, $keyresource));
}
/**
@@ -253,11 +254,12 @@ function mnet_server_fault($code, $text, $param = null) {
/**
* Return the proper XML-RPC content to report an error.
*
- * @param int $code The ID code of the error message
- * @param string $text The error message
- * @return string $text The XML text of the error message
+ * @param int $code The ID code of the error message
+ * @param string $text The error message
+ * @param resource $privatekey The private key that should be used to sign the response
+ * @return string $text The XML text of the error message
*/
-function mnet_server_fault_xml($code, $text) {
+function mnet_server_fault_xml($code, $text, $privatekey = null) {
global $MNET_REMOTE_CLIENT, $CFG;
// Replace illegal XML chars - is this already in a lib somewhere?
$text = str_replace(array('<','>','&','"',"'"), array('&lt;','&gt;','&amp;','&quot;','&apos;'), $text);
@@ -274,11 +276,11 @@ function mnet_server_fault_xml($code, $text) {
<member>
<name>faultString</name>
<value><string>'.$text.'</string></value>
- </member>
- </struct>
- </value>
- </fault>
- </methodResponse>');
+ </member>
+ </struct>
+ </value>
+ </fault>
+</methodResponse>', $privatekey);
if (!empty($CFG->mnet_rpcdebug)) {
trigger_error("XMLRPC Error Response $code: $text");
@@ -319,14 +321,15 @@ function mnet_server_dummy_method($methodname, $argsarray, $functionname) {
/**
* Package a response in any required envelope, and return it to the client
*
- * @param string $response The XMLRPC response string
- * @return string The encoded response string
+ * @param string $response The XMLRPC response string
+ * @param resource $privatekey The private key to sign the response with
+ * @return string The encoded response string
*/
-function mnet_server_prepare_response($response) {
+function mnet_server_prepare_response($response, $privatekey = null) {
global $MNET_REMOTE_CLIENT;
if ($MNET_REMOTE_CLIENT->request_was_signed) {
- $response = mnet_sign_message($response);
+ $response = mnet_sign_message($response, $privatekey);
}
if ($MNET_REMOTE_CLIENT->request_was_encrypted) {

0 comments on commit 5a3951e

Please sign in to comment.