PageRenderTime 82ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/services/Format/Services_Format_Parsing.php

http://github.com/spotweb/spotweb
PHP | 556 lines | 290 code | 69 blank | 197 comment | 69 complexity | 96a0d23e9f89a96e2af69faf6b78132b MD5 | raw file
Possible License(s): BSD-3-Clause, GPL-2.0, Apache-2.0, LGPL-3.0 
    

  1. <?php
    2. 

  2. 

  3. class Services_Format_Parsing
    4. 

  4. {
    5. 

  5.     private $_spotSigning = null;
    6. 

  6.     private $_util;
    7. 

  7. 

  8.     public function __construct()
    9. 

  9.     {
    10. 

  10.         $this->_spotSigning = Services_Signing_Base::factory();
    11. 

  11.         $this->_util = new Services_Format_Util();
    12. 

  12.     }
    13. 

  13. 

  14.     // ctor
    15. 

  15. 

  16.     /*
    17. 

  17.      * Some Spotnet clients create invalid XML - see
    18. 

  18.      * messageid ZOB4WPyqQfcHqykUAES8q@spot.net for example, because
    19. 

  19.      * it uses an unescaped & not in an CDATA block.
    20. 

  20.      */
    21. 

  21.     private function correctElmContents($xmlStr, $elems)
    22. 

  22.     {
    23. 

  23.         $cdataStart = '<![CDATA[';
    24. 

  24.         $cdataEnd = ']]>';
    25. 

  25. 

  26.         /*
    27. 

  27.          * replace low-ascii characters, see messageid KNCuzvnxJJErJibUAAxQJ@spot.net
    28. 

  28.          */
    29. 

  29.         $xmlStr = preg_replace('/[\x00-\x1F]/', '', $xmlStr);
    30. 

  30. 

  31.         /* and loop through all elements and fix them up */
    32. 

  32.         foreach ($elems as $elementName) {
    33. 

  33.             // find the element entries
    34. 

  34.             $startElem = stripos($xmlStr, '<'.$elementName.'>');
    35. 

  35.             $endElem = stripos($xmlStr, '</'.$elementName.'>');
    36. 

  36. 

  37.             if (($startElem === false) || ($endElem === false)) {
    38. 

  38.                 continue;
    39. 

  39.             }
    40. 

  40. 

  41.             /*
    42. 

  42.              * Make sure this elements content is not preceeded by the
    43. 

  43.              * required CDATA header
    44. 

  44.              */
    45. 

  45.             if (substr($xmlStr, $startElem + strlen($elementName) + 2, strlen($cdataStart)) !== $cdataStart) {
    46. 

  46.                 $xmlStr = str_replace(
    47. 

  47.                     ['<'.$elementName.'>', '</'.$elementName.'>'],
    48. 

  48.                     ['<'.$elementName.'>'.$cdataStart, $cdataEnd.'</'.$elementName.'>'],
    49. 

  49.                     $xmlStr
    50. 

  50.                 );
    51. 

  51.             } // if
    52. 

  52.         } // foreach
    53. 

  53. 

  54.         return $xmlStr;
    55. 

  55.     }
    56. 

  56. 

  57.     // correctElmContents
    58. 

  58. 

  59.     /*
    60. 

  60.      * Make string utf8mb3 for mysql (only 3 byte utf codes)
    61. 

  61.      */
    62. 

  62.     private function replace4Byte($string, $replacement = '')
    63. 

  63.     {
    64. 

  64.         return preg_replace('%(?:
    65. 

  65.           \xF0[\x90-\xBF][\x80-\xBF]{2}      # planes 1-3
    66. 

  66.         | [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
    67. 

  67.         | \xF4[\x80-\x8F][\x80-\xBF]{2}      # plane 16
    68. 

  68.     )%xs', $replacement, $string);
    69. 

  69.     }
    70. 

  70. 

  71.     /*
    72. 

  72.      * Parse a full Spot according to the XML structure
    73. 

  73.      */
    74. 

  74.     public function parseFull($xmlStr)
    75. 

  75.     {
    76. 

  76.         // Create a template array so we always have the full fields to prevent ugly notices
    77. 

  77.         $tpl_spot = ['category' => '', 'website' => '', 'image' => '', 'sabnzbdurl' => '', 'messageid' => '', 'searchurl' => '', 'description' => '',
    78. 

  78.             'sub'               => '', 'filesize' => '', 'poster' => '', 'tag' => '', 'nzb' => [], 'title' => '',
    79. 

  79.             'filename'          => '', 'newsgroup' => '', 'subcata' => '', 'subcatb' => '',
    80. 

  80.             'subcatc'           => '', 'subcatd' => '', 'subcatz' => '', 'created' => '', 'key' => '', 'prevMsgids' => [], 'newsreader' => '', ];
    81. 

  81. 

  82.         /*
    83. 

  83.          * Some legacy spotNet clients create incorrect/invalid multiple segments,
    84. 

  84.          * we use this crude way to workaround this. GH issue #1608
    85. 

  85.          */
    86. 

  86.         if (strpos($xmlStr, 'spot.net></Segment') !== false) {
    87. 

  87.             $xmlStr = str_replace(
    88. 

  88.                 ['spot.net></Segment>', 'spot.ne</Segment>'],
    89. 

  89.                 ['spot.net</Segment>', 'spot.net</Segment>'],
    90. 

  90.                 $xmlStr
    91. 

  91.             );
    92. 

  92.         } // if
    93. 

  93. 

  94.         /*
    95. 

  95.          * Fix up some forgotten entity encoding / cdata sections in the XML
    96. 

  96.          */
    97. 

  97.         $xmlStr = $this->correctElmContents($xmlStr, ['Title', 'Description', 'Image', 'Tag', 'Website']);
    98. 

  98. 

  99.         /*
    100. 

  100.          * Supress errors for corrupt messageids, eg: <evoCgYpLlLkWe97TQAmnV@spot.net>
    101. 

  101.          */
    102. 

  102.         $xmltop = @(new SimpleXMLElement($xmlStr));
    103. 

  103.         $xml = $xmltop->Posting;
    104. 

  104.         $tpl_spot['created'] = (string) $xml->Created;
    105. 

  105.         $tpl_spot['key'] = (string) $xml->Key;
    106. 

  106.         $tpl_spot['category'] = (string) $xml->Category;
    107. 

  107.         $tpl_spot['website'] = (string) $xml->Website;
    108. 

  108.         $tpl_spot['description'] = (string) $xml->Description;
    109. 

  109.         $tpl_spot['filesize'] = (string) $xml->Size;
    110. 

  110.         $tpl_spot['poster'] = (string) utf8_encode($xml->Poster);
    111. 

  111.         $tpl_spot['tag'] = (string) utf8_encode($xml->Tag);
    112. 

  112.         $tpl_spot['title'] = (string) $xml->Title;
    113. 

  113. 

  114.         // Decode HTML special characters, title otherwise search will be broken, description as body in newsgroup
    115. 

  115.         $tpl_spot['title'] = html_entity_decode($tpl_spot['title'], ENT_QUOTES, 'UTF-8');
    116. 

  116.         $tpl_spot['title'] = $this->replace4Byte($tpl_spot['title'], '??');
    117. 

  117.         $tpl_spot['description'] = html_entity_decode($tpl_spot['description'], ENT_QUOTES, 'UTF-8');
    118. 

  118.         $tpl_spot['description'] = $this->replace4Byte($tpl_spot['description'], '??');
    119. 

  119. 

  120.         // FTD spots have the filename
    121. 

  121.         if (!empty($xml->Filename)) {
    122. 

  122.             $tpl_spot['filename'] = (string) $xml->Filename;
    123. 

  123.         } // if
    124. 

  124. 

  125.         // FTD spots have the newsgroup
    126. 

  126.         if (!empty($xml->Newsgroup)) {
    127. 

  127.             $tpl_spot['newsgroup'] = (string) $xml->newsgroup;
    128. 

  128.         } // if
    129. 

  129. 

  130.         /*
    131. 

  131.          * Images available can be in the XML in two different ways.
    132. 

  132.          *
    133. 

  133.          * Some older spots just have an URL we can use, newer spots
    134. 

  134.          * have an height/width/messageid(s) pair we use to retrieve the image
    135. 

  135.          * from
    136. 

  136.          */
    137. 

  137.         if (empty($xml->Image->Segment)) {
    138. 

  138.             $tpl_spot['image'] = (string) $xml->Image;
    139. 

  139.         } else {
    140. 

  140.             $tpl_spot['image'] = [
    141. 

  141.                 'height' => (string) $xml->Image['Height'],
    142. 

  142.                 'width'  => (string) $xml->Image['Width'],
    143. 

  143.             ];
    144. 

  144. 

  145.             foreach ($xml->xpath('/Spotnet/Posting/Image/Segment') as $seg) {
    146. 

  146.                 // Make sure the messageid's are valid so we do not throw an NNTP error
    147. 

  147.                 if (!$this->_util->validMessageId((string) $seg)) {
    148. 

  148.                     $tpl_spot['image']['segment'] = [];
    149. 

  149.                     break;
    150. 

  150.                 } else {
    151. 

  151.                     $tpl_spot['image']['segment'][] = (string) $seg;
    152. 

  152.                 } // if
    153. 

  153.             } // foreach
    154. 

  154.         } // else
    155. 

  155. 

  156.         // Just stitch together the NZB segments
    157. 

  157.         foreach ($xml->xpath('/Spotnet/Posting/NZB/Segment') as $seg) {
    158. 

  158.             if (!$this->_util->validMessageId((string) $seg)) {
    159. 

  159.                 $tpl_spot['nzb'] = [];
    160. 

  160.                 break;
    161. 

  161.             } else {
    162. 

  162.                 $tpl_spot['nzb'][] = (string) $seg;
    163. 

  163.             } // else
    164. 

  164.         } // foreach
    165. 

  165. 

  166.         // PREVSPOTS
    167. 

  167.         if (!empty($xml->PREVSPOTS->Spot)) {
    168. 

  168.             foreach ($xml->xpath('/Spotnet/Posting/PREVSPOTS/Spot') as $seg) {
    169. 

  169.                 // Make sure the messageid's are valid so we do not throw an NNTP error
    170. 

  170.                 if ($this->_util->validMessageId((string) $seg)) {
    171. 

  171.                     $tpl_spot['prevMsgids'][] = (string) $seg;
    172. 

  172.                 } // if
    173. 

  173.             } // foreach
    174. 

  174.         } // else
    175. 

  175. 

  176.         // Extra / newsreader
    177. 

  177.         if (!empty($xmltop->Extra->Newsreader)) {
    178. 

  178.             $tpl_spot['newsreader'] = (string) $xmltop->Extra->Newsreader;
    179. 

  179.         }
    180. 

  180. 

  181.         // fix the category in the XML array but only for new spots
    182. 

  182.         if ((int) $xml->Key != 1) {
    183. 

  183.             $tpl_spot['category'] = ((int) $tpl_spot['category']) - 1;
    184. 

  184.         } // if
    185. 

  185. 

  186.         /*
    187. 

  187.          * For FTD spots an array of subcategories is created. This array is not
    188. 

  188.          * compatible with that of newer spots so we need two seperate codepaths
    189. 

  189.          */
    190. 

  190.         $subcatList = [];
    191. 

  191. 

  192.         /*
    193. 

  193.          * We fix up the category list later in the system, so we just extract the
    194. 

  194.          * list of subcategories
    195. 

  195.          */
    196. 

  196.         if (!empty($xml->SubCat)) {
    197. 

  197.             foreach ($xml->xpath('/Spotnet/Posting/Category/SubCat') as $sub) {
    198. 

  198.                 $subcatList[] = (string) $sub;
    199. 

  199.             } // foreach
    200. 

  200.         } else {
    201. 

  201.             foreach ($xml->xpath('/Spotnet/Posting/Category/Sub') as $sub) {
    202. 

  202.                 $subcatList[] = (string) $sub;
    203. 

  203.             } // foreach
    204. 

  204.         } // if
    205. 

  205. 

  206.         /*
    207. 

  207.          * Mangle the several types of subcategory listing to make sure we only
    208. 

  208.          * have to use one type in the rest of Spotwb
    209. 

  209.          */
    210. 

  210.         foreach ($subcatList as $subcat) {
    211. 

  211.             if (preg_match('/(\d+)([aAbBcCdDzZ])(\d+)/', preg_quote($subcat), $tmpMatches)) {
    212. 

  212.                 $subCatVal = strtolower($tmpMatches[2]).((int) $tmpMatches[3]);
    213. 

  213.                 $tpl_spot['subcat'.$subCatVal[0]] .= $subCatVal.'|';
    214. 

  214.             } // if
    215. 

  215.         } // foreach
    216. 

  216. 

  217.         /*
    218. 

  218.          * subcatz is a subcategory introduced in later Spotnet formats, we prefer to
    219. 

  219.          * always have this subcategory so we just fake it if it's not listed.
    220. 

  220.          */
    221. 

  221.         if (empty($tpl_spot['subcatz'])) {
    222. 

  222.             $tpl_spot['subcatz'] = SpotCategories::createSubcatZ($tpl_spot['category'], $tpl_spot['subcata'].$tpl_spot['subcatb'].$tpl_spot['subcatd']);
    223. 

  223.         } // if
    224. 

  224. 

  225.         // map deprecated genre categories to their new genre category
    226. 

  226.         $tpl_spot['subcatd'] = SpotCategories::mapDeprecatedGenreSubCategories($tpl_spot['category'], $tpl_spot['subcatd'], $tpl_spot['subcatz']);
    227. 

  227.         $tpl_spot['subcatc'] = SpotCategories::mapLanguageSubCategories($tpl_spot['category'], $tpl_spot['subcatc'], $tpl_spot['subcatz']);
    228. 

  228. 

  229.         // and return the parsed XML
    230. 

  230.         return $tpl_spot;
    231. 

  231.     }
    232. 

  232. 

  233.     // parseFull()
    234. 

  234. 

  235.     /*
    236. 

  236.      * Parse a Spot using only the header information
    237. 

  237.      */
    238. 

  238.     public function parseHeader($subj, $from, $date, $messageid, $rsaKeys)
    239. 

  239.     {
    240. 

  240.         // Initialize an empty array, we create a basic template in a few
    241. 

  241.         $spot = [];
    242. 

  242. 

  243.         /*
    244. 

  244.          * The "From" header is created using the following system:
    245. 

  245.          *
    246. 

  246.          *   From: [Nickname] <[RANDOM or PUBLICKEY]@[CAT][KEY-ID][SUBCAT].[SIZE].[RANDOM].[DATE].[CUSTOM-ID].[CUSTOM-VALUE].[SIGNATURE]>
    247. 

  247.          *		or
    248. 

  248.          *   From: [Nickname] <[PUBLICKEY-MODULO.USERSIGNATURE]@[CAT][KEY-ID][SUBCAT].[SIZE].[RANDOM].[DATE].[CUSTOM-ID].[CUSTOM-VALUE].[SIGNATURE]>
    249. 

  249.          *
    250. 

  250.          *
    251. 

  251.          * First we want to extract everything after the @ but because a nickname could contain an @, we have to mangle it a bit
    252. 

  252.          */
    253. 

  253.         $fromInfoPos = strpos($from, '<');
    254. 

  254.         if ($fromInfoPos === false) {
    255. 

  255.             return false;
    256. 

  256.         } else {
    257. 

  257.             // Remove the posters' name and the <> characters
    258. 

  258.             $fromAddress = explode('@', substr($from, $fromInfoPos + 1, -1));
    259. 

  259.             if (count($fromAddress) < 2) {
    260. 

  260.                 return false;
    261. 

  261.             } // if
    262. 

  262.             $spot['header'] = $fromAddress[1];
    263. 

  263. 

  264.             /*
    265. 

  265.              * It is possible the part before the @ contains both the
    266. 

  266.              * users' signature as the spots signature as signed by the user
    267. 

  267.              */
    268. 

  268.             $headerSignatureTemp = explode('.', $fromAddress[0]);
    269. 

  269.             $spot['selfsignedpubkey'] = $this->_util->spotUnprepareBase64($headerSignatureTemp[0]);
    270. 

  270.             if (isset($headerSignatureTemp[1])) {
    271. 

  271.                 $spot['user-signature'] = $this->_util->spotUnprepareBase64($headerSignatureTemp[1]);
    272. 

  272.             } // if
    273. 

  273.         } // if
    274. 

  274. 

  275.         /*
    276. 

  276.          * Initialize some basic variables. We set 'verified' to false so we  can
    277. 

  277.          * exit this function at any time and the gathered data for this spot up til
    278. 

  278.          * then is stil ignored.
    279. 

  279.          */
    280. 

  280.         $spot['verified'] = false;
    281. 

  281.         $spot['filesize'] = 0;
    282. 

  282.         $spot['messageid'] = $messageid;
    283. 

  283.         $spot['stamp'] = strtotime($date);
    284. 

  284. 

  285.         /*
    286. 

  286.          * Split the .-delimited fields into an array so we can mangle it. We require
    287. 

  287.          * atleast six fields, if any less we can safely assume the spot is invalid
    288. 

  288.          */
    289. 

  289.         $fields = explode('.', $spot['header']);
    290. 

  290.         if (count($fields) < 6) {
    291. 

  291.             return false;
    292. 

  292.         } // if
    293. 

  293. 

  294.         /*
    295. 

  295.          * Extract the fixed fields from the header
    296. 

  296.          */
    297. 

  297.         $spot['poster'] = substr($from, 0, $fromInfoPos - 1);
    298. 

  298.         $spot['category'] = (int) (substr($fields[0], 0, 1)) - 1.0;
    299. 

  299.         $spot['keyid'] = (int) substr($fields[0], 1, 1);
    300. 

  300.         $spot['filesize'] = $fields[1];
    301. 

  301.         $spot['subcata'] = '';
    302. 

  302.         $spot['subcatb'] = '';
    303. 

  303.         $spot['subcatc'] = '';
    304. 

  304.         $spot['subcatd'] = '';
    305. 

  305.         $spot['subcatz'] = '';
    306. 

  306.         $spot['wassigned'] = false;
    307. 

  307.         $spot['spotterid'] = '';
    308. 

  308.         $isRecentKey = $spot['keyid'] != 1;
    309. 

  309. 

  310.         /*
    311. 

  311.          * If the keyid is invalid, abort trying to parse it
    312. 

  312.          */
    313. 

  313.         if ($spot['keyid'] < 0) {
    314. 

  314.             return false;
    315. 

  315.         } // if
    316. 

  316. 

  317.         /*
    318. 

  318.          * Listings of subcategories is dependent on the age of the spot.
    319. 

  319.          *
    320. 

  320.          * FTD spots just list all subcategories like: a9b4c0d5d15d11
    321. 

  321.          * Newer spots always use three characters for each subcategory like: a09b04c00d05d15d11.
    322. 

  322.          *
    323. 

  323.          * We really do not care for this, we just parse them using the same code as the
    324. 

  324.          * first one.
    325. 

  325.          *
    326. 

  326.          * We pad $strCatList with an extra set of tokes so we always parse te last category,
    327. 

  327.          * we make sure any sanitycheck is passed by adding 3 tokens.
    328. 

  328.          */
    329. 

  329.         $strCatList = strtolower(substr($fields[0], 2)).'!!!';
    330. 

  330.         $strCatListLen = strlen($strCatList);
    331. 

  331. 

  332.         /*
    333. 

  333.          * Initialize some basic variables to use for sanitychecking (eg: valid subcats)
    334. 

  334.          */
    335. 

  335.         $validSubcats = ['a' => true, 'b' => true, 'c' => true, 'd' => true, 'z' => true];
    336. 

  336.         $tmpCatBuild = '';
    337. 

  337. 

  338.         /* And just try to extract all given subcategories */
    339. 

  339.         for ($i = 0; $i < $strCatListLen; $i++) {
    340. 

  340.             /*
    341. 

  341.              * If the current character is not an number, we found the next
    342. 

  342.              * subcategory. Add the current one to the list, and start
    343. 

  343.              * parsing the new one
    344. 

  344.              */
    345. 

  345.             if ((!is_numeric($strCatList[$i])) && (!empty($tmpCatBuild))) {
    346. 

  346.                 if (isset($validSubcats[$tmpCatBuild[0]])) {
    347. 

  347.                     $spot['subcat'.$tmpCatBuild[0]] .= $tmpCatBuild[0].(int) substr($tmpCatBuild, 1).'|';
    348. 

  348.                 } // if
    349. 

  349. 

  350.                 $tmpCatBuild = '';
    351. 

  351.             } // if
    352. 

  352. 

  353.             $tmpCatBuild .= $strCatList[$i];
    354. 

  354.         } // for
    355. 

  355. 

  356.         /*
    357. 

  357.          * subcatz is a subcategory introduced in later Spotnet formats, we prefer to
    358. 

  358.          * always have this subcategory so we just fake it if it's not listed.
    359. 

  359.          */
    360. 

  360.         if (empty($spot['subcatz'])) {
    361. 

  361.             $spot['subcatz'] = SpotCategories::createSubcatz($spot['category'], $spot['subcata'].$spot['subcatb'].$spot['subcatd']);
    362. 

  362.         } // if
    363. 

  363. 

  364.         // map deprecated genre categories to their new genre category
    365. 

  365.         $spot['subcatd'] = SpotCategories::mapDeprecatedGenreSubCategories($spot['category'], $spot['subcatd'], $spot['subcatz']);
    366. 

  366.         $spot['subcatc'] = SpotCategories::mapLanguageSubCategories($spot['category'], $spot['subcatc'], $spot['subcatz']);
    367. 

  367. 

  368.         if ((strpos($subj, '=?') !== false) && (strpos($subj, '?=') !== false)) {
    369. 

  369.             // This is an old format to parse, instantiate the legacy parsing
    370. 

  370.             $legacyParser = new Services_Format_ParsingLegacy();
    371. 

  371. 

  372.             // Make sure its as simple as possible
    373. 

  373.             $subj = str_replace('?= =?', '?==?', $subj);
    374. 

  374.             $subj = str_replace('\r', '', trim($legacyParser->oldEncodingParse($subj)));
    375. 

  375.             $subj = str_replace('\n', '', $subj);
    376. 

  376.         } // if
    377. 

  377. 

  378.         if ($isRecentKey) {
    379. 

  379.             $tmp = explode('|', $subj);
    380. 

  380. 

  381.             $spot['title'] = trim($tmp[0]);
    382. 

  382.             if (count($tmp) > 1) {
    383. 

  383.                 $spot['tag'] = trim($tmp[1]);
    384. 

  384.             } else {
    385. 

  385.                 $spot['tag'] = '';
    386. 

  386.             } // else
    387. 

  387.         } else {
    388. 

  388.             $tmp = explode('|', $subj);
    389. 

  389.             if (count($tmp) <= 1) {
    390. 

  390.                 $tmp = [$subj];
    391. 

  391.             } // if
    392. 

  392. 

  393.             $spot['tag'] = trim($tmp[count($tmp) - 1]);
    394. 

  394. 

  395.             // remove the tags from the array
    396. 

  396.             array_pop($tmp);
    397. 

  397.             array_pop($tmp);
    398. 

  398. 

  399.             $spot['title'] = trim(implode('|', $tmp));
    400. 

  400. 

  401.             if ((strpos($spot['title'], chr(0xc2)) !== false) | (strpos($spot['title'], chr(0xc3)) !== false)) {
    402. 

  402.                 // This is an old format to parse, instantiate the legacy parsing
    403. 

  403.                 $legacyParser = new Services_Format_ParsingLegacy();
    404. 

  404.                 $spot['title'] = trim($legacyParser->oldEncodingParse($spot['title']));
    405. 

  405.             } // if
    406. 

  406.         } // if recentKey
    407. 

  407. 

  408.         // Title and poster fields are mandatory, we require it to validate the signature
    409. 

  409.         if (((strlen($spot['title']) == 0) || (strlen($spot['poster']) == 0))) {
    410. 

  410.             return $spot;
    411. 

  411.         } // if
    412. 

  412. 

  413.         /*
    414. 

  414.          * For any recentkey ( >1) or spots created after year-2010, we require the spot
    415. 

  415.          * to be signed
    416. 

  416.          */
    417. 

  417.         $mustbeSigned = $isRecentKey | ($spot['stamp'] > 1293870080);
    418. 

  418.         if ($mustbeSigned) {
    419. 

  419.             $spot['headersign'] = $fields[count($fields) - 1];
    420. 

  420.             $spot['wassigned'] = (strlen($spot['headersign']) != 0);
    421. 

  421.         } // if must be signed
    422. 

  422.         else {
    423. 

  423.             $spot['verified'] = true;
    424. 

  424.             $spot['wassigned'] = false;
    425. 

  425.         } // if doesnt need to be signed, pretend that it is
    426. 

  426. 

  427.         /*
    428. 

  428.          * Don't verify spots which are already verified
    429. 

  429.          */
    430. 

  430.         if ($spot['wassigned']) {
    431. 

  431.             /*
    432. 

  432.              * There are currently two known methods to which Spots are signed,
    433. 

  433.              * each having different charachteristics, making it a bit difficult
    434. 

  434.              * to work with this.
    435. 

  435.              *
    436. 

  436.              * The oldest method uses a secret private key and a signing server, we
    437. 

  437.              * name this method SPOTSIGN_V1. The users' public key is only available
    438. 

  438.              * in the XML header, not in the From header. This is the preferred method.
    439. 

  439.              *
    440. 

  440.              * The second method uses a so-called "self signed" spot (the spotter signs
    441. 

  441.              * the spots, posts the public key in the header and a hashcash is used to
    442. 

  442.              * prevent spamming). This method is called SPOTSIGN_V2.
    443. 

  443.              *
    444. 

  444.              */
    445. 

  445.             if ($spot['keyid'] == 7) {
    446. 

  446.                 /*
    447. 

  447.                  * KeyID 7 has a special meaning, it defines a self-signed spot and
    448. 

  448.                  * requires a hashcash
    449. 

  449.                  */
    450. 

  450.                 $signingMethod = 2;
    451. 

  451.             } else {
    452. 

  452.                 $signingMethod = 1;
    453. 

  453.             } // else
    454. 

  454. 

  455.             switch ($signingMethod) {
    456. 

  456.                 case 1:
    457. 

  457.                     // the signature this header is signed with
    458. 

  458.                     $signature = $this->_util->spotUnprepareBase64($spot['headersign']);
    459. 

  459. 

  460.                     /*
    461. 

  461.                      * Make sure the key specified is an actual known key
    462. 

  462.                      */
    463. 

  463.                     if (isset($rsaKeys[$spot['keyid']])) {
    464. 

  464.                         if ($spot['keyid'] == 2 && $spot['filesize'] = 999 && strlen($spot['selfsignedpubkey']) > 50
    465. 

  465.                             ) {
    466. 

  466.                             /* Check personal dispose message */
    467. 

  467.                             $signature = $this->_util->spotUnprepareBase64($spot['headersign']);
    468. 

  468.                             $userSignedHash = sha1('<'.$spot['messageid'].'>', false);
    469. 

  469.                             $spot['verified'] = (substr($userSignedHash, 0, 4) === '0000');
    470. 

  470.                             if ($spot['verified']) {
    471. 

  471.                                 $userRsaKey = [2 => ['modulo' => $spot['selfsignedpubkey'], 'exponent' => 'AQAB']];
    472. 

  472.                                 if ($this->_spotSigning->verifySpotHeader($spot, $signature, $userRsaKey)) {
    473. 

  473.                                     $spot['spotterid'] = $this->_util->calculateSpotterId($spot['selfsignedpubkey']);
    474. 

  474.                                 } // if
    475. 

  475.                             } // if
    476. 

  476.                         } else {
    477. 

  477.                             $spot['verified'] = $this->_spotSigning->verifySpotHeader($spot, $signature, $rsaKeys);
    478. 

  478.                         }
    479. 

  479.                     } // if
    480. 

  480. 

  481.                     break;
    482. 

  482.                  // SPOTSIGN_V1
    483. 

  483. 

  484.                 case 2:
    485. 

  485.                     // the signature this header is signed with
    486. 

  486.                     $signature = $this->_util->spotUnprepareBase64($spot['headersign']);
    487. 

  487. 

  488.                     $userSignedHash = sha1('<'.$spot['messageid'].'>', false);
    489. 

  489.                     $spot['verified'] = (substr($userSignedHash, 0, 4) === '0000');
    490. 

  490. 

  491.                     /*
    492. 

  492.                      * Create a fake RSA keyarray so we can validate it using our standard
    493. 

  493.                      * infrastructure
    494. 

  494.                      */
    495. 

  495.                      if ($spot['verified']) {
    496. 

  496.                          $userRsaKey = [7 => ['modulo' => $spot['selfsignedpubkey'],
    497. 

  497.                              'exponent'                => 'AQAB', ]];
    498. 

  498. 

  499.                          /*
    500. 

  500.                           * We cannot use this as a full measure to check the spot's validness yet,
    501. 

  501.                           * because at least one Spotnet client feeds us invalid data for now
    502. 

  502.                           */
    503. 

  503.                          if ($this->_spotSigning->verifySpotHeader($spot, $signature, $userRsaKey)) {
    504. 

  504.                              /*
    505. 

  505.                               * The users' public key (modulo) is posted in the header, lets
    506. 

  506.                               * try this.
    507. 

  507.                               */
    508. 

  508.                              $spot['spotterid'] = $this->_util->calculateSpotterId($spot['selfsignedpubkey']);
    509. 

  509.                          } // if
    510. 

  510.                      } // if
    511. 

  511. 

  512.                     break;
    513. 

  513.                  // SPOTSIGN_V2
    514. 

  514.             } // switch
    515. 

  515. 

  516.             /*
    517. 

  517.              * Even more recent spots, contain the users' full publickey
    518. 

  518.              * in the header. This allows us to uniquely identify and verify
    519. 

  519.              * the poster of the spot.
    520. 

  520.              *
    521. 

  521.              * Try to extract this information.
    522. 

  522.              */
    523. 

  523.             if (($spot['verified']) && (!empty($spot['user-signature'])) && (!empty($spot['selfsignedpubkey']))) {
    524. 

  524.                 /*
    525. 

  525.                  * Extract the public key
    526. 

  526.                  */
    527. 

  527.                 $spot['spotterid'] = $this->_util->calculateSpotterId($spot['selfsignedpubkey']);
    528. 

  528.                 $spot['user-key'] = ['modulo' => $spot['selfsignedpubkey'],
    529. 

  529.                     'exponent'                => 'AQAB', ];
    530. 

  530.                 /*
    531. 

  531.                  * The spot contains the signature in the header of the spot
    532. 

  532.                  */
    533. 

  533.                 $spot['verified'] = $this->_spotSigning->verifyFullSpot($spot);
    534. 

  534.             } // if
    535. 

  535.         } // if was signed
    536. 

  536. 

  537.         /*
    538. 

  538.          * We convert the title and other fields to UTF8, we cannot
    539. 

  539.          * do this any earlier because it would break the RSA signature
    540. 

  540.          */
    541. 

  541.         if (($spot !== false) && ($spot['verified'])) {
    542. 

  542.             $spot['title'] = utf8_encode($spot['title']);
    543. 

  543.             $spot['poster'] = utf8_encode($spot['poster']);
    544. 

  544.             $spot['tag'] = utf8_encode($spot['tag']);
    545. 

  545. 

  546.             // If a spot is in the future, fix it
    547. 

  547.             if (time() < $spot['stamp']) {
    548. 

  548.                 $spot['stamp'] = time();
    549. 

  549.             } // if
    550. 

  550.         } // if
    551. 

  551. 

  552.         return $spot;
    553. 

  553.     }
    554. 

  554. 

  555.     // parseHeader
    556. 

  556. } // class Services_Format_Parsing
    557. 

  557.