From: donal <donal>
Date: Fri, 15 Feb 2008 08:32:22 +0000 (+0000)
Subject: MDL-12492: Thanks to Nigel McNie, this addresses a problem which prevents hosts from... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=09f0abb2ffb960bc8e0a9d9231bdc155836280b2;p=moodle.git

MDL-12492: Thanks to Nigel McNie, this addresses a problem which prevents hosts from re-keying when their keys expire.
---

diff --git a/mnet/environment.php b/mnet/environment.php
index bef22304c6..982579b87f 100644
--- a/mnet/environment.php
+++ b/mnet/environment.php
@@ -173,15 +173,6 @@ class mnet_environment {
         $this->keypair['publickey'] = openssl_pkey_get_public($this->keypair['certificate']);
         return $this->keypair['publickey'];
     }
-
-    /**
-     * Note that the openssl_sign function computes the sha1 hash, and then
-     * signs the hash.
-     */
-    function sign_message($message) {
-        $bool = openssl_sign($message, $signature, $this->get_private_key());
-        return $signature;
-    }
 }
 
 ?>
diff --git a/mnet/lib.php b/mnet/lib.php
index e355f0c1c7..ef8dd4783e 100644
--- a/mnet/lib.php
+++ b/mnet/lib.php
@@ -134,12 +134,23 @@ function mnet_set_public_key($uri, $key = null) {
  * site
  *
  * @param  string   $message              The data you want to sign
+ * @param  resource $privatekey           The private key to sign the response with
  * @return string                         An XML-DSig document
  */
-function mnet_sign_message($message) {
+function mnet_sign_message($message, $privatekey = null) {
     global $CFG, $MNET;
     $digest = sha1($message);
-    $sig = $MNET->sign_message($message);
+
+    // If the user hasn't supplied a private key (for example, one of our older,
+    //  expired private keys, we get the current default private key and use that.
+    if ($privatekey == null) {
+        $privatekey = $MNET->get_private_key();
+    }
+
+    // The '$sig' value below is returned by reference.
+    // We initialize it first to stop my IDE from complaining.
+    $sig  = '';
+    $bool = openssl_sign($message, $sig, $privatekey); // TODO: On failure?
 
     $message = '<?xml version="1.0" encoding="iso-8859-1"?>
     <signedMessage>
diff --git a/mnet/xmlrpc/server.php b/mnet/xmlrpc/server.php
index d3956bde6a..b101ff028b 100644
--- a/mnet/xmlrpc/server.php
+++ b/mnet/xmlrpc/server.php
@@ -162,6 +162,7 @@ function mnet_server_strip_wrappers($HTTP_RAW_POST_DATA) {
                     if ($isOpen) {
                         // It's an older code, sir, but it checks out
                         $push_current_key = true;
+                        break;
                     }
                 }
             }
@@ -189,7 +190,7 @@ function mnet_server_strip_wrappers($HTTP_RAW_POST_DATA) {
         if($push_current_key) {
             // NOTE: Here, we use the 'mnet_server_fault_xml' to avoid
             // get_string being called on our public_key
-            exit(mnet_server_fault_xml(7025, $MNET->public_key));
+            exit(mnet_server_fault_xml(7025, $MNET->public_key, $keyresource));
         }
 
         /**
@@ -253,11 +254,12 @@ function mnet_server_fault($code, $text, $param = null) {
 /**
  * Return the proper XML-RPC content to report an error.
  *
- * @param  int    $code   The ID code of the error message
- * @param  string $text   The error message
- * @return string $text   The XML text of the error message
+ * @param  int      $code   The ID code of the error message
+ * @param  string   $text   The error message
+ * @param  resource $privatekey The private key that should be used to sign the response
+ * @return string   $text   The XML text of the error message
  */
-function mnet_server_fault_xml($code, $text) {
+function mnet_server_fault_xml($code, $text, $privatekey = null) {
     global $MNET_REMOTE_CLIENT, $CFG;
     // Replace illegal XML chars - is this already in a lib somewhere?
     $text = str_replace(array('<','>','&','"',"'"), array('&lt;','&gt;','&amp;','&quot;','&apos;'), $text);
@@ -278,7 +280,7 @@ function mnet_server_fault_xml($code, $text) {
          </struct>
       </value>
    </fault>
-</methodResponse>');
+</methodResponse>', $privatekey);
 
     if (!empty($CFG->mnet_rpcdebug)) {
         trigger_error("XMLRPC Error Response $code: $text");
@@ -319,14 +321,15 @@ function mnet_server_dummy_method($methodname, $argsarray, $functionname) {
 /**
  * Package a response in any required envelope, and return it to the client
  *
- * @param   string  $response      The XMLRPC response string
- * @return  string                 The encoded response string
+ * @param   string   $response      The XMLRPC response string
+ * @param   resource $privatekey    The private key to sign the response with
+ * @return  string                  The encoded response string
  */
-function mnet_server_prepare_response($response) {
+function mnet_server_prepare_response($response, $privatekey = null) {
     global $MNET_REMOTE_CLIENT;
 
     if ($MNET_REMOTE_CLIENT->request_was_signed) {
-        $response = mnet_sign_message($response);
+        $response = mnet_sign_message($response, $privatekey);
     }
 
     if ($MNET_REMOTE_CLIENT->request_was_encrypted) {