/**
* Processes id_res requests.
*
* @param Boolean $valid True if the request has already been authenticated
*/
function processIdRes($valid)
{
if (isset($_REQUEST['openid_identity'])) {
if ($_REQUEST['openid_identity'] != $_SESSION['openid']['delegate']) {
openid_error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['delegate'] . ' but it ' . 'validated ' . $_REQUEST['openid_identity']);
}
if (!$valid) {
$dumbauth = true;
if (KEYMANAGER) {
try {
$valid = KeyManager::authenticate($_SESSION['openid']['server'], $_REQUEST);
$dumbauth = false;
} catch (Exception $ex) {
// Ignore it - try dumb auth
}
}
if ($dumbauth) {
$valid = KeyManager::dumbAuthenticate();
}
}
$_SESSION['openid']['validated'] = $valid;
if (!$valid) {
openid_error('noauth', 'Provider didn\'t authenticate response');
}
parseSRegResponse();
URLBuilder::redirect();
} else {
if (isset($_REQUEST['openid_user_setup_url'])) {
if (defined('OPENID_IMMEDIATE') && OPENID_IMMEDIATE) {
openid_error('noimmediate', 'Couldn\'t perform immediate auth');
}
$handle = getHandle($_SESSION['openid']['server']);
$url = URLBuilder::buildRequest('setup', $_REQUEST['openid_user_setup_url'], $_SESSION['openid']['delegate'], $_SESSION['openid']['identity'], URLBuilder::getCurrentURL(), $handle);
URLBuilder::doRedirect($url);
}
}
}
public static function init()
{
self::$bigmath = BigMath::getBigMath();
}
public static function buildAssociate($server, $version = 1, $assocType = null, $sessionType = null)
{
if ($assocType == null) {
$assocType = 'HMAC-SHA1';
}
if ($sessionType == null) {
$sessionType = 'DH-SHA1';
}
$args = array('openid.mode' => 'associate', 'openid.assoc_type' => $assocType);
if ($version >= self::MIN_VERSION_FOR_NS) {
$args['openid.ns'] = self::$namespace[$version];
}
if (KeyManager::supportsDH()) {
$args['openid.session_type'] = $sessionType;
$args['openid.dh_modulus'] = KeyManager::getDhModulus();
$args['openid.dh_gen'] = KeyManager::getDhGen();
$args['openid.dh_consumer_public'] = KeyManager::getDhPublicKey($server);
} else {
$args['openid.session_type'] = '';
}
return self::addArguments(false, $args);
}
/**
* Processes a positive authentication response.
*
* @param Boolean $valid True if the request has already been authenticated
*/
function processPositiveResponse($valid)
{
Logger::log('Positive response: identity = %s, expected = %s', $_REQUEST['openid_identity'], $_SESSION['openid']['claimedId']);
if (!URLBuilder::isValidReturnToURL($_REQUEST['openid_return_to'])) {
Logger::log('Return_to check failed: %s, URL: %s', $_REQUEST['openid_return_to'], URLBuilder::getCurrentURL(true));
error('diffreturnto', 'The identity provider stated return URL was ' . $_REQUEST['openid_return_to'] . ' but it actually seems to be ' . URLBuilder::getCurrentURL());
}
$id = $_REQUEST[isset($_REQUEST['openid_claimed_id']) ? 'openid_claimed_id' : 'openid_identity'];
if (!URLBuilder::isSameURL($id, $_SESSION['openid']['claimedId']) && !URLBuilder::isSameURL($id, $_SESSION['openid']['opLocalId'])) {
if ($_SESSION['openid']['claimedId'] == 'http://specs.openid.net/auth/2.0/identifier_select') {
$disc = new Discoverer($_REQUEST['openid_claimed_id'], false);
if ($disc->hasServer($_SESSION['openid']['endpointUrl'])) {
$_SESSION['openid']['identity'] = $_REQUEST['openid_identity'];
$_SESSION['openid']['opLocalId'] = $_REQUEST['openid_claimed_id'];
} else {
error('diffid', 'The OP at ' . $_SESSION['openid']['endpointUrl'] . ' is attmpting to claim ' . $_REQUEST['openid_claimed_id'] . ' but ' . ($disc->getEndpointUrl() == null ? 'that isn\'t a valid identifier' : 'that identifier only authorises ' . $disc->getEndpointUrl()));
}
} else {
error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['claimedId'] . ' but it ' . 'validated ' . $id);
}
}
resetRequests(true);
if (!$valid) {
$dumbauth = true;
if (KEYMANAGER) {
try {
Logger::log('Attempting to authenticate using association...');
$valid = KeyManager::authenticate($_SESSION['openid']['endpointUrl'], $_REQUEST);
$dumbauth = false;
} catch (Exception $ex) {
// Ignore it - try dumb auth
}
}
if ($dumbauth) {
Logger::log('Attempting to authenticate using dumb auth...');
$valid = KeyManager::dumbAuthenticate();
}
}
$_SESSION['openid']['validated'] = $valid;
if (!$valid) {
Logger::log('Validation failed!');
error('noauth', 'Provider didn\'t authenticate response');
}
Processor::callHandlers();
URLBuilder::redirect();
}
public function __destruct()
{
parent::__destruct();
}
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$KEYMAN_ID = request_isset('id');
$record = KeyManager::getRecord($KEYMAN_ID, $USER_ID);
$app_title = 'Edit | ' . $app_title;
// build edit view
$editModel = new EditModel('Edit', 'update_by_id', $KEYMAN_ID);
$editModel->addRow('name', 'Name', $record->getName());
$editModel->addTextarea('private_key', 'Private key', $record->getPrivateKey());
$editModel->addTextarea('public_key', 'Public key', $record->getPublicKey());
$editModel->addRow('passphrase', 'Passphrase', $record->getPassphrase());
$views_to_load = array();
$views_to_load[] = ' ' . EditView2::render($editModel);
include $relative_base_path . 'views/_generic.php';
}
$name = request_isset('name');
$private_key = request_isset('private_key');
$public_key = request_isset('public_key');
$passphrase = request_isset('passphrase');
switch ($page_action) {
case 'update_by_id':
$db_update_success = KeyManager::updateRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase);
break;
case 'add_key':
$db_add_success = KeyManager::addRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase);
break;
case 'delete_by_id':
$db_delete_success = KeyManager::deleteRecord($KEYSTORE_ID, $USER_ID);
break;
}
$keyman_records = KeyManager::getAllRecords($USER_ID);
$alt_menu = getAddButton();
// build add view
$addView = new AddView('Add', 'add_key');
$addView->addRow('name', 'Name');
$addView->addRow('private_key', 'Private key');
$addView->addRow('public_key', 'Public key');
$addView->addRow('passphrase', 'Passphrase');
// build table view
$tableView = new TableView(array('Name', 'Public key', 'Private key', 'Passphrase', ''));
foreach ($keyman_records as $record) {
$tableView->addRow(array(TableView::createCell('name', $record->getName()), TableView::createCell('public_key', $record->getPublicKey()), TableView::createCell('private_key', $record->getPrivateKey()), TableView::createCell('passphrase', '<span class="mask">************</span><span class="password-actual">' . $record->getPassphrase() . '</span>'), TableView::createEdit($record->getKeystoreId())));
}
// load views to be used in front end
$views_to_load = array();
$views_to_load[] = '../../views/_add.php';
public static function buildAssociate($server)
{
$args = array('openid.ns' => self::NAMESPACE, 'openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1');
if (KeyManager::supportsDH()) {
$args['openid.session_type'] = 'DH-SHA1';
$args['openid.dh_modulus'] = KeyManager::getDhModulus();
$args['openid.dh_gen'] = KeyManager::getDhGen();
$args['openid.dh_consumer_public'] = KeyManager::getDhPublicKey($server);
} else {
$args['openid.session_type'] = '';
}
return self::addArguments(false, $args);
}
