/** * Processes id_res requests. * * @param Boolean $valid True if the request has already been authenticated */ function processIdRes($valid) { if (isset($_REQUEST['openid_identity'])) { if ($_REQUEST['openid_identity'] != $_SESSION['openid']['delegate']) { openid_error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['delegate'] . ' but it ' . 'validated ' . $_REQUEST['openid_identity']); } if (!$valid) { $dumbauth = true; if (KEYMANAGER) { try { $valid = KeyManager::authenticate($_SESSION['openid']['server'], $_REQUEST); $dumbauth = false; } catch (Exception $ex) { // Ignore it - try dumb auth } } if ($dumbauth) { $valid = KeyManager::dumbAuthenticate(); } } $_SESSION['openid']['validated'] = $valid; if (!$valid) { openid_error('noauth', 'Provider didn\'t authenticate response'); } parseSRegResponse(); URLBuilder::redirect(); } else { if (isset($_REQUEST['openid_user_setup_url'])) { if (defined('OPENID_IMMEDIATE') && OPENID_IMMEDIATE) { openid_error('noimmediate', 'Couldn\'t perform immediate auth'); } $handle = getHandle($_SESSION['openid']['server']); $url = URLBuilder::buildRequest('setup', $_REQUEST['openid_user_setup_url'], $_SESSION['openid']['delegate'], $_SESSION['openid']['identity'], URLBuilder::getCurrentURL(), $handle); URLBuilder::doRedirect($url); } } }
public static function init() { self::$bigmath = BigMath::getBigMath(); }
public static function buildAssociate($server, $version = 1, $assocType = null, $sessionType = null) { if ($assocType == null) { $assocType = 'HMAC-SHA1'; } if ($sessionType == null) { $sessionType = 'DH-SHA1'; } $args = array('openid.mode' => 'associate', 'openid.assoc_type' => $assocType); if ($version >= self::MIN_VERSION_FOR_NS) { $args['openid.ns'] = self::$namespace[$version]; } if (KeyManager::supportsDH()) { $args['openid.session_type'] = $sessionType; $args['openid.dh_modulus'] = KeyManager::getDhModulus(); $args['openid.dh_gen'] = KeyManager::getDhGen(); $args['openid.dh_consumer_public'] = KeyManager::getDhPublicKey($server); } else { $args['openid.session_type'] = ''; } return self::addArguments(false, $args); }
/** * Processes a positive authentication response. * * @param Boolean $valid True if the request has already been authenticated */ function processPositiveResponse($valid) { Logger::log('Positive response: identity = %s, expected = %s', $_REQUEST['openid_identity'], $_SESSION['openid']['claimedId']); if (!URLBuilder::isValidReturnToURL($_REQUEST['openid_return_to'])) { Logger::log('Return_to check failed: %s, URL: %s', $_REQUEST['openid_return_to'], URLBuilder::getCurrentURL(true)); error('diffreturnto', 'The identity provider stated return URL was ' . $_REQUEST['openid_return_to'] . ' but it actually seems to be ' . URLBuilder::getCurrentURL()); } $id = $_REQUEST[isset($_REQUEST['openid_claimed_id']) ? 'openid_claimed_id' : 'openid_identity']; if (!URLBuilder::isSameURL($id, $_SESSION['openid']['claimedId']) && !URLBuilder::isSameURL($id, $_SESSION['openid']['opLocalId'])) { if ($_SESSION['openid']['claimedId'] == 'http://specs.openid.net/auth/2.0/identifier_select') { $disc = new Discoverer($_REQUEST['openid_claimed_id'], false); if ($disc->hasServer($_SESSION['openid']['endpointUrl'])) { $_SESSION['openid']['identity'] = $_REQUEST['openid_identity']; $_SESSION['openid']['opLocalId'] = $_REQUEST['openid_claimed_id']; } else { error('diffid', 'The OP at ' . $_SESSION['openid']['endpointUrl'] . ' is attmpting to claim ' . $_REQUEST['openid_claimed_id'] . ' but ' . ($disc->getEndpointUrl() == null ? 'that isn\'t a valid identifier' : 'that identifier only authorises ' . $disc->getEndpointUrl())); } } else { error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['claimedId'] . ' but it ' . 'validated ' . $id); } } resetRequests(true); if (!$valid) { $dumbauth = true; if (KEYMANAGER) { try { Logger::log('Attempting to authenticate using association...'); $valid = KeyManager::authenticate($_SESSION['openid']['endpointUrl'], $_REQUEST); $dumbauth = false; } catch (Exception $ex) { // Ignore it - try dumb auth } } if ($dumbauth) { Logger::log('Attempting to authenticate using dumb auth...'); $valid = KeyManager::dumbAuthenticate(); } } $_SESSION['openid']['validated'] = $valid; if (!$valid) { Logger::log('Validation failed!'); error('noauth', 'Provider didn\'t authenticate response'); } Processor::callHandlers(); URLBuilder::redirect(); }
public function __destruct() { parent::__destruct(); }
<?php require_once '../../views/_secureHead.php'; require_once $relative_base_path . 'models/edit.php'; if (isset($sessionManager) && $sessionManager->isAuthorized()) { $KEYMAN_ID = request_isset('id'); $record = KeyManager::getRecord($KEYMAN_ID, $USER_ID); $app_title = 'Edit | ' . $app_title; // build edit view $editModel = new EditModel('Edit', 'update_by_id', $KEYMAN_ID); $editModel->addRow('name', 'Name', $record->getName()); $editModel->addTextarea('private_key', 'Private key', $record->getPrivateKey()); $editModel->addTextarea('public_key', 'Public key', $record->getPublicKey()); $editModel->addRow('passphrase', 'Passphrase', $record->getPassphrase()); $views_to_load = array(); $views_to_load[] = ' ' . EditView2::render($editModel); include $relative_base_path . 'views/_generic.php'; }
$name = request_isset('name'); $private_key = request_isset('private_key'); $public_key = request_isset('public_key'); $passphrase = request_isset('passphrase'); switch ($page_action) { case 'update_by_id': $db_update_success = KeyManager::updateRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase); break; case 'add_key': $db_add_success = KeyManager::addRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase); break; case 'delete_by_id': $db_delete_success = KeyManager::deleteRecord($KEYSTORE_ID, $USER_ID); break; } $keyman_records = KeyManager::getAllRecords($USER_ID); $alt_menu = getAddButton(); // build add view $addView = new AddView('Add', 'add_key'); $addView->addRow('name', 'Name'); $addView->addRow('private_key', 'Private key'); $addView->addRow('public_key', 'Public key'); $addView->addRow('passphrase', 'Passphrase'); // build table view $tableView = new TableView(array('Name', 'Public key', 'Private key', 'Passphrase', '')); foreach ($keyman_records as $record) { $tableView->addRow(array(TableView::createCell('name', $record->getName()), TableView::createCell('public_key', $record->getPublicKey()), TableView::createCell('private_key', $record->getPrivateKey()), TableView::createCell('passphrase', '<span class="mask">************</span><span class="password-actual">' . $record->getPassphrase() . '</span>'), TableView::createEdit($record->getKeystoreId()))); } // load views to be used in front end $views_to_load = array(); $views_to_load[] = '../../views/_add.php';
public static function buildAssociate($server) { $args = array('openid.ns' => self::NAMESPACE, 'openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1'); if (KeyManager::supportsDH()) { $args['openid.session_type'] = 'DH-SHA1'; $args['openid.dh_modulus'] = KeyManager::getDhModulus(); $args['openid.dh_gen'] = KeyManager::getDhGen(); $args['openid.dh_consumer_public'] = KeyManager::getDhPublicKey($server); } else { $args['openid.session_type'] = ''; } return self::addArguments(false, $args); }