public static function authenticate($user, $server, $success_url, $fail_url)
{
// Return error if any required parameter is missing
if (!isset($user['random']) || !isset($user['public_key']) || !isset($user['md5']) || !isset($user['sha']) || !isset($server['pre_master_secret']) || !isset($server['random'])) {
return false;
}
$user['public_key'] = TrustAuth::fix_key($user['public_key']);
// Load the key into the engine
$rsa = new Crypt_RSA();
$rsa->loadKey($user['public_key']);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
// Decrypt the hashes from the client
$user_md5 = bin2hex($rsa->decrypt(pack('H*', $user['md5'])));
$user_sha = bin2hex($rsa->decrypt(pack('H*', $user['sha'])));
// Generate the master secret
$master_secret = TrustAuth::get_master_secret($server['pre_master_secret'], $user['random'], $server['random']);
$transmitted_messages = TrustAuth::get_transmitted_messages($user['random'], $master_secret, $server['random']);
// Calculate the expected hashes from the client
$md5_hash = TrustAuth::get_md5_hash($master_secret, $user['random'], $server['random'], $transmitted_messages);
$sha_hash = TrustAuth::get_sha_hash($master_secret, $user['random'], $server['random'], $transmitted_messages);
// If the hashes match then set the successful login session secret
if ($md5_hash === $user_md5 && $sha_hash === $user_sha) {
return array('status' => true, 'json' => json_encode(array('url' => $success_url, 'status' => TrustAuth::$status['logged_in'])));
} else {
return array('status' => false, 'json' => json_encode(array('url' => $fail_url, 'status' => TrustAuth::$status['auth_fail'], 'error' => 'Failed to authenticate.')));
}
}
