Ejemplo n.º 1
0
 public static function handleLogin($authStateId, $xmlToken)
 {
     assert('is_string($authStateId)');
     $config = SimpleSAML_Configuration::getInstance();
     $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
     $idp_key = $autoconfig->getValue('idp_key');
     $idp_pass = $autoconfig->getValue('idp_key_pass', NULL);
     $sts_crt = $autoconfig->getValue('sts_crt');
     $Infocard = $autoconfig->getValue('InfoCard');
     $infocard = new sspmod_InfoCard_RP_InfoCard();
     $infocard->addIDPKey($idp_key, $idp_pass);
     $infocard->addSTSCertificate($sts_crt);
     if (!$xmlToken) {
         SimpleSAML_Logger::debug("XMLtoken: " . $xmlToken);
     } else {
         SimpleSAML_Logger::debug("NOXMLtoken: " . $xmlToken);
     }
     $claims = $infocard->process($xmlToken);
     if ($claims->isValid()) {
         $attributes = array();
         foreach ($Infocard['requiredClaims'] as $claim => $data) {
             $attributes[$claim] = array($claims->{$claim});
         }
         foreach ($Infocard['optionalClaims'] as $claim => $data) {
             $attributes[$claim] = array($claims->{$claim});
         }
         // sanitize the input
         $sid = SimpleSAML_Utilities::parseStateID($authStateId);
         if (!is_null($sid['url'])) {
             SimpleSAML_Utilities::checkURLAllowed($sid['url']);
         }
         /* Retrieve the authentication state. */
         $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
         /* Find authentication source. */
         assert('array_key_exists(self::AUTHID, $state)');
         $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
         if ($source === NULL) {
             throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
         }
         $state['Attributes'] = $attributes;
         unset($infocard);
         unset($claims);
         SimpleSAML_Auth_Source::completeAuth($state);
     } else {
         unset($infocard);
         unset($claims);
         return 'wrong_IC';
     }
 }
Ejemplo n.º 2
0
     echo $IC;
     $state = 'end';
 } else {
     if (strcmp($userCredential, 'SelfIssuedCredential') == 0) {
         /*
          * VERY IMPORTANT:
          * The STS is acting as a Relying Party to get the PPID in order to generate a
          *  managed card with a self issued credential, that's why we use the STS
          *  certificate private key to decrypt the token.
          */
         if (array_key_exists('xmlToken', $_POST) && $_POST['xmlToken'] != NULL) {
             SimpleSAML_Logger::debug('HAY XML TOKEN');
             $token = new sspmod_InfoCard_RP_InfoCard();
             $idp_key = $autoconfig->getValue('sts_key');
             $token->addIDPKey($idp_key);
             $token->addSTSCertificate('');
             $claims = $token->process($_POST['xmlToken']);
             if ($claims->isValid() && $claims->privatepersonalidentifier != NULL) {
                 $ppid = $claims->privatepersonalidentifier;
                 SimpleSAML_Logger::debug("PPID = {$ppid}");
                 $ICconfig['InfoCard'] = $Infocard;
                 $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');
                 //sspmod_InfoCard_Utils::getIssuer($sts_crt);
                 $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
                 $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
                 $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
                 $ICconfig['certificates'] = $autoconfig->getValue('certificates');
                 $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
                 $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username, $userCredential, $ppid);
                 $IC = sspmod_InfoCard_STS::createCard($ICdata, $ICconfig);
                 header('Content-Disposition: attachment; filename="' . $ICdata['CardName'] . '.crd"');