protected function doTestFunctional($mac_key, $algo)
{
$consumer = new DiffieHellman(NULL, NULL, $algo);
$server = new DiffieHellman(NULL, NULL, $algo);
$dh_consumer_public = $consumer->getPublicKey();
$response = $server->associateAsServer($mac_key, $dh_consumer_public);
return base64_decode($consumer->associateAsConsumer($response['enc_mac_key'], $response['dh_server_public']));
}
function associate($server_url)
{
list($p, $g) = $this->get_mod_gen();
$dh = new DiffieHellman($p, $g, $this->srand);
$cpub = $dh->createKeyExchange();
$args = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', 'openid.dh_modulus' => oidUtil::to_b64(oidUtil::long2a($dh->p)), 'openid.dh_gen' => oidUtil::to_b64(oidUtil::long2a($dh->g)), 'openid.dh_consumer_public' => oidUtil::to_b64(oidUtil::long2a($cpub)));
$body = http_build_query($args);
list($url, $data) = $this->http_client->post($server_url, $body);
$results = oidUtil::parsekv($data);
$assoc_type = $this->getResult($results, 'assoc_type');
if ($assoc_type != 'HMAC-SHA1') {
trigger_error(sprintf('runtime error : Unknown association type %s', $assoc_type), E_USER_WARNING);
}
$assoc_handle = $this->getResult($results, 'assoc_handle');
$expires_in = isset($results['expires_in']) ? $results['expires_in'] : 0;
$session_type = isset($results['session_type']) ? $results['session_type'] : 0;
if (!$session_type) {
$secret = oidUtil::from_b64($this->getResult($results, 'mac_key'));
} else {
if ($session_type != 'DH-SHA1') {
trigger_error(sprintf('runtime error : Unknown Session Type: %s', $session_type), E_USER_WARNING);
}
$spub = oidUtil::a2long(oidUtil::from_b64($this->getResult($results, 'dh_server_public')));
$dh_shared = $dh->decryptKeyExchange($spub);
$enc_mac_key = $this->getResult($results, 'enc_mac_key');
// print "enc_mac_key: " . $enc_mac_key;
$secret = oidUtil::strxor(oidUtil::from_b64($enc_mac_key), oidUtil::sha1(oidUtil::long2a($dh_shared)));
}
return ConsumerAssociation::from_expires_in($expires_in, $server_url, $assoc_handle, $secret);
}
function do_associate($req)
{
// Performs the actions needed for openid.mode=associate. If
// srand was provided when constructing this server instance,
// this method supports the DH-SHA1 openid.session_type when
// requested. This function requires that $this->get_new_secret be
// overriden to function properly. Returns a Response object
// indicating what should be sent back to the consumer.
$reply = array();
$assoc_type = $req->get('openid.assoc_type', 'HMAC-SHA1');
$assoc = $this->estore->get($assoc_type);
$session_type = $req->get('session_type');
if ($session_type) {
if ($session_type == 'DH-SHA1') {
$p = $req->get('dh_modulus');
$g = $req->get('dh_gen');
$dh = DiffieHellman::fromBase64($p, $g, $this->srand);
$cpub = oidUtil::a2long(oidUtil::from_b64($req->get('dh_consumer_public')));
$dh_shared = $dh->decryptKeyExchange($cpub);
$mac_key = oidUtil::strxor($assoc->secret, oidUtil::sha1(oidUtil::long2a($dh_shared)));
$spub = $dh->createKeyExchange();
$reply['session_type'] = $session_type;
$reply['dh_server_public'] = oidUtil::to_b64(oidUtil::long2a($spub));
$reply['enc_mac_key'] = oidUtil::to_b64($mac_key);
// error_log( "assoc.secret: " . $assoc->secret );
// error_log( "dh_server_public: " . $reply['dh_server_public'] );
// error_log( "dh_server_public_raw: " . $spub );
// error_log( "enc_mac_key: " . $reply['enc_mac_key'] );
} else {
// raise ProtocolError('session_type must be DH-SHA1');
$error = 'session_type must be DH-SHA1';
return OpenIDServer::_error_page($error);
}
} else {
$reply['mac_key'] = oidUtil::to_b64($assoc->secret);
}
$reply['assoc_type'] = $assoc_type;
$reply['assoc_handle'] = $assoc->handle;
$reply['expires_in'] = $assoc->get_expires_in();
return response_page(oidUtil::kvform($reply));
}
