Example #1
0
    public function onAsocciation(Association $assoc)
    {
        $sql = <<<SQL
SELECT
\t`assoc`.`id`,
\t`assoc`.`assocHandle`,
\t`assoc`.`expires`,
\t`assoc`.`date`
FROM 
\t{$this->registry['table.openid_assoc']} `assoc`
WHERE 
\t`assoc`.`assocHandle` = ?
SQL;
        $row = $this->sql->getRow($sql, array($assoc->getAssocHandle()));
        if (empty($row)) {
            $date = new DateTime('NOW', $this->registry['core.default_timezone']);
            $this->sql->insert($this->registry['table.openid_assoc'], array('assocHandle' => $assoc->getAssocHandle(), 'assocType' => $assoc->getAssocType(), 'sessionType' => $assoc->getSessionType(), 'secret' => $assoc->getSecret(), 'expires' => self::EXPIRE, 'date' => $date->format(DateTime::SQL)));
            return self::EXPIRE;
        } else {
            throw new Exception('Association already exists');
        }
    }
Example #2
0
File: Sql.php Project: k42b3/psx-ws
 public function save($opEndpoint, Association $assoc)
 {
     $now = new DateTime();
     $this->sql->insert($this->table, array('opEndpoint' => $opEndpoint, 'assocHandle' => $assoc->getAssocHandle(), 'assocType' => $assoc->getAssocType(), 'sessionType' => $assoc->getSessionType(), 'secret' => $assoc->getSecret(), 'expires' => $assoc->getExpire(), 'date' => $now->format(DateTime::SQL)));
 }
Example #3
0
 public function save($opEndpoint, Association $assoc)
 {
     $data = unserialize(FileObject::getContents($this->file));
     $key = md5($opEndpoint);
     $data[$key] = array('opEndpoint' => $opEndpoint, 'assocHandle' => $assoc->getAssocHandle(), 'assocType' => $assoc->getAssocType(), 'sessionType' => $assoc->getSessionType(), 'secret' => $assoc->getSecret(), 'expires' => $assoc->getExpire());
     FileObject::putContents($this->file, serialize($data));
 }
Example #4
0
 /**
  * Tries to establish a association with the op if a store is available. The
  * method returns null or PSX\OpenId\Provider\Data\Association. Discovery
  * must be made before calling this method
  *
  * @return PSX\OpenId\Provider\Data\Association|null
  */
 private function establishAssociaton($assocType = 'HMAC-SHA256', $sessionType = 'DH-SHA256')
 {
     // request association
     $g = pack('H*', ProviderAbstract::DH_G);
     $p = pack('H*', ProviderAbstract::DH_P);
     $pkey = new PKey(array('private_key_type' => OPENSSL_KEYTYPE_DH, 'dh' => array('p' => $p, 'g' => $g)));
     $details = $pkey->getDetails();
     $params = array('openid.ns' => ProviderAbstract::NS, 'openid.mode' => 'associate', 'openid.assoc_type' => $assocType, 'openid.session_type' => $sessionType, 'openid.dh_modulus' => base64_encode(ProviderAbstract::btwoc($details['dh']['p'])), 'openid.dh_gen' => base64_encode(ProviderAbstract::btwoc($details['dh']['g'])), 'openid.dh_consumer_public' => base64_encode(ProviderAbstract::btwoc($details['dh']['pub_key'])));
     $request = new PostRequest($this->identity->getServer(), array('User-Agent' => __CLASS__ . ' ' . Base::VERSION), $params);
     $response = $this->http->request($request);
     if ($response->getStatusCode() == 200) {
         $data = self::keyValueDecode($response->getBody());
         // check values
         $diff = array_diff(array('ns', 'assoc_handle', 'session_type', 'assoc_type', 'expires_in'), array_keys($data));
         if (count($diff) > 0) {
             throw new Exception('Missing fields ' . implode(', ', $diff));
         }
         if ($data['ns'] != ProviderAbstract::NS) {
             throw new Exception('Invalid namesspace');
         }
         if (!in_array($data['session_type'], self::$supportedSessionTypes)) {
             throw new Exception('Invalid session type');
         }
         if (!in_array($data['assoc_type'], self::$supportedAssocTypes)) {
             throw new Exception('Invalid assoc type');
         }
         // decrypt shared secret
         if ($data['session_type'] != 'no-encryption') {
             if (!isset($data['dh_server_public'])) {
                 throw new Exception('DH server public not set');
             }
             if (!isset($data['enc_mac_key'])) {
                 throw new Exception('Encoded mac key not set');
             }
             $dhFunc = str_replace('DH-', '', $data['session_type']);
             $serverPub = base64_decode($data['dh_server_public']);
             $dhSec = OpenSsl::dhComputeKey($serverPub, $pkey);
             $sec = OpenSsl::digest(ProviderAbstract::btwoc($dhSec), $dhFunc, true);
             $serverSecret = base64_encode($sec ^ base64_decode($data['enc_mac_key']));
         } else {
             if (!isset($data['mac_key'])) {
                 throw new Exception('Mac key not set');
             }
             $dhFunc = null;
             $serverSecret = $data['mac_key'];
         }
         // build association
         $assoc = new Association();
         $assoc->setAssocHandle($data['assoc_handle']);
         $assoc->setAssocType($data['assoc_type']);
         $assoc->setSessionType($data['session_type']);
         $assoc->setSecret($serverSecret);
         $assoc->setExpire($data['expires_in']);
         return $assoc;
     } else {
         throw new Exception('Could not establish associaton received ' . $response->getStatusCode());
     }
 }
Example #5
0
 public function save($opEndpoint, Association $assoc)
 {
     $key = md5($opEndpoint);
     $this->container[$key] = array('opEndpoint' => $opEndpoint, 'assocHandle' => $assoc->getAssocHandle(), 'assocType' => $assoc->getAssocType(), 'sessionType' => $assoc->getSessionType(), 'secret' => $assoc->getSecret(), 'expires' => $assoc->getExpire());
 }
Example #6
0
 /**
  * Generates an association from an request
  *
  * @param PSX\OpenId\Provider\Data\AssociationRequest $request
  * @return PSX\OpenId\Provider\Association
  */
 public function generate(AssociationRequest $request)
 {
     // generate secret
     switch ($request->getAssocType()) {
         case 'HMAC-SHA1':
             $secret = ProviderAbstract::randomBytes(20);
             $macFunc = 'SHA1';
             break;
         case 'HMAC-SHA256':
             $secret = ProviderAbstract::randomBytes(32);
             $macFunc = 'SHA256';
             break;
         default:
             throw new InvalidDataException('Invalid association type');
             break;
     }
     // generate dh
     switch ($request->getSessionType()) {
         case 'no-encryption':
             // $secret = base64_encode($secret);
             // $this->macKey = $secret;
             throw new InvalidDataException('no-encryption not supported');
             break;
         case 'DH-SHA1':
             $dh = ProviderAbstract::generateDh($request->getDhGen(), $request->getDhModulus(), $request->getDhConsumerPublic(), $macFunc, $secret);
             $this->dhServerPublic = $dh['pubKey'];
             $this->encMacKey = $dh['macKey'];
             break;
         case 'DH-SHA256':
             $dh = ProviderAbstract::generateDh($request->getDhGen(), $request->getDhModulus(), $request->getDhConsumerPublic(), $macFunc, $secret);
             $this->dhServerPublic = $dh['pubKey'];
             $this->encMacKey = $dh['macKey'];
             break;
         default:
             throw new InvalidDataException('Invalid association type');
             break;
     }
     $this->assocHandle = ProviderAbstract::generateHandle();
     $this->secret = base64_encode($secret);
     $this->macFunc = $macFunc;
     $assoc = new Association();
     $assoc->setAssocHandle($this->assocHandle);
     $assoc->setAssocType($request->getAssocType());
     $assoc->setSessionType($request->getSessionType());
     $assoc->setSecret($this->secret);
     return $assoc;
 }