/**
* Processes an association request from a relying party under OpenID versions
* 1 and 2.
*
* An association request has an openid.mode value of
* associate. This function checks whether the association request
* is valid, and if so, creates an association and sends the response to
* the relying party.
*
* @param Request $request the OpenID request
* @link http://openid.net/specs/openid-authentication-1_1.html#mode_associate, http://openid.net/specs/openid-authentication-2_0.html#associations
*/
protected function associate($request)
{
$this->logger->log(LogLevel::DEBUG, 'SimpleID\\Protocols\\OpenID\\OpenIDModule->associate');
$this->logger->log(LogLevel::INFO, 'OpenID association request', $request->toArray());
$assoc_types = Association::getAssociationTypes();
$session_types = Association::getSessionTypes($this->isHttps(), $request->getVersion());
// Common Request Parameters [8.1.1]
if ($request->getVersion() == Message::OPENID_VERSION_1_1 && !isset($request['openid.session_type'])) {
$request['openid.session_type'] = '';
}
$assoc_type = $request['openid.assoc_type'];
$session_type = $request['openid.session_type'];
// Diffie-Hellman Request Parameters [8.1.2]
$dh_modulus = isset($request['openid.dh_modulus']) ? $request['openid.dh_modulus'] : NULL;
$dh_gen = isset($request['openid.dh_gen']) ? $request['openid.dh_gen'] : NULL;
$dh_consumer_public = $request['openid.dh_consumer_public'];
if (!isset($request['openid.session_type']) || !isset($request['openid.assoc_type'])) {
$this->logger->log(LogLevel::ERROR, 'Association failed: openid.session_type or openid.assoc_type not set');
$this->directError('openid.session_type or openid.assoc_type not set', array(), $request);
return;
}
// Check if the assoc_type is supported
if (!array_key_exists($assoc_type, $assoc_types)) {
$error = array('error_code' => 'unsupported-type', 'session_type' => 'DH-SHA1', 'assoc_type' => 'HMAC-SHA1');
$this->logger->log(LogLevel::ERROR, 'Association failed: The association type is not supported by SimpleID.');
$this->directError('The association type is not supported by SimpleID.', $error, $request);
return;
}
// Check if the session_type is supported
if (!array_key_exists($session_type, $session_types)) {
$error = array('error_code' => 'unsupported-type', 'session_type' => 'DH-SHA1', 'assoc_type' => 'HMAC-SHA1');
$this->logger->log(LogLevel::ERROR, 'Association failed: The session type is not supported by SimpleID.');
$this->directError('The session type is not supported by SimpleID.', $error, $request);
return;
}
if ($session_type == 'DH-SHA1' || $session_type == 'DH-SHA256') {
if (!$dh_consumer_public) {
$this->logger->log(LogLevel::ERROR, 'Association failed: openid.dh_consumer_public not set');
$this->directError('openid.dh_consumer_public not set', array(), $request);
return;
}
}
$association = new Association(Association::ASSOCIATION_SHARED, $assoc_type);
$this->logger->log(LogLevel::INFO, 'Created association: ' . $association->toString());
$this->cache->set($association->getHandle() . '.openid_association', $association, SIMPLEID_SHORT_TOKEN_EXPIRES_IN);
$response = new Response($request);
$response->setArray($association->getOpenIDResponse($session_type, $dh_consumer_public, $dh_modulus, $dh_gen));
$response->set('expires_in', SIMPLEID_SHORT_TOKEN_EXPIRES_IN);
$this->logger->log(LogLevel::INFO, 'Association response', $response->toArray());
$response->render();
}
