/** * @see http://csrc.nist.gov/ipsec/papers/rfc2202-testcases.txt **/ public function testHmacsha1() { $this->assertEquals(TextUtils::hex2Binary('b617318655057264e28bc0b6fb378c8ef146be00'), CryptoFunctions::hmacsha1(TextUtils::hex2Binary('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'), "Hi There")); $this->assertEquals(CryptoFunctions::hmacsha1("Jefe", "what do ya want for nothing?"), TextUtils::hex2Binary('effcdf6ae5eb2fa2d27416d5f184df9c259a7c79')); $this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'), TextUtils::hex2Binary('dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd')), TextUtils::hex2Binary('125d7342b9ac11cd91a39af48aa17b4f63f175d3')); $this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('0102030405060708090a0b0c0d0e0f10111213141516171819'), TextUtils::hex2Binary('cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd')), TextUtils::hex2Binary('4c9007f4026250c6bc8414f9bf50c86c2d7235da')); $this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c'), "Test With Truncation"), TextUtils::hex2Binary('4c1a03424b55e07fe7f27be1d58bb9324a9a5a04')); $this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'), "Test Using Larger Than Block-Size Key - Hash Key First"), TextUtils::hex2Binary('aa4ae5e15272d00e95705637ce8a3b55ed402112')); $this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'), "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"), TextUtils::hex2Binary('e8e99d0f45237d786d6bbaa7965c7808bbff1a91')); }
/** * proceed results of checkid_immediate and checkid_setup * * @param $request incoming request * @param **/ public function doContinue(HttpRequest $request, $manager = null) { if ($manager) { Assert::isTrue($manager instanceof OpenIdConsumerAssociationManager); } $parameters = $this->parseGetParameters($request->getGet()); foreach ($this->extensions as $extension) { $extension->parseResponce($request, $parameters); } if (!isset($parameters['openid.mode'])) { throw new WrongArgumentException('not an openid request'); } if ($parameters['openid.mode'] == 'id_res') { if (isset($parameters['openid.user_setup_url'])) { $setupUrl = HttpUrl::create()->parse($parameters['openid.user_setup_url']); Assert::isTrue($setupUrl->isValid()); return new OpenIdConsumerSetupRequired($setupUrl); } } elseif ($parameters['openid.mode'] = 'cancel') { return new OpenIdConsumerCancel(); } if (!isset($parameters['openid.assoc_handle'])) { throw new WrongArgumentException('no association handle'); } if (!isset($parameters['openid.identity'])) { throw new WrongArgumentException('no identity'); } $identity = HttpUrl::create()->parse($parameters['openid.identity']); Assert::isTrue($identity->isValid(), 'invalid identity'); $identity->makeComparable(); $signedFields = array(); if (isset($parameters['openid.signed'], $parameters['openid.sig'])) { $signedFields = explode(',', $parameters['openid.signed']); if (!in_array('identity', $signedFields)) { throw new WrongArgumentException('identity must be signed'); } } else { throw new WrongArgumentException('no signature in response'); } if ($manager && ($association = $manager->findByHandle($parameters['openid.assoc_handle'], self::ASSOCIATION_TYPE)) && !isset($parameters['openid.invalidate_handle'])) { // smart mode $tokenContents = null; foreach ($signedFields as $signedField) { $tokenContents .= $signedField . ':' . $parameters['openid.' . strtr($signedField, '.', '_')] . "\n"; } if (base64_encode(CryptoFunctions::hmacsha1($association->getSecret(), $tokenContents)) != $parameters['openid.sig']) { throw new WrongArgumentException('signature mismatch'); } return new OpenIdConsumerPositive($identity); } elseif (!$manager || isset($parameters['openid.invalidate_handle'])) { // dumb or handle invalidation mode if ($this->checkAuthentication($parameters, $manager)) { return new OpenIdConsumerPositive($identity); } else { return new OpenIdConsumerFail(); } } Assert::isUnreachable(); }