/**
* @see http://csrc.nist.gov/ipsec/papers/rfc2202-testcases.txt
**/
public function testHmacsha1()
{
$this->assertEquals(TextUtils::hex2Binary('b617318655057264e28bc0b6fb378c8ef146be00'), CryptoFunctions::hmacsha1(TextUtils::hex2Binary('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'), "Hi There"));
$this->assertEquals(CryptoFunctions::hmacsha1("Jefe", "what do ya want for nothing?"), TextUtils::hex2Binary('effcdf6ae5eb2fa2d27416d5f184df9c259a7c79'));
$this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'), TextUtils::hex2Binary('dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd')), TextUtils::hex2Binary('125d7342b9ac11cd91a39af48aa17b4f63f175d3'));
$this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('0102030405060708090a0b0c0d0e0f10111213141516171819'), TextUtils::hex2Binary('cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd')), TextUtils::hex2Binary('4c9007f4026250c6bc8414f9bf50c86c2d7235da'));
$this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c'), "Test With Truncation"), TextUtils::hex2Binary('4c1a03424b55e07fe7f27be1d58bb9324a9a5a04'));
$this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'), "Test Using Larger Than Block-Size Key - Hash Key First"), TextUtils::hex2Binary('aa4ae5e15272d00e95705637ce8a3b55ed402112'));
$this->assertEquals(CryptoFunctions::hmacsha1(TextUtils::hex2Binary('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'), "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"), TextUtils::hex2Binary('e8e99d0f45237d786d6bbaa7965c7808bbff1a91'));
}
/**
* proceed results of checkid_immediate and checkid_setup
*
* @param $request incoming request
* @param
**/
public function doContinue(HttpRequest $request, $manager = null)
{
if ($manager) {
Assert::isTrue($manager instanceof OpenIdConsumerAssociationManager);
}
$parameters = $this->parseGetParameters($request->getGet());
foreach ($this->extensions as $extension) {
$extension->parseResponce($request, $parameters);
}
if (!isset($parameters['openid.mode'])) {
throw new WrongArgumentException('not an openid request');
}
if ($parameters['openid.mode'] == 'id_res') {
if (isset($parameters['openid.user_setup_url'])) {
$setupUrl = HttpUrl::create()->parse($parameters['openid.user_setup_url']);
Assert::isTrue($setupUrl->isValid());
return new OpenIdConsumerSetupRequired($setupUrl);
}
} elseif ($parameters['openid.mode'] = 'cancel') {
return new OpenIdConsumerCancel();
}
if (!isset($parameters['openid.assoc_handle'])) {
throw new WrongArgumentException('no association handle');
}
if (!isset($parameters['openid.identity'])) {
throw new WrongArgumentException('no identity');
}
$identity = HttpUrl::create()->parse($parameters['openid.identity']);
Assert::isTrue($identity->isValid(), 'invalid identity');
$identity->makeComparable();
$signedFields = array();
if (isset($parameters['openid.signed'], $parameters['openid.sig'])) {
$signedFields = explode(',', $parameters['openid.signed']);
if (!in_array('identity', $signedFields)) {
throw new WrongArgumentException('identity must be signed');
}
} else {
throw new WrongArgumentException('no signature in response');
}
if ($manager && ($association = $manager->findByHandle($parameters['openid.assoc_handle'], self::ASSOCIATION_TYPE)) && !isset($parameters['openid.invalidate_handle'])) {
// smart mode
$tokenContents = null;
foreach ($signedFields as $signedField) {
$tokenContents .= $signedField . ':' . $parameters['openid.' . strtr($signedField, '.', '_')] . "\n";
}
if (base64_encode(CryptoFunctions::hmacsha1($association->getSecret(), $tokenContents)) != $parameters['openid.sig']) {
throw new WrongArgumentException('signature mismatch');
}
return new OpenIdConsumerPositive($identity);
} elseif (!$manager || isset($parameters['openid.invalidate_handle'])) {
// dumb or handle invalidation mode
if ($this->checkAuthentication($parameters, $manager)) {
return new OpenIdConsumerPositive($identity);
} else {
return new OpenIdConsumerFail();
}
}
Assert::isUnreachable();
}
