public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event)
{
$this->request = $event->getRequest();
// Kind of like str_rot8, for hexadecimal strings.
$this->responseId = strtr($event->getRequestData()->oxygenRequestId, 'abcdef0123456789', '23456789abcdef01');
set_exception_handler(array($this, 'handleException'));
set_error_handler(array($this, 'handleError'));
register_shutdown_function(array($this, 'handleFatalError'));
$this->reservedMemory = str_repeat(' ', 1024 * $this->reservedMemorySize);
}
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event)
{
$request = $event->getRequest();
$data = $event->getRequestData();
$existingPublicKey = $this->state->get('oxygen_public_key');
$providedPublicKey = $data->publicKey;
$signature = $data->signature;
$requestId = $data->oxygenRequestId;
$requestExpiresAt = $data->requestExpiresAt;
if (empty($existingPublicKey)) {
// There is no public key set, use the provided one to verify SSL implementation.
$verifyPublicKey = $providedPublicKey;
} else {
$verifyPublicKey = $existingPublicKey;
}
$verified = $this->rsaVerifier->verify($verifyPublicKey, sprintf('%s|%d', $requestId, $requestExpiresAt), $signature);
if (!$verified) {
if (empty($existingPublicKey)) {
// A public key is not set, but the handshake failed. There might be a problem with the OpenSSL implementation.
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_TEST_FAILED);
} else {
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_FAILED);
}
}
if (!empty($existingPublicKey)) {
// We validated against an existing key.
$this->nonceManager->useNonce($requestId, $requestExpiresAt);
$request->setAuthenticated(true);
return;
}
$handshakeKey = @file_get_contents($this->modulePath . '/keys/' . $data->handshakeKey . '.pub');
if ($handshakeKey === false) {
$lastError = error_get_last();
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_KEY_NOT_FOUND, array('lastError' => $lastError['message'], 'keyPath' => $this->modulePath . '/' . $data->handshakeKey));
}
$urlSlug = Oxygen_Util::getUrlSlug($this->baseUrl);
$verifiedHandshake = $this->rsaVerifier->verify($handshakeKey, $urlSlug, $data->handshakeSignature);
if (!$verifiedHandshake) {
throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_VERIFY_FAILED);
}
$this->nonceManager->useNonce($requestId, $requestExpiresAt);
$this->state->set('oxygen_public_key', $providedPublicKey);
$request->setAuthenticated(true);
}
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event)
{
$data = $event->getRequestData();
if (empty($data->version)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_NOT_PROVIDED);
}
if (!is_string($data->version) || !preg_match('{^\\d+\\.\\d+$}', $data->version)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_NOT_VALID);
}
if (version_compare($data->version, $this->version, '>')) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_VERSION_TOO_LOW);
}
if (empty($data->oxygenRequestId)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_REQUEST_ID_NOT_PROVIDED);
}
if (!is_string($data->oxygenRequestId) || !preg_match('{^([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12})$}', $data->oxygenRequestId)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_REQUEST_ID_NOT_VALID);
}
if (empty($data->publicKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_PUBLIC_KEY_NOT_PROVIDED);
}
if (!is_string($data->publicKey) || !strlen($data->publicKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_PUBLIC_KEY_NOT_VALID);
}
if (!isset($data->userName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_USER_NAME_NOT_PROVIDED);
}
if (!is_string($data->userName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_USER_NAME_NOT_VALID);
}
if (empty($data->signature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_SIGNATURE_NOT_PROVIDED);
}
if (!is_string($data->signature) || !preg_match('{^[a-zA-Z\\d/+]+={0,2}$}', $data->signature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_SIGNATURE_NOT_VALID);
}
if (empty($data->handshakeKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_KEY_NOT_PROVIDED);
}
if (!is_string($data->handshakeKey) || !preg_match('{^[a-z0-9_]+$}', $data->handshakeKey)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_KEY_NOT_VALID);
}
if (empty($data->handshakeSignature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_SIGNATURE_NOT_PROVIDED);
}
if (!is_string($data->handshakeSignature) || !preg_match('{^[a-zA-Z\\d/+]+={0,2}$}', $data->handshakeSignature)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_HANDSHAKE_SIGNATURE_NOT_VALID);
}
if (empty($data->requestExpiresAt)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_EXPIRATION_NOT_PROVIDED);
}
if (!is_int($data->requestExpiresAt)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_EXPIRATION_NOT_VALID);
}
if (empty($data->actionName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_NAME_NOT_PROVIDED);
}
if (!is_string($data->actionName)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_NAME_NOT_VALID);
}
if (!isset($data->actionParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_PARAMETERS_NOT_PROVIDED);
}
if (!is_array($data->actionParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_ACTION_PARAMETERS_NOT_VALID);
}
if (empty($data->baseUrl)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_NOT_PROVIDED);
}
if (!is_string($data->baseUrl) || !in_array(parse_url($data->baseUrl, PHP_URL_SCHEME), array('http', 'https')) || !is_string(parse_url($data->baseUrl, PHP_URL_HOST))) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_NOT_VALID);
}
if (!isset($data->stateParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_STATE_PARAMETERS_NOT_PROVIDED);
}
if (!is_array($data->stateParameters)) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_STATE_PARAMETERS_NOT_VALID);
}
$providedBaseUrlSlug = Oxygen_Util::getUrlSlug($data->baseUrl);
$currentBaseUrlSlug = Oxygen_Util::getUrlSlug($this->baseUrl);
if ($providedBaseUrlSlug !== $currentBaseUrlSlug) {
throw new Oxygen_Exception(Oxygen_Exception::PROTOCOL_BASE_URL_SLUG_MISMATCHES, array('providedBaseUrl' => $data->baseUrl, 'providedBaseUrlSlug' => $providedBaseUrlSlug, 'currentBaseUrl' => $this->baseUrl, 'currentBaseUrlSlug' => $currentBaseUrlSlug));
}
}