function update($new_assoc, $expired) { if ($new_assoc) { $query = sprintf($this->qstrs[0], $new_assoc->server_url, $new_assoc->handle, oidUtil::to_b64($new_assoc->secret), $new_assoc->issued, $new_assoc->lifetime); $this->connection->beginTransaction(); $this->connection->query($query); $this->connection->commit(); } foreach ($expired as $assoc) { $this->invalidate($assoc->server_url, $assoc->handle); } }
function associate($server_url) { list($p, $g) = $this->get_mod_gen(); $dh = new DiffieHellman($p, $g, $this->srand); $cpub = $dh->createKeyExchange(); $args = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', 'openid.dh_modulus' => oidUtil::to_b64(oidUtil::long2a($dh->p)), 'openid.dh_gen' => oidUtil::to_b64(oidUtil::long2a($dh->g)), 'openid.dh_consumer_public' => oidUtil::to_b64(oidUtil::long2a($cpub))); $body = http_build_query($args); list($url, $data) = $this->http_client->post($server_url, $body); $results = oidUtil::parsekv($data); $assoc_type = $this->getResult($results, 'assoc_type'); if ($assoc_type != 'HMAC-SHA1') { trigger_error(sprintf('runtime error : Unknown association type %s', $assoc_type), E_USER_WARNING); } $assoc_handle = $this->getResult($results, 'assoc_handle'); $expires_in = isset($results['expires_in']) ? $results['expires_in'] : 0; $session_type = isset($results['session_type']) ? $results['session_type'] : 0; if (!$session_type) { $secret = oidUtil::from_b64($this->getResult($results, 'mac_key')); } else { if ($session_type != 'DH-SHA1') { trigger_error(sprintf('runtime error : Unknown Session Type: %s', $session_type), E_USER_WARNING); } $spub = oidUtil::a2long(oidUtil::from_b64($this->getResult($results, 'dh_server_public'))); $dh_shared = $dh->decryptKeyExchange($spub); $enc_mac_key = $this->getResult($results, 'enc_mac_key'); // print "enc_mac_key: " . $enc_mac_key; $secret = oidUtil::strxor(oidUtil::from_b64($enc_mac_key), oidUtil::sha1(oidUtil::long2a($dh_shared))); } return ConsumerAssociation::from_expires_in($expires_in, $server_url, $assoc_handle, $secret); }
function sign_reply($reply, $key, $signed_fields) { // Sign the given fields from the reply with the specified key. // Return signed and sig $text = ''; foreach ($signed_fields as $i) { $val = $reply['openid.' . $i]; $text .= sprintf("%s:%s\n", $i, $val); } $sha1 = oidUtil::hmacsha1($key, $text); $b64_sha1 = oidUtil::to_b64($sha1); return array(implode(',', $signed_fields), $b64_sha1); }
function do_associate($req) { // Performs the actions needed for openid.mode=associate. If // srand was provided when constructing this server instance, // this method supports the DH-SHA1 openid.session_type when // requested. This function requires that $this->get_new_secret be // overriden to function properly. Returns a Response object // indicating what should be sent back to the consumer. $reply = array(); $assoc_type = $req->get('openid.assoc_type', 'HMAC-SHA1'); $assoc = $this->estore->get($assoc_type); $session_type = $req->get('session_type'); if ($session_type) { if ($session_type == 'DH-SHA1') { $p = $req->get('dh_modulus'); $g = $req->get('dh_gen'); $dh = DiffieHellman::fromBase64($p, $g, $this->srand); $cpub = oidUtil::a2long(oidUtil::from_b64($req->get('dh_consumer_public'))); $dh_shared = $dh->decryptKeyExchange($cpub); $mac_key = oidUtil::strxor($assoc->secret, oidUtil::sha1(oidUtil::long2a($dh_shared))); $spub = $dh->createKeyExchange(); $reply['session_type'] = $session_type; $reply['dh_server_public'] = oidUtil::to_b64(oidUtil::long2a($spub)); $reply['enc_mac_key'] = oidUtil::to_b64($mac_key); // error_log( "assoc.secret: " . $assoc->secret ); // error_log( "dh_server_public: " . $reply['dh_server_public'] ); // error_log( "dh_server_public_raw: " . $spub ); // error_log( "enc_mac_key: " . $reply['enc_mac_key'] ); } else { // raise ProtocolError('session_type must be DH-SHA1'); $error = 'session_type must be DH-SHA1'; return OpenIDServer::_error_page($error); } } else { $reply['mac_key'] = oidUtil::to_b64($assoc->secret); } $reply['assoc_type'] = $assoc_type; $reply['assoc_handle'] = $assoc->handle; $reply['expires_in'] = $assoc->get_expires_in(); return response_page(oidUtil::kvform($reply)); }
function create_return_to($base, $identity) { $args = array('id' => $identity, 'time' => (string) time()); $args['v'] = oidUtil::to_b64(oidUtil::hmacsha1($this->secret, $args['id'] . $args['time'])); return oidUtil::append_args($base, $args); }