function getAuth($foafuri = NULL) { if (!$_SERVER['HTTPS']) { return array('isAuthenticated' => 0, 'authDiagnostic' => 'No client certificate supplied on an unsecure connection'); } if (!$_SERVER['SSL_CLIENT_CERT']) { return array('isAuthenticated' => 0, 'authDiagnostic' => 'No client certificate supplied'); } $certrsakey = openssl_pkey_get_public_hex(); if (!$certrsakey) { return array('isAuthenticated' => 0, 'authDiagnostic' => 'No RSA Key in the supplied client certificate'); } $result = array('certRSAKey' => $certrsakey); $san = openssl_get_subjectAltName(); $foafuri = $san['URI']; // $foafuri = 'http://www.w3.org/People/Berners-Lee/card#i'; // $foafuri = 'http://bblfish.net/people/henry/card#me'; // $foafuri = 'http://danbri.org/foaf.rdf#danbri'; // $foafuri = 'http://foafbuilder.qdos.com/people/melvster.com/foaf.rdf'; // $foafuri = 'http://test.foaf-ssl.org/certs/1235593768725.rdf#accnt'; // $foafuri = 'http://myopenlink.net/dataspace/person/kidehen#this'; $result = safe_array_merge($result, array('subjectAltName' => $foafuri)); // $foafrsakey = get_foaf_rsakey($foafuri); // $result = array_merge($result, array('subjectAltNameRSAKey'=>$foafrsakey)); if ($agent = get_agent($foafuri)) { $result = safe_array_merge($result, $agent); if ($agent['agent']['RSAKey']) { if (equal_rsa_keys($certrsakey, $agent['agent']['RSAKey'])) { $result = safe_array_merge($result, array('isAuthenticated' => 1, 'authDiagnostic' => 'Client Certificate RSAkey matches SAN RSAkey')); } else { $result = safe_array_merge($result, array('isAuthenticated' => 0, 'authDiagnostic' => 'Client Certificate RSAkey does not match SAN RSAkey')); } } else { $result = safe_array_merge($result, array('isAuthenticated' => 0, 'authDiagnostic' => 'No RSAKey found at supplied agent')); } } else { $result = safe_array_merge($result, array('isAuthenticated' => 0, 'authDiagnostic' => 'No agent found at supplied SAN')); } return $result; }
<div id="wrap"><?php include 'header.php'; ?> <?php require_once "config.php"; require_once "db.class.php"; require_once 'lib/libAuthentication.php'; $db = new db_class(); $db->connect('localhost', $config['db_user'], $config['db_pwd'], $config['db_name']); function printrdf($str) { global $rdf; $rdf .= $str; } $subjectAltName = openssl_get_subjectAltName(); $certrsakey = openssl_pkey_get_public_hex(); $rdf = $_POST['rdf']; if (empty($rdf) || $rdf == '0') { $rdf = '<rdf:RDF'; printrdf(' xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"'); printrdf(' xmlns:cert="http://www.w3.org/ns/auth/cert#"'); printrdf(' xmlns:rsa="http://www.w3.org/ns/auth/rsa#">'); printrdf('<rsa:RSAPublicKey>'); $foaffile = $subjectAltName['URI'] ? $subjectAltName['URI'] : 'TYPE YOUR WEBID HERE'; printrdf(' <cert:identity rdf:resource="' . $foaffile . '"/>'); printrdf(' <rsa:public_exponent cert:decimal="'); $exponent = $certrsakey['exponent'] ? hexdec($certrsakey['exponent']) : 'TYPE THE EXPONENT OF YOUR PUBLIC KEY HERE'; printrdf($exponent . '"/>'); printrdf(' <rsa:modulus cert:hex="'); $modulus = $certrsakey['modulus'] ? $certrsakey['modulus'] : 'TYPE THE MODULUS OF YOUR PUBLIC RSA KEY HERE'; printrdf($modulus . '"/>');