public function loadByHandle($opEndpoint, $assocHandle)
{
$key = md5($opEndpoint);
$row = isset($this->container[$key]) ? $this->container[$key] : null;
if (!empty($row) && $row['assocHandle'] == $assocHandle) {
$assoc = new Association();
$assoc->setAssocHandle($row['assocHandle']);
$assoc->setAssocType($row['assocType']);
$assoc->setSessionType($row['sessionType']);
$assoc->setSecret($row['secret']);
$assoc->setExpire($row['expires']);
return $assoc;
}
return null;
}
public function loadByHandle($opEndpoint, $assocHandle)
{
$data = unserialize(FileObject::getContents($this->file));
$key = md5($opEndpoint);
$row = isset($data[$key]) ? $data[$key] : null;
if (!empty($row) && $row['assocHandle'] == $assocHandle) {
$assoc = new Association();
$assoc->setAssocHandle($row['assocHandle']);
$assoc->setAssocType($row['assocType']);
$assoc->setSessionType($row['sessionType']);
$assoc->setSecret($row['secret']);
$assoc->setExpire($row['expires']);
return $assoc;
}
return null;
}
public function loadByHandle($opEndpoint, $assocHandle)
{
$sql = <<<SQL
SELECT
\t`assocHandle`,
\t`assocType`,
\t`sessionType`,
\t`secret`,
\t`expires`
FROM
\t{$this->table}
WHERE
\t`opEndpoint` = ?
AND
\t`assocHandle` = ?
SQL;
$row = $this->sql->getRow($sql, array($opEndpoint, $assocHandle));
if (!empty($row)) {
$assoc = new Association();
$assoc->setAssocHandle($row['assocHandle']);
$assoc->setAssocType($row['assocType']);
$assoc->setSessionType($row['sessionType']);
$assoc->setSecret($row['secret']);
$assoc->setExpire($row['expires']);
return $assoc;
}
return null;
}
/**
* Tries to establish a association with the op if a store is available. The
* method returns null or PSX\OpenId\Provider\Data\Association. Discovery
* must be made before calling this method
*
* @return PSX\OpenId\Provider\Data\Association|null
*/
private function establishAssociaton($assocType = 'HMAC-SHA256', $sessionType = 'DH-SHA256')
{
// request association
$g = pack('H*', ProviderAbstract::DH_G);
$p = pack('H*', ProviderAbstract::DH_P);
$pkey = new PKey(array('private_key_type' => OPENSSL_KEYTYPE_DH, 'dh' => array('p' => $p, 'g' => $g)));
$details = $pkey->getDetails();
$params = array('openid.ns' => ProviderAbstract::NS, 'openid.mode' => 'associate', 'openid.assoc_type' => $assocType, 'openid.session_type' => $sessionType, 'openid.dh_modulus' => base64_encode(ProviderAbstract::btwoc($details['dh']['p'])), 'openid.dh_gen' => base64_encode(ProviderAbstract::btwoc($details['dh']['g'])), 'openid.dh_consumer_public' => base64_encode(ProviderAbstract::btwoc($details['dh']['pub_key'])));
$request = new PostRequest($this->identity->getServer(), array('User-Agent' => __CLASS__ . ' ' . Base::VERSION), $params);
$response = $this->http->request($request);
if ($response->getStatusCode() == 200) {
$data = self::keyValueDecode($response->getBody());
// check values
$diff = array_diff(array('ns', 'assoc_handle', 'session_type', 'assoc_type', 'expires_in'), array_keys($data));
if (count($diff) > 0) {
throw new Exception('Missing fields ' . implode(', ', $diff));
}
if ($data['ns'] != ProviderAbstract::NS) {
throw new Exception('Invalid namesspace');
}
if (!in_array($data['session_type'], self::$supportedSessionTypes)) {
throw new Exception('Invalid session type');
}
if (!in_array($data['assoc_type'], self::$supportedAssocTypes)) {
throw new Exception('Invalid assoc type');
}
// decrypt shared secret
if ($data['session_type'] != 'no-encryption') {
if (!isset($data['dh_server_public'])) {
throw new Exception('DH server public not set');
}
if (!isset($data['enc_mac_key'])) {
throw new Exception('Encoded mac key not set');
}
$dhFunc = str_replace('DH-', '', $data['session_type']);
$serverPub = base64_decode($data['dh_server_public']);
$dhSec = OpenSsl::dhComputeKey($serverPub, $pkey);
$sec = OpenSsl::digest(ProviderAbstract::btwoc($dhSec), $dhFunc, true);
$serverSecret = base64_encode($sec ^ base64_decode($data['enc_mac_key']));
} else {
if (!isset($data['mac_key'])) {
throw new Exception('Mac key not set');
}
$dhFunc = null;
$serverSecret = $data['mac_key'];
}
// build association
$assoc = new Association();
$assoc->setAssocHandle($data['assoc_handle']);
$assoc->setAssocType($data['assoc_type']);
$assoc->setSessionType($data['session_type']);
$assoc->setSecret($serverSecret);
$assoc->setExpire($data['expires_in']);
return $assoc;
} else {
throw new Exception('Could not establish associaton received ' . $response->getStatusCode());
}
}
/**
* Generates an association from an request
*
* @param PSX\OpenId\Provider\Data\AssociationRequest $request
* @return PSX\OpenId\Provider\Association
*/
public function generate(AssociationRequest $request)
{
// generate secret
switch ($request->getAssocType()) {
case 'HMAC-SHA1':
$secret = ProviderAbstract::randomBytes(20);
$macFunc = 'SHA1';
break;
case 'HMAC-SHA256':
$secret = ProviderAbstract::randomBytes(32);
$macFunc = 'SHA256';
break;
default:
throw new InvalidDataException('Invalid association type');
break;
}
// generate dh
switch ($request->getSessionType()) {
case 'no-encryption':
// $secret = base64_encode($secret);
// $this->macKey = $secret;
throw new InvalidDataException('no-encryption not supported');
break;
case 'DH-SHA1':
$dh = ProviderAbstract::generateDh($request->getDhGen(), $request->getDhModulus(), $request->getDhConsumerPublic(), $macFunc, $secret);
$this->dhServerPublic = $dh['pubKey'];
$this->encMacKey = $dh['macKey'];
break;
case 'DH-SHA256':
$dh = ProviderAbstract::generateDh($request->getDhGen(), $request->getDhModulus(), $request->getDhConsumerPublic(), $macFunc, $secret);
$this->dhServerPublic = $dh['pubKey'];
$this->encMacKey = $dh['macKey'];
break;
default:
throw new InvalidDataException('Invalid association type');
break;
}
$this->assocHandle = ProviderAbstract::generateHandle();
$this->secret = base64_encode($secret);
$this->macFunc = $macFunc;
$assoc = new Association();
$assoc->setAssocHandle($this->assocHandle);
$assoc->setAssocType($request->getAssocType());
$assoc->setSessionType($request->getSessionType());
$assoc->setSecret($this->secret);
return $assoc;
}