/**
* Generates an association from an request
*
* @param PSX\OpenId\Provider\Data\AssociationRequest $request
* @return PSX\OpenId\Provider\Association
*/
public function generate(AssociationRequest $request)
{
// generate secret
switch ($request->getAssocType()) {
case 'HMAC-SHA1':
$secret = ProviderAbstract::randomBytes(20);
$macFunc = 'SHA1';
break;
case 'HMAC-SHA256':
$secret = ProviderAbstract::randomBytes(32);
$macFunc = 'SHA256';
break;
default:
throw new InvalidDataException('Invalid association type');
break;
}
// generate dh
switch ($request->getSessionType()) {
case 'no-encryption':
// $secret = base64_encode($secret);
// $this->macKey = $secret;
throw new InvalidDataException('no-encryption not supported');
break;
case 'DH-SHA1':
$dh = ProviderAbstract::generateDh($request->getDhGen(), $request->getDhModulus(), $request->getDhConsumerPublic(), $macFunc, $secret);
$this->dhServerPublic = $dh['pubKey'];
$this->encMacKey = $dh['macKey'];
break;
case 'DH-SHA256':
$dh = ProviderAbstract::generateDh($request->getDhGen(), $request->getDhModulus(), $request->getDhConsumerPublic(), $macFunc, $secret);
$this->dhServerPublic = $dh['pubKey'];
$this->encMacKey = $dh['macKey'];
break;
default:
throw new InvalidDataException('Invalid association type');
break;
}
$this->assocHandle = ProviderAbstract::generateHandle();
$this->secret = base64_encode($secret);
$this->macFunc = $macFunc;
$assoc = new Association();
$assoc->setAssocHandle($this->assocHandle);
$assoc->setAssocType($request->getAssocType());
$assoc->setSessionType($request->getSessionType());
$assoc->setSecret($this->secret);
return $assoc;
}
