function check_auth($server_url, $return_to, $post_data, $openid) { // This method is called to perform the openid.mode = // check_authentication call. The identity argument should be // the identity url you are confirming (from the consumer's // viewpoint, ie. not a delegated identity). The return_to and // post_data arguments should be as contained in the // CheckAuthRequired object returned by a previous call to // handle_response. if (!$this->verify_return_to($return_to)) { return new InvalidLogin(); } // This is *required* because of PHP changing "." to "_" in URL // argument attributes, but not in values. And here some items // of the signed field argument value should exactly match the // name of some attributes given in the same URL. Understood?! // (Choplair) $post_data = str_replace('sreg_', 'sreg.', $post_data); $ret = $this->http_client->post($server_url, $post_data); if (!$ret) { return new InvalidLogin(); } $data = $ret[1]; $results = oidUtil::parsekv($data); $is_valid = isset($results['is_valid']) ? $results['is_valid'] : 'false'; if ($is_valid == 'true') { $invalidate_handle = isset($results['invalidate_handle']) ? $results['invalidate_handle'] : null; if ($invalidate_handle) { $this->assoc_mngr->invalidate($server_url, $invalidate_handle); } parse_str($post_data, $vars); error_log("post_data: {$post_data} "); error_log(serialize($vars) . " "); $key = 'openid_identity'; // php replaces . with _ $identity = isset($vars[$key]) ? $vars[$key] : null; $vl = new ValidLogin($this, $identity); if ($vl->verifyIdentity($openid)) { return $vl; } } else { $error = isset($results['openid.error']) ? $results['openid.error'] : null; if ($error) { $str = sprintf('Server Response: %s', $error); return new ErrorFromServer($str); } } return new InvalidLogin(); }
function associate($server_url) { list($p, $g) = $this->get_mod_gen(); $dh = new DiffieHellman($p, $g, $this->srand); $cpub = $dh->createKeyExchange(); $args = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', 'openid.dh_modulus' => oidUtil::to_b64(oidUtil::long2a($dh->p)), 'openid.dh_gen' => oidUtil::to_b64(oidUtil::long2a($dh->g)), 'openid.dh_consumer_public' => oidUtil::to_b64(oidUtil::long2a($cpub))); $body = http_build_query($args); list($url, $data) = $this->http_client->post($server_url, $body); $results = oidUtil::parsekv($data); $assoc_type = $this->getResult($results, 'assoc_type'); if ($assoc_type != 'HMAC-SHA1') { trigger_error(sprintf('runtime error : Unknown association type %s', $assoc_type), E_USER_WARNING); } $assoc_handle = $this->getResult($results, 'assoc_handle'); $expires_in = isset($results['expires_in']) ? $results['expires_in'] : 0; $session_type = isset($results['session_type']) ? $results['session_type'] : 0; if (!$session_type) { $secret = oidUtil::from_b64($this->getResult($results, 'mac_key')); } else { if ($session_type != 'DH-SHA1') { trigger_error(sprintf('runtime error : Unknown Session Type: %s', $session_type), E_USER_WARNING); } $spub = oidUtil::a2long(oidUtil::from_b64($this->getResult($results, 'dh_server_public'))); $dh_shared = $dh->decryptKeyExchange($spub); $enc_mac_key = $this->getResult($results, 'enc_mac_key'); // print "enc_mac_key: " . $enc_mac_key; $secret = oidUtil::strxor(oidUtil::from_b64($enc_mac_key), oidUtil::sha1(oidUtil::long2a($dh_shared))); } return ConsumerAssociation::from_expires_in($expires_in, $server_url, $assoc_handle, $secret); }
function check_auth($server_url, $return_to, $post_data, $openid) { // This method is called to perform the openid.mode = // check_authentication call. The identity argument should be // the identity url you are confirming (from the consumer's // viewpoint, ie. not a delegated identity). The return_to and // post_data arguments should be as contained in the // CheckAuthRequired object returned by a previous call to // handle_response. if (!$this->verify_return_to($return_to)) { return new InvalidLogin(); } $ret = $this->http_client->post($server_url, $post_data); if (!$ret) { return new InvalidLogin(); } $data = $ret[1]; $results = oidUtil::parsekv($data); $is_valid = isset($results['is_valid']) ? $results['is_valid'] : 'false'; if ($is_valid == 'true') { $invalidate_handle = isset($results['invalidate_handle']) ? $results['invalidate_handle'] : null; if ($invalidate_handle) { $this->assoc_mngr->invalidate($server_url, $invalidate_handle); } parse_str($post_data, $vars); error_log("post_data: {$post_data} "); error_log(serialize($vars) . " "); $key = 'openid_identity'; // php replaces . with _ $identity = isset($vars[$key]) ? $vars[$key] : null; $vl = new ValidLogin($this, $identity); if ($vl->verifyIdentity($openid)) { return $vl; } } else { $error = isset($results['openid.error']) ? $results['openid.error'] : null; if ($error) { $str = sprintf('Server Response: %s', $error); return new ErrorFromServer($str); } } return new InvalidLogin(); }