public static function fillICdata($user, $UserCredential, $ppid = NULL)
{
$ICdata = array();
$ICdata['CardId'] = sspmod_InfoCard_UserFunctions::generate_card_ID($user);
$ICdata['CardName'] = $user . "-SELFCREDENTIAL-IC";
$ICdata['CardImage'] = '/var/simplesaml/modules/InfoCard/www/resources/demoimage.png';
$ICdata['TimeExpires'] = "9999-12-31T23:59:59Z";
//Credentials
$ICdata['DisplayCredentialHint'] = 'Enter your password';
switch ($UserCredential) {
case 'UsernamePasswordCredential':
$ICdata['UserName'] = $user;
break;
case 'KerberosV5Credential':
break;
case 'X509V3Credential':
$ICdata['KeyIdentifier'] = NULL;
//X509V3Credential
break;
case 'SelfIssuedCredential':
$ICdata['PPID'] = $ppid;
break;
default:
break;
}
return $ICdata;
}
$idp_key = $autoconfig->getValue('sts_key');
$token->addIDPKey($idp_key);
$token->addSTSCertificate('');
$claims = $token->process($_POST['xmlToken']);
if ($claims->isValid() && $claims->privatepersonalidentifier != NULL) {
$ppid = $claims->privatepersonalidentifier;
SimpleSAML_Logger::debug("PPID = {$ppid}");
$ICconfig['InfoCard'] = $Infocard;
$ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');
//sspmod_InfoCard_Utils::getIssuer($sts_crt);
$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
$ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
$ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
$ICconfig['certificates'] = $autoconfig->getValue('certificates');
$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
$ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username, $userCredential, $ppid);
$IC = sspmod_InfoCard_STS::createCard($ICdata, $ICconfig);
header('Content-Disposition: attachment; filename="' . $ICdata['CardName'] . '.crd"');
header('Content-Type: application/x-informationcard');
header('Content-Length:' . strlen($IC));
echo $IC;
$state = 'end';
} else {
SimpleSAML_Logger::debug('Wrong Self-Issued card');
$error = 'wrong_IC';
$state = "selfIssued";
}
} else {
SimpleSAML_Logger::debug('NO HAY XML TOKEN');
$error = NULL;
$state = "selfIssued";
SimpleSAML_Logger::debug('PPID: ' . $ppid);
if (sspmod_InfoCard_UserFunctions::validateUser(array('PPID' => $ppid), $ICconfig['UserCredential'])) {
$authenticated = true;
}
break;
default:
break;
}
$messageid = $doc->getElementsByTagname('MessageID')->item(0)->nodeValue;
if ($authenticated) {
$ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
$ICconfig['issuer'] = $autoconfig->getValue('issuer');
$ICconfig['sts_crt'] = $autoconfig->getValue('sts_crt');
$ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
$requiredClaims = sspmod_InfoCard_Utils::extractClaims($ICconfig['InfoCard']['schema'], $doc->getElementsByTagname('ClaimType'));
$claimValues = sspmod_InfoCard_UserFunctions::fillClaims($username, $ICconfig['InfoCard']['requiredClaims'], $ICconfig['InfoCard']['optionalClaims'], $requiredClaims);
$response = sspmod_InfoCard_STS::createToken($claimValues, $ICconfig, $messageid);
} else {
$response = sspmod_InfoCard_STS::errorMessage('Wrong Credentials', $messageid);
}
Header('Content-length: ' . strlen($response) + 1);
print $response;
//LOG
if ($debugDir != null) {
$handle = fopen($debugDir . '/' . $messageid . '.log', 'w');
fwrite($handle, " ------ InfoCard simpleSAMLphp Module LOG ------\n\n");
fwrite($handle, "-- TIME: " . gmdate('Y-m-d') . ' ' . gmdate('H:i:s') . "\n");
fwrite($handle, "-- MESSAGE ID: " . $messageid . "\n\n\n");
fwrite($handle, "-- RST\n");
fwrite($handle, $HTTP_RAW_POST_DATA);
fwrite($handle, "\n\n\n-- RSTR\n");
function DB_update_connected_user($username, $DB_params)
{
$card_id = sspmod_InfoCard_UserFunctions::generate_card_ID($username);
$dbconn = pg_connect('host=' . $DB_params['DB_host'] . ' port=' . $DB_params['DB_port'] . ' dbname=' . $DB_params['DB_dbname'] . ' user='******'DB_user'] . ' password='******'DB_password']);
$result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("{$username}")));
if ($result[0]) {
pg_update($dbconn, 'connected_users', array('card_id' => $card_id), array('name' => $username));
return true;
} else {
return false;
}
}
