papi-easygpoa
changeset 0:f2ec241d9fb3
First commit
| author | kan |
|---|---|
| date | Sun Jul 18 19:20:31 2010 +0200 (22 months ago) |
| parents | |
| children | ac278208541b |
| files | PAPI/GPoA/Crypt_AES.php PAPI/GPoA/Crypt_RSA.php PAPI/GPoA/GPoAHandler.php PAPI/GPoA/GPoAMain.php PAPI/GPoA/LCookManager.php PAPI/GPoA/Log.php PAPI/GPoA/Reader.php config.php index.php wayf/index.php wayf/wayf.css |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/PAPI/GPoA/Crypt_AES.php Sun Jul 18 19:20:31 2010 +0200 1.3 @@ -0,0 +1,66 @@ 1.4 +<?php 1.5 +/* 1.6 + * Copyright (C) 2010 - PRiSE 1.7 + * This class is based on the php library crypt.php developed by RedIRIS 1.8 + * 1.9 + * This free software; you can redistribute it and/or 1.10 + * modify it under the terms of the GNU General Public License 1.11 + * as published by the Free Software Foundation; either version 2 1.12 + * of the License, or any later version. 1.13 + * 1.14 + * This program is distributed in the hope that it will be useful, 1.15 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 1.16 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1.17 + * GNU General Public License for more details. 1.18 + * 1.19 + * You should have received a copy of the GNU General Public License 1.20 + * along with this program; if not, write to the Free Software 1.21 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 1.22 + */ 1.23 + 1.24 +class Crypt_AES { 1.25 + 1.26 + public static function encrypt_base64($input, $key) { 1.27 + $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'',MCRYPT_MODE_ECB,''); 1.28 + $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); 1.29 + 1.30 + $key = substr($key, 0, mcrypt_enc_get_key_size($td)); 1.31 + 1.32 + if (mcrypt_generic_init($td, $key, $iv) != -1) { 1.33 + // Encrypt the text 1.34 + $crypttext = mcrypt_generic($td, $input); 1.35 + mcrypt_generic_deinit($td); 1.36 + } 1.37 + 1.38 + mcrypt_module_close($td); 1.39 + 1.40 + // Encode the encrypted text 1.41 + $crypttext = base64_encode($crypttext); 1.42 + 1.43 + return $crypttext; 1.44 + } 1.45 + 1.46 + public static function decrypt_base64($input, $key) { 1.47 + // Decode the encrypted text 1.48 + $input = base64_decode($input); 1.49 + 1.50 + $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'',MCRYPT_MODE_ECB,''); 1.51 + $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); 1.52 + 1.53 + $key = substr($key, 0, mcrypt_enc_get_key_size($td)); 1.54 + 1.55 + if (mcrypt_generic_init($td, $key, $iv) != -1) { 1.56 + // Decrypt the text 1.57 + $decrypttext = mdecrypt_generic($td, $input); 1.58 + mcrypt_generic_deinit($td); 1.59 + } 1.60 + 1.61 + mcrypt_module_close($td); 1.62 + $decrypttext = trim ($decrypttext); 1.63 + 1.64 + return $decrypttext; 1.65 + } 1.66 + 1.67 +} 1.68 + 1.69 +?>
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/PAPI/GPoA/Crypt_RSA.php Sun Jul 18 19:20:31 2010 +0200 2.3 @@ -0,0 +1,114 @@ 2.4 +<?php 2.5 +/* 2.6 + * Copyright (C) 2010 - PRiSE 2.7 + * This class is based on the php library crypt.php developed by RedIRIS 2.8 + * 2.9 + * This free software; you can redistribute it and/or 2.10 + * modify it under the terms of the GNU General Public License 2.11 + * as published by the Free Software Foundation; either version 2 2.12 + * of the License, or any later version. 2.13 + * 2.14 + * This program is distributed in the hope that it will be useful, 2.15 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 2.16 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 2.17 + * GNU General Public License for more details. 2.18 + * 2.19 + * You should have received a copy of the GNU General Public License 2.20 + * along with this program; if not, write to the Free Software 2.21 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 2.22 + */ 2.23 + 2.24 +// Constant for encrypt and decrypt data with openssl 2.25 +define('PADDINGSIZE', 11); 2.26 + 2.27 +class Crypt_RSA { 2.28 + 2.29 + public static function encrypt_base64($in, $key, $key_bits = 0) { 2.30 + // Get the byte size of data string 2.31 + $inputSize = strlen($in); 2.32 + 2.33 + // Get details of the key 2.34 + $res = openssl_get_privatekey($key); 2.35 + if ($key_bits==0) { 2.36 + $key_details = openssl_pkey_get_details($res); 2.37 + } 2.38 + else { 2.39 + $key_details=array('bits' => $key_bits); 2.40 + } 2.41 + 2.42 + // Get the output block maximun size in Bytes 2.43 + $outputBlockSize = $key_details['bits']/8; 2.44 + 2.45 + // Total number of blocks 2.46 + $inputBlockSize = $outputBlockSize - PADDINGSIZE; 2.47 + $numBlocks = ceil($inputSize/$inputBlockSize); 2.48 + 2.49 + // Start to encrypt. 2.50 + $blockCount = 0; 2.51 + $cryptBuffer = array(); 2.52 + 2.53 + while ($blockCount < $numBlocks){ 2.54 + $index = $blockCount * $inputBlockSize; 2.55 + $block = substr($in, $index, $inputBlockSize); 2.56 + openssl_private_encrypt($block, $crypttext, $key); 2.57 + $cryptBuffer[$blockCount] = $crypttext; 2.58 + $blockCount++; 2.59 + } 2.60 + // Now joint the array with the blocks string encripted 2.61 + $cryptData = join("", $cryptBuffer); 2.62 + 2.63 + $base64CryptData = base64_encode($cryptData); 2.64 + 2.65 + // Return the encrypted, joined and base64 encode data string. 2.66 + return $base64CryptData; 2.67 + } 2.68 + 2.69 + public static function decrypt_base64($in, $key, $error_log, $key_bits = 0) { 2.70 + // Decode the base64 input string 2.71 + $in = base64_decode($in); 2.72 + 2.73 + // Get the byte size of data string 2.74 + $inputSize = strlen($in); 2.75 + 2.76 + // Get details of the key 2.77 + $res = openssl_get_publickey($key); 2.78 + if ($key_bits==0) { 2.79 + $key_details = openssl_pkey_get_details($res); 2.80 + } 2.81 + else { 2.82 + $key_details=array('bits' => $key_bits); 2.83 + } 2.84 + 2.85 + // Get the output block maximun size in Bytes 2.86 + $outputBlockSize = $key_details['bits']/8; 2.87 + 2.88 + $inputBlockSize = $outputBlockSize; 2.89 + $numBlocks = ceil($inputSize/$inputBlockSize); 2.90 + 2.91 + // Start to decrypt. 2.92 + $blockCount = 0; 2.93 + $decryptBuffer = array(); 2.94 + 2.95 + while ($blockCount < $numBlocks){ 2.96 + $index = $blockCount * $inputBlockSize; 2.97 + $block = substr($in, $index, $inputBlockSize); 2.98 + // Decrypt the text 2.99 + if (!openssl_public_decrypt($block, $decrypttext, $key)) { 2.100 + $msg = "Crypt_RSA::decrypt_base64(): Cannot decrypt response, check GPoA public key."; 2.101 + Log::info($msg); 2.102 + throw new Exception($msg); 2.103 + } 2.104 + $decryptBuffer[$blockCount] = $decrypttext; 2.105 + $blockCount++; 2.106 + } 2.107 + 2.108 + // Now joint the array with the blocks string encripted 2.109 + $decryptData = join("",$decryptBuffer); 2.110 + 2.111 + // Return the base64 dencode, decrypted and joined data string. 2.112 + return $decryptData; 2.113 + } 2.114 + 2.115 +} 2.116 + 2.117 +?>
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/PAPI/GPoA/GPoAHandler.php Sun Jul 18 19:20:31 2010 +0200 3.3 @@ -0,0 +1,246 @@ 3.4 +<?php 3.5 +/* 3.6 + * Copyright (C) 2010 - PRiSE 3.7 + * 3.8 + * This free software; you can redistribute it and/or 3.9 + * modify it under the terms of the GNU General Public License 3.10 + * as published by the Free Software Foundation; either version 2 3.11 + * of the License, or any later version. 3.12 + * 3.13 + * This program is distributed in the hope that it will be useful, 3.14 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 3.15 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 3.16 + * GNU General Public License for more details. 3.17 + * 3.18 + * You should have received a copy of the GNU General Public License 3.19 + * along with this program; if not, write to the Free Software 3.20 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 3.21 + */ 3.22 + 3.23 +class GPoAHandler { 3.24 + 3.25 + private $list_as; 3.26 + private $always_wayf; 3.27 + private $filter_attrs; 3.28 + private $gpoa_url; 3.29 + private $gpoa_id; 3.30 + private $gpoa_privkey; 3.31 + private $format_assertion; 3.32 + private $lcook_TTL; 3.33 + 3.34 + public function processConfig($config) { 3.35 + $this->always_wayf = Reader::readParameter($config['ALWAYS_WAYF']); 3.36 + $this->list_as = Reader::readParameter($config['LIST_AS']); 3.37 + $this->filter_attrs = Reader::readParameter($config['FILTER_ATTRS']); 3.38 + $this->gpoa_privkey = Reader::readParameter($config['PRIVATE_KEY_GPOA']); 3.39 + $this->gpoa_id = Reader::readParameter($config['ID_GPOA']); 3.40 + $this->lcook_TTL = Reader::readParameter($config['LCOOK']['L_TTL']); 3.41 + 3.42 + $this->gpoa_url = Reader::readParameter($config['URL_GPOA']); 3.43 + if ($this->gpoa_url == '') { 3.44 + $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; 3.45 + $temp = explode("/",strtolower($_SERVER["SERVER_PROTOCOL"])); 3.46 + $protocol = $temp[0].$s; 3.47 + $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); 3.48 + $this->gpoa_url = $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['SCRIPT_NAME']; 3.49 + } 3.50 + 3.51 + $this->setDefaultFormatAssertion(); 3.52 + foreach (Reader::readParameter($config['FORMAT_ATTR']) as $key => $value) { 3.53 + $this->format_assertion[$key] = $value; 3.54 + } 3.55 + } 3.56 + 3.57 + public function isCHECKRequest($params) { 3.58 + return array_key_exists("ACTION",$params) 3.59 + && strcmp($params["ACTION"],"CHECK")==0; 3.60 + } 3.61 + 3.62 + public function isATTREQResponse($params) { 3.63 + return array_key_exists("ACTION",$params) 3.64 + && strcmp($params["ACTION"],"CHECKED")==0; 3.65 + } 3.66 + 3.67 + public function getATTREQRequest($msg_id, $as_id = '', $poa_url = '') { 3.68 + if (count($this->list_as)==0) { 3.69 + $msg = "ERROR! There isn't any AS configured"; 3.70 + Log::info($msg); 3.71 + throw new Exception($msg); 3.72 + } 3.73 + 3.74 + if ($as_id == '') { 3.75 + $temp = array_keys($this->list_as); 3.76 + $as_id = $temp[0]; 3.77 + } 3.78 + 3.79 + $res = $this->list_as[$as_id]['url']. 3.80 + "?ATTREQ=".urlencode($this->gpoa_id). 3.81 + "&PAPIPOAREF=".urlencode($msg_id). 3.82 + "&PAPIPOAURL=".urlencode($this->gpoa_url); 3.83 + 3.84 + if ($poa_url != '') { 3.85 + $res .= "&PAPIOPOA=".urlencode($poa_url); 3.86 + } 3.87 + 3.88 + return $res; 3.89 + } 3.90 + 3.91 + public function processATTREQResponse($params) { 3.92 + $param_as = $params["AS"]; 3.93 + $param_action = $params["ACTION"]; 3.94 + $param_data = $params["DATA"]; 3.95 + 3.96 + $res = "error"; 3.97 + if (!array_key_exists($param_as, $this->list_as)) { 3.98 + $msg = "ERROR! The AS '".$param_as."' is not valid in this GPoA."; 3.99 + Log::info($msg); 3.100 + throw new Exception($msg); 3.101 + } 3.102 + $safe = Crypt_RSA::decrypt_base64($param_data, Reader::readParameter($this->list_as[$param_as]['pubkey']), ""); 3.103 + Log::debug("ATTREQ DATA decrypted: ".$safe); 3.104 + 3.105 + $temp = explode(":",$safe); 3.106 + 3.107 + $key = array_pop($temp); 3.108 + $issuedTime = array_pop($temp); 3.109 + $expiryTime = array_pop($temp); 3.110 + $assertion = implode(":",$temp); 3.111 + 3.112 + $temp = explode("@",$assertion); 3.113 + $asID = array_pop($temp); 3.114 + $attrs = implode("@",$temp); 3.115 + 3.116 + if (strcmp($asID, $param_as)!=0) { 3.117 + $msg = "ERROR! The assertion was issued by the AS '".$asID."' and the ATTREQ response by the AS '".$param_as."'."; 3.118 + Log::info($msg); 3.119 + throw new Exception($msg); 3.120 + } 3.121 + 3.122 + $currentTime = time(); 3.123 + 3.124 + if ($currentTime >= $expiryTime) { 3.125 + $msg = "ERROR! The ATTREQ response message has expired. The expiry time of the assertion is ".$expiryTime." and the current time is ".$currentTime."."; 3.126 + Log::info($msg); 3.127 + throw new Exception($msg); 3.128 + } 3.129 + 3.130 + $old_params = $this->loadRequest($key); 3.131 + 3.132 + return array('key' => $key, 3.133 + 'issued_time' => $issuedTime, 3.134 + 'expiry_time' => $expiryTime, 3.135 + 'assertion' => $assertion, 3.136 + 'old_params' => $old_params); 3.137 + } 3.138 + 3.139 + public function getCHECKEDResponse($url_poa, $assertion, $sent_data_param) { 3.140 + $poas = array_keys($this->filter_attrs); 3.141 + 3.142 + $attrs = ''; 3.143 + 3.144 + foreach ($poas as $poa_url) { 3.145 + $expreg = "/".$poa_url."/"; 3.146 + $matches = array(); 3.147 + preg_match($expreg, $url_poa, $matches); 3.148 + if (count($matches)>0) { 3.149 + if (!is_array($attrs)) { 3.150 + $attrs = array(); 3.151 + } 3.152 + $attrs = array_merge($attrs, $this->filter_attrs[$poa_url]); 3.153 + } 3.154 + } 3.155 + 3.156 + if (is_array($attrs)) { 3.157 + $assertion = $this->filterAttributes($assertion, $attrs); 3.158 + } 3.159 + 3.160 + $now = time(); 3.161 + $expiry = $now + $this->lcook_TTL; 3.162 + 3.163 + $raw = $assertion.":".$expiry.":".$now.":".$sent_data_param; 3.164 + 3.165 + $ciphered = Crypt_RSA::encrypt_base64($raw, $this->gpoa_privkey); 3.166 + 3.167 + $res = $url_poa. 3.168 + "?ACTION=CHECKED". 3.169 + "&DATA=".urlencode($ciphered); 3.170 + 3.171 + return $res; 3.172 + } 3.173 + 3.174 + public function filterAttributes($assertion, $list_attr) { 3.175 + $res = array(); 3.176 + 3.177 + $attrs = explode($this->format_assertion['attr_sep'], $assertion); 3.178 + 3.179 + foreach ($attrs as $attr) { 3.180 + $data_attr = explode($this->format_assertion['value_attr_sep'], $attr); 3.181 + 3.182 + if (in_array($data_attr[0], $list_attr)) { 3.183 + $res[] = $attr; 3.184 + } 3.185 + } 3.186 + 3.187 + return implode($this->format_assertion['attr_sep'], $res); 3.188 + } 3.189 + 3.190 + public function isNeededWayf() { 3.191 + return (count($this->list_as)>1 || $this->always_wayf == true); 3.192 + } 3.193 + 3.194 + public function getASFromWAYF($params) { 3.195 + $res = ''; 3.196 + 3.197 + if (array_key_exists("ACTION",$params) && strcmp($params["ACTION"],"WAYF")==0) { 3.198 + $res = $params['as']; 3.199 + } 3.200 + 3.201 + return $res; 3.202 + } 3.203 + 3.204 + public function getGPoAURL() { 3.205 + return $this->gpoa_url; 3.206 + } 3.207 + 3.208 + public function generateUniqueID() { 3.209 + $id = sha1(uniqid("",true)); 3.210 + 3.211 + return $id; 3.212 + } 3.213 + 3.214 + public function saveRequest($params) { 3.215 + $id = $this->generateUniqueID(); 3.216 + Log::debug("Saving request ID '".$id."'"); 3.217 + 3.218 + if (!isset($_SESSION)) { 3.219 + session_start(); 3.220 + } 3.221 + $_SESSION["save_request_".$id] = $params; 3.222 + 3.223 + return $id; 3.224 + } 3.225 + 3.226 + public function loadRequest($id) { 3.227 + if (!isset($_SESSION)) { 3.228 + session_start(); 3.229 + } 3.230 + Log::debug("Loading request ID '".$id."'"); 3.231 + if (!array_key_exists("save_request_".$id, $_SESSION)) { 3.232 + $msg = "ERROR! Request ID '".$id."' not found"; 3.233 + Log::info($msg); 3.234 + throw new Exception($msg); 3.235 + } 3.236 + return $_SESSION["save_request_".$id]; 3.237 + } 3.238 + 3.239 + private function setDefaultFormatAssertion() { 3.240 + $this->format_assertion = array( 3.241 + 'attr_sep' => ',', 3.242 + 'value_attr_sep' => '=', 3.243 + 'multivalue_attr_sep' => '|', 3.244 + ); 3.245 + } 3.246 + 3.247 +} 3.248 + 3.249 +?>
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/PAPI/GPoA/GPoAMain.php Sun Jul 18 19:20:31 2010 +0200 4.3 @@ -0,0 +1,73 @@ 4.4 +<?php 4.5 +require_once "PAPI/GPoA/Reader.php"; 4.6 +require_once "PAPI/GPoA/Log.php"; 4.7 +require_once "PAPI/GPoA/Crypt_AES.php"; 4.8 +require_once "PAPI/GPoA/Crypt_RSA.php"; 4.9 +require_once "PAPI/GPoA/GPoAHandler.php"; 4.10 +require_once "PAPI/GPoA/LCookManager.php"; 4.11 + 4.12 +class GPoAMain { 4.13 + 4.14 + public static function start($config) { 4.15 + Log::setConfig($config['LOG_MODE']['debug'], $config['LOG_MODE']['file']); 4.16 + Log::init(); 4.17 + 4.18 + Log::debug("Message received"); 4.19 + 4.20 + $gpoa_handler = new GPoAHandler(); 4.21 + $gpoa_handler->processConfig($config); 4.22 + $lcook_manager = new LCookManager(); 4.23 + $lcook_manager->processConfig($config); 4.24 + 4.25 + if ($gpoa_handler->isATTREQResponse($_REQUEST)) { 4.26 + Log::info("ATTREQ response message received"); 4.27 + $response = $gpoa_handler->processATTREQResponse($_REQUEST); 4.28 + 4.29 + $lcook_manager->putLcook($response['assertion']); 4.30 + 4.31 + $checked_msg = $gpoa_handler->getCHECKEDResponse($response['old_params']['URL'], 4.32 + $response['assertion'], $response['old_params']['DATA']); 4.33 + 4.34 + Log::info("Redirect -> ".$checked_msg); 4.35 + header("Location: ".$checked_msg); 4.36 + } 4.37 + else if ($gpoa_handler->isCHECKRequest($_REQUEST)) { 4.38 + Log::info("CHECK request message received"); 4.39 + $lcook_data = $lcook_manager->getLcook(); 4.40 + 4.41 + if ($lcook_manager->validLcook($lcook_data)) { 4.42 + $lcook_manager->putLcook($lcook_data['assertion']); 4.43 + 4.44 + $checked_msg = $gpoa_handler->getCHECKEDResponse($_REQUEST['URL'], $lcook_data['assertion'], $_REQUEST['DATA']); 4.45 + 4.46 + Log::info("Redirect -> ".$checked_msg); 4.47 + header("Location: ".$checked_msg); 4.48 + } 4.49 + else { 4.50 + 4.51 + $sel_as_id = ''; 4.52 + if (array_key_exists('PAPIHLI', $_REQUEST)) { 4.53 + $sel_as_id = $_REQUEST['PAPIHLI']; 4.54 + Log::debug("PAPIHLI value: '".$sel_as_id."'"); 4.55 + } 4.56 + 4.57 + if ($sel_as_id=='' && $gpoa_handler->isNeededWayf()) { 4.58 + Log::info("Showing WAYF"); 4.59 + require_once("wayf/index.php"); 4.60 + } 4.61 + else { 4.62 + // SAVE REQUEST 4.63 + $id = $gpoa_handler->saveRequest($_REQUEST); 4.64 + 4.65 + $attreq = $gpoa_handler->getATTREQRequest($id, $sel_as_id, $_REQUEST['URL']); 4.66 + 4.67 + Log::info("Redirect -> ".$attreq); 4.68 + header("Location: ".$attreq); 4.69 + } 4.70 + 4.71 + } 4.72 + } 4.73 + } 4.74 +} 4.75 + 4.76 +?>
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/PAPI/GPoA/LCookManager.php Sun Jul 18 19:20:31 2010 +0200 5.3 @@ -0,0 +1,94 @@ 5.4 +<?php 5.5 +/* 5.6 + * Copyright (C) 2010 - PRiSE 5.7 + * 5.8 + * This free software; you can redistribute it and/or 5.9 + * modify it under the terms of the GNU General Public License 5.10 + * as published by the Free Software Foundation; either version 2 5.11 + * of the License, or any later version. 5.12 + * 5.13 + * This program is distributed in the hope that it will be useful, 5.14 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 5.15 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 5.16 + * GNU General Public License for more details. 5.17 + * 5.18 + * You should have received a copy of the GNU General Public License 5.19 + * along with this program; if not, write to the Free Software 5.20 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 5.21 + */ 5.22 + 5.23 +class LCookManager { 5.24 + private $lcook_data; 5.25 + private $name_lcookie; 5.26 + 5.27 + public function processConfig($config) { 5.28 + $this->lcook_data = Reader::readParameter($config['LCOOK']); 5.29 + $this->name_lcookie = $this->lcook_data['L_NAME_PREFIX'].Reader::readParameter($config['ID_GPOA']); 5.30 + } 5.31 + 5.32 + public function getLkey() { 5.33 + if ($this->lcook_data['LKEY']!='') { 5.34 + return $this->lcook_data['LKEY']; 5.35 + } 5.36 + else { 5.37 + if (!isset($_SESSION)) { 5.38 + session_start(); 5.39 + } 5.40 + if (!array_key_exists("lkey_value", $_SESSION)) { 5.41 + mt_srand((double)microtime()*1000000); 5.42 + $random = mt_rand(); 5.43 + $_SESSION["lkey_value"] = md5($random); 5.44 + } 5.45 + return $_SESSION["lkey_value"]; 5.46 + } 5.47 + } 5.48 + 5.49 + public function putLcook($assertion) { 5.50 + $random = mt_rand(); 5.51 + $now = time(); 5.52 + $location = $_SERVER['SCRIPT_NAME']; 5.53 + $server = $_SERVER['SERVER_NAME']; 5.54 + $raw = $random.":".$now.":".$location.":".$server.":".$assertion; 5.55 + $ciphered = Crypt_AES::encrypt_base64($raw, $this->getLkey()); 5.56 + setcookie($this->name_lcookie, $ciphered, $now + $this->lcook_data['L_TTL']); 5.57 + } 5.58 + 5.59 + public function validLcook($lcook_data) { 5.60 + $location = $_SERVER['SCRIPT_NAME']; 5.61 + $server = $_SERVER['SERVER_NAME']; 5.62 + $now = time(); 5.63 + 5.64 + $res = ($location == $lcook_data['location']) && 5.65 + ($server == $lcook_data['server']) && 5.66 + ($now <= ($lcook_data['issued'] + $this->lcook_data['L_TTL'])); 5.67 + 5.68 + return $res; 5.69 + } 5.70 + 5.71 + public function getLcook() { 5.72 + $res = array(); 5.73 + 5.74 + if (array_key_exists($this->name_lcookie, $_COOKIE)) { 5.75 + $ciphered = $_COOKIE[$this->name_lcookie]; 5.76 + $raw = Crypt_AES::decrypt_base64($ciphered, $this->getLkey()); 5.77 + $tempData = explode(":", $raw); 5.78 + $random = array_shift($tempData); 5.79 + $timeIssued = array_shift($tempData); 5.80 + $location = array_shift($tempData); 5.81 + $server = array_shift($tempData); 5.82 + $assertion = implode(":", $tempData); 5.83 + 5.84 + $res = array( 5.85 + 'random' => $random, 5.86 + 'issued' => $timeIssued, 5.87 + 'location' => $location, 5.88 + 'server' => $server, 5.89 + 'assertion' => $assertion, 5.90 + ); 5.91 + } 5.92 + 5.93 + return $res; 5.94 + } 5.95 +} 5.96 + 5.97 +?>
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/PAPI/GPoA/Log.php Sun Jul 18 19:20:31 2010 +0200 6.3 @@ -0,0 +1,75 @@ 6.4 +<?php 6.5 +/* 6.6 + * Copyright (C) 2010 - PRiSE 6.7 + * 6.8 + * This free software; you can redistribute it and/or 6.9 + * modify it under the terms of the GNU General Public License 6.10 + * as published by the Free Software Foundation; either version 2 6.11 + * of the License, or any later version. 6.12 + * 6.13 + * This program is distributed in the hope that it will be useful, 6.14 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 6.15 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 6.16 + * GNU General Public License for more details. 6.17 + * 6.18 + * You should have received a copy of the GNU General Public License 6.19 + * along with this program; if not, write to the Free Software 6.20 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 6.21 + */ 6.22 + 6.23 +class Log { 6.24 + private static $logfile; 6.25 + private static $debugmode; 6.26 + 6.27 + public static function setConfig($debug = false, $file = '') { 6.28 + self::$logfile = $file; 6.29 + self::$debugmode = $debug; 6.30 + } 6.31 + 6.32 + public static function init() { 6.33 + if (!isset($_SESSION)) { 6.34 + session_start(); 6.35 + } 6.36 + $_SESSION["PAPI_LOG_PREFIX"] = mt_rand(); 6.37 + } 6.38 + 6.39 + public static function info($msg) { 6.40 + if (!isset($_SESSION)) { 6.41 + session_start(); 6.42 + } 6.43 + $prefix = ""; 6.44 + if (array_key_exists("PAPI_LOG_PREFIX", $_SESSION)) { 6.45 + $prefix = "-".$_SESSION["PAPI_LOG_PREFIX"]; 6.46 + } 6.47 + if (self::$logfile == "") { 6.48 + error_log("[INFO".$prefix."] ".$msg); 6.49 + } 6.50 + else { 6.51 + error_log("[INFO".$prefix."] ".$msg."\n", 3, self::$logfile); 6.52 + } 6.53 + } 6.54 + 6.55 + public static function debug($msg) { 6.56 + if (self::isDebugMode()) { 6.57 + if (!isset($_SESSION)) { 6.58 + session_start(); 6.59 + } 6.60 + $prefix = ""; 6.61 + if (array_key_exists("PAPI_LOG_PREFIX", $_SESSION)) { 6.62 + $prefix = "-".$_SESSION["PAPI_LOG_PREFIX"]; 6.63 + } 6.64 + if (self::$logfile == "") { 6.65 + error_log("[DEBUG".$prefix."] ".$msg); 6.66 + } 6.67 + else { 6.68 + error_log("[DEBUG".$prefix."] ".$msg."\n", 3, self::$logfile); 6.69 + } 6.70 + } 6.71 + } 6.72 + 6.73 + public static function isDebugMode() { 6.74 + return self::$debugmode; 6.75 + } 6.76 +} 6.77 + 6.78 +?>
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/PAPI/GPoA/Reader.php Sun Jul 18 19:20:31 2010 +0200 7.3 @@ -0,0 +1,54 @@ 7.4 +<?php 7.5 +/* 7.6 + * Copyright (C) 2010 - PRiSE 7.7 + * 7.8 + * This free software; you can redistribute it and/or 7.9 + * modify it under the terms of the GNU General Public License 7.10 + * as published by the Free Software Foundation; either version 2 7.11 + * of the License, or any later version. 7.12 + * 7.13 + * This program is distributed in the hope that it will be useful, 7.14 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 7.15 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 7.16 + * GNU General Public License for more details. 7.17 + * 7.18 + * You should have received a copy of the GNU General Public License 7.19 + * along with this program; if not, write to the Free Software 7.20 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 7.21 + */ 7.22 + 7.23 +class Reader { 7.24 + 7.25 + public static function readParameter($config) { 7.26 + $res = ''; 7.27 + 7.28 + if (is_array($config) && array_key_exists('loader_mode',$config)) { 7.29 + if ($config['loader_mode'] == 'text' || $config['loader_mode'] == 'array') { 7.30 + $res = $config['loader_value']; 7.31 + } 7.32 + else if ($config['loader_mode'] == 'file') { 7.33 + $res = file_get_contents($config['loader_value']); 7.34 + } 7.35 + else if ($config['loader_mode'] == 'xmlfile') { 7.36 + $content = file_get_contents($config['loader_value']); 7.37 + $res = array(); 7.38 + $xml = new SimpleXMLElement($content); 7.39 + foreach ($xml->papi_elem as $elem) { 7.40 + $id = trim($elem['id']); 7.41 + $res[$id] = array(); 7.42 + foreach ($elem->children() as $child) { 7.43 + $name = trim($child->getName()); 7.44 + $res[$id][$name] = trim($child[0]); 7.45 + } 7.46 + } 7.47 + } 7.48 + } 7.49 + else { 7.50 + $res = $config; 7.51 + } 7.52 + 7.53 + return $res; 7.54 + } 7.55 +} 7.56 + 7.57 +?> 7.58 \ No newline at end of file
8.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 8.2 +++ b/config.php Sun Jul 18 19:20:31 2010 +0200 8.3 @@ -0,0 +1,76 @@ 8.4 +<?php 8.5 + 8.6 +$config = array( 8.7 + 8.8 + 'ID_GPOA' => "easygpoa", 8.9 + 8.10 + 'PRIVATE_KEY_GPOA' => array( 8.11 + 'loader_mode' => 'text', 8.12 + 'loader_value' => '-----BEGIN RSA PRIVATE KEY----- 8.13 +MIICXQIBAAKBgQDAe/nHUsgM+kH7MQjv8J5X6P+HokVM0wBl4i0nx6cevP2KCGvL 8.14 +OnjcaG58g02aMkshSdi2ro+A59KKB1O+fAxylFbN72Ozuia8DnFbdStrd1UafLGI 8.15 +uXnD6/5dfrLFj5IbBUKup/VdgV5B7rW8uUDFskFW8hypnYGjD+NY8DTznwIDAQAB 8.16 +AoGAWpV9lPo2PzU++/G1nQWF3yU9rB0HtAHQvCHW0lO5KFQUlXMlF30rB7710A8S 8.17 +5DAq/z17iW1ZB3cRs/eCx7AlQqy7khHpersKNV0uPahw8LQee3gpemFFB1i8UceY 8.18 +5ZowNyPxTmqBLEp3jOPc+Or26MS/hN7NlTNyFtcKuWcm/FECQQD3Mr05fyBHOnuT 8.19 +4+uezjVz4tPP9Qkwwoo/GIKur+rNkpUi12C8BIolSz/l1yHg6IlGRLNlZt1G6gcs 8.20 +/3WDZJwFAkEAx1aCHU14gGlVyFSKBxUSPyY/g7VBeWotGA70Mh2r3kmNHv3WDJ1I 8.21 +utlkYd4EcWNpGOXVJmViWcCTwlb6RMlGUwJBAIrNO8EQJ9C2/vLQtNnL0enLQMHx 8.22 +RgLSCYxaN+7cqoxZtVIF+7Q3HFbKhQuKm+RMzd/d7ZmPg8ow2Gyk2Jg5ov0CQEcr 8.23 +rOMXcOmwMi+Hd4yVymD/n/e/dHQMI7OOS0PFckK4Ugl5qb3xPjFwQrXqlf2B99kq 8.24 +3hKKajYPWvItKcf7cP8CQQDndl8yPPMRsYzH9kpq9uYNEWPAhxiX9cd3em8OxKKj 8.25 +YOqq2O2QoZfIw+cXwxU9ek6Bvzd2D439BKsYR+fsAiW1 8.26 +-----END RSA PRIVATE KEY-----', 8.27 + ), 8.28 + 8.29 + 'PUBLIC_KEY_GPOA' => array( 8.30 + 'loader_mode' => 'text', 8.31 + 'loader_value' => '-----BEGIN PUBLIC KEY----- 8.32 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAe/nHUsgM+kH7MQjv8J5X6P+H 8.33 +okVM0wBl4i0nx6cevP2KCGvLOnjcaG58g02aMkshSdi2ro+A59KKB1O+fAxylFbN 8.34 +72Ozuia8DnFbdStrd1UafLGIuXnD6/5dfrLFj5IbBUKup/VdgV5B7rW8uUDFskFW 8.35 +8hypnYGjD+NY8DTznwIDAQAB 8.36 +-----END PUBLIC KEY-----', 8.37 + ), 8.38 + 8.39 + 'FILTER_ATTRS' => array( 8.40 + 'http://www.example.org/poa' => array('sHO','ePTI'), 8.41 + ), 8.42 + 8.43 + 'LIST_AS' => array( 8.44 + 'papiAS' => array ( 8.45 + 'pubkey' => '-----BEGIN PUBLIC KEY----- 8.46 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9uU1+sN4MS+T4kKUyyXWYuj/2 8.47 +D2EiXpwBrH0XhYDvWnQZtA6nlxQmgGbHItogL6fYmk6YDzLGLbo0z2YhVGI/tCpm 8.48 +iMdagSs7D+SRZqiIew+IOfzFryfIaP7JJYSjd0lsIPQePGtaksJm/VFAuI8dBPtl 8.49 +Ml6Ej57F3kZxt3i6CQIDAQAB 8.50 +-----END PUBLIC KEY-----', 8.51 + 'name' => 'Institution', 8.52 + 'url' => 'http://papi.example.org/idp/', 8.53 + ), 8.54 + ), 8.55 + 8.56 + // ---- DEFAULT VALUES ---- 8.57 + 'URL_GPOA' => "", // Empty for autodetect 8.58 + 8.59 + 'LOG_MODE' => array( 8.60 + 'debug' => false, 8.61 + 'file' => '', 8.62 + ), 8.63 + 8.64 + 'LCOOK' => array( 8.65 + 'LKEY' => "", 8.66 + 'L_TTL' => 600, 8.67 + 'L_NAME_PREFIX' => "PAPI_LCOOK_", 8.68 + ), 8.69 + 8.70 + 'ALWAYS_WAYF' => false, 8.71 + 8.72 + 'FORMAT_ATTR' => array( 8.73 + 'attr_sep' => ',', 8.74 + 'value_attr_sep' => '=', 8.75 + 'multivalue_attr_sep' => '|', 8.76 + ), 8.77 + 8.78 +); 8.79 +?> 8.80 \ No newline at end of file
9.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 9.2 +++ b/index.php Sun Jul 18 19:20:31 2010 +0200 9.3 @@ -0,0 +1,26 @@ 9.4 +<?php 9.5 +/* 9.6 + * Copyright (C) 2010 - PRiSE 9.7 + * 9.8 + * This free software; you can redistribute it and/or 9.9 + * modify it under the terms of the GNU General Public License 9.10 + * as published by the Free Software Foundation; either version 2 9.11 + * of the License, or any later version. 9.12 + * 9.13 + * This program is distributed in the hope that it will be useful, 9.14 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 9.15 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 9.16 + * GNU General Public License for more details. 9.17 + * 9.18 + * You should have received a copy of the GNU General Public License 9.19 + * along with this program; if not, write to the Free Software 9.20 + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 9.21 + */ 9.22 + 9.23 +session_start(); 9.24 +require_once "config.php"; 9.25 +require_once "PAPI/GPoA/GPoAMain.php"; 9.26 + 9.27 +GPoAMain::start($config); 9.28 + 9.29 +?> 9.30 \ No newline at end of file
10.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 10.2 +++ b/wayf/index.php Sun Jul 18 19:20:31 2010 +0200 10.3 @@ -0,0 +1,36 @@ 10.4 +<html> 10.5 + <head> 10.6 + <title>PAPI - Where are you from? (WAYF)</title> 10.7 + <link rel="stylesheet" type="text/css" href="wayf/wayf.css" /> 10.8 + </head> 10.9 + <body> 10.10 + <div id="content"> 10.11 + <div id="title">Choose your identity provider</div> 10.12 + <div id="text">Please, choose a trusted identity provider in order to identity yourself.</div> 10.13 + <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" > 10.14 + <?php 10.15 + foreach ($_REQUEST as $name => $value) { 10.16 + ?> 10.17 + <input type="hidden" name="<?php echo $name; ?>" value="<?php echo $value; ?>" /> 10.18 + <?php 10.19 + } 10.20 + ?> 10.21 + <div class="row"> 10.22 + <div class="rowtitle">Identity provider:</div> 10.23 + <div class="rowvalue"> 10.24 + <select name="PAPIHLI"><?php 10.25 + foreach (Reader::readParameter($config['LIST_AS']) as $as_id => $data) { 10.26 + ?> 10.27 + <option value="<?php echo $as_id; ?>"><?php echo $data['name']; ?></option> 10.28 + <?php 10.29 + } 10.30 + ?></select> 10.31 + </div> 10.32 + </div> 10.33 + <div class="centerrow"> 10.34 + <input type="submit" name="submit" value="Accept" /> 10.35 + </div> 10.36 + </form> 10.37 + </div> 10.38 + </body> 10.39 +</html> 10.40 \ No newline at end of file
11.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 11.2 +++ b/wayf/wayf.css Sun Jul 18 19:20:31 2010 +0200 11.3 @@ -0,0 +1,51 @@ 11.4 +html, body { 11.5 + font-family:verdana, arial, helvetica, sans-serif; 11.6 + font:12px/16px verdana, arial, helvetica, sans-serif; 11.7 + margin: 0; 11.8 + padding: 0; 11.9 + height:100%; 11.10 + color: #111; 11.11 + background-color: #fff; 11.12 +} 11.13 + 11.14 +body { 11.15 + text-align: center; 11.16 +} 11.17 + 11.18 +div#content { 11.19 + border: 1px solid black; 11.20 + padding: 1em; 11.21 + width: 500px; 11.22 + background: #eee; 11.23 + margin:10em auto 0 auto; 11.24 + text-align: left; 11.25 +} 11.26 + 11.27 +div#title { 11.28 + font-size: 120%; 11.29 + border-bottom: 1px solid black; 11.30 + font-weight: bold; 11.31 +} 11.32 + 11.33 +div#text { 11.34 + margin-top: 1em; 11.35 +} 11.36 + 11.37 +div.row { 11.38 + position: relative; 11.39 + padding: 1em; 11.40 +} 11.41 + 11.42 +div.centerrow { 11.43 + margin-top: 1em; 11.44 + text-align: center; 11.45 +} 11.46 + 11.47 +div.rowtitle { 11.48 + float: left; 11.49 + margin-right: 3em; 11.50 +} 11.51 + 11.52 +div.rowvalue { 11.53 +} 11.54 +