123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301 |
- <?php
- require_once "Auth/OpenID/Extension.php";
- define('Auth_OpenID_PAPE_NS_URI',
- "http://specs.openid.net/extensions/pape/1.0");
- define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',
- 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');
- define('PAPE_AUTH_MULTI_FACTOR',
- 'http://schemas.openid.net/pape/policies/2007/06/multi-factor');
- define('PAPE_AUTH_PHISHING_RESISTANT',
- 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
- define('PAPE_TIME_VALIDATOR',
- '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
- class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
- var $ns_alias = 'pape';
- var $ns_uri = Auth_OpenID_PAPE_NS_URI;
- function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,
- $max_auth_age=null)
- {
- if ($preferred_auth_policies === null) {
- $preferred_auth_policies = array();
- }
- $this->preferred_auth_policies = $preferred_auth_policies;
- $this->max_auth_age = $max_auth_age;
- }
-
- function addPolicyURI($policy_uri)
- {
- if (!in_array($policy_uri, $this->preferred_auth_policies)) {
- $this->preferred_auth_policies[] = $policy_uri;
- }
- }
- function getExtensionArgs()
- {
- $ns_args = array(
- 'preferred_auth_policies' =>
- implode(' ', $this->preferred_auth_policies)
- );
- if ($this->max_auth_age !== null) {
- $ns_args['max_auth_age'] = strval($this->max_auth_age);
- }
- return $ns_args;
- }
-
- static function fromOpenIDRequest($request)
- {
- $obj = new Auth_OpenID_PAPE_Request();
- $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
- if ($args === null || $args === array()) {
- return null;
- }
- $obj->parseExtensionArgs($args);
- return $obj;
- }
-
- function parseExtensionArgs($args)
- {
-
-
- $this->preferred_auth_policies = array();
- $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');
- if ($policies_str) {
- foreach (explode(' ', $policies_str) as $uri) {
- if (!in_array($uri, $this->preferred_auth_policies)) {
- $this->preferred_auth_policies[] = $uri;
- }
- }
- }
-
- $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');
- if ($max_auth_age_str) {
- $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);
- } else {
- $this->max_auth_age = null;
- }
- }
-
- function preferredTypes($supported_types)
- {
- $result = array();
- foreach ($supported_types as $st) {
- if (in_array($st, $this->preferred_auth_policies)) {
- $result[] = $st;
- }
- }
- return $result;
- }
- }
- class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
- var $ns_alias = 'pape';
- var $ns_uri = Auth_OpenID_PAPE_NS_URI;
- function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,
- $nist_auth_level=null)
- {
- if ($auth_policies) {
- $this->auth_policies = $auth_policies;
- } else {
- $this->auth_policies = array();
- }
- $this->auth_time = $auth_time;
- $this->nist_auth_level = $nist_auth_level;
- }
-
- function addPolicyURI($policy_uri)
- {
- if (!in_array($policy_uri, $this->auth_policies)) {
- $this->auth_policies[] = $policy_uri;
- }
- }
-
- static function fromSuccessResponse($success_response)
- {
- $obj = new Auth_OpenID_PAPE_Response();
-
- $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);
- if ($args === null || $args === array()) {
- return null;
- }
- $result = $obj->parseExtensionArgs($args);
- if ($result === false) {
- return null;
- } else {
- return $obj;
- }
- }
-
- function parseExtensionArgs($args, $strict=false)
- {
- $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');
- if ($policies_str && $policies_str != "none") {
- $this->auth_policies = explode(" ", $policies_str);
- }
- $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');
- if ($nist_level_str !== null) {
- $nist_level = Auth_OpenID::intval($nist_level_str);
- if ($nist_level === false) {
- if ($strict) {
- return false;
- } else {
- $nist_level = null;
- }
- }
- if (0 <= $nist_level && $nist_level < 5) {
- $this->nist_auth_level = $nist_level;
- } else if ($strict) {
- return false;
- }
- }
- $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
- if ($auth_time !== null) {
- if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
- $this->auth_time = $auth_time;
- } else if ($strict) {
- return false;
- }
- }
- }
- function getExtensionArgs()
- {
- $ns_args = array();
- if (count($this->auth_policies) > 0) {
- $ns_args['auth_policies'] = implode(' ', $this->auth_policies);
- } else {
- $ns_args['auth_policies'] = 'none';
- }
- if ($this->nist_auth_level !== null) {
- if (!in_array($this->nist_auth_level, range(0, 4), true)) {
- return false;
- }
- $ns_args['nist_auth_level'] = strval($this->nist_auth_level);
- }
- if ($this->auth_time !== null) {
- if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
- return false;
- }
- $ns_args['auth_time'] = $this->auth_time;
- }
- return $ns_args;
- }
- }
|