PAPE.php

Go to the documentation of this file.
00001 <?php
00002 
00011 require_once "Auth/OpenID/Extension.php";
00012 
00013 define('Auth_OpenID_PAPE_NS_URI',
00014        "http://specs.openid.net/extensions/pape/1.0");
00015 
00016 define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',
00017        'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');
00018 define('PAPE_AUTH_MULTI_FACTOR',
00019        'http://schemas.openid.net/pape/policies/2007/06/multi-factor');
00020 define('PAPE_AUTH_PHISHING_RESISTANT',
00021        'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
00022 
00023 define('PAPE_TIME_VALIDATOR',
00024        '^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$');
00035 class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
00036 
00037     var $ns_alias = 'pape';
00038     var $ns_uri = Auth_OpenID_PAPE_NS_URI;
00039 
00040     function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,
00041                                       $max_auth_age=null)
00042     {
00043         if ($preferred_auth_policies === null) {
00044             $preferred_auth_policies = array();
00045         }
00046 
00047         $this->preferred_auth_policies = $preferred_auth_policies;
00048         $this->max_auth_age = $max_auth_age;
00049     }
00050 
00060     function addPolicyURI($policy_uri)
00061     {
00062         if (!in_array($policy_uri, $this->preferred_auth_policies)) {
00063             $this->preferred_auth_policies[] = $policy_uri;
00064         }
00065     }
00066 
00067     function getExtensionArgs()
00068     {
00069         $ns_args = array(
00070                          'preferred_auth_policies' =>
00071                            implode(' ', $this->preferred_auth_policies)
00072                          );
00073 
00074         if ($this->max_auth_age !== null) {
00075             $ns_args['max_auth_age'] = strval($this->max_auth_age);
00076         }
00077 
00078         return $ns_args;
00079     }
00080 
00085     function fromOpenIDRequest($request)
00086     {
00087         $obj = new Auth_OpenID_PAPE_Request();
00088         $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
00089 
00090         if ($args === null || $args === array()) {
00091             return null;
00092         }
00093 
00094         $obj->parseExtensionArgs($args);
00095         return $obj;
00096     }
00097 
00104     function parseExtensionArgs($args)
00105     {
00106         // preferred_auth_policies is a space-separated list of policy
00107         // URIs
00108         $this->preferred_auth_policies = array();
00109 
00110         $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');
00111         if ($policies_str) {
00112             foreach (explode(' ', $policies_str) as $uri) {
00113                 if (!in_array($uri, $this->preferred_auth_policies)) {
00114                     $this->preferred_auth_policies[] = $uri;
00115                 }
00116             }
00117         }
00118 
00119         // max_auth_age is base-10 integer number of seconds
00120         $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');
00121         if ($max_auth_age_str) {
00122             $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);
00123         } else {
00124             $this->max_auth_age = null;
00125         }
00126     }
00127 
00142     function preferredTypes($supported_types)
00143     {
00144         $result = array();
00145 
00146         foreach ($supported_types as $st) {
00147             if (in_array($st, $this->preferred_auth_policies)) {
00148                 $result[] = $st;
00149             }
00150         }
00151         return $result;
00152     }
00153 }
00154 
00159 class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
00160 
00161     var $ns_alias = 'pape';
00162     var $ns_uri = Auth_OpenID_PAPE_NS_URI;
00163 
00164     function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,
00165                                        $nist_auth_level=null)
00166     {
00167         if ($auth_policies) {
00168             $this->auth_policies = $auth_policies;
00169         } else {
00170             $this->auth_policies = array();
00171         }
00172 
00173         $this->auth_time = $auth_time;
00174         $this->nist_auth_level = $nist_auth_level;
00175     }
00176 
00187     function addPolicyURI($policy_uri)
00188     {
00189         if (!in_array($policy_uri, $this->auth_policies)) {
00190             $this->auth_policies[] = $policy_uri;
00191         }
00192     }
00193 
00204     function fromSuccessResponse($success_response)
00205     {
00206         $obj = new Auth_OpenID_PAPE_Response();
00207 
00208         // PAPE requires that the args be signed.
00209         $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);
00210 
00211         if ($args === null || $args === array()) {
00212             return null;
00213         }
00214 
00215         $result = $obj->parseExtensionArgs($args);
00216 
00217         if ($result === false) {
00218             return null;
00219         } else {
00220             return $obj;
00221         }
00222     }
00223 
00237     function parseExtensionArgs($args, $strict=false)
00238     {
00239         $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');
00240         if ($policies_str && $policies_str != "none") {
00241             $this->auth_policies = explode(" ", $policies_str);
00242         }
00243 
00244         $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');
00245         if ($nist_level_str !== null) {
00246             $nist_level = Auth_OpenID::intval($nist_level_str);
00247 
00248             if ($nist_level === false) {
00249                 if ($strict) {
00250                     return false;
00251                 } else {
00252                     $nist_level = null;
00253                 }
00254             }
00255 
00256             if (0 <= $nist_level && $nist_level < 5) {
00257                 $this->nist_auth_level = $nist_level;
00258             } else if ($strict) {
00259                 return false;
00260             }
00261         }
00262 
00263         $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
00264         if ($auth_time !== null) {
00265             if (ereg(PAPE_TIME_VALIDATOR, $auth_time)) {
00266                 $this->auth_time = $auth_time;
00267             } else if ($strict) {
00268                 return false;
00269             }
00270         }
00271     }
00272 
00273     function getExtensionArgs()
00274     {
00275         $ns_args = array();
00276         if (count($this->auth_policies) > 0) {
00277             $ns_args['auth_policies'] = implode(' ', $this->auth_policies);
00278         } else {
00279             $ns_args['auth_policies'] = 'none';
00280         }
00281 
00282         if ($this->nist_auth_level !== null) {
00283             if (!in_array($this->nist_auth_level, range(0, 4), true)) {
00284                 return false;
00285             }
00286             $ns_args['nist_auth_level'] = strval($this->nist_auth_level);
00287         }
00288 
00289         if ($this->auth_time !== null) {
00290             if (!ereg(PAPE_TIME_VALIDATOR, $this->auth_time)) {
00291                 return false;
00292             }
00293 
00294             $ns_args['auth_time'] = $this->auth_time;
00295         }
00296 
00297         return $ns_args;
00298     }
00299 }
00300 
00301 ?>
Generated on Thu Feb 19 15:02:21 2009 for OXID eShop CE by  doxygen 1.5.5