ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
PAPE.php
Go to the documentation of this file.
1<?php
2
11require_once "Auth/OpenID/Extension.php";
12
13define('Auth_OpenID_PAPE_NS_URI',
14 "http://specs.openid.net/extensions/pape/1.0");
16define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',
17 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');
18define('PAPE_AUTH_MULTI_FACTOR',
19 'http://schemas.openid.net/pape/policies/2007/06/multi-factor');
20define('PAPE_AUTH_PHISHING_RESISTANT',
21 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
22
23define('PAPE_TIME_VALIDATOR',
24 '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
36
37 var $ns_alias = 'pape';
39
40 function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,
41 $max_auth_age=null)
42 {
43 if ($preferred_auth_policies === null) {
44 $preferred_auth_policies = array();
45 }
46
47 $this->preferred_auth_policies = $preferred_auth_policies;
48 $this->max_auth_age = $max_auth_age;
49 }
50
60 function addPolicyURI($policy_uri)
61 {
62 if (!in_array($policy_uri, $this->preferred_auth_policies)) {
63 $this->preferred_auth_policies[] = $policy_uri;
64 }
65 }
66
67 function getExtensionArgs()
68 {
69 $ns_args = array(
70 'preferred_auth_policies' =>
71 implode(' ', $this->preferred_auth_policies)
72 );
73
74 if ($this->max_auth_age !== null) {
75 $ns_args['max_auth_age'] = strval($this->max_auth_age);
76 }
77
78 return $ns_args;
79 }
85 static function fromOpenIDRequest($request)
86 {
87 $obj = new Auth_OpenID_PAPE_Request();
88 $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
89
90 if ($args === null || $args === array()) {
91 return null;
92 }
93
94 $obj->parseExtensionArgs($args);
95 return $obj;
96 }
97
104 function parseExtensionArgs($args)
105 {
106 // preferred_auth_policies is a space-separated list of policy
107 // URIs
108 $this->preferred_auth_policies = array();
109
110 $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');
111 if ($policies_str) {
112 foreach (explode(' ', $policies_str) as $uri) {
113 if (!in_array($uri, $this->preferred_auth_policies)) {
114 $this->preferred_auth_policies[] = $uri;
115 }
116 }
117 }
118
119 // max_auth_age is base-10 integer number of seconds
120 $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');
121 if ($max_auth_age_str) {
122 $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);
123 } else {
124 $this->max_auth_age = null;
125 }
126 }
127
142 function preferredTypes($supported_types)
143 {
144 $result = array();
145
146 foreach ($supported_types as $st) {
147 if (in_array($st, $this->preferred_auth_policies)) {
148 $result[] = $st;
149 }
150 }
151 return $result;
152 }
153}
160
161 var $ns_alias = 'pape';
163
164 function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,
165 $nist_auth_level=null)
166 {
167 if ($auth_policies) {
168 $this->auth_policies = $auth_policies;
169 } else {
170 $this->auth_policies = array();
171 }
172
173 $this->auth_time = $auth_time;
174 $this->nist_auth_level = $nist_auth_level;
175 }
176
187 function addPolicyURI($policy_uri)
188 {
189 if (!in_array($policy_uri, $this->auth_policies)) {
190 $this->auth_policies[] = $policy_uri;
191 }
192 }
193
204 static function fromSuccessResponse($success_response)
205 {
206 $obj = new Auth_OpenID_PAPE_Response();
207
208 // PAPE requires that the args be signed.
209 $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);
210
211 if ($args === null || $args === array()) {
212 return null;
213 }
214
215 $result = $obj->parseExtensionArgs($args);
216
217 if ($result === false) {
218 return null;
219 } else {
220 return $obj;
221 }
222 }
223
237 function parseExtensionArgs($args, $strict=false)
238 {
239 $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');
240 if ($policies_str && $policies_str != "none") {
241 $this->auth_policies = explode(" ", $policies_str);
242 }
243
244 $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');
245 if ($nist_level_str !== null) {
246 $nist_level = Auth_OpenID::intval($nist_level_str);
247
248 if ($nist_level === false) {
249 if ($strict) {
250 return false;
251 } else {
252 $nist_level = null;
253 }
254 }
255
256 if (0 <= $nist_level && $nist_level < 5) {
257 $this->nist_auth_level = $nist_level;
258 } else if ($strict) {
259 return false;
260 }
261 }
262
263 $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
264 if ($auth_time !== null) {
265 if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
266 $this->auth_time = $auth_time;
267 } else if ($strict) {
268 return false;
269 }
270 }
271 }
272
273 function getExtensionArgs()
274 {
275 $ns_args = array();
276 if (count($this->auth_policies) > 0) {
277 $ns_args['auth_policies'] = implode(' ', $this->auth_policies);
278 } else {
279 $ns_args['auth_policies'] = 'none';
280 }
281
282 if ($this->nist_auth_level !== null) {
283 if (!in_array($this->nist_auth_level, range(0, 4), true)) {
284 return false;
285 }
286 $ns_args['nist_auth_level'] = strval($this->nist_auth_level);
287 }
288
289 if ($this->auth_time !== null) {
290 if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
291 return false;
292 }
293
294 $ns_args['auth_time'] = $this->auth_time;
295 }
296
297 return $ns_args;
298 }
299}
300
$result
const PAPE_TIME_VALIDATOR
Definition: PAPE.php:19
const Auth_OpenID_PAPE_NS_URI
An implementation of the OpenID Provider Authentication Policy Extension 1.0.
Definition: PAPE.php:13
A Provider Authentication Policy request, sent from a relying party to a provider.
Definition: PAPE.php:30
parseExtensionArgs($args)
Set the state of this request to be that expressed in these PAPE arguments.
Definition: PAPE.php:99
getExtensionArgs()
Get the string arguments that should be added to an OpenID message for this extension.
Definition: PAPE.php:62
addPolicyURI($policy_uri)
Add an acceptable authentication policy URI to this request.
Definition: PAPE.php:55
preferredTypes($supported_types)
Given a list of authentication policy URIs that a provider supports, this method returns the subseque...
Definition: PAPE.php:137
static fromOpenIDRequest($request)
Instantiate a Request object from the arguments in a checkid_* OpenID message.
Definition: PAPE.php:80
Auth_OpenID_PAPE_Request($preferred_auth_policies=null, $max_auth_age=null)
Definition: PAPE.php:35
A Provider Authentication Policy response, sent from a provider to a relying party.
Definition: PAPE.php:154
parseExtensionArgs($args, $strict=false)
Parse the provider authentication policy arguments into the internal state of this object.
Definition: PAPE.php:232
Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null, $nist_auth_level=null)
Definition: PAPE.php:159
static fromSuccessResponse($success_response)
Create an Auth_OpenID_PAPE_Response object from a successful OpenID library response.
Definition: PAPE.php:199
addPolicyURI($policy_uri)
Add a authentication policy to this response.
Definition: PAPE.php:182
getExtensionArgs()
Get the string arguments that should be added to an OpenID message for this extension.
Definition: PAPE.php:268
static arrayGet($arr, $key, $fallback=null)
Convenience function for getting array values.
Definition: OpenID.php:242
static intval($value)
Replacement (wrapper) for PHP's intval() because it's broken.
Definition: OpenID.php:444