ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Yubico.php
Go to the documentation of this file.
1 <?php
59 class Auth_Yubico
60 {
69  var $_id;
70 
75  var $_key;
76 
81  var $_response;
82 
91  public function __construct($id, $key = '')
92  {
93  $this->_id = $id;
94  $this->_key = base64_decode($key);
95  }
96 
103  function getLastResponse()
104  {
105  return $this->_response;
106  }
107 
108  // TODO? Add functions to get parsed parts of server response?
109 
117  function verify($token)
118  {
119  $parameters = "id=" . $this->_id . "&otp=" . $token;
120  // Generate signature
121  if($this->_key <> "") {
122  $signature = base64_encode(hash_hmac('sha1', $parameters, $this->_key, true));
123  $parameters .= '&h=' . $signature;
124  }
125  /* Support https. */
126  $url = "https://api.yubico.com/wsapi/verify?" . $parameters;
127 
128  $responseMsg = file_get_contents($url);
129 
130  if(!preg_match("/status=([a-zA-Z0-9_]+)/", $responseMsg, $out)) {
131  throw new Exception('Could not parse response');
132  }
133 
134  $status = $out[1];
135 
136  /* Verify signature. */
137  if($this->_key <> "") {
138  $rows = explode("\r\n", $responseMsg);
139  while (list($key, $val) = each($rows)) {
140  // = is also used in BASE64 encoding so we only replace the first = by # which is not used in BASE64
141  $val = preg_replace('/=/', '#', $val, 1);
142  $row = explode("#", $val);
143  $response[$row[0]] = (isset($row[1])) ? $row[1] : "";
144  }
145 
146  $check = 'status=' . $response['status'] . '&t='. $response['t'];
147  $checksignature = base64_encode(hash_hmac('sha1', $check, $this->_key, true));
148 
149  if($response['h'] != $checksignature) {
150  throw new Exception('Checked Signature failed');
151  }
152  }
153 
154  if ($status != 'OK') {
155  throw new Exception('Status was not OK: ' . $status);
156  }
157 
158  return true;
159  }
160 }
Auth_Yubico
Auth_Yubico\$_response
$_response
Definition: Yubico.php:81
Auth_Yubico\verify
verify($token)
Verify Yubico OTP.
Definition: Yubico.php:117
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
Auth_Yubico\getLastResponse
getLastResponse()
Return the last data received from the server, if any.
Definition: Yubico.php:103
Auth_Yubico\$_key
$_key
Definition: Yubico.php:75
Auth_Yubico\$_id
$_id
Definition: Yubico.php:69
$rows
$rows
Definition: xhr_table.php:10
Auth_Yubico\__construct
__construct($id, $key='')
Constructor.
Definition: Yubico.php:91
$url
$url
Definition: proxy_ylocal.php:28
$response
$response
Definition: proxy_ylocal.php:39
$key
$key
Definition: croninfo.php:18