ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Yubico.php
Go to the documentation of this file.
1<?php
59class Auth_Yubico
60{
69 private $_id;
70
75 private $_key;
76
81 private $_response;
82
91 public function __construct($id, $key = '')
92 {
93 $this->_id = $id;
94 $this->_key = base64_decode($key);
95 }
96
103 public function getLastResponse()
104 {
105 return $this->_response;
106 }
107
108 // TODO? Add functions to get parsed parts of server response?
109
117 public function verify($token)
118 {
119 $parameters = "id=" . $this->_id . "&otp=" . $token;
120 // Generate signature
121 if ($this->_key <> "") {
122 $signature = base64_encode(hash_hmac('sha1', $parameters, $this->_key, true));
123 $parameters .= '&h=' . $signature;
124 }
125 /* Support https. */
126 $url = "https://api.yubico.com/wsapi/verify?" . $parameters;
127
128 $responseMsg = \SimpleSAML\Utils\HTTP::fetch($url);
129
130 if (!preg_match("/status=([a-zA-Z0-9_]+)/", $responseMsg, $out)) {
131 throw new Exception('Could not parse response');
132 }
133
134 $status = $out[1];
135
136 /* Verify signature. */
137 if ($this->_key <> "") {
138 $rows = explode("\r\n", $responseMsg);
139 $response = array();
140 foreach ($rows as $val) {
141 // = is also used in BASE64 encoding so we only replace the first = by # which is not used in BASE64
142 $val = preg_replace('/=/', '#', $val, 1);
143 $row = explode("#", $val);
144 $response[$row[0]] = (isset($row[1])) ? $row[1] : "";
145 }
146
147 $check = 'status=' . $response['status'] . '&t='. $response['t'];
148 $checksignature = base64_encode(hash_hmac('sha1', $check, $this->_key, true));
149
150 if ($response['h'] != $checksignature) {
151 throw new Exception('Checked Signature failed');
152 }
153 }
154
155 if ($status != 'OK') {
156 throw new Exception('Status was not OK: ' . $status);
157 }
158
159 return true;
160 }
161}
Auth_Yubico\$_id
$_id
Definition: Yubico.php:69
Auth_Yubico\__construct
__construct($id, $key='')
Constructor.
Definition: Yubico.php:91
Auth_Yubico\getLastResponse
getLastResponse()
Return the last data received from the server, if any.
Definition: Yubico.php:103
Auth_Yubico\$_key
$_key
Definition: Yubico.php:75
Auth_Yubico\$_response
$_response
Definition: Yubico.php:81
Auth_Yubico\verify
verify($token)
Verify Yubico OTP.
Definition: Yubico.php:117
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:408
$key
$key
Definition: croninfo.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$row
$row
Definition: migrateto20.php:360
Auth_Yubico
$url
$url
Definition: proxy_ylocal.php:28
$response
$response
Definition: proxy_ylocal.php:39
$rows
$rows
Definition: xhr_table.php:10