[project @ Add Diffie-Hellman association test and associated fixes]

4 files changed, 34 insertions, 15 deletions

diff --git a/Auth/OpenID/Consumer/Consumer.php b/Auth/OpenID/Consumer/Consumer.php
index e10c6c0..4945cc9 100644
--- a/Auth/OpenID/Consumer/Consumer.php
+++ b/Auth/OpenID/Consumer/Consumer.php
@@ -892,10 +892,7 @@ class Auth_OpenID_Consumer {
                 return null;
             }
 
-            $enc_mac_key = base64_decode($results['enc_mac_key']);
-
-            $secret = $dh->xorSecret64($results['dh_server_public'],
-                                       $enc_mac_key);
+            $secret = $dh->consumerFinish($results);
         }
 
         $assoc = Auth_OpenID_Association::fromExpiresIn($expires_in,
diff --git a/Auth/OpenID/DiffieHellman.php b/Auth/OpenID/DiffieHellman.php
index 872656a..20c0827 100644
--- a/Auth/OpenID/DiffieHellman.php
+++ b/Auth/OpenID/DiffieHellman.php
@@ -13,11 +13,8 @@
  * @license http://www.gnu.org/copyleft/lesser.html LGPL
  */
 
-/**
- * Require CryptUtil because we need to get a Auth_OpenID_MathWrapper
- * object.
- */
-require_once 'BigMath.php';
+require_once 'Auth/OpenID/BigMath.php';
+require_once 'Auth/OpenID/HMACSHA1.php';
 
 $_Auth_OpenID_DEFAULT_MOD = '155172898181473697471232257763715539915724801'.
 '966915404479707795314057629378541917580651227423698188993727816152646631'.
@@ -132,8 +129,8 @@ class Auth_OpenID_DiffieHellman {
         }
 
         $dh = new Auth_OpenID_DiffieHellman($mod, $gen);
-
-        $mac_key = $dh->xorSecret64($cpub64, $assoc_secret);
+        $cpub = $lib->base64ToLong($cpub64);
+        $mac_key = $dh->xorSecret($cpub, $assoc_secret);
         $enc_mac_key = base64_encode($mac_key);
         $spub64 = $lib->longToBase64($dh->getPublicKey());
 
@@ -146,13 +143,14 @@ class Auth_OpenID_DiffieHellman {
         return $server_args;
     }
 
-    function xorSecret64($composite64, $secret)
+    function consumerFinish($reply)
     {
-        $spub = $this->lib->base64ToLong($composite64);
+        $spub = $this->lib->base64ToLong($reply['dh_server_public']);
         if ($this->lib->cmp($spub, 0) <= 0) {
             return false;
         }
-        return $this->xorSecret($spub, $secret);
+        $enc_mac_key = base64_decode($reply['enc_mac_key']);
+        return $this->xorSecret($spub, $enc_mac_key);
     }
 
     function xorSecret($composite, $secret)
diff --git a/Auth/OpenID/Server.php b/Auth/OpenID/Server.php
index 1395044..39950c8 100644
--- a/Auth/OpenID/Server.php
+++ b/Auth/OpenID/Server.php
@@ -230,7 +230,7 @@ class Auth_OpenID_Server {
         if (defined('Auth_OpenID_NO_MATH_SUPPORT')) {
             $session_type = null;
         } else {
-            $session_type = @$args['openid.session_type'];
+            $session_type = @$query['openid.session_type'];
         }
 
         switch ($session_type) {
diff --git a/Tests/Auth/OpenID/Server.php b/Tests/Auth/OpenID/Server.php
index bdd119a..4f57f9b 100644
--- a/Tests/Auth/OpenID/Server.php
+++ b/Tests/Auth/OpenID/Server.php
@@ -115,4 +115,28 @@ class Tests_Auth_OpenID_Server extends PHPUnit_TestCase {
         $exp = (integer)$ra['expires_in'];
         $this->assertTrue($exp > 0);
     }
+
+    function test_associateDHdefaults()
+    {
+        if (defined('Auth_OpenID_NO_MATH_SUPPORT')) {
+            return;
+        }
+
+        $dh = new Auth_OpenID_DiffieHellman();
+        $args = $dh->getAssocArgs();
+        list($status, $info) = $this->server->associate($args);
+        $this->assertEquals(Auth_OpenID_REMOTE_OK, $status);
+
+        $ra = Auth_OpenID_KVForm::kvToArray($info);
+        $this->assertEquals('HMAC-SHA1', $ra['assoc_type']);
+        $this->assertEquals('DH-SHA1', $ra['session_type']);
+        $this->assertKeyExists('assoc_handle', $ra);
+        $this->assertKeyExists('dh_server_public', $ra);
+        $this->assertKeyAbsent('mac_key', $ra);
+        $exp = (integer)$ra['expires_in'];
+        $this->assertTrue($exp > 0);
+        $secret = $dh->consumerFinish($ra);
+        $this->assertEquals('string', gettype($secret));
+        $this->assertTrue(strlen($secret) > 0);
+    }
 }