From cbb875a00da153ec157533fe3f0a0f59b0a3098c Mon Sep 17 00:00:00 2001 From: tailor Date: Mon, 8 Dec 2008 23:39:36 +0000 Subject: [project @ Move signed assertions code into contrib/] --- Auth/OpenID/AP.php | 180 ------------------------------ Auth/OpenID/SAML.php | 220 ------------------------------------- contrib/signed_assertions/AP.php | 180 ++++++++++++++++++++++++++++++ contrib/signed_assertions/SAML.php | 220 +++++++++++++++++++++++++++++++++++++ 4 files changed, 400 insertions(+), 400 deletions(-) delete mode 100644 Auth/OpenID/AP.php delete mode 100644 Auth/OpenID/SAML.php create mode 100644 contrib/signed_assertions/AP.php create mode 100644 contrib/signed_assertions/SAML.php diff --git a/Auth/OpenID/AP.php b/Auth/OpenID/AP.php deleted file mode 100644 index a242650..0000000 --- a/Auth/OpenID/AP.php +++ /dev/null @@ -1,180 +0,0 @@ - - * @author Shishir Randive - * Stony Brook University. - * - */ -require_once 'Auth/OpenID/SAML.php'; -/** - * The Attribute_Provider class which signs the attribute,value pair - * for a given openid. - */ -class Attribute_Provider -{ - private $public_key_certificate=null; - private $private_key=null; - private $authenticatedUser=null; - private $notBefore=null; - private $notOnOrAfter=null; - private $rsadsa=null; - private $acsURI=null; - private $attribute=null; - private $value=null; - private $assertionTemplate=null; - /** - * Creates an Attribute_Provider object initialized with startup values. - * @param string $public_key_certificate - The public key certificate - of the signer. - * @param string $private_key - The private key of the signer. - * @param string $notBefore - Certificate validity time - * @param string $notOnOrAfter - Certificate validity time - * @param string $rsadsa - Choice of the algorithm (RSA/DSA) - * @param string $acsURI - URI of the signer. - * @param string $assertionTemplate - SAML template used for assertion - */ - function Attribute_Provider($public_key_certificate,$private_key,$notBefore,$notOnOrAfter,$rsadsa,$acsURI, - $assertionTemplate) - { - $this->public_key_certificate=$public_key_certificate; - $this->private_key=$private_key; - $this->notBefore=$notBefore; - $this->notOnOrAfter=$notOnOrAfter; - $this->rsadsa=$rsadsa; - $this->acsURI=$acsURI; - $this->assertionTemplate=$assertionTemplate; - } - /** - * Create the signed assertion. - * @param string $openid - Openid of the entity being asserted. - * @param string $attribute - The attribute name being asserted. - * @param string $value - The attribute value being asserted. - */ - function sign($openid,$attribute,$value) - { - $samlObj = new SAML(); - $responseXmlString = $samlObj->createSamlAssertion($openid, - $this->notBefore, - $this->notOnOrAfter, - $this->rsadsa, - $this->acsURI, - $attribute, - sha1($value), - $this->assertionTemplate); - $signedAssertion=$samlObj->signAssertion($responseXmlString, - $this->private_key, - $this->public_key_certificate); - return $signedAssertion; - } -} -/** - * The Attribute_Verifier class which verifies the signed assertion at the Relying party. - */ -class Attribute_Verifier -{ - /** - * The certificate the Relying party trusts. - */ - private $rootcert; - /** - * This function loads the public key certificate that the relying party trusts. - * @param string $cert - Trusted public key certificate. - */ - function load_trusted_root_cert($cert) - { - $this->rootcert=$cert; - } - /** - * Verifies the certificate given the SAML document. - * @param string - signed SAML assertion - * return @boolean - true if verification is successful, false if unsuccessful. - */ - function verify($responseXmlString) - { - $samlObj = new SAML(); - $ret = $samlObj->verifyAssertion($responseXmlString,$this->rootcert); - return $ret; - } -} - -/** - * This is a Store Request creating class at the Attribute Provider. - */ -class AP_OP_StoreRequest -{ - /** - * Creates store request and adds it as an extension to AuthRequest object - passed to it. - * @param &Auth_OpenID_AuthRequest &$auth_request - A reference to - the AuthRequest object. - * @param &Attribute_Provider &$attributeProvider - A reference to the - Attribute Provider object. - * @param string $attribute - The attribute name being asserted. - * @param string $value - The attribute value being asserted. - * @param string $openid - Openid of the entity being asserted. - * @return &Auth_OpenID_AuthRequest - Auth_OpenID_AuthRequest object - returned with StoreRequest extension. - */ - static function createStoreRequest(&$auth_request,&$attributeProvider, - $attribute,$value,$openid) - { - if(!$auth_request){ - return null; - } - $signedAssertion=$attributeProvider->sign($openid,$attribute,$value); - $store_request=new Auth_OpenID_AX_StoreRequest; - $store_request->addValue($attribute,base64_encode($value)); - $store_request->addValue($attribute.'/signature', - base64_encode($signedAssertion)); - if($store_request) { - $auth_request->addExtension($store_request); - return $auth_request; - } - } -} - -/* - *This is implemented at the RP Takes care of getting the attribute from the - *AX_Fetch_Response object and verifying it. - */ -class RP_OP_Verify -{ - /** - * Verifies a given signed assertion. - * @param &Attribute_Verifier &$attributeVerifier - An instance of the class - passed for the verification. - * @param Auth_OpenID_Response - Response object for extraction. - * @return boolean - true if successful, false if verification fails. - */ - function verifyAssertion(&$attributeVerifier,$response) - { - $ax_resp=Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); - if($ax_resp instanceof Auth_OpenID_AX_FetchResponse){ - $ax_args=$ax_resp->getExtensionArgs(); - if($ax_args) { - $value=base64_decode($ax_args['value.ext1.1']); - if($attributeVerifier->verify($value)){ - return base64_decode($ax_args['value.ext0.1']); - } else { - return null; - } - } else { - return null; - } - } else { - return null; - } - } -} - - -?> diff --git a/Auth/OpenID/SAML.php b/Auth/OpenID/SAML.php deleted file mode 100644 index fa6df51..0000000 --- a/Auth/OpenID/SAML.php +++ /dev/null @@ -1,220 +0,0 @@ - - ** @author Shishir Randive - ** Stony Brook University. - ** largely derived from - ** - * Copyright (C) 2007 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - **/ - -class SAML{ - private $assertionTemplate=null; - /** - * Returns a SAML response with various elements filled in. - * @param string $authenticatedUser The OpenId of the user - * @param string $notBefore The ISO 8601 formatted date before which the - response is invalid - * @param string $notOnOrAfter The ISO 8601 formatted data after which the - response is invalid - * @param string $rsadsa 'rsa' if the response will be signed with RSA keys, - 'dsa' for DSA keys - * @param string $requestID The ID of the request we're responding to - * @param string $destination The ACS URL that the response is submitted to - * @return string XML SAML response. - */ - function createSamlAssertion($authenticatedUser, $notBefore, $notOnOrAfter, $rsadsa, $acsURI,$attribute,$value,$assertionTemplate) - { - $samlResponse = $assertionTemplate; - $samlResponse = str_replace('USERNAME_STRING', $authenticatedUser, $samlResponse); - $samlResponse = str_replace('RESPONSE_ID', $this->samlCreateId(), $samlResponse); - $samlResponse = str_replace('ISSUE_INSTANT', $this->samlGetDateTime(time()), $samlResponse); - $samlResponse = str_replace('NOT_BEFORE', $this->samlGetDateTime(strtotime($notBefore)), $samlResponse); - $samlResponse = str_replace('NOT_ON_OR_AFTER', $this->samlGetDateTime(strtotime($notOnOrAfter)),$samlResponse); - $samlResponse = str_replace('ASSERTION_ID',$this->samlCreateId(), $samlResponse); - $samlResponse = str_replace('RSADSA', strtolower($rsadsa), $samlResponse); - $samlResponse = str_replace('ISSUER_DOMAIN', $acsURI, $samlResponse); - $samlResponse = str_replace('ATTRIBUTE_NAME', $attribute, $samlResponse); - $samlResponse = str_replace('ATTRIBUTE_VALUE', $value, $samlResponse); - return $samlResponse; - } - - /** - * Signs a SAML response with the given private key, and embeds the public key. - * @param string $responseXmlString The unsigned Assertion which will be signed - * @param string $priKey Private key to sign the certificate - * @param string $cert Public key certificate of signee - * @return string Signed Assertion - */ - function signAssertion($responseXmlString,$privKey,$cert) - { - if (file_exists("/tmp/xml")) { - $tempFileDir="/tmp/xml/"; - - } else { - mkdir("/tmp/xml",0777); - $tempFileDir="/tmp/xml/"; - } - $tempName = 'saml-response-' . $this->samlCreateId() . '.xml'; - $tempFileName=$tempFileDir.$tempName; - while (file_exists($tempFileName)) - $tempFileName = 'saml-response-' . $this->samlCreateId() . '.xml'; - - if (!$handle = fopen($tempFileName, 'w')) { - return null; - } - if (fwrite($handle, $responseXmlString) === false) { - return null; - } - fclose($handle); - $cmd = 'xmlsec1 --sign --privkey-pem ' . $privKey . - ',' . $cert . ' --output ' . $tempFileName . - '.out ' . $tempFileName; - exec($cmd, $resp); - unlink($tempFileName); - - $xmlResult = @file_get_contents($tempFileName . '.out'); - if (!$xmlResult) { - return null; - } else { - unlink($tempFileName . '.out'); - return $xmlResult; - } - } - - - /** - * Verify a saml response with the given public key. - * @param string $responseXmlString Response to sign - * @param string $rootcert trusted public key certificate - * @return string Signed SAML response - */ - function verifyAssertion($responseXmlString,$rootcert) - { - date_default_timezone_set("UTC"); - if (file_exists("/tmp/xml")) { - $tempFileDir="/tmp/xml/"; - - } else { - mkdir("/tmp/xml",0777); - $tempFileDir="/tmp/xml/"; - } - - $tempName = 'saml-response-' . $this->samlCreateId() . '.xml'; - $tempFileName=$tempFileDir.$tempName; - while (file_exists($tempFileName)) - $tempFileName = 'saml-response-' . $this->samlCreateId() . '.xml'; - - if (!$handle = fopen($tempFileName, 'w')) { - return false; - } - - if (fwrite($handle, $responseXmlString) === false) { - return false; - } - - $p=xml_parser_create(); - $result=xml_parse_into_struct($p,$responseXmlString,$vals,$index); - xml_parser_free($p); - $cert_info=$index["X509CERTIFICATE"]; - $conditions=$index["CONDITIONS"]; - foreach($cert_info as $key=>$value){ - file_put_contents($tempFileName.'.cert',$vals[$value]['value']); - } - $cert=$tempFileName.'.cert'; - $before=0; - $after=0; - foreach($conditions as $key=>$value){ - $before=$vals[$value]['attributes']['NOTBEFORE']; - $after=$vals[$value]['attributes']['NOTONORAFTER']; - } - $before=$this->validSamlDateFormat($before); - $after=$this->validSamlDateFormat($after); - if(strtotime("now") < $before || strtotime("now") >= $after){ - unlink($tempFileName); - unlink($cert); - return false; - } - fclose($handle); - $cmd = 'xmlsec1 --verify --pubkey-cert ' . $cert .'--trusted '.$rootcert. ' '.$tempFileName.'* 2>&1 1>/dev/null'; - exec($cmd,$resp); - if(strcmp($resp[0],"FAIL") == 0){ - $value = false; - }elseif(strcmp($resp[0],"ERROR") == 0){ - $value = false; - }elseif(strcmp($resp[0],"OK") == 0){ - $value = TRUE; - } - unlink($tempFileName); - unlink($cert); - return $value; - } - - /** - * Creates a 40-character string containing 160-bits of pseudorandomness. - * @return string Containing pseudorandomness of 160 bits - */ - - function samlCreateId() - { - $rndChars = 'abcdefghijklmnop'; - $rndId = ''; - for ($i = 0; $i < 40; $i++ ) { - $rndId .= $rndChars[rand(0,strlen($rndChars)-1)]; - } - return $rndId; - } - - /** - * Returns a unix timestamp in xsd:dateTime format. - * @param timestamp int UNIX Timestamp to convert to xsd:dateTime - * ISO 8601 format. - * @return string - */ - function samlGetDateTime($timestamp) - { - return gmdate('Y-m-d\TH:i:s\Z', $timestamp); - } - /** - * Attempts to check whether a SAML date is valid. Returns true or false. - * @param string $samlDate - * @return bool - */ - - function validSamlDateFormat($samlDate) - { - if ($samlDate == "") return false; - $indexT = strpos($samlDate, 'T'); - $indexZ = strpos($samlDate, 'Z'); - if (($indexT != 10) || ($indexZ != 19)) { - return false; - } - $dateString = substr($samlDate, 0, 10); - $timeString = substr($samlDate, $indexT + 1, 8); - list($year, $month, $day) = explode('-', $dateString); - list($hour, $minute, $second) = explode(':', $timeString); - $parsedDate = gmmktime($hour, $minute, $second, $month, $day, $year); - if (($parsedDate === false) || ($parsedDate == -1)) return false; - if (!checkdate($month, $day, $year)) return false; - return $parsedDate; - } - -} -?> diff --git a/contrib/signed_assertions/AP.php b/contrib/signed_assertions/AP.php new file mode 100644 index 0000000..a242650 --- /dev/null +++ b/contrib/signed_assertions/AP.php @@ -0,0 +1,180 @@ + + * @author Shishir Randive + * Stony Brook University. + * + */ +require_once 'Auth/OpenID/SAML.php'; +/** + * The Attribute_Provider class which signs the attribute,value pair + * for a given openid. + */ +class Attribute_Provider +{ + private $public_key_certificate=null; + private $private_key=null; + private $authenticatedUser=null; + private $notBefore=null; + private $notOnOrAfter=null; + private $rsadsa=null; + private $acsURI=null; + private $attribute=null; + private $value=null; + private $assertionTemplate=null; + /** + * Creates an Attribute_Provider object initialized with startup values. + * @param string $public_key_certificate - The public key certificate + of the signer. + * @param string $private_key - The private key of the signer. + * @param string $notBefore - Certificate validity time + * @param string $notOnOrAfter - Certificate validity time + * @param string $rsadsa - Choice of the algorithm (RSA/DSA) + * @param string $acsURI - URI of the signer. + * @param string $assertionTemplate - SAML template used for assertion + */ + function Attribute_Provider($public_key_certificate,$private_key,$notBefore,$notOnOrAfter,$rsadsa,$acsURI, + $assertionTemplate) + { + $this->public_key_certificate=$public_key_certificate; + $this->private_key=$private_key; + $this->notBefore=$notBefore; + $this->notOnOrAfter=$notOnOrAfter; + $this->rsadsa=$rsadsa; + $this->acsURI=$acsURI; + $this->assertionTemplate=$assertionTemplate; + } + /** + * Create the signed assertion. + * @param string $openid - Openid of the entity being asserted. + * @param string $attribute - The attribute name being asserted. + * @param string $value - The attribute value being asserted. + */ + function sign($openid,$attribute,$value) + { + $samlObj = new SAML(); + $responseXmlString = $samlObj->createSamlAssertion($openid, + $this->notBefore, + $this->notOnOrAfter, + $this->rsadsa, + $this->acsURI, + $attribute, + sha1($value), + $this->assertionTemplate); + $signedAssertion=$samlObj->signAssertion($responseXmlString, + $this->private_key, + $this->public_key_certificate); + return $signedAssertion; + } +} +/** + * The Attribute_Verifier class which verifies the signed assertion at the Relying party. + */ +class Attribute_Verifier +{ + /** + * The certificate the Relying party trusts. + */ + private $rootcert; + /** + * This function loads the public key certificate that the relying party trusts. + * @param string $cert - Trusted public key certificate. + */ + function load_trusted_root_cert($cert) + { + $this->rootcert=$cert; + } + /** + * Verifies the certificate given the SAML document. + * @param string - signed SAML assertion + * return @boolean - true if verification is successful, false if unsuccessful. + */ + function verify($responseXmlString) + { + $samlObj = new SAML(); + $ret = $samlObj->verifyAssertion($responseXmlString,$this->rootcert); + return $ret; + } +} + +/** + * This is a Store Request creating class at the Attribute Provider. + */ +class AP_OP_StoreRequest +{ + /** + * Creates store request and adds it as an extension to AuthRequest object + passed to it. + * @param &Auth_OpenID_AuthRequest &$auth_request - A reference to + the AuthRequest object. + * @param &Attribute_Provider &$attributeProvider - A reference to the + Attribute Provider object. + * @param string $attribute - The attribute name being asserted. + * @param string $value - The attribute value being asserted. + * @param string $openid - Openid of the entity being asserted. + * @return &Auth_OpenID_AuthRequest - Auth_OpenID_AuthRequest object + returned with StoreRequest extension. + */ + static function createStoreRequest(&$auth_request,&$attributeProvider, + $attribute,$value,$openid) + { + if(!$auth_request){ + return null; + } + $signedAssertion=$attributeProvider->sign($openid,$attribute,$value); + $store_request=new Auth_OpenID_AX_StoreRequest; + $store_request->addValue($attribute,base64_encode($value)); + $store_request->addValue($attribute.'/signature', + base64_encode($signedAssertion)); + if($store_request) { + $auth_request->addExtension($store_request); + return $auth_request; + } + } +} + +/* + *This is implemented at the RP Takes care of getting the attribute from the + *AX_Fetch_Response object and verifying it. + */ +class RP_OP_Verify +{ + /** + * Verifies a given signed assertion. + * @param &Attribute_Verifier &$attributeVerifier - An instance of the class + passed for the verification. + * @param Auth_OpenID_Response - Response object for extraction. + * @return boolean - true if successful, false if verification fails. + */ + function verifyAssertion(&$attributeVerifier,$response) + { + $ax_resp=Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); + if($ax_resp instanceof Auth_OpenID_AX_FetchResponse){ + $ax_args=$ax_resp->getExtensionArgs(); + if($ax_args) { + $value=base64_decode($ax_args['value.ext1.1']); + if($attributeVerifier->verify($value)){ + return base64_decode($ax_args['value.ext0.1']); + } else { + return null; + } + } else { + return null; + } + } else { + return null; + } + } +} + + +?> diff --git a/contrib/signed_assertions/SAML.php b/contrib/signed_assertions/SAML.php new file mode 100644 index 0000000..fa6df51 --- /dev/null +++ b/contrib/signed_assertions/SAML.php @@ -0,0 +1,220 @@ + + ** @author Shishir Randive + ** Stony Brook University. + ** largely derived from + ** + * Copyright (C) 2007 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + **/ + +class SAML{ + private $assertionTemplate=null; + /** + * Returns a SAML response with various elements filled in. + * @param string $authenticatedUser The OpenId of the user + * @param string $notBefore The ISO 8601 formatted date before which the + response is invalid + * @param string $notOnOrAfter The ISO 8601 formatted data after which the + response is invalid + * @param string $rsadsa 'rsa' if the response will be signed with RSA keys, + 'dsa' for DSA keys + * @param string $requestID The ID of the request we're responding to + * @param string $destination The ACS URL that the response is submitted to + * @return string XML SAML response. + */ + function createSamlAssertion($authenticatedUser, $notBefore, $notOnOrAfter, $rsadsa, $acsURI,$attribute,$value,$assertionTemplate) + { + $samlResponse = $assertionTemplate; + $samlResponse = str_replace('USERNAME_STRING', $authenticatedUser, $samlResponse); + $samlResponse = str_replace('RESPONSE_ID', $this->samlCreateId(), $samlResponse); + $samlResponse = str_replace('ISSUE_INSTANT', $this->samlGetDateTime(time()), $samlResponse); + $samlResponse = str_replace('NOT_BEFORE', $this->samlGetDateTime(strtotime($notBefore)), $samlResponse); + $samlResponse = str_replace('NOT_ON_OR_AFTER', $this->samlGetDateTime(strtotime($notOnOrAfter)),$samlResponse); + $samlResponse = str_replace('ASSERTION_ID',$this->samlCreateId(), $samlResponse); + $samlResponse = str_replace('RSADSA', strtolower($rsadsa), $samlResponse); + $samlResponse = str_replace('ISSUER_DOMAIN', $acsURI, $samlResponse); + $samlResponse = str_replace('ATTRIBUTE_NAME', $attribute, $samlResponse); + $samlResponse = str_replace('ATTRIBUTE_VALUE', $value, $samlResponse); + return $samlResponse; + } + + /** + * Signs a SAML response with the given private key, and embeds the public key. + * @param string $responseXmlString The unsigned Assertion which will be signed + * @param string $priKey Private key to sign the certificate + * @param string $cert Public key certificate of signee + * @return string Signed Assertion + */ + function signAssertion($responseXmlString,$privKey,$cert) + { + if (file_exists("/tmp/xml")) { + $tempFileDir="/tmp/xml/"; + + } else { + mkdir("/tmp/xml",0777); + $tempFileDir="/tmp/xml/"; + } + $tempName = 'saml-response-' . $this->samlCreateId() . '.xml'; + $tempFileName=$tempFileDir.$tempName; + while (file_exists($tempFileName)) + $tempFileName = 'saml-response-' . $this->samlCreateId() . '.xml'; + + if (!$handle = fopen($tempFileName, 'w')) { + return null; + } + if (fwrite($handle, $responseXmlString) === false) { + return null; + } + fclose($handle); + $cmd = 'xmlsec1 --sign --privkey-pem ' . $privKey . + ',' . $cert . ' --output ' . $tempFileName . + '.out ' . $tempFileName; + exec($cmd, $resp); + unlink($tempFileName); + + $xmlResult = @file_get_contents($tempFileName . '.out'); + if (!$xmlResult) { + return null; + } else { + unlink($tempFileName . '.out'); + return $xmlResult; + } + } + + + /** + * Verify a saml response with the given public key. + * @param string $responseXmlString Response to sign + * @param string $rootcert trusted public key certificate + * @return string Signed SAML response + */ + function verifyAssertion($responseXmlString,$rootcert) + { + date_default_timezone_set("UTC"); + if (file_exists("/tmp/xml")) { + $tempFileDir="/tmp/xml/"; + + } else { + mkdir("/tmp/xml",0777); + $tempFileDir="/tmp/xml/"; + } + + $tempName = 'saml-response-' . $this->samlCreateId() . '.xml'; + $tempFileName=$tempFileDir.$tempName; + while (file_exists($tempFileName)) + $tempFileName = 'saml-response-' . $this->samlCreateId() . '.xml'; + + if (!$handle = fopen($tempFileName, 'w')) { + return false; + } + + if (fwrite($handle, $responseXmlString) === false) { + return false; + } + + $p=xml_parser_create(); + $result=xml_parse_into_struct($p,$responseXmlString,$vals,$index); + xml_parser_free($p); + $cert_info=$index["X509CERTIFICATE"]; + $conditions=$index["CONDITIONS"]; + foreach($cert_info as $key=>$value){ + file_put_contents($tempFileName.'.cert',$vals[$value]['value']); + } + $cert=$tempFileName.'.cert'; + $before=0; + $after=0; + foreach($conditions as $key=>$value){ + $before=$vals[$value]['attributes']['NOTBEFORE']; + $after=$vals[$value]['attributes']['NOTONORAFTER']; + } + $before=$this->validSamlDateFormat($before); + $after=$this->validSamlDateFormat($after); + if(strtotime("now") < $before || strtotime("now") >= $after){ + unlink($tempFileName); + unlink($cert); + return false; + } + fclose($handle); + $cmd = 'xmlsec1 --verify --pubkey-cert ' . $cert .'--trusted '.$rootcert. ' '.$tempFileName.'* 2>&1 1>/dev/null'; + exec($cmd,$resp); + if(strcmp($resp[0],"FAIL") == 0){ + $value = false; + }elseif(strcmp($resp[0],"ERROR") == 0){ + $value = false; + }elseif(strcmp($resp[0],"OK") == 0){ + $value = TRUE; + } + unlink($tempFileName); + unlink($cert); + return $value; + } + + /** + * Creates a 40-character string containing 160-bits of pseudorandomness. + * @return string Containing pseudorandomness of 160 bits + */ + + function samlCreateId() + { + $rndChars = 'abcdefghijklmnop'; + $rndId = ''; + for ($i = 0; $i < 40; $i++ ) { + $rndId .= $rndChars[rand(0,strlen($rndChars)-1)]; + } + return $rndId; + } + + /** + * Returns a unix timestamp in xsd:dateTime format. + * @param timestamp int UNIX Timestamp to convert to xsd:dateTime + * ISO 8601 format. + * @return string + */ + function samlGetDateTime($timestamp) + { + return gmdate('Y-m-d\TH:i:s\Z', $timestamp); + } + /** + * Attempts to check whether a SAML date is valid. Returns true or false. + * @param string $samlDate + * @return bool + */ + + function validSamlDateFormat($samlDate) + { + if ($samlDate == "") return false; + $indexT = strpos($samlDate, 'T'); + $indexZ = strpos($samlDate, 'Z'); + if (($indexT != 10) || ($indexZ != 19)) { + return false; + } + $dateString = substr($samlDate, 0, 10); + $timeString = substr($samlDate, $indexT + 1, 8); + list($year, $month, $day) = explode('-', $dateString); + list($hour, $minute, $second) = explode(':', $timeString); + $parsedDate = gmmktime($hour, $minute, $second, $month, $day, $year); + if (($parsedDate === false) || ($parsedDate == -1)) return false; + if (!checkdate($month, $day, $year)) return false; + return $parsedDate; + } + +} +?> -- cgit v1.1