From 88a223eb7b932371b852444f641d29458bf00a00 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Wed, 21 Jan 2015 10:41:25 +0100
Subject: [PATCH] Extract the InfoCard module out to its own repository.
---
docs/index.txt | 1 -
docs/simplesamlphp-idp.txt | 2 +-
.../config-template/config-login-infocard.php | 200 --------
modules/InfoCard/default-disable | 3 -
.../dict-InfoCard.definition.json | 74 ---
.../InfoCard/dictionaries/dict-InfoCard.php | 453 ------------------
.../dict-InfoCard.translation.json | 0
modules/InfoCard/docs/CHANGELOG | 24 -
modules/InfoCard/docs/usage.txt | 101 ----
modules/InfoCard/lib/Auth/Source/ICAuth.php | 96 ----
modules/InfoCard/lib/RP/InfoCard.php | 347 --------------
modules/InfoCard/lib/RP/LICENSE.txt | 27 --
.../InfoCard/lib/RP/Zend_InfoCard_Claims.php | 304 ------------
.../RP/Zend_InfoCard_Xml_Assertion_Saml.php | 272 -----------
.../lib/RP/Zend_InfoCard_Xml_Security.php | 326 -------------
.../Zend_InfoCard_Xml_Security_Transform.php | 113 -----
..._Security_Transform_EnvelopedSignature.php | 55 ---
...Card_Xml_Security_Transform_XmlExcC14N.php | 55 ---
modules/InfoCard/lib/STS.php | 382 ---------------
modules/InfoCard/lib/UserFunctions.php | 112 -----
modules/InfoCard/lib/Utils.php | 107 -----
.../InfoCard/templates/temp-getcardform.php | 69 ---
modules/InfoCard/templates/temp-login.php | 82 ----
modules/InfoCard/www/STS_card_issuer.php | 285 -----------
modules/InfoCard/www/crt/CA.crt | 21 -
modules/InfoCard/www/crt/idp.crt | 16 -
modules/InfoCard/www/crt/sts.crt | 16 -
modules/InfoCard/www/getcardform.php | 152 ------
modules/InfoCard/www/login-infocard.php | 63 ---
modules/InfoCard/www/mex.php | 242 ----------
modules/InfoCard/www/prueba.php | 161 -------
modules/InfoCard/www/resources/demoimage.png | Bin 15871 -> 0 bytes
.../www/resources/infocard_114x80.png | Bin 3821 -> 0 bytes
.../www/resources/infocard_self_114x80.png | Bin 9302 -> 0 bytes
modules/InfoCard/www/tokenservice.php | 136 ------
modules/InfoCard/www/x509.php | 4 -
36 files changed, 1 insertion(+), 4300 deletions(-)
delete mode 100644 modules/InfoCard/config-template/config-login-infocard.php
delete mode 100644 modules/InfoCard/default-disable
delete mode 100644 modules/InfoCard/dictionaries/dict-InfoCard.definition.json
delete mode 100644 modules/InfoCard/dictionaries/dict-InfoCard.php
delete mode 100644 modules/InfoCard/dictionaries/dict-InfoCard.translation.json
delete mode 100644 modules/InfoCard/docs/CHANGELOG
delete mode 100644 modules/InfoCard/docs/usage.txt
delete mode 100644 modules/InfoCard/lib/Auth/Source/ICAuth.php
delete mode 100644 modules/InfoCard/lib/RP/InfoCard.php
delete mode 100644 modules/InfoCard/lib/RP/LICENSE.txt
delete mode 100644 modules/InfoCard/lib/RP/Zend_InfoCard_Claims.php
delete mode 100644 modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Assertion_Saml.php
delete mode 100644 modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security.php
delete mode 100644 modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform.php
delete mode 100644 modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature.php
delete mode 100644 modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_XmlExcC14N.php
delete mode 100644 modules/InfoCard/lib/STS.php
delete mode 100644 modules/InfoCard/lib/UserFunctions.php
delete mode 100644 modules/InfoCard/lib/Utils.php
delete mode 100644 modules/InfoCard/templates/temp-getcardform.php
delete mode 100644 modules/InfoCard/templates/temp-login.php
delete mode 100644 modules/InfoCard/www/STS_card_issuer.php
delete mode 100644 modules/InfoCard/www/crt/CA.crt
delete mode 100644 modules/InfoCard/www/crt/idp.crt
delete mode 100644 modules/InfoCard/www/crt/sts.crt
delete mode 100644 modules/InfoCard/www/getcardform.php
delete mode 100644 modules/InfoCard/www/login-infocard.php
delete mode 100644 modules/InfoCard/www/mex.php
delete mode 100644 modules/InfoCard/www/prueba.php
delete mode 100644 modules/InfoCard/www/resources/demoimage.png
delete mode 100644 modules/InfoCard/www/resources/infocard_114x80.png
delete mode 100644 modules/InfoCard/www/resources/infocard_self_114x80.png
delete mode 100644 modules/InfoCard/www/tokenservice.php
delete mode 100644 modules/InfoCard/www/x509.php
diff --git a/docs/index.txt b/docs/index.txt
index 89d85a19b..c658252db 100644
--- a/docs/index.txt
+++ b/docs/index.txt
@@ -46,7 +46,6 @@ Documentation on specific simpleSAMLphp modules:
* [Installing and configuring the consentAdmin module](./consentAdmin:consentAdmin)
* [OpenId Provider Module](./openidProvider:provider)
* [Authorization](./authorize:authorize)
- * [InfoCard Module](./InfoCard:usage)
* [autotest Module](./autotest:test)
* [Statistics](./statistics:statistics)
* [Aggregator](./aggregator:aggregator)
diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index a2edf6364..47f5e5188 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -55,7 +55,7 @@ The next step is to configure the way users authenticate on your IdP. Various mo
[`radius:Radius`](./radius:radius)
: Authenticates an user to a Radius server.
-[`InfoCard:ICAuth`](./InfoCard:usage)
+[`InfoCard:ICAuth`](https://github.com/simplesamlphp/simplesamlphp-module-infocard/blob/master/README.md)
: Authenticate with an InfoCard.
[`multiauth:MultiAuth`](./multiauth:multiauth)
diff --git a/modules/InfoCard/config-template/config-login-infocard.php b/modules/InfoCard/config-template/config-login-infocard.php
deleted file mode 100644
index fd6154a39..000000000
--- a/modules/InfoCard/config-template/config-login-infocard.php
+++ /dev/null
@@ -1,200 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION: 'InfoCard' module configuration for simpleSAMLphp.
-
-
-Some definitions were taken from:
-A Guide to Using the Identity Selector
-Interoperability Profile V1.5 within Web
-Applications and Browsers.
-Copyright Microsoft
-
-*/
-
-
-$config = array (
-
-//------------- TEMPLATE OPTIONS ---------------
- 'IClogo' => 'resources/infocard_114x80.png', //Infocard logo button
- 'help_desk_email_URL' => 'mailto:asd@asd.com', //Help desk e-mail
- 'contact_info_URL' => 'http://google.es', //Contact information
-
-
-
-
-//------------- CERTIFICATE OPTIONS ---------------
-
- /*
- * USED IN: Relying Party
- * DESCRIPTION: Key of the certificate used in the https connection with the idp, it'll be used
- * for decrypting the received XML token,
- */
- 'idp_key' => '/etc/apache2/ssl/idp.key',
-
-
- /*
- * USED IN: Relying Party
- * DESCRIPTION: Only accept tokens signed with this certificate,
- * if no certificate is set, it'll be assumed to accept
- * a self isued token and accept any token.
- */
- 'sts_crt' => '/etc/apache2/ssl/sts.crt',
-
-
- /*
- * USED IN: Infocard Generator, STS
- * DESCRIPTION: STS certificate for signing Infocards and tokens.
- */
- 'sts_key' => '/etc/apache2/ssl/sts.key',
-
-
- /*
- * USED IN:
- * DESCRIPTION: Array of certificates forming a trust chain. The local signing
- * certificate is [0], the one that signed that is [1], etc, chaining to a
- * trust anchor.
- * HINT: The first one, [0], should be the same as the sts_crt.
- */
- 'certificates' => array(
- 0 => '/etc/apache2/ssl/sts.crt',
- 1 => '/etc/apache2/ssl/CA.crt'
- ),
-
-
-
-//------------- DATA (InfoCard) OPTIONS ---------------
-
- /*
- * USED IN: InfoCard Generator, Relying Party and STS
- * DESCRIPTION: Infocard information
- */
- 'InfoCard' => array(
- /*
- * -issuer (optional, taken from the sts_crt common name value, if no set, self issuer is assumed )
- * This parameter specifies the URL of the STS from which to obtain a token. If omitted, no
- * specific STS is requested. The special value
- * “http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self” specifies that the
- * token should come from a Self-issued Identity Provider
- */
- /*
- * Root of the current InfoCard schema
- */
- 'schema' => 'http://schemas.xmlsoap.org/ws/2005/05/identity',
- /*
- * -issuerPolicy (optional)
- * This parameter specifies the URL of an endpoint from which the STS’s WS-SecurityPolicy
- * can be retrieved using WS-MetadataExchange. This endpoint must use HTTPS.
- */
- 'issuerPolicy' => '',
- /*
- * -privacyUrl (optional)
- * This parameter specifies the URL of the human-readable Privacy Policy of the site, if
- * provided.
- */
- 'privacyURL' => '',
- /*
- * -tokenType (optional)
- * This parameter specifies the type of the token to be requested from the STS as a URI. Th
- * parameter can be omitted if the STS and the Web site front-end have a mutual
- * understanding about what token type will be provided or if the Web site is willing to accep
- * any token type.
- */
- 'tokenType' => 'urn:oasis:names:tc:SAML:1.0:assertion',
-
- /*-Claims supported by the current schema
- givenname
- surname
- emailaddress
- streetaddress
- locality
- stateorprovince
- postalcode
- country
- primaryphone
- dateofbirth
- privatepersonalid
- gender
- webpage
- */
-
- /*
- * -requiredClaims (optional)
- * This parameter specifies the types of claims that must be supplied by the identity. If
- * omitted, there are no required claims. The value of requiredClaims is a space-separate
- * list of URIs, each specifying a required claim type.
- */
- 'requiredClaims' => array(
- 'privatepersonalidentifier' => array('displayTag'=>"Id", 'description'=>"id"),
- 'givenname' => array('displayTag'=>"Given Name", 'description'=>"etc"),
- 'surname' => array('displayTag'=>"Surname", 'description'=>"apellidos"),
- 'emailaddress' => array('displayTag'=>"e-mail", 'description'=>"E-mail address")
- ),
- /*
- * -optionalClaims (optional)
- * This parameter specifies the types of optional claims that may be supplied by the identity
- * If omitted, there are no optional claims. The value of optionalClaims is a space-separat
- * list of URIs, each specifying a claim type that can be optionally submitted
- */
- 'optionalClaims' => array(
- 'country' => array('displayTag'=>"country", 'description'=>"PaĂs"),
- 'webpage' => array('displayTag'=>"webpage", 'description'=>"Página web")
- ),
- ),
-
-
-
-
-//------------- WEB PAGES ---------------
-
- /*
- * USED IN: InfoCard Generator, Relying Party (optional form)
- * DESCRIPTION: Infocard generator URL, if set it'll appear a form with username-password authentication in the template
- */
- 'CardGenerator' => 'https://sts.aut.uah.es/simplesaml/module.php/InfoCard/getcardform.php',
-
-
- /*
- * USED IN: InfoCard Generator, Relying Party (issuer), STS (Metadata-Exchange)
- * DESCRIPTION: Token generator URL
- */
- 'tokenserviceurl' => 'https://sts.aut.uah.es/simplesaml/module.php/InfoCard/tokenservice.php',
-
-
- /*
- * USED IN: InfoCard Generator
- * DESCRIPTION: Metadata Exchange URL
- */
- 'mexurl' => 'https://sts.aut.uah.es/simplesaml/module.php/InfoCard/mex.php',
-
-
-
-
-//------------- CREDENTIALS ---------------
-
- /*
- * USED IN: InfoCard Generator, Relying Party (optional form)
- * TYPES: UsernamePasswordCredential, KerberosV5Credential, X509V3Credential, SelfIssuedCredential
- * DESCRIPTION: How the user will be authenticated
- * IMPLEMENTED & TESTED: UsernamePasswordCredential, SelfIssuedCredential
- */
- 'UserCredential' => 'SelfIssuedCredential',
-
-
-
-
-//------------- DEBUG ---------------
-
- /*
- * USED IN: tokenservice
- * DESCRIPTION: directory where RSTs and RSTRs will be logged EJ: /tmp.
- * If null, logging will be dissabled.
- * The directory MUST exists and be accessible to the program, otherwise NO log will be written
- * Log files have the form urn:uuid:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.log where X is an hexadecimal digit [0-9|a-f]
- */
- 'debugDir' => '/tmp',
-
-);
diff --git a/modules/InfoCard/default-disable b/modules/InfoCard/default-disable
deleted file mode 100644
index fa0bd82e2..000000000
--- a/modules/InfoCard/default-disable
+++ /dev/null
@@ -1,3 +0,0 @@
-This file indicates that the default state of this module
-is disabled. To enable, create a file named enable in the
-same directory as this file.
diff --git a/modules/InfoCard/dictionaries/dict-InfoCard.definition.json b/modules/InfoCard/dictionaries/dict-InfoCard.definition.json
deleted file mode 100644
index 647388529..000000000
--- a/modules/InfoCard/dictionaries/dict-InfoCard.definition.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
- "wrong_IC": {
- "en": "Invalid InfoCard"
- },
- "get_IC": {
- "en": "Get your InfoCard"
- },
- "get_IC_link": {
- "en": "Click here to get your InfoCard"
- },
- "form_username": {
- "en": "Username"
- },
- "form_password": {
- "en": "Password"
- },
- "error_header": {
- "en": "Error"
- },
- "user_IC_header": {
- "en": "Select an InfoCard"
- },
- "user_IC_text": {
- "en": "A service has requested you to authenticate yourself. Please click on the image below to start a session with an InfoCard."
- },
- "login_button": {
- "en": " "
- },
- "get_button": {
- "en": "Get my Infocard"
- },
- "help_header": {
- "en": "HELP! What is an InfoCard?"
- },
- "help_text": {
- "en": "Information Cards (aka InfoCard) is a web authentication technology. Contact with your services provider in order to configure your computer and give you and Information Card (identification virtual card)."
- },
- "help_desk_link": {
- "en": "Help desk homepage"
- },
- "help_desk_email": {
- "en": "Send e-mail to help desk"
- },
- "contact_info": {
- "en": "Contact information"
- },
- "getcardform_title": {
- "en": "Authentication form"
- },
- "getcardform_self_title": {
- "en": "Self-Issued Card form"
- },
- "getcardform_self_text": {
- "en": "Please, enter a self issued InfoCard in order to link it with the managed one we are generating."
- },
- "getcardform_finished_title": {
- "en": "Congratulations, your Infocard was succesfully generated"
- },
- "getcardform_finished_text": {
- "en": "Please follow the next link to get to the login page."
- },
- "NO_password": {
- "en": "Please fill in your password"
- },
- "NO_user": {
- "en": "Please fill in your username"
- },
- "Wrong_user_pass": {
- "en": "Wrong username or password"
- },
- "": {
- "en": ""
- }
-}
\ No newline at end of file
diff --git a/modules/InfoCard/dictionaries/dict-InfoCard.php b/modules/InfoCard/dictionaries/dict-InfoCard.php
deleted file mode 100644
index f5c8171e0..000000000
--- a/modules/InfoCard/dictionaries/dict-InfoCard.php
+++ /dev/null
@@ -1,453 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 16-DEC-08
-* DESCRIPTION: 'login-infocard' module dictionary.
-*/
-
-$lang = array(
- 'wrong_IC' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Invalid InfoCard',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'InfoCard errĂłnea',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'get_IC' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Get your InfoCard',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Consiga su InfoCard',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'get_IC_link' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Click here to get your InfoCard',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Pinche aquĂ para conseguir su InfoCard',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'form_username' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Username',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Usuario',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'form_password' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Password',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Contraseña',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'error_header' => array (
- 'no' => 'Feil',
- 'nn' => 'Feil',
- 'da' => 'Fejl',
- 'en' => 'Error',
- 'de' => 'Fehler',
- 'sv' => 'Fel',
- 'fi' => 'Virhe',
- 'es' => 'Error',
- 'fr' => 'Erreur',
- 'nl' => 'Fout',
- 'lb' => 'Fehler',
- 'sl' => 'Napaka',
- 'hr' => 'Greška',
- 'hu' => 'Hiba',
- 'pt' => 'Erro',
- 'pt-br' => 'Erro',
- ),
- 'user_IC_header' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Select an InfoCard',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Seleccione una InfoCard',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'user_IC_text' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'A service has requested you to authenticate yourself. Please click on the image below to start a session with an InfoCard.',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Un servicio solicita que se autentique. Pinche en la imagen inferior para iniciar una sesiĂłn con una InfoCard.',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'login_button' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => ' ',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => ' ',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'get_button' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Get my Infocard',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Conseguir mi Infocard',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'help_header' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'HELP! What is an InfoCard?',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => '¡Ayuda! ¿Qué es una InfoCard?',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'help_text' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Information Cards (aka InfoCard) is a web authentication technology. Contact with your services provider in order to configure your computer and give you and Information Card (identification virtual card).',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Information Cards (alias Infocard) es una tecnologĂa de autenticaciĂłn web. Consulte con su proveedor de servicios para que le ayude a configurar su máquina y le expida una Information Card (tarjeta virtual de identificaciĂłn).',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'help_desk_link' => array (
- 'no' => 'Hjemmesiden til brukerstøtte',
- 'nn' => 'Heimeside for brukarstøtte',
- 'da' => 'Servicedesk',
- 'en' => 'Help desk homepage',
- 'de' => 'Seite des Helpdesk',
- 'sv' => 'Hemsida för helpdesk',
- 'es' => 'Página de soporte técnico',
- 'nl' => 'Helpdesk homepage',
- 'sl' => 'Spletna stran tehniÄŤne podpore uporabnikom.',
- 'hr' => 'Helpdesk stranice',
- 'hu' => 'Ügyfélszolgálat weboldala',
- 'pt' => 'Página do serviço de apoio ao utilizador',
- 'pt-br' => 'Central de Ajuda',
- ),
- 'help_desk_email' => array (
- 'no' => 'Send e-post til brukerstøtte',
- 'nn' => 'Send epost til brukarstøtte',
- 'da' => 'Send en e-mail servicedesk',
- 'en' => 'Send e-mail to help desk',
- 'de' => 'Email an den Helpdesk senden',
- 'sv' => 'Skicka e-post till helpdesk',
- 'es' => 'Enviar correo electrónico al soporte técnico',
- 'nl' => 'Stuur een e-mail naar de helpdesk',
- 'sl' => 'Pošlji e-poštno sporočilo tehnični podpori.',
- 'hr' => 'Pošaljite e-mail helpdesk službi',
- 'hu' => 'Küldjön e-mailt az ügyfélszolgálatnak',
- 'pt' => 'Enviar um e-mail para o serviço de apoio ao utilizador',
- 'pt-br' => 'Envie um e-mail para a Central de Ajuda.',
- ),
- 'contact_info' => array (
- 'no' => 'Kontaktinformasjon',
- 'nn' => 'Kontaktinformasjon',
- 'da' => 'Kontaktoplysninger',
- 'en' => 'Contact information',
- 'de' => 'Kontakt',
- 'sv' => 'Kontaktinformation',
- 'es' => 'InformaciĂłn de contacto',
- 'nl' => 'Contact informatie',
- 'sl' => 'Kontakt',
- 'hr' => 'Kontakt podaci',
- 'hu' => 'Elérési információk',
- 'pt' => 'Contactos',
- 'pt-br' => 'Informações de Contato',
- ),
- 'getcardform_title' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Authentication form',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Formulario de autenticaciĂłn',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'getcardform_self_title' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Self-Issued Card form',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Formulario de tarjeta autogestionada',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'getcardform_self_text' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Please, enter a self issued InfoCard in order to link it with the managed one we are generating.',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Por favor, introduzca una InfoCard autogestionada para ligarla a la que vamos a generarle.',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'getcardform_finished_title' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Congratulations, your Infocard was succesfully generated',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Enhorabuena, generĂł su Infocard con Ă©xito',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'getcardform_finished_text' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Please follow the next link to get to the login page.',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Siga el siguiente enlace para ir a la página de login',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'NO_password' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Please fill in your password',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Introduce una contraseña',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'NO_user' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Please fill in your username',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Introduce tu nombre de usuario',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- 'Wrong_user_pass' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => 'Wrong username or password',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => 'Usuario o contraseña inválidos ',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- '' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => '',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => '',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
- '' => array (
- 'no' => '',
- 'nn' => '',
- 'da' => '',
- 'en' => '',
- 'de' => '',
- 'sv' => '',
- 'fi' => '',
- 'es' => '',
- 'fr' => '',
- 'nl' => '',
- 'lb' => '',
- 'sl' => '',
- 'hr' => '',
- 'hu' => '',
- 'pt' => '',
- 'pt-br' => '',
- ),
-
-);
diff --git a/modules/InfoCard/dictionaries/dict-InfoCard.translation.json b/modules/InfoCard/dictionaries/dict-InfoCard.translation.json
deleted file mode 100644
index e69de29bb..000000000
diff --git a/modules/InfoCard/docs/CHANGELOG b/modules/InfoCard/docs/CHANGELOG
deleted file mode 100644
index 7088fc1a5..000000000
--- a/modules/InfoCard/docs/CHANGELOG
+++ /dev/null
@@ -1,24 +0,0 @@
-We are glad to announce a new release of the InfoCard
-module implementation for simpleSAMLphp.
-
-Sorry for being a bit late but I've just finished my degree exams.
-
-Here are the major changes:
--In addition to user-password authentication, STS is also accepting Self-issued cards.
--Fully compatible with MS Cardspace. Really! (Tested with Digitalme
-and Cardspaces)
--mex.php has been fully rewritten, now it's short and understable. :)
--I've added a link in the module main page so it's possible to get a
-managed card once you get authenticated by means of a simple user-password form. Because of this getinfocard.php is replaced by getcardform.php
--A new classs called STS has been added to handle the STS messages
-(issuing InfoCards, Request Service Token Response, Error Response).
--tokenservice.php make use of STS class. This has allowed us to shorten it quite a log.
--Commented and more elegant code.
--Logging support:It's possible to log the RST (from the identity selector) and the RSTR (from the STS) messages in a configurable directory.
--We carry on using transport binding for the communications.
-
-This work is being supported by RedIRIS (the spanish NREN, www.rediris.es) and CS Department of the University of Alcala (Spain).
-
-This modules has been developed by Samuel Muñoz Hidalgo.
-
-Contact: Enrique de la Hoz: enrique.delahoz@uah.es.
diff --git a/modules/InfoCard/docs/usage.txt b/modules/InfoCard/docs/usage.txt
deleted file mode 100644
index 5495a9b94..000000000
--- a/modules/InfoCard/docs/usage.txt
+++ /dev/null
@@ -1,101 +0,0 @@
-Information cards module for simpleSAMLphp
-==========================================
-
-<!--
- This file is written in Markdown syntax.
- For more information about how to use the Markdown syntax, read here:
- http://daringfireball.net/projects/markdown/syntax
--->
-
- AUTHOR: Samuel Muñoz Hidalgo
- EMAIL: samuel.mh@gmail.com
- LAST REVISION: 13-FEB-09
- DESCRIPTION: What you should read before starting doing things.
-
-
-
-Introduction
--------------
-
-WARNING: **THIS IS NOT** mature software, it's released with testing, educational, developing purposes. It's on a very early version, so don't rely the life of anybody on it.
-
-
-This is a simpleSAMLphp module that works with Information Cards techcnologies and provides two basic functionalities:
-
-RP
-: Acting as a Relying Party, you can accept user authentication through InfoCards comsumming tokens sent by aSTS.
-
-STS
-: Acting as a Secure Token Service you can provide information to a RP generating tokens. Currently, only user password and self issued credentials are supported.
-
-InfoCard Generator
-: Your users could request their InfoCard filling a form with their username and password.
-
-
-Very important
---------------
-
-This document is not a strict guide, I mean it might have some errors or missed information. I've tried to comment almost every trick i've used to make the system work and make your life easier. So, if at any point of the installation you feel lost, breathe twice, think for ten minutes in what you are trying to do, read again the documentation and use your common sense. It'll be usefull when you'll face again the configuration file.
-
-
-Basic installation
-------------------
-1. Copy the InfoCard folder in your modules directoy in your SimpleSAMLphp installation directory.
-2. Copy (or move) the file `modules/InfoCard/extra/config-login-infocard.php` to the config directory in your SimpleSAMLphp installation directory.
-3. Edit the `config/config-login-infocard.php` file, you should configure some values like: `help_desk_email_URL`, `contact_info_URL`, `server_key`, `server_crt`, `sts_crt`, `requiredClaims` and `optionalClaims` to fit your needs.
-4. Edit the config/authsources.php file, add this text before the last );
-
- 'InfoCard' => array(
- 'InfoCard:ICAuth',
- ),
-5. That's all.
-
-
-Adding an Infocard Generator
-----------------------------
-
-1. Go into the `modules/InfoCard` folder.
-2. Copy `extra/getinfocard.php` to `www/getinfocard.php`
-3. Edit the `config/config-login-infocard.php` file and uncomment this line
-
- // 'CardGenerator' => 'getinfocard.php', (delete the two //).
-
-4. Following the previous example, uncomment this `values:certificates`, `sts_key`, `tokenserviceurl` and `mexurl`.
-6. Check the previous values andm modify them if you need.
-5. Read the USER FUNCTIONS section.
-
-
-Adding the STS functionality
-----------------------------
-
-1. Go into the `modules/InfoCard` folder.
-2. Copy `extra/mex.php` and `extra/tokenservice.php` to the www folder.
-3. Edit the `config/config-login-infocard.php` file and uncomment the values: `certificates` and `sts_key`.
-4. Read the USER FUNCTIONS section.
-
-
-User functions
---------------
-
-Because there are many authentication issues I cannot guess for you, you'll have to code a little bit to fit this module to your authentication system.
-
-We we'll work with the file `UserFunctions.php` located in `modules/InfoCard/lib/`
-
-`validateUser`, it receives two strings, username and password, you do the validation (against your database?) and return true if you want to validate the user or false instead.
-
-`fillClaims`, it's used by the tokenservice to give information about the user to the relying party. It receives the username, the configured required and optional claims and the claims requested by the RP.
-It works filling the claimValues array and your job is the ensure the 'value' variable (`$claimValues[$claim]['value']=` ) of the array gets the value you want. Understand that requested values and your configured ones could not match.
-
-`fillICdata`, it's used by the card generator to retrieve needed information. It receives an authenticated username and returns an array containing information such as the card name, the card image, the expiring time, etc.
-
-
-Certificates and hosts
-----------------------
-
-The architecture is composed by three independent elements:
-
-- User: Identity Selector
-- IDP: Relying Party
-- STS: IC and token generation.
-
-That's because you should configure two hosts (with two x509 certificates) if you want two have the IDP and STS functionalities in the same machine.
\ No newline at end of file
diff --git a/modules/InfoCard/lib/Auth/Source/ICAuth.php b/modules/InfoCard/lib/Auth/Source/ICAuth.php
deleted file mode 100644
index 83aafb348..000000000
--- a/modules/InfoCard/lib/Auth/Source/ICAuth.php
+++ /dev/null
@@ -1,96 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 22-DEC-08
-* DESCRIPTION:
-* Authentication module.
-* Handles the login information
-* Infocard's claims are extracted passed as attributes.
-*/
-
-
-class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source {
-
- //The string used to identify our states.
- const STAGEID = 'sspmod_core_Auth_UserPassBase.state';
-
-
- //The key of the AuthId field in the state.
- const AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId';
-
-
- public function __construct($info, $config) {
- assert('is_array($info)');
- assert('is_array($config)');
-
- /* Call the parent constructor first, as required by the interface. */
- parent::__construct($info, $config);
- }
-
-
- public function authenticate(&$state) {
- assert('is_array($state)');
-
- /* We are going to need the authId in order to retrieve this authentication source later. */
- $state[self::AUTHID] = $this->authId;
- $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
- $url = SimpleSAML_Module::getModuleURL('InfoCard/login-infocard.php');
- SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
- }
-
-
- public static function handleLogin($authStateId, $xmlToken) {
- assert('is_string($authStateId)');
-
- $config = SimpleSAML_Configuration::getInstance();
- $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
- $idp_key = $autoconfig->getValue('idp_key');
- $idp_pass = $autoconfig->getValue('idp_key_pass', NULL);
- $sts_crt = $autoconfig->getValue('sts_crt');
- $Infocard = $autoconfig->getValue('InfoCard');
-
- $infocard = new sspmod_InfoCard_RP_InfoCard();
- $infocard->addIDPKey($idp_key, $idp_pass);
- $infocard->addSTSCertificate($sts_crt);
- if (!$xmlToken)
- SimpleSAML_Logger::debug("XMLtoken: ".$xmlToken);
- else
- SimpleSAML_Logger::debug("NOXMLtoken: ".$xmlToken);
- $claims = $infocard->process($xmlToken);
- if($claims->isValid()) {
- $attributes = array();
- foreach ($Infocard['requiredClaims'] as $claim => $data){
- $attributes[$claim] = array($claims->$claim);
- }
- foreach ($Infocard['optionalClaims'] as $claim => $data){
- $attributes[$claim] = array($claims->$claim);
- }
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authStateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- /* Retrieve the authentication state. */
- $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
- /* Find authentication source. */
- assert('array_key_exists(self::AUTHID, $state)');
- $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
- if ($source === NULL) {
- throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
- }
- $state['Attributes'] = $attributes;
- unset($infocard);
- unset($claims);
- SimpleSAML_Auth_Source::completeAuth($state);
- } else {
- unset($infocard);
- unset($claims);
- return 'wrong_IC';
- }
- }
-
-}
diff --git a/modules/InfoCard/lib/RP/InfoCard.php b/modules/InfoCard/lib/RP/InfoCard.php
deleted file mode 100644
index d0515110b..000000000
--- a/modules/InfoCard/lib/RP/InfoCard.php
+++ /dev/null
@@ -1,347 +0,0 @@
-<?php
-/*
-* COAUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 22-DEC-08
-* DESCRIPTION: Zend Infocard libraries added sts certificate check
-*/
-require_once 'Zend_InfoCard_Claims.php';
-
-class sspmod_InfoCard_RP_InfoCard
-{
-
- const XENC_NS = "http://www.w3.org/2001/04/xmlenc#";
- const XENC_ELEMENT_TYPE = "http://www.w3.org/2001/04/xmlenc#Element";
- const XENC_ENC_ALGO = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
- const XENC_KEYINFO_ENC_ALGO = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
-
- const DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
- const DSIG_RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
- const DSIG_ENVELOPED_SIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
- const DSIG_SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
-
- const CANON_EXCLUSIVE = "http://www.w3.org/2001/10/xml-exc-c14n#";
-
- const WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
- const WSSE_KEYID_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";
-
- const XMLSOAP_SELF_ISSUED = "http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self";
-
- const XMLSOAP_CLAIMS_NS = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims';
-
- const SAML_ASSERTION_1_0_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
- const SAML_ASSERTION_1_1_NS = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
-
- protected $_private_key_file;
- protected $_public_key_file;
- protected $_password;
- protected $_sxml;
-
- protected $_sts_crt;
-
- public function __construct() {
- if(!extension_loaded('mcrypt')) {
- throw new Exception("Use of the InfoCard component requires the mcrypt extension to be enabled in PHP");
- }
-
- if(!extension_loaded('openssl')) {
- throw new Exception("Use of the InfoCard component requires the openssl extension to be enabled in PHP");
- }
- }
-
-
-
- public function addSTSCertificate($sts_crt){
- $this->_sts_crt = $sts_crt;
- if(($sts_crt==NULL) || (strcmp($sts_crt,'')==0)) {
- SimpleSAML_Logger::debug('WARNING: No STS certificate is set, ALL TOKENS WILL BE ACCEPTED');
- }else if( (!file_exists($sts_crt)) || (!is_readable($sts_crt))) {
- throw new Exception("STS certificate is not readable");
- }
- }
-
-
-
- public function addIDPKey($private_key_file, $password = NULL){
- $this->_private_key_file = $private_key_file;
- $this->_password = $password;
-
- if(!file_exists($this->_private_key_file)) {
- throw new Exception("Private key file does not exists");
- }
-
- if(!is_readable($this->_private_key_file)) {
- throw new Exception("Private key file is not readable");
- }
- }
-
-/*Function not used $public_key_file is not used*/
- public function addCertificatePair($private_key_file, $public_key_file, $password = null) {
- $this->_private_key_file = $private_key_file;
- $this->_public_key_file = $public_key_file;
- $this->_password = $password;
-
- if(!file_exists($this->_private_key_file)) {
- throw new Exception("Private key file does not exists");
- }
-
- if(!is_readable($this->_private_key_file)) {
- throw new Exception("Private key file is not readable");
- }
-
- if(!file_exists($this->_public_key_file)) {
- throw new Exception("Public key file does not exists");
- }
-
- if(!is_readable($this->_public_key_file)) {
- throw new Exception("Public key file is not readable");
- }
- }
-
-
- public function process($xmlToken) {
- if(strpos($xmlToken, "EncryptedData") === false ) {
-SimpleSAML_Logger::debug('IC: UNsecureToken');
- return self::processUnSecureToken($xmlToken);
- }
- else {
-SimpleSAML_Logger::debug('IC: secureToken');
- return self::processSecureToken($xmlToken);
- }
- }
-
- private function processSecureToken($xmlToken) {
- $retval = new Zend_InfoCard_Claims();
-
- try {
- $this->_sxml = simplexml_load_string($xmlToken);
- $decryptedToken = self::decryptToken($xmlToken);
- }
- catch(Exception $e) {
- SimpleSAML_Logger::debug('ProcSecToken '.$e);
- $retval->setError('Failed to extract assertion document');
- throw new Exception('Failed to extract assertion document: ' . $e->getMessage());
- $retval->setCode(Zend_InfoCard_Claims::RESULT_PROCESSING_FAILURE);
- return $retval;
- }
-
- try {
- $assertions = self::getAssertions($decryptedToken);
- }
- catch(Exception $e) {
- $retval->setError('Failure processing assertion document');
- throw new Exception('Failure processing assertion document');
- $retval->setCode(Zend_InfoCard_Claims::RESULT_PROCESSING_FAILURE);
- return $retval;
- }
-
- try {
- $reference_id = self::ValidateSignature($assertions);
- self::checkConditions($reference_id, $assertions);
- }
- catch(Exception $e) {
- $retval->setError($e->getMessage());
- $retval->setCode(Zend_InfoCard_Claims::RESULT_VALIDATION_FAILURE);
- return $retval;
- }
-
- return self::getClaims($retval, $assertions);
- }
-
- private function processUnsecureToken($xmlToken) {
- $retval = new Zend_InfoCard_Claims();
-
- try {
- $assertions = self::getAssertions($xmlToken);
- }
- catch(Exception $e) {
- $retval->setError('Failure processing assertion document');
- throw new Exception('Failure processing assertion document');
- $retval->setCode(Zend_InfoCard_Claims::RESULT_PROCESSING_FAILURE);
- return $retval;
- }
-
- return self::getClaims($retval, $assertions);
- }
-
- private function ValidateSignature($assertions) {
- include_once 'Zend_InfoCard_Xml_Security.php';
- $reference_id = Zend_InfoCard_Xml_Security::validateXMLSignature($assertions->asXML(), $this->_sts_crt);
- if(!$reference_id) {
- throw new Exception("Failure Validating the Signature of the assertion document");
- }
-
- return $reference_id;
- }
-
- private function checkConditions($reference_id, $assertions) {
- if($reference_id[0] == '#') {
- $reference_id = substr($reference_id, 1);
- } else {
- throw new Exception("Reference of document signature does not reference the local document");
- }
-
- if($reference_id != $assertions->getAssertionID()) {
- throw new Exception("Reference of document signature does not reference the local document");
- }
-
- $conditions = $assertions->getConditions();
- if(is_array($condition_error = $assertions->validateConditions($conditions))) {
- throw new Exception("Conditions of assertion document are not met: {$condition_error[1]} ({$condition_error[0]})");
- }
- }
-
- private function getClaims($retval, $assertions) {
- $attributes = $assertions->getAttributes();
- $retval->setClaims($attributes);
- if($retval->getCode() == 0) {
- $retval->setCode(Zend_InfoCard_Claims::RESULT_SUCCESS);
- }
-
- return $retval;
- }
-
- private function getAssertions($strXmlData) {
- $sxe = simplexml_load_string($strXmlData);
- $namespaces = $sxe->getDocNameSpaces();
- foreach($namespaces as $namespace) {
- switch($namespace) {
- case self::SAML_ASSERTION_1_0_NS:
- include_once 'Zend_InfoCard_Xml_Assertion_Saml.php';
- return simplexml_load_string($strXmlData, 'Zend_InfoCard_Xml_Assertion_Saml', null);
- }
- }
-
- throw new Exception("Unable to determine Assertion type by Namespace");
- }
-
- private function decryptToken($xmlToken) {
- if($this->_sxml['Type'] != self::XENC_ELEMENT_TYPE) {
- throw new Exception("Unknown EncryptedData type found");
- }
-
- $this->_sxml->registerXPathNamespace('enc', self::XENC_NS);
- list($encryptionMethod) = $this->_sxml->xpath("//enc:EncryptionMethod");
- if(!$encryptionMethod instanceof SimpleXMLElement) {
- throw new Exception("EncryptionMethod node not found");
- }
-
- $encMethodDom = dom_import_simplexml($encryptionMethod);
- if(!$encMethodDom instanceof DOMElement) {
- throw new Exception("Failed to create DOM from EncryptionMethod node");
- }
-
- if(!$encMethodDom->hasAttribute("Algorithm")) {
- throw new Exception("Unable to determine the encryption algorithm in the Symmetric enc:EncryptionMethod XML block");
- }
-
- $algo = $encMethodDom->getAttribute("Algorithm");
- if($algo != self::XENC_ENC_ALGO) {
- throw new Exception("Unsupported encryption algorithm");
- }
-
- $this->_sxml->registerXPathNamespace('ds', self::DSIG_NS);
- list($keyInfo) = $this->_sxml->xpath("ds:KeyInfo");
- if(!$keyInfo instanceof SimpleXMLElement) {
- throw new Exception("KeyInfo node not found");
- }
-
- $keyInfo->registerXPathNamespace('enc', self::XENC_NS);
- list($encryptedKey) = $keyInfo->xpath("enc:EncryptedKey");
- if(!$encryptedKey instanceof SimpleXMLElement) {
- throw new Exception("EncryptedKey element not found in KeyInfo");
- }
-
- $encryptedKey->registerXPathNamespace('enc', self::XENC_NS);
- list($keyInfoEncryptionMethod) = $encryptedKey->xpath("enc:EncryptionMethod");
- if(!$keyInfoEncryptionMethod instanceof SimpleXMLElement) {
- throw new Exception("EncryptionMethod element not found in EncryptedKey");
- }
-
- $keyInfoEncMethodDom = dom_import_simplexml($keyInfoEncryptionMethod);
- if(!$keyInfoEncMethodDom instanceof DOMElement) {
- throw new Exception("Failed to create DOM from EncryptionMethod node");
- }
-
- if(!$keyInfoEncMethodDom->hasAttribute("Algorithm")) {
- throw new Exception("Unable to determine the encryption algorithm in the Symmetric enc:EncryptionMethod XML block");
- }
-
- $keyInfoEncMethodAlgo = $keyInfoEncMethodDom->getAttribute("Algorithm");
- if($keyInfoEncMethodAlgo != self::XENC_KEYINFO_ENC_ALGO) {
- throw new Exception("Unsupported encryption algorithm");
- }
-
- $encryptedKey->registerXPathNamespace('ds', self::DSIG_NS);
- $encryptedKey->registerXPathNamespace('wsse', self::WSSE_NS);
- list($keyIdentifier) = $encryptedKey->xpath("ds:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier");
- if(!$keyIdentifier instanceof SimpleXMLElement) {
- throw new Exception("KeyInfo/SecurityTokenReference/KeyIdentifier node not found in KeyInfo");
- }
-
- $keyIdDom = dom_import_simplexml($keyIdentifier);
- if(!$keyIdDom instanceof DOMElement) {
- throw new Exception("Failed to create DOM from KeyIdentifier node");
- }
-
- if(!$keyIdDom->hasAttribute("ValueType")) {
- throw new Exception("Unable to determine ValueType of KeyIdentifier");
- }
-
- $valueType = $keyIdDom->getAttribute("ValueType");
- if($valueType != self::WSSE_KEYID_VALUE_TYPE) {
- throw new Exception("Unsupported KeyIdentifier ValueType");
- }
-
- list($cipherValue) = $encryptedKey->xpath("enc:CipherData/enc:CipherValue");
- if(!$cipherValue instanceof SimpleXMLElement) {
- throw new Exception("CipherValue node found in EncryptedKey");
- }
-
- $base64DecodeSupportsStrictParam = version_compare(PHP_VERSION, '5.2.0', '>=');
-
- if ($base64DecodeSupportsStrictParam) {
- $keyCipherValueBase64Decoded = base64_decode($cipherValue, true);
- } else {
- $keyCipherValueBase64Decoded = base64_decode($cipherValue);
- }
-
- $private_key = openssl_pkey_get_private(array(file_get_contents($this->_private_key_file), $this->_password));
- if(!$private_key) {
- throw new Exception("Unable to load private key");
- }
-
- $result = openssl_private_decrypt($keyCipherValueBase64Decoded, $symmetricKey, $private_key, OPENSSL_PKCS1_OAEP_PADDING);
- openssl_free_key($private_key);
-
- if(!$result) {
- throw new Exception("Unable to decrypt symmetric key");
- }
-
- list($cipherValue) = $this->_sxml->xpath("enc:CipherData/enc:CipherValue");
- if(!$cipherValue instanceof SimpleXMLElement) {
- throw new Exception("CipherValue node found in EncryptedData");
- }
-
- if ($base64DecodeSupportsStrictParam) {
- $keyCipherValueBase64Decoded = base64_decode($cipherValue, true);
- } else {
- $keyCipherValueBase64Decoded = base64_decode($cipherValue);
- }
-
- $mcrypt_iv = substr($keyCipherValueBase64Decoded, 0, 16);
- $keyCipherValueBase64Decoded = substr($keyCipherValueBase64Decoded, 16);
- $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $symmetricKey, $keyCipherValueBase64Decoded, MCRYPT_MODE_CBC, $mcrypt_iv);
-
- if(!$decrypted) {
- throw new Exception("Unable to decrypt token");
- }
-
- $decryptedLength = strlen($decrypted);
- $paddingLength = substr($decrypted, $decryptedLength -1, 1);
- $decrypted = substr($decrypted, 0, $decryptedLength - ord($paddingLength));
- $decrypted = rtrim($decrypted, "\0");
-
- return $decrypted;
- }
-}
diff --git a/modules/InfoCard/lib/RP/LICENSE.txt b/modules/InfoCard/lib/RP/LICENSE.txt
deleted file mode 100644
index 77a910f6a..000000000
--- a/modules/InfoCard/lib/RP/LICENSE.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2005-2008, Zend Technologies USA, Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
- * Neither the name of Zend Technologies USA, Inc. nor the names of its
- contributors may be used to endorse or promote products derived from this
- software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/modules/InfoCard/lib/RP/Zend_InfoCard_Claims.php b/modules/InfoCard/lib/RP/Zend_InfoCard_Claims.php
deleted file mode 100644
index 321d1b149..000000000
--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Claims.php
+++ /dev/null
@@ -1,304 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Claims.php 9094 2008-03-30 18:36:55Z thomas $
- */
-
-/**
- * Result value of the InfoCard component, contains any error messages and claims
- * from the processing of an information card.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- */
-class Zend_InfoCard_Claims
-{
- /**
- * Successful validation and extraion of claims
- */
- const RESULT_SUCCESS = 1;
-
- /**
- * Indicates there was an error processing the XML document
- */
- const RESULT_PROCESSING_FAILURE = 2;
-
- /**
- * Indicates that the signature values within the XML document failed verification
- */
- const RESULT_VALIDATION_FAILURE = 3;
-
- /**
- * The default namespace to assume in these claims
- *
- * @var string
- */
- protected $_defaultNamespace = null;
-
- /**
- * A boolean indicating if the claims should be consider "valid" or not based on processing
- *
- * @var bool
- */
- protected $_isValid = true;
-
- /**
- * The error message if any
- *
- * @var string
- */
- protected $_error = "";
-
- /**
- * An array of claims taken from the information card
- *
- * @var array
- */
- protected $_claims;
-
- /**
- * The result code of processing the information card as defined by the constants of this class
- *
- * @var integer
- */
- protected $_code;
-
- /**
- * Override for the safeguard which ensures that you don't use claims which failed validation.
- * Used in situations when there was a validation error you'd like to ignore
- *
- * @return Zend_InfoCard_Claims
- */
- public function forceValid()
- {
- trigger_error("Forcing Claims to be valid although it is a security risk", E_USER_WARNING);
- $this->_isValid = true;
- return $this;
- }
-
- /**
- * Retrieve the PPI (Private Personal Identifier) associated with the information card
- *
- * @return string the private personal identifier
- */
- public function getCardID()
- {
- return $this->getClaim('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier');
- }
-
- /**
- * Retrieves the default namespace used in this information card. If a default namespace was not
- * set, it figures out which one to consider 'default' by taking the first namespace sorted by use-count
- * in claims
- *
- * @throws Exception
- * @return string The default namespace
- */
- public function getDefaultNamespace()
- {
-
- if(is_null($this->_defaultNamespace)) {
-
- $namespaces = array();
- $leader = '';
- foreach($this->_claims as $claim) {
-
- if(!isset($namespaces[$claim['namespace']])) {
- $namespaces[$claim['namespace']] = 1;
- } else {
- $namespaces[$claim['namespace']]++;
- }
-
- if(empty($leader) || ($namespaces[$claim['namespace']] > $leader)) {
- $leader = $claim['namespace'];
- }
- }
-
- if(empty($leader)) {
- throw new Exception("Failed to determine default namespace");
- }
-
- $this->setDefaultNamespace($leader);
- }
-
- return $this->_defaultNamespace;
- }
-
- /**
- * Set the default namespace, overriding any existing default
- *
- * @throws Exception
- * @param string $namespace The default namespace to use
- * @return Zend_InfoCard_Claims
- */
- public function setDefaultNamespace($namespace)
- {
-
- foreach($this->_claims as $claim) {
- if($namespace == $claim['namespace']) {
- $this->_defaultNamespace = $namespace;
- return $this;
- }
- }
-
- throw new Exception("At least one claim must exist in specified namespace to make it the default namespace");
- }
-
- /**
- * Indicates if this claim object contains validated claims or not
- *
- * @return bool
- */
- public function isValid()
- {
- return $this->_isValid;
- }
-
- /**
- * Set the error message contained within the claims object
- *
- * @param string $error The error message
- * @return Zend_InfoCard_Claims
- */
- public function setError($error)
- {
- $this->_error = $error;
- $this->_isValid = false;
- return $this;
- }
-
- /**
- * Retrieve the error message contained within the claims object
- *
- * @return string The error message
- */
- public function getErrorMsg()
- {
- return $this->_error;
- }
-
- /**
- * Set the claims for the claims object. Can only be set once and is done
- * by the component itself. Internal use only.
- *
- * @throws Exception
- * @param array $claims
- * @return Zend_InfoCard_Claims
- */
- public function setClaims(Array $claims)
- {
- if(!is_null($this->_claims)) {
- throw new Exception("Claim objects are read-only");
- }
-
- $this->_claims = $claims;
- return $this;
- }
-
- /**
- * Set the result code of the claims object.
- *
- * @throws Exception
- * @param int $code The result code
- * @return Zend_InfoCard_Claims
- */
- public function setCode($code)
- {
- switch($code) {
- case self::RESULT_PROCESSING_FAILURE:
- case self::RESULT_SUCCESS:
- case self::RESULT_VALIDATION_FAILURE:
- $this->_code = $code;
- return $this;
- }
-
- throw new Exception("Attempted to set unknown error code");
- }
-
- /**
- * Gets the result code of the claims object
- *
- * @return integer The result code
- */
- public function getCode()
- {
- return $this->_code;
- }
-
- /**
- * Get a claim by providing its complete claim URI
- *
- * @param string $claimURI The complete claim URI to retrieve
- * @return mixed The claim matching that specific URI or null if not found
- */
- public function getClaim($claimURI)
- {
- if($this->claimExists($claimURI)) {
- return $this->_claims[$claimURI]['value'];
- }
-
- return null;
- }
-
- /**
- * Indicates if a specific claim URI exists or not within the object
- *
- * @param string $claimURI The complete claim URI to check
- * @return bool true if the claim exists, false if not found
- */
- public function claimExists($claimURI)
- {
- return isset($this->_claims[$claimURI]);
- }
-
- /**
- * Magic helper function
- * @throws Exception
- */
- public function __unset($k)
- {
- throw new Exception("Claim objects are read-only");
- }
-
- /**
- * Magic helper function
- */
- public function __isset($k)
- {
- return $this->claimExists("{$this->getDefaultNamespace()}/$k");
- }
-
- /**
- * Magic helper function
- */
- public function __get($k)
- {
- return $this->getClaim("{$this->getDefaultNamespace()}/$k");
- }
-
- /**
- * Magic helper function
- * @throws Exception
- */
- public function __set($k, $v)
- {
- throw new Exception("Claim objects are read-only");
- }
-}
diff --git a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Assertion_Saml.php b/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Assertion_Saml.php
deleted file mode 100644
index b82d63603..000000000
--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Assertion_Saml.php
+++ /dev/null
@@ -1,272 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Saml.php 9094 2008-03-30 18:36:55Z thomas $
- */
-
-/**
- * A Xml Assertion Document in SAML Token format
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- */
-class Zend_InfoCard_Xml_Assertion_Saml extends SimpleXMLElement
-{
-
- /**
- * Audience Restriction Condition
- */
- const CONDITION_AUDIENCE = 'AudienceRestrictionCondition';
-
- /**
- * The URI for a 'bearer' confirmation
- */
- const CONFIRMATION_BEARER = 'urn:oasis:names:tc:SAML:1.0:cm:bearer';
-
- /**
- * The amount of time in seconds to buffer when checking conditions to ensure
- * that differences between client/server clocks don't interfer too much
- */
- const CONDITION_TIME_ADJ = 3600; // +- 5 minutes
-
- protected function _getServerName() {
- return $_SERVER['SERVER_NAME'];
- }
-
- protected function _getServerPort() {
- return $_SERVER['SERVER_PORT'];
- }
-
- /**
- * Validate the conditions array returned from the getConditions() call
- *
- * @param array $conditions An array of condtions for the assertion taken from getConditions()
- * @return mixed Boolean true on success, an array of condition, error message on failure
- */
- public function validateConditions(Array $conditions)
- {
-
- $currentTime = time();
-
- if(!empty($conditions)) {
-
- foreach($conditions as $condition => $conditionValue) {
- switch(strtolower($condition)) {
- case 'audiencerestrictioncondition':
-
- $serverName = $this->_getServerName();
- $serverPort = $this->_getServerPort();
-
- $self_aliases[] = $serverName;
- $self_aliases[] = "{{$serverName}:{$serverPort}";
-
- $found = false;
- if(is_array($conditionValue)) {
- foreach($conditionValue as $audience) {
-
- list(,,$audience) = explode('/', $audience);
- if(in_array($audience, $self_aliases)) {
- $found = true;
- break;
- }
- }
- }
-
- if(!$found) {
- return array($condition, 'Could not find self in allowed audience list');
- }
-
- break;
- case 'notbefore':
- $notbeforetime = strtotime($conditionValue);
-
- if($currentTime < $notbeforetime) {
- if($currentTime + self::CONDITION_TIME_ADJ < $notbeforetime) {
- return array($condition, 'Current time is before specified window');
- }
- }
-
- break;
- case 'notonorafter':
- $notonoraftertime = strtotime($conditionValue);
-
- if($currentTime >= $notonoraftertime) {
- if($currentTime - self::CONDITION_TIME_ADJ >= $notonoraftertime) {
- return array($condition, 'Current time is after specified window');
- }
- }
-
- break;
-
- }
- }
- }
- return true;
- }
-
- /**
- * Get the Assertion URI for this type of Assertion
- *
- * @return string the Assertion URI
- */
- public function getAssertionURI()
- {
- return Zend_InfoCard_Xml_Assertion::TYPE_SAML;
- }
-
- /**
- * Get the Major Version of the SAML Assertion
- *
- * @return integer The major version number
- */
- public function getMajorVersion()
- {
- return (int)(string)$this['MajorVersion'];
- }
-
- /**
- * The Minor Version of the SAML Assertion
- *
- * @return integer The minor version number
- */
- public function getMinorVersion()
- {
- return (int)(string)$this['MinorVersion'];
- }
-
- /**
- * Get the Assertion ID of the assertion
- *
- * @return string The Assertion ID
- */
- public function getAssertionID()
- {
- return (string)$this['AssertionID'];
- }
-
- /**
- * Get the Issuer URI of the assertion
- *
- * @return string the URI of the assertion Issuer
- */
- public function getIssuer()
- {
- return (string)$this['Issuer'];
- }
-
- /**
- * Get the Timestamp of when the assertion was issued
- *
- * @return integer a UNIX timestamp representing when the assertion was issued
- */
- public function getIssuedTimestamp()
- {
- return strtotime((string)$this['IssueInstant']);
- }
-
- /**
- * Return an array of conditions which the assertions are predicated on
- *
- * @throws Exception
- * @return array an array of conditions
- */
- public function getConditions()
- {
-
- list($conditions) = $this->xpath("//saml:Conditions");
-
- if(!($conditions instanceof SimpleXMLElement)) {
- throw new Exception("Unable to find the saml:Conditions block");
- }
-
- $retval = array();
-
- foreach($conditions->children('urn:oasis:names:tc:SAML:1.0:assertion') as $key => $value) {
- switch($key) {
- case self::CONDITION_AUDIENCE:
- foreach($value->children('urn:oasis:names:tc:SAML:1.0:assertion') as $audience_key => $audience_value) {
- if($audience_key == 'Audience') {
- $retval[$key][] = (string)$audience_value;
- }
- }
- break;
- }
- }
-
- $retval['NotBefore'] = (string)$conditions['NotBefore'];
- $retval['NotOnOrAfter'] = (string)$conditions['NotOnOrAfter'];
-
- return $retval;
- }
-
- /**
- * Get they KeyInfo element for the Subject KeyInfo block
- *
- * @todo Not Yet Implemented
- * @ignore
- */
- public function getSubjectKeyInfo()
- {
- /**
- * @todo Not sure if this is part of the scope for now..
- */
-
- if($this->getConfirmationMethod() == self::CONFIRMATION_BEARER) {
- throw new Exception("Cannot get Subject Key Info when Confirmation Method was Bearer");
- }
- }
-
- /**
- * Return the Confirmation Method URI used in the Assertion
- *
- * @return string The confirmation method URI
- */
- public function getConfirmationMethod()
- {
- list($confirmation) = $this->xPath("//saml:ConfirmationMethod");
- return (string)$confirmation;
- }
-
- /**
- * Return an array of attributes (claims) contained within the assertion
- *
- * @return array An array of attributes / claims within the assertion
- */
- public function getAttributes()
- {
- $attributes = $this->xPath('//saml:Attribute');
-
- $retval = array();
- foreach($attributes as $key => $value) {
-
- $retkey = (string)$value['AttributeNamespace'].'/'.(string)$value['AttributeName'];
-
- $retval[$retkey]['name'] = (string)$value['AttributeName'];
- $retval[$retkey]['namespace'] = (string)$value['AttributeNamespace'];
-
- list($aValue) = $value->children('urn:oasis:names:tc:SAML:1.0:assertion');
- $retval[$retkey]['value'] = (string)$aValue;
- }
-
- return $retval;
- }
-}
diff --git a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security.php b/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security.php
deleted file mode 100644
index 23c1485af..000000000
--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security.php
+++ /dev/null
@@ -1,326 +0,0 @@
-<?php
-/*
-* COAUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 22-DEC-08
-* DESCRIPTION: modified validatexmlsignature
-*/
-
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Security.php 9094 2008-03-30 18:36:55Z thomas $
- */
-
-/**
- * Zend_InfoCard_Xml_Security_Transform
- */
-require_once 'Zend_InfoCard_Xml_Security_Transform.php';
-
-/**
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- */
-
-/*
-* ĂšLTIMA REVISIĂ“N: 4-DEC-2008
-*/
-
-class Zend_InfoCard_Xml_Security
-{
- /**
- * ASN.1 type INTEGER class
- */
- const ASN_TYPE_INTEGER = 0x02;
-
- /**
- * ASN.1 type BIT STRING class
- */
- const ASN_TYPE_BITSTRING = 0x03;
-
- /**
- * ASN.1 type SEQUENCE class
- */
- const ASN_TYPE_SEQUENCE = 0x30;
-
- /**
- * The URI for Canonical Method C14N Exclusive
- */
- const CANONICAL_METHOD_C14N_EXC = 'http://www.w3.org/2001/10/xml-exc-c14n#';
-
- /**
- * The URI for Signature Method SHA1
- */
- const SIGNATURE_METHOD_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
-
- /**
- * The URI for Digest Method SHA1
- */
- const DIGEST_METHOD_SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1';
-
- /**
- * The Identifier for RSA Keys
- */
- const RSA_KEY_IDENTIFIER = '300D06092A864886F70D0101010500';
-
- /**
- * Constructor (disabled)
- *
- * @return void
- */
- private function __construct()
- {
- }
-
- /**
- * Validates the signature of a provided XML block
- *
- * @param string $strXMLInput An XML block containing a Signature
- * @return bool True if the signature validated, false otherwise
- * @throws Exception
- */
-
-
-static public function validateXMLSignature($strXMLInput, $sts_crt=NULL){
- if(!extension_loaded('openssl')) {
- throw new Exception("You must have the openssl extension installed to use this class");
- }
-
- $sxe = simplexml_load_string($strXMLInput);
-
- if ($sts_crt != NULL){
- $sxe->registerXPathNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
- list($keyValue) = $sxe->xpath("//ds:Signature/ds:KeyInfo");
- $keyValue->registerXPathNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
- list($x509cert) = $keyValue->xpath("ds:X509Data/ds:X509Certificate");
- list($rsaKeyValue) = $keyValue->xpath("ds:KeyValue/ds:RSAKeyValue");
- //Extract the XMLToken issuer public key
- switch(true) {
- case isset($x509cert):
- SimpleSAML_Logger::debug("Public Key: x509cert");
- $certificate = (string)$x509cert;
- $cert_issuer = "-----BEGIN CERTIFICATE-----\n".wordwrap($certificate, 64, "\n", true)."\n-----END CERTIFICATE-----";
- if (!$t_key = openssl_pkey_get_public($cert_issuer)) {
- throw new Exception("Wrong token certificate");
- }
- $t_det = openssl_pkey_get_details($t_key);
- $pem_issuer = $t_det['key'];
- break;
- case isset($rsaKeyValue):
- $rsaKeyValue->registerXPathNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
- list($modulus) = $rsaKeyValue->xpath("ds:Modulus");
- list($exponent) = $rsaKeyValue->xpath("ds:Exponent");
- if(!isset($modulus) || !isset($exponent)) {
- throw new Exception("RSA Key Value not in Modulus/Exponent form");
- }
- $modulus = base64_decode((string)$modulus);
- $exponent = base64_decode((string)$exponent);
- $pem_issuer = self::_getPublicKeyFromModExp($modulus, $exponent);
- break;
- default:
- SimpleSAML_Logger::debug("Public Key: Unknown");
- throw new Exception("Unable to determine or unsupported representation of the KeyValue block");
- }
-
- //Check isuer public key against configured one
- $checkcert = file_get_contents($sts_crt);
- $check_key = openssl_pkey_get_public($checkcert);
- $checkData = openssl_pkey_get_details($check_key);
- $pem_local = $checkData['key'];
-
- if ( strcmp($pem_issuer,$pem_local)!=0 ) {
- SimpleSAML_Logger::debug("Configured STS cert and received STS cert mismatch");
- openssl_free_key($check_key);
- throw new Exception("Configured STS cert and received STS cert mismatch");
- }
-
- //Validate XML signature
-
- $sxe->registerXPathNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
-
- list($canonMethod) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:CanonicalizationMethod");
- switch((string)$canonMethod['Algorithm']) {
- case self::CANONICAL_METHOD_C14N_EXC:
- $cMethod = (string)$canonMethod['Algorithm'];
- break;
- default:
- throw new Exception("Unknown or unsupported CanonicalizationMethod Requested");
- }
-
- list($signatureMethod) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:SignatureMethod");
- switch((string)$signatureMethod['Algorithm']) {
- case self::SIGNATURE_METHOD_SHA1:
- $sMethod = (string)$signatureMethod['Algorithm'];
- break;
- default:
- throw new Exception("Unknown or unsupported SignatureMethod Requested");
- }
-
- list($digestMethod) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestMethod");
- switch((string)$digestMethod['Algorithm']) {
- case self::DIGEST_METHOD_SHA1:
- $dMethod = (string)$digestMethod['Algorithm'];
- break;
- default:
- throw new Exception("Unknown or unsupported DigestMethod Requested");
- }
-
- $base64DecodeSupportsStrictParam = version_compare(PHP_VERSION, '5.2.0', '>=');
-
- list($digestValue) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestValue");
- if ($base64DecodeSupportsStrictParam) {
- $dValue = base64_decode((string)$digestValue, true);
- } else {
- $dValue = base64_decode((string)$digestValue);
- }
-
-
- list($signatureValueElem) = $sxe->xpath("//ds:Signature/ds:SignatureValue");
- if ($base64DecodeSupportsStrictParam) {
- $signatureValue = base64_decode((string)$signatureValueElem, true);
- } else {
- $signatureValue = base64_decode((string)$signatureValueElem);
- }
-
- $transformer = new Zend_InfoCard_Xml_Security_Transform();
-
- $transforms = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:Reference/ds:Transforms/ds:Transform");
- while(list( , $transform) = each($transforms)) {
- $transformer->addTransform((string)$transform['Algorithm']);
- }
- $transformed_xml = $transformer->applyTransforms($strXMLInput);
- $transformed_xml_binhash = pack("H*", sha1($transformed_xml));
- if($transformed_xml_binhash != $dValue) {
- throw new Exception("Locally Transformed XML (".$transformed_xml_binhash.") does not match XML Document (".$dValue."). Cannot Verify Signature");
- }
-
- $transformer = new Zend_InfoCard_Xml_Security_Transform();
- $transformer->addTransform((string)$canonMethod['Algorithm']);
- list($signedInfo) = $sxe->xpath("//ds:Signature/ds:SignedInfo");
- //SimpleSAML_Logger::debug
- //print ("signedinfo ".$sxe->saveXML());
- $signedInfoXML = self::addNamespace($signedInfo, "http://www.w3.org/2000/09/xmldsig#");
- SimpleSAML_Logger::debug("canonicalizo ".$signedInfoXML);
- $canonical_signedinfo = $transformer->applyTransforms($signedInfoXML);
- if (openssl_verify($canonical_signedinfo,$signatureValue,$check_key)) {
- list($reference) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:Reference");
- openssl_free_key($check_key);
- return (string)$reference['URI'];
- } else {
- openssl_free_key($check_key);
- throw new Exception("Could not validate the XML signature");
- }
- } else {
- $sxe->registerXPathNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
- list($reference) = $sxe->xpath("//ds:Signature/ds:SignedInfo/ds:Reference");
- return (string)$reference['URI'];
- }
- return false;
-}
-
-
- private function addNamespace($xmlElem, $ns) {
- $schema = '.*<[^<]*SignedInfo[^>]*'.$ns.'.*>.*';
- $pattern='/\//';
- $replacement='\/';
- $nspattern= '/'.preg_replace($pattern,$replacement,$schema).'/';
- if (preg_match($nspattern,$xmlElem->asXML())>0){ //M$ Cardspaces
- $xml = $xmlElem->asXML();
- }
- else { //Digitalme
- $xmlElem->addAttribute('DS_NS', $ns);
- $xml = $xmlElem->asXML();
- if(preg_match("/<(\w+)\:\w+/", $xml, $matches)) {
- $prefix = $matches[1];
- $xml = str_replace("DS_NS", "xmlns:" . $prefix, $xml);
- }
- else {
- $xml = str_replace("DS_NS", "xmlns", $xml);
- }
- }
- return $xml;
- }
-
- /**
- * Transform an RSA Key in Modulus/Exponent format into a PEM encoding and
- * return an openssl resource for it
- *
- * @param string $modulus The RSA Modulus in binary format
- * @param string $exponent The RSA exponent in binary format
- * @return string The PEM encoded version of the key
- */
- static protected function _getPublicKeyFromModExp($modulus, $exponent)
- {
- $modulusInteger = self::_encodeValue($modulus, self::ASN_TYPE_INTEGER);
- $exponentInteger = self::_encodeValue($exponent, self::ASN_TYPE_INTEGER);
- $modExpSequence = self::_encodeValue($modulusInteger . $exponentInteger, self::ASN_TYPE_SEQUENCE);
- $modExpBitString = self::_encodeValue($modExpSequence, self::ASN_TYPE_BITSTRING);
-
- $binRsaKeyIdentifier = pack( "H*", self::RSA_KEY_IDENTIFIER );
-
- $publicKeySequence = self::_encodeValue($binRsaKeyIdentifier . $modExpBitString, self::ASN_TYPE_SEQUENCE);
-
- $publicKeyInfoBase64 = base64_encode( $publicKeySequence );
-
- $publicKeyString = "-----BEGIN PUBLIC KEY-----\n";
- $publicKeyString .= wordwrap($publicKeyInfoBase64, 64, "\n", true);
- $publicKeyString .= "\n-----END PUBLIC KEY-----\n";
-
- return $publicKeyString;
- }
-
- /**
- * Encode a limited set of data types into ASN.1 encoding format
- * which is used in X.509 certificates
- *
- * @param string $data The data to encode
- * @param const $type The encoding format constant
- * @return string The encoded value
- * @throws Exception
- */
- static protected function _encodeValue($data, $type)
- {
- // Null pad some data when we get it (integer values > 128 and bitstrings)
- if( (($type == self::ASN_TYPE_INTEGER) && (ord($data) > 0x7f)) ||
- ($type == self::ASN_TYPE_BITSTRING)) {
- $data = "\0$data";
- }
-
- $len = strlen($data);
-
- // encode the value based on length of the string
- // I'm fairly confident that this is by no means a complete implementation
- // but it is enough for our purposes
- switch(true) {
- case ($len < 128):
- return sprintf("%c%c%s", $type, $len, $data);
- case ($len < 0x0100):
- return sprintf("%c%c%c%s", $type, 0x81, $len, $data);
- case ($len < 0x010000):
- return sprintf("%c%c%c%c%s", $type, 0x82, $len / 0x0100, $len % 0x0100, $data);
- default:
- throw new Exception("Could not encode value");
- }
-
- throw new Exception("Invalid code path");
- }
-}
diff --git a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform.php b/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform.php
deleted file mode 100644
index d96bd216d..000000000
--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform.php
+++ /dev/null
@@ -1,113 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Transform.php 9094 2008-03-30 18:36:55Z thomas $
- */
-
-require_once 'Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature.php';
-require_once 'Zend_InfoCard_Xml_Security_Transform_XmlExcC14N.php';
-
-/**
- * A class to create a transform rule set based on XML URIs and then apply those rules
- * in the correct order to a given XML input
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- */
-class Zend_InfoCard_Xml_Security_Transform
-{
- /**
- * A list of transforms to apply
- *
- * @var array
- */
- protected $_transformList = array();
-
- /**
- * Returns the name of the transform class based on a given URI
- *
- * @throws Exception
- * @param string $uri The transform URI
- * @return string The transform implementation class name
- */
- protected function _findClassbyURI($uri)
- {
- switch($uri) {
- case 'http://www.w3.org/2000/09/xmldsig#enveloped-signature':
- return 'Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature';
- case 'http://www.w3.org/2001/10/xml-exc-c14n#':
- return 'Zend_InfoCard_Xml_Security_Transform_XmlExcC14N';
- default:
- SimpleSAML_Logger::debug("Unknown or Unsupported Transformation Requested");
- }
- }
-
- /**
- * Add a Transform URI to the list of transforms to perform
- *
- * @param string $uri The Transform URI
- * @return Zend_InfoCard_Xml_Security_Transform
- */
- public function addTransform($uri)
- {
- $class = $this->_findClassbyURI($uri);
-
- $this->_transformList[] = array('uri' => $uri,
- 'class' => $class);
- return $this;
- }
-
- /**
- * Return the list of transforms to perform
- *
- * @return array The list of transforms
- */
- public function getTransformList()
- {
- return $this->_transformList;
- }
-
- /**
- * Apply the transforms in the transform list to the input XML document
- *
- * @param string $strXmlDocument The input XML
- * @return string The XML after the transformations have been applied
- */
- public function applyTransforms($strXmlDocument)
- {
- $transformer = null;
- foreach($this->_transformList as $transform) {
- switch($transform['class']) {
- case 'Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature':
- $transformer = new Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature();
- break;
- case 'Zend_InfoCard_Xml_Security_Transform_XmlExcC14N':
- $transformer = new Zend_InfoCard_Xml_Security_Transform_XmlExcC14N();
- break;
- }
-
- $strXmlDocument = $transformer->transform($strXmlDocument);
- }
-
- return $strXmlDocument;
- }
-}
diff --git a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature.php b/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature.php
deleted file mode 100644
index 42d2f126b..000000000
--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: EnvelopedSignature.php 9094 2008-03-30 18:36:55Z thomas $
- */
-
-/**
- * A object implementing the EnvelopedSignature XML Transform
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- */
-class Zend_InfoCard_Xml_Security_Transform_EnvelopedSignature
-{
- /**
- * Transforms the XML Document according to the EnvelopedSignature Transform
- *
- * @throws Exception
- * @param string $strXMLData The input XML data
- * @return string the transformed XML data
- */
- public function transform($strXMLData)
- {
- $sxe = simplexml_load_string($strXMLData);
- $sxe->registerXPathNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
-
- list($signature) = $sxe->xpath("//ds:Signature");
- if(!isset($signature)) {
- SimpleSAML_Logger::debug("Unable to locate Signature Block for EnvelopedSignature Transform");
- }
-
- $transformed_xml = str_replace($signature->asXML(), "", $sxe->asXML());
-
- return $transformed_xml;
- }
-}
diff --git a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_XmlExcC14N.php b/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_XmlExcC14N.php
deleted file mode 100644
index 574907f18..000000000
--- a/modules/InfoCard/lib/RP/Zend_InfoCard_Xml_Security_Transform_XmlExcC14N.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: XmlExcC14N.php 9094 2008-03-30 18:36:55Z thomas $
- */
-
-/**
- * A Transform to perform C14n XML Exclusive Canonicalization
- *
- * @category Zend
- * @package Zend_InfoCard
- * @subpackage Zend_InfoCard_Xml_Security
- * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
- */
-class Zend_InfoCard_Xml_Security_Transform_XmlExcC14N
-{
- /**
- * Transform the input XML based on C14n XML Exclusive Canonicalization rules
- *
- * @throws Exception
- * @param string $strXMLData The input XML
- * @return string The output XML
- */
- public function transform($strXMLData)
- {
-
- $dom = new DOMDocument();
- $dom->loadXML($strXMLData);
- if ($strXMLData==NULL) SimpleSAML_Logger::debug("NOXML: ".$dom->saveXML());
- else SimpleSAML_Logger::debug("XMLcan: ".$dom->saveXML());
-
- if(method_exists($dom, 'C14N')) {
- return $dom->C14N(true, false);
- }
- SimpleSAML_Logger::debug("This transform requires the C14N() method to exist in the DOM extension");
- throw new Exception('This transform requires the C14N() method to exist in the DOM extension');
- }
-}
diff --git a/modules/InfoCard/lib/STS.php b/modules/InfoCard/lib/STS.php
deleted file mode 100644
index 4f14c8555..000000000
--- a/modules/InfoCard/lib/STS.php
+++ /dev/null
@@ -1,382 +0,0 @@
-<?php
-/*
-* COAUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION: Things the STS can do
-* - InfoCard issue
-* - Error response (if the user send us wrong credentials)
-* - Request Security Token Response
-*/
-
-class sspmod_InfoCard_STS {
-
-
-/*
-* USED IN: www/getcardform.php
-* INPUT: data and configuration
-* OUTPUT; a custom error message for the identity selector
-*/
- static public function createCard($ICdata,$ICconfig) {
-
- $infocardbuf = '<Object Id="IC01" xmlns="http://www.w3.org/2000/09/xmldsig#">';
- $infocardbuf .= '<InformationCard xml:lang="en-us" xmlns="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">';
-
- //cardId
- $infocardbuf .= '<InformationCardReference>';
- $infocardbuf .= '<CardId>'.$ICdata['CardId'].'</CardId>'; //xs:anyURI cardId (="$cardurl/$ppid"; $ppid = "$uname-" . time();)
- $infocardbuf .= '<CardVersion>1</CardVersion>'; //xs:unsignedInt
- $infocardbuf .= '</InformationCardReference>';
-
- //cardName
- $infocardbuf .= '<CardName>'.$ICdata['CardName'].'</CardName>';
-
- //image
- $infocardbuf .= '<CardImage MimeType="'.mime_content_type($ICdata['CardImage']).'">';
- $infocardbuf .= base64_encode(file_get_contents($ICdata['CardImage']));
- $infocardbuf .= '</CardImage>';
-
- //issuer - times
- $infocardbuf .= '<Issuer>'.$ICconfig['InfoCard']['issuer'].'</Issuer>';
- $infocardbuf .= '<TimeIssued>'.gmdate('Y-m-d').'T'.gmdate('H:i:s').'Z'.'</TimeIssued>';
- $infocardbuf .= '<TimeExpires>'.$ICdata['TimeExpires'].'</TimeExpires>';
-
- //Token Service List
- $infocardbuf .= '<TokenServiceList>';
- $infocardbuf .= '<TokenService>';
- $infocardbuf .= '<wsa:EndpointReference>';
- $infocardbuf .= '<wsa:Address>'.$ICconfig['tokenserviceurl'].'</wsa:Address>';
- $infocardbuf .= '<wsa:Metadata>';
- $infocardbuf .= '<wsx:Metadata>';
- $infocardbuf .= '<wsx:MetadataSection>';
- $infocardbuf .= '<wsx:MetadataReference>';
- $infocardbuf .= '<wsa:Address>'.$ICconfig['mexurl'].'</wsa:Address>';
- $infocardbuf .= '</wsx:MetadataReference>';
- $infocardbuf .= '</wsx:MetadataSection>';
- $infocardbuf .= '</wsx:Metadata>';
- $infocardbuf .= '</wsa:Metadata>';
- $infocardbuf .= '</wsa:EndpointReference>';
-
-
-
- /*Types of User Credentials
- * Supported: UsernamePasswordCredential, SelfIssuedCredential
- * Unsupported: KerberosV5Credential, X509V3Credential
- */
- $infocardbuf .= '<UserCredential>';
- $infocardbuf .= '<DisplayCredentialHint>'.$ICdata['DisplayCredentialHint'].'</DisplayCredentialHint>';
- switch($ICconfig['UserCredential']){
- case 'UsernamePasswordCredential':
- $infocardbuf .= '<UsernamePasswordCredential>';
- $infocardbuf .= '<Username>'.$ICdata['UserName'].'</Username>';
- $infocardbuf .= '</UsernamePasswordCredential>';
- break;
- case 'KerberosV5Credential':
- $infocardbuf .= '<KerberosV5Credential/>';
- break;
- case 'X509V3Credential':
- $infocardbuf .= '<X509V3Credential>';
- $infocardbuf .= '<ds:X509Data>';
- $infocardbuf .= '<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/xx/oasis-2004xx-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-soap-message-security-1.0#Base64Binary">';
- /*This element provides a key identifier for the X.509 certificate based on the SHA1 hash
- of the entire certificate content expressed as a “thumbprint.” Note that the extensibility
- point in the ds:X509Data element is used to add wsse:KeyIdentifier as a child
- element.*/
- $infocardbuf .= $ICdata['KeyIdentifier']; //xs:base64binary;
- $infocardbuf .= '</wsse:KeyIdentifier>';
- $infocardbuf .= '</ds:X509Data>';
- $infocardbuf .= '</X509V3Credential>';
- break;
- case 'SelfIssuedCredential':
- $infocardbuf .= '<SelfIssuedCredential>';
- $infocardbuf .= '<PrivatePersonalIdentifier>';
- $infocardbuf .= $ICdata['PPID']; //xs:base64binary;
- $infocardbuf .= '</PrivatePersonalIdentifier>';
- $infocardbuf .= '</SelfIssuedCredential> ';
- break;
- default:
- break;
- }
- $infocardbuf .= '</UserCredential>';
-
- $infocardbuf .= '</TokenService>';
- $infocardbuf .= '</TokenServiceList>';
-
-
- //Tokentype
- $infocardbuf .= '<SupportedTokenTypeList>';
- $infocardbuf .= '<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType>';
- $infocardbuf .= '</SupportedTokenTypeList>';
-
- //Claims
- $infocardbuf .= '<SupportedClaimTypeList>';
- $url = $ICconfig['InfoCard']['schema'].'/claims/';
- foreach ($ICconfig['InfoCard']['requiredClaims'] as $claim=>$data) {
- $infocardbuf .= '<SupportedClaimType Uri="'.$url.$claim.'">';
- $infocardbuf .= '<DisplayTag>'.$data['displayTag'].'</DisplayTag>';
- $infocardbuf .= '<Description>'.$data['description'].'</Description>';
- $infocardbuf .= '</SupportedClaimType>';
- }
- foreach ($ICconfig['InfoCard']['optionalClaims'] as $claim=>$data) {
- $infocardbuf .= '<SupportedClaimType Uri="'.$url.$claim.'">';
- $infocardbuf .= '<DisplayTag>'.$data['displayTag'].'</DisplayTag>';
- $infocardbuf .= '<Description>'.$data['description'].'</Description>';
- $infocardbuf .= '</SupportedClaimType>';
- }
- $infocardbuf .= '</SupportedClaimTypeList>';
-
- //Privacy URL
- $infocardbuf .= '<PrivacyNotice>'.$ICconfig['InfoCard']['privacyURL'].'</PrivacyNotice>';
-
- $infocardbuf .= '</InformationCard>';
- $infocardbuf .= '</Object>';
-
-
- $canonicalbuf = sspmod_InfoCard_Utils::canonicalize($infocardbuf);
-
- //construct a SignedInfo block
- $signedinfo = '<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">';
- $signedinfo .= '<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>';
- $signedinfo .= '<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>';
- $signedinfo .= '<Reference URI="#IC01">';
- $signedinfo .= '<Transforms>';
- $signedinfo .= '<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>';
- $signedinfo .= '</Transforms>';
- $signedinfo .= '<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>';
- $signedinfo .= '<DigestValue>'.base64_encode(sha1($canonicalbuf, TRUE)).'</DigestValue>';
- $signedinfo .= '</Reference>';
- $signedinfo .= '</SignedInfo>';
-
- $canonicalbuf = sspmod_InfoCard_Utils::canonicalize($signedinfo);
-
- $signature = '';
- $privkey = openssl_pkey_get_private(file_get_contents($ICconfig['sts_key']));
- openssl_sign($canonicalbuf, $signature, $privkey);
- openssl_free_key($privkey);
- $infocard_signature = base64_encode($signature);
-
- //Envelope
- $buf = '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">';
- $buf .= $signedinfo;
- $buf .= '<SignatureValue>'.$infocard_signature.'</SignatureValue>';
- $buf .= '<KeyInfo>';
- $buf .= '<X509Data>';
- // signing certificate(s)
- foreach ($ICconfig['certificates'] as $idx=>$cert)
- $buf .= '<X509Certificate>'.sspmod_InfoCard_Utils::takeCert($cert).'</X509Certificate>';
- $buf .= '</X509Data>';
- $buf .= '</KeyInfo>';
- $buf .= $infocardbuf;
- $buf .= '</Signature>';
-
- return $buf;
- }
-
-
-
-
-/*
-* USED IN: www/tokenservice.php
-* INPUT: error message, uuid of the RST
-* OUTPUT; a custom error message for the identity selector
-*/
- static public function errorMessage($msg,$relatesto){
- $buf = '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">';
- $buf .= '<s:Header>';
- $buf .= '<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>';
- $buf .= '<a:RelatesTo>'.$relatesto.'</a:RelatesTo>';
- $buf .= '</s:Header>';
- $buf .= '<s:Body>';
- $buf .= '<s:Fault>';
- $buf .= '<s:Code>';
- $buf .= '<s:Value xmlns:a="http://www.w3.org/2003/05/soap-envelope">';
- $buf .= 'a:Sender';
- $buf .= '</s:Value>';
- $buf .= '<s:Subcode>';
- $buf .= '<s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/05/identity">';
- $buf .= 'a:MissingAppliesTo';
- $buf .= '</s:Value>';
- $buf .= '</s:Subcode>';
- $buf .= '</s:Code>';
- $buf .= '<s:Reason>';
- $buf .= '<s:Text xml:lang="en">';
- $buf .= $msg;
- $buf .= '</s:Text>';
- $buf .= '</s:Reason>';
- $buf .= '</s:Fault>';
- $buf .= '</s:Body>';
- $buf .= '</s:Envelope>';
- return $buf;
- }
-
-
-
-/*
-* USED IN: www/tokenservice.php
-* INPUT: claims value, configuration, uuid of the RST
-* OUTPUT; a security token for the identity selector
-*/
- static public function createToken($claimValues,$config,$relatesto){
- $assertionid = uniqid('uuid-');
- $created = gmdate('Y-m-d').'T'.gmdate('H:i:s').'Z';
- $expires = gmdate('Y-m-d', time()+3600).'T'.gmdate('H:i:s', time()+3600).'Z';
-
-
- //SOAP ENVELOPE
- $env = '<?xml version="1.0"?>';
- $env .= '<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:xenc="http://www.w3.org/2001/04/xmlenc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">';
-
- $env .= '<S:Header>';
- $env .= '<wsa:Action wsu:Id="_1">';
- $env .= 'http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue';
- $env .= '</wsa:Action>';
- $env .= '<wsa:RelatesTo wsu:Id="_2">';
- $env .= $relatesto;
- $env .= '</wsa:RelatesTo>';
- $env .= '<wsa:To wsu:id="_3">';
- $env .= 'http://www.w3.org/2005/08/addressing/anonymous';
- $env .= '</wsa:To>';
- $env .= '<wsse:Security S:mustUnderstand="1">';
- $env .= '<wsu:Timestamp wsu:Id="_6">';
- $env .= '<wsu:Created>'.$created.'</wsu:Created>';
- $env .= '<wsu:Expires>'.$expires.'</wsu:Expires>';
- $env .= '</wsu:Timestamp>';
- $env .= '</wsse:Security>';
- $env .= '</S:Header>';
-
-
- $env .= '<S:Body wsu:Id="_10">';
- //RequestSecurityTokenResponse
- $env .= sspmod_InfoCard_STS::RequestSecurityTokenResponse($claimValues,$config,$assertionid,$created,$expires);
- $env .= '</S:Body>';
- $env .= '</S:Envelope>';
-
- return $env;
- }
-
-
-
-/*
-* USED IN: createToken
-* INPUT: claims value, configuration, uuid, times
-* OUTPUT; returns the <wst:RequestSecurityTokenResponse>' of the RSTR
-*/
- static private function RequestSecurityTokenResponse ($claimValues,$config,$assertionid,$created,$expires){
- $tr = '<wst:RequestSecurityTokenResponse>';
- $tr .= '<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType>';
- $tr .= '<wst:LifeTime>';
- $tr .= '<wsu:Created>'.$created.'</wsu:Created>';
- $tr .= '<wsu:Expires>'.$expires.'</wsu:Expires>';
- $tr .= '</wst:LifeTime>';
-
- //Encrypted token: SAML assertion
- $tr .= '<wst:RequestedSecurityToken>';
- $tr .= sspmod_InfoCard_STS::saml_assertion($claimValues,$config,$assertionid,$created,$expires);
- $tr .= '</wst:RequestedSecurityToken>';
-
- //RequestedAattachedReference
- $tr .= '<wst:RequestedAttachedReference>';
- $tr .= '<wsse:SecurityTokenReference>';
- $tr .= '<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">';
- $tr .= $assertionid;
- $tr .= '</wsse:KeyIdentifier>';
- $tr .= '</wsse:SecurityTokenReference>';
- $tr .= '</wst:RequestedAttachedReference>';
-
- //RequestedUnattachedReference
- $tr .= '<wst:RequestedUnattachedReference>';
- $tr .= '<wsse:SecurityTokenReference>';
- $tr .= '<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">';
- $tr .= $assertionid;
- $tr .= '</wsse:KeyIdentifier>';
- $tr .= '</wsse:SecurityTokenReference>';
- $tr .= '</wst:RequestedUnattachedReference>';
-
- //RequestedDisplayToken
- $tr .= '<ic:RequestedDisplayToken>';
- $tr .= '<ic:DisplayToken xml:lang="en-us">';
- foreach ($claimValues as $claim=>$data) {
- $tr .= '<ic:DisplayClaim Uri="'.$config['InfoCard']['schema'].'/claims/'.$claim.'">';
- $tr .= '<ic:DisplayTag>'.$data['displayTag'].'</ic:DisplayTag>';
- $tr .= '<ic:DisplayValue>'.$data['value'].'</ic:DisplayValue>';
- $tr .= "</ic:DisplayClaim>";
- }
- $tr .= '</ic:DisplayToken>';
- $tr .= '</ic:RequestedDisplayToken>';
- $tr .= '</wst:RequestSecurityTokenResponse>';
- return $tr;
- }
-
-
-
-
-/*
-* USED IN: RequestSecurityTokenResponse
-* INPUT: claims value, configuration, uuid, times
-* OUTPUT; STS Signed SAML assertion
-*/
- static private function saml_assertion($claimValues,$config,$assertionid,$created,$expires){
- $saml = '<saml:Assertion MajorVersion="1" MinorVersion="0" AssertionID="'.$assertionid.'" Issuer="'.$config['issuer'].'" IssueInstant="'.$created.'" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">';
- $saml .= '<saml:Conditions NotBefore="'.$created.'" NotOnOrAfter="'.$expires.'" />';
- $saml .= '<saml:AttributeStatement>';
- $saml .= '<saml:Subject>';
- $saml .= '<saml:SubjectConfirmation>';
- $saml .= '<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>';
- // proof key
- $saml .= '<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">';
- $saml .= '<dsig:X509Data>';
- $saml .= '<dsig:X509Certificate>'.sspmod_InfoCard_Utils::takeCert($config['sts_crt']).'</dsig:X509Certificate>';
- $saml .= '</dsig:X509Data>';
- $saml .= '</dsig:KeyInfo>';
- $saml .= '</saml:SubjectConfirmation>';
- $saml .= '</saml:Subject>';
- foreach ($claimValues as $claim=>$data) {
- $saml .= '<saml:Attribute AttributeName="'.$claim.'" AttributeNamespace="'.$config['InfoCard']['schema'].'/claims">';
- $saml .= '<saml:AttributeValue>'.$data['value'].'</saml:AttributeValue>';
- $saml .= '</saml:Attribute>';
- }
- $saml .= '</saml:AttributeStatement>';
-
- //Pure SAML Assertion digest
- $canonicalbuf = sspmod_InfoCard_Utils::canonicalize($saml.'</saml:Assertion>');
- $myhash = sha1($canonicalbuf,TRUE);
- $samldigest = base64_encode($myhash);
-
- //Digest block
- $signedinfo = '<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" >';
- $signedinfo .= '<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />';
- $signedinfo .= '<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />';
- $signedinfo .= '<dsig:Reference URI="#'.$assertionid.'">';
- $signedinfo .= '<dsig:Transforms>';
- $signedinfo .= '<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />';
- $signedinfo .= '<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />';
- $signedinfo .= '</dsig:Transforms>';
- $signedinfo .= '<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />';
- $signedinfo .= '<dsig:DigestValue>'.$samldigest.'</dsig:DigestValue>';
- $signedinfo .= '</dsig:Reference>';
- $signedinfo .= '</dsig:SignedInfo>';
-
- //Signature of the digest
- $canonicalbuf = sspmod_InfoCard_Utils::canonicalize($signedinfo);
- $privkey = openssl_pkey_get_private(file_get_contents($config['sts_key']));
- $signature = '';
- openssl_sign($canonicalbuf, $signature, $privkey);
- openssl_free_key($privkey);
- $samlsignature = base64_encode($signature);
-
- //Signature block
- $saml .= '<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">';
- $saml .= $signedinfo;
- $saml .= '<dsig:SignatureValue>'.$samlsignature.'</dsig:SignatureValue>';
- $saml .= '<dsig:KeyInfo>';
- $saml .= '<dsig:X509Data>';
- $saml .= '<dsig:X509Certificate>'.sspmod_InfoCard_Utils::takeCert($config['sts_crt']).'</dsig:X509Certificate>';
- $saml .= '</dsig:X509Data>';
- $saml .= '</dsig:KeyInfo>';
- $saml .= '</dsig:Signature>';
- $saml .= '</saml:Assertion>';
- return $saml;
- }
-
-
-}
diff --git a/modules/InfoCard/lib/UserFunctions.php b/modules/InfoCard/lib/UserFunctions.php
deleted file mode 100644
index e9a522920..000000000
--- a/modules/InfoCard/lib/UserFunctions.php
+++ /dev/null
@@ -1,112 +0,0 @@
-<?php
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION: Functions for interconecting the system with your data model.
-* Edit this functions to fit your needs
-*/
-
-class sspmod_InfoCard_UserFunctions {
-
-
- /* Called by www/getinfocard.php and tokenservice.php
- * INPUT: credencial data (array), and type of credential
- * OUTPUT: true if the data is correct or false in other case
- */
- static public function validateUser($credential,$type){
- $status=false;
- switch($type){
- case 'UsernamePasswordCredential':
- if( (strcmp($credential['username'],'usuario')==0) && (strcmp($credential['password'],'clave')==0) )
- $status=true;
- break;
- case 'KerberosV5Credential':
- break;
- case 'X509V3Credential':
- break;
- case 'SelfIssuedCredential':
- //$credential['PPID']
- $status = true;
- break;
- default:
- break;
- }
- if (!$pass==NULL){ //Username/Password credentials
-
- }else { //PPID credential
- }
- return $status;
- }
-
-
-
- /* Called by www/tokenservice.php
- * INPUT: username, configured required claims, configured optional claims and requested claims
- * OUTPUT: array of claims wiht value and display tag.
- */
- static public function fillClaims($user, $configuredRequiredClaims, $configuredOptionalClaims, $requiredClaims){
- $claimValues = array();
- foreach ($requiredClaims as $claim){
- if (array_key_exists($claim,$configuredRequiredClaims) ){
- //The claim exists
- $claimValues[$claim]['value']="value-".$claim;
- $claimValues[$claim]['displayTag']=$configuredRequiredClaims[$claim]['displayTag'];
- }else if (array_key_exists($claim,$configuredOptionalClaims) ){
- //The claim exists
- $claimValues[$claim]['value']="value-".$claim;
- $claimValues[$claim]['displayTag']=$configuredOptionalClaims[$claim]['displayTag'];
- }else{
- //The claim DOES NOT exist
- $claimValues[$claim]['value']="unknown-value";
- $claimValues[$claim]['displayTag']=$claim;
- }
- }
- return $claimValues;
- }
-
-
-
- /*
- * INPUT: Unified way to create a single card identificator for a user
- * OUTPUT: User's card Identificator
- */
- static public function generate_card_ID($user) {
- return 'urn:self-sts.uah.es:'.$user;
- }
-
-
-
- /* Called by www/getinfocard.php
- * INPUT: valid username
- * OUTPUT: array containing user data to create its InfoCard
- */
- static public function fillICdata($user,$UserCredential,$ppid=NULL) {
- $ICdata = array();
- $ICdata['CardId'] = sspmod_InfoCard_UserFunctions::generate_card_ID($user);
- $ICdata['CardName'] = $user."-SELFCREDENTIAL-IC";
- $ICdata['CardImage'] = '/var/simplesaml/modules/InfoCard/www/resources/demoimage.png';
- $ICdata['TimeExpires'] = "9999-12-31T23:59:59Z";
-
- //Credentials
- $ICdata['DisplayCredentialHint'] = 'Enter your password';
- switch($UserCredential){
- case 'UsernamePasswordCredential':
- $ICdata['UserName'] = $user;
- break;
- case 'KerberosV5Credential':
- break;
- case 'X509V3Credential':
- $ICdata['KeyIdentifier'] = NULL; //X509V3Credential
- break;
- case 'SelfIssuedCredential':
- $ICdata['PPID'] = $ppid;
- break;
- default:
- break;
- }
-
- return $ICdata;
- }
-
-}
diff --git a/modules/InfoCard/lib/Utils.php b/modules/InfoCard/lib/Utils.php
deleted file mode 100644
index 1119349fb..000000000
--- a/modules/InfoCard/lib/Utils.php
+++ /dev/null
@@ -1,107 +0,0 @@
-<?php
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 16-DEC-08
-* DESCRIPTION: some useful functions.
-*/
-
-class sspmod_InfoCard_Utils {
-
- /*
- *INPUT: a PEM-encoded certificate
- *OUTPUT: a PEM-encoded certificate without the BEGIN and END headers
- */
- static public function takeCert($cert) {
- $begin = "CERTIFICATE-----";
- $end = "-----END";
- $pem = file_get_contents($cert);
- $pem = substr($pem, strpos($pem, $begin)+strlen($begin));
- $pem = substr($pem, 0, strpos($pem, $end));
- return str_replace("\n", "", $pem);
- }
-
-
- /*
- *INPUT: a XML document
- *OUTPUT: a canonicalized XML document
- */
- static public function canonicalize($XMLdoc){
- $dom = new DOMDocument();
- $dom->loadXML($XMLdoc);
- return ($dom->C14N(true, false));
- }
-
-
- static public function thumbcert($cert){
- return base64_encode(sha1(base64_decode($cert), true));
- }
-
-
- /*
- *INPUT: a x509 certificate
- *OUTPUT: Common Name or a self issued value if no input is given
- *EXTRA: The output is used as issuer
- */
- static public function getIssuer($cert){
- if ($cert==NULL){
- return 'http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self';
- }else{
- $resource = file_get_contents($cert);
- $check_cert = openssl_x509_read($resource);
- $array = openssl_x509_parse($check_cert);
- openssl_x509_free($check_cert);
- $schema = $array['name'];
- $pattern='/.*CN=/';
- $replacement='';
- $CN=preg_replace($pattern,$replacement,$schema);
- return $CN;
- }
- }
-
-
-
-
-
- /*
- * INPUT: claims schema (string) and a DOMNodelist with the requested claims in uri style
- * OUTPUT: array of requested claims
- *
- */
- static public function extractClaims($ICschema, $nodeList){
- //Returns the Uri attribute from an attribute list
- function getUri($attrList){
- $uri = null;
- $end=false;
- $i=0;
- do{
- if ($i > $attrList->length){
- $end = true;
- } else if (strcmp($attrList->item($i)->name,'Uri')==0){
- $end = true;
- $uri = $attrList->item($i)->value;
- } else {
- $i++;
- }
- } while (!$end);
- return $uri;
- }
- $requiredClaims = array();
- $schema = $ICschema."/claims/";
- SimpleSAML_Logger::debug("schema: ".$schema);
- $pattern='/\//';
- $replacement='\/';
- $schema= '/'.preg_replace($pattern,$replacement,$schema).'/';
- for ($i=0;$i<($nodeList->length);$i++) {
- $replacement='';
- $uri = getUri($nodeList->item($i)->attributes);
- $claim = preg_replace($schema,$replacement,$uri);
- $requiredClaims[$i]=$claim;
- SimpleSAML_Logger::debug("uri: ".$uri);
- SimpleSAML_Logger::debug("claim: ".$claim);
- }
- return $requiredClaims;
-}
-
-
-}
diff --git a/modules/InfoCard/templates/temp-getcardform.php b/modules/InfoCard/templates/temp-getcardform.php
deleted file mode 100644
index 70d31c271..000000000
--- a/modules/InfoCard/templates/temp-getcardform.php
+++ /dev/null
@@ -1,69 +0,0 @@
-<?php
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 22-DEC-08
-* DESCRIPTION: InfoCard module template.
-*/
- $this->includeAtTemplateBase('includes/header.php');
- if (isset($this->data['error'])) { ?>
- <div style="border-left: 1px solid #e8e8e8; border-bottom: 1px solid #e8e8e8; background: #f5f5f5">
- <img src="/<?php echo $this->data['baseurlpath']; ?>resources/icons/experience/gtk-dialog-error.48x48.png" class="float-l" style="margin: 15px " />
- <h2><?php echo $this->t('error_header'); ?></h2>
-
- <p><?php echo $this->t($this->data['error']); ?> </p>
- </div>
- <?php } ?>
-
-
-<!-- GET INFOCARD SECTION -->
- <?php
- if (strcmp($this->data['CardGenerator'],'')>0) {
-
- if(strcmp($this->data['form'],"validate")==0){
- echo '<h2>'.$this->t('getcardform_title').'</h2>';
- echo '<form action = ?AuthState='.htmlspecialchars($this->data['stateparams']['AuthState'])." method='post'>";
- echo '<table border="0">';
- echo "<tr><td>".$this->t('form_username').": </td><td><input type='text' name='username' value='usuario' /></td></tr>";
- echo "<tr><td>".$this->t('form_password').": </td><td><input type='password' name='password' value='clave' /></td></tr>";
- echo "<tr><td></td><td><input type='submit' name='get_button' value='".$this->t('get_button')."' /></td></tr>";
- echo "<input type='hidden' name='form' value='".$this->data['form']."'/>";
- echo '</table>';
- echo '</form>';
-
- } else if(strcmp($this->data['form'],"selfIssued")==0){ //ASK FOR A SELF-ISSUED CARD
- echo '<h2>'.$this->t('getcardform_self_title').'</h2>';
- echo '<p>'.$this->t('getcardform_self_text').'</p>';
- echo '<form name="ctl00" id="ctl00" method="post" action="?AuthState='.htmlspecialchars($this->data['stateparams']['AuthState']).'">';
- echo '<OBJECT type="application/x-informationCard" name="xmlToken">';
- echo '<PARAM Name="issuer" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />';
- if ($this->data['InfoCard']['issuerPolicy']!='') echo '<PARAM Name="issuerPolicy" Value="'.$this->data['InfoCard']['issuerPolicy']."\">\n";
- if ($this->data['InfoCard']['tokenType']!='') echo '<PARAM Name="tokenType" Value="'.$this->data['InfoCard']['tokenType']."\">\n";
- if ($this->data['InfoCard']['privacyURL']!='') echo '<PARAM Name="privacyUrl" Value="'.$this->data['InfoCard']['privacyURL']."\">\n";
- if ($this->data['InfoCard']['privacyVersion']!='')echo '<PARAM Name="privacyVersion" Value="'.$this->data['InfoCard']['privacyVersion']."\">\n";
- echo '<PARAM Name="requiredClaims" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">';
- echo '</OBJECT>';
- echo "<input type='hidden' name='username' value='".htmlspecialchars($this->data['username'])."'/>";
- echo "<input type='hidden' name='password' value='".htmlspecialchars($this->data['password'])."'/>";
- echo "<input type='hidden' name='form' value='".$this->data['form']."'/>";
- echo "<input type='image' src='resources/infocard_self_114x80.png' style='cursor:pointer' />";
- echo '</form>';
- } else {
- echo '<h2>'.$this->t('getcardform_finished_title').'</h2>';
- echo '<p>'.$this->t('getcardform_finished_text').'</p>';
- echo '<p> <a href="login-infocard.php?AuthState='.htmlspecialchars($this->data['stateparams']['AuthState']).'">LOGIN</a></p>';
- }
- }
- ?>
-
-<!-- HELP SECTION -->
- <h2><?php echo $this->t('help_header'); ?></h2>
- <p><?php echo $this->t('help_text'); ?></p>
- <?php
- if ((array_key_exists('contact_info_URL',$this->data)) && ($this->data['contact_info_URL']!=null))
- echo "<p><a href='".$this->data['contact_info_URL']."'>".$this->t('contact_info')."</a><p/>";
- if ((array_key_exists('help_desk_email_URL',$this->data)) && ($this->data['help_desk_email_URL']!=null))
- echo "<p><a href='".$this->data['help_desk_email_URL']."'>".$this->t('help_desk_email')."</a></p>";
- ?>
-
-<?php $this->includeAtTemplateBase('includes/footer.php');
diff --git a/modules/InfoCard/templates/temp-login.php b/modules/InfoCard/templates/temp-login.php
deleted file mode 100644
index 407830b7a..000000000
--- a/modules/InfoCard/templates/temp-login.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 22-DEC-08
-* DESCRIPTION: InfoCard module template.
-*/
- $this->includeAtTemplateBase('includes/header.php');
- if (isset($this->data['error'])) { ?>
- <div style="border-left: 1px solid #e8e8e8; border-bottom: 1px solid #e8e8e8; background: #f5f5f5">
- <img src="/<?php echo $this->data['baseurlpath']; ?>resources/icons/experience/gtk-dialog-error.48x48.png" class="float-l" style="margin: 15px " />
- <h2><?php echo $this->t('error_header'); ?></h2>
-
- <p><?php echo $this->t($this->data['error']); ?> </p>
- </div>
- <?php } ?>
-
- <h2 style="break: both"><?php echo $this->t('user_IC_header'); ?></h2>
-
- <p><?php echo $this->t('user_IC_text'); ?></p>
-
- <form name="ctl00" id="ctl00" method="post" action="?AuthState=<?php echo htmlspecialchars($this->data['stateparams']['AuthState'])?>">
-
-<!-- <ic:informationCard xmlns:ic="<?php echo $this->data['InfoCard']['schema'] ?>" name="xmlToken"
- issuer="<?php echo $this->data['InfoCard']['issuer']; ?>"
- <?php
- if ($this->data['InfoCard']['issuerPolicy']!='') echo 'issuerPolicy="'.$this->data['InfoCard']['issuerPolicy'].'"';
- if ($this->data['InfoCard']['tokenType']!='') echo 'tokenType="'.$this->data['InfoCard']['tokenType'].'"';
- if ($this->data['InfoCard']['privacyURL']!='') echo 'privacyUrl="'.$this->data['InfoCard']['privacyURL'].'"';
- if ($this->data['InfoCard']['privacyVersion']!='') echo 'privacyVersion="'.$this->data['InfoCard']['privacyVersion'].'"'; ?>>
- <?php
- $schema = $this->data['InfoCard']['schema']."/claims/";
- foreach ($this->data['InfoCard']['requiredClaims'] as $claim=>$data) {
- echo "<ic:add claimType = \"".$schema.$claim."\" optional=\"false\" />\n";
- }
- foreach ($this->data['InfoCard']['optionalClaims'] as $claim=>$data) {
- echo "<ic:add claimType = \"".$schema.$claim."\" optional=\"true\" />\n";
- }
- unset($value);?>
- </ic:informationCard>-->
-
- <OBJECT type="application/x-informationCard" name="xmlToken">
- <?php
- echo '<PARAM Name="issuer" Value="'.$this->data['InfoCard']['issuer']."\">\n";
- if ($this->data['InfoCard']['issuerPolicy']!='') echo '<PARAM Name="issuerPolicy" Value="'.$this->data['InfoCard']['issuerPolicy']."\">\n";
- if ($this->data['InfoCard']['tokenType']!='') echo '<PARAM Name="tokenType" Value="'.$this->data['InfoCard']['tokenType']."\">\n";
- if ($this->data['InfoCard']['privacyURL']!='') echo '<PARAM Name="privacyUrl" Value="'.$this->data['InfoCard']['privacyURL']."\">\n";
- if ($this->data['InfoCard']['privacyVersion']!='')echo '<PARAM Name="privacyVersion" Value="'.$this->data['InfoCard']['privacyVersion']."\">\n";?>
- <PARAM Name="requiredClaims" Value="<?php
- $schema = $this->data['InfoCard']['schema']."/claims/";
- foreach ($this->data['InfoCard']['requiredClaims'] as $claim=>$data) {
- echo $schema.$claim." ";
- }?>">
- <PARAM Name="optionalClaims" Value="<?php
- $schema = $this->data['InfoCard']['schema']."/claims/";
- foreach ($this->data['InfoCard']['optionalClaims'] as $claim=>$data) {
- echo $schema.$claim." ";
- }?>">
- </OBJECT>
-
- <input type='image' src="<?php echo $this->data['IClogo']; ?>" style='cursor:pointer' />
- </form>
-
-<!-- GET INFOCARD SECTION -->
- <?php
- if (strcmp($this->data['CardGenerator'],'')>0) {
- echo '<h2>'.$this->t('get_IC').'</h2>';
- echo '<a href="'.$this->data['CardGenerator'].'?AuthState='.$this->data['stateparams']['AuthState'].'">'.$this->t('get_IC_link').'</a>';
- }
- ?>
-
-<!-- HELP SECTION -->
- <h2><?php echo $this->t('help_header'); ?></h2>
- <p><?php echo $this->t('help_text'); ?></p>
- <?php
- if ((array_key_exists('contact_info_URL',$this->data)) && ($this->data['contact_info_URL']!=null))
- echo "<p><a href='".$this->data['contact_info_URL']."'>".$this->t('contact_info')."</a><p/>";
- if ((array_key_exists('help_desk_email_URL',$this->data)) && ($this->data['help_desk_email_URL']!=null))
- echo "<p><a href='".$this->data['help_desk_email_URL']."'>".$this->t('help_desk_email')."</a></p>";
- ?>
-
-<?php $this->includeAtTemplateBase('includes/footer.php');
diff --git a/modules/InfoCard/www/STS_card_issuer.php b/modules/InfoCard/www/STS_card_issuer.php
deleted file mode 100644
index dcd901520..000000000
--- a/modules/InfoCard/www/STS_card_issuer.php
+++ /dev/null
@@ -1,285 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 24-APR-09
-* DESCRIPTION:
-* Will send cards to other applications via web.
-* Symmetric cryptography and IP filtering are available.
-*/
-
-
-/*
-* DESCRIPTION: used to encode the data attribute sent GET method
-* TAKEN FROM: http://es2.php.net/manual/es/function.base64-encode.php#63543
-*/
-function urlsafe_b64encode($string) {
- $data = base64_encode($string);
- $data = str_replace(array('+','/','='),array('-','_',''),$data);
- return $data;
-}
-
-
-/*
-* DESCRIPTION: used to decode the data attribute sent GET method
-* TAKEN FROM: http://es2.php.net/manual/es/function.base64-encode.php#63543
-*/
-function urlsafe_b64decode($string) {
- $data = str_replace(array('-','_'),array('+','/'),$string);
- $mod4 = strlen($data) % 4;
- if ($mod4) {
- $data .= substr('====', $mod4);
- }
- return base64_decode($data);
-}
-
-
-/*CASE 1 AND 2
-* -Has Organization
-* -And chains to a trusted root CA
-* -NOTE: Based on V1.0, written for compatibility with DigitalMe PPID calculation
-*/
-function calculate_RP_PPID_Seed_2_2007 ($certs) {
- $check_cert = openssl_x509_read(file_get_contents($certs[0]));
- $array = openssl_x509_parse($check_cert);
- openssl_x509_free($check_cert);
- $OrgIdString = ('|O="'.$array['subject']['O'].'"|L="'.$array['subject']['L'].'"|S="'.$array['subject']['ST'].'"|C="'.$array['subject']['C'].'"|');
- $numcerts = sizeof($certs);
- for($i=1;$i<$numcerts;$i++){
- $check_cert = openssl_x509_read(file_get_contents($certs[$i]));
- $array = openssl_x509_parse($check_cert);
- openssl_x509_free($check_cert);
- $tmpstring = '|ChainElement="CN='.$array['subject']['CN'].', OU='.$array['subject']['OU'].', O='.$array['subject']['O'].', L='.$array['subject']['L'].', S='.$array['subject']['ST'].', C='.$array['subject']['C'].'"';
- $OrgIdString = $tmpstring.$OrgIdString;
- }
- $OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
- $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
- return $RPPPIDSeed;
-}
-
-
-/*
-* DESCRIPTION: Calculate the PPID for a card
-* INPUT: card ID, and RP certificates
-* OUTPUT: PPID asociated to a Relying Party
-*/
-function calculate_PPID($cardid, $rp_cert) {
- $CardIdBytes = iconv("ISO-8859-1", "UTF-16LE", $cardid);
- $CanonicalCardId = hash('sha256', $CardIdBytes,TRUE);
- $RPPPIDSeed = calculate_RP_PPID_Seed_2_2007($rp_cert);
- $PPID = hash('sha256', $RPPPIDSeed.$CanonicalCardId,TRUE);
- return $PPID;
-}
-
-
-/*
-*
-* INPUT: VOID
-* OUPUT: String with the invoked URL
-*/
-function curPageURL() {
- $pageURL = 'http';
- if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
- $pageURL .= "://";
- if ($_SERVER["SERVER_PORT"] != "80") {
- $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
- } else {
- $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
- }
- return $pageURL;
-}
-
-
-
-
-//TAD
-
-/*
-* INPUT: String (attribute length + attribute not begginning with a number) n times , number of attributes
-* OUPUT: Array with attributes in order
-*/
-function parse_attributes($parsing_string, $num_attrs){
- for ($i=0 ; $i<$num_attrs ; $i++) {
- if (preg_match('/^[\d]*/', $parsing_string, $res)){
- if (!($output[$i] = substr($parsing_string,strlen($res[0]),$res[0]))){
- return null;
- }
- $parsing_string = substr($parsing_string, strlen($res[0])+strlen($output[$i]));
- } else {
- return null;
- }
- }
- return $output;
-}
-
-
-/*
-* Enable downloading an specific card, store Radius request
-* INPUT: username, cardid, and radius request time
-* OUTPUT; uuid of the stored request
-*/
-function enable_download($username, $cardid){
- //almacenar existencia
-
- //Add Timestamp to response
- $time = 'x'.time(); //Cannot start with a number
-
- $uuid = uniqid();
- $handle = fopen(SimpleSAML_Utilities::getTempDir() . "/$uuid",'w');
- if ($handle) {
- fwrite($handle, strlen($username).$username.strlen($cardid).$cardid.strlen($time).$time);
- fclose ($handle);
- return $uuid;
- } else {
- return false;
- }
-}
-
-
-/*
-* Disable downloading an specific card, should be called when ending a request = Infocard is Issued
-*
-*/
-function disable_download($uuid){
- unlink("/tmp/$uuid");
-}
-
-
-/*
-* ÂżShould I generate a card?
-*
-*/
-function is_card_enabled($uuid, $delivery_time){
- $now = time();
- $filename = SimpleSAML_Utilities::getTempDir() . "/$uuid";
-
- //File check
- if (!file_exists($filename)) return false; //File doesn't exist
-
- //Time check
- $handle = fopen($filename,'r');
- if ($handle) {
- $data = fread($handle, filesize($filename));
- fclose ($handle);
-
- $parsed_data = parse_attributes($data, 3);
- $parsed_data[2] = substr($parsed_data[2],1); //Extracting numeric value
-
- $time = $parsed_data[2];
- $endtime = $time + $delivery_time;
- if (($now<=$time)||($now>$endtime)) return false; //Incorrect time
- return $parsed_data;
- } else {
- return false; //Could not read the file
- }
-
-}
-
-
-/*
-* Check if the user is in the connected table
-* Update the row with the created Infocard card_ID
-*/
-function DB_update_connected_user ($username, $DB_params){
- $card_id = sspmod_InfoCard_UserFunctions::generate_card_ID($username);;
- $dbconn = pg_connect('host='.$DB_params['DB_host'].' port='.$DB_params['DB_port'].' dbname='.$DB_params['DB_dbname'].' user='.$DB_params['DB_user'].' password='.$DB_params['DB_password']);
- $result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("$username")));
- if ($result[0]){
- pg_update($dbconn, 'connected_users', array('card_id'=>$card_id), array('name'=>$username));
- return true;
- } else {
- return false;
- }
-}
-
-
-
-$config = SimpleSAML_Configuration::getInstance();
-$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
-$configuredIP = $autoconfig->getValue('configuredIP');
-
-
-//RADIUS Request - Send One Time URL
-if ( (strcmp($_GET['ident'],'RADIUS')==0) && (($configuredIP == null) || ($_SERVER['REMOTE_ADDR'] == $configuredIP)) ){
-
- /* Load the configuration. */
- $key = $autoconfig->getValue('symmetric_key');
- $internalkey = hash('sha256', $autoconfig->getValue('internal_key'));
-
- $encrequest = urlsafe_b64decode($_GET['data']);
- if (!$encrequest) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
-
- // Encryption
- if ($key!=null) {
- $iv = urlsafe_b64decode($_GET['iv']);
- if (!$iv) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
- $enckey = hash('sha256', $key);
- $request = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, pack("H*",$enckey), $encrequest, MCRYPT_MODE_CBC, $iv);
- } else {
- $request = $encrequest;
- }
-
- //Parse Attributes (username lenght + username + cardid length + cardid)
- $parsed_request = parse_attributes($request, 2);
-
-
- //Enable card for downloading (username+cardid+time)
- $response = enable_download($parsed_request[0],$parsed_request[1]);
- if(!$response) throw new SimpleSAML_Error_NotFound('FUNCTION enable_download, error accessing directory');
-
-
- // Encrypt response for myself
- $response = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, pack("H*",$internalkey), $response, MCRYPT_MODE_CBC, $iv);
- $response = preg_replace('/\?.*/','',curPageURL()).'?data='.urlsafe_b64encode($response).'&iv='.urlsafe_b64encode($iv);
-
-
- // Encrypt response for RADIUS
- if ($key!=null){
- $encresponse = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, pack("H*",$enckey), $response, MCRYPT_MODE_CBC, $iv);
- } else {
- $encresponse = $response;
- }
-
- // Send URL
- print base64_encode($encresponse);
-
-} else { //Client Resquest- Send InfoCard
- //Get Attributes
- $encrequest = urlsafe_b64decode($_GET['data']);
- $iv = urlsafe_b64decode($_GET['iv']);
- if ((!$encrequest)||(!$iv)) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
-
- /* Load the configuration. */
- $internalkey = hash('sha256', $autoconfig->getValue('internal_key'));
- $certificates = $autoconfig->getValue('certificates');
- $ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
- $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
- $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
- $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
- $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
- $ICconfig['certificates'] = $autoconfig->getValue('certificates');
- $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
- $IC_lifetime_delivery = $autoconfig->getValue('IC_lifetime_delivery');
- $DB_params = $autoconfig->getValue('DB_params');
-
- // Encryption
- $request = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, pack("H*",$internalkey), $encrequest, MCRYPT_MODE_CBC, $iv);
-
- $parsed_request = is_card_enabled($request, $IC_lifetime_delivery);
- if ($parsed_request && DB_update_connected_user($parsed_request[0], $DB_params)) {
- // Calculate PPID
- $ppid = base64_encode(calculate_PPID($parsed_request[1], $certificates));
-
- // Create InfoCard
- $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($parsed_request[0],$ICconfig['UserCredential'],$ppid);
- $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
-
- disable_download($request);
-
- //Send Infocard
- print ($IC);
- } else {
- throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
- }
-}
diff --git a/modules/InfoCard/www/crt/CA.crt b/modules/InfoCard/www/crt/CA.crt
deleted file mode 100644
index f3f2272f0..000000000
--- a/modules/InfoCard/www/crt/CA.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgTCCAuqgAwIBAgIJAM6AlUloXfWSMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD
-VQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRswGQYDVQQHFBJBbGNhbMOhIGRlIEhl
-bmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UECxMDYXV0MS8wLQYDVQQDFCZBdXRv
-cmlkYWQgZGUgQ2VydGlmaWNhY2nDs24gZGUgcHJ1ZWJhczAeFw0wODExMTMxMzIx
-MDRaFw0wOTEyMTgxMzIxMDRaMIGIMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFk
-cmlkMRswGQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEM
-MAoGA1UECxMDYXV0MS8wLQYDVQQDFCZBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2nD
-s24gZGUgcHJ1ZWJhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3QvxPbtC
-BkfAbYmEWBP6TjNJ7kU8CI0BwZGoTOIS5EqjyS0Jz0Mlh0FZ4vj6hoJYIlormmIs
-t9LdAynLVDiCOpvSJ0D9mUgXWEBLfF+UDg/QLiQ9k+Qckb/PwcwhV0C/JWO0U1YG
-oYIXttY5TVltlAN9zcmikHbru9DG95CDd98CAwEAAaOB8DCB7TAdBgNVHQ4EFgQU
-ky9O6zUrm7JEqmqqLuJ93xwsIZcwgb0GA1UdIwSBtTCBsoAUky9O6zUrm7JEqmqq
-LuJ93xwsIZehgY6kgYswgYgxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQx
-GzAZBgNVBAcUEkFsY2Fsw6EgZGUgSGVuYXJlczEMMAoGA1UEChMDVUFIMQwwCgYD
-VQQLEwNhdXQxLzAtBgNVBAMUJkF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjacOzbiBk
-ZSBwcnVlYmFzggkAzoCVSWhd9ZIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQBkVetV0rzJgkwg68dyy3Qd9gdc1P5sCd8DUkc0t9CAMaaEtpUCCVVcwL7r
-9yz65wzTZ+I39SsGMXaMRIgB2/ztvmifzaMZgN1AjTc8g6UhyG7sSdB61UizSM71
-cU1gA4pT69qZATLa2TZf6mc5kTapOC+yanD+ZcIZEKtLxXuvLg==
------END CERTIFICATE-----
diff --git a/modules/InfoCard/www/crt/idp.crt b/modules/InfoCard/www/crt/idp.crt
deleted file mode 100644
index 547af1cb1..000000000
--- a/modules/InfoCard/www/crt/idp.crt
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICcDCCAdkCCQDcBO8XUWUkezANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
-RVMxDzANBgNVBAgTBk1hZHJpZDEbMBkGA1UEBxQSQWxjYWzDoSBkZSBIZW5hcmVz
-MQwwCgYDVQQKEwNVQUgxDDAKBgNVBAsTA2F1dDEvMC0GA1UEAxQmQXV0b3JpZGFk
-IGRlIENlcnRpZmljYWNpw7NuIGRlIHBydWViYXMwHhcNMDgxMjE1MDkxMzM1WhcN
-MDkwNjEzMDkxMzM1WjBwMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRsw
-GQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UE
-CxMDYXV0MRcwFQYDVQQDEw5pZHAuYXV0LnVhaC5lczCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA1Qhw5haQBTdgBezWPsyMMRiK6XMN9vfLuKTQ2i9JJZVTZ6wV
-3nn2aP8bEnPRjd+ODFlJIM9q3JbeOeOFAvZQ81VsXoi5rxD7CifRMg7xajLAPHVh
-YcEbgi4wVNqTI+xCjlQI8Sy4v2srmFbz4QEfwEHhzQBQUCZ/46Y02AcvHfECAwEA
-ATANBgkqhkiG9w0BAQUFAAOBgQDKtztb0jZLqSrWt6c+pf/Sjincw1gBbWCPcVFD
-B/x/vkR5sj0+7dhRrRjm5w7hXFKVMEHy5DY0yTl1ft3nziPBZHcUGDeW/q30JP+r
-lgvRhgR5++/OHX3dGMFgI0++4qjrF/qSiyTnuhOZ7KhUZCt70+En8Gpgj0nBcmlL
-/q3I5w==
------END CERTIFICATE-----
diff --git a/modules/InfoCard/www/crt/sts.crt b/modules/InfoCard/www/crt/sts.crt
deleted file mode 100644
index 673cd53b6..000000000
--- a/modules/InfoCard/www/crt/sts.crt
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICcDCCAdkCCQDcBO8XUWUkfDANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
-RVMxDzANBgNVBAgTBk1hZHJpZDEbMBkGA1UEBxQSQWxjYWzDoSBkZSBIZW5hcmVz
-MQwwCgYDVQQKEwNVQUgxDDAKBgNVBAsTA2F1dDEvMC0GA1UEAxQmQXV0b3JpZGFk
-IGRlIENlcnRpZmljYWNpw7NuIGRlIHBydWViYXMwHhcNMDgxMjE1MDkxNDM1WhcN
-MDkwNjEzMDkxNDM1WjBwMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRsw
-GQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UE
-CxMDYXV0MRcwFQYDVQQDEw5zdHMuYXV0LnVhaC5lczCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAu11nvzu3VKweL2qRE6McFscX2L8x477tb4bdmsvK0F0sHAs6
-YCRuQFEHAK4+Y6I2SE2NVy/c8hV+MBXEBc1UUy9X3d5bUQMzWZflFy3lyH6j5+hY
-5JNaz8bJOkzLy3/3NbYOwG5Xw3a4kBkBtCuB5udR2RPaR+XrOaN7636krZMCAwEA
-ATANBgkqhkiG9w0BAQUFAAOBgQA/LExkDztctITadXpxOrz0Ejgh8DbtSa/2lyAz
-BixnLaa6acnG4i/lmEhnjWdwBf5+a3HqGIp2aUbXzZCDo5iVoR7RCStSxLDXXWeQ
-w4xm/820m6xzi9BamqG3JlxSAem4z7yZzA5MKPfSCmtkJwkVntwvOjvQjedYPWpK
-exOdJw==
------END CERTIFICATE-----
diff --git a/modules/InfoCard/www/getcardform.php b/modules/InfoCard/www/getcardform.php
deleted file mode 100644
index bcc4546d4..000000000
--- a/modules/InfoCard/www/getcardform.php
+++ /dev/null
@@ -1,152 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION:
-* Pretty form to get a managed InfoCard
-* User flow controller.
-* Displays the template and request a non null xmlToken
-*/
-
-
-/* Load the configuration. */
-$config = SimpleSAML_Configuration::getInstance();
-$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
-
-$Infocard = $autoconfig->getValue('InfoCard');
-
-
-/* Load the session of the current user. */
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-if (!array_key_exists('AuthState', $_REQUEST)) {
-SimpleSAML_Logger::debug('NO AUTH STATE');
-SimpleSAML_Logger::debug('ERROR: NO AUTH STATE');
- throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
-} else {
- $authStateId = $_REQUEST['AuthState'];
-SimpleSAML_Logger::debug('AUTH STATE: '.$authStateId);
-}
-
-$username = null;
-$password = null;
-
-$state = "validate";
-if(array_key_exists('form', $_POST) && ($_POST['form']!=NULL) ) {
- if(array_key_exists('username', $_POST) && ($_POST['username']!=NULL) ) {
- if(array_key_exists('password', $_POST) && ($_POST['password']!=NULL) ) {
- //Validation: Username/Password
- $username = $_POST['username'];
- $password = $_POST['password'];
- if (sspmod_InfoCard_UserFunctions::validateUser(array('username'=>$username,'password'=>$password),'UsernamePasswordCredential')){
- $userCredential = $autoconfig->getValue('UserCredential');
- if (strcmp($userCredential,'UsernamePasswordCredential')==0){
-
- $ICconfig['InfoCard'] = $Infocard;
- $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
- $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
- $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
- $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
- $ICconfig['certificates'] = $autoconfig->getValue('certificates');
- $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
-
- $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username,$userCredential);
- $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
- header("Content-Disposition: attachment; filename=\"".$ICdata['CardName'].".crd\"");
- header('Content-Type: application/x-informationcard');
- header('Content-Length:'.strlen($IC));
- echo $IC;
- $state = 'end';
- }else if (strcmp($userCredential,'SelfIssuedCredential')==0){
- /*
- * VERY IMPORTANT:
- * The STS is acting as a Relying Party to get the PPID in order to generate a
- * managed card with a self issued credential, that's why we use the STS
- * certificate private key to decrypt the token.
- */
- if(array_key_exists('xmlToken', $_POST) && ($_POST['xmlToken']!=NULL) ) {
- SimpleSAML_Logger::debug('HAY XML TOKEN');
- $token = new sspmod_InfoCard_RP_InfoCard();
- $idp_key = $autoconfig->getValue('sts_key');
- $token->addIDPKey($idp_key);
- $token->addSTSCertificate('');
- $claims = $token->process($_POST['xmlToken']);
- if(($claims->isValid()) && ($claims->privatepersonalidentifier!=NULL)) {
- $ppid = $claims->privatepersonalidentifier;
- SimpleSAML_Logger::debug("PPID = $ppid");
- $ICconfig['InfoCard'] = $Infocard;
- $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
- $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
- $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
- $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
- $ICconfig['certificates'] = $autoconfig->getValue('certificates');
- $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
-
- $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username,$userCredential,$ppid);
- $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
- header('Content-Disposition: attachment; filename="'.$ICdata['CardName'].'.crd"');
- header('Content-Type: application/x-informationcard');
- header('Content-Length:'.strlen($IC));
- echo $IC;
- $state = 'end';
- }else {
- SimpleSAML_Logger::debug('Wrong Self-Issued card');
- $error = 'wrong_IC';
- $state = "selfIssued";
- }
- }else{
- SimpleSAML_Logger::debug('NO HAY XML TOKEN');
- $error = NULL;
- $state = "selfIssued";
- }
- }else{
- SimpleSAML_Logger::debug('CONFIGURATION ERROR: UserCredential '.$userCredential.' NOT SUPPORTED');
- }
- }else{
- $error = 'Wrong_user_pass';
- SimpleSAML_Logger::debug('WRONG username or password');
- }
- }else{
- $error = 'NO_password';
- SimpleSAML_Logger::debug('NO PASSWORD');
- }
- }else {
- $error = 'NO_user';
- SimpleSAML_Logger::debug('NO USERNAME');
- }
-}else{
- $error = NULL;
-}
-
-
-unset($_POST); //Show the languages bar if reloaded
-
-$t = new SimpleSAML_XHTML_Template($config, 'InfoCard:temp-getcardform.php', 'InfoCard:dict-InfoCard'); //(configuracion, template, diccionario)
-$t->data['header'] = 'simpleSAMLphp: Get your Infocard';
-$t->data['stateparams'] = array('AuthState' => $authStateId);
-
-
-$t->data['InfoCard'] = $Infocard;
-
-$cardGenerator = $autoconfig->getValue('CardGenerator');
-$t->data['CardGenerator'] = $cardGenerator;
-
-$help_desk_email_URL = $autoconfig->getValue('help_desk_email_URL');
-$t->data['help_desk_email_URL'] = $help_desk_email_URL;
-
-$contact_info_URL = $autoconfig->getValue('contact_info_URL');
-$t->data['contact_info_URL'] = $contact_info_URL;
-
-$t->data['error'] = $error;
-$t->data['form'] = $state;
-
-//For testing purposes
-$t->data['username']=$username;
-$t->data['password']=$password;
-
-
-
-$t->show();
-exit();
diff --git a/modules/InfoCard/www/login-infocard.php b/modules/InfoCard/www/login-infocard.php
deleted file mode 100644
index d34c36993..000000000
--- a/modules/InfoCard/www/login-infocard.php
+++ /dev/null
@@ -1,63 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION:
-* User flow controller.
-* Displays the template and request a non null xmlToken
-*/
-
-
-
-/* Load the configuration. */
-$config = SimpleSAML_Configuration::getInstance();
-$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
-
-$server_key = $autoconfig->getValue('server_key');
-$server_crt = $autoconfig->getValue('server_crt');
-$IClogo = $autoconfig->getValue('IClogo');
-$Infocard = $autoconfig->getValue('InfoCard');
-$cardGenerator = $autoconfig->getValue('CardGenerator');
-$sts_crt = $autoconfig->getValue('sts_crt');
-$help_desk_email_URL = $autoconfig->getValue('help_desk_email_URL');
-$contact_info_URL = $autoconfig->getValue('contact_info_URL');
-
-
-/* Load the session of the current user. */
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-if (!array_key_exists('AuthState', $_REQUEST)) {
-SimpleSAML_Logger::debug('NO AUTH STATE');
-SimpleSAML_Logger::debug('ERROR: NO AUTH STATE');
- throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
-} else {
- $authStateId = $_REQUEST['AuthState'];
-SimpleSAML_Logger::debug('AUTH STATE: '.$authStateId);
-}
-
-if(array_key_exists('xmlToken', $_POST) && ($_POST['xmlToken']!=NULL) ) {
-SimpleSAML_Logger::debug('HAY XML TOKEN');
- $error = sspmod_InfoCard_Auth_Source_ICAuth::handleLogin($authStateId, $_POST['xmlToken']);
-}else {
-SimpleSAML_Logger::debug('NO HAY XML TOKEN');
- $error = NULL;
-}
-
-unset($_POST); //Show the languages bar if reloaded
-
-//Login Page
-$t = new SimpleSAML_XHTML_Template($config, 'InfoCard:temp-login.php', 'InfoCard:dict-InfoCard'); //(configuracion, template, diccionario)
-$t->data['header'] = 'simpleSAMLphp: Infocard login';
-$t->data['stateparams'] = array('AuthState' => $authStateId);
-$t->data['IClogo'] = $IClogo;
-$t->data['InfoCard'] = $Infocard;
-$t->data['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
-$t->data['CardGenerator'] = $cardGenerator;
-$t->data['help_desk_email_URL'] = $help_desk_email_URL;
-$t->data['contact_info_URL'] = $contact_info_URL;
-$t->data['error'] = $error;
-$t->show();
-exit();
diff --git a/modules/InfoCard/www/mex.php b/modules/InfoCard/www/mex.php
deleted file mode 100644
index 030b8b8d9..000000000
--- a/modules/InfoCard/www/mex.php
+++ /dev/null
@@ -1,242 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION: InfoCard module metadata exchange (POLICY)
-*/
-
-
-$method = $_SERVER["REQUEST_METHOD"];
-
-if ($method == "POST"){
- $use_soap = true;
- Header('Content-Type: application/soap+xml;charset=utf-8');
-}else{
- $use_soap = false;
- Header('Content-Type: application/xml;charset=utf-8');
-}
-
-
-$config = SimpleSAML_Configuration::getInstance();
-$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
-$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
-$ICconfig['certificates'] = $autoconfig->getValue('certificates');
-$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
-
-
-// Grab the important parts of the token request. That's pretty much just
-// the request ID.
-$request_id = '';
-if ($use_soap && strlen($HTTP_RAW_POST_DATA))
-{
- $token = new DOMDocument();
- $token->loadXML($HTTP_RAW_POST_DATA);
- $doc = $token->documentElement;
- $elements = $doc->getElementsByTagname('MessageID');
- $request_id = $elements->item(0)->nodeValue;
-}
-
-$buf = '<?xml version="1.0"?>';
-
-$buf .= '<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing">';
-
- $buf .= '<S:Header>';
- $buf .= '<wsa:Action S:mustUnderstand="1">';
- $buf .= 'http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse';
- $buf .= '</wsa:Action>';
- $buf .= '<wsa:RelatesTo>';
- $buf .= $request_id;
- $buf .= '</wsa:RelatesTo>';
- $buf .= '</S:Header>';
-
- $buf .= '<S:Body>';
- $buf .= '<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex">';
-
- $buf .= '<MetadataSection Dialect="http://schemas.xmlsoap.org/wsdl/" Identifier="http://schemas.xmlsoap.org/ws/2005/02/trust">';
- $buf .= '<wsdl:definitions name="STS_wsdl" targetNamespace="'.$ICconfig['tokenserviceurl'].'" xmlns:tns="'.$ICconfig['tokenserviceurl'].'" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsid="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:q1="'.$ICconfig['tokenserviceurl'].'">';
-
- $buf .= '<wsdl:types>';
- $buf .= '<xs:schema targetNamespace="http://schemas.xmlsoap.org/ws/2005/02/trust/Imports">';
- $buf .= '<xs:import schemaLocation="" namespace="'.$ICconfig['tokenserviceurl'].'"/>';
- $buf .= '</xs:schema>';
- $buf .= '</wsdl:types>';
-
- $buf .= '<wsdl:message name="RequestSecurityTokenMsg">';
- $buf .= '<wsdl:part name="request" type="q1:MessageBody" />';
- $buf .= '</wsdl:message>';
- $buf .= '<wsdl:message name="RequestSecurityTokenResponseMsg">';
- $buf .= '<wsdl:part name="response" type="q1:MessageBody" />';
- $buf .= '</wsdl:message>';
-
- $buf .= '<wsdl:portType name="SecurityTokenService">';
- $buf .= '<wsdl:operation name="Issue">';
- $buf .= '<wsdl:input wsaw:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" message="tns:RequestSecurityTokenMsg">';
- $buf .= '</wsdl:input>';
- $buf .= '<wsdl:output wsaw:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue" message="tns:RequestSecurityTokenResponseMsg">';
- $buf .= '</wsdl:output>';
- $buf .= '</wsdl:operation>';
- $buf .= '</wsdl:portType>';
-
- $buf .= '<wsp:Policy wsu:Id="STS_endpoint_policy">';
- $buf .= '<wsp:ExactlyOne>';
- $buf .= '<wsp:All>';
- $buf .= '<ic:RequireFederatedIdentityProvisioning />';
- $buf .= '<sp:TransportBinding>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:TransportToken>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:HttpsToken RequireClientCertificate="false" />';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:TransportToken>';
- $buf .= '<sp:AlgorithmSuite>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:Basic256/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:AlgorithmSuite>';
- $buf .= '<sp:Layout>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:Strict/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:Layout>';
- $buf .= '<sp:IncludeTimestamp/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:TransportBinding>';
-
- // Authentication token assertion
- switch($ICconfig['UserCredential']){
- case "UsernamePasswordCredential":
- $buf .= '<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:WssUsernameToken10/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:UsernameToken>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:SignedSupportingTokens>';
- break;
- case "KerberosV5Credential":
- $buf .= '<sp:ProtectionToken>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once">';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp: WssGssKerberosV5ApReqToken11/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:KerberosToken>';
- $buf .= '<wsp:Policy>';
- $buf .= '</sp:ProtectionToken>';
- break;
- case "X509V3Credential":
- $buf .= '<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:WssX509V3Token10/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:X509Token>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:EndorsingSupportingTokens>';
- break;
- case "SelfIssuedCredential":
- $buf .= '<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">';
- $buf .= '<sp:Issuer>';
- $buf .= '<wsa:Address>';
- $buf .= 'http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self';
- $buf .= '</wsa:Address>';
- $buf .= '</sp:Issuer>';
- $buf .= '<sp:RequestSecurityTokenTemplate>';
- $buf .= '<wst:TokenType>';
- $buf .= 'urn:oasis:names:tc:SAML:1.0:assertion';
- $buf .= '</wst:TokenType>';
- $buf .= '<wst:KeyType>';
- $buf .= 'http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey';
- $buf .= '</wst:KeyType>';
- $buf .= '<wst:Claims xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">';
- $buf .= '<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"/>';
- $buf .= '</wst:Claims>';
- $buf .= '</sp:RequestSecurityTokenTemplate>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:RequireInternalReference/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:IssuedToken>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:EndorsingSupportingTokens>';
- break;
- default:
- break;
- }
-
- $buf .= '<sp:Wss11>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:MustSupportRefThumbprint/>';
- $buf .= '<sp:MustSupportRefEncryptedKey/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:Wss11>';
- $buf .= '<sp:Trust10>';
- $buf .= '<wsp:Policy>';
- $buf .= '<sp:RequireClientEntropy/>';
- $buf .= '<sp:RequireServerEntropy/>';
- $buf .= '</wsp:Policy>';
- $buf .= '</sp:Trust10>';
- $buf .= '<wsaw:UsingAddressing wsdl:required="true" />';
- $buf .= '</wsp:All>';
- $buf .= '</wsp:ExactlyOne>';
- $buf .= '</wsp:Policy>';
-
- $buf .= '<wsdl:binding name="Transport_binding" type="tns:SecurityTokenService">';
- $buf .= '<wsp:PolicyReference URI="#STS_endpoint_policy"/>';
- $buf .= '<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>';
- $buf .= '<wsdl:operation name="Issue">';
- $buf .= '<soap12:operation soapAction="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" style="document"/>';
- $buf .= '<wsdl:input>';
- $buf .= '<soap12:body use="literal"/>';
- $buf .= '</wsdl:input>';
- $buf .= '<wsdl:output>';
- $buf .= '<soap12:body use="literal"/>';
- $buf .= '</wsdl:output>';
- $buf .= '</wsdl:operation>';
- $buf .= '</wsdl:binding>';
-
- $buf .= '<wsdl:service name="STS_0">';
- $buf .= '<wsdl:port name="STS_0_port" binding="tns:Transport_binding">';
- $buf .= '<soap12:address location="'.$ICconfig['tokenserviceurl'].'" />';
- $buf .= '<wsa:EndpointReference>';
- $buf .= '<wsa:Address>'.$ICconfig['tokenserviceurl'].'</wsa:Address>';
- $buf .= '<wsid:Identity>';
- $buf .= '<ds:KeyInfo>';
- $buf .= '<ds:X509Data>';
- $buf .= '<ds:X509Certificate>';
- $buf .= sspmod_InfoCard_Utils::takeCert($ICconfig['certificates'][0]);
- $buf .='</ds:X509Certificate>';
- $buf .= '</ds:X509Data>';
- $buf .= '</ds:KeyInfo>';
- $buf .= '</wsid:Identity>';
- $buf .= '</wsa:EndpointReference>';
- $buf .= '</wsdl:port>';
- $buf .= '</wsdl:service>';
-
- $buf .= '</wsdl:definitions>';
- $buf .= '</MetadataSection>';
-
-
- $buf .= '<MetadataSection Dialect="http://www.w3.org/2001/XMLSchema" Identifier="'.$ICconfig['tokenserviceurl'].'">';
- $buf .= '<xs:schema xmlns:tns="'.$ICconfig['tokenserviceurl'].'" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="'.$ICconfig['tokenserviceurl'].'">';
- $buf .= '<xs:complexType name="MessageBody">';
- $buf .= '<xs:sequence>';
- $buf .= '<xs:any maxOccurs="unbounded" minOccurs="0" namespace="##any"/>';
- $buf .= '</xs:sequence>';
- $buf .= '</xs:complexType>';
- $buf .= '</xs:schema>';
- $buf .= '</MetadataSection>';
-
- $buf .= '</Metadata>';
- $buf .= '</S:Body>';
-
-$buf .= '</S:Envelope>';
-
-
-print($buf);
diff --git a/modules/InfoCard/www/prueba.php b/modules/InfoCard/www/prueba.php
deleted file mode 100644
index 6d38edb39..000000000
--- a/modules/InfoCard/www/prueba.php
+++ /dev/null
@@ -1,161 +0,0 @@
-<?php
-
-$DB_host = 'localhost';
-$DB_port = '5432';
-$DB_dbname = 'db1';
-$DB_user = 'user1';
-$DB_password = 'pass1';
-
-
-$username = 'enrique';
-$card_id = '1234567';
-$dbconn = pg_connect("host=$DB_host port=$DB_port dbname=$DB_dbname user=$DB_user password=$DB_password ");
-$result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("$username")));
-if ($result[0]){
- pg_update($dbconn, 'connected_users', array('card_id'=>$card_id), array('name'=>$username));
- print_r ($result);
-} else {
- echo 'error';
-}
-
-
-// echo pg_last_error($dbconn);
-// if (!$result) {
-// echo 'FALLO';
-// } else {
-// print "result: $result </br>";
-// $row=pg_fetch_all($result);
-// print "ROW: $row </br>";
-// // print_r ($result);
-// print_r ($row);
-// }
-
-pg_close($dbconn);
-
-
-// $handle = fopen(SimpleSAML_Utilities::getTempDir() . '/prueba2.txt','w');
-// fwrite($handle, 'prueba');
-// fclose ($handle);
-
-
-//
-// phpinfo();
-//
-//
-// $config = SimpleSAML_Configuration::getInstance();
-// $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
-//
-// $certificates = $autoconfig->getValue('certificates');
-//
-//
-//
-//
-//
-//
-//
-// function takePublicKey($cert) {
-// $pkey = openssl_get_publickey(file_get_contents($cert));
-// $keyData = openssl_pkey_get_details($pkey);
-// $key = $keyData['key'];
-// $key = str_replace('-----BEGIN PUBLIC KEY-----', '', $key);
-// $key = str_replace('-----END PUBLIC KEY-----', "", $key);
-// $key = str_replace("\n", "", $key);
-// return $key;
-// }
-//
-// /*CASE 1 AND 2
-// * -Has Organization
-// * -And chains to a trusted root CA
-// */
-// function calculate_RP_PPID_Seed_2_2007 ($certs) {
-// $check_cert = openssl_x509_read(file_get_contents($certs[0]));
-// $array = openssl_x509_parse($check_cert);
-// openssl_x509_free($check_cert);
-// $OrgIdString = ('|O="'.$array['subject']['O'].'"|L="'.$array['subject']['L'].'"|S="'.$array['subject']['ST'].'"|C="'.$array['subject']['C'].'"|');
-// print_r ($array);
-// print '<br>';
-//
-// $numcerts = sizeof($certs);
-// for($i=1;$i<$numcerts;$i++){
-// $check_cert = openssl_x509_read(file_get_contents($certs[$i]));
-// $array = openssl_x509_parse($check_cert);
-// openssl_x509_free($check_cert);
-// $tmpstring = '|ChainElement="CN='.$array['subject']['CN'].', OU='.$array['subject']['OU'].', O='.$array['subject']['O'].', L='.$array['subject']['L'].', S='.$array['subject']['ST'].', C='.$array['subject']['C'].'"';
-// $OrgIdString = $tmpstring.$OrgIdString;
-// }
-//
-// print '<br>CALCULADA'.iconv("UTF-8", "ISO-8859-1", $OrgIdString).'<br>';
-// print '<br>VERDADERA = |ChainElement="CN=Autoridad de Certificación de pruebas, OU=aut, O=UAH, L=Alcalá de Henares, S=Madrid, C=ES"|O="UAH"|L="Alcalá de Henares"|S="Madrid"|C="ES"|<br>';
-// $OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
-// $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
-// return $RPPPIDSeed;
-// }
-//
-//
-// /*CASE 1 AND 2
-// * -Has Organization
-// * -And chains to a trusted root CA
-// */
-// function calculate_RP_PPID_Seed_2008 ($rp_cert) {
-// $check_cert = openssl_x509_read(file_get_contents($rp_cert));
-// $array = openssl_x509_parse($check_cert);
-// openssl_x509_free($check_cert);
-// $OrgIdString = ('|O="'.$array[subject][O].'"|L="'.$array[subject][L].'"|S="'.$array[subject][ST].'"|C="'.$array[subject][C].'"|');
-// print_r ($array);
-// $OrgIdBytes = iconv("ISO-8859-1", "UTF-16LE", $OrgIdString);
-// $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
-// return $RPPPIDSeed;
-// }
-//
-//
-// /*CASE 3
-// * -Has empty or NO Organization value
-// * -And has an empty or no Common Name (CN)
-// * -Or does not chain to a trusted root CA
-// */
-// function calculate_RP_PPID_Seed_3 ($rp_cert) {
-// $pubKey = base64_decode(takePublicKey($rp_cert));
-// $RPPPIDSeed = hash('sha256',$pubKey );
-// return $RPPPIDSeed;
-// }
-//
-//
-// /*CASE 4
-// * -Has empty or NO Organization value
-// * -And has a non-empty Common Name (CN) value
-// * -And chains to a trusted root CA
-// */
-// function calculate_RP_PPID_Seed_4 ($rp_cert) {
-// $check_cert = openssl_x509_read(file_get_contents($rp_cert));
-// $array = openssl_x509_parse($check_cert);
-// openssl_x509_free($check_cert);
-// $CnIdString = '|CN="'.$array['subject']['CN'].'"|';
-// print $CnIdString;
-// $CnIdBytes = iconv("ISO-8859-1", "UTF-16LE", $CnIdString);
-// $RPPPIDSeed = hash('sha256', $CnIdBytes, TRUE);
-// return $RPPPIDSeed;
-// }
-//
-//
-// function calculate_PPID($cardid, $rp_cert) {
-// $CardIdBytes = iconv("ISO-8859-1", "UTF-16LE", $cardid);
-// $CanonicalCardId = hash('sha256', $CardIdBytes,TRUE);
-// $RPPPIDSeed = calculate_RP_PPID_Seed_2_2007($rp_cert);
-// print "<br> rp seed ".base64_encode($RPPPIDSeed)."<br>";
-// print "<br> canonical cardid ".base64_encode($CanonicalCardId)."<br>";
-// $PPID = hash('sha256', $RPPPIDSeed.$CanonicalCardId,TRUE);
-// return $PPID;
-// }
-//
-//
-// function get_OrgIdString($cert){
-// }
-//
-// //PPID: nQIBQqEnme/4SytR1GMxMJUdzU7NdzyYnaHas8fzekc=
-//
-// //Cardid: urn:uuid:bbe3ecf5-900b-d249-b9a7-e7c261fdf189, ... VRL-QVCK-GHF
-// //PPID: +8mxdRW+9Trqxd3CwQZUKGlYZBjdgmHpgA7/PsQM5yA=
-// print base64_encode(calculate_PPID('urn:uuid:bbe3ecf5-900b-d249-b9a7-e7c261fdf189', $certificates));
-//
-// // print base64_encode(pack('H*','0939625DA3A93E44F52D72AE4246EE54DE265D84'));
-//
diff --git a/modules/InfoCard/www/resources/demoimage.png b/modules/InfoCard/www/resources/demoimage.png
deleted file mode 100644
index 88efaef30bb677603bf5712d9fe9300cabf1e2d2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 15871
zcmV<bJpjUqP)<h;3K|Lk000e1NJLTq0077U005Q<0{{R3tO7SH00001b5ch_0Itp)
z=>Px%{ZLF)MGyi59|Hj=1P3+-2tNk~O9u)^3I|mP3ttEeX9o#$1_*5q5Qzv1oC*kn
z5)qXR4yX$cjuRE25DUiz4zLakz6=kf78PbFDuy5;tri;55fP;w9=sVFw;mzS862Z3
zEYlw-o-i}WB`4q@6SXWYuP`#)C?%jdJlHHQnm$3xGdGSzM~O&FfK5=pKtu00A>}$R
zTVG;WU}vjLP`OD>mQ+`uQdMPSV&p?QVP<GvXK(F9FO*teWNdS1Y;J38Y2i*sqhDia
zZ+DzyXpLxa+ErI=b$fJnbJbm6?pj1~d4bGfWu0$#u557iUNd-of5vERsBv?BetYC)
zSgLh=rFw#Oh=+lNhjxjT-*R+(kdMKAf{2Zew1R@Nf{5LBce;XydXt>3hmPHSb%vFU
zosXD>n3s^1nB9Vc<Ars@jhD2Nnv0&D!;p}doS%uHsKSw#+l!CjjdziwnB9+xz?YiW
zk&>IFjkBAjo1?3}o1(0ss-UH(m8h_msi@_bbeX5OsHueBnw#OBd7P}jrmDG{udbV~
zyWXFcsI9M^u(hJDyr!<U$)%~~qja^axVo#d!Kt&}qNBR9f5fY=r?sfrsg%jAs@tch
ztF*kSw8Emd!lAjn*sG|hxW2Krxv06gw6(vuwYsmkz~im1v%AB$yuawRcCo*|vcAjW
zw}!63#>u(AtijBy!PDTivBAHq)4HhOwYb2)xwyc{(!Yq+xxU1`$=Jbq-MhQK!qKnB
z*tE#h(8Zy?#?HXT$+*bR(89;N$JX%1cjU##)ymPv&ey=u*WAg=$<5ru&)vq*%e~Rv
z`pR?8&DYA$(eKfF*wVJd*yYsJ-`&#L@zjsY*X7RF-{aEL`qgvD+27RH+R54M!`to5
z-0;!e>&xHl?%bx;-sb1p+tA?W-QDQs+v3#V?%>|y+u`Kt;lbA8@Y>?*=i%Sj<nz+z
z^5*5!;pX4k=Jns`@ag93<LK++>+|pI>gDeD@9pvE@cHZT^Xl{a?)3KZ_xeIXk?8;c
z00Cl4M??UK1szBL000SaNLh0L01FcU01FcV0GgZ_00007bV*G`2iXM+2O|f=h8uAJ
z00295MObu0Z*6U5Zgc=uK}ao9Wn@WGNmC$6Zf0*|VRB?3No`?gWeQ?>Iv`VFZFOaA
zAWe1gZ+aj|X=Gt+XK&Oo)LZ}nAOJ~3K~#9!y?uLJljqrgt3?4RfeEh4p)IY}L+9M8
z&bGGGxla44Q(Kj(3@dvpY*=hNbb#nO=BovvD&zMSP>D2zN`qyisTAkJp%9Qc*b598
zr=;N&mKfghge(&9^SiG5@H|hVUH8xLcL6y(c@pmLbDgjIy6-&jT}sapdV$ankY4=J
zkAAdm+qVDM_Wzjv<39AGuOuAV3qK&Ee2x<Z@PHeT=QxfRe?Z>H{@4Fs82=IsxyWun
zzAFMbbLLEDetv#lz8a`RTcXtg>5)1qnZA;&qb4i4r8H_aS*_MlktX10bOJ~^G>R|t
zx5FpHr;}Tx4j^`i)Pz4kx0<Be+8eb<C4?^IUx0Dv!}w2gAZGxFD!)Xn)&hw*7!r@M
z1DVKxt)o^(qvRNUND)ks@!v~`<o?%$B4H?6JG$Za7Jb+RH?0T^fgs&LBv%1RKB3cR
zPIDlcnFV=yDiy^c2cmD10U?7mS-*xR1SC%Yc!azlu+#1VVlZ`d7&`t1H8shQ5F88$
zvV;T4%LgDRSquk5(gZ*{I1<kh3m*3r#l(a_2kwrA9fV)2AiaTpF2w-^Hyv<8*zk2g
zkgihE5`km_M*xXREfXyUq_c@gtqh6ah64vB@MAbe;a+KSxd;wHWQx@th)D#($P-8_
z{i9lP3t@1MP?lVfaReAbM9TvR=m^Jg4<DGIu%WT1_r-xo5Q`{Xa`B@2Mnp>nq(dfV
zt!^x-Wk4truI!v6XEO5gY__p6o6R;pJ}!_Sa*ucTNDv$j_(gKU54oRoI-Qev<8V63
zL!c>2)6?YU?%liO=I->}X?ko5Pl9vlN8v{zuJLjDe{AD69D>a<GGYOOTk>G!9x_rg
z^!NAm$$;R4ynG9O1o<3>LnLw$B_L$fY~U2kBzfYToN~eM6pneC!jO>+iPIq?!9lJW
z+`vB`BNr2f4#T%uD2?2Y2n?eEk+_K#0fKKPG|n!MghWI^I3c2-KoAxg9^(jsaSxEY
za14J55*ZZ25pvzgg`@xo5ZhPdpe*SJG3+;bD0^lee1Z)>jKUdr!{ZPnAd`|HaWD=i
z6&PU1G#M{IxqA<hmw;(<o(K*K0&j2tF!Hf69K1!O5%P=!U@%4i1(7YI!Oi>vNAfHL
z#0b?llWBwiB65p@B{2QKF*`hfaNbN#x?rHwgznylsBq!Aa(+0N7=u^?3a%8$6ba1;
z|DjNbT;UA>>AxS4v5~gs3P#P%Z6>RQ@<jqdgu;y_Q<MB5-cxqm9|uu=c-<w6mO!D9
ztA(OPc_FcYK@g!Zq2ju3MA7O;&n^R!pFakdqxtPUn<(vj?agx)h{Z-#QIHue&;}=w
zCnp`fQ{>1biqGAzL_%!9q&rK9R3Q)|5bi1=;-XJD62cY+$6)l}NIojNN&E8Ruz4XN
z^X7+zhA&>TDd}82AVDiEw=)i>WO<!(O+o%pJ-;syDs#*LJ4MlAYHnlK-2;e4MC7UN
z)N=J3+{|z0nfyHXl(xb(A+u)AoaN=^?c*OfKX}pRq?$IXAjjb(JehR2Ty$*IYPpDT
z-Tjw9$dzC~#$`ZcTJ5Ido(T9I(Gmc1nnk~vB#eg-YC5|(aK?i(y?uRseZ0M9`_2nr
z8DEM>9PUI!iV4)DI4BAY{P^V5S8)W@-8ChN7ITKgNXmz8ym$Q4%SLXy5C|&!>C-aN
zI+G8lwjEpSKVz0(KyYwyP=LbMYqlbIWqeH=2LhqR(9jTsBUHMi;n?Bu5V6b-JJKDO
z8<IPW7)z$mK+yPLT=eN+bS?K4Ava`3=_$8f{rMLpWzS?fa`V{Yz=wPl-(2?e(+d{{
z2l;t<DZ*E#)C>_IfTFFY6sV?s$j%~_p&>I+dkr~iw%g4;_3*f{e%O9Tf^x^))mT$g
z)7S+^UC5J3(U*u31TtjoUm+1;7>(j%<VU~Z0xF4=k3g(NI1&g9S+*fMI(o~hg~19h
z?||@~Ic>yD4mF?K|I*9r*1WVSrL>-46U>b{Ia%l4-1G99HS0FR(fZQ2UWLam?a69v
zzjKGdxZRkBC%nA*XilTq?waCGQ4%hyBBCQViozqm{zlR6%G`T@zudEb2mE?I##)wU
z0OF+xT@?dY_*}})XXg5O`2{bJ2bKudw)1<|EDj3^37H?hXj6P?4~WuG;*XzSvG|$A
z5pWo++}8MgFOxGu!&hw2>9Qk|JO3QWeR)L$zAbdox_xle#SHMI<P*8FGloz#9uY^(
zAsC1!hoOs}1UO=l>qsVv;(@nq1W4H0l=`8ew))bT<w3r)10s+m*0yu&B0~J<%<=J=
z6F4t;&1*UBLqbp7;*h{VMWFv2A8#MOfUso|^8@G5$BQ;+brB$4d)9=(K_FiR98GC7
zyLbr9qG%E>S}@9z0udu0yqkg(YfE40r>7t)$^0Tm2oMVe61pL!87$RMTj|blg_mN%
z>Xdp@+xc}c9zR7uK!C!}*Dq-CzVkgp_4^~{%zVhpAC7`$@b>rj$1@&=$36jzwq6^!
zbN5dB{>344=J-8~Z}R~wxH+ZX?s746N05k)L<~m6DBTSV39rDB)8NF&qedg~BQ$6K
z4&?}36%Hf|4V7SRKfipwmw)h*n3}f2bzyVnD1w6?ee}`L-~fNW;H5F8JvH0IydIqC
z7c~FTN5g{rX3hYE7aR&F1o^{*<wqLt+!;t)5#sG15FD})-{$KxFMNAe`yH@aEMAu4
zUlO25Ou-PHV-cBz>@cu6tDlG&YP&2%Aq;`UN&?c1K!l;vt)V_XK?|cxYxYG1dMg4R
zd3x=J4QrRpSNJLxJd;vivp>vhhELGr%hqpQyD-4}!3TYV9$B`213dQe3W)e=<?!vs
zm&4}x1_UfwwROkV)u91Cz5$DWdd-Zk#wmrsBuep+E)@QLs`K2`!obl;8HkGa(@0D7
z?5E{G#>XX&ps#RP>tBoT@eX=&=lOH%LT32{eDmp@F)1nWyS_Eg*EeWsbZIGYWR@am
z+14XDDO)1^X3kUuEZcD;=g5|DKd{^Dvjzqd7yElZ9K3An8(EcEN7jccy!{re&T6+$
zx+qUX?=CRu8k2>F{ciSY1i8UNUJ~_^5Z=&-4iRuL9YGv<5VyIB7W@YQGRHgM$sH-t
zkNM8@p7YIb?TUZ>_1Aa(@DU#v=!UGE>n_1%#|WQqx|avvS@n^0;xh>;2{PykNvf
z8XI2?^Y#mVeEpk^1H%K2Su2Blec%FszSD?nl4Xc2P8lDw@o3A_(y~xj)D0SC^#Wrs
zL*!QLI|PSnT+R{d0(%fh(32bDH;2uBaF+kPu%(1T{AbPdTky=0960P9^!Sb(vwf&^
zQ;3&O@KZakneUjdZ2};3SHIEt{+bXk;Mh+q2f#nt8)G8;yaK}E6c+?CQ(~gXN&_~k
zCNv+By9;h>IgWlRWBtZH{OuEU<U7w2(Ne+3wViVVVy)jC=ItBw=#Kc!ArC$9z${-s
zMIh3gSu<w%1}}+DftP)Po{GL^cGzn+&G+&Rek!`r?y@&-LL0IAjcZve;NwD8GfQmF
zS*jqMY@Z;J<0P|Mg1~tKfePx$h*560I73j?scQ80i3AUc^`$@<M?8TDCQuFVh|6{Y
zkeLrWFk_at4<T=_S+o7-G9WPc8oN`d0WqUMrtgSAjx6%`dN^cj)&K&TwwDqhYg5`M
zc(%_)i<Tb7iI!NT^ojXG3XJFl;Ye>^FGJA}w}c@C$agdE55(HMFT&qTF?V%z(&qWI
z9+=^c?f~gwh2r6$1<%Cfh(IPM>M4*nJ%E7LhpwkU?%H#f!>2C*Aa)n^BMzCevv8h8
zDWVe*@fZwTIShTheH=?4<;ZC!T8Kjp*M<TK+mO;`1vk=+4DksHTN{6FdxZClS-ydf
zKDuz>!bg!FU$}g0iUh>PfGlwblC=huC3y7_Dq6$9pxFU{tDQvr4v#F6g!499(31H>
z${zz!b@B)LA(O4XJ}hAq^Gihwfe?<&QiMW?(q`(ZIkqWm&Md{;r*@t%jbG&VkhkAA
z!Hw+Pxn;xJZ++`qYr)Qf`6WOaLA34z<juy?mqLAfgP#29wcB?<vT9xerxF~tHOK67
z-cu10WO<@RG+VMjtDnVMAX!E?B&ScGJ}K#lN~MBN90DK@`OW)Q%sGe|H!lVpzCod@
z;!Eq#Ee-JTe)v%^zbQ#cF{__kxOC~Jlo|=heL3=GW8=O>3dm`mInp?A+l)?iwqn5&
zFux9(>q=l)t&u0ZOi3h>GLm4ipOBHNhMXfO-#P9M1UTY9bGG8q<ttaNcno4IaDu^0
zcAl?qtJxQ>m<?g!YH%abfG{NViLF^RHUApO8;t|+uM73{f$VHwPR^0divz)_gsneP
zKSb*=PB$Q;j>v;|$^+^I`}_N7u;ngUz>$+DPrf4;EdnHP#?0A%ijWWpX=iysl(b|6
zBvz*8b1TCYKJXO0NJLnmzasp}9Xa&?WDd1dsO(^=WkA4>9O)Wvd}9$rSc;%<@-}b(
zpzvj{T_ci3bAGq7DaGO*0aFZc*GIz>K+@Om&Jq-@)2AhlsEKH;34CbA%!g)q0eSl=
zg2R_=ID)C}P)+>G@Ol2e{@_LYF?tMtCi+@C#9DLwxz*YeI>&D=2oV7iHU~X>*PY>O
z`xb>l*c<3a-WD`>$qtB6u!c=x$igi_%y=zsX~+mI@{&lGgo(y}=0HTzI>U7&lXGO~
z+=?(iUteE8KR<;cAb9S=)jN)qwxKGvl>(9=1$hz16S8_oRy~CAkIfHQ@YI_%6O*p`
zJ&WcAEO_S4dH~YCDSTeQ6RY3sg7EkKt&4*L@NE$62Zt`%dZga$6w59$br)+X_%kBq
zw4ygB!Ueazz>+?>aOF!@E0gMo;20|X@wdb0A}t6H3w?a`hUlys7C!=#^-nIC8x#~2
zydd<^RXYKPwI}Y|PdxF&Ge_#}PFMSWe7qf;`1GBDJ@EM3+rfPRlB}OD4_^?>-nJtP
z6DwK|a(Ean7H?TZpUCrD5+WLzuJ`r3X*v<DGbc|<o?WE^K{eH<>|DF*>8GDwwQAM+
z4O^qLFgfRyhnk$|4bLnGN3v`^m|lEgs5EBB+V#;n;Hh2aYcV_4Z;ie-?3%{MTi0)W
zqZ0k#oq@(9JJ!S7mP4@r=Cv;K9oICUA#u7v5rJUbXq4*JOyB#B+-i9O@$e%myee%q
zIVneu#K#|rKa!GlzNX%66~s$6)Ki)hA053jI{HXXO%GNdtnJsbj$~b{hXiBNP9L{p
z&F9X*wXCd5mDHc#x!qNn_2y4sd+m)Q*BXbh_(1Y1r&F3T62u62+@roV!tF10hY)Xp
zs=FJlzLNms9XSyAESq(xr=C%J+YnZLWW2{0N#Uoyjqz#7++N?_KIE93ns(WThr0%b
z?N|kxzB4=k#Of$_?%W>eY6PO?AQ#qA#7QfsgHOGP#nUl)1=vW6J}ii&?C`+RcM|=`
zJF=ir7?)4)39L}+luwdbu|PL8L`#oOTALH>fMaTU8qz+j!O@x`smDnrMtEYk-?`&*
z(diRfpp(s6@pM-nZh6eIvD&+_4;TV@h=<i;Kr$&u#tDaIlT%K2AUxz2&maoxoSYKp
z625Xeffs)7vgtQB?I5xxuL6(Bs_-;Lr#6_*86tW55d!2{DU6rbc!>bJ|3l9ju#=Xv
zrx=c}Mj@|ZPr2mvIWa)t6D1_!9g`K{X-dLM4h9nU_V>!=3ss!~p<z75AxJpnzW07`
z*nAI}zD3Qr`!zu5G|#kaa*BzTR7DX3N9If<BP=Fapy>Su;zLlbWJVY{a`Lo1u_D(+
zHby#oKocN0#>kk)rbGyguVV?$B2JMqqif13{~&q=g>kp35?((wilz%ZiIIp^Z=c*J
zVmfltP1ywxsiD&ZRG^*r!k}RWP9sq5_*&T_^9p1V(diI|D2e}6kh^y=2B!QNVR4D4
zE9~uU0yr3HNjjoZtKCK_pNsOG7I))^Ohu-?9>+AeOPA9%WClBa?%X+M$pvY4mrlV+
zmdhwkMZ=JL<w$y)YOhyZzh2u*Bui3umHK{@IkafQ+?JL8M?sJ#;NXdKn&FuKIxWHW
z2jGXp-c$4Do^>nMtXQ#b)4p>x?QGUU3gvC%vP#_uEscUyfn3SFdhhw4?b)>H7iViB
zKyeFE)Nax*o8+X5DRfp<>8*ln0uEjkI`u6*E~3U?FIa5K%3-cQx^6{8h$1jhK`Zn%
zbWTjh5I(^xmP%QmWt92D+Fv{$5wU1<QsFzukux%m2=0@eysLp3U~6+#i%xHqu?%pu
zROxk9qyHWXgbOTjnM*e<#+(f^h1po4Umjmd<V&XPVw@tHECWO)Sm~7*Qv2HCz`)>@
zyUxA?I7mM7ERVJ1c9*AcVzk|<?G!rYNI<T7s(OT;;vNad*J?ZBcr_w$jyEI&Kz_d7
zkUuWnm(w#O*0wN?m+6R+cb$N0%TvSN>#s%3@d<i#3j(3}hzAgd*jwV1Ck-ZDry%G7
zjl{H`s+NgK0OOkaH{}X+9dLv_GRyDb;JNd|!b0Z;DSRRQT@;NouA~5Lv5K(?Eu4%P
zdFNAaFIMJy!Bi0{+!^ZQO@N?iagM0ml$}E1tuly3u$pu_tHWAVg)A|fCy;Y3Ril#=
za5FI>Q}nOs6ks;XUiE6kBi?>N!H+LnwSN7EwNHfy`S~is$)p&TgGM^rnswN8(bmz?
zbhD|W10Xcryjfd&9jK`TQPf^9{ICBy3$!(i0!fB^<cug<DmNewr`W+nbY!%ps!Chj
z0s_`D=rGsiW|wtMI44?q9Il??;;Jf8c#dTHt7q8(imN9MCn<wNmaLCHl9iQ}621P(
z;DCVOMO)9eS#1ELx%9~P&D*!fpR1@ie?IAa#m$bUit|ZH$C9?c{OYlarrwU)v%lEB
zZr###n|HmwYToSG0SE-GFBdJ9%#RS8B=uu~`R%DvDpkrnt;r#bjt*BIjf;y*YaBL@
zI;JPcE6QRpT{KFe9cTAbbD&9k>6#GWN64}rN3PYk_q5lS=ImM;5f-s{^Z90z#ngO$
z&zeOMVWHuRmhRm3<L94${<X8sg+G3N#iC`47eBUU*V&s**HhN5AoG}^5s!b<f2J1!
zf*$d>2*llwpq^u)8N)lrD2^7Wpk=}}F;JG9n3nc#VlFUcYO+U7UQuaBUA#|@G^5BR
zj77!RD$o=6SfF=6@G?mF&2|Cj=j%)3cW&9T6WbC@%}3Wogn%KK6Q~Fc`zDNc(fXvb
zXP*xXRQLx5hK6rQx_*7%y0AcRZy%pI{(*kpGap1C#|V&j?#B_Q7%>tOS||<#GEi5P
zm>8G%Rw7Vt<?V?U6{D(&Y2NTR%{4`mG1_M{Wv_oV%-cVBA(plT!g#^jR&y;U>pY~?
zrsiL)3G?^%@%IDr_nYHA%YW`OF=vmh2%I@{rk7t(_}Zki@xaj8{)%q|d_w^^9(Z6D
z6D`rRtK>T3ly&zZLpqC<Dm9E11gI-JE-o=QH#;pm``yI2xa=--6$4V(Ng^(62Vkul
z>_&PvHDxbd7cxr`{B(4wS(ZT$wE>w%n$JHEqXat;8X6oN;6LlZ2YrH<>^k;(xbK4x
z%=8Od5V0XC32=BTf`dYEB2)3u0}njJfrzmd_LuU&koWenNhMPi;YXgjs%N4yZhzvt
z<&|ZXmx?aEo47x&+-}mTDG;s6H7y1!(;^P~V2T7MPBYGzJRG_TYmII>G-*tFHEfQT
zA~@u!WlyhO5*Fk?g9Gu$`PPu9*6vE$9`VR*MerlbR&4-#7pj=`prj*A*;O(iv};rh
z7_E9bQnhZ>;q1yinwWU0va+$VtmxgNN3*+Ju2Fa$-k(>f8+A>|0q|IIie@43)M0)T
z%kd%Wv)To>Qan1qw(|heFZj`A8=~XmW41gQ;60NAnF&^Q*@l>;*O!KX#d~DgmiS}G
zl6I|{%a#2kn|h-_iq)*n<m8DTp^27aile2+Y<Ic9^yb#}wA9!4+%79>yzO$?%{_W8
zGAvKsGD_MrXpboyKF2|R96bQUE8xkkIih6oT-|1E-UE(0AY|Fj6l~u+_QMFpEG}9z
z{eqWmh(CMwwFrOjhvzTbk_18T^|P-ppYJ7_UoqA~j_@u&jG{=w1V65xDmBGnt}H4a
zm>8%m@3IS{EuEvTfy&AOxG691Y9Xf-gXr-_S&HWFv`jxBZ6O@-3JBSe<Hiw;7HtOY
zOChs-gP+=vQgPE@XsbB3G5|}-yUxA-nEx!r{M9iP*9$j=&G8L-d~N*oCUA_kXV(Y&
z`UG*&Vh#~;6f;LCDLN|2M2{BLT-Q@sR9941Sq_%UWa@0`G+AA@>p;ZH;b@Oe3s8!C
zCS0_2nL@ccHO0~`E@=*P)?zw|*dxdj-El#%br!A(@$w5@76UjSJn5*|73xcYg!_9b
z=C4h<ezWkU`2h9lEoX1`l345Yu)zBR;r+Z)+a<U#M~fQNd~{+IhFqRoH(+;7v@};$
z>GYkBY5PE9S!G>$`7p4kSouMVV@f1mGLh9zrl%&&rR(O;_6vT7D!WsZEvwbqc6JS@
zNYJYI3ImoM47!-`IU<mU!!{({Y$_x?dwSQ|CIY1P^#}&!B$nd|5Tfg9T9IWqT*#1V
z<VZ_#i}}v&y0Y@RvZCAAvLFbfJtkoS%Lw+evbwTMbpwEoO4bx@#FnZmav7VPsM#J0
ziV(3=lr60KwP9%0d~S^bII@-iu>g?QIgrOBAjpv=9LV*U2!94d3>uZByWg#e*M(IZ
z%;x~fs2wnr*L9UuPGAAr1;+%E;7+;fis}X`%gP%6Ine@cpEZq3Ewj^N6^Ohr(Vp~#
z0$8$AbR@!1bM8@~?9yXPak_CyOhpG)f;tK}&-eBKa(#QKk59ltCR$C`x3cILft)-o
zQ}#)zla~t!{7m!!j%;8D>IZ-WX>&}B;t~WL?{IlhV_g@#XrJJ!J|&8il%!0NMp=?n
z1^as|!dJ$WwqpijZ7bamq11}!H=R$~jBPJZZaLQsI?{3T*ive><Un2v4+KZEIv#>Y
zkgQ`%LmndL7sGh&5LFb2OU4e~8V&;<$ORl_b#=oy8dpzC&nWz~z`%j*U8pB@ml|CY
z4oRk_r2s|d6<rXcytydA$6GOXc}z}eeSLjR%BIIc0u>Pbrksme1hN(URLr^N=9|~g
zZVvNdeuM$Jj^O6c_6Z34AvM3-!+d6le&n6wlCo<>OEu|Y#%GE~dv&>WMMY&@E<EJy
z(W=!tT~)DC+e4biUAHSMFV&UTxnyd7mqjZqc)!cK`_XQdZV#UaNP@zbZ{PRYzD+A2
z2K4#Hg2#8}fNX{Og4iwJ`ueeB(JzJh&V0}l$l0yoeqR0o5$j`Ke|^_VIO72?&k#ka
zb`z~B?$GEJ?aD3Btt`7u_%T|6@re4$6|}cb9QDMt^4zjZjZW6`OQQH`G2#`SJgsNh
z+j9VkFXZYFh)0CZ51ixWqnP{T+UU~y(tV2nqF+Gx(xpoun;$r9#th~V1HHb1qSf1b
zJ!xsEznAa4;0SWYLo*)q3UUXcRH}=M)zt7}WtNR+irJexb!DI=E_^%z&QHlBUL7er
zxY{eTFV)?i<Z8v(!t+8JXicNuVdQ46PuadGNa5o(o3w&>VYc|>>S#zun$N8dpGTr!
zY<KbV_3`qXi$E3yf;bT%O=ovL7V78YLt0`WNcQpa4O+;o78Nb<cto^ZlT%WV!POP+
z|5=xfy$jQKAtA(Y9>e;A%PN(Ag4A+vUn;})KG8;SDAO!IaiOO1TA#TlWorbPjRYiQ
zUh%2*h{I~CPujjHcpgqS2F?o#m>o1PV8N1@bH|<!n-`3t)!Wx`{n*x}a|75sW{`Kl
zH@-1<A$5o+DMwVrL`S3mNeaVhwp~{=KoE^$BwSFOllA@wpD0nd&?roOSyoBfui*)^
z+AeOoL^g><OJS%cXV)`NE|?pP(~)z-o?5jd{#^Z#1;WOPq^--t@%Y>YAxoA$vEYd(
zRzrmK<8Lo`VktTgf@Igq2s$Ad_SDnia0-@#q-s3IjK#%M%zD!CPe}#{wPb)u5jb$A
z@{>P6YW40PfH%q(0fy-MvaHO-7V}Kf7E+=v%&UlfzO42t47Hc0u-V8ZPp{t@f4-*8
zgr%&Jwu<vH8&<>d$Kfz`ifq_*zM>+2%i6VD;ww6O4ZR&r*U!dm`4+zO=~WxHz!__|
zBwfeepwry57b6fc;-0?CS4p`88P$Tv`Q%R@{cO+vw?F!QA!N8FT*YHADo4=~FZ(2h
z1TJhXlYr1J8Yi1qtuM{O*~p#IF)8P3>P;g!xie-NF*R45kB`~8b0-`=doC$H<$T4>
zn-xj%@ktdoJ9>@%#@>#b6~~fdc5T_UD;~07@=7h43#HL7sz`A$4^&;uXvxfHR}tDQ
zXA6wI@DCro_p|-`fBxQ|J^{UNnE(r62Y(2H<&sAR43vw`7{W7$Y&jCfCH1sBy}oV8
zDv)I`I1M_|)>dCpQCeD2(F}nL+;$i`n(+Q+2kjQX;?VVqvuDp%0K}W5M%0Ti&Tt@v
zBX^m8xEP{o9yU$g?)vBS<djfVSg0!f@87<S^z*mh2Ow3DZB0%L47etzCht##Eu<1I
zPOQ^bvmrhmNqWvmxz}c~Scgn)ZJnJ411->zJFISznK$gl>;(a9y4gf(T=2M;%pr1)
z5Xq`yCZ9?6G+ll}?6Au|;F@+#nu@`5zMr`N?GHcv@VEQ-XMdn7Ebajyj)7s)Hah8!
zMwXt*+BJAJpD(}^>%C)qMVFN>d>gyZsuwo-MoBi$?#7WSd3c9%#bAI#cQqCbOk))y
zub^yD$;AKw8YoFbK~yk%KLfHSu~b#4Y7r)#6XhUUEM#_DJm$8_&*79-P`U%LiCD&E
ztN1Lk1wB&RDOTnC$UGwUa*)z|z6VE&r>EuVDMy5IK2eld=YrHkrMyycbPop-_rAI?
zugdCh4y2_Gi*h6fBGr*)i;)~|IL4WRjPnJMj5oBq+~Uz^YNTz<WL{UCDiM1cIY*@0
z#}v;`(JR1Zwr9tcPfQ9`d6%zz^6t;ye*4$&y+@P;EO4>O>Fhdsw2@82@fECYvs_MA
z2;dD(A~OV<=h6i|;<`thZ2HY+v54zN4748`+aGYcqz{$9ua}Az<47?<!s2$$n7h=1
z;dQpxm3ILUT^=}*kKX(6w?E(iv!B2B;YWWcR)SA-ILr_jJ0`gxv9-Gn*}S7uK7mVC
z%#M#UU7`I=WbEV8><FK37n}aYwx<!^ghm_cxQ_6|su--VR!l;s#K4=HPS>z`;<nvs
z)vB(jKl$jx&(Zv%c>SUHvP#|J5X__I_8~SaFHHeEJtnnz&k36=WP&BN35;_Q<7jLa
zk9BaYdD*}k<PAnTJDM+3cHjs^zphDMJ)n^m@y}R*D6bqSYjl{jDrF%6`H=V#0P-gc
zyjq0zOI?jc?R+lS;c$9l;6}<pyUQ3B2?m>OW1YV?35xqNSIUikvO<BdL~7ySKxokD
zatmKs5`ntjbu_#3Xs+2*s8XuIjlB2kw||X#@>`5j)Ow-rt@853%6o?{U&JaEu=v7U
zzGRx~#XXP4-Iig9Ymp2F3dX?t&wBevYdjY%bnR2qvJ97LI|(-$6BD!J(%L)KD%F+J
zxAy<+?f1ZH{p@FPS%s<sRr6?hVs>_7`Oy6uBm{?~+vDOIX0lvf5M;~c`QkU(f^A?3
zR#$B9D|$$GW<OayLK?Whdi9c)^3!t9PCAe#xt{RQX?oIJSy@+EXGS2(ilbCNe!YKx
zT#g!m)K4@*s$1DOA@AXJjMKHm%u7h)WefiWCSM#1y<vL+(8q(_4b?ymtwwp@7U710
zt&%a|e6_(SF5hzl;-V`%U8M7cn5;?ru-!gjx0^c)3zdb1S#cc5(GLm$S-p7}LX-)!
zS%yR44ex?<k!_Mvk4yX+7X%Tfh(`GG%P;?2RgiHUsNm|YR%uyo>#ZBDh7qFg{nR-E
zEV5cb;)uGK1b8$YcTu}b-St5Ea98<oU3rgIsVr3IB!YhY7UM0DtUQ%ccdZgQ2ET&X
zhe43=4p_c0-fgwN2t=;@gWav&*e3Sn|Ni42U;OF!zdU&0CqMbgfy1Y--ZGNrGh^$G
ztEW$2xN!@flR%89JY5DZi+&-oV$0DO95H~cOsp$9T343V*jZIvsQQ3MzaM=9A*5Dc
zpPkm2o!yw0W~R*xT=r!aiLZ@z*9VC&0zuJmwctWQb+`4)e|+(`zy0mAPk;BTy+1)Z
zaQwoJR*<cR8y8L=K5*dh@zWQoyGbuFSvV$Jn#4ntDY9h)kNsR+N9?(Ax!G~qX>sKO
zPBDNdA%5f|G`>|Pq5WuLZsJ?;+s<sPAm1>;CK3;EZSox$nA)R0XigtK45QTi`5%A#
z{4YSCfA;CG{&P2ha`?gxV|R7I@xuoQu)`UeZm?Ozy<-!BxO|VMy2Zt;ZIb@EIH<{q
z%G}Dz-1745Yl6dC1wqO0{~Hpk#6Nt3sjlEKm*-X%U8>B@ZFf4Dn`29+m?R+p3lF1g
zqKpY_s}DSXu;HRO%HMxVa3GXVe<LDk=&sH<aDZ~?aKVjRWYJq6>7A7W!72(k#HmS{
zX7EP0NxRuTj0<u{hld<O3ufx2?;d?4=L0n|1l&6Kb+dVRXn1(S!7Y(2d}4nV+qi67
z3;-jDXQEs+Ts+K1`ODvY_7_f{fA*XI{0T);P+eV+f#(1}K>fj|la)yj0E3QP$QPBJ
zRO96t1*9Kr1-(#LH&It-uWK}4tEWIz>JL8nK&dV)%+s2L;qoqXW&3b>yScJQkc-qf
z+nU5iB0p@3v)SYt&o@KCJL@0{4jHAy5W*9tCqFr?>F%!9WF({Nw~}T$Y@CI=USpqJ
zw8TmyV*?3%345Hw+1Xv$MP2Xa)}<8<33^i0Dx`HS1k#mO*?9C?-O+1}M=OPKrU|Sw
zk*~)a8xc1uaZ`9f3|2r(stZmZ&$#;MKmF}5GWzUyj3oy$s;!_W)d++3o6<$17zDeE
z7MZc47+gft`CcqtZ@pFYR$^J=(W1DtVWIN_WnLk}p(+MluZ&B}jmw7LOL4hFG6lDg
zW!+;u%0RY^Swz#t_QR384}enLF!;Y;AVWU?{IkyqWB&TtZ#YW|x-AytpwWP9EsZRa
zH;^SU;s!6Q_N(TzJ5w%k>m0~XyNa^Qvx~}#ir{wGVeRDe(KsDv5`?<!vhr-O1m%_4
zl|!;cAS~b;<2c0KW2gZTRi59`>7H={<nvE|_q$I&b7#p<G8#OCV07$c)f-<1&L?`D
zl8VqOF6LB@VM^xV;oAe~Dmt|sh#n=wObJggTWt~&#tR<w5l}W6x$o#R&ZDs}!T5rX
z|MHi=|MahfC7=Fkx2Pr3ULwd3a)WD02t&@e%~**hYf`ks!*#<0mFD3(^Kj$DK;0-H
z(Q}4$!vF4S9BQvKH`Wi;*IDc9E!;?vWgs?LGJ$F97*T)8dfCRsO=`q$*$H%qzx!22
zLDm0!@z=ln{qKJl4cCE!24020zFDdxq+c^X-@|Ir&Za2>fTdJZuDZ0ky0pg1w8m@M
zU6tAG;O{!=ynCL`<ZxKav)jwl8ZTXH2S1W~$t2*4Ncm;~QhtX5X0yn=qe#5rlLiD3
zp#0CDtGfq*H-O{sfBoIBxVkq;-Ls@NWT3sX1~<{dSWBE#m}2o377;JSWoO3~WrK5n
zt0*n*8Ud0==G8&69Oksd^0c_3qluMA6U*N^+AfgR<NIvGWMuM1c_I(j$HjnvhMK^X
zFGumnKfWM9K9zu2rEOjM#g=BW3x`-mQ4xnIuMv_ce%fU(Ps`0tD=JDW%1+D8O{){I
zl}@Y0{lrkR+H>*c@@#y$C_B4m#B%R;QbyT^AY(R}H*wqZio$Tn^56gc;;(-vvb9$<
z!15h;$m$r<oGpvBP_&ARnR<{og$5{7E{B<DI=dx}t%Av9YUwnY@V{Bxk>G_kxb5jN
zi936FZp}g)+%06oC@}_Rkub}>1_!MyVy2GupZ{P${!=bm;?7!R4F+*2a)+oSIwJCe
z<W}?{S^4Oc_hI8d?Xj}%R<;cY{0IVR&8K@Xjqt@qvO*z~EvD-N_y3F~gAg`?9}yV>
zBF1Ek7+~=E)vZiNC=6VCK^E^D#MRRzXD89GBw09TJL$PtP+EKgKm;BTa!DGKHe!->
zAJdWn-yXy=#_Sf$RA|%%%xKVL96p?!p+P9)EM@}(_E)Cu2aZF4Z^Ta>WWDmZu9EDO
zV33FLN&-Z(y_2$u8K*}n1UrqbCP;w9ddJw;ZA@m67N?6wSj@PHPlqV#0E^H83R~QR
zNWS<h0D*WHVBiHa-nwz4p_L0434o2p3zBH%;T)pYb4ozA<A*yCsTjq4#@JWxk>j>3
z9m6i>7kN;R%n&mTgp$ml5V=LK^2MM2PsY^-BVH?G_l<(%$4_6q0eL*@&BkhqThIvR
zS9@<c-Fd(AltWDYcs+1TzO|RUHDBDkPh1Agw1jCo0O_v2n0$c4pb4R7kZ}Y~82u8w
z3WYJ!dg}rWkxyR*1{o<s$d)^zXysvwsHOfx++<2zsqOTHBG3NDY+^Og!*RH6Z9>=A
zi%`VO5r7<*!ysDSE!&b%7#$rY0jIJ1>S>;|0NZY~wi*p|Z4Ajrr05q!3q84LswO?v
z++z(r-x7fB!eo(lBy(FW!M2XVs8zBBvZ5lWxm>bPNxBDR<s-U%f(=vM!v|z=j~9S|
z5l>=p&qtVNmrYyV2Zn=J3?$(iBis0mNZ!NZv4YSbI${Ek>`gIdldaq_Hr!xPsIFUO
zB}XyOlyXQ(0=wBhFR~CtNrB+x;aBK}q#uGqke52gNZi57&7%2|maovw4W!Ki$Z4#y
zOOXIqx(O7x%GHDJf-4d*?zkKY@hfzVqCqZND$+2(1<PZpn{0s{tEW3;I)VZF*cfvr
zHgQos*%5#iH>tAAw#2hg@I26mPeFTBP;di;YW&^;%s97L5)w4X;#33OUseQyl}3^t
zI^7ouvI?%iW4m#&NFv+la!lM#(IU?G8T#Gq7LS1W;4Sjx(E?n#)jepF7r>;<g<dAm
z_6!CE3qnS*Dl7wnAqoNFn)KK+72O}NMl+_cScq7xF_H_8jd3V^D<(P@LtVPKn})Ps
zp_o06Nn2#n{aDAi%#E`<zEl)%j136o0I;LM$aif8k^@OkO-M~`0jlck?8HCZBv%W6
z<X)@Q!x6YOL8_~xPxx{8FgUrx)}d2t)%p&^(NSBXF3~l0G?kR7)wLZ)_g%_HNM14`
zronJWEe5ie?r&>hLTj_|-5XhQNuXqaeI6m7!2B@X@s|Nfh)PJn3Apt1;$o$)Q<tvP
zRi!HNv0j~?uB?J12?<KQqf?unuGQ(4=~}%uGd(?B-D&Amr{?KxdUYm{7LXX5)Z~>W
zU1oA}p1MQ6;SBq8+u4&MqSntsixh+bER-SQOE$1!P$0DAqD*avTt_maBBNqc6O_u>
z$b^JcWv4PWwOARIke;5Z)}=>9CMa9fv9G+6suy&rQBg{rE+IBgp9g2Art2-b)K?PJ
z7JWKAOGwvat7|5CMXOGT+?J5n+Rs)CyKToNY0HR|+f&hGc5RHOlLVy5C!57;r5UI=
zpGCLDW<~6T*jN~Ll|J<q7-*HFDm7K#nGT~->N}OGQOaULoAAmj>3Tt*9viFF>r+#;
zHmx$f3fMEEPIx6&W$IL>tJMh!S{RBEcnGhkOA=zEGSy^8qn`(kvhY!qv_V29)1VcP
zS+P;xX0;Atej?bY(BX`a1r>5|u)7<M(<e+i-GM{_M^dX=;DSe`>Kr-%Vp66?rWV5p
zQxl3?gsOy%$Pv8~B}@*aGcO@BHXUFyAV3sI2>^*Lsm0QN9|^emrUCAoNrKPTXf*hT
zJ{=<AhVBsyo#d&8$41on!S03zFljauoO|)226aTX7cklJUIY@k?UhtzOI2!YLTqZ4
z2}DaLpv-822QYMPCyG`=dZ$jA5S3c2l|%~!2*w+$))LXmbQi6t*vyh!SbCz<$@gxG
ziN?C2>dKW<r!HT)eCkSrb+G#K<pz_b;mQd@r!E43@o_kM1p=_ahJq7^4jwvms(R2S
zOQ_vAk{TNoSzI;Rf|*H`-lPSY5;|3>D*bq8ae7{r9+Vx%rUr8b=0K;<LuF4#l?I(x
zsq&JwI#Jn2IzZVoGu8Uq%;e0H+FPVeflOuGcV|z~Ud^df$1iFMGA>sSb{8Bvr0KR+
zpV+;Z(4h=O(tQyIFIXEcAKVK#4j#JLZIkpJfT;5F@}HwYqY|z=q<yBAmLA-a987Pg
zU;?{p8aEL$3rNV$<(+!1Xnw)o>N?>7*l7GyqpiiEb=0aw^IKBeL?**~`wbp8SYnQ8
zuu7xp#`LOsuoZy}0+782k7r~Yhk;*gun-_s!r+xd2M=cy6kG(rvSrDHBYFAK)SH^;
zQBEG@3bHzfG!sa|5^5C1nu+JmoyL)-T6IZN2Q5C4330CNvg!~o5}B&6Xa+5o27uGb
zIdTvp_3G-2hxeYSHrXgg8cqQ(8oImT*D6`OF^ifYc~0zUBwePmq(i<>xgbXEbnWIC
z-BE_`C+@KYDb@#cnF*OXGWSYbczQ{<f>Bmdk&M@1^_7C^Tem>vTSbn5_`v5jWE?zH
z&`p3;O;n%2N(%T%V$8-kk`V%gix#hI(coPW9G?4>k4p_B)W#DBHb#B)i2DY&FwPF}
zOsTpK(w{&ZtK@s(89kshXii-O(li)F9XWKd6<&j<2QRi-2uDVNO&1&3Y=xW%jy$Ox
zq?Yd`z>s*5Gz%pv8_%d@X$by;<4gdjZjiSB=w~c3-V?G|Mhp#_%a_5d4vxT(<v<2C
zZb0?|M@Tq^!c8Lp_*1JSt3`|04u^XekB4lHOFetCVAtZlqcGbtPMeybZXz2g8ha@e
zQYjFND(;GpdDE4u7L#?PRn8HM1sPP(Jw|l|fWQ;Fo&1<hs%ZicZnfzAh(j>xJ52-z
zF;!YES}leHqeXH=uQyTg?9kPAkcgsFhwoPFnxy?XjU~yz5Zn)|k8iz%`%Ux{hhpTb
ziABW+6MV4+>{hoNNH@;Noj7;`OcVvueeob5X)p;SnW43E<d0gd$^&J8j&OvmdNXNL
z!F?b*^r{4;^ePU-1bzgMfHP6)NuOSaIyF;A6a-x(P@Z14BbGKfHnX<>o?T^VnUiig
z!;@bC)Nti;#+3$e-;$0TJf%Sga|o550RdR(SV-*46S*-81RMzkl1Dg#k(RO(tD<^k
zROH6UsC1o)PWA!B$Vdo~6JjGlhY3T#??+{JqG;*!qPA_^7L})C+b#i+j=We1z&d(8
zwwmap^Ouw<#(rLoHdYs0)>JigYc#h+j_f^j>J-2@46c2Q>WE<J)*RZq`(UaDk+66f
ztq%+xw1far5pA~?$6`E1MJqjOV-!SCw9;VGCPYRi<mq(k^jHX65QssAC+iSMhdvoj
zPS$tOZ*4#{waIWD2us|MaAm=ug(?s!8G`w(YH4X`kpm%~efPl(j7As`$Raf-4gyoI
zbX$mM(NdocfiRBH8LQ6p$c-Cg)mD<1YZEpmXnC`U9{7=<?HnH;0e}R^m_Gd#JegE^
zM%1wz6V$wr2~av9BHs8)LP>w`J^O!PS0y$l(b<iDnh{rn(YkU)b5TS6NGs#WiGv3-
z8b)kmBMgXTq#Ir2UQ`<~54Me?XsIZWJmiS73L^DaBGWrbTF!wW5|a|HcwQ%2_oz!v
z2hkccY01eDBw8qt*b>&)hULGeOb9XIEggOLAu{hrcte{K!TaCRTs#Fonp?(JxsF^p
zb?Ahq8~y<Y0%1HbW$(dL4T5YkQcaLN`y5}Il&*v*HWI{za6tqDgjXM)kau-LtOYuz
z&m<=UcNj-v)uh%>8}v#b290_pGP(9%7<?Z*ycf6kYrUZ%{&3LUYMDTiPBmCW(IWmF
z73D;=mCfhl@CXo@)k;l`O;;vtj8d6AfoL%o(Xonv$z%ZG)WON=v3SurkP;9P+%5_R
z2n>l$2Q5iZ-wz1erA6vV>}zd>0P02q#88AI1+60h1a3zlx&kp88EF+c0_Ljw@<E7V
zq^?2K5jEoo7U&@LgTyKwWJ@n_(PGtR4upKM22nAvN(ox9Tan3nbbloX#9-iC;?yR`
zCfDZ0g1R@|4~hH6QoX&c5cb|0Y;6F;WxPdn1c6+<HG)?kTp$-M0>d^oNDj*Srid4#
zKu|?eA!`SYpb%lSD{=(R=Rjx`00k4YKQ=QDPbTWlMGG6&`}<n+AoI@zOZG}~N#EB|
zZ(nQmmCKhknyVmNH(GCr904FBBNzoY7%d_Ylr08Cnu=sVo~0a7#%_BhDj_urbQD~P
zg8`wvCGZ%YjIrKmAOqx!;8pPC%qH*!RJ6cDkPTC7GtuXO27%=DeLdYm{m973xOnx(
zEtzN$APpA}p3sOuXw3o~{2`6WV&OA)<1*0#6-kf!(Tm$6BO|wc|NBvykU}L#eh(x=
z-vk+zIx}|L_rXBXFJDq?bxr72qClS`w{48gt8Hq^jDk0j?_kqtHMM7=wnawai{Iat
zkpIWpKT^VPZGtEGL%*$!AHI-ryrAItq2z+AaPaE!y?ZmN^#!qek6(rVR-LhT_X$l?
z^>K(zI;*QS5Fu4(9NZn7p{uQ~g;7G#RHAm{NM6FWA4MjlCMQR2``$JXe-TKNE)#O`
zNEnkAku<21A&G?;Js~qMlK@PHf1eo%K*^U&WhUp9p!3YkIFk&oB0M_akMZUP9r_KR
zKXQb%1qkHuiHvGEia??=ZZs9d?mn)857rkP+I^@%uK^&JJ2eH6G+qWAyHg8v@S;vv
zi{T#yl1G6k)1zM8mVjTzl^Xf%i&2@N$OuHQ2OLpRsp$zY;skYVlQu6lDnX@9*cO$E
z7Zo_M4OjwxoC4A$N5&=t%Gi7uVM#K=FS+r@kCEW^kDl}~!mBMvKb)L=5R%yA83h1j
zchvD}eMao=WMoj2CVBVX44vlq?%0CP0^n9`?B3nr?;*9O{1Aaqj-;nXZG0Anq}2jv
zzW2S2QK_lOnb`D9&{-I?HWQ;M7-MoQjx-hGkK~ftS{y1MK{k@R<b=p=k+D(R;2nS@
zAJA`%OgMAlV@?DTWe(mU)qY&7Nk5UAdg4%OdirIx?kc2&C|aqI>XPqt%Qys&G#Lj|
zfiLL*V)yQ-Sn?7ADe(l73IFqZzzDTA9pvGA-v=4rwh=}V#nnKY85_BcNIn=V2*cn~
z10z%kksDuxa1l?YYOxXD36GQW|M>A4_^1~Fu>|DfkFQFPYOh|s3eT^WXbLhI6=-U&
z!jl4EZ9xW6nOY)vSF7QvMqgcUJo(U})Z+yNA_!KAR^kcc2wci-+hQ}d+Ds7eNF0+y
zv6<@HT5Vo(EItMm08sEK8G$56c@hN3<h1;&AD>Q$q7Og**Hm(~wpv%M)7{XKFV)kK
zVQMucpi1}!j#o8TZ`4+6AQP(9X$pWeI$f=#A;1+GN1pu-p=V!w@kREKJmp8}ms{e~
z=kQxNU*wNoc<wvj^(6Ymm-vO9&+!BJotXIi1?h$yBoAI-UsC#lCy}oPy@!6}{*;{g
zBGR)I$g|JB$cY^P0SsRJe$IbEFZ?_79RGGt@q0cQqUT=t_vi=W_p#n@055VN{}*v#
VD*d3{H(me$002ovPDHLkV1n;PQa%6x
diff --git a/modules/InfoCard/www/resources/infocard_114x80.png b/modules/InfoCard/www/resources/infocard_114x80.png
deleted file mode 100644
index 6dba25fbd5b54d68bdf1be245e5c8807bfd06e69..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 3821
zcmV<J4ifQ+P)<h;3K|Lk000e1NJLTq0043T002-31^@s6#knCs0000PbVXQnQ*UN;
zcVTj606}DLVr3vnZDD6+Qe|Oed2z{QJOBU=k4Z#9RCwC#UCVP6#~J@-W+hk&gph26
zfr=4j6dPjW*oMR>yK*C!;3VfnzPOUARE6Agpi=n*IJhcRImF@=A4w{yR3)ht<s5Lp
zj=`8mu#LbaKnSq3dab10oz8U6WBc)SPtWeo!feqn+MeE?S!sXs>+jKD_vb)Lc?aHo
zHh4J}9WMvRFgz*UC=0=HCOW2m55K6GIy)%<o(PV~J<sof(On}jx_cA`h6bK|#a$??
zi>vVP_Ct7h=WCd`Hba}HC>{Zzx2%B-K>TU&a&r8oy~7hnCZKOqA8W5|Y{25eJpM#D
z4*db_p94vq{ZDyM=*Rj*{i1sKc61NcACh|V*_yw~!Tw4|e$Q#`+PFg4|F96QueP1w
z?crNWdu_c2*Uw#t=}&J`mL3nlJe3M$0OEV)t>wwrj=l=pp5Dg5oBsTNFf)Avs;es~
zh_35_>$%{0UR3wOI(>Cr_8Qi`W<BUH^mU^)tZ#IGzHjp$ZUicDudIr;sprsqSS<VS
z=Ls-=1Of$5I4A6tp2zP&be_B))#dkyPXs_K_bc$x-#&)wQk4$1Z)<_1APzk>H2M0m
z?=lunU%v*|FJFRst)?HFgD=wKflNS&>s-44kek%S>s;g>&2}D0dT+;dj9-2h5OGkk
zJ`nxDfnorm;6(MLe{^lqpD6Y4q43!U)4!Lp^X%ylVe!G@$pFk>C1m1<Q_92`#Ea+7
z!j%jEHG}AcH+Lg;QBd9JNa`MK_mcMJ5djkSb>i!q?O1=|GvZ;Edm@{!j#iGyeRTJT
z{zwCe&;)`9kw_pabqPe}TEelFfFB(7dX0^a6dQ_BfYtFx1U7+;6q}QDIE_J^xjAi?
z#xaOIXc!0%|DKD3ojeTuIR~02^^HIT3swnVespf?qcB!^5FBnqjfOrV*CS!a0VURn
z)Gl2M{1ELY2PM_|+8V=%Vns0vu-nEn@&r|Es7$28X)1{HLdQi|g8=0rpb6l4dNymA
zNrzKCKwt%sdQJMU8-Er7gkfOIHZZW3zcyr|AB@4i?<e(*^>wJ#HkkerSQFF~Jjw8g
z5S^sjDWxuziK!qaEb(xrd4}Q9^KejOg+_TWJOSWD1J(kRT`q#aZWCiU)zZi?uw*KJ
zA3B^inJBW71YoW%FEel_4)3SG%_PN;GIDZke2md`=H?BfOpN8C${rkqglPs=ItI`%
zkehPR$u1WS0EtZPfLsI{xd^yiBs>%SuudXY2Iq}NgAK9Nrl;6ZXAK4N&7I*11JYJ5
zs&Xys@aSpepQqeER)!puT^Zyes@yo*bES>6As4|U7n}7MEXG9QD{PGGYmq4!VRx)V
zfecKJ$k<;<A5sySW�anx_ZZ(JDqx3S;c#V*0QP_Hr?^7Rs>}aCsSnC9p99H#`sP
z^?IGXQtYVflmf|=oQHGwEI@SO8?TPR_kVpDw(Z&?cvj>?*WSuCY3;pGVsKX;)ZpW(
zS(v-J+?0<RW>WG|?1Hk_wfPW-(@>8_APO>5`f^R}tz2Vj@1;V)ERT5b?Vs!rWhBQ$
zUV{~gmJXuBX{au2duFhsV6=0uUIH*aXc-tSg>sTeTC2iLk^x9rN$DV)+5xuLKvX~#
zWTeQ%xNglzSs97#xI6&V$-rI(ke7=xD@o*<<C%xaNZzAfvSA{xY32=JeT~4a50>H1
z`Bhk3Xe65D*o$Qte`5$npWEDXV9KndMU{~pE2DG%l9JIGj+h8}Dlkj8Yw+3o3$S#j
zuJ}6VKC8mq<thX7g&%D1NdWn_SiuoIJVf;N@Qieg&TvmP_VZF;C=)OJF$B@%48QsB
zrQlfXO}WUm#{lY?=?im}F6In38T)xDFkgMJ0?T)6R?hG*|5<@r)$cjE$hZ3v6Mf$A
z8f&vUM#?i1m@_;t&Gh#9s<ktmvUl!EwI_yE6R<oJ3BpXAk*G6VohQu8<XD?;WSS&i
zo3HmQfK1tuoaF?wD=|hooEuK`g^GUF{4~~#lf(s=i>bg$Q&_yVn#f4dFw({uo|`kE
z1!s6K$wftLP2{3DtR{A)ZfF%4X_za_%V$dML??CDzIndmK)FyLW*Jr!t(BYkV8f~`
zH&JCLF*`itv{PQr@V#$r733m5YahOj?AruepXu)zn-Ocr%ni}sO7x6$q~Irvp?NvO
zsmJEPTidxnWqI@r&-%&^9Q@Hp&jM(2(FvX%t&2{Y{nt(K=IIQlUYouF7q0zzo|zc(
zkV=_&@W&%i-d^enqu<odPbkZdfpD1Bxag>guZz18!Y*=}<%r9k!&_kNTLUn6c@?Vj
zjl@m&bRZLlcJ&uZF192ax!DgsT7Y-ar7#kVaW{^nwdSGl#HFw7!tU3$^rSO9voip3
z3?#!YK8@w5k>Q>i>7Cc?M=#H2*qR)Q)`}=NyaEK+#Ioan6d8^O9OvN-=rs^q9aaUc
z6$$MSnJHdZ;u$H%pn7Ozc)KPCo!w}x`NFa|e!8j@468+vg&miR^6Up1bk)>gab?E=
ztH|(HHPgAvYjEv!C7LWwUoo}gV3`^HyIvXWNnfhX><7j~p99xuexyc*x1gEMf4Kpl
z{NW+DXjShFk6Z3vslxrMRru=cG93Kj_Q%=*&`AIVtrcM+;S?Z)i_S}p3~xm)UV4AN
z<rP!Qvo$#PyE(Y~$x3fH!)<3jkkAf=nPwNAc@0KZxwv$v*0cxPhz!5_r+K)0VWn_#
zv1MS<B?DsU2Ri$qxac%%FtTc<^(x8a3|E$Ra}{JjE8vm1qWhTC3~wq!sb*DAZ{
zJk1)6j6-XAv}ElJPg~MfUnlUzKPo-pOHBh-w|Ix2*3vN2(I_~g%*;Bp4vdswbpNJQ
zXSjJecvCH^+}ePJTkC}fFb&u+I)Ip$4B(6eWyV8r(Rm)~qO$?^z_AhL3^z^^XIL>c
zdug?>M!)^+2O<|`W*S{|+9(0L*$>QXGqk%OzVq`j7=3P&wOlmyS-Ds138UXQ`{Db@
zL4-ISo{_3Uz!PUY<S2nwo#7PBBR?B6eo=FQ-FWr%*Gv}T3=M%^xnF;*hSl6{NrGsw
z+L)c#MVGQoN}kT}9WRt&;^;8CayXHek0@Rz56v`n_5%%0#+MAZI3qQVb1&P(aw}!?
zaLKrmxaiLCOffsiG69j1L?<JW`ABJpj&96mSnW<#V7X{>jc%Dhtj)^zQyHn<CdGbe
zZTpM1-6o~TzSI<86(&mlR=FTrt1B!ucO-vnmYM!`fK1&cr3U~s0jrz&@O^yEi@-=n
zh@kWEovl(#j!q1#Hru2W)ft{$V>L6;$VheZPBs@^Cm5N!O-fOn;aS#xNHZU%zuV<O
zku_A=1YvvK<Ov`@JR9~#EwVG*zMTt7P61J3Bxr}zSetdAOWULv_JAWKcPzW6nWoKt
z@Jj~Lia7gW*mpG!$>>G|oTHJ8{1#wEb%tjdT4Nb$Q#6Zs<b4A;O%igBfRpAR9d!FJ
zk{gJR(&UgQmVJvM6=kFnMd!tP!0{`IyAZ<2$wd;&#T*&gO#tnI^)o%N3L^y@QrMBv
z5lpx|!PLq{euKUuJHst!Ke7}xLcmMeGrTK|6y+ke%VJTT;kNBr3lc@g?^F!P&ina$
zRvZxJVz`klvhQ~ho#7VktrT>jt83UZJa-T+_eL$MGd#<^T4QA7qD$Q~Ja^X^*zFl!
zP-l3j0gOvYbkRAPb7|xSX4;<NMRkUou4$*Zs^c5dQwZgbB&6>dUQ}ne=Cj)^uI%4T
z-6o~$jKud0FRC*<k6{&IBq$+@UEkXVm5ay@{e^XgcNRbtNGz8IpJ%Uoj3h{QoAzbo
z<EEK*5=<BKsGxE(D%G6#fLp6Hta52&`8^&t%`}aXl{?Gr*pXnh?CsiL7INESb8Vpx
zGyhrE=hEPkpxAEp`6!0Tc8vbDr49J&Z$50v{8*^mudv)7Hi^RM;?py~y`5_UP0%Dn
z;Td`RqZODrzar*gRFZGT(P$0u8-7w}i$xnzdmInb;Oa^LwD-9_sqb^2?RSO<L&Muy
za?qgMq>MbX_+YWAX`o5JY!Zb*=0ssO8Qp+n$T20{SBgZ#cE-?b6=qt_7KdP@tzE<-
z!#fM&F!c5JLxkN01|&_$%)SF(T@5AsKzWtOlv7GrWyL=b0BA-xn*^HBLIO=WZ6E&y
z3!xOgE(8%@-iCv1jtuuZsNC$?yN|ujPO}V3XDE=TX;y8T@|85`mrXjdV#-ncvyS2n
zCzvzbkSL6#CD0UxXcGYZ)?kKUV9jziqHJJf_b_zIw^-`yV?ff(==VY(r`#wV`qcEr
zF!`rnCmmTag`Ha^3WFRHXlmFa08RA4z%ny^X`2+AhoO_E#>BxF*{~X6MiXaOl8mm`
z&woypo&d-g%mOCROp{X*dlay>VBimiZg;9I@u=B{)NvS}c%CUaQ9An*iTM$+^7zGn
zeaeQ|#zyeV)_uKP%rk+eTnDgEps9_{#@FDZ%=8V**%W4yRIvRHgLvr3>kK2B#-3sp
zVb`=HgN9Rq1~f%eqtlLbo6Y)qxGGj*8R`YfDS@WUTF}TvpJY;6`1A{^QleR8nl?lu
zpVcXuc;Mw%5)dgy)uk#OQcr>6iHpiR@a}s<PYq2T`rb<r+m@wGE|fOYa7m{ndokYa
zH(`=bMA@dXB@?#!5>s{dVq(jQwwuWoB(}C<X1mfplu=j81B0+<d>@SO|0a`(bU3A>
zCM8?|;@g--A%po#I`&Q+-akBkXq@F=W}WFa0G`7uqNsi1AbxPM0!bcXwVkB*m)_$Y
z;>q>GD-oRSBzkHHpE4H+mme8>)$})fep?_84#L1-xYa3TAysUs9up0xr*x(v2IjLA
z%u;`8a_7FCESE1$14|P$KPmYaYFbcZpW2DDH)f%}QJ<oC#4^zuND0tm(edV!ueht_
j47Ky=p#v~3{}*5YclfJ1`ZZkB00000NkvXXu0mjf97#`H
diff --git a/modules/InfoCard/www/resources/infocard_self_114x80.png b/modules/InfoCard/www/resources/infocard_self_114x80.png
deleted file mode 100644
index 9351cbcebdace06d93a7a5d00287732823bc676f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 9302
zcmV-cB&pkpP)<h;3K|Lk000e1NJLTq0043T002-31^@s6#knCs00001b5ch_0Itp)
z=>Px#24YJ`L;wH)0002_L%V+f000SaNLh0L01FcU01FcV0GgZ_00007bV*G`2iXA*
z3p5Swl-X|p03ZNKL_t(|+U<RNlvKsJ@2_h24D+6z5f~Uy1_XI2h&&aE7(_87SHjVA
z%)>~|G0BM`#&d7(O5#bB!~|~=*SfeQ$vxK>oEY`Q7is`ekr9=*pn&q88RR((^JJdg
zy{qmYd)MAy)vnz=+_mog>+H39b$9JY@2=neUcc|FDux`}19Ml7aEh=fQHn)Q39jY|
zB=Miy|MN{`(3a^yt=olKw;QXL*Dh_(c09`lU|uDb4H$$a!$%B9<)BJb4!i_KB}HHi
zkkY?^e+4NKwA20c7~65ScH4Q{aq7;c<)6qb|56(NSjO~%e;mC>^Zv|xwf#@qf3Tfn
z>$~pGZnT_lM$7pYoNPFWz9y_nw_@4yO-qmW8_1t8Sb29rHCBuoUz5CI;uT2b<$*CE
zl}e$lr8Rm52{6t8FmTSa?*P0uf1i}$cg6t57#K6#ng1u5cOCzFj4?3(nvDCO{cBi(
zvfL;A&ZL0=)33qEXWN5jUYBt|iY&h`0B}IM{t4W2oQys!=~Nm=K0A!MgAHxHCvpF;
zH!NM96Uc|Yy7HOi$igMp%$ka1WjRu*6pkD|goa~v=<e!@KG6)|jswm)9LIsf9XJUG
zj^luH2M*`p{&%&XCmcA8gR8cL-_ALlgaghTBohAlYM;Y{Yp8b4IXLGYkPHE^^p7#7
zH_-3FG5*71J0>`mJ}l}OMtk1}Kmt-q?{W+fLVAD*)nC&496TW2cg6tW`p3dMUP`HH
zgpRg$e6-~wv>oqR^~+b5ew*UvXdo_L`OKg(WlOHRaW;xei*WeRL45fBW;C8TgLEn#
zg`NS7aldnU2qIUV?*qUIkUkIrFx&v&@xkN<_!LO>&bTl6J{UF-83BkB5dC)AW*!6R
zZOoTCrZfTzk(CHR1oyR+0)c=SKrg}vAP{UxB$r9QO+vT=5<o#=A%>3_j@HhmtEXKu
zFZte~bsHi;{`{7ecUO)nTsC{&Y~<zVVdwU(ICS6uge$B7Ds{&d7*r}rX9xQTpxkKZ
z1o#kau7R)4qwQ2G0+nk@5S1!*3^R^_Me^t|jM!xgHU)`*NF_`GDwSjgk}EYkDTEBA
zRLJ06NblulG7wTAe?UHl4zEU2`{`NJ%WiJid~Dq(ftG$??#dAb!?9xObyJbZ%frrX
zTXDRuUi(9u{gD7T183ZOIa~*kdEd=_oO3W=9nzQMc<qkX=4i(-M$Tb8RHH1E#t4We
zK+K{(HRp<`SZ24m3@ilB2L}w0ER;m0GHs4p@S_S;Q-vx!s#LTTkU~HRfpjX3-rip1
z56Htcv!<e87*;%R<I3^?$h-<H8#TTrSzb|&BZm*-czu1m2k37UB>I{0XdCx|iX87t
zsi#IQ0CUIMrmIn=d!NksYyit_9;>Nh4X_z>srP<T>Rlv4M}^uwPYPvdN`(SXX$DC(
zY+yq@JL{=cA%yo?2=w*#A=Q^cva%ePjTxTIOJW58um|R@EH4?0wwrIe8B$8Ded9G`
zls&Y$^$dQehK>qn7L{sKr>5FWIL3Z%v5kH^IX9<sW3g|#b84th#Mng{s$uUl)1*z=
zG^y002!T`%P5`2Ecvy&<aHZDI>H+ZH1%&iKbTclb6mVS^LI?;UQJzequeTSQ)@?%P
zAtbp|h$U6kRmjWFLqmO?2O`T7crvC-m+~}?wouv(NppDg*x+S3p0+biq$E_0Oxi)z
zfQj*9ZPFZuKZe>R=SdKIMnfAG+Cnf1#)--#AZlTX^g<HP-b&BG5yF#3Um}GNkW#{R
zJwW^VdQn(ZgsSQ)@BvuFonp)#JhTc@0u6O_x@wC2Q5M=iszSLZG0Xxc4;&iZ{skaA
zy4}>kcXV}ZIwBFrg~d27CK%a{;mmFqVc0(Dt5;??I}*gfA)Y8?0G=kP>O5Z!3uPA-
znB?WUp1qV(pu4LJi~)m(Rv}S}MTtZi=9X8KA)QX4y{*k2JO}ZjuHs@P(BXz7WS6u!
ziB;{4v_(8rN&4G#PMF^L%=jO$saV5yGI|{n^U;7kI9}?&C^f0>NkZ!9sL(?AKgUCG
zrLRtf6h5Gy@pYAC`r$|>lYtNd<rQUcig9&<=OI~^EJssgW5ivjU@EB?dRY~&UpO75
z6(ykxk`l}h2bh#zJLl1M6*5Q(=G!_iCgb*YUyW<+>gD$~v+-s&t}KrCGdV#UUuN=j
z+0M7|kiwvQI1k(W&tB-l(bt_u!@jd<JJ$&zLaCJGC48w&rBWzMmcuDP4Ugq{h)QL|
zuFYOJ9i`<(!HqD+Jb(y*8i=Z${Amh?0tyPyAn@kFIa<3-RqDnp9z+v>xcz~2$>?>=
z&o*Gq2f^<X4Mfg$V10?tD{ye>gu$9R4J6U9mD;mG)kp+HU;S{OPUD=TG+7*i;e*7~
zpA$lFSASB7hy+pz2!K)&7}zUaI@LMMX76%=6UGABB~%?}W42AHGud&Ikfpz6f=8v%
zb$zw!9Y3Ie2cW?ZJERnl5Qgdv<IjYR_1FG`qdO_8vz5eY-YnT40H~yrs80<%&UH{s
z2~-lR01UiSmR-G>AecZ{8St3Yg)QY_dys7D8}-|yPv|=ZP^nnSSOA{p@VLIM^g*Pz
zmWY5z-nnBqFT_r1YErcmRTD^(0$hP%N+tz~zEjYNZH(<iTSwb$rcEW9Qe?}o**^Ej
zu3Fg?Vi*1I(sdyj^L!^?LWKfN$iOzL*wV9?;X{+KniA<tqC>+A?_E=&w1b5Jl=LY{
zi?e^GWct@Qu)P86pV@)^TkFw!?gG-O4Dtu$p{$|^RU;}f=IY^?{Dsk&bK9h7huR#D
zY@i$4yrTQH?;E>U=xSC<y!Xn-c>ReFacu7?bhh<qG~C9X$Fe&|1T?Ly84ILPf7U|K
z1o;f#vvmyzDq+i;F~;IKPip^s@H`dlL~SDlkdc7Ew2J_qesC>betdJ}cKUi!XzEF!
z>2w?RZ>__tf7<MITAVXOJ1<*@+CYzcAQ;2zPkxBU?t8I+>HU6W&6P@(#CA$41IhH9
z97()Y2?-^Qeml8d)Y%~*YGC?tA#<GIhc&4*IwO!wDuL=)Lq%_TagP<mxb6Ijj(8B`
zRIbgL$tJai>U?p<rrh8uz~XErq4*^6W&==(y;Om}$K-etsO+P%ne?yds#QYIG%%uC
z{hXi{H`368*h%I1&`#3gKqG`$`_wkAPbSV7g)c9;9)qeY;JN~*>(1e$+Jo5k)_!Et
zE}D+Fqhd%2oID;MH)e|kvw5+$&Swl~8=AG<&mMRXLq}9*ululOKn$r=wvo2`oNB=E
z5VcA}5MkQLKs+6TLURlnjysw}ff52l?P{K^37-EXQirGh(=*zi{rZ2s1;u5BfCTdL
z9gLbd43}Ry9JhRZ7GC`0MhI8pLURw2RYehSK7Riw-um+ne7d~>&1c$?No9~6T#74a
zjl{xxW@E|?WBM0o`q!IR_#^ACZ;t;})Sl*e7{VN;2-K=1A(~_?ba)V@=%moOSF6_=
zkl~c)B<Uvgig>0pmZU5UwTq@_O6{nWaMP}C7rWCaE-Q>=G|DSWaL+Gp0~nC*%V?d`
z-O+>Je)l<i@Y>!;e>R<L!={(^VAD%`aO>T(aR1|fk3^o6+ZoCQbhhd;%XL%<i1eKt
zNEwD4lGr`YLyr}qgCnSf`qW*Z5UHnXf~d+e7z@>`2B1v>eeygKqL=`ZhiAn2A=>|b
z^5NI;$p?qg-Pvm`tkQCj0EFw}p*x?pf@p5*S8v10|Mqe`Tayit{x~@?-=!tl97rIw
znMAb;5pt|jgyD$FiqP;lL7ys3os#SW&H4vHznR)1fq$SrX`D%ZN2BNfEV_3N9{t`6
z!SznpH{qG(e**xNUs8h0t{8%`Q!c|bH;na|C8l@QyMNt--J1?;opkrl7vRhH%tlFh
zA$GoX0FQqEd33aN0|4H5;zKO>)=Z3>HX<ir8+#rDq>P3qHqSYmT~v;a5CNz(j)bz8
ziVz_2VnoF%Z`VfAF=8XF>7_*I>;%q@<Ag6W<gf(sagsUz>(jCL`*Zc{`&)Z+C-!YU
zikJTQE*|>U6WI9DP5?m3z{23VZ~bM5cFrC5&BeDKSb)mGrN}SH!|bnIh5J_At{wBn
z6CYkY!xQJFN*PNJO4BYHAW(WvDz4g(Bc-8ACBo09YE95Q9A`YNek1Bsy&Uf7VTB@q
zePhlXCmM24#)e9!vaNpGT@T!XiPJB~whjC6+0J^LZaA+o7l3CM*F5naDu<L}!kkNk
z>mT{}q;}kwzI|<^^Jm^NLHoXcOI`m$mj0;NY?avxB%8;o930ox*d9fSht!;~WI?h}
zbXp>p(sNEIp-P3SAJ#Zl<LQkf%579!No4`9yuJnlhm_+hOXeWem&U2OCLG+|fcM|{
z7@h4s!F4yi`VqeIvzvn7>TK)L`t{pW9?2bxo^H?W%-G29Y%G##0||(>Hc1^J6^1BJ
zHb^k*QW<1Hq|m|-Zb~GLA02K;Cds1(v7`dlm&{1OPqQ2bh%j=H11~MZuyL1wI}G^+
zc^EmN8n@nc9q#-6KWH6v@<@}W(n^wr7d^J3w>#B;k2UVNI7Wzip#IAi^asG24v+8%
z0GoqDU-Y&JA;2OPZl<H7GWCIDqi&SabEaCQPLC0sD@py=#s3@k{OT*Xe9|yf3@t&~
zz#?=scO%{Fg(bxm`C4D)<vW@x8$D^5=IlK6(N9q`en@u4CYRdGM&ISgfl884wgRXm
zk4h}(03io7lH3(xX(ZuYX&Q^u```)3Bg-kH<L4q(dmw>9n#<ADtH$Ig$)rhQDz$$5
zjtvL!-I>3`k8k}0);_Zpr|Zt4I5_~7)y25b(TOJ>dR^<onu$ZT&YSnOY1;l@-0>vd
ze{C;1nmZv}7d>5lIC110-hb^A{OKoaaQEcpxxu2&%*Di*1`Q_-CP^CcWN^F!QDr^^
z2|I*tFV+5tjg)?=pHio)#8In1_1PY4{?QgQTC({RL<+3h_S7E6p4!7X)#8``@j9(D
z=YMS));+xypKkN&aZlHs$Fi?I-9HDVzfMd)bC0poM?6<kdMUU{GO2eOv6X@IW3!RW
zbas>~)g_c>I0D;9D*z~cXF4{VN9`r^>|uYmuipCw-29E{+SBhO9Q^v_?_m1;aTjMO
zv*kB)0c{EXV?9&aZj(w%1_U7rDTx$P^ITOZ60wm=Vyv~K5nw}-90X8}j*F|ykrI7f
zt~Z{943T?w|AYAWy(8Gatq#ZbokHX1E$C?JM!GM9g5rEsT~>(+Ge%&+w`O7DtQu>l
zmQ@ttku~4Lu8oKA&hxwQ+4cssob5oWH;sbgd<+_v#E9`jFmdKc%)E6%d}=F>e9uA4
zNz$%K8S!X?b|2gbbw`dDLO{Agw~Mas0MWmY(7Ehr#={}S!JHOWDFBURX&h00p`{P!
zj<qA5a;=r&Lxv5)kiQ#*`L}!DODhXedPyOYLyGM=Jxe(T;~dj(8i(og$H!+pVr*c*
z)WiV0v3o^M$4S~^MiW?@TJ>!tjU~;3E0a7Aoh6$@vY2XcqH-ezSElq4wW{`YccgLh
z(`J1vMNCn#Dl_S9=|N{}4_eQ3V#t^Z6c*?8FXL}ZU&RIYaWy#f_-qe^#j(-oILhd#
z<H`5P@s#C}q-Mvp$C43>PHi3y=R^kJsDU=zD3ppgJT|+?7|tAOjR#R$D!NH=a9?*C
z$3H%YwsYOOG{%)G<{I0cEkluusxyz3(M&x^Oc+tE%3f0bm6UqWl8=xWms&EJmVQ{P
z=(r*TRGGi32w<uzoP#q*mp~PY(72FNbO3t0GD!Ei+6duDAvBD^HtKQaVZ+&D-jMg?
z;39j$RIb`m+McaCE}Mj!bu~&V%z)p}5YmVz0}t00rYPEus#Q`s7urp!-8R?$yIJ1h
zgku-!FmJ5_z^n{6Vo8ya(Gp9>?Bfz)8A*&#I-45W(bJiZmTlNx7ZYN{)w9M)D*;4?
zqXu-3mD(}mA<#e<B9v~D))GeGA22%5s|2Fi55}xxIkW+$4v*Hd(%6tnrV1?z6S@F$
zW+@p*I2_z8J|^l{2#Kc8+v7Xhe8t&M3owxqkT{mdQhOuKydwpWf=BjSIa$MNwUXsz
zgckh^Tq6XmqlxuFs6o-OS#+hcA~a1UCGra#6ekDhl1HVHjL)ZI5Vg`w;uQ5<NTItU
z6%SN@oT2_OG+7eQR8@i&OPN8xjbl}k9H)v^V%arDWSR9kZd`=`U>_aDJlm-3rb*Gk
zAOdVPJ3~iTdWBNdkXlr%wKS7Qf$ccoZ7-y<*+Cn?aq8G6t%kaeI50*Hj#&|4jU@@_
zR>1vA^B{>VjjHn?A8FV~s#=|xA#jXlKg?Lta0V#P3IK(r`KXy(g(6=v%`yFvL8#_;
zrUTp8oz9s;ij6(Z&n9?TyjhJKr3F-G$U!AdD{mw*CM5$btdQoZx*{T>>O5;XWH=_#
zw~aIeaYz+ie_}~e#|kM?Sdxd4lLu$bxL;`L#hD{59)~Cq8H=K7byD4#{t?>QrlN`)
zn3H2zT_mtK(pDPnW=gE-$s%HD!dQ|PCriCDK!HogYH}TjaAu7lc4VPMIu4JPby&tM
z(xh@MpJ`EHrI!?9@W^DmbTXru+BW>n#@^V}Ypz;XTT!v;ncCWO<sVJSqyVZ6h^pB!
z!K2v_DYS=NuWRMTG%1V_=bViFAolRq^8c=N_}g9oGc<!Hh;b9Ukw26_Afb&Cj(D%;
zXzE-N)gNiKNv@^ywfN7pbEfxcuuLYfcMSiPc3aQa|4dIrQ_v{KsyJ9-Aq1FjdlG)^
z$TX_Xn@)`R<bXCv$I?+OTlSzovko!~S-|ueHW*m;>T;We=3;tcBvPuHB-1msk>s{m
z(w4rmZAK-XRvBP2JCKp<h2aO_r>q<}iBJ+9Ln6%qtTy+a4py}?DK^(WCic^2*kH(B
zf0}EYWZb#7^GynkszVAac||BX^LUF&jf*8Uj@1oQS84(!b4yTBa8#-asz5oMnMzFp
zp{1|v5ktR5H^m3+77&SQ4JH7LBf<My31<se4ArdJGh3)&Ix2DGxviGfR{KgN6VhrU
zy%b<*q_ylvXu^B|6QshNhskAAwZ<l7jqTXpQ+WCDTI}0Whx4b~kx9EKA6Sf<@k20q
z&S=b8G#ND$hDHeUlSj{C<4ZenY~M+=HFd&uU6hm;p}J-uW-Xk6Ik!zh&BW>mQ090I
zEk%{>81jHg03W}11aJLiCqCQJfaWtD$fPnTA5?+~Gi$J5$xKYXepF~Pjci8y`7XS)
zq82+h976M%4iuFRz!lSmW5JT?xN6R*STF;Lqzn%6U`-nqt!pI|T|ksOX2m(7==@U1
zT(R5kO^5NbMgNA3F}|a<@d8>KFJMpY5v+Q6y*>~|0ta_DVC7F=gqzXTNJmQ-I$FAL
zaQE@>yj(0zfA$kQ+11g5-^Gk0Ie)4hn_u|^n_u|^^S?O__ddD^PJ)NFR7!k)un`a4
zu?nr{I>~)^W7k`UvFokF_`4s?v4iM)t)L8!)C;gQmzg0xAIT_yBz>jLI%OHq8dvA?
z)I)!ZfS9W@8Dm)U<mL#7|5w#+7gP4(&%(Iu&Zi?o5NzAq&+bAZ&%yV9e_Ie6_I9W6
z$dczY5Y6r7$KH=ut^VgARYg2hlY6FmJtPGD33PS4Xw2+LE8yq^2U(u_V|!0&-+%M+
zcQ9@Kcw|x;oH}+Mduk8ko#%HM0XlH%*g5UIrT^o0jGtBmHzUw^vK1}oTk*~dyK(~P
z&FC!q=lB44_piGnAl~)B&A4^ROca$BVAneb@z@Vv#)VdoCS3o_cFg<QH5fg)8d6HU
z^Zag{sc#9+Ehx&vJ&!EJw41L0q{NOl58<hQU5~z=bo3U8qeMMaGiHp;PNtVbGBO5|
zc&Was4MG4_aD|vDQjB2SEUY@P>vJ60a{`&Pi_0es!|gwui~qId$2!F)fkeJOD!%@}
zX?%XT5t+1$;iCuR_WPpeWi6!Yk3s<O_H(<mw#7@ofUo~#K9Yk<keBb^+J#qo5=gf7
z&ukAqZ+T<Cw(pxipN}srz6yoK`6wvP$DGAi;?AGUjsCV`bX+&A+3{n>kbN*-ut+2W
zLTMz^Onc!6ft^Zbwp5Y7&A53yHodeb`2Or88}RHS-o(EHhm~XM7sq1p4{pHd$-}iL
z?#h{?u<P9eLDSmRTd;QZ7B9Ixumm%2oruNv&I!-!Pa#znTd6!#a~#QnyJzaLq?DL?
z(^&oC+<rWeq|XoNnq<a;aS?`R#+Sxp^|H4k(x|*vDwUE>v243(SO@_+<ed5R9Akvp
zmc~dbn`$*A;NC|Uqwz#5KHJ`4bsRSQc?aHpZWorn`dv)FDJ*CFhx=|qOJfJ>K0OsV
zukCy%HvD-z-hOT;mcQ~HOuu<T|Lr7WaMPLCedail?@s@H&Pz6*?FhWq?hAd|zS4>U
zjpdP2qO_tg-fImc)9&0@S5|;Ih{u@K*rViBnWO)%#&|f6oe(hMw#vb!c)a#saA12q
zc5OU_`cKc`#Nl&jIB+(YW?Q%dtAD-TtA6vJo3e^x{Nzt}p>F>ve73V5r|O!}c%lVo
z8qNoWxxy7#{hK%a^Xzj12qEDL35N{XYdX~yy=6bvD=9As#!>cn>+4PjzgtwAkIuGU
z&08%WSgi4~?af`Wsx`cCk=41$;_QTkKp2KFZ7Bo*5z;(oC7b^P<7d=h{EV8Q?Zn|m
zEK#NV0FLcF9eS-~Qq++Xs!=ncI+%g6@kBFzdG}NLd4`QFD9ZN+>G)gY@n%$y92k~9
z{>N^+mXZ>ePa1|jwMT;XKYsWx7%^dpK0Ms0O{L_(W#g*w*|u<Ljva3v#7*D0Ml)->
zHXM$n=|Y~?E_s@C66MF~u{=<xTszyFQwO25L-|2-^DEB-)imq(c>d9M@aeXCw4d*U
z>k9OA_Tkg5^-*n1@{bSy)6-c0m#sLq|0Fuwy5VMA^!B81Z2xJy7AJ)B(2<vD$Nbv^
zucPJM1@v6##ky5n@#p1lTD6Fj5;y++6s`H;Z~i+ze0?7}TDst7GU(|_;ndM4Y+H8#
z&pfyuKbZZPmY1BlaJ+W@bC0}>57z8QZ)YERJNxj#tNZc7Z#Tu00j_J6IL+ZfG{vXc
zNHxZT`HQOr+?cWaK~D0Q*sEiEPenoy+cthi4dGpZlSj|t<k52%cb=~aX8)H-+DsuI
zytX&z`~s?vzIf+Uyt#TuVAIdkH)HwT&-PCP0r=vbQ?TyI?PxsiRsHpJrtpXRU(f9^
zt0`KnAswu%JjB+usxTv%wVyFhrJ7u~k~*7>B;;{_x3bD2-21z)23)Izy!i7-r{3|S
z8!_zifwAZP<FbWT8wu&z(uZDHf~oVa==c3oJ~qD~fgeA42g(N)#~#1v2iMwn&_0#9
zQg<=ohew**Qw-MXwm8*F=OYyYPw)OIwyfQceIM4L;j^=7Y3zWTc2QVbfZ?MDV(Pqc
z`078;LFLeL?FoEv^*>?n2S;&q-wB+qKkunFSD>IUAA^Qh;QHIHik|0hCFO;9eAE5-
z_vIU~W$k`6pJ_))vJjK5AC238cmpP0I|@%PTN?{VNwN^j{$mMtZ#s%if8C8kyFN!t
z;{~L9GZ;{mk4vh{aOo9;Fm~FdnDWIjdcIN!TzbVI{C2~4@ap3qVD~#m(9(DTg(U+p
zW=b{Y-!%mjuOEpuf7lvjcFY+hW7KFw%>rP{zqe9;>Gp+?QU>c<fdfo3-O2ISue$Pv
z;no>|v#Qu^Gb$R#bhr26)WK%Y+|hLu=ywT>yMB0-+s(F`no%QTD;%aNCbRZbnh9bf
zv8)XP5W;>PGWT3$5(q;wpZd)UQRy?J@`icyFlcZU*1fcrW<O{rcy`g8Gd%b`+tkjg
zok}THv)Lx7)zV31LU#(Hly<dZyN>O5eBdI^g(W{2NeI)ikEGUyURU#E%}R1)nJ>V6
z0ENg}Rj8?2X^A7LbHfaFoq^@HT698L%QVk92hs%jK!lUK$E<22MV6|!n1@EjRjsMy
zah9B6WH?;5(hiH1M`pN^F<yWPV%!pmG7BLfCBPXA-5(hiE(h1;SyZWMBl|;>#gu$#
z)3O*(U@&|CMPyTKrH2|AaaC@XB(ZjmnOHU}<4j=vAqD}kio}RBQ*pKt+2TkGgP<+Z
z=dU!A>dojAty2Ka8!<~hVpJa8(tUayMI}?IcqxHYubW-1(g(v<e`-^Q*?_g!OPYj^
ztt3#tK>)MbMbf7i+WXHeY2}dSIu?v9Y{H0yGKb;p(KcjKB6g1M2*`AQ4lq+a8MK}4
zwA)2rQdLva@piar5kIbxbY{f<QO6@&!Esz!qX`lLFLuPTC3zg_Gk6mXZ+>H2?l{t{
z*%2AEwYRn>%PY#gwGoZQP=dlNhXn&r4{tl=$CrAosq$=t2S9}9X)ET?HKl036R%WT
z<pxBh`ip3`HFlw`u`ApsjWry7;Dr!yg-dE)+@SWw+AhL1sOWx|oF{}E6hyiHI1N`#
z;9%QNeoy-48&+Evw<0aGJ3PsX3bePj!|g!>&$Oeqqpd^lEXe{;8TY}UdYS9T(5icN
zjtQb>uE@e*!FO%RHeJO>78Rqb-blR&DOg303=j<@jh5ZVEL)^axL~U*mBx^8TH&U~
zE(&Az4L8j83n{XL7BRebm0F%mB0oPL9c>+OyYVr1yHMNO+!ESCuuz@G{D5M7v_fv5
z){~NeDCl@c|EOTqHUp@bcu|vD^<C=cO5-|V$vqkEYa97%jK|l;BN{-_M6Yy3v|Q0V
z-Zkb|b-jBqmvz!Y31-j!+m^Sg8R->pojcPAw+pr0?Zujt4JVOFr?qvLa86SI00YWN
zL_t)XWH>{t_36>)fM=Q-rUal`>=Kd@sgl70U>b<9OQy7iAv8o`(FY@LDWV8arc}!4
zl$yfLa;%yI#|_tb6za1}?jcw-(hiIjv=}v;NaUer<S2A^b))fgBitUW;>$NJJ>GW?
ztLhKe2X-YGDCIES+2H_pLOZA}T}ww*InjlsLn#keZKGaj7#~8jlM;vy=%IFy8Q)cQ
zUB-+n)KsU?)@h{UDyTGT4}&SSt|9Hxs1Wz}n~R`X!8D~Z#y(EG>MG<9$VdH=dh|76
z)$-b<?HmBotyp$w?~%6l)^^XCa%H4gn9_9AP6p17qV~+etiD>6l7Of>-<6>gE8?rl
zOi7iHQM)LiNss5@5;Yi6sWJ*6U9*weIP+nU#uyB$YUvmaVw<h8pv+Rf5o0Syj2ekC
zW5=PrwH<W_8rssWSO)luWxwCBuKl{fUpm_*+7?w`TJ0Afd(x*az#XP7yRPzwK?K2#
z5mO*-CIKVJ67SI0Q)DdkSR>vnsI=<pHJB~RG6RORNTtl>;7GkNI8yQLPqS%#FboxJ
zm9`j96b3Cyj~y{`BxYQDEi&mew!OCv7mj8A`8V$@eJ=nK05%_6_sR6Cc{QyaO;-=S
zwAw54kRE{C(U-TSUTbI<8Ch9XKPFgMnyN)(VQDSI6b2oK7|vDdjE^P-wh8%!KD~5A
zm0D~hoeD*BU~D$kCC97yGFuADHsZ{(5Njeo4_8gT8k43>L8>o}?VGourLJq$!+%@)
zOLeM4uk+r4b+1hyJg=s;v+3$&WfB7l288PXORq*$aj)7Mnp|HA)dX6bN<>?;*t;-Y
zsFN;rYtnI2N<;e?c9Bk?U~^i8#e<D3BqpMROl>n6lW9`4hk;D^7ibcjmx>%<N}#Bu
z7-Pnc!>rk}F}SJ<?XB(Dz2ze`9qm~4%U70u8#(+U{NmP?KN?VtWn(9eNsb&d5{bOL
zzz%xVcJY}aZB1e5-!1bz=(d1|b~E6e{N>zZ3y-vzRBE3CHV9IaZt1(^f!z+?r4hGE
z;>pXPn2SC<9!WzUEfo&gJk+=>hJ_R;E-pq<aS0d$QhjMO9IeNpy+_)5PvZVxZ&<n-
z+4Icd_P~uRN90vtS#fn@$&l(Hs2Wy<vSb;Gii@(Q0dsMJ{h3rF>tHQOMrXy<Y%pXe
zo{_yqR68}xT556g4%#wxam#eYrBb^)yK$kT1C6H|arV?%be+kpO1EIy^4g`xk%Rn+
z1=K0TqC_bc<s~r}|GE8t+tTf*&2(Um+l@7G0IKc(0E0a-le{Kys{jB107*qoM6N<$
Eg8F3bjsO4v
diff --git a/modules/InfoCard/www/tokenservice.php b/modules/InfoCard/www/tokenservice.php
deleted file mode 100644
index 413d093a8..000000000
--- a/modules/InfoCard/www/tokenservice.php
+++ /dev/null
@@ -1,136 +0,0 @@
-<?php
-
-/*
-* AUTHOR: Samuel Muñoz Hidalgo
-* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 13-FEB-09
-* DESCRIPTION: Web interface for the token generator
-*/
-
-
-//Borrowed from xlmseclibs, TEMPORAL
-function decryptMcrypt($data,$key) {
- $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'',MCRYPT_MODE_CBC,'');
- $iv_length = mcrypt_enc_get_iv_size($td);
-
- $iv = substr($data, 0, $iv_length);
- $data = substr($data, $iv_length);
-
- mcrypt_generic_init($td, $key, $iv);
- $decrypted_data = mdecrypt_generic($td, $data);
- mcrypt_generic_deinit($td);
- mcrypt_module_close($td);
-
- $dataLen = strlen($decrypted_data);
- $paddingLength = substr($decrypted_data, $dataLen - 1, 1);
- $decrypted_data = substr($decrypted_data, 0, $dataLen - ord($paddingLength));
-
- return $decrypted_data;
-}
-
-
-
-//Input: self issued saml token
-//Returns ppid coded in base 64
- function getppid($samlToken){
- $token = new DOMDocument();
- $token->loadXML($samlToken);
- $doc = $token->documentElement;
- return($doc->getElementsByTagname('AttributeValue')->item(0)->nodeValue);
-}
-
-
-// grab the important parts of the token request. these are the username,
-// password, and cardid.
-
-Header('Content-Type: application/soap+xml;charset=utf-8');
-
-$config = SimpleSAML_Configuration::getInstance();
-SimpleSAML_Logger::debug('Tokenservice');
-
-$token = new DOMDocument();
-$token->loadXML($HTTP_RAW_POST_DATA);
-$doc = $token->documentElement;
-
-$cardId = $doc->getElementsByTagname('CardId')->item(0)->nodeValue;
-
-$authenticated = false;
-
-
-$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
-$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
-$debugDir = $autoconfig->getValue('debugDir');
-
-
-SimpleSAML_Logger::debug('USERCREDENTIAL: '.$ICconfig['UserCredential']);
-switch($ICconfig['UserCredential']){
- case "UsernamePasswordCredential":
- $username = $doc->getElementsByTagname('Username')->item(0)->nodeValue;
- $password = $doc->getElementsByTagname('Password')->item(0)->nodeValue;
- if (sspmod_InfoCard_UserFunctions::validateUser(array('username'=>$username,'password'=>$password),$ICconfig['UserCredential'])){
- $authenticated = true;
- }
- break;
- case "KerberosV5Credential":
- break;
- case "X509V3Credential":
- break;
- case "SelfIssuedCredential":
- //Obtener clave simétrica
- $encKey = base64_decode($doc->getElementsByTagname('CipherValue')->item(0)->nodeValue);
- $sts_key = $autoconfig->getValue('sts_key');
- $privkey = openssl_pkey_get_private(file_get_contents($sts_key));
- $key=NULL;
- openssl_private_decrypt($encKey,$key,$privkey,OPENSSL_PKCS1_OAEP_PADDING);
- openssl_free_key($privkey);
-
- //Recuperar informaciĂłn
- $encSamlToken = base64_decode($doc->getElementsByTagname('CipherValue')->item(1)->nodeValue);
- $samlToken=decryptMcrypt($encSamlToken,$key);
- SimpleSAML_Logger::debug('$samlToken'.$samlToken);
- $ppid=getppid($samlToken);
- SimpleSAML_Logger::debug('PPID: '.$ppid);
-
- if (sspmod_InfoCard_UserFunctions::validateUser(array('PPID'=>$ppid),$ICconfig['UserCredential'])){
- $authenticated = true;
- }
- break;
- default:
- break;
-}
-
-
-$messageid = $doc->getElementsByTagname('MessageID')->item(0)->nodeValue;
-
-if ($authenticated){
- $ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
- $ICconfig['issuer'] = $autoconfig->getValue('issuer');
- $ICconfig['sts_crt'] = $autoconfig->getValue('sts_crt');
- $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
-
- $requiredClaims = sspmod_InfoCard_Utils::extractClaims($ICconfig['InfoCard']['schema'], $doc->getElementsByTagname('ClaimType'));
- $claimValues = sspmod_InfoCard_UserFunctions::fillClaims($username, $ICconfig['InfoCard']['requiredClaims'], $ICconfig['InfoCard']['optionalClaims'],$requiredClaims);
-
- $response = sspmod_InfoCard_STS::createToken($claimValues,$ICconfig,$messageid);
-
-
-}else{
- $response = sspmod_InfoCard_STS::errorMessage('Wrong Credentials',$messageid);
-}
-
-
-Header('Content-length: '.strlen($response)+1);
-print($response);
-
-//LOG
-if ($debugDir!=null){
- $handle=fopen($debugDir.'/'.$messageid.'.log','w');
- fwrite($handle," ------ InfoCard simpleSAMLphp Module LOG ------\n\n");
- fwrite($handle,"-- TIME: ".gmdate('Y-m-d').' '.gmdate('H:i:s')."\n");
- fwrite($handle,"-- MESSAGE ID: ".$messageid."\n\n\n");
- fwrite($handle,"-- RST\n");
- fwrite($handle,$HTTP_RAW_POST_DATA);
- fwrite($handle,"\n\n\n-- RSTR\n");
- fwrite($handle,$response);
- fclose($handle);
-}
diff --git a/modules/InfoCard/www/x509.php b/modules/InfoCard/www/x509.php
deleted file mode 100644
index 50b1d5c43..000000000
--- a/modules/InfoCard/www/x509.php
+++ /dev/null
@@ -1,4 +0,0 @@
-
-<?php
-
-print 'x509';
--
GitLab