diff --git a/modules/InfoCard/lib/Auth/Source/ICAuth.php b/modules/InfoCard/lib/Auth/Source/ICAuth.php
index 94850fda37ef6cc8ce95fc1d725860a5edf4d3ef..47d85f86cb22fef9d14a5cc87a42af66b311da45 100644
--- a/modules/InfoCard/lib/Auth/Source/ICAuth.php
+++ b/modules/InfoCard/lib/Auth/Source/ICAuth.php
@@ -45,7 +45,8 @@ class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source {
SimpleSAML_Logger::debug('ENTRA en icauth');
assert('is_string($authStateId)');
- $autoconfig = SimpleSAML_Configuration::getConfig('config-login-infocard.php');
+ $config = SimpleSAML_Configuration::getInstance();
+ $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$idp_key = $autoconfig->getValue('idp_key');
$sts_crt = $autoconfig->getValue('sts_crt');
$Infocard = $autoconfig->getValue('InfoCard');
diff --git a/modules/InfoCard/lib/RP/InfoCard.php b/modules/InfoCard/lib/RP/InfoCard.php
index b4331104578ea8af3fb7075d72145380c08b39d9..254c3013908da7e6adf2562739a4eabd8b6ea88f 100644
--- a/modules/InfoCard/lib/RP/InfoCard.php
+++ b/modules/InfoCard/lib/RP/InfoCard.php
@@ -53,17 +53,16 @@ class sspmod_InfoCard_RP_InfoCard
public function addSTSCertificate($sts_crt){
$this->_sts_crt = $sts_crt;
- if(!file_exists($sts_crt) && ($sts_crt!=NULL) ) {
- throw new Exception("STS certificate does not exists");
- }
- if(!is_readable($sts_crt)) {
+ if(($sts_crt==NULL) || (strcmp($sts_crt,'')==0)) {
+ SimpleSAML_Logger::debug('WARNING: No STS certificate is set, ALL TOKENS WILL BE ACCEPTED');
+ }else if( (!file_exists($sts_crt)) || (!is_readable($sts_crt))) {
throw new Exception("STS certificate is not readable");
}
}
- public function addIDPKey($private_key_file, $password = null){
+ public function addIDPKey($private_key_file, $password = NULL){
$this->_private_key_file = $private_key_file;
$this->_password = $password;
@@ -119,6 +118,7 @@ SimpleSAML_Logger::debug('IC: secureToken');
$decryptedToken = self::decryptToken($xmlToken);
}
catch(Exception $e) {
+ SimpleSAML_Logger::debug('ProcSecToken '.$e);
$retval->setError('Failed to extract assertion document');
throw new Exception('Failed to extract assertion document');
$retval->setCode(Zend_InfoCard_Claims::RESULT_PROCESSING_FAILURE);
diff --git a/modules/InfoCard/lib/UserFunctions.php b/modules/InfoCard/lib/UserFunctions.php
index 4c49fff77c9d3eed43e0f5f0b9d23c5312147767..73b8da64abb5c8140140364d85e218712229deba 100644
--- a/modules/InfoCard/lib/UserFunctions.php
+++ b/modules/InfoCard/lib/UserFunctions.php
@@ -2,27 +2,46 @@
/*
* AUTHOR: Samuel Muñoz Hidalgo
* EMAIL: samuel.mh@gmail.com
-* LAST REVISION: 22-DEC-08
-* DESCRIPTION: edit this functions to fit your needs
+* LAST REVISION: 13-FEB-09
+* DESCRIPTION: Functions for interconecting the system with your data model.
+* Edit this functions to fit your needs
*/
class sspmod_InfoCard_UserFunctions {
- /* Called by getinfocard.php and tokenservice.php
- * INPUT: user and password
+
+ /* Called by www/getinfocard.php and tokenservice.php
+ * INPUT: credencial data (array), and type of credential
* OUTPUT: true if the data is correct or false in other case
*/
- static public function validateUser($user,$pass){
+ static public function validateUser($credential,$type){
$status=false;
- if( (strcmp($user,'usuario')==0) && (strcmp($pass,'clave')==0) ){
- $status=true;
+ switch($type){
+ case 'UsernamePasswordCredential':
+ if( (strcmp($credential['username'],'usuario')==0) && (strcmp($credential['password'],'clave')==0) )
+ $status=true;
+ break;
+ case 'KerberosV5Credential':
+ break;
+ case 'X509V3Credential':
+ break;
+ case 'SelfIssuedCredential':
+ //$credential['PPID']
+ $status = true;
+ break;
+ default:
+ break;
+ }
+ if (!$pass==NULL){ //Username/Password credentials
+
+ }else { //PPID credential
}
return $status;
}
- /* Called by tokenservice.php
+ /* Called by www/tokenservice.php
* INPUT: username, configured required claims, configured optional claims and requested claims
* OUTPUT: array of claims wiht value and display tag.
*/
@@ -47,28 +66,48 @@ class sspmod_InfoCard_UserFunctions {
}
- /* Called by getinfocard.php
+
+ /*
+ * INPUT: Unified way to create a single card identificator for a user
+ * OUTPUT: User's card Identificator
+ */
+ static public function generate_card_ID($user) {
+ return 'urn:self-sts.uah.es:'.$user;
+ }
+
+
+
+ /* Called by www/getinfocard.php
* INPUT: valid username
* OUTPUT: array containing user data to create its InfoCard
*/
- static public function fillICdata($user) {
+ static public function fillICdata($user,$UserCredential,$ppid=NULL) {
$ICdata = array();
- $ICdata['CardId'] = 'urn:sts.uah.es:'.$user;
- $ICdata['CardName'] = $user."-IC";
+ $ICdata['CardId'] = sspmod_InfoCard_UserFunctions::generate_card_ID($user);
+ $ICdata['CardName'] = $user."-SELFCREDENTIAL-IC";
$ICdata['CardImage'] = '/var/simplesaml/modules/InfoCard/www/resources/demoimage.png';
$ICdata['TimeExpires'] = "9999-12-31T23:59:59Z";
//Credentials
$ICdata['DisplayCredentialHint'] = 'Enter your password';
- $ICdata['UserCredential'] = 'UsernamePasswordCredential'; //UsernamePasswordCredential, KerberosV5Credential, X509V3Credential, SelfIssuedCredential
- $ICdata['UserName'] = 'usuario'; //UsernamePasswordCredential
- $ICdata['KeyIdentifier'] = NULL; //X509V3Credential
- $ICdata['PPID'] = NULL; //SelfIssuedCredential
+ switch($UserCredential){
+ case 'UsernamePasswordCredential':
+ $ICdata['UserName'] = $user;
+ break;
+ case 'KerberosV5Credential':
+ break;
+ case 'X509V3Credential':
+ $ICdata['KeyIdentifier'] = NULL; //X509V3Credential
+ break;
+ case 'SelfIssuedCredential':
+ $ICdata['PPID'] = $ppid;
+ break;
+ default:
+ break;
+ }
-SimpleSAML_Logger::debug('ICDATA: '.$ICdata['CardImage']);
return $ICdata;
}
-
}
?>
\ No newline at end of file
diff --git a/modules/InfoCard/www/STS_card_issuer.php b/modules/InfoCard/www/STS_card_issuer.php
new file mode 100755
index 0000000000000000000000000000000000000000..ca25933792645e2de2f1045c5d9f6b59c119deca
--- /dev/null
+++ b/modules/InfoCard/www/STS_card_issuer.php
@@ -0,0 +1,288 @@
+<?php
+
+/*
+* AUTHOR: Samuel Muñoz Hidalgo
+* EMAIL: samuel.mh@gmail.com
+* LAST REVISION: 24-APR-09
+* DESCRIPTION:
+* Will send cards to other applications via web.
+* Symmetric cryptography and IP filtering are available.
+*/
+
+
+/*
+* DESCRIPTION: used to encode the data attribute sent GET method
+* TAKEN FROM: http://es2.php.net/manual/es/function.base64-encode.php#63543
+*/
+function urlsafe_b64encode($string) {
+ $data = base64_encode($string);
+ $data = str_replace(array('+','/','='),array('-','_',''),$data);
+ return $data;
+}
+
+
+/*
+* DESCRIPTION: used to decode the data attribute sent GET method
+* TAKEN FROM: http://es2.php.net/manual/es/function.base64-encode.php#63543
+*/
+function urlsafe_b64decode($string) {
+ $data = str_replace(array('-','_'),array('+','/'),$string);
+ $mod4 = strlen($data) % 4;
+ if ($mod4) {
+ $data .= substr('====', $mod4);
+ }
+ return base64_decode($data);
+}
+
+
+/*CASE 1 AND 2
+* -Has Organization
+* -And chains to a trusted root CA
+* -NOTE: Based on V1.0, written for compatibility with DigitalMe PPID calculation
+*/
+function calculate_RP_PPID_Seed_2_2007 ($certs) {
+ $check_cert = openssl_x509_read(file_get_contents($certs[0]));
+ $array = openssl_x509_parse($check_cert);
+ openssl_x509_free($check_cert);
+ $OrgIdString = ('|O="'.$array['subject']['O'].'"|L="'.$array['subject']['L'].'"|S="'.$array['subject']['ST'].'"|C="'.$array['subject']['C'].'"|');
+ $numcerts = sizeof($certs);
+ for($i=1;$i<$numcerts;$i++){
+ $check_cert = openssl_x509_read(file_get_contents($certs[$i]));
+ $array = openssl_x509_parse($check_cert);
+ openssl_x509_free($check_cert);
+ $tmpstring = '|ChainElement="CN='.$array['subject']['CN'].', OU='.$array['subject']['OU'].', O='.$array['subject']['O'].', L='.$array['subject']['L'].', S='.$array['subject']['ST'].', C='.$array['subject']['C'].'"';
+ $OrgIdString = $tmpstring.$OrgIdString;
+ }
+ $OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
+ $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
+ return $RPPPIDSeed;
+}
+
+
+/*
+* DESCRIPTION: Calculate the PPID for a card
+* INPUT: card ID, and RP certificates
+* OUTPUT: PPID asociated to a Relying Party
+*/
+function calculate_PPID($cardid, $rp_cert) {
+ $CardIdBytes = iconv("ISO-8859-1", "UTF-16LE", $cardid);
+ $CanonicalCardId = hash('sha256', $CardIdBytes,TRUE);
+ $RPPPIDSeed = calculate_RP_PPID_Seed_2_2007($rp_cert);
+ $PPID = hash('sha256', $RPPPIDSeed.$CanonicalCardId,TRUE);
+ return $PPID;
+}
+
+
+/*
+*
+* INPUT: VOID
+* OUPUT: String with the invoked URL
+*/
+function curPageURL() {
+ $pageURL = 'http';
+ if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
+ $pageURL .= "://";
+ if ($_SERVER["SERVER_PORT"] != "80") {
+ $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
+ } else {
+ $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
+ }
+ return $pageURL;
+}
+
+
+
+
+//TAD
+
+/*
+* INPUT: String (attribute length + attribute not begginning with a number) n times , number of attributes
+* OUPUT: Array with attributes in order
+*/
+function parse_attributes($parsing_string, $num_attrs){
+ for ($i=0 ; $i<$num_attrs ; $i++) {
+ if (preg_match('/^[\d]*/', $parsing_string, $res)){
+ if (!($output[$i] = substr($parsing_string,strlen($res[0]),$res[0]))){
+ return null;
+ }
+ $parsing_string = substr($parsing_string, strlen($res[0])+strlen($output[$i]));
+ } else {
+ return null;
+ }
+ }
+ return $output;
+}
+
+
+/*
+* Enable downloading an specific card, store Radius request
+* INPUT: username, cardid, and radius request time
+* OUTPUT; uuid of the stored request
+*/
+function enable_download($username, $cardid){
+ //almacenar existencia
+
+ //Add Timestamp to response
+ $time = 'x'.time(); //Cannot start with a number
+
+ $uuid = uniqid();
+ $handle = fopen("/tmp/$uuid",'w');
+ if ($handle) {
+ fwrite($handle, strlen($username).$username.strlen($cardid).$cardid.strlen($time).$time);
+ fclose ($handle);
+ return $uuid;
+ } else {
+ return false;
+ }
+}
+
+
+/*
+* Disable downloading an specific card, should be called when ending a request = Infocard is Issued
+*
+*/
+function disable_download($uuid){
+ unlink("/tmp/$uuid");
+}
+
+
+/*
+* ÂżShould I generate a card?
+*
+*/
+function is_card_enabled($uuid, $delivery_time){
+ $now = time();
+ $filename = "/tmp/$uuid";
+
+ //File check
+ if (!file_exists($filename)) return false; //File doesn't exist
+
+ //Time check
+ $handle = fopen($filename,'r');
+ if ($handle) {
+ $data = fread($handle, filesize($filename));
+ fclose ($handle);
+
+ $parsed_data = parse_attributes($data, 3);
+ $parsed_data[2] = substr($parsed_data[2],1); //Extracting numeric value
+
+ $time = $parsed_data[2];
+ $endtime = $time + $delivery_time;
+ if (($now<=$time)||($now>$endtime)) return false; //Incorrect time
+ return $parsed_data;
+ } else {
+ return false; //Could not read the file
+ }
+
+}
+
+
+/*
+* Check if the user is in the connected table
+* Update the row with the created Infocard card_ID
+*/
+function DB_update_connected_user ($username, $DB_params){
+ $card_id = sspmod_InfoCard_UserFunctions::generate_card_ID($username);;
+ $dbconn = pg_connect('host='.$DB_params['DB_host'].' port='.$DB_params['DB_port'].' dbname='.$DB_params['DB_dbname'].' user='.$DB_params['DB_user'].' password='.$DB_params['DB_password']);
+ $result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("$username")));
+ if ($result[0]){
+ pg_update($dbconn, 'connected_users', array('card_id'=>$card_id), array('name'=>$username));
+ return true;
+ } else {
+ return false;
+ }
+}
+
+
+
+$config = SimpleSAML_Configuration::getInstance();
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+$configuredIP = $autoconfig->getValue('configuredIP');
+
+
+//RADIUS Request - Send One Time URL
+if ( (strcmp($_GET['ident'],'RADIUS')==0) && (($configuredIP == null) || ($_SERVER['REMOTE_ADDR'] == $configuredIP)) ){
+
+ /* Load the configuration. */
+ $key = $autoconfig->getValue('symmetric_key');
+ $internalkey = hash('sha256', $autoconfig->getValue('internal_key'));
+
+ $encrequest = urlsafe_b64decode($_GET['data']);
+ if (!$encrequest) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+
+ // Encryption
+ if ($key!=null) {
+ $iv = urlsafe_b64decode($_GET['iv']);
+ if (!$iv) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+ $enckey = hash('sha256', $key);
+ $request = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, pack("H*",$enckey), $encrequest, MCRYPT_MODE_CBC, $iv);
+ } else {
+ $request = $encrequest;
+ }
+
+ //Parse Attributes (username lenght + username + cardid length + cardid)
+ $parsed_request = parse_attributes($request, 2);
+
+
+ //Enable card for downloading (username+cardid+time)
+ $response = enable_download($parsed_request[0],$parsed_request[1]);
+ if(!$response) throw new SimpleSAML_Error_NotFound('FUNCTION enable_download, error accessing directory');
+
+
+ // Encrypt response for myself
+ $response = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, pack("H*",$internalkey), $response, MCRYPT_MODE_CBC, $iv);
+ $response = preg_replace('/\?.*/','',curPageURL()).'?data='.urlsafe_b64encode($response).'&iv='.urlsafe_b64encode($iv);
+
+
+ // Encrypt response for RADIUS
+ if ($key!=null){
+ $encresponse = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, pack("H*",$enckey), $response, MCRYPT_MODE_CBC, $iv);
+ } else {
+ $encresponse = $response;
+ }
+
+ // Send URL
+ print base64_encode($encresponse);
+
+} else { //Client Resquest- Send InfoCard
+ //Get Attributes
+ $encrequest = urlsafe_b64decode($_GET['data']);
+ $iv = urlsafe_b64decode($_GET['iv']);
+ if ((!$encrequest)||(!$iv)) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+
+ /* Load the configuration. */
+ $internalkey = hash('sha256', $autoconfig->getValue('internal_key'));
+ $certificates = $autoconfig->getValue('certificates');
+ $ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
+ $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
+ $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
+ $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
+ $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
+ $ICconfig['certificates'] = $autoconfig->getValue('certificates');
+ $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
+ $IC_lifetime_delivery = $autoconfig->getValue('IC_lifetime_delivery');
+ $DB_params = $autoconfig->getValue('DB_params');
+
+ // Encryption
+ $request = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, pack("H*",$internalkey), $encrequest, MCRYPT_MODE_CBC, $iv);
+
+ $parsed_request = is_card_enabled($request, $IC_lifetime_delivery);
+ if ($parsed_request && DB_update_connected_user($parsed_request[0], $DB_params)) {
+ // Calculate PPID
+ $ppid = base64_encode(calculate_PPID($parsed_request[1], $certificates));
+
+ // Create InfoCard
+ $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($parsed_request[0],$ICconfig['UserCredential'],$ppid);
+ $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
+
+ disable_download($request);
+
+ //Send Infocard
+ print ($IC);
+ } else {
+ throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+ }
+}
+
+
+?>
diff --git a/modules/InfoCard/www/crt/CA.crt b/modules/InfoCard/www/crt/CA.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f3f2272f00a84280d0b94cd6c83b7eeee2a25581
--- /dev/null
+++ b/modules/InfoCard/www/crt/CA.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAuqgAwIBAgIJAM6AlUloXfWSMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD
+VQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRswGQYDVQQHFBJBbGNhbMOhIGRlIEhl
+bmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UECxMDYXV0MS8wLQYDVQQDFCZBdXRv
+cmlkYWQgZGUgQ2VydGlmaWNhY2nDs24gZGUgcHJ1ZWJhczAeFw0wODExMTMxMzIx
+MDRaFw0wOTEyMTgxMzIxMDRaMIGIMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFk
+cmlkMRswGQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEM
+MAoGA1UECxMDYXV0MS8wLQYDVQQDFCZBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2nD
+s24gZGUgcHJ1ZWJhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3QvxPbtC
+BkfAbYmEWBP6TjNJ7kU8CI0BwZGoTOIS5EqjyS0Jz0Mlh0FZ4vj6hoJYIlormmIs
+t9LdAynLVDiCOpvSJ0D9mUgXWEBLfF+UDg/QLiQ9k+Qckb/PwcwhV0C/JWO0U1YG
+oYIXttY5TVltlAN9zcmikHbru9DG95CDd98CAwEAAaOB8DCB7TAdBgNVHQ4EFgQU
+ky9O6zUrm7JEqmqqLuJ93xwsIZcwgb0GA1UdIwSBtTCBsoAUky9O6zUrm7JEqmqq
+LuJ93xwsIZehgY6kgYswgYgxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQx
+GzAZBgNVBAcUEkFsY2Fsw6EgZGUgSGVuYXJlczEMMAoGA1UEChMDVUFIMQwwCgYD
+VQQLEwNhdXQxLzAtBgNVBAMUJkF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjacOzbiBk
+ZSBwcnVlYmFzggkAzoCVSWhd9ZIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOBgQBkVetV0rzJgkwg68dyy3Qd9gdc1P5sCd8DUkc0t9CAMaaEtpUCCVVcwL7r
+9yz65wzTZ+I39SsGMXaMRIgB2/ztvmifzaMZgN1AjTc8g6UhyG7sSdB61UizSM71
+cU1gA4pT69qZATLa2TZf6mc5kTapOC+yanD+ZcIZEKtLxXuvLg==
+-----END CERTIFICATE-----
diff --git a/modules/InfoCard/www/crt/idp.crt b/modules/InfoCard/www/crt/idp.crt
new file mode 100755
index 0000000000000000000000000000000000000000..547af1cb172999ade074cf81554709ef1cac4160
--- /dev/null
+++ b/modules/InfoCard/www/crt/idp.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICcDCCAdkCCQDcBO8XUWUkezANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+RVMxDzANBgNVBAgTBk1hZHJpZDEbMBkGA1UEBxQSQWxjYWzDoSBkZSBIZW5hcmVz
+MQwwCgYDVQQKEwNVQUgxDDAKBgNVBAsTA2F1dDEvMC0GA1UEAxQmQXV0b3JpZGFk
+IGRlIENlcnRpZmljYWNpw7NuIGRlIHBydWViYXMwHhcNMDgxMjE1MDkxMzM1WhcN
+MDkwNjEzMDkxMzM1WjBwMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRsw
+GQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UE
+CxMDYXV0MRcwFQYDVQQDEw5pZHAuYXV0LnVhaC5lczCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA1Qhw5haQBTdgBezWPsyMMRiK6XMN9vfLuKTQ2i9JJZVTZ6wV
+3nn2aP8bEnPRjd+ODFlJIM9q3JbeOeOFAvZQ81VsXoi5rxD7CifRMg7xajLAPHVh
+YcEbgi4wVNqTI+xCjlQI8Sy4v2srmFbz4QEfwEHhzQBQUCZ/46Y02AcvHfECAwEA
+ATANBgkqhkiG9w0BAQUFAAOBgQDKtztb0jZLqSrWt6c+pf/Sjincw1gBbWCPcVFD
+B/x/vkR5sj0+7dhRrRjm5w7hXFKVMEHy5DY0yTl1ft3nziPBZHcUGDeW/q30JP+r
+lgvRhgR5++/OHX3dGMFgI0++4qjrF/qSiyTnuhOZ7KhUZCt70+En8Gpgj0nBcmlL
+/q3I5w==
+-----END CERTIFICATE-----
diff --git a/modules/InfoCard/www/crt/sts.crt b/modules/InfoCard/www/crt/sts.crt
new file mode 100755
index 0000000000000000000000000000000000000000..673cd53b66a0c274e6cd11425578629cca5f7866
--- /dev/null
+++ b/modules/InfoCard/www/crt/sts.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICcDCCAdkCCQDcBO8XUWUkfDANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+RVMxDzANBgNVBAgTBk1hZHJpZDEbMBkGA1UEBxQSQWxjYWzDoSBkZSBIZW5hcmVz
+MQwwCgYDVQQKEwNVQUgxDDAKBgNVBAsTA2F1dDEvMC0GA1UEAxQmQXV0b3JpZGFk
+IGRlIENlcnRpZmljYWNpw7NuIGRlIHBydWViYXMwHhcNMDgxMjE1MDkxNDM1WhcN
+MDkwNjEzMDkxNDM1WjBwMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRsw
+GQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UE
+CxMDYXV0MRcwFQYDVQQDEw5zdHMuYXV0LnVhaC5lczCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAu11nvzu3VKweL2qRE6McFscX2L8x477tb4bdmsvK0F0sHAs6
+YCRuQFEHAK4+Y6I2SE2NVy/c8hV+MBXEBc1UUy9X3d5bUQMzWZflFy3lyH6j5+hY
+5JNaz8bJOkzLy3/3NbYOwG5Xw3a4kBkBtCuB5udR2RPaR+XrOaN7636krZMCAwEA
+ATANBgkqhkiG9w0BAQUFAAOBgQA/LExkDztctITadXpxOrz0Ejgh8DbtSa/2lyAz
+BixnLaa6acnG4i/lmEhnjWdwBf5+a3HqGIp2aUbXzZCDo5iVoR7RCStSxLDXXWeQ
+w4xm/820m6xzi9BamqG3JlxSAem4z7yZzA5MKPfSCmtkJwkVntwvOjvQjedYPWpK
+exOdJw==
+-----END CERTIFICATE-----
diff --git a/modules/InfoCard/www/getcardform.php b/modules/InfoCard/www/getcardform.php
index 27d7d85ecd23cbc7332d6f40be5c27d1cbd8377c..5be85584b5235b9f60d45b31f3f3e1a75025d9c6 100644
--- a/modules/InfoCard/www/getcardform.php
+++ b/modules/InfoCard/www/getcardform.php
@@ -13,7 +13,7 @@
/* Load the configuration. */
$config = SimpleSAML_Configuration::getInstance();
-$autoconfig = SimpleSAML_Configuration::getConfig('config-login-infocard.php');
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$Infocard = $autoconfig->getValue('InfoCard');
@@ -78,6 +78,7 @@ if(array_key_exists('form', $_POST) && ($_POST['form']!=NULL) ) {
$claims = $token->process($_POST['xmlToken']);
if(($claims->isValid()) && ($claims->privatepersonalidentifier!=NULL)) {
$ppid = $claims->privatepersonalidentifier;
+ SimpleSAML_Logger::debug("PPID = $ppid");
$ICconfig['InfoCard'] = $Infocard;
$ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
diff --git a/modules/InfoCard/www/login-infocard.php b/modules/InfoCard/www/login-infocard.php
index 77c13e38b7c0ee9c938d219dbd31297c18d34968..af12e8f85300d961c2a58c62401565e70408836d 100644
--- a/modules/InfoCard/www/login-infocard.php
+++ b/modules/InfoCard/www/login-infocard.php
@@ -13,7 +13,7 @@
/* Load the configuration. */
$config = SimpleSAML_Configuration::getInstance();
-$autoconfig = SimpleSAML_Configuration::getConfig('config-login-infocard.php');
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$server_key = $autoconfig->getValue('server_key');
$server_crt = $autoconfig->getValue('server_crt');
diff --git a/modules/InfoCard/www/mex.php b/modules/InfoCard/www/mex.php
index 8fd9d03041f2174cce210cf17d5f4e4d20368903..43c6554c63899d587a37af19fde6b8c94bb2dc0c 100644
--- a/modules/InfoCard/www/mex.php
+++ b/modules/InfoCard/www/mex.php
@@ -19,7 +19,8 @@ if ($method == "POST"){
}
-$autoconfig = SimpleSAML_Configuration::getConfig('config-login-infocard.php');
+$config = SimpleSAML_Configuration::getInstance();
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
$ICconfig['certificates'] = $autoconfig->getValue('certificates');
$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
diff --git a/modules/InfoCard/www/prueba.php b/modules/InfoCard/www/prueba.php
new file mode 100755
index 0000000000000000000000000000000000000000..8376b34d0bc47f140f00ab1a78152485b06e781b
--- /dev/null
+++ b/modules/InfoCard/www/prueba.php
@@ -0,0 +1,162 @@
+<?php
+
+$DB_host = 'localhost';
+$DB_port = '5432';
+$DB_dbname = 'db1';
+$DB_user = 'user1';
+$DB_password = 'pass1';
+
+
+$username = 'enrique';
+$card_id = '1234567';
+$dbconn = pg_connect("host=$DB_host port=$DB_port dbname=$DB_dbname user=$DB_user password=$DB_password ");
+$result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("$username")));
+if ($result[0]){
+ pg_update($dbconn, 'connected_users', array('card_id'=>$card_id), array('name'=>$username));
+ print_r ($result);
+} else {
+ echo 'error';
+}
+
+
+// echo pg_last_error($dbconn);
+// if (!$result) {
+// echo 'FALLO';
+// } else {
+// print "result: $result </br>";
+// $row=pg_fetch_all($result);
+// print "ROW: $row </br>";
+// // print_r ($result);
+// print_r ($row);
+// }
+
+pg_close($dbconn);
+
+
+// $handle = fopen('/tmp/prueba2.txt','w');
+// fwrite($handle, 'prueba');
+// fclose ($handle);
+
+
+//
+// phpinfo();
+//
+//
+// $config = SimpleSAML_Configuration::getInstance();
+// $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+//
+// $certificates = $autoconfig->getValue('certificates');
+//
+//
+//
+//
+//
+//
+//
+// function takePublicKey($cert) {
+// $pkey = openssl_get_publickey(file_get_contents($cert));
+// $keyData = openssl_pkey_get_details($pkey);
+// $key = $keyData['key'];
+// $key = str_replace('-----BEGIN PUBLIC KEY-----', '', $key);
+// $key = str_replace('-----END PUBLIC KEY-----', "", $key);
+// $key = str_replace("\n", "", $key);
+// return $key;
+// }
+//
+// /*CASE 1 AND 2
+// * -Has Organization
+// * -And chains to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_2_2007 ($certs) {
+// $check_cert = openssl_x509_read(file_get_contents($certs[0]));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $OrgIdString = ('|O="'.$array['subject']['O'].'"|L="'.$array['subject']['L'].'"|S="'.$array['subject']['ST'].'"|C="'.$array['subject']['C'].'"|');
+// print_r ($array);
+// print '<br>';
+//
+// $numcerts = sizeof($certs);
+// for($i=1;$i<$numcerts;$i++){
+// $check_cert = openssl_x509_read(file_get_contents($certs[$i]));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $tmpstring = '|ChainElement="CN='.$array['subject']['CN'].', OU='.$array['subject']['OU'].', O='.$array['subject']['O'].', L='.$array['subject']['L'].', S='.$array['subject']['ST'].', C='.$array['subject']['C'].'"';
+// $OrgIdString = $tmpstring.$OrgIdString;
+// }
+//
+// print '<br>CALCULADA'.iconv("UTF-8", "ISO-8859-1", $OrgIdString).'<br>';
+// print '<br>VERDADERA = |ChainElement="CN=Autoridad de Certificación de pruebas, OU=aut, O=UAH, L=Alcalá de Henares, S=Madrid, C=ES"|O="UAH"|L="Alcalá de Henares"|S="Madrid"|C="ES"|<br>';
+// $OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
+// $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
+// return $RPPPIDSeed;
+// }
+//
+//
+// /*CASE 1 AND 2
+// * -Has Organization
+// * -And chains to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_2008 ($rp_cert) {
+// $check_cert = openssl_x509_read(file_get_contents($rp_cert));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $OrgIdString = ('|O="'.$array[subject][O].'"|L="'.$array[subject][L].'"|S="'.$array[subject][ST].'"|C="'.$array[subject][C].'"|');
+// print_r ($array);
+// $OrgIdBytes = iconv("ISO-8859-1", "UTF-16LE", $OrgIdString);
+// $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
+// return $RPPPIDSeed;
+// }
+//
+//
+// /*CASE 3
+// * -Has empty or NO Organization value
+// * -And has an empty or no Common Name (CN)
+// * -Or does not chain to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_3 ($rp_cert) {
+// $pubKey = base64_decode(takePublicKey($rp_cert));
+// $RPPPIDSeed = hash('sha256',$pubKey );
+// return $RPPPIDSeed;
+// }
+//
+//
+// /*CASE 4
+// * -Has empty or NO Organization value
+// * -And has a non-empty Common Name (CN) value
+// * -And chains to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_4 ($rp_cert) {
+// $check_cert = openssl_x509_read(file_get_contents($rp_cert));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $CnIdString = '|CN="'.$array['subject']['CN'].'"|';
+// print $CnIdString;
+// $CnIdBytes = iconv("ISO-8859-1", "UTF-16LE", $CnIdString);
+// $RPPPIDSeed = hash('sha256', $CnIdBytes, TRUE);
+// return $RPPPIDSeed;
+// }
+//
+//
+// function calculate_PPID($cardid, $rp_cert) {
+// $CardIdBytes = iconv("ISO-8859-1", "UTF-16LE", $cardid);
+// $CanonicalCardId = hash('sha256', $CardIdBytes,TRUE);
+// $RPPPIDSeed = calculate_RP_PPID_Seed_2_2007($rp_cert);
+// print "<br> rp seed ".base64_encode($RPPPIDSeed)."<br>";
+// print "<br> canonical cardid ".base64_encode($CanonicalCardId)."<br>";
+// $PPID = hash('sha256', $RPPPIDSeed.$CanonicalCardId,TRUE);
+// return $PPID;
+// }
+//
+//
+// function get_OrgIdString($cert){
+// }
+//
+// //PPID: nQIBQqEnme/4SytR1GMxMJUdzU7NdzyYnaHas8fzekc=
+//
+// //Cardid: urn:uuid:bbe3ecf5-900b-d249-b9a7-e7c261fdf189, ... VRL-QVCK-GHF
+// //PPID: +8mxdRW+9Trqxd3CwQZUKGlYZBjdgmHpgA7/PsQM5yA=
+// print base64_encode(calculate_PPID('urn:uuid:bbe3ecf5-900b-d249-b9a7-e7c261fdf189', $certificates));
+//
+// // print base64_encode(pack('H*','0939625DA3A93E44F52D72AE4246EE54DE265D84'));
+//
+?>
diff --git a/modules/InfoCard/www/resources/demoimage.png b/modules/InfoCard/www/resources/demoimage.png
index 8242048599b7ccf3067657330ded38cec3f92f28..88efaef30bb677603bf5712d9fe9300cabf1e2d2 100644
Binary files a/modules/InfoCard/www/resources/demoimage.png and b/modules/InfoCard/www/resources/demoimage.png differ
diff --git a/modules/InfoCard/www/resources/demoimage_no_indexada.png b/modules/InfoCard/www/resources/demoimage_no_indexada.png
new file mode 100755
index 0000000000000000000000000000000000000000..8242048599b7ccf3067657330ded38cec3f92f28
Binary files /dev/null and b/modules/InfoCard/www/resources/demoimage_no_indexada.png differ
diff --git a/modules/InfoCard/www/tokenservice.php b/modules/InfoCard/www/tokenservice.php
index f9ad93fcca6301936e6c322320660002b2860dc1..081ac21b694fde73e8ce870f4eb452c9227d7ea4 100644
--- a/modules/InfoCard/www/tokenservice.php
+++ b/modules/InfoCard/www/tokenservice.php
@@ -45,6 +45,7 @@ function decryptMcrypt($data,$key) {
Header('Content-Type: application/soap+xml;charset=utf-8');
+$config = SimpleSAML_Configuration::getInstance();
SimpleSAML_Logger::debug('Tokenservice');
$token = new DOMDocument();
@@ -56,7 +57,7 @@ $cardId = $doc->getElementsByTagname('CardId')->item(0)->nodeValue;
$authenticated = false;
-$autoconfig = SimpleSAML_Configuration::getConfig('config-login-infocard.php');
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
$debugDir = $autoconfig->getValue('debugDir');
@@ -123,7 +124,7 @@ print($response);
//LOG
if ($debugDir!=null){
- $handle=fopen($debugDir.'/'.$messageid.".log","w");
+ $handle=fopen($debugDir.'/'.$messageid.'.log','w');
fwrite($handle," ------ InfoCard simpleSAMLphp Module LOG ------\n\n");
fwrite($handle,"-- TIME: ".gmdate('Y-m-d').' '.gmdate('H:i:s')."\n");
fwrite($handle,"-- MESSAGE ID: ".$messageid."\n\n\n");
diff --git a/modules/InfoCard/www/x509.php b/modules/InfoCard/www/x509.php
new file mode 100755
index 0000000000000000000000000000000000000000..2b9416a7c0d083c20f2e03eb9d86f2d28a48bdf3
--- /dev/null
+++ b/modules/InfoCard/www/x509.php
@@ -0,0 +1,6 @@
+
+<?php
+
+print 'x509';
+
+?>
\ No newline at end of file