<?php
/*
* AUTHOR: Samuel Muñoz Hidalgo
* EMAIL: [email protected]
* LAST REVISION: 13-FEB-09
* DESCRIPTION:
* Pretty form to get a managed InfoCard
* User flow controller.
* Displays the template and request a non null xmlToken
*/
/* Load the configuration. */
$config = SimpleSAML_Configuration::getInstance();
$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$Infocard = $autoconfig->getValue('InfoCard');
/* Load the session of the current user. */
$session = SimpleSAML_Session::getSessionFromRequest();
if (!array_key_exists('AuthState', $_REQUEST)) {
SimpleSAML_Logger::debug('NO AUTH STATE');
SimpleSAML_Logger::debug('ERROR: NO AUTH STATE');
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
} else {
$authStateId = $_REQUEST['AuthState'];
SimpleSAML_Logger::debug('AUTH STATE: '.$authStateId);
}
$username = null;
$password = null;
$state = "validate";
if(array_key_exists('form', $_POST) && ($_POST['form']!=NULL) ) {
if(array_key_exists('username', $_POST) && ($_POST['username']!=NULL) ) {
if(array_key_exists('password', $_POST) && ($_POST['password']!=NULL) ) {
//Validation: Username/Password
$username = $_POST['username'];
$password = $_POST['password'];
if (sspmod_InfoCard_UserFunctions::validateUser(array('username'=>$username,'password'=>$password),'UsernamePasswordCredential')){
$userCredential = $autoconfig->getValue('UserCredential');
if (strcmp($userCredential,'UsernamePasswordCredential')==0){
$ICconfig['InfoCard'] = $Infocard;
$ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
$ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
$ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
$ICconfig['certificates'] = $autoconfig->getValue('certificates');
$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
$ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username,$userCredential);
$IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
header("Content-Disposition: attachment; filename=\"".$ICdata['CardName'].".crd\"");
header('Content-Type: application/x-informationcard');
header('Content-Length:'.strlen($IC));
echo $IC;
$state = 'end';
}else if (strcmp($userCredential,'SelfIssuedCredential')==0){
/*
* VERY IMPORTANT:
* The STS is acting as a Relying Party to get the PPID in order to generate a
* managed card with a self issued credential, that's why we use the STS
* certificate private key to decrypt the token.
*/
if(array_key_exists('xmlToken', $_POST) && ($_POST['xmlToken']!=NULL) ) {
SimpleSAML_Logger::debug('HAY XML TOKEN');
$token = new sspmod_InfoCard_RP_InfoCard();
$idp_key = $autoconfig->getValue('sts_key');
$token->addIDPKey($idp_key);
$token->addSTSCertificate('');
$claims = $token->process($_POST['xmlToken']);
if(($claims->isValid()) && ($claims->privatepersonalidentifier!=NULL)) {
$ppid = $claims->privatepersonalidentifier;
SimpleSAML_Logger::debug("PPID = $ppid");
$ICconfig['InfoCard'] = $Infocard;
$ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
$ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
$ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
$ICconfig['certificates'] = $autoconfig->getValue('certificates');
$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
$ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username,$userCredential,$ppid);
$IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
header('Content-Disposition: attachment; filename="'.$ICdata['CardName'].'.crd"');
header('Content-Type: application/x-informationcard');
header('Content-Length:'.strlen($IC));
echo $IC;
$state = 'end';
}else {
SimpleSAML_Logger::debug('Wrong Self-Issued card');
$error = 'wrong_IC';
$state = "selfIssued";
}
}else{
SimpleSAML_Logger::debug('NO HAY XML TOKEN');
$error = NULL;
$state = "selfIssued";
}
}else{
SimpleSAML_Logger::debug('CONFIGURATION ERROR: UserCredential '.$userCredential.' NOT SUPPORTED');
}
}else{
$error = 'Wrong_user_pass';
SimpleSAML_Logger::debug('WRONG username or password');
}
}else{
$error = 'NO_password';
SimpleSAML_Logger::debug('NO PASSWORD');
}
}else {
$error = 'NO_user';
SimpleSAML_Logger::debug('NO USERNAME');
}
}else{
$error = NULL;
}
unset($_POST); //Show the languages bar if reloaded
$t = new SimpleSAML_XHTML_Template($config, 'InfoCard:temp-getcardform.php', 'InfoCard:dict-InfoCard'); //(configuracion, template, diccionario)
$t->data['header'] = 'simpleSAMLphp: Get your Infocard';
$t->data['stateparams'] = array('AuthState' => $authStateId);
$t->data['InfoCard'] = $Infocard;
$cardGenerator = $autoconfig->getValue('CardGenerator');
$t->data['CardGenerator'] = $cardGenerator;
$help_desk_email_URL = $autoconfig->getValue('help_desk_email_URL');
$t->data['help_desk_email_URL'] = $help_desk_email_URL;
$contact_info_URL = $autoconfig->getValue('contact_info_URL');
$t->data['contact_info_URL'] = $contact_info_URL;
$t->data['error'] = $error;
$t->data['form'] = $state;
//For testing purposes
$t->data['username']=$username;
$t->data['password']=$password;
$t->show();
exit();
?>
|
Download
