summaryrefslogtreecommitdiffstats
path: root/inc/simplesamlphp/modules/InfoCard/www
diff options
context:
space:
mode:
Diffstat (limited to 'inc/simplesamlphp/modules/InfoCard/www')
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/STS_card_issuer.php288
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/crt/CA.crt21
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/crt/idp.crt16
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/crt/sts.crt16
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/getcardform.php153
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/login-infocard.php64
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/mex.php257
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/prueba.php162
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/resources/demoimage.pngbin0 -> 15871 bytes
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/resources/infocard_114x80.pngbin0 -> 3821 bytes
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/resources/infocard_self_114x80.pngbin0 -> 9302 bytes
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/tokenservice.php139
-rw-r--r--inc/simplesamlphp/modules/InfoCard/www/x509.php6
13 files changed, 1122 insertions, 0 deletions
diff --git a/inc/simplesamlphp/modules/InfoCard/www/STS_card_issuer.php b/inc/simplesamlphp/modules/InfoCard/www/STS_card_issuer.php
new file mode 100644
index 0000000..8847f5b
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/STS_card_issuer.php
@@ -0,0 +1,288 @@
+<?php
+
+/*
+* AUTHOR: Samuel Muñoz Hidalgo
+* EMAIL: samuel.mh@gmail.com
+* LAST REVISION: 24-APR-09
+* DESCRIPTION:
+* Will send cards to other applications via web.
+* Symmetric cryptography and IP filtering are available.
+*/
+
+
+/*
+* DESCRIPTION: used to encode the data attribute sent GET method
+* TAKEN FROM: http://es2.php.net/manual/es/function.base64-encode.php#63543
+*/
+function urlsafe_b64encode($string) {
+ $data = base64_encode($string);
+ $data = str_replace(array('+','/','='),array('-','_',''),$data);
+ return $data;
+}
+
+
+/*
+* DESCRIPTION: used to decode the data attribute sent GET method
+* TAKEN FROM: http://es2.php.net/manual/es/function.base64-encode.php#63543
+*/
+function urlsafe_b64decode($string) {
+ $data = str_replace(array('-','_'),array('+','/'),$string);
+ $mod4 = strlen($data) % 4;
+ if ($mod4) {
+ $data .= substr('====', $mod4);
+ }
+ return base64_decode($data);
+}
+
+
+/*CASE 1 AND 2
+* -Has Organization
+* -And chains to a trusted root CA
+* -NOTE: Based on V1.0, written for compatibility with DigitalMe PPID calculation
+*/
+function calculate_RP_PPID_Seed_2_2007 ($certs) {
+ $check_cert = openssl_x509_read(file_get_contents($certs[0]));
+ $array = openssl_x509_parse($check_cert);
+ openssl_x509_free($check_cert);
+ $OrgIdString = ('|O="'.$array['subject']['O'].'"|L="'.$array['subject']['L'].'"|S="'.$array['subject']['ST'].'"|C="'.$array['subject']['C'].'"|');
+ $numcerts = sizeof($certs);
+ for($i=1;$i<$numcerts;$i++){
+ $check_cert = openssl_x509_read(file_get_contents($certs[$i]));
+ $array = openssl_x509_parse($check_cert);
+ openssl_x509_free($check_cert);
+ $tmpstring = '|ChainElement="CN='.$array['subject']['CN'].', OU='.$array['subject']['OU'].', O='.$array['subject']['O'].', L='.$array['subject']['L'].', S='.$array['subject']['ST'].', C='.$array['subject']['C'].'"';
+ $OrgIdString = $tmpstring.$OrgIdString;
+ }
+ $OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
+ $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
+ return $RPPPIDSeed;
+}
+
+
+/*
+* DESCRIPTION: Calculate the PPID for a card
+* INPUT: card ID, and RP certificates
+* OUTPUT: PPID asociated to a Relying Party
+*/
+function calculate_PPID($cardid, $rp_cert) {
+ $CardIdBytes = iconv("ISO-8859-1", "UTF-16LE", $cardid);
+ $CanonicalCardId = hash('sha256', $CardIdBytes,TRUE);
+ $RPPPIDSeed = calculate_RP_PPID_Seed_2_2007($rp_cert);
+ $PPID = hash('sha256', $RPPPIDSeed.$CanonicalCardId,TRUE);
+ return $PPID;
+}
+
+
+/*
+*
+* INPUT: VOID
+* OUPUT: String with the invoked URL
+*/
+function curPageURL() {
+ $pageURL = 'http';
+ if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
+ $pageURL .= "://";
+ if ($_SERVER["SERVER_PORT"] != "80") {
+ $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
+ } else {
+ $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
+ }
+ return $pageURL;
+}
+
+
+
+
+//TAD
+
+/*
+* INPUT: String (attribute length + attribute not begginning with a number) n times , number of attributes
+* OUPUT: Array with attributes in order
+*/
+function parse_attributes($parsing_string, $num_attrs){
+ for ($i=0 ; $i<$num_attrs ; $i++) {
+ if (preg_match('/^[\d]*/', $parsing_string, $res)){
+ if (!($output[$i] = substr($parsing_string,strlen($res[0]),$res[0]))){
+ return null;
+ }
+ $parsing_string = substr($parsing_string, strlen($res[0])+strlen($output[$i]));
+ } else {
+ return null;
+ }
+ }
+ return $output;
+}
+
+
+/*
+* Enable downloading an specific card, store Radius request
+* INPUT: username, cardid, and radius request time
+* OUTPUT; uuid of the stored request
+*/
+function enable_download($username, $cardid){
+ //almacenar existencia
+
+ //Add Timestamp to response
+ $time = 'x'.time(); //Cannot start with a number
+
+ $uuid = uniqid();
+ $handle = fopen(SimpleSAML_Utilities::getTempDir() . "/$uuid",'w');
+ if ($handle) {
+ fwrite($handle, strlen($username).$username.strlen($cardid).$cardid.strlen($time).$time);
+ fclose ($handle);
+ return $uuid;
+ } else {
+ return false;
+ }
+}
+
+
+/*
+* Disable downloading an specific card, should be called when ending a request = Infocard is Issued
+*
+*/
+function disable_download($uuid){
+ unlink("/tmp/$uuid");
+}
+
+
+/*
+* ¿Should I generate a card?
+*
+*/
+function is_card_enabled($uuid, $delivery_time){
+ $now = time();
+ $filename = SimpleSAML_Utilities::getTempDir() . "/$uuid";
+
+ //File check
+ if (!file_exists($filename)) return false; //File doesn't exist
+
+ //Time check
+ $handle = fopen($filename,'r');
+ if ($handle) {
+ $data = fread($handle, filesize($filename));
+ fclose ($handle);
+
+ $parsed_data = parse_attributes($data, 3);
+ $parsed_data[2] = substr($parsed_data[2],1); //Extracting numeric value
+
+ $time = $parsed_data[2];
+ $endtime = $time + $delivery_time;
+ if (($now<=$time)||($now>$endtime)) return false; //Incorrect time
+ return $parsed_data;
+ } else {
+ return false; //Could not read the file
+ }
+
+}
+
+
+/*
+* Check if the user is in the connected table
+* Update the row with the created Infocard card_ID
+*/
+function DB_update_connected_user ($username, $DB_params){
+ $card_id = sspmod_InfoCard_UserFunctions::generate_card_ID($username);;
+ $dbconn = pg_connect('host='.$DB_params['DB_host'].' port='.$DB_params['DB_port'].' dbname='.$DB_params['DB_dbname'].' user='.$DB_params['DB_user'].' password='.$DB_params['DB_password']);
+ $result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("$username")));
+ if ($result[0]){
+ pg_update($dbconn, 'connected_users', array('card_id'=>$card_id), array('name'=>$username));
+ return true;
+ } else {
+ return false;
+ }
+}
+
+
+
+$config = SimpleSAML_Configuration::getInstance();
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+$configuredIP = $autoconfig->getValue('configuredIP');
+
+
+//RADIUS Request - Send One Time URL
+if ( (strcmp($_GET['ident'],'RADIUS')==0) && (($configuredIP == null) || ($_SERVER['REMOTE_ADDR'] == $configuredIP)) ){
+
+ /* Load the configuration. */
+ $key = $autoconfig->getValue('symmetric_key');
+ $internalkey = hash('sha256', $autoconfig->getValue('internal_key'));
+
+ $encrequest = urlsafe_b64decode($_GET['data']);
+ if (!$encrequest) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+
+ // Encryption
+ if ($key!=null) {
+ $iv = urlsafe_b64decode($_GET['iv']);
+ if (!$iv) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+ $enckey = hash('sha256', $key);
+ $request = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, pack("H*",$enckey), $encrequest, MCRYPT_MODE_CBC, $iv);
+ } else {
+ $request = $encrequest;
+ }
+
+ //Parse Attributes (username lenght + username + cardid length + cardid)
+ $parsed_request = parse_attributes($request, 2);
+
+
+ //Enable card for downloading (username+cardid+time)
+ $response = enable_download($parsed_request[0],$parsed_request[1]);
+ if(!$response) throw new SimpleSAML_Error_NotFound('FUNCTION enable_download, error accessing directory');
+
+
+ // Encrypt response for myself
+ $response = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, pack("H*",$internalkey), $response, MCRYPT_MODE_CBC, $iv);
+ $response = preg_replace('/\?.*/','',curPageURL()).'?data='.urlsafe_b64encode($response).'&iv='.urlsafe_b64encode($iv);
+
+
+ // Encrypt response for RADIUS
+ if ($key!=null){
+ $encresponse = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, pack("H*",$enckey), $response, MCRYPT_MODE_CBC, $iv);
+ } else {
+ $encresponse = $response;
+ }
+
+ // Send URL
+ print base64_encode($encresponse);
+
+} else { //Client Resquest- Send InfoCard
+ //Get Attributes
+ $encrequest = urlsafe_b64decode($_GET['data']);
+ $iv = urlsafe_b64decode($_GET['iv']);
+ if ((!$encrequest)||(!$iv)) throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+
+ /* Load the configuration. */
+ $internalkey = hash('sha256', $autoconfig->getValue('internal_key'));
+ $certificates = $autoconfig->getValue('certificates');
+ $ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
+ $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
+ $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
+ $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
+ $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
+ $ICconfig['certificates'] = $autoconfig->getValue('certificates');
+ $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
+ $IC_lifetime_delivery = $autoconfig->getValue('IC_lifetime_delivery');
+ $DB_params = $autoconfig->getValue('DB_params');
+
+ // Encryption
+ $request = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, pack("H*",$internalkey), $encrequest, MCRYPT_MODE_CBC, $iv);
+
+ $parsed_request = is_card_enabled($request, $IC_lifetime_delivery);
+ if ($parsed_request && DB_update_connected_user($parsed_request[0], $DB_params)) {
+ // Calculate PPID
+ $ppid = base64_encode(calculate_PPID($parsed_request[1], $certificates));
+
+ // Create InfoCard
+ $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($parsed_request[0],$ICconfig['UserCredential'],$ppid);
+ $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
+
+ disable_download($request);
+
+ //Send Infocard
+ print ($IC);
+ } else {
+ throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
+ }
+}
+
+
+?>
diff --git a/inc/simplesamlphp/modules/InfoCard/www/crt/CA.crt b/inc/simplesamlphp/modules/InfoCard/www/crt/CA.crt
new file mode 100644
index 0000000..f3f2272
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/crt/CA.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAuqgAwIBAgIJAM6AlUloXfWSMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD
+VQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRswGQYDVQQHFBJBbGNhbMOhIGRlIEhl
+bmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UECxMDYXV0MS8wLQYDVQQDFCZBdXRv
+cmlkYWQgZGUgQ2VydGlmaWNhY2nDs24gZGUgcHJ1ZWJhczAeFw0wODExMTMxMzIx
+MDRaFw0wOTEyMTgxMzIxMDRaMIGIMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFk
+cmlkMRswGQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEM
+MAoGA1UECxMDYXV0MS8wLQYDVQQDFCZBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2nD
+s24gZGUgcHJ1ZWJhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3QvxPbtC
+BkfAbYmEWBP6TjNJ7kU8CI0BwZGoTOIS5EqjyS0Jz0Mlh0FZ4vj6hoJYIlormmIs
+t9LdAynLVDiCOpvSJ0D9mUgXWEBLfF+UDg/QLiQ9k+Qckb/PwcwhV0C/JWO0U1YG
+oYIXttY5TVltlAN9zcmikHbru9DG95CDd98CAwEAAaOB8DCB7TAdBgNVHQ4EFgQU
+ky9O6zUrm7JEqmqqLuJ93xwsIZcwgb0GA1UdIwSBtTCBsoAUky9O6zUrm7JEqmqq
+LuJ93xwsIZehgY6kgYswgYgxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQx
+GzAZBgNVBAcUEkFsY2Fsw6EgZGUgSGVuYXJlczEMMAoGA1UEChMDVUFIMQwwCgYD
+VQQLEwNhdXQxLzAtBgNVBAMUJkF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjacOzbiBk
+ZSBwcnVlYmFzggkAzoCVSWhd9ZIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOBgQBkVetV0rzJgkwg68dyy3Qd9gdc1P5sCd8DUkc0t9CAMaaEtpUCCVVcwL7r
+9yz65wzTZ+I39SsGMXaMRIgB2/ztvmifzaMZgN1AjTc8g6UhyG7sSdB61UizSM71
+cU1gA4pT69qZATLa2TZf6mc5kTapOC+yanD+ZcIZEKtLxXuvLg==
+-----END CERTIFICATE-----
diff --git a/inc/simplesamlphp/modules/InfoCard/www/crt/idp.crt b/inc/simplesamlphp/modules/InfoCard/www/crt/idp.crt
new file mode 100644
index 0000000..547af1c
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/crt/idp.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICcDCCAdkCCQDcBO8XUWUkezANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+RVMxDzANBgNVBAgTBk1hZHJpZDEbMBkGA1UEBxQSQWxjYWzDoSBkZSBIZW5hcmVz
+MQwwCgYDVQQKEwNVQUgxDDAKBgNVBAsTA2F1dDEvMC0GA1UEAxQmQXV0b3JpZGFk
+IGRlIENlcnRpZmljYWNpw7NuIGRlIHBydWViYXMwHhcNMDgxMjE1MDkxMzM1WhcN
+MDkwNjEzMDkxMzM1WjBwMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRsw
+GQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UE
+CxMDYXV0MRcwFQYDVQQDEw5pZHAuYXV0LnVhaC5lczCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA1Qhw5haQBTdgBezWPsyMMRiK6XMN9vfLuKTQ2i9JJZVTZ6wV
+3nn2aP8bEnPRjd+ODFlJIM9q3JbeOeOFAvZQ81VsXoi5rxD7CifRMg7xajLAPHVh
+YcEbgi4wVNqTI+xCjlQI8Sy4v2srmFbz4QEfwEHhzQBQUCZ/46Y02AcvHfECAwEA
+ATANBgkqhkiG9w0BAQUFAAOBgQDKtztb0jZLqSrWt6c+pf/Sjincw1gBbWCPcVFD
+B/x/vkR5sj0+7dhRrRjm5w7hXFKVMEHy5DY0yTl1ft3nziPBZHcUGDeW/q30JP+r
+lgvRhgR5++/OHX3dGMFgI0++4qjrF/qSiyTnuhOZ7KhUZCt70+En8Gpgj0nBcmlL
+/q3I5w==
+-----END CERTIFICATE-----
diff --git a/inc/simplesamlphp/modules/InfoCard/www/crt/sts.crt b/inc/simplesamlphp/modules/InfoCard/www/crt/sts.crt
new file mode 100644
index 0000000..673cd53
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/crt/sts.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICcDCCAdkCCQDcBO8XUWUkfDANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+RVMxDzANBgNVBAgTBk1hZHJpZDEbMBkGA1UEBxQSQWxjYWzDoSBkZSBIZW5hcmVz
+MQwwCgYDVQQKEwNVQUgxDDAKBgNVBAsTA2F1dDEvMC0GA1UEAxQmQXV0b3JpZGFk
+IGRlIENlcnRpZmljYWNpw7NuIGRlIHBydWViYXMwHhcNMDgxMjE1MDkxNDM1WhcN
+MDkwNjEzMDkxNDM1WjBwMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMRsw
+GQYDVQQHFBJBbGNhbMOhIGRlIEhlbmFyZXMxDDAKBgNVBAoTA1VBSDEMMAoGA1UE
+CxMDYXV0MRcwFQYDVQQDEw5zdHMuYXV0LnVhaC5lczCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAu11nvzu3VKweL2qRE6McFscX2L8x477tb4bdmsvK0F0sHAs6
+YCRuQFEHAK4+Y6I2SE2NVy/c8hV+MBXEBc1UUy9X3d5bUQMzWZflFy3lyH6j5+hY
+5JNaz8bJOkzLy3/3NbYOwG5Xw3a4kBkBtCuB5udR2RPaR+XrOaN7636krZMCAwEA
+ATANBgkqhkiG9w0BAQUFAAOBgQA/LExkDztctITadXpxOrz0Ejgh8DbtSa/2lyAz
+BixnLaa6acnG4i/lmEhnjWdwBf5+a3HqGIp2aUbXzZCDo5iVoR7RCStSxLDXXWeQ
+w4xm/820m6xzi9BamqG3JlxSAem4z7yZzA5MKPfSCmtkJwkVntwvOjvQjedYPWpK
+exOdJw==
+-----END CERTIFICATE-----
diff --git a/inc/simplesamlphp/modules/InfoCard/www/getcardform.php b/inc/simplesamlphp/modules/InfoCard/www/getcardform.php
new file mode 100644
index 0000000..c4dd9af
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/getcardform.php
@@ -0,0 +1,153 @@
+<?php
+
+/*
+* AUTHOR: Samuel Muñoz Hidalgo
+* EMAIL: samuel.mh@gmail.com
+* LAST REVISION: 13-FEB-09
+* DESCRIPTION:
+* Pretty form to get a managed InfoCard
+* User flow controller.
+* Displays the template and request a non null xmlToken
+*/
+
+
+/* Load the configuration. */
+$config = SimpleSAML_Configuration::getInstance();
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+
+$Infocard = $autoconfig->getValue('InfoCard');
+
+
+/* Load the session of the current user. */
+$session = SimpleSAML_Session::getInstance();
+
+if (!array_key_exists('AuthState', $_REQUEST)) {
+SimpleSAML_Logger::debug('NO AUTH STATE');
+SimpleSAML_Logger::debug('ERROR: NO AUTH STATE');
+ throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
+} else {
+ $authStateId = $_REQUEST['AuthState'];
+SimpleSAML_Logger::debug('AUTH STATE: '.$authStateId);
+}
+
+$username = null;
+$password = null;
+
+$state = "validate";
+if(array_key_exists('form', $_POST) && ($_POST['form']!=NULL) ) {
+ if(array_key_exists('username', $_POST) && ($_POST['username']!=NULL) ) {
+ if(array_key_exists('password', $_POST) && ($_POST['password']!=NULL) ) {
+ //Validation: Username/Password
+ $username = $_POST['username'];
+ $password = $_POST['password'];
+ if (sspmod_InfoCard_UserFunctions::validateUser(array('username'=>$username,'password'=>$password),'UsernamePasswordCredential')){
+ $userCredential = $autoconfig->getValue('UserCredential');
+ if (strcmp($userCredential,'UsernamePasswordCredential')==0){
+
+ $ICconfig['InfoCard'] = $Infocard;
+ $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
+ $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
+ $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
+ $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
+ $ICconfig['certificates'] = $autoconfig->getValue('certificates');
+ $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
+
+ $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username,$userCredential);
+ $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
+ header("Content-Disposition: attachment; filename=\"".$ICdata['CardName'].".crd\"");
+ header('Content-Type: application/x-informationcard');
+ header('Content-Length:'.strlen($IC));
+ echo $IC;
+ $state = 'end';
+ }else if (strcmp($userCredential,'SelfIssuedCredential')==0){
+ /*
+ * VERY IMPORTANT:
+ * The STS is acting as a Relying Party to get the PPID in order to generate a
+ * managed card with a self issued credential, that's why we use the STS
+ * certificate private key to decrypt the token.
+ */
+ if(array_key_exists('xmlToken', $_POST) && ($_POST['xmlToken']!=NULL) ) {
+ SimpleSAML_Logger::debug('HAY XML TOKEN');
+ $token = new sspmod_InfoCard_RP_InfoCard();
+ $idp_key = $autoconfig->getValue('sts_key');
+ $token->addIDPKey($idp_key);
+ $token->addSTSCertificate('');
+ $claims = $token->process($_POST['xmlToken']);
+ if(($claims->isValid()) && ($claims->privatepersonalidentifier!=NULL)) {
+ $ppid = $claims->privatepersonalidentifier;
+ SimpleSAML_Logger::debug("PPID = $ppid");
+ $ICconfig['InfoCard'] = $Infocard;
+ $ICconfig['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
+ $ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
+ $ICconfig['mexurl'] = $autoconfig->getValue('mexurl');
+ $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
+ $ICconfig['certificates'] = $autoconfig->getValue('certificates');
+ $ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
+
+ $ICdata = sspmod_InfoCard_UserFunctions::fillICdata($username,$userCredential,$ppid);
+ $IC = sspmod_InfoCard_STS::createCard($ICdata,$ICconfig);
+ header('Content-Disposition: attachment; filename="'.$ICdata['CardName'].'.crd"');
+ header('Content-Type: application/x-informationcard');
+ header('Content-Length:'.strlen($IC));
+ echo $IC;
+ $state = 'end';
+ }else {
+ SimpleSAML_Logger::debug('Wrong Self-Issued card');
+ $error = 'wrong_IC';
+ $state = "selfIssued";
+ }
+ }else{
+ SimpleSAML_Logger::debug('NO HAY XML TOKEN');
+ $error = NULL;
+ $state = "selfIssued";
+ }
+ }else{
+ SimpleSAML_Logger::debug('CONFIGURATION ERROR: UserCredential '.$userCredential.' NOT SUPPORTED');
+ }
+ }else{
+ $error = 'Wrong_user_pass';
+ SimpleSAML_Logger::debug('WRONG username or password');
+ }
+ }else{
+ $error = 'NO_password';
+ SimpleSAML_Logger::debug('NO PASSWORD');
+ }
+ }else {
+ $error = 'NO_user';
+ SimpleSAML_Logger::debug('NO USERNAME');
+ }
+}else{
+ $error = NULL;
+}
+
+
+unset($_POST); //Show the languages bar if reloaded
+
+$t = new SimpleSAML_XHTML_Template($config, 'InfoCard:temp-getcardform.php', 'InfoCard:dict-InfoCard'); //(configuracion, template, diccionario)
+$t->data['header'] = 'simpleSAMLphp: Get your Infocard';
+$t->data['stateparams'] = array('AuthState' => $authStateId);
+
+
+$t->data['InfoCard'] = $Infocard;
+
+$cardGenerator = $autoconfig->getValue('CardGenerator');
+$t->data['CardGenerator'] = $cardGenerator;
+
+$help_desk_email_URL = $autoconfig->getValue('help_desk_email_URL');
+$t->data['help_desk_email_URL'] = $help_desk_email_URL;
+
+$contact_info_URL = $autoconfig->getValue('contact_info_URL');
+$t->data['contact_info_URL'] = $contact_info_URL;
+
+$t->data['error'] = $error;
+$t->data['form'] = $state;
+
+//For testing purposes
+$t->data['username']=$username;
+$t->data['password']=$password;
+
+
+
+$t->show();
+exit();
+?> \ No newline at end of file
diff --git a/inc/simplesamlphp/modules/InfoCard/www/login-infocard.php b/inc/simplesamlphp/modules/InfoCard/www/login-infocard.php
new file mode 100644
index 0000000..9d0ae3b
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/login-infocard.php
@@ -0,0 +1,64 @@
+<?php
+
+/*
+* AUTHOR: Samuel Muñoz Hidalgo
+* EMAIL: samuel.mh@gmail.com
+* LAST REVISION: 13-FEB-09
+* DESCRIPTION:
+* User flow controller.
+* Displays the template and request a non null xmlToken
+*/
+
+
+
+/* Load the configuration. */
+$config = SimpleSAML_Configuration::getInstance();
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+
+$server_key = $autoconfig->getValue('server_key');
+$server_crt = $autoconfig->getValue('server_crt');
+$IClogo = $autoconfig->getValue('IClogo');
+$Infocard = $autoconfig->getValue('InfoCard');
+$cardGenerator = $autoconfig->getValue('CardGenerator');
+$sts_crt = $autoconfig->getValue('sts_crt');
+$help_desk_email_URL = $autoconfig->getValue('help_desk_email_URL');
+$contact_info_URL = $autoconfig->getValue('contact_info_URL');
+
+
+/* Load the session of the current user. */
+$session = SimpleSAML_Session::getInstance();
+
+
+if (!array_key_exists('AuthState', $_REQUEST)) {
+SimpleSAML_Logger::debug('NO AUTH STATE');
+SimpleSAML_Logger::debug('ERROR: NO AUTH STATE');
+ throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
+} else {
+ $authStateId = $_REQUEST['AuthState'];
+SimpleSAML_Logger::debug('AUTH STATE: '.$authStateId);
+}
+
+if(array_key_exists('xmlToken', $_POST) && ($_POST['xmlToken']!=NULL) ) {
+SimpleSAML_Logger::debug('HAY XML TOKEN');
+ $error = sspmod_InfoCard_Auth_Source_ICAuth::handleLogin($authStateId, $_POST['xmlToken']);
+}else {
+SimpleSAML_Logger::debug('NO HAY XML TOKEN');
+ $error = NULL;
+}
+
+unset($_POST); //Show the languages bar if reloaded
+
+//Login Page
+$t = new SimpleSAML_XHTML_Template($config, 'InfoCard:temp-login.php', 'InfoCard:dict-InfoCard'); //(configuracion, template, diccionario)
+$t->data['header'] = 'simpleSAMLphp: Infocard login';
+$t->data['stateparams'] = array('AuthState' => $authStateId);
+$t->data['IClogo'] = $IClogo;
+$t->data['InfoCard'] = $Infocard;
+$t->data['InfoCard']['issuer'] = $autoconfig->getValue('tokenserviceurl');//sspmod_InfoCard_Utils::getIssuer($sts_crt);
+$t->data['CardGenerator'] = $cardGenerator;
+$t->data['help_desk_email_URL'] = $help_desk_email_URL;
+$t->data['contact_info_URL'] = $contact_info_URL;
+$t->data['error'] = $error;
+$t->show();
+exit();
+?>
diff --git a/inc/simplesamlphp/modules/InfoCard/www/mex.php b/inc/simplesamlphp/modules/InfoCard/www/mex.php
new file mode 100644
index 0000000..43c6554
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/mex.php
@@ -0,0 +1,257 @@
+<?php
+
+/*
+* AUTHOR: Samuel Muñoz Hidalgo
+* EMAIL: samuel.mh@gmail.com
+* LAST REVISION: 13-FEB-09
+* DESCRIPTION: InfoCard module metadata exchange (POLICY)
+*/
+
+
+$method = $_SERVER["REQUEST_METHOD"];
+
+if ($method == "POST"){
+ $use_soap = true;
+ Header('Content-Type: application/soap+xml;charset=utf-8');
+}else{
+ $use_soap = false;
+ Header('Content-Type: application/xml;charset=utf-8');
+}
+
+
+$config = SimpleSAML_Configuration::getInstance();
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+$ICconfig['tokenserviceurl'] = $autoconfig->getValue('tokenserviceurl');
+$ICconfig['certificates'] = $autoconfig->getValue('certificates');
+$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
+
+
+// Grab the important parts of the token request. That's pretty much just
+// the request ID.
+$request_id = '';
+if ($use_soap && strlen($HTTP_RAW_POST_DATA))
+{
+ $token = new DOMDocument();
+ $token->loadXML($HTTP_RAW_POST_DATA);
+ $doc = $token->documentElement;
+ $elements = $doc->getElementsByTagname('MessageID');
+ $request_id = $elements->item(0)->nodeValue;
+}
+
+$buf = '<?xml version="1.0"?>';
+
+$buf .= '<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing">';
+
+ $buf .= '<S:Header>';
+ $buf .= '<wsa:Action S:mustUnderstand="1">';
+ $buf .= 'http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse';
+ $buf .= '</wsa:Action>';
+ $buf .= '<wsa:RelatesTo>';
+ $buf .= $request_id;
+ $buf .= '</wsa:RelatesTo>';
+ $buf .= '</S:Header>';
+
+ $buf .= '<S:Body>';
+ $buf .= '<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex">';
+
+ $buf .= '<MetadataSection Dialect="http://schemas.xmlsoap.org/wsdl/" Identifier="http://schemas.xmlsoap.org/ws/2005/02/trust">';
+ $buf .= '<wsdl:definitions name="STS_wsdl" targetNamespace="'.$ICconfig['tokenserviceurl'].'" xmlns:tns="'.$ICconfig['tokenserviceurl'].'" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsid="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:q1="'.$ICconfig['tokenserviceurl'].'">';
+
+ $buf .= '<wsdl:types>';
+ $buf .= '<xs:schema targetNamespace="http://schemas.xmlsoap.org/ws/2005/02/trust/Imports">';
+ $buf .= '<xs:import schemaLocation="" namespace="'.$ICconfig['tokenserviceurl'].'"/>';
+ $buf .= '</xs:schema>';
+ $buf .= '</wsdl:types>';
+
+ $buf .= '<wsdl:message name="RequestSecurityTokenMsg">';
+ $buf .= '<wsdl:part name="request" type="q1:MessageBody" />';
+ $buf .= '</wsdl:message>';
+ $buf .= '<wsdl:message name="RequestSecurityTokenResponseMsg">';
+ $buf .= '<wsdl:part name="response" type="q1:MessageBody" />';
+ $buf .= '</wsdl:message>';
+
+ $buf .= '<wsdl:portType name="SecurityTokenService">';
+ $buf .= '<wsdl:operation name="Issue">';
+ $buf .= '<wsdl:input wsaw:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" message="tns:RequestSecurityTokenMsg">';
+ $buf .= '</wsdl:input>';
+ $buf .= '<wsdl:output wsaw:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue" message="tns:RequestSecurityTokenResponseMsg">';
+ $buf .= '</wsdl:output>';
+ $buf .= '</wsdl:operation>';
+ $buf .= '</wsdl:portType>';
+
+ $buf .= '<wsp:Policy wsu:Id="STS_endpoint_policy">';
+ $buf .= '<wsp:ExactlyOne>';
+ $buf .= '<wsp:All>';
+ $buf .= '<ic:RequireFederatedIdentityProvisioning />';
+ $buf .= '<sp:TransportBinding>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:TransportToken>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:HttpsToken RequireClientCertificate="false" />';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:TransportToken>';
+ $buf .= '<sp:AlgorithmSuite>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:Basic256/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:AlgorithmSuite>';
+ $buf .= '<sp:Layout>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:Strict/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:Layout>';
+ $buf .= '<sp:IncludeTimestamp/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:TransportBinding>';
+
+ // Authentication token assertion
+ switch($ICconfig['UserCredential']){
+ case "UsernamePasswordCredential":
+ $buf .= '<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:WssUsernameToken10/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:UsernameToken>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:SignedSupportingTokens>';
+ break;
+ case "KerberosV5Credential":
+ $buf .= '<sp:ProtectionToken>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once">';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp: WssGssKerberosV5ApReqToken11/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:KerberosToken>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '</sp:ProtectionToken>';
+ break;
+ case "X509V3Credential":
+ $buf .= '<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:WssX509V3Token10/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:X509Token>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:EndorsingSupportingTokens>';
+ break;
+ case "SelfIssuedCredential":
+ $buf .= '<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">';
+ $buf .= '<sp:Issuer>';
+ $buf .= '<wsa:Address>';
+ $buf .= 'http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self';
+ $buf .= '</wsa:Address>';
+ $buf .= '</sp:Issuer>';
+ $buf .= '<sp:RequestSecurityTokenTemplate>';
+ $buf .= '<wst:TokenType>';
+ $buf .= 'urn:oasis:names:tc:SAML:1.0:assertion';
+ $buf .= '</wst:TokenType>';
+ $buf .= '<wst:KeyType>';
+ $buf .= 'http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey';
+ $buf .= '</wst:KeyType>';
+ $buf .= '<wst:Claims xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">';
+ $buf .= '<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"/>';
+ $buf .= '</wst:Claims>';
+ $buf .= '</sp:RequestSecurityTokenTemplate>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:RequireInternalReference/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:IssuedToken>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:EndorsingSupportingTokens>';
+ break;
+ default:
+ break;
+ }
+
+ $buf .= '<sp:Wss11>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:MustSupportRefThumbprint/>';
+ $buf .= '<sp:MustSupportRefEncryptedKey/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:Wss11>';
+ $buf .= '<sp:Trust10>';
+ $buf .= '<wsp:Policy>';
+ $buf .= '<sp:RequireClientEntropy/>';
+ $buf .= '<sp:RequireServerEntropy/>';
+ $buf .= '</wsp:Policy>';
+ $buf .= '</sp:Trust10>';
+ $buf .= '<wsaw:UsingAddressing wsdl:required="true" />';
+ $buf .= '</wsp:All>';
+ $buf .= '</wsp:ExactlyOne>';
+ $buf .= '</wsp:Policy>';
+
+ $buf .= '<wsdl:binding name="Transport_binding" type="tns:SecurityTokenService">';
+ $buf .= '<wsp:PolicyReference URI="#STS_endpoint_policy"/>';
+ $buf .= '<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>';
+ $buf .= '<wsdl:operation name="Issue">';
+ $buf .= '<soap12:operation soapAction="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" style="document"/>';
+ $buf .= '<wsdl:input>';
+ $buf .= '<soap12:body use="literal"/>';
+ $buf .= '</wsdl:input>';
+ $buf .= '<wsdl:output>';
+ $buf .= '<soap12:body use="literal"/>';
+ $buf .= '</wsdl:output>';
+ $buf .= '</wsdl:operation>';
+ $buf .= '</wsdl:binding>';
+
+ $buf .= '<wsdl:service name="STS_0">';
+ $buf .= '<wsdl:port name="STS_0_port" binding="tns:Transport_binding">';
+ $buf .= '<soap12:address location="'.$ICconfig['tokenserviceurl'].'" />';
+ $buf .= '<wsa:EndpointReference>';
+ $buf .= '<wsa:Address>'.$ICconfig['tokenserviceurl'].'</wsa:Address>';
+ $buf .= '<wsid:Identity>';
+ $buf .= '<ds:KeyInfo>';
+ $buf .= '<ds:X509Data>';
+ $buf .= '<ds:X509Certificate>';
+ $buf .= sspmod_InfoCard_Utils::takeCert($ICconfig['certificates'][0]);
+ $buf .='</ds:X509Certificate>';
+ $buf .= '</ds:X509Data>';
+ $buf .= '</ds:KeyInfo>';
+ $buf .= '</wsid:Identity>';
+ $buf .= '</wsa:EndpointReference>';
+ $buf .= '</wsdl:port>';
+ $buf .= '</wsdl:service>';
+
+ $buf .= '</wsdl:definitions>';
+ $buf .= '</MetadataSection>';
+
+
+ $buf .= '<MetadataSection Dialect="http://www.w3.org/2001/XMLSchema" Identifier="'.$ICconfig['tokenserviceurl'].'">';
+ $buf .= '<xs:schema xmlns:tns="'.$ICconfig['tokenserviceurl'].'" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="'.$ICconfig['tokenserviceurl'].'">';
+ $buf .= '<xs:complexType name="MessageBody">';
+ $buf .= '<xs:sequence>';
+ $buf .= '<xs:any maxOccurs="unbounded" minOccurs="0" namespace="##any"/>';
+ $buf .= '</xs:sequence>';
+ $buf .= '</xs:complexType>';
+ $buf .= '</xs:schema>';
+ $buf .= '</MetadataSection>';
+
+ $buf .= '</Metadata>';
+ $buf .= '</S:Body>';
+
+$buf .= '</S:Envelope>';
+
+
+print($buf);
+
+?>
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/inc/simplesamlphp/modules/InfoCard/www/prueba.php b/inc/simplesamlphp/modules/InfoCard/www/prueba.php
new file mode 100644
index 0000000..34b8d27
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/prueba.php
@@ -0,0 +1,162 @@
+<?php
+
+$DB_host = 'localhost';
+$DB_port = '5432';
+$DB_dbname = 'db1';
+$DB_user = 'user1';
+$DB_password = 'pass1';
+
+
+$username = 'enrique';
+$card_id = '1234567';
+$dbconn = pg_connect("host=$DB_host port=$DB_port dbname=$DB_dbname user=$DB_user password=$DB_password ");
+$result = pg_fetch_all(pg_query_params($dbconn, 'SELECT * FROM connected_users WHERE name = $1', array("$username")));
+if ($result[0]){
+ pg_update($dbconn, 'connected_users', array('card_id'=>$card_id), array('name'=>$username));
+ print_r ($result);
+} else {
+ echo 'error';
+}
+
+
+// echo pg_last_error($dbconn);
+// if (!$result) {
+// echo 'FALLO';
+// } else {
+// print "result: $result </br>";
+// $row=pg_fetch_all($result);
+// print "ROW: $row </br>";
+// // print_r ($result);
+// print_r ($row);
+// }
+
+pg_close($dbconn);
+
+
+// $handle = fopen(SimpleSAML_Utilities::getTempDir() . '/prueba2.txt','w');
+// fwrite($handle, 'prueba');
+// fclose ($handle);
+
+
+//
+// phpinfo();
+//
+//
+// $config = SimpleSAML_Configuration::getInstance();
+// $autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+//
+// $certificates = $autoconfig->getValue('certificates');
+//
+//
+//
+//
+//
+//
+//
+// function takePublicKey($cert) {
+// $pkey = openssl_get_publickey(file_get_contents($cert));
+// $keyData = openssl_pkey_get_details($pkey);
+// $key = $keyData['key'];
+// $key = str_replace('-----BEGIN PUBLIC KEY-----', '', $key);
+// $key = str_replace('-----END PUBLIC KEY-----', "", $key);
+// $key = str_replace("\n", "", $key);
+// return $key;
+// }
+//
+// /*CASE 1 AND 2
+// * -Has Organization
+// * -And chains to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_2_2007 ($certs) {
+// $check_cert = openssl_x509_read(file_get_contents($certs[0]));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $OrgIdString = ('|O="'.$array['subject']['O'].'"|L="'.$array['subject']['L'].'"|S="'.$array['subject']['ST'].'"|C="'.$array['subject']['C'].'"|');
+// print_r ($array);
+// print '<br>';
+//
+// $numcerts = sizeof($certs);
+// for($i=1;$i<$numcerts;$i++){
+// $check_cert = openssl_x509_read(file_get_contents($certs[$i]));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $tmpstring = '|ChainElement="CN='.$array['subject']['CN'].', OU='.$array['subject']['OU'].', O='.$array['subject']['O'].', L='.$array['subject']['L'].', S='.$array['subject']['ST'].', C='.$array['subject']['C'].'"';
+// $OrgIdString = $tmpstring.$OrgIdString;
+// }
+//
+// print '<br>CALCULADA'.iconv("UTF-8", "ISO-8859-1", $OrgIdString).'<br>';
+// print '<br>VERDADERA = |ChainElement="CN=Autoridad de Certificación de pruebas, OU=aut, O=UAH, L=Alcalá de Henares, S=Madrid, C=ES"|O="UAH"|L="Alcalá de Henares"|S="Madrid"|C="ES"|<br>';
+// $OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
+// $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
+// return $RPPPIDSeed;
+// }
+//
+//
+// /*CASE 1 AND 2
+// * -Has Organization
+// * -And chains to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_2008 ($rp_cert) {
+// $check_cert = openssl_x509_read(file_get_contents($rp_cert));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $OrgIdString = ('|O="'.$array[subject][O].'"|L="'.$array[subject][L].'"|S="'.$array[subject][ST].'"|C="'.$array[subject][C].'"|');
+// print_r ($array);
+// $OrgIdBytes = iconv("ISO-8859-1", "UTF-16LE", $OrgIdString);
+// $RPPPIDSeed = hash('sha256', $OrgIdBytes,TRUE);
+// return $RPPPIDSeed;
+// }
+//
+//
+// /*CASE 3
+// * -Has empty or NO Organization value
+// * -And has an empty or no Common Name (CN)
+// * -Or does not chain to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_3 ($rp_cert) {
+// $pubKey = base64_decode(takePublicKey($rp_cert));
+// $RPPPIDSeed = hash('sha256',$pubKey );
+// return $RPPPIDSeed;
+// }
+//
+//
+// /*CASE 4
+// * -Has empty or NO Organization value
+// * -And has a non-empty Common Name (CN) value
+// * -And chains to a trusted root CA
+// */
+// function calculate_RP_PPID_Seed_4 ($rp_cert) {
+// $check_cert = openssl_x509_read(file_get_contents($rp_cert));
+// $array = openssl_x509_parse($check_cert);
+// openssl_x509_free($check_cert);
+// $CnIdString = '|CN="'.$array['subject']['CN'].'"|';
+// print $CnIdString;
+// $CnIdBytes = iconv("ISO-8859-1", "UTF-16LE", $CnIdString);
+// $RPPPIDSeed = hash('sha256', $CnIdBytes, TRUE);
+// return $RPPPIDSeed;
+// }
+//
+//
+// function calculate_PPID($cardid, $rp_cert) {
+// $CardIdBytes = iconv("ISO-8859-1", "UTF-16LE", $cardid);
+// $CanonicalCardId = hash('sha256', $CardIdBytes,TRUE);
+// $RPPPIDSeed = calculate_RP_PPID_Seed_2_2007($rp_cert);
+// print "<br> rp seed ".base64_encode($RPPPIDSeed)."<br>";
+// print "<br> canonical cardid ".base64_encode($CanonicalCardId)."<br>";
+// $PPID = hash('sha256', $RPPPIDSeed.$CanonicalCardId,TRUE);
+// return $PPID;
+// }
+//
+//
+// function get_OrgIdString($cert){
+// }
+//
+// //PPID: nQIBQqEnme/4SytR1GMxMJUdzU7NdzyYnaHas8fzekc=
+//
+// //Cardid: urn:uuid:bbe3ecf5-900b-d249-b9a7-e7c261fdf189, ... VRL-QVCK-GHF
+// //PPID: +8mxdRW+9Trqxd3CwQZUKGlYZBjdgmHpgA7/PsQM5yA=
+// print base64_encode(calculate_PPID('urn:uuid:bbe3ecf5-900b-d249-b9a7-e7c261fdf189', $certificates));
+//
+// // print base64_encode(pack('H*','0939625DA3A93E44F52D72AE4246EE54DE265D84'));
+//
+?>
diff --git a/inc/simplesamlphp/modules/InfoCard/www/resources/demoimage.png b/inc/simplesamlphp/modules/InfoCard/www/resources/demoimage.png
new file mode 100644
index 0000000..88efaef
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/resources/demoimage.png
Binary files differ
diff --git a/inc/simplesamlphp/modules/InfoCard/www/resources/infocard_114x80.png b/inc/simplesamlphp/modules/InfoCard/www/resources/infocard_114x80.png
new file mode 100644
index 0000000..6dba25f
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/resources/infocard_114x80.png
Binary files differ
diff --git a/inc/simplesamlphp/modules/InfoCard/www/resources/infocard_self_114x80.png b/inc/simplesamlphp/modules/InfoCard/www/resources/infocard_self_114x80.png
new file mode 100644
index 0000000..9351cbc
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/resources/infocard_self_114x80.png
Binary files differ
diff --git a/inc/simplesamlphp/modules/InfoCard/www/tokenservice.php b/inc/simplesamlphp/modules/InfoCard/www/tokenservice.php
new file mode 100644
index 0000000..081ac21
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/tokenservice.php
@@ -0,0 +1,139 @@
+<?php
+
+/*
+* AUTHOR: Samuel Muñoz Hidalgo
+* EMAIL: samuel.mh@gmail.com
+* LAST REVISION: 13-FEB-09
+* DESCRIPTION: Web interface for the token generator
+*/
+
+
+//Borrowed from xlmseclibs, TEMPORAL
+function decryptMcrypt($data,$key) {
+ $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'',MCRYPT_MODE_CBC,'');
+ $iv_length = mcrypt_enc_get_iv_size($td);
+
+ $iv = substr($data, 0, $iv_length);
+ $data = substr($data, $iv_length);
+
+ mcrypt_generic_init($td, $key, $iv);
+ $decrypted_data = mdecrypt_generic($td, $data);
+ mcrypt_generic_deinit($td);
+ mcrypt_module_close($td);
+
+ $dataLen = strlen($decrypted_data);
+ $paddingLength = substr($decrypted_data, $dataLen - 1, 1);
+ $decrypted_data = substr($decrypted_data, 0, $dataLen - ord($paddingLength));
+
+ return $decrypted_data;
+}
+
+
+
+//Input: self issued saml token
+//Returns ppid coded in base 64
+ function getppid($samlToken){
+ $token = new DOMDocument();
+ $token->loadXML($samlToken);
+ $doc = $token->documentElement;
+ return($doc->getElementsByTagname('AttributeValue')->item(0)->nodeValue);
+}
+
+
+// grab the important parts of the token request. these are the username,
+// password, and cardid.
+
+Header('Content-Type: application/soap+xml;charset=utf-8');
+
+$config = SimpleSAML_Configuration::getInstance();
+SimpleSAML_Logger::debug('Tokenservice');
+
+$token = new DOMDocument();
+$token->loadXML($HTTP_RAW_POST_DATA);
+$doc = $token->documentElement;
+
+$cardId = $doc->getElementsByTagname('CardId')->item(0)->nodeValue;
+
+$authenticated = false;
+
+
+$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
+$ICconfig['UserCredential'] = $autoconfig->getValue('UserCredential');
+$debugDir = $autoconfig->getValue('debugDir');
+
+
+SimpleSAML_Logger::debug('USERCREDENTIAL: '.$ICconfig['UserCredential']);
+switch($ICconfig['UserCredential']){
+ case "UsernamePasswordCredential":
+ $username = $doc->getElementsByTagname('Username')->item(0)->nodeValue;
+ $password = $doc->getElementsByTagname('Password')->item(0)->nodeValue;
+ if (sspmod_InfoCard_UserFunctions::validateUser(array('username'=>$username,'password'=>$password),$ICconfig['UserCredential'])){
+ $authenticated = true;
+ }
+ break;
+ case "KerberosV5Credential":
+ break;
+ case "X509V3Credential":
+ break;
+ case "SelfIssuedCredential":
+ //Obtener clave simétrica
+ $encKey = base64_decode($doc->getElementsByTagname('CipherValue')->item(0)->nodeValue);
+ $sts_key = $autoconfig->getValue('sts_key');
+ $privkey = openssl_pkey_get_private(file_get_contents($sts_key));
+ $key=NULL;
+ openssl_private_decrypt($encKey,$key,$privkey,OPENSSL_PKCS1_OAEP_PADDING);
+ openssl_free_key($privkey);
+
+ //Recuperar información
+ $encSamlToken = base64_decode($doc->getElementsByTagname('CipherValue')->item(1)->nodeValue);
+ $samlToken=decryptMcrypt($encSamlToken,$key);
+ SimpleSAML_Logger::debug('$samlToken'.$samlToken);
+ $ppid=getppid($samlToken);
+ SimpleSAML_Logger::debug('PPID: '.$ppid);
+
+ if (sspmod_InfoCard_UserFunctions::validateUser(array('PPID'=>$ppid),$ICconfig['UserCredential'])){
+ $authenticated = true;
+ }
+ break;
+ default:
+ break;
+}
+
+
+$messageid = $doc->getElementsByTagname('MessageID')->item(0)->nodeValue;
+
+if ($authenticated){
+ $ICconfig['InfoCard'] = $autoconfig->getValue('InfoCard');
+ $ICconfig['issuer'] = $autoconfig->getValue('issuer');
+ $ICconfig['sts_crt'] = $autoconfig->getValue('sts_crt');
+ $ICconfig['sts_key'] = $autoconfig->getValue('sts_key');
+
+ $requiredClaims = sspmod_InfoCard_Utils::extractClaims($ICconfig['InfoCard']['schema'], $doc->getElementsByTagname('ClaimType'));
+ $claimValues = sspmod_InfoCard_UserFunctions::fillClaims($username, $ICconfig['InfoCard']['requiredClaims'], $ICconfig['InfoCard']['optionalClaims'],$requiredClaims);
+
+ $response = sspmod_InfoCard_STS::createToken($claimValues,$ICconfig,$messageid);
+
+
+}else{
+ $response = sspmod_InfoCard_STS::errorMessage('Wrong Credentials',$messageid);
+}
+
+
+Header('Content-length: '.strlen($response)+1);
+print($response);
+
+//LOG
+if ($debugDir!=null){
+ $handle=fopen($debugDir.'/'.$messageid.'.log','w');
+ fwrite($handle," ------ InfoCard simpleSAMLphp Module LOG ------\n\n");
+ fwrite($handle,"-- TIME: ".gmdate('Y-m-d').' '.gmdate('H:i:s')."\n");
+ fwrite($handle,"-- MESSAGE ID: ".$messageid."\n\n\n");
+ fwrite($handle,"-- RST\n");
+ fwrite($handle,$HTTP_RAW_POST_DATA);
+ fwrite($handle,"\n\n\n-- RSTR\n");
+ fwrite($handle,$response);
+ fclose($handle);
+}
+
+
+?> \ No newline at end of file
diff --git a/inc/simplesamlphp/modules/InfoCard/www/x509.php b/inc/simplesamlphp/modules/InfoCard/www/x509.php
new file mode 100644
index 0000000..2b9416a
--- /dev/null
+++ b/inc/simplesamlphp/modules/InfoCard/www/x509.php
@@ -0,0 +1,6 @@
+
+<?php
+
+print 'x509';
+
+?> \ No newline at end of file