|
@@ -43,6 +43,7 @@
|
43
|
43
|
*/
|
44
|
44
|
private static function loadData() {
|
45
|
45
|
if (self::$data == null) {
|
|
46
|
+ Logger::log('Loading data from %s/keycache.php', dirname(__FILE__));
|
46
|
47
|
$data = file(dirname(__FILE__) . '/keycache.php');
|
47
|
48
|
self::$header = array_shift($data);
|
48
|
49
|
self::$data = unserialize(implode("\n", $data));
|
|
@@ -53,6 +54,7 @@
|
53
|
54
|
* Saves the KeyManager's data array to disk.
|
54
|
55
|
*/
|
55
|
56
|
private static function saveData() {
|
|
57
|
+ Logger::log('Saving data to %s/keycache.php', dirname(__FILE__));
|
56
|
58
|
file_put_contents(dirname(__FILE__) . '/keycache.php', self::$header . serialize(self::$data));
|
57
|
59
|
}
|
58
|
60
|
|
|
@@ -164,6 +166,7 @@
|
164
|
166
|
self::loadData();
|
165
|
167
|
|
166
|
168
|
if (!isset(self::$data[$server])) {
|
|
169
|
+ Logger::log('No data found for %s', $server);
|
167
|
170
|
return null;
|
168
|
171
|
}
|
169
|
172
|
|
|
@@ -171,6 +174,7 @@
|
171
|
174
|
if ($handle == '__private') { continue; }
|
172
|
175
|
|
173
|
176
|
if ($data['expires_at'] < time()) {
|
|
177
|
+ Logger::log('Handle for %s expired at %s, unsetting', $server, $data['expires_at']);
|
174
|
178
|
unset(self::$data[$server][$handle]);
|
175
|
179
|
} else {
|
176
|
180
|
return $handle;
|
|
@@ -224,9 +228,12 @@
|
224
|
228
|
* @return True if the message was authenticated, false if it's a fake
|
225
|
229
|
*/
|
226
|
230
|
public static function authenticate($server, $args) {
|
|
231
|
+ Logger::log('Authenticating message from %s', $server);
|
|
232
|
+
|
227
|
233
|
$data = self::getData($server, $args['openid_assoc_handle']);
|
228
|
234
|
|
229
|
235
|
if ($data === null) {
|
|
236
|
+ Logger::log('Can\'t authenticate, no key available');
|
230
|
237
|
throw new Exception('No key available for that server/handle');
|
231
|
238
|
}
|
232
|
239
|
|
|
@@ -244,16 +251,20 @@
|
244
|
251
|
$algo = 'sha256';
|
245
|
252
|
break;
|
246
|
253
|
default:
|
|
254
|
+ Logger::log('Can\'t authenticate, unknown assoc type %s', $data['assoc_type']);
|
247
|
255
|
throw new Exception('Unable to handle association type ' . $data['assoc_type']);
|
248
|
256
|
}
|
249
|
257
|
|
250
|
258
|
$sig = base64_encode(hash_hmac($algo, $contents, base64_decode($data['mac_key']), true));
|
|
259
|
+ Logger::log('Expected signature %s, received signature %s', $sig, $args['openid_sig']);
|
251
|
260
|
|
252
|
261
|
// Manually compare characters to prevent timing attacks
|
253
|
262
|
$res = strlen($sig) == strlen($args['openid_sig']);
|
254
|
263
|
for ($i = 0; $i < strlen($sig); $i++) {
|
255
|
264
|
$res &= $sig[$i] == $args['openid_sig'][$i];
|
256
|
265
|
}
|
|
266
|
+
|
|
267
|
+ Logger::log('Authentication result: %s', $res ? 'good' : 'bad');
|
257
|
268
|
return $res;
|
258
|
269
|
}
|
259
|
270
|
|
|
@@ -264,6 +275,8 @@
|
264
|
275
|
* @return True if the request has been authenticated, false otherwise.
|
265
|
276
|
*/
|
266
|
277
|
public static function dumbAuthenticate() {
|
|
278
|
+ Logger::log('Performing dumb authentication');
|
|
279
|
+
|
267
|
280
|
$url = URLBuilder::buildAuth($_REQUEST, $_SESSION['openid']['version']);
|
268
|
281
|
|
269
|
282
|
try {
|
|
@@ -279,6 +292,7 @@
|
279
|
292
|
}
|
280
|
293
|
}
|
281
|
294
|
|
|
295
|
+ Logger::log('Authentication result: %s', $valid ? 'good' : 'bad');
|
282
|
296
|
return $valid;
|
283
|
297
|
}
|
284
|
298
|
|