|
1 <?php |
|
2 /** |
|
3 * Zend Framework |
|
4 * |
|
5 * LICENSE |
|
6 * |
|
7 * This source file is subject to the new BSD license that is bundled |
|
8 * with this package in the file LICENSE.txt. |
|
9 * It is also available through the world-wide-web at this URL: |
|
10 * http://framework.zend.com/license/new-bsd |
|
11 * If you did not receive a copy of the license and are unable to |
|
12 * obtain it through the world-wide-web, please send an email |
|
13 * to license@zend.com so we can send you a copy immediately. |
|
14 * |
|
15 * @category Zend |
|
16 * @package Zend_Auth |
|
17 * @subpackage Zend_Auth_Adapter |
|
18 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
20 * @version $Id: InfoCard.php 20096 2010-01-06 02:05:09Z bkarwin $ |
|
21 */ |
|
22 |
|
23 /** |
|
24 * @see Zend_Auth_Adapter_Interface |
|
25 */ |
|
26 require_once 'Zend/Auth/Adapter/Interface.php'; |
|
27 |
|
28 /** |
|
29 * @see Zend_Auth_Result |
|
30 */ |
|
31 require_once 'Zend/Auth/Result.php'; |
|
32 |
|
33 /** |
|
34 * @see Zend_InfoCard |
|
35 */ |
|
36 require_once 'Zend/InfoCard.php'; |
|
37 |
|
38 /** |
|
39 * A Zend_Auth Authentication Adapter allowing the use of Information Cards as an |
|
40 * authentication mechanism |
|
41 * |
|
42 * @category Zend |
|
43 * @package Zend_Auth |
|
44 * @subpackage Zend_Auth_Adapter |
|
45 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
46 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
47 */ |
|
48 class Zend_Auth_Adapter_InfoCard implements Zend_Auth_Adapter_Interface |
|
49 { |
|
50 /** |
|
51 * The XML Token being authenticated |
|
52 * |
|
53 * @var string |
|
54 */ |
|
55 protected $_xmlToken; |
|
56 |
|
57 /** |
|
58 * The instance of Zend_InfoCard |
|
59 * |
|
60 * @var Zend_InfoCard |
|
61 */ |
|
62 protected $_infoCard; |
|
63 |
|
64 /** |
|
65 * Constructor |
|
66 * |
|
67 * @param string $strXmlDocument The XML Token provided by the client |
|
68 * @return void |
|
69 */ |
|
70 public function __construct($strXmlDocument) |
|
71 { |
|
72 $this->_xmlToken = $strXmlDocument; |
|
73 $this->_infoCard = new Zend_InfoCard(); |
|
74 } |
|
75 |
|
76 /** |
|
77 * Sets the InfoCard component Adapter to use |
|
78 * |
|
79 * @param Zend_InfoCard_Adapter_Interface $a |
|
80 * @return Zend_Auth_Adapter_InfoCard Provides a fluent interface |
|
81 */ |
|
82 public function setAdapter(Zend_InfoCard_Adapter_Interface $a) |
|
83 { |
|
84 $this->_infoCard->setAdapter($a); |
|
85 return $this; |
|
86 } |
|
87 |
|
88 /** |
|
89 * Retrieves the InfoCard component adapter being used |
|
90 * |
|
91 * @return Zend_InfoCard_Adapter_Interface |
|
92 */ |
|
93 public function getAdapter() |
|
94 { |
|
95 return $this->_infoCard->getAdapter(); |
|
96 } |
|
97 |
|
98 /** |
|
99 * Retrieves the InfoCard public key cipher object being used |
|
100 * |
|
101 * @return Zend_InfoCard_Cipher_PKI_Interface |
|
102 */ |
|
103 public function getPKCipherObject() |
|
104 { |
|
105 return $this->_infoCard->getPKCipherObject(); |
|
106 } |
|
107 |
|
108 /** |
|
109 * Sets the InfoCard public key cipher object to use |
|
110 * |
|
111 * @param Zend_InfoCard_Cipher_PKI_Interface $cipherObj |
|
112 * @return Zend_Auth_Adapter_InfoCard Provides a fluent interface |
|
113 */ |
|
114 public function setPKICipherObject(Zend_InfoCard_Cipher_PKI_Interface $cipherObj) |
|
115 { |
|
116 $this->_infoCard->setPKICipherObject($cipherObj); |
|
117 return $this; |
|
118 } |
|
119 |
|
120 /** |
|
121 * Retrieves the Symmetric cipher object being used |
|
122 * |
|
123 * @return Zend_InfoCard_Cipher_Symmetric_Interface |
|
124 */ |
|
125 public function getSymCipherObject() |
|
126 { |
|
127 return $this->_infoCard->getSymCipherObject(); |
|
128 } |
|
129 |
|
130 /** |
|
131 * Sets the InfoCard symmetric cipher object to use |
|
132 * |
|
133 * @param Zend_InfoCard_Cipher_Symmetric_Interface $cipherObj |
|
134 * @return Zend_Auth_Adapter_InfoCard Provides a fluent interface |
|
135 */ |
|
136 public function setSymCipherObject(Zend_InfoCard_Cipher_Symmetric_Interface $cipherObj) |
|
137 { |
|
138 $this->_infoCard->setSymCipherObject($cipherObj); |
|
139 return $this; |
|
140 } |
|
141 |
|
142 /** |
|
143 * Remove a Certificate Pair by Key ID from the search list |
|
144 * |
|
145 * @param string $key_id The Certificate Key ID returned from adding the certificate pair |
|
146 * @throws Zend_InfoCard_Exception |
|
147 * @return Zend_Auth_Adapter_InfoCard Provides a fluent interface |
|
148 */ |
|
149 public function removeCertificatePair($key_id) |
|
150 { |
|
151 $this->_infoCard->removeCertificatePair($key_id); |
|
152 return $this; |
|
153 } |
|
154 |
|
155 /** |
|
156 * Add a Certificate Pair to the list of certificates searched by the component |
|
157 * |
|
158 * @param string $private_key_file The path to the private key file for the pair |
|
159 * @param string $public_key_file The path to the certificate / public key for the pair |
|
160 * @param string $type (optional) The URI for the type of key pair this is (default RSA with OAEP padding) |
|
161 * @param string $password (optional) The password for the private key file if necessary |
|
162 * @throws Zend_InfoCard_Exception |
|
163 * @return string A key ID representing this key pair in the component |
|
164 */ |
|
165 public function addCertificatePair($private_key_file, $public_key_file, $type = Zend_InfoCard_Cipher::ENC_RSA_OAEP_MGF1P, $password = null) |
|
166 { |
|
167 return $this->_infoCard->addCertificatePair($private_key_file, $public_key_file, $type, $password); |
|
168 } |
|
169 |
|
170 /** |
|
171 * Return a Certificate Pair from a key ID |
|
172 * |
|
173 * @param string $key_id The Key ID of the certificate pair in the component |
|
174 * @throws Zend_InfoCard_Exception |
|
175 * @return array An array containing the path to the private/public key files, |
|
176 * the type URI and the password if provided |
|
177 */ |
|
178 public function getCertificatePair($key_id) |
|
179 { |
|
180 return $this->_infoCard->getCertificatePair($key_id); |
|
181 } |
|
182 |
|
183 /** |
|
184 * Set the XML Token to be processed |
|
185 * |
|
186 * @param string $strXmlToken The XML token to process |
|
187 * @return Zend_Auth_Adapter_InfoCard Provides a fluent interface |
|
188 */ |
|
189 public function setXmlToken($strXmlToken) |
|
190 { |
|
191 $this->_xmlToken = $strXmlToken; |
|
192 return $this; |
|
193 } |
|
194 |
|
195 /** |
|
196 * Get the XML Token being processed |
|
197 * |
|
198 * @return string The XML token to be processed |
|
199 */ |
|
200 public function getXmlToken() |
|
201 { |
|
202 return $this->_xmlToken; |
|
203 } |
|
204 |
|
205 /** |
|
206 * Authenticates the XML token |
|
207 * |
|
208 * @return Zend_Auth_Result The result of the authentication |
|
209 */ |
|
210 public function authenticate() |
|
211 { |
|
212 try { |
|
213 $claims = $this->_infoCard->process($this->getXmlToken()); |
|
214 } catch(Exception $e) { |
|
215 return new Zend_Auth_Result(Zend_Auth_Result::FAILURE , null, array('Exception Thrown', |
|
216 $e->getMessage(), |
|
217 $e->getTraceAsString(), |
|
218 serialize($e))); |
|
219 } |
|
220 |
|
221 if(!$claims->isValid()) { |
|
222 switch($claims->getCode()) { |
|
223 case Zend_infoCard_Claims::RESULT_PROCESSING_FAILURE: |
|
224 return new Zend_Auth_Result( |
|
225 Zend_Auth_Result::FAILURE, |
|
226 $claims, |
|
227 array( |
|
228 'Processing Failure', |
|
229 $claims->getErrorMsg() |
|
230 ) |
|
231 ); |
|
232 break; |
|
233 case Zend_InfoCard_Claims::RESULT_VALIDATION_FAILURE: |
|
234 return new Zend_Auth_Result( |
|
235 Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, |
|
236 $claims, |
|
237 array( |
|
238 'Validation Failure', |
|
239 $claims->getErrorMsg() |
|
240 ) |
|
241 ); |
|
242 break; |
|
243 default: |
|
244 return new Zend_Auth_Result( |
|
245 Zend_Auth_Result::FAILURE, |
|
246 $claims, |
|
247 array( |
|
248 'Unknown Failure', |
|
249 $claims->getErrorMsg() |
|
250 ) |
|
251 ); |
|
252 break; |
|
253 } |
|
254 } |
|
255 |
|
256 return new Zend_Auth_Result( |
|
257 Zend_Auth_Result::SUCCESS, |
|
258 $claims |
|
259 ); |
|
260 } |
|
261 } |