Commit e9c261c5 authored by Donal McMullan's avatar Donal McMullan
Browse files

Abstracting utilities from server.php into lib.php

parent f952f843
......@@ -48,25 +48,8 @@ function dropslash($wwwroot) {
}
function get_public_key($uri, $application=null) {
return '-----BEGIN CERTIFICATE-----
MIICwjCCAiugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBpjELMAkGA1UEBhMCTlox
EzARBgNVBAgTCldlbGxpbmd0b24xDzANBgNVBAcTBlRlIEFybzEPMA0GA1UEChMG
TWFoYXJhMQ8wDQYDVQQLEwZNYWhhcmExIzAhBgNVBAMTGmh0dHA6Ly9tYWhhcmEu
bWFob29kbGUuY29tMSowKAYJKoZIhvcNAQkBFhtub3JlcGx5QG1haGFyYS5tYWhv
b2RsZS5jb20wHhcNMDcwMzI5MjE0NTI4WhcNMDcwNDI2MjE0NTI4WjCBpjELMAkG
A1UEBhMCTloxEzARBgNVBAgTCldlbGxpbmd0b24xDzANBgNVBAcTBlRlIEFybzEP
MA0GA1UEChMGTWFoYXJhMQ8wDQYDVQQLEwZNYWhhcmExIzAhBgNVBAMTGmh0dHA6
Ly9tYWhhcmEubWFob29kbGUuY29tMSowKAYJKoZIhvcNAQkBFhtub3JlcGx5QG1h
aGFyYS5tYWhvb2RsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYR
k7JNrSqQcSK1hH5cdpJ+MinhhnjcpTu/MXZXhkOejZ4JRdpQqFd9J+JW1MiTDeet
3l6nuB/Tt87wgf1vKO7WYV/Go/E3AHAp8WqeA+9z070zD+n1/Th5le+76RKNd28N
C+chgNrvVB4hGgm9rwUsaXHolIx+jm58A+OR7SAbAgMBAAEwDQYJKoZIhvcNAQEE
BQADgYEAnD2Sj+xAVx7cUtbZD2uCy2X0cfPUI8MxbF3MoUW/8YexAqVBTGnzBHR0
8lFK4lVupRAxT6tjwSWxWxaBFfUDkGkVPIP28xcpz9/AgYbCbLunZmU/9qBAK/p9
qQHy3ds1DIOoP02RSOt/zHh6lzmGEy+KzBd/cq7EwtzesrtKZk8=
-----END CERTIFICATE-----';
global $CFG;
echo 'a';
static $keyarray = array();
if (isset($keyarray[$uri])) {
return $keyarray[$uri];
......@@ -77,12 +60,12 @@ echo 'a';
if(empty($application)) {
$this->application = get_record('application', 'application', 'moodle');
}
echo ' b';
$wwwroot = dropslash($CFG->wwwroot);
echo ' c';
$rq = xmlrpc_encode_request('system/keyswap', array($wwwroot, $openssl->certificate), array("encoding" => "utf-8"));
$ch = curl_init($uri. $application->xmlrpc_server_url);
echo ' d';
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
......@@ -91,7 +74,7 @@ echo ' d';
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml charset=UTF-8"));
$res = xmlrpc_decode(curl_exec($ch));
echo "\nRes:\n$res\n\n";
curl_close($ch);
if (!is_array($res)) { // ! error
......@@ -149,6 +132,63 @@ class XmlrpcServerException extends Exception {
}
}
function xmlenc_envelope_strip(&$xml) {
$openssl = OpenSslRepo::singleton();
$payload_encrypted = true;
$data = base64_decode($xml->EncryptedData->CipherData->CipherValue);
$key = base64_decode($xml->EncryptedKey->CipherData->CipherValue);
$payload = ''; // Initialize payload var
$payload = $openssl->openssl_open($data, $key);
$xml = parse_payload($payload);
return $payload;
}
function parse_payload($payload) {
try {
$xml = new SimpleXMLElement($payload);
return $xml;
} catch (Exception $e) {
throw new XmlrpcServerException('Encrypted payload is not a valid XML document', 6002);
}
}
function get_peer($wwwroot) {
$wwwroot = (string)$wwwroot;
static $peers = array();
if(isset($peers[$wwwroot])) return $peers[$wwwroot];
$peer = new Peer();
if(!$peer->init($wwwroot)) {
// Bootstrap unknown hosts?
throw new XmlrpcServerException('We don\'t have a record for your webserver in our database', 6003);
}
$peers[$wwwroot] = $peer;
return $peers[$wwwroot];
//return $peer;
}
function xmldsig_envelope_strip(&$xml) {
$signature = base64_decode($xml->Signature->SignatureValue);
$payload = base64_decode($xml->object);
$wwwroot = (string)$xml->wwwroot;
$timestamp = $xml->timestamp;
$peer = get_peer($wwwroot);
// Does the signature match the data and the public cert?
$signature_verified = openssl_verify($payload, $signature, $peer->certificate);
if ($signature_verified == 1) {
// Parse the XML
try {
$xml = new SimpleXMLElement($payload);
return $payload;
} catch (Exception $e) {
throw new XmlrpcServerException('Signed payload is not a valid XML document', 6007);
}
} else {
throw new XmlrpcServerException('An error occurred while trying to verify your message signature', 6004);
}
}
/**
* Encrypt a message and return it in an XML-Encrypted document
*
......@@ -195,6 +235,7 @@ function xmlenc_envelope($message, $remote_certificate) {
$bool = openssl_seal($message, $encryptedstring, $symmetric_keys, array($publickey));
$message = base64_encode($encryptedstring);
$symmetrickey = base64_encode(array_pop($symmetric_keys));
$zed = 'nothing';
return <<<EOF
<?xml version="1.0" encoding="iso-8859-1"?>
......@@ -253,12 +294,11 @@ EOF;
* @return string An XML-DSig document
*/
function xmldsig_envelope($message) {
echo 'Signing: '.$message."\n\n";
global $CFG;
$openssl = OpenSslRepo::singleton();
$wwwroot = dropslash($CFG->wwwroot);
$digest = sha1($message);
echo '$digest: '."\n".$digest."\n";
$sig = base64_encode($openssl->sign_message($message));
$message = base64_encode($message);
$time = time();
......@@ -473,13 +513,16 @@ class Peer {
public $public_key_expires = '';
public $portno = 80;
public $last_connect_time = 0;
public $we_sso_out = 0;
public $they_sso_in = 0;
public $init = false;
public $application = 'moodle';
public $application_display = 'Moodle';
public $xmlrpc_server_url = '/mnet/xmlrpc/server.php';
public $error = array();
function __construct() {
return true;
//return true;
}
function init($wwwroot) {
......@@ -496,6 +539,8 @@ class Peer {
host.public_key_expires,
host.portno,
host.last_connect_time,
host.we_sso_out,
host.they_sso_in,
application.shortname,
application.name,
application.xmlrpc_server_url
......@@ -513,12 +558,16 @@ class Peer {
$this->{$key} = $value;
}
$this->public_key = new PublicKey($this->public_key, $this->wwwroot);
$this->init = true;
return true;
}
return false;
}
function __get($name) {
if($name == 'certificate') {
return $this->public_key->certificate;
}
return $this->{$name};
}
......@@ -527,6 +576,7 @@ class Peer {
}
function commit() {
if ($this->init == false) return false;
$host = new stdClass();
$host->wwwroot = $this->wwwroot;
$host->deleted = $this->deleted;
......@@ -537,6 +587,8 @@ class Peer {
$host->portno = $this->portno;
$host->last_connect_time = $this->last_connect_time;
$host->application = $this->application;
$host->we_sso_out = $this->we_sso_out;
$host->they_sso_in = $this->they_sso_in;
var_dump($host);
return insert_record('host',$host);
}
......@@ -595,12 +647,12 @@ class Peer {
class PublicKey {
private $credentials = array();
private $wwwroot = '';
public $certificate = '';
private $credentials = array();
private $wwwroot = '';
private $certificate = '';
function __construct($keystring, $wwwroot) {
$this->credentials = openssl_x509_parse($keystring);
$this->wwwroot = dropslash($wwwroot);
$this->certificate = $keystring;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment