From 4fb376687dc1546f51e637cae1478582309f85f0 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 15 Mar 2014 15:09:48 -0300
Subject: Squashed 'mod/foafssl/' content from commit 3c1da1e

git-subtree-dir: mod/foafssl
git-subtree-split: 3c1da1eaff8f61049b45ad99528f8f4e09ac7e62
---
 actions/add.php      | 43 ++++++++++++++++++++++++++++
 actions/generate.php | 53 ++++++++++++++++++++++++++++++++++
 actions/register.php | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 actions/suck.php     | 56 ++++++++++++++++++++++++++++++++++++
 4 files changed, 233 insertions(+)
 create mode 100644 actions/add.php
 create mode 100644 actions/generate.php
 create mode 100755 actions/register.php
 create mode 100644 actions/suck.php

(limited to 'actions')

diff --git a/actions/add.php b/actions/add.php
new file mode 100644
index 000000000..494229aad
--- /dev/null
+++ b/actions/add.php
@@ -0,0 +1,43 @@
+<?php
+global $CONFIG;
+$user = get_loggedin_user();
+$name = get_input('name');
+$webid = get_input('webid');
+$modulus = get_input('modulus');
+$exponent = get_input('exponent');
+
+error_log($name);
+error_log($webid);
+error_log($modulus);
+error_log($exponent);
+
+if (isset($_FILES['cert_file'])) {
+	$cert = get_uploaded_file('cert_file');
+        $res = openssl_x509_read($cert);
+	$cert_data = openssl_x509_parse($cert);
+	$pubKey  = openssl_pkey_get_public($res);
+        $keyData = openssl_pkey_get_details($pubKey);
+        $webid = $cert_data["extensions"]["subjectAltName"];
+
+        //Remove certificate armour
+        $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+        $modulus = strtoupper($unpacked_n[1]);
+
+        $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+        $exponent = hexdec($unpacked_e[1]);
+	$name = $cert_data["subject"]["CN"];
+	error_log("load file");
+	error_log("webid:".$webid);
+	error_log("exponent".$exponent);
+	error_log("mod".$modulus);
+}
+
+if ($modulus && $exponent && $user && $webid) {
+	$key = elgg_foafssl_createkey($modulus, $exponent, $user, $webid, $name);
+	system_message(elgg_echo("foafssl:addkey"));
+}
+else {
+	register_error(elgg_echo("foafssl:cantadd"));
+}
+forward($CONFIG->wwwroot."pg/foafssl/manage");
+?>
diff --git a/actions/generate.php b/actions/generate.php
new file mode 100644
index 000000000..e899d3dd0
--- /dev/null
+++ b/actions/generate.php
@@ -0,0 +1,53 @@
+<?php
+
+require_once($CONFIG->pluginspath."foafssl/lib/Authentication.php");
+require_once($CONFIG->pluginspath."foafssl/cert_proxy.php");
+
+global $CONFIG;
+
+
+function toBASE64($encodeMe) {
+    // does openssl really need this?
+    $data = base64_encode($encodeMe);
+    $datalb = "";
+    while (strlen($data) > 64) {
+        $datalb .= substr($data, 0, 64) . "\n";
+        $data = substr($data,64);
+    }
+    $datalb .= $data;
+    return $datalb;
+}
+
+
+$user = get_loggedin_user();
+$webid = $user->getURL();
+$name = get_input("name");
+$pubkey = get_input("pubkey");
+
+$cert = request_identity_p12($name, $webid, $pubkey);
+
+if ($cert && $user) {
+	$armored_cert = "-----BEGIN CERTIFICATE-----\n";
+	$armored_cert .= toBase64($cert);
+	$armored_cert .= "\n-----END CERTIFICATE-----\n";
+	$res = openssl_x509_read($armored_cert);
+	$cert_data = openssl_x509_parse($armored_cert);
+	$uid = $cert_data["subject"]["UID"];
+	$altName = $cert_data["extensions"]["subjectAltName"];
+        $pubKey  = openssl_pkey_get_public($res);
+        $keyData = openssl_pkey_get_details($pubKey);
+
+        //Remove certificate armour
+        $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+        $modulus = strtoupper($unpacked_n[1]);
+        $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+        $exponent = hexdec($unpacked_e[1]);
+ 	  set_input("name",$cert_data["subject"]["CN"]);
+	    set_input("webid",$altName);
+	    set_input("modulus",$modulus);
+	    set_input("exponent",$exponent);
+	    // now really include
+	    include($CONFIG->pluginspath."foafssl/actions/add.php");
+}
+
+?>
diff --git a/actions/register.php b/actions/register.php
new file mode 100755
index 000000000..ff5e495b5
--- /dev/null
+++ b/actions/register.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * Elgg registration action
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd
+ * @link http://elgg.org/
+ */
+
+global $CONFIG;
+error_log("register user foaf!");
+// Get variables
+$username = get_input('username');
+$password = get_input('password');
+$password2 = get_input('password2');
+$email = get_input('email');
+$name = get_input('name');
+$friend_guid = (int) get_input('friend_guid',0);
+$invitecode = get_input('invitecode');
+$exponent = get_input('key_exp');
+$modulus = get_input('key_mod');
+$webid = get_input('key_webid');
+
+if (!($exponent && $modulus && $webid))
+	forward();
+
+$admin = get_input('admin');
+if (is_array($admin)) {
+	$admin = $admin[0];
+}
+
+if (!$CONFIG->disable_registration) {
+// For now, just try and register the user
+	try {
+		$guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);
+		if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
+			$new_user = get_entity($guid);
+error_log("register user foaf2!");
+			elgg_set_ignore_access(true);
+			elgg_foafssl_createkey($modulus, $exponent, $new_user, $webid, $name." register cert");
+			elgg_set_ignore_access(false);
+			if (($guid) && ($admin)) {
+				// Only admins can make someone an admin
+				admin_gatekeeper();
+				$new_user->makeAdmin();
+			}
+
+			// Send user validation request on register only
+			global $registering_admin;
+			if (!$registering_admin) {
+				request_user_validation($guid);
+			}
+
+			if (!$new_user->isAdmin()) {
+				// Now disable if not an admin
+				// Don't do a recursive disable.  Any entities owned by the user at this point
+				// are products of plugins that hook into create user and might need
+				// access to the entities.
+				$new_user->disable('new_user', false);
+			}
+
+			system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
+
+			// Forward on success, assume everything else is an error...
+			forward();
+		} else {
+			register_error(elgg_echo("registerbad"));
+		}
+	} catch (RegistrationException $r) {
+		register_error($r->getMessage());
+	}
+} else {
+	register_error(elgg_echo('registerdisabled'));
+}
+
+$qs = explode('?',$_SERVER['HTTP_REFERER']);
+$qs = $qs[0];
+$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid;
+
+forward($qs);
diff --git a/actions/suck.php b/actions/suck.php
new file mode 100644
index 000000000..fd801e2de
--- /dev/null
+++ b/actions/suck.php
@@ -0,0 +1,56 @@
+<?php
+
+//require_once("config.php");
+global $CONFIG;
+require_once($CONFIG->pluginspath."foafssl/lib/Authentication.php");
+
+$config = array('db_name'=>'arc','db_user'=>'arc','db_pwd'=>'chjdladhsjk34!arcarc','store_name'=>'arc_tests');
+if ($_SERVER['SSL_CLIENT_CERT']) {
+	error_log("going to add");
+	$cert = $_SERVER['SSL_CLIENT_CERT'];
+	$res = openssl_x509_read($cert);
+	$cert_data = openssl_x509_parse($cert);
+	$uid = $cert_data["subject"]["UID"];
+	$altName = $cert_data["extensions"]["subjectAltName"];
+        $pubKey  = openssl_pkey_get_public($res);
+        $keyData = openssl_pkey_get_details($pubKey);
+
+        //Remove certificate armour
+        $unpacked_n = unpack("H*",$keyData['rsa']['n']);
+        $modulus = strtoupper($unpacked_n[1]);
+        $unpacked_e = unpack("H*",$keyData['rsa']['e']);
+        $exponent = hexdec($unpacked_e[1]);
+ 	  set_input("name",$cert_data["subject"]["CN"]);
+	    set_input("webid",$altName);
+	    set_input("modulus",$modulus);
+	    set_input("exponent",$exponent);
+	    include($CONFIG->pluginspath."foafssl/actions/add.php");
+}
+
+
+/*
+$auth = new Authentication_FoafSSLARC($config);
+//$auth = new Authentication_AgentARC($config, $webId);
+//var_dump($auth);
+//if ($auth->agentId !== $auth->agentURI) {
+if ($auth->isAuthenticated()) {
+    //print "Hello : $auth->webid<br/>";
+    $base_url = $CONFIG->wwwroot."pg/profile/";
+    if (strpos($auth->webid, $base_url) == 0) {
+	$root_len = strlen($base_url);
+    	$username = substr($auth->webid, $root_len, strlen($auth->webid)-$root_len-strlen("?view=foaf"));
+	$user = get_user_by_username($username);
+	login($user, true);
+	system_message(elgg_echo("you logged in successfully with your certificate!"));
+	forward();
+	
+	}
+}
+else {
+    print "Sorry you are not logged in<br/>";
+	print $auth->authnDiagnostic;
+}
+*/
+//$auth->logout();
+
+?>
-- 
cgit v1.2.3