95,18 → 95,18 |
$server_secret='VtsClientChallenge:'.OIDplus::baseConfig()->getValue('SERVER_SECRET'); |
$max_time = 10*60; // 10min. TODO: make configurable! |
|
if (!isset($params[$fieldname])) throw new \Exception('No challenge response found'); |
if (!isset($params[$fieldname])) throw new OIDplusException('No challenge response found'); |
|
list($starttime, $ip_target, $challenge, $answer, $challenge_integrity) = @json_decode($params[$fieldname], true); |
|
if ($ip_target != (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'unknown')) { |
throw new \Exception(_L('Wrong IP address')); |
throw new OIDplusException(_L('Wrong IP address')); |
} else if (time()-$starttime > $max_time) { |
throw new \Exception(_L('Challenge expired')); |
throw new OIDplusException(_L('Challenge expired')); |
} else if ($challenge_integrity != sha3_512_hmac($challenge,$server_secret)) { |
throw new \Exception(_L('Challenge integrity failed')); |
throw new OIDplusException(_L('Challenge integrity failed')); |
} else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) { |
throw new \Exception(_L('Wrong answer')); |
throw new OIDplusException(_L('Wrong answer')); |
} |
} |
|