line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
## Domain Registry Interface, VeriSign Two Factor Auth EPP extension |
2
|
|
|
|
|
|
|
## |
3
|
|
|
|
|
|
|
## Copyright (c) 2012 Patrick Mevzek . All rights reserved. |
4
|
|
|
|
|
|
|
## |
5
|
|
|
|
|
|
|
## This file is part of Net::DRI |
6
|
|
|
|
|
|
|
## |
7
|
|
|
|
|
|
|
## Net::DRI is free software; you can redistribute it and/or modify |
8
|
|
|
|
|
|
|
## it under the terms of the GNU General Public License as published by |
9
|
|
|
|
|
|
|
## the Free Software Foundation; either version 2 of the License, or |
10
|
|
|
|
|
|
|
## (at your option) any later version. |
11
|
|
|
|
|
|
|
## |
12
|
|
|
|
|
|
|
## See the LICENSE file that comes with this distribution for more details. |
13
|
|
|
|
|
|
|
#################################################################################################### |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
package Net::DRI::Protocol::EPP::Extensions::VeriSign::TwoFactorAuth; |
16
|
|
|
|
|
|
|
|
17
|
1
|
|
|
1
|
|
965
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
34
|
|
18
|
1
|
|
|
1
|
|
4
|
use warnings; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
23
|
|
19
|
|
|
|
|
|
|
|
20
|
1
|
|
|
1
|
|
3
|
use Net::DRI::Util; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
19
|
|
21
|
1
|
|
|
1
|
|
4
|
use Net::DRI::Exception; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
1348
|
|
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
#################################################################################################### |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
sub register_commands |
26
|
|
|
|
|
|
|
{ |
27
|
0
|
|
|
0
|
0
|
|
my ($class,$version)=@_; |
28
|
0
|
|
|
|
|
|
return { 'authsession' => { create => [ \&auth_create_generate, \&auth_create_parse ] }, |
29
|
|
|
|
|
|
|
'domain' => { update => [ \&domain_update_generate, undef ] }, ## other domain operations ? |
30
|
|
|
|
|
|
|
}; |
31
|
|
|
|
|
|
|
} |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
sub setup |
34
|
|
|
|
|
|
|
{ |
35
|
0
|
|
|
0
|
0
|
|
my ($class,$po,$version)=@_; |
36
|
0
|
|
|
|
|
|
$po->ns({ 'authExt' => [ 'http://www.verisign.com/epp/authExt-1.0','authExt-1.0.xsd' ], |
37
|
|
|
|
|
|
|
'authSession' => [ 'http://www.verisign.com/epp/authSession-1.0','authSession-1.0.xsd' ], |
38
|
|
|
|
|
|
|
}); |
39
|
0
|
|
|
|
|
|
return; |
40
|
|
|
|
|
|
|
} |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
#################################################################################################### |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
sub _check_credentials |
45
|
|
|
|
|
|
|
{ |
46
|
0
|
|
|
0
|
|
|
my ($ra)=@_; |
47
|
|
|
|
|
|
|
|
48
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "credentials" must be an array reference') unless ref $ra eq 'ARRAY'; |
49
|
0
|
|
|
|
|
|
foreach my $c (@$ra) |
50
|
|
|
|
|
|
|
{ |
51
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Credentials must each be an XML token from 1 to 255 characters long, not '.$c) unless Net::DRI::Util::xml_is_token($c,1,255); |
52
|
|
|
|
|
|
|
} |
53
|
0
|
|
|
|
|
|
return; |
54
|
|
|
|
|
|
|
} |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub _generate_svcotpcreds |
57
|
|
|
|
|
|
|
{ |
58
|
0
|
|
|
0
|
|
|
my ($rp)=@_; |
59
|
|
|
|
|
|
|
|
60
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "service_provider" is mandatory') unless Net::DRI::Util::has_key($rp,'service_provider'); |
61
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "otp" is mandatory') unless Net::DRI::Util::has_key($rp,'otp'); |
62
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "credentials" is mandatory') unless Net::DRI::Util::has_key($rp,'credentials'); |
63
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "service_provider" must be an XML token from 3 to 10 characters long') unless Net::DRI::Util::xml_is_token($rp->{service_provider},3,10); |
64
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "otp" must be an XML token from 5 to 20 characters long') unless Net::DRI::Util::xml_is_token($rp->{otp},5,20); |
65
|
0
|
|
|
|
|
|
_check_credentials($rp->{credentials}); |
66
|
|
|
|
|
|
|
|
67
|
0
|
|
|
|
|
|
my @n; |
68
|
0
|
|
|
|
|
|
push @n,['authSession:serviceProvider',$rp->{service_provider}]; |
69
|
0
|
|
|
|
|
|
push @n,['authSession:otp',$rp->{otp}]; |
70
|
0
|
|
|
|
|
|
push @n,['authSession:credentialList',map { ['authSession:credentialId',$_] } @{$rp->{credentials}}]; |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
71
|
0
|
|
|
|
|
|
return @n; |
72
|
|
|
|
|
|
|
} |
73
|
|
|
|
|
|
|
|
74
|
|
|
|
|
|
|
sub _generate_token |
75
|
|
|
|
|
|
|
{ |
76
|
0
|
|
|
0
|
|
|
my ($rp)=@_; |
77
|
|
|
|
|
|
|
|
78
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "service_provider" is mandatory') unless Net::DRI::Util::has_key($rp,'service_provider'); |
79
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "credential" is mandatory') unless Net::DRI::Util::has_key($rp,'credential'); |
80
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "crDate" is mandatory') unless Net::DRI::Util::has_key($rp,'crDate'); |
81
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "exDate" is mandatory') unless Net::DRI::Util::has_key($rp,'exDate'); |
82
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "service_provider" must be an XML token from 3 to 10 characters long') unless Net::DRI::Util::xml_is_token($rp->{service_provider},3,10); |
83
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "credential" must be an XML token from 1 to 255 characters long') unless Net::DRI::Util::xml_is_token($rp->{credential},1,255); |
84
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "crDate" must be a DateTime object') unless Net::DRI::Util::check_isa($rp->{crDate},'DateTime'); |
85
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "exDate" must be a DateTime object') unless Net::DRI::Util::check_isa($rp->{exDate},'DateTime'); |
86
|
|
|
|
|
|
|
|
87
|
0
|
|
|
|
|
|
my @n; |
88
|
0
|
|
|
|
|
|
push @n,['authSession:serviceProvider',$rp->{service_provider}]; |
89
|
0
|
|
|
|
|
|
push @n,['authSession:credentialId',$rp->{credential}]; |
90
|
0
|
|
|
|
|
|
push @n,['authSession:crDate',Net::DRI::Util::dto2zstring($rp->{crDate})]; |
91
|
0
|
|
|
|
|
|
push @n,['authSession:exDate',Net::DRI::Util::dto2zstring($rp->{exDate})]; |
92
|
0
|
|
|
|
|
|
return @n; |
93
|
|
|
|
|
|
|
} |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
sub auth_create_generate |
96
|
|
|
|
|
|
|
{ |
97
|
0
|
|
|
0
|
0
|
|
my ($epp,$rp)=@_; |
98
|
0
|
|
|
|
|
|
my $mes=$epp->message(); |
99
|
|
|
|
|
|
|
|
100
|
0
|
|
|
|
|
|
my @n; |
101
|
0
|
|
|
|
|
|
push @n,_generate_svcotpcreds($rp); |
102
|
|
|
|
|
|
|
|
103
|
0
|
|
|
|
|
|
$mes->command('create','authSession:create',sprintf('xmlns:authSession="%s" xsi:schemaLocation="%s %s"',$mes->nsattrs('authSession'))); |
104
|
0
|
|
|
|
|
|
$mes->command_body(\@n); |
105
|
0
|
|
|
|
|
|
return; |
106
|
|
|
|
|
|
|
} |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
sub auth_create_parse |
109
|
|
|
|
|
|
|
{ |
110
|
0
|
|
|
0
|
0
|
|
my ($po,$otype,$oaction,$oname,$rinfo)=@_; |
111
|
0
|
|
|
|
|
|
my $mes=$po->message(); |
112
|
0
|
0
|
|
|
|
|
return unless $mes->is_success(); |
113
|
|
|
|
|
|
|
|
114
|
0
|
|
|
|
|
|
my $data=$mes->get_response('authSession','creData'); |
115
|
0
|
0
|
|
|
|
|
return unless defined $data; |
116
|
|
|
|
|
|
|
|
117
|
0
|
|
|
|
|
|
my %d; |
118
|
0
|
|
|
|
|
|
foreach my $el (Net::DRI::Util::xml_list_children($data)) |
119
|
|
|
|
|
|
|
{ |
120
|
0
|
|
|
|
|
|
my ($name,$c)=@$el; |
121
|
0
|
0
|
|
|
|
|
if ($name eq 'token') |
|
|
0
|
|
|
|
|
|
122
|
|
|
|
|
|
|
{ |
123
|
0
|
|
|
|
|
|
foreach my $subel (Net::DRI::Util::xml_list_children($c)) |
124
|
|
|
|
|
|
|
{ |
125
|
0
|
|
|
|
|
|
my ($subname,$subc)=@$subel; |
126
|
0
|
0
|
|
|
|
|
if ($subname=~m/^(serviceProvider|credentialId)$/) |
|
|
0
|
|
|
|
|
|
127
|
|
|
|
|
|
|
{ |
128
|
0
|
|
|
|
|
|
$d{Net::DRI::Util::remcam($1)}=$subc->textContent(); |
129
|
|
|
|
|
|
|
} elsif ($subname=~m/^(crDate|exDate)$/) |
130
|
|
|
|
|
|
|
{ |
131
|
0
|
|
|
|
|
|
$d{$1}=$po->parse_iso8601($subc->textContent()); |
132
|
|
|
|
|
|
|
} |
133
|
|
|
|
|
|
|
} |
134
|
|
|
|
|
|
|
} elsif ($name eq 'signature') |
135
|
|
|
|
|
|
|
{ |
136
|
0
|
|
|
|
|
|
$d{signature}=$c->textContent(); |
137
|
|
|
|
|
|
|
} |
138
|
|
|
|
|
|
|
} |
139
|
|
|
|
|
|
|
|
140
|
0
|
|
|
|
|
|
$rinfo->{auth}->{$d{credential_id}}=\%d; |
141
|
0
|
|
|
|
|
|
return; |
142
|
|
|
|
|
|
|
} |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
sub _generate_tokendata |
145
|
|
|
|
|
|
|
{ |
146
|
0
|
|
|
0
|
|
|
my ($rp)=@_; |
147
|
|
|
|
|
|
|
|
148
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "token_provider" is mandatory') unless Net::DRI::Util::has_key($rp,'token_provider'); |
149
|
0
|
0
|
0
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Either key "token" or "generic_token" is mandatory') unless Net::DRI::Util::has_key($rp,'token') xor Net::DRI::Util::has_key($rp,'generic_token'); |
150
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "signature" is mandatory') unless Net::DRI::Util::has_key($rp,'signature'); |
151
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "token_provider" must be an XML token from 3 to 10 characters long') unless Net::DRI::Util::xml_is_token($rp->{token_provider},3,10); |
152
|
|
|
|
|
|
|
|
153
|
0
|
|
|
|
|
|
my @n; |
154
|
0
|
|
|
|
|
|
push @n,['authExt:tokenProvider',$rp->{token_provider}]; |
155
|
0
|
0
|
|
|
|
|
if (Net::DRI::Util::has_key($rp,'generic_token')) |
156
|
|
|
|
|
|
|
{ |
157
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "generic_token" must be an XML string') unless Net::DRI::Util::is_string($rp->{generic_token}); |
158
|
0
|
|
|
|
|
|
push @n,['authExt:genericToken',$rp->{generic_token}]; |
159
|
|
|
|
|
|
|
} |
160
|
0
|
0
|
|
|
|
|
if (Net::DRI::Util::has_key($rp,'token')) |
161
|
|
|
|
|
|
|
{ |
162
|
0
|
|
|
|
|
|
push @n,['authExt:token',_generate_token($rp->{token})]; |
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
|
165
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "signature" must be an XML base64binary content') unless Net::DRI::Util::verify_base64($rp->{signature}); |
166
|
0
|
|
|
|
|
|
push @n,['authExt:signature',$rp->{signature}]; |
167
|
|
|
|
|
|
|
|
168
|
0
|
|
|
|
|
|
return ['authExt:tokenData',@n]; |
169
|
|
|
|
|
|
|
} |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
sub _generate_otpdata |
172
|
|
|
|
|
|
|
{ |
173
|
0
|
|
|
0
|
|
|
my ($rp)=@_; |
174
|
0
|
|
|
|
|
|
return ['authSession:otpData',_generate_svcotpcreds($rp)]; |
175
|
|
|
|
|
|
|
} |
176
|
|
|
|
|
|
|
|
177
|
|
|
|
|
|
|
sub domain_update_generate |
178
|
|
|
|
|
|
|
{ |
179
|
0
|
|
|
0
|
0
|
|
my ($epp,$dom,$toc,$rp)=@_; |
180
|
|
|
|
|
|
|
|
181
|
0
|
0
|
0
|
|
|
|
return unless Net::DRI::Util::has_key($rp,'auth') && ref $rp->{auth} eq 'HASH' && grep { Net::DRI::Util::has_key($rp->{auth},$_); } qw/validate bind unbind/; |
|
0
|
|
0
|
|
|
|
|
182
|
|
|
|
|
|
|
|
183
|
0
|
|
|
|
|
|
my $mes=$epp->message(); |
184
|
0
|
|
|
|
|
|
my @n; |
185
|
|
|
|
|
|
|
|
186
|
0
|
0
|
|
|
|
|
if (Net::DRI::Util::has_key($rp->{auth},'validate')) |
187
|
|
|
|
|
|
|
{ |
188
|
0
|
|
|
|
|
|
my @d; |
189
|
|
|
|
|
|
|
|
190
|
0
|
0
|
|
|
|
|
if (Net::DRI::Util::has_key($rp->{auth}->{validate},'token_provider')) |
|
|
0
|
|
|
|
|
|
191
|
|
|
|
|
|
|
{ |
192
|
0
|
|
|
|
|
|
push @d,_generate_tokendata($rp->{auth}->{validate}); |
193
|
|
|
|
|
|
|
} elsif (Net::DRI::Util::has_key($rp->{auth}->{validate},'service_provider')) |
194
|
|
|
|
|
|
|
{ |
195
|
0
|
|
|
|
|
|
push @d,_generate_otpdata($rp->{auth}->{validate}); |
196
|
|
|
|
|
|
|
} else |
197
|
|
|
|
|
|
|
{ |
198
|
0
|
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('Key "validate" needs either a "service_provider" or a "token_provider" key'); |
199
|
|
|
|
|
|
|
} |
200
|
0
|
|
|
|
|
|
push @n,['authExt:validate',@d]; |
201
|
|
|
|
|
|
|
} |
202
|
|
|
|
|
|
|
|
203
|
0
|
0
|
|
|
|
|
if (Net::DRI::Util::has_key($rp->{auth},'bind')) |
204
|
|
|
|
|
|
|
{ |
205
|
0
|
0
|
|
|
|
|
my @data=ref $rp->{auth}->{bind} eq 'ARRAY' ? @{$rp->{auth}->{bind}} : ($rp->{auth}->{bind}); |
|
0
|
|
|
|
|
|
|
206
|
0
|
0
|
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('Value for key "bind" must be a refhash or a refarray of refhashes') if grep { ref $_ ne 'HASH' } @data; |
|
0
|
|
|
|
|
|
|
207
|
0
|
|
|
|
|
|
my $istoken=scalar grep { exists $_->{token_provider} } @data; |
|
0
|
|
|
|
|
|
|
208
|
0
|
|
|
|
|
|
my $isotp=scalar grep { exists $_->{service_provider} } @data; |
|
0
|
|
|
|
|
|
|
209
|
0
|
0
|
0
|
|
|
|
Net::DRI::Exception::usererr_invalid_parameters('For key "bind" values must be refarray of refhashes with key "token_provider" or "service_provider", not both') if ($istoken && $isotp); |
210
|
|
|
|
|
|
|
|
211
|
0
|
|
|
|
|
|
my @d; |
212
|
0
|
0
|
|
|
|
|
if ($istoken) |
|
|
0
|
|
|
|
|
|
213
|
|
|
|
|
|
|
{ |
214
|
0
|
|
|
|
|
|
push @d,['authExt:tokenDataList',map { _generate_tokendata($_) } @data ]; |
|
0
|
|
|
|
|
|
|
215
|
|
|
|
|
|
|
} elsif ($isotp) |
216
|
|
|
|
|
|
|
{ |
217
|
0
|
|
|
|
|
|
push @d,['authExt:otpDataList',map { _generate_otpdata($_) } @data ]; |
|
0
|
|
|
|
|
|
|
218
|
|
|
|
|
|
|
} else |
219
|
|
|
|
|
|
|
{ |
220
|
0
|
|
|
|
|
|
Net::DRI::Exception::usererr_insufficient_parameters('For key "bind" values must be refarray of refhashes with either key "token_provider" or "service_provider"'); |
221
|
|
|
|
|
|
|
} |
222
|
0
|
|
|
|
|
|
push @n,['authExt:bind',@d]; |
223
|
|
|
|
|
|
|
} |
224
|
|
|
|
|
|
|
|
225
|
0
|
0
|
|
|
|
|
if (Net::DRI::Util::has_key($rp->{auth},'unbind')) |
226
|
|
|
|
|
|
|
{ |
227
|
0
|
|
|
|
|
|
my @d; |
228
|
0
|
|
|
|
|
|
_check_credentials($rp->{auth}->{unbind}); |
229
|
0
|
|
|
|
|
|
push @d,map { ['authSession:credentialId',$_] } @{$rp->{auth}->{unbind}}; |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
230
|
0
|
|
|
|
|
|
push @n,['authExt:unbind',@d]; |
231
|
|
|
|
|
|
|
} |
232
|
|
|
|
|
|
|
|
233
|
0
|
|
|
|
|
|
my $eid=$mes->command_extension_register(['authExt','authSession'],'authActions'); |
234
|
0
|
|
|
|
|
|
$mes->command_extension($eid,\@n); |
235
|
0
|
|
|
|
|
|
return; |
236
|
|
|
|
|
|
|
} |
237
|
|
|
|
|
|
|
|
238
|
|
|
|
|
|
|
#################################################################################################### |
239
|
|
|
|
|
|
|
1; |
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
__END__ |