ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5
Auth_OpenID_Signatory Class Reference
+ Collaboration diagram for Auth_OpenID_Signatory:

Public Member Functions

 Auth_OpenID_Signatory ($store)
 Create a new signatory using a given store. More...
 
 verify ($assoc_handle, $message)
 Verify, using a given association handle, a signature with signed key-value pairs from an HTTP request. More...
 
 sign ($response)
 Given a response, sign the fields in the response's 'signed' list, and insert the signature into the response. More...
 
 createAssociation ($dumb=true, $assoc_type='HMAC-SHA1')
 Make a new association. More...
 
 getAssociation ($assoc_handle, $dumb, $check_expiration=true)
 Given an association handle, get the association from the store, or return a ServerError or null if something goes wrong. More...
 
 invalidate ($assoc_handle, $dumb)
 Invalidate a given association handle. More...
 

Data Fields

 $SECRET_LIFETIME = 1209600
 
 $normal_key = 'http://localhost/|normal'
 
 $dumb_key = 'http://localhost/|dumb'
 

Detailed Description

Definition at line 1299 of file Server.php.

Member Function Documentation

◆ Auth_OpenID_Signatory()

Auth_OpenID_Signatory::Auth_OpenID_Signatory (   $store)

Create a new signatory using a given store.

Definition at line 1314 of file Server.php.

1315  {
1316  // assert store is not None
1317  $this->store = $store;
1318  }

◆ createAssociation()

Auth_OpenID_Signatory::createAssociation (   $dumb = true,
  $assoc_type = 'HMAC-SHA1' 
)

Make a new association.

Definition at line 1373 of file Server.php.

References Auth_OpenID_getSecretSize(), Auth_OpenID_Association\fromExpiresIn(), and Auth_OpenID_CryptUtil\getBytes().

1374  {
1376  Auth_OpenID_getSecretSize($assoc_type));
1377 
1378  $uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4));
1379  $handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq);
1380 
1382  $this->SECRET_LIFETIME, $handle, $secret, $assoc_type);
1383 
1384  if ($dumb) {
1385  $key = $this->dumb_key;
1386  } else {
1387  $key = $this->normal_key;
1388  }
1389 
1390  $this->store->storeAssociation($key, $assoc);
1391  return $assoc;
1392  }
static fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
This is an alternate constructor (factory method) used by the OpenID consumer library to create assoc...
Definition: Association.php:97
Auth_OpenID_getSecretSize($assoc_type)
static getBytes($num_bytes)
Get the specified number of random bytes.
Definition: CryptUtil.php:40
+ Here is the call graph for this function:

◆ getAssociation()

Auth_OpenID_Signatory::getAssociation (   $assoc_handle,
  $dumb,
  $check_expiration = true 
)

Given an association handle, get the association from the store, or return a ServerError or null if something goes wrong.

Definition at line 1398 of file Server.php.

References Auth_OpenID_ServerError\Auth_OpenID_ServerError().

1399  {
1400  if ($assoc_handle === null) {
1401  return new Auth_OpenID_ServerError(null,
1402  "assoc_handle must not be null");
1403  }
1404 
1405  if ($dumb) {
1406  $key = $this->dumb_key;
1407  } else {
1408  $key = $this->normal_key;
1409  }
1410 
1411  $assoc = $this->store->getAssociation($key, $assoc_handle);
1412 
1413  if (($assoc !== null) && ($assoc->getExpiresIn() <= 0)) {
1414  if ($check_expiration) {
1415  $this->store->removeAssociation($key, $assoc_handle);
1416  $assoc = null;
1417  }
1418  }
1419 
1420  return $assoc;
1421  }
+ Here is the call graph for this function:

◆ invalidate()

Auth_OpenID_Signatory::invalidate (   $assoc_handle,
  $dumb 
)

Invalidate a given association handle.

Definition at line 1426 of file Server.php.

1427  {
1428  if ($dumb) {
1429  $key = $this->dumb_key;
1430  } else {
1431  $key = $this->normal_key;
1432  }
1433  $this->store->removeAssociation($key, $assoc_handle);
1434  }

◆ sign()

Auth_OpenID_Signatory::sign (   $response)

Given a response, sign the fields in the response's 'signed' list, and insert the signature into the response.

Definition at line 1340 of file Server.php.

References Auth_OpenID_OPENID_NS.

1341  {
1342  $signed_response = $response;
1343  $assoc_handle = $response->request->assoc_handle;
1344 
1345  if ($assoc_handle) {
1346  // normal mode
1347  $assoc = $this->getAssociation($assoc_handle, false, false);
1348  if (!$assoc || ($assoc->getExpiresIn() <= 0)) {
1349  // fall back to dumb mode
1350  $signed_response->fields->setArg(Auth_OpenID_OPENID_NS,
1351  'invalidate_handle', $assoc_handle);
1352  $assoc_type = ($assoc ? $assoc->assoc_type : 'HMAC-SHA1');
1353 
1354  if ($assoc && ($assoc->getExpiresIn() <= 0)) {
1355  $this->invalidate($assoc_handle, false);
1356  }
1357 
1358  $assoc = $this->createAssociation(true, $assoc_type);
1359  }
1360  } else {
1361  // dumb mode.
1362  $assoc = $this->createAssociation(true);
1363  }
1364 
1365  $signed_response->fields = $assoc->signMessage(
1366  $signed_response->fields);
1367  return $signed_response;
1368  }
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
invalidate($assoc_handle, $dumb)
Invalidate a given association handle.
Definition: Server.php:1426
createAssociation($dumb=true, $assoc_type='HMAC-SHA1')
Make a new association.
Definition: Server.php:1373
getAssociation($assoc_handle, $dumb, $check_expiration=true)
Given an association handle, get the association from the store, or return a ServerError or null if s...
Definition: Server.php:1398

◆ verify()

Auth_OpenID_Signatory::verify (   $assoc_handle,
  $message 
)

Verify, using a given association handle, a signature with signed key-value pairs from an HTTP request.

Definition at line 1324 of file Server.php.

1325  {
1326  $assoc = $this->getAssociation($assoc_handle, true);
1327  if (!$assoc) {
1328  // oidutil.log("failed to get assoc with handle %r to verify sig %r"
1329  // % (assoc_handle, sig))
1330  return false;
1331  }
1332 
1333  return $assoc->checkMessageSignature($message);
1334  }
getAssociation($assoc_handle, $dumb, $check_expiration=true)
Given an association handle, get the association from the store, or return a ServerError or null if s...
Definition: Server.php:1398

Field Documentation

◆ $dumb_key

Auth_OpenID_Signatory::$dumb_key = 'http://localhost/|dumb'

Definition at line 1309 of file Server.php.

◆ $normal_key

Auth_OpenID_Signatory::$normal_key = 'http://localhost/|normal'

Definition at line 1308 of file Server.php.

◆ $SECRET_LIFETIME

Auth_OpenID_Signatory::$SECRET_LIFETIME = 1209600

Definition at line 1302 of file Server.php.


The documentation for this class was generated from the following file: