ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields
Auth_OpenID_Association Class Reference
+ Collaboration diagram for Auth_OpenID_Association:

Public Member Functions

 Auth_OpenID_Association ($handle, $secret, $issued, $lifetime, $assoc_type)
 This is the standard constructor for creating an association.
 getExpiresIn ($now=null)
 This returns the number of seconds this association is still valid for, or 0 if the association is no longer valid.
 equal ($other)
 This checks to see if two Auth_OpenID_Association instances represent the same association.
 serialize ()
 Convert an association to KV form.
 sign ($pairs)
 Generate a signature for a sequence of (key, value) pairs.
 signMessage ($message)
 Generate a signature for some fields in a dictionary.
 _makePairs ($message)
 Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in the message.
 getMessageSignature ($message)
 Given an Auth_OpenID_Message, return the signature for the signed list in the message.
 checkMessageSignature ($message)
 Confirm that the signature of these fields matches the signature contained in the data.

Static Public Member Functions

static fromExpiresIn ($expires_in, $handle, $secret, $assoc_type)
 This is an alternate constructor (factory method) used by the OpenID consumer library to create associations.
static deserialize ($class_name, $assoc_s)
 Parse an association as stored by serialize().

Data Fields

 $SIG_LENGTH = 20
 This is a HMAC-SHA1 specific value.
 $assoc_keys
 The ordering and name of keys as stored by serialize.
 $_macs

Detailed Description

Definition at line 44 of file Association.php.

Member Function Documentation

Auth_OpenID_Association::_makePairs (   $message)

Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in the message.

If the message lacks a signed list, return null.

private

Definition at line 330 of file Association.php.

References $data, Auth_OpenID\arrayGet(), Auth_OpenID_OPENID_NS, and Auth_OpenID\isFailure().

Referenced by getMessageSignature().

{
$signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
if (!$signed || Auth_OpenID::isFailure($signed)) {
// raise ValueError('Message has no signed list: %s' % (message,))
return null;
}
$signed_list = explode(',', $signed);
$pairs = array();
$data = $message->toPostArgs();
foreach ($signed_list as $field) {
$pairs[] = array($field, Auth_OpenID::arrayGet($data,
'openid.' .
$field, ''));
}
return $pairs;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_Association::Auth_OpenID_Association (   $handle,
  $secret,
  $issued,
  $lifetime,
  $assoc_type 
)

This is the standard constructor for creating an association.

The library should create all of the necessary associations, so this constructor is not part of the external API.

private

Parameters
string$handleThis is the handle the server gave this association.
string$secretThis is the shared secret the server generated for this association.
integer$issuedThis is the time this association was issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a unix timestamp)
integer$lifetimeThis is the amount of time this association is good for, measured in seconds since the association was issued.
string$assoc_typeThis is the type of association this instance represents. The only valid values of this field at this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may be defined in the future.

Definition at line 131 of file Association.php.

References Auth_OpenID_getSupportedAssociationTypes().

Referenced by fromExpiresIn().

{
if (!in_array($assoc_type,
Auth_OpenID_getSupportedAssociationTypes(), true)) {
$fmt = 'Unsupported association type (%s)';
trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
}
$this->handle = $handle;
$this->secret = $secret;
$this->issued = $issued;
$this->lifetime = $lifetime;
$this->assoc_type = $assoc_type;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_Association::checkMessageSignature (   $message)

Confirm that the signature of these fields matches the signature contained in the data.

private

Definition at line 367 of file Association.php.

References Auth_OpenID_OPENID_NS, getMessageSignature(), and Auth_OpenID\isFailure().

{
$sig = $message->getArg(Auth_OpenID_OPENID_NS,
'sig');
if (!$sig || Auth_OpenID::isFailure($sig)) {
return false;
}
$calculated_sig = $this->getMessageSignature($message);
return $calculated_sig == $sig;
}

+ Here is the call graph for this function:

static Auth_OpenID_Association::deserialize (   $class_name,
  $assoc_s 
)
static

Parse an association as stored by serialize().

This is the inverse of serialize.

Parameters
string$assoc_sAssociation as serialized by serialize()
Returns
Auth_OpenID_Association $result instance of this class

Definition at line 209 of file Association.php.

References Auth_OpenID_KVForm\toArray().

Referenced by Auth_OpenID_FileStore\_allAssocs(), and Auth_OpenID_FileStore\_getAssociation().

{
$pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
$keys = array();
$values = array();
foreach ($pairs as $key => $value) {
if (is_array($value)) {
list($key, $value) = $value;
}
$keys[] = $key;
$values[] = $value;
}
$class_vars = get_class_vars($class_name);
$class_assoc_keys = $class_vars['assoc_keys'];
sort($keys);
sort($class_assoc_keys);
if ($keys != $class_assoc_keys) {
trigger_error('Unexpected key values: ' . var_export($keys, true),
E_USER_WARNING);
return null;
}
$version = $pairs['version'];
$handle = $pairs['handle'];
$secret = $pairs['secret'];
$issued = $pairs['issued'];
$lifetime = $pairs['lifetime'];
$assoc_type = $pairs['assoc_type'];
if ($version != '2') {
trigger_error('Unknown version: ' . $version, E_USER_WARNING);
return null;
}
$issued = intval($issued);
$lifetime = intval($lifetime);
$secret = base64_decode($secret);
return new $class_name(
$handle, $secret, $issued, $lifetime, $assoc_type);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_Association::equal (   $other)

This checks to see if two Auth_OpenID_Association instances represent the same association.

Returns
bool $result true if the two instances represent the same association, false otherwise.

Definition at line 170 of file Association.php.

{
return ((gettype($this) == gettype($other))
&& ($this->handle == $other->handle)
&& ($this->secret == $other->secret)
&& ($this->issued == $other->issued)
&& ($this->lifetime == $other->lifetime)
&& ($this->assoc_type == $other->assoc_type));
}
static Auth_OpenID_Association::fromExpiresIn (   $expires_in,
  $handle,
  $secret,
  $assoc_type 
)
static

This is an alternate constructor (factory method) used by the OpenID consumer library to create associations.

OpenID store implementations shouldn't use this constructor.

private

Parameters
integer$expires_inThis is the amount of time this association is good for, measured in seconds since the association was issued.
string$handleThis is the handle the server gave this association.
stringsecret This is the shared secret the server generated for this association.
assoc_typeThis is the type of association this instance represents. The only valid values of this field at this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may be defined in the future.
Returns
association An Auth_OpenID_Association instance.

Definition at line 97 of file Association.php.

References Auth_OpenID_Association().

Referenced by Auth_OpenID_GenericConsumer\_extractAssociation(), and Auth_OpenID_Signatory\createAssociation().

{
$issued = time();
$lifetime = $expires_in;
return new Auth_OpenID_Association($handle, $secret,
$issued, $lifetime, $assoc_type);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_Association::getExpiresIn (   $now = null)

This returns the number of seconds this association is still valid for, or 0 if the association is no longer valid.

Returns
integer $seconds The number of seconds this association is still valid for, or 0 if the association is no longer valid.

Definition at line 154 of file Association.php.

{
if ($now == null) {
$now = time();
}
return max(0, $this->issued + $this->lifetime - $now);
}
Auth_OpenID_Association::getMessageSignature (   $message)

Given an Auth_OpenID_Message, return the signature for the signed list in the message.

private

Definition at line 355 of file Association.php.

References _makePairs(), and sign().

Referenced by checkMessageSignature(), and signMessage().

{
$pairs = $this->_makePairs($message);
return base64_encode($this->sign($pairs));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_Association::serialize ( )

Convert an association to KV form.

Returns
string $result String in KV form suitable for deserialization by deserialize.

Definition at line 186 of file Association.php.

References $data, and Auth_OpenID_KVForm\fromArray().

{
$data = array(
'version' => '2',
'handle' => $this->handle,
'secret' => base64_encode($this->secret),
'issued' => strval(intval($this->issued)),
'lifetime' => strval(intval($this->lifetime)),
'assoc_type' => $this->assoc_type
);
assert(array_keys($data) == $this->assoc_keys);
return Auth_OpenID_KVForm::fromArray($data, $strict = true);
}

+ Here is the call graph for this function:

Auth_OpenID_Association::sign (   $pairs)

Generate a signature for a sequence of (key, value) pairs.

private

Parameters
array$pairsThe pairs to sign, in order. This is an array of two-tuples.
Returns
string $signature The binary signature of this sequence of pairs

Definition at line 263 of file Association.php.

References Auth_OpenID_KVForm\fromArray().

Referenced by getMessageSignature().

{
$kv = Auth_OpenID_KVForm::fromArray($pairs);
/* Invalid association types should be caught at constructor */
$callback = $this->_macs[$this->assoc_type];
return call_user_func_array($callback, array($this->secret, $kv));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_Association::signMessage (   $message)

Generate a signature for some fields in a dictionary.

private

Parameters
array$fieldsThe fields to sign, in order; this is an array of strings.
array$dataDictionary of values to sign (an array of string => string pairs).
Returns
string $signature The signature, base64 encoded

Definition at line 283 of file Association.php.

References Auth_OpenID_OPENID_NS, and getMessageSignature().

{
if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') ||
$message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) {
// Already has a sig
return null;
}
$extant_handle = $message->getArg(Auth_OpenID_OPENID_NS,
'assoc_handle');
if ($extant_handle && ($extant_handle != $this->handle)) {
// raise ValueError("Message has a different association handle")
return null;
}
$signed_message = $message;
$signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
$this->handle);
$message_keys = array_keys($signed_message->toPostArgs());
$signed_list = array();
$signed_prefix = 'openid.';
foreach ($message_keys as $k) {
if (strpos($k, $signed_prefix) === 0) {
$signed_list[] = substr($k, strlen($signed_prefix));
}
}
$signed_list[] = 'signed';
sort($signed_list);
$signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed',
implode(',', $signed_list));
$sig = $this->getMessageSignature($signed_message);
$signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig);
return $signed_message;
}

+ Here is the call graph for this function:

Field Documentation

Auth_OpenID_Association::$_macs
Initial value:
array(
'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1',
'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256'
)

Definition at line 67 of file Association.php.

Auth_OpenID_Association::$assoc_keys
Initial value:
array(
'version',
'handle',
'secret',
'issued',
'lifetime',
'assoc_type'
)

The ordering and name of keys as stored by serialize.

private

Definition at line 58 of file Association.php.

Auth_OpenID_Association::$SIG_LENGTH = 20

This is a HMAC-SHA1 specific value.

private

Definition at line 51 of file Association.php.

The documentation for this class was generated from the following file: