20 require_once
'Auth/OpenID/CryptUtil.php';
25 require_once
'Auth/OpenID/KVForm.php';
30 require_once
'Auth/OpenID/HMAC.php';
68 'HMAC-SHA1' =>
'Auth_OpenID_HMACSHA1',
69 'HMAC-SHA256' =>
'Auth_OpenID_HMACSHA256'
100 $lifetime = $expires_in;
102 $issued, $lifetime, $assoc_type);
132 $handle, $secret, $issued, $lifetime, $assoc_type)
134 if (!in_array($assoc_type,
136 $fmt =
'Unsupported association type (%s)';
137 trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
141 $this->secret = $secret;
142 $this->issued = $issued;
143 $this->lifetime = $lifetime;
144 $this->assoc_type = $assoc_type;
160 return max(0, $this->issued + $this->lifetime - $now);
172 return ((gettype($this) == gettype($other))
173 && ($this->handle == $other->handle)
174 && ($this->secret == $other->secret)
175 && ($this->issued == $other->issued)
176 && ($this->lifetime == $other->lifetime)
177 && ($this->assoc_type == $other->assoc_type));
190 'handle' => $this->handle,
191 'secret' => base64_encode($this->secret),
192 'issued' => strval(intval($this->issued)),
193 'lifetime' => strval(intval($this->lifetime)),
194 'assoc_type' => $this->assoc_type
197 assert(array_keys(
$data) == $this->assoc_keys);
214 foreach ($pairs as $key => $value) {
215 if (is_array($value)) {
216 list($key, $value) = $value;
222 $class_vars = get_class_vars($class_name);
223 $class_assoc_keys = $class_vars[
'assoc_keys'];
226 sort($class_assoc_keys);
228 if ($keys != $class_assoc_keys) {
229 trigger_error(
'Unexpected key values: ' . var_export($keys,
true),
234 $version = $pairs[
'version'];
236 $secret = $pairs[
'secret'];
237 $issued = $pairs[
'issued'];
238 $lifetime = $pairs[
'lifetime'];
239 $assoc_type = $pairs[
'assoc_type'];
241 if ($version !=
'2') {
242 trigger_error(
'Unknown version: ' . $version, E_USER_WARNING);
246 $issued = intval($issued);
247 $lifetime = intval($lifetime);
248 $secret = base64_decode($secret);
250 return new $class_name(
251 $handle, $secret, $issued, $lifetime, $assoc_type);
268 $callback = $this->_macs[$this->assoc_type];
270 return call_user_func_array($callback, array($this->secret, $kv));
294 if ($extant_handle && ($extant_handle != $this->handle)) {
299 $signed_message = $message;
303 $message_keys = array_keys($signed_message->toPostArgs());
304 $signed_list = array();
305 $signed_prefix =
'openid.';
307 foreach ($message_keys as $k) {
308 if (strpos($k, $signed_prefix) === 0) {
309 $signed_list[] = substr($k, strlen($signed_prefix));
313 $signed_list[] =
'signed';
317 implode(
',', $signed_list));
320 return $signed_message;
338 $signed_list = explode(
',', $signed);
340 $data = $message->toPostArgs();
341 foreach ($signed_list as $field) {
358 return base64_encode($this->
sign($pairs));
377 return $calculated_sig == $sig;
383 if ($assoc_type ==
'HMAC-SHA1') {
385 }
else if ($assoc_type ==
'HMAC-SHA256') {
394 return array(
'HMAC-SHA1',
'HMAC-SHA256');
399 $a = array(
'HMAC-SHA1');
401 if (Auth_OpenID_HMACSHA256_SUPPORTED) {
402 $a[] =
'HMAC-SHA256';
410 $assoc_to_session = array(
411 'HMAC-SHA1' => array(
'DH-SHA1',
'no-encryption'));
413 if (Auth_OpenID_HMACSHA256_SUPPORTED) {
414 $assoc_to_session[
'HMAC-SHA256'] =
415 array(
'DH-SHA256',
'no-encryption');
423 if (!in_array($session_type,
436 $order[] = array(
'HMAC-SHA1',
'DH-SHA1');
438 if (Auth_OpenID_HMACSHA256_SUPPORTED) {
439 $order[] = array(
'HMAC-SHA256',
'DH-SHA256');
443 $order[] = array(
'HMAC-SHA1',
'no-encryption');
445 if (Auth_OpenID_HMACSHA256_SUPPORTED) {
446 $order[] = array(
'HMAC-SHA256',
'no-encryption');
457 list($assoc, $session) = $pair;
459 if ($session !=
'no-encryption') {
460 if (Auth_OpenID_HMACSHA256_SUPPORTED &&
461 ($assoc ==
'HMAC-SHA256')) {
463 }
else if ($assoc !=
'HMAC-SHA256') {
528 $this->allowed_types = array();
540 foreach ($allowed_types as $pair) {
541 list($assoc_type, $session_type) = $pair;
547 $this->allowed_types = $allowed_types;
560 if ($this->allowed_types === null) {
561 $this->allowed_types = array();
564 if ($session_type === null) {
571 foreach ($available as $session_type) {
576 $this->allowed_types[] = array($assoc_type, $session_type);
588 $assoc_good = in_array(array($assoc_type, $session_type),
589 $this->allowed_types);
591 $matches = in_array($session_type,
594 return ($assoc_good && $matches);
603 if (!$this->allowed_types) {
604 return array(null, null);
607 return $this->allowed_types[0];