ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Static Public Member Functions | Data Fields
Auth_OpenID_Association Class Reference
+ Collaboration diagram for Auth_OpenID_Association:

Public Member Functions

 Auth_OpenID_Association ( $handle, $secret, $issued, $lifetime, $assoc_type)
 This is the standard constructor for creating an association. More...
 
 getExpiresIn ($now=null)
 This returns the number of seconds this association is still valid for, or 0 if the association is no longer valid. More...
 
 equal ($other)
 This checks to see if two Auth_OpenID_Association instances represent the same association. More...
 
 serialize ()
 Convert an association to KV form. More...
 
 sign ($pairs)
 Generate a signature for a sequence of (key, value) pairs. More...
 
 signMessage ($message)
 Generate a signature for some fields in a dictionary. More...
 
 _makePairs ($message)
 Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in the message. More...
 
 getMessageSignature ($message)
 Given an Auth_OpenID_Message, return the signature for the signed list in the message. More...
 
 checkMessageSignature ($message)
 Confirm that the signature of these fields matches the signature contained in the data. More...
 

Static Public Member Functions

static fromExpiresIn ($expires_in, $handle, $secret, $assoc_type)
 This is an alternate constructor (factory method) used by the OpenID consumer library to create associations. More...
 
static deserialize ($class_name, $assoc_s)
 Parse an association as stored by serialize(). More...
 

Data Fields

 $SIG_LENGTH = 20
 This is a HMAC-SHA1 specific value. More...
 
 $assoc_keys
 The ordering and name of keys as stored by serialize. More...
 
 $_macs
 

Detailed Description

Definition at line 44 of file Association.php.

Member Function Documentation

◆ _makePairs()

Auth_OpenID_Association::_makePairs (   $message)

Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in the message.

If the message lacks a signed list, return null.

private

Definition at line 330 of file Association.php.

References $data, Auth_OpenID\arrayGet(), Auth_OpenID_OPENID_NS, and Auth_OpenID\isFailure().

Referenced by getMessageSignature().

331  {
332  $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
333  if (!$signed || Auth_OpenID::isFailure($signed)) {
334  // raise ValueError('Message has no signed list: %s' % (message,))
335  return null;
336  }
337 
338  $signed_list = explode(',', $signed);
339  $pairs = array();
340  $data = $message->toPostArgs();
341  foreach ($signed_list as $field) {
342  $pairs[] = array($field, Auth_OpenID::arrayGet($data,
343  'openid.' .
344  $field, ''));
345  }
346  return $pairs;
347  }
Auth_OpenID_OPENID_NS
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
$data
$data
Definition: example_011.php:126
Auth_OpenID\arrayGet
static arrayGet($arr, $key, $fallback=null)
Convenience function for getting array values.
Definition: OpenID.php:242
Auth_OpenID\isFailure
static isFailure($thing)
Return true if $thing is an Auth_OpenID_FailureResponse object; false if not.
Definition: OpenID.php:118
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Auth_OpenID_Association()

Auth_OpenID_Association::Auth_OpenID_Association (   $handle,
  $secret,
  $issued,
  $lifetime,
  $assoc_type 
)

This is the standard constructor for creating an association.

The library should create all of the necessary associations, so this constructor is not part of the external API.

private

Parameters
string$handleThis is the handle the server gave this association.
string$secretThis is the shared secret the server generated for this association.
integer$issuedThis is the time this association was issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a unix timestamp)
integer$lifetimeThis is the amount of time this association is good for, measured in seconds since the association was issued.
string$assoc_typeThis is the type of association this instance represents. The only valid values of this field at this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may be defined in the future.

Definition at line 131 of file Association.php.

References Auth_OpenID_getSupportedAssociationTypes().

Referenced by fromExpiresIn().

133  {
134  if (!in_array($assoc_type,
135  Auth_OpenID_getSupportedAssociationTypes(), true)) {
136  $fmt = 'Unsupported association type (%s)';
137  trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
138  }
139 
140  $this->handle = $handle;
141  $this->secret = $secret;
142  $this->issued = $issued;
143  $this->lifetime = $lifetime;
144  $this->assoc_type = $assoc_type;
145  }
Auth_OpenID_getSupportedAssociationTypes
Auth_OpenID_getSupportedAssociationTypes()
Definition: Association.php:397
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkMessageSignature()

Auth_OpenID_Association::checkMessageSignature (   $message)

Confirm that the signature of these fields matches the signature contained in the data.

private

Definition at line 367 of file Association.php.

References Auth_OpenID_OPENID_NS, getMessageSignature(), and Auth_OpenID\isFailure().

368  {
369  $sig = $message->getArg(Auth_OpenID_OPENID_NS,
370  'sig');
371 
372  if (!$sig || Auth_OpenID::isFailure($sig)) {
373  return false;
374  }
375 
376  $calculated_sig = $this->getMessageSignature($message);
377  return $calculated_sig == $sig;
378  }
Auth_OpenID_OPENID_NS
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
Auth_OpenID_Association\getMessageSignature
getMessageSignature($message)
Given an Auth_OpenID_Message, return the signature for the signed list in the message.
Definition: Association.php:355
Auth_OpenID\isFailure
static isFailure($thing)
Return true if $thing is an Auth_OpenID_FailureResponse object; false if not.
Definition: OpenID.php:118
+ Here is the call graph for this function:

◆ deserialize()

static Auth_OpenID_Association::deserialize (   $class_name,
  $assoc_s 
)
static

Parse an association as stored by serialize().

This is the inverse of serialize.

Parameters
string$assoc_sAssociation as serialized by serialize()
Returns
Auth_OpenID_Association $result instance of this class

Definition at line 209 of file Association.php.

References Auth_OpenID_KVForm\toArray().

Referenced by Auth_OpenID_FileStore\_allAssocs(), and Auth_OpenID_FileStore\_getAssociation().

210  {
211  $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
212  $keys = array();
213  $values = array();
214  foreach ($pairs as $key => $value) {
215  if (is_array($value)) {
216  list($key, $value) = $value;
217  }
218  $keys[] = $key;
219  $values[] = $value;
220  }
221 
222  $class_vars = get_class_vars($class_name);
223  $class_assoc_keys = $class_vars['assoc_keys'];
224 
225  sort($keys);
226  sort($class_assoc_keys);
227 
228  if ($keys != $class_assoc_keys) {
229  trigger_error('Unexpected key values: ' . var_export($keys, true),
230  E_USER_WARNING);
231  return null;
232  }
233 
234  $version = $pairs['version'];
235  $handle = $pairs['handle'];
236  $secret = $pairs['secret'];
237  $issued = $pairs['issued'];
238  $lifetime = $pairs['lifetime'];
239  $assoc_type = $pairs['assoc_type'];
240 
241  if ($version != '2') {
242  trigger_error('Unknown version: ' . $version, E_USER_WARNING);
243  return null;
244  }
245 
246  $issued = intval($issued);
247  $lifetime = intval($lifetime);
248  $secret = base64_decode($secret);
249 
250  return new $class_name(
251  $handle, $secret, $issued, $lifetime, $assoc_type);
252  }
Auth_OpenID_KVForm\toArray
static toArray($kvs, $strict=false)
Convert an OpenID colon/newline separated string into an associative array.
Definition: KVForm.php:29
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ equal()

Auth_OpenID_Association::equal (   $other)

This checks to see if two Auth_OpenID_Association instances represent the same association.

Returns
bool $result true if the two instances represent the same association, false otherwise.

Definition at line 170 of file Association.php.

171  {
172  return ((gettype($this) == gettype($other))
173  && ($this->handle == $other->handle)
174  && ($this->secret == $other->secret)
175  && ($this->issued == $other->issued)
176  && ($this->lifetime == $other->lifetime)
177  && ($this->assoc_type == $other->assoc_type));
178  }

◆ fromExpiresIn()

static Auth_OpenID_Association::fromExpiresIn (   $expires_in,
  $handle,
  $secret,
  $assoc_type 
)
static

This is an alternate constructor (factory method) used by the OpenID consumer library to create associations.

OpenID store implementations shouldn't use this constructor.

private

Parameters
integer$expires_inThis is the amount of time this association is good for, measured in seconds since the association was issued.
string$handleThis is the handle the server gave this association.
stringsecret This is the shared secret the server generated for this association.
assoc_typeThis is the type of association this instance represents. The only valid values of this field at this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may be defined in the future.
Returns
association An Auth_OpenID_Association instance.

Definition at line 97 of file Association.php.

References Auth_OpenID_Association().

Referenced by Auth_OpenID_GenericConsumer\_extractAssociation(), and Auth_OpenID_Signatory\createAssociation().

98  {
99  $issued = time();
100  $lifetime = $expires_in;
101  return new Auth_OpenID_Association($handle, $secret,
102  $issued, $lifetime, $assoc_type);
103  }
Auth_OpenID_Association\Auth_OpenID_Association
Auth_OpenID_Association( $handle, $secret, $issued, $lifetime, $assoc_type)
This is the standard constructor for creating an association.
Definition: Association.php:131
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getExpiresIn()

Auth_OpenID_Association::getExpiresIn (   $now = null)

This returns the number of seconds this association is still valid for, or 0 if the association is no longer valid.

Returns
integer $seconds The number of seconds this association is still valid for, or 0 if the association is no longer valid.

Definition at line 154 of file Association.php.

155  {
156  if ($now == null) {
157  $now = time();
158  }
159 
160  return max(0, $this->issued + $this->lifetime - $now);
161  }

◆ getMessageSignature()

Auth_OpenID_Association::getMessageSignature (   $message)

Given an Auth_OpenID_Message, return the signature for the signed list in the message.

private

Definition at line 355 of file Association.php.

References _makePairs(), and sign().

Referenced by checkMessageSignature(), and signMessage().

356  {
357  $pairs = $this->_makePairs($message);
358  return base64_encode($this->sign($pairs));
359  }
Auth_OpenID_Association\_makePairs
_makePairs($message)
Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in ...
Definition: Association.php:330
Auth_OpenID_Association\sign
sign($pairs)
Generate a signature for a sequence of (key, value) pairs.
Definition: Association.php:263
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ serialize()

Auth_OpenID_Association::serialize ( )

Convert an association to KV form.

Returns
string $result String in KV form suitable for deserialization by deserialize.

Definition at line 186 of file Association.php.

References $data, and Auth_OpenID_KVForm\fromArray().

187  {
188  $data = array(
189  'version' => '2',
190  'handle' => $this->handle,
191  'secret' => base64_encode($this->secret),
192  'issued' => strval(intval($this->issued)),
193  'lifetime' => strval(intval($this->lifetime)),
194  'assoc_type' => $this->assoc_type
195  );
196 
197  assert(array_keys($data) == $this->assoc_keys);
198 
199  return Auth_OpenID_KVForm::fromArray($data, $strict = true);
200  }
Auth_OpenID_KVForm\fromArray
static fromArray($values)
Convert an array into an OpenID colon/newline separated string.
Definition: KVForm.php:81
$data
$data
Definition: example_011.php:126
+ Here is the call graph for this function:

◆ sign()

Auth_OpenID_Association::sign (   $pairs)

Generate a signature for a sequence of (key, value) pairs.

private

Parameters
array$pairsThe pairs to sign, in order. This is an array of two-tuples.
Returns
string $signature The binary signature of this sequence of pairs

Definition at line 263 of file Association.php.

References Auth_OpenID_KVForm\fromArray().

Referenced by getMessageSignature().

264  {
265  $kv = Auth_OpenID_KVForm::fromArray($pairs);
266 
267  /* Invalid association types should be caught at constructor */
268  $callback = $this->_macs[$this->assoc_type];
269 
270  return call_user_func_array($callback, array($this->secret, $kv));
271  }
Auth_OpenID_KVForm\fromArray
static fromArray($values)
Convert an array into an OpenID colon/newline separated string.
Definition: KVForm.php:81
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ signMessage()

Auth_OpenID_Association::signMessage (   $message)

Generate a signature for some fields in a dictionary.

private

Parameters
array$fieldsThe fields to sign, in order; this is an array of strings.
array$dataDictionary of values to sign (an array of string => string pairs).
Returns
string $signature The signature, base64 encoded

Definition at line 283 of file Association.php.

References Auth_OpenID_OPENID_NS, and getMessageSignature().

284  {
285  if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') ||
286  $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) {
287  // Already has a sig
288  return null;
289  }
290 
291  $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS,
292  'assoc_handle');
293 
294  if ($extant_handle && ($extant_handle != $this->handle)) {
295  // raise ValueError("Message has a different association handle")
296  return null;
297  }
298 
299  $signed_message = $message;
300  $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
301  $this->handle);
302 
303  $message_keys = array_keys($signed_message->toPostArgs());
304  $signed_list = array();
305  $signed_prefix = 'openid.';
306 
307  foreach ($message_keys as $k) {
308  if (strpos($k, $signed_prefix) === 0) {
309  $signed_list[] = substr($k, strlen($signed_prefix));
310  }
311  }
312 
313  $signed_list[] = 'signed';
314  sort($signed_list);
315 
316  $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed',
317  implode(',', $signed_list));
318  $sig = $this->getMessageSignature($signed_message);
319  $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig);
320  return $signed_message;
321  }
Auth_OpenID_OPENID_NS
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
Auth_OpenID_Association\getMessageSignature
getMessageSignature($message)
Given an Auth_OpenID_Message, return the signature for the signed list in the message.
Definition: Association.php:355
+ Here is the call graph for this function:

Field Documentation

◆ $_macs

Auth_OpenID_Association::$_macs
Initial value:
= array(
'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1',
'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256'
)

Definition at line 67 of file Association.php.

◆ $assoc_keys

Auth_OpenID_Association::$assoc_keys
Initial value:
= array(
'version',
'handle',
'secret',
'issued',
'lifetime',
'assoc_type'
)

The ordering and name of keys as stored by serialize.

private

Definition at line 58 of file Association.php.

◆ $SIG_LENGTH

Auth_OpenID_Association::$SIG_LENGTH = 20

This is a HMAC-SHA1 specific value.

private

Definition at line 51 of file Association.php.

The documentation for this class was generated from the following file: