ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Static Public Member Functions | Data Fields
Auth_OpenID_Association Class Reference
+ Collaboration diagram for Auth_OpenID_Association:

Public Member Functions

 Auth_OpenID_Association ( $handle, $secret, $issued, $lifetime, $assoc_type)
 This is the standard constructor for creating an association. More...
 
 getExpiresIn ($now=null)
 This returns the number of seconds this association is still valid for, or 0 if the association is no longer valid. More...
 
 equal ($other)
 This checks to see if two Auth_OpenID_Association instances represent the same association. More...
 
 serialize ()
 Convert an association to KV form. More...
 
 sign ($pairs)
 Generate a signature for a sequence of (key, value) pairs. More...
 
 signMessage ($message)
 Generate a signature for some fields in a dictionary. More...
 
 _makePairs ($message)
 Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in the message. More...
 
 getMessageSignature ($message)
 Given an Auth_OpenID_Message, return the signature for the signed list in the message. More...
 
 checkMessageSignature ($message)
 Confirm that the signature of these fields matches the signature contained in the data. More...
 

Static Public Member Functions

static fromExpiresIn ($expires_in, $handle, $secret, $assoc_type)
 This is an alternate constructor (factory method) used by the OpenID consumer library to create associations. More...
 
static deserialize ($class_name, $assoc_s)
 Parse an association as stored by serialize(). More...
 

Data Fields

 $SIG_LENGTH = 20
 This is a HMAC-SHA1 specific value. More...
 
 $assoc_keys
 The ordering and name of keys as stored by serialize. More...
 
 $_macs
 

Detailed Description

Definition at line 44 of file Association.php.

Member Function Documentation

◆ _makePairs()

Auth_OpenID_Association::_makePairs (   $message)

Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in the message.

If the message lacks a signed list, return null.

@access private

Definition at line 330 of file Association.php.

331 {
332 $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
333 if (!$signed || Auth_OpenID::isFailure($signed)) {
334 // raise ValueError('Message has no signed list: %s' % (message,))
335 return null;
336 }
337
338 $signed_list = explode(',', $signed);
339 $pairs = array();
340 $data = $message->toPostArgs();
341 foreach ($signed_list as $field) {
342 $pairs[] = array($field, Auth_OpenID::arrayGet($data,
343 'openid.' .
344 $field, ''));
345 }
346 return $pairs;
347 }
Auth_OpenID_OPENID_NS
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
Auth_OpenID\arrayGet
static arrayGet($arr, $key, $fallback=null)
Convenience function for getting array values.
Definition: OpenID.php:242
Auth_OpenID\isFailure
static isFailure($thing)
Return true if $thing is an Auth_OpenID_FailureResponse object; false if not.
Definition: OpenID.php:118
$data
$data
Definition: example_011.php:126

References $data, Auth_OpenID\arrayGet(), Auth_OpenID_OPENID_NS, and Auth_OpenID\isFailure().

Referenced by getMessageSignature().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Auth_OpenID_Association()

Auth_OpenID_Association::Auth_OpenID_Association (   $handle,
  $secret,
  $issued,
  $lifetime,
  $assoc_type 
)

This is the standard constructor for creating an association.

The library should create all of the necessary associations, so this constructor is not part of the external API.

@access private

Parameters
string$handleThis is the handle the server gave this association.
string$secretThis is the shared secret the server generated for this association.
integer$issuedThis is the time this association was issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a unix timestamp)
integer$lifetimeThis is the amount of time this association is good for, measured in seconds since the association was issued.
string$assoc_typeThis is the type of association this instance represents. The only valid values of this field at this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may be defined in the future.

Definition at line 131 of file Association.php.

133 {
134 if (!in_array($assoc_type,
135 Auth_OpenID_getSupportedAssociationTypes(), true)) {
136 $fmt = 'Unsupported association type (%s)';
137 trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
138 }
139
140 $this->handle = $handle;
141 $this->secret = $secret;
142 $this->issued = $issued;
143 $this->lifetime = $lifetime;
144 $this->assoc_type = $assoc_type;
145 }
Auth_OpenID_getSupportedAssociationTypes
Auth_OpenID_getSupportedAssociationTypes()
Definition: Association.php:397

References Auth_OpenID_getSupportedAssociationTypes().

Referenced by fromExpiresIn().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkMessageSignature()

Auth_OpenID_Association::checkMessageSignature (   $message)

Confirm that the signature of these fields matches the signature contained in the data.

@access private

Definition at line 367 of file Association.php.

368 {
369 $sig = $message->getArg(Auth_OpenID_OPENID_NS,
370 'sig');
371
372 if (!$sig || Auth_OpenID::isFailure($sig)) {
373 return false;
374 }
375
376 $calculated_sig = $this->getMessageSignature($message);
377 return $calculated_sig == $sig;
378 }
Auth_OpenID_Association\getMessageSignature
getMessageSignature($message)
Given an Auth_OpenID_Message, return the signature for the signed list in the message.
Definition: Association.php:355

References Auth_OpenID_OPENID_NS, getMessageSignature(), and Auth_OpenID\isFailure().

+ Here is the call graph for this function:

◆ deserialize()

static Auth_OpenID_Association::deserialize (   $class_name,
  $assoc_s 
)
static

Parse an association as stored by serialize().

This is the inverse of serialize.

Parameters
string$assoc_sAssociation as serialized by serialize()
Returns
Auth_OpenID_Association $result instance of this class

Definition at line 209 of file Association.php.

210 {
211 $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
212 $keys = array();
213 $values = array();
214 foreach ($pairs as $key => $value) {
215 if (is_array($value)) {
216 list($key, $value) = $value;
217 }
218 $keys[] = $key;
219 $values[] = $value;
220 }
221
222 $class_vars = get_class_vars($class_name);
223 $class_assoc_keys = $class_vars['assoc_keys'];
224
225 sort($keys);
226 sort($class_assoc_keys);
227
228 if ($keys != $class_assoc_keys) {
229 trigger_error('Unexpected key values: ' . var_export($keys, true),
230 E_USER_WARNING);
231 return null;
232 }
233
234 $version = $pairs['version'];
235 $handle = $pairs['handle'];
236 $secret = $pairs['secret'];
237 $issued = $pairs['issued'];
238 $lifetime = $pairs['lifetime'];
239 $assoc_type = $pairs['assoc_type'];
240
241 if ($version != '2') {
242 trigger_error('Unknown version: ' . $version, E_USER_WARNING);
243 return null;
244 }
245
246 $issued = intval($issued);
247 $lifetime = intval($lifetime);
248 $secret = base64_decode($secret);
249
250 return new $class_name(
251 $handle, $secret, $issued, $lifetime, $assoc_type);
252 }
Auth_OpenID_KVForm\toArray
static toArray($kvs, $strict=false)
Convert an OpenID colon/newline separated string into an associative array.
Definition: KVForm.php:29

References Auth_OpenID_KVForm\toArray().

Referenced by Auth_OpenID_FileStore\_allAssocs(), and Auth_OpenID_FileStore\_getAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ equal()

Auth_OpenID_Association::equal (   $other)

This checks to see if two Auth_OpenID_Association instances represent the same association.

Returns
bool $result true if the two instances represent the same association, false otherwise.

Definition at line 170 of file Association.php.

171 {
172 return ((gettype($this) == gettype($other))
173 && ($this->handle == $other->handle)
174 && ($this->secret == $other->secret)
175 && ($this->issued == $other->issued)
176 && ($this->lifetime == $other->lifetime)
177 && ($this->assoc_type == $other->assoc_type));
178 }

◆ fromExpiresIn()

static Auth_OpenID_Association::fromExpiresIn (   $expires_in,
  $handle,
  $secret,
  $assoc_type 
)
static

This is an alternate constructor (factory method) used by the OpenID consumer library to create associations.

OpenID store implementations shouldn't use this constructor.

@access private

Parameters
integer$expires_inThis is the amount of time this association is good for, measured in seconds since the association was issued.
string$handleThis is the handle the server gave this association.
stringsecret This is the shared secret the server generated for this association.
assoc_typeThis is the type of association this instance represents. The only valid values of this field at this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may be defined in the future.
Returns
association An Auth_OpenID_Association instance.

Definition at line 97 of file Association.php.

98 {
99 $issued = time();
100 $lifetime = $expires_in;
101 return new Auth_OpenID_Association($handle, $secret,
102 $issued, $lifetime, $assoc_type);
103 }
Auth_OpenID_Association\Auth_OpenID_Association
Auth_OpenID_Association( $handle, $secret, $issued, $lifetime, $assoc_type)
This is the standard constructor for creating an association.
Definition: Association.php:131

References Auth_OpenID_Association().

Referenced by Auth_OpenID_GenericConsumer\_extractAssociation(), and Auth_OpenID_Signatory\createAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getExpiresIn()

Auth_OpenID_Association::getExpiresIn (   $now = null)

This returns the number of seconds this association is still valid for, or 0 if the association is no longer valid.

Returns
integer $seconds The number of seconds this association is still valid for, or 0 if the association is no longer valid.

Definition at line 154 of file Association.php.

155 {
156 if ($now == null) {
157 $now = time();
158 }
159
160 return max(0, $this->issued + $this->lifetime - $now);
161 }

◆ getMessageSignature()

Auth_OpenID_Association::getMessageSignature (   $message)

Given an Auth_OpenID_Message, return the signature for the signed list in the message.

@access private

Definition at line 355 of file Association.php.

356 {
357 $pairs = $this->_makePairs($message);
358 return base64_encode($this->sign($pairs));
359 }
Auth_OpenID_Association\_makePairs
_makePairs($message)
Given a Auth_OpenID_Message, return the key/value pairs to be signed according to the signed list in ...
Definition: Association.php:330
Auth_OpenID_Association\sign
sign($pairs)
Generate a signature for a sequence of (key, value) pairs.
Definition: Association.php:263

References _makePairs(), and sign().

Referenced by checkMessageSignature(), and signMessage().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ serialize()

Auth_OpenID_Association::serialize ( )

Convert an association to KV form.

Returns
string $result String in KV form suitable for deserialization by deserialize.

Definition at line 186 of file Association.php.

187 {
188 $data = array(
189 'version' => '2',
190 'handle' => $this->handle,
191 'secret' => base64_encode($this->secret),
192 'issued' => strval(intval($this->issued)),
193 'lifetime' => strval(intval($this->lifetime)),
194 'assoc_type' => $this->assoc_type
195 );
196
197 assert(array_keys($data) == $this->assoc_keys);
198
199 return Auth_OpenID_KVForm::fromArray($data, $strict = true);
200 }
Auth_OpenID_KVForm\fromArray
static fromArray($values)
Convert an array into an OpenID colon/newline separated string.
Definition: KVForm.php:81

References $data, and Auth_OpenID_KVForm\fromArray().

+ Here is the call graph for this function:

◆ sign()

Auth_OpenID_Association::sign (   $pairs)

Generate a signature for a sequence of (key, value) pairs.

@access private

Parameters
array$pairsThe pairs to sign, in order. This is an array of two-tuples.
Returns
string $signature The binary signature of this sequence of pairs

Definition at line 263 of file Association.php.

264 {
265 $kv = Auth_OpenID_KVForm::fromArray($pairs);
266
267 /* Invalid association types should be caught at constructor */
268 $callback = $this->_macs[$this->assoc_type];
269
270 return call_user_func_array($callback, array($this->secret, $kv));
271 }

References Auth_OpenID_KVForm\fromArray().

Referenced by getMessageSignature().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ signMessage()

Auth_OpenID_Association::signMessage (   $message)

Generate a signature for some fields in a dictionary.

@access private

Parameters
array$fieldsThe fields to sign, in order; this is an array of strings.
array$dataDictionary of values to sign (an array of string => string pairs).
Returns
string $signature The signature, base64 encoded

Definition at line 283 of file Association.php.

284 {
285 if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') ||
286 $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) {
287 // Already has a sig
288 return null;
289 }
290
291 $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS,
292 'assoc_handle');
293
294 if ($extant_handle && ($extant_handle != $this->handle)) {
295 // raise ValueError("Message has a different association handle")
296 return null;
297 }
298
299 $signed_message = $message;
300 $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
301 $this->handle);
302
303 $message_keys = array_keys($signed_message->toPostArgs());
304 $signed_list = array();
305 $signed_prefix = 'openid.';
306
307 foreach ($message_keys as $k) {
308 if (strpos($k, $signed_prefix) === 0) {
309 $signed_list[] = substr($k, strlen($signed_prefix));
310 }
311 }
312
313 $signed_list[] = 'signed';
314 sort($signed_list);
315
316 $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed',
317 implode(',', $signed_list));
318 $sig = $this->getMessageSignature($signed_message);
319 $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig);
320 return $signed_message;
321 }

References Auth_OpenID_OPENID_NS, and getMessageSignature().

+ Here is the call graph for this function:

Field Documentation

◆ $_macs

Auth_OpenID_Association::$_macs
Initial value:
= array(
'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1',
'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256'
)

Definition at line 67 of file Association.php.

◆ $assoc_keys

Auth_OpenID_Association::$assoc_keys
Initial value:
= array(
'version',
'handle',
'secret',
'issued',
'lifetime',
'assoc_type'
)

The ordering and name of keys as stored by serialize.

@access private

Definition at line 58 of file Association.php.

◆ $SIG_LENGTH

Auth_OpenID_Association::$SIG_LENGTH = 20

This is a HMAC-SHA1 specific value.

@access private

Definition at line 51 of file Association.php.

The documentation for this class was generated from the following file: