Auth_OpenID_Signatory Class Reference

Collaboration diagram for Auth_OpenID_Signatory:

Public Member Functions
	Auth_OpenID_Signatory ($store)
	Create a new signatory using a given store. More...
	verify ($assoc_handle, $message)
	Verify, using a given association handle, a signature with signed key-value pairs from an HTTP request. More...
	sign ($response)
	Given a response, sign the fields in the response's 'signed' list, and insert the signature into the response. More...
	createAssociation ($dumb=true, $assoc_type='HMAC-SHA1')
	Make a new association. More...
	getAssociation ($assoc_handle, $dumb, $check_expiration=true)
	Given an association handle, get the association from the store, or return a ServerError or null if something goes wrong. More...
	invalidate ($assoc_handle, $dumb)
	Invalidate a given association handle. More...

Data Fields
	$SECRET_LIFETIME = 1209600
	$normal_key = 'http://localhost/|normal'
	$dumb_key = 'http://localhost/|dumb'

Detailed Description

Definition at line 1299 of file Server.php.

Member Function Documentation

Auth_OpenID_Signatory()

Auth_OpenID_Signatory::Auth_OpenID_Signatory

(

$store

)

Create a new signatory using a given store.

Definition at line 1314 of file Server.php.

    {
        // assert store is not None
        $this->store = $store;
    }

createAssociation()

Auth_OpenID_Signatory::createAssociation	(		$dumb = true,
			$assoc_type = 'HMAC-SHA1'
	)

Make a new association.

Definition at line 1373 of file Server.php.

References Auth_OpenID_getSecretSize(), Auth_OpenID_Association\fromExpiresIn(), and Auth_OpenID_CryptUtil\getBytes().

    {
        $secret = Auth_OpenID_CryptUtil::getBytes(
                    Auth_OpenID_getSecretSize($assoc_type));

        $uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4));
        $handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq);

        $assoc = Auth_OpenID_Association::fromExpiresIn(
                      $this->SECRET_LIFETIME, $handle, $secret, $assoc_type);

        if ($dumb) {
            $key = $this->dumb_key;
        } else {
            $key = $this->normal_key;
        }

        $this->store->storeAssociation($key, $assoc);
        return $assoc;
    }

Here is the call graph for this function:

getAssociation()

Auth_OpenID_Signatory::getAssociation	(		$assoc_handle,
			$dumb,
			$check_expiration = true
	)

Given an association handle, get the association from the store, or return a ServerError or null if something goes wrong.

Definition at line 1398 of file Server.php.

References Auth_OpenID_ServerError\Auth_OpenID_ServerError().

    {
        if ($assoc_handle === null) {
            return new Auth_OpenID_ServerError(null,
                                     "assoc_handle must not be null");
        }

        if ($dumb) {
            $key = $this->dumb_key;
        } else {
            $key = $this->normal_key;
        }

        $assoc = $this->store->getAssociation($key, $assoc_handle);

        if (($assoc !== null) && ($assoc->getExpiresIn() <= 0)) {
            if ($check_expiration) {
                $this->store->removeAssociation($key, $assoc_handle);
                $assoc = null;
            }
        }

        return $assoc;
    }

Here is the call graph for this function:

invalidate()

Auth_OpenID_Signatory::invalidate	(		$assoc_handle,
			$dumb
	)

Invalidate a given association handle.

Definition at line 1426 of file Server.php.

    {
        if ($dumb) {
            $key = $this->dumb_key;
        } else {
            $key = $this->normal_key;
        }
        $this->store->removeAssociation($key, $assoc_handle);
    }

sign()

Auth_OpenID_Signatory::sign

(

$response

)

Given a response, sign the fields in the response's 'signed' list, and insert the signature into the response.

Definition at line 1340 of file Server.php.

References Auth_OpenID_OPENID_NS.

    {
        $signed_response = $response;
        $assoc_handle = $response->request->assoc_handle;

        if ($assoc_handle) {
            // normal mode
            $assoc = $this->getAssociation($assoc_handle, false, false);
            if (!$assoc || ($assoc->getExpiresIn() <= 0)) {
                // fall back to dumb mode
                $signed_response->fields->setArg(Auth_OpenID_OPENID_NS,
                             'invalidate_handle', $assoc_handle);
                $assoc_type = ($assoc ? $assoc->assoc_type : 'HMAC-SHA1');

                if ($assoc && ($assoc->getExpiresIn() <= 0)) {
                    $this->invalidate($assoc_handle, false);
                }

                $assoc = $this->createAssociation(true, $assoc_type);
            }
        } else {
            // dumb mode.
            $assoc = $this->createAssociation(true);
        }

        $signed_response->fields = $assoc->signMessage(
                                      $signed_response->fields);
        return $signed_response;
    }

verify()

Auth_OpenID_Signatory::verify	(		$assoc_handle,
			$message
	)

Verify, using a given association handle, a signature with signed key-value pairs from an HTTP request.

Definition at line 1324 of file Server.php.

    {
        $assoc = $this->getAssociation($assoc_handle, true);
        if (!$assoc) {
            // oidutil.log("failed to get assoc with handle %r to verify sig %r"
            //             % (assoc_handle, sig))
            return false;
        }

        return $assoc->checkMessageSignature($message);
    }

Field Documentation

$dumb_key

Auth_OpenID_Signatory::$dumb_key = 'http://localhost/|dumb'

Definition at line 1309 of file Server.php.

$normal_key

Auth_OpenID_Signatory::$normal_key = 'http://localhost/|normal'

Definition at line 1308 of file Server.php.

$SECRET_LIFETIME

Auth_OpenID_Signatory::$SECRET_LIFETIME = 1209600

Definition at line 1302 of file Server.php.

---

The documentation for this class was generated from the following file:

• Services/OpenId/lib/Auth/OpenID/Server.php