ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Digest.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Sabre\HTTP\Auth;
4 
5 use Sabre\HTTP\RequestInterface;
6 use Sabre\HTTP\ResponseInterface;
7 
30 class Digest extends AbstractAuth {
31 
35  const QOP_AUTH = 1;
36  const QOP_AUTHINT = 2;
37 
38  protected $nonce;
39  protected $opaque;
40  protected $digestParts;
41  protected $A1;
42  protected $qop = self::QOP_AUTH;
43 
47  function __construct($realm = 'SabreTooth', RequestInterface $request, ResponseInterface $response) {
48 
49  $this->nonce = uniqid();
50  $this->opaque = md5($realm);
51  parent::__construct($realm, $request, $response);
52 
53  }
54 
62  function init() {
63 
64  $digest = $this->getDigest();
65  $this->digestParts = $this->parseDigest($digest);
66 
67  }
68 
85  function setQOP($qop) {
86 
87  $this->qop = $qop;
88 
89  }
90 
99  function validateA1($A1) {
100 
101  $this->A1 = $A1;
102  return $this->validate();
103 
104  }
105 
113  function validatePassword($password) {
114 
115  $this->A1 = md5($this->digestParts['username'] . ':' . $this->realm . ':' . $password);
116  return $this->validate();
117 
118  }
119 
125  function getUsername() {
126 
127  return $this->digestParts['username'];
128 
129  }
130 
136  protected function validate() {
137 
138  $A2 = $this->request->getMethod() . ':' . $this->digestParts['uri'];
139 
140  if ($this->digestParts['qop'] == 'auth-int') {
141  // Making sure we support this qop value
142  if (!($this->qop & self::QOP_AUTHINT)) return false;
143  // We need to add an md5 of the entire request body to the A2 part of the hash
144  $body = $this->request->getBody($asString = true);
145  $this->request->setBody($body);
146  $A2 .= ':' . md5($body);
147  } else {
148 
149  // We need to make sure we support this qop value
150  if (!($this->qop & self::QOP_AUTH)) return false;
151  }
152 
153  $A2 = md5($A2);
154 
155  $validResponse = md5("{$this->A1}:{$this->digestParts['nonce']}:{$this->digestParts['nc']}:{$this->digestParts['cnonce']}:{$this->digestParts['qop']}:{$A2}");
156 
157  return $this->digestParts['response'] == $validResponse;
158 
159 
160  }
161 
169  function requireLogin() {
170 
171  $qop = '';
172  switch ($this->qop) {
173  case self::QOP_AUTH :
174  $qop = 'auth';
175  break;
176  case self::QOP_AUTHINT :
177  $qop = 'auth-int';
178  break;
179  case self::QOP_AUTH | self::QOP_AUTHINT :
180  $qop = 'auth,auth-int';
181  break;
182  }
183 
184  $this->response->addHeader('WWW-Authenticate', 'Digest realm="' . $this->realm . '",qop="' . $qop . '",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"');
185  $this->response->setStatus(401);
186 
187  }
188 
189 
199  function getDigest() {
200 
201  return $this->request->getHeader('Authorization');
202 
203  }
204 
205 
214  protected function parseDigest($digest) {
215 
216  // protect against missing data
217  $needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1];
218  $data = [];
219 
220  preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER);
221 
222  foreach ($matches as $m) {
223  $data[$m[1]] = $m[2] ? $m[2] : $m[3];
224  unset($needed_parts[$m[1]]);
225  }
226 
227  return $needed_parts ? false : $data;
228 
229  }
230 
231 }
Sabre\HTTP\ResponseInterface
This interface represents a HTTP response.
Definition: ResponseInterface.php:12
Sabre\HTTP\RequestInterface
The RequestInterface represents a HTTP request.
Definition: RequestInterface.php:12
Sabre\HTTP\Auth\Digest\setQOP
setQOP($qop)
Sets the quality of protection value.
Definition: Digest.php:85
Sabre\HTTP\Auth\Digest\__construct
__construct($realm='SabreTooth', RequestInterface $request, ResponseInterface $response)
Initializes the object.
Definition: Digest.php:47
Sabre\HTTP\Auth\Digest\validateA1
validateA1($A1)
Validates the user.
Definition: Digest.php:99
$m
$m
Definition: show_metadata.php:25
Sabre\HTTP\Auth\Digest\QOP_AUTH
const QOP_AUTH
These constants are used in setQOP();.
Definition: Digest.php:35
Sabre\HTTP\Auth\Digest\requireLogin
requireLogin()
Returns an HTTP 401 header, forcing login.
Definition: Digest.php:169
Sabre\HTTP\Auth\Digest\getDigest
getDigest()
This method returns the full digest string.
Definition: Digest.php:199
Sabre\HTTP\Auth\AbstractAuth
HTTP Authentication base class.
Definition: AbstractAuth.php:17
Sabre\HTTP\Auth\Digest
HTTP Digest Authentication handler.
Definition: Digest.php:30
$password
$password
Definition: cron.php:14
Sabre\HTTP\Auth\Digest\init
init()
Gathers all information from the headers.
Definition: Digest.php:62
Sabre\HTTP\Auth\Digest\parseDigest
parseDigest($digest)
Parses the different pieces of the digest string into an array.
Definition: Digest.php:214
Sabre\HTTP\Auth\Digest\validate
validate()
Validates the digest challenge.
Definition: Digest.php:136
Sabre\HTTP\Auth\Digest\validatePassword
validatePassword($password)
Validates authentication through a password.
Definition: Digest.php:113
$data
$data
Definition: bench.php:6
Sabre\HTTP\Auth\Digest\getUsername
getUsername()
Returns the username for the request.
Definition: Digest.php:125