📄 server.php
字号:
* An object that knows how to handle association requests with no * session type. */ var $session_type = 'no-encryption'; var $needs_math = false; var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); function fromMessage($unused_request) { return new Auth_OpenID_PlainTextServerSession(); } function answer($secret) { return array('mac_key' => base64_encode($secret)); }}/** * A class implementing DH-SHA1 server sessions. * * @package OpenID */class Auth_OpenID_DiffieHellmanSHA1ServerSession { /** * An object that knows how to handle association requests with * the Diffie-Hellman session type. */ var $session_type = 'DH-SHA1'; var $needs_math = true; var $allowed_assoc_types = array('HMAC-SHA1'); var $hash_func = 'Auth_OpenID_SHA1'; function Auth_OpenID_DiffieHellmanSHA1ServerSession($dh, $consumer_pubkey) { $this->dh = $dh; $this->consumer_pubkey = $consumer_pubkey; } function getDH($message) { $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus'); $dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen'); if ((($dh_modulus === null) && ($dh_gen !== null)) || (($dh_gen === null) && ($dh_modulus !== null))) { if ($dh_modulus === null) { $missing = 'modulus'; } else { $missing = 'generator'; } return new Auth_OpenID_ServerError($message, 'If non-default modulus or generator is '. 'supplied, both must be supplied. Missing '. $missing); } $lib =& Auth_OpenID_getMathLib(); if ($dh_modulus || $dh_gen) { $dh_modulus = $lib->base64ToLong($dh_modulus); $dh_gen = $lib->base64ToLong($dh_gen); if ($lib->cmp($dh_modulus, 0) == 0 || $lib->cmp($dh_gen, 0) == 0) { return new Auth_OpenID_ServerError( $message, "Failed to parse dh_mod or dh_gen"); } $dh = new Auth_OpenID_DiffieHellman($dh_modulus, $dh_gen); } else { $dh = new Auth_OpenID_DiffieHellman(); } $consumer_pubkey = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_consumer_public'); if ($consumer_pubkey === null) { return new Auth_OpenID_ServerError($message, 'Public key for DH-SHA1 session '. 'not found in query'); } $consumer_pubkey = $lib->base64ToLong($consumer_pubkey); if ($consumer_pubkey === false) { return new Auth_OpenID_ServerError($message, "dh_consumer_public is not base64"); } return array($dh, $consumer_pubkey); } function fromMessage($message) { $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message); if (is_a($result, 'Auth_OpenID_ServerError')) { return $result; } else { list($dh, $consumer_pubkey) = $result; return new Auth_OpenID_DiffieHellmanSHA1ServerSession($dh, $consumer_pubkey); } } function answer($secret) { $lib =& Auth_OpenID_getMathLib(); $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret, $this->hash_func); return array( 'dh_server_public' => $lib->longToBase64($this->dh->public), 'enc_mac_key' => base64_encode($mac_key)); }}/** * A class implementing DH-SHA256 server sessions. * * @package OpenID */class Auth_OpenID_DiffieHellmanSHA256ServerSession extends Auth_OpenID_DiffieHellmanSHA1ServerSession { var $session_type = 'DH-SHA256'; var $hash_func = 'Auth_OpenID_SHA256'; var $allowed_assoc_types = array('HMAC-SHA256'); function fromMessage($message) { $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message); if (is_a($result, 'Auth_OpenID_ServerError')) { return $result; } else { list($dh, $consumer_pubkey) = $result; return new Auth_OpenID_DiffieHellmanSHA256ServerSession($dh, $consumer_pubkey); } }}/** * A request to associate with the server. * * @package OpenID */class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { var $mode = "associate"; function getSessionClasses() { return array( 'no-encryption' => 'Auth_OpenID_PlainTextServerSession', 'DH-SHA1' => 'Auth_OpenID_DiffieHellmanSHA1ServerSession', 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession'); } function Auth_OpenID_AssociateRequest(&$session, $assoc_type) { $this->session =& $session; $this->namespace = Auth_OpenID_OPENID2_NS; $this->assoc_type = $assoc_type; } function fromMessage($message, $server=null) { if ($message->isOpenID1()) { $session_type = $message->getArg(Auth_OpenID_OPENID1_NS, 'session_type'); if ($session_type == 'no-encryption') { // oidutil.log('Received OpenID 1 request with a no-encryption ' // 'assocaition session type. Continuing anyway.') } else if (!$session_type) { $session_type = 'no-encryption'; } } else { $session_type = $message->getArg(Auth_OpenID_OPENID2_NS, 'session_type'); if ($session_type === null) { return new Auth_OpenID_ServerError($message, "session_type missing from request"); } } $session_class = Auth_OpenID::arrayGet( Auth_OpenID_AssociateRequest::getSessionClasses(), $session_type); if ($session_class === null) { return new Auth_OpenID_ServerError($message, "Unknown session type " . $session_type); } $session = call_user_func(array($session_class, 'fromMessage'), $message); if (is_a($session, 'Auth_OpenID_ServerError')) { return $session; } $assoc_type = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1'); if (!in_array($assoc_type, $session->allowed_assoc_types)) { $fmt = "Session type %s does not support association type %s"; return new Auth_OpenID_ServerError($message, sprintf($fmt, $session_type, $assoc_type)); } $obj = new Auth_OpenID_AssociateRequest($session, $assoc_type); $obj->message = $message; $obj->namespace = $message->getOpenIDNamespace(); return $obj; } function answer($assoc) { $response = new Auth_OpenID_ServerResponse($this); $response->fields->updateArgs(Auth_OpenID_OPENID_NS, array( 'expires_in' => sprintf('%d', $assoc->getExpiresIn()), 'assoc_type' => $this->assoc_type, 'assoc_handle' => $assoc->handle)); $response->fields->updateArgs(Auth_OpenID_OPENID_NS, $this->session->answer($assoc->secret)); if ($this->session->session_type != 'no-encryption') { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'session_type', $this->session->session_type); } return $response; } function answerUnsupported($text_message, $preferred_association_type=null, $preferred_session_type=null) { if ($this->message->isOpenID1()) { return new Auth_OpenID_ServerError($this->message); } $response = new Auth_OpenID_ServerResponse($this); $response->fields->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); $response->fields->setArg(Auth_OpenID_OPENID_NS, 'error', $text_message); if ($preferred_association_type) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', $preferred_association_type); } if ($preferred_session_type) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'session_type', $preferred_session_type); } return $response; }}/** * A request to confirm the identity of a user. * * @package OpenID */class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { /** * Return-to verification callback. Default is * Auth_OpenID_verifyReturnTo from TrustRoot.php. */ var $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'; /** * The mode of this request. */ var $mode = "checkid_setup"; // or "checkid_immediate" /** * Whether this request is for immediate mode. */ var $immediate = false; /** * The trust_root value for this request. */ var $trust_root = null; function make(&$message, $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null) { if ($server === null) { return new Auth_OpenID_ServerError($message, "server must not be null"); } if ($return_to && !Auth_OpenID_TrustRoot::_parse($return_to)) { return new Auth_OpenID_MalformedReturnURL($message, $return_to); } $r = new Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root, $immediate, $assoc_handle, $server); $r->namespace = $message->getOpenIDNamespace(); $r->message =& $message; if (!$r->trustRootValid()) { return new Auth_OpenID_UntrustedReturnURL($message, $return_to, $trust_root); } else { return $r; } } function Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null) { $this->namespace = Auth_OpenID_OPENID2_NS; $this->assoc_handle = $assoc_handle; $this->identity = $identity; $this->claimed_id = $identity; $this->return_to = $return_to; $this->trust_root = $trust_root; $this->server =& $server; if ($immediate) { $this->immediate = true; $this->mode = "checkid_immediate"; } else { $this->immediate = false; $this->mode = "checkid_setup"; } } function equals($other) { return ( (is_a($other, 'Auth_OpenID_CheckIDRequest')) && ($this->namespace == $other->namespace) && ($this->assoc_handle == $other->assoc_handle) && ($this->identity == $other->identity) && ($this->claimed_id == $other->claimed_id) && ($this->return_to == $other->return_to) && ($this->trust_root == $other->trust_root)); } /* * Does the relying party publish the return_to URL for this * response under the realm? It is up to the provider to set a * policy for what kinds of realms should be allowed. This * return_to URL verification reduces vulnerability to data-theft * attacks based on open proxies, corss-site-scripting, or open * redirectors. * * This check should only be performed after making sure that the * return_to URL matches the realm. * * @return true if the realm publishes a document with the * return_to URL listed, false if not or if discovery fails */ function returnToVerified() { return call_user_func_array($this->verifyReturnTo, array($this->trust_root, $this->return_to)); } function fromMessage(&$message, $server) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); $immediate = null; if ($mode == "checkid_immediate") { $immediate = true; $mode = "checkid_immediate"; } else { $immediate = false; $mode = "checkid_setup"; } $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); $namespace = $message->getOpenIDNamespace(); if (($namespace == Auth_OpenID_OPENID1_NS) && (!$return_to)) { $fmt = "Missing required field 'return_to' from checkid request"; return new Auth_OpenID_ServerError($message, $fmt); } $identity = $message->getArg(Auth_OpenID_OPENID_NS, 'identity'); if ($identity && $message->isOpenID2()) { $claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, 'claimed_id'); if (!$claimed_id) { return new Auth_OpenID_ServerError($message, "OpenID 2.0 message contained openid.identity " . "but not claimed_id"); } } else { $claimed_id = null; } if (($identity === null) && ($namespace == Auth_OpenID_OPENID1_NS)) { return new Auth_OpenID_ServerError($message, "OpenID 1 message did not contain openid.identity"); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -