📄 provider.php
字号:
if ($func == 'sha1') { $macLen = 20; /* 160 bit */ } else if ($func == 'sha256') { $macLen = 32; /* 256 bit */ } else { return false; } return Zend_OpenId::randomBytes($macLen); } /** * Processes association request from OpenID consumerm generates secret * shared key and send it back using Diffie-Hellman encruption. * Returns array of variables to push back to consumer. * * @param float $version OpenID version * @param array $params GET or POST request variables * @return array */ protected function _associate($version, $params) { $ret = array(); if ($version >= 2.0) { $ret['ns'] = Zend_OpenId::NS_2_0; } if (isset($params['openid_assoc_type']) && $params['openid_assoc_type'] == 'HMAC-SHA1') { $macFunc = 'sha1'; } else if (isset($params['openid_assoc_type']) && $params['openid_assoc_type'] == 'HMAC-SHA256' && $version >= 2.0) { $macFunc = 'sha256'; } else { $ret['error'] = 'Wrong "openid.assoc_type"'; $ret['error-code'] = 'unsupported-type'; return $ret; } $ret['assoc_type'] = $params['openid_assoc_type']; $secret = $this->_genSecret($macFunc); if (empty($params['openid_session_type']) || $params['openid_session_type'] == 'no-encryption') { $ret['mac_key'] = base64_encode($secret); } else if (isset($params['openid_session_type']) && $params['openid_session_type'] == 'DH-SHA1' && !empty($params['openid_dh_modulus']) && !empty($params['openid_dh_gen']) && !empty($params['openid_dh_consumer_public'])) { $dhFunc = 'sha1'; } else if (isset($params['openid_session_type']) && $params['openid_session_type'] == 'DH-SHA256' && $version >= 2.0 && !empty($params['openid_dh_modulus']) && !empty($params['openid_dh_gen']) && !empty($params['openid_dh_consumer_public'])) { $dhFunc = 'sha256'; } else { $ret['error'] = 'Wrong "openid.session_type"'; $ret['error-code'] = 'unsupported-type'; return $ret; } if (isset($params['openid_session_type'])) { $ret['session_type'] = $params['openid_session_type']; } if (isset($dhFunc)) { $dh = Zend_OpenId::createDhKey( base64_decode($params['openid_dh_modulus']), base64_decode($params['openid_dh_gen'])); $dh_details = Zend_OpenId::getDhKeyDetails($dh); $sec = Zend_OpenId::computeDhSecret( base64_decode($params['openid_dh_consumer_public']), $dh); if ($sec === false) { $ret['error'] = 'Wrong "openid.session_type"'; $ret['error-code'] = 'unsupported-type'; return $ret; } $sec = Zend_OpenId::digest($dhFunc, $sec); $ret['dh_server_public'] = base64_encode( Zend_OpenId::btwoc($dh_details['pub_key'])); $ret['enc_mac_key'] = base64_encode($secret ^ $sec); } $handle = uniqid(); $expiresIn = $this->_sessionTtl; $ret['assoc_handle'] = $handle; $ret['expires_in'] = $expiresIn; $this->_storage->addAssociation($handle, $macFunc, $secret, time() + $expiresIn); return $ret; } /** * Performs authentication (or authentication check). * * @param float $version OpenID version * @param array $params GET or POST request variables * @param bool $immediate enables or disables interaction with user * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response * @return array */ protected function _checkId($version, $params, $immediate, $extensions=null, Zend_Controller_Response_Abstract $response = null) { $ret = array(); if ($version >= 2.0) { $ret['openid.ns'] = Zend_OpenId::NS_2_0; } $root = $this->getSiteRoot($params); if ($root === false) { return false; } if (isset($params['openid_identity']) && !$this->_storage->hasUser($params['openid_identity'])) { $ret['openid.mode'] = 'cancel'; return $ret; } /* Check if user already logged in into the server */ if (!isset($params['openid_identity']) || $this->_user->getLoggedInUser() !== $params['openid_identity']) { $params2 = array(); foreach ($params as $key => $val) { if (strpos($key, 'openid_ns_') === 0) { $key = 'openid.ns.' . substr($key, strlen('openid_ns_')); } else if (strpos($key, 'openid_sreg_') === 0) { $key = 'openid.sreg.' . substr($key, strlen('openid_sreg_')); } else if (strpos($key, 'openid_') === 0) { $key = 'openid.' . substr($key, strlen('openid_')); } $params2[$key] = $val; } if ($immediate) { $params2['openid.mode'] = 'checkid_setup'; $ret['openid.mode'] = ($version >= 2.0) ? 'setup_needed': 'cancel'; $ret['openid.user_setup_url'] = $this->_loginUrl . (strpos($this->_loginUrl, '?') === false ? '?' : '&') . Zend_OpenId::paramsToQuery($params2); return $ret; } else { /* Redirect to Server Login Screen */ Zend_OpenId::redirect($this->_loginUrl, $params2, $response); return true; } } if (!Zend_OpenId_Extension::forAll($extensions, 'parseRequest', $params)) { $ret['openid.mode'] = 'cancel'; return $ret; } /* Check if user trusts to the consumer */ $trusted = null; $sites = $this->_storage->getTrustedSites($params['openid_identity']); if (isset($params['openid_return_to'])) { $root = $params['openid_return_to']; } if (isset($sites[$root])) { $trusted = $sites[$root]; } else { foreach ($sites as $site => $t) { if (strpos($root, $site) === 0) { $trusted = $t; break; } else { /* OpenID 2.0 (9.2) check for realm wild-card matching */ $n = strpos($site, '://*.'); if ($n != false) { $regex = '/^' . preg_quote(substr($site, 0, $n+3), '/') . '[A-Za-z1-9_\.]+?' . preg_quote(substr($site, $n+4), '/') . '/'; if (preg_match($regex, $root)) { $trusted = $t; break; } } } } } if (is_array($trusted)) { if (!Zend_OpenId_Extension::forAll($extensions, 'checkTrustData', $trusted)) { $trusted = null; } } if ($trusted === false) { $ret['openid.mode'] = 'cancel'; return $ret; } else if (is_null($trusted)) { /* Redirect to Server Trust Screen */ $params2 = array(); foreach ($params as $key => $val) { if (strpos($key, 'openid_ns_') === 0) { $key = 'openid.ns.' . substr($key, strlen('openid_ns_')); } else if (strpos($key, 'openid_sreg_') === 0) { $key = 'openid.sreg.' . substr($key, strlen('openid_sreg_')); } else if (strpos($key, 'openid_') === 0) { $key = 'openid.' . substr($key, strlen('openid_')); } $params2[$key] = $val; } if ($immediate) { $params2['openid.mode'] = 'checkid_setup'; $ret['openid.mode'] = ($version >= 2.0) ? 'setup_needed': 'cancel'; $ret['openid.user_setup_url'] = $this->_trustUrl . (strpos($this->_trustUrl, '?') === false ? '?' : '&') . Zend_OpenId::paramsToQuery($params2); return $ret; } else { Zend_OpenId::redirect($this->_trustUrl, $params2, $response); return true; } } return $this->_respond($version, $ret, $params, $extensions); } /** * Perepares information to send back to consumer's authentication request, * signs it using shared secret and send back through HTTP redirection * * @param array $params GET or POST request variables * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ public function respondToConsumer($params, $extensions=null, Zend_Controller_Response_Abstract $response = null) { $version = 1.1; if (isset($params['openid_ns']) && $params['openid_ns'] == Zend_OpenId::NS_2_0) { $version = 2.0; } $ret = array(); if ($version >= 2.0) { $ret['openid.ns'] = Zend_OpenId::NS_2_0; } $ret = $this->_respond($version, $ret, $params, $extensions); if (!empty($params['openid_return_to'])) { Zend_OpenId::redirect($params['openid_return_to'], $ret, $response); } return true; } /** * Perepares information to send back to consumer's authentication request * and signs it using shared secret. * * @param float $version OpenID protcol version * @param array $ret arguments to be send back to consumer * @param array $params GET or POST request variables * @param mixed $extensions extension object or array of extensions objects * @return array */ protected function _respond($version, $ret, $params, $extensions=null) { if (empty($params['openid_assoc_handle']) || !$this->_storage->getAssociation($params['openid_assoc_handle'], $macFunc, $secret, $expires)) { /* Use dumb mode */ if (!empty($params['openid_assoc_handle'])) { $ret['openid.invalidate_handle'] = $params['openid_assoc_handle']; } $macFunc = $version >= 2.0 ? 'sha256' : 'sha1'; $secret = $this->_genSecret($macFunc); $handle = uniqid(); $expiresIn = $this->_sessionTtl; $this->_storage->addAssociation($handle, $macFunc, $secret, time() + $expiresIn); $ret['openid.assoc_handle'] = $handle; } else { $ret['openid.assoc_handle'] = $params['openid_assoc_handle']; } if (isset($params['openid_return_to'])) { $ret['openid.return_to'] = $params['openid_return_to']; } if (isset($params['openid_claimed_id'])) { $ret['openid.claimed_id'] = $params['openid_claimed_id']; } if (isset($params['openid_identity'])) { $ret['openid.identity'] = $params['openid_identity']; } if ($version >= 2.0) { $ret['openid.op_endpoint'] = Zend_OpenId::selfUrl(); } $ret['openid.response_nonce'] = gmdate('Y-m-d\TH:i:s\Z') . uniqid(); $ret['openid.mode'] = 'id_res'; Zend_OpenId_Extension::forAll($extensions, 'prepareResponse', $ret); $signed = ''; $data = ''; foreach ($ret as $key => $val) { if (strpos($key, 'openid.') === 0) { $key = substr($key, strlen('openid.')); if (!empty($signed)) { $signed .= ','; } $signed .= $key; $data .= $key . ':' . $val . "\n"; } } $signed .= ',signed'; $data .= 'signed:' . $signed . "\n"; $ret['openid.signed'] = $signed; $ret['openid.sig'] = base64_encode( Zend_OpenId::hashHmac($macFunc, $data, $secret)); return $ret; } /** * Performs authentication validation for dumb consumers * Returns array of variables to push back to consumer. * It MUST contain 'is_valid' variable with value 'true' or 'false'. * * @param float $version OpenID version * @param array $params GET or POST request variables * @return array */ protected function _checkAuthentication($version, $params) { $ret = array(); if ($version >= 2.0) { $ret['ns'] = Zend_OpenId::NS_2_0; } $ret['openid.mode'] = 'id_res'; if (empty($params['openid_assoc_handle']) || empty($params['openid_signed']) || empty($params['openid_sig']) || !$this->_storage->getAssociation($params['openid_assoc_handle'], $macFunc, $secret, $expires)) { $ret['is_valid'] = 'false'; return $ret; } $signed = explode(',', $params['openid_signed']); $data = ''; foreach ($signed as $key) { $data .= $key . ':'; if ($key == 'mode') { $data .= "id_res\n"; } else { $data .= $params['openid_' . strtr($key,'.','_')]."\n"; } } if (base64_decode($params['openid_sig']) === Zend_OpenId::hashHmac($macFunc, $data, $secret)) { $ret['is_valid'] = 'true'; } else { $ret['is_valid'] = 'false'; } return $ret; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -