📄 consumer.php
字号:
* On success returns HTTP response without headers, false on failure. * * @param string $url OpenID server url * @param string $method HTTP request method 'GET' or 'POST' * @param array $params additional qwery parameters to be passed with * request * @return mixed */ protected function _httpRequest($url, $method = 'GET', array $params = array()) { $client = $this->_httpClient; if ($client === null) { $client = new Zend_Http_Client( $url, array( 'maxredirects' => 4, 'timeout' => 15, 'useragent' => 'Zend_OpenId' ) ); } else { $client->setUri($url); } $client->resetParameters(); if ($method == 'POST') { $client->setMethod(Zend_Http_Client::POST); $client->setParameterPost($params); } else { $client->setMethod(Zend_Http_Client::GET); $client->setParameterGet($params); } try { $response = $client->request(); } catch (Exception $e) { return false; } if ($response->getStatus() == 200) { return $response->getBody(); }else{ return false; } } /** * Create (or reuse existing) association between OpenID consumer and * OpenID server based on Diffie-Hellman key agreement. Returns true * on success and false on failure. * * @param string $url OpenID server url * @param float $version OpenID protocol version * @param string $priv_key for testing only * @return bool */ protected function _associate($url, $version, $priv_key=null) { /* Check if we already have association in chace or storage */ if ($this->_getAssociation( $url, $handle, $macFunc, $secret, $expires)) { return true; } if ($this->_dumbMode) { /* Use dumb mode */ return true; } $params = array(); if ($version >= 2.0) { $params = array( 'openid.ns' => Zend_OpenId::NS_2_0, 'openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA256', 'openid.session_type' => 'DH-SHA256', ); } else { $params = array( 'openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', ); } $dh = Zend_OpenId::createDhKey(pack('H*', Zend_OpenId::DH_P), pack('H*', Zend_OpenId::DH_G), $priv_key); $dh_details = Zend_OpenId::getDhKeyDetails($dh); $params['openid.dh_modulus'] = base64_encode( Zend_OpenId::btwoc($dh_details['p'])); $params['openid.dh_gen'] = base64_encode( Zend_OpenId::btwoc($dh_details['g'])); $params['openid.dh_consumer_public'] = base64_encode( Zend_OpenId::btwoc($dh_details['pub_key'])); $ret = $this->_httpRequest($url, 'POST', $params); if ($ret === false) { return false; } $r = array(); foreach(explode("\n", $ret) as $line) { $line = trim($line); if (!empty($line)) { $x = explode(':', $line, 2); if (is_array($x) && count($x) == 2) { list($key, $value) = $x; $r[trim($key)] = trim($value); } } } $ret = $r; if ($version >= 2.0 && isset($ret['ns']) && $ret['ns'] != Zend_OpenId::NS_2_0) { return false; } if (!isset($ret['assoc_handle']) || !isset($ret['expires_in']) || !isset($ret['assoc_type']) || $params['openid.assoc_type'] != $ret['assoc_type']) { return false; } $handle = $ret['assoc_handle']; $expiresIn = $ret['expires_in']; if ($ret['assoc_type'] == 'HMAC-SHA1') { $macFunc = 'sha1'; } else if ($ret['assoc_type'] == 'HMAC-SHA256' && $version >= 2.0) { $macFunc = 'sha256'; } else { return false; } if ((empty($ret['session_type']) || ($version >= 2.0 && $ret['session_type'] == 'no-encryption')) && isset($ret['mac_key'])) { $secret = base64_decode($ret['mac_key']); } else if (isset($ret['session_type']) && $ret['session_type'] == 'DH-SHA1' && !empty($ret['dh_server_public']) && !empty($ret['enc_mac_key'])) { $dhFunc = 'sha1'; } else if (isset($ret['session_type']) && $ret['session_type'] == 'DH-SHA256' && $version >= 2.0 && !empty($ret['dh_server_public']) && !empty($ret['enc_mac_key'])) { $dhFunc = 'sha256'; } else { return false; } if (isset($dhFunc)) { $serverPub = base64_decode($ret['dh_server_public']); $dhSec = Zend_OpenId::computeDhSecret($serverPub, $dh); if ($dhSec === false) { return false; } $sec = Zend_OpenId::digest($dhFunc, $dhSec); if ($sec === false) { return false; } $secret = $sec ^ base64_decode($ret['enc_mac_key']); } if ($macFunc == 'sha1') { if (strlen($secret) != 20) { return false; } } else if ($macFunc == 'sha256') { if (strlen($secret) != 32) { return false; } } $this->_addAssociation( $url, $handle, $macFunc, $secret, time() + $expiresIn); return true; } /** * Performs discovery of identity and finds OpenID URL, OpenID server URL * and OpenID protocol version. Returns true on succees and false on * failure. * * @param string &$id OpenID identity URL * @param string &$server OpenID server URL * @param float &$version OpenID protocol version * @return bool * @todo OpenID 2.0 (7.3) XRI and Yadis discovery */ protected function _discovery(&$id, &$server, &$version) { $realId = $id; if ($this->_storage->getDiscoveryInfo( $id, $realId, $server, $version, $expire)) { $id = $realId; return true; } /* TODO: OpenID 2.0 (7.3) XRI and Yadis discovery */ /* HTML-based discovery */ $response = $this->_httpRequest($id); if (!is_string($response)) { return false; } if (preg_match( '/<link[^>]*rel=(["\'])openid2.provider\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i', $response, $r)) { $version = 2.0; $server = $r[3]; } else if (preg_match( '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])openid2.provider\\3[^>]*\/?>/i', $response, $r)) { $version = 2.0; $server = $r[2]; } else if (preg_match( '/<link[^>]*rel=(["\'])openid.server\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i', $response, $r)) { $version = 1.1; $server = $r[3]; } else if (preg_match( '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])openid.server\\3[^>]*\/?>/i', $response, $r)) { $version = 1.1; $server = $r[2]; } else { return false; } if ($version >= 2.0) { if (preg_match( '/<link[^>]*rel=(["\'])openid2.local_id\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i', $response, $r)) { $realId = $r[3]; } else if (preg_match( '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])openid2.local_id\\3[^>]*\/?>/i', $response, $r)) { $realId = $r[2]; } } else { if (preg_match( '/<link[^>]*rel=(["\'])openid.delegate\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i', $response, $r)) { $realId = $r[3]; } else if (preg_match( '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])openid.delegate\\3[^>]*\/?>/i', $response, $r)) { $realId = $r[2]; } } $expire = time() + 60 * 60; $this->_storage->addDiscoveryInfo($id, $realId, $server, $version, $expire); $id = $realId; return true; } /** * Performs check of OpenID identity. * * This is the first step of OpenID authentication process. * On success the function does not return (it does HTTP redirection to * server and exits). On failure it returns false. * * @param bool $immediate enables or disables interaction with user * @param string $id OpenID identity * @param string $returnTo HTTP URL to redirect response from server to * @param string $root HTTP URL to identify consumer on server * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ protected function _checkId($immediate, $id, $returnTo=null, $root=null, $extensions=null, Zend_Controller_Response_Abstract $response = null) { if (!Zend_OpenId::normalize($id)) { return false; } $claimedId = $id; if (!$this->_discovery($id, $server, $version)) { return false; } if (!$this->_associate($server, $version)) { return false; } if (!$this->_getAssociation( $server, $handle, $macFunc, $secret, $expires)) { /* Use dumb mode */ unset($handle); unset($macFunc); unset($secret); unset($expires); } $params = array(); if ($version >= 2.0) { $params['openid.ns'] = Zend_OpenId::NS_2_0; } $params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup'; $params['openid.identity'] = $id; $params['openid.claimed_id'] = $claimedId; if (isset($handle)) { $params['openid.assoc_handle'] = $handle; } $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo); if (empty($root)) { $root = Zend_OpenId::selfUrl(); if ($root[strlen($root)-1] != '/') { $root = dirname($root); } } if ($version >= 2.0) { $params['openid.realm'] = $root; } else { $params['openid.trust_root'] = $root; } if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) { return false; } Zend_OpenId::redirect($server, $params, $response); return true; } /** * Sets HTTP client object to make HTTP requests * * @param Zend_Http_Client $client HTTP client object to be used */ public function setHttpClient($client) { $this->_httpClient = $client; } /** * Returns HTTP client object that will be used to make HTTP requests * * @return Zend_Http_Client */ public function getHttpClient() { return $this->_httpClient; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -