Source code for file /openid/Auth/OpenID/Association.php
Documentation is available at Association.php
* This module contains code for dealing with associations between
* LICENSE: See the COPYING file included in this distribution.
* @copyright 2005 Janrain, Inc.
* @license http://www.gnu.org/copyleft/lesser.html LGPL
require_once 'Auth/OpenID/CryptUtil.php';
require_once 'Auth/OpenID/KVForm.php';
* This class represents an association between a server and a
* consumer. In general, users of this library will never see
* instances of this object. The only exception is if you implement a
* custom {@link Auth_OpenID_OpenIDStore}.
* If you do implement such a store, it will need to store the values
* of the handle, secret, issued, lifetime, and assoc_type instance
* This is a HMAC-SHA1 specific value.
* The ordering and name of keys as stored by serialize.
* This is an alternate constructor (factory method) used by the
* OpenID consumer library to create associations. OpenID store
* implementations shouldn't use this constructor.
* @param integer $expires_in This is the amount of time this
* association is good for, measured in seconds since the
* association was issued.
* @param string $handle This is the handle the server gave this
* @param string secret This is the shared secret the server
* generated for this association.
* @param assoc_type This is the type of association this
* instance represents. The only valid value of this field at
* this time is 'HMAC-SHA1', but new types may be defined in the
* @return association An {@link Auth_OpenID_Association}
function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
$issued, $lifetime, $assoc_type);
* This is the standard constructor for creating an association.
* The library should create all of the necessary associations, so
* this constructor is not part of the external API.
* @param string $handle This is the handle the server gave this
* @param string $secret This is the shared secret the server
* generated for this association.
* @param integer $issued This is the time this association was
* issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a
* @param integer $lifetime This is the amount of time this
* association is good for, measured in seconds since the
* association was issued.
* @param string $assoc_type This is the type of association this
* instance represents. The only valid value of this field at
* this time is 'HMAC-SHA1', but new types may be defined in the
function Auth_OpenID_Association(
$handle, $secret, $issued, $lifetime, $assoc_type)
if ($assoc_type !=
'HMAC-SHA1') {
$fmt =
'HMAC-SHA1 is the only supported association type (got %s)';
$this->lifetime =
$lifetime;
$this->assoc_type =
$assoc_type;
* This returns the number of seconds this association is still
* valid for, or 0 if the association is no longer valid.
* @return integer $seconds The number of seconds this association
* is still valid for, or 0 if the association is no longer valid.
return max(0, $this->issued +
$this->lifetime -
$now);
* This checks to see if two {@link Auth_OpenID_Association}
* instances represent the same association.
* @return bool $result true if the two instances represent the
* same association, false otherwise.
&&
($this->handle ==
$other->handle)
&&
($this->secret ==
$other->secret)
&&
($this->issued ==
$other->issued)
&&
($this->lifetime ==
$other->lifetime)
&&
($this->assoc_type ==
$other->assoc_type));
* Convert an association to KV form.
* @return string $result String in KV form suitable for
* deserialization by deserialize.
'handle' =>
$this->handle,
'assoc_type' =>
$this->assoc_type
* Parse an association as stored by serialize(). This is the
* @param string $assoc_s Association as serialized by serialize()
* @return Auth_OpenID_Association $result instance of this class
foreach ($pairs as $key =>
$value) {
list
($key, $value) =
$value;
$class_assoc_keys =
$class_vars['assoc_keys'];
if ($keys !=
$class_assoc_keys) {
$version =
$pairs['version'];
$handle =
$pairs['handle'];
$secret =
$pairs['secret'];
$issued =
$pairs['issued'];
$lifetime =
$pairs['lifetime'];
$assoc_type =
$pairs['assoc_type'];
$lifetime =
intval($lifetime);
$handle, $secret, $issued, $lifetime, $assoc_type);
* Generate a signature for a sequence of (key, value) pairs
* @param array $pairs The pairs to sign, in order. This is an
* @return string $signature The binary signature of this sequence
return Auth_OpenID_HMACSHA1($this->secret, $kv);
* Generate a signature for some fields in a dictionary
* @param array $fields The fields to sign, in order; this is an
* @param array $data Dictionary of values to sign (an array of
* string => string pairs).
* @return string $signature The signature, base64 encoded
function signDict($fields, $data, $prefix =
'openid.')
foreach ($fields as $field) {
$pairs[] =
array($field, $data[$prefix .
$field]);
* Add a signature to an array of fields
function addSignature($fields, &$data, $prefix =
'openid.')
$sig =
$this->signDict($fields, $data, $prefix);
$data[$prefix .
'sig'] =
$sig;
$data[$prefix .
'signed'] =
$signed;
* Confirm that the signature of these fields matches the
* signature contained in the data
function checkSignature($data, $prefix =
'openid.')
$signed =
$data[$prefix .
'signed'];
$expected_sig =
$this->signDict($fields, $data, $prefix);
$request_sig =
$data[$prefix .
'sig'];
return ($request_sig ==
$expected_sig);