This is an alternate constructor (factory method) used by the
OpenID consumer library to create associations. OpenID store
implementations shouldn't use this constructor.
| static public fromExpiresIn ( integer $expires_in, string $handle, $secret, $assoc_type ) : association | ||
| $expires_in | integer | This is the amount of time this association is good for, measured in seconds since the association was issued. |
| $handle | string | This is the handle the server gave this association. |
| Résultat | association | An {@link Auth_OpenID_Association} instance. |
/**
* Make a new association.
*/
function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1')
{
$secret = Auth_OpenID_CryptUtil::getBytes(
Auth_OpenID_getSecretSize($assoc_type));
$uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4));
$handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq);
$assoc = Auth_OpenID_Association::fromExpiresIn(
$this->SECRET_LIFETIME, $handle, $secret, $assoc_type);
if ($dumb) {
$key = $this->dumb_key;
} else {
$key = $this->normal_key;
}
$this->store->storeAssociation($key, $assoc);
return $assoc;
}
function test_invalidate()
{
$assoc_handle = '-squash-';
$assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1');
$this->store->storeAssociation($this->dumb_key, $assoc);
$assoc = $this->signatory->getAssociation($assoc_handle, true);
$this->assertTrue($assoc);
$assoc = $this->signatory->getAssociation($assoc_handle, true);
$this->assertTrue($assoc);
$this->signatory->invalidate($assoc_handle, true);
$assoc = $this->signatory->getAssociation($assoc_handle, true);
$this->assertFalse($assoc);
}
/**
* @access private
*/
function _extractAssociation($assoc_response, $assoc_session)
{
// Extract the common fields from the response, raising an
// exception if they are not found
$assoc_type = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_type', Auth_OpenID_NO_DEFAULT);
if (Auth_OpenID::isFailure($assoc_type)) {
return $assoc_type;
}
$assoc_handle = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle', Auth_OpenID_NO_DEFAULT);
if (Auth_OpenID::isFailure($assoc_handle)) {
return $assoc_handle;
}
// expires_in is a base-10 string. The Python parsing will
// accept literals that have whitespace around them and will
// accept negative values. Neither of these are really in-spec,
// but we think it's OK to accept them.
$expires_in_str = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'expires_in', Auth_OpenID_NO_DEFAULT);
if (Auth_OpenID::isFailure($expires_in_str)) {
return $expires_in_str;
}
$expires_in = Auth_OpenID::intval($expires_in_str);
if ($expires_in === false) {
$err = sprintf("Could not parse expires_in from association " . "response %s", print_r($assoc_response, true));
return new Auth_OpenID_FailureResponse(null, $err);
}
// OpenID 1 has funny association session behaviour.
if ($assoc_response->isOpenID1()) {
$session_type = $this->_getOpenID1SessionType($assoc_response);
} else {
$session_type = $assoc_response->getArg(Auth_OpenID_OPENID2_NS, 'session_type', Auth_OpenID_NO_DEFAULT);
if (Auth_OpenID::isFailure($session_type)) {
return $session_type;
}
}
// Session type mismatch
if ($assoc_session->session_type != $session_type) {
if ($assoc_response->isOpenID1() && $session_type == 'no-encryption') {
// In OpenID 1, any association request can result in
// a 'no-encryption' association response. Setting
// assoc_session to a new no-encryption session should
// make the rest of this function work properly for
// that case.
$assoc_session = new Auth_OpenID_PlainTextConsumerSession();
} else {
// Any other mismatch, regardless of protocol version
// results in the failure of the association session
// altogether.
return null;
}
}
// Make sure assoc_type is valid for session_type
if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) {
return null;
}
// Delegate to the association session to extract the secret
// from the response, however is appropriate for that session
// type.
$secret = $assoc_session->extractSecret($assoc_response);
if ($secret === null) {
return null;
}
return Auth_OpenID_Association::fromExpiresIn($expires_in, $assoc_handle, $secret, $assoc_type);
}
/**
* @access private
*/
function _parseAssociation($results, $assoc_session, $server_url)
{
$required_keys = array('assoc_type', 'assoc_handle', 'expires_in');
foreach ($required_keys as $key) {
if (!array_key_exists($key, $results)) {
return null;
}
}
$assoc_type = $results['assoc_type'];
$assoc_handle = $results['assoc_handle'];
$expires_in_str = $results['expires_in'];
if ($assoc_type != 'HMAC-SHA1') {
return null;
}
$expires_in = intval($expires_in_str);
if ($expires_in <= 0) {
return null;
}
$session_type = Auth_OpenID::arrayGet($results, 'session_type');
if ($session_type != $assoc_session->session_type) {
if ($session_type === null) {
$assoc_session = new Auth_OpenID_PlainTextConsumerSession();
} else {
return null;
}
}
$secret = $assoc_session->extractSecret($results);
if (!$secret) {
return null;
}
$assoc = Auth_OpenID_Association::fromExpiresIn($expires_in, $assoc_handle, $secret, $assoc_type);
$this->store->storeAssociation($server_url, $assoc);
return $assoc;
}
