This is an alternate constructor (factory method) used by the
OpenID consumer library to create associations. OpenID store
implementations shouldn't use this constructor.
static public fromExpiresIn ( integer $expires_in, string $handle, $secret, $assoc_type ) : association | ||
$expires_in | integer | This is the amount of time this association is good for, measured in seconds since the association was issued. |
$handle | string | This is the handle the server gave this association. |
리턴 | association | An {@link Auth_OpenID_Association} instance. |
/** * Make a new association. */ function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1') { $secret = Auth_OpenID_CryptUtil::getBytes( Auth_OpenID_getSecretSize($assoc_type)); $uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4)); $handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq); $assoc = Auth_OpenID_Association::fromExpiresIn( $this->SECRET_LIFETIME, $handle, $secret, $assoc_type); if ($dumb) { $key = $this->dumb_key; } else { $key = $this->normal_key; } $this->store->storeAssociation($key, $assoc); return $assoc; }
function test_invalidate() { $assoc_handle = '-squash-'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->dumb_key, $assoc); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertTrue($assoc); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertTrue($assoc); $this->signatory->invalidate($assoc_handle, true); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertFalse($assoc); }
/** * @access private */ function _extractAssociation($assoc_response, $assoc_session) { // Extract the common fields from the response, raising an // exception if they are not found $assoc_type = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_type', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($assoc_type)) { return $assoc_type; } $assoc_handle = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($assoc_handle)) { return $assoc_handle; } // expires_in is a base-10 string. The Python parsing will // accept literals that have whitespace around them and will // accept negative values. Neither of these are really in-spec, // but we think it's OK to accept them. $expires_in_str = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'expires_in', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($expires_in_str)) { return $expires_in_str; } $expires_in = Auth_OpenID::intval($expires_in_str); if ($expires_in === false) { $err = sprintf("Could not parse expires_in from association " . "response %s", print_r($assoc_response, true)); return new Auth_OpenID_FailureResponse(null, $err); } // OpenID 1 has funny association session behaviour. if ($assoc_response->isOpenID1()) { $session_type = $this->_getOpenID1SessionType($assoc_response); } else { $session_type = $assoc_response->getArg(Auth_OpenID_OPENID2_NS, 'session_type', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($session_type)) { return $session_type; } } // Session type mismatch if ($assoc_session->session_type != $session_type) { if ($assoc_response->isOpenID1() && $session_type == 'no-encryption') { // In OpenID 1, any association request can result in // a 'no-encryption' association response. Setting // assoc_session to a new no-encryption session should // make the rest of this function work properly for // that case. $assoc_session = new Auth_OpenID_PlainTextConsumerSession(); } else { // Any other mismatch, regardless of protocol version // results in the failure of the association session // altogether. return null; } } // Make sure assoc_type is valid for session_type if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) { return null; } // Delegate to the association session to extract the secret // from the response, however is appropriate for that session // type. $secret = $assoc_session->extractSecret($assoc_response); if ($secret === null) { return null; } return Auth_OpenID_Association::fromExpiresIn($expires_in, $assoc_handle, $secret, $assoc_type); }
/** * @access private */ function _parseAssociation($results, $assoc_session, $server_url) { $required_keys = array('assoc_type', 'assoc_handle', 'expires_in'); foreach ($required_keys as $key) { if (!array_key_exists($key, $results)) { return null; } } $assoc_type = $results['assoc_type']; $assoc_handle = $results['assoc_handle']; $expires_in_str = $results['expires_in']; if ($assoc_type != 'HMAC-SHA1') { return null; } $expires_in = intval($expires_in_str); if ($expires_in <= 0) { return null; } $session_type = Auth_OpenID::arrayGet($results, 'session_type'); if ($session_type != $assoc_session->session_type) { if ($session_type === null) { $assoc_session = new Auth_OpenID_PlainTextConsumerSession(); } else { return null; } } $secret = $assoc_session->extractSecret($results); if (!$secret) { return null; } $assoc = Auth_OpenID_Association::fromExpiresIn($expires_in, $assoc_handle, $secret, $assoc_type); $this->store->storeAssociation($server_url, $assoc); return $assoc; }