public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event) { $this->request = $event->getRequest(); // Kind of like str_rot8, for hexadecimal strings. $this->responseId = strtr($event->getRequestData()->oxygenRequestId, 'abcdef0123456789', '23456789abcdef01'); set_exception_handler(array($this, 'handleException')); set_error_handler(array($this, 'handleError')); register_shutdown_function(array($this, 'handleFatalError')); $this->reservedMemory = str_repeat(' ', 1024 * $this->reservedMemorySize); }
public function onMasterRequest(Oxygen_Event_MasterRequestEvent $event) { $request = $event->getRequest(); $data = $event->getRequestData(); $existingPublicKey = $this->state->get('oxygen_public_key'); $providedPublicKey = $data->publicKey; $signature = $data->signature; $requestId = $data->oxygenRequestId; $requestExpiresAt = $data->requestExpiresAt; if (empty($existingPublicKey)) { // There is no public key set, use the provided one to verify SSL implementation. $verifyPublicKey = $providedPublicKey; } else { $verifyPublicKey = $existingPublicKey; } $verified = $this->rsaVerifier->verify($verifyPublicKey, sprintf('%s|%d', $requestId, $requestExpiresAt), $signature); if (!$verified) { if (empty($existingPublicKey)) { // A public key is not set, but the handshake failed. There might be a problem with the OpenSSL implementation. throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_TEST_FAILED); } else { throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_VERIFY_FAILED); } } if (!empty($existingPublicKey)) { // We validated against an existing key. $this->nonceManager->useNonce($requestId, $requestExpiresAt); $request->setAuthenticated(true); return; } $handshakeKey = @file_get_contents($this->modulePath . '/keys/' . $data->handshakeKey . '.pub'); if ($handshakeKey === false) { $lastError = error_get_last(); throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_KEY_NOT_FOUND, array('lastError' => $lastError['message'], 'keyPath' => $this->modulePath . '/' . $data->handshakeKey)); } $urlSlug = Oxygen_Util::getUrlSlug($this->baseUrl); $verifiedHandshake = $this->rsaVerifier->verify($handshakeKey, $urlSlug, $data->handshakeSignature); if (!$verifiedHandshake) { throw new Oxygen_Exception(Oxygen_Exception::HANDSHAKE_LOCAL_VERIFY_FAILED); } $this->nonceManager->useNonce($requestId, $requestExpiresAt); $this->state->set('oxygen_public_key', $providedPublicKey); $request->setAuthenticated(true); }