Mercurial > defr > drupal > core

diff modules/openid/openid.inc @ 1:c1f4ac30525a 6.0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Drupal 6.0
author Franck Deroche <webmaster@defr.org>
date Tue, 23 Dec 2008 14:28:28 +0100
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/openid/openid.inc	Tue Dec 23 14:28:28 2008 +0100
@@ -0,0 +1,439 @@
+<?php
+// $Id: openid.inc,v 1.8 2008/01/30 22:11:22 goba Exp $
+
+/**
+ * @file
+ * OpenID utility functions.
+ */
+
+// Diffie-Hellman Key Exchange Default Value.
+define('OPENID_DH_DEFAULT_MOD', '155172898181473697471232257763715539915724801'.
+       '966915404479707795314057629378541917580651227423698188993727816152646631'.
+       '438561595825688188889951272158842675419950341258706556549803580104870537'.
+       '681476726513255747040765857479291291572334510643245094715007229621094194'.
+       '349783925984760375594985848253359305585439638443');
+
+// Constants for Diffie-Hellman key exchange computations.
+define('OPENID_DH_DEFAULT_GEN', '2');
+define('OPENID_SHA1_BLOCKSIZE', 64);
+define('OPENID_RAND_SOURCE', '/dev/urandom');
+
+// OpenID namespace URLs
+define('OPENID_NS_2_0', 'http://specs.openid.net/auth/2.0');
+define('OPENID_NS_1_1', 'http://openid.net/signon/1.1');
+define('OPENID_NS_1_0', 'http://openid.net/signon/1.0');
+
+/**
+ * Performs an HTTP 302 redirect (for the 1.x protocol).
+ */
+function openid_redirect_http($url, $message) {
+  $query = array();
+  foreach ($message as $key => $val) {
+    $query[] = $key .'='. urlencode($val);
+  }
+
+  $sep = (strpos($url, '?') === FALSE) ? '?' : '&';
+  header('Location: '. $url . $sep . implode('&', $query), TRUE, 302);
+  exit;
+}
+
+/**
+ * Creates a js auto-submit redirect for (for the 2.x protocol)
+ */
+function openid_redirect($url, $message) {
+  $output = '<html><head><title>'. t('OpenID redirect') ."</title></head>\n<body>";
+  $output .= drupal_get_form('openid_redirect_form', $url, $message);
+  $output .= '<script type="text/javascript">document.getElementById("openid-redirect-form").submit();</script>';
+  $output .= "</body></html>\n";
+  print $output;
+  exit;
+}
+
+function openid_redirect_form(&$form_state, $url, $message) {
+  $form = array();
+  $form['#action'] = $url;
+  $form['#method'] = "post";
+  foreach ($message as $key => $value) {
+    $form[$key] = array(
+      '#type' => 'hidden',
+      '#name' => $key,
+      '#value' => $value,
+    );
+  }
+  $form['submit'] = array(
+    '#type' => 'submit',
+    '#prefix' => '<noscript>',
+    '#suffix' => '</noscript>',
+    '#value' => t('Send'),
+  );
+
+  return $form;
+}
+
+/**
+ * Determine if the given identifier is an XRI ID.
+ */
+function _openid_is_xri($identifier) {
+  $firstchar = substr($identifier, 0, 1);
+  if ($firstchar == "@" || $firstchar == "=")
+    return TRUE;
+
+  if (stristr($identifier, 'xri://') !== FALSE) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+ * Normalize the given identifier as per spec.
+ */
+function _openid_normalize($identifier) {
+  if (_openid_is_xri($identifier)) {
+    return _openid_normalize_xri($identifier);
+  }
+  else {
+    return _openid_normalize_url($identifier);
+  }
+}
+
+function _openid_normalize_xri($xri) {
+  $normalized_xri = $xri;
+  if (stristr($xri, 'xri://') !== FALSE) {
+    $normalized_xri = substr($xri, 6);
+  }
+  return $normalized_xri;
+}
+
+function _openid_normalize_url($url) {
+  $normalized_url = $url;
+
+  if (stristr($url, '://') === FALSE) {
+    $normalized_url = 'http://'. $url;
+  }
+
+  if (substr_count($normalized_url, '/') < 3) {
+    $normalized_url .= '/';
+  }
+
+  return $normalized_url;
+}
+
+/**
+ * Create a serialized message packet as per spec: $key:$value\n .
+ */
+function _openid_create_message($data) {
+  $serialized = '';
+
+  foreach ($data as $key => $value) {
+    if ((strpos($key, ':') !== FALSE) || (strpos($key, "\n") !== FALSE) || (strpos($value, "\n") !== FALSE)) {
+      return null;
+    }
+    $serialized .= "$key:$value\n";
+  }
+  return $serialized;
+}
+
+/**
+ * Encode a message from _openid_create_message for HTTP Post
+ */
+function _openid_encode_message($message) {
+  $encoded_message = '';
+
+  $items = explode("\n", $message);
+  foreach ($items as $item) {
+    $parts = explode(':', $item, 2);
+
+    if (count($parts) == 2) {
+      if ($encoded_message != '') {
+        $encoded_message .= '&';
+      }
+      $encoded_message .= rawurlencode(trim($parts[0])) .'='. rawurlencode(trim($parts[1]));
+    }
+  }
+
+  return $encoded_message;
+}
+
+/**
+ * Convert a direct communication message
+ * into an associative array.
+ */
+function _openid_parse_message($message) {
+  $parsed_message = array();
+
+  $items = explode("\n", $message);
+  foreach ($items as $item) {
+    $parts = explode(':', $item, 2);
+
+    if (count($parts) == 2) {
+      $parsed_message[$parts[0]] = $parts[1];
+    }
+  }
+
+  return $parsed_message;
+}
+
+/**
+ * Return a nonce value - formatted per OpenID spec.
+ */
+function _openid_nonce() {
+  // YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars
+  return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') .
+    chr(mt_rand(0, 25) + 65) .
+    chr(mt_rand(0, 25) + 65) .
+    chr(mt_rand(0, 25) + 65) .
+    chr(mt_rand(0, 25) + 65);
+}
+
+/**
+ * Pull the href attribute out of an html link element.
+ */
+function _openid_link_href($rel, $html) {
+  $rel = preg_quote($rel);
+  preg_match('|<link\s+rel=["\'](.*)'. $rel .'(.*)["\'](.*)/?>|iUs', $html, $matches);
+  if (isset($matches[3])) {
+    preg_match('|href=["\']([^"]+)["\']|iU', $matches[3], $href);
+    return trim($href[1]);
+  }
+  return FALSE;
+}
+
+/**
+ * Pull the http-equiv attribute out of an html meta element
+ */
+function _openid_meta_httpequiv($equiv, $html) {
+  preg_match('|<meta\s+http-equiv=["\']'. $equiv .'["\'](.*)/?>|iUs', $html, $matches);
+  if (isset($matches[1])) {
+    preg_match('|content=["\']([^"]+)["\']|iUs', $matches[1], $content);
+    if (isset($content[1])) {
+      return $content[1];
+    }
+  }
+  return FALSE;
+}
+
+/**
+ * Sign certain keys in a message
+ * @param $association - object loaded from openid_association or openid_server_association table
+ *              - important fields are ->assoc_type and ->mac_key
+ * @param $message_array - array of entire message about to be sent
+ * @param $keys_to_sign - keys in the message to include in signature (without
+ *  'openid.' appended)
+ */
+function _openid_signature($association, $message_array, $keys_to_sign) {
+  $signature = '';
+  $sign_data = array();
+
+  foreach ($keys_to_sign as $key) {
+    if (isset($message_array['openid.'. $key])) {
+      $sign_data[$key] = $message_array['openid.'. $key];
+    }
+  }
+
+  $message = _openid_create_message($sign_data);
+  $secret = base64_decode($association->mac_key);
+  $signature = _openid_hmac($secret, $message);
+
+  return base64_encode($signature);
+}
+
+function _openid_hmac($key, $text) {
+  if (strlen($key) > OPENID_SHA1_BLOCKSIZE) {
+    $key = _openid_sha1($key, true);
+  }
+
+  $key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00));
+  $ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE);
+  $opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE);
+  $hash1 = _openid_sha1(($key ^ $ipad) . $text, true);
+  $hmac = _openid_sha1(($key ^ $opad) . $hash1, true);
+
+  return $hmac;
+}
+
+function _openid_sha1($text) {
+  $hex = sha1($text);
+  $raw = '';
+  for ($i = 0; $i < 40; $i += 2) {
+    $hexcode = substr($hex, $i, 2);
+    $charcode = (int)base_convert($hexcode, 16, 10);
+    $raw .= chr($charcode);
+  }
+  return $raw;
+}
+
+function _openid_dh_base64_to_long($str) {
+  $b64 = base64_decode($str);
+
+  return _openid_dh_binary_to_long($b64);
+}
+
+function _openid_dh_long_to_base64($str) {
+  return base64_encode(_openid_dh_long_to_binary($str));
+}
+
+function _openid_dh_binary_to_long($str) {
+  $bytes = array_merge(unpack('C*', $str));
+
+  $n = 0;
+  foreach ($bytes as $byte) {
+    $n = bcmul($n, pow(2, 8));
+    $n = bcadd($n, $byte);
+  }
+
+  return $n;
+}
+
+function _openid_dh_long_to_binary($long) {
+  $cmp = bccomp($long, 0);
+  if ($cmp < 0) {
+    return FALSE;
+  }
+
+  if ($cmp == 0) {
+    return "\x00";
+  }
+
+  $bytes = array();
+
+  while (bccomp($long, 0) > 0) {
+    array_unshift($bytes, bcmod($long, 256));
+    $long = bcdiv($long, pow(2, 8));
+  }
+
+  if ($bytes && ($bytes[0] > 127)) {
+    array_unshift($bytes, 0);
+  }
+
+  $string = '';
+  foreach ($bytes as $byte) {
+    $string .= pack('C', $byte);
+  }
+
+  return $string;
+}
+
+function _openid_dh_xorsecret($shared, $secret) {
+  $dh_shared_str = _openid_dh_long_to_binary($shared);
+  $sha1_dh_shared = _openid_sha1($dh_shared_str);
+  $xsecret = "";
+  for ($i = 0; $i < strlen($secret); $i++) {
+    $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i]));
+  }
+
+  return $xsecret;
+}
+
+function _openid_dh_rand($stop) {
+  static $duplicate_cache = array();
+
+  // Used as the key for the duplicate cache
+  $rbytes = _openid_dh_long_to_binary($stop);
+
+  if (array_key_exists($rbytes, $duplicate_cache)) {
+    list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
+  }
+  else {
+    if ($rbytes[0] == "\x00") {
+      $nbytes = strlen($rbytes) - 1;
+    }
+    else {
+      $nbytes = strlen($rbytes);
+    }
+
+    $mxrand = bcpow(256, $nbytes);
+
+    // If we get a number less than this, then it is in the
+    // duplicated range.
+    $duplicate = bcmod($mxrand, $stop);
+
+    if (count($duplicate_cache) > 10) {
+      $duplicate_cache = array();
+    }
+
+    $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
+  }
+
+  do {
+    $bytes = "\x00". _openid_get_bytes($nbytes);
+    $n = _openid_dh_binary_to_long($bytes);
+    // Keep looping if this value is in the low duplicated range.
+  } while (bccomp($n, $duplicate) < 0);
+
+  return bcmod($n, $stop);
+}
+
+function _openid_get_bytes($num_bytes) {
+  static $f = null;
+  $bytes = '';
+  if (!isset($f)) {
+    $f = @fopen(OPENID_RAND_SOURCE, "r");
+  }
+  if (!$f) {
+    // pseudorandom used
+    $bytes = '';
+    for ($i = 0; $i < $num_bytes; $i += 4) {
+      $bytes .= pack('L', mt_rand());
+    }
+    $bytes = substr($bytes, 0, $num_bytes);
+  }
+  else {
+    $bytes = fread($f, $num_bytes);
+  }
+  return $bytes;
+}
+
+function _openid_response($str = NULL) {
+  $data = array();
+  
+  if (isset($_SERVER['REQUEST_METHOD'])) {
+    $data = _openid_get_params($_SERVER['QUERY_STRING']);
+
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+      $str = file_get_contents('php://input');
+
+      $post = array();
+      if ($str !== false) {
+        $post = _openid_get_params($str);
+      }
+
+      $data = array_merge($data, $post);
+    }
+  }
+
+  return $data;
+}
+
+function _openid_get_params($str) {
+  $chunks = explode("&", $str);
+
+  $data = array();
+  foreach ($chunks as $chunk) {
+    $parts = explode("=", $chunk, 2);
+
+    if (count($parts) == 2) {
+      list($k, $v) = $parts;
+      $data[$k] = urldecode($v);
+    }
+  }
+  return $data;
+}
+
+/**
+ * Provide bcpowmod support for PHP4.
+ */
+if (!function_exists('bcpowmod')) {
+  function bcpowmod($base, $exp, $mod) {
+    $square = bcmod($base, $mod);
+    $result = 1;
+    while (bccomp($exp, 0) > 0) {
+      if (bcmod($exp, 2)) {
+        $result = bcmod(bcmul($result, $square), $mod);
+      }
+      $square = bcmod(bcmul($square, $square), $mod);
+      $exp = bcdiv($exp, 2);
+    }
+    return $result;
+  }
+}