109 lines
2.8 KiB
PHP
109 lines
2.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Nonce-related functionality.
|
|
*
|
|
* @package OpenID
|
|
*/
|
|
|
|
/**
|
|
* Need CryptUtil to generate random strings.
|
|
*/
|
|
require_once 'Auth/OpenID/CryptUtil.php';
|
|
|
|
/**
|
|
* This is the characters that the nonces are made from.
|
|
*/
|
|
define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
|
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
|
|
|
|
// Keep nonces for five hours (allow five hours for the combination of
|
|
// request time and clock skew). This is probably way more than is
|
|
// necessary, but there is not much overhead in storing nonces.
|
|
global $Auth_OpenID_SKEW;
|
|
$Auth_OpenID_SKEW = 60 * 60 * 5;
|
|
|
|
define('Auth_OpenID_Nonce_REGEX',
|
|
'/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
|
|
|
|
define('Auth_OpenID_Nonce_TIME_FMT',
|
|
'%Y-%m-%dT%H:%M:%SZ');
|
|
|
|
function Auth_OpenID_splitNonce($nonce_string)
|
|
{
|
|
// Extract a timestamp from the given nonce string
|
|
$result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
|
|
if ($result != 1 || count($matches) != 8) {
|
|
return null;
|
|
}
|
|
|
|
list($unused,
|
|
$tm_year,
|
|
$tm_mon,
|
|
$tm_mday,
|
|
$tm_hour,
|
|
$tm_min,
|
|
$tm_sec,
|
|
$uniquifier) = $matches;
|
|
|
|
$timestamp =
|
|
@gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
|
|
|
|
if ($timestamp === false || $timestamp < 0) {
|
|
return null;
|
|
}
|
|
|
|
return array($timestamp, $uniquifier);
|
|
}
|
|
|
|
function Auth_OpenID_checkTimestamp($nonce_string,
|
|
$allowed_skew = null,
|
|
$now = null)
|
|
{
|
|
// Is the timestamp that is part of the specified nonce string
|
|
// within the allowed clock-skew of the current time?
|
|
global $Auth_OpenID_SKEW;
|
|
|
|
if ($allowed_skew === null) {
|
|
$allowed_skew = $Auth_OpenID_SKEW;
|
|
}
|
|
|
|
$parts = Auth_OpenID_splitNonce($nonce_string);
|
|
if ($parts == null) {
|
|
return false;
|
|
}
|
|
|
|
if ($now === null) {
|
|
$now = time();
|
|
}
|
|
|
|
$stamp = $parts[0];
|
|
|
|
// Time after which we should not use the nonce
|
|
$past = $now - $allowed_skew;
|
|
|
|
// Time that is too far in the future for us to allow
|
|
$future = $now + $allowed_skew;
|
|
|
|
// the stamp is not too far in the future and is not too far
|
|
// in the past
|
|
return (($past <= $stamp) && ($stamp <= $future));
|
|
}
|
|
|
|
function Auth_OpenID_mkNonce($when = null)
|
|
{
|
|
// Generate a nonce with the current timestamp
|
|
$salt = Auth_OpenID_CryptUtil::randomString(
|
|
6, Auth_OpenID_Nonce_CHRS);
|
|
if ($when === null) {
|
|
// It's safe to call time() with no arguments; it returns a
|
|
// GMT unix timestamp on PHP 4 and PHP 5. gmmktime() with no
|
|
// args returns a local unix timestamp on PHP 4, so don't use
|
|
// that.
|
|
$when = time();
|
|
}
|
|
$time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
|
|
return $time_str . $salt;
|
|
}
|
|
|