Subversion Repositories Applications.annuaire

Rev

Rev 42 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
42 aurelien 1 
<?php
2 
 
3 
/**
4 
 * This file supplies a dumb store backend for OpenID servers and
5 
 * consumers.
6 
 *
7 
 * PHP versions 4 and 5
8 
 *
9 
 * LICENSE: See the COPYING file included in this distribution.
10 
 *
11 
 * @package OpenID
12 
 * @author JanRain, Inc. <openid@janrain.com>
13 
 * @copyright 2005 Janrain, Inc.
14 
 * @license http://www.gnu.org/copyleft/lesser.html LGPL
15 
 */
16 
 
17 
/**
18 
 * Import the interface for creating a new store class.
19 
 */
20 
require_once 'Auth/OpenID/Interface.php';
21 
require_once 'Auth/OpenID/HMACSHA1.php';
22 
 
23 
/**
24 
 * This is a store for use in the worst case, when you have no way of
25 
 * saving state on the consumer site. Using this store makes the
26 
 * consumer vulnerable to replay attacks, as it's unable to use
27 
 * nonces. Avoid using this store if it is at all possible.
28 
 *
29 
 * Most of the methods of this class are implementation details.
30 
 * Users of this class need to worry only about the constructor.
31 
 *
32 
 * @package OpenID
33 
 */
34 
class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
35 
 
36 
    /**
37 
     * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
38 
     * of the tokens generated by the library, this class attempts to
39 
     * at least have a secure implementation of getAuthKey.
40 
     *
41 
     * When you create an instance of this class, pass in a secret
42 
     * phrase. The phrase is hashed with sha1 to make it the correct
43 
     * length and form for an auth key. That allows you to use a long
44 
     * string as the secret phrase, which means you can make it very
45 
     * difficult to guess.
46 
     *
47 
     * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
48 
     * your consumer site needs to use the same $secret_phrase.
49 
     *
50 
     * @param string secret_phrase The phrase used to create the auth
51 
     * key returned by getAuthKey
52 
     */
53 
    function Auth_OpenID_DumbStore($secret_phrase)
54 
    {
55 
        $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
56 
    }
57 
 
58 
    /**
59 
     * This implementation does nothing.
60 
     */
61 
    function storeAssociation($server_url, $association)
62 
    {
63 
    }
64 
 
65 
    /**
66 
     * This implementation always returns null.
67 
     */
68 
    function getAssociation($server_url, $handle = null)
69 
    {
70 
        return null;
71 
    }
72 
 
73 
    /**
74 
     * This implementation always returns false.
75 
     */
76 
    function removeAssociation($server_url, $handle)
77 
    {
78 
        return false;
79 
    }
80 
 
81 
    /**
82 
     * This implementation does nothing.
83 
     */
84 
    function storeNonce($nonce)
85 
    {
86 
    }
87 
 
88 
    /**
89 
     * In a system truly limited to dumb mode, nonces must all be
90 
     * accepted. This therefore always returns true, which makes
91 
     * replay attacks feasible.
92 
     */
93 
    function useNonce($nonce)
94 
    {
95 
        return true;
96 
    }
97 
 
98 
    /**
99 
     * This method returns the auth key generated by the constructor.
100 
     */
101 
    function getAuthKey()
102 
    {
103 
        return $this->auth_key;
104 
    }
105 
 
106 
    /**
107 
     * This store is a dumb mode store, so this method is overridden
108 
     * to return true.
109 
     */
110 
    function isDumb()
111 
    {
112 
        return true;
113 
    }
114 
}
115 
 
116 
?>