Subversion Repositories Applications.framework

Compare Revisions

No changes between revisions

Ignore whitespace Rev 376 → Rev 380

/trunk/framework/brouillons/Storage.php
New file
0,0 → 1,132
<?php
 
/**
* Zend Framework
*
* LICENSE
*
* This source file is subject to the new BSD license that is bundled
* with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://framework.zend.com/license/new-bsd
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
* @category Zend
* @package Zend_OpenId
* @subpackage Zend_OpenId_Consumer
* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
* @version $Id$
*/
 
/**
* Abstract class to implement external storage for OpenID consumer
*
* @category Zend
* @package Zend_OpenId
* @subpackage Zend_OpenId_Consumer
* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
abstract class Storage
{
 
/**
* Stores information about association identified by $url/$handle
*
* @param string $url OpenID server URL
* @param string $handle assiciation handle
* @param string $macFunc HMAC function (sha1 or sha256)
* @param string $secret shared secret
* @param long $expires expiration UNIX time
* @return void
*/
abstract public function addAssociation($url, $handle, $macFunc, $secret, $expires);
 
/**
* Gets information about association identified by $url
* Returns true if given association found and not expired and false
* otherwise
*
* @param string $url OpenID server URL
* @param string &$handle assiciation handle
* @param string &$macFunc HMAC function (sha1 or sha256)
* @param string &$secret shared secret
* @param long &$expires expiration UNIX time
* @return bool
*/
abstract public function getAssociation($url, &$handle, &$macFunc, &$secret, &$expires);
 
/**
* Gets information about association identified by $handle
* Returns true if given association found and not expired and false
* othverwise
*
* @param string $handle assiciation handle
* @param string &$url OpenID server URL
* @param string &$macFunc HMAC function (sha1 or sha256)
* @param string &$secret shared secret
* @param long &$expires expiration UNIX time
* @return bool
*/
abstract public function getAssociationByHandle($handle, &$url, &$macFunc, &$secret, &$expires);
 
/**
* Deletes association identified by $url
*
* @param string $url OpenID server URL
* @return void
*/
abstract public function delAssociation($url);
 
/**
* Stores information discovered from identity $id
*
* @param string $id identity
* @param string $realId discovered real identity URL
* @param string $server discovered OpenID server URL
* @param float $version discovered OpenID protocol version
* @param long $expires expiration UNIX time
* @return void
*/
abstract public function addDiscoveryInfo($id, $realId, $server, $version, $expires);
 
/**
* Gets information discovered from identity $id
* Returns true if such information exists and false otherwise
*
* @param string $id identity
* @param string &$realId discovered real identity URL
* @param string &$server discovered OpenID server URL
* @param float &$version discovered OpenID protocol version
* @param long &$expires expiration UNIX time
* @return bool
*/
abstract public function getDiscoveryInfo($id, &$realId, &$server, &$version, &$expires);
 
/**
* Removes cached information discovered from identity $id
*
* @param string $id identity
* @return bool
*/
abstract public function delDiscoveryInfo($id);
 
/**
* The function checks the uniqueness of openid.response_nonce
*
* @param string $provider openid.openid_op_endpoint field from authentication response
* @param string $nonce openid.response_nonce field from authentication response
* @return bool
*/
abstract public function isUniqueNonce($provider, $nonce);
 
/**
* Removes data from the uniqueness database that is older then given date
*
* @param string $date Date of expired data
*/
abstract public function purgeNonces($date=null);
}
Property changes:
Added: svn:keywords
+Id Author Date Revision HeadURL
\ No newline at end of property
/trunk/framework/brouillons/StorageFile.php
New file
0,0 → 1,512
<?php
 
/**
* Zend Framework
*
* LICENSE
*
* This source file is subject to the new BSD license that is bundled
* with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://framework.zend.com/license/new-bsd
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
* @category Zend
* @package Zend_OpenId
* @subpackage Zend_OpenId_Consumer
* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
* @version $Id$
*/
 
/**
* External storage implemmentation using serialized files
*
* @category Zend
* @package Zend_OpenId
* @subpackage Zend_OpenId_Consumer
* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
class StorageFile extends Storage
{
 
/**
* Directory name to store data files in
*
* @var string $_dir
*/
private $_dir;
 
/**
* Constructs storage object and creates storage directory
*
* @param string $dir directory name to store data files in
* @throws Zend_OpenId_Exception
*/
public function __construct($dir = null)
{
if ($dir === null) {
$tmp = getenv('TMP');
if (empty($tmp)) {
$tmp = getenv('TEMP');
if (empty($tmp)) {
$tmp = "/tmp";
}
}
$user = get_current_user();
if (is_string($user) && !empty($user)) {
$tmp .= '/' . $user;
}
$dir = $tmp . '/openid/consumer';
}
$this->_dir = $dir;
if (!is_dir($this->_dir)) {
if (!@mkdir($this->_dir, 0700, 1)) {
/**
* @see Zend_OpenId_Exception
*/
require_once 'Zend/OpenId/Exception.php';
throw new Zend_OpenId_Exception(
'Cannot access storage directory ' . $dir,
Zend_OpenId_Exception::ERROR_STORAGE);
}
}
if (($f = fopen($this->_dir.'/assoc.lock', 'w+')) === null) {
/**
* @see Zend_OpenId_Exception
*/
/*require_once 'Zend/OpenId/Exception.php';
throw new Zend_OpenId_Exception(
'Cannot create a lock file in the directory ' . $dir,
Zend_OpenId_Exception::ERROR_STORAGE);*/
trigger_error('Cannot create a lock file in the directory ', E_STRICT);
}
fclose($f);
if (($f = fopen($this->_dir.'/discovery.lock', 'w+')) === null) {
/**
* @see Zend_OpenId_Exception
*/
/*require_once 'Zend/OpenId/Exception.php';
throw new Zend_OpenId_Exception(
'Cannot create a lock file in the directory ' . $dir,
Zend_OpenId_Exception::ERROR_STORAGE);*/
trigger_error('Cannot create a lock file in the directory', E_STRICT);
}
fclose($f);
if (($f = fopen($this->_dir.'/nonce.lock', 'w+')) === null) {
/**
* @see Zend_OpenId_Exception
*/
/*require_once 'Zend/OpenId/Exception.php';
throw new Zend_OpenId_Exception(
'Cannot create a lock file in the directory ' . $dir,
Zend_OpenId_Exception::ERROR_STORAGE);*/
trigger_error('Cannot create a lock file in the directory', E_STRICT);
}
fclose($f);
}
 
/**
* Stores information about association identified by $url/$handle
*
* @param string $url OpenID server URL
* @param string $handle assiciation handle
* @param string $macFunc HMAC function (sha1 or sha256)
* @param string $secret shared secret
* @param long $expires expiration UNIX time
* @return bool
*/
public function addAssociation($url, $handle, $macFunc, $secret, $expires)
{
$name1 = $this->_dir . '/assoc_url_' . md5($url);
$name2 = $this->_dir . '/assoc_handle_' . md5($handle);
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name1, 'w+');
if ($f === false) {
fclose($lock);
return false;
}
$data = serialize(array($url, $handle, $macFunc, $secret, $expires));
fwrite($f, $data);
if (function_exists('symlink')) {
@unlink($name2);
if (symlink($name1, $name2)) {
fclose($f);
fclose($lock);
return true;
}
}
$f2 = @fopen($name2, 'w+');
if ($f2) {
fwrite($f2, $data);
fclose($f2);
@unlink($name1);
$ret = true;
} else {
$ret = false;
}
fclose($f);
fclose($lock);
return $ret;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Gets information about association identified by $url
* Returns true if given association found and not expired and false
* otherwise
*
* @param string $url OpenID server URL
* @param string &$handle assiciation handle
* @param string &$macFunc HMAC function (sha1 or sha256)
* @param string &$secret shared secret
* @param long &$expires expiration UNIX time
* @return bool
*/
public function getAssociation($url, &$handle, &$macFunc, &$secret, &$expires)
{
$name1 = $this->_dir . '/assoc_url_' . md5($url);
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name1, 'r');
if ($f === false) {
fclose($lock);
return false;
}
$ret = false;
$data = stream_get_contents($f);
if (!empty($data)) {
list($storedUrl, $handle, $macFunc, $secret, $expires) = unserialize($data);
if ($url === $storedUrl && $expires > time()) {
$ret = true;
} else {
$name2 = $this->_dir . '/assoc_handle_' . md5($handle);
fclose($f);
@unlink($name2);
@unlink($name1);
fclose($lock);
return false;
}
}
fclose($f);
fclose($lock);
return $ret;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Gets information about association identified by $handle
* Returns true if given association found and not expired and false
* otherwise
*
* @param string $handle assiciation handle
* @param string &$url OpenID server URL
* @param string &$macFunc HMAC function (sha1 or sha256)
* @param string &$secret shared secret
* @param long &$expires expiration UNIX time
* @return bool
*/
public function getAssociationByHandle($handle, &$url, &$macFunc, &$secret, &$expires)
{
$name2 = $this->_dir . '/assoc_handle_' . md5($handle);
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name2, 'r');
if ($f === false) {
fclose($lock);
return false;
}
$ret = false;
$data = stream_get_contents($f);
if (!empty($data)) {
list($url, $storedHandle, $macFunc, $secret, $expires) = unserialize($data);
if ($handle === $storedHandle && $expires > time()) {
$ret = true;
} else {
fclose($f);
@unlink($name2);
$name1 = $this->_dir . '/assoc_url_' . md5($url);
@unlink($name1);
fclose($lock);
return false;
}
}
fclose($f);
fclose($lock);
return $ret;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Deletes association identified by $url
*
* @param string $url OpenID server URL
* @return bool
*/
public function delAssociation($url)
{
$name1 = $this->_dir . '/assoc_url_' . md5($url);
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name1, 'r');
if ($f === false) {
fclose($lock);
return false;
}
$data = stream_get_contents($f);
if (!empty($data)) {
list($storedUrl, $handle, $macFunc, $secret, $expires) = unserialize($data);
if ($url === $storedUrl) {
$name2 = $this->_dir . '/assoc_handle_' . md5($handle);
fclose($f);
@unlink($name2);
@unlink($name1);
fclose($lock);
return true;
}
}
fclose($f);
fclose($lock);
return true;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Stores information discovered from identity $id
*
* @param string $id identity
* @param string $realId discovered real identity URL
* @param string $server discovered OpenID server URL
* @param float $version discovered OpenID protocol version
* @param long $expires expiration UNIX time
* @return bool
*/
public function addDiscoveryInfo($id, $realId, $server, $version, $expires)
{
$name = $this->_dir . '/discovery_' . md5($id);
$lock = @fopen($this->_dir . '/discovery.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name, 'w+');
if ($f === false) {
fclose($lock);
return false;
}
$data = serialize(array($id, $realId, $server, $version, $expires));
fwrite($f, $data);
fclose($f);
fclose($lock);
return true;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Gets information discovered from identity $id
* Returns true if such information exists and false otherwise
*
* @param string $id identity
* @param string &$realId discovered real identity URL
* @param string &$server discovered OpenID server URL
* @param float &$version discovered OpenID protocol version
* @param long &$expires expiration UNIX time
* @return bool
*/
public function getDiscoveryInfo($id, &$realId, &$server, &$version, &$expires)
{
$name = $this->_dir . '/discovery_' . md5($id);
$lock = @fopen($this->_dir . '/discovery.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name, 'r');
if ($f === false) {
fclose($lock);
return false;
}
$ret = false;
$data = stream_get_contents($f);
if (!empty($data)) {
list($storedId, $realId, $server, $version, $expires) = unserialize($data);
if ($id === $storedId && $expires > time()) {
$ret = true;
} else {
fclose($f);
@unlink($name);
fclose($lock);
return false;
}
}
fclose($f);
fclose($lock);
return $ret;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Removes cached information discovered from identity $id
*
* @param string $id identity
* @return bool
*/
public function delDiscoveryInfo($id)
{
$name = $this->_dir . '/discovery_' . md5($id);
$lock = @fopen($this->_dir . '/discovery.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
@unlink($name);
fclose($lock);
return true;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* The function checks the uniqueness of openid.response_nonce
*
* @param string $provider openid.openid_op_endpoint field from authentication response
* @param string $nonce openid.response_nonce field from authentication response
* @return bool
*/
public function isUniqueNonce($provider, $nonce)
{
$name = $this->_dir . '/nonce_' . md5($provider.';'.$nonce);
echo $name;
$lock = @fopen($this->_dir . '/nonce.lock', 'w+');
if ($lock === false) {
return false;
}
if (!flock($lock, LOCK_EX)) {
fclose($lock);
return false;
}
try {
$f = @fopen($name, 'x');
if ($f === false) {
fclose($lock);
return false;
}
fwrite($f, $provider.';'.$nonce);
fclose($f);
fclose($lock);
return true;
} catch (Exception $e) {
fclose($lock);
throw $e;
}
}
 
/**
* Removes data from the uniqueness database that is older then given date
*
* @param mixed $date date of expired data
*/
public function purgeNonces($date=null)
{
$lock = @fopen($this->_dir . '/nonce.lock', 'w+');
if ($lock !== false) {
flock($lock, LOCK_EX);
}
try {
if (!is_int($date) && !is_string($date)) {
$nonceFiles = glob($this->_dir . '/nonce_*');
foreach ((array) $nonceFiles as $name) {
@unlink($name);
}
unset($nonceFiles);
} else {
if (is_string($date)) {
$time = time($date);
} else {
$time = $date;
}
$nonceFiles = glob($this->_dir . '/nonce_*');
foreach ((array) $nonceFiles as $name) {
if (filemtime($name) < $time) {
@unlink($name);
}
}
unset($nonceFiles);
}
if ($lock !== false) {
fclose($lock);
}
} catch (Exception $e) {
if ($lock !== false) {
fclose($lock);
}
throw $e;
}
}
}
Property changes:
Added: svn:keywords
+Id Author Date Revision HeadURL
\ No newline at end of property
/trunk/framework/brouillons/DiffieHellmanUtil.php
New file
0,0 → 1,224
<?php
 
/**
* Classe utilitaire proposant des fonctions permettant la réalisation d'un
* échange de clé Diffie Hellman
*
* "En cryptographie, l'échange de clés Diffie-Hellman, du nom de ses auteurs
* Whitfield Diffie et Martin Hellman, est une méthode par laquelle deux
* personnes peuvent se mettre d'accord sur un nombre (qu'ils peuvent utiliser
* comme clé pour chiffrer la conversation suivante) sans qu'une troisième
* personne appelée Ève puisse découvrir le nombre, même en ayant écouté tous
* leurs échanges."
*
* Voir http://fr.wikipedia.org/wiki/%C3%89change_de_cl%C3%A9s_Diffie-Hellman
*
* */
class DiffieHellmanUtil {
// Default Diffie-Hellman key generator (1024 bit)
const DH_P = 'dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61ef75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d2683705577d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e3826634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab';
//Default Diffie-Hellman prime number (should be 2 or 5)
const DH_G = '02';
 
/**
* Performs the first step of a Diffie-Hellman key exchange by generating
* private and public DH values based on given prime number $p and
* generator $g. Both sides of key exchange MUST have the same prime number
* and generator. In this case they will able to create a random shared
* secret that is never send from one to the other.
*
* @param string $p prime number in binary representation
* @param string $g generator in binary representation
* @param string $priv_key private key in binary representation
* @return mixed
*/
public static function createDhKey($p, $g, $priv_key = null)
{
if (function_exists('openssl_dh_compute_key')) {
$dh_details = array(
'p' => $p,
'g' => $g
);
if ($priv_key !== null) {
$dh_details['priv_key'] = $priv_key;
}
return openssl_pkey_new(array('dh'=>$dh_details));
} else {
$bn_p = self::binToBigNum($p);
$bn_g = self::binToBigNum($g);
if ($priv_key === null) {
$priv_key = self::randomBytes(self::strlen($p));
}
$bn_priv_key = self::binToBigNum($priv_key);
if (extension_loaded('gmp')) {
$bn_pub_key = gmp_powm($bn_g, $bn_priv_key, $bn_p);
} else if (extension_loaded('bcmath')) {
$bn_pub_key = bcpowmod($bn_g, $bn_priv_key, $bn_p);
}
$pub_key = self::bigNumToBin($bn_pub_key);
 
return array(
'p' => $bn_p,
'g' => $bn_g,
'priv_key' => $bn_priv_key,
'pub_key' => $bn_pub_key,
'details' => array(
'p' => $p,
'g' => $g,
'priv_key' => $priv_key,
'pub_key' => $pub_key));
}
}
/**
* Returns an associative array with Diffie-Hellman key components in
* binary representation. The array includes original prime number 'p' and
* generator 'g', random private key 'priv_key' and corresponding public
* key 'pub_key'.
*
* @param mixed $dh Diffie-Hellman key
* @return array
*/
public static function getDhKeyDetails($dh)
{
if (function_exists('openssl_dh_compute_key')) {
$details = openssl_pkey_get_details($dh);
if (isset($details['dh'])) {
return $details['dh'];
}
} else {
return $dh['details'];
}
}
// Depuis OpenId.php, les fonctions de Diffie-Hellman
// TODO : voir si ça peut être externaliser pour être réutilisé ? => dans utilitaires
/**
* Computes the shared secret from the private DH value $dh and the other
* party's public value in $pub_key
*
* @param string $pub_key other party's public value
* @param mixed $dh Diffie-Hellman key
* @return string
* @throws Zend_OpenId_Exception
*/
public function computeDhSecret($pub_key, $dh)
{
if (function_exists('openssl_dh_compute_key')) {
$ret = openssl_dh_compute_key($pub_key, $dh);
if (ord($ret[0]) > 127) {
$ret = "\0" . $ret;
}
return $ret;
} else if (extension_loaded('gmp')) {
$bn_pub_key = self::binToBigNum($pub_key);
$bn_secret = gmp_powm($bn_pub_key, $dh['priv_key'], $dh['p']);
return self::bigNumToBin($bn_secret);
} else if (extension_loaded('bcmath')) {
$bn_pub_key = self::binToBigNum($pub_key);
$bn_secret = bcpowmod($bn_pub_key, $dh['priv_key'], $dh['p']);
return self::bigNumToBin($bn_secret);
}
/*require_once "Zend/OpenId/Exception.php";
throw new Zend_OpenId_Exception(
'The system doesn\'t have proper big integer extension',
Zend_OpenId_Exception::UNSUPPORTED_LONG_MATH);*/
trigger_error('Le système ne gère pas les nombre de taille arbitraire', E_STRICT);
}
/**
* Takes an arbitrary precision integer and returns its shortest big-endian
* two's complement representation.
*
* Arbitrary precision integers MUST be encoded as big-endian signed two's
* complement binary strings. Henceforth, "btwoc" is a function that takes
* an arbitrary precision integer and returns its shortest big-endian two's
* complement representation. All integers that are used with
* Diffie-Hellman Key Exchange are positive. This means that the left-most
* bit of the two's complement representation MUST be zero. If it is not,
* implementations MUST add a zero byte at the front of the string.
*
* @param string $str binary representation of arbitrary precision integer
* @return string big-endian signed representation
*/
public function btwoc($str)
{
if (ord($str[0]) > 127) {
return "\0" . $str;
}
return $str;
}
/**
* Produces string of random byte of given length.
*
* @param integer $len length of requested string
* @return string RAW random binary string
*/
public function randomBytes($len)
{
$key = '';
for($i=0; $i < $len; $i++) {
$key .= chr(mt_rand(0, 255));
}
return $key;
}
/**
* Returns lenght of binary string in bytes
*
* @param string $str
* @return int the string lenght
*/
static public function strlen($str)
{
if (extension_loaded('mbstring') &&
(((int)ini_get('mbstring.func_overload')) & 2)) {
return mb_strlen($str, 'latin1');
} else {
return strlen($str);
}
}
/**
* Converts binary representation into ext/gmp or ext/bcmath big integer
* representation.
*
* @param string $bin binary representation of big number
* @return mixed
* @throws Zend_OpenId_Exception
*/
protected function binToBigNum($bin)
{
if (extension_loaded('gmp')) {
return gmp_init(bin2hex($bin), 16);
} else if (extension_loaded('bcmath')) {
$bn = 0;
$len = self::strlen($bin);
for ($i = 0; $i < $len; $i++) {
$bn = bcmul($bn, 256);
$bn = bcadd($bn, ord($bin[$i]));
}
return $bn;
}
/*require_once "Zend/OpenId/Exception.php";
throw new Zend_OpenId_Exception(
'The system doesn\'t have proper big integer extension',
Zend_OpenId_Exception::UNSUPPORTED_LONG_MATH);*/
trigger_error('Le système ne gère pas les nombre de taille arbitraire', E_STRICT);
}
}
?>
Property changes:
Added: svn:keywords
+Id Author Date Revision HeadURL
\ No newline at end of property