[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * Nonce-related functionality.
   5   *
   6   * @package OpenID
   7   */
   8  
   9  // Do not allow direct access
  10  defined( '_JEXEC' ) or die( 'Restricted access' );
  11  
  12  /**
  13   * Need CryptUtil to generate random strings.
  14   */
  15  require_once 'Auth/OpenID/CryptUtil.php';
  16  
  17  /**
  18   * This is the characters that the nonces are made from.
  19   */
  20  define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
  21         "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
  22  
  23  // Keep nonces for five hours (allow five hours for the combination of
  24  // request time and clock skew). This is probably way more than is
  25  // necessary, but there is not much overhead in storing nonces.
  26  global $Auth_OpenID_SKEW;
  27  $Auth_OpenID_SKEW = 60 * 60 * 5;
  28  
  29  define('Auth_OpenID_Nonce_REGEX',
  30         '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
  31  
  32  define('Auth_OpenID_Nonce_TIME_FMT',
  33         '%Y-%m-%dT%H:%M:%SZ');
  34  
  35  function Auth_OpenID_splitNonce($nonce_string)
  36  {
  37      // Extract a timestamp from the given nonce string
  38      $result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
  39      if ($result != 1 || count($matches) != 8) {
  40          return null;
  41      }
  42  
  43      list($unused,
  44           $tm_year,
  45           $tm_mon,
  46           $tm_mday,
  47           $tm_hour,
  48           $tm_min,
  49           $tm_sec,
  50           $uniquifier) = $matches;
  51  
  52      $timestamp =
  53          @gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
  54  
  55      if ($timestamp === false || $timestamp < 0) {
  56          return null;
  57      }
  58  
  59      return array($timestamp, $uniquifier);
  60  }
  61  
  62  function Auth_OpenID_checkTimestamp($nonce_string,
  63                                      $allowed_skew = null,
  64                                      $now = null)
  65  {
  66      // Is the timestamp that is part of the specified nonce string
  67      // within the allowed clock-skew of the current time?
  68      global $Auth_OpenID_SKEW;
  69  
  70      if ($allowed_skew === null) {
  71          $allowed_skew = $Auth_OpenID_SKEW;
  72      }
  73  
  74      $parts = Auth_OpenID_splitNonce($nonce_string);
  75      if ($parts == null) {
  76          return false;
  77      }
  78  
  79      if ($now === null) {
  80          $now = time();
  81      }
  82  
  83      $stamp = $parts[0];
  84  
  85      // Time after which we should not use the nonce
  86      $past = $now - $allowed_skew;
  87  
  88      // Time that is too far in the future for us to allow
  89      $future = $now + $allowed_skew;
  90  
  91      // the stamp is not too far in the future and is not too far
  92      // in the past
  93      return (($past <= $stamp) && ($stamp <= $future));
  94  }
  95  
  96  function Auth_OpenID_mkNonce($when = null)
  97  {
  98      // Generate a nonce with the current timestamp
  99      $salt = Auth_OpenID_CryptUtil::randomString(
 100          6, Auth_OpenID_Nonce_CHRS);
 101      if ($when === null) {
 102          // It's safe to call time() with no arguments; it returns a
 103          // GMT unix timestamp on PHP 4 and PHP 5.  gmmktime() with no
 104          // args returns a local unix timestamp on PHP 4, so don't use
 105          // that.
 106          $when = time();
 107      }
 108      $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
 109      return $time_str . $salt;
 110  }
 111  
 112  ?>