OXID eShop CE: core/openid/Auth/OpenID/Nonce.php Source File

00001 <?php
00002 
00012 require_once 'Auth/OpenID/CryptUtil.php';
00013 
00017 define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
00018        "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
00019 
00020 // Keep nonces for five hours (allow five hours for the combination of
00021 // request time and clock skew). This is probably way more than is
00022 // necessary, but there is not much overhead in storing nonces.
00023 global $Auth_OpenID_SKEW;
00024 $Auth_OpenID_SKEW = 60 * 60 * 5;
00025 
00026 define('Auth_OpenID_Nonce_REGEX',
00027        '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
00028 
00029 define('Auth_OpenID_Nonce_TIME_FMT',
00030        '%Y-%m-%dT%H:%M:%SZ');
00031 
00032 function Auth_OpenID_splitNonce($nonce_string)
00033 {
00034     // Extract a timestamp from the given nonce string
00035     $result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
00036     if ($result != 1 || count($matches) != 8) {
00037         return null;
00038     }
00039 
00040     list($unused,
00041          $tm_year,
00042          $tm_mon,
00043          $tm_mday,
00044          $tm_hour,
00045          $tm_min,
00046          $tm_sec,
00047          $uniquifier) = $matches;
00048 
00049     $timestamp =
00050         @gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
00051 
00052     if ($timestamp === false || $timestamp < 0) {
00053         return null;
00054     }
00055 
00056     return array($timestamp, $uniquifier);
00057 }
00058 
00059 function Auth_OpenID_checkTimestamp($nonce_string,
00060                                     $allowed_skew = null,
00061                                     $now = null)
00062 {
00063     // Is the timestamp that is part of the specified nonce string
00064     // within the allowed clock-skew of the current time?
00065     global $Auth_OpenID_SKEW;
00066 
00067     if ($allowed_skew === null) {
00068         $allowed_skew = $Auth_OpenID_SKEW;
00069     }
00070 
00071     $parts = Auth_OpenID_splitNonce($nonce_string);
00072     if ($parts == null) {
00073         return false;
00074     }
00075 
00076     if ($now === null) {
00077         $now = time();
00078     }
00079 
00080     $stamp = $parts[0];
00081 
00082     // Time after which we should not use the nonce
00083     $past = $now - $allowed_skew;
00084 
00085     // Time that is too far in the future for us to allow
00086     $future = $now + $allowed_skew;
00087 
00088     // the stamp is not too far in the future and is not too far
00089     // in the past
00090     return (($past <= $stamp) && ($stamp <= $future));
00091 }
00092 
00093 function Auth_OpenID_mkNonce($when = null)
00094 {
00095     // Generate a nonce with the current timestamp
00096     $salt = Auth_OpenID_CryptUtil::randomString(
00097         6, Auth_OpenID_Nonce_CHRS);
00098     if ($when === null) {
00099         // It's safe to call time() with no arguments; it returns a
00100         // GMT unix timestamp on PHP 4 and PHP 5.  gmmktime() with no
00101         // args returns a local unix timestamp on PHP 4, so don't use
00102         // that.
00103         $when = time();
00104     }
00105     $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
00106     return $time_str . $salt;
00107 }
00108 
00109 ?>