blob: 3c991ce946c1a6b6391f0d5d599733f6b40fb4a0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
<?php
class SimpleSAML_Auth_TimeLimitedToken {
var $secretSalt;
var $lifetime;
var $skew;
/**
* @param $secretSalt Must be random and unique per installation
* @param $lifeTime Token lifetime in seconds
* @param $skew Allowed time skew between server that generates and the one that calculates the token
*/
public function __construct( $lifetime = 900, $secretSalt = NULL, $skew = 1) {
if ($secretSalt === NULL) {
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
}
$this->secretSalt = $secretSalt;
$this->lifetime = $lifetime;
$this->skew = $skew;
}
public function addVerificationData($data) {
$this->secretSalt .= '|' . $data;
}
/**
* Calculate the current time offset to the current time slot.
* With some amount of time skew
*/
private function get_offset() {
return ( (time() - $this->skew) % ($this->lifetime + $this->skew) );
}
/**
* Calculate the given time slot for a given offset.
*/
private function calculate_time_slot($offset) {
#echo 'lifetime is: ' . $this->lifetime;
$timeslot = floor( (time() - $offset) / ($this->lifetime + $this->skew) );
return $timeslot;
}
/**
* Calculates a token value for a given offset
*/
private function calculate_tokenvalue($offset) {
// A secret salt that should be randomly generated for each installation.
#echo 'Secret salt is: ' . $this->secretSalt;
#echo '<p>Calculating sha1( ' . $this->calculate_time_slot($offset) . ':' . $this->secretSalt . ' )<br />';
return sha1( $this->calculate_time_slot($offset) . ':' . $this->secretSalt);
}
/**
* Generates a token which contains of a offset and a token value. Using current offset
*/
public function generate_token() {
$current_offset = $this->get_offset();
return dechex($current_offset) . '-' . $this->calculate_tokenvalue($current_offset);
}
/**
* Validates a full token, by calculating the token value for the provided
* offset and compares.
*/
public function validate_token($token) {
$splittedtoken = explode('-', $token);
$offset = hexdec($splittedtoken[0]);
$value = $splittedtoken[1];
#echo 'compare [' . $this->calculate_tokenvalue($offset). '] with [' . $value . '] offset was [' . $offset. ']';
return ($this->calculate_tokenvalue($offset) === $value);
}
}
|
