modules/openid/lib/StateStore.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

<?php

/* The OpenID library relies on manual loading of classes. */
require_once('Auth/OpenID/Interface.php');
require_once('Auth/OpenID/Association.php');

/**
 * Implementation of Auth_OpenID_OpenIDStore which saves the state in
 * an state-array.
 *
 * @package simpleSAMLphp
 * @version $Id$
 */
class sspmod_openid_StateStore extends Auth_OpenID_OpenIDStore{


	/**
	 * Reference to the state array.
	 */
	private $state;


	/**
	 * Reference to the array with associations in the state array.
	 */
	private $associations;


	/**
	 * Initializes the store object.
	 *
	 * @param array &$state  Reference to the state array.
	 */
	public function __construct(&$state) {
		assert('is_array($state)');

		$this->state =& $state;

		if (!array_key_exists('openid:Assocs', $state)) {
			$state['openid:Assocs'] = array();
		}

		$this->associations =& $state['openid:Assocs'];
	}


	/**
	 * Determine whether a given nonce can be used.
	 *
	 * This implementation accepts all nonces, and relies on the state array
	 * being invalidated when login completes to prevent replay attacks.
	 *
	 * @return bool  This function always returns TRUE.
	 */
	public function useNonce($server_url, $timestamp, $salt) {
		return TRUE;
	}


	/**
	 * Retrieve all associations for a given server.
	 *
	 * The associations are returned as an associative array with the
	 * association handle as the index and the association object as
	 * the value.
	 *
	 * @param string $server_url  The server.
	 * @return array  Associative array with associations.
	 */
	private function getServerAssociations($server_url) {
		assert('is_string($server_url)');

		if (!array_key_exists($server_url, $this->associations)) {
			return array();
		}

		$ret = array();
		foreach ($this->associations[$server_url] as $handle => $association) {

			$association = Auth_OpenID_Association::deserialize(
				'Auth_OpenID_Association', $association);
			if ($association === NULL) {
				continue;
			}

			if ($association->getExpiresIn() == 0) {
				continue;
			}

			$ret[$handle] = $association;
		}

		return $ret;
	}


	/**
	 * Retrieve an association with the given handle.
	 *
	 * @param string $server_url  The server.
	 * @param string $handle  The handle of the association.
	 * @return Auth_OpenID_Association|NULL  The association object, if it is found.
	 */
	private function readAssociation($server_url, $handle) {
		assert('is_string($server_url)');
		assert('is_string($handle)');

		$sassoc = $this->getServerAssociations($server_url);
		if (!array_key_exists($handle, $sassoc)) {
			return NULL;
		}

		return $sassoc[$handle];
	}


	/**
	 * Retrieve an association.
	 *
	 * This function retrieves an association with the given handle, or the most
	 * recent association if no handle is given.
	 *
	 * @param string $server_url  The server.
	 * @param string|NULL $handle  The association handle.
	 * @return Auth_OpenID_Association|NULL  The association object, if it is found.
	 */
	public function getAssociation($server_url, $handle = NULL) {
		assert('is_string($server_url)');
		assert('is_null($handle) || is_string($handle)');

		if ($handle !== NULL) {
			return $this->readAssociation($server_url, $handle);
		}


		/* $handle is NULL - we should retrieve the most recent association. */

		$sassoc = $this->getServerAssociations($server_url);

		$recentAssoc = NULL;
		foreach ($sassoc as $handle => $association) {
			if ($recentAssoc === NULL) {
				/* No $recentAssoc - this is the most recent association. */
				$recentAssoc = $association;
				continue;
			}

			if ($association->issued > $recentAssoc->issued) {
				/* More recently issued than $recentAssoc. */
				$recentAssoc = $association;
			}
		}

		return $recentAssoc;
	}


	/**
	 * Store an association.
	 *
	 * This function stores an association.

	 * @param string $server_url  The server.
	 * @param Auth_OpenID_Association $association  The association which should be stored.
	 * @return bool  TRUE if the association is stored, FALSE if not.
	 */
	public function storeAssociation($server_url, Auth_OpenID_Association $association) {
		assert('is_string($server_url)');

		if (!array_key_exists($server_url, $this->associations)) {
			$this->associations[$server_url] = array();
		}

		$handle = $association->handle;
		assert('is_string($handle)');

		$this->associations[$server_url][$handle] = $association->serialize();

		/* We rely on saveState saving with the same id as before. */
		SimpleSAML_Auth_State::saveState($this->state, 'openid:auth');

		return TRUE;
	}

}

?>