tweet_live: web/lib/Zend/Auth/Adapter/Http.php@162c1de6545a (annotated)

0 4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	1	<?php
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	2	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	3	* Zend Framework
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	4	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	5	* LICENSE
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	6	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	7	* This source file is subject to the new BSD license that is bundled
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	8	* with this package in the file LICENSE.txt.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	9	* It is also available through the world-wide-web at this URL:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	10	* http://framework.zend.com/license/new-bsd
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	11	* If you did not receive a copy of the license and are unable to
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	12	* obtain it through the world-wide-web, please send an email
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	13	* to license@zend.com so we can send you a copy immediately.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	14	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	15	* @category Zend
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	16	* @package Zend_Auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	17	* @subpackage Zend_Auth_Adapter_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	18	* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	19	* @license http://framework.zend.com/license/new-bsd New BSD License
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	20	* @version $Id: Http.php 23088 2010-10-11 19:53:24Z padraic $
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	21	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	22
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	23
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	24	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	25	* @see Zend_Auth_Adapter_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	26	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	27	require_once 'Zend/Auth/Adapter/Interface.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	28
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	29
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	30	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	31	* HTTP Authentication Adapter
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	32	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	33	* Implements a pretty good chunk of RFC 2617.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	34	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	35	* @category Zend
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	36	* @package Zend_Auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	37	* @subpackage Zend_Auth_Adapter_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	38	* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	39	* @license http://framework.zend.com/license/new-bsd New BSD License
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	40	* @todo Support auth-int
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	41	* @todo Track nonces, nonce-count, opaque for replay protection and stale support
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	42	* @todo Support Authentication-Info header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	43	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	44	class Zend_Auth_Adapter_Http implements Zend_Auth_Adapter_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	45	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	46	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	47	* Reference to the HTTP Request object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	48	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	49	* @var Zend_Controller_Request_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	50	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	51	protected $_request;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	52
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	53	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	54	* Reference to the HTTP Response object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	55	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	56	* @var Zend_Controller_Response_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	57	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	58	protected $_response;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	59
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	60	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	61	* Object that looks up user credentials for the Basic scheme
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	62	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	63	* @var Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	64	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	65	protected $_basicResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	66
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	67	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	68	* Object that looks up user credentials for the Digest scheme
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	69	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	70	* @var Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	71	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	72	protected $_digestResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	73
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	74	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	75	* List of authentication schemes supported by this class
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	76	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	77	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	78	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	79	protected $_supportedSchemes = array('basic', 'digest');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	80
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	81	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	82	* List of schemes this class will accept from the client
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	83	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	84	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	85	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	86	protected $_acceptSchemes;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	87
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	88	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	89	* Space-delimited list of protected domains for Digest Auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	90	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	91	* @var string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	92	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	93	protected $_domains;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	94
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	95	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	96	* The protection realm to use
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	97	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	98	* @var string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	99	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	100	protected $_realm;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	101
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	102	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	103	* Nonce timeout period
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	104	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	105	* @var integer
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	106	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	107	protected $_nonceTimeout;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	108
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	109	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	110	* Whether to send the opaque value in the header. True by default
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	111	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	112	* @var boolean
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	113	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	114	protected $_useOpaque;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	115
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	116	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	117	* List of the supported digest algorithms. I want to support both MD5 and
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	118	* MD5-sess, but MD5-sess won't make it into the first version.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	119	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	120	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	121	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	122	protected $_supportedAlgos = array('MD5');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	123
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	124	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	125	* The actual algorithm to use. Defaults to MD5
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	126	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	127	* @var string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	128	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	129	protected $_algo;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	130
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	131	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	132	* List of supported qop options. My intetion is to support both 'auth' and
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	133	* 'auth-int', but 'auth-int' won't make it into the first version.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	134	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	135	* @var array
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	136	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	137	protected $_supportedQops = array('auth');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	138
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	139	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	140	* Whether or not to do Proxy Authentication instead of origin server
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	141	* authentication (send 407's instead of 401's). Off by default.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	142	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	143	* @var boolean
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	144	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	145	protected $_imaProxy;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	146
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	147	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	148	* Flag indicating the client is IE and didn't bother to return the opaque string
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	149	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	150	* @var boolean
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	151	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	152	protected $_ieNoOpaque;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	153
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	154	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	155	* Constructor
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	156	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	157	* @param array $config Configuration settings:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	158	* 'accept_schemes' => 'basic'\|'digest'\|'basic digest'
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	159	* 'realm' => <string>
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	160	* 'digest_domains' => <string> Space-delimited list of URIs
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	161	* 'nonce_timeout' => <int>
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	162	* 'use_opaque' => <bool> Whether to send the opaque value in the header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	163	* 'alogrithm' => <string> See $_supportedAlgos. Default: MD5
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	164	* 'proxy_auth' => <bool> Whether to do authentication as a Proxy
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	165	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	166	* @return void
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	167	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	168	public function __construct(array $config)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	169	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	170	if (!extension_loaded('hash')) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	171	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	172	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	173	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	174	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	175	throw new Zend_Auth_Adapter_Exception(__CLASS__ . ' requires the \'hash\' extension');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	176	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	177
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	178	$this->_request = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	179	$this->_response = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	180	$this->_ieNoOpaque = false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	181
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	182
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	183	if (empty($config['accept_schemes'])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	184	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	185	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	186	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	187	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	188	throw new Zend_Auth_Adapter_Exception('Config key \'accept_schemes\' is required');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	189	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	190
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	191	$schemes = explode(' ', $config['accept_schemes']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	192	$this->_acceptSchemes = array_intersect($schemes, $this->_supportedSchemes);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	193	if (empty($this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	194	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	195	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	196	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	197	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	198	throw new Zend_Auth_Adapter_Exception('No supported schemes given in \'accept_schemes\'. Valid values: '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	199	. implode(', ', $this->_supportedSchemes));
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	200	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	201
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	202	// Double-quotes are used to delimit the realm string in the HTTP header,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	203	// and colons are field delimiters in the password file.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	204	if (empty($config['realm']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	205	!ctype_print($config['realm']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	206	strpos($config['realm'], ':') !== false \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	207	strpos($config['realm'], '"') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	208	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	209	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	210	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	211	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	212	throw new Zend_Auth_Adapter_Exception('Config key \'realm\' is required, and must contain only printable '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	213	. 'characters, excluding quotation marks and colons');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	214	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	215	$this->_realm = $config['realm'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	216	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	217
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	218	if (in_array('digest', $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	219	if (empty($config['digest_domains']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	220	!ctype_print($config['digest_domains']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	221	strpos($config['digest_domains'], '"') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	222	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	223	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	224	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	225	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	226	throw new Zend_Auth_Adapter_Exception('Config key \'digest_domains\' is required, and must contain '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	227	. 'only printable characters, excluding quotation marks');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	228	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	229	$this->_domains = $config['digest_domains'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	230	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	231
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	232	if (empty($config['nonce_timeout']) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	233	!is_numeric($config['nonce_timeout'])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	234	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	235	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	236	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	237	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	238	throw new Zend_Auth_Adapter_Exception('Config key \'nonce_timeout\' is required, and must be an '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	239	. 'integer');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	240	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	241	$this->_nonceTimeout = (int) $config['nonce_timeout'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	242	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	243
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	244	// We use the opaque value unless explicitly told not to
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	245	if (isset($config['use_opaque']) && false == (bool) $config['use_opaque']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	246	$this->_useOpaque = false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	247	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	248	$this->_useOpaque = true;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	249	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	250
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	251	if (isset($config['algorithm']) && in_array($config['algorithm'], $this->_supportedAlgos)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	252	$this->_algo = $config['algorithm'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	253	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	254	$this->_algo = 'MD5';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	255	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	256	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	257
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	258	// Don't be a proxy unless explicitly told to do so
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	259	if (isset($config['proxy_auth']) && true == (bool) $config['proxy_auth']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	260	$this->_imaProxy = true; // I'm a Proxy
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	261	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	262	$this->_imaProxy = false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	263	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	264	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	265
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	266	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	267	* Setter for the _basicResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	268	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	269	* @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	270	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	271	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	272	public function setBasicResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	273	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	274	$this->_basicResolver = $resolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	275
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	276	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	277	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	278
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	279	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	280	* Getter for the _basicResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	281	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	282	* @return Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	283	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	284	public function getBasicResolver()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	285	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	286	return $this->_basicResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	287	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	288
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	289	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	290	* Setter for the _digestResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	291	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	292	* @param Zend_Auth_Adapter_Http_Resolver_Interface $resolver
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	293	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	294	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	295	public function setDigestResolver(Zend_Auth_Adapter_Http_Resolver_Interface $resolver)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	296	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	297	$this->_digestResolver = $resolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	298
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	299	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	300	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	301
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	302	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	303	* Getter for the _digestResolver property
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	304	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	305	* @return Zend_Auth_Adapter_Http_Resolver_Interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	306	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	307	public function getDigestResolver()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	308	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	309	return $this->_digestResolver;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	310	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	311
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	312	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	313	* Setter for the Request object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	314	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	315	* @param Zend_Controller_Request_Http $request
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	316	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	317	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	318	public function setRequest(Zend_Controller_Request_Http $request)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	319	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	320	$this->_request = $request;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	321
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	322	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	323	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	324
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	325	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	326	* Getter for the Request object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	327	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	328	* @return Zend_Controller_Request_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	329	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	330	public function getRequest()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	331	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	332	return $this->_request;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	333	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	334
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	335	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	336	* Setter for the Response object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	337	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	338	* @param Zend_Controller_Response_Http $response
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	339	* @return Zend_Auth_Adapter_Http Provides a fluent interface
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	340	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	341	public function setResponse(Zend_Controller_Response_Http $response)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	342	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	343	$this->_response = $response;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	344
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	345	return $this;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	346	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	347
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	348	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	349	* Getter for the Response object
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	350	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	351	* @return Zend_Controller_Response_Http
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	352	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	353	public function getResponse()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	354	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	355	return $this->_response;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	356	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	357
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	358	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	359	* Authenticate
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	360	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	361	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	362	* @return Zend_Auth_Result
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	363	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	364	public function authenticate()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	365	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	366	if (empty($this->_request) \|\|
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	367	empty($this->_response)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	368	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	369	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	370	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	371	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	372	throw new Zend_Auth_Adapter_Exception('Request and Response objects must be set before calling '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	373	. 'authenticate()');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	374	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	375
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	376	if ($this->_imaProxy) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	377	$getHeader = 'Proxy-Authorization';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	378	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	379	$getHeader = 'Authorization';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	380	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	381
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	382	$authHeader = $this->_request->getHeader($getHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	383	if (!$authHeader) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	384	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	385	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	386
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	387	list($clientScheme) = explode(' ', $authHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	388	$clientScheme = strtolower($clientScheme);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	389
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	390	// The server can issue multiple challenges, but the client should
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	391	// answer with only the selected auth scheme.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	392	if (!in_array($clientScheme, $this->_supportedSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	393	$this->_response->setHttpResponseCode(400);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	394	return new Zend_Auth_Result(
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	395	Zend_Auth_Result::FAILURE_UNCATEGORIZED,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	396	array(),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	397	array('Client requested an incorrect or unsupported authentication scheme')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	398	);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	399	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	400
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	401	// client sent a scheme that is not the one required
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	402	if (!in_array($clientScheme, $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	403	// challenge again the client
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	404	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	405	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	406
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	407	switch ($clientScheme) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	408	case 'basic':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	409	$result = $this->_basicAuth($authHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	410	break;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	411	case 'digest':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	412	$result = $this->_digestAuth($authHeader);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	413	break;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	414	default:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	415	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	416	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	417	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	418	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	419	throw new Zend_Auth_Adapter_Exception('Unsupported authentication scheme');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	420	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	421
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	422	return $result;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	423	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	424
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	425	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	426	* Challenge Client
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	427	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	428	* Sets a 401 or 407 Unauthorized response code, and creates the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	429	* appropriate Authenticate header(s) to prompt for credentials.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	430	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	431	* @return Zend_Auth_Result Always returns a non-identity Auth result
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	432	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	433	protected function _challengeClient()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	434	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	435	if ($this->_imaProxy) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	436	$statusCode = 407;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	437	$headerName = 'Proxy-Authenticate';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	438	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	439	$statusCode = 401;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	440	$headerName = 'WWW-Authenticate';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	441	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	442
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	443	$this->_response->setHttpResponseCode($statusCode);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	444
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	445	// Send a challenge in each acceptable authentication scheme
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	446	if (in_array('basic', $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	447	$this->_response->setHeader($headerName, $this->_basicHeader());
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	448	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	449	if (in_array('digest', $this->_acceptSchemes)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	450	$this->_response->setHeader($headerName, $this->_digestHeader());
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	451	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	452	return new Zend_Auth_Result(
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	453	Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	454	array(),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	455	array('Invalid or absent credentials; challenging client')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	456	);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	457	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	458
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	459	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	460	* Basic Header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	461	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	462	* Generates a Proxy- or WWW-Authenticate header value in the Basic
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	463	* authentication scheme.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	464	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	465	* @return string Authenticate header value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	466	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	467	protected function _basicHeader()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	468	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	469	return 'Basic realm="' . $this->_realm . '"';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	470	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	471
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	472	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	473	* Digest Header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	474	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	475	* Generates a Proxy- or WWW-Authenticate header value in the Digest
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	476	* authentication scheme.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	477	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	478	* @return string Authenticate header value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	479	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	480	protected function _digestHeader()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	481	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	482	$wwwauth = 'Digest realm="' . $this->_realm . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	483	. 'domain="' . $this->_domains . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	484	. 'nonce="' . $this->_calcNonce() . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	485	. ($this->_useOpaque ? 'opaque="' . $this->_calcOpaque() . '", ' : '')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	486	. 'algorithm="' . $this->_algo . '", '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	487	. 'qop="' . implode(',', $this->_supportedQops) . '"';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	488
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	489	return $wwwauth;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	490	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	491
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	492	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	493	* Basic Authentication
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	494	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	495	* @param string $header Client's Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	496	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	497	* @return Zend_Auth_Result
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	498	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	499	protected function _basicAuth($header)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	500	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	501	if (empty($header)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	502	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	503	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	504	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	505	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	506	throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	507	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	508	if (empty($this->_basicResolver)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	509	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	510	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	511	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	512	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	513	throw new Zend_Auth_Adapter_Exception('A basicResolver object must be set before doing Basic '
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	514	. 'authentication');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	515	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	516
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	517	// Decode the Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	518	$auth = substr($header, strlen('Basic '));
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	519	$auth = base64_decode($auth);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	520	if (!$auth) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	521	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	522	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	523	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	524	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	525	throw new Zend_Auth_Adapter_Exception('Unable to base64_decode Authorization header value');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	526	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	527
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	528	// See ZF-1253. Validate the credentials the same way the digest
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	529	// implementation does. If invalid credentials are detected,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	530	// re-challenge the client.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	531	if (!ctype_print($auth)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	532	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	533	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	534	// Fix for ZF-1515: Now re-challenges on empty username or password
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	535	$creds = array_filter(explode(':', $auth));
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	536	if (count($creds) != 2) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	537	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	538	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	539
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	540	$password = $this->_basicResolver->resolve($creds[0], $this->_realm);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	541	if ($password && $this->_secureStringCompare($password, $creds[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	542	$identity = array('username'=>$creds[0], 'realm'=>$this->_realm);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	543	return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	544	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	545	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	546	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	547	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	548
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	549	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	550	* Digest Authentication
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	551	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	552	* @param string $header Client's Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	553	* @throws Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	554	* @return Zend_Auth_Result Valid auth result only on successful auth
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	555	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	556	protected function _digestAuth($header)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	557	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	558	if (empty($header)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	559	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	560	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	561	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	562	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	563	throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	564	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	565	if (empty($this->_digestResolver)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	566	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	567	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	568	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	569	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	570	throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	571	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	572
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	573	$data = $this->_parseDigestAuth($header);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	574	if ($data === false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	575	$this->_response->setHttpResponseCode(400);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	576	return new Zend_Auth_Result(
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	577	Zend_Auth_Result::FAILURE_UNCATEGORIZED,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	578	array(),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	579	array('Invalid Authorization header format')
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	580	);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	581	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	582
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	583	// See ZF-1052. This code was a bit too unforgiving of invalid
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	584	// usernames. Now, if the username is bad, we re-challenge the client.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	585	if ('::invalid::' == $data['username']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	586	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	587	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	588
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	589	// Verify that the client sent back the same nonce
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	590	if ($this->_calcNonce() != $data['nonce']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	591	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	592	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	593	// The opaque value is also required to match, but of course IE doesn't
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	594	// play ball.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	595	if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	596	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	597	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	598
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	599	// Look up the user's password hash. If not found, deny access.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	600	// This makes no assumptions about how the password hash was
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	601	// constructed beyond that it must have been built in such a way as
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	602	// to be recreatable with the current settings of this object.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	603	$ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	604	if ($ha1 === false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	605	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	606	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	607
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	608	// If MD5-sess is used, a1 value is made of the user's password
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	609	// hash with the server and client nonce appended, separated by
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	610	// colons.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	611	if ($this->_algo == 'MD5-sess') {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	612	$ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	613	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	614
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	615	// Calculate h(a2). The value of this hash depends on the qop
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	616	// option selected by the client and the supported hash functions
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	617	switch ($data['qop']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	618	case 'auth':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	619	$a2 = $this->_request->getMethod() . ':' . $data['uri'];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	620	break;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	621	case 'auth-int':
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	622	// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	623	// but this isn't supported yet, so fall through to default case
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	624	default:
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	625	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	626	* @see Zend_Auth_Adapter_Exception
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	627	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	628	require_once 'Zend/Auth/Adapter/Exception.php';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	629	throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option');
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	630	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	631	// Using hash() should make parameterizing the hash algorithm
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	632	// easier
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	633	$ha2 = hash('md5', $a2);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	634
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	635
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	636	// Calculate the server's version of the request-digest. This must
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	637	// match $data['response']. See RFC 2617, section 3.2.2.1
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	638	$message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	639	$digest = hash('md5', $ha1 . ':' . $message);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	640
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	641	// If our digest matches the client's let them in, otherwise return
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	642	// a 401 code and exit to prevent access to the protected resource.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	643	if ($this->_secureStringCompare($digest, $data['response'])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	644	$identity = array('username'=>$data['username'], 'realm'=>$data['realm']);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	645	return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	646	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	647	return $this->_challengeClient();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	648	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	649	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	650
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	651	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	652	* Calculate Nonce
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	653	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	654	* @return string The nonce value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	655	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	656	protected function _calcNonce()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	657	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	658	// Once subtle consequence of this timeout calculation is that it
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	659	// actually divides all of time into _nonceTimeout-sized sections, such
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	660	// that the value of timeout is the point in time of the next
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	661	// approaching "boundary" of a section. This allows the server to
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	662	// consistently generate the same timeout (and hence the same nonce
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	663	// value) across requests, but only as long as one of those
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	664	// "boundaries" is not crossed between requests. If that happens, the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	665	// nonce will change on its own, and effectively log the user out. This
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	666	// would be surprising if the user just logged in.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	667	$timeout = ceil(time() / $this->_nonceTimeout) * $this->_nonceTimeout;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	668
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	669	$nonce = hash('md5', $timeout . ':' . $this->_request->getServer('HTTP_USER_AGENT') . ':' . __CLASS__);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	670	return $nonce;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	671	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	672
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	673	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	674	* Calculate Opaque
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	675	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	676	* The opaque string can be anything; the client must return it exactly as
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	677	* it was sent. It may be useful to store data in this string in some
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	678	* applications. Ideally, a new value for this would be generated each time
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	679	* a WWW-Authenticate header is sent (in order to reduce predictability),
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	680	* but we would have to be able to create the same exact value across at
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	681	* least two separate requests from the same client.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	682	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	683	* @return string The opaque value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	684	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	685	protected function _calcOpaque()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	686	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	687	return hash('md5', 'Opaque Data:' . __CLASS__);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	688	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	689
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	690	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	691	* Parse Digest Authorization header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	692	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	693	* @param string $header Client's Authorization: HTTP header
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	694	* @return array\|false Data elements from header, or false if any part of
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	695	* the header is invalid
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	696	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	697	protected function _parseDigestAuth($header)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	698	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	699	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	700	$data = array();
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	701
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	702	// See ZF-1052. Detect invalid usernames instead of just returning a
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	703	// 400 code.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	704	$ret = preg_match('/username="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	705	if (!$ret \|\| empty($temp[1])
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	706	\|\| !ctype_print($temp[1])
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	707	\|\| strpos($temp[1], ':') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	708	$data['username'] = '::invalid::';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	709	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	710	$data['username'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	711	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	712	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	713
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	714	$ret = preg_match('/realm="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	715	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	716	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	717	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	718	if (!ctype_print($temp[1]) \|\| strpos($temp[1], ':') !== false) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	719	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	720	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	721	$data['realm'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	722	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	723	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	724
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	725	$ret = preg_match('/nonce="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	726	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	727	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	728	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	729	if (!ctype_xdigit($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	730	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	731	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	732	$data['nonce'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	733	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	734	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	735
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	736	$ret = preg_match('/uri="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	737	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	738	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	739	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	740	// Section 3.2.2.5 in RFC 2617 says the authenticating server must
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	741	// verify that the URI field in the Authorization header is for the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	742	// same resource requested in the Request Line.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	743	$rUri = @parse_url($this->_request->getRequestUri());
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	744	$cUri = @parse_url($temp[1]);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	745	if (false === $rUri \|\| false === $cUri) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	746	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	747	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	748	// Make sure the path portion of both URIs is the same
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	749	if ($rUri['path'] != $cUri['path']) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	750	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	751	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	752	// Section 3.2.2.5 seems to suggest that the value of the URI
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	753	// Authorization field should be made into an absolute URI if the
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	754	// Request URI is absolute, but it's vague, and that's a bunch of
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	755	// code I don't want to write right now.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	756	$data['uri'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	757	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	758	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	759
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	760	$ret = preg_match('/response="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	761	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	762	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	763	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	764	if (32 != strlen($temp[1]) \|\| !ctype_xdigit($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	765	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	766	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	767	$data['response'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	768	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	769	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	770
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	771	// The spec says this should default to MD5 if omitted. OK, so how does
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	772	// that square with the algo we send out in the WWW-Authenticate header,
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	773	// if it can easily be overridden by the client?
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	774	$ret = preg_match('/algorithm="?(' . $this->_algo . ')"?/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	775	if ($ret && !empty($temp[1])
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	776	&& in_array($temp[1], $this->_supportedAlgos)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	777	$data['algorithm'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	778	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	779	$data['algorithm'] = 'MD5'; // = $this->_algo; ?
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	780	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	781	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	782
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	783	// Not optional in this implementation
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	784	$ret = preg_match('/cnonce="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	785	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	786	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	787	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	788	if (!ctype_print($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	789	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	790	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	791	$data['cnonce'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	792	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	793	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	794
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	795	// If the server sent an opaque value, the client must send it back
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	796	if ($this->_useOpaque) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	797	$ret = preg_match('/opaque="([^"]+)"/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	798	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	799
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	800	// Big surprise: IE isn't RFC 2617-compliant.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	801	if (false !== strpos($this->_request->getHeader('User-Agent'), 'MSIE')) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	802	$temp[1] = '';
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	803	$this->_ieNoOpaque = true;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	804	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	805	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	806	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	807	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	808	// This implementation only sends MD5 hex strings in the opaque value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	809	if (!$this->_ieNoOpaque &&
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	810	(32 != strlen($temp[1]) \|\| !ctype_xdigit($temp[1]))) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	811	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	812	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	813	$data['opaque'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	814	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	815	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	816	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	817
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	818	// Not optional in this implementation, but must be one of the supported
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	819	// qop types
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	820	$ret = preg_match('/qop="?(' . implode('\|', $this->_supportedQops) . ')"?/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	821	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	822	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	823	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	824	if (!in_array($temp[1], $this->_supportedQops)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	825	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	826	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	827	$data['qop'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	828	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	829	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	830
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	831	// Not optional in this implementation. The spec says this value
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	832	// shouldn't be a quoted string, but apparently some implementations
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	833	// quote it anyway. See ZF-1544.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	834	$ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	835	if (!$ret \|\| empty($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	836	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	837	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	838	if (8 != strlen($temp[1]) \|\| !ctype_xdigit($temp[1])) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	839	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	840	} else {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	841	$data['nc'] = $temp[1];
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	842	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	843	$temp = null;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	844
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	845	return $data;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	846	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	847
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	848	/**
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	849	* Securely compare two strings for equality while avoided C level memcmp()
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	850	* optimisations capable of leaking timing information useful to an attacker
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	851	* attempting to iteratively guess the unknown string (e.g. password) being
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	852	* compared against.
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	853	*
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	854	* @param string $a
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	855	* @param string $b
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	856	* @return bool
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	857	*/
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	858	protected function _secureStringCompare($a, $b)
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	859	{
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	860	if (strlen($a) !== strlen($b)) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	861	return false;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	862	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	863	$result = 0;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	864	for ($i = 0; $i < strlen($a); $i++) {
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	865	$result \|= ord($a[$i]) ^ ord($b[$i]);
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	866	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	867	return $result == 0;
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	868	}
4eba9c11703f first import Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	869	}

author	Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com>
	Fri, 11 Mar 2011 15:05:35 +0100
changeset 64	162c1de6545a
parent 19	web/enmi/Zend/Auth/Adapter/Http.php@1c2f13fd785c
child 68	ecaf28ffe26e
permissions	-rw-r--r--