pictcode / lib / Cake / Network / Http / DigestAuthentication.php @ 0b1b8047
履歴 | 表示 | アノテート | ダウンロード (3.36 KB)
| 1 |
<?php
|
|---|---|
| 2 |
/**
|
| 3 |
* Digest authentication
|
| 4 |
*
|
| 5 |
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
| 6 |
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
| 7 |
*
|
| 8 |
* Licensed under The MIT License
|
| 9 |
* For full copyright and license information, please see the LICENSE.txt
|
| 10 |
* Redistributions of files must retain the above copyright notice.
|
| 11 |
*
|
| 12 |
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
| 13 |
* @link http://cakephp.org CakePHP(tm) Project
|
| 14 |
* @package Cake.Network.Http
|
| 15 |
* @since CakePHP(tm) v 2.0.0
|
| 16 |
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
| 17 |
*/
|
| 18 |
|
| 19 |
/**
|
| 20 |
* Digest authentication
|
| 21 |
*
|
| 22 |
* @package Cake.Network.Http
|
| 23 |
*/
|
| 24 |
class DigestAuthentication { |
| 25 |
|
| 26 |
/**
|
| 27 |
* Authentication
|
| 28 |
*
|
| 29 |
* @param HttpSocket $http Http socket instance.
|
| 30 |
* @param array &$authInfo Authentication info.
|
| 31 |
* @return void
|
| 32 |
* @link http://www.ietf.org/rfc/rfc2617.txt
|
| 33 |
*/
|
| 34 |
public static function authentication(HttpSocket $http, &$authInfo) { |
| 35 |
if (isset($authInfo['user'], $authInfo['pass'])) { |
| 36 |
if (!isset($authInfo['realm']) && !static::_getServerInformation($http, $authInfo)) { |
| 37 |
return;
|
| 38 |
} |
| 39 |
$http->request['header']['Authorization'] = static::_generateHeader($http, $authInfo); |
| 40 |
} |
| 41 |
} |
| 42 |
|
| 43 |
/**
|
| 44 |
* Retrieve information about the authentication
|
| 45 |
*
|
| 46 |
* @param HttpSocket $http Http socket instance.
|
| 47 |
* @param array &$authInfo Authentication info.
|
| 48 |
* @return bool
|
| 49 |
*/
|
| 50 |
protected static function _getServerInformation(HttpSocket $http, &$authInfo) { |
| 51 |
$originalRequest = $http->request; |
| 52 |
$http->configAuth(false); |
| 53 |
$http->request($http->request); |
| 54 |
$http->request = $originalRequest; |
| 55 |
$http->configAuth('Digest', $authInfo); |
| 56 |
|
| 57 |
if (empty($http->response['header']['WWW-Authenticate'])) { |
| 58 |
return false; |
| 59 |
} |
| 60 |
preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $http->response['header']['WWW-Authenticate'], $matches, PREG_SET_ORDER); |
| 61 |
foreach ($matches as $match) { |
| 62 |
$authInfo[$match[1]] = $match[2]; |
| 63 |
} |
| 64 |
if (!empty($authInfo['qop']) && empty($authInfo['nc'])) { |
| 65 |
$authInfo['nc'] = 1; |
| 66 |
} |
| 67 |
return true; |
| 68 |
} |
| 69 |
|
| 70 |
/**
|
| 71 |
* Generate the header Authorization
|
| 72 |
*
|
| 73 |
* @param HttpSocket $http Http socket instance.
|
| 74 |
* @param array &$authInfo Authentication info.
|
| 75 |
* @return string
|
| 76 |
*/
|
| 77 |
protected static function _generateHeader(HttpSocket $http, &$authInfo) { |
| 78 |
$a1 = md5($authInfo['user'] . ':' . $authInfo['realm'] . ':' . $authInfo['pass']); |
| 79 |
$a2 = md5($http->request['method'] . ':' . $http->request['uri']['path']); |
| 80 |
|
| 81 |
if (empty($authInfo['qop'])) { |
| 82 |
$response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $a2); |
| 83 |
} else {
|
| 84 |
$authInfo['cnonce'] = uniqid(); |
| 85 |
$nc = sprintf('%08x', $authInfo['nc']++); |
| 86 |
$response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $nc . ':' . $authInfo['cnonce'] . ':auth:' . $a2); |
| 87 |
} |
| 88 |
|
| 89 |
$authHeader = 'Digest '; |
| 90 |
$authHeader .= 'username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $authInfo['user']) . '", '; |
| 91 |
$authHeader .= 'realm="' . $authInfo['realm'] . '", '; |
| 92 |
$authHeader .= 'nonce="' . $authInfo['nonce'] . '", '; |
| 93 |
$authHeader .= 'uri="' . $http->request['uri']['path'] . '", '; |
| 94 |
$authHeader .= 'response="' . $response . '"'; |
| 95 |
if (!empty($authInfo['opaque'])) { |
| 96 |
$authHeader .= ', opaque="' . $authInfo['opaque'] . '"'; |
| 97 |
} |
| 98 |
if (!empty($authInfo['qop'])) { |
| 99 |
$authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $authInfo['cnonce'] . '"'; |
| 100 |
} |
| 101 |
return $authHeader; |
| 102 |
} |
| 103 |
|
| 104 |
} |