pictcode / lib / Cake / Network / Http / DigestAuthentication.php @ a0ff9cef
履歴 | 表示 | アノテート | ダウンロード (3.36 KB)
| 1 | 635eef61 | spyder1211 | <?php
|
|---|---|---|---|
| 2 | /**
|
||
| 3 | * Digest authentication
|
||
| 4 | *
|
||
| 5 | * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
||
| 6 | * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
| 7 | *
|
||
| 8 | * Licensed under The MIT License
|
||
| 9 | * For full copyright and license information, please see the LICENSE.txt
|
||
| 10 | * Redistributions of files must retain the above copyright notice.
|
||
| 11 | *
|
||
| 12 | * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
| 13 | * @link http://cakephp.org CakePHP(tm) Project
|
||
| 14 | * @package Cake.Network.Http
|
||
| 15 | * @since CakePHP(tm) v 2.0.0
|
||
| 16 | * @license http://www.opensource.org/licenses/mit-license.php MIT License
|
||
| 17 | */
|
||
| 18 | |||
| 19 | /**
|
||
| 20 | * Digest authentication
|
||
| 21 | *
|
||
| 22 | * @package Cake.Network.Http
|
||
| 23 | */
|
||
| 24 | class DigestAuthentication { |
||
| 25 | |||
| 26 | /**
|
||
| 27 | * Authentication
|
||
| 28 | *
|
||
| 29 | * @param HttpSocket $http Http socket instance.
|
||
| 30 | * @param array &$authInfo Authentication info.
|
||
| 31 | * @return void
|
||
| 32 | * @link http://www.ietf.org/rfc/rfc2617.txt
|
||
| 33 | */
|
||
| 34 | public static function authentication(HttpSocket $http, &$authInfo) { |
||
| 35 | if (isset($authInfo['user'], $authInfo['pass'])) { |
||
| 36 | if (!isset($authInfo['realm']) && !static::_getServerInformation($http, $authInfo)) { |
||
| 37 | return;
|
||
| 38 | } |
||
| 39 | $http->request['header']['Authorization'] = static::_generateHeader($http, $authInfo); |
||
| 40 | } |
||
| 41 | } |
||
| 42 | |||
| 43 | /**
|
||
| 44 | * Retrieve information about the authentication
|
||
| 45 | *
|
||
| 46 | * @param HttpSocket $http Http socket instance.
|
||
| 47 | * @param array &$authInfo Authentication info.
|
||
| 48 | * @return bool
|
||
| 49 | */
|
||
| 50 | protected static function _getServerInformation(HttpSocket $http, &$authInfo) { |
||
| 51 | $originalRequest = $http->request; |
||
| 52 | $http->configAuth(false); |
||
| 53 | $http->request($http->request); |
||
| 54 | $http->request = $originalRequest; |
||
| 55 | $http->configAuth('Digest', $authInfo); |
||
| 56 | |||
| 57 | if (empty($http->response['header']['WWW-Authenticate'])) { |
||
| 58 | return false; |
||
| 59 | } |
||
| 60 | preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $http->response['header']['WWW-Authenticate'], $matches, PREG_SET_ORDER); |
||
| 61 | foreach ($matches as $match) { |
||
| 62 | $authInfo[$match[1]] = $match[2]; |
||
| 63 | } |
||
| 64 | if (!empty($authInfo['qop']) && empty($authInfo['nc'])) { |
||
| 65 | $authInfo['nc'] = 1; |
||
| 66 | } |
||
| 67 | return true; |
||
| 68 | } |
||
| 69 | |||
| 70 | /**
|
||
| 71 | * Generate the header Authorization
|
||
| 72 | *
|
||
| 73 | * @param HttpSocket $http Http socket instance.
|
||
| 74 | * @param array &$authInfo Authentication info.
|
||
| 75 | * @return string
|
||
| 76 | */
|
||
| 77 | protected static function _generateHeader(HttpSocket $http, &$authInfo) { |
||
| 78 | $a1 = md5($authInfo['user'] . ':' . $authInfo['realm'] . ':' . $authInfo['pass']); |
||
| 79 | $a2 = md5($http->request['method'] . ':' . $http->request['uri']['path']); |
||
| 80 | |||
| 81 | if (empty($authInfo['qop'])) { |
||
| 82 | $response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $a2); |
||
| 83 | } else {
|
||
| 84 | $authInfo['cnonce'] = uniqid(); |
||
| 85 | $nc = sprintf('%08x', $authInfo['nc']++); |
||
| 86 | $response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $nc . ':' . $authInfo['cnonce'] . ':auth:' . $a2); |
||
| 87 | } |
||
| 88 | |||
| 89 | $authHeader = 'Digest '; |
||
| 90 | $authHeader .= 'username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $authInfo['user']) . '", '; |
||
| 91 | $authHeader .= 'realm="' . $authInfo['realm'] . '", '; |
||
| 92 | $authHeader .= 'nonce="' . $authInfo['nonce'] . '", '; |
||
| 93 | $authHeader .= 'uri="' . $http->request['uri']['path'] . '", '; |
||
| 94 | $authHeader .= 'response="' . $response . '"'; |
||
| 95 | if (!empty($authInfo['opaque'])) { |
||
| 96 | $authHeader .= ', opaque="' . $authInfo['opaque'] . '"'; |
||
| 97 | } |
||
| 98 | if (!empty($authInfo['qop'])) { |
||
| 99 | $authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $authInfo['cnonce'] . '"'; |
||
| 100 | } |
||
| 101 | return $authHeader; |
||
| 102 | } |
||
| 103 | |||
| 104 | } |