pictcode / lib / Cake / Network / Http / DigestAuthentication.php @ master
履歴 | 表示 | アノテート | ダウンロード (3.36 KB)
1 |
<?php
|
---|---|
2 |
/**
|
3 |
* Digest authentication
|
4 |
*
|
5 |
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
6 |
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
7 |
*
|
8 |
* Licensed under The MIT License
|
9 |
* For full copyright and license information, please see the LICENSE.txt
|
10 |
* Redistributions of files must retain the above copyright notice.
|
11 |
*
|
12 |
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
13 |
* @link http://cakephp.org CakePHP(tm) Project
|
14 |
* @package Cake.Network.Http
|
15 |
* @since CakePHP(tm) v 2.0.0
|
16 |
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
17 |
*/
|
18 |
|
19 |
/**
|
20 |
* Digest authentication
|
21 |
*
|
22 |
* @package Cake.Network.Http
|
23 |
*/
|
24 |
class DigestAuthentication { |
25 |
|
26 |
/**
|
27 |
* Authentication
|
28 |
*
|
29 |
* @param HttpSocket $http Http socket instance.
|
30 |
* @param array &$authInfo Authentication info.
|
31 |
* @return void
|
32 |
* @link http://www.ietf.org/rfc/rfc2617.txt
|
33 |
*/
|
34 |
public static function authentication(HttpSocket $http, &$authInfo) { |
35 |
if (isset($authInfo['user'], $authInfo['pass'])) { |
36 |
if (!isset($authInfo['realm']) && !static::_getServerInformation($http, $authInfo)) { |
37 |
return;
|
38 |
} |
39 |
$http->request['header']['Authorization'] = static::_generateHeader($http, $authInfo); |
40 |
} |
41 |
} |
42 |
|
43 |
/**
|
44 |
* Retrieve information about the authentication
|
45 |
*
|
46 |
* @param HttpSocket $http Http socket instance.
|
47 |
* @param array &$authInfo Authentication info.
|
48 |
* @return bool
|
49 |
*/
|
50 |
protected static function _getServerInformation(HttpSocket $http, &$authInfo) { |
51 |
$originalRequest = $http->request; |
52 |
$http->configAuth(false); |
53 |
$http->request($http->request); |
54 |
$http->request = $originalRequest; |
55 |
$http->configAuth('Digest', $authInfo); |
56 |
|
57 |
if (empty($http->response['header']['WWW-Authenticate'])) { |
58 |
return false; |
59 |
} |
60 |
preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $http->response['header']['WWW-Authenticate'], $matches, PREG_SET_ORDER); |
61 |
foreach ($matches as $match) { |
62 |
$authInfo[$match[1]] = $match[2]; |
63 |
} |
64 |
if (!empty($authInfo['qop']) && empty($authInfo['nc'])) { |
65 |
$authInfo['nc'] = 1; |
66 |
} |
67 |
return true; |
68 |
} |
69 |
|
70 |
/**
|
71 |
* Generate the header Authorization
|
72 |
*
|
73 |
* @param HttpSocket $http Http socket instance.
|
74 |
* @param array &$authInfo Authentication info.
|
75 |
* @return string
|
76 |
*/
|
77 |
protected static function _generateHeader(HttpSocket $http, &$authInfo) { |
78 |
$a1 = md5($authInfo['user'] . ':' . $authInfo['realm'] . ':' . $authInfo['pass']); |
79 |
$a2 = md5($http->request['method'] . ':' . $http->request['uri']['path']); |
80 |
|
81 |
if (empty($authInfo['qop'])) { |
82 |
$response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $a2); |
83 |
} else {
|
84 |
$authInfo['cnonce'] = uniqid(); |
85 |
$nc = sprintf('%08x', $authInfo['nc']++); |
86 |
$response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $nc . ':' . $authInfo['cnonce'] . ':auth:' . $a2); |
87 |
} |
88 |
|
89 |
$authHeader = 'Digest '; |
90 |
$authHeader .= 'username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $authInfo['user']) . '", '; |
91 |
$authHeader .= 'realm="' . $authInfo['realm'] . '", '; |
92 |
$authHeader .= 'nonce="' . $authInfo['nonce'] . '", '; |
93 |
$authHeader .= 'uri="' . $http->request['uri']['path'] . '", '; |
94 |
$authHeader .= 'response="' . $response . '"'; |
95 |
if (!empty($authInfo['opaque'])) { |
96 |
$authHeader .= ', opaque="' . $authInfo['opaque'] . '"'; |
97 |
} |
98 |
if (!empty($authInfo['qop'])) { |
99 |
$authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $authInfo['cnonce'] . '"'; |
100 |
} |
101 |
return $authHeader; |
102 |
} |
103 |
|
104 |
} |