Rev 1282 | Rev 1300 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1282 | Rev 1283 | ||
---|---|---|---|
Line 381... | Line 381... | ||
381 | } |
381 | } |
382 | 382 | ||
383 | // Authentication keys for generating secrets or validating arguments (e.g. sent by mail) |
383 | // Authentication keys for generating secrets or validating arguments (e.g. sent by mail) |
384 | 384 | ||
385 | /** |
385 | /** |
386 | * @param string $data |
386 | * @param array|string $data |
387 | * @return string |
387 | * @return string |
388 | * @throws OIDplusException |
388 | * @throws OIDplusException |
389 | */ |
389 | */ |
390 | public function makeSecret(string $data): string { |
390 | public function makeSecret($data): string { |
- | 391 | if (!is_array($data)) $data = [$data]; |
|
- | 392 | $data = json_encode($data); |
|
391 | return sha3_512_hmac($data, 'OIDplus:'.OIDplus::baseConfig()->getValue('SERVER_SECRET'), false); |
393 | return sha3_512_hmac($data, 'OIDplus:'.OIDplus::baseConfig()->getValue('SERVER_SECRET'), false); |
392 | } |
394 | } |
393 | 395 | ||
394 | /** |
396 | /** |
395 | * @param string $data |
397 | * @param array|string $data Arbitary data to be validated later |
396 | * @return string |
398 | * @return string A string that need to be validated with validateAuthKey |
397 | * @throws OIDplusException |
399 | * @throws OIDplusException |
398 | */ |
400 | */ |
399 | public function makeAuthKey(string $data): string { |
401 | public function makeAuthKey($data): string { |
- | 402 | if (!is_array($data)) $data = [$data]; |
|
- | 403 | $ts = time(); |
|
- | 404 | $data_ext = [$ts, $data]; |
|
400 | return $this->makeSecret($data); |
405 | $secret = $this->makeSecret($data_ext); |
- | 406 | return $ts.'.'.$secret; |
|
401 | } |
407 | } |
402 | 408 | ||
403 | /** |
409 | /** |
404 | * @param string $data |
410 | * @param array|string $data The original data that had been passed to makeAuthKey() |
405 | * @param string $auth_key |
411 | * @param string $auth_key The result from makeAuthKey() |
- | 412 | * @param int $valid_secs How many seconds is the auth key valid? (-1 for infinite) |
|
406 | * @return bool |
413 | * @return bool True if the key is valid and not expired. |
407 | * @throws OIDplusException |
414 | * @throws OIDplusException |
408 | */ |
415 | */ |
409 | public function validateAuthKey(string $data, string $auth_key): bool { |
416 | public function validateAuthKey($data, string $auth_key, int $valid_secs=-1): bool { |
- | 417 | $auth_key_ary = explode('.', $auth_key, 2); |
|
- | 418 | if (count($auth_key_ary) != 2) return false; // invalid auth key syntax |
|
- | 419 | list($ts, $secret) = $auth_key_ary; |
|
- | 420 | if (!is_numeric($ts)) return false; // invalid auth key syntax |
|
- | 421 | if ($valid_secs >= 0) { |
|
- | 422 | if (time() > ($ts+$valid_secs)) return false; // expired auth key |
|
- | 423 | } |
|
- | 424 | if (!is_array($data)) $data = [$data]; |
|
- | 425 | $data_ext = [(int)$ts, $data]; |
|
410 | return hash_equals($this->makeAuthKey($data), $auth_key); |
426 | return hash_equals($this->makeSecret($data_ext), $secret); |
411 | } |
427 | } |
412 | 428 | ||
413 | // "Veto" functions to force logout state |
429 | // "Veto" functions to force logout state |
414 | 430 | ||
415 | /** |
431 | /** |