Initial Commit.
[simplesamlphp-google-auth-source:simplesamlphp-google-auth-source.git] / lib / StateStore.php
1 <?php
2
3 /* The OpenID library relies on manual loading of classes. */
4 require_once('Auth/OpenID/Interface.php');
5 require_once('Auth/OpenID/Association.php');
6
7 /**
8  * Implementation of Auth_OpenID_OpenIDStore which saves the state in
9  * an state-array.
10  *
11  * @package simpleSAMLphp
12  * @version $Id$
13  */
14 class sspmod_authgoogle_StateStore extends Auth_OpenID_OpenIDStore{
15
16
17         /**
18          * Reference to the state array.
19          */
20         private $state;
21
22
23         /**
24          * Reference to the array with associations in the state array.
25          */
26         private $associations;
27
28
29         /**
30          * Initializes the store object.
31          *
32          * @param array &$state  Reference to the state array.
33          */
34         public function __construct(&$state) {
35                 assert('is_array($state)');
36
37                 $this->state =& $state;
38
39                 if (!array_key_exists('openid:Assocs', $state)) {
40                         $state['openid:Assocs'] = array();
41                 }
42
43                 $this->associations =& $state['openid:Assocs'];
44         }
45
46
47         /**
48          * Determine whether a given nonce can be used.
49          *
50          * This implementation accepts all nonces, and relies on the state array
51          * being invalidated when login completes to prevent replay attacks.
52          *
53          * @return bool  This function always returns TRUE.
54          */
55         public function useNonce($server_url, $timestamp, $salt) {
56                 return TRUE;
57         }
58
59
60         /**
61          * Retrieve all associations for a given server.
62          *
63          * The associations are returned as an associative array with the
64          * association handle as the index and the association object as
65          * the value.
66          *
67          * @param string $server_url  The server.
68          * @return array  Associative array with associations.
69          */
70         private function getServerAssociations($server_url) {
71                 assert('is_string($server_url)');
72
73                 if (!array_key_exists($server_url, $this->associations)) {
74                         return array();
75                 }
76
77                 $ret = array();
78                 foreach ($this->associations[$server_url] as $handle => $association) {
79
80                         $association = Auth_OpenID_Association::deserialize(
81                                 'Auth_OpenID_Association', $association);
82                         if ($association === NULL) {
83                                 continue;
84                         }
85
86                         if ($association->getExpiresIn() == 0) {
87                                 continue;
88                         }
89
90                         $ret[$handle] = $association;
91                 }
92
93                 return $ret;
94         }
95
96
97         /**
98          * Retrieve an association with the given handle.
99          *
100          * @param string $server_url  The server.
101          * @param string $handle  The handle of the association.
102          * @return Auth_OpenID_Association|NULL  The association object, if it is found.
103          */
104         private function readAssociation($server_url, $handle) {
105                 assert('is_string($server_url)');
106                 assert('is_string($handle)');
107
108                 $sassoc = $this->getServerAssociations($server_url);
109                 if (!array_key_exists($handle, $sassoc)) {
110                         return NULL;
111                 }
112
113                 return $sassoc[$handle];
114         }
115
116
117         /**
118          * Retrieve an association.
119          *
120          * This function retrieves an association with the given handle, or the most
121          * recent association if no handle is given.
122          *
123          * @param string $server_url  The server.
124          * @param string|NULL $handle  The association handle.
125          * @return Auth_OpenID_Association|NULL  The association object, if it is found.
126          */
127         public function getAssociation($server_url, $handle = NULL) {
128                 assert('is_string($server_url)');
129                 assert('is_null($handle) || is_string($handle)');
130
131                 if ($handle !== NULL) {
132                         return $this->readAssociation($server_url, $handle);
133                 }
134
135
136                 /* $handle is NULL - we should retrieve the most recent association. */
137
138                 $sassoc = $this->getServerAssociations($server_url);
139
140                 $recentAssoc = NULL;
141                 foreach ($sassoc as $handle => $association) {
142                         if ($recentAssoc === NULL) {
143                                 /* No $recentAssoc - this is the most recent association. */
144                                 $recentAssoc = $association;
145                                 continue;
146                         }
147
148                         if ($association->issued > $recentAssoc->issued) {
149                                 /* More recently issued than $recentAssoc. */
150                                 $recentAssoc = $association;
151                         }
152                 }
153
154                 return $recentAssoc;
155         }
156
157
158         /**
159          * Store an association.
160          *
161          * This function stores an association.
162
163          * @param string $server_url  The server.
164          * @param Auth_OpenID_Association $association  The association which should be stored.
165          * @return bool  TRUE if the association is stored, FALSE if not.
166          */
167         public function storeAssociation($server_url, Auth_OpenID_Association $association) {
168                 assert('is_string($server_url)');
169
170                 if (!array_key_exists($server_url, $this->associations)) {
171                         $this->associations[$server_url] = array();
172                 }
173
174                 $handle = $association->handle;
175                 assert('is_string($handle)');
176
177                 $this->associations[$server_url][$handle] = $association->serialize();
178
179                 /* We rely on saveState saving with the same id as before. */
180                 SimpleSAML_Auth_State::saveState($this->state, 'authgoogle:state');
181
182                 return TRUE;
183         }
184
185 }
186
187 ?>