root / drupal7 / sites / all / libraries / CAS.dgeo / CAS / CookieJar.php @ 64ad485a
1 |
<?php
|
---|---|
2 |
/*
|
3 |
* Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
|
4 |
* All rights reserved.
|
5 |
*
|
6 |
* Redistribution and use in source and binary forms, with or without
|
7 |
* modification, are permitted provided that the following conditions are met:
|
8 |
*
|
9 |
* * Redistributions of source code must retain the above copyright notice,
|
10 |
* this list of conditions and the following disclaimer.
|
11 |
* * Redistributions in binary form must reproduce the above copyright notice,
|
12 |
* this list of conditions and the following disclaimer in the documentation
|
13 |
* and/or other materials provided with the distribution.
|
14 |
* * Neither the name of the ESUP-Portail consortium & the JA-SIG
|
15 |
* Collaborative nor the names of its contributors may be used to endorse or
|
16 |
* promote products derived from this software without specific prior
|
17 |
* written permission.
|
18 |
|
19 |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
20 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
21 |
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
22 |
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
23 |
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
24 |
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
25 |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
26 |
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
28 |
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29 |
*/
|
30 |
|
31 |
include_once(dirname(__FILE__).'/InvalidArgumentException.php'); |
32 |
|
33 |
/**
|
34 |
* This class provides access to service cookies and handles parsing of response
|
35 |
* headers to pull out cookie values.
|
36 |
*
|
37 |
*/
|
38 |
class CAS_CookieJar { |
39 |
|
40 |
private $_cookies; |
41 |
|
42 |
/**
|
43 |
* Create a new cookie jar by passing it a reference to an array in which it
|
44 |
* should store cookies.
|
45 |
*
|
46 |
* @param ref array $storageArray
|
47 |
* @return void
|
48 |
*/
|
49 |
public function __construct (array &$storageArray) { |
50 |
$this->_cookies =& $storageArray; |
51 |
} |
52 |
|
53 |
/**
|
54 |
* Store cookies for a web service request.
|
55 |
* Cookie storage is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt
|
56 |
*
|
57 |
* @param string $request_url The URL that generated the response headers.
|
58 |
* @param array $response_headers An array of the HTTP response header strings.
|
59 |
*
|
60 |
* @return void
|
61 |
*
|
62 |
* @access private
|
63 |
*/
|
64 |
public function storeCookies ($request_url, $response_headers) { |
65 |
$urlParts = parse_url($request_url); |
66 |
$defaultDomain = $urlParts['host']; |
67 |
|
68 |
$cookies = $this->parseCookieHeaders($response_headers, $defaultDomain); |
69 |
|
70 |
// var_dump($cookies);
|
71 |
foreach ($cookies as $cookie) { |
72 |
// Enforce the same-origin policy by verifying that the cookie
|
73 |
// would match the url that is setting it
|
74 |
if (!$this->cookieMatchesTarget($cookie, $urlParts)) |
75 |
continue;
|
76 |
|
77 |
// store the cookie
|
78 |
$this->storeCookie($cookie); |
79 |
|
80 |
phpCAS::trace($cookie['name'].' -> '.$cookie['value']); |
81 |
} |
82 |
} |
83 |
|
84 |
/**
|
85 |
* Retrieve cookies applicable for a web service request.
|
86 |
* Cookie applicability is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt
|
87 |
*
|
88 |
* @param string $request_url The url that the cookies will be for.
|
89 |
*
|
90 |
* @return array An array containing cookies. E.g. array('name' => 'val');
|
91 |
*
|
92 |
* @access private
|
93 |
*/
|
94 |
public function getCookies ($request_url) { |
95 |
if (!count($this->_cookies)) |
96 |
return array(); |
97 |
|
98 |
// If our request URL can't be parsed, no cookies apply.
|
99 |
$target = parse_url($request_url); |
100 |
if ($target === FALSE) |
101 |
return array(); |
102 |
|
103 |
$this->expireCookies();
|
104 |
|
105 |
$matching_cookies = array(); |
106 |
foreach ($this->_cookies as $key => $cookie) { |
107 |
if ($this->cookieMatchesTarget($cookie, $target)) { |
108 |
$matching_cookies[$cookie['name']] = $cookie['value']; |
109 |
} |
110 |
} |
111 |
return $matching_cookies; |
112 |
} |
113 |
|
114 |
|
115 |
/**
|
116 |
* Parse Cookies without PECL
|
117 |
* From the comments in http://php.net/manual/en/function.http-parse-cookie.php
|
118 |
* @param array $header An array of header lines.
|
119 |
* @param string $defaultDomain The domain to use if none is specified in the cookie.
|
120 |
* @return array of cookies
|
121 |
*/
|
122 |
protected function parseCookieHeaders( $header, $defaultDomain ) { |
123 |
phpCAS::traceBegin(); |
124 |
$cookies = array(); |
125 |
foreach( $header as $line ) { |
126 |
if( preg_match( '/^Set-Cookie2?: /i', $line ) ) { |
127 |
$cookies[] = $this->parseCookieHeader($line, $defaultDomain); |
128 |
} |
129 |
} |
130 |
|
131 |
phpCAS::traceEnd($cookies);
|
132 |
return $cookies; |
133 |
} |
134 |
|
135 |
/**
|
136 |
* Parse a single cookie header line.
|
137 |
*
|
138 |
* Based on RFC2965 http://www.ietf.org/rfc/rfc2965.txt
|
139 |
*
|
140 |
* @param string $line The header line.
|
141 |
* @param string $defaultDomain The domain to use if none is specified in the cookie.
|
142 |
* @return array
|
143 |
*/
|
144 |
protected function parseCookieHeader ($line, $defaultDomain) { |
145 |
if (!$defaultDomain) |
146 |
throw new CAS_InvalidArgumentException('$defaultDomain was not provided.'); |
147 |
|
148 |
// Set our default values
|
149 |
$cookie = array( |
150 |
'domain' => $defaultDomain, |
151 |
'path' => '/', |
152 |
'secure' => false, |
153 |
); |
154 |
|
155 |
$line = preg_replace( '/^Set-Cookie2?: /i', '', trim( $line ) ); |
156 |
|
157 |
// trim any trailing semicolons.
|
158 |
$line = trim($line, ';'); |
159 |
|
160 |
phpCAS::trace("Cookie Line: $line");
|
161 |
|
162 |
// This implementation makes the assumption that semicolons will not
|
163 |
// be present in quoted attribute values. While attribute values that
|
164 |
// contain semicolons are allowed by RFC2965, they are hopefully rare
|
165 |
// enough to ignore for our purposes. Most browsers make the same
|
166 |
// assumption.
|
167 |
$attributeStrings = explode( ';', $line ); |
168 |
|
169 |
foreach( $attributeStrings as $attributeString ) { |
170 |
// split on the first equals sign and use the rest as value
|
171 |
$attributeParts = explode( '=', $attributeString, 2); |
172 |
|
173 |
$attributeName = trim($attributeParts[0]); |
174 |
$attributeNameLC = strtolower($attributeName); |
175 |
|
176 |
if (isset($attributeParts[1])) { |
177 |
$attributeValue = trim($attributeParts[1]); |
178 |
// Values may be quoted strings.
|
179 |
if (strpos($attributeValue, '"') === 0) { |
180 |
$attributeValue = trim($attributeValue, '"'); |
181 |
// unescape any escaped quotes:
|
182 |
$attributeValue = str_replace('\"', '"', $attributeValue); |
183 |
} |
184 |
} else {
|
185 |
$attributeValue = null; |
186 |
} |
187 |
|
188 |
switch ($attributeNameLC) { |
189 |
case 'expires': |
190 |
$cookie['expires'] = strtotime($attributeValue); |
191 |
break;
|
192 |
case 'max-age': |
193 |
$cookie['max-age'] = (int)$attributeValue; |
194 |
// Set an expiry time based on the max-age
|
195 |
if ($cookie['max-age']) |
196 |
$cookie['expires'] = time() + $cookie['max-age']; |
197 |
// If max-age is zero, then the cookie should be removed imediately
|
198 |
// so set an expiry before now.
|
199 |
else
|
200 |
$cookie['expires'] = time() - 1; |
201 |
break;
|
202 |
case 'secure': |
203 |
$cookie['secure'] = true; |
204 |
break;
|
205 |
case 'domain': |
206 |
case 'path': |
207 |
case 'port': |
208 |
case 'version': |
209 |
case 'comment': |
210 |
case 'commenturl': |
211 |
case 'discard': |
212 |
case 'httponly': |
213 |
$cookie[$attributeNameLC] = $attributeValue; |
214 |
break;
|
215 |
default:
|
216 |
$cookie['name'] = $attributeName; |
217 |
$cookie['value'] = $attributeValue; |
218 |
} |
219 |
} |
220 |
|
221 |
return $cookie; |
222 |
} |
223 |
|
224 |
/**
|
225 |
* Add, update, or remove a cookie.
|
226 |
*
|
227 |
* @param array $cookie A cookie array as created by parseCookieHeaders()
|
228 |
*
|
229 |
* @return void
|
230 |
*
|
231 |
* @access private
|
232 |
*/
|
233 |
protected function storeCookie ($cookie) { |
234 |
// Discard any old versions of this cookie.
|
235 |
$this->discardCookie($cookie); |
236 |
$this->_cookies[] = $cookie; |
237 |
|
238 |
} |
239 |
|
240 |
/**
|
241 |
* Discard an existing cookie
|
242 |
*
|
243 |
* @param stdClass $cookie
|
244 |
*
|
245 |
* @return void
|
246 |
*
|
247 |
* @access private
|
248 |
*/
|
249 |
protected function discardCookie ($cookie) { |
250 |
if (!isset($cookie['domain']) || !isset($cookie['path']) || !isset($cookie['path'])) |
251 |
throw new CAS_InvalidArgumentException('Invalid Cookie array passed.'); |
252 |
|
253 |
foreach ($this->_cookies as $key => $old_cookie) { |
254 |
if ($cookie['domain'] == $old_cookie['domain'] |
255 |
&& $cookie['path'] == $old_cookie['path'] |
256 |
&& $cookie['name'] == $old_cookie['name']) |
257 |
{ |
258 |
unset($this->_cookies[$key]); |
259 |
} |
260 |
} |
261 |
} |
262 |
|
263 |
/**
|
264 |
* Go through our stored cookies and remove any that are expired.
|
265 |
*
|
266 |
* @return void
|
267 |
*
|
268 |
* @access private
|
269 |
*/
|
270 |
protected function expireCookies () { |
271 |
foreach ($this->_cookies as $key => $cookie) { |
272 |
if (isset($cookie['expires']) && $cookie['expires'] < time()) { |
273 |
unset($this->_cookies[$key]); |
274 |
} |
275 |
} |
276 |
} |
277 |
|
278 |
/**
|
279 |
* Answer true if cookie is applicable to a target.
|
280 |
*
|
281 |
* @param array $cookie An array of cookie attributes.
|
282 |
* @param array $target An array of URL attributes as generated by parse_url().
|
283 |
*
|
284 |
* @return boolean
|
285 |
*
|
286 |
* @access private
|
287 |
*/
|
288 |
protected function cookieMatchesTarget ($cookie, $target) { |
289 |
if (!is_array($target)) |
290 |
throw new CAS_InvalidArgumentException('$target must be an array of URL attributes as generated by parse_url().'); |
291 |
if (!isset($target['host'])) |
292 |
throw new CAS_InvalidArgumentException('$target must be an array of URL attributes as generated by parse_url().'); |
293 |
|
294 |
// Verify that the scheme matches
|
295 |
if ($cookie['secure'] && $target['scheme'] != 'https') |
296 |
return false; |
297 |
|
298 |
// Verify that the host matches
|
299 |
// Match domain and mulit-host cookies
|
300 |
if (strpos($cookie['domain'], '.') === 0) { |
301 |
// check that the target host a.b.c.edu is within .b.c.edu
|
302 |
$pos = strripos($target['host'], $cookie['domain']); |
303 |
if (!$pos) |
304 |
return false; |
305 |
// verify that the cookie domain is the last part of the host.
|
306 |
if ($pos + strlen($cookie['domain']) != strlen($target['host'])) |
307 |
return false; |
308 |
} |
309 |
// If the cookie host doesn't begin with '.', the host must case-insensitive
|
310 |
// match exactly
|
311 |
else {
|
312 |
if (strcasecmp($target['host'], $cookie['domain']) !== 0) |
313 |
return false; |
314 |
} |
315 |
|
316 |
// Verify that the port matches
|
317 |
if (isset($cookie['ports']) && !in_array($target['port'], $cookie['ports'])) |
318 |
return false; |
319 |
|
320 |
// Verify that the path matches
|
321 |
if (strpos($target['path'], $cookie['path']) !== 0) |
322 |
return false; |
323 |
|
324 |
return true; |
325 |
} |
326 |
|
327 |
} |
328 |
|
329 |
?>
|