File: TimeLimitedToken.php

package info (click to toggle)
simplesamlphp 1.14.11-1+deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 14,980 kB
  • sloc: php: 72,329; xml: 1,078; python: 376; sh: 220; perl: 185; makefile: 57
file content (75 lines) | stat: -rw-r--r-- 1,998 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php


class SimpleSAML_Auth_TimeLimitedToken {

	var $secretSalt;
	var $lifetime;
	var $skew;

	/**
	 * @param $secretSalt Must be random and unique per installation
	 * @param $lifeTime Token lifetime in seconds
	 * @param $skew  Allowed time skew between server that generates and the one that calculates the token
	 */
	public function __construct( $lifetime = 900, $secretSalt = NULL, $skew = 1) {
		if ($secretSalt === NULL) {
			$secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
		}
	
		$this->secretSalt = $secretSalt;
		$this->lifetime = $lifetime;
		$this->skew = $skew;
	}
	
	public function addVerificationData($data) {
		$this->secretSalt .= '|' . $data;
	}
	
	
	/**
	 * Calculate the current time offset to the current time slot.
	 * With some amount of time skew
	 */
	private function get_offset() {
		return ( (time() - $this->skew) % ($this->lifetime + $this->skew) );
	}
	
	/**
	 * Calculate the given time slot for a given offset.
	 */
	private function calculate_time_slot($offset) {
		$timeslot = floor( (time() - $offset) / ($this->lifetime + $this->skew) );
		return $timeslot;
	}
	
	/**
	 * Calculates a token value for a given offset
	 */
	private function calculate_tokenvalue($offset) {
		// A secret salt that should be randomly generated for each installation
		return sha1($offset . ':' . $this->calculate_time_slot($offset) . ':' . $this->secretSalt);
	}
	
	/**
	 * Generates a token which contains of a offset and a token value. Using current offset
	 */
	public function generate_token() {
		$current_offset = $this->get_offset();
		return dechex($current_offset) . '-' . $this->calculate_tokenvalue($current_offset);
	}
	
	/**
	 * Validates a full token, by calculating the token value for the provided 
	 * offset and compares.
	 */
	public function validate_token($token) {
		$splittedtoken = explode('-', $token);
		$offset = hexdec($splittedtoken[0]);
		$value  = $splittedtoken[1];
		return ($this->calculate_tokenvalue($offset) === $value);
	}
	
}