From 6ed9d32b87679e92f3d60de319c08535505e9b3a Mon Sep 17 00:00:00 2001
From: Andjelko Horvat <comel@vingd.com>
Date: Thu, 12 May 2011 12:26:12 +0000
Subject: [PATCH] lib/Auth/OpenID: updated to latest version from github (issue
 405).

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2836 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/Auth/OpenID/Association.php |  2 +-
 lib/Auth/OpenID/BigMath.php     |  1 -
 lib/Auth/OpenID/Consumer.php    |  6 +++++-
 lib/Auth/OpenID/CryptUtil.php   | 14 ++++++++++++++
 lib/Auth/OpenID/HMAC.php        |  7 +++++++
 lib/Auth/OpenID/Parse.php       |  6 +++---
 lib/Auth/OpenID/Server.php      |  4 ++--
 7 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/lib/Auth/OpenID/Association.php b/lib/Auth/OpenID/Association.php
index d1ac1ed9b..2729138eb 100644
--- a/lib/Auth/OpenID/Association.php
+++ b/lib/Auth/OpenID/Association.php
@@ -374,7 +374,7 @@ class Auth_OpenID_Association {
         }
 
         $calculated_sig = $this->getMessageSignature($message);
-        return $calculated_sig == $sig;
+        return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
     }
 }
 
diff --git a/lib/Auth/OpenID/BigMath.php b/lib/Auth/OpenID/BigMath.php
index 7fca2dc43..58b46bf27 100644
--- a/lib/Auth/OpenID/BigMath.php
+++ b/lib/Auth/OpenID/BigMath.php
@@ -365,7 +365,6 @@ function Auth_OpenID_detectMathLibrary($exts)
 {
     $loaded = false;
 
-	$hasDl = function_exists('dl');
     foreach ($exts as $extension) {
         if (extension_loaded($extension['extension'])) {
             return $extension;
diff --git a/lib/Auth/OpenID/Consumer.php b/lib/Auth/OpenID/Consumer.php
index 021c03898..bffed4d62 100644
--- a/lib/Auth/OpenID/Consumer.php
+++ b/lib/Auth/OpenID/Consumer.php
@@ -957,6 +957,10 @@ class Auth_OpenID_GenericConsumer {
             }
 
             if (!$assoc->checkMessageSignature($message)) {
+                // If we get a "bad signature" here, it means that the association
+                // is unrecoverabley corrupted in some way. Any futher attempts
+                // to login with this association is likely to fail. Drop it.
+                $this->store->removeAssociation($server_url, $assoc_handle);
                 return new Auth_OpenID_FailureResponse(null,
                                                        "Bad signature");
             }
@@ -1181,7 +1185,7 @@ class Auth_OpenID_GenericConsumer {
         // oidutil.log('Performing discovery on %s' % (claimed_id,))
         list($unused, $services) = call_user_func($this->discoverMethod,
                                                   $claimed_id,
-												  &$this->fetcher);
+                                                  &$this->fetcher);
 
         if (!$services) {
             return new Auth_OpenID_FailureResponse(null,
diff --git a/lib/Auth/OpenID/CryptUtil.php b/lib/Auth/OpenID/CryptUtil.php
index a92626777..3c60cea17 100644
--- a/lib/Auth/OpenID/CryptUtil.php
+++ b/lib/Auth/OpenID/CryptUtil.php
@@ -104,5 +104,19 @@ class Auth_OpenID_CryptUtil {
 
         return $str;
     }
+
+    static function constEq($s1, $s2)
+    {
+        if (strlen($s1) != strlen($s2)) {
+            return false;
+        }
+
+        $result = true;
+        $length = strlen($s1);
+        for ($i = 0; $i < $length; $i++) {
+            $result &= ($s1[$i] == $s2[$i]);
+        }
+        return $result;
+    }
 }
 
diff --git a/lib/Auth/OpenID/HMAC.php b/lib/Auth/OpenID/HMAC.php
index e9779bd4e..e6c4bdfd9 100644
--- a/lib/Auth/OpenID/HMAC.php
+++ b/lib/Auth/OpenID/HMAC.php
@@ -60,6 +60,13 @@ function Auth_OpenID_HMACSHA1($key, $text)
         $key = Auth_OpenID_SHA1($key, true);
     }
 
+    if (function_exists('hash_hmac') &&
+        function_exists('hash_algos') &&
+        (in_array('sha1', hash_algos()))) {
+        return hash_hmac('sha1', $text, $key, true);
+    }
+    // Home-made solution
+
     $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
     $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
     $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
diff --git a/lib/Auth/OpenID/Parse.php b/lib/Auth/OpenID/Parse.php
index 6c2e72169..c81cb0103 100644
--- a/lib/Auth/OpenID/Parse.php
+++ b/lib/Auth/OpenID/Parse.php
@@ -227,7 +227,7 @@ class Auth_OpenID_Parse {
         if (!mb_ereg_search($regexp)) {
             return false;
         }
-        list($match) = mb_ereg_search_getregs();
+        $match = mb_ereg_search_getregs();
         return true;
     }
 
@@ -269,7 +269,7 @@ class Auth_OpenID_Parse {
 
         // Try to find the <HEAD> tag.
         $head_re = $this->headFind();
-        $head_match = '';
+        $head_match = array();
         if (!$this->match($head_re, $stripped, $head_match)) {
                      ini_set( 'pcre.backtrack_limit', $old_btlimit );
                      return array();
@@ -278,7 +278,7 @@ class Auth_OpenID_Parse {
         $link_data = array();
         $link_matches = array();
 
-        if (!preg_match_all($this->_link_find, $head_match,
+        if (!preg_match_all($this->_link_find, $head_match[0],
                             $link_matches)) {
             ini_set( 'pcre.backtrack_limit', $old_btlimit );
             return array();
diff --git a/lib/Auth/OpenID/Server.php b/lib/Auth/OpenID/Server.php
index cc8ba961c..fb7cc39d2 100644
--- a/lib/Auth/OpenID/Server.php
+++ b/lib/Auth/OpenID/Server.php
@@ -817,11 +817,11 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
      */
     function returnToVerified()
     {
-    	$fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
+        $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
         return call_user_func_array($this->verifyReturnTo,
                                     array($this->trust_root, $this->return_to, $fetcher));
     }
-    
+
     static function fromMessage($message, $server)
     {
         $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
-- 
GitLab