+++ /dev/null
-<?php
-/**
- * The nonce handler.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * The nonce handler.
- *
- * Copyright 2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce
-{
- /**
- * The nonce generator.
- *
- * @var Horde_Nonce_Generator
- */
- private $_generator;
-
- /**
- * Hashes the random part of a nonce for storage in the Bloom filter.
- *
- * @var Horde_Nonce_Hash
- */
- private $_hash;
-
- /**
- * Constructor.
- *
- * @param Horde_Nonce_Hash $hash Hashes the random part of a nonce for
- * storage in the Bloom filter.
- * @param int $size Size of the random part of the generated
- * nonces.
- */
- public function __construct(
- Horde_Nonce_Generator $generator,
- Horde_Nonce_Hash $hash
- ) {
- $this->_generator = $generator;
- $this->_hash = $hash;
- }
-
- /**
- * Return a nonce.
- *
- * @return string The nonce.
- */
- public function create()
- {
- return $this->_generator->create();
- }
-
- /**
- * Validate a nonce.
- *
- * @param string $nonce The nonce that should be validate.
- * @param float $timeout The nonce should be invalid after this amount of time.
- *
- * @return boolean True if the nonce is still valid.
- */
- public function isValid($nonce, $timeout = -1)
- {
- list($timestamp, $random) = $this->_generator->split($nonce);
- if ($timeout > 0 && $timestamp < (time() - $timeout)) {
- return false;
- }
-
- return true;
- }
-}
+++ /dev/null
-<?php
-/**
- * Generates nonces.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * Generates nonces.
- *
- * Copyright 2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce_Filter
-{
- private $_filter = array();
-
- public function isUsed($counter, $hashes)
- {
- $unused_checks = 0;
- foreach ($hashes as $hash) {
- if (!isset($this->_filter[$hash]) || $counter > $this->_filter[$hash]) {
- $unused_checks++;
- }
- }
- foreach ($hashes as $hash) {
- if (!isset($this->_filter[$hash]) || $counter > $this->_filter[$hash]) {
- $this->_filter[$hash] = $counter;
- }
- }
- if ($unused_checks > 0) {
- return false;
- } else {
- return true;
- }
- }
-}
\ No newline at end of file
+++ /dev/null
-<?php
-/**
- * Generates nonces.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * Generates nonces.
- *
- * Copyright 2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce_Generator
-{
- /**
- * Size of the random part of the nonce.
- *
- * @var int
- */
- private $_size;
-
- /**
- * Constructor.
- *
- * @param int $size Size of the random part of the generated nonces (16 bits
- * per increment).
- */
- public function __construct($size = 1)
- {
- $this->_size = $size;
- }
-
- /**
- * Return a nonce.
- *
- * @return string The nonce.
- */
- public function create()
- {
- return pack('N', time()) . $this->_createRandom();
- }
-
- /**
- * Return the random part for a nonce.
- *
- * @return string The random part.
- */
- private function _createRandom()
- {
- $random = '';
- for ($i = 0;$i < $this->_size * 2; $i++) {
- $random .= pack('n', mt_rand());
- }
- return $random;
- }
-
- /**
- * Split a nonce into the timestamp and the random part.
- *
- * @param string $nonce The nonce to be splitted.
- *
- * @return array A list of two elements: the timestamp and the random part.
- */
- public function split($nonce)
- {
- $timestamp = unpack('N', substr($nonce, 0, 4));
- return array(
- array_pop($timestamp),
- unpack('n' . $this->_size * 2, substr($nonce, 4))
- );
- }
-}
+++ /dev/null
-<?php
-/**
- * Hashes the random part of a nonce so that it can be stored in the Bloom
- * filter.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * Hashes the random part of a nonce so that it can be stored in the Bloom
- * filter.
- *
- * Copyright 2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce_Hash
-{
- /**
- * Number of hash functions / resulting hash keys.
- *
- * @var int
- */
- private $_keys;
-
- /**
- * Bit length of the hash keys.
- *
- * @var int
- */
- private $_size;
-
- /**
- * Constructor.
- *
- * @param int $keys Number of resulting hash keys.
- * @param int $size Size of the resulting hash keys.
- */
- public function __construct($keys = 3, $size = 196)
- {
- $this->_keys = $keys;
- $this->_size = $size;
- }
-
- /**
- * Hash the random part of a nonce.
- *
- * @param array $random The random part of the nonce splitted into two byte segments.
- *
- * @return array The resulting hash key array.
- */
- public function hash(array $random)
- {
- /**
- * Use only 31 bit of randomness as this is sufficient for the hashing
- * and avoids troubles with signed integers.
- */
- $start = array_pop($random);
- $start |= (array_pop($random) & (pow(2, 15) - 1)) << 16;
-
- $hash = array();
- $hash[0] = $start % 197;
- $start = (int) $start / 197;
- $hash[1] = $start % 197;
- $start = (int) $start / 197;
- $hash[2] = $start % 197;
-
- return $hash;
- }
-}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<package packagerversion="1.9.0" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0 http://pear.php.net/dtd/tasks-1.0.xsd http://pear.php.net/dtd/package-2.0 http://pear.php.net/dtd/package-2.0.xsd">
- <name>Nonce</name>
- <channel>pear.horde.org</channel>
- <summary>Provides nonces (numbers used once)</summary>
- <description>Nonces (numbers used once) protect against reuse. They
- can be used to disallow sending forms or using links twice. They can
- can also be combined with tokens protecting against XSRF (though they
- do not neccesarily provide any additional security in that
- context). Generation of nonces is trivial but storage of used nonces
- can be complex. This library relies primarily on modified Bloom
- filters as suggested by Martin Schönert (who in turn refers to Robert
- Floyd as the first one suggesting such an approach).</description>
- <lead>
- <name>Chuck Hagenbuch</name>
- <user>chuck</user>
- <email>chuck@horde.org</email>
- <active>yes</active>
- </lead>
- <lead>
- <name>Jan Schneider</name>
- <user>jan</user>
- <email>jan@horde.org</email>
- <active>yes</active>
- </lead>
- <lead>
- <name>Gunnar Wrobel</name>
- <user>wrobel</user>
- <email>wrobel@pardus.de</email>
- <active>yes</active>
- </lead>
- <date>2010-11-09</date>
- <time>09:04:00</time>
- <version>
- <release>0.0.1</release>
- <api>0.0.1</api>
- </version>
- <stability>
- <release>alpha</release>
- <api>alpha</api>
- </stability>
- <license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
- <notes>
-* Initial release.
- </notes>
- <contents>
- <dir baseinstalldir="/" name="/">
- <dir name="lib">
- <dir name="Horde">
- <dir name="Nonce">
- <file name="Generator.php" role="php" />
- <file name="Hash.php" role="php" />
- </dir> <!-- /lib/Horde/Nonce -->
- <file name="Nonce.php" role="php" />
- </dir> <!-- /lib/Horde -->
- </dir> <!-- /lib -->
- <dir name="test">
- <dir name="Horde">
- <dir name="Nonce">
- <dir name="Integration">
- <file name="NonceTest.php" role="test" />
- </dir> <!-- /test/Horde/Nonce/Integration -->
- <file name="AllTests.php" role="test" />
- <file name="Autoload.php" role="test" />
- <file name="phpunit.xml" role="test" />
- <file name="StoryTestCase.php" role="test" />
- </dir> <!-- /test/Horde/Nonce -->
- </dir> <!-- /test/Horde -->
- </dir> <!-- /test -->
- </dir> <!-- / -->
- </contents>
- <dependencies>
- <required>
- <php>
- <min>5.2.0</min>
- </php>
- <pearinstaller>
- <min>1.9.0</min>
- </pearinstaller>
- </required>
- </dependencies>
- <phprelease>
- <filelist>
- <install as="Horde/Nonce.php" name="lib/Horde/Nonce.php" />
- <install as="Horde/Nonce/Generator.php" name="lib/Horde/Nonce/Generator.php" />
- <install as="Horde/Nonce/Hash.php" name="lib/Horde/Nonce/Hash.php" />
- <install as="Horde/Nonce/AllTests.php" name="test/Horde/Nonce/AllTests.php" />
- <install as="Horde/Nonce/Autoload.php" name="test/Horde/Nonce/Autoload.php" />
- <install as="Horde/Nonce/phpunit.xml" name="test/Horde/Nonce/phpunit.xml" />
- <install as="Horde/Nonce/StoryTestCase.php" name="test/Horde/Nonce/StoryTestCase.php" />
- <install as="Horde/Nonce/Integration/NonceTest.php" name="test/Horde/Nonce/Integration/NonceTest.php" />
- </filelist>
- </phprelease>
- <changelog>
- <release>
- <version>
- <release>0.0.1</release>
- <api>0.0.1</api>
- </version>
- <stability>
- <release>alpha</release>
- <api>alpha</api>
- </stability>
- <date>2010-11-09</date>
- <license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
- <notes>
-* Initial release.
- </notes>
- </release>
- </changelog>
-</package>
+++ /dev/null
-<?php
-/**
- * All tests for the Horde_Nonce:: package.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * Define the main method
- */
-if (!defined('PHPUnit_MAIN_METHOD')) {
- define('PHPUnit_MAIN_METHOD', 'Horde_Nonce_AllTests::main');
-}
-
-/**
- * Prepare the test setup.
- */
-require_once 'Horde/Test/AllTests.php';
-
-/**
- * Combine the tests for this package.
- *
- * Copyright 2007-2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce_AllTests extends Horde_Test_AllTests
-{
-}
-
-Horde_Nonce_AllTests::init('Horde_Nonce', __FILE__);
-
-if (PHPUnit_MAIN_METHOD == 'Horde_Nonce_AllTests::main') {
- Horde_Nonce_AllTests::main();
-}
+++ /dev/null
-<?php
-/**
- * Setup autoloading for the tests.
- *
- * PHP version 5
- *
- * Copyright 2009-2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-require_once 'Horde/Test/Autoload.php';
-
-/** Catch strict standards */
-error_reporting(E_ALL | E_STRICT);
-
-/** Load the basic test definition */
-require_once dirname(__FILE__) . '/StoryTestCase.php';
+++ /dev/null
-<?php
-/**
- * Test the Nonce system.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * Prepare the test setup.
- */
-require_once dirname(__FILE__) . '/../Autoload.php';
-
-/**
- * Test the Nonce system.
- *
- * Copyright 2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce_Integration_NonceTest
-extends Horde_Nonce_StoryTestCase
-{
- /**
- * @scenario
- */
- public function defaultLength()
- {
- $this->given('the default nonce setup')
- ->when('retrieving a nonce')
- ->then('the nonce has a length of 8 bytes');
- }
-
- /**
- * @scenario
- */
- public function nonceTimeOut()
- {
- $this->given('the default nonce setup')
- ->when('retrieving a nonce')
- ->and('waiting for two seconds')
- ->then('the nonce is invalid given a timeout of one second');
- }
-
- /**
- * @scenario
- */
- public function nonceWithoutTimeout()
- {
- $this->given('the default nonce setup')
- ->when('retrieving a nonce')
- ->and('waiting for two seconds')
- ->then('the nonce is valid given no timeout');
- }
-
- /**
- * @scenario
- */
- public function nonceCounterValue()
- {
- $this->given('the default nonce generator')
- ->when('splitting nonce', 'MABBCCDD')
- ->then('the extracted counter value (here: timestamp) is', 1296122434);
- }
-
- /**
- * @scenario
- */
- public function nonceRandomValue()
- {
- $this->given('the default nonce generator')
- ->when('splitting nonce', 'MABBCCDD')
- ->then('the extracted random part matches', array(1 => 17219, 2 => 17476));
- }
-
- /**
- * @scenario
- */
- public function nonceHashes()
- {
- $this->given('the default hash setup')
- ->when('hashing nonce', 'MABBCCDD')
- ->then('the hash representation provides the hashes', 62, 165, 118);
- }
-
- /**
- * @scenario
- */
- public function emptyFilter()
- {
- $this->given('the default filter setup')
- ->when('testing whether a nonce is unused if it has the following counter and hash values', 50, 3, 10, 47)
- ->then('the nonce is unused');
- }
-
- /**
- * @scenario
- */
- public function lowerCounter()
- {
- $this->given('the default filter setup')
- ->and('the following counter and hash values are marked', 10, 3, 10, 47)
- ->when('testing whether a nonce is unused if it has the following counter and hash values', 50, 3, 10, 47)
- ->then('the nonce is unused');
- }
-
- /**
- * @scenario
- */
- public function unusedElement()
- {
- $this->given('the default filter setup')
- ->and('the following counter and hash values are marked', 100, 3, 11, 47)
- ->when('testing whether a nonce is unused if it has the following counter and hash values', 50, 3, 10, 47)
- ->then('the nonce is unused');
- }
-
- /**
- * @scenario
- */
- public function used()
- {
- $this->given('the default filter setup')
- ->and('the following counter and hash values are marked', 100, 3, 10, 47)
- ->when('testing whether a nonce is unused if it has the following counter and hash values', 50, 3, 10, 47)
- ->then('the nonce is used');
- }
-}
\ No newline at end of file
+++ /dev/null
-<?php
-/**
- * Base for story based package testing.
- *
- * PHP version 5
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-
-/**
- * Base for story based package testing.
- *
- * Copyright 2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @category Horde
- * @package Nonce
- * @subpackage UnitTests
- * @author Gunnar Wrobel <wrobel@pardus.de>
- * @license http://www.fsf.org/copyleft/lgpl.html LGPL
- * @link http://pear.horde.org/index.php?package=Nonce
- */
-class Horde_Nonce_StoryTestCase
-extends PHPUnit_Extensions_Story_TestCase
-{
- /**
- * Handle a "given" step.
- *
- * @param array &$world Joined "world" of variables.
- * @param string $action The description of the step.
- * @param array $arguments Additional arguments to the step.
- *
- * @return mixed The outcome of the step.
- */
- public function runGiven(&$world, $action, $arguments)
- {
- switch($action) {
- case 'the default nonce setup':
- $world['nonce_handler'] = new Horde_Nonce(
- new Horde_Nonce_Generator(),
- new Horde_Nonce_Hash()
- );
- break;
- case 'the default hash setup':
- $world['nonce_hash'] = new Horde_Nonce_Hash();
- case 'the default nonce generator':
- $world['nonce_generator'] = new Horde_Nonce_Generator();
- break;
- case 'the default filter setup':
- $world['nonce_filter'] = new Horde_Nonce_Filter();
- break;
- case 'the following counter and hash values are marked':
- $world['nonce_filter']->isUsed(array_shift($arguments), $arguments);
- break;
- default:
- return $this->notImplemented($action);
- }
- }
-
- /**
- * Handle a "when" step.
- *
- * @param array &$world Joined "world" of variables.
- * @param string $action The description of the step.
- * @param array $arguments Additional arguments to the step.
- *
- * @return mixed The outcome of the step.
- */
- public function runWhen(&$world, $action, $arguments)
- {
- switch($action) {
- case 'retrieving a nonce':
- $world['nonce'] = $world['nonce_handler']->create();
- break;
- case 'waiting for two seconds':
- sleep(2);
- break;
- case 'splitting nonce':
- list($timestamp, $random) = $world['nonce_generator']->split($arguments[0]);
- $world['timestamp'] = $timestamp;
- $world['random'] = $random;
- break;
- case 'hashing nonce':
- list($timestamp, $random) = $world['nonce_generator']->split($arguments[0]);
- $world['hashes'] = $world['nonce_hash']->hash($random);
- break;
- case 'testing whether a nonce is unused if it has the following counter and hash values':
- $world['used'] = $world['nonce_filter']->isUsed(array_shift($arguments), $arguments);
- break;
- default:
- return $this->notImplemented($action);
- }
- }
-
- /**
- * Handle a "then" step.
- *
- * @param array &$world Joined "world" of variables.
- * @param string $action The description of the step.
- * @param array $arguments Additional arguments to the step.
- *
- * @return mixed The outcome of the step.
- */
- public function runThen(&$world, $action, $arguments)
- {
- switch($action) {
- case 'the nonce has a length of 8 bytes':
- $this->assertEquals(8, strlen($world['nonce']));
- break;
- case 'the nonce is invalid given a timeout of one second':
- $this->assertFalse($world['nonce_handler']->isValid($world['nonce'], 1));
- break;
- case 'the nonce is valid given no timeout':
- $this->assertTrue($world['nonce_handler']->isValid($world['nonce']));
- break;
- case 'the extracted counter value (here: timestamp) is':
- $this->assertEquals(
- $world['timestamp'],
- $arguments[0]
- );
- break;
- case 'the extracted random part matches':
- $this->assertEquals(
- $world['random'],
- $arguments[0]
- );
- break;
- case 'the hash representation provides the hashes':
- $this->assertEquals(
- $world['hashes'],
- $arguments
- );
- break;
- case 'the nonce is unused':
- $this->assertFalse($world['used']);
- break;
- case 'the nonce is used':
- $this->assertTrue($world['used']);
- break;
- default:
- return $this->notImplemented($action);
- }
- }
-
-}
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit>
- <filter>
- <whitelist>
- <directory suffix=".php">../../../lib</directory>
- </whitelist>
- </filter>
-</phpunit>
projects / horde.git / commitdiff