extlib/Auth/Yadis/ParanoidHTTPFetcher.php

   1 <?php
   2
   3 /**
   4  * This module contains the CURL-based HTTP fetcher implementation.
   5  *
   6  * PHP versions 4 and 5
   7  *
   8  * LICENSE: See the COPYING file included in this distribution.
   9  *
  10  * @package OpenID
  11  * @author JanRain, Inc. <openid@janrain.com>
  12  * @copyright 2005-2008 Janrain, Inc.
  13  * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
  14  */
  15
  16 /**
  17  * Interface import
  18  */
  19 require_once "Auth/Yadis/HTTPFetcher.php";
  20
  21 require_once "Auth/OpenID.php";
  22
  23 /**
  24  * A paranoid {@link Auth_Yadis_HTTPFetcher} class which uses CURL
  25  * for fetching.
  26  *
  27  * @package OpenID
  28  */
  29 class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
  30     function Auth_Yadis_ParanoidHTTPFetcher()
  31     {
  32         $this->reset();
  33     }
  34
  35     function reset()
  36     {
  37         $this->headers = array();
  38         $this->data = "";
  39     }
  40
  41     /**
  42      * @access private
  43      */
  44     function _writeHeader($ch, $header)
  45     {
  46         array_push($this->headers, rtrim($header));
  47         return strlen($header);
  48     }
  49
  50     /**
  51      * @access private
  52      */
  53     function _writeData($ch, $data)
  54     {
  55         if (strlen($this->data) > 1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB) {
  56             return 0;
  57         } else {
  58             $this->data .= $data;
  59             return strlen($data);
  60         }
  61     }
  62
  63     /**
  64      * Does this fetcher support SSL URLs?
  65      */
  66     function supportsSSL()
  67     {
  68         $v = curl_version();
  69         if(is_array($v)) {
  70             return in_array('https', $v['protocols']);
  71         } elseif (is_string($v)) {
  72             return preg_match('/OpenSSL/i', $v);
  73         } else {
  74             return 0;
  75         }
  76     }
  77
  78     function get($url, $extra_headers = null)
  79     {
  80         if (!$this->canFetchURL($url)) {
  81             return null;
  82         }
  83
  84         $stop = time() + $this->timeout;
  85         $off = $this->timeout;
  86
  87         $redir = true;
  88
  89         while ($redir && ($off > 0)) {
  90             $this->reset();
  91
  92             $c = curl_init();
  93
  94             if ($c === false) {
  95                 Auth_OpenID::log(
  96                     "curl_init returned false; could not " .
  97                     "initialize for URL '%s'", $url);
  98                 return null;
  99             }
 100
 101             if (defined('CURLOPT_NOSIGNAL')) {
 102                 curl_setopt($c, CURLOPT_NOSIGNAL, true);
 103             }
 104
 105             if (!$this->allowedURL($url)) {
 106                 Auth_OpenID::log("Fetching URL not allowed: %s",
 107                                  $url);
 108                 return null;
 109             }
 110
 111             curl_setopt($c, CURLOPT_WRITEFUNCTION,
 112                         array($this, "_writeData"));
 113             curl_setopt($c, CURLOPT_HEADERFUNCTION,
 114                         array($this, "_writeHeader"));
 115
 116             if ($extra_headers) {
 117                 curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
 118             }
 119
 120             $cv = curl_version();
 121             if(is_array($cv)) {
 122               $curl_user_agent = 'curl/'.$cv['version'];
 123             } else {
 124               $curl_user_agent = $cv;
 125             }
 126             curl_setopt($c, CURLOPT_USERAGENT,
 127                         Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
 128             curl_setopt($c, CURLOPT_TIMEOUT, $off);
 129             curl_setopt($c, CURLOPT_URL, $url);
 130
 131             if (defined('Auth_OpenID_VERIFY_HOST')) {
 132                 // set SSL verification options only if Auth_OpenID_VERIFY_HOST
 133                 // is explicitly set, otherwise use system default.
 134                 if (Auth_OpenID_VERIFY_HOST) {
 135                     curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
 136                     curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
 137                     if (defined('Auth_OpenID_CAINFO')) {
 138                         curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
 139                     }
 140                 } else {
 141                     curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
 142                 }
 143             }
 144             if (defined('Auth_OpenID_HTTP_PROXY')) {
 145                 curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
 146             }
 147             curl_exec($c);
 148
 149             $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
 150             $body = $this->data;
 151             $headers = $this->headers;
 152
 153             if (!$code) {
 154                 Auth_OpenID::log("Got no response code when fetching %s", $url);
 155                 Auth_OpenID::log("CURL error (%s): %s",
 156                                  curl_errno($c), curl_error($c));
 157                 return null;
 158             }
 159
 160             if (in_array($code, array(301, 302, 303, 307))) {
 161                 $url = $this->_findRedirect($headers, $url);
 162                 $redir = true;
 163             } else {
 164                 $redir = false;
 165                 curl_close($c);
 166
 167                 if (defined('Auth_OpenID_VERIFY_HOST') &&
 168                     Auth_OpenID_VERIFY_HOST == true &&
 169                     $this->isHTTPS($url)) {
 170                     Auth_OpenID::log('OpenID: Verified SSL host %s using '.
 171                                      'curl/get', $url);
 172                 }
 173                 $new_headers = array();
 174
 175                 foreach ($headers as $header) {
 176                     if (strpos($header, ': ')) {
 177                         list($name, $value) = explode(': ', $header, 2);
 178                         $new_headers[$name] = $value;
 179                     }
 180                 }
 181
 182                 return new Auth_Yadis_HTTPResponse($url, $code,
 183                                                     $new_headers, $body);
 184             }
 185
 186             $off = $stop - time();
 187         }
 188
 189         return null;
 190     }
 191
 192     function post($url, $body, $extra_headers = null)
 193     {
 194         if (!$this->canFetchURL($url)) {
 195             return null;
 196         }
 197
 198         $this->reset();
 199
 200         $c = curl_init();
 201
 202         if (defined('CURLOPT_NOSIGNAL')) {
 203             curl_setopt($c, CURLOPT_NOSIGNAL, true);
 204         }
 205
 206         if (defined('Auth_OpenID_HTTP_PROXY')) {
 207             curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
 208         }
 209
 210         curl_setopt($c, CURLOPT_POST, true);
 211         curl_setopt($c, CURLOPT_POSTFIELDS, $body);
 212         curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
 213         curl_setopt($c, CURLOPT_URL, $url);
 214         curl_setopt($c, CURLOPT_WRITEFUNCTION,
 215                     array($this, "_writeData"));
 216
 217         if (defined('Auth_OpenID_VERIFY_HOST')) {
 218             // set SSL verification options only if Auth_OpenID_VERIFY_HOST
 219             // is explicitly set, otherwise use system default.
 220             if (Auth_OpenID_VERIFY_HOST) {
 221                 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
 222                 curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
 223                 if (defined('Auth_OpenID_CAINFO')) {
 224                     curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
 225                 }
 226             } else {
 227                 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
 228             }
 229         }
 230
 231         curl_exec($c);
 232
 233         $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
 234
 235         if (!$code) {
 236             Auth_OpenID::log("Got no response code when fetching %s", $url);
 237             Auth_OpenID::log("CURL error (%s): %s",
 238                              curl_errno($c), curl_error($c));
 239             return null;
 240         }
 241
 242         if (defined('Auth_OpenID_VERIFY_HOST') &&
 243             Auth_OpenID_VERIFY_HOST == true &&
 244             $this->isHTTPS($url)) {
 245             Auth_OpenID::log('OpenID: Verified SSL host %s using '.
 246                              'curl/post', $url);
 247         }
 248         $body = $this->data;
 249
 250         curl_close($c);
 251
 252         $new_headers = $extra_headers;
 253
 254         foreach ($this->headers as $header) {
 255             if (strpos($header, ': ')) {
 256                 list($name, $value) = explode(': ', $header, 2);
 257                 $new_headers[$name] = $value;
 258             }
 259
 260         }
 261
 262         return new Auth_Yadis_HTTPResponse($url, $code,
 263                                            $new_headers, $body);
 264     }
 265 }
 266