4 * This module contains the CURL-based HTTP fetcher implementation.
8 * LICENSE: See the COPYING file included in this distribution.
11 * @author JanRain, Inc. <openid@janrain.com>
12 * @copyright 2005-2008 Janrain, Inc.
13 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
19 require_once "Auth/Yadis/HTTPFetcher.php";
21 require_once "Auth/OpenID.php";
24 * A paranoid {@link Auth_Yadis_HTTPFetcher} class which uses CURL
29 class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
30 function Auth_Yadis_ParanoidHTTPFetcher()
37 $this->headers = array();
44 function _writeHeader($ch, $header)
46 array_push($this->headers, rtrim($header));
47 return strlen($header);
53 function _writeData($ch, $data)
55 if (strlen($this->data) > 1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB) {
64 * Does this fetcher support SSL URLs?
66 function supportsSSL()
70 return in_array('https', $v['protocols']);
71 } elseif (is_string($v)) {
72 return preg_match('/OpenSSL/i', $v);
78 function get($url, $extra_headers = null)
80 if (!$this->canFetchURL($url)) {
84 $stop = time() + $this->timeout;
85 $off = $this->timeout;
89 while ($redir && ($off > 0)) {
93 if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER')
94 && Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) {
96 'You have disabled SSL verifcation, this is a TERRIBLE ' .
97 'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' .
98 'VERIFYPEER to false if you want to be safe again',
100 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
105 "curl_init returned false; could not " .
106 "initialize for URL '%s'", $url);
110 if (defined('CURLOPT_NOSIGNAL')) {
111 curl_setopt($c, CURLOPT_NOSIGNAL, true);
114 if (!$this->allowedURL($url)) {
115 Auth_OpenID::log("Fetching URL not allowed: %s",
120 curl_setopt($c, CURLOPT_WRITEFUNCTION,
121 array($this, "_writeData"));
122 curl_setopt($c, CURLOPT_HEADERFUNCTION,
123 array($this, "_writeHeader"));
125 if ($extra_headers) {
126 curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
129 $cv = curl_version();
131 $curl_user_agent = 'curl/'.$cv['version'];
133 $curl_user_agent = $cv;
135 curl_setopt($c, CURLOPT_USERAGENT,
136 Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
137 curl_setopt($c, CURLOPT_TIMEOUT, $off);
138 curl_setopt($c, CURLOPT_URL, $url);
140 if (defined('Auth_OpenID_VERIFY_HOST')) {
141 // set SSL verification options only if Auth_OpenID_VERIFY_HOST
142 // is explicitly set, otherwise use system default.
143 if (Auth_OpenID_VERIFY_HOST) {
144 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
145 curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
146 if (defined('Auth_OpenID_CAINFO')) {
147 curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
150 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
153 if (defined('Auth_OpenID_HTTP_PROXY')) {
154 curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
158 $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
160 $headers = $this->headers;
163 Auth_OpenID::log("Got no response code when fetching %s", $url);
164 Auth_OpenID::log("CURL error (%s): %s",
165 curl_errno($c), curl_error($c));
169 if (in_array($code, array(301, 302, 303, 307))) {
170 $url = $this->_findRedirect($headers, $url);
176 if (defined('Auth_OpenID_VERIFY_HOST') &&
177 Auth_OpenID_VERIFY_HOST == true &&
178 $this->isHTTPS($url)) {
179 Auth_OpenID::log('OpenID: Verified SSL host %s using '.
182 $new_headers = array();
184 foreach ($headers as $header) {
185 if (strpos($header, ': ')) {
186 list($name, $value) = explode(': ', $header, 2);
187 $new_headers[$name] = $value;
191 return new Auth_Yadis_HTTPResponse($url, $code,
192 $new_headers, $body);
195 $off = $stop - time();
201 function post($url, $body, $extra_headers = null)
203 if (!$this->canFetchURL($url)) {
211 if (defined('CURLOPT_NOSIGNAL')) {
212 curl_setopt($c, CURLOPT_NOSIGNAL, true);
215 if (defined('Auth_OpenID_HTTP_PROXY')) {
216 curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
219 curl_setopt($c, CURLOPT_POST, true);
220 curl_setopt($c, CURLOPT_POSTFIELDS, $body);
221 curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
222 curl_setopt($c, CURLOPT_URL, $url);
223 curl_setopt($c, CURLOPT_WRITEFUNCTION,
224 array($this, "_writeData"));
226 if (defined('Auth_OpenID_VERIFY_HOST')) {
227 // set SSL verification options only if Auth_OpenID_VERIFY_HOST
228 // is explicitly set, otherwise use system default.
229 if (Auth_OpenID_VERIFY_HOST) {
230 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
231 curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
232 if (defined('Auth_OpenID_CAINFO')) {
233 curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
236 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
242 $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
245 Auth_OpenID::log("Got no response code when fetching %s", $url);
246 Auth_OpenID::log("CURL error (%s): %s",
247 curl_errno($c), curl_error($c));
251 if (defined('Auth_OpenID_VERIFY_HOST') &&
252 Auth_OpenID_VERIFY_HOST == true &&
253 $this->isHTTPS($url)) {
254 Auth_OpenID::log('OpenID: Verified SSL host %s using '.
261 $new_headers = $extra_headers;
263 foreach ($this->headers as $header) {
264 if (strpos($header, ': ')) {
265 list($name, $value) = explode(': ', $header, 2);
266 $new_headers[$name] = $value;
271 return new Auth_Yadis_HTTPResponse($url, $code,
272 $new_headers, $body);