extlib/Auth/Yadis/ParanoidHTTPFetcher.php

   1 <?php
   2
   3 /**
   4  * This module contains the CURL-based HTTP fetcher implementation.
   5  *
   6  * PHP versions 4 and 5
   7  *
   8  * LICENSE: See the COPYING file included in this distribution.
   9  *
  10  * @package OpenID
  11  * @author JanRain, Inc. <openid@janrain.com>
  12  * @copyright 2005-2008 Janrain, Inc.
  13  * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
  14  */
  15
  16 /**
  17  * Interface import
  18  */
  19 require_once "Auth/Yadis/HTTPFetcher.php";
  20
  21 require_once "Auth/OpenID.php";
  22
  23 /**
  24  * A paranoid {@link Auth_Yadis_HTTPFetcher} class which uses CURL
  25  * for fetching.
  26  *
  27  * @package OpenID
  28  */
  29 class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
  30     function Auth_Yadis_ParanoidHTTPFetcher()
  31     {
  32         $this->reset();
  33     }
  34
  35     function reset()
  36     {
  37         $this->headers = array();
  38         $this->data = "";
  39     }
  40
  41     /**
  42      * @access private
  43      */
  44     function _writeHeader($ch, $header)
  45     {
  46         array_push($this->headers, rtrim($header));
  47         return strlen($header);
  48     }
  49
  50     /**
  51      * @access private
  52      */
  53     function _writeData($ch, $data)
  54     {
  55         if (strlen($this->data) > 1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB) {
  56             return 0;
  57         } else {
  58             $this->data .= $data;
  59             return strlen($data);
  60         }
  61     }
  62
  63     /**
  64      * Does this fetcher support SSL URLs?
  65      */
  66     function supportsSSL()
  67     {
  68         $v = curl_version();
  69         if(is_array($v)) {
  70             return in_array('https', $v['protocols']);
  71         } elseif (is_string($v)) {
  72             return preg_match('/OpenSSL/i', $v);
  73         } else {
  74             return 0;
  75         }
  76     }
  77
  78     function get($url, $extra_headers = null)
  79     {
  80         if (!$this->canFetchURL($url)) {
  81             return null;
  82         }
  83
  84         $stop = time() + $this->timeout;
  85         $off = $this->timeout;
  86
  87         $redir = true;
  88
  89         while ($redir && ($off > 0)) {
  90             $this->reset();
  91
  92             $c = curl_init();
  93             if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER')
  94                     && Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) {
  95                 trigger_error(
  96                     'You have disabled SSL verifcation, this is a TERRIBLE ' .
  97                     'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' .
  98                     'VERIFYPEER to false if you want to be safe again',
  99                     E_USER_WARNING);
 100                 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
 101             }
 102
 103             if ($c === false) {
 104                 Auth_OpenID::log(
 105                     "curl_init returned false; could not " .
 106                     "initialize for URL '%s'", $url);
 107                 return null;
 108             }
 109
 110             if (defined('CURLOPT_NOSIGNAL')) {
 111                 curl_setopt($c, CURLOPT_NOSIGNAL, true);
 112             }
 113
 114             if (!$this->allowedURL($url)) {
 115                 Auth_OpenID::log("Fetching URL not allowed: %s",
 116                                  $url);
 117                 return null;
 118             }
 119
 120             curl_setopt($c, CURLOPT_WRITEFUNCTION,
 121                         array($this, "_writeData"));
 122             curl_setopt($c, CURLOPT_HEADERFUNCTION,
 123                         array($this, "_writeHeader"));
 124
 125             if ($extra_headers) {
 126                 curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
 127             }
 128
 129             $cv = curl_version();
 130             if(is_array($cv)) {
 131               $curl_user_agent = 'curl/'.$cv['version'];
 132             } else {
 133               $curl_user_agent = $cv;
 134             }
 135             curl_setopt($c, CURLOPT_USERAGENT,
 136                         Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
 137             curl_setopt($c, CURLOPT_TIMEOUT, $off);
 138             curl_setopt($c, CURLOPT_URL, $url);
 139
 140             if (defined('Auth_OpenID_VERIFY_HOST')) {
 141                 // set SSL verification options only if Auth_OpenID_VERIFY_HOST
 142                 // is explicitly set, otherwise use system default.
 143                 if (Auth_OpenID_VERIFY_HOST) {
 144                     curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
 145                     curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
 146                     if (defined('Auth_OpenID_CAINFO')) {
 147                         curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
 148                     }
 149                 } else {
 150                     curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
 151                 }
 152             }
 153             if (defined('Auth_OpenID_HTTP_PROXY')) {
 154                 curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
 155             }
 156             curl_exec($c);
 157
 158             $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
 159             $body = $this->data;
 160             $headers = $this->headers;
 161
 162             if (!$code) {
 163                 Auth_OpenID::log("Got no response code when fetching %s", $url);
 164                 Auth_OpenID::log("CURL error (%s): %s",
 165                                  curl_errno($c), curl_error($c));
 166                 return null;
 167             }
 168
 169             if (in_array($code, array(301, 302, 303, 307))) {
 170                 $url = $this->_findRedirect($headers, $url);
 171                 $redir = true;
 172             } else {
 173                 $redir = false;
 174                 curl_close($c);
 175
 176                 if (defined('Auth_OpenID_VERIFY_HOST') &&
 177                     Auth_OpenID_VERIFY_HOST == true &&
 178                     $this->isHTTPS($url)) {
 179                     Auth_OpenID::log('OpenID: Verified SSL host %s using '.
 180                                      'curl/get', $url);
 181                 }
 182                 $new_headers = array();
 183
 184                 foreach ($headers as $header) {
 185                     if (strpos($header, ': ')) {
 186                         list($name, $value) = explode(': ', $header, 2);
 187                         $new_headers[$name] = $value;
 188                     }
 189                 }
 190
 191                 return new Auth_Yadis_HTTPResponse($url, $code,
 192                                                     $new_headers, $body);
 193             }
 194
 195             $off = $stop - time();
 196         }
 197
 198         return null;
 199     }
 200
 201     function post($url, $body, $extra_headers = null)
 202     {
 203         if (!$this->canFetchURL($url)) {
 204             return null;
 205         }
 206
 207         $this->reset();
 208
 209         $c = curl_init();
 210
 211         if (defined('CURLOPT_NOSIGNAL')) {
 212             curl_setopt($c, CURLOPT_NOSIGNAL, true);
 213         }
 214
 215         if (defined('Auth_OpenID_HTTP_PROXY')) {
 216             curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
 217         }
 218
 219         curl_setopt($c, CURLOPT_POST, true);
 220         curl_setopt($c, CURLOPT_POSTFIELDS, $body);
 221         curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
 222         curl_setopt($c, CURLOPT_URL, $url);
 223         curl_setopt($c, CURLOPT_WRITEFUNCTION,
 224                     array($this, "_writeData"));
 225
 226         if (defined('Auth_OpenID_VERIFY_HOST')) {
 227             // set SSL verification options only if Auth_OpenID_VERIFY_HOST
 228             // is explicitly set, otherwise use system default.
 229             if (Auth_OpenID_VERIFY_HOST) {
 230                 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
 231                 curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
 232                 if (defined('Auth_OpenID_CAINFO')) {
 233                     curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
 234                 }
 235             } else {
 236                 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
 237             }
 238         }
 239
 240         curl_exec($c);
 241
 242         $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
 243
 244         if (!$code) {
 245             Auth_OpenID::log("Got no response code when fetching %s", $url);
 246             Auth_OpenID::log("CURL error (%s): %s",
 247                              curl_errno($c), curl_error($c));
 248             return null;
 249         }
 250
 251         if (defined('Auth_OpenID_VERIFY_HOST') &&
 252             Auth_OpenID_VERIFY_HOST == true &&
 253             $this->isHTTPS($url)) {
 254             Auth_OpenID::log('OpenID: Verified SSL host %s using '.
 255                              'curl/post', $url);
 256         }
 257         $body = $this->data;
 258
 259         curl_close($c);
 260
 261         $new_headers = $extra_headers;
 262
 263         foreach ($this->headers as $header) {
 264             if (strpos($header, ': ')) {
 265                 list($name, $value) = explode(': ', $header, 2);
 266                 $new_headers[$name] = $value;
 267             }
 268
 269         }
 270
 271         return new Auth_Yadis_HTTPResponse($url, $code,
 272                                            $new_headers, $body);
 273     }
 274 }
 275