From 50569114acdc64e7c7cae1498635d3f821517c30 Mon Sep 17 00:00:00 2001
From: Daniel Lange <DLange@git.local>
Date: Mon, 7 Mar 2016 15:53:16 +0100
Subject: Initial commit of the Faster IT roundcube_calendar plugin
 distribution This includes:  * Kolab plugins 3.2.9 (calendar and
 libcalendaring)  * CalDAV driver 3.2.8  * .htaccess files for at least some
 security  * SabreDAV updated to 1.8.12 (Jan 2015 release)  * Support for
 CURLOPT_SSL_* settings to allow self-signed certificates  * Small fixes &
 improved documentation

---
 .../lib/SabreDAV/lib/OldSabre/HTTP/AWSAuth.php     | 227 +++++++++++++++++++++
 1 file changed, 227 insertions(+)
 create mode 100644 calendar/lib/SabreDAV/lib/OldSabre/HTTP/AWSAuth.php

(limited to 'calendar/lib/SabreDAV/lib/OldSabre/HTTP/AWSAuth.php')

diff --git a/calendar/lib/SabreDAV/lib/OldSabre/HTTP/AWSAuth.php b/calendar/lib/SabreDAV/lib/OldSabre/HTTP/AWSAuth.php
new file mode 100644
index 0000000..f080983
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/HTTP/AWSAuth.php
@@ -0,0 +1,227 @@
+<?php
+
+namespace OldSabre\HTTP;
+
+/**
+ * HTTP AWS Authentication handler
+ *
+ * Use this class to leverage amazon's AWS authentication header
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class AWSAuth extends AbstractAuth {
+
+    /**
+     * The signature supplied by the HTTP client
+     *
+     * @var string
+     */
+    private $signature = null;
+
+    /**
+     * The accesskey supplied by the HTTP client
+     *
+     * @var string
+     */
+    private $accessKey = null;
+
+    /**
+     * An error code, if any
+     *
+     * This value will be filled with one of the ERR_* constants
+     *
+     * @var int
+     */
+    public $errorCode = 0;
+
+    const ERR_NOAWSHEADER = 1;
+    const ERR_MD5CHECKSUMWRONG = 2;
+    const ERR_INVALIDDATEFORMAT = 3;
+    const ERR_REQUESTTIMESKEWED = 4;
+    const ERR_INVALIDSIGNATURE = 5;
+
+    /**
+     * Gathers all information from the headers
+     *
+     * This method needs to be called prior to anything else.
+     *
+     * @return bool
+     */
+    public function init() {
+
+        $authHeader = $this->httpRequest->getHeader('Authorization');
+        $authHeader = explode(' ',$authHeader);
+
+        if ($authHeader[0]!='AWS' || !isset($authHeader[1])) {
+            $this->errorCode = self::ERR_NOAWSHEADER;
+             return false;
+        }
+
+        list($this->accessKey,$this->signature) = explode(':',$authHeader[1]);
+
+        return true;
+
+    }
+
+    /**
+     * Returns the username for the request
+     *
+     * @return string
+     */
+    public function getAccessKey() {
+
+        return $this->accessKey;
+
+    }
+
+    /**
+     * Validates the signature based on the secretKey
+     *
+     * @param string $secretKey
+     * @return bool
+     */
+    public function validate($secretKey) {
+
+        $contentMD5 = $this->httpRequest->getHeader('Content-MD5');
+
+        if ($contentMD5) {
+            // We need to validate the integrity of the request
+            $body = $this->httpRequest->getBody(true);
+            $this->httpRequest->setBody($body,true);
+
+            if ($contentMD5!=base64_encode(md5($body,true))) {
+                // content-md5 header did not match md5 signature of body
+                $this->errorCode = self::ERR_MD5CHECKSUMWRONG;
+                return false;
+            }
+
+        }
+
+        if (!$requestDate = $this->httpRequest->getHeader('x-amz-date'))
+            $requestDate = $this->httpRequest->getHeader('Date');
+
+        if (!$this->validateRFC2616Date($requestDate))
+            return false;
+
+        $amzHeaders = $this->getAmzHeaders();
+
+        $signature = base64_encode(
+            $this->hmacsha1($secretKey,
+                $this->httpRequest->getMethod() . "\n" .
+                $contentMD5 . "\n" .
+                $this->httpRequest->getHeader('Content-type') . "\n" .
+                $requestDate . "\n" .
+                $amzHeaders .
+                $this->httpRequest->getURI()
+            )
+        );
+
+        if ($this->signature != $signature) {
+
+            $this->errorCode = self::ERR_INVALIDSIGNATURE;
+            return false;
+
+        }
+
+        return true;
+
+    }
+
+
+    /**
+     * Returns an HTTP 401 header, forcing login
+     *
+     * This should be called when username and password are incorrect, or not supplied at all
+     *
+     * @return void
+     */
+    public function requireLogin() {
+
+        $this->httpResponse->setHeader('WWW-Authenticate','AWS');
+        $this->httpResponse->sendStatus(401);
+
+    }
+
+    /**
+     * Makes sure the supplied value is a valid RFC2616 date.
+     *
+     * If we would just use strtotime to get a valid timestamp, we have no way of checking if a
+     * user just supplied the word 'now' for the date header.
+     *
+     * This function also makes sure the Date header is within 15 minutes of the operating
+     * system date, to prevent replay attacks.
+     *
+     * @param string $dateHeader
+     * @return bool
+     */
+    protected function validateRFC2616Date($dateHeader) {
+
+        $date = Util::parseHTTPDate($dateHeader);
+
+        // Unknown format
+        if (!$date) {
+            $this->errorCode = self::ERR_INVALIDDATEFORMAT;
+            return false;
+        }
+
+        $min = new \DateTime('-15 minutes');
+        $max = new \DateTime('+15 minutes');
+
+        // We allow 15 minutes around the current date/time
+        if ($date > $max || $date < $min) {
+            $this->errorCode = self::ERR_REQUESTTIMESKEWED;
+            return false;
+        }
+
+        return $date;
+
+    }
+
+    /**
+     * Returns a list of AMZ headers
+     *
+     * @return string
+     */
+    protected function getAmzHeaders() {
+
+        $amzHeaders = array();
+        $headers = $this->httpRequest->getHeaders();
+        foreach($headers as $headerName => $headerValue) {
+            if (strpos(strtolower($headerName),'x-amz-')===0) {
+                $amzHeaders[strtolower($headerName)] = str_replace(array("\r\n"),array(' '),$headerValue) . "\n";
+            }
+        }
+        ksort($amzHeaders);
+
+        $headerStr = '';
+        foreach($amzHeaders as $h=>$v) {
+            $headerStr.=$h.':'.$v;
+        }
+
+        return $headerStr;
+
+    }
+
+    /**
+     * Generates an HMAC-SHA1 signature
+     *
+     * @param string $key
+     * @param string $message
+     * @return string
+     */
+    private function hmacsha1($key, $message) {
+
+        $blocksize=64;
+        if (strlen($key)>$blocksize)
+            $key=pack('H*', sha1($key));
+        $key=str_pad($key,$blocksize,chr(0x00));
+        $ipad=str_repeat(chr(0x36),$blocksize);
+        $opad=str_repeat(chr(0x5c),$blocksize);
+        $hmac = pack('H*',sha1(($key^$opad).pack('H*',sha1(($key^$ipad).$message))));
+        return $hmac;
+
+    }
+
+}
-- 
cgit v1.2.3