function parseService($yadis_url, $uri, $type_uris, $service_element)
{
// Set the state of this object based on the contents of the
// service element.
$this->type_uris = $type_uris;
$this->identity_url = $yadis_url;
$this->server_url = $uri;
$this->delegate = Auth_OpenID_ServiceEndpoint::findDelegate($service_element);
$this->used_yadis = true;
}
static function fromDiscoveryResult($discoveryResult)
{
if ($discoveryResult->isXRDS()) {
return Auth_OpenID_ServiceEndpoint::fromXRDS($discoveryResult->normalized_uri, $discoveryResult->response_text);
} else {
return Auth_OpenID_ServiceEndpoint::fromHTML($discoveryResult->normalized_uri, $discoveryResult->response_text);
}
}
/**
* Discover and cache OpenID services for a user's delegate OpenID.
*
* @param int $userid user ID
* @url string URL to discover. If not provided, user's current delegate will be used
* @return bool true if successful
*/
function openid_server_update_delegation_info($userid, $url = null)
{
if (empty($url)) {
$url = get_usermeta($userid, 'openid_delegate');
}
if (empty($url)) {
return false;
}
$fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
$discoveryResult = Auth_Yadis_Yadis::discover($url, $fetcher);
$endpoints = Auth_OpenID_ServiceEndpoint::fromDiscoveryResult($discoveryResult);
$services = array();
if (!empty($endpoints)) {
foreach ($endpoints as $endpoint) {
$service = array('Type' => array(), 'URI' => $endpoint->server_url);
foreach ($endpoint->type_uris as $type) {
$service['Type'][] = array('content' => $type);
if ($type == Auth_OpenID_TYPE_2_0_IDP) {
$service['LocalID'] = Auth_OpenID_IDENTIFIER_SELECT;
} else {
if ($type == Auth_OpenID_TYPE_2_0) {
$service['LocalID'] = $endpoint->local_id;
} else {
if (in_array($type, array(Auth_OpenID_TYPE_1_0, Auth_OpenID_TYPE_1_1, Auth_OpenID_TYPE_1_2))) {
$service['openid:Delegate'] = $endpoint->local_id;
}
}
}
}
$services[] = $service;
}
}
if (empty($services)) {
// resort to checking for HTML links
$response = $fetcher->get($url);
$html_content = $response->body;
$p = new Auth_OpenID_Parse();
$link_attrs = $p->parseLinkAttrs($html_content);
// check HTML for OpenID2
$server_url = $p->findFirstHref($link_attrs, 'openid2.provider');
if ($server_url !== null) {
$openid_url = $p->findFirstHref($link_attrs, 'openid2.local_id');
if ($openid_url == null) {
$openid_url = $url;
}
$services[] = array('Type' => array(array('content' => Auth_OpenID_Type_1_1)), 'URI' => $server_url, 'LocalID' => $openid_url);
}
// check HTML for OpenID1
$server_url = $p->findFirstHref($link_attrs, 'openid.server');
if ($server_url !== null) {
$openid_url = $p->findFirstHref($link_attrs, 'openid.delegate');
if ($openid_url == null) {
$openid_url = $url;
}
$services[] = array('Type' => array(array('content' => Auth_OpenID_Type_2_0)), 'URI' => $server_url, 'openid:Delegate' => $openid_url);
}
}
if (empty($services)) {
return false;
}
update_usermeta($userid, 'openid_delegate', $url);
update_usermeta($userid, 'openid_delegate_services', $services);
return true;
}
/**
* @access private
*/
function _verifyDiscoveryResultsOpenID2($message, $endpoint)
{
$to_match = new Auth_OpenID_ServiceEndpoint();
$to_match->type_uris = array(Auth_OpenID_TYPE_2_0);
$to_match->claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
$to_match->local_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'identity');
$to_match->server_url = $message->getArg(Auth_OpenID_OPENID2_NS, 'op_endpoint');
if ($to_match->server_url === null) {
return new Auth_OpenID_FailureResponse($endpoint, "OP Endpoint URL missing");
}
// claimed_id and identifier must both be present or both be
// absent
if ($to_match->claimed_id === null && $to_match->local_id !== null) {
return new Auth_OpenID_FailureResponse($endpoint, 'openid.identity is present without openid.claimed_id');
}
if ($to_match->claimed_id !== null && $to_match->local_id === null) {
return new Auth_OpenID_FailureResponse($endpoint, 'openid.claimed_id is present without openid.identity');
}
if ($to_match->claimed_id === null) {
// This is a response without identifiers, so there's
// really no checking that we can do, so return an
// endpoint that's for the specified `openid.op_endpoint'
return Auth_OpenID_ServiceEndpoint::fromOPEndpointURL($to_match->server_url);
}
if (!$endpoint) {
// The claimed ID doesn't match, so we have to do
// discovery again. This covers not using sessions, OP
// identifier endpoints and responses that didn't match
// the original request.
// oidutil.log('No pre-discovered information supplied.')
return $this->_discoverAndVerify($to_match->claimed_id, array($to_match));
} else {
// The claimed ID matches, so we use the endpoint that we
// discovered in initiation. This should be the most
// common case.
$result = $this->_verifyDiscoverySingle($endpoint, $to_match);
if (Auth_OpenID::isFailure($result)) {
$endpoint = $this->_discoverAndVerify($to_match->claimed_id, array($to_match));
if (Auth_OpenID::isFailure($endpoint)) {
return $endpoint;
}
}
}
// The endpoint we return should have the claimed ID from the
// message we just verified, fragment and all.
if ($endpoint->claimed_id != $to_match->claimed_id) {
$endpoint->claimed_id = $to_match->claimed_id;
}
return $endpoint;
}
function test_useCanonicalID()
{
$endpoint = new Auth_OpenID_ServiceEndpoint();
$endpoint->claimed_id = Auth_Yadis_XRI("=!1000");
$endpoint->canonicalID = Auth_Yadis_XRI("=!1000");
$htis->assertEquals($endpoint->getLocalID(), Auth_Yadis_XRI("=!1000"));
}
function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher)
{
$http_resp = @$fetcher->get($uri);
if ($http_resp->status != 200) {
return array($uri, array());
}
$identity_url = $http_resp->final_url;
// Try to parse the response as HTML to get OpenID 1.0/1.1 <link
// rel="...">
$openid_services = Auth_OpenID_ServiceEndpoint::fromHTML($identity_url, $http_resp->body);
return array($identity_url, $openid_services);
}
function test_useCanonicalID()
{
// When there is no delegate, the CanonicalID should be used
// with XRI.
$endpoint = new Auth_OpenID_ServiceEndpoint();
$endpoint->identity_url = "=example";
$endpoint->canonicalID = Services_Yadis_XRI("=!1000");
$this->assertEquals($endpoint->getServerID(), Services_Yadis_XRI("=!1000"));
}
