public function isValid() { $mode = $this->getMode(); $claimed_assoc = $this->getAssocHandle(); $claimed_nonce = $this->getNonce(); $claimed_sig = $this->getSig(); $claimed_op_endpoint = $this->getOPEndpoint(); $claimed_identity = $this->getClaimedId(); $claimed_realm = $this->getRealm(); $claimed_returnTo = $this->getReturnTo(); $signed = $this->getSigned(); $valid_realm = OpenIdUriHelper::checkRealm($claimed_realm, $claimed_returnTo); $res = !is_null($mode) && !empty($mode) && $mode == OpenIdProtocol::CheckAuthenticationMode && !is_null($claimed_returnTo) && !empty($claimed_returnTo) && OpenIdUriHelper::checkReturnTo($claimed_returnTo) && !is_null($claimed_realm) && !empty($claimed_realm) && $valid_realm && !is_null($claimed_assoc) && !empty($claimed_assoc) && !is_null($claimed_sig) && !empty($claimed_sig) && !is_null($signed) && !empty($signed) && !is_null($claimed_nonce) && !empty($claimed_nonce) && !is_null($claimed_op_endpoint) && !empty($claimed_op_endpoint) && $claimed_op_endpoint == $this->op_endpoint_url && !is_null($claimed_identity) && !empty($claimed_identity) && OpenIdUriHelper::isValidUrl($claimed_identity); if (!$res) { $msg = sprintf("return_to is empty? %b.", empty($claimed_returnTo)) . PHP_EOL; $msg = $msg . sprintf("realm is empty? %b.", empty($claimed_realm)) . PHP_EOL; $msg = $msg . sprintf("claimed_id is empty? %b.", empty($claimed_id)) . PHP_EOL; $msg = $msg . sprintf("identity is empty? %b.", empty($claimed_identity)) . PHP_EOL; $msg = $msg . sprintf("mode is empty? %b.", empty($mode)) . PHP_EOL; $msg = $msg . sprintf("is valid realm? %b.", $valid_realm) . PHP_EOL; throw new InvalidOpenIdMessageException($msg); } return $res; }
/** * @param $claimed_id * @param $identity * @return bool * @throws \openid\exceptions\InvalidOpenIdMessageException */ private function isValidIdentifier($claimed_id, $identity) { /* * openid.claimed_id" and "openid.identity" SHALL be either both present or both absent. * If neither value is present, the assertion is not about an identifier, and will contain * other information in its payload, using extensions. */ if (empty($this->user_identity_endpoint)) { throw new InvalidOpenIdMessageException("user_identity_endpoint is not set."); } if (is_null($claimed_id) && is_null($identity)) { return false; } //http://specs.openid.net/auth/2.0/identifier_select if ($claimed_id == $identity && $identity == OpenIdProtocol::IdentifierSelectType) { return true; } if (OpenIdUriHelper::isValidUrl($claimed_id) && OpenIdUriHelper::isValidUrl($identity)) { $identity_url_pattern = $this->user_identity_endpoint; $url_parts = explode("@", $identity_url_pattern, 2); $base_identity_url = $url_parts[0]; if (strpos($identity, $base_identity_url) !== false) { return true; } if (strpos($claimed_id, $base_identity_url) !== false) { return true; } } return false; }