public function isValid()
{
$mode = $this->getMode();
$claimed_assoc = $this->getAssocHandle();
$claimed_nonce = $this->getNonce();
$claimed_sig = $this->getSig();
$claimed_op_endpoint = $this->getOPEndpoint();
$claimed_identity = $this->getClaimedId();
$claimed_realm = $this->getRealm();
$claimed_returnTo = $this->getReturnTo();
$signed = $this->getSigned();
$valid_realm = OpenIdUriHelper::checkRealm($claimed_realm, $claimed_returnTo);
$res = !is_null($mode) && !empty($mode) && $mode == OpenIdProtocol::CheckAuthenticationMode && !is_null($claimed_returnTo) && !empty($claimed_returnTo) && OpenIdUriHelper::checkReturnTo($claimed_returnTo) && !is_null($claimed_realm) && !empty($claimed_realm) && $valid_realm && !is_null($claimed_assoc) && !empty($claimed_assoc) && !is_null($claimed_sig) && !empty($claimed_sig) && !is_null($signed) && !empty($signed) && !is_null($claimed_nonce) && !empty($claimed_nonce) && !is_null($claimed_op_endpoint) && !empty($claimed_op_endpoint) && $claimed_op_endpoint == $this->op_endpoint_url && !is_null($claimed_identity) && !empty($claimed_identity) && OpenIdUriHelper::isValidUrl($claimed_identity);
if (!$res) {
$msg = sprintf("return_to is empty? %b.", empty($claimed_returnTo)) . PHP_EOL;
$msg = $msg . sprintf("realm is empty? %b.", empty($claimed_realm)) . PHP_EOL;
$msg = $msg . sprintf("claimed_id is empty? %b.", empty($claimed_id)) . PHP_EOL;
$msg = $msg . sprintf("identity is empty? %b.", empty($claimed_identity)) . PHP_EOL;
$msg = $msg . sprintf("mode is empty? %b.", empty($mode)) . PHP_EOL;
$msg = $msg . sprintf("is valid realm? %b.", $valid_realm) . PHP_EOL;
throw new InvalidOpenIdMessageException($msg);
}
return $res;
}
/**
* @param $claimed_id
* @param $identity
* @return bool
* @throws \openid\exceptions\InvalidOpenIdMessageException
*/
private function isValidIdentifier($claimed_id, $identity)
{
/*
* openid.claimed_id" and "openid.identity" SHALL be either both present or both absent.
* If neither value is present, the assertion is not about an identifier, and will contain
* other information in its payload, using extensions.
*/
if (empty($this->user_identity_endpoint)) {
throw new InvalidOpenIdMessageException("user_identity_endpoint is not set.");
}
if (is_null($claimed_id) && is_null($identity)) {
return false;
}
//http://specs.openid.net/auth/2.0/identifier_select
if ($claimed_id == $identity && $identity == OpenIdProtocol::IdentifierSelectType) {
return true;
}
if (OpenIdUriHelper::isValidUrl($claimed_id) && OpenIdUriHelper::isValidUrl($identity)) {
$identity_url_pattern = $this->user_identity_endpoint;
$url_parts = explode("@", $identity_url_pattern, 2);
$base_identity_url = $url_parts[0];
if (strpos($identity, $base_identity_url) !== false) {
return true;
}
if (strpos($claimed_id, $base_identity_url) !== false) {
return true;
}
}
return false;
}