function trustRootValid()
{
if (!$this->trust_root) {
return true;
}
$tr = Auth_OpenID_TrustRoot::_parse($this->trust_root);
if ($tr === false) {
return new Auth_OpenID_MalformedTrustRoot($this->message,
$this->trust_root);
}
if ($this->return_to !== null) {
return Auth_OpenID_TrustRoot::match($this->trust_root,
$this->return_to);
} else {
return true;
}
}
/**
* Does this URL match the given trust root?
*
* Return whether the URL falls under the given trust root. This
* does not check whether the trust root is sane. If the URL or
* trust root do not parse, this function will return false.
*
* @param string $trust_root The trust root to match against
*
* @param string $url The URL to check
*
* @return bool $matches Whether the URL matches against the
* trust root
*/
function match($trust_root, $url)
{
$trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root);
$url_parsed = Auth_OpenID_TrustRoot::_parse($url);
if (!$trust_root_parsed || !$url_parsed) {
return false;
}
// Check hosts matching
if ($url_parsed['wildcard']) {
return false;
}
if ($trust_root_parsed['wildcard']) {
$host_tail = $trust_root_parsed['host'];
$host = $url_parsed['host'];
if ($host_tail && substr($host, -strlen($host_tail)) != $host_tail && substr($host_tail, 1) != $host) {
return false;
}
} else {
if ($trust_root_parsed['host'] != $url_parsed['host']) {
return false;
}
}
// Check path and query matching
$base_path = $trust_root_parsed['path'];
$path = $url_parsed['path'];
if (!isset($trust_root_parsed['query'])) {
if ($base_path != $path) {
if (substr($path, 0, strlen($base_path)) != $base_path) {
return false;
}
if (substr($base_path, strlen($base_path) - 1, 1) != '/' && substr($path, strlen($base_path), 1) != '/') {
return false;
}
}
} else {
$base_query = $trust_root_parsed['query'];
$query = @$url_parsed['query'];
$qplus = substr($query, 0, strlen($base_query) + 1);
$bqplus = $base_query . '&';
if ($base_path != $path || $base_query != $query && $qplus != $bqplus) {
return false;
}
}
// The port and scheme need to match exactly
return $trust_root_parsed['scheme'] == $url_parsed['scheme'] && $url_parsed['port'] === $trust_root_parsed['port'];
}
function failUnlessDiscoURL($realm, $expected_discovery_url)
{
$actual_discovery_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm);
$this->assertEquals($expected_discovery_url, $actual_discovery_url);
}
/**
* Extract a FetchRequest from an OpenID message
*
* @param request: The OpenID request containing the attribute
* fetch request
*
* @returns mixed An Auth_OpenID_AX_Error or the
* Auth_OpenID_AX_FetchRequest extracted from the request message if
* successful
*/
function &fromOpenIDRequest($request)
{
$m = $request->message;
$obj = new Auth_OpenID_AX_FetchRequest();
$ax_args = $m->getArgs($obj->ns_uri);
$result = $obj->parseExtensionArgs($ax_args);
if (Auth_OpenID_AX::isError($result)) {
return $result;
}
if ($obj->update_url) {
// Update URL must match the openid.realm of the
// underlying OpenID 2 message.
$realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm', $m->getArg(Auth_OpenID_OPENID_NS, 'return_to'));
if (!$realm) {
$obj = new Auth_OpenID_AX_Error(sprintf("Cannot validate update_url %s " . "against absent realm", $obj->update_url));
} else {
if (!Auth_OpenID_TrustRoot::match($realm, $obj->update_url)) {
$obj = new Auth_OpenID_AX_Error(sprintf("Update URL %s failed validation against realm %s", $obj->update_url, $realm));
}
}
}
return $obj;
}
function runTest()
{
$matches = Auth_OpenID_TrustRoot::match($this->tr, $this->rt);
$this->assertEquals((bool) $this->matches, (bool) $matches);
}
