function trustRootValid() { if (!$this->trust_root) { return true; } $tr = Auth_OpenID_TrustRoot::_parse($this->trust_root); if ($tr === false) { return new Auth_OpenID_MalformedTrustRoot($this->message, $this->trust_root); } if ($this->return_to !== null) { return Auth_OpenID_TrustRoot::match($this->trust_root, $this->return_to); } else { return true; } }
/** * Does this URL match the given trust root? * * Return whether the URL falls under the given trust root. This * does not check whether the trust root is sane. If the URL or * trust root do not parse, this function will return false. * * @param string $trust_root The trust root to match against * * @param string $url The URL to check * * @return bool $matches Whether the URL matches against the * trust root */ function match($trust_root, $url) { $trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root); $url_parsed = Auth_OpenID_TrustRoot::_parse($url); if (!$trust_root_parsed || !$url_parsed) { return false; } // Check hosts matching if ($url_parsed['wildcard']) { return false; } if ($trust_root_parsed['wildcard']) { $host_tail = $trust_root_parsed['host']; $host = $url_parsed['host']; if ($host_tail && substr($host, -strlen($host_tail)) != $host_tail && substr($host_tail, 1) != $host) { return false; } } else { if ($trust_root_parsed['host'] != $url_parsed['host']) { return false; } } // Check path and query matching $base_path = $trust_root_parsed['path']; $path = $url_parsed['path']; if (!isset($trust_root_parsed['query'])) { if ($base_path != $path) { if (substr($path, 0, strlen($base_path)) != $base_path) { return false; } if (substr($base_path, strlen($base_path) - 1, 1) != '/' && substr($path, strlen($base_path), 1) != '/') { return false; } } } else { $base_query = $trust_root_parsed['query']; $query = @$url_parsed['query']; $qplus = substr($query, 0, strlen($base_query) + 1); $bqplus = $base_query . '&'; if ($base_path != $path || $base_query != $query && $qplus != $bqplus) { return false; } } // The port and scheme need to match exactly return $trust_root_parsed['scheme'] == $url_parsed['scheme'] && $url_parsed['port'] === $trust_root_parsed['port']; }
function failUnlessDiscoURL($realm, $expected_discovery_url) { $actual_discovery_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm); $this->assertEquals($expected_discovery_url, $actual_discovery_url); }
/** * Extract a FetchRequest from an OpenID message * * @param request: The OpenID request containing the attribute * fetch request * * @returns mixed An Auth_OpenID_AX_Error or the * Auth_OpenID_AX_FetchRequest extracted from the request message if * successful */ function &fromOpenIDRequest($request) { $m = $request->message; $obj = new Auth_OpenID_AX_FetchRequest(); $ax_args = $m->getArgs($obj->ns_uri); $result = $obj->parseExtensionArgs($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } if ($obj->update_url) { // Update URL must match the openid.realm of the // underlying OpenID 2 message. $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm', $m->getArg(Auth_OpenID_OPENID_NS, 'return_to')); if (!$realm) { $obj = new Auth_OpenID_AX_Error(sprintf("Cannot validate update_url %s " . "against absent realm", $obj->update_url)); } else { if (!Auth_OpenID_TrustRoot::match($realm, $obj->update_url)) { $obj = new Auth_OpenID_AX_Error(sprintf("Update URL %s failed validation against realm %s", $obj->update_url, $realm)); } } } return $obj; }
function runTest() { $matches = Auth_OpenID_TrustRoot::match($this->tr, $this->rt); $this->assertEquals((bool) $this->matches, (bool) $matches); }