/**
* uritoArray
*
* @param string $string The URI to parse
*
* @return array
*/
function uritoArray($string)
{
$exploded = explode('?', $string);
if (count($exploded) > 1) {
$queryString = $exploded[1];
} else {
$queryString = $exploded[0];
}
$message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
return $message->getArrayFormat();
}
/**
* testSetMessage
*
* @return void
*/
public function testSetMessage()
{
// KV
$kv = "openid.foo:foo bar\nopenid.bar:foo bar\n";
// Test constructor setting
$this->object = new OpenID_Message($kv, OpenID_Message::FORMAT_KV);
$this->assertSame($kv, $this->object->getKVFormat());
// HTTP
$http = "openid.foo=foo+bar&openid.bar=foo+bar";
$this->object->setMessage($http, OpenID_Message::FORMAT_HTTP);
$this->assertSame($http, $this->object->getHTTPFormat());
// Array
$array = array('openid.foo' => 'foo bar', 'openid.bar' => 'foo bar');
$this->object->setMessage($array, OpenID_Message::FORMAT_ARRAY);
$this->assertSame($array, $this->object->getArrayFormat());
}
/**
* Signs an OpenID_Message instance
*
* @param OpenID_Message $message Message to be signed
*
* @throws OpenID_Association_Exception if the message is already signed,
or the association handles do not match
* @return void
*/
public function signMessage(OpenID_Message $message)
{
if ($message->get('openid.sig') !== null || $message->get('openid.signed') !== null) {
throw new OpenID_Association_Exception('This message appears to be already signed');
}
// Make sure the handles match for this OP and response
if ($this->assocHandle != $message->get('openid.assoc_handle')) {
throw new OpenID_Association_Exception('Association handles do not match');
}
$keys = array('signed');
foreach ($message->getArrayFormat() as $key => $val) {
if (strncmp('openid.', $key, 7) == 0) {
$keys[] = substr($key, 7);
}
}
sort($keys);
$message->set('openid.signed', implode(',', $keys));
$signedMessage = new OpenID_Message();
foreach ($keys as $key) {
$signedMessage->set($key, $message->get('openid.' . $key));
}
$rawSignature = $this->hashHMAC($signedMessage->getKVFormat());
$message->set('openid.sig', base64_encode($rawSignature));
}
/**
* Actually sends the assocition request to the OP Endpoing URL.
*
* @return OpenID_Message
* @see associate()
*/
protected function sendAssociationRequest()
{
if ($this->message->get('openid.session_type') == self::SESSION_TYPE_NO_ENCRYPTION) {
$this->message->delete('openid.dh_consumer_public');
$this->message->delete('openid.dh_modulus');
$this->message->delete('openid.dh_gen');
} else {
$this->initDH();
}
$response = $this->directRequest($this->opEndpointURL, $this->message);
$message = new OpenID_Message($response->getBody(), OpenID_Message::FORMAT_KV);
OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true));
return $message;
}
/**
* Extracts extension contents from an OpenID_Message
*
* @param OpenID_Message $message OpenID_Message to extract the extension
* contents from
*
* @return array An array of the extension's key/value pairs
*/
public function fromMessageResponse(OpenID_Message $message)
{
$values = array();
$alias = null;
foreach ($message->getArrayFormat() as $ns => $value) {
if (!preg_match('/^openid[.]ns[.]([^.]+)$/', $ns, $matches)) {
continue;
}
$nsFromMessage = $message->get('openid.ns.' . $matches[1]);
if ($nsFromMessage !== null && $nsFromMessage != $this->namespace) {
continue;
}
$alias = $matches[1];
}
if ($alias === null) {
return $values;
}
if (count($this->responseKeys)) {
// Only use allowed response keys
foreach ($this->responseKeys as $key) {
$value = $message->get('openid.' . $alias . '.' . $key);
if ($value !== null) {
$values[$key] = $value;
}
}
} else {
// Just grab all message components
foreach ($message->getArrayFormat() as $key => $value) {
if (preg_match('/^openid[.]' . $alias . '[.](.*+)$/', $key, $matches)) {
$values[$matches[1]] = $value;
}
}
}
return $values;
}
/**
* Verifies an assertion response from the OP. If the openid.mode is error, an
* exception is thrown.
*
* @param Net_URL2 $requestedURL The requested URL (that the user was
* directed to by the OP) as a Net_URL2
* object
* @param OpenID_Message $message The OpenID_Message instance, as extractd
* from the input (GET or POST)
*
* @throws OpenID_Exception on error or invalid openid.mode
* @return OpenID_Assertion_Response
*/
public function verify(Net_URL2 $requestedURL, OpenID_Message $message)
{
// Unsolicited assertion?
if ($this->normalizedID === null) {
$unsolicitedID = $message->get('openid.claimed_id');
$this->normalizedID = OpenID::normalizeIdentifier($unsolicitedID);
}
$mode = $message->get('openid.mode');
$result = new OpenID_Assertion_Result();
OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true));
switch ($mode) {
case OpenID::MODE_ID_RES:
if ($message->get('openid.ns') === null && $message->get('openid.user_setup_url') !== null) {
// Negative 1.1 checkid_immediate response
$result->setAssertionMethod($mode);
$result->setUserSetupURL($message->get('openid.user_setup_url'));
return $result;
}
break;
case OpenID::MODE_CANCEL:
case OpenID::MODE_SETUP_NEEDED:
$result->setAssertionMethod($mode);
return $result;
case OpenID::MODE_ERROR:
throw new OpenID_Exception($message->get('openid.error'));
default:
throw new OpenID_Exception('Unknown mode: ' . $mode);
}
$discover = $this->getDiscover();
$serviceEndpoint = $discover->services[0];
$URIs = $serviceEndpoint->getURIs();
$opEndpointURL = array_shift($URIs);
$assertion = $this->getAssertionObject($message, $requestedURL);
$result->setDiscover($discover);
// Check via associations
if ($this->useAssociations) {
if ($message->get('openid.invalidate_handle') === null) {
// Don't fall back to check_authentication
$result->setAssertionMethod(OpenID::MODE_ASSOCIATE);
$assoc = $this->getStore()->getAssociation($opEndpointURL, $message->get('openid.assoc_handle'));
OpenID::setLastEvent(__METHOD__, print_r($assoc, true));
if ($assoc instanceof OpenID_Association && $assoc->checkMessageSignature($message)) {
$result->setAssertionResult(true);
}
// If it's not an unsolicited assertion, just return
if (!isset($unsolicitedID)) {
return $result;
}
} else {
// Invalidate handle requested. Delete it and fall back to
// check_authenticate
$this->getStore()->deleteAssociation($opEndpointURL);
}
}
// Check via check_authenticate
$result->setAssertionMethod(OpenID::MODE_CHECK_AUTHENTICATION);
$result->setCheckAuthResponse($assertion->checkAuthentication());
if ($result->getCheckAuthResponse()->get('is_valid') == 'true') {
$result->setAssertionResult(true);
}
return $result;
}
