/** * uritoArray * * @param string $string The URI to parse * * @return array */ function uritoArray($string) { $exploded = explode('?', $string); if (count($exploded) > 1) { $queryString = $exploded[1]; } else { $queryString = $exploded[0]; } $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); return $message->getArrayFormat(); }
/** * testSetMessage * * @return void */ public function testSetMessage() { // KV $kv = "openid.foo:foo bar\nopenid.bar:foo bar\n"; // Test constructor setting $this->object = new OpenID_Message($kv, OpenID_Message::FORMAT_KV); $this->assertSame($kv, $this->object->getKVFormat()); // HTTP $http = "openid.foo=foo+bar&openid.bar=foo+bar"; $this->object->setMessage($http, OpenID_Message::FORMAT_HTTP); $this->assertSame($http, $this->object->getHTTPFormat()); // Array $array = array('openid.foo' => 'foo bar', 'openid.bar' => 'foo bar'); $this->object->setMessage($array, OpenID_Message::FORMAT_ARRAY); $this->assertSame($array, $this->object->getArrayFormat()); }
/** * Signs an OpenID_Message instance * * @param OpenID_Message $message Message to be signed * * @throws OpenID_Association_Exception if the message is already signed, or the association handles do not match * @return void */ public function signMessage(OpenID_Message $message) { if ($message->get('openid.sig') !== null || $message->get('openid.signed') !== null) { throw new OpenID_Association_Exception('This message appears to be already signed'); } // Make sure the handles match for this OP and response if ($this->assocHandle != $message->get('openid.assoc_handle')) { throw new OpenID_Association_Exception('Association handles do not match'); } $keys = array('signed'); foreach ($message->getArrayFormat() as $key => $val) { if (strncmp('openid.', $key, 7) == 0) { $keys[] = substr($key, 7); } } sort($keys); $message->set('openid.signed', implode(',', $keys)); $signedMessage = new OpenID_Message(); foreach ($keys as $key) { $signedMessage->set($key, $message->get('openid.' . $key)); } $rawSignature = $this->hashHMAC($signedMessage->getKVFormat()); $message->set('openid.sig', base64_encode($rawSignature)); }
/** * Actually sends the assocition request to the OP Endpoing URL. * * @return OpenID_Message * @see associate() */ protected function sendAssociationRequest() { if ($this->message->get('openid.session_type') == self::SESSION_TYPE_NO_ENCRYPTION) { $this->message->delete('openid.dh_consumer_public'); $this->message->delete('openid.dh_modulus'); $this->message->delete('openid.dh_gen'); } else { $this->initDH(); } $response = $this->directRequest($this->opEndpointURL, $this->message); $message = new OpenID_Message($response->getBody(), OpenID_Message::FORMAT_KV); OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true)); return $message; }
/** * Extracts extension contents from an OpenID_Message * * @param OpenID_Message $message OpenID_Message to extract the extension * contents from * * @return array An array of the extension's key/value pairs */ public function fromMessageResponse(OpenID_Message $message) { $values = array(); $alias = null; foreach ($message->getArrayFormat() as $ns => $value) { if (!preg_match('/^openid[.]ns[.]([^.]+)$/', $ns, $matches)) { continue; } $nsFromMessage = $message->get('openid.ns.' . $matches[1]); if ($nsFromMessage !== null && $nsFromMessage != $this->namespace) { continue; } $alias = $matches[1]; } if ($alias === null) { return $values; } if (count($this->responseKeys)) { // Only use allowed response keys foreach ($this->responseKeys as $key) { $value = $message->get('openid.' . $alias . '.' . $key); if ($value !== null) { $values[$key] = $value; } } } else { // Just grab all message components foreach ($message->getArrayFormat() as $key => $value) { if (preg_match('/^openid[.]' . $alias . '[.](.*+)$/', $key, $matches)) { $values[$matches[1]] = $value; } } } return $values; }
/** * Verifies an assertion response from the OP. If the openid.mode is error, an * exception is thrown. * * @param Net_URL2 $requestedURL The requested URL (that the user was * directed to by the OP) as a Net_URL2 * object * @param OpenID_Message $message The OpenID_Message instance, as extractd * from the input (GET or POST) * * @throws OpenID_Exception on error or invalid openid.mode * @return OpenID_Assertion_Response */ public function verify(Net_URL2 $requestedURL, OpenID_Message $message) { // Unsolicited assertion? if ($this->normalizedID === null) { $unsolicitedID = $message->get('openid.claimed_id'); $this->normalizedID = OpenID::normalizeIdentifier($unsolicitedID); } $mode = $message->get('openid.mode'); $result = new OpenID_Assertion_Result(); OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true)); switch ($mode) { case OpenID::MODE_ID_RES: if ($message->get('openid.ns') === null && $message->get('openid.user_setup_url') !== null) { // Negative 1.1 checkid_immediate response $result->setAssertionMethod($mode); $result->setUserSetupURL($message->get('openid.user_setup_url')); return $result; } break; case OpenID::MODE_CANCEL: case OpenID::MODE_SETUP_NEEDED: $result->setAssertionMethod($mode); return $result; case OpenID::MODE_ERROR: throw new OpenID_Exception($message->get('openid.error')); default: throw new OpenID_Exception('Unknown mode: ' . $mode); } $discover = $this->getDiscover(); $serviceEndpoint = $discover->services[0]; $URIs = $serviceEndpoint->getURIs(); $opEndpointURL = array_shift($URIs); $assertion = $this->getAssertionObject($message, $requestedURL); $result->setDiscover($discover); // Check via associations if ($this->useAssociations) { if ($message->get('openid.invalidate_handle') === null) { // Don't fall back to check_authentication $result->setAssertionMethod(OpenID::MODE_ASSOCIATE); $assoc = $this->getStore()->getAssociation($opEndpointURL, $message->get('openid.assoc_handle')); OpenID::setLastEvent(__METHOD__, print_r($assoc, true)); if ($assoc instanceof OpenID_Association && $assoc->checkMessageSignature($message)) { $result->setAssertionResult(true); } // If it's not an unsolicited assertion, just return if (!isset($unsolicitedID)) { return $result; } } else { // Invalidate handle requested. Delete it and fall back to // check_authenticate $this->getStore()->deleteAssociation($opEndpointURL); } } // Check via check_authenticate $result->setAssertionMethod(OpenID::MODE_CHECK_AUTHENTICATION); $result->setCheckAuthResponse($assertion->checkAuthentication()); if ($result->getCheckAuthResponse()->get('is_valid') == 'true') { $result->setAssertionResult(true); } return $result; }