/**
* Initialize the diffie-hellman parameters for the association request.
*
* @return void
*/
public function init()
{
if ($this->cdh === null) {
$this->cdh = new Crypt_DiffieHellman(self::DH_DEFAULT_MODULUS, self::DH_DEFAULT_GENERATOR);
$this->cdh->generateKeys();
}
// Set public key
$this->message->set('openid.dh_consumer_public', base64_encode($this->cdh->getPublicKey(Crypt_DiffieHellman::BTWOC)));
// Set modulus
$prime = $this->cdh->getPrime(Crypt_DiffieHellman::BTWOC);
$this->message->set('openid.dh_modulus', base64_encode($prime));
// Set prime
$gen = $this->cdh->getGenerator(Crypt_DiffieHellman::BTWOC);
$this->message->set('openid.dh_gen', base64_encode($gen));
}
/**
* Performs a check_authentication request.
*
* @param array $options Options to pass to HTTP_Request
*
* @return OpenID_Message Reponse to the check_authentication request
*/
public function checkAuthentication(array $options = array())
{
$this->message->set('openid.mode', OpenID::MODE_CHECK_AUTHENTICATION);
$opURL = $this->message->get('openid.op_endpoint');
$response = $this->directRequest($opURL, $this->message, $options);
return new OpenID_Message($response->getBody(), OpenID_Message::FORMAT_KV);
}
/**
* testGetArrayFormat
*
* @return void
*/
public function testGetArrayFormat()
{
$http = array('openid.foo' => 'foo bar', 'openid.bar' => 'foo bar');
$this->object->set('openid.foo', 'foo bar');
$this->object->set('openid.bar', 'foo bar');
$this->assertSame($http, $this->object->getArrayFormat());
}
/**
* testSetAndGetCheckAuthResponse
*
* @return void
*/
public function testSetAndGetCheckAuthResponse()
{
$message = new OpenID_Message();
$message->set('openid.id_res', 'true');
$this->result->setCheckAuthResponse($message);
$this->assertSame($message, $this->result->getCheckAuthResponse());
}
/**
* Adds a nonce to the openid.return_to URL parameter. Only used in OpenID 1.1
*
* @return void
*/
protected function addNonce()
{
$nonce = $this->getNonce()->createNonceAndStore();
$returnToURL = new Net_URL2($this->message->get('openid.return_to'));
$returnToURL->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, urlencode($nonce));
$this->message->set('openid.return_to', $returnToURL->getURL());
// Observing
$logMessage = "Nonce: {$nonce}\n";
$logMessage = 'New ReturnTo: ' . $returnToURL->getURL() . "\n";
$logMessage .= 'OP URIs: ' . print_r($this->serviceEndpoint->getURIs(), true);
OpenID::setLastEvent(__METHOD__, $logMessage);
}
/**
* Sets the session type. Can be sha1, sha256, or no-encryption
*
* @param string $type sha1, sha256, or no-encryption
*
* @throws OpenID_Association_Exception on invalid type, or if you set
* no-encryption for an OP URL that doesn't support HTTPS
* @return void
*/
public function setSessionType($type)
{
switch ($type) {
case self::SESSION_TYPE_NO_ENCRYPTION:
// Make sure we're using SSL
if (!preg_match('@^https://@i', $this->opEndpointURL)) {
throw new OpenID_Association_Exception('Un-encrypted sessions require HTTPS');
}
$this->message->set('openid.session_type', self::SESSION_TYPE_NO_ENCRYPTION);
break;
case self::SESSION_TYPE_DH_SHA1:
case self::SESSION_TYPE_DH_SHA256:
$this->message->set('openid.session_type', $type);
break;
default:
throw new OpenID_Association_Exception("Invalid session_type: {$type}");
}
}
/**
* testDirectRequest
*
* @return void
*/
public function testDirectRequest()
{
$this->setExpectedException('OpenID_Exception', 'foobar');
$request = $this->getMock('HTTP_Request2', array('send'));
$request->expects($this->once())->method('send')->will($this->throwException(new HTTP_Request2_Exception('foobar')));
$openid = $this->getMock('OpenID', array('getHTTPRequest2Instance'));
$openid->expects($this->once())->method('getHTTPRequest2Instance')->will($this->returnValue($request));
$message = new OpenID_Message();
$message->set('foo', 'bar');
$openid->directRequest('http://example.com', $message);
}
/**
* Signs an OpenID_Message instance
*
* @param OpenID_Message $message Message to be signed
*
* @throws OpenID_Association_Exception if the message is already signed,
or the association handles do not match
* @return void
*/
public function signMessage(OpenID_Message $message)
{
if ($message->get('openid.sig') !== null || $message->get('openid.signed') !== null) {
throw new OpenID_Association_Exception('This message appears to be already signed');
}
// Make sure the handles match for this OP and response
if ($this->assocHandle != $message->get('openid.assoc_handle')) {
throw new OpenID_Association_Exception('Association handles do not match');
}
$keys = array('signed');
foreach ($message->getArrayFormat() as $key => $val) {
if (strncmp('openid.', $key, 7) == 0) {
$keys[] = substr($key, 7);
}
}
sort($keys);
$message->set('openid.signed', implode(',', $keys));
$signedMessage = new OpenID_Message();
foreach ($keys as $key) {
$signedMessage->set($key, $message->get('openid.' . $key));
}
$rawSignature = $this->hashHMAC($signedMessage->getKVFormat());
$message->set('openid.sig', base64_encode($rawSignature));
}
/**
* testNoSignedKeys
*
* @return void
*/
public function testNoSignedKeys()
{
$message = new OpenID_Message();
$message->set('openid.assoc_handle', $this->object->assocHandle);
$message->set('openid.op_endpoint', 'http://example.com');
$this->assertFalse($this->object->checkMessageSignature($message));
}
/**
* Adds the extension contents to an OpenID_Message
*
* @param OpenID_Message $message Message to add the extension contents to
*
* @throws OpenID_Extension_Exception on error
* @return void
*/
public function toMessage(OpenID_Message $message)
{
// Make sure we have a valid alias name
if (empty($this->alias) || in_array($this->alias, self::$reserved)) {
throw new OpenID_Extension_Exception('Invalid extension alias' . $this->alias);
}
$namespaceAlias = 'openid.ns.' . $this->alias;
// Make sure the alias doesn't collide
if ($message->get($namespaceAlias) !== null) {
throw new OpenID_Extension_Exception('Extension alias ' . $this->alias . ' is already set');
}
// Add alias assignment? (SREG 1.0 Doesn't use one)
if ($this->useNamespaceAlias) {
$message->set($namespaceAlias, $this->namespace);
}
foreach ($this->values as $key => $value) {
$message->set('openid.' . $this->alias . '.' . $key, $value);
}
}
/**
* testFromMessageReponseNoResponseKeys
*
* @return void
*/
public function testFromMessageReponseNoResponseKeys()
{
$extension = new OpenID_Extension_MockNoResponseKeys(OpenID_Extension::RESPONSE);
$message = new OpenID_Message();
// Make sure we iterate over the message at least once
$message->set('openid.ns.mock', 'http://example.com/mock');
$message->set('openid.mock.foo', 'bar');
$response = $extension->fromMessageResponse($message);
$this->assertSame(1, count($response));
}
/**
* testValidateReturnToOneOneImmediateNegative
*
* @return void
*/
public function testValidateReturnToOneOneImmediateNegative()
{
$opEndpoint = new OpenID_ServiceEndpoint();
$opEndpoint->setURIs(array($this->opEndpointURL));
$opEndpoints = new OpenID_ServiceEndpoints($this->claimedID, $opEndpoint);
$nonce = new OpenID_Nonce($this->opEndpointURL);
$nonceValue = $nonce->createNonce();
$rt = new Net_URL2('http://examplerp.com');
$rt->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue);
$setupMessage = new OpenID_Message();
$setupMessage->set('openid.identity', $this->claimedID);
$setupMessage->set('openid.return_to', $rt->getURL());
$setupMessage->set(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue);
$this->message = new OpenID_Message();
$this->message->set('openid.mode', OpenID::MODE_ID_RES);
$this->message->set(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue);
$this->message->set('openid.user_setup_url', 'http://examplerp.com/?' . $setupMessage->getHTTPFormat());
$this->discover = $this->getMock('OpenID_Discover', array('__get'), array($this->claimedID));
$this->discover->expects($this->once())->method('__get')->will($this->returnValue($opEndpoints));
$this->store->expects($this->once())->method('getDiscover')->will($this->returnValue($this->discover));
$this->store->expects($this->any())->method('getNonce')->will($this->returnValue($nonceValue));
$this->createObjects();
}
/**
* testGetAssertionObject
*
* @return void
*/
public function testGetAssertionObject()
{
$this->store->expects($this->any())->method('getDiscover')->will($this->returnValue($this->discover));
$this->store->expects($this->once())->method('getNonce')->will($this->returnValue(false));
$nonceObj = new OpenID_Nonce($this->opEndpointURL);
$nonce = $nonceObj->createNonce();
$message = new OpenID_Message();
$message->set('openid.mode', 'id_res');
$message->set('openid.ns', OpenID::NS_2_0);
$message->set('openid.return_to', $this->returnTo);
$message->set('openid.claimed_id', $this->id);
$message->set('openid.identity', $this->id);
$message->set('openid.op_endpoint', $this->opEndpointURL);
$message->set('openid.invalidate_handle', '12345qwerty');
$message->set('openid.response_nonce', $nonce);
$rp = new OpenID_RelyingParty_Mock($this->id, $this->returnTo, $this->realm);
$this->assertInstanceOf('OpenID_Assertion', $rp->returnGetAssertionObject($message, new Net_URL2($this->returnTo)));
}
