/**
* @param IOpenIdUser $user
* @param $realm
* @param array $data
* @return array|mixed
* @throws \Exception
*/
public function getTrustedSites(IOpenIdUser $user, $realm, $data = array())
{
$res = array();
try {
if (!OpenIdUriHelper::isValidRealm($realm)) {
throw new OpenIdInvalidRealmException(sprintf('realm %s is invalid', $realm));
}
//get all possible sub-domains
$sub_domains = $this->getSubDomains($realm);
$sites = $this->repository->getMatchingOnesByUserId($user->getId(), $sub_domains, $data);
//iterate over all retrieved sites and check the set policies by user
foreach ($sites as $site) {
$policy = $site->getAuthorizationPolicy();
//if denied then break
if ($policy == IAuthService::AuthorizationResponse_DenyForever) {
array_push($res, $site);
break;
}
$trusted_data = $site->getData();
$diff = array_diff($data, $trusted_data);
//if pre approved data is contained or equal than a former one
if (count($diff) == 0) {
array_push($res, $site);
break;
}
}
} catch (Exception $ex) {
$this->log_service->error($ex);
throw $ex;
}
return $res;
}
