1<?php 2 3/** 4 * Routines for XRI resolution. 5 * 6 * @package OpenID 7 * @author JanRain, Inc. <openid@janrain.com> 8 * @copyright 2005-2008 Janrain, Inc. 9 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache 10 */ 11 12require_once 'Auth/Yadis/Misc.php'; 13require_once 'Auth/Yadis/Yadis.php'; 14require_once 'Auth/OpenID.php'; 15 16function Auth_Yadis_getDefaultProxy() 17{ 18 return 'http://xri.net/'; 19} 20 21function Auth_Yadis_getXRIAuthorities() 22{ 23 return ['!', '=', '@', '+', '$', '(']; 24} 25 26function Auth_Yadis_getEscapeRE() 27{ 28 $parts = []; 29 foreach (array_merge(Auth_Yadis_getUCSChars(), 30 Auth_Yadis_getIPrivateChars()) as $pair) { 31 list($m, $n) = $pair; 32 $parts[] = sprintf("%s-%s", chr($m), chr($n)); 33 } 34 35 return sprintf('/[%s]/', implode('', $parts)); 36} 37 38function Auth_Yadis_getXrefRE() 39{ 40 return '/\((.*?)\)/'; 41} 42 43function Auth_Yadis_identifierScheme($identifier) 44{ 45 if (Auth_Yadis_startswith($identifier, 'xri://') || 46 ($identifier && 47 in_array($identifier[0], Auth_Yadis_getXRIAuthorities()))) { 48 return "XRI"; 49 } else { 50 return "URI"; 51 } 52} 53 54function Auth_Yadis_toIRINormal($xri) 55{ 56 if (!Auth_Yadis_startswith($xri, 'xri://')) { 57 $xri = 'xri://' . $xri; 58 } 59 60 return Auth_Yadis_escapeForIRI($xri); 61} 62 63function _escape_xref($xref_match) 64{ 65 $xref = $xref_match[0]; 66 $xref = str_replace('/', '%2F', $xref); 67 $xref = str_replace('?', '%3F', $xref); 68 $xref = str_replace('#', '%23', $xref); 69 return $xref; 70} 71 72function Auth_Yadis_escapeForIRI($xri) 73{ 74 $xri = str_replace('%', '%25', $xri); 75 $xri = preg_replace_callback(Auth_Yadis_getXrefRE(), 76 '_escape_xref', $xri); 77 return $xri; 78} 79 80function Auth_Yadis_toURINormal($xri) 81{ 82 return Auth_Yadis_iriToURI(Auth_Yadis_toIRINormal($xri)); 83} 84 85function Auth_Yadis_iriToURI($iri) 86{ 87 if (1) { 88 return $iri; 89 } else { 90 // According to RFC 3987, section 3.1, "Mapping of IRIs to URIs" 91 return preg_replace_callback(Auth_Yadis_getEscapeRE(), 92 'Auth_Yadis_pct_escape_unicode', $iri); 93 } 94} 95 96 97function Auth_Yadis_XRIAppendArgs($url, $args) 98{ 99 // Append some arguments to an HTTP query. Yes, this is just like 100 // OpenID's appendArgs, but with special seasoning for XRI 101 // queries. 102 103 if (count($args) == 0) { 104 return $url; 105 } 106 107 // Non-empty array; if it is an array of arrays, use multisort; 108 // otherwise use sort. 109 if (array_key_exists(0, $args) && 110 is_array($args[0])) { 111 // Do nothing here. 112 } else { 113 $keys = array_keys($args); 114 sort($keys); 115 $new_args = []; 116 foreach ($keys as $key) { 117 $new_args[] = [$key, $args[$key]]; 118 } 119 $args = $new_args; 120 } 121 122 // According to XRI Resolution section "QXRI query parameters": 123 // 124 // "If the original QXRI had a null query component (only a 125 // leading question mark), or a query component consisting of 126 // only question marks, one additional leading question mark MUST 127 // be added when adding any XRI resolution parameters." 128 if (strpos(rtrim($url, '?'), '?') !== false) { 129 $sep = '&'; 130 } else { 131 $sep = '?'; 132 } 133 134 return $url . $sep . Auth_OpenID::httpBuildQuery($args); 135} 136 137function Auth_Yadis_providerIsAuthoritative($providerID, $canonicalID) 138{ 139 $lastbang = strrpos($canonicalID, '!'); 140 $p = substr($canonicalID, 0, $lastbang); 141 return $p == $providerID; 142} 143 144function Auth_Yadis_rootAuthority($xri) 145{ 146 // Return the root authority for an XRI. 147 148 $root = null; 149 150 if (Auth_Yadis_startswith($xri, 'xri://')) { 151 $xri = substr($xri, 6); 152 } 153 154 $authority = explode('/', $xri, 2); 155 $authority = $authority[0]; 156 if ($authority[0] == '(') { 157 // Cross-reference. 158 // XXX: This is incorrect if someone nests cross-references so 159 // there is another close-paren in there. Hopefully nobody 160 // does that before we have a real xriparse function. 161 // Hopefully nobody does that *ever*. 162 $root = substr($authority, 0, strpos($authority, ')') + 1); 163 } else if (in_array($authority[0], Auth_Yadis_getXRIAuthorities())) { 164 // Other XRI reference. 165 $root = $authority[0]; 166 } else { 167 // IRI reference. 168 $_segments = explode("!", $authority); 169 $segments = []; 170 foreach ($_segments as $s) { 171 $segments = array_merge($segments, explode("*", $s)); 172 } 173 $root = $segments[0]; 174 } 175 176 return Auth_Yadis_XRI($root); 177} 178 179function Auth_Yadis_XRI($xri) 180{ 181 if (!Auth_Yadis_startswith($xri, 'xri://')) { 182 $xri = 'xri://' . $xri; 183 } 184 return $xri; 185} 186 187/** 188 * @param string $iname 189 * @param Auth_Yadis_XRDS $xrds 190 * @return bool|string 191 */ 192function Auth_Yadis_getCanonicalID($iname, $xrds) 193{ 194 // Returns false or a canonical ID value. 195 196 // Now nodes are in reverse order. 197 $xrd_list = array_reverse($xrds->allXrdNodes); 198 $parser = $xrds->parser; 199 $node = $xrd_list[0]; 200 201 $canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node); 202 203 if (!$canonicalID_nodes) { 204 return false; 205 } 206 207 $canonicalID = $canonicalID_nodes[0]; 208 $canonicalID = Auth_Yadis_XRI($parser->content($canonicalID)); 209 210 $childID = $canonicalID; 211 212 for ($i = 1; $i < count($xrd_list); $i++) { 213 $xrd = $xrd_list[$i]; 214 215 $parent_sought = substr($childID, 0, strrpos($childID, '!')); 216 $parentCID = $parser->evalXPath('xrd:CanonicalID', $xrd); 217 if (!$parentCID) { 218 return false; 219 } 220 $parentCID = Auth_Yadis_XRI($parser->content($parentCID[0])); 221 222 if (strcasecmp($parent_sought, $parentCID)) { 223 // raise XRDSFraud. 224 return false; 225 } 226 227 $childID = $parent_sought; 228 } 229 230 $root = Auth_Yadis_rootAuthority($iname); 231 if (!Auth_Yadis_providerIsAuthoritative($root, $childID)) { 232 // raise XRDSFraud. 233 return false; 234 } 235 236 return $canonicalID; 237} 238 239 240