1<?php
2
3/**
4 * Routines for XRI resolution.
5 *
6 * @package OpenID
7 * @author JanRain, Inc. <openid@janrain.com>
8 * @copyright 2005-2008 Janrain, Inc.
9 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
10 */
11
12require_once 'Auth/Yadis/Misc.php';
13require_once 'Auth/Yadis/Yadis.php';
14require_once 'Auth/OpenID.php';
15
16function Auth_Yadis_getDefaultProxy()
17{
18    return 'http://xri.net/';
19}
20
21function Auth_Yadis_getXRIAuthorities()
22{
23    return ['!', '=', '@', '+', '$', '('];
24}
25
26function Auth_Yadis_getEscapeRE()
27{
28    $parts = [];
29    foreach (array_merge(Auth_Yadis_getUCSChars(),
30                         Auth_Yadis_getIPrivateChars()) as $pair) {
31        list($m, $n) = $pair;
32        $parts[] = sprintf("%s-%s", chr($m), chr($n));
33    }
34
35    return sprintf('/[%s]/', implode('', $parts));
36}
37
38function Auth_Yadis_getXrefRE()
39{
40    return '/\((.*?)\)/';
41}
42
43function Auth_Yadis_identifierScheme($identifier)
44{
45    if (Auth_Yadis_startswith($identifier, 'xri://') ||
46        ($identifier &&
47          in_array($identifier[0], Auth_Yadis_getXRIAuthorities()))) {
48        return "XRI";
49    } else {
50        return "URI";
51    }
52}
53
54function Auth_Yadis_toIRINormal($xri)
55{
56    if (!Auth_Yadis_startswith($xri, 'xri://')) {
57        $xri = 'xri://' . $xri;
58    }
59
60    return Auth_Yadis_escapeForIRI($xri);
61}
62
63function _escape_xref($xref_match)
64{
65    $xref = $xref_match[0];
66    $xref = str_replace('/', '%2F', $xref);
67    $xref = str_replace('?', '%3F', $xref);
68    $xref = str_replace('#', '%23', $xref);
69    return $xref;
70}
71
72function Auth_Yadis_escapeForIRI($xri)
73{
74    $xri = str_replace('%', '%25', $xri);
75    $xri = preg_replace_callback(Auth_Yadis_getXrefRE(),
76                                 '_escape_xref', $xri);
77    return $xri;
78}
79
80function Auth_Yadis_toURINormal($xri)
81{
82    return Auth_Yadis_iriToURI(Auth_Yadis_toIRINormal($xri));
83}
84
85function Auth_Yadis_iriToURI($iri)
86{
87    if (1) {
88        return $iri;
89    } else {
90        // According to RFC 3987, section 3.1, "Mapping of IRIs to URIs"
91        return preg_replace_callback(Auth_Yadis_getEscapeRE(),
92                                     'Auth_Yadis_pct_escape_unicode', $iri);
93    }
94}
95
96
97function Auth_Yadis_XRIAppendArgs($url, $args)
98{
99    // Append some arguments to an HTTP query.  Yes, this is just like
100    // OpenID's appendArgs, but with special seasoning for XRI
101    // queries.
102
103    if (count($args) == 0) {
104        return $url;
105    }
106
107    // Non-empty array; if it is an array of arrays, use multisort;
108    // otherwise use sort.
109    if (array_key_exists(0, $args) &&
110        is_array($args[0])) {
111        // Do nothing here.
112    } else {
113        $keys = array_keys($args);
114        sort($keys);
115        $new_args = [];
116        foreach ($keys as $key) {
117            $new_args[] = [$key, $args[$key]];
118        }
119        $args = $new_args;
120    }
121
122    // According to XRI Resolution section "QXRI query parameters":
123    //
124    // "If the original QXRI had a null query component (only a
125    //  leading question mark), or a query component consisting of
126    //  only question marks, one additional leading question mark MUST
127    //  be added when adding any XRI resolution parameters."
128    if (strpos(rtrim($url, '?'), '?') !== false) {
129        $sep = '&';
130    } else {
131        $sep = '?';
132    }
133
134    return $url . $sep . Auth_OpenID::httpBuildQuery($args);
135}
136
137function Auth_Yadis_providerIsAuthoritative($providerID, $canonicalID)
138{
139    $lastbang = strrpos($canonicalID, '!');
140    $p = substr($canonicalID, 0, $lastbang);
141    return $p == $providerID;
142}
143
144function Auth_Yadis_rootAuthority($xri)
145{
146    // Return the root authority for an XRI.
147
148    $root = null;
149
150    if (Auth_Yadis_startswith($xri, 'xri://')) {
151        $xri = substr($xri, 6);
152    }
153
154    $authority = explode('/', $xri, 2);
155    $authority = $authority[0];
156    if ($authority[0] == '(') {
157        // Cross-reference.
158        // XXX: This is incorrect if someone nests cross-references so
159        //   there is another close-paren in there.  Hopefully nobody
160        //   does that before we have a real xriparse function.
161        //   Hopefully nobody does that *ever*.
162        $root = substr($authority, 0, strpos($authority, ')') + 1);
163    } else if (in_array($authority[0], Auth_Yadis_getXRIAuthorities())) {
164        // Other XRI reference.
165        $root = $authority[0];
166    } else {
167        // IRI reference.
168        $_segments = explode("!", $authority);
169        $segments = [];
170        foreach ($_segments as $s) {
171            $segments = array_merge($segments, explode("*", $s));
172        }
173        $root = $segments[0];
174    }
175
176    return Auth_Yadis_XRI($root);
177}
178
179function Auth_Yadis_XRI($xri)
180{
181    if (!Auth_Yadis_startswith($xri, 'xri://')) {
182        $xri = 'xri://' . $xri;
183    }
184    return $xri;
185}
186
187/**
188 * @param string $iname
189 * @param Auth_Yadis_XRDS $xrds
190 * @return bool|string
191 */
192function Auth_Yadis_getCanonicalID($iname, $xrds)
193{
194    // Returns false or a canonical ID value.
195
196    // Now nodes are in reverse order.
197    $xrd_list = array_reverse($xrds->allXrdNodes);
198    $parser = $xrds->parser;
199    $node = $xrd_list[0];
200
201    $canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node);
202
203    if (!$canonicalID_nodes) {
204        return false;
205    }
206
207    $canonicalID = $canonicalID_nodes[0];
208    $canonicalID = Auth_Yadis_XRI($parser->content($canonicalID));
209
210    $childID = $canonicalID;
211
212    for ($i = 1; $i < count($xrd_list); $i++) {
213        $xrd = $xrd_list[$i];
214
215        $parent_sought = substr($childID, 0, strrpos($childID, '!'));
216        $parentCID = $parser->evalXPath('xrd:CanonicalID', $xrd);
217        if (!$parentCID) {
218            return false;
219        }
220        $parentCID = Auth_Yadis_XRI($parser->content($parentCID[0]));
221
222        if (strcasecmp($parent_sought, $parentCID)) {
223            // raise XRDSFraud.
224            return false;
225        }
226
227        $childID = $parent_sought;
228    }
229
230    $root = Auth_Yadis_rootAuthority($iname);
231    if (!Auth_Yadis_providerIsAuthoritative($root, $childID)) {
232        // raise XRDSFraud.
233        return false;
234    }
235
236    return $canonicalID;
237}
238
239
240