TrustRoot.php File Reference

Go to the source code of this file.

Data Structures
class	Auth_OpenID_TrustRoot
	A wrapper for trust-root related functions. More...

Namespaces
	OpenID
	This module contains code for dealing with associations between consumers and servers.

Functions
	filter_extractReturnURL ($endpoint)
&	Auth_OpenID_extractReturnURL (&$endpoint_list)
	Auth_OpenID_returnToMatches ($allowed_return_to_urls, $return_to)
	Auth_OpenID_getAllowedReturnURLs ($relying_party_url, $fetcher, $discover_function=null)
	Auth_OpenID_verifyReturnTo ($realm_str, $return_to, $fetcher, $_vrfy='Auth_OpenID_getAllowedReturnURLs')

Variables
const	Auth_OpenID___TLDs '/\.(ac|ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|asia' . '|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br' . '|bs|bt|bv|bw|by|bz|ca|cat|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co' . '|com|coop|cr|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg' . '|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl' . '|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie' . '|il|im|in|info|int|io|iq|ir|is|it|je|jm|jo|jobs|jp|ke|kg|kh' . '|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly' . '|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mobi|mp|mq|mr|ms|mt' . '|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no' . '|np|nr|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt' . '|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl' . '|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tel|tf|tg|th|tj|tk|tl|tm' . '|tn|to|tp|tr|travel|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve' . '|vg|vi|vn|vu|wf|ws|xn--0zwm56d|xn--11b5bs3a9aj6g' . '|xn--80akhbyknj4f|xn--9t4b11yi5a|xn--deba0ad|xn--g6w251d' . '|xn--hgbk6aj7f53bba|xn--hlcj6aya9esc7a|xn--jxalpdlp' . '|xn--kgbechtv|xn--zckzah|ye|yt|yu|za|zm|zw)\.?$/'
	A regular expression that matches a domain ending in a top-level domains. More...
const	Auth_OpenID___HostSegmentRe "/^(?:[-a-zA-Z0-9!$&'\\(\\)\\*+,;=._~]|%[a-zA-Z0-9]{2})*$/"

Function Documentation

Auth_OpenID_extractReturnURL()

& Auth_OpenID_extractReturnURL

(

&

$endpoint_list

)

Definition at line 351 of file TrustRoot.php.

References $result, and filter_extractReturnURL().

Referenced by Auth_OpenID_getAllowedReturnURLs().

{
    $result = array();

    foreach ($endpoint_list as $endpoint) {
        if (filter_extractReturnURL($endpoint)) {
            $result[] = $endpoint;
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

Auth_OpenID_getAllowedReturnURLs()

Auth_OpenID_getAllowedReturnURLs	(		$relying_party_url,
			$fetcher,
			$discover_function = null
	)

Definition at line 395 of file TrustRoot.php.

References Auth_OpenID_extractReturnURL(), and Auth_Yadis_getServiceEndpoints().

{
    if ($discover_function === null) {
        $discover_function = array('Auth_Yadis_Yadis', 'discover');
    }

    $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'consumerFromXRDS');

    list($rp_url_after_redirects, $endpoints) =
        Auth_Yadis_getServiceEndpoints($relying_party_url, $xrds_parse_cb,
                                       $discover_function, $fetcher);

    if ($rp_url_after_redirects != $relying_party_url) {
        // Verification caused a redirect
        return false;
    }

    call_user_func_array($discover_function,
                         array($relying_party_url, &$fetcher));

    $return_to_urls = array();
    $matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);

    foreach ($matching_endpoints as $e) {
        $return_to_urls[] = $e->server_url;
    }

Here is the call graph for this function:

Auth_OpenID_returnToMatches()

Auth_OpenID_returnToMatches	(		$allowed_return_to_urls,
			$return_to
	)

Definition at line 368 of file TrustRoot.php.

References Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_TrustRoot\match().

Referenced by Auth_OpenID_verifyReturnTo().

{
    foreach ($allowed_return_to_urls as $allowed_return_to) {
        // A return_to pattern works the same as a realm, except that
        // it's not allowed to use a wildcard. We'll model this by
        // parsing it as a realm, and not trying to match it if it has
        // a wildcard.

        $return_realm = Auth_OpenID_TrustRoot::_parse($allowed_return_to);
        if (// Parses as a trust root
            ($return_realm !== false) &&
            // Does not have a wildcard
            (!$return_realm['wildcard']) &&
            // Matches the return_to that we passed in with it
            (Auth_OpenID_TrustRoot::match($allowed_return_to, $return_to))) {
            return true;
        }
    }

    // No URL in the list matched

Here is the call graph for this function:

Here is the caller graph for this function:

Auth_OpenID_verifyReturnTo()

Auth_OpenID_verifyReturnTo	(		$realm_str,
			$return_to,
			$fetcher,
			$_vrfy = 'Auth_OpenID_getAllowedReturnURLs'
	)

Definition at line 436 of file TrustRoot.php.

References Auth_OpenID_returnToMatches(), and Auth_OpenID_TrustRoot\buildDiscoveryURL().

{
    $disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str);

    if ($disco_url === false) {
        return false;
    }

    $allowable_urls = call_user_func_array($_vrfy,
                           array($disco_url, $fetcher));

    // The realm_str could not be parsed.
    if ($allowable_urls === false) {
        return false;
    }

    if (Auth_OpenID_returnToMatches($allowable_urls, $return_to)) {
        return true;
    } else {
        return false;

Here is the call graph for this function:

filter_extractReturnURL()

filter_extractReturnURL

(

$endpoint

)

Definition at line 342 of file TrustRoot.php.

References Auth_OpenID_RP_RETURN_TO_URL_TYPE.

Referenced by Auth_OpenID_extractReturnURL().

{
    if ($endpoint->matchTypes(array(Auth_OpenID_RP_RETURN_TO_URL_TYPE))) {
        return $endpoint;
    } else {
        return null;

Here is the caller graph for this function:

Variable Documentation

Auth_OpenID___HostSegmentRe

const Auth_OpenID___HostSegmentRe "/^(?:[-a-zA-Z0-9!$&'\\(\\)\\*+,;=._~]|%[a-zA-Z0-9]{2})*$/"

Definition at line 42 of file TrustRoot.php.

Referenced by Auth_OpenID_TrustRoot\buildDiscoveryURL().

Auth_OpenID___TLDs

const Auth_OpenID___TLDs '/\.(ac|ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|asia' . '|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br' . '|bs|bt|bv|bw|by|bz|ca|cat|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co' . '|com|coop|cr|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg' . '|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl' . '|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie' . '|il|im|in|info|int|io|iq|ir|is|it|je|jm|jo|jobs|jp|ke|kg|kh' . '|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly' . '|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mobi|mp|mq|mr|ms|mt' . '|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no' . '|np|nr|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt' . '|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl' . '|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tel|tf|tg|th|tj|tk|tl|tm' . '|tn|to|tp|tr|travel|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve' . '|vg|vi|vn|vu|wf|ws|xn--0zwm56d|xn--11b5bs3a9aj6g' . '|xn--80akhbyknj4f|xn--9t4b11yi5a|xn--deba0ad|xn--g6w251d' . '|xn--hgbk6aj7f53bba|xn--hlcj6aya9esc7a|xn--jxalpdlp' . '|xn--kgbechtv|xn--zckzah|ye|yt|yu|za|zm|zw)\.?$/'

A regular expression that matches a domain ending in a top-level domains.

Used in checking trust roots for sanity.

private

Definition at line 23 of file TrustRoot.php.

Referenced by Auth_OpenID_TrustRoot\buildDiscoveryURL().