dc/d7d/PAPE_8php_source.html

<?php


require_once "Auth/OpenID/Extension.php";


define('Auth_OpenID_PAPE_NS_URI',

       "http://specs.openid.net/extensions/pape/1.0");


define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',

       'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');

define('PAPE_AUTH_MULTI_FACTOR',

       'http://schemas.openid.net/pape/policies/2007/06/multi-factor');

define('PAPE_AUTH_PHISHING_RESISTANT',

       'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');


define('PAPE_TIME_VALIDATOR',

      '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');

class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {


    var $ns_alias = 'pape';

    var $ns_uri = Auth_OpenID_PAPE_NS_URI;


    function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,

                                      $max_auth_age=null)

    {

        if ($preferred_auth_policies === null) {

            $preferred_auth_policies = array();

        }


        $this->preferred_auth_policies = $preferred_auth_policies;

        $this->max_auth_age = $max_auth_age;

    }


    function addPolicyURI($policy_uri)

    {

        if (!in_array($policy_uri, $this->preferred_auth_policies)) {

            $this->preferred_auth_policies[] = $policy_uri;

        }

    }


    function getExtensionArgs()

    {

        $ns_args = array(

                         'preferred_auth_policies' =>

                           implode(' ', $this->preferred_auth_policies)

                         );


        if ($this->max_auth_age !== null) {

            $ns_args['max_auth_age'] = strval($this->max_auth_age);

        }


        return $ns_args;

    }


    static function fromOpenIDRequest($request)

    {

        $obj = new Auth_OpenID_PAPE_Request();

        $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);


        if ($args === null || $args === array()) {

            return null;

        }


        $obj->parseExtensionArgs($args);

        return $obj;

    }


    function parseExtensionArgs($args)

    {

        // preferred_auth_policies is a space-separated list of policy

        // URIs

        $this->preferred_auth_policies = array();


        $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');

        if ($policies_str) {

            foreach (explode(' ', $policies_str) as $uri) {

                if (!in_array($uri, $this->preferred_auth_policies)) {

                    $this->preferred_auth_policies[] = $uri;

                }

            }

        }


        // max_auth_age is base-10 integer number of seconds

        $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');

        if ($max_auth_age_str) {

            $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);

        } else {

            $this->max_auth_age = null;

        }

    }


    function preferredTypes($supported_types)

    {

        $result = array();


        foreach ($supported_types as $st) {

            if (in_array($st, $this->preferred_auth_policies)) {

                $result[] = $st;

            }

        }

        return $result;

    }

}


class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {


    var $ns_alias = 'pape';

    var $ns_uri = Auth_OpenID_PAPE_NS_URI;


    function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,

                                       $nist_auth_level=null)

    {

        if ($auth_policies) {

            $this->auth_policies = $auth_policies;

        } else {

            $this->auth_policies = array();

        }


        $this->auth_time = $auth_time;

        $this->nist_auth_level = $nist_auth_level;

    }


    function addPolicyURI($policy_uri)

    {

        if (!in_array($policy_uri, $this->auth_policies)) {

            $this->auth_policies[] = $policy_uri;

        }

    }


    static function fromSuccessResponse($success_response)

    {

        $obj = new Auth_OpenID_PAPE_Response();


        // PAPE requires that the args be signed.

        $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);


        if ($args === null || $args === array()) {

            return null;

        }


        $result = $obj->parseExtensionArgs($args);


        if ($result === false) {

            return null;

        } else {

            return $obj;

        }

    }


    function parseExtensionArgs($args, $strict=false)

    {

        $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');

        if ($policies_str && $policies_str != "none") {

            $this->auth_policies = explode(" ", $policies_str);

        }


        $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');

        if ($nist_level_str !== null) {

            $nist_level = Auth_OpenID::intval($nist_level_str);


            if ($nist_level === false) {

                if ($strict) {

                    return false;

                } else {

                    $nist_level = null;

                }

            }


            if (0 <= $nist_level && $nist_level < 5) {

                $this->nist_auth_level = $nist_level;

            } else if ($strict) {

                return false;

            }

        }


        $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');

        if ($auth_time !== null) {

            if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {

                $this->auth_time = $auth_time;

            } else if ($strict) {

                return false;

            }

        }

    }


    function getExtensionArgs()

    {

        $ns_args = array();

        if (count($this->auth_policies) > 0) {

            $ns_args['auth_policies'] = implode(' ', $this->auth_policies);

        } else {

            $ns_args['auth_policies'] = 'none';

        }


        if ($this->nist_auth_level !== null) {

            if (!in_array($this->nist_auth_level, range(0, 4), true)) {

                return false;

            }

            $ns_args['nist_auth_level'] = strval($this->nist_auth_level);

        }


        if ($this->auth_time !== null) {

            if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {

                return false;

            }


            $ns_args['auth_time'] = $this->auth_time;

        }


        return $ns_args;

    }

}


$result
$result
Definition: CleanUpTest.php:407

PAPE_TIME_VALIDATOR
const PAPE_TIME_VALIDATOR
Definition: PAPE.php:19

Auth_OpenID_PAPE_NS_URI
const Auth_OpenID_PAPE_NS_URI
An implementation of the OpenID Provider Authentication Policy Extension 1.0.
Definition: PAPE.php:13

Auth_OpenID_Extension
Definition: Extension.php:20

Auth_OpenID_PAPE_Request
A Provider Authentication Policy request, sent from a relying party to a provider.
Definition: PAPE.php:30

Auth_OpenID_PAPE_Request\parseExtensionArgs
parseExtensionArgs($args)
Set the state of this request to be that expressed in these PAPE arguments.
Definition: PAPE.php:99

Auth_OpenID_PAPE_Request\$ns_uri
$ns_uri
Definition: PAPE.php:33

Auth_OpenID_PAPE_Request\$ns_alias
$ns_alias
Definition: PAPE.php:32

Auth_OpenID_PAPE_Request\getExtensionArgs
getExtensionArgs()
Get the string arguments that should be added to an OpenID message for this extension.
Definition: PAPE.php:62

Auth_OpenID_PAPE_Request\addPolicyURI
addPolicyURI($policy_uri)
Add an acceptable authentication policy URI to this request.
Definition: PAPE.php:55

Auth_OpenID_PAPE_Request\preferredTypes
preferredTypes($supported_types)
Given a list of authentication policy URIs that a provider supports, this method returns the subseque...
Definition: PAPE.php:137

Auth_OpenID_PAPE_Request\fromOpenIDRequest
static fromOpenIDRequest($request)
Instantiate a Request object from the arguments in a checkid_* OpenID message.
Definition: PAPE.php:80

Auth_OpenID_PAPE_Request\Auth_OpenID_PAPE_Request
Auth_OpenID_PAPE_Request($preferred_auth_policies=null, $max_auth_age=null)
Definition: PAPE.php:35

Auth_OpenID_PAPE_Response
A Provider Authentication Policy response, sent from a provider to a relying party.
Definition: PAPE.php:154

Auth_OpenID_PAPE_Response\$ns_alias
$ns_alias
Definition: PAPE.php:156

Auth_OpenID_PAPE_Response\$ns_uri
$ns_uri
Definition: PAPE.php:157

Auth_OpenID_PAPE_Response\parseExtensionArgs
parseExtensionArgs($args, $strict=false)
Parse the provider authentication policy arguments into the internal state of this object.
Definition: PAPE.php:232

Auth_OpenID_PAPE_Response\Auth_OpenID_PAPE_Response
Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null, $nist_auth_level=null)
Definition: PAPE.php:159

Auth_OpenID_PAPE_Response\fromSuccessResponse
static fromSuccessResponse($success_response)
Create an Auth_OpenID_PAPE_Response object from a successful OpenID library response.
Definition: PAPE.php:199

Auth_OpenID_PAPE_Response\addPolicyURI
addPolicyURI($policy_uri)
Add a authentication policy to this response.
Definition: PAPE.php:182

Auth_OpenID_PAPE_Response\getExtensionArgs
getExtensionArgs()
Get the string arguments that should be added to an OpenID message for this extension.
Definition: PAPE.php:268

Auth_OpenID\arrayGet
static arrayGet($arr, $key, $fallback=null)
Convenience function for getting array values.
Definition: OpenID.php:242

Auth_OpenID\intval
static intval($value)
Replacement (wrapper) for PHP's intval() because it's broken.
Definition: OpenID.php:444