pax_global_header00006660000000000000000000000064113663673410014524gustar00rootroot0000000000000052 comment=a287b2d85e753c84b3b883ed8ee3ffe8692c8477 openid-php-openid-782224d/000077500000000000000000000000001136636734100153215ustar00rootroot00000000000000openid-php-openid-782224d/Auth/000077500000000000000000000000001136636734100162225ustar00rootroot00000000000000openid-php-openid-782224d/Auth/OpenID.php000066400000000000000000000364351136636734100200640ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * The library version string */ define('Auth_OpenID_VERSION', '2.2.2'); /** * Require the fetcher code. */ require_once "Auth/Yadis/PlainHTTPFetcher.php"; require_once "Auth/Yadis/ParanoidHTTPFetcher.php"; require_once "Auth/OpenID/BigMath.php"; require_once "Auth/OpenID/URINorm.php"; /** * Status code returned by the server when the only option is to show * an error page, since we do not have enough information to redirect * back to the consumer. The associated value is an error message that * should be displayed on an HTML error page. * * @see Auth_OpenID_Server */ define('Auth_OpenID_LOCAL_ERROR', 'local_error'); /** * Status code returned when there is an error to return in key-value * form to the consumer. The caller should return a 400 Bad Request * response with content-type text/plain and the value as the body. * * @see Auth_OpenID_Server */ define('Auth_OpenID_REMOTE_ERROR', 'remote_error'); /** * Status code returned when there is a key-value form OK response to * the consumer. The value associated with this code is the * response. The caller should return a 200 OK response with * content-type text/plain and the value as the body. * * @see Auth_OpenID_Server */ define('Auth_OpenID_REMOTE_OK', 'remote_ok'); /** * Status code returned when there is a redirect back to the * consumer. The value is the URL to redirect back to. The caller * should return a 302 Found redirect with a Location: header * containing the URL. * * @see Auth_OpenID_Server */ define('Auth_OpenID_REDIRECT', 'redirect'); /** * Status code returned when the caller needs to authenticate the * user. The associated value is a {@link Auth_OpenID_ServerRequest} * object that can be used to complete the authentication. If the user * has taken some authentication action, use the retry() method of the * {@link Auth_OpenID_ServerRequest} object to complete the request. * * @see Auth_OpenID_Server */ define('Auth_OpenID_DO_AUTH', 'do_auth'); /** * Status code returned when there were no OpenID arguments * passed. This code indicates that the caller should return a 200 OK * response and display an HTML page that says that this is an OpenID * server endpoint. * * @see Auth_OpenID_Server */ define('Auth_OpenID_DO_ABOUT', 'do_about'); /** * Defines for regexes and format checking. */ define('Auth_OpenID_letters', "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); define('Auth_OpenID_digits', "0123456789"); define('Auth_OpenID_punct', "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"); Auth_OpenID_include_init(); /** * The OpenID utility function class. * * @package OpenID * @access private */ class Auth_OpenID { /** * Return true if $thing is an Auth_OpenID_FailureResponse object; * false if not. * * @access private */ static function isFailure($thing) { return is_a($thing, 'Auth_OpenID_FailureResponse'); } /** * Gets the query data from the server environment based on the * request method used. If GET was used, this looks at * $_SERVER['QUERY_STRING'] directly. If POST was used, this * fetches data from the special php://input file stream. * * Returns an associative array of the query arguments. * * Skips invalid key/value pairs (i.e. keys with no '=value' * portion). * * Returns an empty array if neither GET nor POST was used, or if * POST was used but php://input cannot be opened. * * See background: * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html * * @access private */ static function getQuery($query_str=null) { $data = array(); if ($query_str !== null) { $data = Auth_OpenID::params_from_string($query_str); } else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) { // Do nothing. } else { // XXX HACK FIXME HORRIBLE. // // POSTing to a URL with query parameters is acceptable, but // we don't have a clean way to distinguish those parameters // when we need to do things like return_to verification // which only want to look at one kind of parameter. We're // going to emulate the behavior of some other environments // by defaulting to GET and overwriting with POST if POST // data is available. $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $str = file_get_contents('php://input'); if ($str === false) { $post = array(); } else { $post = Auth_OpenID::params_from_string($str); } $data = array_merge($data, $post); } } return $data; } static function params_from_string($str) { $chunks = explode("&", $str); $data = array(); foreach ($chunks as $chunk) { $parts = explode("=", $chunk, 2); if (count($parts) != 2) { continue; } list($k, $v) = $parts; $data[urldecode($k)] = urldecode($v); } return $data; } /** * Create dir_name as a directory if it does not exist. If it * exists, make sure that it is, in fact, a directory. Returns * true if the operation succeeded; false if not. * * @access private */ static function ensureDir($dir_name) { if (is_dir($dir_name) || @mkdir($dir_name)) { return true; } else { $parent_dir = dirname($dir_name); // Terminal case; there is no parent directory to create. if ($parent_dir == $dir_name) { return true; } return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name)); } } /** * Adds a string prefix to all values of an array. Returns a new * array containing the prefixed values. * * @access private */ static function addPrefix($values, $prefix) { $new_values = array(); foreach ($values as $s) { $new_values[] = $prefix . $s; } return $new_values; } /** * Convenience function for getting array values. Given an array * $arr and a key $key, get the corresponding value from the array * or return $default if the key is absent. * * @access private */ static function arrayGet($arr, $key, $fallback = null) { if (is_array($arr)) { if (array_key_exists($key, $arr)) { return $arr[$key]; } else { return $fallback; } } else { trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " . "array as first parameter, got " . gettype($arr), E_USER_WARNING); return false; } } /** * Replacement for PHP's broken parse_str. */ static function parse_str($query) { if ($query === null) { return null; } $parts = explode('&', $query); $new_parts = array(); for ($i = 0; $i < count($parts); $i++) { $pair = explode('=', $parts[$i]); if (count($pair) != 2) { continue; } list($key, $value) = $pair; $new_parts[urldecode($key)] = urldecode($value); } return $new_parts; } /** * Implements the PHP 5 'http_build_query' functionality. * * @access private * @param array $data Either an array key/value pairs or an array * of arrays, each of which holding two values: a key and a value, * sequentially. * @return string $result The result of url-encoding the key/value * pairs from $data into a URL query string * (e.g. "username=bob&id=56"). */ static function httpBuildQuery($data) { $pairs = array(); foreach ($data as $key => $value) { if (is_array($value)) { $pairs[] = urlencode($value[0])."=".urlencode($value[1]); } else { $pairs[] = urlencode($key)."=".urlencode($value); } } return implode("&", $pairs); } /** * "Appends" query arguments onto a URL. The URL may or may not * already have arguments (following a question mark). * * @access private * @param string $url A URL, which may or may not already have * arguments. * @param array $args Either an array key/value pairs or an array of * arrays, each of which holding two values: a key and a value, * sequentially. If $args is an ordinary key/value array, the * parameters will be added to the URL in sorted alphabetical order; * if $args is an array of arrays, their order will be preserved. * @return string $url The original URL with the new parameters added. * */ static function appendArgs($url, $args) { if (count($args) == 0) { return $url; } // Non-empty array; if it is an array of arrays, use // multisort; otherwise use sort. if (array_key_exists(0, $args) && is_array($args[0])) { // Do nothing here. } else { $keys = array_keys($args); sort($keys); $new_args = array(); foreach ($keys as $key) { $new_args[] = array($key, $args[$key]); } $args = $new_args; } $sep = '?'; if (strpos($url, '?') !== false) { $sep = '&'; } return $url . $sep . Auth_OpenID::httpBuildQuery($args); } /** * Implements python's urlunparse, which is not available in PHP. * Given the specified components of a URL, this function rebuilds * and returns the URL. * * @access private * @param string $scheme The scheme (e.g. 'http'). Defaults to 'http'. * @param string $host The host. Required. * @param string $port The port. * @param string $path The path. * @param string $query The query. * @param string $fragment The fragment. * @return string $url The URL resulting from assembling the * specified components. */ static function urlunparse($scheme, $host, $port = null, $path = '/', $query = '', $fragment = '') { if (!$scheme) { $scheme = 'http'; } if (!$host) { return false; } if (!$path) { $path = ''; } $result = $scheme . "://" . $host; if ($port) { $result .= ":" . $port; } $result .= $path; if ($query) { $result .= "?" . $query; } if ($fragment) { $result .= "#" . $fragment; } return $result; } /** * Given a URL, this "normalizes" it by adding a trailing slash * and / or a leading http:// scheme where necessary. Returns * null if the original URL is malformed and cannot be normalized. * * @access private * @param string $url The URL to be normalized. * @return mixed $new_url The URL after normalization, or null if * $url was malformed. */ static function normalizeUrl($url) { @$parsed = parse_url($url); if (!$parsed) { return null; } if (isset($parsed['scheme']) && isset($parsed['host'])) { $scheme = strtolower($parsed['scheme']); if (!in_array($scheme, array('http', 'https'))) { return null; } } else { $url = 'http://' . $url; } $normalized = Auth_OpenID_urinorm($url); if ($normalized === null) { return null; } list($defragged, $frag) = Auth_OpenID::urldefrag($normalized); return $defragged; } /** * Replacement (wrapper) for PHP's intval() because it's broken. * * @access private */ static function intval($value) { $re = "/^\\d+$/"; if (!preg_match($re, $value)) { return false; } return intval($value); } /** * Count the number of bytes in a string independently of * multibyte support conditions. * * @param string $str The string of bytes to count. * @return int The number of bytes in $str. */ static function bytes($str) { return strlen(bin2hex($str)) / 2; } /** * Get the bytes in a string independently of multibyte support * conditions. */ static function toBytes($str) { $hex = bin2hex($str); if (!$hex) { return array(); } $b = array(); for ($i = 0; $i < strlen($hex); $i += 2) { $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10)); } return $b; } static function urldefrag($url) { $parts = explode("#", $url, 2); if (count($parts) == 1) { return array($parts[0], ""); } else { return $parts; } } static function filter($callback, &$sequence) { $result = array(); foreach ($sequence as $item) { if (call_user_func_array($callback, array($item))) { $result[] = $item; } } return $result; } static function update(&$dest, &$src) { foreach ($src as $k => $v) { $dest[$k] = $v; } } /** * Wrap PHP's standard error_log functionality. Use this to * perform all logging. It will interpolate any additional * arguments into the format string before logging. * * @param string $format_string The sprintf format for the message */ static function log($format_string) { $args = func_get_args(); $message = call_user_func_array('sprintf', $args); error_log($message); } static function autoSubmitHTML($form, $title="OpenId transaction in progress") { return("". "". $title . "". "". $form . "". "". ""); } } /* * Function to run when this file is included. * Abstracted to a function to make life easier * for some PHP optimizers. */ function Auth_OpenID_include_init() { if (Auth_OpenID_getMathLib() === null) { Auth_OpenID_setNoMathSupport(); } } openid-php-openid-782224d/Auth/OpenID/000077500000000000000000000000001136636734100173405ustar00rootroot00000000000000openid-php-openid-782224d/Auth/OpenID/AX.php000066400000000000000000000751651136636734100203770ustar00rootroot00000000000000message = $message; } } /** * Abstract class containing common code for attribute exchange * messages. * * @package OpenID */ class Auth_OpenID_AX_Message extends Auth_OpenID_Extension { /** * ns_alias: The preferred namespace alias for attribute exchange * messages */ var $ns_alias = 'ax'; /** * mode: The type of this attribute exchange message. This must be * overridden in subclasses. */ var $mode = null; var $ns_uri = Auth_OpenID_AX_NS_URI; /** * Return Auth_OpenID_AX_Error if the mode in the attribute * exchange arguments does not match what is expected for this * class; true otherwise. * * @access private */ function _checkMode($ax_args) { $mode = Auth_OpenID::arrayGet($ax_args, 'mode'); if ($mode != $this->mode) { return new Auth_OpenID_AX_Error( sprintf( "Expected mode '%s'; got '%s'", $this->mode, $mode)); } return true; } /** * Return a set of attribute exchange arguments containing the * basic information that must be in every attribute exchange * message. * * @access private */ function _newArgs() { return array('mode' => $this->mode); } } /** * Represents a single attribute in an attribute exchange * request. This should be added to an AXRequest object in order to * request the attribute. * * @package OpenID */ class Auth_OpenID_AX_AttrInfo { /** * Construct an attribute information object. Do not call this * directly; call make(...) instead. * * @param string $type_uri The type URI for this attribute. * * @param int $count The number of values of this type to request. * * @param bool $required Whether the attribute will be marked as * required in the request. * * @param string $alias The name that should be given to this * attribute in the request. */ function Auth_OpenID_AX_AttrInfo($type_uri, $count, $required, $alias) { /** * required: Whether the attribute will be marked as required * when presented to the subject of the attribute exchange * request. */ $this->required = $required; /** * count: How many values of this type to request from the * subject. Defaults to one. */ $this->count = $count; /** * type_uri: The identifier that determines what the attribute * represents and how it is serialized. For example, one type * URI representing dates could represent a Unix timestamp in * base 10 and another could represent a human-readable * string. */ $this->type_uri = $type_uri; /** * alias: The name that should be given to this attribute in * the request. If it is not supplied, a generic name will be * assigned. For example, if you want to call a Unix timestamp * value 'tstamp', set its alias to that value. If two * attributes in the same message request to use the same * alias, the request will fail to be generated. */ $this->alias = $alias; } /** * Construct an attribute information object. For parameter * details, see the constructor. */ static function make($type_uri, $count=1, $required=false, $alias=null) { if ($alias !== null) { $result = Auth_OpenID_AX_checkAlias($alias); if (Auth_OpenID_AX::isError($result)) { return $result; } } return new Auth_OpenID_AX_AttrInfo($type_uri, $count, $required, $alias); } /** * When processing a request for this attribute, the OP should * call this method to determine whether all available attribute * values were requested. If self.count == UNLIMITED_VALUES, this * returns True. Otherwise this returns False, in which case * self.count is an integer. */ function wantsUnlimitedValues() { return $this->count === Auth_OpenID_AX_UNLIMITED_VALUES; } } /** * Given a namespace mapping and a string containing a comma-separated * list of namespace aliases, return a list of type URIs that * correspond to those aliases. * * @param $namespace_map The mapping from namespace URI to alias * @param $alias_list_s The string containing the comma-separated * list of aliases. May also be None for convenience. * * @return $seq The list of namespace URIs that corresponds to the * supplied list of aliases. If the string was zero-length or None, an * empty list will be returned. * * return null If an alias is present in the list of aliases but * is not present in the namespace map. */ function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s) { $uris = array(); if ($alias_list_s) { foreach (explode(',', $alias_list_s) as $alias) { $type_uri = $namespace_map->getNamespaceURI($alias); if ($type_uri === null) { // raise KeyError( // 'No type is defined for attribute name %r' % (alias,)) return new Auth_OpenID_AX_Error( sprintf('No type is defined for attribute name %s', $alias) ); } else { $uris[] = $type_uri; } } } return $uris; } /** * An attribute exchange 'fetch_request' message. This message is sent * by a relying party when it wishes to obtain attributes about the * subject of an OpenID authentication request. * * @package OpenID */ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { var $mode = 'fetch_request'; function Auth_OpenID_AX_FetchRequest($update_url=null) { /** * requested_attributes: The attributes that have been * requested thus far, indexed by the type URI. */ $this->requested_attributes = array(); /** * update_url: A URL that will accept responses for this * attribute exchange request, even in the absence of the user * who made this request. */ $this->update_url = $update_url; } /** * Add an attribute to this attribute exchange request. * * @param attribute: The attribute that is being requested * @return true on success, false when the requested attribute is * already present in this fetch request. */ function add($attribute) { if ($this->contains($attribute->type_uri)) { return new Auth_OpenID_AX_Error( sprintf("The attribute %s has already been requested", $attribute->type_uri)); } $this->requested_attributes[$attribute->type_uri] = $attribute; return true; } /** * Get the serialized form of this attribute fetch request. * * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters */ function getExtensionArgs() { $aliases = new Auth_OpenID_NamespaceMap(); $required = array(); $if_available = array(); $ax_args = $this->_newArgs(); foreach ($this->requested_attributes as $type_uri => $attribute) { if ($attribute->alias === null) { $alias = $aliases->add($type_uri); } else { $alias = $aliases->addAlias($type_uri, $attribute->alias); if ($alias === null) { return new Auth_OpenID_AX_Error( sprintf("Could not add alias %s for URI %s", $attribute->alias, $type_uri )); } } if ($attribute->required) { $required[] = $alias; } else { $if_available[] = $alias; } if ($attribute->count != 1) { $ax_args['count.' . $alias] = strval($attribute->count); } $ax_args['type.' . $alias] = $type_uri; } if ($required) { $ax_args['required'] = implode(',', $required); } if ($if_available) { $ax_args['if_available'] = implode(',', $if_available); } return $ax_args; } /** * Get the type URIs for all attributes that have been marked as * required. * * @return A list of the type URIs for attributes that have been * marked as required. */ function getRequiredAttrs() { $required = array(); foreach ($this->requested_attributes as $type_uri => $attribute) { if ($attribute->required) { $required[] = $type_uri; } } return $required; } /** * Extract a FetchRequest from an OpenID message * * @param request: The OpenID request containing the attribute * fetch request * * @returns mixed An Auth_OpenID_AX_Error or the * Auth_OpenID_AX_FetchRequest extracted from the request message if * successful */ static function fromOpenIDRequest($request) { $m = $request->message; $obj = new Auth_OpenID_AX_FetchRequest(); $ax_args = $m->getArgs($obj->ns_uri); $result = $obj->parseExtensionArgs($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } if ($obj->update_url) { // Update URL must match the openid.realm of the // underlying OpenID 2 message. $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm', $m->getArg( Auth_OpenID_OPENID_NS, 'return_to')); if (!$realm) { $obj = new Auth_OpenID_AX_Error( sprintf("Cannot validate update_url %s " . "against absent realm", $obj->update_url)); } else if (!Auth_OpenID_TrustRoot::match($realm, $obj->update_url)) { $obj = new Auth_OpenID_AX_Error( sprintf("Update URL %s failed validation against realm %s", $obj->update_url, $realm)); } } return $obj; } /** * Given attribute exchange arguments, populate this FetchRequest. * * @return $result Auth_OpenID_AX_Error if the data to be parsed * does not follow the attribute exchange specification. At least * when 'if_available' or 'required' is not specified for a * particular attribute type. Returns true otherwise. */ function parseExtensionArgs($ax_args) { $result = $this->_checkMode($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } $aliases = new Auth_OpenID_NamespaceMap(); foreach ($ax_args as $key => $value) { if (strpos($key, 'type.') === 0) { $alias = substr($key, 5); $type_uri = $value; $alias = $aliases->addAlias($type_uri, $alias); if ($alias === null) { return new Auth_OpenID_AX_Error( sprintf("Could not add alias %s for URI %s", $alias, $type_uri) ); } $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias); if ($count_s) { $count = Auth_OpenID::intval($count_s); if (($count === false) && ($count_s === Auth_OpenID_AX_UNLIMITED_VALUES)) { $count = $count_s; } } else { $count = 1; } if ($count === false) { return new Auth_OpenID_AX_Error( sprintf("Integer value expected for %s, got %s", 'count.' . $alias, $count_s)); } $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count, false, $alias); if (Auth_OpenID_AX::isError($attrinfo)) { return $attrinfo; } $this->add($attrinfo); } } $required = Auth_OpenID_AX_toTypeURIs($aliases, Auth_OpenID::arrayGet($ax_args, 'required')); foreach ($required as $type_uri) { $attrib = $this->requested_attributes[$type_uri]; $attrib->required = true; } $if_available = Auth_OpenID_AX_toTypeURIs($aliases, Auth_OpenID::arrayGet($ax_args, 'if_available')); $all_type_uris = array_merge($required, $if_available); foreach ($aliases->iterNamespaceURIs() as $type_uri) { if (!in_array($type_uri, $all_type_uris)) { return new Auth_OpenID_AX_Error( sprintf('Type URI %s was in the request but not ' . 'present in "required" or "if_available"', $type_uri)); } } $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url'); return true; } /** * Iterate over the AttrInfo objects that are contained in this * fetch_request. */ function iterAttrs() { return array_values($this->requested_attributes); } function iterTypes() { return array_keys($this->requested_attributes); } /** * Is the given type URI present in this fetch_request? */ function contains($type_uri) { return in_array($type_uri, $this->iterTypes()); } } /** * An abstract class that implements a message that has attribute keys * and values. It contains the common code between fetch_response and * store_request. * * @package OpenID */ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { function Auth_OpenID_AX_KeyValueMessage() { $this->data = array(); } /** * Add a single value for the given attribute type to the * message. If there are already values specified for this type, * this value will be sent in addition to the values already * specified. * * @param type_uri: The URI for the attribute * @param value: The value to add to the response to the relying * party for this attribute * @return null */ function addValue($type_uri, $value) { if (!array_key_exists($type_uri, $this->data)) { $this->data[$type_uri] = array(); } $values =& $this->data[$type_uri]; $values[] = $value; } /** * Set the values for the given attribute type. This replaces any * values that have already been set for this attribute. * * @param type_uri: The URI for the attribute * @param values: A list of values to send for this attribute. */ function setValues($type_uri, &$values) { $this->data[$type_uri] =& $values; } /** * Get the extension arguments for the key/value pairs contained * in this message. * * @param aliases: An alias mapping. Set to None if you don't care * about the aliases for this request. * * @access private */ function _getExtensionKVArgs($aliases) { if ($aliases === null) { $aliases = new Auth_OpenID_NamespaceMap(); } $ax_args = array(); foreach ($this->data as $type_uri => $values) { $alias = $aliases->add($type_uri); $ax_args['type.' . $alias] = $type_uri; $ax_args['count.' . $alias] = strval(count($values)); foreach ($values as $i => $value) { $key = sprintf('value.%s.%d', $alias, $i + 1); $ax_args[$key] = $value; } } return $ax_args; } /** * Parse attribute exchange key/value arguments into this object. * * @param ax_args: The attribute exchange fetch_response * arguments, with namespacing removed. * * @return Auth_OpenID_AX_Error or true */ function parseExtensionArgs($ax_args) { $result = $this->_checkMode($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } $aliases = new Auth_OpenID_NamespaceMap(); foreach ($ax_args as $key => $value) { if (strpos($key, 'type.') === 0) { $type_uri = $value; $alias = substr($key, 5); $result = Auth_OpenID_AX_checkAlias($alias); if (Auth_OpenID_AX::isError($result)) { return $result; } $alias = $aliases->addAlias($type_uri, $alias); if ($alias === null) { return new Auth_OpenID_AX_Error( sprintf("Could not add alias %s for URI %s", $alias, $type_uri) ); } } } foreach ($aliases->iteritems() as $pair) { list($type_uri, $alias) = $pair; if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) { $count_key = 'count.' . $alias; $count_s = $ax_args[$count_key]; $count = Auth_OpenID::intval($count_s); if ($count === false) { return new Auth_OpenID_AX_Error( sprintf("Integer value expected for %s, got %s", 'count. %s' . $alias, $count_s, Auth_OpenID_AX_UNLIMITED_VALUES) ); } $values = array(); for ($i = 1; $i < $count + 1; $i++) { $value_key = sprintf('value.%s.%d', $alias, $i); if (!array_key_exists($value_key, $ax_args)) { return new Auth_OpenID_AX_Error( sprintf( "No value found for key %s", $value_key)); } $value = $ax_args[$value_key]; $values[] = $value; } } else { $key = 'value.' . $alias; if (!array_key_exists($key, $ax_args)) { return new Auth_OpenID_AX_Error( sprintf( "No value found for key %s", $key)); } $value = $ax_args['value.' . $alias]; if ($value == '') { $values = array(); } else { $values = array($value); } } $this->data[$type_uri] = $values; } return true; } /** * Get a single value for an attribute. If no value was sent for * this attribute, use the supplied default. If there is more than * one value for this attribute, this method will fail. * * @param type_uri: The URI for the attribute * @param default: The value to return if the attribute was not * sent in the fetch_response. * * @return $value Auth_OpenID_AX_Error on failure or the value of * the attribute in the fetch_response message, or the default * supplied */ function getSingle($type_uri, $default=null) { $values = Auth_OpenID::arrayGet($this->data, $type_uri); if (!$values) { return $default; } else if (count($values) == 1) { return $values[0]; } else { return new Auth_OpenID_AX_Error( sprintf('More than one value present for %s', $type_uri) ); } } /** * Get the list of values for this attribute in the * fetch_response. * * XXX: what to do if the values are not present? default * parameter? this is funny because it's always supposed to return * a list, so the default may break that, though it's provided by * the user's code, so it might be okay. If no default is * supplied, should the return be None or []? * * @param type_uri: The URI of the attribute * * @return $values The list of values for this attribute in the * response. May be an empty list. If the attribute was not sent * in the response, returns Auth_OpenID_AX_Error. */ function get($type_uri) { if (array_key_exists($type_uri, $this->data)) { return $this->data[$type_uri]; } else { return new Auth_OpenID_AX_Error( sprintf("Type URI %s not found in response", $type_uri) ); } } /** * Get the number of responses for a particular attribute in this * fetch_response message. * * @param type_uri: The URI of the attribute * * @returns int The number of values sent for this attribute. If * the attribute was not sent in the response, returns * Auth_OpenID_AX_Error. */ function count($type_uri) { if (array_key_exists($type_uri, $this->data)) { return count($this->get($type_uri)); } else { return new Auth_OpenID_AX_Error( sprintf("Type URI %s not found in response", $type_uri) ); } } } /** * A fetch_response attribute exchange message. * * @package OpenID */ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { var $mode = 'fetch_response'; function Auth_OpenID_AX_FetchResponse($update_url=null) { $this->Auth_OpenID_AX_KeyValueMessage(); $this->update_url = $update_url; } /** * Serialize this object into arguments in the attribute exchange * namespace * * @return $args The dictionary of unqualified attribute exchange * arguments that represent this fetch_response, or * Auth_OpenID_AX_Error on error. */ function getExtensionArgs($request=null) { $aliases = new Auth_OpenID_NamespaceMap(); $zero_value_types = array(); if ($request !== null) { // Validate the data in the context of the request (the // same attributes should be present in each, and the // counts in the response must be no more than the counts // in the request) foreach ($this->data as $type_uri => $unused) { if (!$request->contains($type_uri)) { return new Auth_OpenID_AX_Error( sprintf("Response attribute not present in request: %s", $type_uri) ); } } foreach ($request->iterAttrs() as $attr_info) { // Copy the aliases from the request so that reading // the response in light of the request is easier if ($attr_info->alias === null) { $aliases->add($attr_info->type_uri); } else { $alias = $aliases->addAlias($attr_info->type_uri, $attr_info->alias); if ($alias === null) { return new Auth_OpenID_AX_Error( sprintf("Could not add alias %s for URI %s", $attr_info->alias, $attr_info->type_uri) ); } } if (array_key_exists($attr_info->type_uri, $this->data)) { $values = $this->data[$attr_info->type_uri]; } else { $values = array(); $zero_value_types[] = $attr_info; } if (($attr_info->count != Auth_OpenID_AX_UNLIMITED_VALUES) && ($attr_info->count < count($values))) { return new Auth_OpenID_AX_Error( sprintf("More than the number of requested values " . "were specified for %s", $attr_info->type_uri) ); } } } $kv_args = $this->_getExtensionKVArgs($aliases); // Add the KV args into the response with the args that are // unique to the fetch_response $ax_args = $this->_newArgs(); // For each requested attribute, put its type/alias and count // into the response even if no data were returned. foreach ($zero_value_types as $attr_info) { $alias = $aliases->getAlias($attr_info->type_uri); $kv_args['type.' . $alias] = $attr_info->type_uri; $kv_args['count.' . $alias] = '0'; } $update_url = null; if ($request) { $update_url = $request->update_url; } else { $update_url = $this->update_url; } if ($update_url) { $ax_args['update_url'] = $update_url; } Auth_OpenID::update($ax_args, $kv_args); return $ax_args; } /** * @return $result Auth_OpenID_AX_Error on failure or true on * success. */ function parseExtensionArgs($ax_args) { $result = parent::parseExtensionArgs($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url'); return true; } /** * Construct a FetchResponse object from an OpenID library * SuccessResponse object. * * @param success_response: A successful id_res response object * * @param signed: Whether non-signed args should be processsed. If * True (the default), only signed arguments will be processsed. * * @return $response A FetchResponse containing the data from the * OpenID message */ static function fromSuccessResponse($success_response, $signed=true) { $obj = new Auth_OpenID_AX_FetchResponse(); if ($signed) { $ax_args = $success_response->getSignedNS($obj->ns_uri); } else { $ax_args = $success_response->message->getArgs($obj->ns_uri); } if ($ax_args === null || Auth_OpenID::isFailure($ax_args) || sizeof($ax_args) == 0) { return null; } $result = $obj->parseExtensionArgs($ax_args); if (Auth_OpenID_AX::isError($result)) { #XXX log me return null; } return $obj; } } /** * A store request attribute exchange message representation. * * @package OpenID */ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { var $mode = 'store_request'; /** * @param array $aliases The namespace aliases to use when making * this store response. Leave as None to use defaults. */ function getExtensionArgs($aliases=null) { $ax_args = $this->_newArgs(); $kv_args = $this->_getExtensionKVArgs($aliases); Auth_OpenID::update($ax_args, $kv_args); return $ax_args; } } /** * An indication that the store request was processed along with this * OpenID transaction. Use make(), NOT the constructor, to create * response objects. * * @package OpenID */ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { var $SUCCESS_MODE = 'store_response_success'; var $FAILURE_MODE = 'store_response_failure'; /** * Returns Auth_OpenID_AX_Error on error or an * Auth_OpenID_AX_StoreResponse object on success. */ function make($succeeded=true, $error_message=null) { if (($succeeded) && ($error_message !== null)) { return new Auth_OpenID_AX_Error('An error message may only be '. 'included in a failing fetch response'); } return new Auth_OpenID_AX_StoreResponse($succeeded, $error_message); } function Auth_OpenID_AX_StoreResponse($succeeded=true, $error_message=null) { if ($succeeded) { $this->mode = $this->SUCCESS_MODE; } else { $this->mode = $this->FAILURE_MODE; } $this->error_message = $error_message; } /** * Was this response a success response? */ function succeeded() { return $this->mode == $this->SUCCESS_MODE; } function getExtensionArgs() { $ax_args = $this->_newArgs(); if ((!$this->succeeded()) && $this->error_message) { $ax_args['error'] = $this->error_message; } return $ax_args; } } openid-php-openid-782224d/Auth/OpenID/Association.php000066400000000000000000000435701136636734100223360ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * @access private */ require_once 'Auth/OpenID/CryptUtil.php'; /** * @access private */ require_once 'Auth/OpenID/KVForm.php'; /** * @access private */ require_once 'Auth/OpenID/HMAC.php'; /** * This class represents an association between a server and a * consumer. In general, users of this library will never see * instances of this object. The only exception is if you implement a * custom {@link Auth_OpenID_OpenIDStore}. * * If you do implement such a store, it will need to store the values * of the handle, secret, issued, lifetime, and assoc_type instance * variables. * * @package OpenID */ class Auth_OpenID_Association { /** * This is a HMAC-SHA1 specific value. * * @access private */ var $SIG_LENGTH = 20; /** * The ordering and name of keys as stored by serialize. * * @access private */ var $assoc_keys = array( 'version', 'handle', 'secret', 'issued', 'lifetime', 'assoc_type' ); var $_macs = array( 'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1', 'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256' ); /** * This is an alternate constructor (factory method) used by the * OpenID consumer library to create associations. OpenID store * implementations shouldn't use this constructor. * * @access private * * @param integer $expires_in This is the amount of time this * association is good for, measured in seconds since the * association was issued. * * @param string $handle This is the handle the server gave this * association. * * @param string secret This is the shared secret the server * generated for this association. * * @param assoc_type This is the type of association this * instance represents. The only valid values of this field at * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may * be defined in the future. * * @return association An {@link Auth_OpenID_Association} * instance. */ static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type) { $issued = time(); $lifetime = $expires_in; return new Auth_OpenID_Association($handle, $secret, $issued, $lifetime, $assoc_type); } /** * This is the standard constructor for creating an association. * The library should create all of the necessary associations, so * this constructor is not part of the external API. * * @access private * * @param string $handle This is the handle the server gave this * association. * * @param string $secret This is the shared secret the server * generated for this association. * * @param integer $issued This is the time this association was * issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a * unix timestamp) * * @param integer $lifetime This is the amount of time this * association is good for, measured in seconds since the * association was issued. * * @param string $assoc_type This is the type of association this * instance represents. The only valid values of this field at * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may * be defined in the future. */ function Auth_OpenID_Association( $handle, $secret, $issued, $lifetime, $assoc_type) { if (!in_array($assoc_type, Auth_OpenID_getSupportedAssociationTypes(), true)) { $fmt = 'Unsupported association type (%s)'; trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR); } $this->handle = $handle; $this->secret = $secret; $this->issued = $issued; $this->lifetime = $lifetime; $this->assoc_type = $assoc_type; } /** * This returns the number of seconds this association is still * valid for, or 0 if the association is no longer valid. * * @return integer $seconds The number of seconds this association * is still valid for, or 0 if the association is no longer valid. */ function getExpiresIn($now = null) { if ($now == null) { $now = time(); } return max(0, $this->issued + $this->lifetime - $now); } /** * This checks to see if two {@link Auth_OpenID_Association} * instances represent the same association. * * @return bool $result true if the two instances represent the * same association, false otherwise. */ function equal($other) { return ((gettype($this) == gettype($other)) && ($this->handle == $other->handle) && ($this->secret == $other->secret) && ($this->issued == $other->issued) && ($this->lifetime == $other->lifetime) && ($this->assoc_type == $other->assoc_type)); } /** * Convert an association to KV form. * * @return string $result String in KV form suitable for * deserialization by deserialize. */ function serialize() { $data = array( 'version' => '2', 'handle' => $this->handle, 'secret' => base64_encode($this->secret), 'issued' => strval(intval($this->issued)), 'lifetime' => strval(intval($this->lifetime)), 'assoc_type' => $this->assoc_type ); assert(array_keys($data) == $this->assoc_keys); return Auth_OpenID_KVForm::fromArray($data, $strict = true); } /** * Parse an association as stored by serialize(). This is the * inverse of serialize. * * @param string $assoc_s Association as serialized by serialize() * @return Auth_OpenID_Association $result instance of this class */ static function deserialize($class_name, $assoc_s) { $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true); $keys = array(); $values = array(); foreach ($pairs as $key => $value) { if (is_array($value)) { list($key, $value) = $value; } $keys[] = $key; $values[] = $value; } $class_vars = get_class_vars($class_name); $class_assoc_keys = $class_vars['assoc_keys']; sort($keys); sort($class_assoc_keys); if ($keys != $class_assoc_keys) { trigger_error('Unexpected key values: ' . var_export($keys, true), E_USER_WARNING); return null; } $version = $pairs['version']; $handle = $pairs['handle']; $secret = $pairs['secret']; $issued = $pairs['issued']; $lifetime = $pairs['lifetime']; $assoc_type = $pairs['assoc_type']; if ($version != '2') { trigger_error('Unknown version: ' . $version, E_USER_WARNING); return null; } $issued = intval($issued); $lifetime = intval($lifetime); $secret = base64_decode($secret); return new $class_name( $handle, $secret, $issued, $lifetime, $assoc_type); } /** * Generate a signature for a sequence of (key, value) pairs * * @access private * @param array $pairs The pairs to sign, in order. This is an * array of two-tuples. * @return string $signature The binary signature of this sequence * of pairs */ function sign($pairs) { $kv = Auth_OpenID_KVForm::fromArray($pairs); /* Invalid association types should be caught at constructor */ $callback = $this->_macs[$this->assoc_type]; return call_user_func_array($callback, array($this->secret, $kv)); } /** * Generate a signature for some fields in a dictionary * * @access private * @param array $fields The fields to sign, in order; this is an * array of strings. * @param array $data Dictionary of values to sign (an array of * string => string pairs). * @return string $signature The signature, base64 encoded */ function signMessage($message) { if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') || $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) { // Already has a sig return null; } $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); if ($extant_handle && ($extant_handle != $this->handle)) { // raise ValueError("Message has a different association handle") return null; } $signed_message = $message; $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', $this->handle); $message_keys = array_keys($signed_message->toPostArgs()); $signed_list = array(); $signed_prefix = 'openid.'; foreach ($message_keys as $k) { if (strpos($k, $signed_prefix) === 0) { $signed_list[] = substr($k, strlen($signed_prefix)); } } $signed_list[] = 'signed'; sort($signed_list); $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed', implode(',', $signed_list)); $sig = $this->getMessageSignature($signed_message); $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig); return $signed_message; } /** * Given a {@link Auth_OpenID_Message}, return the key/value pairs * to be signed according to the signed list in the message. If * the message lacks a signed list, return null. * * @access private */ function _makePairs($message) { $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); if (!$signed || Auth_OpenID::isFailure($signed)) { // raise ValueError('Message has no signed list: %s' % (message,)) return null; } $signed_list = explode(',', $signed); $pairs = array(); $data = $message->toPostArgs(); foreach ($signed_list as $field) { $pairs[] = array($field, Auth_OpenID::arrayGet($data, 'openid.' . $field, '')); } return $pairs; } /** * Given an {@link Auth_OpenID_Message}, return the signature for * the signed list in the message. * * @access private */ function getMessageSignature($message) { $pairs = $this->_makePairs($message); return base64_encode($this->sign($pairs)); } /** * Confirm that the signature of these fields matches the * signature contained in the data. * * @access private */ function checkMessageSignature($message) { $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); if (!$sig || Auth_OpenID::isFailure($sig)) { return false; } $calculated_sig = $this->getMessageSignature($message); return $calculated_sig == $sig; } } function Auth_OpenID_getSecretSize($assoc_type) { if ($assoc_type == 'HMAC-SHA1') { return 20; } else if ($assoc_type == 'HMAC-SHA256') { return 32; } else { return null; } } function Auth_OpenID_getAllAssociationTypes() { return array('HMAC-SHA1', 'HMAC-SHA256'); } function Auth_OpenID_getSupportedAssociationTypes() { $a = array('HMAC-SHA1'); if (Auth_OpenID_HMACSHA256_SUPPORTED) { $a[] = 'HMAC-SHA256'; } return $a; } function Auth_OpenID_getSessionTypes($assoc_type) { $assoc_to_session = array( 'HMAC-SHA1' => array('DH-SHA1', 'no-encryption')); if (Auth_OpenID_HMACSHA256_SUPPORTED) { $assoc_to_session['HMAC-SHA256'] = array('DH-SHA256', 'no-encryption'); } return Auth_OpenID::arrayGet($assoc_to_session, $assoc_type, array()); } function Auth_OpenID_checkSessionType($assoc_type, $session_type) { if (!in_array($session_type, Auth_OpenID_getSessionTypes($assoc_type))) { return false; } return true; } function Auth_OpenID_getDefaultAssociationOrder() { $order = array(); if (!Auth_OpenID_noMathSupport()) { $order[] = array('HMAC-SHA1', 'DH-SHA1'); if (Auth_OpenID_HMACSHA256_SUPPORTED) { $order[] = array('HMAC-SHA256', 'DH-SHA256'); } } $order[] = array('HMAC-SHA1', 'no-encryption'); if (Auth_OpenID_HMACSHA256_SUPPORTED) { $order[] = array('HMAC-SHA256', 'no-encryption'); } return $order; } function Auth_OpenID_getOnlyEncryptedOrder() { $result = array(); foreach (Auth_OpenID_getDefaultAssociationOrder() as $pair) { list($assoc, $session) = $pair; if ($session != 'no-encryption') { if (Auth_OpenID_HMACSHA256_SUPPORTED && ($assoc == 'HMAC-SHA256')) { $result[] = $pair; } else if ($assoc != 'HMAC-SHA256') { $result[] = $pair; } } } return $result; } function Auth_OpenID_getDefaultNegotiator() { return new Auth_OpenID_SessionNegotiator( Auth_OpenID_getDefaultAssociationOrder()); } function Auth_OpenID_getEncryptedNegotiator() { return new Auth_OpenID_SessionNegotiator( Auth_OpenID_getOnlyEncryptedOrder()); } /** * A session negotiator controls the allowed and preferred association * types and association session types. Both the {@link * Auth_OpenID_Consumer} and {@link Auth_OpenID_Server} use * negotiators when creating associations. * * You can create and use negotiators if you: * - Do not want to do Diffie-Hellman key exchange because you use * transport-layer encryption (e.g. SSL) * * - Want to use only SHA-256 associations * * - Do not want to support plain-text associations over a non-secure * channel * * It is up to you to set a policy for what kinds of associations to * accept. By default, the library will make any kind of association * that is allowed in the OpenID 2.0 specification. * * Use of negotiators in the library * ================================= * * When a consumer makes an association request, it calls {@link * getAllowedType} to get the preferred association type and * association session type. * * The server gets a request for a particular association/session type * and calls {@link isAllowed} to determine if it should create an * association. If it is supported, negotiation is complete. If it is * not, the server calls {@link getAllowedType} to get an allowed * association type to return to the consumer. * * If the consumer gets an error response indicating that the * requested association/session type is not supported by the server * that contains an assocation/session type to try, it calls {@link * isAllowed} to determine if it should try again with the given * combination of association/session type. * * @package OpenID */ class Auth_OpenID_SessionNegotiator { function Auth_OpenID_SessionNegotiator($allowed_types) { $this->allowed_types = array(); $this->setAllowedTypes($allowed_types); } /** * Set the allowed association types, checking to make sure each * combination is valid. * * @access private */ function setAllowedTypes($allowed_types) { foreach ($allowed_types as $pair) { list($assoc_type, $session_type) = $pair; if (!Auth_OpenID_checkSessionType($assoc_type, $session_type)) { return false; } } $this->allowed_types = $allowed_types; return true; } /** * Add an association type and session type to the allowed types * list. The assocation/session pairs are tried in the order that * they are added. * * @access private */ function addAllowedType($assoc_type, $session_type = null) { if ($this->allowed_types === null) { $this->allowed_types = array(); } if ($session_type === null) { $available = Auth_OpenID_getSessionTypes($assoc_type); if (!$available) { return false; } foreach ($available as $session_type) { $this->addAllowedType($assoc_type, $session_type); } } else { if (Auth_OpenID_checkSessionType($assoc_type, $session_type)) { $this->allowed_types[] = array($assoc_type, $session_type); } else { return false; } } return true; } // Is this combination of association type and session type allowed? function isAllowed($assoc_type, $session_type) { $assoc_good = in_array(array($assoc_type, $session_type), $this->allowed_types); $matches = in_array($session_type, Auth_OpenID_getSessionTypes($assoc_type)); return ($assoc_good && $matches); } /** * Get a pair of assocation type and session type that are * supported. */ function getAllowedType() { if (!$this->allowed_types) { return array(null, null); } return $this->allowed_types[0]; } } openid-php-openid-782224d/Auth/OpenID/BigMath.php000066400000000000000000000262331136636734100213720ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * Needed for random number generation */ require_once 'Auth/OpenID/CryptUtil.php'; /** * Need Auth_OpenID::bytes(). */ require_once 'Auth/OpenID.php'; /** * The superclass of all big-integer math implementations * @access private * @package OpenID */ class Auth_OpenID_MathLibrary { /** * Given a long integer, returns the number converted to a binary * string. This function accepts long integer values of arbitrary * magnitude and uses the local large-number math library when * available. * * @param integer $long The long number (can be a normal PHP * integer or a number created by one of the available long number * libraries) * @return string $binary The binary version of $long */ function longToBinary($long) { $cmp = $this->cmp($long, 0); if ($cmp < 0) { $msg = __FUNCTION__ . " takes only positive integers."; trigger_error($msg, E_USER_ERROR); return null; } if ($cmp == 0) { return "\x00"; } $bytes = array(); while ($this->cmp($long, 0) > 0) { array_unshift($bytes, $this->mod($long, 256)); $long = $this->div($long, pow(2, 8)); } if ($bytes && ($bytes[0] > 127)) { array_unshift($bytes, 0); } $string = ''; foreach ($bytes as $byte) { $string .= pack('C', $byte); } return $string; } /** * Given a binary string, returns the binary string converted to a * long number. * * @param string $binary The binary version of a long number, * probably as a result of calling longToBinary * @return integer $long The long number equivalent of the binary * string $str */ function binaryToLong($str) { if ($str === null) { return null; } // Use array_merge to return a zero-indexed array instead of a // one-indexed array. $bytes = array_merge(unpack('C*', $str)); $n = $this->init(0); if ($bytes && ($bytes[0] > 127)) { trigger_error("bytesToNum works only for positive integers.", E_USER_WARNING); return null; } foreach ($bytes as $byte) { $n = $this->mul($n, pow(2, 8)); $n = $this->add($n, $byte); } return $n; } function base64ToLong($str) { $b64 = base64_decode($str); if ($b64 === false) { return false; } return $this->binaryToLong($b64); } function longToBase64($str) { return base64_encode($this->longToBinary($str)); } /** * Returns a random number in the specified range. This function * accepts $start, $stop, and $step values of arbitrary magnitude * and will utilize the local large-number math library when * available. * * @param integer $start The start of the range, or the minimum * random number to return * @param integer $stop The end of the range, or the maximum * random number to return * @param integer $step The step size, such that $result - ($step * * N) = $start for some N * @return integer $result The resulting randomly-generated number */ function rand($stop) { static $duplicate_cache = array(); // Used as the key for the duplicate cache $rbytes = $this->longToBinary($stop); if (array_key_exists($rbytes, $duplicate_cache)) { list($duplicate, $nbytes) = $duplicate_cache[$rbytes]; } else { if ($rbytes[0] == "\x00") { $nbytes = Auth_OpenID::bytes($rbytes) - 1; } else { $nbytes = Auth_OpenID::bytes($rbytes); } $mxrand = $this->pow(256, $nbytes); // If we get a number less than this, then it is in the // duplicated range. $duplicate = $this->mod($mxrand, $stop); if (count($duplicate_cache) > 10) { $duplicate_cache = array(); } $duplicate_cache[$rbytes] = array($duplicate, $nbytes); } do { $bytes = "\x00" . Auth_OpenID_CryptUtil::getBytes($nbytes); $n = $this->binaryToLong($bytes); // Keep looping if this value is in the low duplicated range } while ($this->cmp($n, $duplicate) < 0); return $this->mod($n, $stop); } } /** * Exposes BCmath math library functionality. * * {@link Auth_OpenID_BcMathWrapper} wraps the functionality provided * by the BCMath extension. * * @access private * @package OpenID */ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ var $type = 'bcmath'; function add($x, $y) { return bcadd($x, $y); } function sub($x, $y) { return bcsub($x, $y); } function pow($base, $exponent) { return bcpow($base, $exponent); } function cmp($x, $y) { return bccomp($x, $y); } function init($number, $base = 10) { return $number; } function mod($base, $modulus) { return bcmod($base, $modulus); } function mul($x, $y) { return bcmul($x, $y); } function div($x, $y) { return bcdiv($x, $y); } /** * Same as bcpowmod when bcpowmod is missing * * @access private */ function _powmod($base, $exponent, $modulus) { $square = $this->mod($base, $modulus); $result = 1; while($this->cmp($exponent, 0) > 0) { if ($this->mod($exponent, 2)) { $result = $this->mod($this->mul($result, $square), $modulus); } $square = $this->mod($this->mul($square, $square), $modulus); $exponent = $this->div($exponent, 2); } return $result; } function powmod($base, $exponent, $modulus) { if (function_exists('bcpowmod')) { return bcpowmod($base, $exponent, $modulus); } else { return $this->_powmod($base, $exponent, $modulus); } } function toString($num) { return $num; } } /** * Exposes GMP math library functionality. * * {@link Auth_OpenID_GmpMathWrapper} wraps the functionality provided * by the GMP extension. * * @access private * @package OpenID */ class Auth_OpenID_GmpMathWrapper extends Auth_OpenID_MathLibrary{ var $type = 'gmp'; function add($x, $y) { return gmp_add($x, $y); } function sub($x, $y) { return gmp_sub($x, $y); } function pow($base, $exponent) { return gmp_pow($base, $exponent); } function cmp($x, $y) { return gmp_cmp($x, $y); } function init($number, $base = 10) { return gmp_init($number, $base); } function mod($base, $modulus) { return gmp_mod($base, $modulus); } function mul($x, $y) { return gmp_mul($x, $y); } function div($x, $y) { return gmp_div_q($x, $y); } function powmod($base, $exponent, $modulus) { return gmp_powm($base, $exponent, $modulus); } function toString($num) { return gmp_strval($num); } } /** * Define the supported extensions. An extension array has keys * 'modules', 'extension', and 'class'. 'modules' is an array of PHP * module names which the loading code will attempt to load. These * values will be suffixed with a library file extension (e.g. ".so"). * 'extension' is the name of a PHP extension which will be tested * before 'modules' are loaded. 'class' is the string name of a * {@link Auth_OpenID_MathWrapper} subclass which should be * instantiated if a given extension is present. * * You can define new math library implementations and add them to * this array. */ function Auth_OpenID_math_extensions() { $result = array(); if (!defined('Auth_OpenID_BUGGY_GMP')) { $result[] = array('modules' => array('gmp', 'php_gmp'), 'extension' => 'gmp', 'class' => 'Auth_OpenID_GmpMathWrapper'); } $result[] = array('modules' => array('bcmath', 'php_bcmath'), 'extension' => 'bcmath', 'class' => 'Auth_OpenID_BcMathWrapper'); return $result; } /** * Detect which (if any) math library is available */ function Auth_OpenID_detectMathLibrary($exts) { $loaded = false; $hasDl = function_exists('dl'); foreach ($exts as $extension) { if (extension_loaded($extension['extension'])) { return $extension; } } return false; } /** * {@link Auth_OpenID_getMathLib} checks for the presence of long * number extension modules and returns an instance of * {@link Auth_OpenID_MathWrapper} which exposes the module's * functionality. * * Checks for the existence of an extension module described by the * result of {@link Auth_OpenID_math_extensions()} and returns an * instance of a wrapper for that extension module. If no extension * module is found, an instance of {@link Auth_OpenID_MathWrapper} is * returned, which wraps the native PHP integer implementation. The * proper calling convention for this method is $lib = * Auth_OpenID_getMathLib(). * * This function checks for the existence of specific long number * implementations in the following order: GMP followed by BCmath. * * @return Auth_OpenID_MathWrapper $instance An instance of * {@link Auth_OpenID_MathWrapper} or one of its subclasses * * @package OpenID */ function Auth_OpenID_getMathLib() { // The instance of Auth_OpenID_MathWrapper that we choose to // supply will be stored here, so that subseqent calls to this // method will return a reference to the same object. static $lib = null; if (isset($lib)) { return $lib; } if (Auth_OpenID_noMathSupport()) { $null = null; return $null; } // If this method has not been called before, look at // Auth_OpenID_math_extensions and try to find an extension that // works. $ext = Auth_OpenID_detectMathLibrary(Auth_OpenID_math_extensions()); if ($ext === false) { $tried = array(); foreach (Auth_OpenID_math_extensions() as $extinfo) { $tried[] = $extinfo['extension']; } $triedstr = implode(", ", $tried); Auth_OpenID_setNoMathSupport(); $result = null; return $result; } // Instantiate a new wrapper $class = $ext['class']; $lib = new $class(); return $lib; } function Auth_OpenID_setNoMathSupport() { if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { define('Auth_OpenID_NO_MATH_SUPPORT', true); } } function Auth_OpenID_noMathSupport() { return defined('Auth_OpenID_NO_MATH_SUPPORT'); } openid-php-openid-782224d/Auth/OpenID/Consumer.php000066400000000000000000002310111136636734100216420ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * Require utility classes and functions for the consumer. */ require_once "Auth/OpenID.php"; require_once "Auth/OpenID/Message.php"; require_once "Auth/OpenID/HMAC.php"; require_once "Auth/OpenID/Association.php"; require_once "Auth/OpenID/CryptUtil.php"; require_once "Auth/OpenID/DiffieHellman.php"; require_once "Auth/OpenID/KVForm.php"; require_once "Auth/OpenID/Nonce.php"; require_once "Auth/OpenID/Discover.php"; require_once "Auth/OpenID/URINorm.php"; require_once "Auth/Yadis/Manager.php"; require_once "Auth/Yadis/XRI.php"; /** * This is the status code returned when the complete method returns * successfully. */ define('Auth_OpenID_SUCCESS', 'success'); /** * Status to indicate cancellation of OpenID authentication. */ define('Auth_OpenID_CANCEL', 'cancel'); /** * This is the status code completeAuth returns when the value it * received indicated an invalid login. */ define('Auth_OpenID_FAILURE', 'failure'); /** * This is the status code completeAuth returns when the * {@link Auth_OpenID_Consumer} instance is in immediate mode, and the * identity server sends back a URL to send the user to to complete his * or her login. */ define('Auth_OpenID_SETUP_NEEDED', 'setup needed'); /** * This is the status code beginAuth returns when the page fetched * from the entered OpenID URL doesn't contain the necessary link tags * to function as an identity page. */ define('Auth_OpenID_PARSE_ERROR', 'parse error'); /** * An OpenID consumer implementation that performs discovery and does * session management. See the Consumer.php file documentation for * more information. * * @package OpenID */ class Auth_OpenID_Consumer { /** * @access private */ var $discoverMethod = 'Auth_OpenID_discover'; /** * @access private */ var $session_key_prefix = "_openid_consumer_"; /** * @access private */ var $_token_suffix = "last_token"; /** * Initialize a Consumer instance. * * You should create a new instance of the Consumer object with * every HTTP request that handles OpenID transactions. * * @param Auth_OpenID_OpenIDStore $store This must be an object * that implements the interface in {@link * Auth_OpenID_OpenIDStore}. Several concrete implementations are * provided, to cover most common use cases. For stores backed by * MySQL, PostgreSQL, or SQLite, see the {@link * Auth_OpenID_SQLStore} class and its sublcasses. For a * filesystem-backed store, see the {@link Auth_OpenID_FileStore} * module. As a last resort, if it isn't possible for the server * to store state at all, an instance of {@link * Auth_OpenID_DumbStore} can be used. * * @param mixed $session An object which implements the interface * of the {@link Auth_Yadis_PHPSession} class. Particularly, this * object is expected to have these methods: get($key), set($key), * $value), and del($key). This defaults to a session object * which wraps PHP's native session machinery. You should only * need to pass something here if you have your own sessioning * implementation. * * @param str $consumer_cls The name of the class to instantiate * when creating the internal consumer object. This is used for * testing. */ function Auth_OpenID_Consumer($store, $session = null, $consumer_cls = null) { if ($session === null) { $session = new Auth_Yadis_PHPSession(); } $this->session = $session; if ($consumer_cls !== null) { $this->consumer = new $consumer_cls($store); } else { $this->consumer = new Auth_OpenID_GenericConsumer($store); } $this->_token_key = $this->session_key_prefix . $this->_token_suffix; } /** * Used in testing to define the discovery mechanism. * * @access private */ function getDiscoveryObject($session, $openid_url, $session_key_prefix) { return new Auth_Yadis_Discovery($session, $openid_url, $session_key_prefix); } /** * Start the OpenID authentication process. See steps 1-2 in the * overview at the top of this file. * * @param string $user_url Identity URL given by the user. This * method performs a textual transformation of the URL to try and * make sure it is normalized. For example, a user_url of * example.com will be normalized to http://example.com/ * normalizing and resolving any redirects the server might issue. * * @param bool $anonymous True if the OpenID request is to be sent * to the server without any identifier information. Use this * when you want to transport data but don't want to do OpenID * authentication with identifiers. * * @return Auth_OpenID_AuthRequest $auth_request An object * containing the discovered information will be returned, with a * method for building a redirect URL to the server, as described * in step 3 of the overview. This object may also be used to add * extension arguments to the request, using its 'addExtensionArg' * method. */ function begin($user_url, $anonymous=false) { $openid_url = $user_url; $disco = $this->getDiscoveryObject($this->session, $openid_url, $this->session_key_prefix); // Set the 'stale' attribute of the manager. If discovery // fails in a fatal way, the stale flag will cause the manager // to be cleaned up next time discovery is attempted. $m = $disco->getManager(); $loader = new Auth_Yadis_ManagerLoader(); if ($m) { if ($m->stale) { $disco->destroyManager(); } else { $m->stale = true; $disco->session->set($disco->session_key, serialize($loader->toSession($m))); } } $endpoint = $disco->getNextService($this->discoverMethod, $this->consumer->fetcher); // Reset the 'stale' attribute of the manager. $m = $disco->getManager(); if ($m) { $m->stale = false; $disco->session->set($disco->session_key, serialize($loader->toSession($m))); } if ($endpoint === null) { return null; } else { return $this->beginWithoutDiscovery($endpoint, $anonymous); } } /** * Start OpenID verification without doing OpenID server * discovery. This method is used internally by Consumer.begin * after discovery is performed, and exists to provide an * interface for library users needing to perform their own * discovery. * * @param Auth_OpenID_ServiceEndpoint $endpoint an OpenID service * endpoint descriptor. * * @param bool anonymous Set to true if you want to perform OpenID * without identifiers. * * @return Auth_OpenID_AuthRequest $auth_request An OpenID * authentication request object. */ function beginWithoutDiscovery($endpoint, $anonymous=false) { $loader = new Auth_OpenID_ServiceEndpointLoader(); $auth_req = $this->consumer->begin($endpoint); $this->session->set($this->_token_key, $loader->toSession($auth_req->endpoint)); if (!$auth_req->setAnonymous($anonymous)) { return new Auth_OpenID_FailureResponse(null, "OpenID 1 requests MUST include the identifier " . "in the request."); } return $auth_req; } /** * Called to interpret the server's response to an OpenID * request. It is called in step 4 of the flow described in the * consumer overview. * * @param string $current_url The URL used to invoke the application. * Extract the URL from your application's web * request framework and specify it here to have it checked * against the openid.current_url value in the response. If * the current_url URL check fails, the status of the * completion will be FAILURE. * * @param array $query An array of the query parameters (key => * value pairs) for this HTTP request. Defaults to null. If * null, the GET or POST data are automatically gotten from the * PHP environment. It is only useful to override $query for * testing. * * @return Auth_OpenID_ConsumerResponse $response A instance of an * Auth_OpenID_ConsumerResponse subclass. The type of response is * indicated by the status attribute, which will be one of * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED. */ function complete($current_url, $query=null) { if ($current_url && !is_string($current_url)) { // This is ugly, but we need to complain loudly when // someone uses the API incorrectly. trigger_error("current_url must be a string; see NEWS file " . "for upgrading notes.", E_USER_ERROR); } if ($query === null) { $query = Auth_OpenID::getQuery(); } $loader = new Auth_OpenID_ServiceEndpointLoader(); $endpoint_data = $this->session->get($this->_token_key); $endpoint = $loader->fromSession($endpoint_data); $message = Auth_OpenID_Message::fromPostArgs($query); $response = $this->consumer->complete($message, $endpoint, $current_url); $this->session->del($this->_token_key); if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) { if ($response->identity_url !== null) { $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix); $disco->cleanup(true); } } return $response; } } /** * A class implementing HMAC/DH-SHA1 consumer sessions. * * @package OpenID */ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { var $session_type = 'DH-SHA1'; var $hash_func = 'Auth_OpenID_SHA1'; var $secret_size = 20; var $allowed_assoc_types = array('HMAC-SHA1'); function Auth_OpenID_DiffieHellmanSHA1ConsumerSession($dh = null) { if ($dh === null) { $dh = new Auth_OpenID_DiffieHellman(); } $this->dh = $dh; } function getRequest() { $math = Auth_OpenID_getMathLib(); $cpub = $math->longToBase64($this->dh->public); $args = array('dh_consumer_public' => $cpub); if (!$this->dh->usingDefaultValues()) { $args = array_merge($args, array( 'dh_modulus' => $math->longToBase64($this->dh->mod), 'dh_gen' => $math->longToBase64($this->dh->gen))); } return $args; } function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'dh_server_public')) { return null; } if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'enc_mac_key')) { return null; } $math = Auth_OpenID_getMathLib(); $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS, 'dh_server_public')); $enc_mac_key = base64_decode($response->getArg(Auth_OpenID_OPENID_NS, 'enc_mac_key')); return $this->dh->xorSecret($spub, $enc_mac_key, $this->hash_func); } } /** * A class implementing HMAC/DH-SHA256 consumer sessions. * * @package OpenID */ class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends Auth_OpenID_DiffieHellmanSHA1ConsumerSession { var $session_type = 'DH-SHA256'; var $hash_func = 'Auth_OpenID_SHA256'; var $secret_size = 32; var $allowed_assoc_types = array('HMAC-SHA256'); } /** * A class implementing plaintext consumer sessions. * * @package OpenID */ class Auth_OpenID_PlainTextConsumerSession { var $session_type = 'no-encryption'; var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); function getRequest() { return array(); } function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) { return null; } return base64_decode($response->getArg(Auth_OpenID_OPENID_NS, 'mac_key')); } } /** * Returns available session types. */ function Auth_OpenID_getAvailableSessionTypes() { $types = array( 'no-encryption' => 'Auth_OpenID_PlainTextConsumerSession', 'DH-SHA1' => 'Auth_OpenID_DiffieHellmanSHA1ConsumerSession', 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ConsumerSession'); return $types; } /** * This class is the interface to the OpenID consumer logic. * Instances of it maintain no per-request state, so they can be * reused (or even used by multiple threads concurrently) as needed. * * @package OpenID */ class Auth_OpenID_GenericConsumer { /** * @access private */ var $discoverMethod = 'Auth_OpenID_discover'; /** * This consumer's store object. */ var $store; /** * @access private */ var $_use_assocs; /** * @access private */ var $openid1_nonce_query_arg_name = 'janrain_nonce'; /** * Another query parameter that gets added to the return_to for * OpenID 1; if the user's session state is lost, use this claimed * identifier to do discovery when verifying the response. */ var $openid1_return_to_identifier_name = 'openid1_claimed_id'; /** * This method initializes a new {@link Auth_OpenID_Consumer} * instance to access the library. * * @param Auth_OpenID_OpenIDStore $store This must be an object * that implements the interface in {@link Auth_OpenID_OpenIDStore}. * Several concrete implementations are provided, to cover most common use * cases. For stores backed by MySQL, PostgreSQL, or SQLite, see * the {@link Auth_OpenID_SQLStore} class and its sublcasses. For a * filesystem-backed store, see the {@link Auth_OpenID_FileStore} module. * As a last resort, if it isn't possible for the server to store * state at all, an instance of {@link Auth_OpenID_DumbStore} can be used. * * @param bool $immediate This is an optional boolean value. It * controls whether the library uses immediate mode, as explained * in the module description. The default value is False, which * disables immediate mode. */ function Auth_OpenID_GenericConsumer($store) { $this->store = $store; $this->negotiator = Auth_OpenID_getDefaultNegotiator(); $this->_use_assocs = (is_null($this->store) ? false : true); $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $this->session_types = Auth_OpenID_getAvailableSessionTypes(); } /** * Called to begin OpenID authentication using the specified * {@link Auth_OpenID_ServiceEndpoint}. * * @access private */ function begin($service_endpoint) { $assoc = $this->_getAssociation($service_endpoint); $r = new Auth_OpenID_AuthRequest($service_endpoint, $assoc); $r->return_to_args[$this->openid1_nonce_query_arg_name] = Auth_OpenID_mkNonce(); if ($r->message->isOpenID1()) { $r->return_to_args[$this->openid1_return_to_identifier_name] = $r->endpoint->claimed_id; } return $r; } /** * Given an {@link Auth_OpenID_Message}, {@link * Auth_OpenID_ServiceEndpoint} and optional return_to URL, * complete OpenID authentication. * * @access private */ function complete($message, $endpoint, $return_to) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode', ''); $mode_methods = array( 'cancel' => '_complete_cancel', 'error' => '_complete_error', 'setup_needed' => '_complete_setup_needed', 'id_res' => '_complete_id_res', ); $method = Auth_OpenID::arrayGet($mode_methods, $mode, '_completeInvalid'); return call_user_func_array(array($this, $method), array($message, &$endpoint, $return_to)); } /** * @access private */ function _completeInvalid($message, $endpoint, $unused) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode', ''); return new Auth_OpenID_FailureResponse($endpoint, sprintf("Invalid openid.mode '%s'", $mode)); } /** * @access private */ function _complete_cancel($message, $endpoint, $unused) { return new Auth_OpenID_CancelResponse($endpoint); } /** * @access private */ function _complete_error($message, $endpoint, $unused) { $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error'); $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact'); $reference = $message->getArg(Auth_OpenID_OPENID_NS, 'reference'); return new Auth_OpenID_FailureResponse($endpoint, $error, $contact, $reference); } /** * @access private */ function _complete_setup_needed($message, $endpoint, $unused) { if (!$message->isOpenID2()) { return $this->_completeInvalid($message, $endpoint); } $user_setup_url = $message->getArg(Auth_OpenID_OPENID2_NS, 'user_setup_url'); return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } /** * @access private */ function _complete_id_res($message, $endpoint, $return_to) { $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, 'user_setup_url'); if ($this->_checkSetupNeeded($message)) { return new Auth_OpenID_SetupNeededResponse( $endpoint, $user_setup_url); } else { return $this->_doIdRes($message, $endpoint, $return_to); } } /** * @access private */ function _checkSetupNeeded($message) { // In OpenID 1, we check to see if this is a cancel from // immediate mode by the presence of the user_setup_url // parameter. if ($message->isOpenID1()) { $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, 'user_setup_url'); if ($user_setup_url !== null) { return true; } } return false; } /** * @access private */ function _doIdRes($message, $endpoint, $return_to) { // Checks for presence of appropriate fields (and checks // signed list fields) $result = $this->_idResCheckForFields($message); if (Auth_OpenID::isFailure($result)) { return $result; } if (!$this->_checkReturnTo($message, $return_to)) { return new Auth_OpenID_FailureResponse(null, sprintf("return_to does not match return URL. Expected %s, got %s", $return_to, $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'))); } // Verify discovery information: $result = $this->_verifyDiscoveryResults($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $endpoint = $result; $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; } $result = $this->_idResCheckNonce($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($signed_list_str)) { return $signed_list_str; } $signed_list = explode(',', $signed_list_str); $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid."); return new Auth_OpenID_SuccessResponse($endpoint, $message, $signed_fields); } /** * @access private */ function _checkReturnTo($message, $return_to) { // Check an OpenID message and its openid.return_to value // against a return_to URL from an application. Return True // on success, False on failure. // Check the openid.return_to args against args in the // original message. $result = Auth_OpenID_GenericConsumer::_verifyReturnToArgs( $message->toPostArgs()); if (Auth_OpenID::isFailure($result)) { return false; } // Check the return_to base URL against the one in the // message. $msg_return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); if (Auth_OpenID::isFailure($return_to)) { // XXX log me return false; } $return_to_parts = parse_url(Auth_OpenID_urinorm($return_to)); $msg_return_to_parts = parse_url(Auth_OpenID_urinorm($msg_return_to)); // If port is absent from both, add it so it's equal in the // check below. if ((!array_key_exists('port', $return_to_parts)) && (!array_key_exists('port', $msg_return_to_parts))) { $return_to_parts['port'] = null; $msg_return_to_parts['port'] = null; } // If path is absent from both, add it so it's equal in the // check below. if ((!array_key_exists('path', $return_to_parts)) && (!array_key_exists('path', $msg_return_to_parts))) { $return_to_parts['path'] = null; $msg_return_to_parts['path'] = null; } // The URL scheme, authority, and path MUST be the same // between the two URLs. foreach (array('scheme', 'host', 'port', 'path') as $component) { // If the url component is absent in either URL, fail. // There should always be a scheme, host, port, and path. if (!array_key_exists($component, $return_to_parts)) { return false; } if (!array_key_exists($component, $msg_return_to_parts)) { return false; } if (Auth_OpenID::arrayGet($return_to_parts, $component) !== Auth_OpenID::arrayGet($msg_return_to_parts, $component)) { return false; } } return true; } /** * @access private */ function _verifyReturnToArgs($query) { // Verify that the arguments in the return_to URL are present in this // response. $message = Auth_OpenID_Message::fromPostArgs($query); $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); if (Auth_OpenID::isFailure($return_to)) { return $return_to; } // XXX: this should be checked by _idResCheckForFields if (!$return_to) { return new Auth_OpenID_FailureResponse(null, "Response has no return_to"); } $parsed_url = parse_url($return_to); $q = array(); if (array_key_exists('query', $parsed_url)) { $rt_query = $parsed_url['query']; $q = Auth_OpenID::parse_str($rt_query); } foreach ($q as $rt_key => $rt_value) { if (!array_key_exists($rt_key, $query)) { return new Auth_OpenID_FailureResponse(null, sprintf("return_to parameter %s absent from query", $rt_key)); } else { $value = $query[$rt_key]; if ($rt_value != $value) { return new Auth_OpenID_FailureResponse(null, sprintf("parameter %s value %s does not match " . "return_to value %s", $rt_key, $value, $rt_value)); } } } // Make sure all non-OpenID arguments in the response are also // in the signed return_to. $bare_args = $message->getArgs(Auth_OpenID_BARE_NS); foreach ($bare_args as $key => $value) { if (Auth_OpenID::arrayGet($q, $key) != $value) { return new Auth_OpenID_FailureResponse(null, sprintf("Parameter %s = %s not in return_to URL", $key, $value)); } } return true; } /** * @access private */ function _idResCheckSignature($message, $server_url) { $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); if (Auth_OpenID::isFailure($assoc_handle)) { return $assoc_handle; } $assoc = $this->store->getAssociation($server_url, $assoc_handle); if ($assoc) { if ($assoc->getExpiresIn() <= 0) { // XXX: It might be a good idea sometimes to re-start // the authentication with a new association. Doing it // automatically opens the possibility for // denial-of-service by a server that just returns // expired associations (or really short-lived // associations) return new Auth_OpenID_FailureResponse(null, 'Association with ' . $server_url . ' expired'); } if (!$assoc->checkMessageSignature($message)) { return new Auth_OpenID_FailureResponse(null, "Bad signature"); } } else { // It's not an association we know about. Stateless mode // is our only possible path for recovery. XXX - async // framework will not want to block on this call to // _checkAuth. if (!$this->_checkAuth($message, $server_url)) { return new Auth_OpenID_FailureResponse(null, "Server denied check_authentication"); } } return null; } /** * @access private */ function _verifyDiscoveryResults($message, $endpoint=null) { if ($message->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS) { return $this->_verifyDiscoveryResultsOpenID2($message, $endpoint); } else { return $this->_verifyDiscoveryResultsOpenID1($message, $endpoint); } } /** * @access private */ function _verifyDiscoveryResultsOpenID1($message, $endpoint) { $claimed_id = $message->getArg(Auth_OpenID_BARE_NS, $this->openid1_return_to_identifier_name); if (($endpoint === null) && ($claimed_id === null)) { return new Auth_OpenID_FailureResponse($endpoint, 'When using OpenID 1, the claimed ID must be supplied, ' . 'either by passing it through as a return_to parameter ' . 'or by using a session, and supplied to the GenericConsumer ' . 'as the argument to complete()'); } else if (($endpoint !== null) && ($claimed_id === null)) { $claimed_id = $endpoint->claimed_id; } $to_match = new Auth_OpenID_ServiceEndpoint(); $to_match->type_uris = array(Auth_OpenID_TYPE_1_1); $to_match->local_id = $message->getArg(Auth_OpenID_OPENID1_NS, 'identity'); // Restore delegate information from the initiation phase $to_match->claimed_id = $claimed_id; if ($to_match->local_id === null) { return new Auth_OpenID_FailureResponse($endpoint, "Missing required field openid.identity"); } $to_match_1_0 = $to_match->copy(); $to_match_1_0->type_uris = array(Auth_OpenID_TYPE_1_0); if ($endpoint !== null) { $result = $this->_verifyDiscoverySingle($endpoint, $to_match); if (is_a($result, 'Auth_OpenID_TypeURIMismatch')) { $result = $this->_verifyDiscoverySingle($endpoint, $to_match_1_0); } if (Auth_OpenID::isFailure($result)) { // oidutil.log("Error attempting to use stored // discovery information: " + str(e)) // oidutil.log("Attempting discovery to // verify endpoint") } else { return $endpoint; } } // Endpoint is either bad (failed verification) or None return $this->_discoverAndVerify($to_match->claimed_id, array($to_match, $to_match_1_0)); } /** * @access private */ function _verifyDiscoverySingle($endpoint, $to_match) { // Every type URI that's in the to_match endpoint has to be // present in the discovered endpoint. foreach ($to_match->type_uris as $type_uri) { if (!$endpoint->usesExtension($type_uri)) { return new Auth_OpenID_TypeURIMismatch($endpoint, "Required type ".$type_uri." not present"); } } // Fragments do not influence discovery, so we can't compare a // claimed identifier with a fragment to discovered // information. list($defragged_claimed_id, $_) = Auth_OpenID::urldefrag($to_match->claimed_id); if ($defragged_claimed_id != $endpoint->claimed_id) { return new Auth_OpenID_FailureResponse($endpoint, sprintf('Claimed ID does not match (different subjects!), ' . 'Expected %s, got %s', $defragged_claimed_id, $endpoint->claimed_id)); } if ($to_match->getLocalID() != $endpoint->getLocalID()) { return new Auth_OpenID_FailureResponse($endpoint, sprintf('local_id mismatch. Expected %s, got %s', $to_match->getLocalID(), $endpoint->getLocalID())); } // If the server URL is None, this must be an OpenID 1 // response, because op_endpoint is a required parameter in // OpenID 2. In that case, we don't actually care what the // discovered server_url is, because signature checking or // check_auth should take care of that check for us. if ($to_match->server_url === null) { if ($to_match->preferredNamespace() != Auth_OpenID_OPENID1_NS) { return new Auth_OpenID_FailureResponse($endpoint, "Preferred namespace mismatch (bug)"); } } else if ($to_match->server_url != $endpoint->server_url) { return new Auth_OpenID_FailureResponse($endpoint, sprintf('OP Endpoint mismatch. Expected %s, got %s', $to_match->server_url, $endpoint->server_url)); } return null; } /** * @access private */ function _verifyDiscoveryResultsOpenID2($message, $endpoint) { $to_match = new Auth_OpenID_ServiceEndpoint(); $to_match->type_uris = array(Auth_OpenID_TYPE_2_0); $to_match->claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id'); $to_match->local_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'identity'); $to_match->server_url = $message->getArg(Auth_OpenID_OPENID2_NS, 'op_endpoint'); if ($to_match->server_url === null) { return new Auth_OpenID_FailureResponse($endpoint, "OP Endpoint URL missing"); } // claimed_id and identifier must both be present or both be // absent if (($to_match->claimed_id === null) && ($to_match->local_id !== null)) { return new Auth_OpenID_FailureResponse($endpoint, 'openid.identity is present without openid.claimed_id'); } if (($to_match->claimed_id !== null) && ($to_match->local_id === null)) { return new Auth_OpenID_FailureResponse($endpoint, 'openid.claimed_id is present without openid.identity'); } if ($to_match->claimed_id === null) { // This is a response without identifiers, so there's // really no checking that we can do, so return an // endpoint that's for the specified `openid.op_endpoint' return Auth_OpenID_ServiceEndpoint::fromOPEndpointURL( $to_match->server_url); } if (!$endpoint) { // The claimed ID doesn't match, so we have to do // discovery again. This covers not using sessions, OP // identifier endpoints and responses that didn't match // the original request. // oidutil.log('No pre-discovered information supplied.') return $this->_discoverAndVerify($to_match->claimed_id, array($to_match)); } else { // The claimed ID matches, so we use the endpoint that we // discovered in initiation. This should be the most // common case. $result = $this->_verifyDiscoverySingle($endpoint, $to_match); if (Auth_OpenID::isFailure($result)) { $endpoint = $this->_discoverAndVerify($to_match->claimed_id, array($to_match)); if (Auth_OpenID::isFailure($endpoint)) { return $endpoint; } } } // The endpoint we return should have the claimed ID from the // message we just verified, fragment and all. if ($endpoint->claimed_id != $to_match->claimed_id) { $endpoint->claimed_id = $to_match->claimed_id; } return $endpoint; } /** * @access private */ function _discoverAndVerify($claimed_id, $to_match_endpoints) { // oidutil.log('Performing discovery on %s' % (claimed_id,)) list($unused, $services) = call_user_func($this->discoverMethod, $claimed_id, &$this->fetcher); if (!$services) { return new Auth_OpenID_FailureResponse(null, sprintf("No OpenID information found at %s", $claimed_id)); } return $this->_verifyDiscoveryServices($claimed_id, $services, $to_match_endpoints); } /** * @access private */ function _verifyDiscoveryServices($claimed_id, $services, $to_match_endpoints) { // Search the services resulting from discovery to find one // that matches the information from the assertion foreach ($services as $endpoint) { foreach ($to_match_endpoints as $to_match_endpoint) { $result = $this->_verifyDiscoverySingle($endpoint, $to_match_endpoint); if (!Auth_OpenID::isFailure($result)) { // It matches, so discover verification has // succeeded. Return this endpoint. return $endpoint; } } } return new Auth_OpenID_FailureResponse(null, sprintf('No matching endpoint found after discovering %s: %s', $claimed_id, $result->message)); } /** * Extract the nonce from an OpenID 1 response. Return the nonce * from the BARE_NS since we independently check the return_to * arguments are the same as those in the response message. * * See the openid1_nonce_query_arg_name class variable * * @returns $nonce The nonce as a string or null * * @access private */ function _idResGetNonceOpenID1($message, $endpoint) { return $message->getArg(Auth_OpenID_BARE_NS, $this->openid1_nonce_query_arg_name); } /** * @access private */ function _idResCheckNonce($message, $endpoint) { if ($message->isOpenID1()) { // This indicates that the nonce was generated by the consumer $nonce = $this->_idResGetNonceOpenID1($message, $endpoint); $server_url = ''; } else { $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce'); $server_url = $endpoint->server_url; } if ($nonce === null) { return new Auth_OpenID_FailureResponse($endpoint, "Nonce missing from response"); } $parts = Auth_OpenID_splitNonce($nonce); if ($parts === null) { return new Auth_OpenID_FailureResponse($endpoint, "Malformed nonce in response"); } list($timestamp, $salt) = $parts; if (!$this->store->useNonce($server_url, $timestamp, $salt)) { return new Auth_OpenID_FailureResponse($endpoint, "Nonce already used or out of range"); } return null; } /** * @access private */ function _idResCheckForFields($message) { $basic_fields = array('return_to', 'assoc_handle', 'sig', 'signed'); $basic_sig_fields = array('return_to', 'identity'); $require_fields = array( Auth_OpenID_OPENID2_NS => array_merge($basic_fields, array('op_endpoint')), Auth_OpenID_OPENID1_NS => array_merge($basic_fields, array('identity')) ); $require_sigs = array( Auth_OpenID_OPENID2_NS => array_merge($basic_sig_fields, array('response_nonce', 'claimed_id', 'assoc_handle', 'op_endpoint')), Auth_OpenID_OPENID1_NS => array_merge($basic_sig_fields, array('nonce')) ); foreach ($require_fields[$message->getOpenIDNamespace()] as $field) { if (!$message->hasKey(Auth_OpenID_OPENID_NS, $field)) { return new Auth_OpenID_FailureResponse(null, "Missing required field '".$field."'"); } } $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($signed_list_str)) { return $signed_list_str; } $signed_list = explode(',', $signed_list_str); foreach ($require_sigs[$message->getOpenIDNamespace()] as $field) { // Field is present and not in signed list if ($message->hasKey(Auth_OpenID_OPENID_NS, $field) && (!in_array($field, $signed_list))) { return new Auth_OpenID_FailureResponse(null, "'".$field."' not signed"); } } return null; } /** * @access private */ function _checkAuth($message, $server_url) { $request = $this->_createCheckAuthRequest($message); if ($request === null) { return false; } $resp_message = $this->_makeKVPost($request, $server_url); if (($resp_message === null) || (is_a($resp_message, 'Auth_OpenID_ServerErrorContainer'))) { return false; } return $this->_processCheckAuthResponse($resp_message, $server_url); } /** * @access private */ function _createCheckAuthRequest($message) { $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); if ($signed) { foreach (explode(',', $signed) as $k) { $value = $message->getAliasedArg($k); if ($value === null) { return null; } } } $ca_message = $message->copy(); $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode', 'check_authentication'); return $ca_message; } /** * @access private */ function _processCheckAuthResponse($response, $server_url) { $is_valid = $response->getArg(Auth_OpenID_OPENID_NS, 'is_valid', 'false'); $invalidate_handle = $response->getArg(Auth_OpenID_OPENID_NS, 'invalidate_handle'); if ($invalidate_handle !== null) { $this->store->removeAssociation($server_url, $invalidate_handle); } if ($is_valid == 'true') { return true; } return false; } /** * Adapt a POST response to a Message. * * @param $response Result of a POST to an OpenID endpoint. * * @access private */ static function _httpResponseToMessage($response, $server_url) { // Should this function be named Message.fromHTTPResponse instead? $response_message = Auth_OpenID_Message::fromKVForm($response->body); if ($response->status == 400) { return Auth_OpenID_ServerErrorContainer::fromMessage( $response_message); } else if ($response->status != 200 and $response->status != 206) { return null; } return $response_message; } /** * @access private */ function _makeKVPost($message, $server_url) { $body = $message->toURLEncoded(); $resp = $this->fetcher->post($server_url, $body); if ($resp === null) { return null; } return $this->_httpResponseToMessage($resp, $server_url); } /** * @access private */ function _getAssociation($endpoint) { if (!$this->_use_assocs) { return null; } $assoc = $this->store->getAssociation($endpoint->server_url); if (($assoc === null) || ($assoc->getExpiresIn() <= 0)) { $assoc = $this->_negotiateAssociation($endpoint); if ($assoc !== null) { $this->store->storeAssociation($endpoint->server_url, $assoc); } } return $assoc; } /** * Handle ServerErrors resulting from association requests. * * @return $result If server replied with an C{unsupported-type} * error, return a tuple of supported C{association_type}, * C{session_type}. Otherwise logs the error and returns null. * * @access private */ function _extractSupportedAssociationType($server_error, $endpoint, $assoc_type) { // Any error message whose code is not 'unsupported-type' // should be considered a total failure. if (($server_error->error_code != 'unsupported-type') || ($server_error->message->isOpenID1())) { return null; } // The server didn't like the association/session type that we // sent, and it sent us back a message that might tell us how // to handle it. // Extract the session_type and assoc_type from the error // message $assoc_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS, 'assoc_type'); $session_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS, 'session_type'); if (($assoc_type === null) || ($session_type === null)) { return null; } else if (!$this->negotiator->isAllowed($assoc_type, $session_type)) { return null; } else { return array($assoc_type, $session_type); } } /** * @access private */ function _negotiateAssociation($endpoint) { // Get our preferred session/association type from the negotiatior. list($assoc_type, $session_type) = $this->negotiator->getAllowedType(); $assoc = $this->_requestAssociation( $endpoint, $assoc_type, $session_type); if (Auth_OpenID::isFailure($assoc)) { return null; } if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) { $why = $assoc; $supportedTypes = $this->_extractSupportedAssociationType( $why, $endpoint, $assoc_type); if ($supportedTypes !== null) { list($assoc_type, $session_type) = $supportedTypes; // Attempt to create an association from the assoc_type // and session_type that the server told us it // supported. $assoc = $this->_requestAssociation( $endpoint, $assoc_type, $session_type); if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) { // Do not keep trying, since it rejected the // association type that it told us to use. // oidutil.log('Server %s refused its suggested association // 'type: session_type=%s, assoc_type=%s' // % (endpoint.server_url, session_type, // assoc_type)) return null; } else { return $assoc; } } else { return null; } } else { return $assoc; } } /** * @access private */ function _requestAssociation($endpoint, $assoc_type, $session_type) { list($assoc_session, $args) = $this->_createAssociateRequest( $endpoint, $assoc_type, $session_type); $response_message = $this->_makeKVPost($args, $endpoint->server_url); if ($response_message === null) { // oidutil.log('openid.associate request failed: %s' % (why[0],)) return null; } else if (is_a($response_message, 'Auth_OpenID_ServerErrorContainer')) { return $response_message; } return $this->_extractAssociation($response_message, $assoc_session); } /** * @access private */ function _extractAssociation($assoc_response, $assoc_session) { // Extract the common fields from the response, raising an // exception if they are not found $assoc_type = $assoc_response->getArg( Auth_OpenID_OPENID_NS, 'assoc_type', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($assoc_type)) { return $assoc_type; } $assoc_handle = $assoc_response->getArg( Auth_OpenID_OPENID_NS, 'assoc_handle', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($assoc_handle)) { return $assoc_handle; } // expires_in is a base-10 string. The Python parsing will // accept literals that have whitespace around them and will // accept negative values. Neither of these are really in-spec, // but we think it's OK to accept them. $expires_in_str = $assoc_response->getArg( Auth_OpenID_OPENID_NS, 'expires_in', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($expires_in_str)) { return $expires_in_str; } $expires_in = Auth_OpenID::intval($expires_in_str); if ($expires_in === false) { $err = sprintf("Could not parse expires_in from association ". "response %s", print_r($assoc_response, true)); return new Auth_OpenID_FailureResponse(null, $err); } // OpenID 1 has funny association session behaviour. if ($assoc_response->isOpenID1()) { $session_type = $this->_getOpenID1SessionType($assoc_response); } else { $session_type = $assoc_response->getArg( Auth_OpenID_OPENID2_NS, 'session_type', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($session_type)) { return $session_type; } } // Session type mismatch if ($assoc_session->session_type != $session_type) { if ($assoc_response->isOpenID1() && ($session_type == 'no-encryption')) { // In OpenID 1, any association request can result in // a 'no-encryption' association response. Setting // assoc_session to a new no-encryption session should // make the rest of this function work properly for // that case. $assoc_session = new Auth_OpenID_PlainTextConsumerSession(); } else { // Any other mismatch, regardless of protocol version // results in the failure of the association session // altogether. return null; } } // Make sure assoc_type is valid for session_type if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) { return null; } // Delegate to the association session to extract the secret // from the response, however is appropriate for that session // type. $secret = $assoc_session->extractSecret($assoc_response); if ($secret === null) { return null; } return Auth_OpenID_Association::fromExpiresIn( $expires_in, $assoc_handle, $secret, $assoc_type); } /** * @access private */ function _createAssociateRequest($endpoint, $assoc_type, $session_type) { if (array_key_exists($session_type, $this->session_types)) { $session_type_class = $this->session_types[$session_type]; if (is_callable($session_type_class)) { $assoc_session = $session_type_class(); } else { $assoc_session = new $session_type_class(); } } else { return null; } $args = array( 'mode' => 'associate', 'assoc_type' => $assoc_type); if (!$endpoint->compatibilityMode()) { $args['ns'] = Auth_OpenID_OPENID2_NS; } // Leave out the session type if we're in compatibility mode // *and* it's no-encryption. if ((!$endpoint->compatibilityMode()) || ($assoc_session->session_type != 'no-encryption')) { $args['session_type'] = $assoc_session->session_type; } $args = array_merge($args, $assoc_session->getRequest()); $message = Auth_OpenID_Message::fromOpenIDArgs($args); return array($assoc_session, $message); } /** * Given an association response message, extract the OpenID 1.X * session type. * * This function mostly takes care of the 'no-encryption' default * behavior in OpenID 1. * * If the association type is plain-text, this function will * return 'no-encryption' * * @access private * @return $typ The association type for this message */ function _getOpenID1SessionType($assoc_response) { // If it's an OpenID 1 message, allow session_type to default // to None (which signifies "no-encryption") $session_type = $assoc_response->getArg(Auth_OpenID_OPENID1_NS, 'session_type'); // Handle the differences between no-encryption association // respones in OpenID 1 and 2: // no-encryption is not really a valid session type for OpenID // 1, but we'll accept it anyway, while issuing a warning. if ($session_type == 'no-encryption') { // oidutil.log('WARNING: OpenID server sent "no-encryption"' // 'for OpenID 1.X') } else if (($session_type == '') || ($session_type === null)) { // Missing or empty session type is the way to flag a // 'no-encryption' response. Change the session type to // 'no-encryption' so that it can be handled in the same // way as OpenID 2 'no-encryption' respones. $session_type = 'no-encryption'; } return $session_type; } } /** * This class represents an authentication request from a consumer to * an OpenID server. * * @package OpenID */ class Auth_OpenID_AuthRequest { /** * Initialize an authentication request with the specified token, * association, and endpoint. * * Users of this library should not create instances of this * class. Instances of this class are created by the library when * needed. */ function Auth_OpenID_AuthRequest($endpoint, $assoc) { $this->assoc = $assoc; $this->endpoint = $endpoint; $this->return_to_args = array(); $this->message = new Auth_OpenID_Message( $endpoint->preferredNamespace()); $this->_anonymous = false; } /** * Add an extension to this checkid request. * * $extension_request: An object that implements the extension * request interface for adding arguments to an OpenID message. */ function addExtension($extension_request) { $extension_request->toMessage($this->message); } /** * Add an extension argument to this OpenID authentication * request. * * Use caution when adding arguments, because they will be * URL-escaped and appended to the redirect URL, which can easily * get quite long. * * @param string $namespace The namespace for the extension. For * example, the simple registration extension uses the namespace * 'sreg'. * * @param string $key The key within the extension namespace. For * example, the nickname field in the simple registration * extension's key is 'nickname'. * * @param string $value The value to provide to the server for * this argument. */ function addExtensionArg($namespace, $key, $value) { return $this->message->setArg($namespace, $key, $value); } /** * Set whether this request should be made anonymously. If a * request is anonymous, the identifier will not be sent in the * request. This is only useful if you are making another kind of * request with an extension in this request. * * Anonymous requests are not allowed when the request is made * with OpenID 1. */ function setAnonymous($is_anonymous) { if ($is_anonymous && $this->message->isOpenID1()) { return false; } else { $this->_anonymous = $is_anonymous; return true; } } /** * Produce a {@link Auth_OpenID_Message} representing this * request. * * @param string $realm The URL (or URL pattern) that identifies * your web site to the user when she is authorizing it. * * @param string $return_to The URL that the OpenID provider will * send the user back to after attempting to verify her identity. * * Not specifying a return_to URL means that the user will not be * returned to the site issuing the request upon its completion. * * @param bool $immediate If true, the OpenID provider is to send * back a response immediately, useful for behind-the-scenes * authentication attempts. Otherwise the OpenID provider may * engage the user before providing a response. This is the * default case, as the user may need to provide credentials or * approve the request before a positive response can be sent. */ function getMessage($realm, $return_to=null, $immediate=false) { if ($return_to) { $return_to = Auth_OpenID::appendArgs($return_to, $this->return_to_args); } else if ($immediate) { // raise ValueError( // '"return_to" is mandatory when //using "checkid_immediate"') return new Auth_OpenID_FailureResponse(null, "'return_to' is mandatory when using checkid_immediate"); } else if ($this->message->isOpenID1()) { // raise ValueError('"return_to" is // mandatory for OpenID 1 requests') return new Auth_OpenID_FailureResponse(null, "'return_to' is mandatory for OpenID 1 requests"); } else if ($this->return_to_args) { // raise ValueError('extra "return_to" arguments // were specified, but no return_to was specified') return new Auth_OpenID_FailureResponse(null, "extra 'return_to' arguments where specified, " . "but no return_to was specified"); } if ($immediate) { $mode = 'checkid_immediate'; } else { $mode = 'checkid_setup'; } $message = $this->message->copy(); if ($message->isOpenID1()) { $realm_key = 'trust_root'; } else { $realm_key = 'realm'; } $message->updateArgs(Auth_OpenID_OPENID_NS, array( $realm_key => $realm, 'mode' => $mode, 'return_to' => $return_to)); if (!$this->_anonymous) { if ($this->endpoint->isOPIdentifier()) { // This will never happen when we're in compatibility // mode, as long as isOPIdentifier() returns False // whenever preferredNamespace() returns OPENID1_NS. $claimed_id = $request_identity = Auth_OpenID_IDENTIFIER_SELECT; } else { $request_identity = $this->endpoint->getLocalID(); $claimed_id = $this->endpoint->claimed_id; } // This is true for both OpenID 1 and 2 $message->setArg(Auth_OpenID_OPENID_NS, 'identity', $request_identity); if ($message->isOpenID2()) { $message->setArg(Auth_OpenID_OPENID2_NS, 'claimed_id', $claimed_id); } } if ($this->assoc) { $message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', $this->assoc->handle); } return $message; } function redirectURL($realm, $return_to = null, $immediate = false) { $message = $this->getMessage($realm, $return_to, $immediate); if (Auth_OpenID::isFailure($message)) { return $message; } return $message->toURL($this->endpoint->server_url); } /** * Get html for a form to submit this request to the IDP. * * form_tag_attrs: An array of attributes to be added to the form * tag. 'accept-charset' and 'enctype' have defaults that can be * overridden. If a value is supplied for 'action' or 'method', it * will be replaced. */ function formMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) { $message = $this->getMessage($realm, $return_to, $immediate); if (Auth_OpenID::isFailure($message)) { return $message; } return $message->toFormMarkup($this->endpoint->server_url, $form_tag_attrs); } /** * Get a complete html document that will autosubmit the request * to the IDP. * * Wraps formMarkup. See the documentation for that function. */ function htmlMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) { $form = $this->formMarkup($realm, $return_to, $immediate, $form_tag_attrs); if (Auth_OpenID::isFailure($form)) { return $form; } return Auth_OpenID::autoSubmitHTML($form); } function shouldSendRedirect() { return $this->endpoint->compatibilityMode(); } } /** * The base class for responses from the Auth_OpenID_Consumer. * * @package OpenID */ class Auth_OpenID_ConsumerResponse { var $status = null; function setEndpoint($endpoint) { $this->endpoint = $endpoint; if ($endpoint === null) { $this->identity_url = null; } else { $this->identity_url = $endpoint->claimed_id; } } /** * Return the display identifier for this response. * * The display identifier is related to the Claimed Identifier, but the * two are not always identical. The display identifier is something the * user should recognize as what they entered, whereas the response's * claimed identifier (in the identity_url attribute) may have extra * information for better persistence. * * URLs will be stripped of their fragments for display. XRIs will * display the human-readable identifier (i-name) instead of the * persistent identifier (i-number). * * Use the display identifier in your user interface. Use * identity_url for querying your database or authorization server. * */ function getDisplayIdentifier() { if ($this->endpoint !== null) { return $this->endpoint->getDisplayIdentifier(); } return null; } } /** * A response with a status of Auth_OpenID_SUCCESS. Indicates that * this request is a successful acknowledgement from the OpenID server * that the supplied URL is, indeed controlled by the requesting * agent. This has three relevant attributes: * * claimed_id - The identity URL that has been authenticated * * signed_args - The arguments in the server's response that were * signed and verified. * * status - Auth_OpenID_SUCCESS. * * @package OpenID */ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { var $status = Auth_OpenID_SUCCESS; /** * @access private */ function Auth_OpenID_SuccessResponse($endpoint, $message, $signed_args=null) { $this->endpoint = $endpoint; $this->identity_url = $endpoint->claimed_id; $this->signed_args = $signed_args; $this->message = $message; if ($this->signed_args === null) { $this->signed_args = array(); } } /** * Extract signed extension data from the server's response. * * @param string $prefix The extension namespace from which to * extract the extension data. */ function extensionResponse($namespace_uri, $require_signed) { if ($require_signed) { return $this->getSignedNS($namespace_uri); } else { return $this->message->getArgs($namespace_uri); } } function isOpenID1() { return $this->message->isOpenID1(); } function isSigned($ns_uri, $ns_key) { // Return whether a particular key is signed, regardless of // its namespace alias return in_array($this->message->getKey($ns_uri, $ns_key), $this->signed_args); } function getSigned($ns_uri, $ns_key, $default = null) { // Return the specified signed field if available, otherwise // return default if ($this->isSigned($ns_uri, $ns_key)) { return $this->message->getArg($ns_uri, $ns_key, $default); } else { return $default; } } function getSignedNS($ns_uri) { $args = array(); $msg_args = $this->message->getArgs($ns_uri); if (Auth_OpenID::isFailure($msg_args)) { return null; } foreach ($msg_args as $key => $value) { if (!$this->isSigned($ns_uri, $key)) { unset($msg_args[$key]); } } return $msg_args; } /** * Get the openid.return_to argument from this response. * * This is useful for verifying that this request was initiated by * this consumer. * * @return string $return_to The return_to URL supplied to the * server on the initial request, or null if the response did not * contain an 'openid.return_to' argument. */ function getReturnTo() { return $this->getSigned(Auth_OpenID_OPENID_NS, 'return_to'); } } /** * A response with a status of Auth_OpenID_FAILURE. Indicates that the * OpenID protocol has failed. This could be locally or remotely * triggered. This has three relevant attributes: * * claimed_id - The identity URL for which authentication was * attempted, if it can be determined. Otherwise, null. * * message - A message indicating why the request failed, if one is * supplied. Otherwise, null. * * status - Auth_OpenID_FAILURE. * * @package OpenID */ class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse { var $status = Auth_OpenID_FAILURE; function Auth_OpenID_FailureResponse($endpoint, $message = null, $contact = null, $reference = null) { $this->setEndpoint($endpoint); $this->message = $message; $this->contact = $contact; $this->reference = $reference; } } /** * A specific, internal failure used to detect type URI mismatch. * * @package OpenID */ class Auth_OpenID_TypeURIMismatch extends Auth_OpenID_FailureResponse { } /** * Exception that is raised when the server returns a 400 response * code to a direct request. * * @package OpenID */ class Auth_OpenID_ServerErrorContainer { function Auth_OpenID_ServerErrorContainer($error_text, $error_code, $message) { $this->error_text = $error_text; $this->error_code = $error_code; $this->message = $message; } /** * @access private */ static function fromMessage($message) { $error_text = $message->getArg( Auth_OpenID_OPENID_NS, 'error', ''); $error_code = $message->getArg(Auth_OpenID_OPENID_NS, 'error_code'); return new Auth_OpenID_ServerErrorContainer($error_text, $error_code, $message); } } /** * A response with a status of Auth_OpenID_CANCEL. Indicates that the * user cancelled the OpenID authentication request. This has two * relevant attributes: * * claimed_id - The identity URL for which authentication was * attempted, if it can be determined. Otherwise, null. * * status - Auth_OpenID_SUCCESS. * * @package OpenID */ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { var $status = Auth_OpenID_CANCEL; function Auth_OpenID_CancelResponse($endpoint) { $this->setEndpoint($endpoint); } } /** * A response with a status of Auth_OpenID_SETUP_NEEDED. Indicates * that the request was in immediate mode, and the server is unable to * authenticate the user without further interaction. * * claimed_id - The identity URL for which authentication was * attempted. * * setup_url - A URL that can be used to send the user to the server * to set up for authentication. The user should be redirected in to * the setup_url, either in the current window or in a new browser * window. Null in OpenID 2. * * status - Auth_OpenID_SETUP_NEEDED. * * @package OpenID */ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse { var $status = Auth_OpenID_SETUP_NEEDED; function Auth_OpenID_SetupNeededResponse($endpoint, $setup_url = null) { $this->setEndpoint($endpoint); $this->setup_url = $setup_url; } } openid-php-openid-782224d/Auth/OpenID/CryptUtil.php000066400000000000000000000063211136636734100220120ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ if (!defined('Auth_OpenID_RAND_SOURCE')) { /** * The filename for a source of random bytes. Define this yourself * if you have a different source of randomness. */ define('Auth_OpenID_RAND_SOURCE', '/dev/urandom'); } class Auth_OpenID_CryptUtil { /** * Get the specified number of random bytes. * * Attempts to use a cryptographically secure (not predictable) * source of randomness if available. If there is no high-entropy * randomness source available, it will fail. As a last resort, * for non-critical systems, define * Auth_OpenID_RAND_SOURCE as null, and * the code will fall back on a pseudo-random number generator. * * @param int $num_bytes The length of the return value * @return string $bytes random bytes */ static function getBytes($num_bytes) { static $f = null; $bytes = ''; if ($f === null) { if (Auth_OpenID_RAND_SOURCE === null) { $f = false; } else { $f = @fopen(Auth_OpenID_RAND_SOURCE, "r"); if ($f === false) { $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' . ' continue with an insecure random number generator.'; trigger_error($msg, E_USER_ERROR); } } } if ($f === false) { // pseudorandom used $bytes = ''; for ($i = 0; $i < $num_bytes; $i += 4) { $bytes .= pack('L', mt_rand()); } $bytes = substr($bytes, 0, $num_bytes); } else { $bytes = fread($f, $num_bytes); } return $bytes; } /** * Produce a string of length random bytes, chosen from chrs. If * $chrs is null, the resulting string may contain any characters. * * @param integer $length The length of the resulting * randomly-generated string * @param string $chrs A string of characters from which to choose * to build the new string * @return string $result A string of randomly-chosen characters * from $chrs */ static function randomString($length, $population = null) { if ($population === null) { return Auth_OpenID_CryptUtil::getBytes($length); } $popsize = strlen($population); if ($popsize > 256) { $msg = 'More than 256 characters supplied to ' . __FUNCTION__; trigger_error($msg, E_USER_ERROR); } $duplicate = 256 % $popsize; $str = ""; for ($i = 0; $i < $length; $i++) { do { $n = ord(Auth_OpenID_CryptUtil::getBytes(1)); } while ($n < $duplicate); $n %= $popsize; $str .= $population[$n]; } return $str; } } openid-php-openid-782224d/Auth/OpenID/DatabaseConnection.php000066400000000000000000000075601136636734100236050ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * An empty base class intended to emulate PEAR connection * functionality in applications that supply their own database * abstraction mechanisms. See {@link Auth_OpenID_SQLStore} for more * information. You should subclass this class if you need to create * an SQL store that needs to access its database using an * application's database abstraction layer instead of a PEAR database * connection. Any subclass of Auth_OpenID_DatabaseConnection MUST * adhere to the interface specified here. * * @package OpenID */ class Auth_OpenID_DatabaseConnection { /** * Sets auto-commit mode on this database connection. * * @param bool $mode True if auto-commit is to be used; false if * not. */ function autoCommit($mode) { } /** * Run an SQL query with the specified parameters, if any. * * @param string $sql An SQL string with placeholders. The * placeholders are assumed to be specific to the database engine * for this connection. * * @param array $params An array of parameters to insert into the * SQL string using this connection's escaping mechanism. * * @return mixed $result The result of calling this connection's * internal query function. The type of result depends on the * underlying database engine. This method is usually used when * the result of a query is not important, like a DDL query. */ function query($sql, $params = array()) { } /** * Starts a transaction on this connection, if supported. */ function begin() { } /** * Commits a transaction on this connection, if supported. */ function commit() { } /** * Performs a rollback on this connection, if supported. */ function rollback() { } /** * Run an SQL query and return the first column of the first row * of the result set, if any. * * @param string $sql An SQL string with placeholders. The * placeholders are assumed to be specific to the database engine * for this connection. * * @param array $params An array of parameters to insert into the * SQL string using this connection's escaping mechanism. * * @return mixed $result The value of the first column of the * first row of the result set. False if no such result was * found. */ function getOne($sql, $params = array()) { } /** * Run an SQL query and return the first row of the result set, if * any. * * @param string $sql An SQL string with placeholders. The * placeholders are assumed to be specific to the database engine * for this connection. * * @param array $params An array of parameters to insert into the * SQL string using this connection's escaping mechanism. * * @return array $result The first row of the result set, if any, * keyed on column name. False if no such result was found. */ function getRow($sql, $params = array()) { } /** * Run an SQL query with the specified parameters, if any. * * @param string $sql An SQL string with placeholders. The * placeholders are assumed to be specific to the database engine * for this connection. * * @param array $params An array of parameters to insert into the * SQL string using this connection's escaping mechanism. * * @return array $result An array of arrays representing the * result of the query; each array is keyed on column name. */ function getAll($sql, $params = array()) { } } openid-php-openid-782224d/Auth/OpenID/DiffieHellman.php000066400000000000000000000056101136636734100225420ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ require_once 'Auth/OpenID.php'; require_once 'Auth/OpenID/BigMath.php'; function Auth_OpenID_getDefaultMod() { return '155172898181473697471232257763715539915724801'. '966915404479707795314057629378541917580651227423'. '698188993727816152646631438561595825688188889951'. '272158842675419950341258706556549803580104870537'. '681476726513255747040765857479291291572334510643'. '245094715007229621094194349783925984760375594985'. '848253359305585439638443'; } function Auth_OpenID_getDefaultGen() { return '2'; } /** * The Diffie-Hellman key exchange class. This class relies on * {@link Auth_OpenID_MathLibrary} to perform large number operations. * * @access private * @package OpenID */ class Auth_OpenID_DiffieHellman { var $mod; var $gen; var $private; var $lib = null; function Auth_OpenID_DiffieHellman($mod = null, $gen = null, $private = null, $lib = null) { if ($lib === null) { $this->lib = Auth_OpenID_getMathLib(); } else { $this->lib = $lib; } if ($mod === null) { $this->mod = $this->lib->init(Auth_OpenID_getDefaultMod()); } else { $this->mod = $mod; } if ($gen === null) { $this->gen = $this->lib->init(Auth_OpenID_getDefaultGen()); } else { $this->gen = $gen; } if ($private === null) { $r = $this->lib->rand($this->mod); $this->private = $this->lib->add($r, 1); } else { $this->private = $private; } $this->public = $this->lib->powmod($this->gen, $this->private, $this->mod); } function getSharedSecret($composite) { return $this->lib->powmod($composite, $this->private, $this->mod); } function getPublicKey() { return $this->public; } function usingDefaultValues() { return ($this->mod == Auth_OpenID_getDefaultMod() && $this->gen == Auth_OpenID_getDefaultGen()); } function xorSecret($composite, $secret, $hash_func) { $dh_shared = $this->getSharedSecret($composite); $dh_shared_str = $this->lib->longToBinary($dh_shared); $hash_dh_shared = $hash_func($dh_shared_str); $xsecret = ""; for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) { $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i])); } return $xsecret; } } openid-php-openid-782224d/Auth/OpenID/Discover.php000066400000000000000000000442031136636734100216320ustar00rootroot00000000000000claimed_id = null; $this->server_url = null; $this->type_uris = array(); $this->local_id = null; $this->canonicalID = null; $this->used_yadis = false; // whether this came from an XRDS $this->display_identifier = null; } function getDisplayIdentifier() { if ($this->display_identifier) { return $this->display_identifier; } if (! $this->claimed_id) { return $this->claimed_id; } $parsed = parse_url($this->claimed_id); $scheme = $parsed['scheme']; $host = $parsed['host']; $path = $parsed['path']; if (array_key_exists('query', $parsed)) { $query = $parsed['query']; $no_frag = "$scheme://$host$path?$query"; } else { $no_frag = "$scheme://$host$path"; } return $no_frag; } function usesExtension($extension_uri) { return in_array($extension_uri, $this->type_uris); } function preferredNamespace() { if (in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris) || in_array(Auth_OpenID_TYPE_2_0, $this->type_uris)) { return Auth_OpenID_OPENID2_NS; } else { return Auth_OpenID_OPENID1_NS; } } /* * Query this endpoint to see if it has any of the given type * URIs. This is useful for implementing other endpoint classes * that e.g. need to check for the presence of multiple versions * of a single protocol. * * @param $type_uris The URIs that you wish to check * * @return all types that are in both in type_uris and * $this->type_uris */ function matchTypes($type_uris) { $result = array(); foreach ($type_uris as $test_uri) { if ($this->supportsType($test_uri)) { $result[] = $test_uri; } } return $result; } function supportsType($type_uri) { // Does this endpoint support this type? return ((in_array($type_uri, $this->type_uris)) || (($type_uri == Auth_OpenID_TYPE_2_0) && $this->isOPIdentifier())); } function compatibilityMode() { return $this->preferredNamespace() != Auth_OpenID_OPENID2_NS; } function isOPIdentifier() { return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris); } static function fromOPEndpointURL($op_endpoint_url) { // Construct an OP-Identifier OpenIDServiceEndpoint object for // a given OP Endpoint URL $obj = new Auth_OpenID_ServiceEndpoint(); $obj->server_url = $op_endpoint_url; $obj->type_uris = array(Auth_OpenID_TYPE_2_0_IDP); return $obj; } function parseService($yadis_url, $uri, $type_uris, $service_element) { // Set the state of this object based on the contents of the // service element. Return true if successful, false if not // (if findOPLocalIdentifier returns false). $this->type_uris = $type_uris; $this->server_url = $uri; $this->used_yadis = true; if (!$this->isOPIdentifier()) { $this->claimed_id = $yadis_url; $this->local_id = Auth_OpenID_findOPLocalIdentifier( $service_element, $this->type_uris); if ($this->local_id === false) { return false; } } return true; } function getLocalID() { // Return the identifier that should be sent as the // openid.identity_url parameter to the server. if ($this->local_id === null && $this->canonicalID === null) { return $this->claimed_id; } else { if ($this->local_id) { return $this->local_id; } else { return $this->canonicalID; } } } /* * Parse the given document as XRDS looking for OpenID consumer services. * * @return array of Auth_OpenID_ServiceEndpoint or null if the * document cannot be parsed. */ function consumerFromXRDS($uri, $xrds_text) { $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text); if ($xrds) { $yadis_services = $xrds->services(array('filter_MatchesAnyOpenIDConsumerType')); return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services); } return null; } /* * Parse the given document as XRDS looking for OpenID services. * * @return array of Auth_OpenID_ServiceEndpoint or null if the * document cannot be parsed. */ static function fromXRDS($uri, $xrds_text) { $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text); if ($xrds) { $yadis_services = $xrds->services(array('filter_MatchesAnyOpenIDType')); return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services); } return null; } /* * Create endpoints from a DiscoveryResult. * * @param discoveryResult Auth_Yadis_DiscoveryResult * @return array of Auth_OpenID_ServiceEndpoint or null if * endpoints cannot be created. */ static function fromDiscoveryResult($discoveryResult) { if ($discoveryResult->isXRDS()) { return Auth_OpenID_ServiceEndpoint::fromXRDS( $discoveryResult->normalized_uri, $discoveryResult->response_text); } else { return Auth_OpenID_ServiceEndpoint::fromHTML( $discoveryResult->normalized_uri, $discoveryResult->response_text); } } static function fromHTML($uri, $html) { $discovery_types = array( array(Auth_OpenID_TYPE_2_0, 'openid2.provider', 'openid2.local_id'), array(Auth_OpenID_TYPE_1_1, 'openid.server', 'openid.delegate') ); $services = array(); foreach ($discovery_types as $triple) { list($type_uri, $server_rel, $delegate_rel) = $triple; $urls = Auth_OpenID_legacy_discover($html, $server_rel, $delegate_rel); if ($urls === false) { continue; } list($delegate_url, $server_url) = $urls; $service = new Auth_OpenID_ServiceEndpoint(); $service->claimed_id = $uri; $service->local_id = $delegate_url; $service->server_url = $server_url; $service->type_uris = array($type_uri); $services[] = $service; } return $services; } function copy() { $x = new Auth_OpenID_ServiceEndpoint(); $x->claimed_id = $this->claimed_id; $x->server_url = $this->server_url; $x->type_uris = $this->type_uris; $x->local_id = $this->local_id; $x->canonicalID = $this->canonicalID; $x->used_yadis = $this->used_yadis; return $x; } } function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) { // Extract a openid:Delegate value from a Yadis Service element. // If no delegate is found, returns null. Returns false on // discovery failure (when multiple delegate/localID tags have // different values). $service->parser->registerNamespace('openid', Auth_OpenID_XMLNS_1_0); $service->parser->registerNamespace('xrd', Auth_Yadis_XMLNS_XRD_2_0); $parser = $service->parser; $permitted_tags = array(); if (in_array(Auth_OpenID_TYPE_1_1, $type_uris) || in_array(Auth_OpenID_TYPE_1_0, $type_uris)) { $permitted_tags[] = 'openid:Delegate'; } if (in_array(Auth_OpenID_TYPE_2_0, $type_uris)) { $permitted_tags[] = 'xrd:LocalID'; } $local_id = null; foreach ($permitted_tags as $tag_name) { $tags = $service->getElements($tag_name); foreach ($tags as $tag) { $content = $parser->content($tag); if ($local_id === null) { $local_id = $content; } else if ($local_id != $content) { return false; } } } return $local_id; } function filter_MatchesAnyOpenIDType($service) { $uris = $service->getTypes(); foreach ($uris as $uri) { if (in_array($uri, Auth_OpenID_getOpenIDTypeURIs())) { return true; } } return false; } function filter_MatchesAnyOpenIDConsumerType(&$service) { $uris = $service->getTypes(); foreach ($uris as $uri) { if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) { return true; } } return false; } function Auth_OpenID_bestMatchingService($service, $preferred_types) { // Return the index of the first matching type, or something // higher if no type matches. // // This provides an ordering in which service elements that // contain a type that comes earlier in the preferred types list // come before service elements that come later. If a service // element has more than one type, the most preferred one wins. foreach ($preferred_types as $index => $typ) { if (in_array($typ, $service->type_uris)) { return $index; } } return count($preferred_types); } function Auth_OpenID_arrangeByType($service_list, $preferred_types) { // Rearrange service_list in a new list so services are ordered by // types listed in preferred_types. Return the new list. // Build a list with the service elements in tuples whose // comparison will prefer the one with the best matching service $prio_services = array(); foreach ($service_list as $index => $service) { $prio_services[] = array(Auth_OpenID_bestMatchingService($service, $preferred_types), $index, $service); } sort($prio_services); // Now that the services are sorted by priority, remove the sort // keys from the list. foreach ($prio_services as $index => $s) { $prio_services[$index] = $prio_services[$index][2]; } return $prio_services; } // Extract OP Identifier services. If none found, return the rest, // sorted with most preferred first according to // OpenIDServiceEndpoint.openid_type_uris. // // openid_services is a list of OpenIDServiceEndpoint objects. // // Returns a list of OpenIDServiceEndpoint objects.""" function Auth_OpenID_getOPOrUserServices($openid_services) { $op_services = Auth_OpenID_arrangeByType($openid_services, array(Auth_OpenID_TYPE_2_0_IDP)); $openid_services = Auth_OpenID_arrangeByType($openid_services, Auth_OpenID_getOpenIDTypeURIs()); if ($op_services) { return $op_services; } else { return $openid_services; } } function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services) { $s = array(); if (!$yadis_services) { return $s; } foreach ($yadis_services as $service) { $type_uris = $service->getTypes(); $uris = $service->getURIs(); // If any Type URIs match and there is an endpoint URI // specified, then this is an OpenID endpoint if ($type_uris && $uris) { foreach ($uris as $service_uri) { $openid_endpoint = new Auth_OpenID_ServiceEndpoint(); if ($openid_endpoint->parseService($uri, $service_uri, $type_uris, $service)) { $s[] = $openid_endpoint; } } } } return $s; } function Auth_OpenID_discoverWithYadis($uri, $fetcher, $endpoint_filter='Auth_OpenID_getOPOrUserServices', $discover_function=null) { // Discover OpenID services for a URI. Tries Yadis and falls back // on old-style discovery if Yadis fails. // Might raise a yadis.discover.DiscoveryFailure if no document // came back for that URI at all. I don't think falling back to // OpenID 1.0 discovery on the same URL will help, so don't bother // to catch it. if ($discover_function === null) { $discover_function = array('Auth_Yadis_Yadis', 'discover'); } $openid_services = array(); $response = call_user_func_array($discover_function, array($uri, $fetcher)); $yadis_url = $response->normalized_uri; $yadis_services = array(); if ($response->isFailure() && !$response->isXRDS()) { return array($uri, array()); } $openid_services = Auth_OpenID_ServiceEndpoint::fromXRDS( $yadis_url, $response->response_text); if (!$openid_services) { if ($response->isXRDS()) { return Auth_OpenID_discoverWithoutYadis($uri, $fetcher); } // Try to parse the response as HTML to get OpenID 1.0/1.1 // $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML( $yadis_url, $response->response_text); } $openid_services = call_user_func_array($endpoint_filter, array($openid_services)); return array($yadis_url, $openid_services); } function Auth_OpenID_discoverURI($uri, $fetcher) { $uri = Auth_OpenID::normalizeUrl($uri); return Auth_OpenID_discoverWithYadis($uri, $fetcher); } function Auth_OpenID_discoverWithoutYadis($uri, $fetcher) { $http_resp = @$fetcher->get($uri); if ($http_resp->status != 200 and $http_resp->status != 206) { return array($uri, array()); } $identity_url = $http_resp->final_url; // Try to parse the response as HTML to get OpenID 1.0/1.1 $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML( $identity_url, $http_resp->body); return array($identity_url, $openid_services); } function Auth_OpenID_discoverXRI($iname, $fetcher) { $resolver = new Auth_Yadis_ProxyResolver($fetcher); list($canonicalID, $yadis_services) = $resolver->query($iname, Auth_OpenID_getOpenIDTypeURIs(), array('filter_MatchesAnyOpenIDType')); $openid_services = Auth_OpenID_makeOpenIDEndpoints($iname, $yadis_services); $openid_services = Auth_OpenID_getOPOrUserServices($openid_services); for ($i = 0; $i < count($openid_services); $i++) { $openid_services[$i]->canonicalID = $canonicalID; $openid_services[$i]->claimed_id = $canonicalID; $openid_services[$i]->display_identifier = $iname; } // FIXME: returned xri should probably be in some normal form return array($iname, $openid_services); } function Auth_OpenID_discover($uri, $fetcher) { // If the fetcher (i.e., PHP) doesn't support SSL, we can't do // discovery on an HTTPS URL. if ($fetcher->isHTTPS($uri) && !$fetcher->supportsSSL()) { return array($uri, array()); } if (Auth_Yadis_identifierScheme($uri) == 'XRI') { $result = Auth_OpenID_discoverXRI($uri, $fetcher); } else { $result = Auth_OpenID_discoverURI($uri, $fetcher); } // If the fetcher doesn't support SSL, we can't interact with // HTTPS server URLs; remove those endpoints from the list. if (!$fetcher->supportsSSL()) { $http_endpoints = array(); list($new_uri, $endpoints) = $result; foreach ($endpoints as $e) { if (!$fetcher->isHTTPS($e->server_url)) { $http_endpoints[] = $e; } } $result = array($new_uri, $http_endpoints); } return $result; } openid-php-openid-782224d/Auth/OpenID/DumbStore.php000066400000000000000000000053151136636734100217610ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * Import the interface for creating a new store class. */ require_once 'Auth/OpenID/Interface.php'; require_once 'Auth/OpenID/HMAC.php'; /** * This is a store for use in the worst case, when you have no way of * saving state on the consumer site. Using this store makes the * consumer vulnerable to replay attacks, as it's unable to use * nonces. Avoid using this store if it is at all possible. * * Most of the methods of this class are implementation details. * Users of this class need to worry only about the constructor. * * @package OpenID */ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security * of the tokens generated by the library, this class attempts to * at least have a secure implementation of getAuthKey. * * When you create an instance of this class, pass in a secret * phrase. The phrase is hashed with sha1 to make it the correct * length and form for an auth key. That allows you to use a long * string as the secret phrase, which means you can make it very * difficult to guess. * * Each {@link Auth_OpenID_DumbStore} instance that is created for use by * your consumer site needs to use the same $secret_phrase. * * @param string secret_phrase The phrase used to create the auth * key returned by getAuthKey */ function Auth_OpenID_DumbStore($secret_phrase) { $this->auth_key = Auth_OpenID_SHA1($secret_phrase); } /** * This implementation does nothing. */ function storeAssociation($server_url, $association) { } /** * This implementation always returns null. */ function getAssociation($server_url, $handle = null) { return null; } /** * This implementation always returns false. */ function removeAssociation($server_url, $handle) { return false; } /** * In a system truly limited to dumb mode, nonces must all be * accepted. This therefore always returns true, which makes * replay attacks feasible. */ function useNonce($server_url, $timestamp, $salt) { return true; } /** * This method returns the auth key generated by the constructor. */ function getAuthKey() { return $this->auth_key; } } openid-php-openid-782224d/Auth/OpenID/Extension.php000066400000000000000000000025731136636734100220340ustar00rootroot00000000000000isOpenID1(); $added = $message->namespaces->addAlias($this->ns_uri, $this->ns_alias, $implicit); if ($added === null) { if ($message->namespaces->getAlias($this->ns_uri) != $this->ns_alias) { return null; } } $message->updateArgs($this->ns_uri, $this->getExtensionArgs()); return $message; } } openid-php-openid-782224d/Auth/OpenID/FileStore.php000066400000000000000000000433231136636734100217520ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * Require base class for creating a new interface. */ require_once 'Auth/OpenID.php'; require_once 'Auth/OpenID/Interface.php'; require_once 'Auth/OpenID/HMAC.php'; require_once 'Auth/OpenID/Nonce.php'; /** * This is a filesystem-based store for OpenID associations and * nonces. This store should be safe for use in concurrent systems on * both windows and unix (excluding NFS filesystems). There are a * couple race conditions in the system, but those failure cases have * been set up in such a way that the worst-case behavior is someone * having to try to log in a second time. * * Most of the methods of this class are implementation details. * People wishing to just use this store need only pay attention to * the constructor. * * @package OpenID */ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * Initializes a new {@link Auth_OpenID_FileStore}. This * initializes the nonce and association directories, which are * subdirectories of the directory passed in. * * @param string $directory This is the directory to put the store * directories in. */ function Auth_OpenID_FileStore($directory) { if (!Auth_OpenID::ensureDir($directory)) { trigger_error('Not a directory and failed to create: ' . $directory, E_USER_ERROR); } $directory = realpath($directory); $this->directory = $directory; $this->active = true; $this->nonce_dir = $directory . DIRECTORY_SEPARATOR . 'nonces'; $this->association_dir = $directory . DIRECTORY_SEPARATOR . 'associations'; // Temp dir must be on the same filesystem as the assciations // $directory. $this->temp_dir = $directory . DIRECTORY_SEPARATOR . 'temp'; $this->max_nonce_age = 6 * 60 * 60; // Six hours, in seconds if (!$this->_setup()) { trigger_error('Failed to initialize OpenID file store in ' . $directory, E_USER_ERROR); } } function destroy() { Auth_OpenID_FileStore::_rmtree($this->directory); $this->active = false; } /** * Make sure that the directories in which we store our data * exist. * * @access private */ function _setup() { return (Auth_OpenID::ensureDir($this->nonce_dir) && Auth_OpenID::ensureDir($this->association_dir) && Auth_OpenID::ensureDir($this->temp_dir)); } /** * Create a temporary file on the same filesystem as * $this->association_dir. * * The temporary directory should not be cleaned if there are any * processes using the store. If there is no active process using * the store, it is safe to remove all of the files in the * temporary directory. * * @return array ($fd, $filename) * @access private */ function _mktemp() { $name = Auth_OpenID_FileStore::_mkstemp($dir = $this->temp_dir); $file_obj = @fopen($name, 'wb'); if ($file_obj !== false) { return array($file_obj, $name); } else { Auth_OpenID_FileStore::_removeIfPresent($name); } } function cleanupNonces() { global $Auth_OpenID_SKEW; $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir); $now = time(); $removed = 0; // Check all nonces for expiry foreach ($nonces as $nonce_fname) { $base = basename($nonce_fname); $parts = explode('-', $base, 2); $timestamp = $parts[0]; $timestamp = intval($timestamp, 16); if (abs($timestamp - $now) > $Auth_OpenID_SKEW) { Auth_OpenID_FileStore::_removeIfPresent($nonce_fname); $removed += 1; } } return $removed; } /** * Create a unique filename for a given server url and * handle. This implementation does not assume anything about the * format of the handle. The filename that is returned will * contain the domain name from the server URL for ease of human * inspection of the data directory. * * @return string $filename */ function getAssociationFilename($server_url, $handle) { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } if (strpos($server_url, '://') === false) { trigger_error(sprintf("Bad server URL: %s", $server_url), E_USER_WARNING); return null; } list($proto, $rest) = explode('://', $server_url, 2); $parts = explode('/', $rest); $domain = Auth_OpenID_FileStore::_filenameEscape($parts[0]); $url_hash = Auth_OpenID_FileStore::_safe64($server_url); if ($handle) { $handle_hash = Auth_OpenID_FileStore::_safe64($handle); } else { $handle_hash = ''; } $filename = sprintf('%s-%s-%s-%s', $proto, $domain, $url_hash, $handle_hash); return $this->association_dir. DIRECTORY_SEPARATOR . $filename; } /** * Store an association in the association directory. */ function storeAssociation($server_url, $association) { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return false; } $association_s = $association->serialize(); $filename = $this->getAssociationFilename($server_url, $association->handle); list($tmp_file, $tmp) = $this->_mktemp(); if (!$tmp_file) { trigger_error("_mktemp didn't return a valid file descriptor", E_USER_WARNING); return false; } fwrite($tmp_file, $association_s); fflush($tmp_file); fclose($tmp_file); if (@rename($tmp, $filename)) { return true; } else { // In case we are running on Windows, try unlinking the // file in case it exists. @unlink($filename); // Now the target should not exist. Try renaming again, // giving up if it fails. if (@rename($tmp, $filename)) { return true; } } // If there was an error, don't leave the temporary file // around. Auth_OpenID_FileStore::_removeIfPresent($tmp); return false; } /** * Retrieve an association. If no handle is specified, return the * association with the most recent issue time. * * @return mixed $association */ function getAssociation($server_url, $handle = null) { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } if ($handle === null) { $handle = ''; } // The filename with the empty handle is a prefix of all other // associations for the given server URL. $filename = $this->getAssociationFilename($server_url, $handle); if ($handle) { return $this->_getAssociation($filename); } else { $association_files = Auth_OpenID_FileStore::_listdir($this->association_dir); $matching_files = array(); // strip off the path to do the comparison $name = basename($filename); foreach ($association_files as $association_file) { $base = basename($association_file); if (strpos($base, $name) === 0) { $matching_files[] = $association_file; } } $matching_associations = array(); // read the matching files and sort by time issued foreach ($matching_files as $full_name) { $association = $this->_getAssociation($full_name); if ($association !== null) { $matching_associations[] = array($association->issued, $association); } } $issued = array(); $assocs = array(); foreach ($matching_associations as $key => $assoc) { $issued[$key] = $assoc[0]; $assocs[$key] = $assoc[1]; } array_multisort($issued, SORT_DESC, $assocs, SORT_DESC, $matching_associations); // return the most recently issued one. if ($matching_associations) { list($issued, $assoc) = $matching_associations[0]; return $assoc; } else { return null; } } } /** * @access private */ function _getAssociation($filename) { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } $assoc_file = @fopen($filename, 'rb'); if ($assoc_file === false) { return null; } $assoc_s = fread($assoc_file, filesize($filename)); fclose($assoc_file); if (!$assoc_s) { return null; } $association = Auth_OpenID_Association::deserialize('Auth_OpenID_Association', $assoc_s); if (!$association) { Auth_OpenID_FileStore::_removeIfPresent($filename); return null; } if ($association->getExpiresIn() == 0) { Auth_OpenID_FileStore::_removeIfPresent($filename); return null; } else { return $association; } } /** * Remove an association if it exists. Do nothing if it does not. * * @return bool $success */ function removeAssociation($server_url, $handle) { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } $assoc = $this->getAssociation($server_url, $handle); if ($assoc === null) { return false; } else { $filename = $this->getAssociationFilename($server_url, $handle); return Auth_OpenID_FileStore::_removeIfPresent($filename); } } /** * Return whether this nonce is present. As a side effect, mark it * as no longer present. * * @return bool $present */ function useNonce($server_url, $timestamp, $salt) { global $Auth_OpenID_SKEW; if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) { return false; } if ($server_url) { list($proto, $rest) = explode('://', $server_url, 2); } else { $proto = ''; $rest = ''; } $parts = explode('/', $rest, 2); $domain = $this->_filenameEscape($parts[0]); $url_hash = $this->_safe64($server_url); $salt_hash = $this->_safe64($salt); $filename = sprintf('%08x-%s-%s-%s-%s', $timestamp, $proto, $domain, $url_hash, $salt_hash); $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $filename; $result = @fopen($filename, 'x'); if ($result === false) { return false; } else { fclose($result); return true; } } /** * Remove expired entries from the database. This is potentially * expensive, so only run when it is acceptable to take time. * * @access private */ function _allAssocs() { $all_associations = array(); $association_filenames = Auth_OpenID_FileStore::_listdir($this->association_dir); foreach ($association_filenames as $association_filename) { $association_file = fopen($association_filename, 'rb'); if ($association_file !== false) { $assoc_s = fread($association_file, filesize($association_filename)); fclose($association_file); // Remove expired or corrupted associations $association = Auth_OpenID_Association::deserialize( 'Auth_OpenID_Association', $assoc_s); if ($association === null) { Auth_OpenID_FileStore::_removeIfPresent( $association_filename); } else { if ($association->getExpiresIn() == 0) { $all_associations[] = array($association_filename, $association); } } } } return $all_associations; } function clean() { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir); $now = time(); // Check all nonces for expiry foreach ($nonces as $nonce) { if (!Auth_OpenID_checkTimestamp($nonce, $now)) { $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $nonce; Auth_OpenID_FileStore::_removeIfPresent($filename); } } foreach ($this->_allAssocs() as $pair) { list($assoc_filename, $assoc) = $pair; if ($assoc->getExpiresIn() == 0) { Auth_OpenID_FileStore::_removeIfPresent($assoc_filename); } } } /** * @access private */ function _rmtree($dir) { if ($dir[strlen($dir) - 1] != DIRECTORY_SEPARATOR) { $dir .= DIRECTORY_SEPARATOR; } if ($handle = opendir($dir)) { while ($item = readdir($handle)) { if (!in_array($item, array('.', '..'))) { if (is_dir($dir . $item)) { if (!Auth_OpenID_FileStore::_rmtree($dir . $item)) { return false; } } else if (is_file($dir . $item)) { if (!unlink($dir . $item)) { return false; } } } } closedir($handle); if (!@rmdir($dir)) { return false; } return true; } else { // Couldn't open directory. return false; } } /** * @access private */ function _mkstemp($dir) { foreach (range(0, 4) as $i) { $name = tempnam($dir, "php_openid_filestore_"); if ($name !== false) { return $name; } } return false; } /** * @access private */ static function _mkdtemp($dir) { foreach (range(0, 4) as $i) { $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) . "-" . strval(rand(1, time())); if (!mkdir($name, 0700)) { return false; } else { return $name; } } return false; } /** * @access private */ function _listdir($dir) { $handle = opendir($dir); $files = array(); while (false !== ($filename = readdir($handle))) { if (!in_array($filename, array('.', '..'))) { $files[] = $dir . DIRECTORY_SEPARATOR . $filename; } } return $files; } /** * @access private */ function _isFilenameSafe($char) { $_Auth_OpenID_filename_allowed = Auth_OpenID_letters . Auth_OpenID_digits . "."; return (strpos($_Auth_OpenID_filename_allowed, $char) !== false); } /** * @access private */ function _safe64($str) { $h64 = base64_encode(Auth_OpenID_SHA1($str)); $h64 = str_replace('+', '_', $h64); $h64 = str_replace('/', '.', $h64); $h64 = str_replace('=', '', $h64); return $h64; } /** * @access private */ function _filenameEscape($str) { $filename = ""; $b = Auth_OpenID::toBytes($str); for ($i = 0; $i < count($b); $i++) { $c = $b[$i]; if (Auth_OpenID_FileStore::_isFilenameSafe($c)) { $filename .= $c; } else { $filename .= sprintf("_%02X", ord($c)); } } return $filename; } /** * Attempt to remove a file, returning whether the file existed at * the time of the call. * * @access private * @return bool $result True if the file was present, false if not. */ function _removeIfPresent($filename) { return @unlink($filename); } function cleanupAssociations() { $removed = 0; foreach ($this->_allAssocs() as $pair) { list($assoc_filename, $assoc) = $pair; if ($assoc->getExpiresIn() == 0) { $this->_removeIfPresent($assoc_filename); $removed += 1; } } return $removed; } } openid-php-openid-782224d/Auth/OpenID/HMAC.php000066400000000000000000000052441136636734100205660ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ require_once 'Auth/OpenID.php'; /** * SHA1_BLOCKSIZE is this module's SHA1 blocksize used by the fallback * implementation. */ define('Auth_OpenID_SHA1_BLOCKSIZE', 64); function Auth_OpenID_SHA1($text) { if (function_exists('hash') && function_exists('hash_algos') && (in_array('sha1', hash_algos()))) { // PHP 5 case (sometimes): 'hash' available and 'sha1' algo // supported. return hash('sha1', $text, true); } else if (function_exists('sha1')) { // PHP 4 case: 'sha1' available. $hex = sha1($text); $raw = ''; for ($i = 0; $i < 40; $i += 2) { $hexcode = substr($hex, $i, 2); $charcode = (int)base_convert($hexcode, 16, 10); $raw .= chr($charcode); } return $raw; } else { // Explode. trigger_error('No SHA1 function found', E_USER_ERROR); } } /** * Compute an HMAC/SHA1 hash. * * @access private * @param string $key The HMAC key * @param string $text The message text to hash * @return string $mac The MAC */ function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { $key = Auth_OpenID_SHA1($key, true); } $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); return $hmac; } if (function_exists('hash') && function_exists('hash_algos') && (in_array('sha256', hash_algos()))) { function Auth_OpenID_SHA256($text) { // PHP 5 case: 'hash' available and 'sha256' algo supported. return hash('sha256', $text, true); } define('Auth_OpenID_SHA256_SUPPORTED', true); } else { define('Auth_OpenID_SHA256_SUPPORTED', false); } if (function_exists('hash_hmac') && function_exists('hash_algos') && (in_array('sha256', hash_algos()))) { function Auth_OpenID_HMACSHA256($key, $text) { // Return raw MAC (not hex string). return hash_hmac('sha256', $text, $key, true); } define('Auth_OpenID_HMACSHA256_SUPPORTED', true); } else { define('Auth_OpenID_HMACSHA256_SUPPORTED', false); } openid-php-openid-782224d/Auth/OpenID/Interface.php000066400000000000000000000154261136636734100217610ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * This is the interface for the store objects the OpenID library * uses. It is a single class that provides all of the persistence * mechanisms that the OpenID library needs, for both servers and * consumers. If you want to create an SQL-driven store, please see * then {@link Auth_OpenID_SQLStore} class. * * Change: Version 2.0 removed the storeNonce, getAuthKey, and isDumb * methods, and changed the behavior of the useNonce method to support * one-way nonces. * * @package OpenID * @author JanRain, Inc. */ class Auth_OpenID_OpenIDStore { /** * This method puts an Association object into storage, * retrievable by server URL and handle. * * @param string $server_url The URL of the identity server that * this association is with. Because of the way the server portion * of the library uses this interface, don't assume there are any * limitations on the character set of the input string. In * particular, expect to see unescaped non-url-safe characters in * the server_url field. * * @param Association $association The Association to store. */ function storeAssociation($server_url, $association) { trigger_error("Auth_OpenID_OpenIDStore::storeAssociation ". "not implemented", E_USER_ERROR); } /* * Remove expired nonces from the store. * * Discards any nonce from storage that is old enough that its * timestamp would not pass useNonce(). * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. * * @return the number of nonces expired */ function cleanupNonces() { trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces ". "not implemented", E_USER_ERROR); } /* * Remove expired associations from the store. * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. * * @return the number of associations expired. */ function cleanupAssociations() { trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations ". "not implemented", E_USER_ERROR); } /* * Shortcut for cleanupNonces(), cleanupAssociations(). * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. */ function cleanup() { return array($this->cleanupNonces(), $this->cleanupAssociations()); } /** * Report whether this storage supports cleanup */ function supportsCleanup() { return true; } /** * This method returns an Association object from storage that * matches the server URL and, if specified, handle. It returns * null if no such association is found or if the matching * association is expired. * * If no handle is specified, the store may return any association * which matches the server URL. If multiple associations are * valid, the recommended return value for this method is the one * most recently issued. * * This method is allowed (and encouraged) to garbage collect * expired associations when found. This method must not return * expired associations. * * @param string $server_url The URL of the identity server to get * the association for. Because of the way the server portion of * the library uses this interface, don't assume there are any * limitations on the character set of the input string. In * particular, expect to see unescaped non-url-safe characters in * the server_url field. * * @param mixed $handle This optional parameter is the handle of * the specific association to get. If no specific handle is * provided, any valid association matching the server URL is * returned. * * @return Association The Association for the given identity * server. */ function getAssociation($server_url, $handle = null) { trigger_error("Auth_OpenID_OpenIDStore::getAssociation ". "not implemented", E_USER_ERROR); } /** * This method removes the matching association if it's found, and * returns whether the association was removed or not. * * @param string $server_url The URL of the identity server the * association to remove belongs to. Because of the way the server * portion of the library uses this interface, don't assume there * are any limitations on the character set of the input * string. In particular, expect to see unescaped non-url-safe * characters in the server_url field. * * @param string $handle This is the handle of the association to * remove. If there isn't an association found that matches both * the given URL and handle, then there was no matching handle * found. * * @return mixed Returns whether or not the given association existed. */ function removeAssociation($server_url, $handle) { trigger_error("Auth_OpenID_OpenIDStore::removeAssociation ". "not implemented", E_USER_ERROR); } /** * Called when using a nonce. * * This method should return C{True} if the nonce has not been * used before, and store it for a while to make sure nobody * tries to use the same value again. If the nonce has already * been used, return C{False}. * * Change: In earlier versions, round-trip nonces were used and a * nonce was only valid if it had been previously stored with * storeNonce. Version 2.0 uses one-way nonces, requiring a * different implementation here that does not depend on a * storeNonce call. (storeNonce is no longer part of the * interface. * * @param string $nonce The nonce to use. * * @return bool Whether or not the nonce was valid. */ function useNonce($server_url, $timestamp, $salt) { trigger_error("Auth_OpenID_OpenIDStore::useNonce ". "not implemented", E_USER_ERROR); } /** * Removes all entries from the store; implementation is optional. */ function reset() { } } openid-php-openid-782224d/Auth/OpenID/KVForm.php000066400000000000000000000047351136636734100212260ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * Container for key-value/comma-newline OpenID format and parsing */ class Auth_OpenID_KVForm { /** * Convert an OpenID colon/newline separated string into an * associative array * * @static * @access private */ static function toArray($kvs, $strict=false) { $lines = explode("\n", $kvs); $last = array_pop($lines); if ($last !== '') { array_push($lines, $last); if ($strict) { return false; } } $values = array(); for ($lineno = 0; $lineno < count($lines); $lineno++) { $line = $lines[$lineno]; $kv = explode(':', $line, 2); if (count($kv) != 2) { if ($strict) { return false; } continue; } $key = $kv[0]; $tkey = trim($key); if ($tkey != $key) { if ($strict) { return false; } } $value = $kv[1]; $tval = trim($value); if ($tval != $value) { if ($strict) { return false; } } $values[$tkey] = $tval; } return $values; } /** * Convert an array into an OpenID colon/newline separated string * * @static * @access private */ static function fromArray($values) { if ($values === null) { return null; } ksort($values); $serialized = ''; foreach ($values as $key => $value) { if (is_array($value)) { list($key, $value) = array($value[0], $value[1]); } if (strpos($key, ':') !== false) { return null; } if (strpos($key, "\n") !== false) { return null; } if (strpos($value, "\n") !== false) { return null; } $serialized .= "$key:$value\n"; } return $serialized; } } openid-php-openid-782224d/Auth/OpenID/MDB2Store.php000066400000000000000000000335571136636734100215670ustar00rootroot00000000000000 * @copyright 2005 Janrain, Inc. * @license http://www.gnu.org/copyleft/lesser.html LGPL */ require_once 'MDB2.php'; /** * @access private */ require_once 'Auth/OpenID/Interface.php'; /** * @access private */ require_once 'Auth/OpenID.php'; /** * @access private */ require_once 'Auth/OpenID/Nonce.php'; /** * This store uses a PEAR::MDB2 connection to store persistence * information. * * The table names used are determined by the class variables * associations_table_name and nonces_table_name. To change the name * of the tables used, pass new table names into the constructor. * * To create the tables with the proper schema, see the createTables * method. * * @package OpenID */ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { /** * This creates a new MDB2Store instance. It requires an * established database connection be given to it, and it allows * overriding the default table names. * * @param connection $connection This must be an established * connection to a database of the correct type for the SQLStore * subclass you're using. This must be a PEAR::MDB2 connection * handle. * * @param associations_table: This is an optional parameter to * specify the name of the table used for storing associations. * The default value is 'oid_associations'. * * @param nonces_table: This is an optional parameter to specify * the name of the table used for storing nonces. The default * value is 'oid_nonces'. */ function Auth_OpenID_MDB2Store($connection, $associations_table = null, $nonces_table = null) { $this->associations_table_name = "oid_associations"; $this->nonces_table_name = "oid_nonces"; // Check the connection object type to be sure it's a PEAR // database connection. if (!is_object($connection) || !is_subclass_of($connection, 'mdb2_driver_common')) { trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " . "object (got ".get_class($connection).")", E_USER_ERROR); return; } $this->connection = $connection; // Be sure to set the fetch mode so the results are keyed on // column name instead of column index. $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC); if (PEAR::isError($this->connection->loadModule('Extended'))) { trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR); return; } if ($associations_table) { $this->associations_table_name = $associations_table; } if ($nonces_table) { $this->nonces_table_name = $nonces_table; } $this->max_nonce_age = 6 * 60 * 60; } function tableExists($table_name) { return !PEAR::isError($this->connection->query( sprintf("SELECT * FROM %s LIMIT 0", $table_name))); } function createTables() { $n = $this->create_nonce_table(); $a = $this->create_assoc_table(); if (!$n || !$a) { return false; } return true; } function create_nonce_table() { if (!$this->tableExists($this->nonces_table_name)) { switch ($this->connection->phptype) { case "mysql": case "mysqli": // Custom SQL for MySQL to use InnoDB and variable- // length keys $r = $this->connection->exec( sprintf("CREATE TABLE %s (\n". " server_url VARCHAR(2047) NOT NULL DEFAULT '',\n". " timestamp INTEGER NOT NULL,\n". " salt CHAR(40) NOT NULL,\n". " UNIQUE (server_url(255), timestamp, salt)\n". ") TYPE=InnoDB", $this->nonces_table_name)); if (PEAR::isError($r)) { return false; } break; default: if (PEAR::isError( $this->connection->loadModule('Manager'))) { return false; } $fields = array( "server_url" => array( "type" => "text", "length" => 2047, "notnull" => true ), "timestamp" => array( "type" => "integer", "notnull" => true ), "salt" => array( "type" => "text", "length" => 40, "fixed" => true, "notnull" => true ) ); $constraint = array( "unique" => 1, "fields" => array( "server_url" => true, "timestamp" => true, "salt" => true ) ); $r = $this->connection->createTable($this->nonces_table_name, $fields); if (PEAR::isError($r)) { return false; } $r = $this->connection->createConstraint( $this->nonces_table_name, $this->nonces_table_name . "_constraint", $constraint); if (PEAR::isError($r)) { return false; } break; } } return true; } function create_assoc_table() { if (!$this->tableExists($this->associations_table_name)) { switch ($this->connection->phptype) { case "mysql": case "mysqli": // Custom SQL for MySQL to use InnoDB and variable- // length keys $r = $this->connection->exec( sprintf("CREATE TABLE %s(\n". " server_url VARCHAR(2047) NOT NULL DEFAULT '',\n". " handle VARCHAR(255) NOT NULL,\n". " secret BLOB NOT NULL,\n". " issued INTEGER NOT NULL,\n". " lifetime INTEGER NOT NULL,\n". " assoc_type VARCHAR(64) NOT NULL,\n". " PRIMARY KEY (server_url(255), handle)\n". ") TYPE=InnoDB", $this->associations_table_name)); if (PEAR::isError($r)) { return false; } break; default: if (PEAR::isError( $this->connection->loadModule('Manager'))) { return false; } $fields = array( "server_url" => array( "type" => "text", "length" => 2047, "notnull" => true ), "handle" => array( "type" => "text", "length" => 255, "notnull" => true ), "secret" => array( "type" => "blob", "length" => "255", "notnull" => true ), "issued" => array( "type" => "integer", "notnull" => true ), "lifetime" => array( "type" => "integer", "notnull" => true ), "assoc_type" => array( "type" => "text", "length" => 64, "notnull" => true ) ); $options = array( "primary" => array( "server_url" => true, "handle" => true ) ); $r = $this->connection->createTable( $this->associations_table_name, $fields, $options); if (PEAR::isError($r)) { return false; } break; } } return true; } function storeAssociation($server_url, $association) { $fields = array( "server_url" => array( "value" => $server_url, "key" => true ), "handle" => array( "value" => $association->handle, "key" => true ), "secret" => array( "value" => $association->secret, "type" => "blob" ), "issued" => array( "value" => $association->issued ), "lifetime" => array( "value" => $association->lifetime ), "assoc_type" => array( "value" => $association->assoc_type ) ); return !PEAR::isError($this->connection->replace( $this->associations_table_name, $fields)); } function cleanupNonces() { global $Auth_OpenID_SKEW; $v = time() - $Auth_OpenID_SKEW; return $this->connection->exec( sprintf("DELETE FROM %s WHERE timestamp < %d", $this->nonces_table_name, $v)); } function cleanupAssociations() { return $this->connection->exec( sprintf("DELETE FROM %s WHERE issued + lifetime < %d", $this->associations_table_name, time())); } function getAssociation($server_url, $handle = null) { $sql = ""; $params = null; $types = array( "text", "blob", "integer", "integer", "text" ); if ($handle !== null) { $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " . "FROM %s WHERE server_url = ? AND handle = ?", $this->associations_table_name); $params = array($server_url, $handle); } else { $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " . "FROM %s WHERE server_url = ? ORDER BY issued DESC", $this->associations_table_name); $params = array($server_url); } $assoc = $this->connection->getRow($sql, $types, $params); if (!$assoc || PEAR::isError($assoc)) { return null; } else { $association = new Auth_OpenID_Association($assoc['handle'], stream_get_contents( $assoc['secret']), $assoc['issued'], $assoc['lifetime'], $assoc['assoc_type']); fclose($assoc['secret']); return $association; } } function removeAssociation($server_url, $handle) { $r = $this->connection->execParam( sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?", $this->associations_table_name), array($server_url, $handle)); if (PEAR::isError($r) || $r == 0) { return false; } return true; } function useNonce($server_url, $timestamp, $salt) { global $Auth_OpenID_SKEW; if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) { return false; } $fields = array( "timestamp" => $timestamp, "salt" => $salt ); if (!empty($server_url)) { $fields["server_url"] = $server_url; } $r = $this->connection->autoExecute( $this->nonces_table_name, $fields, MDB2_AUTOQUERY_INSERT); if (PEAR::isError($r)) { return false; } return true; } /** * Resets the store by removing all records from the store's * tables. */ function reset() { $this->connection->query(sprintf("DELETE FROM %s", $this->associations_table_name)); $this->connection->query(sprintf("DELETE FROM %s", $this->nonces_table_name)); } } ?> openid-php-openid-782224d/Auth/OpenID/MemcachedStore.php000066400000000000000000000146071136636734100227440ustar00rootroot00000000000000 * @copyright 2008 JanRain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache * Contributed by Open Web Technologies */ /** * Import the interface for creating a new store class. */ require_once 'Auth/OpenID/Interface.php'; /** * This is a memcached-based store for OpenID associations and * nonces. * * As memcache has limit of 250 chars for key length, * server_url, handle and salt are hashed with sha1(). * * Most of the methods of this class are implementation details. * People wishing to just use this store need only pay attention to * the constructor. * * @package OpenID */ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { /** * Initializes a new {@link Auth_OpenID_MemcachedStore} instance. * Just saves memcached object as property. * * @param resource connection Memcache connection resourse */ function Auth_OpenID_MemcachedStore($connection, $compress = false) { $this->connection = $connection; $this->compress = $compress ? MEMCACHE_COMPRESSED : 0; } /** * Store association until its expiration time in memcached. * Overwrites any existing association with same server_url and * handle. Handles list of associations for every server. */ function storeAssociation($server_url, $association) { // create memcached keys for association itself // and list of associations for this server $associationKey = $this->associationKey($server_url, $association->handle); $serverKey = $this->associationServerKey($server_url); // get list of associations $serverAssociations = $this->connection->get($serverKey); // if no such list, initialize it with empty array if (!$serverAssociations) { $serverAssociations = array(); } // and store given association key in it $serverAssociations[$association->issued] = $associationKey; // save associations' keys list $this->connection->set( $serverKey, $serverAssociations, $this->compress ); // save association itself $this->connection->set( $associationKey, $association, $this->compress, $association->issued + $association->lifetime); } /** * Read association from memcached. If no handle given * and multiple associations found, returns latest issued */ function getAssociation($server_url, $handle = null) { // simple case: handle given if ($handle !== null) { // get association, return null if failed $association = $this->connection->get( $this->associationKey($server_url, $handle)); return $association ? $association : null; } // no handle given, working with list // create key for list of associations $serverKey = $this->associationServerKey($server_url); // get list of associations $serverAssociations = $this->connection->get($serverKey); // return null if failed or got empty list if (!$serverAssociations) { return null; } // get key of most recently issued association $keys = array_keys($serverAssociations); sort($keys); $lastKey = $serverAssociations[array_pop($keys)]; // get association, return null if failed $association = $this->connection->get($lastKey); return $association ? $association : null; } /** * Immediately delete association from memcache. */ function removeAssociation($server_url, $handle) { // create memcached keys for association itself // and list of associations for this server $serverKey = $this->associationServerKey($server_url); $associationKey = $this->associationKey($server_url, $handle); // get list of associations $serverAssociations = $this->connection->get($serverKey); // return null if failed or got empty list if (!$serverAssociations) { return false; } // ensure that given association key exists in list $serverAssociations = array_flip($serverAssociations); if (!array_key_exists($associationKey, $serverAssociations)) { return false; } // remove given association key from list unset($serverAssociations[$associationKey]); $serverAssociations = array_flip($serverAssociations); // save updated list $this->connection->set( $serverKey, $serverAssociations, $this->compress ); // delete association return $this->connection->delete($associationKey); } /** * Create nonce for server and salt, expiring after * $Auth_OpenID_SKEW seconds. */ function useNonce($server_url, $timestamp, $salt) { global $Auth_OpenID_SKEW; // save one request to memcache when nonce obviously expired if (abs($timestamp - time()) > $Auth_OpenID_SKEW) { return false; } // returns false when nonce already exists // otherwise adds nonce return $this->connection->add( 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), 1, // any value here $this->compress, $Auth_OpenID_SKEW); } /** * Memcache key is prefixed with 'openid_association_' string. */ function associationKey($server_url, $handle = null) { return 'openid_association_' . sha1($server_url) . '_' . sha1($handle); } /** * Memcache key is prefixed with 'openid_association_' string. */ function associationServerKey($server_url) { return 'openid_association_server_' . sha1($server_url); } /** * Report that this storage doesn't support cleanup */ function supportsCleanup() { return false; } } openid-php-openid-782224d/Auth/OpenID/Message.php000066400000000000000000000636031136636734100214450ustar00rootroot00000000000000keys = array(); $this->values = array(); if (is_array($classic_array)) { foreach ($classic_array as $key => $value) { $this->set($key, $value); } } } /** * Returns true if $thing is an Auth_OpenID_Mapping object; false * if not. */ static function isA($thing) { return (is_object($thing) && strtolower(get_class($thing)) == 'auth_openid_mapping'); } /** * Returns an array of the keys in the mapping. */ function keys() { return $this->keys; } /** * Returns an array of values in the mapping. */ function values() { return $this->values; } /** * Returns an array of (key, value) pairs in the mapping. */ function items() { $temp = array(); for ($i = 0; $i < count($this->keys); $i++) { $temp[] = array($this->keys[$i], $this->values[$i]); } return $temp; } /** * Returns the "length" of the mapping, or the number of keys. */ function len() { return count($this->keys); } /** * Sets a key-value pair in the mapping. If the key already * exists, its value is replaced with the new value. */ function set($key, $value) { $index = array_search($key, $this->keys); if ($index !== false) { $this->values[$index] = $value; } else { $this->keys[] = $key; $this->values[] = $value; } } /** * Gets a specified value from the mapping, associated with the * specified key. If the key does not exist in the mapping, * $default is returned instead. */ function get($key, $default = null) { $index = array_search($key, $this->keys); if ($index !== false) { return $this->values[$index]; } else { return $default; } } /** * @access private */ function _reflow() { // PHP is broken yet again. Sort the arrays to remove the // hole in the numeric indexes that make up the array. $old_keys = $this->keys; $old_values = $this->values; $this->keys = array(); $this->values = array(); foreach ($old_keys as $k) { $this->keys[] = $k; } foreach ($old_values as $v) { $this->values[] = $v; } } /** * Deletes a key-value pair from the mapping with the specified * key. */ function del($key) { $index = array_search($key, $this->keys); if ($index !== false) { unset($this->keys[$index]); unset($this->values[$index]); $this->_reflow(); return true; } return false; } /** * Returns true if the specified value has a key in the mapping; * false if not. */ function contains($value) { return (array_search($value, $this->keys) !== false); } } /** * Maintains a bijective map between namespace uris and aliases. * * @package OpenID */ class Auth_OpenID_NamespaceMap { function Auth_OpenID_NamespaceMap() { $this->alias_to_namespace = new Auth_OpenID_Mapping(); $this->namespace_to_alias = new Auth_OpenID_Mapping(); $this->implicit_namespaces = array(); } function getAlias($namespace_uri) { return $this->namespace_to_alias->get($namespace_uri); } function getNamespaceURI($alias) { return $this->alias_to_namespace->get($alias); } function iterNamespaceURIs() { // Return an iterator over the namespace URIs return $this->namespace_to_alias->keys(); } function iterAliases() { // Return an iterator over the aliases""" return $this->alias_to_namespace->keys(); } function iteritems() { return $this->namespace_to_alias->items(); } function isImplicit($namespace_uri) { return in_array($namespace_uri, $this->implicit_namespaces); } function addAlias($namespace_uri, $desired_alias, $implicit=false) { // Add an alias from this namespace URI to the desired alias global $Auth_OpenID_OPENID_PROTOCOL_FIELDS; // Check that desired_alias is not an openid protocol field as // per the spec. if (in_array($desired_alias, $Auth_OpenID_OPENID_PROTOCOL_FIELDS)) { Auth_OpenID::log("\"%s\" is not an allowed namespace alias", $desired_alias); return null; } // Check that desired_alias does not contain a period as per // the spec. if (strpos($desired_alias, '.') !== false) { Auth_OpenID::log('"%s" must not contain a dot', $desired_alias); return null; } // Check that there is not a namespace already defined for the // desired alias $current_namespace_uri = $this->alias_to_namespace->get($desired_alias); if (($current_namespace_uri !== null) && ($current_namespace_uri != $namespace_uri)) { Auth_OpenID::log('Cannot map "%s" because previous mapping exists', $namespace_uri); return null; } // Check that there is not already a (different) alias for // this namespace URI $alias = $this->namespace_to_alias->get($namespace_uri); if (($alias !== null) && ($alias != $desired_alias)) { Auth_OpenID::log('Cannot map %s to alias %s. ' . 'It is already mapped to alias %s', $namespace_uri, $desired_alias, $alias); return null; } assert((Auth_OpenID_NULL_NAMESPACE === $desired_alias) || is_string($desired_alias)); $this->alias_to_namespace->set($desired_alias, $namespace_uri); $this->namespace_to_alias->set($namespace_uri, $desired_alias); if ($implicit) { array_push($this->implicit_namespaces, $namespace_uri); } return $desired_alias; } function add($namespace_uri) { // Add this namespace URI to the mapping, without caring what // alias it ends up with // See if this namespace is already mapped to an alias $alias = $this->namespace_to_alias->get($namespace_uri); if ($alias !== null) { return $alias; } // Fall back to generating a numerical alias $i = 0; while (1) { $alias = 'ext' . strval($i); if ($this->addAlias($namespace_uri, $alias) === null) { $i += 1; } else { return $alias; } } // Should NEVER be reached! return null; } function contains($namespace_uri) { return $this->isDefined($namespace_uri); } function isDefined($namespace_uri) { return $this->namespace_to_alias->contains($namespace_uri); } } /** * In the implementation of this object, null represents the global * namespace as well as a namespace with no key. * * @package OpenID */ class Auth_OpenID_Message { function Auth_OpenID_Message($openid_namespace = null) { // Create an empty Message $this->allowed_openid_namespaces = array( Auth_OpenID_OPENID1_NS, Auth_OpenID_THE_OTHER_OPENID1_NS, Auth_OpenID_OPENID2_NS); $this->args = new Auth_OpenID_Mapping(); $this->namespaces = new Auth_OpenID_NamespaceMap(); if ($openid_namespace === null) { $this->_openid_ns_uri = null; } else { $implicit = Auth_OpenID_isOpenID1($openid_namespace); $this->setOpenIDNamespace($openid_namespace, $implicit); } } function isOpenID1() { return Auth_OpenID_isOpenID1($this->getOpenIDNamespace()); } function isOpenID2() { return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS; } static function fromPostArgs($args) { // Construct a Message containing a set of POST arguments $obj = new Auth_OpenID_Message(); // Partition into "openid." args and bare args $openid_args = array(); foreach ($args as $key => $value) { if (is_array($value)) { return null; } $parts = explode('.', $key, 2); if (count($parts) == 2) { list($prefix, $rest) = $parts; } else { $prefix = null; } if ($prefix != 'openid') { $obj->args->set(array(Auth_OpenID_BARE_NS, $key), $value); } else { $openid_args[$rest] = $value; } } if ($obj->_fromOpenIDArgs($openid_args)) { return $obj; } else { return null; } } static function fromOpenIDArgs($openid_args) { // Takes an array. // Construct a Message from a parsed KVForm message $obj = new Auth_OpenID_Message(); if ($obj->_fromOpenIDArgs($openid_args)) { return $obj; } else { return null; } } /** * @access private */ function _fromOpenIDArgs($openid_args) { global $Auth_OpenID_registered_aliases; // Takes an Auth_OpenID_Mapping instance OR an array. if (!Auth_OpenID_Mapping::isA($openid_args)) { $openid_args = new Auth_OpenID_Mapping($openid_args); } $ns_args = array(); // Resolve namespaces foreach ($openid_args->items() as $pair) { list($rest, $value) = $pair; $parts = explode('.', $rest, 2); if (count($parts) == 2) { list($ns_alias, $ns_key) = $parts; } else { $ns_alias = Auth_OpenID_NULL_NAMESPACE; $ns_key = $rest; } if ($ns_alias == 'ns') { if ($this->namespaces->addAlias($value, $ns_key) === null) { return false; } } else if (($ns_alias == Auth_OpenID_NULL_NAMESPACE) && ($ns_key == 'ns')) { // null namespace if ($this->setOpenIDNamespace($value, false) === false) { return false; } } else { $ns_args[] = array($ns_alias, $ns_key, $value); } } if (!$this->getOpenIDNamespace()) { if ($this->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, true) === false) { return false; } } // Actually put the pairs into the appropriate namespaces foreach ($ns_args as $triple) { list($ns_alias, $ns_key, $value) = $triple; $ns_uri = $this->namespaces->getNamespaceURI($ns_alias); if ($ns_uri === null) { $ns_uri = $this->_getDefaultNamespace($ns_alias); if ($ns_uri === null) { $ns_uri = Auth_OpenID_OPENID_NS; $ns_key = sprintf('%s.%s', $ns_alias, $ns_key); } else { $this->namespaces->addAlias($ns_uri, $ns_alias, true); } } $this->setArg($ns_uri, $ns_key, $value); } return true; } function _getDefaultNamespace($mystery_alias) { global $Auth_OpenID_registered_aliases; if ($this->isOpenID1()) { return @$Auth_OpenID_registered_aliases[$mystery_alias]; } return null; } function setOpenIDNamespace($openid_ns_uri, $implicit) { if (!in_array($openid_ns_uri, $this->allowed_openid_namespaces)) { Auth_OpenID::log('Invalid null namespace: "%s"', $openid_ns_uri); return false; } $succeeded = $this->namespaces->addAlias($openid_ns_uri, Auth_OpenID_NULL_NAMESPACE, $implicit); if ($succeeded === false) { return false; } $this->_openid_ns_uri = $openid_ns_uri; return true; } function getOpenIDNamespace() { return $this->_openid_ns_uri; } static function fromKVForm($kvform_string) { // Create a Message from a KVForm string return Auth_OpenID_Message::fromOpenIDArgs( Auth_OpenID_KVForm::toArray($kvform_string)); } function copy() { return $this; } function toPostArgs() { // Return all arguments with openid. in front of namespaced // arguments. $args = array(); // Add namespace definitions to the output foreach ($this->namespaces->iteritems() as $pair) { list($ns_uri, $alias) = $pair; if ($this->namespaces->isImplicit($ns_uri)) { continue; } if ($alias == Auth_OpenID_NULL_NAMESPACE) { $ns_key = 'openid.ns'; } else { $ns_key = 'openid.ns.' . $alias; } $args[$ns_key] = $ns_uri; } foreach ($this->args->items() as $pair) { list($ns_parts, $value) = $pair; list($ns_uri, $ns_key) = $ns_parts; $key = $this->getKey($ns_uri, $ns_key); $args[$key] = $value; } return $args; } function toArgs() { // Return all namespaced arguments, failing if any // non-namespaced arguments exist. $post_args = $this->toPostArgs(); $kvargs = array(); foreach ($post_args as $k => $v) { if (strpos($k, 'openid.') !== 0) { // raise ValueError( // 'This message can only be encoded as a POST, because it ' // 'contains arguments that are not prefixed with "openid."') return null; } else { $kvargs[substr($k, 7)] = $v; } } return $kvargs; } function toFormMarkup($action_url, $form_tag_attrs = null, $submit_text = "Continue") { $form = "
$attr) { $form .= sprintf(" %s=\"%s\"", $name, $attr); } } $form .= ">\n"; foreach ($this->toPostArgs() as $name => $value) { $form .= sprintf( "\n", $name, $value); } $form .= sprintf("\n", $submit_text); $form .= "
\n"; return $form; } function toURL($base_url) { // Generate a GET URL with the parameters in this message // attached as query parameters. return Auth_OpenID::appendArgs($base_url, $this->toPostArgs()); } function toKVForm() { // Generate a KVForm string that contains the parameters in // this message. This will fail if the message contains // arguments outside of the 'openid.' prefix. return Auth_OpenID_KVForm::fromArray($this->toArgs()); } function toURLEncoded() { // Generate an x-www-urlencoded string $args = array(); foreach ($this->toPostArgs() as $k => $v) { $args[] = array($k, $v); } sort($args); return Auth_OpenID::httpBuildQuery($args); } /** * @access private */ function _fixNS($namespace) { // Convert an input value into the internally used values of // this object if ($namespace == Auth_OpenID_OPENID_NS) { if ($this->_openid_ns_uri === null) { return new Auth_OpenID_FailureResponse(null, 'OpenID namespace not set'); } else { $namespace = $this->_openid_ns_uri; } } if (($namespace != Auth_OpenID_BARE_NS) && (!is_string($namespace))) { //TypeError $err_msg = sprintf("Namespace must be Auth_OpenID_BARE_NS, ". "Auth_OpenID_OPENID_NS or a string. got %s", print_r($namespace, true)); return new Auth_OpenID_FailureResponse(null, $err_msg); } if (($namespace != Auth_OpenID_BARE_NS) && (strpos($namespace, ':') === false)) { // fmt = 'OpenID 2.0 namespace identifiers SHOULD be URIs. Got %r' // warnings.warn(fmt % (namespace,), DeprecationWarning) if ($namespace == 'sreg') { // fmt = 'Using %r instead of "sreg" as namespace' // warnings.warn(fmt % (SREG_URI,), DeprecationWarning,) return Auth_OpenID_SREG_URI; } } return $namespace; } function hasKey($namespace, $ns_key) { $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { // XXX log me return false; } else { return $this->args->contains(array($namespace, $ns_key)); } } function getKey($namespace, $ns_key) { // Get the key for a particular namespaced argument $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { return $namespace; } if ($namespace == Auth_OpenID_BARE_NS) { return $ns_key; } $ns_alias = $this->namespaces->getAlias($namespace); // No alias is defined, so no key can exist if ($ns_alias === null) { return null; } if ($ns_alias == Auth_OpenID_NULL_NAMESPACE) { $tail = $ns_key; } else { $tail = sprintf('%s.%s', $ns_alias, $ns_key); } return 'openid.' . $tail; } function getArg($namespace, $key, $default = null) { // Get a value for a namespaced key. $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { return $namespace; } else { if ((!$this->args->contains(array($namespace, $key))) && ($default == Auth_OpenID_NO_DEFAULT)) { $err_msg = sprintf("Namespace %s missing required field %s", $namespace, $key); return new Auth_OpenID_FailureResponse(null, $err_msg); } else { return $this->args->get(array($namespace, $key), $default); } } } function getArgs($namespace) { // Get the arguments that are defined for this namespace URI $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { return $namespace; } else { $stuff = array(); foreach ($this->args->items() as $pair) { list($key, $value) = $pair; list($pair_ns, $ns_key) = $key; if ($pair_ns == $namespace) { $stuff[$ns_key] = $value; } } return $stuff; } } function updateArgs($namespace, $updates) { // Set multiple key/value pairs in one call $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { return $namespace; } else { foreach ($updates as $k => $v) { $this->setArg($namespace, $k, $v); } return true; } } function setArg($namespace, $key, $value) { // Set a single argument in this namespace $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { return $namespace; } else { $this->args->set(array($namespace, $key), $value); if ($namespace !== Auth_OpenID_BARE_NS) { $this->namespaces->add($namespace); } return true; } } function delArg($namespace, $key) { $namespace = $this->_fixNS($namespace); if (Auth_OpenID::isFailure($namespace)) { return $namespace; } else { return $this->args->del(array($namespace, $key)); } } function getAliasedArg($aliased_key, $default = null) { if ($aliased_key == 'ns') { // Return the namespace URI for the OpenID namespace return $this->getOpenIDNamespace(); } $parts = explode('.', $aliased_key, 2); if (count($parts) != 2) { $ns = null; } else { list($alias, $key) = $parts; if ($alias == 'ns') { // Return the namespace URI for a namespace alias // parameter. return $this->namespaces->getNamespaceURI($key); } else { $ns = $this->namespaces->getNamespaceURI($alias); } } if ($ns === null) { $key = $aliased_key; $ns = $this->getOpenIDNamespace(); } return $this->getArg($ns, $key, $default); } } openid-php-openid-782224d/Auth/OpenID/MySQLStore.php000066400000000000000000000040571136636734100220410ustar00rootroot00000000000000sql['nonce_table'] = "CREATE TABLE %s (\n". " server_url VARCHAR(2047) NOT NULL,\n". " timestamp INTEGER NOT NULL,\n". " salt CHAR(40) NOT NULL,\n". " UNIQUE (server_url(255), timestamp, salt)\n". ") ENGINE=InnoDB"; $this->sql['assoc_table'] = "CREATE TABLE %s (\n". " server_url BLOB NOT NULL,\n". " handle VARCHAR(255) NOT NULL,\n". " secret BLOB NOT NULL,\n". " issued INTEGER NOT NULL,\n". " lifetime INTEGER NOT NULL,\n". " assoc_type VARCHAR(64) NOT NULL,\n". " PRIMARY KEY (server_url(255), handle)\n". ") ENGINE=InnoDB"; $this->sql['set_assoc'] = "REPLACE INTO %s (server_url, handle, secret, issued,\n". " lifetime, assoc_type) VALUES (?, ?, !, ?, ?, ?)"; $this->sql['get_assocs'] = "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ". "WHERE server_url = ?"; $this->sql['get_assoc'] = "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ". "WHERE server_url = ? AND handle = ?"; $this->sql['remove_assoc'] = "DELETE FROM %s WHERE server_url = ? AND handle = ?"; $this->sql['add_nonce'] = "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)"; $this->sql['clean_nonce'] = "DELETE FROM %s WHERE timestamp < ?"; $this->sql['clean_assoc'] = "DELETE FROM %s WHERE issued + lifetime < ?"; } /** * @access private */ function blobEncode($blob) { return "0x" . bin2hex($blob); } } openid-php-openid-782224d/Auth/OpenID/Nonce.php000066400000000000000000000054751136636734100211260ustar00rootroot00000000000000preferred_auth_policies = $preferred_auth_policies; $this->max_auth_age = $max_auth_age; } /** * Add an acceptable authentication policy URI to this request * * This method is intended to be used by the relying party to add * acceptable authentication types to the request. * * policy_uri: The identifier for the preferred type of * authentication. */ function addPolicyURI($policy_uri) { if (!in_array($policy_uri, $this->preferred_auth_policies)) { $this->preferred_auth_policies[] = $policy_uri; } } function getExtensionArgs() { $ns_args = array( 'preferred_auth_policies' => implode(' ', $this->preferred_auth_policies) ); if ($this->max_auth_age !== null) { $ns_args['max_auth_age'] = strval($this->max_auth_age); } return $ns_args; } /** * Instantiate a Request object from the arguments in a checkid_* * OpenID message */ static function fromOpenIDRequest($request) { $obj = new Auth_OpenID_PAPE_Request(); $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI); if ($args === null || $args === array()) { return null; } $obj->parseExtensionArgs($args); return $obj; } /** * Set the state of this request to be that expressed in these * PAPE arguments * * @param args: The PAPE arguments without a namespace */ function parseExtensionArgs($args) { // preferred_auth_policies is a space-separated list of policy // URIs $this->preferred_auth_policies = array(); $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies'); if ($policies_str) { foreach (explode(' ', $policies_str) as $uri) { if (!in_array($uri, $this->preferred_auth_policies)) { $this->preferred_auth_policies[] = $uri; } } } // max_auth_age is base-10 integer number of seconds $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age'); if ($max_auth_age_str) { $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str); } else { $this->max_auth_age = null; } } /** * Given a list of authentication policy URIs that a provider * supports, this method returns the subsequence of those types * that are preferred by the relying party. * * @param supported_types: A sequence of authentication policy * type URIs that are supported by a provider * * @return array The sub-sequence of the supported types that are * preferred by the relying party. This list will be ordered in * the order that the types appear in the supported_types * sequence, and may be empty if the provider does not prefer any * of the supported authentication types. */ function preferredTypes($supported_types) { $result = array(); foreach ($supported_types as $st) { if (in_array($st, $this->preferred_auth_policies)) { $result[] = $st; } } return $result; } } /** * A Provider Authentication Policy response, sent from a provider to * a relying party */ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { var $ns_alias = 'pape'; var $ns_uri = Auth_OpenID_PAPE_NS_URI; function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null, $nist_auth_level=null) { if ($auth_policies) { $this->auth_policies = $auth_policies; } else { $this->auth_policies = array(); } $this->auth_time = $auth_time; $this->nist_auth_level = $nist_auth_level; } /** * Add a authentication policy to this response * * This method is intended to be used by the provider to add a * policy that the provider conformed to when authenticating the * user. * * @param policy_uri: The identifier for the preferred type of * authentication. */ function addPolicyURI($policy_uri) { if (!in_array($policy_uri, $this->auth_policies)) { $this->auth_policies[] = $policy_uri; } } /** * Create an Auth_OpenID_PAPE_Response object from a successful * OpenID library response. * * @param success_response $success_response A SuccessResponse * from Auth_OpenID_Consumer::complete() * * @returns: A provider authentication policy response from the * data that was supplied with the id_res response. */ static function fromSuccessResponse($success_response) { $obj = new Auth_OpenID_PAPE_Response(); // PAPE requires that the args be signed. $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI); if ($args === null || $args === array()) { return null; } $result = $obj->parseExtensionArgs($args); if ($result === false) { return null; } else { return $obj; } } /** * Parse the provider authentication policy arguments into the * internal state of this object * * @param args: unqualified provider authentication policy * arguments * * @param strict: Whether to return false when bad data is * encountered * * @return null The data is parsed into the internal fields of * this object. */ function parseExtensionArgs($args, $strict=false) { $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies'); if ($policies_str && $policies_str != "none") { $this->auth_policies = explode(" ", $policies_str); } $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level'); if ($nist_level_str !== null) { $nist_level = Auth_OpenID::intval($nist_level_str); if ($nist_level === false) { if ($strict) { return false; } else { $nist_level = null; } } if (0 <= $nist_level && $nist_level < 5) { $this->nist_auth_level = $nist_level; } else if ($strict) { return false; } } $auth_time = Auth_OpenID::arrayGet($args, 'auth_time'); if ($auth_time !== null) { if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) { $this->auth_time = $auth_time; } else if ($strict) { return false; } } } function getExtensionArgs() { $ns_args = array(); if (count($this->auth_policies) > 0) { $ns_args['auth_policies'] = implode(' ', $this->auth_policies); } else { $ns_args['auth_policies'] = 'none'; } if ($this->nist_auth_level !== null) { if (!in_array($this->nist_auth_level, range(0, 4), true)) { return false; } $ns_args['nist_auth_level'] = strval($this->nist_auth_level); } if ($this->auth_time !== null) { if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) { return false; } $ns_args['auth_time'] = $this->auth_time; } return $ns_args; } } openid-php-openid-782224d/Auth/OpenID/Parse.php000066400000000000000000000272401136636734100211300ustar00rootroot00000000000000 tags * in the head of HTML or XHTML documents and parses out their * attributes according to the OpenID spec. It is a liberal parser, * but it requires these things from the data in order to work: * * - There must be an open tag * * - There must be an open tag inside of the tag * * - Only s that are found inside of the tag are parsed * (this is by design) * * - The parser follows the OpenID specification in resolving the * attributes of the link tags. This means that the attributes DO * NOT get resolved as they would by an XML or HTML parser. In * particular, only certain entities get replaced, and href * attributes do not get resolved relative to a base URL. * * From http://openid.net/specs.bml: * * - The openid.server URL MUST be an absolute URL. OpenID consumers * MUST NOT attempt to resolve relative URLs. * * - The openid.server URL MUST NOT include entities other than &, * <, >, and ". * * The parser ignores SGML comments and . Both kinds * of quoting are allowed for attributes. * * The parser deals with invalid markup in these ways: * * - Tag names are not case-sensitive * * - The tag is accepted even when it is not at the top level * * - The tag is accepted even when it is not a direct child of * the tag, but a tag must be an ancestor of the * tag * * - tags are accepted even when they are not direct children * of the tag, but a tag must be an ancestor of the * tag * * - If there is no closing tag for an open or tag, the * remainder of the document is viewed as being inside of the * tag. If there is no closing tag for a tag, the link tag is * treated as a short tag. Exceptions to this rule are that * closes and or closes * * - Attributes of the tag are not required to be quoted. * * - In the case of duplicated attribute names, the attribute coming * last in the tag will be the value returned. * * - Any text that does not parse as an attribute within a link tag * will be ignored. (e.g. will * ignore pumpkin) * * - If there are more than one or tag, the parser only * looks inside of the first one. * * - The contents of Name: Link inside comment inside head inside html Name: Link inside of head after short head Name: Plain vanilla Link: Name: Ignore tags in the namespace Link*: Name: Short link tag Link: Name: Spaces in the HTML tag Link: Name: Spaces in the head tag Link: Name: Spaces in the link tag Link: Name: No whitespace Link: Name: Closed head tag Link: Name: One good, one bad (after close head) Link: Name: One good, one bad (after open body) Link: Name: ill formed (missing close head) Link: Name: Ill formed (no close head, link after ) Link: Name: Ignore random tags inside of html Link: <link> Name: case-folding Link*: <HtMl> <hEaD> <LiNk> Name: unexpected tags Link: <butternut> <html> <summer> <head> <turban> <link> Name: un-closed script tags Link*: <html> <head> <script> <link> Name: un-closed script tags (no whitespace) Link*: <html><head><script><link> Name: un-closed comment Link*: <html> <head> <!-- <link> Name: un-closed CDATA Link*: <html> <head> <![CDATA[ <link> Name: cdata-like Link*: <html> <head> <![ACORN[ <link> ]]> Name: comment close only Link: <html> <head> <link> --> Name: Vanilla, two links Link: Link: <html> <head> <link> <link> Name: extra tag, two links Link: Link: <html> <gold nugget> <head> <link> <link> Name: case-fold, body ends, two links Link: Link*: <html> <head> <link> <LiNk> <body> <link> Name: simple, non-quoted rel Link: rel=openid.server <html><head><link rel=openid.server> Name: short tag has rel Link: rel=openid.server <html><head><link rel=openid.server/> Name: short tag w/space has rel Link: rel=openid.server <html><head><link rel=openid.server /> Name: extra non-attribute, has rel Link: rel=openid.server <html><head><link hubbard rel=openid.server> Name: non-attr, has rel, short Link: rel=openid.server <html><head><link hubbard rel=openid.server/> Name: non-attr, has rel, short, space Link: rel=openid.server <html><head><link hubbard rel=openid.server /> Name: misplaced slash has rel Link: rel=openid.server <html><head><link / rel=openid.server> Name: quoted rel Link: rel=openid.server <html><head><link rel="openid.server"> Name: single-quoted rel Link: rel=openid.server <html><head><link rel='openid.server'> Name: two links w/ rel Link: x=y Link: a=b <html><head><link x=y><link a=b> Name: non-entity Link: x=&y <html><head><link x=&y> Name: quoted non-entity Link: x=&y <html><head><link x="&y"> Name: quoted entity Link: x=& <html><head><link x="&"> Name: entity not processed Link: x= <html><head><link x=""> Name: < Link: x=< <html><head><link x="<"> Name: > Link: x=> <html><head><link x=">"> Name: " Link: x=" <html><head><link x="""> Name: &" Link: x=&" <html><head><link x="&""> Name: mixed entity and non-entity Link: x=&"…> <html><head><link x="&"…>"> Name: mixed entity and non-entity (w/normal chars) Link: x=x&"…>x <html><head><link x="x&"…>x"> Name: broken tags Link*: x=y <html><head><link x=y<> Name: missing close pointy Link: z=y <html><head><link x=y<link z=y /> Name: missing attribute value Link: x=y y*= Link: x=y <html><head><link x=y y=><link x=y /> Name: Missing close pointy (no following) Link*: x=y <html><head><link x=y Name: Should be quoted Link: x*=< <html><head><link x="<"> Name: Should be quoted (2) Link: x*=> <html><head><link x=">"> Name: Repeated attribute Link: x=y <html><head><link x=z x=y> Name: Repeated attribute (2) Link: x=y <html><head><link x=y x=y> Name: Two attributes Link: x=y y=z <html><head><link x=y y=z> Name: Well-formed link rel="openid.server" Link: rel=openid.server href=http://www.myopenid.com/server <html> <head> <link rel="openid.server" href="http://www.myopenid.com/server" /> </head> </html> Name: Well-formed link rel="openid.server" and "openid.delegate" Link: rel=openid.server href=http://www.myopenid.com/server Link: rel=openid.delegate href=http://example.myopenid.com/ <html><head><link rel="openid.server" href="http://www.myopenid.com/server" /> <link rel="openid.delegate" href="http://example.myopenid.com/" /> </head></html> Name: from brian's livejournal page Link: rel=stylesheet href=http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711 type=text/css Link: rel=openid.server href=http://www.livejournal.com/openid/server.bml <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link rel="stylesheet" href="http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711" type="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="foaf:maker" content="foaf:mbox_sha1sum '12f8abdacb5b1a806711e23249da592c0d316260'" /> <meta name="robots" content="noindex, nofollow, noarchive" /> <meta name="googlebot" content="nosnippet" /> <link rel="openid.server" href="http://www.livejournal.com/openid/server.bml" /> <title>Brian Name: non-ascii (Latin-1 or UTF8) Link: x=® openid-php-openid-782224d/Tests/Auth/OpenID/data/n2b64000066400000000000000000002117141136636734100221370ustar00rootroot00000000000000AA== 0 AQ== 1 Ag== 2 Aw== 3 BA== 4 BQ== 5 Bg== 6 Bw== 7 CA== 8 CQ== 9 Cg== 10 Cw== 11 DA== 12 DQ== 13 Dg== 14 Dw== 15 EA== 16 EQ== 17 Eg== 18 Ew== 19 FA== 20 FQ== 21 Fg== 22 Fw== 23 GA== 24 GQ== 25 Gg== 26 Gw== 27 HA== 28 HQ== 29 Hg== 30 Hw== 31 IA== 32 IQ== 33 Ig== 34 Iw== 35 JA== 36 JQ== 37 Jg== 38 Jw== 39 KA== 40 KQ== 41 Kg== 42 Kw== 43 LA== 44 LQ== 45 Lg== 46 Lw== 47 MA== 48 MQ== 49 Mg== 50 Mw== 51 NA== 52 NQ== 53 Ng== 54 Nw== 55 OA== 56 OQ== 57 Og== 58 Ow== 59 PA== 60 PQ== 61 Pg== 62 Pw== 63 QA== 64 QQ== 65 Qg== 66 Qw== 67 RA== 68 RQ== 69 Rg== 70 Rw== 71 SA== 72 SQ== 73 Sg== 74 Sw== 75 TA== 76 TQ== 77 Tg== 78 Tw== 79 UA== 80 UQ== 81 Ug== 82 Uw== 83 VA== 84 VQ== 85 Vg== 86 Vw== 87 WA== 88 WQ== 89 Wg== 90 Ww== 91 XA== 92 XQ== 93 Xg== 94 Xw== 95 YA== 96 YQ== 97 Yg== 98 Yw== 99 ZA== 100 ZQ== 101 Zg== 102 Zw== 103 aA== 104 aQ== 105 ag== 106 aw== 107 bA== 108 bQ== 109 bg== 110 bw== 111 cA== 112 cQ== 113 cg== 114 cw== 115 dA== 116 dQ== 117 dg== 118 dw== 119 eA== 120 eQ== 121 eg== 122 ew== 123 fA== 124 fQ== 125 fg== 126 fw== 127 AIA= 128 AIE= 129 AII= 130 AIM= 131 AIQ= 132 AIU= 133 AIY= 134 AIc= 135 AIg= 136 AIk= 137 AIo= 138 AIs= 139 AIw= 140 AI0= 141 AI4= 142 AI8= 143 AJA= 144 AJE= 145 AJI= 146 AJM= 147 AJQ= 148 AJU= 149 AJY= 150 AJc= 151 AJg= 152 AJk= 153 AJo= 154 AJs= 155 AJw= 156 AJ0= 157 AJ4= 158 AJ8= 159 AKA= 160 AKE= 161 AKI= 162 AKM= 163 AKQ= 164 AKU= 165 AKY= 166 AKc= 167 AKg= 168 AKk= 169 AKo= 170 AKs= 171 AKw= 172 AK0= 173 AK4= 174 AK8= 175 ALA= 176 ALE= 177 ALI= 178 ALM= 179 ALQ= 180 ALU= 181 ALY= 182 ALc= 183 ALg= 184 ALk= 185 ALo= 186 ALs= 187 ALw= 188 AL0= 189 AL4= 190 AL8= 191 AMA= 192 AME= 193 AMI= 194 AMM= 195 AMQ= 196 AMU= 197 AMY= 198 AMc= 199 AMg= 200 AMk= 201 AMo= 202 AMs= 203 AMw= 204 AM0= 205 AM4= 206 AM8= 207 ANA= 208 ANE= 209 ANI= 210 ANM= 211 ANQ= 212 ANU= 213 ANY= 214 ANc= 215 ANg= 216 ANk= 217 ANo= 218 ANs= 219 ANw= 220 AN0= 221 AN4= 222 AN8= 223 AOA= 224 AOE= 225 AOI= 226 AOM= 227 AOQ= 228 AOU= 229 AOY= 230 AOc= 231 AOg= 232 AOk= 233 AOo= 234 AOs= 235 AOw= 236 AO0= 237 AO4= 238 AO8= 239 APA= 240 APE= 241 API= 242 APM= 243 APQ= 244 APU= 245 APY= 246 APc= 247 APg= 248 APk= 249 APo= 250 APs= 251 APw= 252 AP0= 253 AP4= 254 AP8= 255 AQA= 256 AQE= 257 AQI= 258 AQM= 259 AQQ= 260 AQU= 261 AQY= 262 AQc= 263 AQg= 264 AQk= 265 AQo= 266 AQs= 267 AQw= 268 AQ0= 269 AQ4= 270 AQ8= 271 ARA= 272 ARE= 273 ARI= 274 ARM= 275 ARQ= 276 ARU= 277 ARY= 278 ARc= 279 ARg= 280 ARk= 281 ARo= 282 ARs= 283 ARw= 284 AR0= 285 AR4= 286 AR8= 287 ASA= 288 ASE= 289 ASI= 290 ASM= 291 ASQ= 292 ASU= 293 ASY= 294 ASc= 295 ASg= 296 ASk= 297 ASo= 298 ASs= 299 ASw= 300 AS0= 301 AS4= 302 AS8= 303 ATA= 304 ATE= 305 ATI= 306 ATM= 307 ATQ= 308 ATU= 309 ATY= 310 ATc= 311 ATg= 312 ATk= 313 ATo= 314 ATs= 315 ATw= 316 AT0= 317 AT4= 318 AT8= 319 AUA= 320 AUE= 321 AUI= 322 AUM= 323 AUQ= 324 AUU= 325 AUY= 326 AUc= 327 AUg= 328 AUk= 329 AUo= 330 AUs= 331 AUw= 332 AU0= 333 AU4= 334 AU8= 335 AVA= 336 AVE= 337 AVI= 338 AVM= 339 AVQ= 340 AVU= 341 AVY= 342 AVc= 343 AVg= 344 AVk= 345 AVo= 346 AVs= 347 AVw= 348 AV0= 349 AV4= 350 AV8= 351 AWA= 352 AWE= 353 AWI= 354 AWM= 355 AWQ= 356 AWU= 357 AWY= 358 AWc= 359 AWg= 360 AWk= 361 AWo= 362 AWs= 363 AWw= 364 AW0= 365 AW4= 366 AW8= 367 AXA= 368 AXE= 369 AXI= 370 AXM= 371 AXQ= 372 AXU= 373 AXY= 374 AXc= 375 AXg= 376 AXk= 377 AXo= 378 AXs= 379 AXw= 380 AX0= 381 AX4= 382 AX8= 383 AYA= 384 AYE= 385 AYI= 386 AYM= 387 AYQ= 388 AYU= 389 AYY= 390 AYc= 391 AYg= 392 AYk= 393 AYo= 394 AYs= 395 AYw= 396 AY0= 397 AY4= 398 AY8= 399 AZA= 400 AZE= 401 AZI= 402 AZM= 403 AZQ= 404 AZU= 405 AZY= 406 AZc= 407 AZg= 408 AZk= 409 AZo= 410 AZs= 411 AZw= 412 AZ0= 413 AZ4= 414 AZ8= 415 AaA= 416 AaE= 417 AaI= 418 AaM= 419 AaQ= 420 AaU= 421 AaY= 422 Aac= 423 Aag= 424 Aak= 425 Aao= 426 Aas= 427 Aaw= 428 Aa0= 429 Aa4= 430 Aa8= 431 AbA= 432 AbE= 433 AbI= 434 AbM= 435 AbQ= 436 AbU= 437 AbY= 438 Abc= 439 Abg= 440 Abk= 441 Abo= 442 Abs= 443 Abw= 444 Ab0= 445 Ab4= 446 Ab8= 447 AcA= 448 AcE= 449 AcI= 450 AcM= 451 AcQ= 452 AcU= 453 AcY= 454 Acc= 455 Acg= 456 Ack= 457 Aco= 458 Acs= 459 Acw= 460 Ac0= 461 Ac4= 462 Ac8= 463 AdA= 464 AdE= 465 AdI= 466 AdM= 467 AdQ= 468 AdU= 469 AdY= 470 Adc= 471 Adg= 472 Adk= 473 Ado= 474 Ads= 475 Adw= 476 Ad0= 477 Ad4= 478 Ad8= 479 AeA= 480 AeE= 481 AeI= 482 AeM= 483 AeQ= 484 AeU= 485 AeY= 486 Aec= 487 Aeg= 488 Aek= 489 Aeo= 490 Aes= 491 Aew= 492 Ae0= 493 Ae4= 494 Ae8= 495 AfA= 496 AfE= 497 AfI= 498 AfM= 499 AfQ= 500 AfU= 501 AfY= 502 Afc= 503 Afg= 504 Afk= 505 Afo= 506 Afs= 507 Afw= 508 Af0= 509 Af4= 510 Af8= 511 AgA= 512 ALDs7paJl5xPh6ORH61iDA6pONpV0rTjGiTkLEW2JsVsRKaRiS4AGn2PTR1UZXP0vXAmRXwdSegQgWPUp3Hm3RofRcDh1SykZBLif7ulau1hVO+rhwRyKc7F8F+7LcMf/v+s73eOXUDbbI2r52wfr7skZy/IELhsC8EK6HzhACI3 124241322153253947064453752054205174382289463089695815605736438952932114700118408072544073767229325045596832952652232288773280299665950768731398747700657715829631597019676014848183966683866396215048196276450953653433516126074463193382764063985175903718735372053536664711482497859539116009770850968340298474039 AOzgU1s6Pd2IkrJlvGND8legXTe50nyDCocI5mwT9rW0YsisY5jaaEOcu51BAq9MmXBPeVX0k/jlXwH4Pn3mCpUAU1rEOsTdcmSJp35siKliDdhTZHHdZNMW+igfXGX5OCsA/BaBcGnE6NnrGWXKyTOoVUGQLEkL2T5yhNUaCT83 166340174936369324883416612727439279977041963320514134445183426741643586944819834936989524033374309932122967866930503619179389342537723598234062828695747850043368572301869699886931403612266216965783079972698791813140295203826980649434652168563255385527187360027803388963151668338040517316899628026707657178935 AO8hrpw+lDiJ13JahLtCb1RenupQcNd0wlTSck9OLL8wB/x6gAoj0PTLV05eZIbz43N3GUSDmmckjlxdHXiBJ9rsoB0P95l1CWIV+4rXblCqxmOdmlm6VZ13bqbI0x7l0cjeMrkmk+yJ067WqUolqQBlUWMTuJVfkxALJYH5xr/C 167923899524385316022824282304301434707626789716026029252173742527362300338760906999615029022863637963070711762128687835779073122264515776657475985362344360699359591353388569856862973447791264902182048648600267737826849280828116753682917256540180401899752566540869918949003470368970029744573140084219550547906 QxAn7yrdVs5tlHV+Glbqdaj67c6Ni8am3bBLOL8PV5HbdrLf2xIPmNugo6MfUwFSnT+ZPJ51+VTOsItaNwCFju0Eh1cqyP3JWyLRPE7emKuo6xRhf+5ik0pTg77LEF4JXW6ofDqirpR4alFi0G2d9yImQPphsYJwYGF/nNT8u0Q= 47093316905427544098193936500644355852669366083115552072584429220248776817916430034648347490325490701471113667554329499736495877969341478442613611948220957798780043076906836236556612316544460763366275536846463456405604189392790111985912854476264292503164100482712281088955640964034295834935468665872932715332 AI9PVzrbJUvmCihwSFans1lBKwudGEZpWWu8pkSK2zVgzGhMvUoGgMp6TG2zsUd1tV8zv7KsVD2t6pXmjT1wPUynufq97GVHI06SGpflDTt30WboYRh3DgYxvso1sOjUXpnDezcaqc2Aiz4nV5MSShkBlyBjA8z2worHDE+uXqw0 100635651531872121827765663065728398779771663753008344681972226973080394359405041113312675686974926993279775427390065833081040771269307007695807025882757371805607979134114890454059957194316765342461291139168706134406917264848659448693866813989352429841300235734400772946895458374870482441457514575059390213172 FiinVicXOqqRLpxcGTorQpSAGeQ/PfDOuzYK9ViFtmPv6D0cYPfhUH4qXEHOejvmX+0b4lfaX8MWPVZxlqpfXiU9BhG76HJxkLF4ysipukeOvhoHzvcxE5bnhSF1i//bOSifATBLBEZInwqSVg5tHHPuuCkwTL91NqhOulp7Lsk= 15560440884463435471963622630292643727112462888414585143143739400703889930416938984547754943252935620248108237258540176511252143752416771350868493435174026287082706690332705481726295797196444796135827460509780634261726494455068460028424141500629527968240913757449787164107068039175831847071025316475940056777 aYrxyQN/hkBne2ayqo2/iDLF3DZGgk080SOMJfsj9h3Z1OfFZM7TJA+y+/O7niqatosvKrfHrAw+Qs7c6tCZ6NPwYJ4QJLOF9bqH2u2a3fkI954voNUctlUagYUJsZXV8hdhLM6NwUyIZ3ZFkPcpTZp7nKQQ84tr1a8VjDIT5/o= 74114640794666001532816944350975062126079079113921109750255283189037502412929005615388097912507598112836936032143435813588205939470002911374442844578739574773399427907766548612582213272643279263782396527705126350063372192910060171635870872236876399794128383338399728947176692692942605589343038282957050865658 AMpCUeKUX/vtRslWiUUuXNl1KA9uDAWjMUkTrdsxxRDESI7iZIn3TR9lW+0kV5fzkLF18iYLAwSGBmX1PS/T0UVFmoBPJ9yS7yktNL0lpQ3noyGFn8HHZ6XB3FkH3jegIfGbvwwhnhhFzpHPrXlpO5iU5Y+rexzp2XHWt4yJGuIL 142031143422642739313498629438991149460874309300342349421794421544918823888598660275343727563280565210534243383322796489809683834300630555650331646026843796764549231159336347965502383849513994449309613369541991287590422095953275586374371960367000083487965487661436037637475372929033613295072397262739084075531 AIMIQVz0JIEKEI+PREu94m3v9XoiU/Q0CpsSuqkwSSje+Wyul5ea9oU5qgtOpdkMUOW91BJo0DW/GMZ8v3C4qyyP29TtjCcAHObJi9hfLSlnTSuzXZnDStooYYKqzfToLToCaAJKCXiXAVW0vWtapLnyqafrf/KgyGZ5u4HfXKY0 92013973253053602863003242446596060337454881568126916916519869242232429836082762281129448384605359749247852792606718908482332975424967542242332487707042773885428473061056052851768940900752317020681189773407893371297668591494665352294885305475871917069040377145530889271334616499701769138948975263435137525300 ANfP+zPBTR27afneyac1KJhOB5Pq3AXB+SoAXJvQI/GkSoNhw5KdfqoIkLcoJi8wClCm424Gm1AdrdGwDFOM/iKTSPkrvMag93+b2EbQGX66/n2X3YRFNkgq/Gtb+2M8oCcAL054Z/iiMD67aU5RWzjqS64ePHsn01bJ7dqLgpMO 151548639867177154896951257541227014781655576169318283047778755573323724856619156348444192550664853912434681577093459933599575436686424046466113215132845213008587152894642577278656978304699131916299275797578171518984206145555369576872231567191579337901913492071976578289189524123204040497290426960375042970382 AK0kHtacLGu1NFWMADq2rG8hpzM4UEYyPOL+aMJbnwXcUYptRIxb0YFZg35RN/RiZs4lQsiq+kEJKzMMV71TsJq59vMkIZhZoB3t8g9ZqBZuq0JYcTICDwRpNSttJidVpJ6P9sR3s1xPMYKdlSwt6EEc9htOXfZU+yHKYgn98X60 121583812047864398969816595368193171848971298823388059338224714026742264861090347096116404814514279627148994345584790617974476594451626305761040465570524035369799925437276511604752129817947910677564301623631349399504187314174538914591944778074509068973226322566160587813128746039859381466427380402262866230964 W3sZlWW1Aev3x/DiH9MzwCAZzBj++x9cknLfGAHwgFqkLH6vimEH/r8hi85hzlCOG5CjwhoZ0D/Hsfr26ZJ3X4chG84byrfDnek1V9mm1++v+clJvlYgcuVgn2Opsba2TILTm1MDB+Ujs9brJ2AAKrE9+ep5nvtQVeG9PUGtdlo= 64240043913835461386212515483198059541440539167395859777194837833769712010594411295323900074066077107346806786205590345517755715510695858065925747020336398305793661773798243627926904542715123849691490667964262778804487343218972081260210371192903128886030021862362141928329650003493687310970684093289133340250 FTQRk9/BIj21gbLwI22fHJWYj+8Ghdcc613hOtJ+/hQmh73HwTXLpaGK9aCptxVbpjW0r/bxaRjmgxu9u1CCZh5yRd7Z46Wk/LIPXGd3ycQzqRMFB7TISFQGJIcFoxRp3Eb5wa2OyrUg7c/D+kb7oFJq9P7mEwIh8TpLzwmu4SU= 14889529068556301710329043521845510156960298822469914567758538023025100741826628180855835334285179977296740667353391766487166458692144569279381035582718738461626140662441222061900764829681913534146898551570916312642104487829660946024590782808750587095559047648957238487820069966851521487428624726655438348581 APYXO6uGvs9qWiEAkcWsaCaCrGJJCP2Z1g++XlJ67oZIgEoWITn3T/R2/c4edAfwUUzNHAYZN1h2dSrRoqlrRXrbxFtGOuRCUrXcGLFFcEbTrtm+z5z8xGRfcorx7Cu3FIBPMK5XcGPcbRZdyP1gBkeDMvuBNAo0/To+LP/dhCNM 172810804474418448604443090732221483571611665465870520701624598983692130272337358406272727413570938793741430131635927237320173996217984860203754686741782921346604605228620148450611724714868551781003004492587584071978757421616871762681049508123223983431502852926521520561941051298696758046005573332373854233420 AIDNxhnDEe1kTJ3XGfTS8zKXeXPRdw5yifm8j8Ibzj/quExy7hFPtKct8hRskPR2qwTlMiW9Ra8Npg2USsqHV0rBoIkX7E3psxq5LBfp/q00l3SEBuLL4K2FGR87bPgU+Duk3RVrNMnColiTcnAR5XkoeWhn/r9MfJMIN9Y0FEh8 90449107125498302548188660544012777357148118984122992664008792590422284061463729084479315745509706793674355738023180454297730948397413371686013210006834869294564190666543874617716180411178090109573192518129248278410216362657350215009192850017507998797754539132540293137589672869131300859207213449571846080636 AIRWavxYRsGlH0Yr0DudwrpYtbrByf9ZsDawKom7ubiRfepqYzcBlwt4adMMnkYSaXeYtOsD4KBm2ZvLKN3++RkYNmxgkyarORBEg7ERyiThBj7Ksw57pNHCAoHtBEhH7Wp9mHhuZtPvPgCEptmwCu9rYhLt4zZp+Zq8a02dkXvM 92930601962515884925250459851491509622611227724602941760145671636277317511265759558869239180653492283311584982044597979173761619470326096725838197524704577188104121460089235709339932110663536557497112887112782062772810759971739760085128369628777812332518137107605855679096146402427144185104230596200130247628 AMNJGLcAiJtL5fUfkesWKYJurdYSnvsOZeZcrg7bemkEVjF6S9CcojimUl+ncr/YY5/EXnU0mg84fObtDxWWdJ7z7l0CFcoALTyEatDYKshT0xvdKY3u+LUShxIAyk8EcGnf+KoEaa4Mx3tg2oTBnVegXClOakNTWw8bu2ItagoQ 137134165107366719462230252606689766470445826753581409513106273517221906418464863733870948759313279128624638614534848890858250894834883265387344539280755177217350585564186248554307335197387734431939154077778003706720017441895613190141376534460438929588407764609772857975000507660651583780079804513519571438096 BmGPZt8XqqI1PuLN4K1/PZMi2rfOYtHEMrcwZdSjKRm5qTkd0Pbb/5zPV07TnM0uLRvIQYTLloEY+GYyn0K5gDTEZpEtQ8ee6Y87zYGDwcf20eqYNxkA7FVV71vqCP/Uw3Oi6B+hMvsWZbvv2vH6MkAeADCrezOtwqVS+irftyc= 4480956865245875120472829476982311611308898564405318773810939350829150182630548948231116574193987272498161864310429976564278532538229396846813874244969927890037756969704618336242255039858182439641759659872128285423988638335967412040624105824571426792562334458751137508116412821914961236269913776304372561703 APqFgCIYbJWuRyEGuOStPvcprj2PILQ0JpgwQ2jLKn3DvkWSd83qh7PWGKozGavsjh803K+ZzI7P2wP+Nc0r0El3q4nzaHvKaCtVRyMwbXv9wYLFZICeM6J1l9ljUMts4tbDoPzkIy3ScU7pYxarBWqMkcBU8qL6NN1vEdkeu0fW 175922170410080716883576123079908758276229469783745771772401183721225804343343063277676406040455068452258961299511343441961963941297631097736305638850193978800615558067791016294285848963023036905095022181004058235239390870177623185946205281141386416867569004073524130001309977475780893497185890756991672600534 APA/rCcGeH6A+6ZwaBBDM6mB6tTD8mjkrOWEo/pK3MCZ+rrErMBnFp2S19GhlLOfuY8BHS+D834Fdm8+3wKYkWnXZpGb+e3v8ofOQ34G1HvzULOYtrEiC4ISZRt2SSyz2hU+PBXjVnplsHWTRxZDmBxTJdgli4ItAqxGCxj/aJ9m 168708388929747822981923386197903561880341990893945097067702518857172133291360611402092714329372304718329568897960770488377524912057166920574319430820488930520807742026377043178502591886293565177404635365772829346030773275726024973460121300339258054215286249329967181244588558220467488638468686270735376228198 AKmwrLP108dCGWOWxE/6woJVLRi/Kra/DvdsPkkrZQmWIlUT7IvwM4gU6bUr4f6wpT08cIQls2cGh7dbSEaO0xLa3mmtKhPiAlzSnz0wuifF3JT9U3uXgUfCZuFtE0z7Oi7WTOrpl3k3GA7JFvXnY0lwblIQALVf6oWyNETnajGl 119160465301384937485959146028591622947513292915838943629387700439301197965652871741710280647524383590817798553034250156068573474278225305190573334054718387045488098320076877626430189054572361967283632592181431701411266656256255758079114072932140551282607247364388070762970060420036793573956057551235306893733 VTe3rCzAL1Sljo3QAXEkAdBy1ZARHZwtrj6ZNRa5ttqd6/l21g4z3iHCeGo4rnE2F8wYTy+NlugjXw86OS+XojW5y6UzTtx0HX5IJ4POqN64aXWmaklGzroBEYWeuFFKcgQN3NOxkuJoDQ6VElP7Epz69kj5CsKJUwL0SjbNrFY= 59841866347633473702601462509811342285929528424012250265905695635971518533504187799047710303717472950129869674786231155102509311322791323986824635569605105662070745033595366004805920086888891275288347907772640070278731650628917037915863439204501060041944275512863990729926528905725569467329169134226609384534 AIZt1xGhC/HrvpPASsvVIVdsu//tn0noyJmVYh3FdQ6yIh1uce47iCsrV1yvYqx5ZTbC0vnfnbjFcWqH+HtLX/DelgvhEwzqJ8hwQrfE1ShLG4ZjAVo1Z4GCjrDcEUMlwKcunuSJssuxeQuXwTLS92+q6QeBSS7OmfxPX29CLb4B 94399298271083745508290936113986978382457275531684761701599029877008571741877683365769553170771833981099580359640421358853566501815723434822307977440496208486103754978934472597505865596938563438311337045817621762649604204720249750058676095769230214181772215323235427976398686727606000594646472236822594174465 NIhTPpWXS82VTA0LTd6TfM+HgLgUcmvnMYtLqPpuqCKZwalAycwl0XFYNyVvaY21J94j92ts/lRYgVtHDhk7/9nLXq5js/lsUnG8rWPHJo11JTxvW+df88aX0pw8u+biOWt87vc1MW1dsMTTsJFJAeBx77qU/Cwto95IVqM7vSE= 36889590210230649939994518345793530042252563793069578097360569338647730438860274349862767107939590441616825589851005429465345268710487649366046960918184701290985280638488938340668212498212581853679035928093386035688597446809895381618260692378376844452061580510108168030682664507293277674052032318576713776417 KXdi4A2Z7tSiiX9YGtDtxUXIfQvPhcc48rUH+Q2SnXL7fLNmr+F4Rf3RiFBRiHKocPfE94pothop5qQJ5X221/DbEKWK6s+ChfQ636jvRxojoLMab3dPtaAPpDJHrfZMxbT4ZaDJT0tpA2e+zZrzBuDs+UUgCpty9nxtdm1gS7A= 29118662951481660380477444121362422614202367719725087486810943918529894738076273660245405874301505615796632229852040910511025841576465052938308369421493312085081188509808322692130449282585522349552501983296872614029139293444558468751646868108213623606366977549477663987815308260383403466635254115908032940976 AIOTBZQR2EJJRmoWdRNFLG4fceoS3KnRTHRpPdllhHODqdg+QxTOcOvqIzBqgdD0JgO12SuNAjLQOiz0jhd02qkXw9Y1adGuKvL97ARFtNEuJiNzFAj7KpDLy2zk2rPJp4Lp7cjQs0fe8BQYnTzTsNRGm+4ybln/gse1YWu9w8y5 92394618277596007469808288231093678404089765494062813665106014405059399079199990128824492247005602685377185496959522609467906358619318009231448503013528692450191782140091818984176967246749464502089280153086163239846744554575017530385347720563798041108608545014076448155956762636929707905789978331102411214009 NzfbJRBF4pqEeborJrjoknJgpfK+DZh2k9cE5dcElMPZ2Zn9im7desWGiBSQnu3KbTO4L/t4+m6nFTNcbIJnqbVSMDHdsfG72rG/t89aOuECQw0HMVVgONNNa6i/mw0jZSWnRLD4fa1YgbUlMd8jeqO9XcBDB4mVtDTxyeGa3vU= 38775530011374537813502898274019389132620116890266344603221997943675706375698597061571989090674289834838060050848545748579361837989319487970580969082824601965845786771062335733318139530316825802589479118956745739691326447349403950997231306042638797277408335778415717988679050762936401945487285814799382535925 Y4BVPZ6necuLSwaqYEPeZp0lt9tTGFl/WCJJbwg7XpyvuwYKtzagC1NLzY5ymBfwGFw1yRlQuyGsYd9mBfC99DuVCIeh0JNrhJN1bNfoSzy5UO5+dmTr+dm66VGSRS0tFcViDTfCIleTV+zxo/xuZT+Bjxq7kZue8zGkjp42Kmo= 69872189501616471647606976308259279995249122669120675885925763529037695584466011511740991152346215507625265226811128801733353566555339153627478941716586678793853828514394269931890370517258825006937741437480128878717892485074131232336852490940507703859793477547154689914725314529986438108117871674332626168426 AKCP9Mto4q/a2xNqM4N7PekbKspwt48OGPre+iqVwPrSP/jWKxg3CvvLNZzN5P+/FiUGIklMMFJ8w76OaHIPqKuwckj1gvCLECJEE+UAZWrNKPmpzd/ootN9/kQhNMuloTFCyhXAUUOXJ7Z0WVLb2u6fn4zroszSMBoWQEKC6lcq 112750701794692134675959811050012620191158543234019977304167102486465198271340022889272244811582365901584420008564301920174477182946432553537794834985703732129975734658113610563794129371053853971031300761815004524681756388784922001759202643614966614186697992611399618828963452661554240362943588548146868410154 APOTAFA2waoAODECaGNgCHa8dNN+cjMnD01M+IeQFytzo9RLMzzzg/gpTUFpyLtFMcfbCkDYQMLXwE4crTimdz5sVvjGQ+5fSFQjoDY6Bw7MO6NAcLzlV/sI/1WyNBKaLQbcl2720n16tdUcdckQNnV+cC2J48CVxYM1c7QQlxA0 171043636512232272455501595416608280460445723238023572475354665686544174728784633443479486247342724860289312593374524429736857970220153680852977711594899595712511352458264354251161579203922747468321999465061463474727943140910084880926005209538535217464825087114791420210981711903880998556269523363208766099508 AMGpxRlB8WVnsGqyyiy3/mzrPymtJW1o1HcDErK11ZwQV5PwTF3c0THwlnxDmcziLWHSWgPQwfRddVDCXMGW9BffJn+XO6aTcWDPmDAh+1DbWJPE1aqApGbHvQ8HONy90dQMZf1ayuwceWCVTuU1wnHdo9F/sIsRbuu7ic2OJDzY 135994898408425255747055209966103741651849229328236418804928584233229830656742052333413774490626915784901255640138520158698845938184666683995579777154437927013722740366497459963753542029774185193376253885864514386760437194444013834088425088260658670140534670789371556026135595577395047002643901630053097946328 AJAw4uDYdSYkOrjtwJVWLv3pi1+UxWge4RmkWKqVquTsAVcT2tRZ+MFdHM457Hl7fmFIyxvGZQy4c2v1AbHEfPR8ID2sCRQpdcfrxEUZPMDqxfnHHm0ziny6W4X6ggdBzMp/sBWaVNTBL0e61/pELBGYNRGFMzGws7HQkr/sro1D 101254336834199527040756567675327011562230719161388328289463594628690618298993695452746353237675715087353241661592074446889034411683413957950360025295995263477031608845241728493807755308798509893719674568267846671753070163272328014412744008880395248474446310603301447848026040555910147467745595720879397834051 AM09TdtXgYL4FI5CGNiVjf0T/AN/pZ5zZsBOi1MAUKMURiXnc1x8VKYTqM9Xb86mqNBBqphynIQG6/3e/YbGJgHlsSdrmKbo+P9daMr02I/7Z76/7Osa8+7Ky6lhVCbU3F0tBH4WvopkCQmuJ267afgvDD5kB+9uNr28deMH00cY 144124056591600568767398029380314564902309327093641173350205276895603332085753288682409279238417493662029954512382520307259348748813767324609446500382301421328754981718014234615523158887865271179104711373675849713359713282937065993613915015084108700238420759344034475478243507306107546245540340758766909867800 AKDhK+/BKGXbrbBh2vM61OP8LN81YwlJKe68KNwUu4tjXlQg7i49Jis7QKPI/YFPUpSNTu5N2iCgeMnCX4+r3NAfivOao9lw4N3nc9bi839SIWdlokhwBHBYmCIgjehUeBAdkU4jKqlE06pIrpRmSvBtn7O4aWTbT+C++ViYAcGF 112973480670453665543892521898882856059335781900313607790238402438320486344365203510769919022496690291280873287383392088872774202832124927485754495093552572232234532821756395965072330282810574669371524103814871172318519695921477775100282448247625395376072233777533359104085023946019406729587713120941266551173 ALxDiSxHjfxvP8ETvpE+SyDPTS7q3o3zCK519WTepygC58KSRfvDnIVIyV3toQKzgqD50kF1Ni5D/wuaSs62y3zg3kELX1g+WuBCc8+x50+kDtbHXa1Me3et/OqVS/QeppkcjK1UZMU29fXze6P/w6aQfvKQkE7koeQtZBKkYc0p 132203344567902304830160099595561253300484092355345272411265169562971473393256361094745618829297250316196312398486598077249124198329075791740755862221465178128527292695331061023291345396067863215552021206609309872689233899464919108147533679134727064586730810633196817136739658243232643507412032417747255282985 VF0YUTvy8Mfi5o6X06DEvLm87r72mAtTdyyLNr0/GXlk0Xj3L2Oi2bVUMtcXQNRXg/mkdGP88pgdaP/eMzqkUU++vJ7t3UgOC1i3SHegpiBhhZh+aZHH/wjFV8Mz2XZB5z8MpMgN+QwALK1TT2Pyt/feQTsOy0imVanB5+OvCeQ= 59242171319056188000481457618922567543461456096441095927600135114274111606802456239311634638536207588762066940095527920532936960549439269891703098017342732142860571277442598349453761561189719823290643146391349978698217357430495238876700400634593256155537598291759795109752990651995982467695091946768443574756 ezpwBt0N6QhTusiPcKrBvSB6yuk/KShTLUFQHdf5J1u1fgDYrp+aOWuXOFVfOd0bweiG4UxBQNXB2IDFWfYON0fBoaDqNk/41YyqXBSkKbiNWLi1y3zPmwTAiwK0PzYp2EPfk/t/j0HsDbvebu0ygcxb2tPqj4EQ1TXEdD007kU= 86533835313999945727720083706940213467453975054116752898416709637030456504024135513972566184073843025739226187558143854850980654667596935003124034699919861200483994576288766702308068265526535622439762454501169018136389983894783905946543636163866717367545972667876983557989192393479830223914708619684891389509 U8BT26zT46tTZnkmTNxGUAlXbJhk5cNi4AMSd8fSvZHm55siMFGJ8Jl7mtdzEFR1UFAyEztf2fUhxdtMLe8ei/OJgM0j7myQ9STucEwnsShT7QS/DjBmfvcC42sl1CRpXkb0ZLrEJCPf+crtLKGrG7ExS1oawIAgALBiMQIL6mE= 58812148564290791415180898639607206220554150794356494356250223429674091688305329629529905854147200457536549527135776329004085047145097927266797668252160196098870200925284256433894773392353678965699083286106628662506590268955650280670838340651598082083455821825076016227525614626726458235627297885815646710369 HfYii3U1SIkBZl09RHaGGA7H3np+qxyNeeCNY07PDl8LwZAaaYk/bHPeBVboan0I2X4o78zCD/gFXFBJ4rxwwUsVjHEioyO2JcpV2/oDOelJBD//78WzBMMSWt7ZKbJV9uYr9ZUM0BUD3fsk1esFCEdnDJdr86U0UMmiig2R+ME= 21039655953870571289679214995029926285040274249531458675115179004718812090027267801012507748013357317597416722235988917212676802092082137617336199787762782958420742299451435320649616271885264333948336627286638368859041172783505464468640994920853000441536629081040963398001710173320125308624362209157720438977 AICOlee3daFyqTrTdtWjVb5M2rclh9BpIo1CRvKo2bF7NYcjrU0/VvbOnTVXDwdeGMLupbi76f0BrfDxYtkzMXvIZlgoTit4g5ennnklDHFBC5cogaGlri8U28w4/h5oMunZ1O4ezdpRgVJe9nTP/sSEMYiNS5IA7Zshdvm/XccF 90275777798511290102824338787811725003177532250296755103300529948194832904403489332420505850668003332750291879153080212231952155092379375422537931240723308384652734942204313672973885652497290433943089371705605128843469306776615573873479312715317072986990219294942040272550822460408702072075001377245051602693 L0QUSVIjxvE201b1ztRZyOOxy8vkUz6626TH4tbLwXjjc+AhmrvplaVlavnOgHqve+/L18XNuAYP4BqdxIcWTx+yxBKm4ZS92dRJdcAtccvZpEJtYjdJvI6qbL5Ph6HluaVZwp4dyFyXuZOJGTfYdTb7PUWM0jNT/xsqyjxSQ2U= 33191267986826803728285073844005357792766429917696698533494382218509532051029343127452480789088572904364699220151221680328978554239767633887572649589456766209242252549993823283929686430100804479376247660556781589549613316880150951333982646510273364068770923588389668733632648346075516618646974067295703417701 APlD9ECKJuACUmQUsbd2GTOpb2PgQVT08C/5hyNEVdA5bWoICX7epmoCKCybdolk+cfEBP6fSz33j+Vn8MbeiHBLdmF6ETbmcyOjldJ902MDvU8dqAa8IgEZN5Uh5x/xzN+3dqk9o0ji7yi291u90rpfIh85PPpDat2B4l5zs9i5 175040148659257809883308984693597046378367187659749953472629929701758633206586720399909808941145946314755491399962797299295431089674294356220216615950668954164397362123668926410543898553191541662075745481299747832013627018846822876386760538344447600390187421938699064459451308870669878673306013635576901916857 KB7N0tE+A5vFhyrd/m6Qe1wTihkjqmBn+rinfmMAzRlvtxIBSyDLzQsOQs7L4oTG64ABU+YwcWVijvoeZNamaxGl4hatAH1pRqmC/r8FMvC4vqiFTbFHzQhkjM7uoHD1aKnxyBVgjMj0E0KZjrRxydZjIR2p13FXjLP3UQSFtII= 28173452509830313810392326357601136401754938805266458365469366750775669869895498658593356375710132149836430968810246171974040975430205200958564616924399794768861923079158311829444850822144940112488994119845741191519421434257276977333662656888696213514226866147767570046232093727585815615828360199830275208322 bxFgV7eXwnbQScl4VzS3RTdcMW+NY6pcGkT1UsqHIeDVyBb8DnH/2/Z+DX3zniR1iW6FPdvhJJeQyPIax1ohILa11R27C1TLxGvTrRBGUycxjEcBIxamHveBsXbECWusYLEakeSDg9x4BTWMz1rTQajkorBoeEjYuW+xBxQtXME= 77994515143740690952370766995249847650881300682406161400195705464876513409097078624084133111941171517535435606295232558665316819077765607639545069239931096306624817379462598756505457054433358548941076472902905065316335603665413114267741896000877284610377452471067725794013283338924419969559537339967562669249 AOH6E2eBzD76QdTJ6QbR/7OeF7AagUif9pEYx7fMqrIsXCJKKpLV/RHIItCDYP2WO4URCaVueoAJe3M/Shj4o6efvH9pf5Q8MLM0rn5MTHWhThivqYQDwjCp1ZsPgq1VFS+gcnmwgHhj2W7XzJxiNPeRXlxI2vL+XTT/wPBYhqEP 158686346608862569574095184731081143351413141116869402750758091813874232272198082464382169470744476593016502816563462778075467588097653320101723165887488327616477297401486647183409348122990505635004320879840358339260797834264972100385692477324858942142372580281421734058008608134075577990829273447077276721423 ANDDgNXOB/rXwmS4KEjiHj7RCDocVrMv5SU0aw6AJzNTBfseFngqidXx2AJKOEeG7RDDN2gzn4K4qJktF0AIPG2JbELlLUu0MFlpOLxamp586qyp67Cl9OuPq3UZTyQhIsSIE3VQkvxuQkGsaV1owDV3BKIWQbQEqMQI3yT4ELHm 146598844784260148346676185962272439320781765598895126402049215152385925250917998794921584290777625240122575975327405909800121511343265147922400813488099624745229653124857224399973509428158163452130086943873214460600035260925149630502192183407327427517292065083168010281295559088633086659209316582810260124134 Vprr6oBnWuxIzyTZjuxlKSdZhBc0upeNBHVIlXpQEnN1Q+XURKzp4/6Vg/koITftr3SMSgGpE7LkrERMGFgYaqM5XZ1RXYFKT9dRJnz9VRDITVZtdkDrU04bqo2Ur+jvZhvg/oHBDTgQ4nPLJfHO3+GEmUtck+g/wOVozMMgufY= 60816213163057201559480662231646403262735082707152897397414589876256824040344252799972529759737904461369360580708093117244392116003622336721789703580184437841209963565058475060017600871779929808204093448248984201640754565635410002090180110910120481044515630478472999135146756643143415057403006410330361346550 do4LGsm0afQLHl9alWF2RVyEKPxLIErsf4pTPgScRE7ZiTSVErbCDeyzd/KHzhBLQs/DhHHcw+OXj541cIRm6jaLVKiT8EwLW/dVG0AkVli83sFh2f56Kk+bCGSKvfGEQcGLY2k7nQ06zoMlYR/xbZCka6Q6kSq4YBDQgigQ1lU= 83252051731120517035090523892596419800592471447735288551342681962005778435125655090199060145942826521644585427683714084736143440310518046334877897672493531918539106001203807757254797471481884534543367685912500572052457610702790097953420236852480969038388056545966568595395722585797418296411673622376893961813 OL2Qoj4xkqRrQmuuLwrABG3BMMBNGjfBtVBNTdBf7g027Ghkk/z3aK3jKT1EPpdiOdn8zXYBSO1mTRGyK3n7Jo8ICOcnlBOF6cZtDsb9bvSVE26MOD2wzl6irU7vzS+s3vGBkN3AazrxPD4czk3xezA9y13DJVnNzgAgIQHEols= 39844525812817530522650122383059885756573694015271773938493414420875846359054562126060762455794481186614035892021706051863945033061233991184379580556219478200155757966121832613842937722944431875100059046588723473670448006803481527981834627086055642349130254917244469014754132003347635357123155857820000494171 Ljgn+3Hcg5DOf6usRumk7P+ZrdTBRmo968HdZU1mS7LwLW3Hii2KNkwMV7J77zA0P1pnvhMSEEeh1RbCUjLtSIbt3RIcOEoc+aO0eINF8r99l83xF57CBI3MDA3AAbtaYATy/NUXSC2h4W5kdsQuR88139MFi5y8E5njqxHu3UI= 32456338403763561215581247445990611953939298888251578685087656354454727113846722731945605696397627662593375001096230320486703167389461057538581895745078593206660798580358701927596287363374862536765135996838944212622199018632046955402325290145163082309469649329852148345837780541107029165352782710901375425858 AMt5/u+ZUNm+Xsucr4RQPUu6ExAOq/Jbcjm/Kb2YIAaEQ1czIL82wsu6YmpHcfMaxLjY+EnaaF+eCWQPeGd1av919+QFbQPeh5DT7ZT9klK7BFyVsN0nEDJQ3AMMJqq6lm4sUeVxDVTmMypYnkzRl7jqzyCRY1MHA+o2LyMECdOg 142886089970163885609957244378225169093559131065687633458877059657380607541767850701139140472705242750285722732461954100519608059127637509286558848391554697942686619832870045594188204522385787253648018847569919409782188708374165437385572046835539379151066214153911415525465041951116179326632238059135825466272 AMvXeHCaa+zk5VdB27KoS8XpjSUngaw7Gwlq6e2RrkEOxBhU2rGWGJ3fhq1HBNRxDf0quqfYTMd1speisaEr3cIyx9BhYwB6A+Nex/Sf9DSixezhcgEz6c5CfwUYP0QTTOiZDqzz+GcjKikjN7DKJTO0WSXMRG8qX8FBbH0rlc9l 143142496664357119491819741364830737485524654099662921673419335301323845847085335210884201567922636945282124120681371777665458057821603161276185071778040317947168899788341482064834489328957963447735297898161379277478278414388733161844053774747425459239004132791029364174047523473372650441001639174571312926565 AMxoMXHfE2i4khsAkv/lPtLQhbWUjP3kxYmlJkpacpicBB6z/TmG5zjmTC/sqzBvBn3J4UvMzKYFyk9/l7Wnuc480500a3S4HRVtMtirPueV8v/SPktL67eN2zoj1VZA/Rex0aRGjW2CzEKGwEn3G2bZSgdT8hKv7AypF69ppjz6 143539479941314279463880342636704987025205547180882175105616955926182352311179043850344463145750154442573797875223178075233807385237935671604701513551125937539235111702655902037518920150424691586943553275517626347557879039695678271564616114192941679606063184290901862703975921261779714258077775731727612132602 ODvOKg7l9RCn5CePG1FfMitkR5l9+7JK67eU+WeA5p1YXCcKS8GbYAKCtXPD2QfxmQcrNYfAc6Yb/kksaq29oW7MzZuTDzK0HXY5xBc/fJzEuvU51gaI0PR3cuU1qRlLqwmIlyt16gto+2E64BgPgIKJcAjx+TfH/EqNeJ77/W4= 39488587053253042573878502921384752550143716864908041972426777545317969264945056510991363961916339225192727727267483337259701961148978214005913510275048195308792987888118270387288989623193626554910652030960235845935461155296845475356011099372367616732243132816329531758943935324760665826550992788664237161838 AKkznyQtB+PGvbVroM5nUIzhJUjiNj7q4fC9sSFbmDgvehnwPElVlie6PimH2FKonGV4GSaxZ+osil+9omfkb4rO3pq8fy5KcFSw/gs09X/U2eEEcUt/4oSbjs2NaMIxQftM2CauULiwfkWdkMFTBkHnh7Bbyocc8dtmrBDdoI8a 118817437232756222334188081193205110010964766506378146125932730686679941224328135190204402802650523704343176483564284220367074983943319572348376466341132480772885833789613392397284313483009178508647973749522358005819092779831781339778163122774381387989185969990310049504391258988402795259963134610905036263194 AJfwWA7XnYbTjlJt+9hO/Q/OubHkUkyMYrN6Jd0cN5MG9Rg8W3i8U6oJxT18p4XozkiOgPlF1lE7hIAW9KRKJKGTue+iw0okLq5UNMu2Ha6l5/wzKi0QzRVTBnQm2zjPlQpgUorBBty5mcbt/B/Y3vOE4I3iVXklVtjQ7zIBHaNK 106695084438708194568048926154027115609888551145480521213711726807296356271397749432698558860759334362315257102647885062353922543502466463770991058956633500180245599467233361812610650830611712448187310827443315947425061886163301613989593906515923245020641415290300558869209909418659128196109640872398602216266 aCXItk5XhuNrbrqJr1Qm04U4y4AzSKDMms11PgVcdf5fCGdizibh6/oZqx5OitM26nRz2vob8F+ZIP0CIyIJU0T1M50dVTbbpwuVNdv/XI6gHekQt0d2g34x1TQJIcsT1VWwGWTPNMtht1hezBAYxwv105AGKnqdLiz04YAdEk0= 73134927546833985031652237686088635686032103401394612286045377544136784429757461671691980910279873140130943470029643791712859175007885735170485461366406852784845528918253441791024065848540598601036357817496637108534035807393364939272891745520961269029038360205258229770737579266643408540634722493263322616397 APNeoaWlyNa554OtHP8F7GAY5V9F7LMoF2ssg5wBmsgGFktrRH1C4FdyD0COrzIb0Vcko1/HiTnA9JXlfGKc3gTHEnO0gxBSDjK41L+EIgUfR0EhAD9iftTaCoBM7qZN3R1MYrSz3sevQZNMFOOnRrzwWEXnJaPKAZXvsqPzOIF9 170899982929163229592439208307232242235219591108657660041403142612622997092685093132858257827585941687488772925553142105567685213341947938835403410054637382864108739466539574004149772568683507025358331323655651148107044968424043673850583150424463706583215452211942132017052425497789362680979074312857823248765 ALhwBfBYpOk1pfJcNut0C2fEAd4hhYU03/ZQBqVe/7MgpEDjro7oMvSdba5kjH/VBssmZVqpvuZ5lG+vI9lXLukhwRKJg7m67HG8lZXvjDmjU/PCjxBPNt5r8/DziETYmMa+fhaMTw4hedZcwDe37t1VPIflvM94sBKu6be9yJAn 129516480651398210587505113546142851617282590236388547627336279692965778911450075230961856270046942312918567973875005814982283590898552829322178788678196583244198944578081007477482775130405341039067711963061287597331433268366003672643052056973656674139309732186091974604170508497340243515339072325943686631463 c9vpoiZvtnj71b8XguD67WayOF57QgOX4V4L++nG2u/RY9VT2+0tJ/C4NIawVa7ScQZAPVLuhV4J50HJX7FZgtY5n+lwMzNo0av7i0IqTS+1BBO8eNJy2wkCbWWBxNybuNnF6OK7eXdPb2Mmwm2OmhN2/j7HAr0cD7rK/Hnif7I= 81358980280155473712258342299472964374474635149963153129588784719499494479288254287754874893180126149146558961101860327826747785201363745989346818037655063262173536227595206355647880155693272153902647256175878517626925488264893732295267833614283963802283320574654949992393798458265266551024756663538388467634 APArEXNLzDydcHrieLDReJryWxFzcsN1dxjpJIVGeJp6itsJOrUtnmXVnETtaZhWsmN3/Zh0R7TgJ253f7PZ/Z2xCEdqF0hs2MmnERSywdWZQ0a0McbDUUaDjBNYFht1wvS6djbI1b8RfayrnEZ0miYdzrrP1ntU+5cM1QBAvj6T 168651870043094856205824264282870999215855903395882323164614939540734011037112413507417141209480771157672307388419164831992909066097194364645695794831939514470650008210390333649278806163193463937050083854756730458780288720541495880958909249273048328511615821480782977316719631334570687241232556472064072892051 RhGyx6xibf0OvY1XjnmX5na3G7emG8PWbvEa1kIjR6pK6K1MrMZnxFefXpHWInFS7ADESNI9LHjZB8VW5QrjRVPMksgdEAlkhY7MyQxaclUlShFl2AfKYBfIIro+vg7mUMzMctD+07BLk+jejRHtPVIxHmNnZrZYds80ve5z3Xw= 49204219353786910100605282012781696579642953908541693903348594981245301165936599174304121350092894937817100350990938057159324959104937469442065996667276651025661016077514839755853073999975805394464570132481314896694678249282338429544941873047382467276103868995474424700207571657816852575364781281563515280764 AKbFfU3GL6NILVyONPVD/X0tffk5HS//7FBp7n6JKMXu3VXvWnfTl32R0WyVHk2yP0iIyi6SUusSicOH9ncO8KJHmaoMGN9Fn+Zq94FTFqZne5NxHmCtwRAbFNDVGg4FeemGXEe1S5Kk1VcvWqnp+QgY0uwa7RtT8C7/T+1pZlwq 117110890075563714812929271250884717870581483065920538069845585667296154465072587148155060755111295509684258790280104272121160614620669593483929827848744548171793187278583947500205314283462739235860439216105116687015890394925743036369717346234391524403038196640934551590543386844279091801685432977718405127210 AJ0xZ9dfRc6P4W31bMHBymgOq+38ETEIMvMtr+wB5WTcsquZY1IUB4IVkrHaOo3W2SIr479IfJOOQhmvyRS4iB05yDI88Z/fJfXarkH53gDivECuo+5+JmV7e0S6gCvOuVamwoQjlK3G32bCV2946ry4EyIsVZ6Alk9xk7X5HfGU 110384671994603894282707302829898242894456931176497230904862171369974466400767175784681299142670706023468915238955836087425993929524341269289746060546848852729416925808186253355106621584826213979718185296723694190658548757311188764342751280681935289121682174507629679900374674992438818324999211250580434317716 fjzmb1D+YBU5Wn1GlwhxjiJS07k+fXxjeNRbOv5SjktzxOXmautO8xZ5ACOlYrTt5G2gzW2PU6sYNfByQ0xoUSyutOuQlD2r+8MnDrxCo6RxT3P0dUSX7q0IVj+oLK4GPbscnKLfe6KqUcYLMgKnDYnc+ztFD+csL6BQnM9WMLk= 88647261832601702291191332432291274285041869480562430895152086741320122435409959711452438332192792226899741738806447713240934608106883094466050154088410020909933636902495700779087737304255058561688767369900548260278700135161077055869478387490726087630962098228537973426295306997128615315548440548541717688505 YDg99aHkQSh9RjytWknbXzcgLD8MrWUEHF46yQLHYANKXaQYyf3yGM9TYPCDUqWbOapqQe+XfOCoACLyRg7vVDsnOPRDI9ZFUgCQBNG06ZOxzktEhnNJoRC99da8jyodFqqk2f9UD1lVa8tsQdatjUDocwgJaDAOpYEyGnUlbXo= 67567767932654827067250684965667741848878457020992905661955722020937161710030993261011062929936964216357930453809610708591260182295097124272956485574313839759737390934220465669626974544253750900911093325004172643146669082793591441922014060981070503803266774197958528843445580649512373693546027107823355522426 ANdsfO+cNtWsbT/QJHGkYAL2WCHWVPrX6oEz78pO8lUwiigVEow5roLI5Tm7GP7XffjF95z5WDxzpoam+Bfp4za75D6ZEHQmuFnpWQAmNLUHdKUE6UcsWN1rbV1uY+x+Nr5Vni/M7PfQi1yRTTJTYav40tFPb9rY48FsUotivoxd 151275723772668372472508916060743043308364940375633847663054782759325087560768667906829087958412643723335046123025802453213225972572697773468957759328009026531148112732519692142632237595562259864125679649273054426879080697360204352423668940795473103047320116317252295126635024518179060076282921965794883439709 D2Z8YA0G/vzEVVQ6itLPUC92r9n9FKRpf6lDPWIgpZOOfIkukPp7zzTlo9Ej5IsBrZBbtGz/eYmlHeZ8Y9pQj8HFW24HeKYqjmR0ujbNxI0QgoE+VUwPVg0HhoQsOGmq47zpXpkDwpOAZbMh/t1Bafq6r2zM0qmiwOacJ8KFUas= 10814483230552506566705634583020057064935800294861277580077052473134972003523900930560478187758928889017740705417070994563709463926267126567504805864719383185267204810142444719634360655595490833208838383875687102074846353850310954150927702228780599083427768247170427544730791038729428517279760042619935478187 XoZpSMHqlOyPYJS7dWSRNDJHCkjbo6+DECzu0FpB9O8bftcxan/06Twbo5d1lEqPlLx3w0XeWtrmCSCaeVcXVtlY3QuPjdKPv8LBnnhslPOVcbGyflaTPXU+ITWE6rwnIF+yWQl3NIwCV4EBtCT+3U//Dt/Ebif9gzfKpKltD6U= 66377743237695515693282032069691369056215169443985727092982918806809030742478033317158686828712146024066618073633406428345129492010236994055590530566431286733776441810601990431112187030942086686719669823512292071202675269428014136307286941704297995292544712278047959299939833088742083527714893795660235870117 QUbbkyJQ0Nru9c/nPbphM6VxHp5DWlai6407KIDbTGvUReVYI7de1gO/BFphL9GA7gDareYoMuej3/SVp8lEujXywtXzjiI+j2TzR3YYiMBAMhsJO1wU9pxy69Cj5xeFFlrOycjE9sPS9nrqnEEEFNPiK/GDDTHj0KuNbWSCLrI= 45838919357034925862751142472777409057791233610959872523563363744902783251621354580995921495295078179996083468819097423327554678806691589090814275138081407920379810144694354354954459732280968086760894209634364189264517251735804373673532012530665557440070501687207620525228416650281363557992436992284712644274 F+uI7ARCeAlnPLO1YR7RJj8LyhtE/EJMcY45lsNMff0YeENe8KOITZVxNA55FcxDYpg9sKi1UV3/ASqkqpH8MOxWpBdT2UwSX3oBkp6ETfJKqiag0C4MS8cQVsfcKF39BJ6KUE7X6KUEj11j2YIIRREmLPyZ0LatG7dN7Rmv2iI= 16797235966984072293396362937533957334369977688369659112225970370748312376722010874726300554329794854683394163379447263409228872034356195791733533528404245739693397078461712458035888813157166614479153484688995068722288153129390850561042173295997770817893349738328312152341860704179681230323810266038959856162 ALkEoXznA7BJlBIfA3Avl9kygQcxexEMApwduVRiXeYG0uEXMQU4rgMJBlPqs+ly8LTIcLFaLnJAG2KFQn2GXz2TNa7w4xkegkrslIJEtBWX/lc7VzRtcLbhaXEs0Ci1ValnW9Up7dYOj3Qw9eNo/9M9b1fD9TI+0QXFtp1ge728 129924120553920201168632484268654219915712271781591182777925696006023100660478316445751842982460082888615429513674356810187315558964251402722465707617058251479494744427428152566665405423424700027316505872162698141109433045594670140335040479559124757490095995568556894332243767736124299898808796118800328801724 Ki3FNTEE870E9GaNtbT418CLSmf++s6Di3hzAy8NgiDOFo+uuicJa54V3JNRxOBc99sl/chfZuaBQt14BFOQ0i+9rm2KD82okNABd+SNfXOb0Ow2taZX8CpkVJYDyphFPyHbPIKmzwMShNx9X2z9w4++tJgzBzGcFTPv1nhAlxc= 29618953883711174042338818332957726953262658484143534778541769862244883781157097499904047532839425875312731531093860721544220959674634750905085721866390609141599426547378130082409488797303960018348798930232014390380383063108812922828160584483043190739354817699497573863286563890071313017508437166939160221463 AJq8tcSnAq6M32ViO4hVGiHY7Tb08cLVyxpl/v0Y5adYblvjrbsFcCmsNDi5PnBOBl5awR7KZdQ1xgq6jIs+SQbccEMvJvGUZW5MgcHrXBj9XVd+8oB0z0eahqXpgYBqLDeHLU6238xR3dJYFf+Xrcrzjg8swx66OmQKkAQVJtdq 108660120968150664552423780971948386965268856900017812123107864829782135741514930439461240950044759098603910762272795612101834680870627850178371693837566833495418727543557712057554231215186486008080050486837716071537742708913279026303380104388546316647349432118287628353129105425052237438199445863950767806314 AI3mfrgcRwtE3mA12gSoQV1xyIGy/YA4pCCvja4mTjvzQOAfiZL0efadxZH5awohCC1SpZDCFsE9yYp4LugHKu/A8zMcp4k5ena8sTPDkSod1yucjybgmVJ5h17Pru28AzHQ/YUmCnojQv55aV2+AUhxzIfojY+NT2PKRqr+vuf+ 99645829268436288676280252226747461064597487404802430565833102291706103139410465131373666856042539909746769688396958963177805479987372681967013633920910376342526433530508868114301205524789149997372160919406352823342811006288909548557622230243808373083272214426118230701324879006645047374853535922112549545982 TmXQ+D8XFKSclXwnTIH8d+sb1IV0gfm7GagJahaFL6A9rvYaZ0NTizkG5DQ0RmXyo0wPmLork/296whsdNdUxVAwnGFlWWvMV0ftR1fOvN9KoT0WtVZ4Rmu6Fuc7q1PskAZzIp7MkOAxILO4iX5dNuVC+GLZYIbpTel3Ga8fXuU= 55052751096768041533898435453266875315629605001878362193939750978427494147944918632414581744895066623527980497732722163665712245580312596487741856071020477624754815927936394948233480228964159047139170955663289543349257377302556035170334384320502468579367401821986660515827461352578142560630318492817238744805 EF6KIBWQiQoHOnBdJs1p+WIcAv9ILt0cnQVo+o/2niOtI0C+eFBSiNgeddhotkQFgHvGUjq8BPYgtLC8A5IFKGzXu4SYj5ziagka0hqfhVs9zVHKNx2NUoMhPDG5R7+giwEGGPOayGHVNbsBf1FBYG91+mwy8hnNbhcHSnvLGk4= 11494909948912248031301686864833544028186348338729984264372557659364976118965740281229664413031002362633393381744365783802034700038490736736266032000546393704814403638058993380993275865674190555703046732456017652317200288968188655019374159412919163798248766655991273308390043613040731449231289437754791500366 AL7wCh8tkFe07qChFAzRkrnNehvda/Teroj65X1Bmcr14+/zeJlZDObYRYBOm8YYSYNgJekcL3o9lLFE34sCMbSJgm4dGwpEVexiLVi+zc8ndnqBDSAnRqtC+3jbInm/v8l6cUvuzrUNtzXIQ/H4FrmPMiVy0EMerkMtkfw5GBsd 134080980697158076909534078193319899756347955848461100874771253577754225619652121295523443912922220564492468474647193062555347746840044705102003079330399499915801536721237211615317000955332058281901995149084303143543150689010335818219129745452688372571010816270728441637278434982752674030696337642893239393053 APunLhlblRi3bbRBwSV8dsw8h5SvT8ncAmXPnca+e1dLzrQZzL7P2OhFope0mW1MCDl2kJPiGTdK3SiYJVsAFeR3r/0z96g3oq+8uS66T6VaJym0QToMsqQF4/fUMaTo9HsukyPyOgjVIU+6TiFd3SxQKIu1/GpQWVQIP2pkHFKM 176716779397275986910036615967409090183531310366246043951791503601618945774743601662530806467045971394247287367421508126613573039423674729894091424105133906122821596079925540513892022311039293333114333317886304014722168786051080135090242879622144693440448171583324154550086458411590240882982297314605229953676 MM6B5AgdJKe5OLlPzcXwi9WhqQjx5KsnBYxxa3kWdGNTdk/IN6TVd4Ptn8lWkLm78mw3DXP4Ol1sQbIfkHRoKFUN6TaWg5aDCJBDXyHSTZI2FDc1di0Te1SwziYn0sIOe+R+rfuLuHlcT1xaZBgL6+dDLAZaZza36UEjn5i/pTs= 34273208848307582992498656582721015257885595139328466874135636009184357438445251703533153492315835793684794951576799764181908090765379592683793969576893243386892292517067596035059342970830813419330530731370385186653239446376170533147020072285887964430731437765184844167400169982662183791828762458682426369339 AJK1dx77ZA4F0sYCgRL1LKSTvjGTKBHd4QBeVnE6FKJxIow82puqtsVZ7TBxbECex+LkLQPrEbuQaVr3giUDjg0aJCE0D9ZVXCUS06qulqcCCdWgGFHXDOQzTWDn6TlJCGxtTEMbMxSlUq1q0iKZ19kwMHiT3GydBn8/G7tIYd23 103022457217861194294329435482792508957642944252832971366936865663608381648431732294396977429863681671686490913575377744795372643599438468695483808375208871881849232129651519218503507811863794426234594709451104684234156597418383183271923307418704786548452806494411689822939919114966188329657999811363991575991 fPZNsqUYBbVGA2FAiglnByxGJOZkVSpj8Y4QNW5wq6o/1e/PRwp0TLYJXIoCJRs82pAj0QDpQbHl5lCZmNxEIQP8o8xI//HCPxPIdgBJmSfm3VGetrOpqEGU0KJJqK4IsjoVpAfPFMUMOpGNz9CSvCHGk1AKrtYvrTJEKmETuig= 87751387019308584846595931543798879607048239290774788042055795835726250309378365187899578817976976035304304847968410200168743967600896348021636654074952051821111673620467434295067182213181329543946368332581250062140819766061014427755090798550122401239987766844126425179573454145697756278292448630509686471208 EmT6DUd0bxcdprYhAnycQaxm89kltJOlIOGFFRmEK90H3RhzBGr5PRVTJVqemFVpVliO1gy1nPHgqDGVNIE1GXhrhyFJU6m+HJeNcduippRe38xPCiuraRkXao79X7WAiVYUq6RIH+UIRnfTvHBgzTwjrOvKJ5853hYmGaanjh0= 12917015385266582065020051081997430892582163827812227349569911846746592973268746845211126663077128575098045461893559476227689488349263954564361736197688317585888118974603264677576027836032271531903881104937422976121352854003385726888601980526287956222142458858211589791399646989299770657341412683499692330525 APtOYyWzdY1A/YU0SGrtjPdMZA5E50Y3hJVXppwuuSk04TjXzcbu2Sqp7sMnKYbToRW4nB5p2UnaLPhTRy0yszOd1auLngW+0ttCybD6nTcVoP65gYOwXGfSEQysqKLb1OfV8kYq5Ba92Efn+CcWWWuS0wEr97W5M/Hccx9bGu0r 176473215292413922394356058789571494026727424839036665031567966488209592078148711908841964690807374236235612412767651029865069639786447019874344449598703213025389428836803984245755885691094364960118900160737925054803955567361126391353868279642836569627177281508980029006921064654964339077608785831304875404587 Vs6bjpYfFA1R/QTeCfhMuZLZ+Zxo6wxq1jFZpi5SBR1LaUwAtOAj38OJC8L7zmxSOj/RGEmJHkulI3E1MH7P7xlWbY468/azfot5fX9BgHrtptV6Q0dkBUg7H91+tcxdbm4/V0HGQGa2rZp+XK1rO+U/d0ki6iNbsCsCR+OeyvI= 60957991334776853645581868230398759578123373154273044785333939425321390401088800849629483265841435899835570419798325123273632247193463641611211088549152950252041797959644227170492417662363676228611376046334386877555777556575818860902071813120592757466883038430756577949025778080997296219236534786815367760626 GiauT9A+wmwJsFbS2OPIM6ultIbU+kT2NgACn1jFAy+vNBahdfHMCH0jJdCs5TbmKTCeiEf3ITc5TV1OSvIejJ0GRkTf80nY47TAhiP1aehZvMAv59NQHHTDUE1U4TPVYKIyFpm1V1A+JBHKJzuGrB4lvqB2ed7k4m/ZD5lFLMM= 18363925023885496669420377869542744504974590667921570026763131637088916425434675950812384919000566852243714758512996458727914094904422651029609645299422563453163291342992902510788457007623888307499601267675322986672697397389663297565071582648674012080122614260400848960757021864980761735684874056409664531651 AL/9KOZLtZu4+ZQYQsmOgbST8F4RV4N/Z+l8qsbCFlHdXHqTTkcN0chsccE/3KkVTZsAnAyJqogbAvB/RZqttaK5a8iKlOEoerUS92FVQw/42WhsVaFggR9cHVuvCD6QqclZjSBQKQzUMy0YWPWlycAZDIv96tooA+V+Fk0jbcFs 134819194171226950171930028888667967094069342154233489571728632904658607624703819928943642011918061760802468868660586005724399808048609316802502143143910585363214684061242274402109137825176291816945489430125510625857564490981683683589784133305376252294774711594646923226452625156299996630452243345104727556460 AK5x2N/4+PKlsW/fNrw76CnE+nS76Rd7Ugo3IKhMTB/IuCc5xG4MQHo5MlWE0oVkZ+Gs4CxUpvD/WCCjHHFlSxKG4mC6ehz3NVLglBt+f1RWfPkF28JPd0UaIOG3um8kG4J3JDN48PXOPP86A0H8ZYbE5+ImmXsGAcwvScUQRInU 122499245103202714319465533564374494931278163571999934877854825659720649344163774228004853964635693562785966889622928722984134944784141208867445419597834322541679973956606275877526560988151196822256754309120410807075405427166696093800381410682490767468563176131997424692783482903880902119461752084196789357012 ALZ12i0hqFhwRAikcoahYzH/BUolhgZ9Jz6adLvvTO4wk6LLOpNC/zCz+LjM7HazZomT1SqeYJ2X+WeGFLADHuWo+Gp/I3S0UEneYHKJxoU7OoOtE0mB0BCncLckHao/LmbpnQpS+Lx5bRsr0yE6oWNea6gbyRm/R0to74MI3/KK 128128022342420083856194424802390993133863171077961467523372211039771843125192435716337829530528063182315478279257832480290950255315151577221042903861075751839976362752440630888566422581799720709574650482021111126414843635330535518992034746102956214991673417580508389225948159518319625680855827280146399752842 APXxvLifWgehdwdTRAJP5KrchRzgbUsyMWKcPGm2ZkwGDJjoTl2LIOOGVFiL4CyPBxahkEHf0nMxBN5oNGX/Y4W4PuOAC8gMgHzdLkPWkpnTcyoe5DD+fQsqNuKVw9nvyB15fx8k0d6b056nfFjnnRqgybby7MSllAWSKRYRdxVm 172707950911363219032118650562553641123743396229371815589867086054370029540557395298194067635069298952836929253340374819975848769009260895874615676938511747311585257140973518651959463416682165208985512233703837931718385346209362040743041262031997793519095342415901373534535662377972036003546589624834285049190 O+9ohtZ9SzGLJoZM8IRQAjhc/GPt2X5G+M22ZidYjx9WgOTrZDXorSyxLuHxay6djsJSgjxYMj8MuanYSn/DzPWBB1Gn4cDmIsfeYuzO+vUJ4l6d0nIvBg9Iqs61/PGFd46YxhnDiVQ9HEznyTjzESnNqc0+/OkQVJcwNHAcZBg= 42087920806448980363073662127262313840530298932643042322138035915324224188032438119079107631420338701086802583985117830416851550991102672642532160807467909040086448764318690465254898516502941122327185894900817634110254371864896139724173087625913998657136384357741816102965779105122269429701537815263708996632 VJOZmvqrqsIUTQSSJpZPhbQIYN2tsfBhAciWnfAYpwjK9/ts7OP4Qgdp6T/V2EsSRPnfZ0VKdLg1CnEWDhfcODo+/BZcUrJ0AviFAEtdeUhoMSWXtjel9Ln2guHY4s33z2cN70+e8gfjes65lCzrxUIXEF4nKxzKBnScoooQP5k= 59391682001673484862915842850714742391303140646889359425353339320546979084250010101273851580028171449840778038774656177449549941659895629203970455580974953864068394275066532699748911169800076515776388213090834432354601344176559839798153004796057709798368011673585434643656820656931921831615507416411999846297 FRyJCOgPziO6RDHX1JgYGZRcSAuoQFIZM4niD/B0twK3l+TRpmVigKZAJnZZFtmX+0JQkDwQn3lcBGQIL6mgy+j0hD58U2/Wd6xebuHSzf4OHVGo1cYoqZLplszA+hVCoDVTHi2YAZ+GtfQEggumcNVxqfEZd6D9Nu//hm0t21M= 14824975573460749317081504809641216868382341402512168178334301409725840669112911061147252565570697788806398498723577368905065980113760265945344671897779830912242224090954834750057278285419880820811348943398148063418809729356397202526234113316098584002071850758705282845646489058224513019380757604894853946195 dUk5LyS7mduFJlvh5o8R73kJIeeTh0Zli/y3XjtIXfCaNRf+wDlD/pX91JEwsQ5Mvj8yq/Uq13QyWhoNwsPpXVcJtJ+02wtIn5darsBDfzcD/LbWhl7zTRUeMjZ72gAWi1djx94SWjrZJS2oWZU92Og1yOyKRG+ua0AhHfYYh6g= 82361050315899968537319599868832189063658136463903643442673674137187842597528653416212822014359684261704550279153006971937114135373937934986951573613797195556144113400128502946618028800530164890707031379614952207482505803377774320259789692177752930767589642007257364960987343146063216186985472686575891023784 AI6rejwEznR35rIPuIz0CP2aWyhRUR3unJ90YfxyuVYxrqOJQGSDTSf6SGDDw5MqpZXa9pWuwpyrb6smOq4ZtC3Er7lipJfXDjhy+0k1qcfMjmqbATUscwXGpgW+MO71cttccEz6vhbjndi8gvG5M/vfL2l1jA8nXuBd4e254dbz 100186164434910864539376019601151338080943067893748898987236087770762310617199833479771711726248130012472861788210345311298499515751355424063761182369333224929721733015910055321263016834247318907562652286587380604998130368845939290804442878127169587599285040969551065995197981341260363722618429042861484922611 AJ5vLZX0fSs8dUSBqd5hki48T9cYuR0atxR+qv7cRu9nD1vP8uNVR8dLitg3XH0RARt3ZmOgi/AuggZt6tTxuIBg+9JhBY9WW+BLL5CnYWHC3AKMi7MQBWciLtmBpyF152bDaEcV1PXxtml2KxX0Ba0C+hGVDmJSdi8Kjd4AkfU6 111256341508463539324514225759801553679558662737345522765042612717818066374840372549356543720386819501973783940451033901079765311790026584654529398345993992144903839534037331533660672892487693477412528974248713261092693018326068480417183236210881306241164169849090833681510163753605662526243408192127670285626 ZhXtSzn1GiFfHHnSKUYZiTcEWqlI8owyCKFjCQ+VEvkdk50m8uN7RCQ6ZhI545tN7Uy0WdLstJhgJETBYLHHIoWsJn07mgPxuyO0XsqNroICMQEOO/YWQFk1c0VqZifcohQAwJj7fONzM7hTcA22/7gVigJ3iLq178jZOJsEPQs= 71686982768953132894579286530164112027530221141251507987469672039995314435159469907420372652392376452531392493658576814100773556880394271726970628960571077839124343525055625420896355363707908511865700866168843075071778015504724409171911254647909938237551680861008772396291072284353858575645679153885560978699 Vc8Cw5m5yI+bJ5sUJYm/F2wyZ5x3D4ydyL0uU/3eVF2ZJu55OOlC9pUyyv7WGExClHvWpR9mhMnsqCLyseLfM2Q/YXJ7cjGPKp2xd+fvwHa4hRi1FdOxs96rJnb+HUt9hTwQByXgzpnUfs7AqrqaNf4WSlBNMu0IOOqDdB4iVHU= 60256873326783629723455608618518793848697944184579877638436234491615392142659293975260290798403892159720925893207048153291000664050780029732557737984085196691225472664027706406879051455184548871511448456651238810812870905640934953489289909009741493031472382758586341375517766302753448531830002512912250459253 QmeUn6cbpE8YrDfMETz/+KVFaK+d4NHHzcdj/MnjcmqQSLpP/XwCW/aeudlN3SfKd6rNo1XZefunZO/ek+PHEIy899WzjiJaajhf2X05fl9WuPEaMES3Yrr+ClogFNQ+9jL8+7L+J8lDuqQzvchT0U0RPay5HSNZw+ZouVCiQ18= 46630904037845609335515965570673490721137364238213103678233212262384415738654627185220187275286458759154841820256007930773120637898228224906635911124921895934056288121005350040349882413280772888907627838315559544636626856478316691755270725623680935763476199888127096014398699432042227882284223578563208692575 ALUBYIShA4w5kRUa6iNF8S33DqaprdOWjVBnO+j9CCGtUh+NNwfpKR8AKf536MtuFFtwaQvRIlkLpaTYXuRxzyU/YG2+UfRQF3pEmXQhcMxJqFzqZ5nWCIWlJ/KtYS4lcC/B7hD2UGAktnIdjVUTSxX60VzA+zxeunV2iBZXQlEs 127106299687401374061881872616647348819431126560557369258073443762502337592227172639640997680536372567116568811258505773087926491911004324918919511363985868314578663758269650473780772688462266790559846182685481907703974916356209771821075179827563487466641669110315430790405454641953880582274165368514679034156 ANyAdMnVCVjmUZGiVdyvGE5mUQpKoJOJINqMAfzVUGvvxXFmGdoAx+xsDRNAP4KoijpXk6E3yPBPBZEWyhiHnyjEkktK/gX6gnb745afS0QIlsjhKCk/W/BHXkzC862Llnc1ZGAIsERnGceEoZHdICfDUh/7nMFp5WuSMzPB7nEO 154841617115465511611746667401422322067517612306328612547616471923266281876818466022676728696273611923942543658633762267658490816264271663863494188027433799849037906883352478212451733963905925106470599843045599411842850386623187980045961158399934160107237440980574028985561404965317132715808604373199725949198 AJ4nfhDe+HojR2YrprDHW9FVUxsZvoIekwlNL2iKFRFcTB9IcEdh6QnGcaRinev7yEYUsL6saSxUj39uWlqo8udJFdszuuQUmnloIi34L5uj0m1OpLy2dawpFQr8pqyA7go4ugMMj6XCtiVnISUcK8wjHgY3Jed/EKK8k5ce0Jxt 111059703393618496515021583605572584329116596402705082562306930876194742195701060137568030171429700588269665205795898835699633817098262654446852249498668467827435829513531633390969638488553144849154126899372953755511962841193763362947708260103832329116485114451074371844037650417731807385491783373627950406765 AL+heSTflb2MkRYFTKghfzqlVQ1oE5vcx0eCIsy9NJ2NGFXCRRvoGDVoB8UEsUWIRnaA+MIpwDKGpbOS8kRQrvBvPe/xM/t3jrGkaS6pN064+bCBx8Y/Jq31ZXNG8oUol+y1Eo6fkUKNl4EOetmZWK8VmhVwol5YngDffj4Q8ned 134567692290185631768518572983694048149859804864902017394351513816079806629664302312927579302025923096596995134868068794900003728293470554490807959649153000914807604036531509869958441069678002226922395630284261949256022972967357884468325217602330254290548618134453007903724438628204981673400911693835033278365 AI272d2sbYIi637kHZC+6lievgcDvT5VKaCnus3fHwm2vfao7oYu31P4st9DlqPWJ635X6QtLkU5HgvVSy66MDj2fcOfwVL09ffkZYnoGNdhMADVgOq62Ro5cCpOdw8Ko0cCyVpVIaSysPuqY7kiClf9GTdyZz/uYHDgwWeNrc4R 99528854246023003959943182132914587584844397870416002887630245681136432049666385367430032197518895755482367603560037194955739661569172773017279832774100155646116233705958563163070414171045438199561777058338188494271322834524386565519620661180246416329082614115142485663975718653564590519408413408765689056785 AN9S8vPzo4SkyKsk07nfyD0um1riJzRqqWF9KCL+kWMHajurgPACikYzu61tL7l1mNEaIU16Ndz541o+y76DgsTLYszu4KXUOEt1Gu3eHy05Fq18zCDlNesSVjkZjPmuJr2ku+p0cP0TLLMn7/KuVOm4GlEVc6OvBNZuEzRriSYZ 156823459768092337875922818543729136404805918580285507923139232733465414368775678369646914249412830351437211620056021568154043505276475345347569200977945836210758870414054407438380975491139001471954448623922841964684437333066353208837709613982022690623722155151315252634380695513434502419141555410441456920089 AMc5H8kywLgiT4zz5xgoI90jejsHorbqUGtBeX9wke7zyvEKyWxRKScZwzRbinjDZzN48eg/30qTZOV2Rw97JFg+EA63iZ0vqfF8jErIt3hODniKX8zayCuNmiSb5kiZL0UDU1SNh8ER4m6o5vshBKkmqs0PeozfCGQtR3bZXlx4 139899247405256530335276706333424670310599977544642091674186635734421385499036688803073040921114325725234673132788498809189814711681909865484671959982394306416477300458309408833281654917008031099378445580498219376391819745965887864647387211647794422908411100892195529730435423964537342228510107659017578765432 AKv+3H/TruTX3wdMWnLzD05em8u/QMl6lCHT4VkK+uZwBXoLeji54Tcs/hZIhj0Bdj0URrRt+7JdGSTy4Sr986AtVFxBJZA3lT+JT4JSrq3oY1Tv+tX/yg8ZodQmbpQyyfaFg3BgeHNmsUoCrdqhj4IwBqEXoOBRIXnzaTuqqSEw 120779384043726135670909127168686589868907326577918074234323699599475436892003731971700278391108690400460261929381703781833059801757700386671579819341589048987186473249926590758009001670959004477454905417357202448886738669226760846888369186457452643053236389556969071303251275912453385963613554945645058007344 ANXIB+HxOyJd3YYsscMpqZpi/eYjZi5q6A0MohU4BiWEJK/E4uIObLJDH5yd4ng+hn7UMhc+R/AxG88hIdOc5NyG/QyFs95ZLUC26F9rkRifu2CBkgqR5EQi2cgwC8jGxQOkC62YND6cAn/ILsKTYaH0iavtO9Tz04vQp9Ypc82H 150122383481070201614242107655752525590609186454390549085509458064289390813495886095936526832230958746095739308601699615024239939948911472291507190108935262129646691795733786714291498653838550751365834947465294261687773081563139416397262227609481906371677917295227469553787085145970923979142676551778927103367 ZQLFoW+dJ7vrHdMlcLRGKY6T6PZKnE2L3NjXymS/55my2CDBLdDf3oXwLlRjVt9KnEiXyQzLhyY2PrFA4k3N/3P5lVDLHero5c36TMshbHgbIKRGN2CGWPEFeQ4j040IwVbQCPJeuF3jL5ikCxWZFXfeEnTL6TqumLfD9yLQfKA= 70932215714423143395949105745758445705072524008235214324766464113352968998429901322485575506330607802260244612268338586532462314021433435523464635419846126736185176246740838082062856583684393425704173881940108783636582561707441482446854068022535943408999200681879161519209676205165680598258447492092651404448 LzzvPw0FdtM2G/RRiqoajJiIH+Lw3jpL4H+08yOpp1bNITR2Aq0beu2nP0H4o2Z1/FNr2hzuGakkAhVbmmRXc8keoOkeaAQAP/8OYxHpjrqou3WPWaKx+vUCTSqVYYf8gnVKpAAC2cD+3lW+/ZJ538o+c0ovbUKNu1u1j1OBtA0= 33171669664542509840621265032202455391098253465550501094201777336478104142847268103467889435377685359857979277521589539506627375165485879405453566052091202280471235979376217319335800766353336252760793484157724210008639813552207624049019149744883918494762511376489708611103181576211531366514802868659603747853 APrGj1lIIlxA57DNh+bTEAFbJK2Y2P3MxLShb4fPx2aY6j88k3umoe07ISQLf9PzNPeml4/0I3w0KNd2x4s9KHbj7NsIT64lhO6eQSEteqZXZGXUYUyNzhrTbAjt+Q9LVKItQhsTkTW2HTQ5RQZfGrkL118b/I18J4P+T8CGZdDz 176100632478477421621142147788721746818712752858710594712903769452749028606541677227413333567013253138397373757811889654342173021761934591400685421771460440213093509170325205622261487145789848227404883040799927313402244625239515162996390018403365063394514244196976794479529075569412676472840544017222373593331 Fvcl/LemWk29I5LCjU1QedTjGlkvFF/kZXNkRJv+vNZ7qgq6pX8WB9yVkk6AoclDYAhCRfKTKuEpR23iafVuHpprPfNXcqBH8n01kq3U27xqIy2hS+D6BRBK67PQaekq31EB0aOcEb/DuNaXakS9+mtTMx6BKt+WoEY+NkzHK6c= 16126868736093163702771491576570380743773057522016869811780571865928979861357811080042796140032050364543242385458140594532945509386155523162799601656485075247603490060565663264947465987286983338572455184901756399862440455644131755848583379822279676555143231305246033911608913609591095831135803702269767527335 AKW8tvaB8YZ7J5W2lmquBniJzUhRfqFdPZPqvBoMzR4cRh1CMNdSFsYsnsaF3KolNzogdsxFpHAaEMG6zSvpNJAoi4nixCqb5SETXrSLASXvNjI9MvCoE2JCRq7kMbjPL7cem+mBPWZITGUI6KVlJPLxQngHYSFxukqlx7jznwJH 116384596458828069344020651216200368975621068920641012055593076864629080375946542748377736186556382088448816531408136815533164209947323588157210859294774679831647934533061547276394884474877353537242203645373945111105805934070657589374883764420038511061919092743520704686962593876316976299391579463759429567047 D5N2P4FrqDf7/2Z2BJsqah4SjUtolic/yNqdNzvNEogDKZKAJyGq4zhnHvkYXkEm2ueU/FDPJRqisszG0oULdU6c7p8acirEwsGLVh4RamnFRgmQSK1vbiYB3bR+P+iFX/bZ+TWjN2Y3YMa5UB//I6Zb5kEIjmTpjY2LEPI1e6s= 10937855369372570149476727082965401421189236366492771695094788039313362971972373068736123833330006002198346944149230147444718818161877123407713821100752433128205189334393732633989950841577315682292180735057952587083688644195300641998709155269462601925653013312848413290208844194513502358901613104779186502571 V/A1ktS0xrcwlI8xrYqvlLCFYrdVp8tEzZaZ9iNNpPH/pzVsA0WbnnUeHbdilkje+4OdoX9C4U2xaOuWOfvqLR0c7GeCkSffCqyf4ZsBmjy/BQL6rCpxMF0gIHXO5O8aJ1h17hy9LTuNzWm4zVh4pNFuHC9L6nAcf92udMiIQzk= 61752386563628388546439207444896778638632243226541303179646524864765343154194512297447627825411023405896612559648434895675553567405277169056807223959390559391191382555701580549902639604424290133917402316755076644943742815711432111554988540913643347167948778404861099845961151998728662878854088239266688156473 APoPgEKA0/r1FYmt/Iso6ChYK6dDU62Y+vH5h/LVE00biBYG1f7aL3GdllUTN+XQSHpqlDw8CD+9xojwZIMfgpgjOwLbbe7Aso460zLrg3R8aHBpbVt8iZUgjACwPYr5UyKbFzIAWaXcnYYQ+tCO9aDIuOz+/7eIF62C81zXFJVZ 175598490446477604563905754135475294999639698464908622773037381109011373179895295130424828038708319325919451724985361900259676699137657615076219968061941008972496322083528922054390781811699677037439989404270415929836486610353098273115864435328533577114470407444852521009919911888840405368858409835197558461785 cL54ymLJhRx3U20Y9aUTIsXy9Ags+XHy4qk3F7uJyO46eiXSL7VrrR9vTQXAbETbu1YiVWfslsPht810eUDUVaVir6yLnXkywn46Ci42FEvVoTEFjO22uYcCh8nqB8H589w/+lVSlNrcILugwfdfCvK1iZzVimOO6l3qzfXToOU= 79171550718114578361958369278761819285111811576818442980166457146638966315793211967882077899426611721874954146020093740153495693185472340728106727284441726113022873005252623222594060645383105757498856463065370975867121188445567981809371870213273555432308279508351518168027875538720367440153667708369625129189 QdQN4qW2QZq8/fmSaqlRiPSoDbhmF0oYjaY29HcKYGHdlOH0AMJb+RUIq1aszvVtjh7AYay2TNhaZMWQ6Qi3c42SNk3A1MVknT6zqiRCGjNFfxf/matbRLbTFQF832MAId708vrFLF/o2HpekMkc5hcHB6bkUUhEI1NLcMXwGck= 46226230186280253581676626651942823886592433541360244612432763620730826574920825070086312767146345247802570752482654580909236388357139147786783758670999083804670979821212991224400629053427330483809790366665043598754931511997925850227997764381723288657884346974360232490075739442406431704368767588177525348809 cxHvCK/dyVDvaqCCQyLeaiBGA36mV5el+1lc2eUTkHGUzX5gU0QQCEp+iSXNJhIOON8VFpKOFsziuV0Z+3cegWRw/VnxnjXcBh6IDKdupzOPB+Yl8MA1ti/GrQjLC6ikcNYNjQT0ZThL7KTqEvvZJH68WYmD0IuK26swjNGIGaI= 80804939616399473443737611589382762718815989847332356984276911837267997590368701684135326680567847542004499684038240485603420973682522792156533112356849436451918522884749244246467852622918805139990256619014116276456718693703261686778030658826952213058982142604346352178078750879100976710761147710018148637090 AIQ3OIZevkYoRGBmsFaXJobSfLeInuKKReVYNjP5VEPoMq0mXTltY6l09/rQ3d1JjsMD1PfA7emhxex+H9t3leBIfCi6Ux34GQEjXWpQc4awuiy9tbR077HaJyecvb8Qy1FTnOHoH5C043QJzrKYT/sFXjgB60piI8Y0R/hwxO4r 92845026347218330987427785323244729176754623818531419911990153715676845614711324345879159989637824921793015074978358052562420379797956750450245721653716740651389924718711940869162230097839047895842495414221110468446944827052871968998907462191349838598297775847512250220907563815783358238473966349820476321323 LoG6ib5lUh57rdmSkZSWzBoudytFohS4uoU/uly6OaQDOi34GeNVxu/yr6RszJyL9JWkGNgFaBIv/HirH5zA9VQAL/6kpL93a0/GQ/nuHkHy3GWZPF/2+yJ0PfazQ40fWhHZfRxBngWslbguFPjj1XaJ37YzpQAYb/+QcUai9ic= 32658152290878644668906121702816147999633088014476055330179597550087921141413344679134407016170035735846077181424615228657687216737432274043674411132745299610950657139041836412322040866250189120286839287690983293111362228893996267791120043532014262644480689231457941173330523718758287779526551822788227954215 AKu2jgOQCCfYZ3CLkXEH44aO4TtwMPeK/eq4FtNj9HZ9FxT0LLNJh0ZXPOaPJjgznvIw5C7/hNm7rUs1JeV8I8dj3nbS3EVERQz1gc/ckYB3H1bViWREOD5+TScDusi86YO/z4ar3dauKkg5kT1kKDuU/OP5kNMWvtJjHc4Vd3L3 120581042599355202025471829872601846477331097842315143148145881424071317426176264583672725691485724160094190478865850305422057632110749683552966861219554215519032344086824849470294473808177223497912069335635933312949412445851201918768630656712413082629164792850095444166888072453190903931430551124946191872759 ANLs7OsR7oBM5jSjVADrk+Mx9d0TeieTIkxwWiJ5STKNQmW2EzPOjgbfcLhbYEhzzDFJveXO2dzz6/c8V5oW2yqg7VMx88DzEbpQnQpk/rOQRw9jbI4fxXNJHkNZCeysEVvFfLJb4ecsGA0xJ3Aylny/jP10ahPv2z5K99edGZSU 148116916208650944522110872759145096907599612943009577897396622287067669897712748449324334650112672914917664881091633448764667172850435775162090891556266912697811031318228334453406561952979778127173704706529448647577013482442758465809198730066784986763500579667100246958959793527011919373534159474250508506260 AL+Er3n1qj+SBsZVtOMJYg4m0CN+DE6gRnC1F7nPvd2XnBe+QE0+LKfcpUDHVNxoydW4BDzNVwnUNbyjXZ+iuddPtO9hchVEI36UiuL0ydeldFpOZ9mtHJaAF6abd0MlHw4vXRf8CbOvXb5N4s76ggijlZBjRtU563sSmBcyq6Zt 134488725667189507159811764480908602790838430340670328479145818969651133017546803581865897303917708192047926432630297993507146075655594931523561067937580218599890162311074002344315818494246433967228889645359283635389151927472221799543158424012020308449895562192866672439712148770104592027035768027605661099629 AK/04XOBSjjPpuFXTDF82RNWnKqZz9mJQbS2B5bn0ehFnBa6j+B+MazX+AxXTL/d5+hPLT1uexcnSMl3DcGGwKipOXg7Dtuj3pfJXHTrCqXAUYrIXI+8vKVQO55yQPGfzIg9SVgetwW1sDk+a28ZhJ5a9OddqNoi5C+dLce7ZtNb 123560902006294001923570614486104726169564351074482936927091682096999779538353161007361361829586988452098646362280351148131540524964916445100589671458589346440250329883789099771417949746709217272531950438336245613419967556433467843237384555807236658182067742367748737224684334525934210197178231424396818830171 PzOEGHlihiveoWFAALY+LOfkRJfm0NUF/uR6cSU/tbpGAq4onNpr+iZIzEP5o3JBLOtDC595/NBPI0fzaXl0vQvgJs6KG8iKANjsLKQjIpZBkoKhdbG9MzTVQuAeuDW0w3sn2iMZ/v2dgAzRwfqmQYXJr3I2BbcwWraIJuZXw5A= 44381416070253681813077725822442106641846565789204187691647505370231831464947935035197059366680327425453811558282831465960889061956588244308214943856009686127871667376028831540813257349779756631357122923723235595360268572998278795110672666089470210929411514949652537714634611421849780859192966935514197771152 APnuduN01GS9dO2m2uCLs400AR2lX7elOnIPC5U6e17qbukxWYzNhilZlM4kdGXAIeYpzFdSIW/gxRMZe6TXq9krFWRaaPyT2QwRfGHYnazS9F1QNYmW1zXdt+qVp0JGxmh5PyDstbP8Z3x50/E8Mb0gLLPhNAvzY2Jnr9A8Q1Hy 175507868985304663005133968393406051624825489142498103948374797086106732382869120248515993626061853699363294022457032257026588816021007648668265488426495800459085474654859258116280251546902009156490112550154951965894022789029787886785376415437170872937201839249103828294508088966180386198213606090453461193202 QHEhL4iVzNdUsfG0izTEepwTOvxka8t/9MwuF1Ey6kxsI+ry4g4sJPgR2xMnbtOmvQn2NitAkfvA8JPCiL7a8+gmf+DVRDjKDfpfrtgAVmo+3rH+uJYTrKhAp8R7ggU2xIrvbIrgeUj7ieThPI3Rtap+IdkPCL853JC/+oKtytM= 45252649968839515171157821292772647085425694172492111870169593872127007254353374581972876464918186509502070064028725519394859148593053614163356612260257013360168930649423732336969778875205250872728821432415158634190866775855521719727700464116412886964736859295086745723651735554245035077902615220578218265299 APeaekK4mVhEShCfM0mkRebcg1Iq5CgrFIEGOoh1nHzgebr5A9Wrhm9yD1Vd3e+fFD9urDRB4y5MHPJHX1U2NFToC+H8nQkFXL8bfd/9Wl2c7y8m0Mxwi53pLIdzETLbbfeOOtJvuSYYT3n8+/PeMnJ46UD8OfqtnFuS0/bVpFLS 173873040145444066957050580959132871919216036714423404143335635770937773583761934638398867981658394368476005882852706046614562314432695052874974848076542261910660410561876043187368112065303981001507235893831108658530338308496461162623683138693880482650786841100027392293758260448606244283355655751440485602002 FqC/wgZDPTUoObPFSH5w4QR79zj/O+ZiHGTEnsBMwNZD3Gl/ClRDIsFMDDupNLgwgXsqCQbpwSOHOtAvUuAFwRpzt5B7lwIgtP5ism/AZRno5p+9WVSmUAM3glHsNtvYydz2MkXtnXzSMIR1ZVoLrdwMnckE4pbMzggqz+JZqxw= 15889870005716350976759704672045310928616256175405784574141006779373730686049218680335525720670897894546334915362899913262232170795516176419192840427996647372619000239408311568577050460995518058850793096827271653902583271225799114408537346367483775593212272587811309978019791973449354003275559762102731778844 AJXNbv2AMWadF5h99ZAUy5gLnVK/hMaakFo0ZedtPNRJobxPmwj+h52G+Czd0U48G0V0wpdeUJC9v/4BhjzhCvNhNsdAT1+vQXDuteYQ1aspsEKLQ6b+NknO88QSbRJw53+KeOY2xe7PKOa4V89XnFFBF7wljRnIYrM8vvcqVQDk 105194875227030598769888785590198577650278341586165110611689226597424766274486797264032300493674927704016605741286512271390703088626381669060095573361828932336327125438452066548897528158329044309005232090053420259033538936293519762277428283316506398965916381374819450858053512398634116052299066189424983605476 AIDRnUpBHepjBqYAlU4MG/8JxzX1mPxVNHpWvnEVgvqTQx/bisFPpXrYs3jAKIR/lzevYwhH0K/8Vvw4NK9iTMFqgSnU44AZztKsoxUXsEsl1UU56UscY5C7ciKU6vjjWI7nm/uHNOXdE82TQXkk2WX8ferNqZU5DaLFCb+zxb7w 90459642084794142567976043425270153270545560059973413835786695756473295513758287577749768786155290305189883600338986370836806413936196854410098516254596146039255388020628703824195128439558127783534033672712705194483515442668075394018677699876614329419492391568463215822656901183478205197671375262145069825776 AIdvVNzJqWPgAShvi3GhbhMQft+SLigKGrhoqas2Saz/bA9u9Td6fAxa2LjrAqshW6cnm2aalc3Yv6RW/Y8vg7Ho31NSaRjT4zMUenykcC0/Y88UNxREi85wdnHwGytms6Lq49H8/7EFGJIyL1PLRWPmZn6XFkegscI/HUq/hiKm 95105613103051650721863964216778532448106311156426028879315612217763044797186635476805213120469258258125661666950525364331551671653846368977016286153840829836509696804585927581668281228810410814602664419962214359687545209312836366693384158782798559255789953908588601637765910472073600954502095647132310971046 DdchOPjXrI6lpV84IdKCisPmdqZan8AARXRLADEhixsfXCYuO+WhNatI/fM1vgv+/TxwwIQjIfG1vOZcB36JUfjHYdItYQ70vUXaVFdpqvoBGyfOTU50Ds/11iGPCF8mWiQwR30/XAXytqDZtaVJVWsgHD3RigBSnSHhnvZAWYg= 9719024770319024562623340689338530708271347986326272393419504304391837979619189392867902307307106771234732135400958362219711925045600118964223238147375808749507928768896918369395426933218443166133187066167663170936604731896932630589251946733237697936733924510107175304126061649311812536190882160340308613512 I+Z6rdTOt26/v3dtUP1plITb15fjb6aMDvqFS3AD1+nxBqnnk7ISGE9j6dv762EIWQpMzcCG5NCCq35KOHEwRXP28zup6olOMt3CBFgYVcBE2pWOpGiO19G/iFweYZXZPY5HgIkex7HBbb7l6HhomPc2sLL/IRhh2oogyHx2JMM= 25210054612455888156900839678249806510561198051210010474517915819801056434402727631042894881559517808906460418029149538469607239850657781476308872923928122553395468026744382526167194202058040459679991391557937527079948356545086684521068912222036707113005006607012596093923970784177288565193670152033981048003 ALbBoyelCs4UkfnPjMT3S67ujhBHBEE0uxLx6kSGZq2IOMU/QdWYPFElRgYC/y++334FSEycjS6NAJJo2ITpZCO5AjNJ93J3WYgbDLiwu1VzKHX6ItfFNEk45km+QTi07+pDKcKNd1k0mxqpLd/PuZd5hRpPDDoKBb6i+mrCb2yF 128335905497646745013379107761994003743181143126608677203818152878840562628631384684712779135591095534911406031545494164782375276574093777950840330452805743803067864740000758175436633463846967335728314347497013853264454015790847388463800323796888198433722196292529074568758149650782323407298620158495364705413 ANwlxEkeqmqYTxw1ZwMi1v2wo4ntPaEYZYoTLTJQfa+kuIksnHW9va243HAiOixd+rviVdm1dEwzESBbX0wiJNtRBpP+bnRxy4xOBjNoOB0c/tfka5JVwu5eeskyHx4V3inLviUaj86Yck42n5NaJFMfBvhzVftZ/YF9WBITI8g6 154592850289860621115358362871905683265658659789986179554827712019629689749439795961607030363152337159590319622241556795951071651584979664762468782303706550885785493534656062553770262954861884613383561063525714923031691298088562054236178003658891902606245782350998076658704876516153027797371814038658244397114 openid-php-openid-782224d/Tests/Auth/OpenID/data/openid.html000066400000000000000000000005671136636734100235270ustar00rootroot00000000000000 Identity Page for Smoker

foo

openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid.html000066400000000000000000000005671136636734100264640ustar00rootroot00000000000000 Identity Page for Smoker

foo

openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2.html000066400000000000000000000005731136636734100265430ustar00rootroot00000000000000 Identity Page for Smoker

foo

openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds.xml000066400000000000000000000005501136636734100274320ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/signon http://www.myopenid.com/server http://smoker.myopenid.com/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds_no_local_id.xml000066400000000000000000000004631136636734100317570ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/signon http://www.myopenid.com/server openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2.html000066400000000000000000000006311136636734100277370ustar00rootroot00000000000000 Identity Page for Smoker

foo

openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds.xml000066400000000000000000000010241136636734100306300ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/signon http://openid.net/signon/1.1 http://www.myopenid.com/server http://smoker.myopenid.com/ http://smoker.myopenid.com/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds_bad_delegate.xml000066400000000000000000000011111136636734100332650ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/signon http://openid.net/signon/1.0 http://openid.net/signon/1.1 http://www.myopenid.com/server http://smoker.myopenid.com/ http://localid.mismatch.invalid/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_and_yadis.html000066400000000000000000000007111136636734100304660ustar00rootroot00000000000000 Identity Page for Smoker

foo

openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_no_delegate.html000066400000000000000000000004611136636734100310030ustar00rootroot00000000000000 Identity Page for Smoker

foo

openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_ssl.xml000066400000000000000000000011731136636734100271730ustar00rootroot00000000000000 http://openid.net/signon/1.0 http://nossl.vroom.unittest/server http://smoker.myopenid.com/ http://openid.net/signon/1.0 https://ssl.vroom.unittest/server http://smoker.myopenid.com/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_0entries.xml000066400000000000000000000005161136636734100277560ustar00rootroot00000000000000 http://is-not-openid.unittest/ http://noffing.unittest./ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2_bad_local_id.xml000066400000000000000000000007311136636734100310210ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/signon http://www.myopenid.com/server http://smoker.myopenid.com/ http://localid.mismatch.invalid/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_delegate.xml000066400000000000000000000012541136636734100316120ustar00rootroot00000000000000 =!1000 http://openid.net/signon/1.0 http://www.myopenid.com/server http://smoker.myopenid.com/ http://openid.net/signon/1.0 http://www.livejournal.com/openid/server.bml http://frank.livejournal.com/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_idp.xml000066400000000000000000000011711136636734100306120ustar00rootroot00000000000000 =!1000 http://specs.openid.net/auth/2.0/signon http://www.myopenid.com/server http://smoker.myopenid.com/ http://specs.openid.net/auth/2.0/server http://www.livejournal.com/openid/server.bml openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_another_delegate.xml000066400000000000000000000006421136636734100315170ustar00rootroot00000000000000 http://openid.net/signon/1.0 http://vroom.unittest/server http://smoker.myopenid.com/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp.xml000066400000000000000000000005511136636734100270000ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/server http://www.myopenid.com/server openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp_delegate.xml000066400000000000000000000006401136636734100306310ustar00rootroot00000000000000 http://specs.openid.net/auth/2.0/server http://www.myopenid.com/server http://smoker.myopenid.com/ openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_no_delegate.xml000066400000000000000000000004501136636734100304700ustar00rootroot00000000000000 http://openid.net/signon/1.0 http://www.myopenid.com/server openid-php-openid-782224d/Tests/Auth/OpenID/data/trustroot.txt000066400000000000000000000131751136636734100242100ustar00rootroot00000000000000======================================== Trust root parsing checking ======================================== ---------------------------------------- 20: Does not parse ---------------------------------------- baz.org *.foo.com http://*.schtuff.*/ ftp://foo.com ftp://*.foo.com http://*.foo.com:80:90/ foo.*.com http://foo.*.com http://www.* http://*foo.com/ http://foo.com\/ http://localhost:1900foo/ http://foo.com/invalid#fragment http://π.pi.com/ http://lambda.com/Λ 5 http:/// ---------------------------------------- 15: Insane ---------------------------------------- http://*/ https://*/ http://*.com http://*.com/ https://*.com/ http://*.com.au/ http://*.co.uk/ http://*.foo.notatld/ https://*.foo.notatld/ http://*.museum/ https://*.museum/ http://www.schtuffcom/ http://it/ http://..it/ http://.it/ ---------------------------------------- 18: Sane ---------------------------------------- http://*.schtuff.com./ http://*.schtuff.com/ http://*.foo.schtuff.com/ http://*.schtuff.com http://www.schtuff.com/ http://www.schtuff.com./ http://www.schutff.com http://*.this.that.schtuff.com/ http://*.foo.com/path http://*.foo.com/path?action=foo2 http://x.foo.com/path?action=foo2 http://x.foo.com/path?action=%3D http://localhost:8081/ http://localhost:8082/?action=openid https://foo.com/ http://kink.fm/should/be/sane http://beta.lingu.no/ http://goathack.livejournal.org:8020/openid/login.bml ======================================== return_to matching ======================================== ---------------------------------------- 45: matches ---------------------------------------- http://foo.com/ HTTP://foo.com/ http://*/ http://cnn.com/ http://*/ http://livejournal.com/ http://*/ http://met.museum/ http://*:8081/ http://met.museum:8081/ http://localhost:8081/x?action=openid http://localhost:8081/x?action=openid http://*.foo.com http://b.foo.com http://*.foo.com http://b.foo.com/ http://*.foo.com/ http://b.foo.com http://b.foo.com http://b.foo.com http://b.foo.com http://b.foo.com/ http://b.foo.com/ http://b.foo.com http://*.b.foo.com http://b.foo.com http://*.b.foo.com http://b.foo.com/ http://*.b.foo.com/ http://b.foo.com http://*.b.foo.com http://x.b.foo.com http://*.b.foo.com http://w.x.b.foo.com http://*.bar.co.uk http://www.bar.co.uk http://*.uoregon.edu http://x.cs.uoregon.edu http://x.com/abc http://x.com/abc http://127.1/abc http://127.1/abc http://10.0.0.1/abc http://10.0.0.1/abc http://x.com/abc http://x.com/abc/def http://*.x.com http://x.com/gallery http://*.x.com http://foo.x.com/gallery http://foo.x.com http://foo.x.com/gallery/xxx http://*.x.com/gallery http://foo.x.com/gallery http://localhost:8082/?action=openid http://localhost:8082/?action=openid http://goathack.livejournal.org:8020/ http://goathack.livejournal.org:8020/openid/login.bml https://foo.com https://foo.com http://Foo.com http://foo.com http://foo.com http://Foo.com http://foo.com:80/ http://foo.com/ http://foo.com/?x=y http://foo.com/?x=y&a=b http://foo.com/x http://foo.com/x?y http://mylid.net/j3h. http://mylid.net/j3h.?x=y http://j3h.us http://j3h.us?ride=unicycle https://www.filmclans.com:443/mattmartin/FilmClans https://www.filmclans.com/mattmartin/FilmClans/Logon.aspx?nonce=BVjqSOee http://foo.com:80 http://foo.com http://foo.com http://foo.com:80 http://foo.com http://foo.com/ http://foo.com/ http://foo.com http://foo.com/ http://foo.com:80 http://foo.com:80/ http://foo.com:80/stuff http://foo.com:80/ http://foo.com/stuff ---------------------------------------- 24: does not match ---------------------------------------- http://*/ ftp://foo.com/ http://*/ xxx http://*.x.com/abc http://foo.x.com http://*.x.com/abc http://*.x.com http://*.com/ http://*.com/ http://x.com/abc http://x.com/ http://x.com/abc http://x.com/a http://x.com/abc http://x.com/ab http://x.com/abc http://x.com/abcd http://*.cs.uoregon.edu http://x.uoregon.edu http://*.foo.com http://bar.com http://*.foo.com http://www.bar.com http://*.bar.co.uk http://xxx.co.uk https://foo.com http://foo.com http://foo.com https://foo.com http://foo.com:81 http://foo.com:80 http://*:80 http://foo.com:81 http://foo.com/?a=b http://foo.com/?x=y http://foo.com/?a=b http://foo.com/?x=y&a=b http://foo.com/?a=b http://foo.com/ http://*.oo.com/ http://foo.com/ http://foo.com/* http://foo.com/anything http://foo.com http://foo.com:443 https://foo.com https://foo.com:80 openid-php-openid-782224d/Tests/Auth/OpenID/data/urinorm.txt000066400000000000000000000032661136636734100236160ustar00rootroot00000000000000Already normal form http://example.com/ http://example.com/ Add a trailing slash http://example.com http://example.com/ Remove an empty port segment http://example.com:/ http://example.com/ Remove a default port segment http://example.com:80/ http://example.com/ Capitalization in host names http://wWw.exaMPLE.COm/ http://www.example.com/ Capitalization in scheme names htTP://example.com/ http://example.com/ Capitalization in percent-escaped reserved characters http://example.com/foo%2cbar http://example.com/foo%2Cbar Unescape percent-encoded unreserved characters http://example.com/foo%2Dbar%2dbaz http://example.com/foo-bar-baz remove_dot_segments example 1 http://example.com/a/b/c/./../../g http://example.com/a/g remove_dot_segments example 2 http://example.com/mid/content=5/../6 http://example.com/mid/6 remove_dot_segments: single-dot http://example.com/a/./b http://example.com/a/b remove_dot_segments: double-dot http://example.com/a/../b http://example.com/b remove_dot_segments: leading double-dot http://example.com/../b http://example.com/b remove_dot_segments: trailing single-dot http://example.com/a/. http://example.com/a/ remove_dot_segments: trailing double-dot http://example.com/a/.. http://example.com/ remove_dot_segments: trailing single-dot-slash http://example.com/a/./ http://example.com/a/ remove_dot_segments: trailing double-dot-slash http://example.com/a/../ http://example.com/ Test of all kinds of syntax-based normalization hTTPS://a/./b/../b/%63/%7bfoo%7d https://a/b/c/%7Bfoo%7D Unsupported scheme ftp://example.com/ fail Non-absolute URI http:/foo fail Illegal character in URI http://.com/ fail Non-ascii character in URI http://foo.com/ failopenid-php-openid-782224d/Tests/Auth/Yadis/000077500000000000000000000000001136636734100203755ustar00rootroot00000000000000openid-php-openid-782224d/Tests/Auth/Yadis/DiscoverData.php000066400000000000000000000113071136636734100234600ustar00rootroot00000000000000', $example_xrds), array('YADIS_HEADER', 'X-XRDS-Location'), array('NAME', $test_name)); foreach ($mapping as $pair) { list($k, $v) = $pair; $template = str_replace($k, $v, $template); } return $template; } function generateSample($test_name, $base_url, $_example_xrds = null, $filename = null) { global $example_xrds, $default_test_file; if ($_example_xrds === null) { $_example_xrds = $example_xrds; } if ($filename === null) { $filename = $default_test_file; } $template = getData($filename, $test_name); if ($template === null) { return null; } return fillTemplate($test_name, $template, $base_url, $_example_xrds); } function generateResult($base_url, $input_name, $id_name, $result_name, $success) { $input_url = $base_url . $input_name; // urlparse.urljoin(base_url, input_name) // If the name is null then we expect the protocol to fail, which // we represent by null if ($id_name === null) { // assert result_name is null return array($input_url, null); // DiscoveryFailure } $result = generateSample($result_name, $base_url); list($headers, $content) = explode("\n\n", $result, 2); $header_lines = explode("\n", $headers); $ctype = null; foreach ($header_lines as $header_line) { if (strpos($header_line, 'Content-Type:') === 0) { list($temp, $ctype) = explode(":", $header_line, 2); $ctype = trim($ctype); break; } } $id_url = $base_url . $id_name; $result = new Auth_Yadis_Yadis(); $result->uri = $id_url; if ($success) { $result->xrds_uri = $base_url . $result_name; } else { $result->xrds_uri = null; } $result->content_type = $ctype; $result->body = $content; return array($input_url, $result); } openid-php-openid-782224d/Tests/Auth/Yadis/Discover_Yadis.php000066400000000000000000000161111136636734100240150ustar00rootroot00000000000000base_url = $base_url; } function get($url, $headers = null) { $current_url = $url; while (true) { $parsed = parse_url($current_url); $path = substr($parsed['path'], 1); $data = generateSample($path, $this->base_url); if ($data === null) { return new Auth_Yadis_HTTPResponse($current_url, 404, array(), ''); } $response = mkResponse($data); if (in_array($response->status, array(301, 302, 303, 307))) { $current_url = $response->headers['location']; } else { $response->final_url = $current_url; return $response; } } } } class BlankContentTypeFetcher { function get($url, $headers=null) { return new Auth_Yadis_HTTPResponse( $url, 200, array("Content-Type" => ""), ''); } } class NoContentTypeFetcher { function get($url, $headers=null) { return new Auth_Yadis_HTTPResponse($url, 200, array(), ''); } } class MockFetcher { function MockFetcher() { $this->count = 0; } function get($uri, $headers = null, $body = null) { $this->count++; if ($this->count == 1) { $headers = array(strtolower('X-XRDS-Location') . ': http://unittest/404'); return new Auth_Yadis_HTTPResponse($uri, 200, $headers, ''); } else { return new Auth_Yadis_HTTPResponse($uri, 404); } } } class TestSecondGet extends PHPUnit_Framework_TestCase { function test_404() { $uri = "http://something.unittest/"; $response = null; $fetcher = new MockFetcher(); $this->assertTrue( Auth_Yadis_Yadis::discover($uri, $response, $fetcher) === null); } } class _TestCase extends PHPUnit_Framework_TestCase { var $base_url = 'http://invalid.unittest/'; function _TestCase($input_name, $id_name, $result_name, $success) { parent::__construct(); $this->input_name = $input_name; $this->id_name = $id_name; $this->result_name = $result_name; $this->success = $success; $this->fetcher = new TestFetcher($this->base_url); } function setUp() { list($this->input_url, $this->expected) = generateResult($this->base_url, $this->input_name, $this->id_name, $this->result_name, $this->success); } function runTest() { if ($this->expected === null) { $result = Auth_Yadis_Yadis::discover($this->input_url, $this->fetcher); $this->assertTrue($result->isFailure()); } else { $result = Auth_Yadis_Yadis::discover($this->input_url, $this->fetcher); if ($result === null) { $this->fail("Discovery result was null"); return; } $this->assertEquals($this->input_url, $result->request_uri); $msg = 'Identity URL mismatch: actual = %s, expected = %s'; $msg = sprintf($msg, $result->normalized_uri, $this->expected->uri); $this->assertEquals($this->expected->uri, $result->normalized_uri, $msg); $msg = 'Content mismatch: actual = %s, expected = %s'; $msg = sprintf($msg, $result->response_text, $this->expected->body); $this->assertEquals($this->expected->body, $result->response_text, $msg); $this->assertEquals($this->expected->xrds_uri, $result->xrds_uri); $this->assertEquals($this->expected->content_type, $result->content_type); } } function getName() { if ($this->input_url) { return $this->input_url; } else { return $this->input_name; } } } class Tests_Auth_Yadis_Discover_Yadis extends PHPUnit_Framework_TestSuite { function getName() { return "Tests_Auth_Yadis_Discover_Yadis"; } function Tests_Auth_Yadis_Discover_Yadis() { global $testlist; foreach ($testlist as $test) { list($success, $input_name, $id_name, $result_name) = $test; $this->addTest(new _TestCase($input_name, $id_name, $result_name, $success)); } } } class Tests_Auth_Yadis_Discover_Yadis_ContentTypes extends PHPUnit_Framework_TestCase { function test_is_xrds_yadis_location() { $result = new Auth_Yadis_DiscoveryResult('http://request.uri/'); $result->normalized_uri = "http://normalized/"; $result->xrds_uri = "http://normalized/xrds"; $this->assertTrue($result->isXRDS()); } function test_is_xrds_content_type() { $result = new Auth_Yadis_DiscoveryResult('http://request.uri/'); $result->normalized_uri = $result->xrds_uri = "http://normalized/"; $result->content_type = Auth_Yadis_CONTENT_TYPE; $this->assertTrue($result->isXRDS()); } function test_is_xrds_neither() { $result = new Auth_Yadis_DiscoveryResult('http://request.uri/'); $result->normalized_uri = $result->xrds_uri = "http://normalized/"; $result->content_type = "another/content-type"; $this->assertTrue(!$result->isXRDS()); } function test_no_content_type() { $fetcher = new NoContentTypeFetcher(); $result = Auth_Yadis_Yadis::discover("http://bogus", $fetcher); $this->assertEquals(null, $result->content_type); } function test_blank_content_type() { $fetcher = new BlankContentTypeFetcher(); $result = Auth_Yadis_Yadis::discover("http://bogus", $fetcher); $this->assertEquals("", $result->content_type); } } global $Tests_Auth_Yadis_Discover_Yadis_other; $Tests_Auth_Yadis_Discover_Yadis_other = array( new Tests_Auth_Yadis_Discover_Yadis_ContentTypes() ); openid-php-openid-782224d/Tests/Auth/Yadis/ParseHTML.php000066400000000000000000000042321136636734100226460ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ require_once 'Tests/Auth/Yadis/TestUtil.php'; require_once 'Auth/Yadis/ParseHTML.php'; class Tests_Auth_Yadis_ParseTest extends PHPUnit_Framework_TestCase { function Tests_Auth_Yadis_ParseTest($case) { list($result, $comment, $html) = $case; $this->result = $result; $this->comment = $comment; $this->html_string = $html; $this->parser = new Auth_Yadis_ParseHTML(); } function getName() { return $this->comment; } function runTest() { $value = $this->parser->getHTTPEquiv($this->html_string); if ($this->result == "EOF") { $this->assertTrue($value === null); } else if ($this->result == "None") { $this->assertTrue($value === null); } else { $this->assertEquals($this->result, $value); } } } class Tests_Auth_Yadis_ParseHTML extends PHPUnit_Framework_TestSuite { function getName() { return "Tests_Auth_Yadis_Parse"; } function parseTests($s) { $tests = array(); $cases = preg_split("/\f\n/", $s); foreach ($cases as $case) { // Split the case text on newline, and keep the first two // lines and re-join the rest (those are the HTML). $parts = explode("\n", $case); $result = $parts[0]; $html_comment = $parts[1]; $html_string = implode("\n", array_slice($parts, 2)); $tests[] = array($result, $html_comment, $html_string); } return $tests; } function Tests_Auth_Yadis_ParseHTML() { $test_data = Tests_Auth_Yadis_readdata('test1-parsehtml.txt'); $test_cases = $this->parseTests($test_data); foreach ($test_cases as $case) { $this->addTest(new Tests_Auth_Yadis_ParseTest($case)); } } } openid-php-openid-782224d/Tests/Auth/Yadis/TestUtil.php000066400000000000000000000011551136636734100226650ustar00rootroot00000000000000 1, 'pip.xrds' => 2 ); foreach ($files as $filename => $service_count) { $xml = Tests_Auth_Yadis_readdata($filename); $xrds = Auth_Yadis_XRDS::parseXRDS($xml); $this->assertTrue($xrds !== null); if ($xrds) { $this->assertEquals(count($xrds->services()), $service_count); } else { $this->fail("Could not test XRDS service list because the ". "XRDS object is null"); } } } function test_good_multi() { $xml = Tests_Auth_Yadis_readdata("brian.multi.xrds"); $xrds = Auth_Yadis_XRDS::parseXRDS($xml); $this->assertTrue($xrds !== null); $this->assertEquals(count($xrds->services()), 1); $s = $xrds->services(); $s = $s[0]; $types = $s->getTypes(); $this->assertTrue(count($types) == 1); $this->assertEquals('http://openid.net/signon/1.0', $types[0]); } function test_good_uri_multi() { $xml = Tests_Auth_Yadis_readdata("brian.multi_uri.xrds"); $xrds = Auth_Yadis_XRDS::parseXRDS($xml); $this->assertTrue($xrds !== null); $this->assertEquals(1, count($xrds->services())); } function test_uri_sorting() { $xml = Tests_Auth_Yadis_readdata("uri_priority.xrds"); $xrds = Auth_Yadis_XRDS::parseXRDS($xml); $services = $xrds->services(); $uris = $services[0]->getURIs(); $expected_uris = array( "http://zero.priority/", "http://one.priority/", "http://no.priority/" ); $this->assertEquals($uris, $expected_uris); } function test_bad() { $this->assertTrue(Auth_Yadis_XRDS::parseXRDS(null) === null); $this->assertTrue(Auth_Yadis_XRDS::parseXRDS(5) === null); $this->assertTrue(Auth_Yadis_XRDS::parseXRDS('') === null); $this->assertTrue(Auth_Yadis_XRDS::parseXRDS('') === null); $this->assertTrue(Auth_Yadis_XRDS::parseXRDS("\x00") === null); } function test_getCanonicalID() { $canonicalIDtests = array( array("@ootao*test1", "delegated-20060809.xrds", "@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01"), array("@ootao*test1", "delegated-20060809-r1.xrds", "@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01"), array("@ootao*test1", "delegated-20060809-r2.xrds", "@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01"), array("@ootao*test1", "sometimesprefix.xrds", "@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01"), array("@ootao*test1", "prefixsometimes.xrds", "@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01"), array("=keturn*isDrummond", "spoof1.xrds", null), array("=keturn*isDrummond", "spoof2.xrds", null), array("@keturn*is*drummond", "spoof3.xrds", null), // Don't let IRI authorities be canonical for the GCS. array("phreak.example.com", "delegated-20060809-r2.xrds", null) // TODO: Refs // ("@ootao*test.ref", "ref.xrds", "@!BAE.A650.823B.2475") ); foreach ($canonicalIDtests as $tupl) { list($iname, $filename, $expectedID) = $tupl; $xml = Tests_Auth_Yadis_readdata($filename); $xrds = Auth_Yadis_XRDS::parseXRDS($xml); $this->_getCanonicalID($iname, $xrds, $expectedID); } } function _getCanonicalID($iname, $xrds, $expectedID) { if ($expectedID === null) { $result = Auth_Yadis_getCanonicalID($iname, $xrds); if ($result !== false) { $this->fail($iname.' (got '.$result.')'); } } else { $cid = Auth_Yadis_getCanonicalID($iname, $xrds); $this->assertEquals(Auth_Yadis_XRI($expectedID), $cid); } } function test_services_filters() { // First, just be sure that service objects do the right // thing. $xml = Tests_Auth_Yadis_readdata("brian_priority.xrds"); $xrds = Auth_Yadis_XRDS::parseXRDS($xml, array('openid' => 'http://openid.net/xmlns/1.0')); $this->assertTrue($xrds !== null); // Get list of service objects. $services = $xrds->services(); $this->assertEquals(count($services), 2, "first service count"); // Query the two service objecs. $s1 = $services[0]; $this->assertEquals($s1->getPriority(), 1, "first priority check"); $types = $s1->getTypes(); $this->assertEquals(count($types), 1, "first type check"); $s2 = $services[1]; $this->assertEquals($s2->getPriority(), 2, "second priority check"); $types = $s2->getTypes(); $this->assertEquals(count($types), 1, "second type check"); function _DelegateFilter($service) { if ($service->getElements('openid:Delegate')) { return true; } return false; } // Make sure that a filter which matches both DOES match both. $this->assertEquals(count( $xrds->services(array("_DelegateFilter"))), 2, "_DelegateFilter check"); // This filter should match all services in the document. function _HasTypeAndURI($service) { if ($service->getTypes() && $service->getURIs()) { return true; } return false; } // This filter should only match one. function _URIMatchesSchtuff($service) { $uris = $service->getURIs(); foreach ($uris as $uri) { if (preg_match("|schtuff|", $uri)) { return true; } } return false; } // This filter should only match one. function _URIMatchesMyOpenID($service) { $uris = $service->getURIs(); foreach ($uris as $uri) { if (preg_match("|myopenid|", $uri)) { return true; } } return false; } // Make sure a pair of filters in ALL mode only match one service. $this->assertEquals(count( $xrds->services(array("_HasTypeAndURI", "_URIMatchesSchtuff"), SERVICES_YADIS_MATCH_ALL)), 1, "_HasTypeAndURI / _URIMatchesSchtuff check"); // Make sure a pair of filters in ALL mode only match one service. $this->assertEquals(count( $xrds->services(array("_HasTypeAndURI", "_URIMatchesMyOpenID"), SERVICES_YADIS_MATCH_ALL)), 1, "_HasTypeAndURI / _URIMatchesMyOpenID check"); // Make sure a pair of filters in ANY mode matches both services. $this->assertEquals(count( $xrds->services(array("_URIMatchesMyOpenID", "_URIMatchesSchtuff"))), 2, "_URIMatchesMyOpenID / _URIMatchesSchtuff check"); // Make sure the order of the services returned (when using // filters) is correct. $s = $xrds->services(array("_URIMatchesMyOpenID", "_URIMatchesSchtuff")); $this->assertTrue($s[0]->getPriority() === 1, "s[0] priority check"); $this->assertTrue($s[1]->getPriority() === 2, "s[1] priority check"); // Make sure a bad filter mode gets us a null service list. $this->assertTrue($xrds->services(array("_URIMatchesMyOpenID", "_URIMatchesSchtuff"), "bogus") === null, "bogus filter check"); } function test_multisegment_xri() { $xml = Tests_Auth_Yadis_readdata('subsegments.xrds'); $xmldoc = Auth_Yadis_XRDS::parseXRDS($xml); $result = Auth_Yadis_getCanonicalId('xri://=nishitani*masaki', $xmldoc); $this->assertEquals($result, "xri://=!E117.EF2F.454B.C707!0000.0000.3B9A.CA01"); } } openid-php-openid-782224d/Tests/Auth/Yadis/XRI.php000066400000000000000000000124671136636734100215620ustar00rootroot00000000000000 * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ require_once "Auth/Yadis/XRIRes.php"; require_once "Auth/Yadis/XRI.php"; require_once "Auth/Yadis/Yadis.php"; class Tests_Auth_Yadis_XriDiscoveryTestCase extends PHPUnit_Framework_TestCase { function runTest() { $this->assertEquals( Auth_Yadis_identifierScheme('=john.smith'), 'XRI'); $this->assertEquals( Auth_Yadis_identifierScheme(''), 'URI'); $this->assertEquals( Auth_Yadis_identifierScheme('@smiths/john'), 'XRI'); $this->assertEquals( Auth_Yadis_identifierScheme('smoker.myopenid.com'), 'URI'); $this->assertEquals( Auth_Yadis_identifierScheme('xri://=john'), 'XRI'); } } class Tests_Auth_Yadis_XriEscapingTestCase extends PHPUnit_Framework_TestCase { function test_escaping_percents() { $this->assertEquals(Auth_Yadis_escapeForIRI('@example/abc%2Fd/ef'), '@example/abc%252Fd/ef'); } function runTest() { // no escapes $this->assertEquals('@example/foo/(@bar)', Auth_Yadis_escapeForIRI('@example/foo/(@bar)')); // escape slashes $this->assertEquals('@example/foo/(@bar%2Fbaz)', Auth_Yadis_escapeForIRI('@example/foo/(@bar/baz)')); $this->assertEquals('@example/foo/(@bar%2Fbaz)/(+a%2Fb)', Auth_Yadis_escapeForIRI('@example/foo/(@bar/baz)/(+a/b)')); // escape query ? and fragment $this->assertEquals('@example/foo/(@baz%3Fp=q%23r)?i=j#k', Auth_Yadis_escapeForIRI('@example/foo/(@baz?p=q#r)?i=j#k')); } } class Tests_Auth_Yadis_ProxyQueryTestCase extends PHPUnit_Framework_TestCase { function setUp() { $this->proxy_url = 'http://xri.example.com/'; $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $this->proxy = new Auth_Yadis_ProxyResolver($this->fetcher, $this->proxy_url); $this->servicetype = 'xri://+i-service*(+forwarding)*($v*1.0)'; $this->servicetype_enc = 'xri%3A%2F%2F%2Bi-service%2A%28%2Bforwarding%29%2A%28%24v%2A1.0%29'; } function runTest() { $st = $this->servicetype; $ste = $this->servicetype_enc; $args_esc = "_xrd_r=application%2Fxrds%2Bxml&_xrd_t=" . $ste; $h = $this->proxy_url; $this->assertEquals($h . '=foo?' . $args_esc, $this->proxy->queryURL('=foo', $st)); $this->assertEquals($h . '=foo/bar?baz&' . $args_esc, $this->proxy->queryURL('=foo/bar?baz', $st)); $this->assertEquals($h . '=foo/bar?baz=quux&' . $args_esc, $this->proxy->queryURL('=foo/bar?baz=quux', $st)); $this->assertEquals($h . '=foo/bar?mi=fa&so=la&' . $args_esc, $this->proxy->queryURL('=foo/bar?mi=fa&so=la', $st)); $args_esc = "_xrd_r=application%2Fxrds%2Bxml&_xrd_t=" . $ste; $h = $this->proxy_url; $this->assertEquals($h . '=foo/bar??' . $args_esc, $this->proxy->queryURL('=foo/bar?', $st)); $this->assertEquals($h . '=foo/bar????' . $args_esc, $this->proxy->queryURL('=foo/bar???', $st)); } } class Tests_Auth_Yadis_TestGetRootAuthority extends PHPUnit_Framework_TestCase { function runTest() { $xris = array( array("@foo", "@"), array("@foo*bar", "@"), array("@*foo*bar", "@"), array("@foo/bar", "@"), array("!!990!991", "!"), array("!1001!02", "!"), array("=foo*bar", "="), array("(example.com)/foo", "(example.com)"), array("(example.com)*bar/foo", "(example.com)"), array("baz.example.com/foo", "baz.example.com"), array("baz.example.com:8080/foo", "baz.example.com:8080") // Looking at the ABNF in XRI Syntax 2.0, I don't think you can // have example.com*bar. You can do (example.com)*bar, but that // would mean something else. // ("example.com*bar/(=baz)", "example.com*bar"), // ("baz.example.com!01/foo", "baz.example.com!01"), ); foreach ($xris as $tupl) { list($thexri, $expected_root) = $tupl; $this->assertEquals(Auth_Yadis_XRI($expected_root), Auth_Yadis_rootAuthority($thexri), 'rootAuthority test ('.$thexri.')'); } } } class Tests_Auth_Yadis_XRI extends PHPUnit_Framework_TestSuite { function getName() { return "Tests_Auth_Yadis_XRI"; } function Tests_Auth_Yadis_XRI() { $this->addTest(new Tests_Auth_Yadis_ProxyQueryTestCase()); $this->addTest(new Tests_Auth_Yadis_XriEscapingTestCase()); $this->addTest(new Tests_Auth_Yadis_XriDiscoveryTestCase()); $this->addTest(new Tests_Auth_Yadis_TestGetRootAuthority()); } } openid-php-openid-782224d/Tests/Auth/Yadis/Yadis.php000066400000000000000000000046211136636734100221620ustar00rootroot00000000000000input_url = $input_url; $this->redir_uri = $redir_uri; $this->xrds_uri = $xrds_uri; $this->num = $num; } function getName() { return "Yadis discovery test ".$this->num; } function runTest() { $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $y = Auth_Yadis_Yadis::discover( $this->input_url, $fetcher); $this->assertTrue($y !== null); // Compare parts of returned Yadis object to expected URLs. $this->assertEquals($this->redir_uri, $y->normalized_uri, "tried $this->input_url"); if ($this->xrds_uri) { $this->assertEquals($this->xrds_uri, $y->xrds_uri); // Compare contents of actual HTTP GET with that of Yadis // response. $f = Auth_Yadis_Yadis::getHTTPFetcher(); $http_response = $f->get($this->xrds_uri); $this->assertEquals($http_response->body, $y->response_text); } else { $this->assertTrue($y->xrds_uri === null); } } } class Tests_Auth_Yadis_Yadis extends PHPUnit_Framework_TestSuite { function getName() { return "Tests_Auth_Yadis_Yadis"; } function parseTests($data) { $cases = explode("\n", $data); $tests = array(); foreach ($cases as $line) { if ($line && ($line[0] != "#")) { $tests[] = explode("\t", $line, 3); } } return $tests; } function Tests_Auth_Yadis_Yadis() { $test_data = file_get_contents('http://www.openidenabled.com/resources/yadis-test/discover/manifest.txt'); $test_cases = $this->parseTests($test_data); $i = 0; foreach ($test_cases as $case) { $i++; list($input, $redir, $xrds) = $case; $this->addTest(new Tests_Auth_Yadis_DiscoveryTest($input, $redir, $xrds, $i)); } } } openid-php-openid-782224d/Tests/Auth/Yadis/data/000077500000000000000000000000001136636734100213065ustar00rootroot00000000000000openid-php-openid-782224d/Tests/Auth/Yadis/data/README000066400000000000000000000010261136636734100221650ustar00rootroot00000000000000delegated-20060809.xrds - results from proxy.xri.net, determined by Drummond and Kevin to be incorrect. delegated-20060809-r1.xrds - Drummond's 1st correction delegated-20060809-r2.xrds - Drummond's 2nd correction spoofs: keturn's (=!E4)'s attempts to log in with Drummond's i-number (=!D2) spoof1.xrds spoof2.xrds spoof3.xrds - attempt to steal @!C0!D2 by having "at least one" CanonicalID match the $res service ProviderID. ref.xrds - resolving @ootao*test.ref, which refers to a neustar XRI. openid-php-openid-782224d/Tests/Auth/Yadis/data/accept.txt000066400000000000000000000062621136636734100233140ustar00rootroot00000000000000# Accept: [Accept: header value from RFC2616, # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html] # Available: [whitespace-separated content types] # Expected: [Accept-header like list, containing the available content # types with their q-values] Accept: */* Available: text/plain Expected: text/plain; q=1.0 Accept: */* Available: text/plain, text/html Expected: text/plain; q=1.0, text/html; q=1.0 # The order matters Accept: */* Available: text/html, text/plain Expected: text/html; q=1.0, text/plain; q=1.0 Accept: text/*, */*; q=0.9 Available: text/plain, image/jpeg Expected: text/plain; q=1.0, image/jpeg; q=0.9 Accept: text/*, */*; q=0.9 Available: image/jpeg, text/plain Expected: text/plain; q=1.0, image/jpeg; q=0.9 # wildcard subtypes still reject differing main types Accept: text/* Available: image/jpeg, text/plain Expected: text/plain; q=1.0 Accept: text/html Available: text/html Expected: text/html; q=1.0 Accept: text/html, text/* Available: text/html Expected: text/html; q=1.0 Accept: text/html, text/* Available: text/plain, text/html Expected: text/plain; q=1.0, text/html; q=1.0 Accept: text/html, text/*; q=0.9 Available: text/plain, text/html Expected: text/html; q=1.0, text/plain; q=0.9 # If a more specific type has a higher q-value, then the higher value wins Accept: text/*; q=0.9, text/html Available: text/plain, text/html Expected: text/html; q=1.0, text/plain; q=0.9 Accept: */*, text/*; q=0.9, text/html; q=0.1 Available: text/plain, text/html, image/monkeys Expected: image/monkeys; q=1.0, text/plain; q=0.9, text/html; q=0.1 Accept: text/*, text/html; q=0 Available: text/html Expected: Accept: text/*, text/html; q=0 Available: text/html, text/plain Expected: text/plain; q=1.0 Accept: text/html Available: text/plain Expected: Accept: application/xrds+xml, text/html; q=0.9 Available: application/xrds+xml, text/html Expected: application/xrds+xml; q=1.0, text/html; q=0.9 Accept: application/xrds+xml, */*; q=0.9 Available: application/xrds+xml, text/html Expected: application/xrds+xml; q=1.0, text/html; q=0.9 Accept: application/xrds+xml, application/xhtml+xml; q=0.9, text/html; q=0.8, text/xml; q=0.7 Available: application/xrds+xml, text/html Expected: application/xrds+xml; q=1.0, text/html; q=0.8 # See http://www.rfc-editor.org/rfc/rfc3023.txt, section A.13 Accept: application/xrds Available: application/xrds+xml Expected: Accept: application/xrds+xml Available: application/xrds Expected: Accept: application/xml Available: application/xrds+xml Expected: Available: application/xrds+xml Accept: application/xml Expected: ################################################# # The tests below this line are documentation of how this library # works. If the implementation changes, it's acceptable to change the # test to reflect that. These are specified so that we can make sure # that the current implementation actually works the way that we # expect it to given these inputs. Accept: text/html;level=1 Available: text/html Expected: text/html; q=1.0 Accept: text/html; level=1, text/html; level=9; q=0.1 Available: text/html Expected: text/html; q=1.0 Accept: text/html; level=9; q=0.1, text/html; level=1 Available: text/html Expected: text/html; q=1.0 openid-php-openid-782224d/Tests/Auth/Yadis/data/brian.multi.xrds000066400000000000000000000015521136636734100244370ustar00rootroot00000000000000 http://openid.net/signon/1.1 http://www.myopenid.com/server http://frank.myopenid.com/ http://bar.com/ http://bar.com/server http://foo.com http://foo.com/server http://openid.net/signon/1.0 http://www.myopenid.com/server http://brian.myopenid.com/ openid-php-openid-782224d/Tests/Auth/Yadis/data/brian.multi_uri.xrds000066400000000000000000000005501136636734100253130ustar00rootroot00000000000000 http://openid.net/signon/1.0 http://www.myopenid.com/server http://example.com/server openid-php-openid-782224d/Tests/Auth/Yadis/data/brian.xrds000066400000000000000000000006161136636734100233060ustar00rootroot00000000000000 http://openid.net/signon/1.0 http://www.myopenid.com/server http://brian.myopenid.com/ openid-php-openid-782224d/Tests/Auth/Yadis/data/brian_priority.xrds000066400000000000000000000011571136636734100252500ustar00rootroot00000000000000 http://openid.net/signon/1.0 http://www.schtuff.com/?action=openid_server http://users.schtuff.com/brian http://openid.net/signon/1.0 http://www.myopenid.com/server http://brian.myopenid.com/ openid-php-openid-782224d/Tests/Auth/Yadis/data/delegated-20060809-r1.xrds000066400000000000000000000023721136636734100253600ustar00rootroot00000000000000 *ootao 2006-08-09T22:07:13.000Z xri://@ !5BAD.2AA.3C72.AF46 @!5BAD.2AA.3C72.AF46 xri://$res*auth*($v*2.0) xri://!!1003 application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/@ootao/ http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ *test1 SUCCESS xri://!!1003 !0000.0000.3B9A.CA01 @!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01 http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ openid-php-openid-782224d/Tests/Auth/Yadis/data/delegated-20060809-r2.xrds000066400000000000000000000024261136636734100253610ustar00rootroot00000000000000 *ootao 2006-08-09T22:07:13.000Z xri://@ !5BAD.2AA.3C72.AF46 @!5BAD.2AA.3C72.AF46 xri://$res*auth*($v*2.0) xri://@!5BAD.2AA.3C72.AF46 application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/@ootao/ http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ *test1 SUCCESS xri://@!5BAD.2AA.3C72.AF46 !0000.0000.3B9A.CA01 @!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01 http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ openid-php-openid-782224d/Tests/Auth/Yadis/data/delegated-20060809.xrds000066400000000000000000000023421136636734100250350ustar00rootroot00000000000000 *ootao 2006-08-09T22:07:13.000Z xri://@ !5BAD.2AA.3C72.AF46 @!5BAD.2AA.3C72.AF46 xri://$res*auth*($v*2.0) application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/@ootao/ http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ *test1 SUCCESS xri://!!1003 !0000.0000.3B9A.CA01 @!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01 http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ openid-php-openid-782224d/Tests/Auth/Yadis/data/example-xrds.xml000066400000000000000000000004631136636734100244440ustar00rootroot00000000000000 http://example.com/ http://www.openidenabled.com/ openid-php-openid-782224d/Tests/Auth/Yadis/data/no-xrd.xml000066400000000000000000000003351136636734100232400ustar00rootroot00000000000000 openid-php-openid-782224d/Tests/Auth/Yadis/data/not-xrds.xml000066400000000000000000000000571136636734100236100ustar00rootroot00000000000000 openid-php-openid-782224d/Tests/Auth/Yadis/data/pip.xrds000066400000000000000000000010711136636734100227770ustar00rootroot00000000000000 http://openid.net/signon/1.1 http://openid.net/sreg/1.0 https://pip.verisignlabs.com/server http://openid.net/signon/1.0 http://openid.net/sreg/1.0 https://pip.verisignlabs.com/server openid-php-openid-782224d/Tests/Auth/Yadis/data/prefixsometimes.xrds000066400000000000000000000024341136636734100254360ustar00rootroot00000000000000 *ootao 2006-08-09T22:07:13.000Z xri://@ !5BAD.2AA.3C72.AF46 @!5BAD.2AA.3C72.AF46 xri://$res*auth*($v*2.0) xri://@!5BAD.2AA.3C72.AF46 application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/@ootao/ http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ *test1 SUCCESS xri://@!5BAD.2AA.3C72.AF46 !0000.0000.3B9A.CA01 xri://@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01 http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ openid-php-openid-782224d/Tests/Auth/Yadis/data/ref.xrds000066400000000000000000000103031136636734100227610ustar00rootroot00000000000000 *ootao 2006-08-15T18:56:09.000Z xri://@ !5BAD.2AA.3C72.AF46 @!5BAD.2AA.3C72.AF46 xri://$res*auth*($v*2.0) application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/@ootao/ http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ *test.ref SUCCESS xri://!!1003 !0000.0000.3B9A.CA03 @!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA03 @!BAE.A650.823B.2475 http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ !BAE.A650.823B.2475 2006-08-15T18:56:10.000Z xri://@ !BAE.A650.823B.2475 @!BAE.A650.823B.2475 (+wdnc) (+wdnc) http://www.tcpacompliance.us xri://$res*auth*($v*2.0) application/xrds+xml;trust=none http://dev.dready.org/cgi-bin/xri (+i-name) (+i-name) http://www.inames.net xri://+i-service*(+contact)*($v*1.0) xri://!!1001 (+contact) text/html http://www.neustar.biz !BAE.A650.823B.2475 2006-08-15T18:56:10.000Z xri://@ !BAE.A650.823B.2475 @!BAE.A650.823B.2475 (+wdnc) (+wdnc) http://www.tcpacompliance.us xri://$res*auth*($v*2.0) application/xrds+xml;trust=none http://dev.dready.org/cgi-bin/xri (+i-name) (+i-name) http://www.inames.net xri://+i-service*(+contact)*($v*1.0) xri://!!1001 (+contact) text/html http://www.neustar.biz openid-php-openid-782224d/Tests/Auth/Yadis/data/sometimesprefix.xrds000066400000000000000000000024341136636734100254360ustar00rootroot00000000000000 *ootao 2006-08-09T22:07:13.000Z xri://@ !5BAD.2AA.3C72.AF46 xri://@!5BAD.2AA.3C72.AF46 xri://$res*auth*($v*2.0) xri://@!5BAD.2AA.3C72.AF46 application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/@ootao/ http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ *test1 SUCCESS xri://@!5BAD.2AA.3C72.AF46 !0000.0000.3B9A.CA01 @!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01 http://openid.net/signon/1.0 https://linksafe.ezibroker.net/server/ openid-php-openid-782224d/Tests/Auth/Yadis/data/spoof1.xrds000066400000000000000000000012641136636734100234220ustar00rootroot00000000000000 *keturn xri://= !E4 =!E4 xri://$res*auth*($v*2.0) http://keturn.example.com/resolve/ =!E4 *isDrummond =!E4 !D2 =!D2 http://openid.net/signon/1.0 http://keturn.example.com/openid openid-php-openid-782224d/Tests/Auth/Yadis/data/spoof2.xrds000066400000000000000000000012721136636734100234220ustar00rootroot00000000000000 *keturn xri://= !E4 =!E4 xri://$res*auth*($v*2.0) http://keturn.example.com/resolve/ xri://= *isDrummond xri://= !D2 =!D2 http://openid.net/signon/1.0 http://keturn.example.com/openid openid-php-openid-782224d/Tests/Auth/Yadis/data/spoof3.xrds000066400000000000000000000020141136636734100234160ustar00rootroot00000000000000 *keturn xri://@ @E4 @!E4 xri://$res*auth*($v*2.0) http://keturn.example.com/resolve/ @!E4 *is @!E4 !D2 =!C0 =!E4!01 xri://$res*auth*($v*2.0) http://keturn.example.com/resolve/ @!C0 *drummond @!C0 !D2 @!C0!D2 http://openid.net/signon/1.0 http://keturn.example.com/openid openid-php-openid-782224d/Tests/Auth/Yadis/data/subsegments.xrds000066400000000000000000000045621136636734100245560ustar00rootroot00000000000000 *nishitani 2007-12-25T11:33:39.000Z xri://= !E117.EF2F.454B.C707 =!E117.EF2F.454B.C707 http://openid.net/signon/1.0 xri://!!1003!103 https://linksafe.ezibroker.net/server/ xri://$res*auth*($v*2.0) xri://!!1003!103 application/xrds+xml;trust=none http://resolve.ezibroker.net/resolve/=nishitani/ xri://+i-service*(+forwarding)*($v*1.0) xri://!!1003!103 (+index) http://linksafe-forward.ezibroker.net/forwarding/ *masaki SUCCESS xri://!!1003 !0000.0000.3B9A.CA01 =!E117.EF2F.454B.C707!0000.0000.3B9A.CA01 http://openid.net/signon/1.0 xri://!!1003!103 https://linksafe.ezibroker.net/server/ xri://+i-service*(+contact)*($v*1.0) xri://!!1003!103 (+contact) http://linksafe-contact.ezibroker.net/contact/ xri://+i-service*(+forwarding)*($v*1.0) xri://!!1003!103 (+index) http://linksafe-forward.ezibroker.net/forwarding/ openid-php-openid-782224d/Tests/Auth/Yadis/data/test1-discover.txt000066400000000000000000000041321136636734100247230ustar00rootroot00000000000000equiv Status: 200 OK Content-Type: text/html Joe Schmoe's Homepage

Joe Schmoe's Homepage

Blah blah blah blah blah blah blah

header Status: 200 OK Content-Type: text/html YADIS_HEADER: URL_BASE/xrds Joe Schmoe's Homepage

Joe Schmoe's Homepage

Blah blah blah blah blah blah blah

xrds Status: 200 OK Content-Type: application/xrds+xml xrds_ctparam Status: 200 OK Content-Type: application/xrds+xml; charset=UTF8 xrds_ctcase Status: 200 OK Content-Type: appliCATION/XRDS+xml xrds_html Status: 200 OK Content-Type: text/html redir_equiv Status: 302 Found Content-Type: text/plain Location: URL_BASE/equiv You are presently being redirected. redir_header Status: 302 Found Content-Type: text/plain Location: URL_BASE/header You are presently being redirected. redir_xrds Status: 302 Found Content-Type: application/xrds+xml Location: URL_BASE/xrds redir_xrds_html Status: 302 Found Content-Type: text/plain Location: URL_BASE/xrds_html You are presently being redirected. redir_redir_equiv Status: 302 Found Content-Type: text/plain Location: URL_BASE/redir_equiv You are presently being redirected. lowercase_header Status: 200 OK Content-Type: text/html x-xrds-location: URL_BASE/xrds Joe Schmoe's Homepage

Joe Schmoe's Homepage

Blah blah blah blah blah blah blah

404_server_response Status: 404 Not Found EEk! 500_server_response Status: 500 Server error EEk! 201_server_response Status: 201 Created EEk! 404_with_header Status: 404 Not Found YADIS_HEADER: URL_BASE/xrds EEk! 404_with_meta Status: 404 Not Found Content-Type: text/html Joe Schmoe's Homepage

Joe Schmoe's Homepage

Blah blah blah blah blah blah blah

openid-php-openid-782224d/Tests/Auth/Yadis/data/test1-parsehtml.txt000066400000000000000000000066221136636734100251120ustar00rootroot00000000000000found found found found found found found found EOF