Home Explore Help
Sign In
boarspring
/
repo_zf1
mirror of https://github.com/bluescreen/zf1-php7.2.git
2
0
Fork 1
Files Issues 0 Wiki
Tree: 3e9b26c748
Branches Tags
repo_zf1
/
library
/
Zend
/
OpenId
/
Consumer.php

Consumer.php 35 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Zend Framework
    5. 

  5.  *
    6. 

  6.  * LICENSE
    7. 

  7.  *
    8. 

  8.  * This source file is subject to the new BSD license that is bundled
    9. 

  9.  * with this package in the file LICENSE.txt.
    10. 

  10.  * It is also available through the world-wide-web at this URL:
    11. 

  11.  * http://framework.zend.com/license/new-bsd
    12. 

  12.  * If you did not receive a copy of the license and are unable to
    13. 

  13.  * obtain it through the world-wide-web, please send an email
    14. 

  14.  * to license@zend.com so we can send you a copy immediately.
    15. 

  15.  *
    16. 

  16.  * @category   Zend
    17. 

  17.  * @package    Zend_OpenId
    18. 

  18.  * @subpackage Zend_OpenId_Consumer
    19. 

  19.  * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
    20. 

  20.  * @license    http://framework.zend.com/license/new-bsd     New BSD License
    21. 

  21.  * @version    $Id: Consumer.php 24593 2012-01-05 20:35:02Z matthew $
    22. 

  22.  */
    23. 

  23. 

  24. /**
    25. 

  25.  * @see Zend_OpenId
    26. 

  26.  */
    27. 

  27. require_once "Zend/OpenId.php";
    28. 

  28. 

  29. /**
    30. 

  30.  * @see Zend_OpenId_Extension
    31. 

  31.  */
    32. 

  32. require_once "Zend/OpenId/Extension.php";
    33. 

  33. 

  34. /**
    35. 

  35.  * @see Zend_OpenId_Consumer_Storage
    36. 

  36.  */
    37. 

  37. require_once "Zend/OpenId/Consumer/Storage.php";
    38. 

  38. 

  39. /**
    40. 

  40.  * @see Zend_Http_Client
    41. 

  41.  */
    42. 

  42. require_once 'Zend/Http/Client.php';
    43. 

  43. 

  44. /**
    45. 

  45.  * OpenID consumer implementation
    46. 

  46.  *
    47. 

  47.  * @category   Zend
    48. 

  48.  * @package    Zend_OpenId
    49. 

  49.  * @subpackage Zend_OpenId_Consumer
    50. 

  50.  * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
    51. 

  51.  * @license    http://framework.zend.com/license/new-bsd     New BSD License
    52. 

  52.  */
    53. 

  53. class Zend_OpenId_Consumer
    54. 

  54. {
    55. 

  55. 

  56.     /**
    57. 

  57.      * Parameters required for signature
    58. 

  58.      */
    59. 

  59.     protected $_signParams = array('op_endpoint', 'return_to', 'response_nonce', 'assoc_handle');
    60. 

  60. 

  61.     /**
    62. 

  62.      * Reference to an implementation of storage object
    63. 

  63.      *
    64. 

  64.      * @var Zend_OpenId_Consumer_Storage $_storage
    65. 

  65.      */
    66. 

  66.     protected $_storage = null;
    67. 

  67. 

  68.     /**
    69. 

  69.      * Enables or disables consumer to use association with server based on
    70. 

  70.      * Diffie-Hellman key agreement
    71. 

  71.      *
    72. 

  72.      * @var Zend_OpenId_Consumer_Storage $_dumbMode
    73. 

  73.      */
    74. 

  74.     protected $_dumbMode = false;
    75. 

  75. 

  76.     /**
    77. 

  77.      * Internal cache to prevent unnecessary access to storage
    78. 

  78.      *
    79. 

  79.      * @var array $_cache
    80. 

  80.      */
    81. 

  81.     protected $_cache = array();
    82. 

  82. 

  83.     /**
    84. 

  84.      * HTTP client to make HTTP requests
    85. 

  85.      *
    86. 

  86.      * @var Zend_Http_Client $_httpClient
    87. 

  87.      */
    88. 

  88.     private $_httpClient = null;
    89. 

  89. 

  90.     /**
    91. 

  91.      * HTTP session to store climed_id between requests
    92. 

  92.      *
    93. 

  93.      * @var Zend_Session_Namespace $_session
    94. 

  94.      */
    95. 

  95.     private $_session = null;
    96. 

  96. 

  97.     /**
    98. 

  98.      * Last error message for logi, check or verify failure
    99. 

  99.      *
    100. 

  100.      * @var string $_error
    101. 

  101.      */
    102. 

  102.     private $_error = '';
    103. 

  103. 

  104.     /**
    105. 

  105.      * Constructs a Zend_OpenId_Consumer object with given $storage.
    106. 

  106.      * Enables or disables future association with server based on
    107. 

  107.      * Diffie-Hellman key agreement.
    108. 

  108.      *
    109. 

  109.      * @param Zend_OpenId_Consumer_Storage $storage implementation of custom
    110. 

  110.      *  storage object
    111. 

  111.      * @param bool $dumbMode Enables or disables consumer to use association
    112. 

  112.      *  with server based on Diffie-Hellman key agreement
    113. 

  113.      */
    114. 

  114.     public function __construct(Zend_OpenId_Consumer_Storage $storage = null,
    115. 

  115.                                 $dumbMode = false)
    116. 

  116.     {
    117. 

  117.         if ($storage === null) {
    118. 

  118.             require_once "Zend/OpenId/Consumer/Storage/File.php";
    119. 

  119.             $this->_storage = new Zend_OpenId_Consumer_Storage_File();
    120. 

  120.         } else {
    121. 

  121.             $this->_storage = $storage;
    122. 

  122.         }
    123. 

  123.         $this->_dumbMode = $dumbMode;
    124. 

  124.     }
    125. 

  125. 

  126.     /**
    127. 

  127.      * Performs check (with possible user interaction) of OpenID identity.
    128. 

  128.      *
    129. 

  129.      * This is the first step of OpenID authentication process.
    130. 

  130.      * On success the function does not return (it does HTTP redirection to
    131. 

  131.      * server and exits). On failure it returns false.
    132. 

  132.      *
    133. 

  133.      * @param string $id OpenID identity
    134. 

  134.      * @param string $returnTo URL to redirect response from server to
    135. 

  135.      * @param string $root HTTP URL to identify consumer on server
    136. 

  136.      * @param mixed $extensions extension object or array of extensions objects
    137. 

  137.      * @param Zend_Controller_Response_Abstract $response an optional response
    138. 

  138.      *  object to perform HTTP or HTML form redirection
    139. 

  139.      * @return bool
    140. 

  140.      */
    141. 

  141.     public function login($id, $returnTo = null, $root = null, $extensions = null,
    142. 

  142.                           Zend_Controller_Response_Abstract $response = null)
    143. 

  143.     {
    144. 

  144.         return $this->_checkId(
    145. 

  145.             false,
    146. 

  146.             $id,
    147. 

  147.             $returnTo,
    148. 

  148.             $root,
    149. 

  149.             $extensions,
    150. 

  150.             $response);
    151. 

  151.     }
    152. 

  152. 

  153.     /**
    154. 

  154.      * Performs immediate check (without user interaction) of OpenID identity.
    155. 

  155.      *
    156. 

  156.      * This is the first step of OpenID authentication process.
    157. 

  157.      * On success the function does not return (it does HTTP redirection to
    158. 

  158.      * server and exits). On failure it returns false.
    159. 

  159.      *
    160. 

  160.      * @param string $id OpenID identity
    161. 

  161.      * @param string $returnTo HTTP URL to redirect response from server to
    162. 

  162.      * @param string $root HTTP URL to identify consumer on server
    163. 

  163.      * @param mixed $extensions extension object or array of extensions objects
    164. 

  164.      * @param Zend_Controller_Response_Abstract $response an optional response
    165. 

  165.      *  object to perform HTTP or HTML form redirection
    166. 

  166.      * @return bool
    167. 

  167.      */
    168. 

  168.     public function check($id, $returnTo=null, $root=null, $extensions = null,
    169. 

  169.                           Zend_Controller_Response_Abstract $response = null)
    170. 

  170. 

  171.     {
    172. 

  172.         return $this->_checkId(
    173. 

  173.             true,
    174. 

  174.             $id,
    175. 

  175.             $returnTo,
    176. 

  176.             $root,
    177. 

  177.             $extensions,
    178. 

  178.             $response);
    179. 

  179.     }
    180. 

  180. 

  181.     /**
    182. 

  182.      * Verifies authentication response from OpenID server.
    183. 

  183.      *
    184. 

  184.      * This is the second step of OpenID authentication process.
    185. 

  185.      * The function returns true on successful authentication and false on
    186. 

  186.      * failure.
    187. 

  187.      *
    188. 

  188.      * @param array $params HTTP query data from OpenID server
    189. 

  189.      * @param string &$identity this argument is set to end-user's claimed
    190. 

  190.      *  identifier or OpenID provider local identifier.
    191. 

  191.      * @param mixed $extensions extension object or array of extensions objects
    192. 

  192.      * @return bool
    193. 

  193.      */
    194. 

  194.     public function verify($params, &$identity = "", $extensions = null)
    195. 

  195.     {
    196. 

  196.         $this->_setError('');
    197. 

  197. 

  198.         $version = 1.1;
    199. 

  199.         if (isset($params['openid_ns']) &&
    200. 

  200.             $params['openid_ns'] == Zend_OpenId::NS_2_0) {
    201. 

  201.             $version = 2.0;
    202. 

  202.         }
    203. 

  203. 

  204.         if (isset($params["openid_claimed_id"])) {
    205. 

  205.             $identity = $params["openid_claimed_id"];
    206. 

  206.         } else if (isset($params["openid_identity"])){
    207. 

  207.             $identity = $params["openid_identity"];
    208. 

  208.         } else {
    209. 

  209.             $identity = "";
    210. 

  210.         }
    211. 

  211. 

  212.         if ($version < 2.0 && !isset($params["openid_claimed_id"])) {
    213. 

  213.             if ($this->_session !== null) {
    214. 

  214.                 if ($this->_session->identity === $identity) {
    215. 

  215.                     $identity = $this->_session->claimed_id;
    216. 

  216.                 }
    217. 

  217.             } else if (defined('SID')) {
    218. 

  218.                 if (isset($_SESSION["zend_openid"]["identity"]) &&
    219. 

  219.                     isset($_SESSION["zend_openid"]["claimed_id"]) &&
    220. 

  220.                     $_SESSION["zend_openid"]["identity"] === $identity) {
    221. 

  221.                     $identity = $_SESSION["zend_openid"]["claimed_id"];
    222. 

  222.                 }
    223. 

  223.             } else {
    224. 

  224.                 require_once "Zend/Session/Namespace.php";
    225. 

  225.                 $this->_session = new Zend_Session_Namespace("zend_openid");
    226. 

  226.                 if ($this->_session->identity === $identity) {
    227. 

  227.                     $identity = $this->_session->claimed_id;
    228. 

  228.                 }
    229. 

  229.             }
    230. 

  230.         }
    231. 

  231. 

  232.         if (empty($params['openid_mode'])) {
    233. 

  233.             $this->_setError("Missing openid.mode");
    234. 

  234.             return false;
    235. 

  235.         }
    236. 

  236.         if (empty($params['openid_return_to'])) {
    237. 

  237.             $this->_setError("Missing openid.return_to");
    238. 

  238.             return false;
    239. 

  239.         }
    240. 

  240.         if (empty($params['openid_signed'])) {
    241. 

  241.             $this->_setError("Missing openid.signed");
    242. 

  242.             return false;
    243. 

  243.         }
    244. 

  244.         if (empty($params['openid_sig'])) {
    245. 

  245.             $this->_setError("Missing openid.sig");
    246. 

  246.             return false;
    247. 

  247.         }
    248. 

  248.         if ($params['openid_mode'] != 'id_res') {
    249. 

  249.             $this->_setError("Wrong openid.mode '".$params['openid_mode']."' != 'id_res'");
    250. 

  250.             return false;
    251. 

  251.         }
    252. 

  252.         if (empty($params['openid_assoc_handle'])) {
    253. 

  253.             $this->_setError("Missing openid.assoc_handle");
    254. 

  254.             return false;
    255. 

  255.         }
    256. 

  256.         if ($params['openid_return_to'] != Zend_OpenId::selfUrl()) {
    257. 

  257.             /* Ignore query part in openid.return_to */
    258. 

  258.             $pos = strpos($params['openid_return_to'], '?');
    259. 

  259.             if ($pos === false ||
    260. 

  260.                 SUBSTR($params['openid_return_to'], 0 , $pos) != Zend_OpenId::selfUrl()) {
    261. 

  261. 

  262.                 $this->_setError("Wrong openid.return_to '".
    263. 

  263.                     $params['openid_return_to']."' != '" . Zend_OpenId::selfUrl() ."'");
    264. 

  264.                 return false;
    265. 

  265.             }
    266. 

  266.         }
    267. 

  267.         if ($version >= 2.0) {
    268. 

  268.             if (empty($params['openid_response_nonce'])) {
    269. 

  269.                 $this->_setError("Missing openid.response_nonce");
    270. 

  270.                 return false;
    271. 

  271.             }
    272. 

  272.             if (empty($params['openid_op_endpoint'])) {
    273. 

  273.                 $this->_setError("Missing openid.op_endpoint");
    274. 

  274.                 return false;
    275. 

  275.             /* OpenID 2.0 (11.3) Checking the Nonce */
    276. 

  276.             } else if (!$this->_storage->isUniqueNonce($params['openid_op_endpoint'], $params['openid_response_nonce'])) {
    277. 

  277.                 $this->_setError("Duplicate openid.response_nonce");
    278. 

  278.                 return false;
    279. 

  279.             }
    280. 

  280.         }
    281. 

  281. 

  282.         if (!empty($params['openid_invalidate_handle'])) {
    283. 

  283.             if ($this->_storage->getAssociationByHandle(
    284. 

  284.                 $params['openid_invalidate_handle'],
    285. 

  285.                 $url,
    286. 

  286.                 $macFunc,
    287. 

  287.                 $secret,
    288. 

  288.                 $expires)) {
    289. 

  289.                 $this->_storage->delAssociation($url);
    290. 

  290.             }
    291. 

  291.         }
    292. 

  292. 

  293.         if ($this->_storage->getAssociationByHandle(
    294. 

  294.                 $params['openid_assoc_handle'],
    295. 

  295.                 $url,
    296. 

  296.                 $macFunc,
    297. 

  297.                 $secret,
    298. 

  298.                 $expires)) {
    299. 

  299.             // Security fix - check the association bewteen op_endpoint and assoc_handle
    300. 

  300.             if (isset($params['openid_op_endpoint']) && $url !== $params['openid_op_endpoint']) {
    301. 

  301.                 $this->_setError("The op_endpoint URI is not the same of URI associated with the assoc_handle");
    302. 

  302.                 return false;
    303. 

  303.             }       
    304. 

  304.             $signed = explode(',', $params['openid_signed']);
    305. 

  305.             // Check the parameters for the signature
    306. 

  306.             // @see https://openid.net/specs/openid-authentication-2_0.html#positive_assertions
    307. 

  307.             $toCheck = $this->_signParams;
    308. 

  308.             if (isset($params['openid_claimed_id']) && isset($params['openid_identity'])) {
    309. 

  309.                 $toCheck = array_merge($toCheck, array('claimed_id', 'identity'));
    310. 

  310.             }
    311. 

  311.             foreach ($toCheck as $param) {
    312. 

  312.                 if (!in_array($param, $signed, true)) {
    313. 

  313.                     $this->_setError("The required parameter $param is missing in the signed");
    314. 

  314.                     return false;
    315. 

  315.                 }
    316. 

  316.             }
    317. 

  317.             
    318. 

  318.             $data = '';
    319. 

  319.             foreach ($signed as $key) {
    320. 

  320.                 $data .= $key . ':' . $params['openid_' . strtr($key,'.','_')] . "\n";
    321. 

  321.             }
    322. 

  322.             if (base64_decode($params['openid_sig']) ==
    323. 

  323.                 Zend_OpenId::hashHmac($macFunc, $data, $secret)) {
    324. 

  324.                 if (!Zend_OpenId_Extension::forAll($extensions, 'parseResponse', $params)) {
    325. 

  325.                     $this->_setError("Extension::parseResponse failure");
    326. 

  326.                     return false;
    327. 

  327.                 }
    328. 

  328.                 /* OpenID 2.0 (11.2) Verifying Discovered Information */
    329. 

  329.                 if (isset($params['openid_claimed_id'])) {
    330. 

  330.                     $id = $params['openid_claimed_id'];
    331. 

  331.                     if (!Zend_OpenId::normalize($id)) {
    332. 

  332.                         $this->_setError("Normalization failed");
    333. 

  333.                         return false;
    334. 

  334.                     } else if (!$this->_discovery($id, $discovered_server, $discovered_version)) {
    335. 

  335.                         $this->_setError("Discovery failed: " . $this->getError());
    336. 

  336.                         return false;
    337. 

  337.                     } else if ((!empty($params['openid_identity']) &&
    338. 

  338.                                 $params["openid_identity"] != $id) ||
    339. 

  339.                                (!empty($params['openid_op_endpoint']) &&
    340. 

  340.                                 $params['openid_op_endpoint'] != $discovered_server) ||
    341. 

  341.                                $discovered_version != $version) {
    342. 

  342.                         $this->_setError("Discovery information verification failed");
    343. 

  343.                         return false;
    344. 

  344.                     }
    345. 

  345.                 }
    346. 

  346.                 return true;
    347. 

  347.             }
    348. 

  348.             $this->_storage->delAssociation($url);
    349. 

  349.             $this->_setError("Signature check failed");
    350. 

  350.             return false;
    351. 

  351.         }
    352. 

  352.         else
    353. 

  353.         {
    354. 

  354.             /* Use dumb mode */
    355. 

  355.             if (isset($params['openid_claimed_id'])) {
    356. 

  356.                 $id = $params['openid_claimed_id'];
    357. 

  357.             } else if (isset($params['openid_identity'])) {
    358. 

  358.                 $id = $params['openid_identity'];
    359. 

  359.             } else {
    360. 

  360.                 $this->_setError("Missing openid.claimed_id and openid.identity");
    361. 

  361.                 return false;
    362. 

  362.             }
    363. 

  363. 

  364.             if (!Zend_OpenId::normalize($id)) {
    365. 

  365.                 $this->_setError("Normalization failed");
    366. 

  366.                 return false;
    367. 

  367.             } else if (!$this->_discovery($id, $server, $discovered_version)) {
    368. 

  368.                 $this->_setError("Discovery failed: " . $this->getError());
    369. 

  369.                 return false;
    370. 

  370.             }
    371. 

  371. 

  372.             /* OpenID 2.0 (11.2) Verifying Discovered Information */
    373. 

  373.             if ((isset($params['openid_identity']) &&
    374. 

  374.                  $params["openid_identity"] != $id) ||
    375. 

  375.                 (isset($params['openid_op_endpoint']) &&
    376. 

  376.                  $params['openid_op_endpoint'] != $server) ||
    377. 

  377.                 $discovered_version != $version) {
    378. 

  378.                 $this->_setError("Discovery information verification failed");
    379. 

  379.                 return false;
    380. 

  380.             }
    381. 

  381. 

  382.             $params2 = array();
    383. 

  383.             foreach ($params as $key => $val) {
    384. 

  384.                 if (strpos($key, 'openid_ns_') === 0) {
    385. 

  385.                     $key = 'openid.ns.' . substr($key, strlen('openid_ns_'));
    386. 

  386.                 } else if (strpos($key, 'openid_sreg_') === 0) {
    387. 

  387.                     $key = 'openid.sreg.' . substr($key, strlen('openid_sreg_'));
    388. 

  388.                 } else if (strpos($key, 'openid_') === 0) {
    389. 

  389.                     $key = 'openid.' . substr($key, strlen('openid_'));
    390. 

  390.                 }
    391. 

  391.                 $params2[$key] = $val;
    392. 

  392.             }
    393. 

  393.             $params2['openid.mode'] = 'check_authentication';
    394. 

  394.             $ret = $this->_httpRequest($server, 'POST', $params2, $status);
    395. 

  395.             if ($status != 200) {
    396. 

  396.                 $this->_setError("'Dumb' signature verification HTTP request failed");
    397. 

  397.                 return false;
    398. 

  398.             }
    399. 

  399.             $r = array();
    400. 

  400.             if (is_string($ret)) {
    401. 

  401.                 foreach(explode("\n", $ret) as $line) {
    402. 

  402.                     $line = trim($line);
    403. 

  403.                     if (!empty($line)) {
    404. 

  404.                         $x = explode(':', $line, 2);
    405. 

  405.                         if (is_array($x) && count($x) == 2) {
    406. 

  406.                             list($key, $value) = $x;
    407. 

  407.                             $r[trim($key)] = trim($value);
    408. 

  408.                         }
    409. 

  409.                     }
    410. 

  410.                 }
    411. 

  411.             }
    412. 

  412.             $ret = $r;
    413. 

  413.             if (!empty($ret['invalidate_handle'])) {
    414. 

  414.                 if ($this->_storage->getAssociationByHandle(
    415. 

  415.                     $ret['invalidate_handle'],
    416. 

  416.                     $url,
    417. 

  417.                     $macFunc,
    418. 

  418.                     $secret,
    419. 

  419.                     $expires)) {
    420. 

  420.                     $this->_storage->delAssociation($url);
    421. 

  421.                 }
    422. 

  422.             }
    423. 

  423.             if (isset($ret['is_valid']) && $ret['is_valid'] == 'true') {
    424. 

  424.                 if (!Zend_OpenId_Extension::forAll($extensions, 'parseResponse', $params)) {
    425. 

  425.                     $this->_setError("Extension::parseResponse failure");
    426. 

  426.                     return false;
    427. 

  427.                 }
    428. 

  428.                 return true;
    429. 

  429.             }
    430. 

  430.             $this->_setError("'Dumb' signature verification failed");
    431. 

  431.             return false;
    432. 

  432.         }
    433. 

  433.     }
    434. 

  434. 

  435.     /**
    436. 

  436.      * Store assiciation in internal chace and external storage
    437. 

  437.      *
    438. 

  438.      * @param string $url OpenID server url
    439. 

  439.      * @param string $handle association handle
    440. 

  440.      * @param string $macFunc HMAC function (sha1 or sha256)
    441. 

  441.      * @param string $secret shared secret
    442. 

  442.      * @param integer $expires expiration UNIX time
    443. 

  443.      * @return void
    444. 

  444.      */
    445. 

  445.     protected function _addAssociation($url, $handle, $macFunc, $secret, $expires)
    446. 

  446.     {
    447. 

  447.         $this->_cache[$url] = array($handle, $macFunc, $secret, $expires);
    448. 

  448.         return $this->_storage->addAssociation(
    449. 

  449.             $url,
    450. 

  450.             $handle,
    451. 

  451.             $macFunc,
    452. 

  452.             $secret,
    453. 

  453.             $expires);
    454. 

  454.     }
    455. 

  455. 

  456.     /**
    457. 

  457.      * Retrive assiciation information for given $url from internal cahce or
    458. 

  458.      * external storage
    459. 

  459.      *
    460. 

  460.      * @param string $url OpenID server url
    461. 

  461.      * @param string &$handle association handle
    462. 

  462.      * @param string &$macFunc HMAC function (sha1 or sha256)
    463. 

  463.      * @param string &$secret shared secret
    464. 

  464.      * @param integer &$expires expiration UNIX time
    465. 

  465.      * @return void
    466. 

  466.      */
    467. 

  467.     protected function _getAssociation($url, &$handle, &$macFunc, &$secret, &$expires)
    468. 

  468.     {
    469. 

  469.         if (isset($this->_cache[$url])) {
    470. 

  470.             $handle   = $this->_cache[$url][0];
    471. 

  471.             $macFunc = $this->_cache[$url][1];
    472. 

  472.             $secret   = $this->_cache[$url][2];
    473. 

  473.             $expires  = $this->_cache[$url][3];
    474. 

  474.             return true;
    475. 

  475.         }
    476. 

  476.         if ($this->_storage->getAssociation(
    477. 

  477.                 $url,
    478. 

  478.                 $handle,
    479. 

  479.                 $macFunc,
    480. 

  480.                 $secret,
    481. 

  481.                 $expires)) {
    482. 

  482.             $this->_cache[$url] = array($handle, $macFunc, $secret, $expires);
    483. 

  483.             return true;
    484. 

  484.         }
    485. 

  485.         return false;
    486. 

  486.     }
    487. 

  487. 

  488.     /**
    489. 

  489.      * Performs HTTP request to given $url using given HTTP $method.
    490. 

  490.      * Send additinal query specified by variable/value array,
    491. 

  491.      * On success returns HTTP response without headers, false on failure.
    492. 

  492.      *
    493. 

  493.      * @param string $url OpenID server url
    494. 

  494.      * @param string $method HTTP request method 'GET' or 'POST'
    495. 

  495.      * @param array $params additional qwery parameters to be passed with
    496. 

  496.      * @param int &$staus HTTP status code
    497. 

  497.      *  request
    498. 

  498.      * @return mixed
    499. 

  499.      */
    500. 

  500.     protected function _httpRequest($url, $method = 'GET', array $params = array(), &$status = null)
    501. 

  501.     {
    502. 

  502.         $client = $this->_httpClient;
    503. 

  503.         if ($client === null) {
    504. 

  504.             $client = new Zend_Http_Client(
    505. 

  505.                     $url,
    506. 

  506.                     array(
    507. 

  507.                         'maxredirects' => 4,
    508. 

  508.                         'timeout'      => 15,
    509. 

  509.                         'useragent'    => 'Zend_OpenId'
    510. 

  510.                     )
    511. 

  511.                 );
    512. 

  512.         } else {
    513. 

  513.             $client->setUri($url);
    514. 

  514.         }
    515. 

  515. 

  516.         $client->resetParameters();
    517. 

  517.         if ($method == 'POST') {
    518. 

  518.             $client->setMethod(Zend_Http_Client::POST);
    519. 

  519.             $client->setParameterPost($params);
    520. 

  520.         } else {
    521. 

  521.             $client->setMethod(Zend_Http_Client::GET);
    522. 

  522.             $client->setParameterGet($params);
    523. 

  523.         }
    524. 

  524. 

  525.         try {
    526. 

  526.             $response = $client->request();
    527. 

  527.         } catch (Exception $e) {
    528. 

  528.             $this->_setError('HTTP Request failed: ' . $e->getMessage());
    529. 

  529.             return false;
    530. 

  530.         }
    531. 

  531.         $status = $response->getStatus();
    532. 

  532.         $body = $response->getBody();
    533. 

  533.         if ($status == 200 || ($status == 400 && !empty($body))) {
    534. 

  534.             return $body;
    535. 

  535.         }else{
    536. 

  536.             $this->_setError('Bad HTTP response');
    537. 

  537.             return false;
    538. 

  538.         }
    539. 

  539.     }
    540. 

  540. 

  541.     /**
    542. 

  542.      * Create (or reuse existing) association between OpenID consumer and
    543. 

  543.      * OpenID server based on Diffie-Hellman key agreement. Returns true
    544. 

  544.      * on success and false on failure.
    545. 

  545.      *
    546. 

  546.      * @param string $url OpenID server url
    547. 

  547.      * @param float $version OpenID protocol version
    548. 

  548.      * @param string $priv_key for testing only
    549. 

  549.      * @return bool
    550. 

  550.      */
    551. 

  551.     protected function _associate($url, $version, $priv_key=null)
    552. 

  552.     {
    553. 

  553. 

  554.         /* Check if we already have association in chace or storage */
    555. 

  555.         if ($this->_getAssociation(
    556. 

  556.                 $url,
    557. 

  557.                 $handle,
    558. 

  558.                 $macFunc,
    559. 

  559.                 $secret,
    560. 

  560.                 $expires)) {
    561. 

  561.             return true;
    562. 

  562.         }
    563. 

  563. 

  564.         if ($this->_dumbMode) {
    565. 

  565.             /* Use dumb mode */
    566. 

  566.             return true;
    567. 

  567.         }
    568. 

  568. 

  569.         $params = array();
    570. 

  570. 

  571.         if ($version >= 2.0) {
    572. 

  572.             $params = array(
    573. 

  573.                 'openid.ns'           => Zend_OpenId::NS_2_0,
    574. 

  574.                 'openid.mode'         => 'associate',
    575. 

  575.                 'openid.assoc_type'   => 'HMAC-SHA256',
    576. 

  576.                 'openid.session_type' => 'DH-SHA256',
    577. 

  577.             );
    578. 

  578.         } else {
    579. 

  579.             $params = array(
    580. 

  580.                 'openid.mode'         => 'associate',
    581. 

  581.                 'openid.assoc_type'   => 'HMAC-SHA1',
    582. 

  582.                 'openid.session_type' => 'DH-SHA1',
    583. 

  583.             );
    584. 

  584.         }
    585. 

  585. 

  586.         $dh = Zend_OpenId::createDhKey(pack('H*', Zend_OpenId::DH_P),
    587. 

  587.                                        pack('H*', Zend_OpenId::DH_G),
    588. 

  588.                                        $priv_key);
    589. 

  589.         $dh_details = Zend_OpenId::getDhKeyDetails($dh);
    590. 

  590. 

  591.         $params['openid.dh_modulus']         = base64_encode(
    592. 

  592.             Zend_OpenId::btwoc($dh_details['p']));
    593. 

  593.         $params['openid.dh_gen']             = base64_encode(
    594. 

  594.             Zend_OpenId::btwoc($dh_details['g']));
    595. 

  595.         $params['openid.dh_consumer_public'] = base64_encode(
    596. 

  596.             Zend_OpenId::btwoc($dh_details['pub_key']));
    597. 

  597. 

  598.         while(1) {
    599. 

  599.             $ret = $this->_httpRequest($url, 'POST', $params, $status);
    600. 

  600.             if ($ret === false) {
    601. 

  601.                 $this->_setError("HTTP request failed");
    602. 

  602.                 return false;
    603. 

  603.             }
    604. 

  604. 

  605.             $r = array();
    606. 

  606.             $bad_response = false;
    607. 

  607.             foreach(explode("\n", $ret) as $line) {
    608. 

  608.                 $line = trim($line);
    609. 

  609.                 if (!empty($line)) {
    610. 

  610.                     $x = explode(':', $line, 2);
    611. 

  611.                     if (is_array($x) && count($x) == 2) {
    612. 

  612.                         list($key, $value) = $x;
    613. 

  613.                         $r[trim($key)] = trim($value);
    614. 

  614.                     } else {
    615. 

  615.                         $bad_response = true;
    616. 

  616.                     }
    617. 

  617.                 }
    618. 

  618.             }
    619. 

  619.             if ($bad_response && strpos($ret, 'Unknown session type') !== false) {
    620. 

  620.                 $r['error_code'] = 'unsupported-type';
    621. 

  621.             }
    622. 

  622.             $ret = $r;
    623. 

  623. 

  624.             if (isset($ret['error_code']) &&
    625. 

  625.                 $ret['error_code'] == 'unsupported-type') {
    626. 

  626.                 if ($params['openid.session_type'] == 'DH-SHA256') {
    627. 

  627.                     $params['openid.session_type'] = 'DH-SHA1';
    628. 

  628.                     $params['openid.assoc_type'] = 'HMAC-SHA1';
    629. 

  629.                 } else if ($params['openid.session_type'] == 'DH-SHA1') {
    630. 

  630.                     $params['openid.session_type'] = 'no-encryption';
    631. 

  631.                 } else {
    632. 

  632.                     $this->_setError("The OpenID service responded with: " . $ret['error_code']);
    633. 

  633.                     return false;
    634. 

  634.                 }
    635. 

  635.             } else {
    636. 

  636.                 break;
    637. 

  637.             }
    638. 

  638.         }
    639. 

  639. 

  640.         if ($status != 200) {
    641. 

  641.             $this->_setError("The server responded with status code: " . $status);
    642. 

  642.             return false;
    643. 

  643.         }
    644. 

  644. 

  645.         if ($version >= 2.0 &&
    646. 

  646.             isset($ret['ns']) &&
    647. 

  647.             $ret['ns'] != Zend_OpenId::NS_2_0) {
    648. 

  648.             $this->_setError("Wrong namespace definition in the server response");
    649. 

  649.             return false;
    650. 

  650.         }
    651. 

  651. 

  652.         if (!isset($ret['assoc_handle']) ||
    653. 

  653.             !isset($ret['expires_in']) ||
    654. 

  654.             !isset($ret['assoc_type']) ||
    655. 

  655.             $params['openid.assoc_type'] != $ret['assoc_type']) {
    656. 

  656.             if ($params['openid.assoc_type'] != $ret['assoc_type']) {
    657. 

  657.                 $this->_setError("The returned assoc_type differed from the supplied openid.assoc_type");
    658. 

  658.             } else {
    659. 

  659.                 $this->_setError("Missing required data from provider (assoc_handle, expires_in, assoc_type are required)");
    660. 

  660.             }
    661. 

  661.             return false;
    662. 

  662.         }
    663. 

  663. 

  664.         $handle     = $ret['assoc_handle'];
    665. 

  665.         $expiresIn = $ret['expires_in'];
    666. 

  666. 

  667.         if ($ret['assoc_type'] == 'HMAC-SHA1') {
    668. 

  668.             $macFunc = 'sha1';
    669. 

  669.         } else if ($ret['assoc_type'] == 'HMAC-SHA256' &&
    670. 

  670.             $version >= 2.0) {
    671. 

  671.             $macFunc = 'sha256';
    672. 

  672.         } else {
    673. 

  673.             $this->_setError("Unsupported assoc_type");
    674. 

  674.             return false;
    675. 

  675.         }
    676. 

  676. 

  677.         if ((empty($ret['session_type']) ||
    678. 

  678.              ($version >= 2.0 && $ret['session_type'] == 'no-encryption')) &&
    679. 

  679.              isset($ret['mac_key'])) {
    680. 

  680.             $secret = base64_decode($ret['mac_key']);
    681. 

  681.         } else if (isset($ret['session_type']) &&
    682. 

  682.             $ret['session_type'] == 'DH-SHA1' &&
    683. 

  683.             !empty($ret['dh_server_public']) &&
    684. 

  684.             !empty($ret['enc_mac_key'])) {
    685. 

  685.             $dhFunc = 'sha1';
    686. 

  686.         } else if (isset($ret['session_type']) &&
    687. 

  687.             $ret['session_type'] == 'DH-SHA256' &&
    688. 

  688.             $version >= 2.0 &&
    689. 

  689.             !empty($ret['dh_server_public']) &&
    690. 

  690.             !empty($ret['enc_mac_key'])) {
    691. 

  691.             $dhFunc = 'sha256';
    692. 

  692.         } else {
    693. 

  693.             $this->_setError("Unsupported session_type");
    694. 

  694.             return false;
    695. 

  695.         }
    696. 

  696.         if (isset($dhFunc)) {
    697. 

  697.             $serverPub = base64_decode($ret['dh_server_public']);
    698. 

  698.             $dhSec = Zend_OpenId::computeDhSecret($serverPub, $dh);
    699. 

  699.             if ($dhSec === false) {
    700. 

  700.                 $this->_setError("DH secret comutation failed");
    701. 

  701.                 return false;
    702. 

  702.             }
    703. 

  703.             $sec = Zend_OpenId::digest($dhFunc, $dhSec);
    704. 

  704.             if ($sec === false) {
    705. 

  705.                 $this->_setError("Could not create digest");
    706. 

  706.                 return false;
    707. 

  707.             }
    708. 

  708.             $secret = $sec ^ base64_decode($ret['enc_mac_key']);
    709. 

  709.         }
    710. 

  710.         if ($macFunc == 'sha1') {
    711. 

  711.             if (Zend_OpenId::strlen($secret) != 20) {
    712. 

  712.                 $this->_setError("The length of the sha1 secret must be 20");
    713. 

  713.                 return false;
    714. 

  714.             }
    715. 

  715.         } else if ($macFunc == 'sha256') {
    716. 

  716.             if (Zend_OpenId::strlen($secret) != 32) {
    717. 

  717.                 $this->_setError("The length of the sha256 secret must be 32");
    718. 

  718.                 return false;
    719. 

  719.             }
    720. 

  720.         }
    721. 

  721.         $this->_addAssociation(
    722. 

  722.             $url,
    723. 

  723.             $handle,
    724. 

  724.             $macFunc,
    725. 

  725.             $secret,
    726. 

  726.             time() + $expiresIn);
    727. 

  727.         return true;
    728. 

  728.     }
    729. 

  729. 

  730.     /**
    731. 

  731.      * Performs discovery of identity and finds OpenID URL, OpenID server URL
    732. 

  732.      * and OpenID protocol version. Returns true on succees and false on
    733. 

  733.      * failure.
    734. 

  734.      *
    735. 

  735.      * @param string &$id OpenID identity URL
    736. 

  736.      * @param string &$server OpenID server URL
    737. 

  737.      * @param float &$version OpenID protocol version
    738. 

  738.      * @return bool
    739. 

  739.      * @todo OpenID 2.0 (7.3) XRI and Yadis discovery
    740. 

  740.      */
    741. 

  741.     protected function _discovery(&$id, &$server, &$version)
    742. 

  742.     {
    743. 

  743.         $realId = $id;
    744. 

  744.         if ($this->_storage->getDiscoveryInfo(
    745. 

  745.                 $id,
    746. 

  746.                 $realId,
    747. 

  747.                 $server,
    748. 

  748.                 $version,
    749. 

  749.                 $expire)) {
    750. 

  750.             $id = $realId;
    751. 

  751.             return true;
    752. 

  752.         }
    753. 

  753. 

  754.         $response = $this->_httpRequest($id, 'GET', array(), $status);
    755. 

  755.         if ($status != 200 || !is_string($response)) {
    756. 

  756.             return false;
    757. 

  757.         }
    758. 

  758. 

  759.         /* OpenID 2.0 (7.3) XRI and Yadis discovery */
    760. 

  760.         if (preg_match(
    761. 

  761.                 '/<meta[^>]*http-equiv=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?X-XRDS-Location[ \t]*[^"\']*\\1[^>]*content=(["\'])([^"\']+)\\2[^>]*\/?>/i',
    762. 

  762.                 $response,
    763. 

  763.                 $r)) {
    764. 

  764.             $XRDS = $r[3];
    765. 

  765.             $version = 2.0;
    766. 

  766.             $response = $this->_httpRequest($XRDS); 
    767. 

  767.             if (preg_match(
    768. 

  768.                     '/<URI>([^\t]*)<\/URI>/i',
    769. 

  769.                     $response,
    770. 

  770.                     $x)) {
    771. 

  771.                 $server = $x[1];
    772. 

  772.                 // $realId 
    773. 

  773.                 $realId = 'http://specs.openid.net/auth/2.0/identifier_select';
    774. 

  774.             }
    775. 

  775.             else {
    776. 

  776.                 $this->_setError("Unable to get URI for XRDS discovery");
    777. 

  777.             }
    778. 

  778.         }
    779. 

  779. 

  780.         /* HTML-based discovery */
    781. 

  781.         else if (preg_match(
    782. 

  782.                 '/<link[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid2.provider[ \t]*[^"\']*\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i',
    783. 

  783.                 $response,
    784. 

  784.                 $r)) {
    785. 

  785.             $version = 2.0;
    786. 

  786.             $server = $r[3];
    787. 

  787.         } else if (preg_match(
    788. 

  788.                 '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid2.provider[ \t]*[^"\']*\\3[^>]*\/?>/i',
    789. 

  789.                 $response,
    790. 

  790.                 $r)) {
    791. 

  791.             $version = 2.0;
    792. 

  792.             $server = $r[2];
    793. 

  793.         } else if (preg_match(
    794. 

  794.                 '/<link[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid.server[ \t]*[^"\']*\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i',
    795. 

  795.                 $response,
    796. 

  796.                 $r)) {
    797. 

  797.             $version = 1.1;
    798. 

  798.             $server = $r[3];
    799. 

  799.         } else if (preg_match(
    800. 

  800.                 '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid.server[ \t]*[^"\']*\\3[^>]*\/?>/i',
    801. 

  801.                 $response,
    802. 

  802.                 $r)) {
    803. 

  803.             $version = 1.1;
    804. 

  804.             $server = $r[2];
    805. 

  805.         } else {
    806. 

  806.             return false;
    807. 

  807.         }
    808. 

  808.         if ($version >= 2.0) {
    809. 

  809.             if (preg_match(
    810. 

  810.                     '/<link[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid2.local_id[ \t]*[^"\']*\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i',
    811. 

  811.                     $response,
    812. 

  812.                     $r)) {
    813. 

  813.                 $realId = $r[3];
    814. 

  814.             } else if (preg_match(
    815. 

  815.                     '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid2.local_id[ \t]*[^"\']*\\3[^>]*\/?>/i',
    816. 

  816.                     $response,
    817. 

  817.                     $r)) {
    818. 

  818.                 $realId = $r[2];
    819. 

  819.             }
    820. 

  820.         } else {
    821. 

  821.             if (preg_match(
    822. 

  822.                     '/<link[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid.delegate[ \t]*[^"\']*\\1[^>]*href=(["\'])([^"\']+)\\2[^>]*\/?>/i',
    823. 

  823.                     $response,
    824. 

  824.                     $r)) {
    825. 

  825.                 $realId = $r[3];
    826. 

  826.             } else if (preg_match(
    827. 

  827.                     '/<link[^>]*href=(["\'])([^"\']+)\\1[^>]*rel=(["\'])[ \t]*(?:[^ \t"\']+[ \t]+)*?openid.delegate[ \t]*[^"\']*\\3[^>]*\/?>/i',
    828. 

  828.                     $response,
    829. 

  829.                     $r)) {
    830. 

  830.                 $realId = $r[2];
    831. 

  831.             }
    832. 

  832.         }
    833. 

  833. 

  834.         $expire = time() + 60 * 60;
    835. 

  835.         $this->_storage->addDiscoveryInfo($id, $realId, $server, $version, $expire);
    836. 

  836.         $id = $realId;
    837. 

  837.         return true;
    838. 

  838.     }
    839. 

  839. 

  840.     /**
    841. 

  841.      * Performs check of OpenID identity.
    842. 

  842.      *
    843. 

  843.      * This is the first step of OpenID authentication process.
    844. 

  844.      * On success the function does not return (it does HTTP redirection to
    845. 

  845.      * server and exits). On failure it returns false.
    846. 

  846.      *
    847. 

  847.      * @param bool $immediate enables or disables interaction with user
    848. 

  848.      * @param string $id OpenID identity
    849. 

  849.      * @param string $returnTo HTTP URL to redirect response from server to
    850. 

  850.      * @param string $root HTTP URL to identify consumer on server
    851. 

  851.      * @param mixed $extensions extension object or array of extensions objects
    852. 

  852.      * @param Zend_Controller_Response_Abstract $response an optional response
    853. 

  853.      *  object to perform HTTP or HTML form redirection
    854. 

  854.      * @return bool
    855. 

  855.      */
    856. 

  856.     protected function _checkId($immediate, $id, $returnTo=null, $root=null,
    857. 

  857.         $extensions=null, Zend_Controller_Response_Abstract $response = null)
    858. 

  858.     {
    859. 

  859.         $this->_setError('');
    860. 

  860. 

  861.         if (!Zend_OpenId::normalize($id)) {
    862. 

  862.             $this->_setError("Normalisation failed");
    863. 

  863.             return false;
    864. 

  864.         }
    865. 

  865.         $claimedId = $id;
    866. 

  866. 

  867.         if (!$this->_discovery($id, $server, $version)) {
    868. 

  868.             $this->_setError("Discovery failed: " . $this->getError());
    869. 

  869.             return false;
    870. 

  870.         }
    871. 

  871.         if (!$this->_associate($server, $version)) {
    872. 

  872.             $this->_setError("Association failed: " . $this->getError());
    873. 

  873.             return false;
    874. 

  874.         }
    875. 

  875.         if (!$this->_getAssociation(
    876. 

  876.                 $server,
    877. 

  877.                 $handle,
    878. 

  878.                 $macFunc,
    879. 

  879.                 $secret,
    880. 

  880.                 $expires)) {
    881. 

  881.             /* Use dumb mode */
    882. 

  882.             unset($handle);
    883. 

  883.             unset($macFunc);
    884. 

  884.             unset($secret);
    885. 

  885.             unset($expires);
    886. 

  886.         }
    887. 

  887. 

  888.         $params = array();
    889. 

  889.         if ($version >= 2.0) {
    890. 

  890.             $params['openid.ns'] = Zend_OpenId::NS_2_0;
    891. 

  891.         }
    892. 

  892. 

  893.         $params['openid.mode'] = $immediate ?
    894. 

  894.             'checkid_immediate' : 'checkid_setup';
    895. 

  895. 

  896.         $params['openid.identity'] = $id;
    897. 

  897. 

  898.         $params['openid.claimed_id'] = $claimedId;
    899. 

  899. 

  900.         if ($version <= 2.0) {
    901. 

  901.             if ($this->_session !== null) {
    902. 

  902.                 $this->_session->identity = $id;
    903. 

  903.                 $this->_session->claimed_id = $claimedId;
    904. 

  904.             } else if (defined('SID')) {
    905. 

  905.                 $_SESSION["zend_openid"] = array(
    906. 

  906.                     "identity" => $id,
    907. 

  907.                     "claimed_id" => $claimedId);
    908. 

  908.             } else {
    909. 

  909.                 require_once "Zend/Session/Namespace.php";
    910. 

  910.                 $this->_session = new Zend_Session_Namespace("zend_openid");
    911. 

  911.                 $this->_session->identity = $id;
    912. 

  912.                 $this->_session->claimed_id = $claimedId;
    913. 

  913.             }
    914. 

  914.         }
    915. 

  915. 

  916.         if (isset($handle)) {
    917. 

  917.             $params['openid.assoc_handle'] = $handle;
    918. 

  918.         }
    919. 

  919. 

  920.         $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo);
    921. 

  921. 

  922.         if (empty($root)) {
    923. 

  923.             $root = Zend_OpenId::selfUrl();
    924. 

  924.             if ($root[strlen($root)-1] != '/') {
    925. 

  925.                 $root = dirname($root);
    926. 

  926.             }
    927. 

  927.         }
    928. 

  928.         if ($version >= 2.0) {
    929. 

  929.             $params['openid.realm'] = $root;
    930. 

  930.         } else {
    931. 

  931.             $params['openid.trust_root'] = $root;
    932. 

  932.         }
    933. 

  933. 

  934.         if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) {
    935. 

  935.             $this->_setError("Extension::prepareRequest failure");
    936. 

  936.             return false;
    937. 

  937.         }
    938. 

  938. 

  939.         Zend_OpenId::redirect($server, $params, $response);
    940. 

  940.         return true;
    941. 

  941.     }
    942. 

  942. 

  943.     /**
    944. 

  944.      * Sets HTTP client object to make HTTP requests
    945. 

  945.      *
    946. 

  946.      * @param Zend_Http_Client $client HTTP client object to be used
    947. 

  947.      */
    948. 

  948.     public function setHttpClient($client) {
    949. 

  949.         $this->_httpClient = $client;
    950. 

  950.     }
    951. 

  951. 

  952.     /**
    953. 

  953.      * Returns HTTP client object that will be used to make HTTP requests
    954. 

  954.      *
    955. 

  955.      * @return Zend_Http_Client
    956. 

  956.      */
    957. 

  957.     public function getHttpClient() {
    958. 

  958.         return $this->_httpClient;
    959. 

  959.     }
    960. 

  960. 

  961.     /**
    962. 

  962.      * Sets session object to store climed_id
    963. 

  963.      *
    964. 

  964.      * @param Zend_Session_Namespace $session HTTP client object to be used
    965. 

  965.      */
    966. 

  966.     public function setSession(Zend_Session_Namespace $session) {
    967. 

  967.         $this->_session = $session;
    968. 

  968.     }
    969. 

  969. 

  970.     /**
    971. 

  971.      * Returns session object that is used to store climed_id
    972. 

  972.      *
    973. 

  973.      * @return Zend_Session_Namespace
    974. 

  974.      */
    975. 

  975.     public function getSession() {
    976. 

  976.         return $this->_session;
    977. 

  977.     }
    978. 

  978. 

  979.     /**
    980. 

  980.      * Saves error message
    981. 

  981.      *
    982. 

  982.      * @param string $message error message
    983. 

  983.      */
    984. 

  984.     protected function _setError($message)
    985. 

  985.     {
    986. 

  986.         $this->_error = $message;
    987. 

  987.     }
    988. 

  988. 

  989.     /**
    990. 

  990.      * Returns error message that explains failure of login, check or verify
    991. 

  991.      *
    992. 

  992.      * @return string
    993. 

  993.      */
    994. 

  994.     public function getError()
    995. 

  995.     {
    996. 

  996.         return $this->_error;
    997. 

  997.     }
    998. 

  998. 

  999. }
    1000.