class OpenID::TrustRoot::TrustRoot

Attributes

host[R]
path[R]
port[R]
proto[R]
unparsed[R]
wildcard[R]

Public Class Methods

_build_path(path, query=nil, frag=nil) click to toggle source
# File lib/openid/trustroot.rb, line 156
def TrustRoot._build_path(path, query=nil, frag=nil)
  s = path.dup

  frag = nil if frag == ''
  query = nil if query == ''

  if query
    s << "?" << query
  end

  if frag
    s << "#" << frag
  end

  return s
end
_parse_url(url) click to toggle source
# File lib/openid/trustroot.rb, line 173
def TrustRoot._parse_url(url)
  begin
    url = URINorm.urinorm(url)
  rescue URI::InvalidURIError
    nil
  end

  begin
    parsed = URI::DEFAULT_PARSER.parse(url)
  rescue URI::InvalidURIError
    return nil
  end

  path = TrustRoot._build_path(parsed.path,
                               parsed.query,
                               parsed.fragment)

  return [parsed.scheme || '', parsed.host || '',
          parsed.port || '', path || '']
end
check_sanity(trust_root_string) click to toggle source
# File lib/openid/trustroot.rb, line 224
def TrustRoot.check_sanity(trust_root_string)
  trust_root = TrustRoot.parse(trust_root_string)
  if trust_root.nil?
    return false
  else
    return trust_root.sane?
  end
end
check_url(trust_root, url) click to toggle source

quick func for validating a url against a trust root. See the TrustRoot class if you need more control.

# File lib/openid/trustroot.rb, line 235
def self.check_url(trust_root, url)
  tr = self.parse(trust_root)
  return (!tr.nil? and tr.validate_url(url))
end
new(unparsed, proto, wildcard, host, port, path) click to toggle source
# File lib/openid/trustroot.rb, line 261
def initialize(unparsed, proto, wildcard, host, port, path)
  @unparsed = unparsed
  @proto = proto
  @wildcard = wildcard
  @host = host
  @port = port
  @path = path
end
parse(trust_root) click to toggle source
# File lib/openid/trustroot.rb, line 194
def TrustRoot.parse(trust_root)
  trust_root = trust_root.dup
  unparsed = trust_root.dup

  # look for wildcard
  wildcard = (not trust_root.index('://*.').nil?)
  trust_root.sub!('*.', '') if wildcard

  # handle http://*/ case
  if not wildcard and @@empty_re.match(trust_root)
    proto = trust_root.split(':')[0]
    port = proto == 'http' ? 80 : 443
    return new(unparsed, proto, true, '', port, '/')
  end

  parts = TrustRoot._parse_url(trust_root)
  return nil if parts.nil?

  proto, host, port, path = parts
  return nil if host[0] == '.'

  # check for URI fragment
  if path and !path.index('#').nil?
    return nil
  end

  return nil unless ['http', 'https'].member?(proto)
  return new(unparsed, proto, wildcard, host, port, path)
end

Public Instance Methods

build_discovery_url() click to toggle source

Return a discovery URL for this realm.

This function does not check to make sure that the realm is valid. Its behaviour on invalid inputs is undefined.

return_to

The relying party return URL of the OpenID

authentication request

Returns the URL upon which relying party discovery should be run in order to verify the return_to URL

# File lib/openid/trustroot.rb, line 250
def build_discovery_url
  if self.wildcard
    # Use "www." in place of the star
    www_domain = 'www.' + @host
    port = (!@port.nil? and ![80, 443].member?(@port)) ? (":" + @port.to_s) : ''
    return "#{@proto}://#{www_domain}#{port}#{@path}"
  else
    return @unparsed
  end
end
sane?() click to toggle source
# File lib/openid/trustroot.rb, line 270
def sane?
  return true if @host == 'localhost'

  host_parts = @host.split('.')

  # a note: ruby string split does not put an empty string at
  # the end of the list if the split element is last.  for
  # example, 'foo.com.'.split('.') => ['foo','com'].  Mentioned
  # because the python code differs here.

  return false if host_parts.length == 0

  # no adjacent dots
  return false if host_parts.member?('')

  # last part must be a tld
  tld = host_parts[-1]
  return false unless TOP_LEVEL_DOMAINS.member?(tld)

  return false if host_parts.length == 1

  if @wildcard
    if tld.length == 2 and host_parts[-2].length <= 3
      # It's a 2-letter tld with a short second to last segment
      # so there needs to be more than two segments specified
      # (e.g. *.co.uk is insane)
      return host_parts.length > 2
    end
  end

  return true
end
validate_url(url) click to toggle source
# File lib/openid/trustroot.rb, line 303
def validate_url(url)
  parts = TrustRoot._parse_url(url)
  return false if parts.nil?

  proto, host, port, path = parts

  return false unless proto == @proto
  return false unless port == @port
  return false unless host.index('*').nil?

  if !@wildcard
    if host != @host
      return false
    end
  elsif ((@host != '') and
         (!host.end_with?('.' + @host)) and
         (host != @host))
    return false
  end

  if path != @path
    path_len = @path.length
    trust_prefix = @path[0...path_len]
    url_prefix = path[0...path_len]

    # must be equal up to the length of the path, at least
    if trust_prefix != url_prefix
      return false
    end

    # These characters must be on the boundary between the end
    # of the trust root's path and the start of the URL's path.
    if !@path.index('?').nil?
      allowed = '&'
    else
      allowed = '?/'
    end

    return (!allowed.index(@path[-1]).nil? or
            !allowed.index(path[path_len]).nil?)
  end

  return true
end