Class: OpenID::TrustRoot::TrustRoot

Inherits:
Object
  • Object
show all
Defined in:
lib/openid/trustroot.rb

Constant Summary collapse

@@empty_re =
Regexp.new('^http[s]*:\/\/\*\/$')

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(unparsed, proto, wildcard, host, port, path) ⇒ TrustRoot

Returns a new instance of TrustRoot.



261
262
263
264
265
266
267
268
# File 'lib/openid/trustroot.rb', line 261

def initialize(unparsed, proto, wildcard, host, port, path)
  @unparsed = unparsed
  @proto = proto
  @wildcard = wildcard
  @host = host
  @port = port
  @path = path
end

Instance Attribute Details

#hostObject (readonly)

Returns the value of attribute host.



152
153
154
# File 'lib/openid/trustroot.rb', line 152

def host
  @host
end

#pathObject (readonly)

Returns the value of attribute path.



152
153
154
# File 'lib/openid/trustroot.rb', line 152

def path
  @path
end

#portObject (readonly)

Returns the value of attribute port.



152
153
154
# File 'lib/openid/trustroot.rb', line 152

def port
  @port
end

#protoObject (readonly)

Returns the value of attribute proto.



152
153
154
# File 'lib/openid/trustroot.rb', line 152

def proto
  @proto
end

#unparsedObject (readonly)

Returns the value of attribute unparsed.



152
153
154
# File 'lib/openid/trustroot.rb', line 152

def unparsed
  @unparsed
end

#wildcardObject (readonly)

Returns the value of attribute wildcard.



152
153
154
# File 'lib/openid/trustroot.rb', line 152

def wildcard
  @wildcard
end

Class Method Details

._build_path(path, query = nil, frag = nil) ⇒ Object



156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# File 'lib/openid/trustroot.rb', line 156

def TrustRoot._build_path(path, query=nil, frag=nil)
  s = path.dup

  frag = nil if frag == ''
  query = nil if query == ''

  if query
    s << "?" << query
  end

  if frag
    s << "#" << frag
  end

  return s
end

._parse_url(url) ⇒ Object



173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'lib/openid/trustroot.rb', line 173

def TrustRoot._parse_url(url)
  begin
    url = URINorm.urinorm(url)
  rescue URI::InvalidURIError
    nil
  end

  begin
    parsed = URI::DEFAULT_PARSER.parse(url)
  rescue URI::InvalidURIError
    return nil
  end

  path = TrustRoot._build_path(parsed.path,
                               parsed.query,
                               parsed.fragment)

  return [parsed.scheme || '', parsed.host || '',
          parsed.port || '', path || '']
end

.check_sanity(trust_root_string) ⇒ Object



224
225
226
227
228
229
230
231
# File 'lib/openid/trustroot.rb', line 224

def TrustRoot.check_sanity(trust_root_string)
  trust_root = TrustRoot.parse(trust_root_string)
  if trust_root.nil?
    return false
  else
    return trust_root.sane?
  end
end

.check_url(trust_root, url) ⇒ Object

quick func for validating a url against a trust root. See the TrustRoot class if you need more control.



235
236
237
238
# File 'lib/openid/trustroot.rb', line 235

def self.check_url(trust_root, url)
  tr = self.parse(trust_root)
  return (!tr.nil? and tr.validate_url(url))
end

.parse(trust_root) ⇒ Object



194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# File 'lib/openid/trustroot.rb', line 194

def TrustRoot.parse(trust_root)
  trust_root = trust_root.dup
  unparsed = trust_root.dup

  # look for wildcard
  wildcard = (not trust_root.index('://*.').nil?)
  trust_root.sub!('*.', '') if wildcard

  # handle http://*/ case
  if not wildcard and @@empty_re.match(trust_root)
    proto = trust_root.split(':')[0]
    port = proto == 'http' ? 80 : 443
    return new(unparsed, proto, true, '', port, '/')
  end

  parts = TrustRoot._parse_url(trust_root)
  return nil if parts.nil?

  proto, host, port, path = parts
  return nil if host[0] == '.'

  # check for URI fragment
  if path and !path.index('#').nil?
    return nil
  end

  return nil unless ['http', 'https'].member?(proto)
  return new(unparsed, proto, wildcard, host, port, path)
end

Instance Method Details

#build_discovery_urlObject

Return a discovery URL for this realm.

This function does not check to make sure that the realm is valid. Its behaviour on invalid inputs is undefined.

return_to

The relying party return URL of the OpenID

authentication request

Returns the URL upon which relying party discovery should be run in order to verify the return_to URL



250
251
252
253
254
255
256
257
258
259
# File 'lib/openid/trustroot.rb', line 250

def build_discovery_url
  if self.wildcard
    # Use "www." in place of the star
    www_domain = 'www.' + @host
    port = (!@port.nil? and ![80, 443].member?(@port)) ? (":" + @port.to_s) : ''
    return "#{@proto}://#{www_domain}#{port}#{@path}"
  else
    return @unparsed
  end
end

#sane?Boolean

Returns:

  • (Boolean)


270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
# File 'lib/openid/trustroot.rb', line 270

def sane?
  return true if @host == 'localhost'

  host_parts = @host.split('.')

  # a note: ruby string split does not put an empty string at
  # the end of the list if the split element is last.  for
  # example, 'foo.com.'.split('.') => ['foo','com'].  Mentioned
  # because the python code differs here.

  return false if host_parts.length == 0

  # no adjacent dots
  return false if host_parts.member?('')

  # last part must be a tld
  tld = host_parts[-1]
  return false unless TOP_LEVEL_DOMAINS.member?(tld)

  return false if host_parts.length == 1

  if @wildcard
    if tld.length == 2 and host_parts[-2].length <= 3
      # It's a 2-letter tld with a short second to last segment
      # so there needs to be more than two segments specified
      # (e.g. *.co.uk is insane)
      return host_parts.length > 2
    end
  end

  return true
end

#validate_url(url) ⇒ Object



303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
# File 'lib/openid/trustroot.rb', line 303

def validate_url(url)
  parts = TrustRoot._parse_url(url)
  return false if parts.nil?

  proto, host, port, path = parts

  return false unless proto == @proto
  return false unless port == @port
  return false unless host.index('*').nil?

  if !@wildcard
    if host != @host
      return false
    end
  elsif ((@host != '') and
         (!host.end_with?('.' + @host)) and
         (host != @host))
    return false
  end

  if path != @path
    path_len = @path.length
    trust_prefix = @path[0...path_len]
    url_prefix = path[0...path_len]

    # must be equal up to the length of the path, at least
    if trust_prefix != url_prefix
      return false
    end

    # These characters must be on the boundary between the end
    # of the trust root's path and the start of the URL's path.
    if !@path.index('?').nil?
      allowed = '&'
    else
      allowed = '?/'
    end

    return (!allowed.index(@path[-1]).nil? or
            !allowed.index(path[path_len]).nil?)
  end

  return true
end