Class: OpenID::TrustRoot::TrustRoot

Inherits:

Object

• Object
• OpenID::TrustRoot::TrustRoot

Defined in:

lib/openid/trustroot.rb

Constant Summary

@@empty_re =

Regexp.new('^http[s]*:\/\/\*\/$')

Instance Attribute Summary

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #path ⇒ Object readonly

  Returns the value of attribute path.

• #port ⇒ Object readonly

  Returns the value of attribute port.

• #proto ⇒ Object readonly

  Returns the value of attribute proto.

• #unparsed ⇒ Object readonly

  Returns the value of attribute unparsed.

• #wildcard ⇒ Object readonly

  Returns the value of attribute wildcard.

Class Method Summary

• ._build_path(path, query = nil, frag = nil) ⇒ Object
• ._parse_url(url) ⇒ Object
• .check_sanity(trust_root_string) ⇒ Object
• .check_url(trust_root, url) ⇒ Object

  quick func for validating a url against a trust root.

• .parse(trust_root) ⇒ Object

Instance Method Summary

• #build_discovery_url ⇒ Object

  Return a discovery URL for this realm.

• #initialize(unparsed, proto, wildcard, host, port, path) ⇒ TrustRoot constructor

  A new instance of TrustRoot.

• #sane? ⇒ Boolean
• #validate_url(url) ⇒ Object

Constructor Details

#initialize(unparsed, proto, wildcard, host, port, path) ⇒ TrustRoot

Returns a new instance of TrustRoot.

# File 'lib/openid/trustroot.rb', line 515

def initialize(unparsed, proto, wildcard, host, port, path)
  @unparsed = unparsed
  @proto = proto
  @wildcard = wildcard
  @host = host
  @port = port
  @path = path
end

Instance Attribute Details

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/openid/trustroot.rb', line 409

def host
  @host
end

#path ⇒ Object (readonly)

Returns the value of attribute path.

# File 'lib/openid/trustroot.rb', line 409

def path
  @path
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/openid/trustroot.rb', line 409

def port
  @port
end

#proto ⇒ Object (readonly)

Returns the value of attribute proto.

# File 'lib/openid/trustroot.rb', line 409

def proto
  @proto
end

#unparsed ⇒ Object (readonly)

Returns the value of attribute unparsed.

# File 'lib/openid/trustroot.rb', line 409

def unparsed
  @unparsed
end

#wildcard ⇒ Object (readonly)

Returns the value of attribute wildcard.

# File 'lib/openid/trustroot.rb', line 409

def wildcard
  @wildcard
end

Class Method Details

._build_path(path, query = nil, frag = nil) ⇒ Object

# File 'lib/openid/trustroot.rb', line 413

def self._build_path(path, query = nil, frag = nil)
  s = path.dup

  frag = nil if frag == ""
  query = nil if query == ""

  s << "?" << query if query

  s << "#" << frag if frag

  s
end

._parse_url(url) ⇒ Object

# File 'lib/openid/trustroot.rb', line 426

def self._parse_url(url)
  begin
    url = URINorm.urinorm(url)
  rescue URI::InvalidURIError
    nil
  end

  begin
    parsed = URI::DEFAULT_PARSER.parse(url)
  rescue URI::InvalidURIError
    return
  end

  path = TrustRoot._build_path(
    parsed.path,
    parsed.query,
    parsed.fragment,
  )

  [
    parsed.scheme || "",
    parsed.host || "",
    parsed.port || "",
    path || "",
  ]
end

.check_sanity(trust_root_string) ⇒ Object

# File 'lib/openid/trustroot.rb', line 482

def self.check_sanity(trust_root_string)
  trust_root = TrustRoot.parse(trust_root_string)
  return false if trust_root.nil?

  trust_root.sane?
end

.check_url(trust_root, url) ⇒ Object

quick func for validating a url against a trust root. See the TrustRoot class if you need more control.

# File 'lib/openid/trustroot.rb', line 491

def self.check_url(trust_root, url)
  tr = parse(trust_root)
  (!tr.nil? and tr.validate_url(url))
end

.parse(trust_root) ⇒ Object

# File 'lib/openid/trustroot.rb', line 453

def self.parse(trust_root)
  trust_root = trust_root.dup
  unparsed = trust_root.dup

  # look for wildcard
  wildcard = !trust_root.index("://*.").nil?
  trust_root.sub!("*.", "") if wildcard

  # handle http://*/ case
  if !wildcard and @@empty_re.match(trust_root)
    proto = trust_root.split(":")[0]
    port = (proto == "http") ? 80 : 443
    return new(unparsed, proto, true, "", port, "/")
  end

  parts = TrustRoot._parse_url(trust_root)
  return if parts.nil?

  proto, host, port, path = parts
  return if host[0] == "."

  # check for URI fragment
  return if path and !path.index("#").nil?

  return unless %w[http https].member?(proto)

  new(unparsed, proto, wildcard, host, port, path)
end

Instance Method Details

#build_discovery_url ⇒ Object

Return a discovery URL for this realm.

This function does not check to make sure that the realm is valid. Its behaviour on invalid inputs is undefined.

return_to

The relying party return URL of the OpenID

authentication request

Returns the URL upon which relying party discovery should be run in order to verify the return_to URL

# File 'lib/openid/trustroot.rb', line 506

def build_discovery_url
  return @unparsed unless wildcard

  # Use "www." in place of the star
  www_domain = "www." + @host
  port = (!@port.nil? and ![80, 443].member?(@port)) ? (":" + @port.to_s) : ""
  "#{@proto}://#{www_domain}#{port}#{@path}"
end

#sane? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/openid/trustroot.rb', line 524

def sane?
  return true if @host == "localhost"

  host_parts = @host.split(".")

  # a note: ruby string split does not put an empty string at
  # the end of the list if the split element is last.  for
  # example, 'foo.com.'.split('.') => ['foo','com'].  Mentioned
  # because the python code differs here.

  return false if host_parts.length == 0

  # no adjacent dots
  return false if host_parts.member?("")

  # last part must be a tld
  tld = host_parts[-1]
  return false unless TOP_LEVEL_DOMAINS.member?(tld)

  return false if host_parts.length == 1

  if @wildcard && (tld.length == 2 and host_parts[-2].length <= 3)
    # It's a 2-letter tld with a short second to last segment
    # so there needs to be more than two segments specified
    # (e.g. *.co.uk is insane)
    return host_parts.length > 2
  end

  true
end

#validate_url(url) ⇒ Object

# File 'lib/openid/trustroot.rb', line 555

def validate_url(url)
  parts = TrustRoot._parse_url(url)
  return false if parts.nil?

  proto, host, port, path = parts

  return false unless proto == @proto
  return false unless port == @port
  return false unless host.index("*").nil?

  if !@wildcard
    return false if host != @host
  elsif (@host != "") and
      !host.end_with?("." + @host) and
      (host != @host)
    return false
  end

  if path != @path
    path_len = @path.length
    trust_prefix = @path[0...path_len]
    url_prefix = path[0...path_len]

    # must be equal up to the length of the path, at least
    return false if trust_prefix != url_prefix

    # These characters must be on the boundary between the end
    # of the trust root's path and the start of the URL's path.
    allowed = if !@path.index("?").nil?
      "&"
    else
      "?/"
    end

    return (!allowed.index(@path[-1]).nil? or
            !allowed.index(path[path_len]).nil?)
  end

  true
end