Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 107 lines (84 sloc) 4.255 kb
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
1 // Copyright 2010 Florian Duraffourg. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package openid
6
7 import (
19185da @paddyforan Updated to use the Go weekly for 11-02-11.
paddyforan authored
8 "errors"
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
9 "strings"
10 "io"
cd3981c gofix http url handling functions into "url" package.
Brian Olson authored
11 "url"
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
12 )
13
14 const (
15 _ = iota
16 IdentifierXRI
17 IdentifierURL
18 )
19
19185da @paddyforan Updated to use the Go weekly for 11-02-11.
paddyforan authored
20 func GetRedirectURL(Identifier string, realm string, returnto string) (string, error) {
21 var err error
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
22 var Id, IdType = NormalizeIdentifier(Identifier)
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
23
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
24 // If the identifier is an XRI, [XRI_Resolution_2.0] will yield an XRDS document that contains the necessary information. It should also be noted that Relying Parties can take advantage of XRI Proxy Resolvers, such as the one provided by XDI.org at http://www.xri.net. This will remove the need for the RPs to perform XRI Resolution locally.
25 if IdType == IdentifierXRI {
26 // Not implemented yet
19185da @paddyforan Updated to use the Go weekly for 11-02-11.
paddyforan authored
27 return "", errors.New("XRI identifier not implemented yed")
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
28 }
29
30 // If it is a URL, the Yadis protocol [Yadis] SHALL be first attempted. If it succeeds, the result is again an XRDS document.
31 if IdType == IdentifierURL {
32 var reader io.Reader
33 reader, err = Yadis(Id)
34 if err != nil {
35 return "", err
36 }
dad73b4 @fduraffourg Details
fduraffourg authored
37 if reader == nil {
19185da @paddyforan Updated to use the Go weekly for 11-02-11.
paddyforan authored
38 return "", errors.New("Yadis returned an empty Reader for the ID: " + Id)
dad73b4 @fduraffourg Details
fduraffourg authored
39 }
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
40
41 var endpoint, claimedid = ParseXRDS(reader)
42 if len(endpoint) == 0 {
19185da @paddyforan Updated to use the Go weekly for 11-02-11.
paddyforan authored
43 return "", errors.New("Unable to parse the XRDS document")
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
44 }
45
46 // At this point we have the endpoint and eventually a claimed id
47 // Create the authentication request
48 return CreateAuthenticationRequest(endpoint, claimedid, realm, returnto), nil
49 }
50
51 // If the Yadis protocol fails and no valid XRDS document is retrieved, or no Service Elements are found in the XRDS document, the URL is retrieved and HTML-Based discovery SHALL be attempted.
52
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
53
54 return "Not implemented", nil
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
55 }
56
57 func NormalizeIdentifier(Id string) (Identifier string, IdentifierType int) {
58 Identifier = Id
59 //1. If the user's input starts with the "xri://" prefix, it MUST be stripped off, so that XRIs are used in the canonical form.
60 if strings.HasPrefix(Identifier, "xri://") {
61 Identifier = Identifier[6:]
62 }
63
64 // 2. If the first character of the resulting string is an XRI Global Context Symbol ("=", "@", "+", "$", "!") or "(", as defined in Section 2.2.1 of [XRI_Syntax_2.0] (Reed, D. and D. McAlpin, “Extensible Resource Identifier (XRI) Syntax V2.0,” .), then the input SHOULD be treated as an XRI.
65 var firstChar = Identifier[0]
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
66 if firstChar == '=' || firstChar == '@' || firstChar == '+' || firstChar == '$' || firstChar == '!' {
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
67 IdentifierType = IdentifierXRI
68 return
69 }
70
71 // 3. Otherwise, the input SHOULD be treated as an http URL; if it does not include a "http" or "https" scheme, the Identifier MUST be prefixed with the string "http://". If the URL contains a fragment part, it MUST be stripped off together with the fragment delimiter character "#". See Section 11.5.2 (HTTP and HTTPS URL Identifiers) for more information.
72 IdentifierType = IdentifierURL
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
73 if !strings.HasPrefix(Identifier, "http://") && !strings.HasPrefix(Identifier, "https://") {
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
74 Identifier = "http://" + Identifier
75 }
76
77 // 4. URL Identifiers MUST then be further normalized by both following redirects when retrieving their content and finally applying the rules in Section 6 of [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) to the final destination URL. This final URL MUST be noted by the Relying Party as the Claimed Identifier and be used when requesting authentication (Requesting Authentication).
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
78
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
79 return
80 }
81
82 func CreateAuthenticationRequest(OPEndPoint, ClaimedID, Realm, ReturnTo string) string {
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
83 var p = make(map[string]string)
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
84
85 p["openid.ns"] = "http://specs.openid.net/auth/2.0"
86 p["openid.mode"] = "checkid_setup"
87
88 if len(ClaimedID) == 0 {
89 p["openid.claimed_id"] = "http://specs.openid.net/auth/2.0/identifier_select"
90 p["openid.identity"] = "http://specs.openid.net/auth/2.0/identifier_select"
91 } else {
92 p["openid.claimed_id"] = ClaimedID
93 p["openid.identity"] = ClaimedID
94 }
95
96 p["openid.return_to"] = Realm + ReturnTo
97 p["openid.realm"] = Realm
98
cd3981c gofix http url handling functions into "url" package.
Brian Olson authored
99 var url_ string
100 url_ = OPEndPoint + "?"
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
101
102 for k, v := range p {
cd3981c gofix http url handling functions into "url" package.
Brian Olson authored
103 url_ += url.QueryEscape(k) + "=" + url.QueryEscape(v) + "&"
231e73a @fduraffourg Rewrite of the authentication request part
fduraffourg authored
104 }
cd3981c gofix http url handling functions into "url" package.
Brian Olson authored
105 return url_
02319b1 @fduraffourg Correction on VerifyDirect response parsing
fduraffourg authored
106 }
Something went wrong with that request. Please try again.