openid_verify_assertion_signature
function openid_verify_assertion_signature
openid_verify_assertion_signature($service, $association, $response)
Verify the signature of the response received from the OpenID provider.
Parameters
$service: Array describing the OpenID provider.
$association: Information on the association with the OpenID provider.
$response: Array of response values from the provider.
Return value
TRUE if the signature is valid and covers all fields required to be signed.
See also
http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4
File
- modules/openid/openid.module, line 908
- Implement OpenID Relying Party support for Drupal
Code
function openid_verify_assertion_signature($service, $association, $response) { if ($service['version'] == 2) { // OpenID Authentication 2.0, section 10.1: // These keys must always be signed. $mandatory_keys = array('op_endpoint', 'return_to', 'response_nonce', 'assoc_handle'); if (isset($response['openid.claimed_id'])) { // If present, these two keys must also be signed. According to the spec, // they are either both present or both absent. $mandatory_keys[] = 'claimed_id'; $mandatory_keys[] = 'identity'; } } else { // OpenID Authentication 1.1. section 4.3.3. $mandatory_keys = array('identity', 'return_to'); } $keys_to_sign = explode(',', $response['openid.signed']); if (count(array_diff($mandatory_keys, $keys_to_sign)) > 0) { return FALSE; } return _openid_signature($association, $response, $keys_to_sign) === $response['openid.sig']; }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/modules!openid!openid.module/function/openid_verify_assertion_signature/7.x