You are here

function openid_association in Drupal 7

Same name and namespace in other branches
  1. 6 modules/openid/openid.module \openid_association()

Attempt to create a shared secret with the OpenID Provider.

Parameters

$op_endpoint URL of the OpenID Provider endpoint.:

Return value

$assoc_handle The association handle.

1 call to openid_association()
openid_begin in modules/openid/openid.module
The initial step of OpenID authentication responsible for the following:
1 string reference to 'openid_association'
openid_update_7000 in modules/openid/openid.install
Bind associations to their providers.

File

modules/openid/openid.module, line 596
Implement OpenID Relying Party support for Drupal

Code

function openid_association($op_endpoint) {
  module_load_include('inc', 'openid');

  // Remove Old Associations:
  db_delete('openid_association')
    ->where('created + expires_in < :request_time', array(
    ':request_time' => REQUEST_TIME,
  ))
    ->execute();

  // Check to see if we have an association for this IdP already
  $assoc_handle = db_query("SELECT assoc_handle FROM {openid_association} WHERE idp_endpoint_uri = :endpoint", array(
    ':endpoint' => $op_endpoint,
  ))
    ->fetchField();
  if (empty($assoc_handle)) {
    $mod = OPENID_DH_DEFAULT_MOD;
    $gen = OPENID_DH_DEFAULT_GEN;
    $r = _openid_dh_rand($mod);
    $private = _openid_math_add($r, 1);
    $public = _openid_math_powmod($gen, $private, $mod);

    // If there is no existing association, then request one
    $assoc_request = openid_association_request($public);
    $assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
    $assoc_options = array(
      'headers' => array(
        'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8',
      ),
      'method' => 'POST',
      'data' => $assoc_message,
    );
    $assoc_result = drupal_http_request($op_endpoint, $assoc_options);
    if (isset($assoc_result->error)) {
      return FALSE;
    }
    $assoc_response = _openid_parse_message($assoc_result->data);
    if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
      return FALSE;
    }
    if ($assoc_response['session_type'] == 'DH-SHA1') {
      $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
      $enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
      $shared = _openid_math_powmod($spub, $private, $mod);
      $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
    }
    db_insert('openid_association')
      ->fields(array(
      'idp_endpoint_uri' => $op_endpoint,
      'session_type' => $assoc_response['session_type'],
      'assoc_handle' => $assoc_response['assoc_handle'],
      'assoc_type' => $assoc_response['assoc_type'],
      'expires_in' => $assoc_response['expires_in'],
      'mac_key' => $assoc_response['mac_key'],
      'created' => REQUEST_TIME,
    ))
      ->execute();
    $assoc_handle = $assoc_response['assoc_handle'];
  }
  return $assoc_handle;
}