function openid_verify_assertion_signature in Drupal 7
Same name and namespace in other branches
- 6 modules/openid/openid.module \openid_verify_assertion_signature()
Verify the signature of the response received from the OpenID provider.
Parameters
$service: Array describing the OpenID provider.
$association: Information on the association with the OpenID provider.
$response: Array of response values from the provider.
Return value
TRUE if the signature is valid and covers all fields required to be signed.
See also
http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4
1 call to openid_verify_assertion_signature()
- openid_verify_assertion in modules/
openid/ openid.module - Attempt to verify the response received from the OpenID Provider.
File
- modules/
openid/ openid.module, line 908 - Implement OpenID Relying Party support for Drupal
Code
function openid_verify_assertion_signature($service, $association, $response) {
if ($service['version'] == 2) {
// OpenID Authentication 2.0, section 10.1:
// These keys must always be signed.
$mandatory_keys = array(
'op_endpoint',
'return_to',
'response_nonce',
'assoc_handle',
);
if (isset($response['openid.claimed_id'])) {
// If present, these two keys must also be signed. According to the spec,
// they are either both present or both absent.
$mandatory_keys[] = 'claimed_id';
$mandatory_keys[] = 'identity';
}
}
else {
// OpenID Authentication 1.1. section 4.3.3.
$mandatory_keys = array(
'identity',
'return_to',
);
}
$keys_to_sign = explode(',', $response['openid.signed']);
if (count(array_diff($mandatory_keys, $keys_to_sign)) > 0) {
return FALSE;
}
return _openid_signature($association, $response, $keys_to_sign) === $response['openid.sig'];
}