RubyGems - barx - Versions diffs - 0.1.0 - Mend

barx 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

data/MIT-LICENSE +21 -0
data/README +11 -0
data/examples/README +78 -0
data/examples/dix +47 -0
data/examples/proxri +41 -0
data/examples/xrioid +66 -0
data/lib/barx.rb +9 -0
data/lib/httpclient/cacert.p7s +952 -0
data/lib/httpclient/cookie.rb +541 -0
data/lib/httpclient/http.rb +602 -0
data/lib/httpclient.rb +2054 -0
data/lib/xri_parser.rb +163 -0
data/lib/xri_resolver.rb +1056 -0
data/test/authority_parser_profile.rb +14 -0
data/test/test_helper.rb +7 -0
data/test/unit/all.rb +7 -0
data/test/unit/authority_parser_test.rb +300 -0
data/test/unit/input_param_parser_test.rb +93 -0
data/test/unit/multi_stage_resolution_test.rb +44 -0
data/test/unit/sep_selection_test.rb +87 -0
data/test/xrds_sources/empty_sels_no_append_qxri_sep +13 -0
data/test/xrds_sources/empty_sels_sep +13 -0
data/test/xrds_sources/first_stage1 +38 -0
data/test/xrds_sources/no_svc_sep +8 -0
data/test/xrds_sources/second_stage1 +26 -0
data/test/xrds_sources/sep1 +31 -0
metadata +82 -0

data/lib/xri_resolver.rb ADDED Viewed

@@ -0,0 +1,1056 @@
+module XriResolver
+  XRDNS = {"xrd"=>"xri://$xrd*($v*2.0)"} # XRD xml namespace
+  XRDType = "xri://$res*auth*($v*2.0)"
+  class XRIRoot
+    class <<self
+      def authorities
+        { "@"=>{:authority_uris=>["https://at.xri.net/", "http://at.xri.net/"], :verify_server_cert=>true},
+          "="=>{:authority_uris=>["https://equal.xri.net/", "http://equal.xri.net/"], :verify_server_cert=>true}}
+      end
+    end
+  end
+  class AuthorityResolver
+    ## usage:
+    ## resolved = XriResolver::AuthorityResolver.resolve(xri, req, stack)
+    ##
+    ## where xri is an XriParser::AuthorityParser object or an XRI string,
+    ## req is an XriResolver::ParseInputParameters object.
+    ## stack is an array of nested Ref(s) or Redirect(s) used for cycle detection
+    ##
+    ## Returns an XriResolver::AuthorityResolver object.
+    class <<self
+      def resolve(xri, req_obj=nil, stack=nil)
+        ## create default ParseInputParameters object unless one is passed in
+        req = (XriResolver::ParseInputParameters === req_obj) ? req_obj : XriResolver::ParseInputParameters.new
+        self.new(xri, req, stack)
+      end
+    end
+    attr_reader :xri, :xrd_array, :resolved, :status_code, :client, :req
+    def initialize(xri, req, stack)
+      if XriParser::AuthorityParser === xri
+        @xri = xri
+      else
+        begin
+          @xri = XriParser::AuthorityParser.parse(xri)
+        rescue Exception
+          raise
+        end
+      end
+      @req = req
+      @stack = stack || Array.new
+      if @req.saml
+        sts = REXML::Element.new('Status')
+        sts.add_attribute('code', code = '201')
+        sts.text = 'SAML_NOT_IMPLEMENTED'
+        xrd = REXML::Element.new('XRD')
+        xrd << sts
+        @xrd_array = Array.new
+        @xrd_array << xrd
+        return
+      end
+      raise UNKNOWN_ROOT, @xri.root unless Hash === XRIRoot.authorities[@xri.root]
+      @client = HTTPClient.new
+      @client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE unless XRIRoot.authorities[@xri.root][:verify_server_cert]
+      @accept_header = 'application/xrds+xml'
+      @accept_header << ';https=true' if @req.https
+      @xrd_array = Array.new
+      @resolved = "#{@xri.root}"
+      @status_code = String.new ## status code of the last resolved subsegment
+      subsegments_resolved = 0
+      @authority_uris = XRIRoot.authorities[@xri.root][:authority_uris].map {|u| URI.parse(u)}
+      errorcode = '220'
+      errortext = ResponseStatus[errorcode]
+      @xri.subsegments.each do |subsegment|
+        begin
+          @authority_uris = resolve_next(subsegment)
+        rescue Exception => e
+          errorcode = '220'
+          errortext = e.message
+          break
+        end
+        subsegments_resolved += 1
+        if @authority_uris.empty? or !@authority_uris.all?{|r| URI === r}
+          if subsegments_resolved < @xri.subsegments.length
+            if ele = (@xrd_array.last.elements['Ref'] or @xrd_array.last.elements['Redirect'])
+              @newreq = @req.clone
+              @newreq.sep = true
+              @newreq.nodefault_t = true
+              @newreq.service_type = XRDType
+              if ele.name == 'Ref'
+                authsep = AuthorityResolver.resolve(ele.text, @newreq, @stack)
+              else
+                authsep = URIAuthorityResolver.new(@xri, @newreq, doappend(ele).text, @stack)
+              end
+              if authsep.resolved_successfully? and not authsep.to_urilist.empty?
+                @xrd_array << authsep.to_xrds.root
+                @authority_uris = authsep.to_urilist.collect { |uri| URI.parse(uri) }
+              end
+            else
+              errorcode = @req.https ? '231' : '221'
+              errortext = ResponseStatus[errorcode]
+              break
+            end
+          end
+        end
+      end
+      if subsegments_resolved < @xri.subsegments.length
+        sts = REXML::Element.new('Status')
+        sts.add_attribute('code', errorcode)
+        sts.text = errortext
+        qry = REXML::Element.new('Query')
+        qry.text = CGI.unescape(@xri.subsegments[subsegments_resolved]).unpack('C*').pack('U*')
+        xrd = REXML::Element.new('XRD')
+        xrd << qry
+        xrd << sts
+        @xrd_array << xrd
+      end
+      serverstatus!
+      completeuris!
+      canonical!
+      references!
+      redirects!
+      services!
+    end
+    def resolved_successfully?
+      @resolved == CGI.unescape(@xri.fully_qualified) and @status_code === '100'
+    end
+    def to_s
+      build_xrds(@xrd_array)
+    end
+    def to_xrds
+      REXML::Document.new(self.to_s)
+    end
+    def last_xrd
+      if @xrd_array.last.root.name == 'XRDS'
+        REXML::XPath.match(@xrd_array.last.root, "//*[local-name()='XRD']", XRDNS).last
+      else
+        @xrd_array.last.root
+      end
+    end
+    def last_xrd_doc
+      REXML::Document.new(self.last_xrd.to_s.unpack('U*').pack('C*'))
+    end
+    def doappend(uri, inplace=nil)
+      uri_txt = uri.text
+      uri_app = uri.attribute('append').value rescue 'none'
+      unless uri_app == 'none'
+        uri_txt.slice!(/\/$/)
+        uri_txt.insert(-1, '/')
+      end
+      case uri_app
+      when 'local'
+        uri_txt << @xri.local
+      when 'authority'
+        uri_txt << @xri.authority
+      when 'path'
+        uri_txt << @xri.path
+      when 'query'
+        uri_txt << @xri.query
+      when 'qxri'
+        uri_txt << @xri.qxri
+      end
+      if inplace
+        uri.text = uri_txt
+        uri.delete_attribute('append')
+        uri
+      else
+        newuri = REXML::Element.new('URI')
+        newuri.text = uri_txt
+        newuri
+      end
+    end
+    def to_urilist
+      SEPSelector.select(self, self.last_xrd, @req).to_urilist
+    end
+    private
+    Retn = Struct.new(:header, :content)
+    def fetch_uri(uri)
+      if defined? Cache
+        key = uri.host + uri.path + @accept_header
+        if result = Cache.get(key)
+          return Retn.new({'FROM_CACHE' => 'true'}, result)
+        end
+      end
+      begin
+        @client.get_with_redirect(uri, nil, {'Accept'=> @accept_header})
+      rescue Exception
+        raise
+      end
+    end
+    def get_xrd_status_code(xrd)
+      REXML::XPath.match(xrd, "*[local-name()='Status']/@code", XRDNS).first.to_s rescue nil
+    end
+    def get_xrd_status_text(xrd)
+      REXML::XPath.match(xrd, "*[local-name()='Status']", XRDNS).first.to_s rescue nil
+    end
+    def get_xrd_query_string(xrd)
+      REXML::XPath.match(xrd, "*[local-name()='Query']", XRDNS).first.text rescue nil
+    end
+    def get_xrd_next_authority(xrd)
+      auth_uri = Array.new
+      REXML::XPath.match(xrd, "*[local-name()='Service']", XRDNS).each do |svc|
+        if REXML::XPath.match(svc, "*[local-name()='Type']", XRDNS).any? {|x| x.text == XRDType}
+           REXML::XPath.match(svc, "*[local-name()='MediaType']", XRDNS).any? {|x| mediatypeok?(x.text)}
+          REXML::XPath.match(svc, "*[local-name()='URI']", XRDNS).each do |r|
+            if urip = (URI.parse(r.text) rescue nil) and %w{http https}.include?(urip.scheme)
+              unless @req.https and urip.scheme != 'https'
+                auth_uri << [(r.attribute('priority').value rescue 0xFFFF).to_i, r.text]
+              end
+            end
+          end
+          break
+        end
+      end
+      auth_uri.sort{ |a, b| Common.prioritize a[0], b[0] }.map{ |y| y[1] } unless auth_uri.empty?
+    end
+    def resolve_next(subsegment)
+      begin
+        uri = @authority_uris.shift
+        uri.path << '/'
+        hxri = uri.merge(subsegment)
+        resolved = fetch_uri(hxri)
+        xml = resolved.content.unpack("C*").pack("U*") #convert to UTF8
+      rescue Exception => e
+        unless @authority_uris.empty?
+          retry
+        else
+          raise XRIResolutionFailure, "Unable to resolve #{subsegment} because: #{e.message}"
+        end
+      end
+      begin
+        doc = REXML::Document.new(xml)
+      rescue  Exception => e
+        raise XRIResolutionFailure, "#{e.message} -- #{xml}"
+      end
+      new_authority_uris = Array.new
+      current_xrd_array = Array.new
+      if doc.root.name == "XRDS"
+        REXML::XPath.each(doc, "//*[local-name()='XRD']", XRDNS) do |xrd|
+          @xrd_array << xrd
+          current_xrd_array << xrd
+          @status_code = get_xrd_status_code(xrd)
+          @status_text = get_xrd_status_text(xrd)
+          if @status_code == '100'
+            @resolved << get_xrd_query_string(xrd).unpack("U*").pack("C*")
+            new_authority_uris = get_xrd_next_authority(xrd).map {|u| URI.parse(u)} rescue []
+          end
+        end
+        if defined?(Cache) and (resolved.header['FROM_CACHE'] != 'true')
+          add_to_cache(resolved.header, current_xrd_array, hxri, xml)
+        end
+        return new_authority_uris
+      else
+        raise INVALID_XRDS, doc.root.name
+      end
+    end
+    def add_to_cache(hdr, current_xrd_array, hxri, xml)
+      header_exp = get_header_exp(hdr)
+      xrd_exp = get_xrd_exp(current_xrd_array)
+      if header_exp and xrd_exp
+        exp = (header_exp < xrd_exp) ? header_exp : xrd_exp
+      elsif header_exp
+        exp = header_exp
+      elsif xrd_exp
+        exp = xrd_exp
+      else
+        exp = Time.now.to_i + 3600
+      end
+      key = hxri.host + hxri.path + @accept_header
+      Cache.add(key, xml, exp)
+    end
+    def get_header_exp(hdr)
+      unless hdr['Cache-Control'].empty?
+        return nil if hdr['Cache-Control'].first.downcase == 'no-cache'
+      end
+      unless hdr['Expires'].empty?
+        a = ParseDate.parsedate(hdr['Expires'].first) rescue []
+        if a[6] =~ /\A(GMT|UTC|Z)\z/i
+          return Time.gm(*a).to_i
+        end
+      end
+      nil
+    end
+    def get_xrd_exp(xrd_ary)
+      exp_array = Array.new
+      xrd_ary.each do |xrd|
+        d = REXML::XPath.match(xrd, "*[local-name()='Expires']", XRDNS).first.text rescue ''
+        unless d.empty?
+          a = ParseDate.parsedate(d) rescue []
+          if a[6] =~ /\A(GMT|UTC|Z)\z/i
+            exp_array << Time.gm(*a).to_i
+          end
+        end
+      end
+      return exp_array.min
+    end
+    def build_xrds(xrd_array)
+      xrds = %Q{<XRDS xmlns="xri://$xrds" ref="xri://#{CGI.unescape(@xri.normalized)}">\n}
+      xrd_array.each {|xrd| xrds << "#{xrd.to_s.unpack('U*').pack('C*')}\n" }
+      xrds << "</XRDS>"
+    end
+    def verified?(piduri, ciduri)
+      begin
+        parsed_pid = XriParser::AuthorityParser.parse(piduri)
+        pid_root = parsed_pid.root
+        pid_segs = parsed_pid.subsegments
+        parsed_cid = XriParser::AuthorityParser.parse(ciduri)
+        cid_root = parsed_cid.root
+        cid_segs = parsed_cid.subsegments
+        pid_root == cid_root and pid_segs == cid_segs[0, pid_segs.length]
+      rescue
+        false
+      end
+    end
+    def mediatypeok?(type)
+      mimetype, *subparams = type.split(';').map {|h| h.strip.downcase}
+      verdict = (mimetype == 'application/xrds+xml')
+      verdict &&= @req.https ? (subparams.include?('https=true') or subparam.include?('https=1')) : true
+      verdict &&= @req.saml ? (subparams.include?('saml=true') or subparam.include?('saml=1')) : true
+    end
+    def references!
+      @xrd_array.collect! { |ele| Array.new.push(ele) }
+      # don't follow Ref's already done as part of authority resolution
+      seen = @xrd_array.collect{ |x| x[0].name == 'XRDS' ? 'xrds' : nil }.compact
+      startflag = (seen.length == 0)
+      @xrd_array.each do |xrd|
+        if xrd[0].name == 'XRDS'
+          startflag = true
+          next
+        end
+        next unless startflag
+        REXML::XPath.match(xrd[0], "//*[local-name()='Ref']", XRDNS).each do |ref|
+          if @req.refs.nil? or @req.refs.downcase == 'true' or (@req.refs =~ /\d+/ and @req.refs.to_i > 0)
+            @newreq = @req.clone
+            @newreq.refs = (@req.refs.to_i > 0 and (lessone = @req.refs.to_i - 1)) ? lessone.to_s : @req.refs
+            newxri = XriParser::AuthorityParser.parse(ref.text)
+            newxri.path = @xri.path if @xri.path
+            @stack << @xri.authority
+            unless @stack.include?(newxri.authority)
+              refresolver = AuthorityResolver.resolve(newxri, @newreq, @stack)
+              if refresolver.resolved_successfully?
+                xrd << REXML::Document.new(refresolver.to_s).root
+              end
+            else
+              REXML::XPath.match(xrd[0], "*[local-name()='Status']", XRDNS).each do |status|
+                status.add_attribute('refs', 'false')
+                status.text = 'REF_CYCLE_DETECTED'
+              end
+            end
+            @stack.pop
+          else
+            REXML::XPath.match(xrd[0], "*[local-name()='Status']", XRDNS).each do |status|
+              status.add_attribute('refs', 'false')
+            end
+          end
+        end
+      end
+      @xrd_array.flatten!
+    end
+    def redirects!
+      @xrd_array.collect! { |ele| Array.new.push(ele) }
+      # don't follow Redirect's already done as part of authority resolution
+      seen = @xrd_array.collect{ |x| x[0].name == 'XRDS' ? 'xrds' : nil }.compact
+      startflag = (seen.length == 0)
+      @xrd_array.each do |xrd|
+        if xrd[0].name == 'XRDS'
+          startflag = true
+          next
+        end
+        next unless startflag
+        REXML::XPath.match(xrd[0], "//*[local-name()='Redirect']", XRDNS).each do |red|
+          unless @stack.include?(reduri = doappend(red).text)
+            @stack << reduri
+            redres = URIAuthorityResolver.new(@xri, @req, reduri, @stack)
+            @stack.pop
+          else
+            responsecode = '250'
+            xrd[0].elements['Status'].text = 'REDIRECT_CYCLE_DETECTED'
+            xrd[0].elements['Status'].add_attribute('code', responsecode)
+            next
+          end
+          # do synonym verification
+          synsok = true
+          synlst = %w{ProviderID LocalID EquivID CanonicalID CanonicalEquivID}
+          redres.last_xrd.elements.to_a.each do |ele|
+            if synlst.include?(ele.name)
+              unless xrd[0].elements[ele.name] and xrd[0].elements[ele.name].text == ele.text
+                synsok = false
+                break
+              end
+            end
+          end
+          # if verification succeeds, embed XRDS; else set return code
+          if synsok
+            xrd << redres.to_xrds
+          else
+            responsecode = '251'
+            xrd[0].elements['Status'].text = ResponseStatus[responsecode]
+            xrd[0].elements['Status'].add_attribute('code', responsecode)
+          end
+        end
+      end
+      @xrd_array.flatten!
+    end
+    def canonical!
+      return unless @req.cid
+      pid = nil; @xrd_array.each do |xrd|
+        next unless xrd.name == 'XRD'
+        if cid = xrd.elements['CanonicalID']
+          if uricid = (URI.parse(cid.text) rescue nil) and %w{http https}.include?(uricid.scheme)
+            # HTTP(S) URI Verification Rules (13.2.1)
+            uriqry = URI.parse(xrd.elements['Query'].text) rescue nil
+            uricid.fragment = nil
+            xrd.elements['Status'].add_attribute('cid', (uricid == uriqry) ? 'verified' : 'failed')
+          else
+            # XRI Verification Rules (13.2.2)
+            pid ||= xrd.elements['ProviderID'] || REXML::Element.new('ProviderID')
+            xrd.elements['Status'].add_attribute('cid', verified?(pid.text, cid.text) ? 'verified' : 'failed')
+          end
+        else
+          xrd.elements['Status'].add_attribute('cid', 'absent')
+        end
+        pid = xrd.elements['Status'].attribute('cid').value == 'verified' ? cid : nil
+      end
+      # perform CanonicalEquivID verification on last XRD in resolution chain
+      xrd = @xrd_array.last
+      if cid = xrd.elements['CanonicalID'] and ceid = xrd.elements['CanonicalEquivID']
+        if xrd.elements['Status'].attributes['cid'] == 'verified'
+          # default to CEID failed
+          xrd.elements['Status'].add_attribute('ceid', 'failed')
+          # resolve CanonicalEquivID and test for remote EquivID == local CanonicalEquivID
+          if ceiu = (URI.parse(ceid.text) rescue nil) and %w{http https}.include?(ceiu.scheme)
+            ceiudoc = REXML::Document.new(@client.get_content(ceiu)) rescue nil
+            lastxrd = ceiudoc.elements.to_a("//*[local-name()='XRD']").last if ceiudoc
+          else
+            ceidresolver = AuthorityResolver.resolve(ceid.text) rescue nil
+            lastxrd = ceidresolver.last_xrd if ceidresolver.resolved_successfully?
+          end
+          # test for remote EquivID == local CanonicalEquivID
+          if lastxrd and lastxrd.elements.to_a('EquivID').any? {|x| x.text == cid.text}
+            xrd.elements['Status'].add_attribute('ceid', 'verified')
+          end
+        end
+      end
+    end
+    def completeuris!
+      return unless @req.uric
+      @xrd_array.each do |xrd|
+        next unless xrd.name == 'XRD'
+        xpath = "//*[(local-name()='URI')|(local-name()='Redirect')]"
+        REXML::XPath.match(xrd, xpath, XRDNS).collect!{|uri| doappend(uri, "inplace") }
+      end
+    end
+    def serverstatus!
+      @xrd_array.each do |xrd|
+        next unless xrd.name == 'XRD'
+        serverstatus = REXML::Element.new('ServerStatus')
+        if xrd.elements['Status']
+          serverstatus.text = xrd.elements['Status'].text
+          serverstatus.add_attributes(xrd.elements['Status'].attributes)
+        end
+        newxrdeles = xrd.elements.partition do |x|
+          after = xrd.elements['Status'] || xrd.elements['Query']
+          xrd.elements.index(x) <= xrd.elements.index(after)
+        end
+        xrd.elements.delete_all('*')
+        newxrdeles[0].each { |x| xrd.elements << x }
+        xrd.elements << serverstatus
+        newxrdeles[1].each { |x| xrd.elements << x }
+      end
+    end
+    def noprefix(xri) xri[/(^xri:\/\/)*(.*$)/, 2]; end
+    def services!
+      return unless @req.sep
+      ## make list of XRD elements
+      xrd_list = @xrd_array.clone
+      xrd_list.delete_if { |xrd| xrd.name == 'XRDS' }
+      ## make list of XRDS elements
+      xrds_list = @xrd_array.clone
+      xrds_list.delete_if { |xrd| not xrd.name == 'XRDS' }
+      ## do SEP selection on last XRD
+      seplist = SEPSelector.select(self, xrd_list.last, @req)
+      if seplist.empty?
+        ## no Service elements selected, so delete all Service/Ref(s) or Service/Redirect(s)
+        xpath = "*[local-name()='Service']/*[(local-name()='Ref')|(local-name()='Redirect')]"
+        svclist = REXML::XPath.match(xrd_list.last, xpath, XRDNS).collect do |ele|
+          ele.name == 'Ref' ? noprefix(ele.text) : doappend(ele).text
+        end
+        unless svclist.empty?
+          xrds_list.delete_if do |xrds|
+            svclist.include?(noprefix(xrds.root.attributes['ref'] || xrds.root.attributes['redirect']))
+          end
+        end
+      else
+        ## Service elements selected
+        unless seplist.to_urilist.empty?
+          ## Service/URI selected at XRD level, so don't follow any Ref(s) or Redirect(s)
+          xrds_list.clear
+        else
+          ## Service/Ref or Service/Redirect selected at XRD level, so follow them
+          svclist = Array.new
+          seplist.to_reflist.collect { |svclistxri| noprefix(svclistxri) }.each { |svc| svclist << svc }
+          seplist.to_redlist.collect { |svclisturi| svclisturi }.each { |svc| svclist << svc }
+          unless svclist.empty?
+            xrds_list.delete_if do |xrds|
+              not svclist.include?(noprefix(xrds.root.attributes['ref'] || xrds.root.attributes['redirect']))
+            end
+          end
+        end
+      end
+      ## purge XRDS in which no Service/URI elements are present
+      xrds_list.delete_if do |xrds|
+        lastxrd = REXML::XPath.match(xrds, "//*[local-name()='XRD']", XRDNS).last
+        numuris = REXML::XPath.match(lastxrd, "//*[local-name()='Service']/*[local-name()='URI']", XRDNS).length
+        numuris == 0
+      end
+      ## break ties among selected Ref(s) or Redirect(s) by priority
+      chosenxrds = nil
+      unless xrds_list.length > 1
+        chosenxrds = xrds_list.first
+      else
+        reflist = Array.new
+        xpath = "//*[(local-name()='Ref')|(local-name()='Redirect')]"
+        REXML::XPath.match(xrd_list.last, xpath, XRDNS).each do |ref|
+          reflist << [(ref.attribute('priority') ? ref.attribute('priority').value : 0xFFFF), ref]
+        end
+        reflist.sort! { |x, y| Common.prioritize x[0], y[0] }
+        reflist.each do |ref|
+          xrds_list.each do |xrds|
+            xrdsid = xrds.root.attributes['ref'] || xrds.root.attributes['redirect']
+            refsid = ref[1].name == 'Ref' ? ref[1].text : doappend(ref[1]).text
+            if noprefix(xrdsid) == noprefix(refsid)
+              chosenxrds = xrds
+              break
+            end
+          end
+          break if chosenxrds
+        end
+      end
+      ## save SEP selection results to object state
+      @xrd_array = xrd_list[0..-2]
+      @xrd_array << seplist.to_xrd
+      @xrd_array << chosenxrds if chosenxrds
+    end
+  end
+  ResponseStatus = {
+          '100' => 'SUCCESS',
+          '200' => 'PERM_FAIL',
+          '201' => 'NOT_IMPLEMENTED',
+          '202' => 'LIMIT_EXCEEDED',
+          '210' => 'INVALID_INPUT',
+          '211' => 'INVALID_QXRI',
+          '212' => 'INVALID_RES_MEDIA_TYPE',
+          '213' => 'INVALID_SEP_TYPE',
+          '214' => 'INVALID_SEP_MEDIA_TYPE',
+          '215' => 'UNKNOWN_ROOT',
+          '220' => 'AUTH_RES_ERROR',
+          '221' => 'AUTH_RES_NOT_FOUND',
+          '222' => 'QUERY_NOT_FOUND',
+          '223' => 'UNEXPECTED_XRD',
+          '230' => 'TRUSTED_RES_ERROR',
+          '231' => 'HTTPS_RES_NOT_FOUND',
+          '232' => 'SAML_RES_NOT_FOUND',
+          '233' => 'HTTPS+SAML_RES_NOT_FOUND',
+          '234' => 'UNVERIFIED_SIGNATURE',
+          '240' => 'SEP_SELECTION_ERROR',
+          '241' => 'SEP_NOT_FOUND',
+          '250' => 'REDIRECT_FAILED',
+          '251' => 'REDIRECT_SYNONYM_VERIFICATION_FAILED',
+          '300' => 'TEMPORARY_FAIL',
+          '301' => 'TIMEOUT_ERROR',
+          '320' => 'NETWORK_ERROR',
+          '321' => 'UNEXPECTED_RESPONSE',
+          '322' => 'INVALID_XRDS'
+        }
+  class XRIResolutionFailure < RuntimeError; end
+  class INVALID_XRDS < XRIResolutionFailure; end
+  class UNKNOWN_ROOT < XRIResolutionFailure; end
+  class SEPSelector
+    ## usage:
+    ## SEPList = XriResolver::SEPSelector.select(xrds, xrd, inputs)
+    ##
+    ## where xrds is a valid XriResolver::AuthorityResolver object
+    ## where inputs is a valid XriResolver::ParseInputParameters object
+    ##
+    ## Returns an SEPList object corresponding to the selected SEPs, ordered by priority
+    ##
+    ## (literally implements pseudocode in XRI Resolution 2.0 WD11 ED03 Section 10.6)
+    ##
+    @@sel_categories = ['Path', 'Type', 'MediaType'].freeze
+    @@match_types = ['Positive', 'Default', 'Matched'].freeze
+    def SEPSelector.select(xrds, xrd, inputs)
+      ## initialize arrays
+      selected_set = SEPList.new(xrds, xrd)
+      default_set = SEPList.new(xrds, xrd)
+      ## initialize nodefault to false
+      nodefault = Hash.new
+      @@sel_categories.each do |sel_category|
+        nodefault[sel_category] = false
+      end
+      ## set nodefault according to subparameters
+      nodefault['Path'] = inputs.nodefault_p
+      nodefault['Type'] = inputs.nodefault_t
+      nodefault['MediaType'] = inputs.nodefault_m
+      ## normalize path
+      path = (xrds.xri.path[0] == ?/) ? xrds.xri.path[1..-1] : xrds.xri.path ## remove leading '/'
+      path = nil if path.empty? ## per XRI Resolution WD11 ED03 Section 6.1.1
+      ## set content values
+      content = Hash.new
+      content['Path'] = path
+      content['Type'] = inputs.service_type
+      content['MediaType'] = inputs.service_media_type
+      ## "FOR EACH SEP"
+      REXML::XPath.match(xrd, "*[local-name()='Service']", XRDNS).each do |sep|
+        ## "CREATE set of SEL match flags"
+        ## "SET all flags to FALSE"
+        flag = Hash.new
+        @@match_types.each do |match_type|
+          flag[match_type] = Hash.new
+          @@sel_categories.each do |sel_category|
+            flag[match_type][sel_category] = false
+          end
+        end
+        ## we now have
+        ## flag = {"Default"=>{"MediaType"=>false, "Type"=>false, "Path"=>false},
+        ##         "Positive"=>{"MediaType"=>false, "Type"=>false, "Path"=>false},
+        ##         "Matched"=>{"MediaType"=>false, "Type"=>false, "Path"=>false}}
+        ## "FOR EACH SEL of category x (where x=Type, Path or Mediatype)"
+        REXML::XPath.match(sep, "*[(local-name()='Type')|(local-name()='Path')|(local-name()='MediaType')]", XRDNS).each do |sel|
+          ## record match result on this sel
+          this_sel_positive_match = false
+          this_sel_default_match = false
+          ## "SET Matched.x=TRUE"
+          flag['Matched'][sel.name] = true
+          ## determine match
+          if sel.attributes['match'] and sel.attributes['match'] != 'content'
+            ## determine match per XRI Resolution WD11 ED03 Section 10.3.2
+            case sel.attributes['match']
+            when 'any'
+              this_sel_positive_match = true
+            when 'default'
+              this_sel_default_match = true
+            when 'non-null'
+              if content[sel.name]
+                this_sel_positive_match = true
+              end
+            when 'null'
+              unless content[sel.name]
+                this_sel_positive_match = true
+              end
+            end
+          else
+            ## if no match attribute, see if there's a content match per 10.3.6, 10.3.7 and 10.3.8
+            ## TODO: implement normalization and other rules per these three sections
+            if sel.text and content[sel.name]
+              if sel.text.downcase == content[sel.name].downcase
+                this_sel_positive_match = true
+              end
+            end
+          end
+          ## "IF match on this SEL is POSITIVE"
+          if this_sel_positive_match
+            if sel.attributes['select'] == 'true'
+              ## sec 10.4.2
+              selected_set << [sep]
+              break
+            else
+              flag['Positive'][sel.name] = true
+              next
+            end
+          elsif this_sel_default_match
+            ## if we have already found a positive SEL with the same name - sec. 10.3.5
+            if flag['Positive'][sel.name]
+              next
+            elsif nodefault[sel.name]
+              next
+            else
+              flag['Default'][sel.name] = true
+              next
+            end
+          else
+            next
+          end
+        ## "End FOR EACH SEL"
+        end
+        ## "IF Matched.x=FALSE" (Sec 10.3.3)
+        flag['Matched'].each do |selname, value|
+          unless value ## this SEL hasn't been matched, i.e. was missing
+            flag['Default'][selname] = true unless nodefault[selname]
+          end
+        end
+        ## "IF Positive.Type=TRUE AND [...]"
+        if flag['Positive']['Type'] and
+           flag['Positive']['Path'] and
+           flag['Positive']['MediaType']
+          selected_set << [sep]
+          next
+        end
+        if (flag['Positive']['Type'] or flag['Default']['Type']) and
+              (flag['Positive']['Path'] or flag['Default']['Path']) and
+              (flag['Positive']['MediaType'] or flag['Default']['MediaType'])
+          default_set << [sep, flag.dup]
+        end
+      ## "END FOR EACH SEP"
+      end
+      ## "IF SELECTED SET != EMPTY
+      unless selected_set.empty?
+        return selected_set
+      end
+      ## "IF DEFAULT SET != EMPTY	;see 10.5.2"
+      unless default_set.empty?
+        default_set.each do |sep, flag|
+          ## two positive flags
+          if (flag['Positive']['Type'] and flag['Positive']['Path']) or
+             (flag['Positive']['Type'] and flag['Positive']['MediaType']) or
+             (flag['Positive']['Path'] and flag['Positive']['MediaType'])
+            selected_set << [sep]
+          end
+        end
+        ## "IF SELECTED SET != EMPTY
+        unless selected_set.empty?
+          return selected_set
+        end
+        ## "FOR EACH SEP IN DEFAULT SET"
+        default_set.each do |sep, flag|
+          ## one positive flag
+          if flag['Positive']['Type'] or
+             flag['Positive']['Path'] or
+             flag['Positive']['MediaType']
+            selected_set << [sep]
+          end
+        end
+      end
+      ## "IF SELECTED SET != EMPTY
+      unless selected_set.empty?
+        ## there was one positive flag in the default set
+        return selected_set
+      else
+        ## all default flags
+        return default_set
+      end
+      ## "RETURN EMPTY SET"
+      return []
+    end
+  end
+  class SEPList < Array
+    def initialize(xrds, xrd)
+      @xrds = xrds
+      @xrd = xrd
+    end
+    def to_urilist
+      to_list('URI')
+    end
+    def to_reflist
+      to_list('Ref')
+    end
+    def to_redlist
+      to_list('Redirect')
+    end
+    def uris?
+      not to_list('URI').empty?
+    end
+    def refs?
+      not to_list('Ref').empty?
+    end
+    def reds?
+      not to_list('Redirect').empty?
+    end
+    def to_xrd
+      ## sort SEPs by value of "priority" attribute
+      seplist = Array.new
+      self.each do |sep, flag|
+        sep_pri = sep.attribute('priority') ? sep.attribute('priority').value : 0xFFFF
+        seplist << [sep_pri, sep]
+      end
+      seplist.sort! { |x, y| Common.prioritize x[0], y[0] }
+      ## remove all existing xrd:Service elements
+      newxrd = @xrd.clone
+      REXML::XPath.match(@xrd, "*[not(local-name()='Service')]", XRDNS).each do |ele|
+        newxrd << ele
+      end
+      ## re-add selected and sorted xrd:Service elements per 6.2.2
+      priority = 0
+      seplist.each do |sep_pri, sep|
+        sep.delete_attribute('priority')
+        sep.add_attribute('priority', priority)
+        priority += 1
+        newxrd << sep
+      end
+      REXML::Document.new(newxrd.to_s)
+    end
+    private
+    def to_list(elename)
+      ## sort SEPs, and URIs within them, by value of "priority" attribute
+      seplist = Array.new
+      self.each do |sep, flag|
+        sep_pri = sep.attribute('priority') ? sep.attribute('priority').value : 0xFFFF
+        sep_urilist = Array.new
+        REXML::XPath.match(sep, "*[local-name()='#{elename}']", XRDNS).each do |uri|
+          uri_pri = uri.attribute('priority') ? uri.attribute('priority').value : 0xFFFF
+          sep_urilist << [uri_pri, uri]
+        end
+        sep_urilist.sort! { |x, y| Common.prioritize x[0], y[0] }
+        seplist << [sep_pri, sep_urilist]
+      end
+      seplist.sort! { |x, y| Common.prioritize x[0], y[0] }
+      ## build and return URI list per XRI Resolution Specification Section 10.7
+      urilist = Array.new
+      seplist.each do |sep|
+        sep[1].each do |uri|
+          urilist << @xrds.doappend(uri[1]).text
+        end
+      end
+      urilist
+    end
+  end
+  class ParseInputParameters
+    attr_accessor :resolution_media_type,
+                  :service_media_type,
+                  :service_type,
+                  :uric,
+                  :sep,
+                  :cid,
+                  :nodefault_p,
+                  :nodefault_t,
+                  :nodefault_m,
+                  :refs,
+                  :https,
+                  :saml
+    def initialize(params={}, accept_headers="")
+      if params.instance_of?(Hash)
+        symparams = Hash.new
+        params.each { |k,v| symparams[k.to_sym] = v }
+        params = symparams
+      end
+      param_inputs = parse_query_params(params)
+      header_inputs = parse_accept_headers(accept_headers)
+      unless is_blank?(param_inputs[:res_media_type])
+        @resolution_media_type = param_inputs[:res_media_type]
+        @uric = has_true_value?(param_inputs[:uric]) ? true : false
+        @sep = has_true_value?(param_inputs[:sep]) ? true : false
+        @cid = has_false_value?(param_inputs[:cid]) ? false : true
+        @nodefault_p = has_true_value?(param_inputs[:nodefault_p]) ? true : false
+        @nodefault_t = has_true_value?(param_inputs[:nodefault_t]) ? true : false
+        @nodefault_m = has_true_value?(param_inputs[:nodefault_m]) ? true : false
+        @refs = param_inputs[:refs]
+        @https = has_true_value?(param_inputs[:https]) ? true : false
+        @saml = has_true_value?(param_inputs[:saml]) ? true : false
+      else
+        @resolution_media_type = header_inputs[:res_media_type]
+        @uric = has_true_value?(header_inputs[:uric]) ? true : false
+        @sep = has_true_value?(header_inputs[:sep]) ? true : false
+        @cid = has_false_value?(header_inputs[:cid]) ? false : true
+        @nodefault_p = has_true_value?(header_inputs[:nodefault_p]) ? true : false
+        @nodefault_t = has_true_value?(header_inputs[:nodefault_t]) ? true : false
+        @nodefault_m = has_true_value?(header_inputs[:nodefault_m]) ? true : false
+        @refs = header_inputs[:refs]
+        @https = has_true_value?(header_inputs[:https]) ? true : false
+        @saml = has_true_value?(header_inputs[:saml]) ? true : false
+      end
+      @service_media_type = param_inputs[:service_media_type]
+      @service_type = param_inputs[:service_type]
+      ## force sep=true if RMT is text/uri-list or unspecified
+      @sep = true if @resolution_media_type == 'text/uri-list' or is_blank?(@resolution_media_type)
+    end
+    def parse_query_params(params)
+      inputs = {:res_media_type => ""}
+      ## get Resolution Media type
+      if params.has_key?(:_xrd_r)
+        parsedrof = params[:_xrd_r].split(';') rescue []
+        inputs[:res_media_type] = parsedrof.shift.tr(' ', '+') rescue ''
+        parsedrof.each do |part|
+          k,v = part.downcase.split('=')
+          inputs["#{k}".to_sym] = v unless is_blank?(k)
+        end
+      end
+      ## get Service Type selection element
+      inputs[:service_type] = (params.has_key?(:_xrd_t)) ? params[:_xrd_t].tr(' ', '+') : nil
+      ## get Service Media Type selection element
+      inputs[:service_media_type] = (params.has_key?(:_xrd_m)) ? params[:_xrd_m].tr(' ', '+') : nil
+      inputs
+    end
+    def parse_accept_headers(accept_headers)
+      valid_headers = ['application/xrds+xml', 'application/xrd+xml', 'text/uri-list']
+      res_inputs = {:res_media_type => ""}
+      headers = accept_headers.split(',').map {|h| h.strip}
+      headers.each do |hdr|
+        hdr_parts = hdr.split(';')
+        if valid_headers.include?(hdr_parts.first)
+          res_inputs[:res_media_type] = hdr_parts.shift
+          hdr_parts.each do |part|
+            k,v = part.downcase.split('=')
+            res_inputs["#{k}".to_sym] = v unless is_blank?(k)
+          end
+          break
+        end
+      end
+      res_inputs
+    end
+    def has_true_value?(test)
+      test == 'true' or test == '1'
+    end
+    def has_false_value?(test)
+      test == 'false' or test == '0'
+    end
+    def is_blank?(test)
+      test.empty? or test =~ /\A\s*\z/
+    end
+  end
+  class URIAuthorityResolver < AuthorityResolver
+    def initialize(xri, req, uri, stack)
+      if uri = (URI.parse(uri) rescue nil) and %w{http https}.include?(uri.scheme)
+        @xri = xri
+        @req = req
+        @uri = uri
+        @stack = stack || Array.new
+        @client = HTTPClient.new
+        uriget = fetch_uri(uri)
+        urixml = uriget.content.unpack("C*").pack("U*")
+        uridoc = REXML::Document.new(urixml).root
+        @xrd_array = REXML::XPath.match(uridoc, "*", XRDNS)
+        serverstatus!
+        completeuris!
+        canonical!
+        references!
+        redirects!
+        services!
+      end
+    end
+    def to_s
+      self.to_xrds.to_s
+    end
+    def to_xrds
+      xrds = REXML::Element.new('XRDS')
+      xrds.add_namespace('xri://$xrds')
+      xrds.add_attribute('redirect', @uri)
+      @xrd_array.each { |ele| xrds << ele }
+      xrds
+    end
+    def resolved_successfully?
+      true
+    end
+  end
+  class Common
+    def Common.prioritize(x, y)
+      (x.to_i == y.to_i) ? (rand(3) - 1) : (x.to_i <=> y.to_i)
+    end
+  end
+end