openid 0.0.1

data/COPYING

@@ -0,0 +1,26 @@
+Ruby OpenID
+
+Copyright (C) 2005 Mark Quinn
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+You also have the option of using this library under the terms of
+Ruby's license.
+
+More info about Ruby OpenID:
+http://openid.rubyforge.org/
+
+More info about OpenID:
+http://www.openid.net/

data/README

@@ -0,0 +1,56 @@
+OpenID for Ruby
+===============
+[Mark Quinn](mailto:mmq@dekinai.com)
+
+Version: 0.0.1
+July 10, 2005
+
+License: LGPL or Ruby's license
+
+
+- Homepage:  http://openid.rubyforge.org/
+- OpenID Homepage:  http://openid.net/
+
+
+Currently this only implements a consumer module. See examples/httpconsumer.rb for an example.
+
+This is the first release, so there may be some API changes (and, notably, it will need to be modified for the coming/recent OpenID spec changes regarding times)
+
+ACKNOWLEDGMENTS
+---------------
+
+This project owes a great deal to the work done over at schtuff.com on [python modules](http://openid.schtuff.com/). The structure and code of this module and examples/httpconsumer.rb borrows heavily from them. Thanks guys!
+
+Big thanks to the creators of OpenID, and everybody on the mailing list (I'm watching you!)
+
+Thanks to Google for funding open source, this is part of the Google Summer of Code 2005.
+
+
+PREREQUISITES
+-------------
+
++ Ruby 1.8
++ rake (if installing the gem)
++ [htmltokenizer](http://rubyforge.org/projects/htmltokenizer/)
++ [ruby-hmac](http://deisui.org/~ueno/ruby/hmac.html)
+
+INSTALLATION
+------------
+
+The easiest way to install is by using the gem, available at rubyforge.
+
+Get rubygems and rake, if you don't have them (you can install rake with `gem install rake`).
+
+Unfortunately, there are no gems for htmltokenizer and ruby-hmac yet, so you must install them manually.
+
+Once that is done, `gem install openid` should do the trick.
+
+
+CHANGES
+-------
+
+### Changes from 0.0.0 ###
+
+* Brand new
+
+(This document is formatted with Markdown)

data/examples/httpconsumer.rb

@@ -0,0 +1,126 @@
+require 'webrick'
+include WEBrick
+
+require 'openid/consumer'
+require 'openid/association'
+require 'openid/interface'
+
+module OpenID
+	# First we need to define an AssociationManager to keep track of all
+	# associations. This one is basically a copy of the one from httpconsumer.py
+	# in the python module examples. It is not well designed, but works for an
+	# example. I placed this in the OpenID namespace so it has easy access to
+	# everything from the modules, without having to pull everything in.
+	# Maybe that is bad form.
+	class DictionaryAssociationManager < BaseAssociationManager
+		def initialize()
+			associator = DiffieHelmanAssociator.new(OpenID::SimpleHTTPClient.new)
+			super(associator)
+			@associations = []
+		end
+		
+		def update(new_assoc, expired)
+			@associations.push(new_assoc) if new_assoc
+			
+			if expired
+				expired.each { |assoc1|
+					@associations.each_index { |i|
+						if assoc1 == @associations[i]
+							@associations.delete_at(i)
+							# break
+						end
+					}
+				}
+			end
+		end
+		
+		def get_all(server_url)
+			results = []
+			@associations.each { |assoc|
+				results.push(assoc) if assoc.server_url == server_url
+			}
+			return results
+		end
+		
+		def invalidate(server_url, assoc_handle)
+			@associations.each_index { |i|
+				if @associations[i].server_url == server_url and @associations[i].handle == assoc_handle
+					@associations.delete_at(i)
+					# break
+				end
+			}
+		end
+	end
+end #module OpenID
+		
+class OpenIDServlet < HTTPServlet::AbstractServlet
+
+	def initialize(server, *options)
+		@http_client = OpenID::SimpleHTTPClient.new
+		@association_manager = OpenID::DictionaryAssociationManager.new
+		@consumer = OpenID::Consumer.new(@http_client, @association_manager)
+		super(server, *options)
+	end
+	
+	def do_GET(req, res)
+		res['Content-Type'] = 'text/html'
+		if req.query['identity_url']
+			# This executes after the form has been submitted.
+			identity_url = req.query['identity_url'].to_s
+			redirect_url = @consumer.handle_request(identity_url, req.header['referer'][0].to_s)
+			if redirect_url
+				# Redirect to the authentication page (The openid server)
+				res.set_redirect(HTTPStatus::Found, redirect_url)
+			else
+				res.status = 412
+				res.body = "no identity url!"
+			end
+		elsif req.query['openid.mode']
+			# This is where we handle the user after they are sent back by the server
+			begin
+				valid_to = @consumer.handle_response(OpenID::Request.new(req.query, 'GET'))
+			rescue
+				# You can rescue specific errors here to deal with the user cancelling and such.
+				res.body = get_output_page("Exception raised by consumer.handle_response:\n<br />" + $!)
+			else
+				res.body = get_output_page("Logged in! Valid-to: #{valid_to}")
+			end
+		else
+			# Display the login form
+			res.body = get_input_form
+		end
+	end
+	
+	def get_input_form()
+		return <<EOF
+		<html>
+		<head><title>OpenID for Ruby</title></head>
+		<body style="background-color: #FFFFCC;">
+		<h2>OpenID for Ruby httpconsumer.rb example</h2>
+		<form method="GET" action="/">
+		Your Identity URL: <input type="text" name="identity_url" size="60" />
+		<br /><input type="submit" value="Log in" />
+		</form>
+		</body>
+		</html>
+EOF
+	end
+	
+	def get_output_page(text, bgcolor = '#FFFFCC')
+		return <<EOF
+		<html>
+		<head><title>OpenID for Ruby</title></head>
+		<body style="background-color: #{bgcolor};">
+		<h2>OpenID for Ruby httpconsumer.rb example</h2>
+		#{text}
+		</body>
+		</html>
+EOF
+	end
+
+end
+
+server = HTTPServer.new( :Port => 8081 )
+server.mount('/', OpenIDServlet)
+trap("INT") { server.shutdown }
+server.start

data/lib/openid/association.rb

@@ -0,0 +1,222 @@
+require 'openid/constants'
+require 'openid/errors'
+require 'openid/util'
+
+require 'base64'
+require 'digest/sha1'
+
+module OpenID
+	class Association
+		attr_reader :handle, :secret, :expiry
+		attr_writer :handle, :secret, :expiry
+		def initialize(handle, secret, expiry, replace_after)
+			@handle = handle.to_s
+			@secret = secret.to_s
+			@replace_after = replace_after
+			@expiry = expiry
+		end
+		#TODO: override ==?
+	end #class Association
+	
+	# Represents an association established for a consumer.
+	class ConsumerAssociation < Association
+		attr_reader :server_url
+		attr_writer :server_url
+		def initialize(server_url, handle, secret, expiry, replace_after)
+			super(handle, secret, expiry, replace_after)
+			@server_url = server_url.to_s
+		end
+		
+		def get_replace_after
+			if @replace_after
+				return @replace_after
+			else
+				return @expiry
+			end
+		end
+	end #class ConsumerAssociation
+	
+	class ServerAssociation < Association
+		def initialize(handle, secret, expiry_off, replace_after_off)
+			now = Time.now
+			expiry = now + expiry_off
+			replace_after = now + replace_after_off
+			super(handle, secret, expiry, replace_after)
+			@issued = now
+		end
+	end #class ServerAssociation
+
+	# Abstract class which is the parent of both DumbAssociationManager and 
+	# BaseAssociationManager.
+	class AssociationManager
+		# Return a ConsumerAssociation based on server_url and assoc_handle
+		def get_association(server_url, assoc_handle)
+			raise NotImplementedError
+		end
+		# Create an association with server_url. Return an assoc_handle
+		def associate(server_url)
+			raise NotImplementedError
+		end
+		# Invalidate an Association
+		def invalidate(server_url, assoc_handle)
+			raise NotImplementedError
+		end
+	end # class AssociactionManager
+		
+	class DumbAssociationManager < AssociationManager
+		def get_association(server_url, assoc_handle)
+			return nil
+		end
+		
+		def associate(server_url)
+			return nil
+		end
+		
+		def invalidate(server_url, assoc_handle)
+			# pass
+		end
+	end #class DumbAssociationManager
+		
+	class BaseAssociationManager < AssociationManager
+		def initialize(associator)
+			@associator = associator
+		end
+		# Returns assoc_handle associated with server_url
+		def associate(server_url)
+			now = Time.now
+			expired = []
+			assoc = nil
+			get_all(server_url).each { |current|
+				replace_after = current.get_replace_after
+				if current.expiry < now
+					expired.push(current)
+				elsif assoc == nil
+					assoc = current if replace_after > now
+				elsif replace_after > assoc.replace_after
+					assoc = current
+				end
+			}
+			new_assoc = nil
+			if assoc == nil
+				assoc = new_assoc = @associator.associate(server_url)
+			end
+			if new_assoc or expired
+				update(new_assoc, expired)
+			end
+			
+			return assoc.handle
+		end
+		
+		def get_association(server_url, assoc_handle)
+			get_all(server_url).each { |assoc|
+				return assoc if assoc.handle == assoc_handle
+			}
+			return nil
+		end
+		
+		# This must be implemented by subclasses.
+		#
+		# new_assoc is either a new association object or nil. Expired is a possibly
+		# empty list of expired associations.
+		# Subclass should add new_assoc if it is not nil, and expire each association
+		# in the expired list.
+		def update(new_assoc, expired)
+			raise NotImplementedError
+		end
+		
+		# This must be implemented by subclasses.
+		#
+		# Should return a list of Association objects matching server_url
+		def get_all(server_url)
+			raise NotImplementedError
+		end
+		
+		# This must be implemented by subclasses.
+		#
+		# Subclass should remove the association for the given
+		# server_url and assoc_handle.
+		def invalidate(server_url, assoc_handle)
+			raise NotImplementedError
+		end
+	end #class BaseAssociationManager	
+	
+	# A class for establishing associations with OpenID servers.
+	class DiffieHelmanAssociator
+		include OpenID
+		def initialize(http_client)
+			@http_client = http_client
+		end
+		
+		# Returns modulus and generator for Diffie-Helman.
+		# Override this for non-default values.
+		def get_mod_gen()
+			return DEFAULT_DH_MODULUS, DEFAULT_DH_GEN
+		end
+		
+		# Establishes an association with an OpenID server, indicated by server_url.
+		# Returns a ConsumerAssociation.
+		def associate(server_url)
+			p, g = get_mod_gen()
+			private_key = (1 + rand(p-2))
+			dh_public = g.mod_exp(private_key, p)
+			args = {
+				'openid.mode' => 'associate',
+				'openid.assoc_type' => 'HMAC-SHA1',
+				'openid.session_type' => 'DH-SHA1',
+				'openid.dh_modulus' => Base64.encode64(p.to_btwoc).delete("\n"),
+				'openid.dh_gen' => Base64.encode64(g.to_btwoc).delete("\n"),
+				'openid.dh_consumer_public' => Base64.encode64(dh_public.to_btwoc).delete("\n")
+			}
+			body = url_encode(args)
+			url, data = @http_client.post(server_url, body)
+			now = Time.now.utc
+			# results are temporarily stored in an instance variable.
+			# I'd like to restructure to avoid this.
+			@results = parse_kv(data)
+			
+			assoc_type = get_result('assoc_type')
+			if assoc_type != 'HMAC-SHA1'
+				raise RuntimeError, "Unknown association type: #{assoc_type}", caller
+			end
+			
+			assoc_handle = get_result('assoc_handle')
+			issued = DateTime.strptime(get_result('issued')).to_time
+			expiry = DateTime.strptime(get_result('expiry')).to_time
+			
+			delta = now - issued
+			expiry = expiry + delta
+			
+			replace_after_s = @results['replace_after']
+			if replace_after_s
+				replace_after = DateTime.strptime(replace_after_s).to_time + delta
+			else
+				replace_after = nil
+			end
+			
+			session_type = @results['session_type']
+			if session_type
+				if session_type != 'DH-SHA1'
+					raise RuntimeError, "Unknown Session Type: #{session_type}", caller
+				end
+				dh_server_pub = from_btwoc(Base64.decode64(get_result('dh_server_public')))
+				enc_mac_key = get_result('enc_mac_key')
+				dh_shared = dh_server_pub.mod_exp(private_key, p)
+
+				secret = Base64.decode64(enc_mac_key) ^ Digest::SHA1.digest(dh_shared.to_btwoc)
+			else
+				secret = get_result('mac_key')
+			end
+			@results = nil
+			return ConsumerAssociation.new(server_url, assoc_handle, secret, expiry, replace_after)
+		end	
+	private
+		def get_result(key)
+			begin
+				return @results.fetch(key)
+			rescue IndexError
+				raise ProtocolError, "Association server response missing argument #{key}", caller
+			end
+		end
+	end #class DiffieHelmanAssociator
+		
+end #module OpenID

data/lib/openid/constants.rb

@@ -0,0 +1,5 @@
+module OpenID
+	SECRET_SIZES = {'HMAC-SHA1' => 20 }
+	DEFAULT_DH_MODULUS = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
+	DEFAULT_DH_GEN = 2
+end #module OpenID

data/lib/openid/consumer.rb

@@ -0,0 +1,207 @@
+require 'openid/errors'
+require 'openid/constants'
+require 'openid/util'
+
+require 'net/http'
+require 'uri'
+require 'open-uri'
+
+module OpenID
+	
+	def quote_minimal(s)
+		# TODO: implement? (Used by normalize_url's unicode handling in the python modules)
+		return s
+	end
+	# Strip whitespace off, and add http:// if http:// or https:// is not already
+	# present.
+	def normalize_url(url)
+		url.strip!
+		if (!url.index(/^http:\/\/|^https:\/\//))
+			url = 'http://' + url
+		end
+		
+		# TODO: Some unicode handling
+		# (Keeping in mind that ruby's unicode/string distinction is kinda nil so far)
+		
+		return url
+	end
+	
+	# Provides a very simple interface to get from and post to http servers
+	class SimpleHTTPClient
+		# Returns the the url which was retrieved, and the retrived data
+		# (data.base_uri, data)
+		def get(url)
+			uri = URI.parse(url)
+			begin
+				data = uri.read
+			ensure
+				if data
+					return data.base_uri, data
+				else
+					return nil, nil
+				end
+			end
+		end
+		# Takes the url to post body to.
+		# Returns the url retrieved, and the body of the response received.
+		def post(url, body)
+			uri = URI.parse(url)
+			response = nil
+			Net::HTTP.start(uri.host, uri.port) { |http|
+				response = http.post(uri.request_uri(), body)
+			}
+			# TODO: some error checking here
+			# TODO: return actually retrieved url
+			return url, response.body
+		end
+		
+	end #class SimpleHTTPClient
+	
+	class Consumer
+		include OpenID
+		# Takes an http_client and an association_manager. Will create some automatically if none are passed in.
+		def initialize(http_client = SimpleHTTPClient.new(), association_manager = DumbAssociationManager.new())
+			@http_client = http_client
+			@association_manager = association_manager
+		end
+		# Returns the url to redirect to or nil if no identity is found
+		def handle_request(url, return_to, trust_root = nil, immediate = false)
+			url = normalize_url(url)
+			
+			server_info = find_server(url)
+			return nil if server_info == nil
+			identity, server_url = server_info
+			redir_args = { 'openid.identity' => identity, 'openid.return_to' => return_to}
+			
+			redir_args['openid.trust_root'] = trust_root if trust_root
+			
+			if immediate
+				mode = 'checkid_immediate'
+			else
+				mode = 'checkid_setup'
+			end
+			
+			redir_args['openid.mode'] = mode
+			assoc_handle = @association_manager.associate(server_url)
+			if assoc_handle
+				redir_args['openid.assoc_handle'] = assoc_handle
+			end
+			
+			return append_args(server_url, redir_args).to_s
+		end
+		# Handles an OpenID GET request with openid.mode in the arguments. req should
+		# be a Request instance, properly initialized with the http arguments given,
+		# and the http method used to make the request. Returns the expiry time of
+		# the session as a Time.
+		#
+		# Will raise a ProtocolError if the http_method is not GET, or the request
+		# mode is unknown.
+		def handle_response(req)
+			if req.http_method != 'GET'
+				raise ProtocolError, "Expected HTTP Method 'GET', got #{req.http_method}", caller
+			end
+			begin
+				return __send__('do_' + req['mode'], req)
+			rescue NoMethodError
+				raise ProtocolError, "Unknown Mode: #{req['mode']}", caller
+			end
+		end
+		
+		def determine_server_url(req)
+			identity, server_url = find_server(req['identity'])
+			if req['identity'] != identity
+				raise ValueMismatchError, "ID URL #{req['identity']} seems to have moved: #{identity}", caller
+			end
+			return server_url
+		end
+		
+		# Returns identity_url, server_url or nil if no server is found.
+		def find_server(url)
+			identity, data = @http_client.get(url)
+			identity = identity.to_s
+			server = nil
+			delegate = nil
+			parse_link_attrs(data) { |link|
+				rel = link['rel']
+				if rel == 'openid.server' and server == nil
+					href = link['href']
+					server = href if href
+				end
+				if rel == 'openid.delegate' and delegate == nil
+					href = link['href']
+					delegate = href if href
+				end
+			}
+			return nil if !server
+			identity = delegate if delegate
+			return normalize_url(identity), normalize_url(server)
+		end
+		
+		def _dumb_auth(server_url, now, req)
+			if !verify_return_to(req)
+				raise ValueMismatchError, "return_to is not valid", caller
+			end
+			check_args = {}
+			req.args.each { |k, v| check_args[k] = v if k.index('openid.') == 0 }
+			check_args['openid.mode'] = 'check_authentication'
+			body = url_encode(check_args)
+			url, data = @http_client.post(server_url, body)
+			results = parse_kv(data)
+			lifetime = results['lifetime'].to_i
+			if lifetime
+				invalidate_handle = results['invalidate_handle']
+				if invalidate_handle
+					@association_manager.invalidate(server_url, invalidate_handle)
+				end
+				return now + lifetime
+			else
+				raise ValueMismatchError, 'Server failed to validate signature', caller
+			end
+		end
+		
+		def do_id_res(req)
+			now = Time.now
+			user_setup_url = req.get('user_setup_url')
+			raise UserSetupNeeded, user_setup_url, caller if user_setup_url
+			server_url = determine_server_url(req)
+			assoc = @association_manager.get_association(server_url, req['assoc_handle'])
+			if assoc == nil
+				return _dumb_auth(server_url, now, req)
+			end
+			sig = req.get('sig')
+			signed_fields = req.get('signed').strip.split(',')
+			signed, v_sig = sign_reply(req.args, assoc.secret, signed_fields)
+			if v_sig != sig
+				raise ValueMismatchError, "Signatures did not match: #{req.args}, #{v_sig}, #{assoc.secret}", caller
+			end
+			issued = DateTime.strptime(req.get('issued')).to_time
+			valid_to = [assoc.expiry, DateTime.strptime(req.get('valid_to')).to_time].min
+			return now + (valid_to - issued)
+		end
+		# Handle an error from the server
+		def do_error(req)
+			error = req.get('error')
+			if error
+				raise ProtocolError, "Server Response: #{error}", caller
+			else
+				raise ProtocolError, "Unspecified Server Error: #{req.args}", caller
+			end
+		end
+		
+		def do_cancel(req)
+			raise UserCancelled
+		end
+		
+		# This is called before the consumer makes a check_authentication call to the
+		# server. It can be used to verify that the request being authenticated
+		# is valid by confirming that the openid.return_to value signed by the server
+		# corresponds to this consumer. The full OpenID::Request object is passed in.
+		# Should return true if the return_to field corresponds to this consumer, 
+		# false otherwise. The default function performs no check and returns true.
+		def verify_return_to(req)
+			return true	
+		end	
+	end #class Consumer
+		
+		
+end #module OpenID

data/lib/openid/errors.rb

@@ -0,0 +1,25 @@
+
+module OpenID
+	
+	class ProtocolError < RuntimeError
+	end
+	
+	class AuthenticationError < RuntimeError
+	end
+	
+	class ValueMismatchError < RuntimeError
+	end
+	
+	class NoArgumentsError < RuntimeError
+	end
+	
+	class UserCancelled < RuntimeError
+	end
+	
+	class UserSetupNeeded < RuntimeError
+	end
+	
+	class NoOpenIDArgs < RuntimeError
+	end
+	
+end #module OpenID

data/lib/openid/interface.rb

@@ -0,0 +1,65 @@
+require 'openid/errors'
+
+module OpenID
+	# Response is a hash with a modified constructor to pretty things a little
+	class Response < Hash
+		# Takes a hash, which becomes the contents of the Response object	
+		def initialize(attr_hash)
+			update(attr_hash)
+		end
+	end #class Response
+	# Creates a Response object signaling a redirect to url.
+	def redirect(url)
+		return Response.new('code'=>302, 'redirect_url'=>url.to_s)
+	end
+	# Creates a response object signaling a plaintext response.
+	def response_page(body)
+		return Response.new('code'=>200, 'content_type'=>'text/plain', 'body'=>body)
+	end
+	# Creates a response object signaling a plaintext error.
+	def error_page(body)
+		return Response.new('code'=>400, 'content_type'=>'text/plain', 'body'=>body)
+	end
+	
+	# Request objects are used by both the consumer and server APIs to signal
+	# and represent various HTTP requests.
+	
+	class Request
+		attr_reader :args, :http_method, :authentication
+		attr_writer :args, :http_method
+		# args is a hash of HTTP arguments.
+		# http_method should be set to "POST" or "GET"
+		# authentication is an unused passthrough field that will remain attatched
+		# to the request.
+		# A NoOpenIDArgs exception will be raised if args contains no openid.*
+		# arguments.
+		def initialize(args, http_method, authentication=nil)
+			@args = args
+			@http_method = http_method.upcase
+			@authentication = authentication
+			
+			@args.each_key { |key|
+				return if key.index('openid.') == 0
+			}
+			raise NoOpenIDArgs
+		end
+		# The preferred method for getting OpenID args out of the request.
+		# Raises a ProtoclError if the argument does not exist.
+		def [](key)
+			result = get(key)
+			if result == nil
+				if key == 'trust_root'
+					return self['return_to']
+				else
+					raise ProtocolError, "Query argument #{key} not found", caller
+				end
+			end
+			return result
+		end
+		
+		def get(key, default=nil)
+			return @args.fetch('openid.' + key, default)
+		end
+	
+	end #class Request
+end #module OpenID

data/lib/openid/util.rb

@@ -0,0 +1,145 @@
+require 'cgi'
+require 'html/htmltokenizer'
+require 'base64'
+require 'digest/sha1'
+require 'hmac-sha1'
+
+# Functions convenient for cryptography
+
+module Crypto_math
+	# This code is taken from this post[http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/19098]
+	# by Eric Lee Green. x.mod_exp(n,q) returns x ** n % q
+	def mod_exp(n,q)
+		counter=0
+		n_p=n  # N 
+		y_p=1        # Y
+		z_p=self  # Z
+		while n_p != 0
+      		if n_p[0]==1
+				y_p=(y_p*z_p) % q
+      		end
+      		n_p = n_p >> 1  
+      		z_p = (z_p * z_p) % q
+      		counter += 1
+    	end
+    	return y_p
+	end
+end
+
+
+class Fixnum
+	include Crypto_math
+	# Returns a number in big endian two's complement notation, stored
+	# as a raw string.
+	def to_btwoc
+		bits = self.to_s(2)
+		prepend = (8 - bits.length % 8) || (bits.index(/^1/) ? 8 : 0)
+		bits = ('0' * prepend) + bits if prepend
+		return [bits].pack('B*')
+	end
+end
+
+class Bignum
+	include Crypto_math
+	# Returns a number in big endian two's complement notation, stored
+	# as a raw string.
+	def to_btwoc
+		bits = self.to_s(2)
+		prepend = (8 - bits.length % 8) || (bits.index(/^1/) ? 8 : 0)
+		bits = ('0' * prepend) + bits if prepend
+		return [bits].pack('B*')
+	end
+end
+
+class DateTime
+	# Converts to a UTC Time.
+	def to_time()
+		if offset == 0
+			return Time.gm(year, month, day, hour, min, sec)
+		else
+			utc = new_offset
+			return  Time.gm(utc.year, utc.month, utc.day, utc.hour, utc.min, utc.sec)
+		end
+	end
+end #class DateTime
+
+class String
+	# Bitwise-XOR two equal length strings.
+	# Raises an ArgumentError if strings are different length.
+	def ^(other)
+		raise ArgumentError, "Can't bitwise-XOR a String with a non-String" \
+			unless other.kind_of? String
+		raise ArgumentError, "Can't bitwise-XOR strings of different length" \
+			unless self.length == other.length
+		result = (0..self.length-1).collect { |i| self[i] ^ other[i] }
+		result.pack("C*")\
+	end
+end
+
+module OpenID	
+	# Takes all entries in a hash and combines and escapes them (using CGI::escape) into a single string.
+	def url_encode(query)
+		output = ''
+		query.each { |key, val|
+			output += CGI::escape(key.to_s) + '=' + CGI::escape(val.to_s) + '&'
+		}
+		output.chop!
+		return output
+	end
+	# Appends arguments in hash args to the existing url string
+	def append_args(url, args)
+		return url if args.empty?
+		return url + (url.include? '?' and '&' or '?') + url_encode(args)
+	end
+	# Converts a raw string containing a big endian two's complement number into a Fixnum or Bignum
+	def from_btwoc(str)
+		# Maybe this should be part of a btwoc class or something
+		str = "\000" * (4 - (str.length % 4)) + str
+		num = 0
+		str.unpack('N*').each { |x|
+			num <<= 32
+			num |= x
+		}
+		return num
+	end
+	# Parses an OpenID Key Value string(A new-line separated list containing key:value pairs).
+	# Returns a hash.
+	def parse_kv(d)
+		d.strip!
+		args = {}
+		d.split("\n").each { |line|
+			pair = line.split(':',2)
+			if pair.length == 2
+				k, v = pair
+				args[k.strip] = v.strip
+			end
+		}
+		return args
+	end
+	# Takes a string containing html, and yields the attributes of each link tags until a body tag is found.
+	def parse_link_attrs(data)
+		parser = HTMLTokenizer.new(data)
+		while el = parser.getTag('link', 'body')
+			if el.tag_name == 'link'
+				yield el.attr_hash
+			elsif el.tag_name == 'body'
+				return
+			end
+		end
+		
+	end
+	
+	# Generates a signature for a set of fields. reply is a hash containing the 
+	# data that was signed, key is the secret key, and signed_fields is an array 
+	# containing the names (in order) of the fields to be signed.
+	#	Returns the list of signed fields (comma separated) and the base64 encoded signature
+	def sign_reply(reply, key, signed_fields)
+		token = ''
+		signed_fields.each { |x|
+			token += x + ':' + reply['openid.' + x] + "\n"
+		}
+		d = Base64.encode64(HMAC::SHA1.digest(key,token)).delete("\n")
+		return signed_fields.join(','), d
+	end
+
+end #module OpenID

metadata

@@ -0,0 +1,48 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.8.10
+specification_version: 1
+name: openid
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+date: 2005-07-10
+summary: OpenID support for Ruby
+require_paths: 
+  - lib
+email: mmq@dekinai.com
+homepage: http://openid.rubyforge.org/
+rubyforge_project: openid
+description: "OpenID support for Ruby -- OpenID (http://openid.net) is a decentralized
+  identification system that allows users to prove they own a url. OpenID for Ruby
+  currently includes only consumer modules."
+autorequire: 
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+    - 
+      - ">"
+      - !ruby/object:Gem::Version 
+        version: 0.0.0
+  version: 
+platform: ruby
+authors: 
+  - Mark Quinn
+files: 
+  - lib/openid/consumer.rb
+  - lib/openid/util.rb
+  - lib/openid/association.rb
+  - lib/openid/errors.rb
+  - lib/openid/constants.rb
+  - lib/openid/interface.rb
+  - examples/httpconsumer.rb
+  - README
+  - COPYING
+test_files: []
+rdoc_options: []
+extra_rdoc_files: []
+executables: []
+extensions: []
+requirements: 
+  - "htmltokenizer, ruby-hmac"
+dependencies: []