Added a version of ISE Library URI modified to be compilable with compiler < 7.2

Fixed openid when redirection is involved
Fixed Openid Attribute Exchange implementation  (AX)
Added WSF_REQUEST.items_as_string_items: ... for convenience, and ease integration with other components (such as the new openid)

draft/library/security/openid/consumer/demo/application.e

@@ -86,13 +86,13 @@ feature {NONE} -- Initialization
 
 				if l_openid_mode.same_string ("id_res") then
 					o := new_openid_consumer (req)
-					create v.make_from_string (o, req.absolute_script_url (req.request_uri))
+					create v.make_from_items (o, req.items_as_string_items)
 					v.validate
 					if v.is_valid then
 						s.append ("<div>User authenticated</div>")
-						s.append ("<ul>Query")
+						s.append ("<ul>Request items")
 						across
-							req.query_parameters as c
+							req.items as c
 						loop
 							s.append ("<li>" + c.item.url_encoded_name + "=" + c.item.string_representation + "</li>")
 						end
@@ -140,9 +140,10 @@ feature {NONE} -- Initialization
 		do
 			create Result.make (req.absolute_script_url ("/openid"))
 
---			Result.ask_email (True)
-			Result.ask_nickname (False)
+			Result.ask_email (True)
+			Result.ask_all_info (False)
+--			Result.ask_nickname (False)
 --			Result.ask_fullname (False)
-			Result.ask_country (True)
+--			Result.ask_country (True)
 		end
 end

draft/library/security/openid/consumer/demo/demo-safe.ecf

@@ -12,12 +12,12 @@
 		</option>
 		<setting name="concurrency" value="thread"/>
 		<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
-		<library name="http" location="..\..\..\..\..\..\library\network\protocol\http\http-safe.ecf"/>
-		<library name="wsf_nino_connector" location="..\..\..\..\..\..\library\server\wsf\connector\nino-safe.ecf" readonly="false"/>
 		<library name="ewsgi" location="..\..\..\..\..\..\library\server\ewsgi\ewsgi-safe.ecf" readonly="false"/>
 		<library name="ewsgi_nino_connector" location="..\..\..\..\..\..\library\server\ewsgi\connectors\nino\nino-safe.ecf" readonly="false"/>
-		<library name="wsf" location="..\..\..\..\..\..\library\server\wsf\wsf-safe.ecf"/>
-		<library name="openid" location="../openid-safe.ecf" readonly="false"/>
+		<library name="http" location="..\..\..\..\..\..\library\network\protocol\http\http-safe.ecf"/>
+		<library name="openid" location="..\openid-safe.ecf" readonly="false"/>
+		<library name="wsf" location="..\..\..\..\..\..\library\server\wsf\wsf-safe.ecf" readonly="false"/>
+		<library name="wsf_nino_connector" location="..\..\..\..\..\..\library\server\wsf\connector\nino-safe.ecf" readonly="false"/>
 		<cluster name="src" location=".\" recursive="true"/>
 	</target>
 </system>

draft/library/security/openid/consumer/src/openid_consumer.e

@@ -47,7 +47,7 @@ feature -- Change
 			across
 				ax_to_sreg_map as c
 			loop
-				ask_info (c.item, is_required)
+				ask_info (c.key.to_string_32, is_required)
 			end
 		end
 
@@ -133,7 +133,7 @@ feature {OPENID_CONSUMER_VALIDATION} -- Implementation
 
 	discovering_info (id: READABLE_STRING_8): detachable OPENID_DISCOVER
 		local
-			cl: LIBCURL_HTTP_CLIENT
+
 			sess: HTTP_CLIENT_SESSION
 			ctx: detachable HTTP_CLIENT_REQUEST_CONTEXT
 			xrds_location: detachable READABLE_STRING_8
@@ -148,18 +148,17 @@ feature {OPENID_CONSUMER_VALIDATION} -- Implementation
 			r_version: INTEGER
 			l_xrds_content: detachable READABLE_STRING_8
 		do
-			create cl.make
-			sess := cl.new_session (id)
-			sess.set_is_insecure (True)
-			if attached sess.get ("", ctx) as rep then
+			sess := new_session (id)
+			if attached sess.head ("", ctx) as rep then
 				if rep.error_occurred then
 					report_error ("Unable get answer from openid provider at " + rep.url)
 				else
 					if
 						attached rep.header ("Content-Type") as l_content_type and then
-						l_content_type.has_substring ("application/xrds+xml")
+						l_content_type.has_substring ("application/xrds+xml") and then
+						attached sess.get ("", ctx) as l_getres
 					then
-						l_xrds_content := rep.body
+						l_xrds_content := l_getres.body
 					elseif attached rep.header ("X-XRDS-Location") as loc then
 						xrds_location := loc
 					else
@@ -168,8 +167,7 @@ feature {OPENID_CONSUMER_VALIDATION} -- Implementation
 				end
 			end
 			if l_xrds_content = Void and xrds_location /= Void then
-				sess := cl.new_session (xrds_location)
-				sess.set_is_insecure (True)
+				sess := new_session (xrds_location)
 				if attached sess.get ("", ctx) as rep then
 					if rep.error_occurred then
 						r_err := True
@@ -256,7 +254,6 @@ feature {OPENID_CONSUMER_VALIDATION} -- Implementation
 				Result.sreg_supported := r_sreg_supported
 				Result.identifier_select := r_identifier_select
 				Result.has_error := r_err
-
 			end
 		end
 
@@ -457,9 +454,9 @@ feature {NONE} -- Implementation
 			Result.force ("language", "pref/language")
 			Result.force ("timezone", "pref/timezone")
 
-			-- extension
-			Result.force ("firstname", "namePerson/first")
-			Result.force ("lastname", "namePerson/last")
+--			-- extension
+--			Result.force ("firstname", "namePerson/first")
+--			Result.force ("lastname", "namePerson/last")
 		end
 
 	ax_to_sreg (n: READABLE_STRING_8): detachable READABLE_STRING_8
@@ -495,6 +492,8 @@ feature {NONE} -- Implementation
 			has_error
 		end
 
+feature -- Helper		
+
 	xml_content (e: XML_ELEMENT): STRING_8
 		do
 			create Result.make_empty
@@ -507,4 +506,15 @@ feature {NONE} -- Implementation
 			end
 		end
 
+	new_session (a_uri: READABLE_STRING_8): HTTP_CLIENT_SESSION
+		local
+			cl: LIBCURL_HTTP_CLIENT
+		do
+			create cl.make
+			Result := cl.new_session (a_uri)
+			Result.set_is_insecure (True)
+			Result.set_max_redirects (5)
+			Result.add_header ("Accept", "application/xrds+xml, */*")
+		end
+
 end

draft/library/security/openid/consumer/src/openid_consumer_validation.e

@@ -8,25 +8,19 @@ class
 	OPENID_CONSUMER_VALIDATION
 
 create
-	make_from_uri,
-	make_from_string
+	make_from_items
 
 feature {NONE} -- Initialization
 
-	make_from_uri (o: OPENID_CONSUMER; a_uri: URI)
+	make_from_items (o: OPENID_CONSUMER; lst: like values)
 		do
 			openid := o
-			uri := a_uri
+			values := lst
 			return_url := o.return_url
 			create attributes.make (0)
 		end
 
-	make_from_string (o: OPENID_CONSUMER; a_uri: READABLE_STRING_8)
-		do
-			make_from_uri (o, create {URI}.make_from_string (a_uri))
-		end
-
-	uri: URI
+	values: detachable ITERABLE [TUPLE [name: READABLE_STRING_32; value: detachable READABLE_STRING_32]]
 
 	return_url: READABLE_STRING_8
 
@@ -45,7 +39,6 @@ feature -- Basic operation
 		local
 			l_claimed_id: detachable READABLE_STRING_8
 			tb: STRING_TABLE [detachable READABLE_STRING_32]
-			cl: LIBCURL_HTTP_CLIENT
 			ctx: detachable HTTP_CLIENT_REQUEST_CONTEXT
 			ret: URI
 			sess: HTTP_CLIENT_SESSION
@@ -53,7 +46,7 @@ feature -- Basic operation
 			is_valid := False
 			create ret.make_from_string (return_url)
 			create tb.make (5)
-			if attached uri.decoded_query_items as q_lst then
+			if attached values as q_lst then
 				if attached item_by_name ("openid.claimed_id", q_lst) as q_claimed_id then
 					l_claimed_id := q_claimed_id.as_string_8
 				elseif attached item_by_name ("openid.identity", q_lst) as l_id then
@@ -103,7 +96,6 @@ feature -- Basic operation
 						end
 
 						tb.force ("check_authentication", "openid.mode")
-						create cl.make
 						create ctx.make
 						across
 							tb as c
@@ -112,8 +104,7 @@ feature -- Basic operation
 								ctx.add_form_parameter (c.key.to_string_32, l_value)
 							end
 						end
-						sess := cl.new_session (d_info.server_uri)
-						sess.set_is_insecure (True)
+						sess := openid.new_session (d_info.server_uri)
 						if attached sess.post ("", ctx, Void) as res then
 							if res.error_occurred then
 							elseif attached {STRING} res.body as l_body then
@@ -128,7 +119,7 @@ feature -- Basic operation
 			end
 		end
 
-	get_attributes (lst: LIST [TUPLE [name: READABLE_STRING_32; value: detachable READABLE_STRING_32]])
+	get_attributes (lst: like values)
 		local
 			s: READABLE_STRING_32
 			sreg_keys: ARRAYED_LIST [READABLE_STRING_32]
@@ -139,14 +130,14 @@ feature -- Basic operation
 			get_ax_attributes (lst)
 		end
 
-	get_sreg_attributes (lst: LIST [TUPLE [name: READABLE_STRING_32; value: detachable READABLE_STRING_32]])
+	get_sreg_attributes (lst: like values)
 		local
 			s: READABLE_STRING_32
 			sreg_keys: ARRAYED_LIST [READABLE_STRING_32]
 		do
-			if attached item_by_name ("openid.signed", lst) as l_signed then
+			if lst /= Void and then attached item_by_name ("openid.signed", lst) as l_signed then
 					-- sreg attributes
-				create sreg_keys.make (3)
+				create sreg_keys.make (5)
 				across
 					l_signed.split (',') as c
 				loop
@@ -166,7 +157,7 @@ feature -- Basic operation
 			end
 		end
 
-	get_ax_attributes (lst: LIST [TUPLE [name: READABLE_STRING_32; value: detachable READABLE_STRING_32]])
+	get_ax_attributes (lst: like values)
 		local
 			s: READABLE_STRING_32
 			ax_keys: ARRAYED_LIST [READABLE_STRING_32]
@@ -174,38 +165,47 @@ feature -- Basic operation
 			k_value, k_type, k_count, k: STRING
 			i: INTEGER
 		do
-			if attached item_by_name ("openid.signed", lst) as l_signed then
+			if lst /= Void and then attached item_by_name ("openid.signed", lst) as l_signed then
 					-- ax attributes
 				across
 					l_signed.split (',') as c
 				loop
+					i := i + 1
 					s := c.item
 					if s.starts_with ("ns.") then
-						if attached item_by_name (s, lst) as v then
+						if attached item_by_name ("openid." + s, lst) as v then
 							if s.same_string ("ns.ax") and v.same_string ("http://openid.net/srv/ax/1.0") then
 								l_alias := "ax."
 							else
 								if v.same_string ("http://openid.net/srv/ax/1.0") then
-									l_alias := s.substring (("ns.").count, s.count) + "."
+									l_alias := s.substring (("ns.").count + 1, s.count) + "."
 								end
 							end
 						end
 					end
 				end
 				if l_alias /= Void then
-					create ax_keys.make (lst.count)
+					k_value := l_alias + "value."
+					k_type := l_alias + "type."
+					k_count := l_alias + "count."
+
+					create ax_keys.make (i)
 					across
 						l_signed.split (',') as c
 					loop
 						s := c.item
-						if s.starts_with (l_alias) then
+						if
+							s.starts_with (k_value)
+							or s.starts_with (k_type)
+						then
 							ax_keys.force ("openid." + s)
 						end
 					end
 
-					k_value := "openid." + l_alias + "value."
-					k_type := "openid." + l_alias + "type."
-					k_count := "openid." + l_alias + "count."
+					k_value := "openid." + k_value
+					k_type := "openid." + k_type
+					k_count := "openid." + k_count
+
 					across
 						ax_keys as c
 					loop
@@ -230,15 +230,15 @@ feature -- Basic operation
 								else
 									-- no alias !!!								
 								end
+--								attributes.force (v, k)
 							end
-							attributes.force (v, s.substring (5, s.count))
 						end
 					end
 				end
 			end
 		end
 
-	item_by_name (a_name: READABLE_STRING_32; lst: like {URI}.decoded_query_items): detachable READABLE_STRING_32
+	item_by_name (a_name: READABLE_STRING_32; lst: like values): detachable READABLE_STRING_32
 		local
 			l_found: BOOLEAN
 		do

draft/library/security/openid/consumer/tests/test_openid.e

@@ -24,7 +24,7 @@ feature
 				check o.error = Void end
 				get_openid_response_uri (l_url)
 				if attached openid_response_uri as u and then u.is_valid then
-					create v.make_from_uri (o, u)
+					create v.make_from_items (o, u.decoded_query_items)
 					v.validate
 					if v.is_valid then
 						print ("Succeed ...%N")