$session_type = 'plaintext';

    function fromQuery($unused_request)
    {
        return new Auth_OpenID_PlainTextServerSession();
    }

    function answer($secret)
    {
        return array('mac_key' => base64_encode($secret));
    }
}

class Auth_OpenID_DiffieHellmanServerSession {
    /**
     * An object that knows how to handle association requests with
     * the Diffie-Hellman session type.
     */

    var $session_type = 'DH-SHA1';

    function Auth_OpenID_DiffieHellmanServerSession($dh, $consumer_pubkey)
    {
        $this->dh = $dh;
        $this->consumer_pubkey = $consumer_pubkey;
    }

    function fromQuery($query)
    {
        $dh_modulus = Auth_OpenID::arrayGet($query, 'openid.dh_modulus');
        $dh_gen = Auth_OpenID::arrayGet($query, 'openid.dh_gen');

        if ((($dh_modulus === null) && ($dh_gen !== null)) ||
            (($dh_gen === null) && ($dh_modulus !== null))) {

            if ($dh_modulus === null) {
                $missing = 'modulus';
            } else {
                $missing = 'generator';
            }

            return new Auth_OpenID_ServerError(
                                'If non-default modulus or generator is '.
                                'supplied, both must be supplied.  Missing '.
                                $missing);
        }

        $lib =& Auth_OpenID_getMathLib();

        if ($dh_modulus || $dh_gen) {
            $dh_modulus = $lib->base64ToLong($dh_modulus);
            $dh_gen = $lib->base64ToLong($dh_gen);
            if ($lib->cmp($dh_modulus, 0) == 0 ||
                $lib->cmp($dh_gen, 0) == 0) {
                return new Auth_OpenID_ServerError(
                  $query, "Failed to parse dh_mod or dh_gen");
            }
            $dh = new Auth_OpenID_DiffieHellman($dh_modulus, $dh_gen);
        } else {
            $dh = new Auth_OpenID_DiffieHellman();
        }

        $consumer_pubkey = Auth_OpenID::arrayGet($query,
                                                 'openid.dh_consumer_public');
        if ($consumer_pubkey === null) {
            return new Auth_OpenID_ServerError(
                                  'Public key for DH-SHA1 session '.
                                  'not found in query');
        }

        $consumer_pubkey =
            $lib->base64ToLong($consumer_pubkey);

        if ($consumer_pubkey === false) {
            return new Auth_OpenID_ServerError($query,
                                       "dh_consumer_public is not base64");
        }

        return new Auth_OpenID_DiffieHellmanServerSession($dh,
                                                          $consumer_pubkey);
    }

    function answer($secret)
    {
        $lib =& Auth_OpenID_getMathLib();
        $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret);
        return array(
           'dh_server_public' =>
                $lib->longToBase64($this->dh->public),
           'enc_mac_key' => base64_encode($mac_key));
    }
}

/**
 * A request to associate with the server.
 *
 * @access private
 * @package OpenID
 */
class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
    var $mode = "associate";
    var $assoc_type = 'HMAC-SHA1';

    function Auth_OpenID_AssociateRequest(&$session)
    {
        $this->session =& $session;
    }

    function fromQuery($query)
    {
        global $_Auth_OpenID_OpenID_Prefix;

        $session_classes = array(
                 'DH-SHA1' => 'Auth_OpenID_DiffieHellmanServerSession',
                 null => 'Auth_OpenID_PlainTextServerSession');

        $session_type = null;

        if (array_key_exists($_Auth_OpenID_OpenID_Prefix . 'session_type',
                             $query)) {
            $session_type = $query[$_Auth_OpenID_OpenID_Prefix .
                                   'session_type'];
        }

        if (!array_key_exists($session_type, $session_classes)) {
            return new Auth_OpenID_ServerError($query,
                                    "Unknown session type $session_type");
        }

        $session_cls = $session_classes[$session_type];
        $session = call_user_func_array(array($session_cls, 'fromQuery'),
                                        array($query));

        if (($session === null) || (_isError($session))) {
            return new Auth_OpenID_ServerError($query,
                                     "Error parsing $session_type session");
        }

        return new Auth_OpenID_AssociateRequest($session);
    }

    function answer($assoc)
    {
        $ml =& Auth_OpenID_getMathLib();
        $response = new Auth_OpenID_ServerResponse($this);

        $response->fields = array('expires_in' => $assoc->getExpiresIn(),
                                  'assoc_type' => 'HMAC-SHA1',
                                  'assoc_handle' => $assoc->handle);

        $r = $this->session->answer($assoc->secret);
        foreach ($r as $k => $v) {
            $response->fields[$k] = $v;
        }

        if ($this->session->session_type != 'plaintext') {
            $response->fields['session_type'] = $this->session->session_type;
        }

        return $response;
    }
}

/**
 * A request to confirm the identity of a user.
 *
 * @access private
 * @package OpenID
 */
class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
    var $mode = "checkid_setup"; // or "checkid_immediate"
    var $immediate = false;
    var $trust_root = null;

    function make($query, $identity, $return_to, $trust_root = null,
                  $immediate = false, $assoc_handle = null)
    {
        if (!Auth_OpenID_TrustRoot::_parse($return_to)) {
            return new Auth_OpenID_MalformedReturnURL($query, $return_to);
        }

        $