diff --git a/bin/build-release.sh b/bin/build-release.sh
index 3e77c8841f429c8a8200cfbc91fbd3fcee5a174b..edcd7910e74b4f0e35b1277514703b80e72729e5 100755
--- a/bin/build-release.sh
+++ b/bin/build-release.sh
@@ -15,8 +15,6 @@ fi
 
 cd /tmp
 
-REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
-
 if [ -a "$TAG" ]; then
     echo "$0: Destination already exists: $TAG" >&2
     exit 1
@@ -24,7 +22,21 @@ fi
 
 umask 0022
 
+REPOPATH="http://simplesamlphp.googlecode.com/svn/tags/$TAG/"
+
 svn export "$REPOPATH"
+
+# Use composer only on newer versions that have a composer.json
+if [ -f "$TAG/composer.json" ]; then
+    if [ ! -x composer.phar ]; then
+        echo "$0: Composerfile detected, but Composer not installed?" >&2
+        exit 1
+    fi
+
+    # Install dependencies (without vcs history or dev tools)
+    php composer.phar install --no-dev --prefer-dist -o -d "$TAG"
+fi
+
 mkdir -p "$TAG/config" "$TAG/metadata"
 cp -rv "$TAG/config-templates/"* "$TAG/config/"
 cp -rv "$TAG/metadata-templates/"* "$TAG/metadata/"
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000000000000000000000000000000000000..0d635c87278d880c768f09009ef7058d7cd95975
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,50 @@
+{
+    "name": "simplesamlphp/simplesamlphp",
+    "description": "A PHP implementation of SAML 2.0 service provider and identity provider functionality. And is also compatible with Shibboleth 1.3 and 2.0.",
+    "type": "project",
+    "keywords": [ "saml2", "shibboleth","aselect","openid","oauth","ws-federation","sp","idp" ],
+    "homepage": "http://simplesamlphp.org",
+    "license": "LGPL-2.1",
+    "authors": [
+        {
+            "name": "Andreas Ă…kre Solberg",
+            "email": "andreas.solberg@uninett.no"
+        },
+        {
+            "name": "Olav Morken",
+            "email": "olav.morken@uninett.no"
+        }
+    ],
+    "autoload": {
+        "psr-0": {
+            "SimpleSAML_": "lib/"
+        },
+        "files": ["lib/_autoload_modules.php"]
+    },
+    "require": {
+        "php": ">=5.3.0",
+        "simplesamlphp/saml2": "0.2.0",
+        "openid/php-openid": "dev-master#ee669c6a9d4d95b58ecd9b6945627276807694fb as 2.2.2"
+    },
+    "support": {
+        "issues": "https://code.google.com/p/simplesamlphp/issues/list",
+        "source": "https://code.google.com/p/simplesamlphp"
+    },
+    "repositories": [
+        {
+            "type": "package",
+            "package": {
+                "name": "robrichards/xmlseclibs",
+                "version": "1.3.1",
+                "source": {
+                    "type": "svn",
+                    "url": "http://xmlseclibs.googlecode.com/svn",
+                    "reference": "trunk@50"
+                },
+                "autoload": {
+                    "files": ["xmlseclibs.php"]
+                }
+            }
+        }
+    ]
+}
diff --git a/composer.lock b/composer.lock
new file mode 100644
index 0000000000000000000000000000000000000000..92847032ea2faa21169c637bf7aa188ba5b260e7
--- /dev/null
+++ b/composer.lock
@@ -0,0 +1,225 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file"
+    ],
+    "hash": "608aa8b969b50e691e090388b39a33be",
+    "packages": [
+        {
+            "name": "openid/php-openid",
+            "version": "dev-master",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/openid/php-openid.git",
+                "reference": "ee669c6a9d4d95b58ecd9b6945627276807694fb"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/openid/php-openid/zipball/ee669c6a9d4d95b58ecd9b6945627276807694fb",
+                "reference": "ee669c6a9d4d95b58ecd9b6945627276807694fb",
+                "shasum": ""
+            },
+            "require": {
+                "ext-curl": "*",
+                "ext-dom": "*",
+                "ext-gmp": "*",
+                "php": ">=4.3"
+            },
+            "type": "library",
+            "autoload": {
+                "classmap": [
+                    "Auth"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "include-path": [
+                "."
+            ],
+            "license": [
+                "Apache-2.0"
+            ],
+            "authors": [
+                {
+                    "name": "JanRain Inc.",
+                    "homepage": "http://www.openidenabled.com"
+                }
+            ],
+            "description": "OpenID library for PHP5",
+            "homepage": "http://github.com/openid/php-openid",
+            "keywords": [
+                "Authentication",
+                "OpenId",
+                "auth",
+                "yadis"
+            ],
+            "time": "2013-10-03 21:21:20"
+        },
+        {
+            "name": "pimple/pimple",
+            "version": "v1.0.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/fabpot/Pimple.git",
+                "reference": "ae11e57e8c2bb414b2ff93396dbbfc0eb92feb94"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/fabpot/Pimple/zipball/ae11e57e8c2bb414b2ff93396dbbfc0eb92feb94",
+                "reference": "ae11e57e8c2bb414b2ff93396dbbfc0eb92feb94",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-0": {
+                    "Pimple": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Potencier",
+                    "email": "fabien@symfony.com"
+                }
+            ],
+            "description": "Pimple is a simple Dependency Injection Container for PHP 5.3",
+            "homepage": "http://pimple.sensiolabs.org",
+            "keywords": [
+                "container",
+                "dependency injection"
+            ],
+            "time": "2013-03-08 08:21:40"
+        },
+        {
+            "name": "psr/log",
+            "version": "1.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/log.git",
+                "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/fe0936ee26643249e916849d48e3a51d5f5e278b",
+                "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b",
+                "shasum": ""
+            },
+            "type": "library",
+            "autoload": {
+                "psr-0": {
+                    "Psr\\Log\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for logging libraries",
+            "keywords": [
+                "log",
+                "psr",
+                "psr-3"
+            ],
+            "time": "2012-12-21 11:40:51"
+        },
+        {
+            "name": "robrichards/xmlseclibs",
+            "version": "1.3.1",
+            "source": {
+                "type": "svn",
+                "url": "http://xmlseclibs.googlecode.com/svn",
+                "reference": "trunk@50"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "xmlseclibs.php"
+                ]
+            }
+        },
+        {
+            "name": "simplesamlphp/saml2",
+            "version": "v0.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/simplesamlphp/saml2.git",
+                "reference": "d4b833edc6fcbd6948e79eacdfee1b6c257691b7"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/d4b833edc6fcbd6948e79eacdfee1b6c257691b7",
+                "reference": "d4b833edc6fcbd6948e79eacdfee1b6c257691b7",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "ext-openssl": "*",
+                "php": ">=5.3.3",
+                "psr/log": "1.0.0",
+                "robrichards/xmlseclibs": "1.3.*"
+            },
+            "require-dev": {
+                "phpmd/phpmd": "~1.5",
+                "phpunit/phpunit": "~3.7",
+                "sebastian/phpcpd": "~1.4",
+                "sensiolabs/security-checker": "~1.1",
+                "squizlabs/php_codesniffer": "~1.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-0": {
+                    "SAML2_": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-2.1"
+            ],
+            "authors": [
+                {
+                    "name": "Andreas Ă…kre Solberg",
+                    "email": "andreas.solberg@uninett.no"
+                }
+            ],
+            "description": "SAML2 PHP library from SimpleSAMLphp",
+            "time": "2013-11-12 15:07:13"
+        }
+    ],
+    "packages-dev": [
+
+    ],
+    "aliases": [
+        {
+            "alias": "2.2.2",
+            "alias_normalized": "2.2.2.0",
+            "version": "9999999-dev",
+            "package": "openid/php-openid"
+        }
+    ],
+    "minimum-stability": "stable",
+    "stability-flags": {
+        "openid/php-openid": 20
+    },
+    "platform": {
+        "php": ">=5.3.0"
+    },
+    "platform-dev": [
+
+    ]
+}
diff --git a/docs/simplesamlphp-subversion.txt b/docs/simplesamlphp-subversion.txt
index 395e814da1ede9c57195ae5272d2cb10dca9cf30..840677df7bbae8b99a6d76ed1358bfe19d8ec77a 100644
--- a/docs/simplesamlphp-subversion.txt
+++ b/docs/simplesamlphp-subversion.txt
@@ -20,6 +20,10 @@ Initialize configuration and metadata:
     cp -r config-templates/* config/
     cp -r metadata-templates/* metadata/
 
+Install the external dependencies with Composer (http://getcomposer.org/):
+
+    php composer.phar install
+
 
 Upgrading
 ---------
@@ -29,3 +33,6 @@ Go to the root directory of your simpleSAMLphp installation:
 
 Ask subversion to update to the latest version:
     svn update
+
+Install the external dependencies with Composer (http://getcomposer.org/):
+    php composer.phar install
diff --git a/lib/Auth/OpenID.php b/lib/Auth/OpenID.php
deleted file mode 100644
index c9d9779624dd13096f4ccc2dfc13c7aae623383b..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID.php
+++ /dev/null
@@ -1,563 +0,0 @@
-<?php
-
-/**
- * This is the PHP OpenID library by JanRain, Inc.
- *
- * This module contains core utility functionality used by the
- * library.  See Consumer.php and Server.php for the consumer and
- * server implementations.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * The library version string
- */
-define('Auth_OpenID_VERSION', '2.2.2');
-
-/**
- * Require the fetcher code.
- */
-require_once "Auth/Yadis/PlainHTTPFetcher.php";
-require_once "Auth/Yadis/ParanoidHTTPFetcher.php";
-require_once "Auth/OpenID/BigMath.php";
-require_once "Auth/OpenID/URINorm.php";
-
-/**
- * Status code returned by the server when the only option is to show
- * an error page, since we do not have enough information to redirect
- * back to the consumer. The associated value is an error message that
- * should be displayed on an HTML error page.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_LOCAL_ERROR', 'local_error');
-
-/**
- * Status code returned when there is an error to return in key-value
- * form to the consumer. The caller should return a 400 Bad Request
- * response with content-type text/plain and the value as the body.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_REMOTE_ERROR', 'remote_error');
-
-/**
- * Status code returned when there is a key-value form OK response to
- * the consumer. The value associated with this code is the
- * response. The caller should return a 200 OK response with
- * content-type text/plain and the value as the body.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_REMOTE_OK', 'remote_ok');
-
-/**
- * Status code returned when there is a redirect back to the
- * consumer. The value is the URL to redirect back to. The caller
- * should return a 302 Found redirect with a Location: header
- * containing the URL.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_REDIRECT', 'redirect');
-
-/**
- * Status code returned when the caller needs to authenticate the
- * user. The associated value is a {@link Auth_OpenID_ServerRequest}
- * object that can be used to complete the authentication. If the user
- * has taken some authentication action, use the retry() method of the
- * {@link Auth_OpenID_ServerRequest} object to complete the request.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_DO_AUTH', 'do_auth');
-
-/**
- * Status code returned when there were no OpenID arguments
- * passed. This code indicates that the caller should return a 200 OK
- * response and display an HTML page that says that this is an OpenID
- * server endpoint.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_DO_ABOUT', 'do_about');
-
-/**
- * Defines for regexes and format checking.
- */
-define('Auth_OpenID_letters',
-       "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
-
-define('Auth_OpenID_digits',
-       "0123456789");
-
-define('Auth_OpenID_punct',
-       "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
-
-Auth_OpenID_include_init();
-
-/**
- * The OpenID utility function class.
- *
- * @package OpenID
- * @access private
- */
-class Auth_OpenID {
-
-    /**
-     * Return true if $thing is an Auth_OpenID_FailureResponse object;
-     * false if not.
-     *
-     * @access private
-     */
-    static function isFailure($thing)
-    {
-        return is_a($thing, 'Auth_OpenID_FailureResponse');
-    }
-
-    /**
-     * Gets the query data from the server environment based on the
-     * request method used.  If GET was used, this looks at
-     * $_SERVER['QUERY_STRING'] directly.  If POST was used, this
-     * fetches data from the special php://input file stream.
-     *
-     * Returns an associative array of the query arguments.
-     *
-     * Skips invalid key/value pairs (i.e. keys with no '=value'
-     * portion).
-     *
-     * Returns an empty array if neither GET nor POST was used, or if
-     * POST was used but php://input cannot be opened.
-     *
-     * See background:
-     * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html
-     *
-     * @access private
-     */
-    static function getQuery($query_str=null)
-    {
-        $data = array();
-
-        if ($query_str !== null) {
-            $data = Auth_OpenID::params_from_string($query_str);
-        } else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {
-            // Do nothing.
-        } else {
-          // XXX HACK FIXME HORRIBLE.
-          //
-          // POSTing to a URL with query parameters is acceptable, but
-          // we don't have a clean way to distinguish those parameters
-          // when we need to do things like return_to verification
-          // which only want to look at one kind of parameter.  We're
-          // going to emulate the behavior of some other environments
-          // by defaulting to GET and overwriting with POST if POST
-          // data is available.
-          $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']);
-
-          if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-            $str = file_get_contents('php://input');
-
-            if ($str === false) {
-              $post = array();
-            } else {
-              $post = Auth_OpenID::params_from_string($str);
-            }
-
-            $data = array_merge($data, $post);
-          }
-        }
-
-        return $data;
-    }
-
-    static function params_from_string($str)
-    {
-        $chunks = explode("&", $str);
-
-        $data = array();
-        foreach ($chunks as $chunk) {
-            $parts = explode("=", $chunk, 2);
-
-            if (count($parts) != 2) {
-                continue;
-            }
-
-            list($k, $v) = $parts;
-            $data[urldecode($k)] = urldecode($v);
-        }
-
-        return $data;
-    }
-
-    /**
-     * Create dir_name as a directory if it does not exist. If it
-     * exists, make sure that it is, in fact, a directory.  Returns
-     * true if the operation succeeded; false if not.
-     *
-     * @access private
-     */
-    static function ensureDir($dir_name)
-    {
-        if (is_dir($dir_name) || @mkdir($dir_name)) {
-            return true;
-        } else {
-            $parent_dir = dirname($dir_name);
-
-            // Terminal case; there is no parent directory to create.
-            if ($parent_dir == $dir_name) {
-                return true;
-            }
-
-            return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name));
-        }
-    }
-
-    /**
-     * Adds a string prefix to all values of an array.  Returns a new
-     * array containing the prefixed values.
-     *
-     * @access private
-     */
-    static function addPrefix($values, $prefix)
-    {
-        $new_values = array();
-        foreach ($values as $s) {
-            $new_values[] = $prefix . $s;
-        }
-        return $new_values;
-    }
-
-    /**
-     * Convenience function for getting array values.  Given an array
-     * $arr and a key $key, get the corresponding value from the array
-     * or return $default if the key is absent.
-     *
-     * @access private
-     */
-    static function arrayGet($arr, $key, $fallback = null)
-    {
-        if (is_array($arr)) {
-            if (array_key_exists($key, $arr)) {
-                return $arr[$key];
-            } else {
-                return $fallback;
-            }
-        } else {
-            trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " .
-                          "array as first parameter, got " .
-                          gettype($arr), E_USER_WARNING);
-
-            return false;
-        }
-    }
-
-    /**
-     * Replacement for PHP's broken parse_str.
-     */
-    static function parse_str($query)
-    {
-        if ($query === null) {
-            return null;
-        }
-
-        $parts = explode('&', $query);
-
-        $new_parts = array();
-        for ($i = 0; $i < count($parts); $i++) {
-            $pair = explode('=', $parts[$i]);
-
-            if (count($pair) != 2) {
-                continue;
-            }
-
-            list($key, $value) = $pair;
-            $new_parts[urldecode($key)] = urldecode($value);
-        }
-
-        return $new_parts;
-    }
-
-    /**
-     * Implements the PHP 5 'http_build_query' functionality.
-     *
-     * @access private
-     * @param array $data Either an array key/value pairs or an array
-     * of arrays, each of which holding two values: a key and a value,
-     * sequentially.
-     * @return string $result The result of url-encoding the key/value
-     * pairs from $data into a URL query string
-     * (e.g. "username=bob&id=56").
-     */
-    static function httpBuildQuery($data)
-    {
-        $pairs = array();
-        foreach ($data as $key => $value) {
-            if (is_array($value)) {
-                $pairs[] = urlencode($value[0])."=".urlencode($value[1]);
-            } else {
-                $pairs[] = urlencode($key)."=".urlencode($value);
-            }
-        }
-        return implode("&", $pairs);
-    }
-
-    /**
-     * "Appends" query arguments onto a URL.  The URL may or may not
-     * already have arguments (following a question mark).
-     *
-     * @access private
-     * @param string $url A URL, which may or may not already have
-     * arguments.
-     * @param array $args Either an array key/value pairs or an array of
-     * arrays, each of which holding two values: a key and a value,
-     * sequentially.  If $args is an ordinary key/value array, the
-     * parameters will be added to the URL in sorted alphabetical order;
-     * if $args is an array of arrays, their order will be preserved.
-     * @return string $url The original URL with the new parameters added.
-     *
-     */
-    static function appendArgs($url, $args)
-    {
-        if (count($args) == 0) {
-            return $url;
-        }
-
-        // Non-empty array; if it is an array of arrays, use
-        // multisort; otherwise use sort.
-        if (array_key_exists(0, $args) &&
-            is_array($args[0])) {
-            // Do nothing here.
-        } else {
-            $keys = array_keys($args);
-            sort($keys);
-            $new_args = array();
-            foreach ($keys as $key) {
-                $new_args[] = array($key, $args[$key]);
-            }
-            $args = $new_args;
-        }
-
-        $sep = '?';
-        if (strpos($url, '?') !== false) {
-            $sep = '&';
-        }
-
-        return $url . $sep . Auth_OpenID::httpBuildQuery($args);
-    }
-
-    /**
-     * Implements python's urlunparse, which is not available in PHP.
-     * Given the specified components of a URL, this function rebuilds
-     * and returns the URL.
-     *
-     * @access private
-     * @param string $scheme The scheme (e.g. 'http').  Defaults to 'http'.
-     * @param string $host The host.  Required.
-     * @param string $port The port.
-     * @param string $path The path.
-     * @param string $query The query.
-     * @param string $fragment The fragment.
-     * @return string $url The URL resulting from assembling the
-     * specified components.
-     */
-    static function urlunparse($scheme, $host, $port = null, $path = '/',
-                        $query = '', $fragment = '')
-    {
-
-        if (!$scheme) {
-            $scheme = 'http';
-        }
-
-        if (!$host) {
-            return false;
-        }
-
-        if (!$path) {
-            $path = '';
-        }
-
-        $result = $scheme . "://" . $host;
-
-        if ($port) {
-            $result .= ":" . $port;
-        }
-
-        $result .= $path;
-
-        if ($query) {
-            $result .= "?" . $query;
-        }
-
-        if ($fragment) {
-            $result .= "#" . $fragment;
-        }
-
-        return $result;
-    }
-
-    /**
-     * Given a URL, this "normalizes" it by adding a trailing slash
-     * and / or a leading http:// scheme where necessary.  Returns
-     * null if the original URL is malformed and cannot be normalized.
-     *
-     * @access private
-     * @param string $url The URL to be normalized.
-     * @return mixed $new_url The URL after normalization, or null if
-     * $url was malformed.
-     */
-    static function normalizeUrl($url)
-    {
-        @$parsed = parse_url($url);
-
-        if (!$parsed) {
-            return null;
-        }
-
-        if (isset($parsed['scheme']) &&
-            isset($parsed['host'])) {
-            $scheme = strtolower($parsed['scheme']);
-            if (!in_array($scheme, array('http', 'https'))) {
-                return null;
-            }
-        } else {
-            $url = 'http://' . $url;
-        }
-
-        $normalized = Auth_OpenID_urinorm($url);
-        if ($normalized === null) {
-            return null;
-        }
-        list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);
-        return $defragged;
-    }
-
-    /**
-     * Replacement (wrapper) for PHP's intval() because it's broken.
-     *
-     * @access private
-     */
-    static function intval($value)
-    {
-        $re = "/^\\d+$/";
-
-        if (!preg_match($re, $value)) {
-            return false;
-        }
-
-        return intval($value);
-    }
-
-    /**
-     * Count the number of bytes in a string independently of
-     * multibyte support conditions.
-     *
-     * @param string $str The string of bytes to count.
-     * @return int The number of bytes in $str.
-     */
-    static function bytes($str)
-    {
-        return strlen(bin2hex($str)) / 2;
-    }
-
-    /**
-     * Get the bytes in a string independently of multibyte support
-     * conditions.
-     */
-    static function toBytes($str)
-    {
-        $hex = bin2hex($str);
-
-        if (!$hex) {
-            return array();
-        }
-
-        $b = array();
-        for ($i = 0; $i < strlen($hex); $i += 2) {
-            $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));
-        }
-
-        return $b;
-    }
-
-    static function urldefrag($url)
-    {
-        $parts = explode("#", $url, 2);
-
-        if (count($parts) == 1) {
-            return array($parts[0], "");
-        } else {
-            return $parts;
-        }
-    }
-
-    static function filter($callback, &$sequence)
-    {
-        $result = array();
-
-        foreach ($sequence as $item) {
-            if (call_user_func_array($callback, array($item))) {
-                $result[] = $item;
-            }
-        }
-
-        return $result;
-    }
-
-    static function update(&$dest, &$src)
-    {
-        foreach ($src as $k => $v) {
-            $dest[$k] = $v;
-        }
-    }
-
-    /**
-     * Wrap PHP's standard error_log functionality.  Use this to
-     * perform all logging. It will interpolate any additional
-     * arguments into the format string before logging.
-     *
-     * @param string $format_string The sprintf format for the message
-     */
-    static function log($format_string)
-    {
-        $args = func_get_args();
-        $message = call_user_func_array('sprintf', $args);
-        error_log($message);
-    }
-
-    static function autoSubmitHTML($form, $title="OpenId transaction in progress")
-    {
-        return("<html>".
-               "<head><title>".
-               $title .
-               "</title></head>".
-               "<body onload='document.forms[0].submit();'>".
-               $form .
-               "<script>".
-               "var elements = document.forms[0].elements;".
-               "for (var i = 0; i < elements.length; i++) {".
-               "  elements[i].style.display = \"none\";".
-               "}".
-               "</script>".
-               "</body>".
-               "</html>");
-    }
-}
-
-/*
- * Function to run when this file is included.
- * Abstracted to a function to make life easier
- * for some PHP optimizers.
- */
-function Auth_OpenID_include_init() {
-  if (Auth_OpenID_getMathLib() === null) {
-    Auth_OpenID_setNoMathSupport();
-  }
-}
diff --git a/lib/Auth/OpenID/AX.php b/lib/Auth/OpenID/AX.php
deleted file mode 100644
index 7370715e3a016ad11d19a18a14bb665996728bbc..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/AX.php
+++ /dev/null
@@ -1,1022 +0,0 @@
-<?php
-
-/**
- * Implements the OpenID attribute exchange specification, version 1.0
- * as of svn revision 370 from openid.net svn.
- *
- * @package OpenID
- */
-
-/**
- * Require utility classes and functions for the consumer.
- */
-require_once "Auth/OpenID/Extension.php";
-require_once "Auth/OpenID/Message.php";
-require_once "Auth/OpenID/TrustRoot.php";
-
-define('Auth_OpenID_AX_NS_URI',
-       'http://openid.net/srv/ax/1.0');
-
-// Use this as the 'count' value for an attribute in a FetchRequest to
-// ask for as many values as the OP can provide.
-define('Auth_OpenID_AX_UNLIMITED_VALUES', 'unlimited');
-
-// Minimum supported alias length in characters.  Here for
-// completeness.
-define('Auth_OpenID_AX_MINIMUM_SUPPORTED_ALIAS_LENGTH', 32);
-
-/**
- * AX utility class.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX {
-    /**
-     * @param mixed $thing Any object which may be an
-     * Auth_OpenID_AX_Error object.
-     *
-     * @return bool true if $thing is an Auth_OpenID_AX_Error; false
-     * if not.
-     */
-    static function isError($thing)
-    {
-        return is_a($thing, 'Auth_OpenID_AX_Error');
-    }
-}
-
-/**
- * Check an alias for invalid characters; raise AXError if any are
- * found.  Return None if the alias is valid.
- */
-function Auth_OpenID_AX_checkAlias($alias)
-{
-  if (strpos($alias, ',') !== false) {
-      return new Auth_OpenID_AX_Error(sprintf(
-                   "Alias %s must not contain comma", $alias));
-  }
-  if (strpos($alias, '.') !== false) {
-      return new Auth_OpenID_AX_Error(sprintf(
-                   "Alias %s must not contain period", $alias));
-  }
-
-  return true;
-}
-
-/**
- * Results from data that does not meet the attribute exchange 1.0
- * specification
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_Error {
-    function Auth_OpenID_AX_Error($message=null)
-    {
-        $this->message = $message;
-    }
-}
-
-/**
- * Abstract class containing common code for attribute exchange
- * messages.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_Message extends Auth_OpenID_Extension {
-    /**
-     * ns_alias: The preferred namespace alias for attribute exchange
-     * messages
-     */
-    var $ns_alias = 'ax';
-
-    /**
-     * mode: The type of this attribute exchange message. This must be
-     * overridden in subclasses.
-     */
-    var $mode = null;
-
-    var $ns_uri = Auth_OpenID_AX_NS_URI;
-
-    /**
-     * Return Auth_OpenID_AX_Error if the mode in the attribute
-     * exchange arguments does not match what is expected for this
-     * class; true otherwise.
-     *
-     * @access private
-     */
-    function _checkMode($ax_args)
-    {
-        $mode = Auth_OpenID::arrayGet($ax_args, 'mode');
-        if ($mode != $this->mode) {
-            return new Auth_OpenID_AX_Error(
-                            sprintf(
-                                    "Expected mode '%s'; got '%s'",
-                                    $this->mode, $mode));
-        }
-
-        return true;
-    }
-
-    /**
-     * Return a set of attribute exchange arguments containing the
-     * basic information that must be in every attribute exchange
-     * message.
-     *
-     * @access private
-     */
-    function _newArgs()
-    {
-        return array('mode' => $this->mode);
-    }
-}
-
-/**
- * Represents a single attribute in an attribute exchange
- * request. This should be added to an AXRequest object in order to
- * request the attribute.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_AttrInfo {
-    /**
-     * Construct an attribute information object.  Do not call this
-     * directly; call make(...) instead.
-     *
-     * @param string $type_uri The type URI for this attribute.
-     *
-     * @param int $count The number of values of this type to request.
-     *
-     * @param bool $required Whether the attribute will be marked as
-     * required in the request.
-     *
-     * @param string $alias The name that should be given to this
-     * attribute in the request.
-     */
-    function Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
-                                     $alias)
-    {
-        /**
-         * required: Whether the attribute will be marked as required
-         * when presented to the subject of the attribute exchange
-         * request.
-         */
-        $this->required = $required;
-
-        /**
-         * count: How many values of this type to request from the
-         * subject. Defaults to one.
-         */
-        $this->count = $count;
-
-        /**
-         * type_uri: The identifier that determines what the attribute
-         * represents and how it is serialized. For example, one type
-         * URI representing dates could represent a Unix timestamp in
-         * base 10 and another could represent a human-readable
-         * string.
-         */
-        $this->type_uri = $type_uri;
-
-        /**
-         * alias: The name that should be given to this attribute in
-         * the request. If it is not supplied, a generic name will be
-         * assigned. For example, if you want to call a Unix timestamp
-         * value 'tstamp', set its alias to that value. If two
-         * attributes in the same message request to use the same
-         * alias, the request will fail to be generated.
-         */
-        $this->alias = $alias;
-    }
-
-    /**
-     * Construct an attribute information object.  For parameter
-     * details, see the constructor.
-     */
-    static function make($type_uri, $count=1, $required=false,
-                  $alias=null)
-    {
-        if ($alias !== null) {
-            $result = Auth_OpenID_AX_checkAlias($alias);
-
-            if (Auth_OpenID_AX::isError($result)) {
-                return $result;
-            }
-        }
-
-        return new Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
-                                           $alias);
-    }
-
-    /**
-     * When processing a request for this attribute, the OP should
-     * call this method to determine whether all available attribute
-     * values were requested.  If self.count == UNLIMITED_VALUES, this
-     * returns True.  Otherwise this returns False, in which case
-     * self.count is an integer.
-    */
-    function wantsUnlimitedValues()
-    {
-        return $this->count === Auth_OpenID_AX_UNLIMITED_VALUES;
-    }
-}
-
-/**
- * Given a namespace mapping and a string containing a comma-separated
- * list of namespace aliases, return a list of type URIs that
- * correspond to those aliases.
- *
- * @param $namespace_map The mapping from namespace URI to alias
- * @param $alias_list_s The string containing the comma-separated
- * list of aliases. May also be None for convenience.
- *
- * @return $seq The list of namespace URIs that corresponds to the
- * supplied list of aliases. If the string was zero-length or None, an
- * empty list will be returned.
- *
- * return null If an alias is present in the list of aliases but
- * is not present in the namespace map.
- */
-function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
-{
-    $uris = array();
-
-    if ($alias_list_s) {
-        foreach (explode(',', $alias_list_s) as $alias) {
-            $type_uri = $namespace_map->getNamespaceURI($alias);
-            if ($type_uri === null) {
-                // raise KeyError(
-                // 'No type is defined for attribute name %r' % (alias,))
-                return new Auth_OpenID_AX_Error(
-                  sprintf('No type is defined for attribute name %s',
-                          $alias)
-                  );
-            } else {
-                $uris[] = $type_uri;
-            }
-        }
-    }
-
-    return $uris;
-}
-
-/**
- * An attribute exchange 'fetch_request' message. This message is sent
- * by a relying party when it wishes to obtain attributes about the
- * subject of an OpenID authentication request.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
-
-    var $mode = 'fetch_request';
-
-    function Auth_OpenID_AX_FetchRequest($update_url=null)
-    {
-        /**
-         * requested_attributes: The attributes that have been
-         * requested thus far, indexed by the type URI.
-         */
-        $this->requested_attributes = array();
-
-        /**
-         * update_url: A URL that will accept responses for this
-         * attribute exchange request, even in the absence of the user
-         * who made this request.
-        */
-        $this->update_url = $update_url;
-    }
-
-    /**
-     * Add an attribute to this attribute exchange request.
-     *
-     * @param attribute: The attribute that is being requested
-     * @return true on success, false when the requested attribute is
-     * already present in this fetch request.
-     */
-    function add($attribute)
-    {
-        if ($this->contains($attribute->type_uri)) {
-            return new Auth_OpenID_AX_Error(
-              sprintf("The attribute %s has already been requested",
-                      $attribute->type_uri));
-        }
-
-        $this->requested_attributes[$attribute->type_uri] = $attribute;
-
-        return true;
-    }
-
-    /**
-     * Get the serialized form of this attribute fetch request.
-     *
-     * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters
-     */
-    function getExtensionArgs()
-    {
-        $aliases = new Auth_OpenID_NamespaceMap();
-
-        $required = array();
-        $if_available = array();
-
-        $ax_args = $this->_newArgs();
-
-        foreach ($this->requested_attributes as $type_uri => $attribute) {
-            if ($attribute->alias === null) {
-                $alias = $aliases->add($type_uri);
-            } else {
-                $alias = $aliases->addAlias($type_uri, $attribute->alias);
-
-                if ($alias === null) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("Could not add alias %s for URI %s",
-                              $attribute->alias, $type_uri
-                      ));
-                }
-            }
-
-            if ($attribute->required) {
-                $required[] = $alias;
-            } else {
-                $if_available[] = $alias;
-            }
-
-            if ($attribute->count != 1) {
-                $ax_args['count.' . $alias] = strval($attribute->count);
-            }
-
-            $ax_args['type.' . $alias] = $type_uri;
-        }
-
-        if ($required) {
-            $ax_args['required'] = implode(',', $required);
-        }
-
-        if ($if_available) {
-            $ax_args['if_available'] = implode(',', $if_available);
-        }
-
-        return $ax_args;
-    }
-
-    /**
-     * Get the type URIs for all attributes that have been marked as
-     * required.
-     *
-     * @return A list of the type URIs for attributes that have been
-     * marked as required.
-     */
-    function getRequiredAttrs()
-    {
-        $required = array();
-        foreach ($this->requested_attributes as $type_uri => $attribute) {
-            if ($attribute->required) {
-                $required[] = $type_uri;
-            }
-        }
-
-        return $required;
-    }
-
-    /**
-     * Extract a FetchRequest from an OpenID message
-     *
-     * @param request: The OpenID request containing the attribute
-     * fetch request
-     *
-     * @returns mixed An Auth_OpenID_AX_Error or the
-     * Auth_OpenID_AX_FetchRequest extracted from the request message if
-     * successful
-     */
-    static function fromOpenIDRequest($request)
-    {
-        $m = $request->message;
-        $obj = new Auth_OpenID_AX_FetchRequest();
-        $ax_args = $m->getArgs($obj->ns_uri);
-
-        $result = $obj->parseExtensionArgs($ax_args);
-
-        if (Auth_OpenID_AX::isError($result)) {
-            return $result;
-        }
-
-        if ($obj->update_url) {
-            // Update URL must match the openid.realm of the
-            // underlying OpenID 2 message.
-            $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm',
-                        $m->getArg(
-                                  Auth_OpenID_OPENID_NS,
-                                  'return_to'));
-
-            if (!$realm) {
-                $obj = new Auth_OpenID_AX_Error(
-                  sprintf("Cannot validate update_url %s " .
-                          "against absent realm", $obj->update_url));
-            } else if (!Auth_OpenID_TrustRoot::match($realm,
-                                                     $obj->update_url)) {
-                $obj = new Auth_OpenID_AX_Error(
-                  sprintf("Update URL %s failed validation against realm %s",
-                          $obj->update_url, $realm));
-            }
-        }
-
-        return $obj;
-    }
-
-    /**
-     * Given attribute exchange arguments, populate this FetchRequest.
-     *
-     * @return $result Auth_OpenID_AX_Error if the data to be parsed
-     * does not follow the attribute exchange specification. At least
-     * when 'if_available' or 'required' is not specified for a
-     * particular attribute type.  Returns true otherwise.
-    */
-    function parseExtensionArgs($ax_args)
-    {
-        $result = $this->_checkMode($ax_args);
-        if (Auth_OpenID_AX::isError($result)) {
-            return $result;
-        }
-
-        $aliases = new Auth_OpenID_NamespaceMap();
-
-        foreach ($ax_args as $key => $value) {
-            if (strpos($key, 'type.') === 0) {
-                $alias = substr($key, 5);
-                $type_uri = $value;
-
-                $alias = $aliases->addAlias($type_uri, $alias);
-
-                if ($alias === null) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("Could not add alias %s for URI %s",
-                              $alias, $type_uri)
-                      );
-                }
-
-                $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias);
-                if ($count_s) {
-                    $count = Auth_OpenID::intval($count_s);
-                    if (($count === false) &&
-                        ($count_s === Auth_OpenID_AX_UNLIMITED_VALUES)) {
-                        $count = $count_s;
-                    }
-                } else {
-                    $count = 1;
-                }
-
-                if ($count === false) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("Integer value expected for %s, got %s",
-                              'count.' . $alias, $count_s));
-                }
-
-                $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count,
-                                                          false, $alias);
-
-                if (Auth_OpenID_AX::isError($attrinfo)) {
-                    return $attrinfo;
-                }
-
-                $this->add($attrinfo);
-            }
-        }
-
-        $required = Auth_OpenID_AX_toTypeURIs($aliases,
-                         Auth_OpenID::arrayGet($ax_args, 'required'));
-
-        foreach ($required as $type_uri) {
-            $attrib = $this->requested_attributes[$type_uri];
-            $attrib->required = true;
-        }
-
-        $if_available = Auth_OpenID_AX_toTypeURIs($aliases,
-                             Auth_OpenID::arrayGet($ax_args, 'if_available'));
-
-        $all_type_uris = array_merge($required, $if_available);
-
-        foreach ($aliases->iterNamespaceURIs() as $type_uri) {
-            if (!in_array($type_uri, $all_type_uris)) {
-                return new Auth_OpenID_AX_Error(
-                  sprintf('Type URI %s was in the request but not ' .
-                          'present in "required" or "if_available"',
-                          $type_uri));
-
-            }
-        }
-
-        $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
-
-        return true;
-    }
-
-    /**
-     * Iterate over the AttrInfo objects that are contained in this
-     * fetch_request.
-     */
-    function iterAttrs()
-    {
-        return array_values($this->requested_attributes);
-    }
-
-    function iterTypes()
-    {
-        return array_keys($this->requested_attributes);
-    }
-
-    /**
-     * Is the given type URI present in this fetch_request?
-     */
-    function contains($type_uri)
-    {
-        return in_array($type_uri, $this->iterTypes());
-    }
-}
-
-/**
- * An abstract class that implements a message that has attribute keys
- * and values. It contains the common code between fetch_response and
- * store_request.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
-
-    function Auth_OpenID_AX_KeyValueMessage()
-    {
-        $this->data = array();
-    }
-
-    /**
-     * Add a single value for the given attribute type to the
-     * message. If there are already values specified for this type,
-     * this value will be sent in addition to the values already
-     * specified.
-     *
-     * @param type_uri: The URI for the attribute
-     * @param value: The value to add to the response to the relying
-     * party for this attribute
-     * @return null
-     */
-    function addValue($type_uri, $value)
-    {
-        if (!array_key_exists($type_uri, $this->data)) {
-            $this->data[$type_uri] = array();
-        }
-
-        $values =& $this->data[$type_uri];
-        $values[] = $value;
-    }
-
-    /**
-     * Set the values for the given attribute type. This replaces any
-     * values that have already been set for this attribute.
-     *
-     * @param type_uri: The URI for the attribute
-     * @param values: A list of values to send for this attribute.
-     */
-    function setValues($type_uri, &$values)
-    {
-        $this->data[$type_uri] =& $values;
-    }
-
-    /**
-     * Get the extension arguments for the key/value pairs contained
-     * in this message.
-     *
-     * @param aliases: An alias mapping. Set to None if you don't care
-     * about the aliases for this request.
-     *
-     * @access private
-     */
-    function _getExtensionKVArgs($aliases)
-    {
-        if ($aliases === null) {
-            $aliases = new Auth_OpenID_NamespaceMap();
-        }
-
-        $ax_args = array();
-
-        foreach ($this->data as $type_uri => $values) {
-            $alias = $aliases->add($type_uri);
-
-            $ax_args['type.' . $alias] = $type_uri;
-            $ax_args['count.' . $alias] = strval(count($values));
-
-            foreach ($values as $i => $value) {
-              $key = sprintf('value.%s.%d', $alias, $i + 1);
-              $ax_args[$key] = $value;
-            }
-        }
-
-        return $ax_args;
-    }
-
-    /**
-     * Parse attribute exchange key/value arguments into this object.
-     *
-     * @param ax_args: The attribute exchange fetch_response
-     * arguments, with namespacing removed.
-     *
-     * @return Auth_OpenID_AX_Error or true
-     */
-    function parseExtensionArgs($ax_args)
-    {
-        $result = $this->_checkMode($ax_args);
-        if (Auth_OpenID_AX::isError($result)) {
-            return $result;
-        }
-
-        $aliases = new Auth_OpenID_NamespaceMap();
-
-        foreach ($ax_args as $key => $value) {
-            if (strpos($key, 'type.') === 0) {
-                $type_uri = $value;
-                $alias = substr($key, 5);
-
-                $result = Auth_OpenID_AX_checkAlias($alias);
-
-                if (Auth_OpenID_AX::isError($result)) {
-                    return $result;
-                }
-
-                $alias = $aliases->addAlias($type_uri, $alias);
-
-                if ($alias === null) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("Could not add alias %s for URI %s",
-                              $alias, $type_uri)
-                      );
-                }
-            }
-        }
-
-        foreach ($aliases->iteritems() as $pair) {
-            list($type_uri, $alias) = $pair;
-
-            if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
-
-                $count_key = 'count.' . $alias;
-                $count_s = $ax_args[$count_key];
-
-                $count = Auth_OpenID::intval($count_s);
-
-                if ($count === false) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("Integer value expected for %s, got %s",
-                              'count. %s' . $alias, $count_s,
-                              Auth_OpenID_AX_UNLIMITED_VALUES)
-                                                    );
-                }
-
-                $values = array();
-                for ($i = 1; $i < $count + 1; $i++) {
-                    $value_key = sprintf('value.%s.%d', $alias, $i);
-
-                    if (!array_key_exists($value_key, $ax_args)) {
-                      return new Auth_OpenID_AX_Error(
-                        sprintf(
-                                "No value found for key %s",
-                                $value_key));
-                    }
-
-                    $value = $ax_args[$value_key];
-                    $values[] = $value;
-                }
-            } else {
-                $key = 'value.' . $alias;
-
-                if (!array_key_exists($key, $ax_args)) {
-                  return new Auth_OpenID_AX_Error(
-                    sprintf(
-                            "No value found for key %s",
-                            $key));
-                }
-
-                $value = $ax_args['value.' . $alias];
-
-                if ($value == '') {
-                    $values = array();
-                } else {
-                    $values = array($value);
-                }
-            }
-
-            $this->data[$type_uri] = $values;
-        }
-
-        return true;
-    }
-
-    /**
-     * Get a single value for an attribute. If no value was sent for
-     * this attribute, use the supplied default. If there is more than
-     * one value for this attribute, this method will fail.
-     *
-     * @param type_uri: The URI for the attribute
-     * @param default: The value to return if the attribute was not
-     * sent in the fetch_response.
-     *
-     * @return $value Auth_OpenID_AX_Error on failure or the value of
-     * the attribute in the fetch_response message, or the default
-     * supplied
-     */
-    function getSingle($type_uri, $default=null)
-    {
-        $values = Auth_OpenID::arrayGet($this->data, $type_uri);
-        if (!$values) {
-            return $default;
-        } else if (count($values) == 1) {
-            return $values[0];
-        } else {
-            return new Auth_OpenID_AX_Error(
-              sprintf('More than one value present for %s',
-                      $type_uri)
-              );
-        }
-    }
-
-    /**
-     * Get the list of values for this attribute in the
-     * fetch_response.
-     *
-     * XXX: what to do if the values are not present? default
-     * parameter? this is funny because it's always supposed to return
-     * a list, so the default may break that, though it's provided by
-     * the user's code, so it might be okay. If no default is
-     * supplied, should the return be None or []?
-     *
-     * @param type_uri: The URI of the attribute
-     *
-     * @return $values The list of values for this attribute in the
-     * response. May be an empty list.  If the attribute was not sent
-     * in the response, returns Auth_OpenID_AX_Error.
-     */
-    function get($type_uri)
-    {
-        if (array_key_exists($type_uri, $this->data)) {
-            return $this->data[$type_uri];
-        } else {
-            return new Auth_OpenID_AX_Error(
-              sprintf("Type URI %s not found in response",
-                      $type_uri)
-              );
-        }
-    }
-
-    /**
-     * Get the number of responses for a particular attribute in this
-     * fetch_response message.
-     *
-     * @param type_uri: The URI of the attribute
-     *
-     * @returns int The number of values sent for this attribute.  If
-     * the attribute was not sent in the response, returns
-     * Auth_OpenID_AX_Error.
-     */
-    function count($type_uri)
-    {
-        if (array_key_exists($type_uri, $this->data)) {
-            return count($this->get($type_uri));
-        } else {
-            return new Auth_OpenID_AX_Error(
-              sprintf("Type URI %s not found in response",
-                      $type_uri)
-              );
-        }
-    }
-}
-
-/**
- * A fetch_response attribute exchange message.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
-    var $mode = 'fetch_response';
-
-    function Auth_OpenID_AX_FetchResponse($update_url=null)
-    {
-        $this->Auth_OpenID_AX_KeyValueMessage();
-        $this->update_url = $update_url;
-    }
-
-    /**
-     * Serialize this object into arguments in the attribute exchange
-     * namespace
-     *
-     * @return $args The dictionary of unqualified attribute exchange
-     * arguments that represent this fetch_response, or
-     * Auth_OpenID_AX_Error on error.
-     */
-    function getExtensionArgs($request=null)
-    {
-        $aliases = new Auth_OpenID_NamespaceMap();
-
-        $zero_value_types = array();
-
-        if ($request !== null) {
-            // Validate the data in the context of the request (the
-            // same attributes should be present in each, and the
-            // counts in the response must be no more than the counts
-            // in the request)
-
-            foreach ($this->data as $type_uri => $unused) {
-                if (!$request->contains($type_uri)) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("Response attribute not present in request: %s",
-                              $type_uri)
-                      );
-                }
-            }
-
-            foreach ($request->iterAttrs() as $attr_info) {
-                // Copy the aliases from the request so that reading
-                // the response in light of the request is easier
-                if ($attr_info->alias === null) {
-                    $aliases->add($attr_info->type_uri);
-                } else {
-                    $alias = $aliases->addAlias($attr_info->type_uri,
-                                                $attr_info->alias);
-
-                    if ($alias === null) {
-                        return new Auth_OpenID_AX_Error(
-                          sprintf("Could not add alias %s for URI %s",
-                                  $attr_info->alias, $attr_info->type_uri)
-                          );
-                    }
-                }
-
-                if (array_key_exists($attr_info->type_uri, $this->data)) {
-                    $values = $this->data[$attr_info->type_uri];
-                } else {
-                    $values = array();
-                    $zero_value_types[] = $attr_info;
-                }
-
-                if (($attr_info->count != Auth_OpenID_AX_UNLIMITED_VALUES) &&
-                    ($attr_info->count < count($values))) {
-                    return new Auth_OpenID_AX_Error(
-                      sprintf("More than the number of requested values " .
-                              "were specified for %s",
-                              $attr_info->type_uri)
-                      );
-                }
-            }
-        }
-
-        $kv_args = $this->_getExtensionKVArgs($aliases);
-
-        // Add the KV args into the response with the args that are
-        // unique to the fetch_response
-        $ax_args = $this->_newArgs();
-
-        // For each requested attribute, put its type/alias and count
-        // into the response even if no data were returned.
-        foreach ($zero_value_types as $attr_info) {
-            $alias = $aliases->getAlias($attr_info->type_uri);
-            $kv_args['type.' . $alias] = $attr_info->type_uri;
-            $kv_args['count.' . $alias] = '0';
-        }
-
-        $update_url = null;
-        if ($request) {
-            $update_url = $request->update_url;
-        } else {
-            $update_url = $this->update_url;
-        }
-
-        if ($update_url) {
-            $ax_args['update_url'] = $update_url;
-        }
-
-        Auth_OpenID::update($ax_args, $kv_args);
-
-        return $ax_args;
-    }
-
-    /**
-     * @return $result Auth_OpenID_AX_Error on failure or true on
-     * success.
-     */
-    function parseExtensionArgs($ax_args)
-    {
-        $result = parent::parseExtensionArgs($ax_args);
-
-        if (Auth_OpenID_AX::isError($result)) {
-            return $result;
-        }
-
-        $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
-
-        return true;
-    }
-
-    /**
-     * Construct a FetchResponse object from an OpenID library
-     * SuccessResponse object.
-     *
-     * @param success_response: A successful id_res response object
-     *
-     * @param signed: Whether non-signed args should be processsed. If
-     * True (the default), only signed arguments will be processsed.
-     *
-     * @return $response A FetchResponse containing the data from the
-     * OpenID message
-     */
-    static function fromSuccessResponse($success_response, $signed=true)
-    {
-        $obj = new Auth_OpenID_AX_FetchResponse();
-        if ($signed) {
-            $ax_args = $success_response->getSignedNS($obj->ns_uri);
-        } else {
-            $ax_args = $success_response->message->getArgs($obj->ns_uri);
-        }
-        if ($ax_args === null || Auth_OpenID::isFailure($ax_args) ||
-              sizeof($ax_args) == 0) {
-            return null;
-        }
-
-        $result = $obj->parseExtensionArgs($ax_args);
-        if (Auth_OpenID_AX::isError($result)) {
-            #XXX log me
-            return null;
-        }
-        return $obj;
-    }
-}
-
-/**
- * A store request attribute exchange message representation.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage {
-    var $mode = 'store_request';
-
-    /**
-     * @param array $aliases The namespace aliases to use when making
-     * this store response. Leave as None to use defaults.
-     */
-    function getExtensionArgs($aliases=null)
-    {
-        $ax_args = $this->_newArgs();
-        $kv_args = $this->_getExtensionKVArgs($aliases);
-        Auth_OpenID::update($ax_args, $kv_args);
-        return $ax_args;
-    }
-}
-
-/**
- * An indication that the store request was processed along with this
- * OpenID transaction.  Use make(), NOT the constructor, to create
- * response objects.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
-    var $SUCCESS_MODE = 'store_response_success';
-    var $FAILURE_MODE = 'store_response_failure';
-
-    /**
-     * Returns Auth_OpenID_AX_Error on error or an
-     * Auth_OpenID_AX_StoreResponse object on success.
-     */
-    function make($succeeded=true, $error_message=null)
-    {
-        if (($succeeded) && ($error_message !== null)) {
-            return new Auth_OpenID_AX_Error('An error message may only be '.
-                                    'included in a failing fetch response');
-        }
-
-        return new Auth_OpenID_AX_StoreResponse($succeeded, $error_message);
-    }
-
-    function Auth_OpenID_AX_StoreResponse($succeeded=true, $error_message=null)
-    {
-        if ($succeeded) {
-            $this->mode = $this->SUCCESS_MODE;
-        } else {
-            $this->mode = $this->FAILURE_MODE;
-        }
-
-        $this->error_message = $error_message;
-    }
-
-    /**
-     * Was this response a success response?
-     */
-    function succeeded()
-    {
-        return $this->mode == $this->SUCCESS_MODE;
-    }
-
-    function getExtensionArgs()
-    {
-        $ax_args = $this->_newArgs();
-        if ((!$this->succeeded()) && $this->error_message) {
-            $ax_args['error'] = $this->error_message;
-        }
-
-        return $ax_args;
-    }
-}
-
diff --git a/lib/Auth/OpenID/Association.php b/lib/Auth/OpenID/Association.php
deleted file mode 100644
index 2729138ebb1ee5886a956dfe810e037e2683f436..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Association.php
+++ /dev/null
@@ -1,610 +0,0 @@
-<?php
-
-/**
- * This module contains code for dealing with associations between
- * consumers and servers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/CryptUtil.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/KVForm.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/HMAC.php';
-
-/**
- * This class represents an association between a server and a
- * consumer.  In general, users of this library will never see
- * instances of this object.  The only exception is if you implement a
- * custom {@link Auth_OpenID_OpenIDStore}.
- *
- * If you do implement such a store, it will need to store the values
- * of the handle, secret, issued, lifetime, and assoc_type instance
- * variables.
- *
- * @package OpenID
- */
-class Auth_OpenID_Association {
-
-    /**
-     * This is a HMAC-SHA1 specific value.
-     *
-     * @access private
-     */
-    var $SIG_LENGTH = 20;
-
-    /**
-     * The ordering and name of keys as stored by serialize.
-     *
-     * @access private
-     */
-    var $assoc_keys = array(
-                            'version',
-                            'handle',
-                            'secret',
-                            'issued',
-                            'lifetime',
-                            'assoc_type'
-                            );
-
-    var $_macs = array(
-                       'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1',
-                       'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256'
-                       );
-
-    /**
-     * This is an alternate constructor (factory method) used by the
-     * OpenID consumer library to create associations.  OpenID store
-     * implementations shouldn't use this constructor.
-     *
-     * @access private
-     *
-     * @param integer $expires_in This is the amount of time this
-     * association is good for, measured in seconds since the
-     * association was issued.
-     *
-     * @param string $handle This is the handle the server gave this
-     * association.
-     *
-     * @param string secret This is the shared secret the server
-     * generated for this association.
-     *
-     * @param assoc_type This is the type of association this
-     * instance represents.  The only valid values of this field at
-     * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may
-     * be defined in the future.
-     *
-     * @return association An {@link Auth_OpenID_Association}
-     * instance.
-     */
-    static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
-    {
-        $issued = time();
-        $lifetime = $expires_in;
-        return new Auth_OpenID_Association($handle, $secret,
-                                           $issued, $lifetime, $assoc_type);
-    }
-
-    /**
-     * This is the standard constructor for creating an association.
-     * The library should create all of the necessary associations, so
-     * this constructor is not part of the external API.
-     *
-     * @access private
-     *
-     * @param string $handle This is the handle the server gave this
-     * association.
-     *
-     * @param string $secret This is the shared secret the server
-     * generated for this association.
-     *
-     * @param integer $issued This is the time this association was
-     * issued, in seconds since 00:00 GMT, January 1, 1970.  (ie, a
-     * unix timestamp)
-     *
-     * @param integer $lifetime This is the amount of time this
-     * association is good for, measured in seconds since the
-     * association was issued.
-     *
-     * @param string $assoc_type This is the type of association this
-     * instance represents.  The only valid values of this field at
-     * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may
-     * be defined in the future.
-     */
-    function Auth_OpenID_Association(
-        $handle, $secret, $issued, $lifetime, $assoc_type)
-    {
-        if (!in_array($assoc_type,
-                      Auth_OpenID_getSupportedAssociationTypes(), true)) {
-            $fmt = 'Unsupported association type (%s)';
-            trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
-        }
-
-        $this->handle = $handle;
-        $this->secret = $secret;
-        $this->issued = $issued;
-        $this->lifetime = $lifetime;
-        $this->assoc_type = $assoc_type;
-    }
-
-    /**
-     * This returns the number of seconds this association is still
-     * valid for, or 0 if the association is no longer valid.
-     *
-     * @return integer $seconds The number of seconds this association
-     * is still valid for, or 0 if the association is no longer valid.
-     */
-    function getExpiresIn($now = null)
-    {
-        if ($now == null) {
-            $now = time();
-        }
-
-        return max(0, $this->issued + $this->lifetime - $now);
-    }
-
-    /**
-     * This checks to see if two {@link Auth_OpenID_Association}
-     * instances represent the same association.
-     *
-     * @return bool $result true if the two instances represent the
-     * same association, false otherwise.
-     */
-    function equal($other)
-    {
-        return ((gettype($this) == gettype($other))
-                && ($this->handle == $other->handle)
-                && ($this->secret == $other->secret)
-                && ($this->issued == $other->issued)
-                && ($this->lifetime == $other->lifetime)
-                && ($this->assoc_type == $other->assoc_type));
-    }
-
-    /**
-     * Convert an association to KV form.
-     *
-     * @return string $result String in KV form suitable for
-     * deserialization by deserialize.
-     */
-    function serialize()
-    {
-        $data = array(
-                     'version' => '2',
-                     'handle' => $this->handle,
-                     'secret' => base64_encode($this->secret),
-                     'issued' => strval(intval($this->issued)),
-                     'lifetime' => strval(intval($this->lifetime)),
-                     'assoc_type' => $this->assoc_type
-                     );
-
-        assert(array_keys($data) == $this->assoc_keys);
-
-        return Auth_OpenID_KVForm::fromArray($data, $strict = true);
-    }
-
-    /**
-     * Parse an association as stored by serialize().  This is the
-     * inverse of serialize.
-     *
-     * @param string $assoc_s Association as serialized by serialize()
-     * @return Auth_OpenID_Association $result instance of this class
-     */
-    static function deserialize($class_name, $assoc_s)
-    {
-        $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
-        $keys = array();
-        $values = array();
-        foreach ($pairs as $key => $value) {
-            if (is_array($value)) {
-                list($key, $value) = $value;
-            }
-            $keys[] = $key;
-            $values[] = $value;
-        }
-
-        $class_vars = get_class_vars($class_name);
-        $class_assoc_keys = $class_vars['assoc_keys'];
-
-        sort($keys);
-        sort($class_assoc_keys);
-
-        if ($keys != $class_assoc_keys) {
-            trigger_error('Unexpected key values: ' . var_export($keys, true),
-                          E_USER_WARNING);
-            return null;
-        }
-
-        $version = $pairs['version'];
-        $handle = $pairs['handle'];
-        $secret = $pairs['secret'];
-        $issued = $pairs['issued'];
-        $lifetime = $pairs['lifetime'];
-        $assoc_type = $pairs['assoc_type'];
-
-        if ($version != '2') {
-            trigger_error('Unknown version: ' . $version, E_USER_WARNING);
-            return null;
-        }
-
-        $issued = intval($issued);
-        $lifetime = intval($lifetime);
-        $secret = base64_decode($secret);
-
-        return new $class_name(
-            $handle, $secret, $issued, $lifetime, $assoc_type);
-    }
-
-    /**
-     * Generate a signature for a sequence of (key, value) pairs
-     *
-     * @access private
-     * @param array $pairs The pairs to sign, in order.  This is an
-     * array of two-tuples.
-     * @return string $signature The binary signature of this sequence
-     * of pairs
-     */
-    function sign($pairs)
-    {
-        $kv = Auth_OpenID_KVForm::fromArray($pairs);
-
-        /* Invalid association types should be caught at constructor */
-        $callback = $this->_macs[$this->assoc_type];
-
-        return call_user_func_array($callback, array($this->secret, $kv));
-    }
-
-    /**
-     * Generate a signature for some fields in a dictionary
-     *
-     * @access private
-     * @param array $fields The fields to sign, in order; this is an
-     * array of strings.
-     * @param array $data Dictionary of values to sign (an array of
-     * string => string pairs).
-     * @return string $signature The signature, base64 encoded
-     */
-    function signMessage($message)
-    {
-        if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') ||
-            $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) {
-            // Already has a sig
-            return null;
-        }
-
-        $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS,
-                                          'assoc_handle');
-
-        if ($extant_handle && ($extant_handle != $this->handle)) {
-            // raise ValueError("Message has a different association handle")
-            return null;
-        }
-
-        $signed_message = $message;
-        $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
-                                $this->handle);
-
-        $message_keys = array_keys($signed_message->toPostArgs());
-        $signed_list = array();
-        $signed_prefix = 'openid.';
-
-        foreach ($message_keys as $k) {
-            if (strpos($k, $signed_prefix) === 0) {
-                $signed_list[] = substr($k, strlen($signed_prefix));
-            }
-        }
-
-        $signed_list[] = 'signed';
-        sort($signed_list);
-
-        $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed',
-                                implode(',', $signed_list));
-        $sig = $this->getMessageSignature($signed_message);
-        $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig);
-        return $signed_message;
-    }
-
-    /**
-     * Given a {@link Auth_OpenID_Message}, return the key/value pairs
-     * to be signed according to the signed list in the message.  If
-     * the message lacks a signed list, return null.
-     *
-     * @access private
-     */
-    function _makePairs($message)
-    {
-        $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
-        if (!$signed || Auth_OpenID::isFailure($signed)) {
-            // raise ValueError('Message has no signed list: %s' % (message,))
-            return null;
-        }
-
-        $signed_list = explode(',', $signed);
-        $pairs = array();
-        $data = $message->toPostArgs();
-        foreach ($signed_list as $field) {
-            $pairs[] = array($field, Auth_OpenID::arrayGet($data,
-                                                           'openid.' .
-                                                           $field, ''));
-        }
-        return $pairs;
-    }
-
-    /**
-     * Given an {@link Auth_OpenID_Message}, return the signature for
-     * the signed list in the message.
-     *
-     * @access private
-     */
-    function getMessageSignature($message)
-    {
-        $pairs = $this->_makePairs($message);
-        return base64_encode($this->sign($pairs));
-    }
-
-    /**
-     * Confirm that the signature of these fields matches the
-     * signature contained in the data.
-     *
-     * @access private
-     */
-    function checkMessageSignature($message)
-    {
-        $sig = $message->getArg(Auth_OpenID_OPENID_NS,
-                                'sig');
-
-        if (!$sig || Auth_OpenID::isFailure($sig)) {
-            return false;
-        }
-
-        $calculated_sig = $this->getMessageSignature($message);
-        return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
-    }
-}
-
-function Auth_OpenID_getSecretSize($assoc_type)
-{
-    if ($assoc_type == 'HMAC-SHA1') {
-        return 20;
-    } else if ($assoc_type == 'HMAC-SHA256') {
-        return 32;
-    } else {
-        return null;
-    }
-}
-
-function Auth_OpenID_getAllAssociationTypes()
-{
-    return array('HMAC-SHA1', 'HMAC-SHA256');
-}
-
-function Auth_OpenID_getSupportedAssociationTypes()
-{
-    $a = array('HMAC-SHA1');
-
-    if (Auth_OpenID_HMACSHA256_SUPPORTED) {
-        $a[] = 'HMAC-SHA256';
-    }
-
-    return $a;
-}
-
-function Auth_OpenID_getSessionTypes($assoc_type)
-{
-    $assoc_to_session = array(
-       'HMAC-SHA1' => array('DH-SHA1', 'no-encryption'));
-
-    if (Auth_OpenID_HMACSHA256_SUPPORTED) {
-        $assoc_to_session['HMAC-SHA256'] =
-            array('DH-SHA256', 'no-encryption');
-    }
-
-    return Auth_OpenID::arrayGet($assoc_to_session, $assoc_type, array());
-}
-
-function Auth_OpenID_checkSessionType($assoc_type, $session_type)
-{
-    if (!in_array($session_type,
-                  Auth_OpenID_getSessionTypes($assoc_type))) {
-        return false;
-    }
-
-    return true;
-}
-
-function Auth_OpenID_getDefaultAssociationOrder()
-{
-    $order = array();
-
-    if (!Auth_OpenID_noMathSupport()) {
-        $order[] = array('HMAC-SHA1', 'DH-SHA1');
-
-        if (Auth_OpenID_HMACSHA256_SUPPORTED) {
-            $order[] = array('HMAC-SHA256', 'DH-SHA256');
-        }
-    }
-
-    $order[] = array('HMAC-SHA1', 'no-encryption');
-
-    if (Auth_OpenID_HMACSHA256_SUPPORTED) {
-        $order[] = array('HMAC-SHA256', 'no-encryption');
-    }
-
-    return $order;
-}
-
-function Auth_OpenID_getOnlyEncryptedOrder()
-{
-    $result = array();
-
-    foreach (Auth_OpenID_getDefaultAssociationOrder() as $pair) {
-        list($assoc, $session) = $pair;
-
-        if ($session != 'no-encryption') {
-            if (Auth_OpenID_HMACSHA256_SUPPORTED &&
-                ($assoc == 'HMAC-SHA256')) {
-                $result[] = $pair;
-            } else if ($assoc != 'HMAC-SHA256') {
-                $result[] = $pair;
-            }
-        }
-    }
-
-    return $result;
-}
-
-function Auth_OpenID_getDefaultNegotiator()
-{
-    return new Auth_OpenID_SessionNegotiator(
-                 Auth_OpenID_getDefaultAssociationOrder());
-}
-
-function Auth_OpenID_getEncryptedNegotiator()
-{
-    return new Auth_OpenID_SessionNegotiator(
-                 Auth_OpenID_getOnlyEncryptedOrder());
-}
-
-/**
- * A session negotiator controls the allowed and preferred association
- * types and association session types. Both the {@link
- * Auth_OpenID_Consumer} and {@link Auth_OpenID_Server} use
- * negotiators when creating associations.
- *
- * You can create and use negotiators if you:
-
- * - Do not want to do Diffie-Hellman key exchange because you use
- * transport-layer encryption (e.g. SSL)
- *
- * - Want to use only SHA-256 associations
- *
- * - Do not want to support plain-text associations over a non-secure
- * channel
- *
- * It is up to you to set a policy for what kinds of associations to
- * accept. By default, the library will make any kind of association
- * that is allowed in the OpenID 2.0 specification.
- *
- * Use of negotiators in the library
- * =================================
- *
- * When a consumer makes an association request, it calls {@link
- * getAllowedType} to get the preferred association type and
- * association session type.
- *
- * The server gets a request for a particular association/session type
- * and calls {@link isAllowed} to determine if it should create an
- * association. If it is supported, negotiation is complete. If it is
- * not, the server calls {@link getAllowedType} to get an allowed
- * association type to return to the consumer.
- *
- * If the consumer gets an error response indicating that the
- * requested association/session type is not supported by the server
- * that contains an assocation/session type to try, it calls {@link
- * isAllowed} to determine if it should try again with the given
- * combination of association/session type.
- *
- * @package OpenID
- */
-class Auth_OpenID_SessionNegotiator {
-    function Auth_OpenID_SessionNegotiator($allowed_types)
-    {
-        $this->allowed_types = array();
-        $this->setAllowedTypes($allowed_types);
-    }
-
-    /**
-     * Set the allowed association types, checking to make sure each
-     * combination is valid.
-     *
-     * @access private
-     */
-    function setAllowedTypes($allowed_types)
-    {
-        foreach ($allowed_types as $pair) {
-            list($assoc_type, $session_type) = $pair;
-            if (!Auth_OpenID_checkSessionType($assoc_type, $session_type)) {
-                return false;
-            }
-        }
-
-        $this->allowed_types = $allowed_types;
-        return true;
-    }
-
-    /**
-     * Add an association type and session type to the allowed types
-     * list. The assocation/session pairs are tried in the order that
-     * they are added.
-     *
-     * @access private
-     */
-    function addAllowedType($assoc_type, $session_type = null)
-    {
-        if ($this->allowed_types === null) {
-            $this->allowed_types = array();
-        }
-
-        if ($session_type === null) {
-            $available = Auth_OpenID_getSessionTypes($assoc_type);
-
-            if (!$available) {
-                return false;
-            }
-
-            foreach ($available as $session_type) {
-                $this->addAllowedType($assoc_type, $session_type);
-            }
-        } else {
-            if (Auth_OpenID_checkSessionType($assoc_type, $session_type)) {
-                $this->allowed_types[] = array($assoc_type, $session_type);
-            } else {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    // Is this combination of association type and session type allowed?
-    function isAllowed($assoc_type, $session_type)
-    {
-        $assoc_good = in_array(array($assoc_type, $session_type),
-                               $this->allowed_types);
-
-        $matches = in_array($session_type,
-                            Auth_OpenID_getSessionTypes($assoc_type));
-
-        return ($assoc_good && $matches);
-    }
-
-    /**
-     * Get a pair of assocation type and session type that are
-     * supported.
-     */
-    function getAllowedType()
-    {
-        if (!$this->allowed_types) {
-            return array(null, null);
-        }
-
-        return $this->allowed_types[0];
-    }
-}
-
diff --git a/lib/Auth/OpenID/BigMath.php b/lib/Auth/OpenID/BigMath.php
deleted file mode 100644
index 58b46bf27b24bdfdf39225a3f19a3ea025e355d4..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/BigMath.php
+++ /dev/null
@@ -1,451 +0,0 @@
-<?php
-
-/**
- * BigMath: A math library wrapper that abstracts out the underlying
- * long integer library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Needed for random number generation
- */
-require_once 'Auth/OpenID/CryptUtil.php';
-
-/**
- * Need Auth_OpenID::bytes().
- */
-require_once 'Auth/OpenID.php';
-
-/**
- * The superclass of all big-integer math implementations
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_MathLibrary {
-    /**
-     * Given a long integer, returns the number converted to a binary
-     * string.  This function accepts long integer values of arbitrary
-     * magnitude and uses the local large-number math library when
-     * available.
-     *
-     * @param integer $long The long number (can be a normal PHP
-     * integer or a number created by one of the available long number
-     * libraries)
-     * @return string $binary The binary version of $long
-     */
-    function longToBinary($long)
-    {
-        $cmp = $this->cmp($long, 0);
-        if ($cmp < 0) {
-            $msg = __FUNCTION__ . " takes only positive integers.";
-            trigger_error($msg, E_USER_ERROR);
-            return null;
-        }
-
-        if ($cmp == 0) {
-            return "\x00";
-        }
-
-        $bytes = array();
-
-        while ($this->cmp($long, 0) > 0) {
-            array_unshift($bytes, $this->mod($long, 256));
-            $long = $this->div($long, pow(2, 8));
-        }
-
-        if ($bytes && ($bytes[0] > 127)) {
-            array_unshift($bytes, 0);
-        }
-
-        $string = '';
-        foreach ($bytes as $byte) {
-            $string .= pack('C', $byte);
-        }
-
-        return $string;
-    }
-
-    /**
-     * Given a binary string, returns the binary string converted to a
-     * long number.
-     *
-     * @param string $binary The binary version of a long number,
-     * probably as a result of calling longToBinary
-     * @return integer $long The long number equivalent of the binary
-     * string $str
-     */
-    function binaryToLong($str)
-    {
-        if ($str === null) {
-            return null;
-        }
-
-        // Use array_merge to return a zero-indexed array instead of a
-        // one-indexed array.
-        $bytes = array_merge(unpack('C*', $str));
-
-        $n = $this->init(0);
-
-        if ($bytes && ($bytes[0] > 127)) {
-            trigger_error("bytesToNum works only for positive integers.",
-                          E_USER_WARNING);
-            return null;
-        }
-
-        foreach ($bytes as $byte) {
-            $n = $this->mul($n, pow(2, 8));
-            $n = $this->add($n, $byte);
-        }
-
-        return $n;
-    }
-
-    function base64ToLong($str)
-    {
-        $b64 = base64_decode($str);
-
-        if ($b64 === false) {
-            return false;
-        }
-
-        return $this->binaryToLong($b64);
-    }
-
-    function longToBase64($str)
-    {
-        return base64_encode($this->longToBinary($str));
-    }
-
-    /**
-     * Returns a random number in the specified range.  This function
-     * accepts $start, $stop, and $step values of arbitrary magnitude
-     * and will utilize the local large-number math library when
-     * available.
-     *
-     * @param integer $start The start of the range, or the minimum
-     * random number to return
-     * @param integer $stop The end of the range, or the maximum
-     * random number to return
-     * @param integer $step The step size, such that $result - ($step
-     * * N) = $start for some N
-     * @return integer $result The resulting randomly-generated number
-     */
-    function rand($stop)
-    {
-        static $duplicate_cache = array();
-
-        // Used as the key for the duplicate cache
-        $rbytes = $this->longToBinary($stop);
-
-        if (array_key_exists($rbytes, $duplicate_cache)) {
-            list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
-        } else {
-            if ($rbytes[0] == "\x00") {
-                $nbytes = Auth_OpenID::bytes($rbytes) - 1;
-            } else {
-                $nbytes = Auth_OpenID::bytes($rbytes);
-            }
-
-            $mxrand = $this->pow(256, $nbytes);
-
-            // If we get a number less than this, then it is in the
-            // duplicated range.
-            $duplicate = $this->mod($mxrand, $stop);
-
-            if (count($duplicate_cache) > 10) {
-                $duplicate_cache = array();
-            }
-
-            $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
-        }
-
-        do {
-            $bytes = "\x00" . Auth_OpenID_CryptUtil::getBytes($nbytes);
-            $n = $this->binaryToLong($bytes);
-            // Keep looping if this value is in the low duplicated range
-        } while ($this->cmp($n, $duplicate) < 0);
-
-        return $this->mod($n, $stop);
-    }
-}
-
-/**
- * Exposes BCmath math library functionality.
- *
- * {@link Auth_OpenID_BcMathWrapper} wraps the functionality provided
- * by the BCMath extension.
- *
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{
-    var $type = 'bcmath';
-
-    function add($x, $y)
-    {
-        return bcadd($x, $y);
-    }
-
-    function sub($x, $y)
-    {
-        return bcsub($x, $y);
-    }
-
-    function pow($base, $exponent)
-    {
-        return bcpow($base, $exponent);
-    }
-
-    function cmp($x, $y)
-    {
-        return bccomp($x, $y);
-    }
-
-    function init($number, $base = 10)
-    {
-        return $number;
-    }
-
-    function mod($base, $modulus)
-    {
-        return bcmod($base, $modulus);
-    }
-
-    function mul($x, $y)
-    {
-        return bcmul($x, $y);
-    }
-
-    function div($x, $y)
-    {
-        return bcdiv($x, $y);
-    }
-
-    /**
-     * Same as bcpowmod when bcpowmod is missing
-     *
-     * @access private
-     */
-    function _powmod($base, $exponent, $modulus)
-    {
-        $square = $this->mod($base, $modulus);
-        $result = 1;
-        while($this->cmp($exponent, 0) > 0) {
-            if ($this->mod($exponent, 2)) {
-                $result = $this->mod($this->mul($result, $square), $modulus);
-            }
-            $square = $this->mod($this->mul($square, $square), $modulus);
-            $exponent = $this->div($exponent, 2);
-        }
-        return $result;
-    }
-
-    function powmod($base, $exponent, $modulus)
-    {
-        if (function_exists('bcpowmod')) {
-            return bcpowmod($base, $exponent, $modulus);
-        } else {
-            return $this->_powmod($base, $exponent, $modulus);
-        }
-    }
-
-    function toString($num)
-    {
-        return $num;
-    }
-}
-
-/**
- * Exposes GMP math library functionality.
- *
- * {@link Auth_OpenID_GmpMathWrapper} wraps the functionality provided
- * by the GMP extension.
- *
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_GmpMathWrapper extends Auth_OpenID_MathLibrary{
-    var $type = 'gmp';
-
-    function add($x, $y)
-    {
-        return gmp_add($x, $y);
-    }
-
-    function sub($x, $y)
-    {
-        return gmp_sub($x, $y);
-    }
-
-    function pow($base, $exponent)
-    {
-        return gmp_pow($base, $exponent);
-    }
-
-    function cmp($x, $y)
-    {
-        return gmp_cmp($x, $y);
-    }
-
-    function init($number, $base = 10)
-    {
-        return gmp_init($number, $base);
-    }
-
-    function mod($base, $modulus)
-    {
-        return gmp_mod($base, $modulus);
-    }
-
-    function mul($x, $y)
-    {
-        return gmp_mul($x, $y);
-    }
-
-    function div($x, $y)
-    {
-        return gmp_div_q($x, $y);
-    }
-
-    function powmod($base, $exponent, $modulus)
-    {
-        return gmp_powm($base, $exponent, $modulus);
-    }
-
-    function toString($num)
-    {
-        return gmp_strval($num);
-    }
-}
-
-/**
- * Define the supported extensions.  An extension array has keys
- * 'modules', 'extension', and 'class'.  'modules' is an array of PHP
- * module names which the loading code will attempt to load.  These
- * values will be suffixed with a library file extension (e.g. ".so").
- * 'extension' is the name of a PHP extension which will be tested
- * before 'modules' are loaded.  'class' is the string name of a
- * {@link Auth_OpenID_MathWrapper} subclass which should be
- * instantiated if a given extension is present.
- *
- * You can define new math library implementations and add them to
- * this array.
- */
-function Auth_OpenID_math_extensions()
-{
-    $result = array();
-
-    if (!defined('Auth_OpenID_BUGGY_GMP')) {
-        $result[] =
-            array('modules' => array('gmp', 'php_gmp'),
-                  'extension' => 'gmp',
-                  'class' => 'Auth_OpenID_GmpMathWrapper');
-    }
-
-    $result[] = array('modules' => array('bcmath', 'php_bcmath'),
-                      'extension' => 'bcmath',
-                      'class' => 'Auth_OpenID_BcMathWrapper');
-
-    return $result;
-}
-
-/**
- * Detect which (if any) math library is available
- */
-function Auth_OpenID_detectMathLibrary($exts)
-{
-    $loaded = false;
-
-    foreach ($exts as $extension) {
-        if (extension_loaded($extension['extension'])) {
-            return $extension;
-        }
-    }
-
-    return false;
-}
-
-/**
- * {@link Auth_OpenID_getMathLib} checks for the presence of long
- * number extension modules and returns an instance of
- * {@link Auth_OpenID_MathWrapper} which exposes the module's
- * functionality.
- *
- * Checks for the existence of an extension module described by the
- * result of {@link Auth_OpenID_math_extensions()} and returns an
- * instance of a wrapper for that extension module.  If no extension
- * module is found, an instance of {@link Auth_OpenID_MathWrapper} is
- * returned, which wraps the native PHP integer implementation.  The
- * proper calling convention for this method is $lib =
- * Auth_OpenID_getMathLib().
- *
- * This function checks for the existence of specific long number
- * implementations in the following order: GMP followed by BCmath.
- *
- * @return Auth_OpenID_MathWrapper $instance An instance of
- * {@link Auth_OpenID_MathWrapper} or one of its subclasses
- *
- * @package OpenID
- */
-function Auth_OpenID_getMathLib()
-{
-    // The instance of Auth_OpenID_MathWrapper that we choose to
-    // supply will be stored here, so that subseqent calls to this
-    // method will return a reference to the same object.
-    static $lib = null;
-
-    if (isset($lib)) {
-        return $lib;
-    }
-
-    if (Auth_OpenID_noMathSupport()) {
-        $null = null;
-        return $null;
-    }
-
-    // If this method has not been called before, look at
-    // Auth_OpenID_math_extensions and try to find an extension that
-    // works.
-    $ext = Auth_OpenID_detectMathLibrary(Auth_OpenID_math_extensions());
-    if ($ext === false) {
-        $tried = array();
-        foreach (Auth_OpenID_math_extensions() as $extinfo) {
-            $tried[] = $extinfo['extension'];
-        }
-        $triedstr = implode(", ", $tried);
-
-        Auth_OpenID_setNoMathSupport();
-
-        $result = null;
-        return $result;
-    }
-
-    // Instantiate a new wrapper
-    $class = $ext['class'];
-    $lib = new $class();
-
-    return $lib;
-}
-
-function Auth_OpenID_setNoMathSupport()
-{
-    if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
-        define('Auth_OpenID_NO_MATH_SUPPORT', true);
-    }
-}
-
-function Auth_OpenID_noMathSupport()
-{
-    return defined('Auth_OpenID_NO_MATH_SUPPORT');
-}
-
-
diff --git a/lib/Auth/OpenID/Consumer.php b/lib/Auth/OpenID/Consumer.php
deleted file mode 100644
index d562e33f354823498e55109b8670256e92672093..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Consumer.php
+++ /dev/null
@@ -1,2236 +0,0 @@
-<?php
-
-/**
- * This module documents the main interface with the OpenID consumer
- * library.  The only part of the library which has to be used and
- * isn't documented in full here is the store required to create an
- * Auth_OpenID_Consumer instance.  More on the abstract store type and
- * concrete implementations of it that are provided in the
- * documentation for the Auth_OpenID_Consumer constructor.
- *
- * OVERVIEW
- *
- * The OpenID identity verification process most commonly uses the
- * following steps, as visible to the user of this library:
- *
- *   1. The user enters their OpenID into a field on the consumer's
- *      site, and hits a login button.
- *   2. The consumer site discovers the user's OpenID server using the
- *      YADIS protocol.
- *   3. The consumer site sends the browser a redirect to the identity
- *      server.  This is the authentication request as described in
- *      the OpenID specification.
- *   4. The identity server's site sends the browser a redirect back
- *      to the consumer site.  This redirect contains the server's
- *      response to the authentication request.
- *
- * The most important part of the flow to note is the consumer's site
- * must handle two separate HTTP requests in order to perform the full
- * identity check.
- *
- * LIBRARY DESIGN
- * 
- * This consumer library is designed with that flow in mind.  The goal
- * is to make it as easy as possible to perform the above steps
- * securely.
- *
- * At a high level, there are two important parts in the consumer
- * library.  The first important part is this module, which contains
- * the interface to actually use this library.  The second is the
- * Auth_OpenID_Interface class, which describes the interface to use
- * if you need to create a custom method for storing the state this
- * library needs to maintain between requests.
- *
- * In general, the second part is less important for users of the
- * library to know about, as several implementations are provided
- * which cover a wide variety of situations in which consumers may use
- * the library.
- *
- * This module contains a class, Auth_OpenID_Consumer, with methods
- * corresponding to the actions necessary in each of steps 2, 3, and 4
- * described in the overview.  Use of this library should be as easy
- * as creating an Auth_OpenID_Consumer instance and calling the
- * methods appropriate for the action the site wants to take.
- *
- * STORES AND DUMB MODE
- *
- * OpenID is a protocol that works best when the consumer site is able
- * to store some state.  This is the normal mode of operation for the
- * protocol, and is sometimes referred to as smart mode.  There is
- * also a fallback mode, known as dumb mode, which is available when
- * the consumer site is not able to store state.  This mode should be
- * avoided when possible, as it leaves the implementation more
- * vulnerable to replay attacks.
- *
- * The mode the library works in for normal operation is determined by
- * the store that it is given.  The store is an abstraction that
- * handles the data that the consumer needs to manage between http
- * requests in order to operate efficiently and securely.
- *
- * Several store implementation are provided, and the interface is
- * fully documented so that custom stores can be used as well.  See
- * the documentation for the Auth_OpenID_Consumer class for more
- * information on the interface for stores.  The implementations that
- * are provided allow the consumer site to store the necessary data in
- * several different ways, including several SQL databases and normal
- * files on disk.
- *
- * There is an additional concrete store provided that puts the system
- * in dumb mode.  This is not recommended, as it removes the library's
- * ability to stop replay attacks reliably.  It still uses time-based
- * checking to make replay attacks only possible within a small
- * window, but they remain possible within that window.  This store
- * should only be used if the consumer site has no way to retain data
- * between requests at all.
- *
- * IMMEDIATE MODE
- *
- * In the flow described above, the user may need to confirm to the
- * lidentity server that it's ok to authorize his or her identity.
- * The server may draw pages asking for information from the user
- * before it redirects the browser back to the consumer's site.  This
- * is generally transparent to the consumer site, so it is typically
- * ignored as an implementation detail.
- *
- * There can be times, however, where the consumer site wants to get a
- * response immediately.  When this is the case, the consumer can put
- * the library in immediate mode.  In immediate mode, there is an
- * extra response possible from the server, which is essentially the
- * server reporting that it doesn't have enough information to answer
- * the question yet.
- *
- * USING THIS LIBRARY
- *
- * Integrating this library into an application is usually a
- * relatively straightforward process.  The process should basically
- * follow this plan:
- *
- * Add an OpenID login field somewhere on your site.  When an OpenID
- * is entered in that field and the form is submitted, it should make
- * a request to the your site which includes that OpenID URL.
- *
- * First, the application should instantiate the Auth_OpenID_Consumer
- * class using the store of choice (Auth_OpenID_FileStore or one of
- * the SQL-based stores).  If the application has a custom
- * session-management implementation, an object implementing the
- * {@link Auth_Yadis_PHPSession} interface should be passed as the
- * second parameter.  Otherwise, the default uses $_SESSION.
- *
- * Next, the application should call the Auth_OpenID_Consumer object's
- * 'begin' method.  This method takes the OpenID URL.  The 'begin'
- * method returns an Auth_OpenID_AuthRequest object.
- *
- * Next, the application should call the 'redirectURL' method of the
- * Auth_OpenID_AuthRequest object.  The 'return_to' URL parameter is
- * the URL that the OpenID server will send the user back to after
- * attempting to verify his or her identity.  The 'trust_root' is the
- * URL (or URL pattern) that identifies your web site to the user when
- * he or she is authorizing it.  Send a redirect to the resulting URL
- * to the user's browser.
- *
- * That's the first half of the authentication process.  The second
- * half of the process is done after the user's ID server sends the
- * user's browser a redirect back to your site to complete their
- * login.
- *
- * When that happens, the user will contact your site at the URL given
- * as the 'return_to' URL to the Auth_OpenID_AuthRequest::redirectURL
- * call made above.  The request will have several query parameters
- * added to the URL by the identity server as the information
- * necessary to finish the request.
- *
- * Lastly, instantiate an Auth_OpenID_Consumer instance as above and
- * call its 'complete' method, passing in all the received query
- * arguments.
- *
- * There are multiple possible return types possible from that
- * method. These indicate the whether or not the login was successful,
- * and include any additional information appropriate for their type.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require utility classes and functions for the consumer.
- */
-require_once "Auth/OpenID.php";
-require_once "Auth/OpenID/Message.php";
-require_once "Auth/OpenID/HMAC.php";
-require_once "Auth/OpenID/Association.php";
-require_once "Auth/OpenID/CryptUtil.php";
-require_once "Auth/OpenID/DiffieHellman.php";
-require_once "Auth/OpenID/KVForm.php";
-require_once "Auth/OpenID/Nonce.php";
-require_once "Auth/OpenID/Discover.php";
-require_once "Auth/OpenID/URINorm.php";
-require_once "Auth/Yadis/Manager.php";
-require_once "Auth/Yadis/XRI.php";
-
-/**
- * This is the status code returned when the complete method returns
- * successfully.
- */
-define('Auth_OpenID_SUCCESS', 'success');
-
-/**
- * Status to indicate cancellation of OpenID authentication.
- */
-define('Auth_OpenID_CANCEL', 'cancel');
-
-/**
- * This is the status code completeAuth returns when the value it
- * received indicated an invalid login.
- */
-define('Auth_OpenID_FAILURE', 'failure');
-
-/**
- * This is the status code completeAuth returns when the
- * {@link Auth_OpenID_Consumer} instance is in immediate mode, and the
- * identity server sends back a URL to send the user to to complete his
- * or her login.
- */
-define('Auth_OpenID_SETUP_NEEDED', 'setup needed');
-
-/**
- * This is the status code beginAuth returns when the page fetched
- * from the entered OpenID URL doesn't contain the necessary link tags
- * to function as an identity page.
- */
-define('Auth_OpenID_PARSE_ERROR', 'parse error');
-
-/**
- * An OpenID consumer implementation that performs discovery and does
- * session management.  See the Consumer.php file documentation for
- * more information.
- *
- * @package OpenID
- */
-class Auth_OpenID_Consumer {
-
-    /**
-     * @access private
-     */
-    var $discoverMethod = 'Auth_OpenID_discover';
-
-    /**
-     * @access private
-     */
-    var $session_key_prefix = "_openid_consumer_";
-
-    /**
-     * @access private
-     */
-    var $_token_suffix = "last_token";
-
-    /**
-     * Initialize a Consumer instance.
-     *
-     * You should create a new instance of the Consumer object with
-     * every HTTP request that handles OpenID transactions.
-     *
-     * @param Auth_OpenID_OpenIDStore $store This must be an object
-     * that implements the interface in {@link
-     * Auth_OpenID_OpenIDStore}.  Several concrete implementations are
-     * provided, to cover most common use cases.  For stores backed by
-     * MySQL, PostgreSQL, or SQLite, see the {@link
-     * Auth_OpenID_SQLStore} class and its sublcasses.  For a
-     * filesystem-backed store, see the {@link Auth_OpenID_FileStore}
-     * module.  As a last resort, if it isn't possible for the server
-     * to store state at all, an instance of {@link
-     * Auth_OpenID_DumbStore} can be used.
-     *
-     * @param mixed $session An object which implements the interface
-     * of the {@link Auth_Yadis_PHPSession} class.  Particularly, this
-     * object is expected to have these methods: get($key), set($key),
-     * $value), and del($key).  This defaults to a session object
-     * which wraps PHP's native session machinery.  You should only
-     * need to pass something here if you have your own sessioning
-     * implementation.
-     *
-     * @param str $consumer_cls The name of the class to instantiate
-     * when creating the internal consumer object.  This is used for
-     * testing.
-     */
-    function Auth_OpenID_Consumer($store, $session = null,
-                                  $consumer_cls = null)
-    {
-        if ($session === null) {
-            $session = new Auth_Yadis_PHPSession();
-        }
-
-        $this->session = $session;
-
-        if ($consumer_cls !== null) {
-            $this->consumer = new $consumer_cls($store);
-        } else {
-            $this->consumer = new Auth_OpenID_GenericConsumer($store);
-        }
-
-        $this->_token_key = $this->session_key_prefix . $this->_token_suffix;
-    }
-
-    /**
-     * Used in testing to define the discovery mechanism.
-     *
-     * @access private
-     */
-    function getDiscoveryObject($session, $openid_url,
-                                $session_key_prefix)
-    {
-        return new Auth_Yadis_Discovery($session, $openid_url,
-                                        $session_key_prefix);
-    }
-
-    /**
-     * Start the OpenID authentication process. See steps 1-2 in the
-     * overview at the top of this file.
-     *
-     * @param string $user_url Identity URL given by the user. This
-     * method performs a textual transformation of the URL to try and
-     * make sure it is normalized. For example, a user_url of
-     * example.com will be normalized to http://example.com/
-     * normalizing and resolving any redirects the server might issue.
-     *
-     * @param bool $anonymous True if the OpenID request is to be sent
-     * to the server without any identifier information.  Use this
-     * when you want to transport data but don't want to do OpenID
-     * authentication with identifiers.
-     *
-     * @return Auth_OpenID_AuthRequest $auth_request An object
-     * containing the discovered information will be returned, with a
-     * method for building a redirect URL to the server, as described
-     * in step 3 of the overview. This object may also be used to add
-     * extension arguments to the request, using its 'addExtensionArg'
-     * method.
-     */
-    function begin($user_url, $anonymous=false)
-    {
-        $openid_url = $user_url;
-
-        $disco = $this->getDiscoveryObject($this->session,
-                                           $openid_url,
-                                           $this->session_key_prefix);
-
-        // Set the 'stale' attribute of the manager.  If discovery
-        // fails in a fatal way, the stale flag will cause the manager
-        // to be cleaned up next time discovery is attempted.
-
-        $m = $disco->getManager();
-        $loader = new Auth_Yadis_ManagerLoader();
-
-        if ($m) {
-            if ($m->stale) {
-                $disco->destroyManager();
-            } else {
-                $m->stale = true;
-                $disco->session->set($disco->session_key,
-                                     serialize($loader->toSession($m)));
-            }
-        }
-
-        $endpoint = $disco->getNextService($this->discoverMethod,
-                                           $this->consumer->fetcher);
-
-        // Reset the 'stale' attribute of the manager.
-        $m = $disco->getManager();
-        if ($m) {
-            $m->stale = false;
-            $disco->session->set($disco->session_key,
-                                 serialize($loader->toSession($m)));
-        }
-
-        if ($endpoint === null) {
-            return null;
-        } else {
-            return $this->beginWithoutDiscovery($endpoint,
-                                                $anonymous);
-        }
-    }
-
-    /**
-     * Start OpenID verification without doing OpenID server
-     * discovery. This method is used internally by Consumer.begin
-     * after discovery is performed, and exists to provide an
-     * interface for library users needing to perform their own
-     * discovery.
-     *
-     * @param Auth_OpenID_ServiceEndpoint $endpoint an OpenID service
-     * endpoint descriptor.
-     *
-     * @param bool anonymous Set to true if you want to perform OpenID
-     * without identifiers.
-     *
-     * @return Auth_OpenID_AuthRequest $auth_request An OpenID
-     * authentication request object.
-     */
-    function beginWithoutDiscovery($endpoint, $anonymous=false)
-    {
-        $loader = new Auth_OpenID_ServiceEndpointLoader();
-        $auth_req = $this->consumer->begin($endpoint);
-        $this->session->set($this->_token_key,
-              $loader->toSession($auth_req->endpoint));
-        if (!$auth_req->setAnonymous($anonymous)) {
-            return new Auth_OpenID_FailureResponse(null,
-              "OpenID 1 requests MUST include the identifier " .
-              "in the request.");
-        }
-        return $auth_req;
-    }
-
-    /**
-     * Called to interpret the server's response to an OpenID
-     * request. It is called in step 4 of the flow described in the
-     * consumer overview.
-     *
-     * @param string $current_url The URL used to invoke the application.
-     * Extract the URL from your application's web
-     * request framework and specify it here to have it checked
-     * against the openid.current_url value in the response.  If
-     * the current_url URL check fails, the status of the
-     * completion will be FAILURE.
-     *
-     * @param array $query An array of the query parameters (key =>
-     * value pairs) for this HTTP request.  Defaults to null.  If
-     * null, the GET or POST data are automatically gotten from the
-     * PHP environment.  It is only useful to override $query for
-     * testing.
-     *
-     * @return Auth_OpenID_ConsumerResponse $response A instance of an
-     * Auth_OpenID_ConsumerResponse subclass. The type of response is
-     * indicated by the status attribute, which will be one of
-     * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED.
-     */
-    function complete($current_url, $query=null)
-    {
-        if ($current_url && !is_string($current_url)) {
-            // This is ugly, but we need to complain loudly when
-            // someone uses the API incorrectly.
-            trigger_error("current_url must be a string; see NEWS file " .
-                          "for upgrading notes.",
-                          E_USER_ERROR);
-        }
-
-        if ($query === null) {
-            $query = Auth_OpenID::getQuery();
-        }
-
-        $loader = new Auth_OpenID_ServiceEndpointLoader();
-        $endpoint_data = $this->session->get($this->_token_key);
-        $endpoint =
-            $loader->fromSession($endpoint_data);
-
-        $message = Auth_OpenID_Message::fromPostArgs($query);
-        $response = $this->consumer->complete($message, $endpoint, 
-                                              $current_url);
-        $this->session->del($this->_token_key);
-
-        if (in_array($response->status, array(Auth_OpenID_SUCCESS,
-                                              Auth_OpenID_CANCEL))) {
-            if ($response->identity_url !== null) {
-                $disco = $this->getDiscoveryObject($this->session,
-                                                   $response->identity_url,
-                                                   $this->session_key_prefix);
-                $disco->cleanup(true);
-            }
-        }
-
-        return $response;
-    }
-}
-
-/**
- * A class implementing HMAC/DH-SHA1 consumer sessions.
- *
- * @package OpenID
- */
-class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
-    var $session_type = 'DH-SHA1';
-    var $hash_func = 'Auth_OpenID_SHA1';
-    var $secret_size = 20;
-    var $allowed_assoc_types = array('HMAC-SHA1');
-
-    function Auth_OpenID_DiffieHellmanSHA1ConsumerSession($dh = null)
-    {
-        if ($dh === null) {
-            $dh = new Auth_OpenID_DiffieHellman();
-        }
-
-        $this->dh = $dh;
-    }
-
-    function getRequest()
-    {
-        $math = Auth_OpenID_getMathLib();
-
-        $cpub = $math->longToBase64($this->dh->public);
-
-        $args = array('dh_consumer_public' => $cpub);
-
-        if (!$this->dh->usingDefaultValues()) {
-            $args = array_merge($args, array(
-                'dh_modulus' =>
-                     $math->longToBase64($this->dh->mod),
-                'dh_gen' =>
-                     $math->longToBase64($this->dh->gen)));
-        }
-
-        return $args;
-    }
-
-    function extractSecret($response)
-    {
-        if (!$response->hasKey(Auth_OpenID_OPENID_NS,
-                               'dh_server_public')) {
-            return null;
-        }
-
-        if (!$response->hasKey(Auth_OpenID_OPENID_NS,
-                               'enc_mac_key')) {
-            return null;
-        }
-
-        $math = Auth_OpenID_getMathLib();
-
-        $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS,
-                                                      'dh_server_public'));
-        $enc_mac_key = base64_decode($response->getArg(Auth_OpenID_OPENID_NS,
-                                                       'enc_mac_key'));
-
-        return $this->dh->xorSecret($spub, $enc_mac_key, $this->hash_func);
-    }
-}
-
-/**
- * A class implementing HMAC/DH-SHA256 consumer sessions.
- *
- * @package OpenID
- */
-class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends
-      Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
-    var $session_type = 'DH-SHA256';
-    var $hash_func = 'Auth_OpenID_SHA256';
-    var $secret_size = 32;
-    var $allowed_assoc_types = array('HMAC-SHA256');
-}
-
-/**
- * A class implementing plaintext consumer sessions.
- *
- * @package OpenID
- */
-class Auth_OpenID_PlainTextConsumerSession {
-    var $session_type = 'no-encryption';
-    var $allowed_assoc_types =  array('HMAC-SHA1', 'HMAC-SHA256');
-
-    function getRequest()
-    {
-        return array();
-    }
-
-    function extractSecret($response)
-    {
-        if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) {
-            return null;
-        }
-
-        return base64_decode($response->getArg(Auth_OpenID_OPENID_NS,
-                                               'mac_key'));
-    }
-}
-
-/**
- * Returns available session types.
- */
-function Auth_OpenID_getAvailableSessionTypes()
-{
-    $types = array(
-      'no-encryption' => 'Auth_OpenID_PlainTextConsumerSession',
-      'DH-SHA1' => 'Auth_OpenID_DiffieHellmanSHA1ConsumerSession',
-      'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ConsumerSession');
-
-    return $types;
-}
-
-/**
- * This class is the interface to the OpenID consumer logic.
- * Instances of it maintain no per-request state, so they can be
- * reused (or even used by multiple threads concurrently) as needed.
- *
- * @package OpenID
- */
-class Auth_OpenID_GenericConsumer {
-    /**
-     * @access private
-     */
-    var $discoverMethod = 'Auth_OpenID_discover';
-
-    /**
-     * This consumer's store object.
-     */
-    var $store;
-
-    /**
-     * @access private
-     */
-    var $_use_assocs;
-
-    /**
-     * @access private
-     */
-    var $openid1_nonce_query_arg_name = 'janrain_nonce';
-
-    /**
-     * Another query parameter that gets added to the return_to for
-     * OpenID 1; if the user's session state is lost, use this claimed
-     * identifier to do discovery when verifying the response.
-     */
-    var $openid1_return_to_identifier_name = 'openid1_claimed_id';
-
-    /**
-     * This method initializes a new {@link Auth_OpenID_Consumer}
-     * instance to access the library.
-     *
-     * @param Auth_OpenID_OpenIDStore $store This must be an object
-     * that implements the interface in {@link Auth_OpenID_OpenIDStore}.
-     * Several concrete implementations are provided, to cover most common use
-     * cases.  For stores backed by MySQL, PostgreSQL, or SQLite, see
-     * the {@link Auth_OpenID_SQLStore} class and its sublcasses.  For a
-     * filesystem-backed store, see the {@link Auth_OpenID_FileStore} module.
-     * As a last resort, if it isn't possible for the server to store
-     * state at all, an instance of {@link Auth_OpenID_DumbStore} can be used.
-     *
-     * @param bool $immediate This is an optional boolean value.  It
-     * controls whether the library uses immediate mode, as explained
-     * in the module description.  The default value is False, which
-     * disables immediate mode.
-     */
-    function Auth_OpenID_GenericConsumer($store)
-    {
-        $this->store = $store;
-        $this->negotiator = Auth_OpenID_getDefaultNegotiator();
-        $this->_use_assocs = (is_null($this->store) ? false : true);
-
-        $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
-
-        $this->session_types = Auth_OpenID_getAvailableSessionTypes();
-    }
-
-    /**
-     * Called to begin OpenID authentication using the specified
-     * {@link Auth_OpenID_ServiceEndpoint}.
-     *
-     * @access private
-     */
-    function begin($service_endpoint)
-    {
-        $assoc = $this->_getAssociation($service_endpoint);
-        $r = new Auth_OpenID_AuthRequest($service_endpoint, $assoc);
-        $r->return_to_args[$this->openid1_nonce_query_arg_name] =
-            Auth_OpenID_mkNonce();
-
-        if ($r->message->isOpenID1()) {
-            $r->return_to_args[$this->openid1_return_to_identifier_name] =
-                $r->endpoint->claimed_id;
-        }
-
-        return $r;
-    }
-
-    /**
-     * Given an {@link Auth_OpenID_Message}, {@link
-     * Auth_OpenID_ServiceEndpoint} and optional return_to URL,
-     * complete OpenID authentication.
-     *
-     * @access private
-     */
-    function complete($message, $endpoint, $return_to)
-    {
-        $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
-                                 '<no mode set>');
-
-        $mode_methods = array(
-                              'cancel' => '_complete_cancel',
-                              'error' => '_complete_error',
-                              'setup_needed' => '_complete_setup_needed',
-                              'id_res' => '_complete_id_res',
-                              );
-
-        $method = Auth_OpenID::arrayGet($mode_methods, $mode,
-                                        '_completeInvalid');
-
-        return call_user_func_array(array($this, $method),
-                                    array($message, &$endpoint, $return_to));
-    }
-
-    /**
-     * @access private
-     */
-    function _completeInvalid($message, $endpoint, $unused)
-    {
-        $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
-                                 '<No mode set>');
-
-        return new Auth_OpenID_FailureResponse($endpoint,
-                    sprintf("Invalid openid.mode '%s'", $mode));
-    }
-
-    /**
-     * @access private
-     */
-    function _complete_cancel($message, $endpoint, $unused)
-    {
-        return new Auth_OpenID_CancelResponse($endpoint);
-    }
-
-    /**
-     * @access private
-     */
-    function _complete_error($message, $endpoint, $unused)
-    {
-        $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error');
-        $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact');
-        $reference = $message->getArg(Auth_OpenID_OPENID_NS, 'reference');
-
-        return new Auth_OpenID_FailureResponse($endpoint, $error,
-                                               $contact, $reference);
-    }
-
-    /**
-     * @access private
-     */
-    function _complete_setup_needed($message, $endpoint, $unused)
-    {
-        if (!$message->isOpenID2()) {
-            return $this->_completeInvalid($message, $endpoint);
-        }
-
-        $user_setup_url = $message->getArg(Auth_OpenID_OPENID2_NS,
-                                           'user_setup_url');
-        return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url);
-    }
-
-    /**
-     * @access private
-     */
-    function _complete_id_res($message, $endpoint, $return_to)
-    {
-        $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
-                                           'user_setup_url');
-
-        if ($this->_checkSetupNeeded($message)) {
-            return new Auth_OpenID_SetupNeededResponse(
-                $endpoint, $user_setup_url);
-        } else {
-            return $this->_doIdRes($message, $endpoint, $return_to);
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _checkSetupNeeded($message)
-    {
-        // In OpenID 1, we check to see if this is a cancel from
-        // immediate mode by the presence of the user_setup_url
-        // parameter.
-        if ($message->isOpenID1()) {
-            $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
-                                               'user_setup_url');
-            if ($user_setup_url !== null) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * @access private
-     */
-    function _doIdRes($message, $endpoint, $return_to)
-    {
-        // Checks for presence of appropriate fields (and checks
-        // signed list fields)
-        $result = $this->_idResCheckForFields($message);
-
-        if (Auth_OpenID::isFailure($result)) {
-            return $result;
-        }
-
-        if (!$this->_checkReturnTo($message, $return_to)) {
-            return new Auth_OpenID_FailureResponse(null,
-            sprintf("return_to does not match return URL. Expected %s, got %s",
-                    $return_to,
-                    $message->getArg(Auth_OpenID_OPENID_NS, 'return_to')));
-        }
-
-        // Verify discovery information:
-        $result = $this->_verifyDiscoveryResults($message, $endpoint);
-
-        if (Auth_OpenID::isFailure($result)) {
-            return $result;
-        }
-
-        $endpoint = $result;
-
-        $result = $this->_idResCheckSignature($message,
-                                              $endpoint->server_url);
-
-        if (Auth_OpenID::isFailure($result)) {
-            return $result;
-        }
-
-        $result = $this->_idResCheckNonce($message, $endpoint);
-
-        if (Auth_OpenID::isFailure($result)) {
-            return $result;
-        }
-
-        $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed',
-                                            Auth_OpenID_NO_DEFAULT);
-        if (Auth_OpenID::isFailure($signed_list_str)) {
-            return $signed_list_str;
-        }
-        $signed_list = explode(',', $signed_list_str);
-
-        $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid.");
-
-        return new Auth_OpenID_SuccessResponse($endpoint, $message,
-                                               $signed_fields);
-
-    }
-
-    /**
-     * @access private
-     */
-    function _checkReturnTo($message, $return_to)
-    {
-        // Check an OpenID message and its openid.return_to value
-        // against a return_to URL from an application.  Return True
-        // on success, False on failure.
-
-        // Check the openid.return_to args against args in the
-        // original message.
-        $result = Auth_OpenID_GenericConsumer::_verifyReturnToArgs(
-                                           $message->toPostArgs());
-        if (Auth_OpenID::isFailure($result)) {
-            return false;
-        }
-
-        // Check the return_to base URL against the one in the
-        // message.
-        $msg_return_to = $message->getArg(Auth_OpenID_OPENID_NS,
-                                          'return_to');
-        if (Auth_OpenID::isFailure($return_to)) {
-            // XXX log me
-            return false;
-        }
-
-        $return_to_parts = parse_url(Auth_OpenID_urinorm($return_to));
-        $msg_return_to_parts = parse_url(Auth_OpenID_urinorm($msg_return_to));
-
-        // If port is absent from both, add it so it's equal in the
-        // check below.
-        if ((!array_key_exists('port', $return_to_parts)) &&
-            (!array_key_exists('port', $msg_return_to_parts))) {
-            $return_to_parts['port'] = null;
-            $msg_return_to_parts['port'] = null;
-        }
-
-        // If path is absent from both, add it so it's equal in the
-        // check below.
-        if ((!array_key_exists('path', $return_to_parts)) &&
-            (!array_key_exists('path', $msg_return_to_parts))) {
-            $return_to_parts['path'] = null;
-            $msg_return_to_parts['path'] = null;
-        }
-
-        // The URL scheme, authority, and path MUST be the same
-        // between the two URLs.
-        foreach (array('scheme', 'host', 'port', 'path') as $component) {
-            // If the url component is absent in either URL, fail.
-            // There should always be a scheme, host, port, and path.
-            if (!array_key_exists($component, $return_to_parts)) {
-                return false;
-            }
-
-            if (!array_key_exists($component, $msg_return_to_parts)) {
-                return false;
-            }
-
-            if (Auth_OpenID::arrayGet($return_to_parts, $component) !==
-                Auth_OpenID::arrayGet($msg_return_to_parts, $component)) {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * @access private
-     */
-    function _verifyReturnToArgs($query)
-    {
-        // Verify that the arguments in the return_to URL are present in this
-        // response.
-
-        $message = Auth_OpenID_Message::fromPostArgs($query);
-        $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
-
-        if (Auth_OpenID::isFailure($return_to)) {
-            return $return_to;
-        }
-        // XXX: this should be checked by _idResCheckForFields
-        if (!$return_to) {
-            return new Auth_OpenID_FailureResponse(null,
-                           "Response has no return_to");
-        }
-
-        $parsed_url = parse_url($return_to);
-
-        $q = array();
-        if (array_key_exists('query', $parsed_url)) {
-            $rt_query = $parsed_url['query'];
-            $q = Auth_OpenID::parse_str($rt_query);
-        }
-
-        foreach ($q as $rt_key => $rt_value) {
-            if (!array_key_exists($rt_key, $query)) {
-                return new Auth_OpenID_FailureResponse(null,
-                  sprintf("return_to parameter %s absent from query", $rt_key));
-            } else {
-                $value = $query[$rt_key];
-                if ($rt_value != $value) {
-                    return new Auth_OpenID_FailureResponse(null,
-                      sprintf("parameter %s value %s does not match " .
-                              "return_to value %s", $rt_key,
-                              $value, $rt_value));
-                }
-            }
-        }
-
-        // Make sure all non-OpenID arguments in the response are also
-        // in the signed return_to.
-        $bare_args = $message->getArgs(Auth_OpenID_BARE_NS);
-        foreach ($bare_args as $key => $value) {
-            if (Auth_OpenID::arrayGet($q, $key) != $value) {
-                return new Auth_OpenID_FailureResponse(null,
-                  sprintf("Parameter %s = %s not in return_to URL",
-                          $key, $value));
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * @access private
-     */
-    function _idResCheckSignature($message, $server_url)
-    {
-        $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS,
-                                         'assoc_handle');
-        if (Auth_OpenID::isFailure($assoc_handle)) {
-            return $assoc_handle;
-        }
-
-        $assoc = $this->store->getAssociation($server_url, $assoc_handle);
-
-        if ($assoc) {
-            if ($assoc->getExpiresIn() <= 0) {
-                // XXX: It might be a good idea sometimes to re-start
-                // the authentication with a new association. Doing it
-                // automatically opens the possibility for
-                // denial-of-service by a server that just returns
-                // expired associations (or really short-lived
-                // associations)
-                return new Auth_OpenID_FailureResponse(null,
-                             'Association with ' . $server_url . ' expired');
-            }
-
-            if (!$assoc->checkMessageSignature($message)) {
-                // If we get a "bad signature" here, it means that the association
-                // is unrecoverabley corrupted in some way. Any futher attempts
-                // to login with this association is likely to fail. Drop it.
-                $this->store->removeAssociation($server_url, $assoc_handle);
-                return new Auth_OpenID_FailureResponse(null,
-                                                       "Bad signature");
-            }
-        } else {
-            // It's not an association we know about.  Stateless mode
-            // is our only possible path for recovery.  XXX - async
-            // framework will not want to block on this call to
-            // _checkAuth.
-            if (!$this->_checkAuth($message, $server_url)) {
-                return new Auth_OpenID_FailureResponse(null,
-                             "Server denied check_authentication");
-            }
-        }
-
-        return null;
-    }
-
-    /**
-     * @access private
-     */
-    function _verifyDiscoveryResults($message, $endpoint=null)
-    {
-        if ($message->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS) {
-            return $this->_verifyDiscoveryResultsOpenID2($message,
-                                                         $endpoint);
-        } else {
-            return $this->_verifyDiscoveryResultsOpenID1($message,
-                                                         $endpoint);
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _verifyDiscoveryResultsOpenID1($message, $endpoint)
-    {
-        $claimed_id = $message->getArg(Auth_OpenID_BARE_NS,
-                                $this->openid1_return_to_identifier_name);
-
-        if (($endpoint === null) && ($claimed_id === null)) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-              'When using OpenID 1, the claimed ID must be supplied, ' .
-              'either by passing it through as a return_to parameter ' .
-              'or by using a session, and supplied to the GenericConsumer ' .
-              'as the argument to complete()');
-        } else if (($endpoint !== null) && ($claimed_id === null)) {
-            $claimed_id = $endpoint->claimed_id;
-        }
-
-        $to_match = new Auth_OpenID_ServiceEndpoint();
-        $to_match->type_uris = array(Auth_OpenID_TYPE_1_1);
-        $to_match->local_id = $message->getArg(Auth_OpenID_OPENID1_NS,
-                                               'identity');
-
-        // Restore delegate information from the initiation phase
-        $to_match->claimed_id = $claimed_id;
-
-        if ($to_match->local_id === null) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-                         "Missing required field openid.identity");
-        }
-
-        $to_match_1_0 = $to_match->copy();
-        $to_match_1_0->type_uris = array(Auth_OpenID_TYPE_1_0);
-
-        if ($endpoint !== null) {
-            $result = $this->_verifyDiscoverySingle($endpoint, $to_match);
-
-            if (is_a($result, 'Auth_OpenID_TypeURIMismatch')) {
-                $result = $this->_verifyDiscoverySingle($endpoint,
-                                                        $to_match_1_0);
-            }
-
-            if (Auth_OpenID::isFailure($result)) {
-                // oidutil.log("Error attempting to use stored
-                //             discovery information: " + str(e))
-                //             oidutil.log("Attempting discovery to
-                //             verify endpoint")
-            } else {
-                return $endpoint;
-            }
-        }
-
-        // Endpoint is either bad (failed verification) or None
-        return $this->_discoverAndVerify($to_match->claimed_id,
-                                         array($to_match, $to_match_1_0));
-    }
-
-    /**
-     * @access private
-     */
-    function _verifyDiscoverySingle($endpoint, $to_match)
-    {
-        // Every type URI that's in the to_match endpoint has to be
-        // present in the discovered endpoint.
-        foreach ($to_match->type_uris as $type_uri) {
-            if (!$endpoint->usesExtension($type_uri)) {
-                return new Auth_OpenID_TypeURIMismatch($endpoint,
-                             "Required type ".$type_uri." not present");
-            }
-        }
-
-        // Fragments do not influence discovery, so we can't compare a
-        // claimed identifier with a fragment to discovered
-        // information.
-        list($defragged_claimed_id, $_) =
-            Auth_OpenID::urldefrag($to_match->claimed_id);
-
-        if ($defragged_claimed_id != $endpoint->claimed_id) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-              sprintf('Claimed ID does not match (different subjects!), ' .
-                      'Expected %s, got %s', $defragged_claimed_id,
-                      $endpoint->claimed_id));
-        }
-
-        if ($to_match->getLocalID() != $endpoint->getLocalID()) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-              sprintf('local_id mismatch. Expected %s, got %s',
-                      $to_match->getLocalID(), $endpoint->getLocalID()));
-        }
-
-        // If the server URL is None, this must be an OpenID 1
-        // response, because op_endpoint is a required parameter in
-        // OpenID 2. In that case, we don't actually care what the
-        // discovered server_url is, because signature checking or
-        // check_auth should take care of that check for us.
-        if ($to_match->server_url === null) {
-            if ($to_match->preferredNamespace() != Auth_OpenID_OPENID1_NS) {
-                return new Auth_OpenID_FailureResponse($endpoint,
-                             "Preferred namespace mismatch (bug)");
-            }
-        } else if ($to_match->server_url != $endpoint->server_url) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-              sprintf('OP Endpoint mismatch. Expected %s, got %s',
-                      $to_match->server_url, $endpoint->server_url));
-        }
-
-        return null;
-    }
-
-    /**
-     * @access private
-     */
-    function _verifyDiscoveryResultsOpenID2($message, $endpoint)
-    {
-        $to_match = new Auth_OpenID_ServiceEndpoint();
-        $to_match->type_uris = array(Auth_OpenID_TYPE_2_0);
-        $to_match->claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS,
-                                                 'claimed_id');
-
-        $to_match->local_id = $message->getArg(Auth_OpenID_OPENID2_NS,
-                                                'identity');
-
-        $to_match->server_url = $message->getArg(Auth_OpenID_OPENID2_NS,
-                                                 'op_endpoint');
-
-        if ($to_match->server_url === null) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-                         "OP Endpoint URL missing");
-        }
-
-        // claimed_id and identifier must both be present or both be
-        // absent
-        if (($to_match->claimed_id === null) &&
-            ($to_match->local_id !== null)) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-              'openid.identity is present without openid.claimed_id');
-        }
-
-        if (($to_match->claimed_id !== null) &&
-            ($to_match->local_id === null)) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-              'openid.claimed_id is present without openid.identity');
-        }
-
-        if ($to_match->claimed_id === null) {
-            // This is a response without identifiers, so there's
-            // really no checking that we can do, so return an
-            // endpoint that's for the specified `openid.op_endpoint'
-            return Auth_OpenID_ServiceEndpoint::fromOPEndpointURL(
-                                                $to_match->server_url);
-        }
-
-        if (!$endpoint) {
-            // The claimed ID doesn't match, so we have to do
-            // discovery again. This covers not using sessions, OP
-            // identifier endpoints and responses that didn't match
-            // the original request.
-            // oidutil.log('No pre-discovered information supplied.')
-            return $this->_discoverAndVerify($to_match->claimed_id,
-                                             array($to_match));
-        } else {
-
-            // The claimed ID matches, so we use the endpoint that we
-            // discovered in initiation. This should be the most
-            // common case.
-            $result = $this->_verifyDiscoverySingle($endpoint, $to_match);
-
-            if (Auth_OpenID::isFailure($result)) {
-                $endpoint = $this->_discoverAndVerify($to_match->claimed_id,
-                                                      array($to_match));
-                if (Auth_OpenID::isFailure($endpoint)) {
-                    return $endpoint;
-                }
-            }
-        }
-
-        // The endpoint we return should have the claimed ID from the
-        // message we just verified, fragment and all.
-        if ($endpoint->claimed_id != $to_match->claimed_id) {
-            $endpoint->claimed_id = $to_match->claimed_id;
-        }
-
-        return $endpoint;
-    }
-
-    /**
-     * @access private
-     */
-    function _discoverAndVerify($claimed_id, $to_match_endpoints)
-    {
-        // oidutil.log('Performing discovery on %s' % (claimed_id,))
-        list($unused, $services) = call_user_func_array($this->discoverMethod,
-                                                        array(
-                                                            $claimed_id,
-                                                            &$this->fetcher,
-                                                        ));
-
-        if (!$services) {
-            return new Auth_OpenID_FailureResponse(null,
-              sprintf("No OpenID information found at %s",
-                      $claimed_id));
-        }
-
-        return $this->_verifyDiscoveryServices($claimed_id, $services,
-                                               $to_match_endpoints);
-    }
-
-    /**
-     * @access private
-     */
-    function _verifyDiscoveryServices($claimed_id, 
-                                      $services, $to_match_endpoints)
-    {
-        // Search the services resulting from discovery to find one
-        // that matches the information from the assertion
-
-        foreach ($services as $endpoint) {
-            foreach ($to_match_endpoints as $to_match_endpoint) {
-                $result = $this->_verifyDiscoverySingle($endpoint, 
-                                                        $to_match_endpoint);
-
-                if (!Auth_OpenID::isFailure($result)) {
-                    // It matches, so discover verification has
-                    // succeeded. Return this endpoint.
-                    return $endpoint;
-                }
-            }
-        }
-
-        return new Auth_OpenID_FailureResponse(null,
-          sprintf('No matching endpoint found after discovering %s: %s',
-                  $claimed_id, $result->message));
-    }
-
-    /**
-     * Extract the nonce from an OpenID 1 response.  Return the nonce
-     * from the BARE_NS since we independently check the return_to
-     * arguments are the same as those in the response message.
-     *
-     * See the openid1_nonce_query_arg_name class variable
-     *
-     * @returns $nonce The nonce as a string or null
-     *
-     * @access private
-     */
-    function _idResGetNonceOpenID1($message, $endpoint)
-    {
-        return $message->getArg(Auth_OpenID_BARE_NS,
-                                $this->openid1_nonce_query_arg_name);
-    }
-
-    /**
-     * @access private
-     */
-    function _idResCheckNonce($message, $endpoint)
-    {
-        if ($message->isOpenID1()) {
-            // This indicates that the nonce was generated by the consumer
-            $nonce = $this->_idResGetNonceOpenID1($message, $endpoint);
-            $server_url = '';
-        } else {
-            $nonce = $message->getArg(Auth_OpenID_OPENID2_NS,
-                                      'response_nonce');
-
-            $server_url = $endpoint->server_url;
-        }
-
-        if ($nonce === null) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-                                     "Nonce missing from response");
-        }
-
-        $parts = Auth_OpenID_splitNonce($nonce);
-
-        if ($parts === null) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-                                     "Malformed nonce in response");
-        }
-
-        list($timestamp, $salt) = $parts;
-
-        if (!$this->store->useNonce($server_url, $timestamp, $salt)) {
-            return new Auth_OpenID_FailureResponse($endpoint,
-                         "Nonce already used or out of range");
-        }
-
-        return null;
-    }
-
-    /**
-     * @access private
-     */
-    function _idResCheckForFields($message)
-    {
-        $basic_fields = array('return_to', 'assoc_handle', 'sig', 'signed');
-        $basic_sig_fields = array('return_to', 'identity');
-
-        $require_fields = array(
-            Auth_OpenID_OPENID2_NS => array_merge($basic_fields,
-                                                  array('op_endpoint')),
-
-            Auth_OpenID_OPENID1_NS => array_merge($basic_fields,
-                                                  array('identity'))
-            );
-
-        $require_sigs = array(
-            Auth_OpenID_OPENID2_NS => array_merge($basic_sig_fields,
-                                                  array('response_nonce',
-                                                        'claimed_id',
-                                                        'assoc_handle',
-                                                        'op_endpoint')),
-            Auth_OpenID_OPENID1_NS => array_merge($basic_sig_fields,
-                                                  array('nonce'))
-            );
-
-        foreach ($require_fields[$message->getOpenIDNamespace()] as $field) {
-            if (!$message->hasKey(Auth_OpenID_OPENID_NS, $field)) {
-                return new Auth_OpenID_FailureResponse(null,
-                             "Missing required field '".$field."'");
-            }
-        }
-
-        $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS,
-                                            'signed',
-                                            Auth_OpenID_NO_DEFAULT);
-        if (Auth_OpenID::isFailure($signed_list_str)) {
-            return $signed_list_str;
-        }
-        $signed_list = explode(',', $signed_list_str);
-
-        foreach ($require_sigs[$message->getOpenIDNamespace()] as $field) {
-            // Field is present and not in signed list
-            if ($message->hasKey(Auth_OpenID_OPENID_NS, $field) &&
-                (!in_array($field, $signed_list))) {
-                return new Auth_OpenID_FailureResponse(null,
-                             "'".$field."' not signed");
-            }
-        }
-
-        return null;
-    }
-
-    /**
-     * @access private
-     */
-    function _checkAuth($message, $server_url)
-    {
-        $request = $this->_createCheckAuthRequest($message);
-        if ($request === null) {
-            return false;
-        }
-
-        $resp_message = $this->_makeKVPost($request, $server_url);
-        if (($resp_message === null) ||
-            (is_a($resp_message, 'Auth_OpenID_ServerErrorContainer'))) {
-            return false;
-        }
-
-        return $this->_processCheckAuthResponse($resp_message, $server_url);
-    }
-
-    /**
-     * @access private
-     */
-    function _createCheckAuthRequest($message)
-    {
-        $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
-        if ($signed) {
-            foreach (explode(',', $signed) as $k) {
-                $value = $message->getAliasedArg($k);
-                if ($value === null) {
-                    return null;
-                }
-            }
-        }
-        $ca_message = $message->copy();
-        $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode', 
-                            'check_authentication');
-        return $ca_message;
-    }
-
-    /**
-     * @access private
-     */
-    function _processCheckAuthResponse($response, $server_url)
-    {
-        $is_valid = $response->getArg(Auth_OpenID_OPENID_NS, 'is_valid',
-                                      'false');
-
-        $invalidate_handle = $response->getArg(Auth_OpenID_OPENID_NS,
-                                               'invalidate_handle');
-
-        if ($invalidate_handle !== null) {
-            $this->store->removeAssociation($server_url,
-                                            $invalidate_handle);
-        }
-
-        if ($is_valid == 'true') {
-            return true;
-        }
-
-        return false;
-    }
-
-    /**
-     * Adapt a POST response to a Message.
-     *
-     * @param $response Result of a POST to an OpenID endpoint.
-     *
-     * @access private
-     */
-    static function _httpResponseToMessage($response, $server_url)
-    {
-        // Should this function be named Message.fromHTTPResponse instead?
-        $response_message = Auth_OpenID_Message::fromKVForm($response->body);
-
-        if ($response->status == 400) {
-            return Auth_OpenID_ServerErrorContainer::fromMessage(
-                        $response_message);
-        } else if ($response->status != 200 and $response->status != 206) {
-            return null;
-        }
-
-        return $response_message;
-    }
-
-    /**
-     * @access private
-     */
-    function _makeKVPost($message, $server_url)
-    {
-        $body = $message->toURLEncoded();
-        $resp = $this->fetcher->post($server_url, $body);
-
-        if ($resp === null) {
-            return null;
-        }
-
-        return $this->_httpResponseToMessage($resp, $server_url);
-    }
-
-    /**
-     * @access private
-     */
-    function _getAssociation($endpoint)
-    {
-        if (!$this->_use_assocs) {
-            return null;
-        }
-
-        $assoc = $this->store->getAssociation($endpoint->server_url);
-
-        if (($assoc === null) ||
-            ($assoc->getExpiresIn() <= 0)) {
-
-            $assoc = $this->_negotiateAssociation($endpoint);
-
-            if ($assoc !== null) {
-                $this->store->storeAssociation($endpoint->server_url,
-                                               $assoc);
-            }
-        }
-
-        return $assoc;
-    }
-
-    /**
-     * Handle ServerErrors resulting from association requests.
-     *
-     * @return $result If server replied with an C{unsupported-type}
-     * error, return a tuple of supported C{association_type},
-     * C{session_type}.  Otherwise logs the error and returns null.
-     *
-     * @access private
-     */
-    function _extractSupportedAssociationType($server_error, $endpoint,
-                                              $assoc_type)
-    {
-        // Any error message whose code is not 'unsupported-type'
-        // should be considered a total failure.
-        if (($server_error->error_code != 'unsupported-type') ||
-            ($server_error->message->isOpenID1())) {
-            return null;
-        }
-
-        // The server didn't like the association/session type that we
-        // sent, and it sent us back a message that might tell us how
-        // to handle it.
-
-        // Extract the session_type and assoc_type from the error
-        // message
-        $assoc_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS,
-                                                     'assoc_type');
-
-        $session_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS,
-                                                       'session_type');
-
-        if (($assoc_type === null) || ($session_type === null)) {
-            return null;
-        } else if (!$this->negotiator->isAllowed($assoc_type,
-                                                 $session_type)) {
-            return null;
-        } else {
-          return array($assoc_type, $session_type);
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _negotiateAssociation($endpoint)
-    {
-        // Get our preferred session/association type from the negotiatior.
-        list($assoc_type, $session_type) = $this->negotiator->getAllowedType();
-
-        $assoc = $this->_requestAssociation(
-                           $endpoint, $assoc_type, $session_type);
-
-        if (Auth_OpenID::isFailure($assoc)) {
-            return null;
-        }
-
-        if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) {
-            $why = $assoc;
-
-            $supportedTypes = $this->_extractSupportedAssociationType(
-                                     $why, $endpoint, $assoc_type);
-
-            if ($supportedTypes !== null) {
-                list($assoc_type, $session_type) = $supportedTypes;
-
-                // Attempt to create an association from the assoc_type
-                // and session_type that the server told us it
-                // supported.
-                $assoc = $this->_requestAssociation(
-                                   $endpoint, $assoc_type, $session_type);
-
-                if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) {
-                    // Do not keep trying, since it rejected the
-                    // association type that it told us to use.
-                    // oidutil.log('Server %s refused its suggested association
-                    //             'type: session_type=%s, assoc_type=%s'
-                    //             % (endpoint.server_url, session_type,
-                    //                assoc_type))
-                    return null;
-                } else {
-                    return $assoc;
-                }
-            } else {
-                return null;
-            }
-        } else {
-            return $assoc;
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _requestAssociation($endpoint, $assoc_type, $session_type)
-    {
-        list($assoc_session, $args) = $this->_createAssociateRequest(
-                                      $endpoint, $assoc_type, $session_type);
-
-        $response_message = $this->_makeKVPost($args, $endpoint->server_url);
-
-        if ($response_message === null) {
-            // oidutil.log('openid.associate request failed: %s' % (why[0],))
-            return null;
-        } else if (is_a($response_message,
-                        'Auth_OpenID_ServerErrorContainer')) {
-            return $response_message;
-        }
-
-        return $this->_extractAssociation($response_message, $assoc_session);
-    }
-
-    /**
-     * @access private
-     */
-    function _extractAssociation($assoc_response, $assoc_session)
-    {
-        // Extract the common fields from the response, raising an
-        // exception if they are not found
-        $assoc_type = $assoc_response->getArg(
-                         Auth_OpenID_OPENID_NS, 'assoc_type',
-                         Auth_OpenID_NO_DEFAULT);
-
-        if (Auth_OpenID::isFailure($assoc_type)) {
-            return $assoc_type;
-        }
-
-        $assoc_handle = $assoc_response->getArg(
-                           Auth_OpenID_OPENID_NS, 'assoc_handle',
-                           Auth_OpenID_NO_DEFAULT);
-
-        if (Auth_OpenID::isFailure($assoc_handle)) {
-            return $assoc_handle;
-        }
-
-        // expires_in is a base-10 string. The Python parsing will
-        // accept literals that have whitespace around them and will
-        // accept negative values. Neither of these are really in-spec,
-        // but we think it's OK to accept them.
-        $expires_in_str = $assoc_response->getArg(
-                             Auth_OpenID_OPENID_NS, 'expires_in',
-                             Auth_OpenID_NO_DEFAULT);
-
-        if (Auth_OpenID::isFailure($expires_in_str)) {
-            return $expires_in_str;
-        }
-
-        $expires_in = Auth_OpenID::intval($expires_in_str);
-        if ($expires_in === false) {
-            
-            $err = sprintf("Could not parse expires_in from association ".
-                           "response %s", print_r($assoc_response, true));
-            return new Auth_OpenID_FailureResponse(null, $err);
-        }
-
-        // OpenID 1 has funny association session behaviour.
-        if ($assoc_response->isOpenID1()) {
-            $session_type = $this->_getOpenID1SessionType($assoc_response);
-        } else {
-            $session_type = $assoc_response->getArg(
-                               Auth_OpenID_OPENID2_NS, 'session_type',
-                               Auth_OpenID_NO_DEFAULT);
-
-            if (Auth_OpenID::isFailure($session_type)) {
-                return $session_type;
-            }
-        }
-
-        // Session type mismatch
-        if ($assoc_session->session_type != $session_type) {
-            if ($assoc_response->isOpenID1() &&
-                ($session_type == 'no-encryption')) {
-                // In OpenID 1, any association request can result in
-                // a 'no-encryption' association response. Setting
-                // assoc_session to a new no-encryption session should
-                // make the rest of this function work properly for
-                // that case.
-                $assoc_session = new Auth_OpenID_PlainTextConsumerSession();
-            } else {
-                // Any other mismatch, regardless of protocol version
-                // results in the failure of the association session
-                // altogether.
-                return null;
-            }
-        }
-
-        // Make sure assoc_type is valid for session_type
-        if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) {
-            return null;
-        }
-
-        // Delegate to the association session to extract the secret
-        // from the response, however is appropriate for that session
-        // type.
-        $secret = $assoc_session->extractSecret($assoc_response);
-
-        if ($secret === null) {
-            return null;
-        }
-
-        return Auth_OpenID_Association::fromExpiresIn(
-                 $expires_in, $assoc_handle, $secret, $assoc_type);
-    }
-
-    /**
-     * @access private
-     */
-    function _createAssociateRequest($endpoint, $assoc_type, $session_type)
-    {
-        if (array_key_exists($session_type, $this->session_types)) {
-            $session_type_class = $this->session_types[$session_type];
-
-            if (is_callable($session_type_class)) {
-                $assoc_session = $session_type_class();
-            } else {
-                $assoc_session = new $session_type_class();
-            }
-        } else {
-            return null;
-        }
-
-        $args = array(
-            'mode' => 'associate',
-            'assoc_type' => $assoc_type);
-
-        if (!$endpoint->compatibilityMode()) {
-            $args['ns'] = Auth_OpenID_OPENID2_NS;
-        }
-
-        // Leave out the session type if we're in compatibility mode
-        // *and* it's no-encryption.
-        if ((!$endpoint->compatibilityMode()) ||
-            ($assoc_session->session_type != 'no-encryption')) {
-            $args['session_type'] = $assoc_session->session_type;
-        }
-
-        $args = array_merge($args, $assoc_session->getRequest());
-        $message = Auth_OpenID_Message::fromOpenIDArgs($args);
-        return array($assoc_session, $message);
-    }
-
-    /**
-     * Given an association response message, extract the OpenID 1.X
-     * session type.
-     *
-     * This function mostly takes care of the 'no-encryption' default
-     * behavior in OpenID 1.
-     *
-     * If the association type is plain-text, this function will
-     * return 'no-encryption'
-     *
-     * @access private
-     * @return $typ The association type for this message
-     */
-    function _getOpenID1SessionType($assoc_response)
-    {
-        // If it's an OpenID 1 message, allow session_type to default
-        // to None (which signifies "no-encryption")
-        $session_type = $assoc_response->getArg(Auth_OpenID_OPENID1_NS,
-                                                'session_type');
-
-        // Handle the differences between no-encryption association
-        // respones in OpenID 1 and 2:
-
-        // no-encryption is not really a valid session type for OpenID
-        // 1, but we'll accept it anyway, while issuing a warning.
-        if ($session_type == 'no-encryption') {
-            // oidutil.log('WARNING: OpenID server sent "no-encryption"'
-            //             'for OpenID 1.X')
-        } else if (($session_type == '') || ($session_type === null)) {
-            // Missing or empty session type is the way to flag a
-            // 'no-encryption' response. Change the session type to
-            // 'no-encryption' so that it can be handled in the same
-            // way as OpenID 2 'no-encryption' respones.
-            $session_type = 'no-encryption';
-        }
-
-        return $session_type;
-    }
-}
-
-/**
- * This class represents an authentication request from a consumer to
- * an OpenID server.
- *
- * @package OpenID
- */
-class Auth_OpenID_AuthRequest {
-
-    /**
-     * Initialize an authentication request with the specified token,
-     * association, and endpoint.
-     *
-     * Users of this library should not create instances of this
-     * class.  Instances of this class are created by the library when
-     * needed.
-     */
-    function Auth_OpenID_AuthRequest($endpoint, $assoc)
-    {
-        $this->assoc = $assoc;
-        $this->endpoint = $endpoint;
-        $this->return_to_args = array();
-        $this->message = new Auth_OpenID_Message(
-            $endpoint->preferredNamespace());
-        $this->_anonymous = false;
-    }
-
-    /**
-     * Add an extension to this checkid request.
-     *
-     * $extension_request: An object that implements the extension
-     * request interface for adding arguments to an OpenID message.
-     */
-    function addExtension($extension_request)
-    {
-        $extension_request->toMessage($this->message);
-    }
-
-    /**
-     * Add an extension argument to this OpenID authentication
-     * request.
-     *
-     * Use caution when adding arguments, because they will be
-     * URL-escaped and appended to the redirect URL, which can easily
-     * get quite long.
-     *
-     * @param string $namespace The namespace for the extension. For
-     * example, the simple registration extension uses the namespace
-     * 'sreg'.
-     *
-     * @param string $key The key within the extension namespace. For
-     * example, the nickname field in the simple registration
-     * extension's key is 'nickname'.
-     *
-     * @param string $value The value to provide to the server for
-     * this argument.
-     */
-    function addExtensionArg($namespace, $key, $value)
-    {
-        return $this->message->setArg($namespace, $key, $value);
-    }
-
-    /**
-     * Set whether this request should be made anonymously. If a
-     * request is anonymous, the identifier will not be sent in the
-     * request. This is only useful if you are making another kind of
-     * request with an extension in this request.
-     *
-     * Anonymous requests are not allowed when the request is made
-     * with OpenID 1.
-     */
-    function setAnonymous($is_anonymous)
-    {
-        if ($is_anonymous && $this->message->isOpenID1()) {
-            return false;
-        } else {
-            $this->_anonymous = $is_anonymous;
-            return true;
-        }
-    }
-
-    /**
-     * Produce a {@link Auth_OpenID_Message} representing this
-     * request.
-     *
-     * @param string $realm The URL (or URL pattern) that identifies
-     * your web site to the user when she is authorizing it.
-     *
-     * @param string $return_to The URL that the OpenID provider will
-     * send the user back to after attempting to verify her identity.
-     *
-     * Not specifying a return_to URL means that the user will not be
-     * returned to the site issuing the request upon its completion.
-     *
-     * @param bool $immediate If true, the OpenID provider is to send
-     * back a response immediately, useful for behind-the-scenes
-     * authentication attempts.  Otherwise the OpenID provider may
-     * engage the user before providing a response.  This is the
-     * default case, as the user may need to provide credentials or
-     * approve the request before a positive response can be sent.
-     */
-    function getMessage($realm, $return_to=null, $immediate=false)
-    {
-        if ($return_to) {
-            $return_to = Auth_OpenID::appendArgs($return_to,
-                                                 $this->return_to_args);
-        } else if ($immediate) {
-            // raise ValueError(
-            //     '"return_to" is mandatory when
-            //using "checkid_immediate"')
-            return new Auth_OpenID_FailureResponse(null,
-              "'return_to' is mandatory when using checkid_immediate");
-        } else if ($this->message->isOpenID1()) {
-            // raise ValueError('"return_to" is
-            // mandatory for OpenID 1 requests')
-            return new Auth_OpenID_FailureResponse(null,
-              "'return_to' is mandatory for OpenID 1 requests");
-        } else if ($this->return_to_args) {
-            // raise ValueError('extra "return_to" arguments
-            // were specified, but no return_to was specified')
-            return new Auth_OpenID_FailureResponse(null,
-              "extra 'return_to' arguments where specified, " .
-              "but no return_to was specified");
-        }
-
-        if ($immediate) {
-            $mode = 'checkid_immediate';
-        } else {
-            $mode = 'checkid_setup';
-        }
-
-        $message = $this->message->copy();
-        if ($message->isOpenID1()) {
-            $realm_key = 'trust_root';
-        } else {
-            $realm_key = 'realm';
-        }
-
-        $message->updateArgs(Auth_OpenID_OPENID_NS,
-                             array(
-                                   $realm_key => $realm,
-                                   'mode' => $mode,
-                                   'return_to' => $return_to));
-
-        if (!$this->_anonymous) {
-            if ($this->endpoint->isOPIdentifier()) {
-                // This will never happen when we're in compatibility
-                // mode, as long as isOPIdentifier() returns False
-                // whenever preferredNamespace() returns OPENID1_NS.
-                $claimed_id = $request_identity =
-                    Auth_OpenID_IDENTIFIER_SELECT;
-            } else {
-                $request_identity = $this->endpoint->getLocalID();
-                $claimed_id = $this->endpoint->claimed_id;
-            }
-
-            // This is true for both OpenID 1 and 2
-            $message->setArg(Auth_OpenID_OPENID_NS, 'identity',
-                             $request_identity);
-
-            if ($message->isOpenID2()) {
-                $message->setArg(Auth_OpenID_OPENID2_NS, 'claimed_id',
-                                 $claimed_id);
-            }
-        }
-
-        if ($this->assoc) {
-            $message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
-                             $this->assoc->handle);
-        }
-
-        return $message;
-    }
-
-    function redirectURL($realm, $return_to = null,
-                         $immediate = false)
-    {
-        $message = $this->getMessage($realm, $return_to, $immediate);
-
-        if (Auth_OpenID::isFailure($message)) {
-            return $message;
-        }
-
-        return $message->toURL($this->endpoint->server_url);
-    }
-
-    /**
-     * Get html for a form to submit this request to the IDP.
-     *
-     * form_tag_attrs: An array of attributes to be added to the form
-     * tag. 'accept-charset' and 'enctype' have defaults that can be
-     * overridden. If a value is supplied for 'action' or 'method', it
-     * will be replaced.
-     */
-    function formMarkup($realm, $return_to=null, $immediate=false,
-                        $form_tag_attrs=null)
-    {
-        $message = $this->getMessage($realm, $return_to, $immediate);
-
-        if (Auth_OpenID::isFailure($message)) {
-            return $message;
-        }
-
-        return $message->toFormMarkup($this->endpoint->server_url,
-                                      $form_tag_attrs);
-    }
-
-    /**
-     * Get a complete html document that will autosubmit the request
-     * to the IDP.
-     *
-     * Wraps formMarkup.  See the documentation for that function.
-     */
-    function htmlMarkup($realm, $return_to=null, $immediate=false,
-                        $form_tag_attrs=null)
-    {
-        $form = $this->formMarkup($realm, $return_to, $immediate, 
-                                  $form_tag_attrs);
-
-        if (Auth_OpenID::isFailure($form)) {
-            return $form;
-        }
-        return Auth_OpenID::autoSubmitHTML($form);
-    }
-
-    function shouldSendRedirect()
-    {
-        return $this->endpoint->compatibilityMode();
-    }
-}
-
-/**
- * The base class for responses from the Auth_OpenID_Consumer.
- *
- * @package OpenID
- */
-class Auth_OpenID_ConsumerResponse {
-    var $status = null;
-
-    function setEndpoint($endpoint)
-    {
-        $this->endpoint = $endpoint;
-        if ($endpoint === null) {
-            $this->identity_url = null;
-        } else {
-            $this->identity_url = $endpoint->claimed_id;
-        }
-    }
-
-    /**
-     * Return the display identifier for this response.
-     *
-     * The display identifier is related to the Claimed Identifier, but the
-     * two are not always identical.  The display identifier is something the
-     * user should recognize as what they entered, whereas the response's
-     * claimed identifier (in the identity_url attribute) may have extra
-     * information for better persistence.
-     *
-     * URLs will be stripped of their fragments for display.  XRIs will
-     * display the human-readable identifier (i-name) instead of the
-     * persistent identifier (i-number).
-     *
-     * Use the display identifier in your user interface.  Use
-     * identity_url for querying your database or authorization server.
-     *
-     */
-    function getDisplayIdentifier()
-    {
-        if ($this->endpoint !== null) {
-            return $this->endpoint->getDisplayIdentifier();
-        }
-        return null;
-    }
-}
-
-/**
- * A response with a status of Auth_OpenID_SUCCESS. Indicates that
- * this request is a successful acknowledgement from the OpenID server
- * that the supplied URL is, indeed controlled by the requesting
- * agent.  This has three relevant attributes:
- *
- * claimed_id - The identity URL that has been authenticated
- *
- * signed_args - The arguments in the server's response that were
- * signed and verified.
- *
- * status - Auth_OpenID_SUCCESS.
- *
- * @package OpenID
- */
-class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse {
-    var $status = Auth_OpenID_SUCCESS;
-
-    /**
-     * @access private
-     */
-    function Auth_OpenID_SuccessResponse($endpoint, $message, $signed_args=null)
-    {
-        $this->endpoint = $endpoint;
-        $this->identity_url = $endpoint->claimed_id;
-        $this->signed_args = $signed_args;
-        $this->message = $message;
-
-        if ($this->signed_args === null) {
-            $this->signed_args = array();
-        }
-    }
-
-    /**
-     * Extract signed extension data from the server's response.
-     *
-     * @param string $prefix The extension namespace from which to
-     * extract the extension data.
-     */
-    function extensionResponse($namespace_uri, $require_signed)
-    {
-        if ($require_signed) {
-            return $this->getSignedNS($namespace_uri);
-        } else {
-            return $this->message->getArgs($namespace_uri);
-        }
-    }
-
-    function isOpenID1()
-    {
-        return $this->message->isOpenID1();
-    }
-
-    function isSigned($ns_uri, $ns_key)
-    {
-        // Return whether a particular key is signed, regardless of
-        // its namespace alias
-        return in_array($this->message->getKey($ns_uri, $ns_key),
-                        $this->signed_args);
-    }
-
-    function getSigned($ns_uri, $ns_key, $default = null)
-    {
-        // Return the specified signed field if available, otherwise
-        // return default
-        if ($this->isSigned($ns_uri, $ns_key)) {
-            return $this->message->getArg($ns_uri, $ns_key, $default);
-        } else {
-            return $default;
-        }
-    }
-
-    function getSignedNS($ns_uri)
-    {
-        $args = array();
-
-        $msg_args = $this->message->getArgs($ns_uri);
-        if (Auth_OpenID::isFailure($msg_args)) {
-            return null;
-        }
-
-        foreach ($msg_args as $key => $value) {
-            if (!$this->isSigned($ns_uri, $key)) {
-                unset($msg_args[$key]);
-            }
-        }
-
-        return $msg_args;
-    }
-
-    /**
-     * Get the openid.return_to argument from this response.
-     *
-     * This is useful for verifying that this request was initiated by
-     * this consumer.
-     *
-     * @return string $return_to The return_to URL supplied to the
-     * server on the initial request, or null if the response did not
-     * contain an 'openid.return_to' argument.
-    */
-    function getReturnTo()
-    {
-        return $this->getSigned(Auth_OpenID_OPENID_NS, 'return_to');
-    }
-}
-
-/**
- * A response with a status of Auth_OpenID_FAILURE. Indicates that the
- * OpenID protocol has failed. This could be locally or remotely
- * triggered.  This has three relevant attributes:
- *
- * claimed_id - The identity URL for which authentication was
- * attempted, if it can be determined.  Otherwise, null.
- *
- * message - A message indicating why the request failed, if one is
- * supplied.  Otherwise, null.
- *
- * status - Auth_OpenID_FAILURE.
- *
- * @package OpenID
- */
-class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse {
-    var $status = Auth_OpenID_FAILURE;
-
-    function Auth_OpenID_FailureResponse($endpoint, $message = null,
-                                         $contact = null, $reference = null)
-    {
-        $this->setEndpoint($endpoint);
-        $this->message = $message;
-        $this->contact = $contact;
-        $this->reference = $reference;
-    }
-}
-
-/**
- * A specific, internal failure used to detect type URI mismatch.
- *
- * @package OpenID
- */
-class Auth_OpenID_TypeURIMismatch extends Auth_OpenID_FailureResponse {
-}
-
-/**
- * Exception that is raised when the server returns a 400 response
- * code to a direct request.
- *
- * @package OpenID
- */
-class Auth_OpenID_ServerErrorContainer {
-    function Auth_OpenID_ServerErrorContainer($error_text,
-                                              $error_code,
-                                              $message)
-    {
-        $this->error_text = $error_text;
-        $this->error_code = $error_code;
-        $this->message = $message;
-    }
-
-    /**
-     * @access private
-     */
-    static function fromMessage($message)
-    {
-        $error_text = $message->getArg(
-           Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>');
-        $error_code = $message->getArg(Auth_OpenID_OPENID_NS, 'error_code');
-        return new Auth_OpenID_ServerErrorContainer($error_text,
-                                                    $error_code,
-                                                    $message);
-    }
-}
-
-/**
- * A response with a status of Auth_OpenID_CANCEL. Indicates that the
- * user cancelled the OpenID authentication request.  This has two
- * relevant attributes:
- *
- * claimed_id - The identity URL for which authentication was
- * attempted, if it can be determined.  Otherwise, null.
- *
- * status - Auth_OpenID_SUCCESS.
- *
- * @package OpenID
- */
-class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse {
-    var $status = Auth_OpenID_CANCEL;
-
-    function Auth_OpenID_CancelResponse($endpoint)
-    {
-        $this->setEndpoint($endpoint);
-    }
-}
-
-/**
- * A response with a status of Auth_OpenID_SETUP_NEEDED. Indicates
- * that the request was in immediate mode, and the server is unable to
- * authenticate the user without further interaction.
- *
- * claimed_id - The identity URL for which authentication was
- * attempted.
- *
- * setup_url - A URL that can be used to send the user to the server
- * to set up for authentication. The user should be redirected in to
- * the setup_url, either in the current window or in a new browser
- * window.  Null in OpenID 2.
- *
- * status - Auth_OpenID_SETUP_NEEDED.
- *
- * @package OpenID
- */
-class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse {
-    var $status = Auth_OpenID_SETUP_NEEDED;
-
-    function Auth_OpenID_SetupNeededResponse($endpoint,
-                                             $setup_url = null)
-    {
-        $this->setEndpoint($endpoint);
-        $this->setup_url = $setup_url;
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/CryptUtil.php b/lib/Auth/OpenID/CryptUtil.php
deleted file mode 100644
index 3c60cea170037da51154ac871e75ce7c8daf2c0f..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/CryptUtil.php
+++ /dev/null
@@ -1,122 +0,0 @@
-<?php
-
-/**
- * CryptUtil: A suite of wrapper utility functions for the OpenID
- * library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-if (!defined('Auth_OpenID_RAND_SOURCE')) {
-    /**
-     * The filename for a source of random bytes. Define this yourself
-     * if you have a different source of randomness.
-     */
-    define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
-}
-
-class Auth_OpenID_CryptUtil {
-    /**
-     * Get the specified number of random bytes.
-     *
-     * Attempts to use a cryptographically secure (not predictable)
-     * source of randomness if available. If there is no high-entropy
-     * randomness source available, it will fail. As a last resort,
-     * for non-critical systems, define
-     * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
-     * the code will fall back on a pseudo-random number generator.
-     *
-     * @param int $num_bytes The length of the return value
-     * @return string $bytes random bytes
-     */
-    static function getBytes($num_bytes)
-    {
-        static $f = null;
-        $bytes = '';
-        if ($f === null) {
-            if (Auth_OpenID_RAND_SOURCE === null) {
-                $f = false;
-            } else {
-                $f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
-                if ($f === false) {
-                    $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' .
-                        ' continue with an insecure random number generator.';
-                    trigger_error($msg, E_USER_ERROR);
-                }
-            }
-        }
-        if ($f === false) {
-            // pseudorandom used
-            $bytes = '';
-            for ($i = 0; $i < $num_bytes; $i += 4) {
-                $bytes .= pack('L', mt_rand());
-            }
-            $bytes = substr($bytes, 0, $num_bytes);
-        } else {
-            $bytes = fread($f, $num_bytes);
-        }
-        return $bytes;
-    }
-
-    /**
-     * Produce a string of length random bytes, chosen from chrs.  If
-     * $chrs is null, the resulting string may contain any characters.
-     *
-     * @param integer $length The length of the resulting
-     * randomly-generated string
-     * @param string $chrs A string of characters from which to choose
-     * to build the new string
-     * @return string $result A string of randomly-chosen characters
-     * from $chrs
-     */
-    static function randomString($length, $population = null)
-    {
-        if ($population === null) {
-            return Auth_OpenID_CryptUtil::getBytes($length);
-        }
-
-        $popsize = strlen($population);
-
-        if ($popsize > 256) {
-            $msg = 'More than 256 characters supplied to ' . __FUNCTION__;
-            trigger_error($msg, E_USER_ERROR);
-        }
-
-        $duplicate = 256 % $popsize;
-
-        $str = "";
-        for ($i = 0; $i < $length; $i++) {
-            do {
-                $n = ord(Auth_OpenID_CryptUtil::getBytes(1));
-            } while ($n < $duplicate);
-
-            $n %= $popsize;
-            $str .= $population[$n];
-        }
-
-        return $str;
-    }
-
-    static function constEq($s1, $s2)
-    {
-        if (strlen($s1) != strlen($s2)) {
-            return false;
-        }
-
-        $result = true;
-        $length = strlen($s1);
-        for ($i = 0; $i < $length; $i++) {
-            $result &= ($s1[$i] == $s2[$i]);
-        }
-        return $result;
-    }
-}
-
diff --git a/lib/Auth/OpenID/DatabaseConnection.php b/lib/Auth/OpenID/DatabaseConnection.php
deleted file mode 100644
index 0c7d08f9168fc459fc28b8cd3afc7345d2dde6ef..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/DatabaseConnection.php
+++ /dev/null
@@ -1,130 +0,0 @@
-<?php
-
-/**
- * The Auth_OpenID_DatabaseConnection class, which is used to emulate
- * a PEAR database connection.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * An empty base class intended to emulate PEAR connection
- * functionality in applications that supply their own database
- * abstraction mechanisms.  See {@link Auth_OpenID_SQLStore} for more
- * information.  You should subclass this class if you need to create
- * an SQL store that needs to access its database using an
- * application's database abstraction layer instead of a PEAR database
- * connection.  Any subclass of Auth_OpenID_DatabaseConnection MUST
- * adhere to the interface specified here.
- *
- * @package OpenID
- */
-class Auth_OpenID_DatabaseConnection {
-    /**
-     * Sets auto-commit mode on this database connection.
-     *
-     * @param bool $mode True if auto-commit is to be used; false if
-     * not.
-     */
-    function autoCommit($mode)
-    {
-    }
-
-    /**
-     * Run an SQL query with the specified parameters, if any.
-     *
-     * @param string $sql An SQL string with placeholders.  The
-     * placeholders are assumed to be specific to the database engine
-     * for this connection.
-     *
-     * @param array $params An array of parameters to insert into the
-     * SQL string using this connection's escaping mechanism.
-     *
-     * @return mixed $result The result of calling this connection's
-     * internal query function.  The type of result depends on the
-     * underlying database engine.  This method is usually used when
-     * the result of a query is not important, like a DDL query.
-     */
-    function query($sql, $params = array())
-    {
-    }
-
-    /**
-     * Starts a transaction on this connection, if supported.
-     */
-    function begin()
-    {
-    }
-
-    /**
-     * Commits a transaction on this connection, if supported.
-     */
-    function commit()
-    {
-    }
-
-    /**
-     * Performs a rollback on this connection, if supported.
-     */
-    function rollback()
-    {
-    }
-
-    /**
-     * Run an SQL query and return the first column of the first row
-     * of the result set, if any.
-     *
-     * @param string $sql An SQL string with placeholders.  The
-     * placeholders are assumed to be specific to the database engine
-     * for this connection.
-     *
-     * @param array $params An array of parameters to insert into the
-     * SQL string using this connection's escaping mechanism.
-     *
-     * @return mixed $result The value of the first column of the
-     * first row of the result set.  False if no such result was
-     * found.
-     */
-    function getOne($sql, $params = array())
-    {
-    }
-
-    /**
-     * Run an SQL query and return the first row of the result set, if
-     * any.
-     *
-     * @param string $sql An SQL string with placeholders.  The
-     * placeholders are assumed to be specific to the database engine
-     * for this connection.
-     *
-     * @param array $params An array of parameters to insert into the
-     * SQL string using this connection's escaping mechanism.
-     *
-     * @return array $result The first row of the result set, if any,
-     * keyed on column name.  False if no such result was found.
-     */
-    function getRow($sql, $params = array())
-    {
-    }
-
-    /**
-     * Run an SQL query with the specified parameters, if any.
-     *
-     * @param string $sql An SQL string with placeholders.  The
-     * placeholders are assumed to be specific to the database engine
-     * for this connection.
-     *
-     * @param array $params An array of parameters to insert into the
-     * SQL string using this connection's escaping mechanism.
-     *
-     * @return array $result An array of arrays representing the
-     * result of the query; each array is keyed on column name.
-     */
-    function getAll($sql, $params = array())
-    {
-    }
-}
-
diff --git a/lib/Auth/OpenID/DiffieHellman.php b/lib/Auth/OpenID/DiffieHellman.php
deleted file mode 100644
index 3e25b7dbbb69b891867fc5de4ce884f2398ab219..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/DiffieHellman.php
+++ /dev/null
@@ -1,113 +0,0 @@
-<?php
-
-/**
- * The OpenID library's Diffie-Hellman implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/OpenID.php';
-require_once 'Auth/OpenID/BigMath.php';
-
-function Auth_OpenID_getDefaultMod()
-{
-    return '155172898181473697471232257763715539915724801'.
-        '966915404479707795314057629378541917580651227423'.
-        '698188993727816152646631438561595825688188889951'.
-        '272158842675419950341258706556549803580104870537'.
-        '681476726513255747040765857479291291572334510643'.
-        '245094715007229621094194349783925984760375594985'.
-        '848253359305585439638443';
-}
-
-function Auth_OpenID_getDefaultGen()
-{
-    return '2';
-}
-
-/**
- * The Diffie-Hellman key exchange class.  This class relies on
- * {@link Auth_OpenID_MathLibrary} to perform large number operations.
- *
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_DiffieHellman {
-
-    var $mod;
-    var $gen;
-    var $private;
-    var $lib = null;
-
-    function Auth_OpenID_DiffieHellman($mod = null, $gen = null,
-                                       $private = null, $lib = null)
-    {
-        if ($lib === null) {
-            $this->lib = Auth_OpenID_getMathLib();
-        } else {
-            $this->lib = $lib;
-        }
-
-        if ($mod === null) {
-            $this->mod = $this->lib->init(Auth_OpenID_getDefaultMod());
-        } else {
-            $this->mod = $mod;
-        }
-
-        if ($gen === null) {
-            $this->gen = $this->lib->init(Auth_OpenID_getDefaultGen());
-        } else {
-            $this->gen = $gen;
-        }
-
-        if ($private === null) {
-            $r = $this->lib->rand($this->mod);
-            $this->private = $this->lib->add($r, 1);
-        } else {
-            $this->private = $private;
-        }
-
-        $this->public = $this->lib->powmod($this->gen, $this->private,
-                                           $this->mod);
-    }
-
-    function getSharedSecret($composite)
-    {
-        return $this->lib->powmod($composite, $this->private, $this->mod);
-    }
-
-    function getPublicKey()
-    {
-        return $this->public;
-    }
-
-    function usingDefaultValues()
-    {
-        return ($this->mod == Auth_OpenID_getDefaultMod() &&
-                $this->gen == Auth_OpenID_getDefaultGen());
-    }
-
-    function xorSecret($composite, $secret, $hash_func)
-    {
-        $dh_shared = $this->getSharedSecret($composite);
-        $dh_shared_str = $this->lib->longToBinary($dh_shared);
-        $hash_dh_shared = $hash_func($dh_shared_str);
-
-        $xsecret = "";
-        for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) {
-            $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i]));
-        }
-
-        return $xsecret;
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/Discover.php b/lib/Auth/OpenID/Discover.php
deleted file mode 100644
index 7b0c640c5893768ea9c8537380f42599ffe7d94d..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Discover.php
+++ /dev/null
@@ -1,606 +0,0 @@
-<?php
-
-/**
- * The OpenID and Yadis discovery implementation for OpenID 1.2.
- */
-
-require_once "Auth/OpenID.php";
-require_once "Auth/OpenID/Parse.php";
-require_once "Auth/OpenID/Message.php";
-require_once "Auth/Yadis/XRIRes.php";
-require_once "Auth/Yadis/Yadis.php";
-
-// XML namespace value
-define('Auth_OpenID_XMLNS_1_0', 'http://openid.net/xmlns/1.0');
-
-// Yadis service types
-define('Auth_OpenID_TYPE_1_2', 'http://openid.net/signon/1.2');
-define('Auth_OpenID_TYPE_1_1', 'http://openid.net/signon/1.1');
-define('Auth_OpenID_TYPE_1_0', 'http://openid.net/signon/1.0');
-define('Auth_OpenID_TYPE_2_0_IDP', 'http://specs.openid.net/auth/2.0/server');
-define('Auth_OpenID_TYPE_2_0', 'http://specs.openid.net/auth/2.0/signon');
-define('Auth_OpenID_RP_RETURN_TO_URL_TYPE',
-       'http://specs.openid.net/auth/2.0/return_to');
-
-function Auth_OpenID_getOpenIDTypeURIs()
-{
-    return array(Auth_OpenID_TYPE_2_0_IDP,
-                 Auth_OpenID_TYPE_2_0,
-                 Auth_OpenID_TYPE_1_2,
-                 Auth_OpenID_TYPE_1_1,
-                 Auth_OpenID_TYPE_1_0);
-}
-
-function Auth_OpenID_getOpenIDConsumerTypeURIs()
-{
-    return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
-}
-
-
-/*
- * Provides a user-readable interpretation of a type uri.
- * Useful for error messages.
- */
-function Auth_OpenID_getOpenIDTypeName($type_uri) {
-    switch ($type_uri) {
-    case Auth_OpenID_TYPE_2_0_IDP:
-      return 'OpenID 2.0 IDP';
-    case Auth_OpenID_TYPE_2_0:
-      return 'OpenID 2.0';
-    case Auth_OpenID_TYPE_1_2:
-      return 'OpenID 1.2';
-    case Auth_OpenID_TYPE_1_1:
-      return 'OpenID 1.1';
-    case Auth_OpenID_TYPE_1_0:
-      return 'OpenID 1.0';
-    case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
-      return 'OpenID relying party';
-    }
-}
-
-/**
- * Object representing an OpenID service endpoint.
- */
-class Auth_OpenID_ServiceEndpoint {
-    function Auth_OpenID_ServiceEndpoint()
-    {
-        $this->claimed_id = null;
-        $this->server_url = null;
-        $this->type_uris = array();
-        $this->local_id = null;
-        $this->canonicalID = null;
-        $this->used_yadis = false; // whether this came from an XRDS
-        $this->display_identifier = null;
-    }
-
-    function getDisplayIdentifier()
-    {
-        if ($this->display_identifier) {
-            return $this->display_identifier;
-        }
-        if (! $this->claimed_id) {
-          return $this->claimed_id;
-        }
-        $parsed = parse_url($this->claimed_id);
-        $scheme = $parsed['scheme'];
-        $host = $parsed['host'];
-        $path = $parsed['path'];
-        if (array_key_exists('query', $parsed)) {
-            $query = $parsed['query'];
-            $no_frag = "$scheme://$host$path?$query";
-        } else {
-            $no_frag = "$scheme://$host$path";
-        }
-        return $no_frag;
-    }
-
-    function usesExtension($extension_uri)
-    {
-        return in_array($extension_uri, $this->type_uris);
-    }
-
-    function preferredNamespace()
-    {
-        if (in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris) ||
-            in_array(Auth_OpenID_TYPE_2_0, $this->type_uris)) {
-            return Auth_OpenID_OPENID2_NS;
-        } else {
-            return Auth_OpenID_OPENID1_NS;
-        }
-    }
-
-    /*
-     * Query this endpoint to see if it has any of the given type
-     * URIs. This is useful for implementing other endpoint classes
-     * that e.g. need to check for the presence of multiple versions
-     * of a single protocol.
-     *
-     * @param $type_uris The URIs that you wish to check
-     *
-     * @return all types that are in both in type_uris and
-     * $this->type_uris
-     */
-    function matchTypes($type_uris)
-    {
-        $result = array();
-        foreach ($type_uris as $test_uri) {
-            if ($this->supportsType($test_uri)) {
-                $result[] = $test_uri;
-            }
-        }
-
-        return $result;
-    }
-
-    function supportsType($type_uri)
-    {
-        // Does this endpoint support this type?
-        return ((in_array($type_uri, $this->type_uris)) ||
-                (($type_uri == Auth_OpenID_TYPE_2_0) &&
-                 $this->isOPIdentifier()));
-    }
-
-    function compatibilityMode()
-    {
-        return $this->preferredNamespace() != Auth_OpenID_OPENID2_NS;
-    }
-
-    function isOPIdentifier()
-    {
-        return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
-    }
-
-    static function fromOPEndpointURL($op_endpoint_url)
-    {
-        // Construct an OP-Identifier OpenIDServiceEndpoint object for
-        // a given OP Endpoint URL
-        $obj = new Auth_OpenID_ServiceEndpoint();
-        $obj->server_url = $op_endpoint_url;
-        $obj->type_uris = array(Auth_OpenID_TYPE_2_0_IDP);
-        return $obj;
-    }
-
-    function parseService($yadis_url, $uri, $type_uris, $service_element)
-    {
-        // Set the state of this object based on the contents of the
-        // service element.  Return true if successful, false if not
-        // (if findOPLocalIdentifier returns false).
-        $this->type_uris = $type_uris;
-        $this->server_url = $uri;
-        $this->used_yadis = true;
-
-        if (!$this->isOPIdentifier()) {
-            $this->claimed_id = $yadis_url;
-            $this->local_id = Auth_OpenID_findOPLocalIdentifier(
-                                                    $service_element,
-                                                    $this->type_uris);
-            if ($this->local_id === false) {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    function getLocalID()
-    {
-        // Return the identifier that should be sent as the
-        // openid.identity_url parameter to the server.
-        if ($this->local_id === null && $this->canonicalID === null) {
-            return $this->claimed_id;
-        } else {
-            if ($this->local_id) {
-                return $this->local_id;
-            } else {
-                return $this->canonicalID;
-            }
-        }
-    }
-
-    /*
-     * Parse the given document as XRDS looking for OpenID consumer services.
-     *
-     * @return array of Auth_OpenID_ServiceEndpoint or null if the
-     * document cannot be parsed.
-     */
-    function consumerFromXRDS($uri, $xrds_text)
-    {
-        $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
-
-        if ($xrds) {
-            $yadis_services =
-              $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
-            return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
-        }
-
-        return null;
-    }
-
-    /*
-     * Parse the given document as XRDS looking for OpenID services.
-     *
-     * @return array of Auth_OpenID_ServiceEndpoint or null if the
-     * document cannot be parsed.
-     */
-    static function fromXRDS($uri, $xrds_text)
-    {
-        $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
-
-        if ($xrds) {
-            $yadis_services =
-              $xrds->services(array('filter_MatchesAnyOpenIDType'));
-            return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
-        }
-
-        return null;
-    }
-
-    /*
-     * Create endpoints from a DiscoveryResult.
-     *
-     * @param discoveryResult Auth_Yadis_DiscoveryResult
-     * @return array of Auth_OpenID_ServiceEndpoint or null if
-     * endpoints cannot be created.
-     */
-    static function fromDiscoveryResult($discoveryResult)
-    {
-        if ($discoveryResult->isXRDS()) {
-            return Auth_OpenID_ServiceEndpoint::fromXRDS(
-                                     $discoveryResult->normalized_uri,
-                                     $discoveryResult->response_text);
-        } else {
-            return Auth_OpenID_ServiceEndpoint::fromHTML(
-                                     $discoveryResult->normalized_uri,
-                                     $discoveryResult->response_text);
-        }
-    }
-
-    static function fromHTML($uri, $html)
-    {
-        $discovery_types = array(
-                                 array(Auth_OpenID_TYPE_2_0,
-                                       'openid2.provider', 'openid2.local_id'),
-                                 array(Auth_OpenID_TYPE_1_1,
-                                       'openid.server', 'openid.delegate')
-                                 );
-
-        $services = array();
-
-        foreach ($discovery_types as $triple) {
-            list($type_uri, $server_rel, $delegate_rel) = $triple;
-
-            $urls = Auth_OpenID_legacy_discover($html, $server_rel,
-                                                $delegate_rel);
-
-            if ($urls === false) {
-                continue;
-            }
-
-            list($delegate_url, $server_url) = $urls;
-
-            $service = new Auth_OpenID_ServiceEndpoint();
-            $service->claimed_id = $uri;
-            $service->local_id = $delegate_url;
-            $service->server_url = $server_url;
-            $service->type_uris = array($type_uri);
-
-            $services[] = $service;
-        }
-
-        return $services;
-    }
-
-    function copy()
-    {
-        $x = new Auth_OpenID_ServiceEndpoint();
-
-        $x->claimed_id = $this->claimed_id;
-        $x->server_url = $this->server_url;
-        $x->type_uris = $this->type_uris;
-        $x->local_id = $this->local_id;
-        $x->canonicalID = $this->canonicalID;
-        $x->used_yadis = $this->used_yadis;
-
-        return $x;
-    }
-}
-
-function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
-{
-    // Extract a openid:Delegate value from a Yadis Service element.
-    // If no delegate is found, returns null.  Returns false on
-    // discovery failure (when multiple delegate/localID tags have
-    // different values).
-
-    $service->parser->registerNamespace('openid',
-                                        Auth_OpenID_XMLNS_1_0);
-
-    $service->parser->registerNamespace('xrd',
-                                        Auth_Yadis_XMLNS_XRD_2_0);
-
-    $parser = $service->parser;
-
-    $permitted_tags = array();
-
-    if (in_array(Auth_OpenID_TYPE_1_1, $type_uris) ||
-        in_array(Auth_OpenID_TYPE_1_0, $type_uris)) {
-        $permitted_tags[] = 'openid:Delegate';
-    }
-
-    if (in_array(Auth_OpenID_TYPE_2_0, $type_uris)) {
-        $permitted_tags[] = 'xrd:LocalID';
-    }
-
-    $local_id = null;
-
-    foreach ($permitted_tags as $tag_name) {
-        $tags = $service->getElements($tag_name);
-
-        foreach ($tags as $tag) {
-            $content = $parser->content($tag);
-
-            if ($local_id === null) {
-                $local_id = $content;
-            } else if ($local_id != $content) {
-                return false;
-            }
-        }
-    }
-
-    return $local_id;
-}
-
-function filter_MatchesAnyOpenIDType($service)
-{
-    $uris = $service->getTypes();
-
-    foreach ($uris as $uri) {
-        if (in_array($uri, Auth_OpenID_getOpenIDTypeURIs())) {
-            return true;
-        }
-    }
-
-    return false;
-}
-
-function filter_MatchesAnyOpenIDConsumerType(&$service)
-{
-    $uris = $service->getTypes();
-
-    foreach ($uris as $uri) {
-        if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
-            return true;
-        }
-    }
-
-    return false;
-}
-
-function Auth_OpenID_bestMatchingService($service, $preferred_types)
-{
-    // Return the index of the first matching type, or something
-    // higher if no type matches.
-    //
-    // This provides an ordering in which service elements that
-    // contain a type that comes earlier in the preferred types list
-    // come before service elements that come later. If a service
-    // element has more than one type, the most preferred one wins.
-
-    foreach ($preferred_types as $index => $typ) {
-        if (in_array($typ, $service->type_uris)) {
-            return $index;
-        }
-    }
-
-    return count($preferred_types);
-}
-
-function Auth_OpenID_arrangeByType($service_list, $preferred_types)
-{
-    // Rearrange service_list in a new list so services are ordered by
-    // types listed in preferred_types.  Return the new list.
-
-    // Build a list with the service elements in tuples whose
-    // comparison will prefer the one with the best matching service
-    $prio_services = array();
-    foreach ($service_list as $index => $service) {
-        $prio_services[] = array(Auth_OpenID_bestMatchingService($service,
-                                                        $preferred_types),
-                                 $index, $service);
-    }
-
-    sort($prio_services);
-
-    // Now that the services are sorted by priority, remove the sort
-    // keys from the list.
-    foreach ($prio_services as $index => $s) {
-        $prio_services[$index] = $prio_services[$index][2];
-    }
-
-    return $prio_services;
-}
-
-// Extract OP Identifier services.  If none found, return the rest,
-// sorted with most preferred first according to
-// OpenIDServiceEndpoint.openid_type_uris.
-//
-// openid_services is a list of OpenIDServiceEndpoint objects.
-//
-// Returns a list of OpenIDServiceEndpoint objects."""
-function Auth_OpenID_getOPOrUserServices($openid_services)
-{
-    $op_services = Auth_OpenID_arrangeByType($openid_services,
-                                     array(Auth_OpenID_TYPE_2_0_IDP));
-
-    $openid_services = Auth_OpenID_arrangeByType($openid_services,
-                                     Auth_OpenID_getOpenIDTypeURIs());
-
-    if ($op_services) {
-        return $op_services;
-    } else {
-        return $openid_services;
-    }
-}
-
-function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services)
-{
-    $s = array();
-
-    if (!$yadis_services) {
-        return $s;
-    }
-
-    foreach ($yadis_services as $service) {
-        $type_uris = $service->getTypes();
-        $uris = $service->getURIs();
-
-        // If any Type URIs match and there is an endpoint URI
-        // specified, then this is an OpenID endpoint
-        if ($type_uris &&
-            $uris) {
-            foreach ($uris as $service_uri) {
-                $openid_endpoint = new Auth_OpenID_ServiceEndpoint();
-                if ($openid_endpoint->parseService($uri,
-                                                   $service_uri,
-                                                   $type_uris,
-                                                   $service)) {
-                    $s[] = $openid_endpoint;
-                }
-            }
-        }
-    }
-
-    return $s;
-}
-
-function Auth_OpenID_discoverWithYadis($uri, $fetcher,
-              $endpoint_filter='Auth_OpenID_getOPOrUserServices',
-              $discover_function=null)
-{
-    // Discover OpenID services for a URI. Tries Yadis and falls back
-    // on old-style <link rel='...'> discovery if Yadis fails.
-
-    // Might raise a yadis.discover.DiscoveryFailure if no document
-    // came back for that URI at all.  I don't think falling back to
-    // OpenID 1.0 discovery on the same URL will help, so don't bother
-    // to catch it.
-    if ($discover_function === null) {
-        $discover_function = array('Auth_Yadis_Yadis', 'discover');
-    }
-
-    $openid_services = array();
-
-    $response = call_user_func_array($discover_function,
-                                     array($uri, $fetcher));
-
-    $yadis_url = $response->normalized_uri;
-    $yadis_services = array();
-
-    if ($response->isFailure() && !$response->isXRDS()) {
-        return array($uri, array());
-    }
-
-    $openid_services = Auth_OpenID_ServiceEndpoint::fromXRDS(
-                                         $yadis_url,
-                                         $response->response_text);
-
-    if (!$openid_services) {
-        if ($response->isXRDS()) {
-            return Auth_OpenID_discoverWithoutYadis($uri,
-                                                    $fetcher);
-        }
-
-        // Try to parse the response as HTML to get OpenID 1.0/1.1
-        // <link rel="...">
-        $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML(
-                                        $yadis_url,
-                                        $response->response_text);
-    }
-
-    $openid_services = call_user_func_array($endpoint_filter,
-                                            array($openid_services));
-
-    return array($yadis_url, $openid_services);
-}
-
-function Auth_OpenID_discoverURI($uri, $fetcher)
-{
-    $uri = Auth_OpenID::normalizeUrl($uri);
-    return Auth_OpenID_discoverWithYadis($uri, $fetcher);
-}
-
-function Auth_OpenID_discoverWithoutYadis($uri, $fetcher)
-{
-    $http_resp = @$fetcher->get($uri);
-
-    if ($http_resp->status != 200 and $http_resp->status != 206) {
-        return array($uri, array());
-    }
-
-    $identity_url = $http_resp->final_url;
-
-    // Try to parse the response as HTML to get OpenID 1.0/1.1 <link
-    // rel="...">
-    $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML(
-                                           $identity_url,
-                                           $http_resp->body);
-
-    return array($identity_url, $openid_services);
-}
-
-function Auth_OpenID_discoverXRI($iname, $fetcher)
-{
-    $resolver = new Auth_Yadis_ProxyResolver($fetcher);
-    list($canonicalID, $yadis_services) =
-        $resolver->query($iname,
-                         Auth_OpenID_getOpenIDTypeURIs(),
-                         array('filter_MatchesAnyOpenIDType'));
-
-    $openid_services = Auth_OpenID_makeOpenIDEndpoints($iname,
-                                                       $yadis_services);
-
-    $openid_services = Auth_OpenID_getOPOrUserServices($openid_services);
-
-    for ($i = 0; $i < count($openid_services); $i++) {
-        $openid_services[$i]->canonicalID = $canonicalID;
-        $openid_services[$i]->claimed_id = $canonicalID;
-        $openid_services[$i]->display_identifier = $iname;
-    }
-
-    // FIXME: returned xri should probably be in some normal form
-    return array($iname, $openid_services);
-}
-
-function Auth_OpenID_discover($uri, $fetcher)
-{
-    // If the fetcher (i.e., PHP) doesn't support SSL, we can't do
-    // discovery on an HTTPS URL.
-    if ($fetcher->isHTTPS($uri) && !$fetcher->supportsSSL()) {
-        return array($uri, array());
-    }
-
-    if (Auth_Yadis_identifierScheme($uri) == 'XRI') {
-        $result = Auth_OpenID_discoverXRI($uri, $fetcher);
-    } else {
-        $result = Auth_OpenID_discoverURI($uri, $fetcher);
-    }
-
-    // If the fetcher doesn't support SSL, we can't interact with
-    // HTTPS server URLs; remove those endpoints from the list.
-    if (!$fetcher->supportsSSL()) {
-        $http_endpoints = array();
-        list($new_uri, $endpoints) = $result;
-
-        foreach ($endpoints as $e) {
-            if (!$fetcher->isHTTPS($e->server_url)) {
-                $http_endpoints[] = $e;
-            }
-        }
-
-        $result = array($new_uri, $http_endpoints);
-    }
-
-    return $result;
-}
-
-
diff --git a/lib/Auth/OpenID/DumbStore.php b/lib/Auth/OpenID/DumbStore.php
deleted file mode 100644
index e8f29ace55cc0c207eeba54979667e02af0c9d82..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/DumbStore.php
+++ /dev/null
@@ -1,99 +0,0 @@
-<?php
-
-/**
- * This file supplies a dumb store backend for OpenID servers and
- * consumers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Import the interface for creating a new store class.
- */
-require_once 'Auth/OpenID/Interface.php';
-require_once 'Auth/OpenID/HMAC.php';
-
-/**
- * This is a store for use in the worst case, when you have no way of
- * saving state on the consumer site. Using this store makes the
- * consumer vulnerable to replay attacks, as it's unable to use
- * nonces. Avoid using this store if it is at all possible.
- *
- * Most of the methods of this class are implementation details.
- * Users of this class need to worry only about the constructor.
- *
- * @package OpenID
- */
-class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
-
-    /**
-     * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
-     * of the tokens generated by the library, this class attempts to
-     * at least have a secure implementation of getAuthKey.
-     *
-     * When you create an instance of this class, pass in a secret
-     * phrase. The phrase is hashed with sha1 to make it the correct
-     * length and form for an auth key. That allows you to use a long
-     * string as the secret phrase, which means you can make it very
-     * difficult to guess.
-     *
-     * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
-     * your consumer site needs to use the same $secret_phrase.
-     *
-     * @param string secret_phrase The phrase used to create the auth
-     * key returned by getAuthKey
-     */
-    function Auth_OpenID_DumbStore($secret_phrase)
-    {
-        $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
-    }
-
-    /**
-     * This implementation does nothing.
-     */
-    function storeAssociation($server_url, $association)
-    {
-    }
-
-    /**
-     * This implementation always returns null.
-     */
-    function getAssociation($server_url, $handle = null)
-    {
-        return null;
-    }
-
-    /**
-     * This implementation always returns false.
-     */
-    function removeAssociation($server_url, $handle)
-    {
-        return false;
-    }
-
-    /**
-     * In a system truly limited to dumb mode, nonces must all be
-     * accepted. This therefore always returns true, which makes
-     * replay attacks feasible.
-     */
-    function useNonce($server_url, $timestamp, $salt)
-    {
-        return true;
-    }
-
-    /**
-     * This method returns the auth key generated by the constructor.
-     */
-    function getAuthKey()
-    {
-        return $this->auth_key;
-    }
-}
-
diff --git a/lib/Auth/OpenID/Extension.php b/lib/Auth/OpenID/Extension.php
deleted file mode 100644
index c4e38c0380bbf8a5fa25b40885f0442e9f30063b..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Extension.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-
-/**
- * An interface for OpenID extensions.
- *
- * @package OpenID
- */
-
-/**
- * Require the Message implementation.
- */
-require_once 'Auth/OpenID/Message.php';
-
-/**
- * A base class for accessing extension request and response data for
- * the OpenID 2 protocol.
- *
- * @package OpenID
- */
-class Auth_OpenID_Extension {
-    /**
-     * ns_uri: The namespace to which to add the arguments for this
-     * extension
-     */
-    var $ns_uri = null;
-    var $ns_alias = null;
-
-    /**
-     * Get the string arguments that should be added to an OpenID
-     * message for this extension.
-     */
-    function getExtensionArgs()
-    {
-        return null;
-    }
-
-    /**
-     * Add the arguments from this extension to the provided message.
-     *
-     * Returns the message with the extension arguments added.
-     */
-    function toMessage($message)
-    {
-        $implicit = $message->isOpenID1();
-        $added = $message->namespaces->addAlias($this->ns_uri,
-                                                $this->ns_alias,
-                                                $implicit);
-
-        if ($added === null) {
-            if ($message->namespaces->getAlias($this->ns_uri) !=
-                $this->ns_alias) {
-                return null;
-            }
-        }
-
-        $message->updateArgs($this->ns_uri,
-                             $this->getExtensionArgs());
-        return $message;
-    }
-}
-
diff --git a/lib/Auth/OpenID/FileStore.php b/lib/Auth/OpenID/FileStore.php
deleted file mode 100644
index 074421a0bb3d504c946127f6efed686c4e6d6079..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/FileStore.php
+++ /dev/null
@@ -1,618 +0,0 @@
-<?php
-
-/**
- * This file supplies a Memcached store backend for OpenID servers and
- * consumers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require base class for creating a new interface.
- */
-require_once 'Auth/OpenID.php';
-require_once 'Auth/OpenID/Interface.php';
-require_once 'Auth/OpenID/HMAC.php';
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * This is a filesystem-based store for OpenID associations and
- * nonces.  This store should be safe for use in concurrent systems on
- * both windows and unix (excluding NFS filesystems).  There are a
- * couple race conditions in the system, but those failure cases have
- * been set up in such a way that the worst-case behavior is someone
- * having to try to log in a second time.
- *
- * Most of the methods of this class are implementation details.
- * People wishing to just use this store need only pay attention to
- * the constructor.
- *
- * @package OpenID
- */
-class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
-
-    /**
-     * Initializes a new {@link Auth_OpenID_FileStore}.  This
-     * initializes the nonce and association directories, which are
-     * subdirectories of the directory passed in.
-     *
-     * @param string $directory This is the directory to put the store
-     * directories in.
-     */
-    function Auth_OpenID_FileStore($directory)
-    {
-        if (!Auth_OpenID::ensureDir($directory)) {
-            trigger_error('Not a directory and failed to create: '
-                          . $directory, E_USER_ERROR);
-        }
-        $directory = realpath($directory);
-
-        $this->directory = $directory;
-        $this->active = true;
-
-        $this->nonce_dir = $directory . DIRECTORY_SEPARATOR . 'nonces';
-
-        $this->association_dir = $directory . DIRECTORY_SEPARATOR .
-            'associations';
-
-        // Temp dir must be on the same filesystem as the assciations
-        // $directory.
-        $this->temp_dir = $directory . DIRECTORY_SEPARATOR . 'temp';
-
-        $this->max_nonce_age = 6 * 60 * 60; // Six hours, in seconds
-
-        if (!$this->_setup()) {
-            trigger_error('Failed to initialize OpenID file store in ' .
-                          $directory, E_USER_ERROR);
-        }
-    }
-
-    function destroy()
-    {
-        Auth_OpenID_FileStore::_rmtree($this->directory);
-        $this->active = false;
-    }
-
-    /**
-     * Make sure that the directories in which we store our data
-     * exist.
-     *
-     * @access private
-     */
-    function _setup()
-    {
-        return (Auth_OpenID::ensureDir($this->nonce_dir) &&
-                Auth_OpenID::ensureDir($this->association_dir) &&
-                Auth_OpenID::ensureDir($this->temp_dir));
-    }
-
-    /**
-     * Create a temporary file on the same filesystem as
-     * $this->association_dir.
-     *
-     * The temporary directory should not be cleaned if there are any
-     * processes using the store. If there is no active process using
-     * the store, it is safe to remove all of the files in the
-     * temporary directory.
-     *
-     * @return array ($fd, $filename)
-     * @access private
-     */
-    function _mktemp()
-    {
-        $name = Auth_OpenID_FileStore::_mkstemp($dir = $this->temp_dir);
-        $file_obj = @fopen($name, 'wb');
-        if ($file_obj !== false) {
-            return array($file_obj, $name);
-        } else {
-            Auth_OpenID_FileStore::_removeIfPresent($name);
-        }
-    }
-
-    function cleanupNonces()
-    {
-        global $Auth_OpenID_SKEW;
-
-        $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir);
-        $now = time();
-
-        $removed = 0;
-        // Check all nonces for expiry
-        foreach ($nonces as $nonce_fname) {
-            $base = basename($nonce_fname);
-            $parts = explode('-', $base, 2);
-            $timestamp = $parts[0];
-            $timestamp = intval($timestamp, 16);
-            if (abs($timestamp - $now) > $Auth_OpenID_SKEW) {
-                Auth_OpenID_FileStore::_removeIfPresent($nonce_fname);
-                $removed += 1;
-            }
-        }
-        return $removed;
-    }
-
-    /**
-     * Create a unique filename for a given server url and
-     * handle. This implementation does not assume anything about the
-     * format of the handle. The filename that is returned will
-     * contain the domain name from the server URL for ease of human
-     * inspection of the data directory.
-     *
-     * @return string $filename
-     */
-    function getAssociationFilename($server_url, $handle)
-    {
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return null;
-        }
-
-        if (strpos($server_url, '://') === false) {
-            trigger_error(sprintf("Bad server URL: %s", $server_url),
-                          E_USER_WARNING);
-            return null;
-        }
-
-        list($proto, $rest) = explode('://', $server_url, 2);
-        $parts = explode('/', $rest);
-        $domain = Auth_OpenID_FileStore::_filenameEscape($parts[0]);
-        $url_hash = Auth_OpenID_FileStore::_safe64($server_url);
-        if ($handle) {
-            $handle_hash = Auth_OpenID_FileStore::_safe64($handle);
-        } else {
-            $handle_hash = '';
-        }
-
-        $filename = sprintf('%s-%s-%s-%s', $proto, $domain, $url_hash,
-                            $handle_hash);
-
-        return $this->association_dir. DIRECTORY_SEPARATOR . $filename;
-    }
-
-    /**
-     * Store an association in the association directory.
-     */
-    function storeAssociation($server_url, $association)
-    {
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return false;
-        }
-
-        $association_s = $association->serialize();
-        $filename = $this->getAssociationFilename($server_url,
-                                                  $association->handle);
-        list($tmp_file, $tmp) = $this->_mktemp();
-
-        if (!$tmp_file) {
-            trigger_error("_mktemp didn't return a valid file descriptor",
-                          E_USER_WARNING);
-            return false;
-        }
-
-        fwrite($tmp_file, $association_s);
-
-        fflush($tmp_file);
-
-        fclose($tmp_file);
-
-        if (@rename($tmp, $filename)) {
-            return true;
-        } else {
-            // In case we are running on Windows, try unlinking the
-            // file in case it exists.
-            @unlink($filename);
-
-            // Now the target should not exist. Try renaming again,
-            // giving up if it fails.
-            if (@rename($tmp, $filename)) {
-                return true;
-            }
-        }
-
-        // If there was an error, don't leave the temporary file
-        // around.
-        Auth_OpenID_FileStore::_removeIfPresent($tmp);
-        return false;
-    }
-
-    /**
-     * Retrieve an association. If no handle is specified, return the
-     * association with the most recent issue time.
-     *
-     * @return mixed $association
-     */
-    function getAssociation($server_url, $handle = null)
-    {
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return null;
-        }
-
-        if ($handle === null) {
-            $handle = '';
-        }
-
-        // The filename with the empty handle is a prefix of all other
-        // associations for the given server URL.
-        $filename = $this->getAssociationFilename($server_url, $handle);
-
-        if ($handle) {
-            return $this->_getAssociation($filename);
-        } else {
-            $association_files =
-                Auth_OpenID_FileStore::_listdir($this->association_dir);
-            $matching_files = array();
-
-            // strip off the path to do the comparison
-            $name = basename($filename);
-            foreach ($association_files as $association_file) {
-                $base = basename($association_file);
-                if (strpos($base, $name) === 0) {
-                    $matching_files[] = $association_file;
-                }
-            }
-
-            $matching_associations = array();
-            // read the matching files and sort by time issued
-            foreach ($matching_files as $full_name) {
-                $association = $this->_getAssociation($full_name);
-                if ($association !== null) {
-                    $matching_associations[] = array($association->issued,
-                                                     $association);
-                }
-            }
-
-            $issued = array();
-            $assocs = array();
-            foreach ($matching_associations as $key => $assoc) {
-                $issued[$key] = $assoc[0];
-                $assocs[$key] = $assoc[1];
-            }
-
-            array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
-                            $matching_associations);
-
-            // return the most recently issued one.
-            if ($matching_associations) {
-                list($issued, $assoc) = $matching_associations[0];
-                return $assoc;
-            } else {
-                return null;
-            }
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _getAssociation($filename)
-    {
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return null;
-        }
-
-        $assoc_file = @fopen($filename, 'rb');
-
-        if ($assoc_file === false) {
-            return null;
-        }
-
-        $assoc_s = fread($assoc_file, filesize($filename));
-        fclose($assoc_file);
-
-        if (!$assoc_s) {
-            return null;
-        }
-
-        $association =
-            Auth_OpenID_Association::deserialize('Auth_OpenID_Association',
-                                                $assoc_s);
-
-        if (!$association) {
-            Auth_OpenID_FileStore::_removeIfPresent($filename);
-            return null;
-        }
-
-        if ($association->getExpiresIn() == 0) {
-            Auth_OpenID_FileStore::_removeIfPresent($filename);
-            return null;
-        } else {
-            return $association;
-        }
-    }
-
-    /**
-     * Remove an association if it exists. Do nothing if it does not.
-     *
-     * @return bool $success
-     */
-    function removeAssociation($server_url, $handle)
-    {
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return null;
-        }
-
-        $assoc = $this->getAssociation($server_url, $handle);
-        if ($assoc === null) {
-            return false;
-        } else {
-            $filename = $this->getAssociationFilename($server_url, $handle);
-            return Auth_OpenID_FileStore::_removeIfPresent($filename);
-        }
-    }
-
-    /**
-     * Return whether this nonce is present. As a side effect, mark it
-     * as no longer present.
-     *
-     * @return bool $present
-     */
-    function useNonce($server_url, $timestamp, $salt)
-    {
-        global $Auth_OpenID_SKEW;
-
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return null;
-        }
-
-        if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
-            return false;
-        }
-
-        if ($server_url) {
-            list($proto, $rest) = explode('://', $server_url, 2);
-        } else {
-            $proto = '';
-            $rest = '';
-        }
-
-        $parts = explode('/', $rest, 2);
-        $domain = $this->_filenameEscape($parts[0]);
-        $url_hash = $this->_safe64($server_url);
-        $salt_hash = $this->_safe64($salt);
-
-        $filename = sprintf('%08x-%s-%s-%s-%s', $timestamp, $proto,
-                            $domain, $url_hash, $salt_hash);
-        $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $filename;
-
-        $result = @fopen($filename, 'x');
-
-        if ($result === false) {
-            return false;
-        } else {
-            fclose($result);
-            return true;
-        }
-    }
-
-    /**
-     * Remove expired entries from the database. This is potentially
-     * expensive, so only run when it is acceptable to take time.
-     *
-     * @access private
-     */
-    function _allAssocs()
-    {
-        $all_associations = array();
-
-        $association_filenames =
-            Auth_OpenID_FileStore::_listdir($this->association_dir);
-
-        foreach ($association_filenames as $association_filename) {
-            $association_file = fopen($association_filename, 'rb');
-
-            if ($association_file !== false) {
-                $assoc_s = fread($association_file,
-                                 filesize($association_filename));
-                fclose($association_file);
-
-                // Remove expired or corrupted associations
-                $association =
-                  Auth_OpenID_Association::deserialize(
-                         'Auth_OpenID_Association', $assoc_s);
-
-                if ($association === null) {
-                    Auth_OpenID_FileStore::_removeIfPresent(
-                                                 $association_filename);
-                } else {
-                    if ($association->getExpiresIn() == 0) {
-                        $all_associations[] = array($association_filename,
-                                                    $association);
-                    }
-                }
-            }
-        }
-
-        return $all_associations;
-    }
-
-    function clean()
-    {
-        if (!$this->active) {
-            trigger_error("FileStore no longer active", E_USER_ERROR);
-            return null;
-        }
-
-        $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir);
-        $now = time();
-
-        // Check all nonces for expiry
-        foreach ($nonces as $nonce) {
-            if (!Auth_OpenID_checkTimestamp($nonce, $now)) {
-                $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $nonce;
-                Auth_OpenID_FileStore::_removeIfPresent($filename);
-            }
-        }
-
-        foreach ($this->_allAssocs() as $pair) {
-            list($assoc_filename, $assoc) = $pair;
-            if ($assoc->getExpiresIn() == 0) {
-                Auth_OpenID_FileStore::_removeIfPresent($assoc_filename);
-            }
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _rmtree($dir)
-    {
-        if ($dir[strlen($dir) - 1] != DIRECTORY_SEPARATOR) {
-            $dir .= DIRECTORY_SEPARATOR;
-        }
-
-        if ($handle = opendir($dir)) {
-            while ($item = readdir($handle)) {
-                if (!in_array($item, array('.', '..'))) {
-                    if (is_dir($dir . $item)) {
-
-                        if (!Auth_OpenID_FileStore::_rmtree($dir . $item)) {
-                            return false;
-                        }
-                    } else if (is_file($dir . $item)) {
-                        if (!unlink($dir . $item)) {
-                            return false;
-                        }
-                    }
-                }
-            }
-
-            closedir($handle);
-
-            if (!@rmdir($dir)) {
-                return false;
-            }
-
-            return true;
-        } else {
-            // Couldn't open directory.
-            return false;
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _mkstemp($dir)
-    {
-        foreach (range(0, 4) as $i) {
-            $name = tempnam($dir, "php_openid_filestore_");
-
-            if ($name !== false) {
-                return $name;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * @access private
-     */
-    static function _mkdtemp($dir)
-    {
-        foreach (range(0, 4) as $i) {
-            $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
-                "-" . strval(rand(1, time()));
-            if (!mkdir($name, 0700)) {
-                return false;
-            } else {
-                return $name;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * @access private
-     */
-    function _listdir($dir)
-    {
-        $handle = opendir($dir);
-        $files = array();
-        while (false !== ($filename = readdir($handle))) {
-            if (!in_array($filename, array('.', '..'))) {
-                $files[] = $dir . DIRECTORY_SEPARATOR . $filename;
-            }
-        }
-        return $files;
-    }
-
-    /**
-     * @access private
-     */
-    function _isFilenameSafe($char)
-    {
-        $_Auth_OpenID_filename_allowed = Auth_OpenID_letters .
-            Auth_OpenID_digits . ".";
-        return (strpos($_Auth_OpenID_filename_allowed, $char) !== false);
-    }
-
-    /**
-     * @access private
-     */
-    function _safe64($str)
-    {
-        $h64 = base64_encode(Auth_OpenID_SHA1($str));
-        $h64 = str_replace('+', '_', $h64);
-        $h64 = str_replace('/', '.', $h64);
-        $h64 = str_replace('=', '', $h64);
-        return $h64;
-    }
-
-    /**
-     * @access private
-     */
-    function _filenameEscape($str)
-    {
-        $filename = "";
-        $b = Auth_OpenID::toBytes($str);
-
-        for ($i = 0; $i < count($b); $i++) {
-            $c = $b[$i];
-            if (Auth_OpenID_FileStore::_isFilenameSafe($c)) {
-                $filename .= $c;
-            } else {
-                $filename .= sprintf("_%02X", ord($c));
-            }
-        }
-        return $filename;
-    }
-
-    /**
-     * Attempt to remove a file, returning whether the file existed at
-     * the time of the call.
-     *
-     * @access private
-     * @return bool $result True if the file was present, false if not.
-     */
-    function _removeIfPresent($filename)
-    {
-        return @unlink($filename);
-    }
-
-    function cleanupAssociations()
-    {
-        $removed = 0;
-        foreach ($this->_allAssocs() as $pair) {
-            list($assoc_filename, $assoc) = $pair;
-            if ($assoc->getExpiresIn() == 0) {
-                $this->_removeIfPresent($assoc_filename);
-                $removed += 1;
-            }
-        }
-        return $removed;
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/HMAC.php b/lib/Auth/OpenID/HMAC.php
deleted file mode 100644
index e6c4bdfd9dc81dfe5b11cd6022358486a134331a..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/HMAC.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<?php
-
-/**
- * This is the HMACSHA1 implementation for the OpenID library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/OpenID.php';
-
-/**
- * SHA1_BLOCKSIZE is this module's SHA1 blocksize used by the fallback
- * implementation.
- */
-define('Auth_OpenID_SHA1_BLOCKSIZE', 64);
-
-function Auth_OpenID_SHA1($text)
-{
-    if (function_exists('hash') &&
-        function_exists('hash_algos') &&
-        (in_array('sha1', hash_algos()))) {
-        // PHP 5 case (sometimes): 'hash' available and 'sha1' algo
-        // supported.
-        return hash('sha1', $text, true);
-    } else if (function_exists('sha1')) {
-        // PHP 4 case: 'sha1' available.
-        $hex = sha1($text);
-        $raw = '';
-        for ($i = 0; $i < 40; $i += 2) {
-            $hexcode = substr($hex, $i, 2);
-            $charcode = (int)base_convert($hexcode, 16, 10);
-            $raw .= chr($charcode);
-        }
-        return $raw;
-    } else {
-        // Explode.
-        trigger_error('No SHA1 function found', E_USER_ERROR);
-    }
-}
-
-/**
- * Compute an HMAC/SHA1 hash.
- *
- * @access private
- * @param string $key The HMAC key
- * @param string $text The message text to hash
- * @return string $mac The MAC
- */
-function Auth_OpenID_HMACSHA1($key, $text)
-{
-    if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
-        $key = Auth_OpenID_SHA1($key, true);
-    }
-
-    if (function_exists('hash_hmac') &&
-        function_exists('hash_algos') &&
-        (in_array('sha1', hash_algos()))) {
-        return hash_hmac('sha1', $text, $key, true);
-    }
-    // Home-made solution
-
-    $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
-    $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
-    $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
-    $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true);
-    $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true);
-    return $hmac;
-}
-
-if (function_exists('hash') &&
-    function_exists('hash_algos') &&
-    (in_array('sha256', hash_algos()))) {
-    function Auth_OpenID_SHA256($text)
-    {
-        // PHP 5 case: 'hash' available and 'sha256' algo supported.
-        return hash('sha256', $text, true);
-    }
-    define('Auth_OpenID_SHA256_SUPPORTED', true);
-} else {
-    define('Auth_OpenID_SHA256_SUPPORTED', false);
-}
-
-if (function_exists('hash_hmac') &&
-    function_exists('hash_algos') &&
-    (in_array('sha256', hash_algos()))) {
-
-    function Auth_OpenID_HMACSHA256($key, $text)
-    {
-        // Return raw MAC (not hex string).
-        return hash_hmac('sha256', $text, $key, true);
-    }
-
-    define('Auth_OpenID_HMACSHA256_SUPPORTED', true);
-} else {
-    define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
-}
-
diff --git a/lib/Auth/OpenID/Interface.php b/lib/Auth/OpenID/Interface.php
deleted file mode 100644
index eca6b9c50f554d7927a3160c161a23cc6094a679..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Interface.php
+++ /dev/null
@@ -1,196 +0,0 @@
-<?php
-
-/**
- * This file specifies the interface for PHP OpenID store implementations.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * This is the interface for the store objects the OpenID library
- * uses. It is a single class that provides all of the persistence
- * mechanisms that the OpenID library needs, for both servers and
- * consumers.  If you want to create an SQL-driven store, please see
- * then {@link Auth_OpenID_SQLStore} class.
- *
- * Change: Version 2.0 removed the storeNonce, getAuthKey, and isDumb
- * methods, and changed the behavior of the useNonce method to support
- * one-way nonces.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- */
-class Auth_OpenID_OpenIDStore {
-    /**
-     * This method puts an Association object into storage,
-     * retrievable by server URL and handle.
-     *
-     * @param string $server_url The URL of the identity server that
-     * this association is with. Because of the way the server portion
-     * of the library uses this interface, don't assume there are any
-     * limitations on the character set of the input string. In
-     * particular, expect to see unescaped non-url-safe characters in
-     * the server_url field.
-     *
-     * @param Association $association The Association to store.
-     */
-    function storeAssociation($server_url, $association)
-    {
-        trigger_error("Auth_OpenID_OpenIDStore::storeAssociation ".
-                      "not implemented", E_USER_ERROR);
-    }
-
-    /*
-     * Remove expired nonces from the store.
-     *
-     * Discards any nonce from storage that is old enough that its
-     * timestamp would not pass useNonce().
-     *
-     * This method is not called in the normal operation of the
-     * library.  It provides a way for store admins to keep their
-     * storage from filling up with expired data.
-     *
-     * @return the number of nonces expired
-     */
-    function cleanupNonces()
-    {
-        trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces ".
-                      "not implemented", E_USER_ERROR);
-    }
-
-    /*
-     * Remove expired associations from the store.
-     *
-     * This method is not called in the normal operation of the
-     * library.  It provides a way for store admins to keep their
-     * storage from filling up with expired data.
-     *
-     * @return the number of associations expired.
-     */
-    function cleanupAssociations()
-    {
-        trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations ".
-                      "not implemented", E_USER_ERROR);
-    }
-
-    /*
-     * Shortcut for cleanupNonces(), cleanupAssociations().
-     *
-     * This method is not called in the normal operation of the
-     * library.  It provides a way for store admins to keep their
-     * storage from filling up with expired data.
-     */
-    function cleanup()
-    {
-        return array($this->cleanupNonces(),
-                     $this->cleanupAssociations());
-    }
-
-    /**
-     * Report whether this storage supports cleanup
-     */
-    function supportsCleanup()
-    {
-        return true;
-    }
-
-    /**
-     * This method returns an Association object from storage that
-     * matches the server URL and, if specified, handle. It returns
-     * null if no such association is found or if the matching
-     * association is expired.
-     *
-     * If no handle is specified, the store may return any association
-     * which matches the server URL. If multiple associations are
-     * valid, the recommended return value for this method is the one
-     * most recently issued.
-     *
-     * This method is allowed (and encouraged) to garbage collect
-     * expired associations when found. This method must not return
-     * expired associations.
-     *
-     * @param string $server_url The URL of the identity server to get
-     * the association for. Because of the way the server portion of
-     * the library uses this interface, don't assume there are any
-     * limitations on the character set of the input string.  In
-     * particular, expect to see unescaped non-url-safe characters in
-     * the server_url field.
-     *
-     * @param mixed $handle This optional parameter is the handle of
-     * the specific association to get. If no specific handle is
-     * provided, any valid association matching the server URL is
-     * returned.
-     *
-     * @return Association The Association for the given identity
-     * server.
-     */
-    function getAssociation($server_url, $handle = null)
-    {
-        trigger_error("Auth_OpenID_OpenIDStore::getAssociation ".
-                      "not implemented", E_USER_ERROR);
-    }
-
-    /**
-     * This method removes the matching association if it's found, and
-     * returns whether the association was removed or not.
-     *
-     * @param string $server_url The URL of the identity server the
-     * association to remove belongs to. Because of the way the server
-     * portion of the library uses this interface, don't assume there
-     * are any limitations on the character set of the input
-     * string. In particular, expect to see unescaped non-url-safe
-     * characters in the server_url field.
-     *
-     * @param string $handle This is the handle of the association to
-     * remove. If there isn't an association found that matches both
-     * the given URL and handle, then there was no matching handle
-     * found.
-     *
-     * @return mixed Returns whether or not the given association existed.
-     */
-    function removeAssociation($server_url, $handle)
-    {
-        trigger_error("Auth_OpenID_OpenIDStore::removeAssociation ".
-                      "not implemented", E_USER_ERROR);
-    }
-
-    /**
-     * Called when using a nonce.
-     *
-     * This method should return C{True} if the nonce has not been
-     * used before, and store it for a while to make sure nobody
-     * tries to use the same value again.  If the nonce has already
-     * been used, return C{False}.
-     *
-     * Change: In earlier versions, round-trip nonces were used and a
-     * nonce was only valid if it had been previously stored with
-     * storeNonce.  Version 2.0 uses one-way nonces, requiring a
-     * different implementation here that does not depend on a
-     * storeNonce call.  (storeNonce is no longer part of the
-     * interface.
-     *
-     * @param string $nonce The nonce to use.
-     *
-     * @return bool Whether or not the nonce was valid.
-     */
-    function useNonce($server_url, $timestamp, $salt)
-    {
-        trigger_error("Auth_OpenID_OpenIDStore::useNonce ".
-                      "not implemented", E_USER_ERROR);
-    }
-
-    /**
-     * Removes all entries from the store; implementation is optional.
-     */
-    function reset()
-    {
-    }
-
-}
diff --git a/lib/Auth/OpenID/KVForm.php b/lib/Auth/OpenID/KVForm.php
deleted file mode 100644
index dd02661d882f953f17907ae4a8963f9f9b73ec88..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/KVForm.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-
-/**
- * OpenID protocol key-value/comma-newline format parsing and
- * serialization
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Container for key-value/comma-newline OpenID format and parsing
- */
-class Auth_OpenID_KVForm {
-    /**
-     * Convert an OpenID colon/newline separated string into an
-     * associative array
-     *
-     * @static
-     * @access private
-     */
-    static function toArray($kvs, $strict=false)
-    {
-        $lines = explode("\n", $kvs);
-
-        $last = array_pop($lines);
-        if ($last !== '') {
-            array_push($lines, $last);
-            if ($strict) {
-                return false;
-            }
-        }
-
-        $values = array();
-
-        for ($lineno = 0; $lineno < count($lines); $lineno++) {
-            $line = $lines[$lineno];
-            $kv = explode(':', $line, 2);
-            if (count($kv) != 2) {
-                if ($strict) {
-                    return false;
-                }
-                continue;
-            }
-
-            $key = $kv[0];
-            $tkey = trim($key);
-            if ($tkey != $key) {
-                if ($strict) {
-                    return false;
-                }
-            }
-
-            $value = $kv[1];
-            $tval = trim($value);
-            if ($tval != $value) {
-                if ($strict) {
-                    return false;
-                }
-            }
-
-            $values[$tkey] = $tval;
-        }
-
-        return $values;
-    }
-
-    /**
-     * Convert an array into an OpenID colon/newline separated string
-     *
-     * @static
-     * @access private
-     */
-    static function fromArray($values)
-    {
-        if ($values === null) {
-            return null;
-        }
-
-        ksort($values);
-
-        $serialized = '';
-        foreach ($values as $key => $value) {
-            if (is_array($value)) {
-                list($key, $value) = array($value[0], $value[1]);
-            }
-
-            if (strpos($key, ':') !== false) {
-                return null;
-            }
-
-            if (strpos($key, "\n") !== false) {
-                return null;
-            }
-
-            if (strpos($value, "\n") !== false) {
-                return null;
-            }
-            $serialized .= "$key:$value\n";
-        }
-        return $serialized;
-    }
-}
-
diff --git a/lib/Auth/OpenID/MDB2Store.php b/lib/Auth/OpenID/MDB2Store.php
deleted file mode 100644
index 80024badaf81762480a3c0d8960b02bb94737921..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/MDB2Store.php
+++ /dev/null
@@ -1,413 +0,0 @@
-<?php
-
-/**
- * SQL-backed OpenID stores for use with PEAR::MDB2.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005 Janrain, Inc.
- * @license http://www.gnu.org/copyleft/lesser.html LGPL
- */
-
-require_once 'MDB2.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Interface.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * This store uses a PEAR::MDB2 connection to store persistence
- * information.
- *
- * The table names used are determined by the class variables
- * associations_table_name and nonces_table_name.  To change the name
- * of the tables used, pass new table names into the constructor.
- *
- * To create the tables with the proper schema, see the createTables
- * method.
- *
- * @package OpenID
- */
-class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
-    /**
-     * This creates a new MDB2Store instance.  It requires an
-     * established database connection be given to it, and it allows
-     * overriding the default table names.
-     *
-     * @param connection $connection This must be an established
-     * connection to a database of the correct type for the SQLStore
-     * subclass you're using.  This must be a PEAR::MDB2 connection
-     * handle.
-     *
-     * @param associations_table: This is an optional parameter to
-     * specify the name of the table used for storing associations.
-     * The default value is 'oid_associations'.
-     *
-     * @param nonces_table: This is an optional parameter to specify
-     * the name of the table used for storing nonces.  The default
-     * value is 'oid_nonces'.
-     */
-    function Auth_OpenID_MDB2Store($connection,
-                                  $associations_table = null,
-                                  $nonces_table = null)
-    {
-        $this->associations_table_name = "oid_associations";
-        $this->nonces_table_name = "oid_nonces";
-
-        // Check the connection object type to be sure it's a PEAR
-        // database connection.
-        if (!is_object($connection) ||
-            !is_subclass_of($connection, 'mdb2_driver_common')) {
-            trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " .
-                          "object (got ".get_class($connection).")",
-                          E_USER_ERROR);
-            return;
-        }
-
-        $this->connection = $connection;
-
-        // Be sure to set the fetch mode so the results are keyed on
-        // column name instead of column index.
-        $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
-        
-        if (PEAR::isError($this->connection->loadModule('Extended'))) {
-            trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
-            return;
-        }
-
-        if ($associations_table) {
-            $this->associations_table_name = $associations_table;
-        }
-
-        if ($nonces_table) {
-            $this->nonces_table_name = $nonces_table;
-        }
-
-        $this->max_nonce_age = 6 * 60 * 60;
-    }
-
-    function tableExists($table_name)
-    {
-        return !PEAR::isError($this->connection->query(
-                                  sprintf("SELECT * FROM %s LIMIT 0",
-                                          $table_name)));
-    }
-
-    function createTables()
-    {
-        $n = $this->create_nonce_table();
-        $a = $this->create_assoc_table();
-
-        if (!$n || !$a) {
-            return false;
-        }
-        return true;
-    }
-
-    function create_nonce_table()
-    {
-        if (!$this->tableExists($this->nonces_table_name)) {
-            switch ($this->connection->phptype) {
-                case "mysql":
-                case "mysqli":
-                    // Custom SQL for MySQL to use InnoDB and variable-
-                    // length keys
-                    $r = $this->connection->exec(
-                        sprintf("CREATE TABLE %s (\n".
-                                "  server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
-                                "  timestamp INTEGER NOT NULL,\n".
-                                "  salt CHAR(40) NOT NULL,\n".
-                                "  UNIQUE (server_url(255), timestamp, salt)\n".
-                                ") TYPE=InnoDB",
-                                $this->nonces_table_name));
-                    if (PEAR::isError($r)) {
-                        return false;
-                    }
-                    break;
-                default:
-                    if (PEAR::isError(
-                        $this->connection->loadModule('Manager'))) {
-                        return false;
-                    }
-                    $fields = array(
-                        "server_url" => array(
-                            "type" => "text",
-                            "length" => 2047,
-                            "notnull" => true
-                        ),
-                        "timestamp" => array(
-                            "type" => "integer",
-                            "notnull" => true
-                        ),
-                        "salt" => array(
-                            "type" => "text",
-                            "length" => 40,
-                            "fixed" => true,
-                            "notnull" => true
-                        )
-                    );
-                    $constraint = array(
-                        "unique" => 1,
-                        "fields" => array(
-                            "server_url" => true,
-                            "timestamp" => true,
-                            "salt" => true
-                        )
-                    );
-                    
-                    $r = $this->connection->createTable($this->nonces_table_name,
-                                                        $fields);
-                    if (PEAR::isError($r)) {
-                        return false;
-                    }
-                    
-                    $r = $this->connection->createConstraint(
-                        $this->nonces_table_name,
-                        $this->nonces_table_name . "_constraint",
-                        $constraint);
-                    if (PEAR::isError($r)) {
-                        return false;
-                    }
-                    break;
-            }
-        }
-        return true;
-    }
-
-    function create_assoc_table()
-    {
-        if (!$this->tableExists($this->associations_table_name)) {
-            switch ($this->connection->phptype) {
-                case "mysql":
-                case "mysqli":
-                    // Custom SQL for MySQL to use InnoDB and variable-
-                    // length keys
-                    $r = $this->connection->exec(
-                        sprintf("CREATE TABLE %s(\n".
-                                "  server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
-                                "  handle VARCHAR(255) NOT NULL,\n".
-                                "  secret BLOB NOT NULL,\n".
-                                "  issued INTEGER NOT NULL,\n".
-                                "  lifetime INTEGER NOT NULL,\n".
-                                "  assoc_type VARCHAR(64) NOT NULL,\n".
-                                "  PRIMARY KEY (server_url(255), handle)\n".
-                                ") TYPE=InnoDB",
-                            $this->associations_table_name));
-                    if (PEAR::isError($r)) {
-                        return false;
-                    }
-                    break;
-                default:
-                    if (PEAR::isError(
-                        $this->connection->loadModule('Manager'))) {
-                        return false;
-                    }
-                    $fields = array(
-                        "server_url" => array(
-                            "type" => "text",
-                            "length" => 2047,
-                            "notnull" => true
-                        ),
-                        "handle" => array(
-                            "type" => "text",
-                            "length" => 255,
-                            "notnull" => true
-                        ),
-                        "secret" => array(
-                            "type" => "blob",
-                            "length" => "255",
-                            "notnull" => true
-                        ),
-                        "issued" => array(
-                            "type" => "integer",
-                            "notnull" => true
-                        ),
-                        "lifetime" => array(
-                            "type" => "integer",
-                            "notnull" => true
-                        ),
-                        "assoc_type" => array(
-                            "type" => "text",
-                            "length" => 64,
-                            "notnull" => true
-                        )
-                    );
-                    $options = array(
-                        "primary" => array(
-                            "server_url" => true,
-                            "handle" => true
-                        )
-                    );
-                    
-                    $r = $this->connection->createTable(
-                        $this->associations_table_name,
-                        $fields,
-                        $options);
-                    if (PEAR::isError($r)) {
-                        return false;
-                    }
-                    break;
-            }
-        }
-        return true;
-    }
-
-    function storeAssociation($server_url, $association)
-    {
-        $fields = array(
-            "server_url" => array(
-                "value" => $server_url,
-                "key" => true
-            ),
-            "handle" => array(
-                "value" => $association->handle,
-                "key" => true
-            ),
-            "secret" => array(
-                "value" => $association->secret,
-                "type" => "blob"
-            ),
-            "issued" => array(
-                "value" => $association->issued
-            ),
-            "lifetime" => array(
-                "value" => $association->lifetime
-            ),
-            "assoc_type" => array(
-                "value" => $association->assoc_type
-            )
-        );
-        
-        return !PEAR::isError($this->connection->replace(
-                                  $this->associations_table_name,
-                                  $fields));
-    }
-
-    function cleanupNonces()
-    {
-        global $Auth_OpenID_SKEW;
-        $v = time() - $Auth_OpenID_SKEW;
-
-        return $this->connection->exec(
-            sprintf("DELETE FROM %s WHERE timestamp < %d",
-                    $this->nonces_table_name, $v));
-    }
-
-    function cleanupAssociations()
-    {
-        return $this->connection->exec(
-            sprintf("DELETE FROM %s WHERE issued + lifetime < %d",
-                    $this->associations_table_name, time()));
-    }
-
-    function getAssociation($server_url, $handle = null)
-    {
-        $sql = "";
-        $params = null;
-        $types = array(
-                       "text",
-                       "blob",
-                       "integer",
-                       "integer",
-                       "text"
-                       );
-        if ($handle !== null) {
-            $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
-                           "FROM %s WHERE server_url = ? AND handle = ?",
-                           $this->associations_table_name);
-            $params = array($server_url, $handle);
-        } else {
-            $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
-                           "FROM %s WHERE server_url = ? ORDER BY issued DESC",
-                           $this->associations_table_name);
-            $params = array($server_url);
-        }
-        
-        $assoc = $this->connection->getRow($sql, $types, $params);
-
-        if (!$assoc || PEAR::isError($assoc)) {
-            return null;
-        } else {
-            $association = new Auth_OpenID_Association($assoc['handle'],
-                                                       stream_get_contents(
-                                                           $assoc['secret']),
-                                                       $assoc['issued'],
-                                                       $assoc['lifetime'],
-                                                       $assoc['assoc_type']);
-            fclose($assoc['secret']);
-            return $association;
-        }
-    }
-
-    function removeAssociation($server_url, $handle)
-    {
-        $r = $this->connection->execParam(
-            sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?",
-                    $this->associations_table_name),
-            array($server_url, $handle));
-        
-        if (PEAR::isError($r) || $r == 0) {
-            return false;
-        }
-        return true;
-    }
-
-    function useNonce($server_url, $timestamp, $salt)
-    {
-        global $Auth_OpenID_SKEW;
-
-        if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
-            return false;
-        }
-        
-        $fields = array(
-                        "timestamp" => $timestamp,
-                        "salt" => $salt
-                        );
-        
-        if (!empty($server_url)) {
-            $fields["server_url"] = $server_url;
-        }
-        
-        $r = $this->connection->autoExecute(
-            $this->nonces_table_name,
-            $fields,
-            MDB2_AUTOQUERY_INSERT);
-        
-        if (PEAR::isError($r)) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Resets the store by removing all records from the store's
-     * tables.
-     */
-    function reset()
-    {
-        $this->connection->query(sprintf("DELETE FROM %s",
-                                         $this->associations_table_name));
-
-        $this->connection->query(sprintf("DELETE FROM %s",
-                                         $this->nonces_table_name));
-    }
-
-}
-
-?>
diff --git a/lib/Auth/OpenID/MemcachedStore.php b/lib/Auth/OpenID/MemcachedStore.php
deleted file mode 100644
index fc10800b1c0f28f6af937c58e0b28cdd6b3003e8..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/MemcachedStore.php
+++ /dev/null
@@ -1,207 +0,0 @@
-<?php
-
-/**
- * This file supplies a memcached store backend for OpenID servers and
- * consumers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author Artemy Tregubenko <me@arty.name>
- * @copyright 2008 JanRain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- * Contributed by Open Web Technologies <http://openwebtech.ru/>
- */
-
-/**
- * Import the interface for creating a new store class.
- */
-require_once 'Auth/OpenID/Interface.php';
-
-/**
- * This is a memcached-based store for OpenID associations and
- * nonces. 
- * 
- * As memcache has limit of 250 chars for key length, 
- * server_url, handle and salt are hashed with sha1(). 
- *
- * Most of the methods of this class are implementation details.
- * People wishing to just use this store need only pay attention to
- * the constructor.
- *
- * @package OpenID
- */
-class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
-
-    /**
-     * Initializes a new {@link Auth_OpenID_MemcachedStore} instance.
-     * Just saves memcached object as property.
-     *
-     * @param resource connection Memcache connection resourse
-     */
-    function Auth_OpenID_MemcachedStore($connection, $compress = false)
-    {
-        $this->connection = $connection;
-        $this->compress = $compress ? MEMCACHE_COMPRESSED : 0;
-    }
-
-    /**
-     * Store association until its expiration time in memcached. 
-     * Overwrites any existing association with same server_url and 
-     * handle. Handles list of associations for every server. 
-     */
-    function storeAssociation($server_url, $association)
-    {
-        // create memcached keys for association itself 
-        // and list of associations for this server
-        $associationKey = $this->associationKey($server_url, 
-            $association->handle);
-        $serverKey = $this->associationServerKey($server_url);
-        
-        // get list of associations 
-        $serverAssociations = $this->connection->get($serverKey);
-        
-        // if no such list, initialize it with empty array
-        if (!$serverAssociations) {
-            $serverAssociations = array();
-        }
-        // and store given association key in it
-        $serverAssociations[$association->issued] = $associationKey;
-        
-        // save associations' keys list 
-        $this->connection->set(
-            $serverKey,
-            $serverAssociations,
-            $this->compress
-        );
-        // save association itself
-        $this->connection->set(
-            $associationKey,
-            $association, 
-            $this->compress, 
-            $association->issued + $association->lifetime);
-    }
-
-    /**
-     * Read association from memcached. If no handle given 
-     * and multiple associations found, returns latest issued
-     */
-    function getAssociation($server_url, $handle = null)
-    {
-        // simple case: handle given
-        if ($handle !== null) {
-            // get association, return null if failed
-            $association = $this->connection->get(
-                $this->associationKey($server_url, $handle));
-            return $association ? $association : null;
-        }
-        
-        // no handle given, working with list
-        // create key for list of associations
-        $serverKey = $this->associationServerKey($server_url);
-        
-        // get list of associations
-        $serverAssociations = $this->connection->get($serverKey);
-        // return null if failed or got empty list
-        if (!$serverAssociations) {
-            return null;
-        }
-        
-        // get key of most recently issued association
-        $keys = array_keys($serverAssociations);
-        sort($keys);
-        $lastKey = $serverAssociations[array_pop($keys)];
-        
-        // get association, return null if failed
-        $association = $this->connection->get($lastKey);
-        return $association ? $association : null;
-    }
-
-    /**
-     * Immediately delete association from memcache.
-     */
-    function removeAssociation($server_url, $handle)
-    {
-        // create memcached keys for association itself 
-        // and list of associations for this server
-        $serverKey = $this->associationServerKey($server_url);
-        $associationKey = $this->associationKey($server_url, 
-            $handle);
-        
-        // get list of associations
-        $serverAssociations = $this->connection->get($serverKey);
-        // return null if failed or got empty list
-        if (!$serverAssociations) {
-            return false;
-        }
-        
-        // ensure that given association key exists in list
-        $serverAssociations = array_flip($serverAssociations);
-        if (!array_key_exists($associationKey, $serverAssociations)) {
-            return false;
-        }
-        
-        // remove given association key from list
-        unset($serverAssociations[$associationKey]);
-        $serverAssociations = array_flip($serverAssociations);
-        
-        // save updated list
-        $this->connection->set(
-            $serverKey,
-            $serverAssociations,
-            $this->compress
-        );
-
-        // delete association 
-        return $this->connection->delete($associationKey);
-    }
-
-    /**
-     * Create nonce for server and salt, expiring after 
-     * $Auth_OpenID_SKEW seconds.
-     */
-    function useNonce($server_url, $timestamp, $salt)
-    {
-        global $Auth_OpenID_SKEW;
-        
-        // save one request to memcache when nonce obviously expired 
-        if (abs($timestamp - time()) > $Auth_OpenID_SKEW) {
-            return false;
-        }
-        
-        // returns false when nonce already exists
-        // otherwise adds nonce
-        return $this->connection->add(
-            'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), 
-            1, // any value here 
-            $this->compress, 
-            $Auth_OpenID_SKEW);
-    }
-    
-    /**
-     * Memcache key is prefixed with 'openid_association_' string. 
-     */
-    function associationKey($server_url, $handle = null) 
-    {
-        return 'openid_association_' . sha1($server_url) . '_' . sha1($handle);
-    }
-    
-    /**
-     * Memcache key is prefixed with 'openid_association_' string. 
-     */
-    function associationServerKey($server_url) 
-    {
-        return 'openid_association_server_' . sha1($server_url);
-    }
-    
-    /**
-     * Report that this storage doesn't support cleanup
-     */
-    function supportsCleanup()
-    {
-        return false;
-    }
-}
-
diff --git a/lib/Auth/OpenID/Message.php b/lib/Auth/OpenID/Message.php
deleted file mode 100644
index 9aa1fa4684ad71c1ed83602a413cb9b7e8ece43d..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Message.php
+++ /dev/null
@@ -1,920 +0,0 @@
-<?php
-
-/**
- * Extension argument processing code
- *
- * @package OpenID
- */
-
-/**
- * Import tools needed to deal with messages.
- */
-require_once 'Auth/OpenID.php';
-require_once 'Auth/OpenID/KVForm.php';
-require_once 'Auth/Yadis/XML.php';
-require_once 'Auth/OpenID/Consumer.php'; // For Auth_OpenID_FailureResponse
-
-// This doesn't REALLY belong here, but where is better?
-define('Auth_OpenID_IDENTIFIER_SELECT',
-       "http://specs.openid.net/auth/2.0/identifier_select");
-
-// URI for Simple Registration extension, the only commonly deployed
-// OpenID 1.x extension, and so a special case
-define('Auth_OpenID_SREG_URI', 'http://openid.net/sreg/1.0');
-
-// The OpenID 1.X namespace URI
-define('Auth_OpenID_OPENID1_NS', 'http://openid.net/signon/1.0');
-define('Auth_OpenID_THE_OTHER_OPENID1_NS', 'http://openid.net/signon/1.1');
-
-function Auth_OpenID_isOpenID1($ns)
-{
-    return ($ns == Auth_OpenID_THE_OTHER_OPENID1_NS) ||
-        ($ns == Auth_OpenID_OPENID1_NS);
-}
-
-// The OpenID 2.0 namespace URI
-define('Auth_OpenID_OPENID2_NS', 'http://specs.openid.net/auth/2.0');
-
-// The namespace consisting of pairs with keys that are prefixed with
-// "openid."  but not in another namespace.
-define('Auth_OpenID_NULL_NAMESPACE', 'Null namespace');
-
-// The null namespace, when it is an allowed OpenID namespace
-define('Auth_OpenID_OPENID_NS', 'OpenID namespace');
-
-// The top-level namespace, excluding all pairs with keys that start
-// with "openid."
-define('Auth_OpenID_BARE_NS', 'Bare namespace');
-
-// Sentinel for Message implementation to indicate that getArg should
-// return null instead of returning a default.
-define('Auth_OpenID_NO_DEFAULT', 'NO DEFAULT ALLOWED');
-
-// Limit, in bytes, of identity provider and return_to URLs, including
-// response payload.  See OpenID 1.1 specification, Appendix D.
-define('Auth_OpenID_OPENID1_URL_LIMIT', 2047);
-
-// All OpenID protocol fields.  Used to check namespace aliases.
-global $Auth_OpenID_OPENID_PROTOCOL_FIELDS;
-$Auth_OpenID_OPENID_PROTOCOL_FIELDS = array(
-    'ns', 'mode', 'error', 'return_to', 'contact', 'reference',
-    'signed', 'assoc_type', 'session_type', 'dh_modulus', 'dh_gen',
-    'dh_consumer_public', 'claimed_id', 'identity', 'realm',
-    'invalidate_handle', 'op_endpoint', 'response_nonce', 'sig',
-    'assoc_handle', 'trust_root', 'openid');
-
-// Global namespace / alias registration map.  See
-// Auth_OpenID_registerNamespaceAlias.
-global $Auth_OpenID_registered_aliases;
-$Auth_OpenID_registered_aliases = array();
-
-/**
- * Registers a (namespace URI, alias) mapping in a global namespace
- * alias map.  Raises NamespaceAliasRegistrationError if either the
- * namespace URI or alias has already been registered with a different
- * value.  This function is required if you want to use a namespace
- * with an OpenID 1 message.
- */
-function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias)
-{
-    global $Auth_OpenID_registered_aliases;
-
-    if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases,
-                              $alias) == $namespace_uri) {
-        return true;
-    }
-
-    if (in_array($namespace_uri,
-                 array_values($Auth_OpenID_registered_aliases))) {
-        return false;
-    }
-
-    if (in_array($alias, array_keys($Auth_OpenID_registered_aliases))) {
-        return false;
-    }
-
-    $Auth_OpenID_registered_aliases[$alias] = $namespace_uri;
-    return true;
-}
-
-/**
- * Removes a (namespace_uri, alias) registration from the global
- * namespace alias map.  Returns true if the removal succeeded; false
- * if not (if the mapping did not exist).
- */
-function Auth_OpenID_removeNamespaceAlias($namespace_uri, $alias)
-{
-    global $Auth_OpenID_registered_aliases;
-
-    if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases,
-                              $alias) === $namespace_uri) {
-        unset($Auth_OpenID_registered_aliases[$alias]);
-        return true;
-    }
-
-    return false;
-}
-
-/**
- * An Auth_OpenID_Mapping maintains a mapping from arbitrary keys to
- * arbitrary values.  (This is unlike an ordinary PHP array, whose
- * keys may be only simple scalars.)
- *
- * @package OpenID
- */
-class Auth_OpenID_Mapping {
-    /**
-     * Initialize a mapping.  If $classic_array is specified, its keys
-     * and values are used to populate the mapping.
-     */
-    function Auth_OpenID_Mapping($classic_array = null)
-    {
-        $this->keys = array();
-        $this->values = array();
-
-        if (is_array($classic_array)) {
-            foreach ($classic_array as $key => $value) {
-                $this->set($key, $value);
-            }
-        }
-    }
-
-    /**
-     * Returns true if $thing is an Auth_OpenID_Mapping object; false
-     * if not.
-     */
-    static function isA($thing)
-    {
-        return (is_object($thing) &&
-                strtolower(get_class($thing)) == 'auth_openid_mapping');
-    }
-
-    /**
-     * Returns an array of the keys in the mapping.
-     */
-    function keys()
-    {
-        return $this->keys;
-    }
-
-    /**
-     * Returns an array of values in the mapping.
-     */
-    function values()
-    {
-        return $this->values;
-    }
-
-    /**
-     * Returns an array of (key, value) pairs in the mapping.
-     */
-    function items()
-    {
-        $temp = array();
-
-        for ($i = 0; $i < count($this->keys); $i++) {
-            $temp[] = array($this->keys[$i],
-                            $this->values[$i]);
-        }
-        return $temp;
-    }
-
-    /**
-     * Returns the "length" of the mapping, or the number of keys.
-     */
-    function len()
-    {
-        return count($this->keys);
-    }
-
-    /**
-     * Sets a key-value pair in the mapping.  If the key already
-     * exists, its value is replaced with the new value.
-     */
-    function set($key, $value)
-    {
-        $index = array_search($key, $this->keys);
-
-        if ($index !== false) {
-            $this->values[$index] = $value;
-        } else {
-            $this->keys[] = $key;
-            $this->values[] = $value;
-        }
-    }
-
-    /**
-     * Gets a specified value from the mapping, associated with the
-     * specified key.  If the key does not exist in the mapping,
-     * $default is returned instead.
-     */
-    function get($key, $default = null)
-    {
-        $index = array_search($key, $this->keys);
-
-        if ($index !== false) {
-            return $this->values[$index];
-        } else {
-            return $default;
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _reflow()
-    {
-        // PHP is broken yet again.  Sort the arrays to remove the
-        // hole in the numeric indexes that make up the array.
-        $old_keys = $this->keys;
-        $old_values = $this->values;
-
-        $this->keys = array();
-        $this->values = array();
-
-        foreach ($old_keys as $k) {
-            $this->keys[] = $k;
-        }
-
-        foreach ($old_values as $v) {
-            $this->values[] = $v;
-        }
-    }
-
-    /**
-     * Deletes a key-value pair from the mapping with the specified
-     * key.
-     */
-    function del($key)
-    {
-        $index = array_search($key, $this->keys);
-
-        if ($index !== false) {
-            unset($this->keys[$index]);
-            unset($this->values[$index]);
-            $this->_reflow();
-            return true;
-        }
-        return false;
-    }
-
-    /**
-     * Returns true if the specified value has a key in the mapping;
-     * false if not.
-     */
-    function contains($value)
-    {
-        return (array_search($value, $this->keys) !== false);
-    }
-}
-
-/**
- * Maintains a bijective map between namespace uris and aliases.
- *
- * @package OpenID
- */
-class Auth_OpenID_NamespaceMap {
-    function Auth_OpenID_NamespaceMap()
-    {
-        $this->alias_to_namespace = new Auth_OpenID_Mapping();
-        $this->namespace_to_alias = new Auth_OpenID_Mapping();
-        $this->implicit_namespaces = array();
-    }
-
-    function getAlias($namespace_uri)
-    {
-        return $this->namespace_to_alias->get($namespace_uri);
-    }
-
-    function getNamespaceURI($alias)
-    {
-        return $this->alias_to_namespace->get($alias);
-    }
-
-    function iterNamespaceURIs()
-    {
-        // Return an iterator over the namespace URIs
-        return $this->namespace_to_alias->keys();
-    }
-
-    function iterAliases()
-    {
-        // Return an iterator over the aliases"""
-        return $this->alias_to_namespace->keys();
-    }
-
-    function iteritems()
-    {
-        return $this->namespace_to_alias->items();
-    }
-
-    function isImplicit($namespace_uri)
-    {
-        return in_array($namespace_uri, $this->implicit_namespaces);
-    }
-
-    function addAlias($namespace_uri, $desired_alias, $implicit=false)
-    {
-        // Add an alias from this namespace URI to the desired alias
-        global $Auth_OpenID_OPENID_PROTOCOL_FIELDS;
-
-        // Check that desired_alias is not an openid protocol field as
-        // per the spec.
-        if (in_array($desired_alias, $Auth_OpenID_OPENID_PROTOCOL_FIELDS)) {
-            Auth_OpenID::log("\"%s\" is not an allowed namespace alias",
-                            $desired_alias);
-            return null;
-        }
-
-        // Check that desired_alias does not contain a period as per
-        // the spec.
-        if (strpos($desired_alias, '.') !== false) {
-            Auth_OpenID::log('"%s" must not contain a dot', $desired_alias);
-            return null;
-        }
-
-        // Check that there is not a namespace already defined for the
-        // desired alias
-        $current_namespace_uri =
-            $this->alias_to_namespace->get($desired_alias);
-
-        if (($current_namespace_uri !== null) &&
-            ($current_namespace_uri != $namespace_uri)) {
-            Auth_OpenID::log('Cannot map "%s" because previous mapping exists',
-                            $namespace_uri);
-            return null;
-        }
-
-        // Check that there is not already a (different) alias for
-        // this namespace URI
-        $alias = $this->namespace_to_alias->get($namespace_uri);
-
-        if (($alias !== null) && ($alias != $desired_alias)) {
-            Auth_OpenID::log('Cannot map %s to alias %s. ' .
-                            'It is already mapped to alias %s',
-                            $namespace_uri, $desired_alias, $alias);
-            return null;
-        }
-
-        assert((Auth_OpenID_NULL_NAMESPACE === $desired_alias) ||
-               is_string($desired_alias));
-
-        $this->alias_to_namespace->set($desired_alias, $namespace_uri);
-        $this->namespace_to_alias->set($namespace_uri, $desired_alias);
-        if ($implicit) {
-            array_push($this->implicit_namespaces, $namespace_uri);
-        }
-
-        return $desired_alias;
-    }
-
-    function add($namespace_uri)
-    {
-        // Add this namespace URI to the mapping, without caring what
-        // alias it ends up with
-
-        // See if this namespace is already mapped to an alias
-        $alias = $this->namespace_to_alias->get($namespace_uri);
-
-        if ($alias !== null) {
-            return $alias;
-        }
-
-        // Fall back to generating a numerical alias
-        $i = 0;
-        while (1) {
-            $alias = 'ext' . strval($i);
-            if ($this->addAlias($namespace_uri, $alias) === null) {
-                $i += 1;
-            } else {
-                return $alias;
-            }
-        }
-
-        // Should NEVER be reached!
-        return null;
-    }
-
-    function contains($namespace_uri)
-    {
-        return $this->isDefined($namespace_uri);
-    }
-
-    function isDefined($namespace_uri)
-    {
-        return $this->namespace_to_alias->contains($namespace_uri);
-    }
-}
-
-/**
- * In the implementation of this object, null represents the global
- * namespace as well as a namespace with no key.
- *
- * @package OpenID
- */
-class Auth_OpenID_Message {
-
-    function Auth_OpenID_Message($openid_namespace = null)
-    {
-        // Create an empty Message
-        $this->allowed_openid_namespaces = array(
-                               Auth_OpenID_OPENID1_NS,
-                               Auth_OpenID_THE_OTHER_OPENID1_NS,
-                               Auth_OpenID_OPENID2_NS);
-
-        $this->args = new Auth_OpenID_Mapping();
-        $this->namespaces = new Auth_OpenID_NamespaceMap();
-        if ($openid_namespace === null) {
-            $this->_openid_ns_uri = null;
-        } else {
-            $implicit = Auth_OpenID_isOpenID1($openid_namespace);
-            $this->setOpenIDNamespace($openid_namespace, $implicit);
-        }
-    }
-
-    function isOpenID1()
-    {
-        return Auth_OpenID_isOpenID1($this->getOpenIDNamespace());
-    }
-
-    function isOpenID2()
-    {
-        return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
-    }
-
-    static function fromPostArgs($args)
-    {
-        // Construct a Message containing a set of POST arguments
-        $obj = new Auth_OpenID_Message();
-
-        // Partition into "openid." args and bare args
-        $openid_args = array();
-        foreach ($args as $key => $value) {
-
-            if (is_array($value)) {
-                return null;
-            }
-
-            $parts = explode('.', $key, 2);
-
-            if (count($parts) == 2) {
-                list($prefix, $rest) = $parts;
-            } else {
-                $prefix = null;
-            }
-
-            if ($prefix != 'openid') {
-                $obj->args->set(array(Auth_OpenID_BARE_NS, $key), $value);
-            } else {
-                $openid_args[$rest] = $value;
-            }
-        }
-
-        if ($obj->_fromOpenIDArgs($openid_args)) {
-            return $obj;
-        } else {
-            return null;
-        }
-    }
-
-    static function fromOpenIDArgs($openid_args)
-    {
-        // Takes an array.
-
-        // Construct a Message from a parsed KVForm message
-        $obj = new Auth_OpenID_Message();
-        if ($obj->_fromOpenIDArgs($openid_args)) {
-            return $obj;
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _fromOpenIDArgs($openid_args)
-    {
-        global $Auth_OpenID_registered_aliases;
-
-        // Takes an Auth_OpenID_Mapping instance OR an array.
-
-        if (!Auth_OpenID_Mapping::isA($openid_args)) {
-            $openid_args = new Auth_OpenID_Mapping($openid_args);
-        }
-
-        $ns_args = array();
-
-        // Resolve namespaces
-        foreach ($openid_args->items() as $pair) {
-            list($rest, $value) = $pair;
-
-            $parts = explode('.', $rest, 2);
-
-            if (count($parts) == 2) {
-                list($ns_alias, $ns_key) = $parts;
-            } else {
-                $ns_alias = Auth_OpenID_NULL_NAMESPACE;
-                $ns_key = $rest;
-            }
-
-            if ($ns_alias == 'ns') {
-                if ($this->namespaces->addAlias($value, $ns_key) === null) {
-                    return false;
-                }
-            } else if (($ns_alias == Auth_OpenID_NULL_NAMESPACE) &&
-                       ($ns_key == 'ns')) {
-                // null namespace
-                if ($this->setOpenIDNamespace($value, false) === false) {
-                    return false;
-                }
-            } else {
-                $ns_args[] = array($ns_alias, $ns_key, $value);
-            }
-        }
-
-        if (!$this->getOpenIDNamespace()) {
-            if ($this->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, true) ===
-                false) {
-                return false;
-            }
-        }
-
-        // Actually put the pairs into the appropriate namespaces
-        foreach ($ns_args as $triple) {
-            list($ns_alias, $ns_key, $value) = $triple;
-            $ns_uri = $this->namespaces->getNamespaceURI($ns_alias);
-            if ($ns_uri === null) {
-                $ns_uri = $this->_getDefaultNamespace($ns_alias);
-                if ($ns_uri === null) {
-
-                    $ns_uri = Auth_OpenID_OPENID_NS;
-                    $ns_key = sprintf('%s.%s', $ns_alias, $ns_key);
-                } else {
-                    $this->namespaces->addAlias($ns_uri, $ns_alias, true);
-                }
-            }
-
-            $this->setArg($ns_uri, $ns_key, $value);
-        }
-
-        return true;
-    }
-
-    function _getDefaultNamespace($mystery_alias)
-    {
-        global $Auth_OpenID_registered_aliases;
-        if ($this->isOpenID1()) {
-            return @$Auth_OpenID_registered_aliases[$mystery_alias];
-        }
-        return null;
-    }
-
-    function setOpenIDNamespace($openid_ns_uri, $implicit)
-    {
-        if (!in_array($openid_ns_uri, $this->allowed_openid_namespaces)) {
-            Auth_OpenID::log('Invalid null namespace: "%s"', $openid_ns_uri);
-            return false;
-        }
-
-        $succeeded = $this->namespaces->addAlias($openid_ns_uri,
-                                                 Auth_OpenID_NULL_NAMESPACE,
-                                                 $implicit);
-        if ($succeeded === false) {
-            return false;
-        }
-
-        $this->_openid_ns_uri = $openid_ns_uri;
-
-        return true;
-    }
-
-    function getOpenIDNamespace()
-    {
-        return $this->_openid_ns_uri;
-    }
-
-    static function fromKVForm($kvform_string)
-    {
-        // Create a Message from a KVForm string
-        return Auth_OpenID_Message::fromOpenIDArgs(
-                     Auth_OpenID_KVForm::toArray($kvform_string));
-    }
-
-    function copy()
-    {
-        return $this;
-    }
-
-    function toPostArgs()
-    {
-        // Return all arguments with openid. in front of namespaced
-        // arguments.
-
-        $args = array();
-
-        // Add namespace definitions to the output
-        foreach ($this->namespaces->iteritems() as $pair) {
-            list($ns_uri, $alias) = $pair;
-            if ($this->namespaces->isImplicit($ns_uri)) {
-                continue;
-            }
-            if ($alias == Auth_OpenID_NULL_NAMESPACE) {
-                $ns_key = 'openid.ns';
-            } else {
-                $ns_key = 'openid.ns.' . $alias;
-            }
-            $args[$ns_key] = $ns_uri;
-        }
-
-        foreach ($this->args->items() as $pair) {
-            list($ns_parts, $value) = $pair;
-            list($ns_uri, $ns_key) = $ns_parts;
-            $key = $this->getKey($ns_uri, $ns_key);
-            $args[$key] = $value;
-        }
-
-        return $args;
-    }
-
-    function toArgs()
-    {
-        // Return all namespaced arguments, failing if any
-        // non-namespaced arguments exist.
-        $post_args = $this->toPostArgs();
-        $kvargs = array();
-        foreach ($post_args as $k => $v) {
-            if (strpos($k, 'openid.') !== 0) {
-                // raise ValueError(
-                //   'This message can only be encoded as a POST, because it '
-                //   'contains arguments that are not prefixed with "openid."')
-                return null;
-            } else {
-                $kvargs[substr($k, 7)] = $v;
-            }
-        }
-
-        return $kvargs;
-    }
-
-    function toFormMarkup($action_url, $form_tag_attrs = null,
-                          $submit_text = "Continue")
-    {
-        $form = "<form accept-charset=\"UTF-8\" ".
-            "enctype=\"application/x-www-form-urlencoded\"";
-
-        if (!$form_tag_attrs) {
-            $form_tag_attrs = array();
-        }
-
-        $form_tag_attrs['action'] = $action_url;
-        $form_tag_attrs['method'] = 'post';
-
-        unset($form_tag_attrs['enctype']);
-        unset($form_tag_attrs['accept-charset']);
-
-        if ($form_tag_attrs) {
-            foreach ($form_tag_attrs as $name => $attr) {
-                $form .= sprintf(" %s=\"%s\"", $name, $attr);
-            }
-        }
-
-        $form .= ">\n";
-
-        foreach ($this->toPostArgs() as $name => $value) {
-            $form .= sprintf(
-                        "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
-                        $name, $value);
-        }
-
-        $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
-                         $submit_text);
-
-        $form .= "</form>\n";
-
-        return $form;
-    }
-
-    function toURL($base_url)
-    {
-        // Generate a GET URL with the parameters in this message
-        // attached as query parameters.
-        return Auth_OpenID::appendArgs($base_url, $this->toPostArgs());
-    }
-
-    function toKVForm()
-    {
-        // Generate a KVForm string that contains the parameters in
-        // this message. This will fail if the message contains
-        // arguments outside of the 'openid.' prefix.
-        return Auth_OpenID_KVForm::fromArray($this->toArgs());
-    }
-
-    function toURLEncoded()
-    {
-        // Generate an x-www-urlencoded string
-        $args = array();
-
-        foreach ($this->toPostArgs() as $k => $v) {
-            $args[] = array($k, $v);
-        }
-
-        sort($args);
-        return Auth_OpenID::httpBuildQuery($args);
-    }
-
-    /**
-     * @access private
-     */
-    function _fixNS($namespace)
-    {
-        // Convert an input value into the internally used values of
-        // this object
-
-        if ($namespace == Auth_OpenID_OPENID_NS) {
-            if ($this->_openid_ns_uri === null) {
-                return new Auth_OpenID_FailureResponse(null,
-                    'OpenID namespace not set');
-            } else {
-                $namespace = $this->_openid_ns_uri;
-            }
-        }
-
-        if (($namespace != Auth_OpenID_BARE_NS) &&
-              (!is_string($namespace))) {
-            //TypeError
-            $err_msg = sprintf("Namespace must be Auth_OpenID_BARE_NS, ".
-                              "Auth_OpenID_OPENID_NS or a string. got %s",
-                              print_r($namespace, true));
-            return new Auth_OpenID_FailureResponse(null, $err_msg);
-        }
-
-        if (($namespace != Auth_OpenID_BARE_NS) &&
-            (strpos($namespace, ':') === false)) {
-            // fmt = 'OpenID 2.0 namespace identifiers SHOULD be URIs. Got %r'
-            // warnings.warn(fmt % (namespace,), DeprecationWarning)
-
-            if ($namespace == 'sreg') {
-                // fmt = 'Using %r instead of "sreg" as namespace'
-                // warnings.warn(fmt % (SREG_URI,), DeprecationWarning,)
-                return Auth_OpenID_SREG_URI;
-            }
-        }
-
-        return $namespace;
-    }
-
-    function hasKey($namespace, $ns_key)
-    {
-        $namespace = $this->_fixNS($namespace);
-        if (Auth_OpenID::isFailure($namespace)) {
-            // XXX log me
-            return false;
-        } else {
-            return $this->args->contains(array($namespace, $ns_key));
-        }
-    }
-
-    function getKey($namespace, $ns_key)
-    {
-        // Get the key for a particular namespaced argument
-        $namespace = $this->_fixNS($namespace);
-        if (Auth_OpenID::isFailure($namespace)) {
-            return $namespace;
-        }
-        if ($namespace == Auth_OpenID_BARE_NS) {
-            return $ns_key;
-        }
-
-        $ns_alias = $this->namespaces->getAlias($namespace);
-
-        // No alias is defined, so no key can exist
-        if ($ns_alias === null) {
-            return null;
-        }
-
-        if ($ns_alias == Auth_OpenID_NULL_NAMESPACE) {
-            $tail = $ns_key;
-        } else {
-            $tail = sprintf('%s.%s', $ns_alias, $ns_key);
-        }
-
-        return 'openid.' . $tail;
-    }
-
-    function getArg($namespace, $key, $default = null)
-    {
-        // Get a value for a namespaced key.
-        $namespace = $this->_fixNS($namespace);
-
-        if (Auth_OpenID::isFailure($namespace)) {
-            return $namespace;
-        } else {
-            if ((!$this->args->contains(array($namespace, $key))) &&
-              ($default == Auth_OpenID_NO_DEFAULT)) {
-                $err_msg = sprintf("Namespace %s missing required field %s",
-                                   $namespace, $key);
-                return new Auth_OpenID_FailureResponse(null, $err_msg);
-            } else {
-                return $this->args->get(array($namespace, $key), $default);
-            }
-        }
-    }
-
-    function getArgs($namespace)
-    {
-        // Get the arguments that are defined for this namespace URI
-
-        $namespace = $this->_fixNS($namespace);
-        if (Auth_OpenID::isFailure($namespace)) {
-            return $namespace;
-        } else {
-            $stuff = array();
-            foreach ($this->args->items() as $pair) {
-                list($key, $value) = $pair;
-                list($pair_ns, $ns_key) = $key;
-                if ($pair_ns == $namespace) {
-                    $stuff[$ns_key] = $value;
-                }
-            }
-
-            return $stuff;
-        }
-    }
-
-    function updateArgs($namespace, $updates)
-    {
-        // Set multiple key/value pairs in one call
-
-        $namespace = $this->_fixNS($namespace);
-
-        if (Auth_OpenID::isFailure($namespace)) {
-            return $namespace;
-        } else {
-            foreach ($updates as $k => $v) {
-                $this->setArg($namespace, $k, $v);
-            }
-            return true;
-        }
-    }
-
-    function setArg($namespace, $key, $value)
-    {
-        // Set a single argument in this namespace
-        $namespace = $this->_fixNS($namespace);
-
-        if (Auth_OpenID::isFailure($namespace)) {
-            return $namespace;
-        } else {
-            $this->args->set(array($namespace, $key), $value);
-            if ($namespace !== Auth_OpenID_BARE_NS) {
-                $this->namespaces->add($namespace);
-            }
-            return true;
-        }
-    }
-
-    function delArg($namespace, $key)
-    {
-        $namespace = $this->_fixNS($namespace);
-
-        if (Auth_OpenID::isFailure($namespace)) {
-            return $namespace;
-        } else {
-            return $this->args->del(array($namespace, $key));
-        }
-    }
-
-    function getAliasedArg($aliased_key, $default = null)
-    {
-        if ($aliased_key == 'ns') {
-            // Return the namespace URI for the OpenID namespace
-            return $this->getOpenIDNamespace();
-        }
-
-        $parts = explode('.', $aliased_key, 2);
-
-        if (count($parts) != 2) {
-            $ns = null;
-        } else {
-            list($alias, $key) = $parts;
-
-            if ($alias == 'ns') {
-              // Return the namespace URI for a namespace alias
-              // parameter.
-              return $this->namespaces->getNamespaceURI($key);
-            } else {
-              $ns = $this->namespaces->getNamespaceURI($alias);
-            }
-        }
-
-        if ($ns === null) {
-            $key = $aliased_key;
-            $ns = $this->getOpenIDNamespace();
-        }
-
-        return $this->getArg($ns, $key, $default);
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/MySQLStore.php b/lib/Auth/OpenID/MySQLStore.php
deleted file mode 100644
index a5299b3a5cdce35f9265f7b8109044ad265cd454..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/MySQLStore.php
+++ /dev/null
@@ -1,77 +0,0 @@
-<?php
-
-/**
- * A MySQL store.
- *
- * @package OpenID
- */
-
-/**
- * Require the base class file.
- */
-require_once "Auth/OpenID/SQLStore.php";
-
-/**
- * An SQL store that uses MySQL as its backend.
- *
- * @package OpenID
- */
-class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
-    /**
-     * @access private
-     */
-    function setSQL()
-    {
-        $this->sql['nonce_table'] =
-            "CREATE TABLE %s (\n".
-            "  server_url VARCHAR(2047) NOT NULL,\n".
-            "  timestamp INTEGER NOT NULL,\n".
-            "  salt CHAR(40) NOT NULL,\n".
-            "  UNIQUE (server_url(255), timestamp, salt)\n".
-            ") ENGINE=InnoDB";
-
-        $this->sql['assoc_table'] =
-            "CREATE TABLE %s (\n".
-            "  server_url VARCHAR(2047) NOT NULL,\n".
-            "  handle VARCHAR(255) NOT NULL,\n".
-            "  secret BLOB NOT NULL,\n".
-            "  issued INTEGER NOT NULL,\n".
-            "  lifetime INTEGER NOT NULL,\n".
-            "  assoc_type VARCHAR(64) NOT NULL,\n".
-            "  PRIMARY KEY (server_url(255), handle)\n".
-            ") ENGINE=InnoDB";
-
-        $this->sql['set_assoc'] =
-            "REPLACE INTO %s (server_url, handle, secret, issued,\n".
-            "  lifetime, assoc_type) VALUES (?, ?, !, ?, ?, ?)";
-
-        $this->sql['get_assocs'] =
-            "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
-            "WHERE server_url = ?";
-
-        $this->sql['get_assoc'] =
-            "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
-            "WHERE server_url = ? AND handle = ?";
-
-        $this->sql['remove_assoc'] =
-            "DELETE FROM %s WHERE server_url = ? AND handle = ?";
-
-        $this->sql['add_nonce'] =
-            "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)";
-
-        $this->sql['clean_nonce'] =
-            "DELETE FROM %s WHERE timestamp < ?";
-
-        $this->sql['clean_assoc'] =
-            "DELETE FROM %s WHERE issued + lifetime < ?";
-    }
-
-    /**
-     * @access private
-     */
-    function blobEncode($blob)
-    {
-        return "0x" . bin2hex($blob);
-    }
-}
-
diff --git a/lib/Auth/OpenID/Nonce.php b/lib/Auth/OpenID/Nonce.php
deleted file mode 100644
index b83c5911f80386aff14f5737f1b9085cac2d7bd9..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Nonce.php
+++ /dev/null
@@ -1,108 +0,0 @@
-<?php
-
-/**
- * Nonce-related functionality.
- *
- * @package OpenID
- */
-
-/**
- * Need CryptUtil to generate random strings.
- */
-require_once 'Auth/OpenID/CryptUtil.php';
-
-/**
- * This is the characters that the nonces are made from.
- */
-define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
-       "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
-
-// Keep nonces for five hours (allow five hours for the combination of
-// request time and clock skew). This is probably way more than is
-// necessary, but there is not much overhead in storing nonces.
-global $Auth_OpenID_SKEW;
-$Auth_OpenID_SKEW = 60 * 60 * 5;
-
-define('Auth_OpenID_Nonce_REGEX',
-       '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
-
-define('Auth_OpenID_Nonce_TIME_FMT',
-       '%Y-%m-%dT%H:%M:%SZ');
-
-function Auth_OpenID_splitNonce($nonce_string)
-{
-    // Extract a timestamp from the given nonce string
-    $result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
-    if ($result != 1 || count($matches) != 8) {
-        return null;
-    }
-
-    list($unused,
-         $tm_year,
-         $tm_mon,
-         $tm_mday,
-         $tm_hour,
-         $tm_min,
-         $tm_sec,
-         $uniquifier) = $matches;
-
-    $timestamp =
-        @gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
-
-    if ($timestamp === false || $timestamp < 0) {
-        return null;
-    }
-
-    return array($timestamp, $uniquifier);
-}
-
-function Auth_OpenID_checkTimestamp($nonce_string,
-                                    $allowed_skew = null,
-                                    $now = null)
-{
-    // Is the timestamp that is part of the specified nonce string
-    // within the allowed clock-skew of the current time?
-    global $Auth_OpenID_SKEW;
-
-    if ($allowed_skew === null) {
-        $allowed_skew = $Auth_OpenID_SKEW;
-    }
-
-    $parts = Auth_OpenID_splitNonce($nonce_string);
-    if ($parts == null) {
-        return false;
-    }
-
-    if ($now === null) {
-        $now = time();
-    }
-
-    $stamp = $parts[0];
-
-    // Time after which we should not use the nonce
-    $past = $now - $allowed_skew;
-
-    // Time that is too far in the future for us to allow
-    $future = $now + $allowed_skew;
-
-    // the stamp is not too far in the future and is not too far
-    // in the past
-    return (($past <= $stamp) && ($stamp <= $future));
-}
-
-function Auth_OpenID_mkNonce($when = null)
-{
-    // Generate a nonce with the current timestamp
-    $salt = Auth_OpenID_CryptUtil::randomString(
-        6, Auth_OpenID_Nonce_CHRS);
-    if ($when === null) {
-        // It's safe to call time() with no arguments; it returns a
-        // GMT unix timestamp on PHP 4 and PHP 5.  gmmktime() with no
-        // args returns a local unix timestamp on PHP 4, so don't use
-        // that.
-        $when = time();
-    }
-    $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
-    return $time_str . $salt;
-}
-
diff --git a/lib/Auth/OpenID/PAPE.php b/lib/Auth/OpenID/PAPE.php
deleted file mode 100644
index f08ca8bd0b21e358e976d790bb11af91c718fb9e..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/PAPE.php
+++ /dev/null
@@ -1,300 +0,0 @@
-<?php
-
-/**
- * An implementation of the OpenID Provider Authentication Policy
- *  Extension 1.0
- *
- * See:
- * http://openid.net/developers/specs/
- */
-
-require_once "Auth/OpenID/Extension.php";
-
-define('Auth_OpenID_PAPE_NS_URI',
-       "http://specs.openid.net/extensions/pape/1.0");
-
-define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',
-       'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');
-define('PAPE_AUTH_MULTI_FACTOR',
-       'http://schemas.openid.net/pape/policies/2007/06/multi-factor');
-define('PAPE_AUTH_PHISHING_RESISTANT',
-       'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
-
-define('PAPE_TIME_VALIDATOR',
-      '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
-/**
- * A Provider Authentication Policy request, sent from a relying party
- * to a provider
- *
- * preferred_auth_policies: The authentication policies that
- * the relying party prefers
- *
- * max_auth_age: The maximum time, in seconds, that the relying party
- * wants to allow to have elapsed before the user must re-authenticate
- */
-class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
-
-    var $ns_alias = 'pape';
-    var $ns_uri = Auth_OpenID_PAPE_NS_URI;
-
-    function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,
-                                      $max_auth_age=null)
-    {
-        if ($preferred_auth_policies === null) {
-            $preferred_auth_policies = array();
-        }
-
-        $this->preferred_auth_policies = $preferred_auth_policies;
-        $this->max_auth_age = $max_auth_age;
-    }
-
-    /**
-     * Add an acceptable authentication policy URI to this request
-     *
-     * This method is intended to be used by the relying party to add
-     * acceptable authentication types to the request.
-     *
-     * policy_uri: The identifier for the preferred type of
-     * authentication.
-     */
-    function addPolicyURI($policy_uri)
-    {
-        if (!in_array($policy_uri, $this->preferred_auth_policies)) {
-            $this->preferred_auth_policies[] = $policy_uri;
-        }
-    }
-
-    function getExtensionArgs()
-    {
-        $ns_args = array(
-                         'preferred_auth_policies' =>
-                           implode(' ', $this->preferred_auth_policies)
-                         );
-
-        if ($this->max_auth_age !== null) {
-            $ns_args['max_auth_age'] = strval($this->max_auth_age);
-        }
-
-        return $ns_args;
-    }
-
-    /**
-     * Instantiate a Request object from the arguments in a checkid_*
-     * OpenID message
-     */
-    static function fromOpenIDRequest($request)
-    {
-        $obj = new Auth_OpenID_PAPE_Request();
-        $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
-
-        if ($args === null || $args === array()) {
-            return null;
-        }
-
-        $obj->parseExtensionArgs($args);
-        return $obj;
-    }
-
-    /**
-     * Set the state of this request to be that expressed in these
-     * PAPE arguments
-     *
-     * @param args: The PAPE arguments without a namespace
-     */
-    function parseExtensionArgs($args)
-    {
-        // preferred_auth_policies is a space-separated list of policy
-        // URIs
-        $this->preferred_auth_policies = array();
-
-        $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');
-        if ($policies_str) {
-            foreach (explode(' ', $policies_str) as $uri) {
-                if (!in_array($uri, $this->preferred_auth_policies)) {
-                    $this->preferred_auth_policies[] = $uri;
-                }
-            }
-        }
-
-        // max_auth_age is base-10 integer number of seconds
-        $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');
-        if ($max_auth_age_str) {
-            $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);
-        } else {
-            $this->max_auth_age = null;
-        }
-    }
-
-    /**
-     * Given a list of authentication policy URIs that a provider
-     * supports, this method returns the subsequence of those types
-     * that are preferred by the relying party.
-     *
-     * @param supported_types: A sequence of authentication policy
-     * type URIs that are supported by a provider
-     *
-     * @return array The sub-sequence of the supported types that are
-     * preferred by the relying party. This list will be ordered in
-     * the order that the types appear in the supported_types
-     * sequence, and may be empty if the provider does not prefer any
-     * of the supported authentication types.
-     */
-    function preferredTypes($supported_types)
-    {
-        $result = array();
-
-        foreach ($supported_types as $st) {
-            if (in_array($st, $this->preferred_auth_policies)) {
-                $result[] = $st;
-            }
-        }
-        return $result;
-    }
-}
-
-/**
- * A Provider Authentication Policy response, sent from a provider to
- * a relying party
- */
-class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
-
-    var $ns_alias = 'pape';
-    var $ns_uri = Auth_OpenID_PAPE_NS_URI;
-
-    function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,
-                                       $nist_auth_level=null)
-    {
-        if ($auth_policies) {
-            $this->auth_policies = $auth_policies;
-        } else {
-            $this->auth_policies = array();
-        }
-
-        $this->auth_time = $auth_time;
-        $this->nist_auth_level = $nist_auth_level;
-    }
-
-    /**
-     * Add a authentication policy to this response
-     *
-     * This method is intended to be used by the provider to add a
-     * policy that the provider conformed to when authenticating the
-     * user.
-     *
-     * @param policy_uri: The identifier for the preferred type of
-     * authentication.
-     */
-    function addPolicyURI($policy_uri)
-    {
-        if (!in_array($policy_uri, $this->auth_policies)) {
-            $this->auth_policies[] = $policy_uri;
-        }
-    }
-
-    /**
-     * Create an Auth_OpenID_PAPE_Response object from a successful
-     * OpenID library response.
-     *
-     * @param success_response $success_response A SuccessResponse
-     * from Auth_OpenID_Consumer::complete()
-     *
-     * @returns: A provider authentication policy response from the
-     * data that was supplied with the id_res response.
-     */
-    static function fromSuccessResponse($success_response)
-    {
-        $obj = new Auth_OpenID_PAPE_Response();
-
-        // PAPE requires that the args be signed.
-        $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);
-
-        if ($args === null || $args === array()) {
-            return null;
-        }
-
-        $result = $obj->parseExtensionArgs($args);
-
-        if ($result === false) {
-            return null;
-        } else {
-            return $obj;
-        }
-    }
-
-    /**
-     * Parse the provider authentication policy arguments into the
-     *  internal state of this object
-     *
-     * @param args: unqualified provider authentication policy
-     * arguments
-     *
-     * @param strict: Whether to return false when bad data is
-     * encountered
-     *
-     * @return null The data is parsed into the internal fields of
-     * this object.
-    */
-    function parseExtensionArgs($args, $strict=false)
-    {
-        $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');
-        if ($policies_str && $policies_str != "none") {
-            $this->auth_policies = explode(" ", $policies_str);
-        }
-
-        $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');
-        if ($nist_level_str !== null) {
-            $nist_level = Auth_OpenID::intval($nist_level_str);
-
-            if ($nist_level === false) {
-                if ($strict) {
-                    return false;
-                } else {
-                    $nist_level = null;
-                }
-            }
-
-            if (0 <= $nist_level && $nist_level < 5) {
-                $this->nist_auth_level = $nist_level;
-            } else if ($strict) {
-                return false;
-            }
-        }
-
-        $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
-        if ($auth_time !== null) {
-            if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
-                $this->auth_time = $auth_time;
-            } else if ($strict) {
-                return false;
-            }
-        }
-    }
-
-    function getExtensionArgs()
-    {
-        $ns_args = array();
-        if (count($this->auth_policies) > 0) {
-            $ns_args['auth_policies'] = implode(' ', $this->auth_policies);
-        } else {
-            $ns_args['auth_policies'] = 'none';
-        }
-
-        if ($this->nist_auth_level !== null) {
-            if (!in_array($this->nist_auth_level, range(0, 4), true)) {
-                return false;
-            }
-            $ns_args['nist_auth_level'] = strval($this->nist_auth_level);
-        }
-
-        if ($this->auth_time !== null) {
-            if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
-                return false;
-            }
-
-            $ns_args['auth_time'] = $this->auth_time;
-        }
-
-        return $ns_args;
-    }
-}
-
diff --git a/lib/Auth/OpenID/Parse.php b/lib/Auth/OpenID/Parse.php
deleted file mode 100644
index 0461bdcff7a065078b684c779ba88c6e02d4245b..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Parse.php
+++ /dev/null
@@ -1,381 +0,0 @@
-<?php
-
-/**
- * This module implements a VERY limited parser that finds <link> tags
- * in the head of HTML or XHTML documents and parses out their
- * attributes according to the OpenID spec. It is a liberal parser,
- * but it requires these things from the data in order to work:
- *
- * - There must be an open <html> tag
- *
- * - There must be an open <head> tag inside of the <html> tag
- *
- * - Only <link>s that are found inside of the <head> tag are parsed
- *   (this is by design)
- *
- * - The parser follows the OpenID specification in resolving the
- *   attributes of the link tags. This means that the attributes DO
- *   NOT get resolved as they would by an XML or HTML parser. In
- *   particular, only certain entities get replaced, and href
- *   attributes do not get resolved relative to a base URL.
- *
- * From http://openid.net/specs.bml:
- *
- * - The openid.server URL MUST be an absolute URL. OpenID consumers
- *   MUST NOT attempt to resolve relative URLs.
- *
- * - The openid.server URL MUST NOT include entities other than &amp;,
- *   &lt;, &gt;, and &quot;.
- *
- * The parser ignores SGML comments and <![CDATA[blocks]]>. Both kinds
- * of quoting are allowed for attributes.
- *
- * The parser deals with invalid markup in these ways:
- *
- * - Tag names are not case-sensitive
- *
- * - The <html> tag is accepted even when it is not at the top level
- *
- * - The <head> tag is accepted even when it is not a direct child of
- *   the <html> tag, but a <html> tag must be an ancestor of the
- *   <head> tag
- *
- * - <link> tags are accepted even when they are not direct children
- *   of the <head> tag, but a <head> tag must be an ancestor of the
- *   <link> tag
- *
- * - If there is no closing tag for an open <html> or <head> tag, the
- *   remainder of the document is viewed as being inside of the
- *   tag. If there is no closing tag for a <link> tag, the link tag is
- *   treated as a short tag. Exceptions to this rule are that <html>
- *   closes <html> and <body> or <head> closes <head>
- *
- * - Attributes of the <link> tag are not required to be quoted.
- *
- * - In the case of duplicated attribute names, the attribute coming
- *   last in the tag will be the value returned.
- *
- * - Any text that does not parse as an attribute within a link tag
- *   will be ignored. (e.g. <link pumpkin rel='openid.server' /> will
- *   ignore pumpkin)
- *
- * - If there are more than one <html> or <head> tag, the parser only
- *   looks inside of the first one.
- *
- * - The contents of <script> tags are ignored entirely, except
- *   unclosed <script> tags. Unclosed <script> tags are ignored.
- *
- * - Any other invalid markup is ignored, including unclosed SGML
- *   comments and unclosed <![CDATA[blocks.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require Auth_OpenID::arrayGet().
- */
-require_once "Auth/OpenID.php";
-
-class Auth_OpenID_Parse {
-
-    /**
-     * Specify some flags for use with regex matching.
-     */
-    var $_re_flags = "si";
-
-    /**
-     * Stuff to remove before we start looking for tags
-     */
-    var $_removed_re =
-           "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>";
-
-    /**
-     * Starts with the tag name at a word boundary, where the tag name
-     * is not a namespace
-     */
-    var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))";
-
-    var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)';
-
-    var $_open_tag_expr = "<%s\b";
-    var $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>";
-
-    function Auth_OpenID_Parse()
-    {
-        $this->_link_find = sprintf("/<link\b(?!:)([^>]*)(?!<)>/%s",
-                                    $this->_re_flags);
-
-        $this->_entity_replacements = array(
-                                            'amp' => '&',
-                                            'lt' => '<',
-                                            'gt' => '>',
-                                            'quot' => '"'
-                                            );
-
-        $this->_attr_find = sprintf("/%s/%s",
-                                    $this->_attr_find,
-                                    $this->_re_flags);
-
-        $this->_removed_re = sprintf("/%s/%s",
-                                     $this->_removed_re,
-                                     $this->_re_flags);
-
-        $this->_ent_replace =
-            sprintf("&(%s);", implode("|",
-                                      $this->_entity_replacements));
-    }
-
-    /**
-     * Returns a regular expression that will match a given tag in an
-     * SGML string.
-     */
-    function tagMatcher($tag_name, $close_tags = null)
-    {
-        $expr = $this->_tag_expr;
-
-        if ($close_tags) {
-            $options = implode("|", array_merge(array($tag_name), $close_tags));
-            $closer = sprintf("(?:%s)", $options);
-        } else {
-            $closer = $tag_name;
-        }
-
-        $expr = sprintf($expr, $tag_name, $closer);
-        return sprintf("/%s/%s", $expr, $this->_re_flags);
-    }
-
-    function openTag($tag_name)
-    {
-        $expr = sprintf($this->_open_tag_expr, $tag_name);
-        return sprintf("/%s/%s", $expr, $this->_re_flags);
-    }
-
-    function closeTag($tag_name)
-    {
-        $expr = sprintf($this->_close_tag_expr, $tag_name, $tag_name);
-        return sprintf("/%s/%s", $expr, $this->_re_flags);
-    }
-
-    function htmlBegin($s)
-    {
-        $matches = array();
-        $result = preg_match($this->openTag('html'), $s,
-                             $matches, PREG_OFFSET_CAPTURE);
-        if ($result === false || !$matches) {
-            return false;
-        }
-        // Return the offset of the first match.
-        return $matches[0][1];
-    }
-
-    function htmlEnd($s)
-    {
-        $matches = array();
-        $result = preg_match($this->closeTag('html'), $s,
-                             $matches, PREG_OFFSET_CAPTURE);
-        if ($result === false || !$matches) {
-            return false;
-        }
-        // Return the offset of the first match.
-        return $matches[count($matches) - 1][1];
-    }
-
-    function headFind()
-    {
-        return $this->tagMatcher('head', array('body', 'html'));
-    }
-
-    function replaceEntities($str)
-    {
-        foreach ($this->_entity_replacements as $old => $new) {
-            $str = preg_replace(sprintf("/&%s;/", $old), $new, $str);
-        }
-        return $str;
-    }
-
-    function removeQuotes($str)
-    {
-        $matches = array();
-        $double = '/^"(.*)"$/';
-        $single = "/^\'(.*)\'$/";
-
-        if (preg_match($double, $str, $matches)) {
-            return $matches[1];
-        } else if (preg_match($single, $str, $matches)) {
-            return $matches[1];
-        } else {
-            return $str;
-        }
-    }
-    
-    function match($regexp, $text, &$match)
-    {
-        if (!is_callable('mb_ereg_search_init')) {
-            if (!preg_match($regexp, $text, $match)) {
-                return false;
-            }
-            $match = $match[0];
-            return true;
-        }
-
-        $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
-        mb_ereg_search_init($text);
-        if (!mb_ereg_search($regexp)) {
-            return false;
-        }
-        $match = mb_ereg_search_getregs();
-        return true;
-    }
-
-    /**
-     * Find all link tags in a string representing a HTML document and
-     * return a list of their attributes.
-     *
-     * @todo This is quite ineffective and may fail with the default
-     *       pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big.
-     *       It should rather use stripos (in PHP5) or strpos()+strtoupper()
-     *       in PHP4 to manage this.
-     *
-     * @param string $html The text to parse
-     * @return array $list An array of arrays of attributes, one for each
-     * link tag
-     */
-    function parseLinkAttrs($html)
-    {
-        $stripped = preg_replace($this->_removed_re,
-                                 "",
-                                 $html);
-
-        $html_begin = $this->htmlBegin($stripped);
-        $html_end = $this->htmlEnd($stripped);
-
-        if ($html_begin === false) {
-            return array();
-        }
-
-        if ($html_end === false) {
-            $html_end = strlen($stripped);
-        }
-
-        $stripped = substr($stripped, $html_begin,
-                           $html_end - $html_begin);
-
-        // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR:
-        $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 );
-
-        // Try to find the <HEAD> tag.
-        $head_re = $this->headFind();
-        $head_match = array();
-        if (!$this->match($head_re, $stripped, $head_match)) {
-                     ini_set( 'pcre.backtrack_limit', $old_btlimit );
-                     return array();
-        }
-
-        $link_data = array();
-        $link_matches = array();
-
-        if (!preg_match_all($this->_link_find, $head_match[0],
-                            $link_matches)) {
-            ini_set( 'pcre.backtrack_limit', $old_btlimit );
-            return array();
-        }
-
-        foreach ($link_matches[0] as $link) {
-            $attr_matches = array();
-            preg_match_all($this->_attr_find, $link, $attr_matches);
-            $link_attrs = array();
-            foreach ($attr_matches[0] as $index => $full_match) {
-                $name = $attr_matches[1][$index];
-                $value = $this->replaceEntities(
-                              $this->removeQuotes($attr_matches[2][$index]));
-
-                $link_attrs[strtolower($name)] = $value;
-            }
-            $link_data[] = $link_attrs;
-        }
-
-        ini_set( 'pcre.backtrack_limit', $old_btlimit );
-        return $link_data;
-    }
-
-    function relMatches($rel_attr, $target_rel)
-    {
-        // Does this target_rel appear in the rel_str?
-        // XXX: TESTME
-        $rels = preg_split("/\s+/", trim($rel_attr));
-        foreach ($rels as $rel) {
-            $rel = strtolower($rel);
-            if ($rel == $target_rel) {
-                return 1;
-            }
-        }
-
-        return 0;
-    }
-
-    function linkHasRel($link_attrs, $target_rel)
-    {
-        // Does this link have target_rel as a relationship?
-        // XXX: TESTME
-        $rel_attr = Auth_OpeniD::arrayGet($link_attrs, 'rel', null);
-        return ($rel_attr && $this->relMatches($rel_attr,
-                                               $target_rel));
-    }
-
-    function findLinksRel($link_attrs_list, $target_rel)
-    {
-        // Filter the list of link attributes on whether it has
-        // target_rel as a relationship.
-        // XXX: TESTME
-        $result = array();
-        foreach ($link_attrs_list as $attr) {
-            if ($this->linkHasRel($attr, $target_rel)) {
-                $result[] = $attr;
-            }
-        }
-
-        return $result;
-    }
-
-    function findFirstHref($link_attrs_list, $target_rel)
-    {
-        // Return the value of the href attribute for the first link
-        // tag in the list that has target_rel as a relationship.
-        // XXX: TESTME
-        $matches = $this->findLinksRel($link_attrs_list,
-                                       $target_rel);
-        if (!$matches) {
-            return null;
-        }
-        $first = $matches[0];
-        return Auth_OpenID::arrayGet($first, 'href', null);
-    }
-}
-
-function Auth_OpenID_legacy_discover($html_text, $server_rel,
-                                     $delegate_rel)
-{
-    $p = new Auth_OpenID_Parse();
-
-    $link_attrs = $p->parseLinkAttrs($html_text);
-
-    $server_url = $p->findFirstHref($link_attrs,
-                                    $server_rel);
-
-    if ($server_url === null) {
-        return false;
-    } else {
-        $delegate_url = $p->findFirstHref($link_attrs,
-                                          $delegate_rel);
-        return array($delegate_url, $server_url);
-    }
-}
-
diff --git a/lib/Auth/OpenID/PostgreSQLStore.php b/lib/Auth/OpenID/PostgreSQLStore.php
deleted file mode 100644
index d90e43e00d96001e0b0d389d21dd6ec704a8e163..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/PostgreSQLStore.php
+++ /dev/null
@@ -1,112 +0,0 @@
-<?php
-
-/**
- * A PostgreSQL store.
- *
- * @package OpenID
- */
-
-/**
- * Require the base class file.
- */
-require_once "Auth/OpenID/SQLStore.php";
-
-/**
- * An SQL store that uses PostgreSQL as its backend.
- *
- * @package OpenID
- */
-class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore {
-    /**
-     * @access private
-     */
-    function setSQL()
-    {
-        $this->sql['nonce_table'] =
-            "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ".
-                             "timestamp INTEGER NOT NULL, ".
-                             "salt CHAR(40) NOT NULL, ".
-                "UNIQUE (server_url, timestamp, salt))";
-
-        $this->sql['assoc_table'] =
-            "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ". 
-                             "handle VARCHAR(255) NOT NULL, ".
-                             "secret BYTEA NOT NULL, ".
-                             "issued INTEGER NOT NULL, ".
-                             "lifetime INTEGER NOT NULL, ".
-                             "assoc_type VARCHAR(64) NOT NULL, ".
-            "PRIMARY KEY (server_url, handle), ".
-            "CONSTRAINT secret_length_constraint CHECK ".
-            "(LENGTH(secret) <= 128))";
-
-        $this->sql['set_assoc'] =
-            array(
-                  'insert_assoc' => "INSERT INTO %s (server_url, handle, ".
-                  "secret, issued, lifetime, assoc_type) VALUES ".
-                  "(?, ?, '!', ?, ?, ?)",
-                  'update_assoc' => "UPDATE %s SET secret = '!', issued = ?, ".
-                  "lifetime = ?, assoc_type = ? WHERE server_url = ? AND ".
-                  "handle = ?"
-                  );
-
-        $this->sql['get_assocs'] =
-            "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
-            "WHERE server_url = ?";
-
-        $this->sql['get_assoc'] =
-            "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
-            "WHERE server_url = ? AND handle = ?";
-
-        $this->sql['remove_assoc'] =
-            "DELETE FROM %s WHERE server_url = ? AND handle = ?";
-
-        $this->sql['add_nonce'] =
-                  "INSERT INTO %s (server_url, timestamp, salt) VALUES ".
-                  "(?, ?, ?)"
-                  ;
-
-        $this->sql['clean_nonce'] =
-            "DELETE FROM %s WHERE timestamp < ?";
-
-        $this->sql['clean_assoc'] =
-            "DELETE FROM %s WHERE issued + lifetime < ?";
-    }
-
-    /**
-     * @access private
-     */
-    function _set_assoc($server_url, $handle, $secret, $issued, $lifetime,
-                        $assoc_type)
-    {
-        $result = $this->_get_assoc($server_url, $handle);
-        if ($result) {
-            // Update the table since this associations already exists.
-            $this->connection->query($this->sql['set_assoc']['update_assoc'],
-                                     array($secret, $issued, $lifetime,
-                                           $assoc_type, $server_url, $handle));
-        } else {
-            // Insert a new record because this association wasn't
-            // found.
-            $this->connection->query($this->sql['set_assoc']['insert_assoc'],
-                                     array($server_url, $handle, $secret,
-                                           $issued, $lifetime, $assoc_type));
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function blobEncode($blob)
-    {
-        return $this->_octify($blob);
-    }
-
-    /**
-     * @access private
-     */
-    function blobDecode($blob)
-    {
-        return $this->_unoctify($blob);
-    }
-}
-
diff --git a/lib/Auth/OpenID/SQLStore.php b/lib/Auth/OpenID/SQLStore.php
deleted file mode 100644
index c04059732cf370d01f915a3c755cf0c0fe5c6a96..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/SQLStore.php
+++ /dev/null
@@ -1,557 +0,0 @@
-<?php
-
-/**
- * SQL-backed OpenID stores.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Interface.php';
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * This is the parent class for the SQL stores, which contains the
- * logic common to all of the SQL stores.
- *
- * The table names used are determined by the class variables
- * associations_table_name and nonces_table_name.  To change the name
- * of the tables used, pass new table names into the constructor.
- *
- * To create the tables with the proper schema, see the createTables
- * method.
- *
- * This class shouldn't be used directly.  Use one of its subclasses
- * instead, as those contain the code necessary to use a specific
- * database.  If you're an OpenID integrator and you'd like to create
- * an SQL-driven store that wraps an application's database
- * abstraction, be sure to create a subclass of
- * {@link Auth_OpenID_DatabaseConnection} that calls the application's
- * database abstraction calls.  Then, pass an instance of your new
- * database connection class to your SQLStore subclass constructor.
- *
- * All methods other than the constructor and createTables should be
- * considered implementation details.
- *
- * @package OpenID
- */
-class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
-
-    /**
-     * This creates a new SQLStore instance.  It requires an
-     * established database connection be given to it, and it allows
-     * overriding the default table names.
-     *
-     * @param connection $connection This must be an established
-     * connection to a database of the correct type for the SQLStore
-     * subclass you're using.  This must either be an PEAR DB
-     * connection handle or an instance of a subclass of
-     * Auth_OpenID_DatabaseConnection.
-     *
-     * @param associations_table: This is an optional parameter to
-     * specify the name of the table used for storing associations.
-     * The default value is 'oid_associations'.
-     *
-     * @param nonces_table: This is an optional parameter to specify
-     * the name of the table used for storing nonces.  The default
-     * value is 'oid_nonces'.
-     */
-    function Auth_OpenID_SQLStore($connection,
-                                  $associations_table = null,
-                                  $nonces_table = null)
-    {
-        $this->associations_table_name = "oid_associations";
-        $this->nonces_table_name = "oid_nonces";
-
-        // Check the connection object type to be sure it's a PEAR
-        // database connection.
-        if (!(is_object($connection) &&
-              (is_subclass_of($connection, 'db_common') ||
-               is_subclass_of($connection,
-                              'auth_openid_databaseconnection')))) {
-            trigger_error("Auth_OpenID_SQLStore expected PEAR connection " .
-                          "object (got ".get_class($connection).")",
-                          E_USER_ERROR);
-            return;
-        }
-
-        $this->connection = $connection;
-
-        // Be sure to set the fetch mode so the results are keyed on
-        // column name instead of column index.  This is a PEAR
-        // constant, so only try to use it if PEAR is present.  Note
-        // that Auth_Openid_Databaseconnection instances need not
-        // implement ::setFetchMode for this reason.
-        if (is_subclass_of($this->connection, 'db_common')) {
-            $this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
-        }
-
-        if ($associations_table) {
-            $this->associations_table_name = $associations_table;
-        }
-
-        if ($nonces_table) {
-            $this->nonces_table_name = $nonces_table;
-        }
-
-        $this->max_nonce_age = 6 * 60 * 60;
-
-        // Be sure to run the database queries with auto-commit mode
-        // turned OFF, because we want every function to run in a
-        // transaction, implicitly.  As a rule, methods named with a
-        // leading underscore will NOT control transaction behavior.
-        // Callers of these methods will worry about transactions.
-        $this->connection->autoCommit(false);
-
-        // Create an empty SQL strings array.
-        $this->sql = array();
-
-        // Call this method (which should be overridden by subclasses)
-        // to populate the $this->sql array with SQL strings.
-        $this->setSQL();
-
-        // Verify that all required SQL statements have been set, and
-        // raise an error if any expected SQL strings were either
-        // absent or empty.
-        list($missing, $empty) = $this->_verifySQL();
-
-        if ($missing) {
-            trigger_error("Expected keys in SQL query list: " .
-                          implode(", ", $missing),
-                          E_USER_ERROR);
-            return;
-        }
-
-        if ($empty) {
-            trigger_error("SQL list keys have no SQL strings: " .
-                          implode(", ", $empty),
-                          E_USER_ERROR);
-            return;
-        }
-
-        // Add table names to queries.
-        $this->_fixSQL();
-    }
-
-    function tableExists($table_name)
-    {
-        return !$this->isError(
-                      $this->connection->query(
-                          sprintf("SELECT * FROM %s LIMIT 0",
-                                  $table_name)));
-    }
-
-    /**
-     * Returns true if $value constitutes a database error; returns
-     * false otherwise.
-     */
-    function isError($value)
-    {
-        return PEAR::isError($value);
-    }
-
-    /**
-     * Converts a query result to a boolean.  If the result is a
-     * database error according to $this->isError(), this returns
-     * false; otherwise, this returns true.
-     */
-    function resultToBool($obj)
-    {
-        if ($this->isError($obj)) {
-            return false;
-        } else {
-            return true;
-        }
-    }
-
-    /**
-     * This method should be overridden by subclasses.  This method is
-     * called by the constructor to set values in $this->sql, which is
-     * an array keyed on sql name.
-     */
-    function setSQL()
-    {
-    }
-
-    /**
-     * Resets the store by removing all records from the store's
-     * tables.
-     */
-    function reset()
-    {
-        $this->connection->query(sprintf("DELETE FROM %s",
-                                         $this->associations_table_name));
-
-        $this->connection->query(sprintf("DELETE FROM %s",
-                                         $this->nonces_table_name));
-    }
-
-    /**
-     * @access private
-     */
-    function _verifySQL()
-    {
-        $missing = array();
-        $empty = array();
-
-        $required_sql_keys = array(
-                                   'nonce_table',
-                                   'assoc_table',
-                                   'set_assoc',
-                                   'get_assoc',
-                                   'get_assocs',
-                                   'remove_assoc'
-                                   );
-
-        foreach ($required_sql_keys as $key) {
-            if (!array_key_exists($key, $this->sql)) {
-                $missing[] = $key;
-            } else if (!$this->sql[$key]) {
-                $empty[] = $key;
-            }
-        }
-
-        return array($missing, $empty);
-    }
-
-    /**
-     * @access private
-     */
-    function _fixSQL()
-    {
-        $replacements = array(
-                              array(
-                                    'value' => $this->nonces_table_name,
-                                    'keys' => array('nonce_table',
-                                                    'add_nonce',
-                                                    'clean_nonce')
-                                    ),
-                              array(
-                                    'value' => $this->associations_table_name,
-                                    'keys' => array('assoc_table',
-                                                    'set_assoc',
-                                                    'get_assoc',
-                                                    'get_assocs',
-                                                    'remove_assoc',
-                                                    'clean_assoc')
-                                    )
-                              );
-
-        foreach ($replacements as $item) {
-            $value = $item['value'];
-            $keys = $item['keys'];
-
-            foreach ($keys as $k) {
-                if (is_array($this->sql[$k])) {
-                    foreach ($this->sql[$k] as $part_key => $part_value) {
-                        $this->sql[$k][$part_key] = sprintf($part_value,
-                                                            $value);
-                    }
-                } else {
-                    $this->sql[$k] = sprintf($this->sql[$k], $value);
-                }
-            }
-        }
-    }
-
-    function blobDecode($blob)
-    {
-        return $blob;
-    }
-
-    function blobEncode($str)
-    {
-        return $str;
-    }
-
-    function createTables()
-    {
-        $this->connection->autoCommit(true);
-        $n = $this->create_nonce_table();
-        $a = $this->create_assoc_table();
-        $this->connection->autoCommit(false);
-
-        if ($n && $a) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    function create_nonce_table()
-    {
-        if (!$this->tableExists($this->nonces_table_name)) {
-            $r = $this->connection->query($this->sql['nonce_table']);
-            return $this->resultToBool($r);
-        }
-        return true;
-    }
-
-    function create_assoc_table()
-    {
-        if (!$this->tableExists($this->associations_table_name)) {
-            $r = $this->connection->query($this->sql['assoc_table']);
-            return $this->resultToBool($r);
-        }
-        return true;
-    }
-
-    /**
-     * @access private
-     */
-    function _set_assoc($server_url, $handle, $secret, $issued,
-                        $lifetime, $assoc_type)
-    {
-        return $this->connection->query($this->sql['set_assoc'],
-                                        array(
-                                              $server_url,
-                                              $handle,
-                                              $secret,
-                                              $issued,
-                                              $lifetime,
-                                              $assoc_type));
-    }
-
-    function storeAssociation($server_url, $association)
-    {
-        if ($this->resultToBool($this->_set_assoc(
-                                            $server_url,
-                                            $association->handle,
-                                            $this->blobEncode(
-                                                  $association->secret),
-                                            $association->issued,
-                                            $association->lifetime,
-                                            $association->assoc_type
-                                            ))) {
-            $this->connection->commit();
-        } else {
-            $this->connection->rollback();
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _get_assoc($server_url, $handle)
-    {
-        $result = $this->connection->getRow($this->sql['get_assoc'],
-                                            array($server_url, $handle));
-        if ($this->isError($result)) {
-            return null;
-        } else {
-            return $result;
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _get_assocs($server_url)
-    {
-        $result = $this->connection->getAll($this->sql['get_assocs'],
-                                            array($server_url));
-
-        if ($this->isError($result)) {
-            return array();
-        } else {
-            return $result;
-        }
-    }
-
-    function removeAssociation($server_url, $handle)
-    {
-        if ($this->_get_assoc($server_url, $handle) == null) {
-            return false;
-        }
-
-        if ($this->resultToBool($this->connection->query(
-                              $this->sql['remove_assoc'],
-                              array($server_url, $handle)))) {
-            $this->connection->commit();
-        } else {
-            $this->connection->rollback();
-        }
-
-        return true;
-    }
-
-    function getAssociation($server_url, $handle = null)
-    {
-        if ($handle !== null) {
-            $assoc = $this->_get_assoc($server_url, $handle);
-
-            $assocs = array();
-            if ($assoc) {
-                $assocs[] = $assoc;
-            }
-        } else {
-            $assocs = $this->_get_assocs($server_url);
-        }
-
-        if (!$assocs || (count($assocs) == 0)) {
-            return null;
-        } else {
-            $associations = array();
-
-            foreach ($assocs as $assoc_row) {
-                $assoc = new Auth_OpenID_Association($assoc_row['handle'],
-                                                     $assoc_row['secret'],
-                                                     $assoc_row['issued'],
-                                                     $assoc_row['lifetime'],
-                                                     $assoc_row['assoc_type']);
-
-                $assoc->secret = $this->blobDecode($assoc->secret);
-
-                if ($assoc->getExpiresIn() == 0) {
-                    $this->removeAssociation($server_url, $assoc->handle);
-                } else {
-                    $associations[] = array($assoc->issued, $assoc);
-                }
-            }
-
-            if ($associations) {
-                $issued = array();
-                $assocs = array();
-                foreach ($associations as $key => $assoc) {
-                    $issued[$key] = $assoc[0];
-                    $assocs[$key] = $assoc[1];
-                }
-
-                array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
-                                $associations);
-
-                // return the most recently issued one.
-                list($issued, $assoc) = $associations[0];
-                return $assoc;
-            } else {
-                return null;
-            }
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function _add_nonce($server_url, $timestamp, $salt)
-    {
-        $sql = $this->sql['add_nonce'];
-        $result = $this->connection->query($sql, array($server_url,
-                                                       $timestamp,
-                                                       $salt));
-        if ($this->isError($result)) {
-            $this->connection->rollback();
-        } else {
-            $this->connection->commit();
-        }
-        return $this->resultToBool($result);
-    }
-
-    function useNonce($server_url, $timestamp, $salt)
-    {
-        global $Auth_OpenID_SKEW;
-
-        if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
-            return false;
-        }
-
-        return $this->_add_nonce($server_url, $timestamp, $salt);
-    }
-
-    /**
-     * "Octifies" a binary string by returning a string with escaped
-     * octal bytes.  This is used for preparing binary data for
-     * PostgreSQL BYTEA fields.
-     *
-     * @access private
-     */
-    function _octify($str)
-    {
-        $result = "";
-        for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
-            $ch = substr($str, $i, 1);
-            if ($ch == "\\") {
-                $result .= "\\\\\\\\";
-            } else if (ord($ch) == 0) {
-                $result .= "\\\\000";
-            } else {
-                $result .= "\\" . strval(decoct(ord($ch)));
-            }
-        }
-        return $result;
-    }
-
-    /**
-     * "Unoctifies" octal-escaped data from PostgreSQL and returns the
-     * resulting ASCII (possibly binary) string.
-     *
-     * @access private
-     */
-    function _unoctify($str)
-    {
-        $result = "";
-        $i = 0;
-        while ($i < strlen($str)) {
-            $char = $str[$i];
-            if ($char == "\\") {
-                // Look to see if the next char is a backslash and
-                // append it.
-                if ($str[$i + 1] != "\\") {
-                    $octal_digits = substr($str, $i + 1, 3);
-                    $dec = octdec($octal_digits);
-                    $char = chr($dec);
-                    $i += 4;
-                } else {
-                    $char = "\\";
-                    $i += 2;
-                }
-            } else {
-                $i += 1;
-            }
-
-            $result .= $char;
-        }
-
-        return $result;
-    }
-
-    function cleanupNonces()
-    {
-        global $Auth_OpenID_SKEW;
-        $v = time() - $Auth_OpenID_SKEW;
-
-        $this->connection->query($this->sql['clean_nonce'], array($v));
-        $num = $this->connection->affectedRows();
-        $this->connection->commit();
-        return $num;
-    }
-
-    function cleanupAssociations()
-    {
-        $this->connection->query($this->sql['clean_assoc'],
-                                 array(time()));
-        $num = $this->connection->affectedRows();
-        $this->connection->commit();
-        return $num;
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/SQLiteStore.php b/lib/Auth/OpenID/SQLiteStore.php
deleted file mode 100644
index 4558fa1c33b1931b6cfa9d6978537c5ac40a6091..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/SQLiteStore.php
+++ /dev/null
@@ -1,70 +0,0 @@
-<?php
-
-/**
- * An SQLite store.
- *
- * @package OpenID
- */
-
-/**
- * Require the base class file.
- */
-require_once "Auth/OpenID/SQLStore.php";
-
-/**
- * An SQL store that uses SQLite as its backend.
- *
- * @package OpenID
- */
-class Auth_OpenID_SQLiteStore extends Auth_OpenID_SQLStore {
-    function setSQL()
-    {
-        $this->sql['nonce_table'] =
-            "CREATE TABLE %s (server_url VARCHAR(2047), timestamp INTEGER, ".
-            "salt CHAR(40), UNIQUE (server_url, timestamp, salt))";
-
-        $this->sql['assoc_table'] =
-            "CREATE TABLE %s (server_url VARCHAR(2047), handle VARCHAR(255), ".
-            "secret BLOB(128), issued INTEGER, lifetime INTEGER, ".
-            "assoc_type VARCHAR(64), PRIMARY KEY (server_url, handle))";
-
-        $this->sql['set_assoc'] =
-            "INSERT OR REPLACE INTO %s VALUES (?, ?, ?, ?, ?, ?)";
-
-        $this->sql['get_assocs'] =
-            "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
-            "WHERE server_url = ?";
-
-        $this->sql['get_assoc'] =
-            "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
-            "WHERE server_url = ? AND handle = ?";
-
-        $this->sql['remove_assoc'] =
-            "DELETE FROM %s WHERE server_url = ? AND handle = ?";
-
-        $this->sql['add_nonce'] =
-            "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)";
-
-        $this->sql['clean_nonce'] =
-            "DELETE FROM %s WHERE timestamp < ?";
-
-        $this->sql['clean_assoc'] =
-            "DELETE FROM %s WHERE issued + lifetime < ?";
-    }
-
-    /**
-     * @access private
-     */
-    function _add_nonce($server_url, $timestamp, $salt)
-    {
-        // PECL SQLite extensions 1.0.3 and older (1.0.3 is the
-        // current release at the time of this writing) have a broken
-        // sqlite_escape_string function that breaks when passed the
-        // empty string. Prefixing all strings with one character
-        // keeps them unique and avoids this bug. The nonce table is
-        // write-only, so we don't have to worry about updating other
-        // functions with this same bad hack.
-        return parent::_add_nonce('x' . $server_url, $timestamp, $salt);
-    }
-}
-
diff --git a/lib/Auth/OpenID/SReg.php b/lib/Auth/OpenID/SReg.php
deleted file mode 100644
index 5ece7072434bc62c340625db0a83d1312b4f1747..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/SReg.php
+++ /dev/null
@@ -1,521 +0,0 @@
-<?php
-
-/**
- * Simple registration request and response parsing and object
- * representation.
- *
- * This module contains objects representing simple registration
- * requests and responses that can be used with both OpenID relying
- * parties and OpenID providers.
- *
- * 1. The relying party creates a request object and adds it to the
- * {@link Auth_OpenID_AuthRequest} object before making the
- * checkid request to the OpenID provider:
- *
- *   $sreg_req = Auth_OpenID_SRegRequest::build(array('email'));
- *   $auth_request->addExtension($sreg_req);
- *
- * 2. The OpenID provider extracts the simple registration request
- * from the OpenID request using {@link
- * Auth_OpenID_SRegRequest::fromOpenIDRequest}, gets the user's
- * approval and data, creates an {@link Auth_OpenID_SRegResponse}
- * object and adds it to the id_res response:
- *
- *   $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest(
- *                                  $checkid_request);
- *   // [ get the user's approval and data, informing the user that
- *   //   the fields in sreg_response were requested ]
- *   $sreg_resp = Auth_OpenID_SRegResponse::extractResponse(
- *                                  $sreg_req, $user_data);
- *   $sreg_resp->toMessage($openid_response->fields);
- *
- * 3. The relying party uses {@link
- * Auth_OpenID_SRegResponse::fromSuccessResponse} to extract the data
- * from the OpenID response:
- *
- *   $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse(
- *                                  $success_response);
- *
- * @package OpenID
- */
-
-/**
- * Import message and extension internals.
- */
-require_once 'Auth/OpenID/Message.php';
-require_once 'Auth/OpenID/Extension.php';
-
-// The data fields that are listed in the sreg spec
-global $Auth_OpenID_sreg_data_fields;
-$Auth_OpenID_sreg_data_fields = array(
-                                      'fullname' => 'Full Name',
-                                      'nickname' => 'Nickname',
-                                      'dob' => 'Date of Birth',
-                                      'email' => 'E-mail Address',
-                                      'gender' => 'Gender',
-                                      'postcode' => 'Postal Code',
-                                      'country' => 'Country',
-                                      'language' => 'Language',
-                                      'timezone' => 'Time Zone');
-
-/**
- * Check to see that the given value is a valid simple registration
- * data field name.  Return true if so, false if not.
- */
-function Auth_OpenID_checkFieldName($field_name)
-{
-    global $Auth_OpenID_sreg_data_fields;
-
-    if (!in_array($field_name, array_keys($Auth_OpenID_sreg_data_fields))) {
-        return false;
-    }
-    return true;
-}
-
-// URI used in the wild for Yadis documents advertising simple
-// registration support
-define('Auth_OpenID_SREG_NS_URI_1_0', 'http://openid.net/sreg/1.0');
-
-// URI in the draft specification for simple registration 1.1
-// <http://openid.net/specs/openid-simple-registration-extension-1_1-01.html>
-define('Auth_OpenID_SREG_NS_URI_1_1', 'http://openid.net/extensions/sreg/1.1');
-
-// This attribute will always hold the preferred URI to use when
-// adding sreg support to an XRDS file or in an OpenID namespace
-// declaration.
-define('Auth_OpenID_SREG_NS_URI', Auth_OpenID_SREG_NS_URI_1_1);
-
-Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg');
-
-/**
- * Does the given endpoint advertise support for simple
- * registration?
- *
- * $endpoint: The endpoint object as returned by OpenID discovery.
- * returns whether an sreg type was advertised by the endpoint
- */
-function Auth_OpenID_supportsSReg($endpoint)
-{
-    return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
-            $endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
-}
-
-/**
- * A base class for classes dealing with Simple Registration protocol
- * messages.
- *
- * @package OpenID
- */
-class Auth_OpenID_SRegBase extends Auth_OpenID_Extension {
-    /**
-     * Extract the simple registration namespace URI from the given
-     * OpenID message. Handles OpenID 1 and 2, as well as both sreg
-     * namespace URIs found in the wild, as well as missing namespace
-     * definitions (for OpenID 1)
-     *
-     * $message: The OpenID message from which to parse simple
-     * registration fields. This may be a request or response message.
-     *
-     * Returns the sreg namespace URI for the supplied message. The
-     * message may be modified to define a simple registration
-     * namespace.
-     *
-     * @access private
-     */
-    static function _getSRegNS($message)
-    {
-        $alias = null;
-        $found_ns_uri = null;
-
-        // See if there exists an alias for one of the two defined
-        // simple registration types.
-        foreach (array(Auth_OpenID_SREG_NS_URI_1_1,
-                       Auth_OpenID_SREG_NS_URI_1_0) as $sreg_ns_uri) {
-            $alias = $message->namespaces->getAlias($sreg_ns_uri);
-            if ($alias !== null) {
-                $found_ns_uri = $sreg_ns_uri;
-                break;
-            }
-        }
-
-        if ($alias === null) {
-            // There is no alias for either of the types, so try to
-            // add one. We default to using the modern value (1.1)
-            $found_ns_uri = Auth_OpenID_SREG_NS_URI_1_1;
-            if ($message->namespaces->addAlias(Auth_OpenID_SREG_NS_URI_1_1,
-                                               'sreg') === null) {
-                // An alias for the string 'sreg' already exists, but
-                // it's defined for something other than simple
-                // registration
-                return null;
-            }
-        }
-
-        return $found_ns_uri;
-    }
-}
-
-/**
- * An object to hold the state of a simple registration request.
- *
- * required: A list of the required fields in this simple registration
- * request
- *
- * optional: A list of the optional fields in this simple registration
- * request
- *
- * @package OpenID
- */
-class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
-
-    var $ns_alias = 'sreg';
-
-    /**
-     * Initialize an empty simple registration request.
-     */
-    static function build($required=null, $optional=null,
-                   $policy_url=null,
-                   $sreg_ns_uri=Auth_OpenID_SREG_NS_URI,
-                   $cls='Auth_OpenID_SRegRequest')
-    {
-        $obj = new $cls();
-
-        $obj->required = array();
-        $obj->optional = array();
-        $obj->policy_url = $policy_url;
-        $obj->ns_uri = $sreg_ns_uri;
-
-        if ($required) {
-            if (!$obj->requestFields($required, true, true)) {
-                return null;
-            }
-        }
-
-        if ($optional) {
-            if (!$obj->requestFields($optional, false, true)) {
-                return null;
-            }
-        }
-
-        return $obj;
-    }
-
-    /**
-     * Create a simple registration request that contains the fields
-     * that were requested in the OpenID request with the given
-     * arguments
-     *
-     * $request: The OpenID authentication request from which to
-     * extract an sreg request.
-     *
-     * $cls: name of class to use when creating sreg request object.
-     * Used for testing.
-     *
-     * Returns the newly created simple registration request
-     */
-    static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
-    {
-
-        $obj = call_user_func_array(array($cls, 'build'),
-                 array(null, null, null, Auth_OpenID_SREG_NS_URI, $cls));
-
-        // Since we're going to mess with namespace URI mapping, don't
-        // mutate the object that was passed in.
-        $m = $request->message;
-
-        $obj->ns_uri = $obj->_getSRegNS($m);
-        $args = $m->getArgs($obj->ns_uri);
-
-        if ($args === null || Auth_OpenID::isFailure($args)) {
-            return null;
-        }
-
-        $obj->parseExtensionArgs($args);
-
-        return $obj;
-    }
-
-    /**
-     * Parse the unqualified simple registration request parameters
-     * and add them to this object.
-     *
-     * This method is essentially the inverse of
-     * getExtensionArgs. This method restores the serialized simple
-     * registration request fields.
-     *
-     * If you are extracting arguments from a standard OpenID
-     * checkid_* request, you probably want to use fromOpenIDRequest,
-     * which will extract the sreg namespace and arguments from the
-     * OpenID request. This method is intended for cases where the
-     * OpenID server needs more control over how the arguments are
-     * parsed than that method provides.
-     *
-     * $args == $message->getArgs($ns_uri);
-     * $request->parseExtensionArgs($args);
-     *
-     * $args: The unqualified simple registration arguments
-     *
-     * strict: Whether requests with fields that are not defined in
-     * the simple registration specification should be tolerated (and
-     * ignored)
-     */
-    function parseExtensionArgs($args, $strict=false)
-    {
-        foreach (array('required', 'optional') as $list_name) {
-            $required = ($list_name == 'required');
-            $items = Auth_OpenID::arrayGet($args, $list_name);
-            if ($items) {
-                foreach (explode(',', $items) as $field_name) {
-                    if (!$this->requestField($field_name, $required, $strict)) {
-                        if ($strict) {
-                            return false;
-                        }
-                    }
-                }
-            }
-        }
-
-        $this->policy_url = Auth_OpenID::arrayGet($args, 'policy_url');
-
-        return true;
-    }
-
-    /**
-     * A list of all of the simple registration fields that were
-     * requested, whether they were required or optional.
-     */
-    function allRequestedFields()
-    {
-        return array_merge($this->required, $this->optional);
-    }
-
-    /**
-     * Have any simple registration fields been requested?
-     */
-    function wereFieldsRequested()
-    {
-        return count($this->allRequestedFields());
-    }
-
-    /**
-     * Was this field in the request?
-     */
-    function contains($field_name)
-    {
-        return (in_array($field_name, $this->required) ||
-                in_array($field_name, $this->optional));
-    }
-
-    /**
-     * Request the specified field from the OpenID user
-     *
-     * $field_name: the unqualified simple registration field name
-     *
-     * required: whether the given field should be presented to the
-     * user as being a required to successfully complete the request
-     *
-     * strict: whether to raise an exception when a field is added to
-     * a request more than once
-     */
-    function requestField($field_name,
-                          $required=false, $strict=false)
-    {
-        if (!Auth_OpenID_checkFieldName($field_name)) {
-            return false;
-        }
-
-        if ($strict) {
-            if ($this->contains($field_name)) {
-                return false;
-            }
-        } else {
-            if (in_array($field_name, $this->required)) {
-                return true;
-            }
-
-            if (in_array($field_name, $this->optional)) {
-                if ($required) {
-                    unset($this->optional[array_search($field_name,
-                                                       $this->optional)]);
-                } else {
-                    return true;
-                }
-            }
-        }
-
-        if ($required) {
-            $this->required[] = $field_name;
-        } else {
-            $this->optional[] = $field_name;
-        }
-
-        return true;
-    }
-
-    /**
-     * Add the given list of fields to the request
-     *
-     * field_names: The simple registration data fields to request
-     *
-     * required: Whether these values should be presented to the user
-     * as required
-     *
-     * strict: whether to raise an exception when a field is added to
-     * a request more than once
-     */
-    function requestFields($field_names, $required=false, $strict=false)
-    {
-        if (!is_array($field_names)) {
-            return false;
-        }
-
-        foreach ($field_names as $field_name) {
-            if (!$this->requestField($field_name, $required, $strict=$strict)) {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * Get a dictionary of unqualified simple registration arguments
-     * representing this request.
-     *
-     * This method is essentially the inverse of
-     * C{L{parseExtensionArgs}}. This method serializes the simple
-     * registration request fields.
-     */
-    function getExtensionArgs()
-    {
-        $args = array();
-
-        if ($this->required) {
-            $args['required'] = implode(',', $this->required);
-        }
-
-        if ($this->optional) {
-            $args['optional'] = implode(',', $this->optional);
-        }
-
-        if ($this->policy_url) {
-            $args['policy_url'] = $this->policy_url;
-        }
-
-        return $args;
-    }
-}
-
-/**
- * Represents the data returned in a simple registration response
- * inside of an OpenID C{id_res} response. This object will be created
- * by the OpenID server, added to the C{id_res} response object, and
- * then extracted from the C{id_res} message by the Consumer.
- *
- * @package OpenID
- */
-class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
-
-    var $ns_alias = 'sreg';
-
-    function Auth_OpenID_SRegResponse($data=null,
-                                      $sreg_ns_uri=Auth_OpenID_SREG_NS_URI)
-    {
-        if ($data === null) {
-            $this->data = array();
-        } else {
-            $this->data = $data;
-        }
-
-        $this->ns_uri = $sreg_ns_uri;
-    }
-
-    /**
-     * Take a C{L{SRegRequest}} and a dictionary of simple
-     * registration values and create a C{L{SRegResponse}} object
-     * containing that data.
-     *
-     * request: The simple registration request object
-     *
-     * data: The simple registration data for this response, as a
-     * dictionary from unqualified simple registration field name to
-     * string (unicode) value. For instance, the nickname should be
-     * stored under the key 'nickname'.
-     */
-    static function extractResponse($request, $data)
-    {
-        $obj = new Auth_OpenID_SRegResponse();
-        $obj->ns_uri = $request->ns_uri;
-
-        foreach ($request->allRequestedFields() as $field) {
-            $value = Auth_OpenID::arrayGet($data, $field);
-            if ($value !== null) {
-                $obj->data[$field] = $value;
-            }
-        }
-
-        return $obj;
-    }
-
-    /**
-     * Create a C{L{SRegResponse}} object from a successful OpenID
-     * library response
-     * (C{L{openid.consumer.consumer.SuccessResponse}}) response
-     * message
-     *
-     * success_response: A SuccessResponse from consumer.complete()
-     *
-     * signed_only: Whether to process only data that was
-     * signed in the id_res message from the server.
-     *
-     * Returns a simple registration response containing the data that
-     * was supplied with the C{id_res} response.
-     */
-    static function fromSuccessResponse($success_response, $signed_only=true)
-    {
-        global $Auth_OpenID_sreg_data_fields;
-
-        $obj = new Auth_OpenID_SRegResponse();
-        $obj->ns_uri = $obj->_getSRegNS($success_response->message);
-
-        if ($signed_only) {
-            $args = $success_response->getSignedNS($obj->ns_uri);
-        } else {
-            $args = $success_response->message->getArgs($obj->ns_uri);
-        }
-
-        if ($args === null || Auth_OpenID::isFailure($args)) {
-            return null;
-        }
-
-        foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) {
-            if (in_array($field_name, array_keys($args))) {
-                $obj->data[$field_name] = $args[$field_name];
-            }
-        }
-
-        return $obj;
-    }
-
-    function getExtensionArgs()
-    {
-        return $this->data;
-    }
-
-    // Read-only dictionary interface
-    function get($field_name, $default=null)
-    {
-        if (!Auth_OpenID_checkFieldName($field_name)) {
-            return null;
-        }
-
-        return Auth_OpenID::arrayGet($this->data, $field_name, $default);
-    }
-
-    function contents()
-    {
-        return $this->data;
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/Server.php b/lib/Auth/OpenID/Server.php
deleted file mode 100644
index 9887d1e8d8d99c8b8c759d5c0c76b312dcb0c037..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/Server.php
+++ /dev/null
@@ -1,1765 +0,0 @@
-<?php
-
-/**
- * OpenID server protocol and logic.
- * 
- * Overview
- *
- * An OpenID server must perform three tasks:
- *
- *  1. Examine the incoming request to determine its nature and validity.
- *  2. Make a decision about how to respond to this request.
- *  3. Format the response according to the protocol.
- * 
- * The first and last of these tasks may performed by the {@link
- * Auth_OpenID_Server::decodeRequest()} and {@link
- * Auth_OpenID_Server::encodeResponse} methods.  Who gets to do the
- * intermediate task -- deciding how to respond to the request -- will
- * depend on what type of request it is.
- *
- * If it's a request to authenticate a user (a 'checkid_setup' or
- * 'checkid_immediate' request), you need to decide if you will assert
- * that this user may claim the identity in question.  Exactly how you
- * do that is a matter of application policy, but it generally
- * involves making sure the user has an account with your system and
- * is logged in, checking to see if that identity is hers to claim,
- * and verifying with the user that she does consent to releasing that
- * information to the party making the request.
- *
- * Examine the properties of the {@link Auth_OpenID_CheckIDRequest}
- * object, and if and when you've come to a decision, form a response
- * by calling {@link Auth_OpenID_CheckIDRequest::answer()}.
- *
- * Other types of requests relate to establishing associations between
- * client and server and verifing the authenticity of previous
- * communications.  {@link Auth_OpenID_Server} contains all the logic
- * and data necessary to respond to such requests; just pass it to
- * {@link Auth_OpenID_Server::handleRequest()}.
- *
- * OpenID Extensions
- * 
- * Do you want to provide other information for your users in addition
- * to authentication?  Version 1.2 of the OpenID protocol allows
- * consumers to add extensions to their requests.  For example, with
- * sites using the Simple Registration
- * Extension
- * (http://openid.net/specs/openid-simple-registration-extension-1_0.html),
- * a user can agree to have their nickname and e-mail address sent to
- * a site when they sign up.
- *
- * Since extensions do not change the way OpenID authentication works,
- * code to handle extension requests may be completely separate from
- * the {@link Auth_OpenID_Request} class here.  But you'll likely want
- * data sent back by your extension to be signed.  {@link
- * Auth_OpenID_ServerResponse} provides methods with which you can add
- * data to it which can be signed with the other data in the OpenID
- * signature.
- *
- * For example:
- *
- * <pre>  // when request is a checkid_* request
- *  $response = $request->answer(true);
- *  // this will a signed 'openid.sreg.timezone' parameter to the response
- *  response.addField('sreg', 'timezone', 'America/Los_Angeles')</pre>
- *
- * Stores
- *
- * The OpenID server needs to maintain state between requests in order
- * to function.  Its mechanism for doing this is called a store.  The
- * store interface is defined in Interface.php.  Additionally, several
- * concrete store implementations are provided, so that most sites
- * won't need to implement a custom store.  For a store backed by flat
- * files on disk, see {@link Auth_OpenID_FileStore}.  For stores based
- * on MySQL, SQLite, or PostgreSQL, see the {@link
- * Auth_OpenID_SQLStore} subclasses.
- *
- * Upgrading
- *
- * The keys by which a server looks up associations in its store have
- * changed in version 1.2 of this library.  If your store has entries
- * created from version 1.0 code, you should empty it.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Required imports
- */
-require_once "Auth/OpenID.php";
-require_once "Auth/OpenID/Association.php";
-require_once "Auth/OpenID/CryptUtil.php";
-require_once "Auth/OpenID/BigMath.php";
-require_once "Auth/OpenID/DiffieHellman.php";
-require_once "Auth/OpenID/KVForm.php";
-require_once "Auth/OpenID/TrustRoot.php";
-require_once "Auth/OpenID/ServerRequest.php";
-require_once "Auth/OpenID/Message.php";
-require_once "Auth/OpenID/Nonce.php";
-
-define('AUTH_OPENID_HTTP_OK', 200);
-define('AUTH_OPENID_HTTP_REDIRECT', 302);
-define('AUTH_OPENID_HTTP_ERROR', 400);
-
-/**
- * @access private
- */
-global $_Auth_OpenID_Request_Modes;
-$_Auth_OpenID_Request_Modes = array('checkid_setup',
-                                    'checkid_immediate');
-
-/**
- * @access private
- */
-define('Auth_OpenID_ENCODE_KVFORM', 'kfvorm');
-
-/**
- * @access private
- */
-define('Auth_OpenID_ENCODE_URL', 'URL/redirect');
-
-/**
- * @access private
- */
-define('Auth_OpenID_ENCODE_HTML_FORM', 'HTML form');
-
-/**
- * @access private
- */
-function Auth_OpenID_isError($obj, $cls = 'Auth_OpenID_ServerError')
-{
-    return is_a($obj, $cls);
-}
-
-/**
- * An error class which gets instantiated and returned whenever an
- * OpenID protocol error occurs.  Be prepared to use this in place of
- * an ordinary server response.
- *
- * @package OpenID
- */
-class Auth_OpenID_ServerError {
-    /**
-     * @access private
-     */
-    function Auth_OpenID_ServerError($message = null, $text = null,
-                                     $reference = null, $contact = null)
-    {
-        $this->message = $message;
-        $this->text = $text;
-        $this->contact = $contact;
-        $this->reference = $reference;
-    }
-
-    function getReturnTo()
-    {
-        if ($this->message &&
-            $this->message->hasKey(Auth_OpenID_OPENID_NS, 'return_to')) {
-            return $this->message->getArg(Auth_OpenID_OPENID_NS,
-                                          'return_to');
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * Returns the return_to URL for the request which caused this
-     * error.
-     */
-    function hasReturnTo()
-    {
-        return $this->getReturnTo() !== null;
-    }
-
-    /**
-     * Encodes this error's response as a URL suitable for
-     * redirection.  If the response has no return_to, another
-     * Auth_OpenID_ServerError is returned.
-     */
-    function encodeToURL()
-    {
-        if (!$this->message) {
-            return null;
-        }
-
-        $msg = $this->toMessage();
-        return $msg->toURL($this->getReturnTo());
-    }
-
-    /**
-     * Encodes the response to key-value form.  This is a
-     * machine-readable format used to respond to messages which came
-     * directly from the consumer and not through the user-agent.  See
-     * the OpenID specification.
-     */
-    function encodeToKVForm()
-    {
-        return Auth_OpenID_KVForm::fromArray(
-                                      array('mode' => 'error',
-                                            'error' => $this->toString()));
-    }
-
-    function toFormMarkup($form_tag_attrs=null)
-    {
-        $msg = $this->toMessage();
-        return $msg->toFormMarkup($this->getReturnTo(), $form_tag_attrs);
-    }
-
-    function toHTML($form_tag_attrs=null)
-    {
-        return Auth_OpenID::autoSubmitHTML(
-                      $this->toFormMarkup($form_tag_attrs));
-    }
-
-    function toMessage()
-    {
-        // Generate a Message object for sending to the relying party,
-        // after encoding.
-        $namespace = $this->message->getOpenIDNamespace();
-        $reply = new Auth_OpenID_Message($namespace);
-        $reply->setArg(Auth_OpenID_OPENID_NS, 'mode', 'error');
-        $reply->setArg(Auth_OpenID_OPENID_NS, 'error', $this->toString());
-
-        if ($this->contact !== null) {
-            $reply->setArg(Auth_OpenID_OPENID_NS, 'contact', $this->contact);
-        }
-
-        if ($this->reference !== null) {
-            $reply->setArg(Auth_OpenID_OPENID_NS, 'reference',
-                           $this->reference);
-        }
-
-        return $reply;
-    }
-
-    /**
-     * Returns one of Auth_OpenID_ENCODE_URL,
-     * Auth_OpenID_ENCODE_KVFORM, or null, depending on the type of
-     * encoding expected for this error's payload.
-     */
-    function whichEncoding()
-    {
-        global $_Auth_OpenID_Request_Modes;
-
-        if ($this->hasReturnTo()) {
-            if ($this->message->isOpenID2() &&
-                (strlen($this->encodeToURL()) >
-                   Auth_OpenID_OPENID1_URL_LIMIT)) {
-                return Auth_OpenID_ENCODE_HTML_FORM;
-            } else {
-                return Auth_OpenID_ENCODE_URL;
-            }
-        }
-
-        if (!$this->message) {
-            return null;
-        }
-
-        $mode = $this->message->getArg(Auth_OpenID_OPENID_NS,
-                                       'mode');
-
-        if ($mode) {
-            if (!in_array($mode, $_Auth_OpenID_Request_Modes)) {
-                return Auth_OpenID_ENCODE_KVFORM;
-            }
-        }
-        return null;
-    }
-
-    /**
-     * Returns this error message.
-     */
-    function toString()
-    {
-        if ($this->text) {
-            return $this->text;
-        } else {
-            return get_class($this) . " error";
-        }
-    }
-}
-
-/**
- * Error returned by the server code when a return_to is absent from a
- * request.
- *
- * @package OpenID
- */
-class Auth_OpenID_NoReturnToError extends Auth_OpenID_ServerError {
-    function Auth_OpenID_NoReturnToError($message = null,
-                                         $text = "No return_to URL available")
-    {
-        parent::Auth_OpenID_ServerError($message, $text);
-    }
-
-    function toString()
-    {
-        return "No return_to available";
-    }
-}
-
-/**
- * An error indicating that the return_to URL is malformed.
- *
- * @package OpenID
- */
-class Auth_OpenID_MalformedReturnURL extends Auth_OpenID_ServerError {
-    function Auth_OpenID_MalformedReturnURL($message, $return_to)
-    {
-        $this->return_to = $return_to;
-        parent::Auth_OpenID_ServerError($message, "malformed return_to URL");
-    }
-}
-
-/**
- * This error is returned when the trust_root value is malformed.
- *
- * @package OpenID
- */
-class Auth_OpenID_MalformedTrustRoot extends Auth_OpenID_ServerError {
-    function Auth_OpenID_MalformedTrustRoot($message = null,
-                                            $text = "Malformed trust root")
-    {
-        parent::Auth_OpenID_ServerError($message, $text);
-    }
-
-    function toString()
-    {
-        return "Malformed trust root";
-    }
-}
-
-/**
- * The base class for all server request classes.
- *
- * @package OpenID
- */
-class Auth_OpenID_Request {
-    var $mode = null;
-}
-
-/**
- * A request to verify the validity of a previous response.
- *
- * @package OpenID
- */
-class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request {
-    var $mode = "check_authentication";
-    var $invalidate_handle = null;
-
-    function Auth_OpenID_CheckAuthRequest($assoc_handle, $signed,
-                                          $invalidate_handle = null)
-    {
-        $this->assoc_handle = $assoc_handle;
-        $this->signed = $signed;
-        if ($invalidate_handle !== null) {
-            $this->invalidate_handle = $invalidate_handle;
-        }
-        $this->namespace = Auth_OpenID_OPENID2_NS;
-        $this->message = null;
-    }
-
-    static function fromMessage($message, $server=null)
-    {
-        $required_keys = array('assoc_handle', 'sig', 'signed');
-
-        foreach ($required_keys as $k) {
-            if (!$message->getArg(Auth_OpenID_OPENID_NS, $k)) {
-                return new Auth_OpenID_ServerError($message,
-                    sprintf("%s request missing required parameter %s from \
-                            query", "check_authentication", $k));
-            }
-        }
-
-        $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle');
-        $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig');
-
-        $signed_list = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
-        $signed_list = explode(",", $signed_list);
-
-        $signed = $message;
-        if ($signed->hasKey(Auth_OpenID_OPENID_NS, 'mode')) {
-            $signed->setArg(Auth_OpenID_OPENID_NS, 'mode', 'id_res');
-        }
-
-        $result = new Auth_OpenID_CheckAuthRequest($assoc_handle, $signed);
-        $result->message = $message;
-        $result->sig = $sig;
-        $result->invalidate_handle = $message->getArg(Auth_OpenID_OPENID_NS,
-                                                      'invalidate_handle');
-        return $result;
-    }
-
-    function answer($signatory)
-    {
-        $is_valid = $signatory->verify($this->assoc_handle, $this->signed);
-
-        // Now invalidate that assoc_handle so it this checkAuth
-        // message cannot be replayed.
-        $signatory->invalidate($this->assoc_handle, true);
-        $response = new Auth_OpenID_ServerResponse($this);
-
-        $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                  'is_valid',
-                                  ($is_valid ? "true" : "false"));
-
-        if ($this->invalidate_handle) {
-            $assoc = $signatory->getAssociation($this->invalidate_handle,
-                                                false);
-            if (!$assoc) {
-                $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                          'invalidate_handle',
-                                          $this->invalidate_handle);
-            }
-        }
-        return $response;
-    }
-}
-
-/**
- * A class implementing plaintext server sessions.
- *
- * @package OpenID
- */
-class Auth_OpenID_PlainTextServerSession {
-    /**
-     * An object that knows how to handle association requests with no
-     * session type.
-     */
-    var $session_type = 'no-encryption';
-    var $needs_math = false;
-    var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256');
-
-    static function fromMessage($unused_request)
-    {
-        return new Auth_OpenID_PlainTextServerSession();
-    }
-
-    function answer($secret)
-    {
-        return array('mac_key' => base64_encode($secret));
-    }
-}
-
-/**
- * A class implementing DH-SHA1 server sessions.
- *
- * @package OpenID
- */
-class Auth_OpenID_DiffieHellmanSHA1ServerSession {
-    /**
-     * An object that knows how to handle association requests with
-     * the Diffie-Hellman session type.
-     */
-
-    var $session_type = 'DH-SHA1';
-    var $needs_math = true;
-    var $allowed_assoc_types = array('HMAC-SHA1');
-    var $hash_func = 'Auth_OpenID_SHA1';
-
-    function Auth_OpenID_DiffieHellmanSHA1ServerSession($dh, $consumer_pubkey)
-    {
-        $this->dh = $dh;
-        $this->consumer_pubkey = $consumer_pubkey;
-    }
-
-    static function getDH($message)
-    {
-        $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus');
-        $dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen');
-
-        if ((($dh_modulus === null) && ($dh_gen !== null)) ||
-            (($dh_gen === null) && ($dh_modulus !== null))) {
-
-            if ($dh_modulus === null) {
-                $missing = 'modulus';
-            } else {
-                $missing = 'generator';
-            }
-
-            return new Auth_OpenID_ServerError($message,
-                                'If non-default modulus or generator is '.
-                                'supplied, both must be supplied.  Missing '.
-                                $missing);
-        }
-
-        $lib = Auth_OpenID_getMathLib();
-
-        if ($dh_modulus || $dh_gen) {
-            $dh_modulus = $lib->base64ToLong($dh_modulus);
-            $dh_gen = $lib->base64ToLong($dh_gen);
-            if ($lib->cmp($dh_modulus, 0) == 0 ||
-                $lib->cmp($dh_gen, 0) == 0) {
-                return new Auth_OpenID_ServerError(
-                  $message, "Failed to parse dh_mod or dh_gen");
-            }
-            $dh = new Auth_OpenID_DiffieHellman($dh_modulus, $dh_gen);
-        } else {
-            $dh = new Auth_OpenID_DiffieHellman();
-        }
-
-        $consumer_pubkey = $message->getArg(Auth_OpenID_OPENID_NS,
-                                            'dh_consumer_public');
-        if ($consumer_pubkey === null) {
-            return new Auth_OpenID_ServerError($message,
-                                  'Public key for DH-SHA1 session '.
-                                  'not found in query');
-        }
-
-        $consumer_pubkey =
-            $lib->base64ToLong($consumer_pubkey);
-
-        if ($consumer_pubkey === false) {
-            return new Auth_OpenID_ServerError($message,
-                                       "dh_consumer_public is not base64");
-        }
-
-        return array($dh, $consumer_pubkey);
-    }
-
-    static function fromMessage($message)
-    {
-        $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
-
-        if (is_a($result, 'Auth_OpenID_ServerError')) {
-            return $result;
-        } else {
-            list($dh, $consumer_pubkey) = $result;
-            return new Auth_OpenID_DiffieHellmanSHA1ServerSession($dh,
-                                                    $consumer_pubkey);
-        }
-    }
-
-    function answer($secret)
-    {
-        $lib = Auth_OpenID_getMathLib();
-        $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret,
-                                        $this->hash_func);
-        return array(
-           'dh_server_public' =>
-                $lib->longToBase64($this->dh->public),
-           'enc_mac_key' => base64_encode($mac_key));
-    }
-}
-
-/**
- * A class implementing DH-SHA256 server sessions.
- *
- * @package OpenID
- */
-class Auth_OpenID_DiffieHellmanSHA256ServerSession
-      extends Auth_OpenID_DiffieHellmanSHA1ServerSession {
-
-    var $session_type = 'DH-SHA256';
-    var $hash_func = 'Auth_OpenID_SHA256';
-    var $allowed_assoc_types = array('HMAC-SHA256');
-
-    static function fromMessage($message)
-    {
-        $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
-
-        if (is_a($result, 'Auth_OpenID_ServerError')) {
-            return $result;
-        } else {
-            list($dh, $consumer_pubkey) = $result;
-            return new Auth_OpenID_DiffieHellmanSHA256ServerSession($dh,
-                                                      $consumer_pubkey);
-        }
-    }
-}
-
-/**
- * A request to associate with the server.
- *
- * @package OpenID
- */
-class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
-    var $mode = "associate";
-
-    static function getSessionClasses()
-    {
-        return array(
-          'no-encryption' => 'Auth_OpenID_PlainTextServerSession',
-          'DH-SHA1' => 'Auth_OpenID_DiffieHellmanSHA1ServerSession',
-          'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession');
-    }
-
-    function Auth_OpenID_AssociateRequest($session, $assoc_type)
-    {
-        $this->session = $session;
-        $this->namespace = Auth_OpenID_OPENID2_NS;
-        $this->assoc_type = $assoc_type;
-    }
-
-    static function fromMessage($message, $server=null)
-    {
-        if ($message->isOpenID1()) {
-            $session_type = $message->getArg(Auth_OpenID_OPENID_NS,
-                                             'session_type');
-
-            if ($session_type == 'no-encryption') {
-                // oidutil.log('Received OpenID 1 request with a no-encryption '
-                //             'assocaition session type. Continuing anyway.')
-            } else if (!$session_type) {
-                $session_type = 'no-encryption';
-            }
-        } else {
-            $session_type = $message->getArg(Auth_OpenID_OPENID_NS,
-                                             'session_type');
-            if ($session_type === null) {
-                return new Auth_OpenID_ServerError($message,
-                  "session_type missing from request");
-            }
-        }
-
-        $session_class = Auth_OpenID::arrayGet(
-           Auth_OpenID_AssociateRequest::getSessionClasses(),
-           $session_type);
-
-        if ($session_class === null) {
-            return new Auth_OpenID_ServerError($message,
-                                               "Unknown session type " .
-                                               $session_type);
-        }
-
-        $session = call_user_func(array($session_class, 'fromMessage'),
-                                  $message);
-        if (is_a($session, 'Auth_OpenID_ServerError')) {
-            return $session;
-        }
-
-        $assoc_type = $message->getArg(Auth_OpenID_OPENID_NS,
-                                       'assoc_type', 'HMAC-SHA1');
-
-        if (!in_array($assoc_type, $session->allowed_assoc_types)) {
-            $fmt = "Session type %s does not support association type %s";
-            return new Auth_OpenID_ServerError($message,
-              sprintf($fmt, $session_type, $assoc_type));
-        }
-
-        $obj = new Auth_OpenID_AssociateRequest($session, $assoc_type);
-        $obj->message = $message;
-        $obj->namespace = $message->getOpenIDNamespace();
-        return $obj;
-    }
-
-    function answer($assoc)
-    {
-        $response = new Auth_OpenID_ServerResponse($this);
-        $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
-           array(
-                 'expires_in' => sprintf('%d', $assoc->getExpiresIn()),
-                 'assoc_type' => $this->assoc_type,
-                 'assoc_handle' => $assoc->handle));
-
-        $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
-           $this->session->answer($assoc->secret));
-
-        if (! ($this->session->session_type == 'no-encryption' 
-               && $this->message->isOpenID1())) {
-            $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                      'session_type',
-                                      $this->session->session_type);
-        }
-
-        return $response;
-    }
-
-    function answerUnsupported($text_message,
-                               $preferred_association_type=null,
-                               $preferred_session_type=null)
-    {
-        if ($this->message->isOpenID1()) {
-            return new Auth_OpenID_ServerError($this->message);
-        }
-
-        $response = new Auth_OpenID_ServerResponse($this);
-        $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                  'error_code', 'unsupported-type');
-        $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                  'error', $text_message);
-
-        if ($preferred_association_type) {
-            $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                      'assoc_type',
-                                      $preferred_association_type);
-        }
-
-        if ($preferred_session_type) {
-            $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                      'session_type',
-                                      $preferred_session_type);
-        }
-        $response->code = AUTH_OPENID_HTTP_ERROR;
-        return $response;
-    }
-}
-
-/**
- * A request to confirm the identity of a user.
- *
- * @package OpenID
- */
-class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
-    /**
-     * Return-to verification callback.  Default is
-     * Auth_OpenID_verifyReturnTo from TrustRoot.php.
-     */
-    var $verifyReturnTo = 'Auth_OpenID_verifyReturnTo';
-
-    /**
-     * The mode of this request.
-     */
-    var $mode = "checkid_setup"; // or "checkid_immediate"
-
-    /**
-     * Whether this request is for immediate mode.
-     */
-    var $immediate = false;
-
-    /**
-     * The trust_root value for this request.
-     */
-    var $trust_root = null;
-
-    /**
-     * The OpenID namespace for this request.
-     * deprecated since version 2.0.2
-     */
-    var $namespace;
-    
-    static function make($message, $identity, $return_to, $trust_root = null,
-                  $immediate = false, $assoc_handle = null, $server = null)
-    {
-        if ($server === null) {
-            return new Auth_OpenID_ServerError($message,
-                                               "server must not be null");
-        }
-
-        if ($return_to &&
-            !Auth_OpenID_TrustRoot::_parse($return_to)) {
-            return new Auth_OpenID_MalformedReturnURL($message, $return_to);
-        }
-
-        $r = new Auth_OpenID_CheckIDRequest($identity, $return_to,
-                                            $trust_root, $immediate,
-                                            $assoc_handle, $server);
-
-        $r->namespace = $message->getOpenIDNamespace();
-        $r->message = $message;
-
-        if (!$r->trustRootValid()) {
-            return new Auth_OpenID_UntrustedReturnURL($message,
-                                                      $return_to,
-                                                      $trust_root);
-        } else {
-            return $r;
-        }
-    }
-
-    function Auth_OpenID_CheckIDRequest($identity, $return_to,
-                                        $trust_root = null, $immediate = false,
-                                        $assoc_handle = null, $server = null,
-                                        $claimed_id = null)
-    {
-        $this->namespace = Auth_OpenID_OPENID2_NS;
-        $this->assoc_handle = $assoc_handle;
-        $this->identity = $identity;
-        if ($claimed_id === null) {
-            $this->claimed_id = $identity;
-        } else {
-            $this->claimed_id = $claimed_id;
-        }
-        $this->return_to = $return_to;
-        $this->trust_root = $trust_root;
-        $this->server = $server;
-
-        if ($immediate) {
-            $this->immediate = true;
-            $this->mode = "checkid_immediate";
-        } else {
-            $this->immediate = false;
-            $this->mode = "checkid_setup";
-        }
-    }
-
-    function equals($other)
-    {
-        return (
-                (is_a($other, 'Auth_OpenID_CheckIDRequest')) &&
-                ($this->namespace == $other->namespace) &&
-                ($this->assoc_handle == $other->assoc_handle) &&
-                ($this->identity == $other->identity) &&
-                ($this->claimed_id == $other->claimed_id) &&
-                ($this->return_to == $other->return_to) &&
-                ($this->trust_root == $other->trust_root));
-    }
-
-    /*
-     * Does the relying party publish the return_to URL for this
-     * response under the realm? It is up to the provider to set a
-     * policy for what kinds of realms should be allowed. This
-     * return_to URL verification reduces vulnerability to data-theft
-     * attacks based on open proxies, corss-site-scripting, or open
-     * redirectors.
-     *
-     * This check should only be performed after making sure that the
-     * return_to URL matches the realm.
-     *
-     * @return true if the realm publishes a document with the
-     * return_to URL listed, false if not or if discovery fails
-     */
-    function returnToVerified()
-    {
-        $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
-        return call_user_func_array($this->verifyReturnTo,
-                                    array($this->trust_root, $this->return_to, $fetcher));
-    }
-
-    static function fromMessage($message, $server)
-    {
-        $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
-        $immediate = null;
-
-        if ($mode == "checkid_immediate") {
-            $immediate = true;
-            $mode = "checkid_immediate";
-        } else {
-            $immediate = false;
-            $mode = "checkid_setup";
-        }
-
-        $return_to = $message->getArg(Auth_OpenID_OPENID_NS,
-                                      'return_to');
-
-        if (($message->isOpenID1()) &&
-            (!$return_to)) {
-            $fmt = "Missing required field 'return_to' from checkid request";
-            return new Auth_OpenID_ServerError($message, $fmt);
-        }
-
-        $identity = $message->getArg(Auth_OpenID_OPENID_NS,
-                                     'identity');
-        $claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, 'claimed_id');
-        if ($message->isOpenID1()) {
-            if ($identity === null) {
-                $s = "OpenID 1 message did not contain openid.identity";
-                return new Auth_OpenID_ServerError($message, $s);
-            }
-        } else {
-            if ($identity && !$claimed_id) {
-                $s = "OpenID 2.0 message contained openid.identity but not " .
-                  "claimed_id";
-                return new Auth_OpenID_ServerError($message, $s);
-            } else if ($claimed_id && !$identity) {
-                $s = "OpenID 2.0 message contained openid.claimed_id " .
-                  "but not identity";
-                return new Auth_OpenID_ServerError($message, $s);
-            }
-        }
-
-        // There's a case for making self.trust_root be a TrustRoot
-        // here.  But if TrustRoot isn't currently part of the
-        // "public" API, I'm not sure it's worth doing.
-        if ($message->isOpenID1()) {
-            $trust_root_param = 'trust_root';
-        } else {
-            $trust_root_param = 'realm';
-        }
-        $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, 
-                                       $trust_root_param);
-        if (! $trust_root) {
-            $trust_root = $return_to;
-        }
-
-        if (! $message->isOpenID1() && 
-            ($return_to === null) &&
-            ($trust_root === null)) {
-            return new Auth_OpenID_ServerError($message,
-              "openid.realm required when openid.return_to absent");
-        }
-
-        $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS,
-                                         'assoc_handle');
-
-        $obj = Auth_OpenID_CheckIDRequest::make($message,
-                                                $identity,
-                                                $return_to,
-                                                $trust_root,
-                                                $immediate,
-                                                $assoc_handle,
-                                                $server);
-
-        if (is_a($obj, 'Auth_OpenID_ServerError')) {
-            return $obj;
-        }
-
-        $obj->claimed_id = $claimed_id;
-
-        return $obj;
-    }
-
-    function idSelect()
-    {
-        // Is the identifier to be selected by the IDP?
-        // So IDPs don't have to import the constant
-        return $this->identity == Auth_OpenID_IDENTIFIER_SELECT;
-    }
-
-    function trustRootValid()
-    {
-        if (!$this->trust_root) {
-            return true;
-        }
-
-        $tr = Auth_OpenID_TrustRoot::_parse($this->trust_root);
-        if ($tr === false) {
-            return new Auth_OpenID_MalformedTrustRoot($this->message,
-                                                      $this->trust_root);
-        }
-
-        if ($this->return_to !== null) {
-            return Auth_OpenID_TrustRoot::match($this->trust_root,
-                                                $this->return_to);
-        } else {
-            return true;
-        }
-    }
-
-    /**
-     * Respond to this request.  Return either an
-     * {@link Auth_OpenID_ServerResponse} or
-     * {@link Auth_OpenID_ServerError}.
-     *
-     * @param bool $allow Allow this user to claim this identity, and
-     * allow the consumer to have this information?
-     *
-     * @param string $server_url DEPRECATED.  Passing $op_endpoint to
-     * the {@link Auth_OpenID_Server} constructor makes this optional.
-     *
-     * When an OpenID 1.x immediate mode request does not succeed, it
-     * gets back a URL where the request may be carried out in a
-     * not-so-immediate fashion.  Pass my URL in here (the fully
-     * qualified address of this server's endpoint, i.e.
-     * http://example.com/server), and I will use it as a base for the
-     * URL for a new request.
-     *
-     * Optional for requests where {@link $immediate} is false or
-     * $allow is true.
-     *
-     * @param string $identity The OP-local identifier to answer with.
-     * Only for use when the relying party requested identifier
-     * selection.
-     *
-     * @param string $claimed_id The claimed identifier to answer
-     * with, for use with identifier selection in the case where the
-     * claimed identifier and the OP-local identifier differ,
-     * i.e. when the claimed_id uses delegation.
-     *
-     * If $identity is provided but this is not, $claimed_id will
-     * default to the value of $identity.  When answering requests
-     * that did not ask for identifier selection, the response
-     * $claimed_id will default to that of the request.
-     *
-     * This parameter is new in OpenID 2.0.
-     *
-     * @return mixed
-     */
-    function answer($allow, $server_url = null, $identity = null,
-                    $claimed_id = null)
-    {
-        if (!$this->return_to) {
-            return new Auth_OpenID_NoReturnToError();
-        }
-
-        if (!$server_url) {
-            if ((!$this->message->isOpenID1()) &&
-                (!$this->server->op_endpoint)) {
-                return new Auth_OpenID_ServerError(null,
-                  "server should be constructed with op_endpoint to " .
-                  "respond to OpenID 2.0 messages.");
-            }
-
-            $server_url = $this->server->op_endpoint;
-        }
-
-        if ($allow) {
-            $mode = 'id_res';
-        } else if ($this->message->isOpenID1()) {
-            if ($this->immediate) {
-                $mode = 'id_res';
-            } else {
-                $mode = 'cancel';
-            }
-        } else {
-            if ($this->immediate) {
-                $mode = 'setup_needed';
-            } else {
-                $mode = 'cancel';
-            }
-        }
-
-        if (!$this->trustRootValid()) {
-            return new Auth_OpenID_UntrustedReturnURL(null,
-                                                      $this->return_to,
-                                                      $this->trust_root);
-        }
-
-        $response = new Auth_OpenID_ServerResponse($this);
-
-        if ($claimed_id &&
-            ($this->message->isOpenID1())) {
-            return new Auth_OpenID_ServerError(null,
-              "claimed_id is new in OpenID 2.0 and not " .
-              "available for ".$this->namespace);
-        }
-
-        if ($identity && !$claimed_id) {
-            $claimed_id = $identity;
-        }
-
-        if ($allow) {
-
-            if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) {
-                if (!$identity) {
-                    return new Auth_OpenID_ServerError(null,
-                      "This request uses IdP-driven identifier selection.  " .
-                      "You must supply an identifier in the response.");
-                }
-
-                $response_identity = $identity;
-                $response_claimed_id = $claimed_id;
-
-            } else if ($this->identity) {
-                if ($identity &&
-                    ($this->identity != $identity)) {
-                    $fmt = "Request was for %s, cannot reply with identity %s";
-                    return new Auth_OpenID_ServerError(null,
-                      sprintf($fmt, $this->identity, $identity));
-                }
-
-                $response_identity = $this->identity;
-                $response_claimed_id = $this->claimed_id;
-            } else {
-                if ($identity) {
-                    return new Auth_OpenID_ServerError(null,
-                      "This request specified no identity and " .
-                      "you supplied ".$identity);
-                }
-
-                $response_identity = null;
-            }
-
-            if (($this->message->isOpenID1()) &&
-                ($response_identity === null)) {
-                return new Auth_OpenID_ServerError(null,
-                  "Request was an OpenID 1 request, so response must " .
-                  "include an identifier.");
-            }
-
-            $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
-                   array('mode' => $mode,
-                         'return_to' => $this->return_to,
-                         'response_nonce' => Auth_OpenID_mkNonce()));
-
-            if (!$this->message->isOpenID1()) {
-                $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                          'op_endpoint', $server_url);
-            }
-
-            if ($response_identity !== null) {
-                $response->fields->setArg(
-                                          Auth_OpenID_OPENID_NS,
-                                          'identity',
-                                          $response_identity);
-                if ($this->message->isOpenID2()) {
-                    $response->fields->setArg(
-                                              Auth_OpenID_OPENID_NS,
-                                              'claimed_id',
-                                              $response_claimed_id);
-                }
-            }
-
-        } else {
-            $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                      'mode', $mode);
-
-            if ($this->immediate) {
-                if (($this->message->isOpenID1()) &&
-                    (!$server_url)) {
-                    return new Auth_OpenID_ServerError(null,
-                                 'setup_url is required for $allow=false \
-                                  in OpenID 1.x immediate mode.');
-                }
-
-                $setup_request = new Auth_OpenID_CheckIDRequest(
-                                                $this->identity,
-                                                $this->return_to,
-                                                $this->trust_root,
-                                                false,
-                                                $this->assoc_handle,
-                                                $this->server,
-                                                $this->claimed_id);
-                $setup_request->message = $this->message;
-
-                $setup_url = $setup_request->encodeToURL($server_url);
-
-                if ($setup_url === null) {
-                    return new Auth_OpenID_NoReturnToError();
-                }
-
-                $response->fields->setArg(Auth_OpenID_OPENID_NS,
-                                          'user_setup_url',
-                                          $setup_url);
-            }
-        }
-
-        return $response;
-    }
-
-    function encodeToURL($server_url)
-    {
-        if (!$this->return_to) {
-            return new Auth_OpenID_NoReturnToError();
-        }
-
-        // Imported from the alternate reality where these classes are
-        // used in both the client and server code, so Requests are
-        // Encodable too.  That's right, code imported from alternate
-        // realities all for the love of you, id_res/user_setup_url.
-
-        $q = array('mode' => $this->mode,
-                   'identity' => $this->identity,
-                   'claimed_id' => $this->claimed_id,
-                   'return_to' => $this->return_to);
-
-        if ($this->trust_root) {
-            if ($this->message->isOpenID1()) {
-                $q['trust_root'] = $this->trust_root;
-            } else {
-                $q['realm'] = $this->trust_root;
-            }
-        }
-
-        if ($this->assoc_handle) {
-            $q['assoc_handle'] = $this->assoc_handle;
-        }
-
-        $response = new Auth_OpenID_Message(
-            $this->message->getOpenIDNamespace());
-        $response->updateArgs(Auth_OpenID_OPENID_NS, $q);
-        return $response->toURL($server_url);
-    }
-
-    function getCancelURL()
-    {
-        if (!$this->return_to) {
-            return new Auth_OpenID_NoReturnToError();
-        }
-
-        if ($this->immediate) {
-            return new Auth_OpenID_ServerError(null,
-                                               "Cancel is not an appropriate \
-                                               response to immediate mode \
-                                               requests.");
-        }
-
-        $response = new Auth_OpenID_Message(
-            $this->message->getOpenIDNamespace());
-        $response->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel');
-        return $response->toURL($this->return_to);
-    }
-}
-
-/**
- * This class encapsulates the response to an OpenID server request.
- *
- * @package OpenID
- */
-class Auth_OpenID_ServerResponse {
-
-    function Auth_OpenID_ServerResponse($request)
-    {
-        $this->request = $request;
-        $this->fields = new Auth_OpenID_Message($this->request->namespace);
-    }
-
-    function whichEncoding()
-    {
-      global $_Auth_OpenID_Request_Modes;
-
-        if (in_array($this->request->mode, $_Auth_OpenID_Request_Modes)) {
-            if ($this->fields->isOpenID2() &&
-                (strlen($this->encodeToURL()) >
-                   Auth_OpenID_OPENID1_URL_LIMIT)) {
-                return Auth_OpenID_ENCODE_HTML_FORM;
-            } else {
-                return Auth_OpenID_ENCODE_URL;
-            }
-        } else {
-            return Auth_OpenID_ENCODE_KVFORM;
-        }
-    }
-
-    /*
-     * Returns the form markup for this response.
-     *
-     * @return str
-     */
-    function toFormMarkup($form_tag_attrs=null)
-    {
-        return $this->fields->toFormMarkup($this->request->return_to,
-                                           $form_tag_attrs);
-    }
-
-    /*
-     * Returns an HTML document containing the form markup for this
-     * response that autosubmits with javascript.
-     */
-    function toHTML()
-    {
-        return Auth_OpenID::autoSubmitHTML($this->toFormMarkup());
-    }
-
-    /*
-     * Returns True if this response's encoding is ENCODE_HTML_FORM.
-     * Convenience method for server authors.
-     *
-     * @return bool
-     */
-    function renderAsForm()
-    {
-        return $this->whichEncoding() == Auth_OpenID_ENCODE_HTML_FORM;
-    }
-
-
-    function encodeToURL()
-    {
-        return $this->fields->toURL($this->request->return_to);
-    }
-
-    function addExtension($extension_response)
-    {
-        $extension_response->toMessage($this->fields);
-    }
-
-    function needsSigning()
-    {
-        return $this->fields->getArg(Auth_OpenID_OPENID_NS,
-                                     'mode') == 'id_res';
-    }
-
-    function encodeToKVForm()
-    {
-        return $this->fields->toKVForm();
-    }
-}
-
-/**
- * A web-capable response object which you can use to generate a
- * user-agent response.
- *
- * @package OpenID
- */
-class Auth_OpenID_WebResponse {
-    var $code = AUTH_OPENID_HTTP_OK;
-    var $body = "";
-
-    function Auth_OpenID_WebResponse($code = null, $headers = null,
-                                     $body = null)
-    {
-        if ($code) {
-            $this->code = $code;
-        }
-
-        if ($headers !== null) {
-            $this->headers = $headers;
-        } else {
-            $this->headers = array();
-        }
-
-        if ($body !== null) {
-            $this->body = $body;
-        }
-    }
-}
-
-/**
- * Responsible for the signature of query data and the verification of
- * OpenID signature values.
- *
- * @package OpenID
- */
-class Auth_OpenID_Signatory {
-
-    // = 14 * 24 * 60 * 60; # 14 days, in seconds
-    var $SECRET_LIFETIME = 1209600;
-
-    // keys have a bogus server URL in them because the filestore
-    // really does expect that key to be a URL.  This seems a little
-    // silly for the server store, since I expect there to be only one
-    // server URL.
-    var $normal_key = 'http://localhost/|normal';
-    var $dumb_key = 'http://localhost/|dumb';
-
-    /**
-     * Create a new signatory using a given store.
-     */
-    function Auth_OpenID_Signatory($store)
-    {
-        // assert store is not None
-        $this->store = $store;
-    }
-
-    /**
-     * Verify, using a given association handle, a signature with
-     * signed key-value pairs from an HTTP request.
-     */
-    function verify($assoc_handle, $message)
-    {
-        $assoc = $this->getAssociation($assoc_handle, true);
-        if (!$assoc) {
-            // oidutil.log("failed to get assoc with handle %r to verify sig %r"
-            //             % (assoc_handle, sig))
-            return false;
-        }
-
-        return $assoc->checkMessageSignature($message);
-    }
-
-    /**
-     * Given a response, sign the fields in the response's 'signed'
-     * list, and insert the signature into the response.
-     */
-    function sign($response)
-    {
-        $signed_response = $response;
-        $assoc_handle = $response->request->assoc_handle;
-
-        if ($assoc_handle) {
-            // normal mode
-            $assoc = $this->getAssociation($assoc_handle, false, false);
-            if (!$assoc || ($assoc->getExpiresIn() <= 0)) {
-                // fall back to dumb mode
-                $signed_response->fields->setArg(Auth_OpenID_OPENID_NS,
-                             'invalidate_handle', $assoc_handle);
-                $assoc_type = ($assoc ? $assoc->assoc_type : 'HMAC-SHA1');
-
-                if ($assoc && ($assoc->getExpiresIn() <= 0)) {
-                    $this->invalidate($assoc_handle, false);
-                }
-
-                $assoc = $this->createAssociation(true, $assoc_type);
-            }
-        } else {
-            // dumb mode.
-            $assoc = $this->createAssociation(true);
-        }
-
-        $signed_response->fields = $assoc->signMessage(
-                                      $signed_response->fields);
-        return $signed_response;
-    }
-
-    /**
-     * Make a new association.
-     */
-    function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1')
-    {
-        $secret = Auth_OpenID_CryptUtil::getBytes(
-                    Auth_OpenID_getSecretSize($assoc_type));
-
-        $uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4));
-        $handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq);
-
-        $assoc = Auth_OpenID_Association::fromExpiresIn(
-                      $this->SECRET_LIFETIME, $handle, $secret, $assoc_type);
-
-        if ($dumb) {
-            $key = $this->dumb_key;
-        } else {
-            $key = $this->normal_key;
-        }
-
-        $this->store->storeAssociation($key, $assoc);
-        return $assoc;
-    }
-
-    /**
-     * Given an association handle, get the association from the
-     * store, or return a ServerError or null if something goes wrong.
-     */
-    function getAssociation($assoc_handle, $dumb, $check_expiration=true)
-    {
-        if ($assoc_handle === null) {
-            return new Auth_OpenID_ServerError(null,
-                                     "assoc_handle must not be null");
-        }
-
-        if ($dumb) {
-            $key = $this->dumb_key;
-        } else {
-            $key = $this->normal_key;
-        }
-
-        $assoc = $this->store->getAssociation($key, $assoc_handle);
-
-        if (($assoc !== null) && ($assoc->getExpiresIn() <= 0)) {
-            if ($check_expiration) {
-                $this->store->removeAssociation($key, $assoc_handle);
-                $assoc = null;
-            }
-        }
-
-        return $assoc;
-    }
-
-    /**
-     * Invalidate a given association handle.
-     */
-    function invalidate($assoc_handle, $dumb)
-    {
-        if ($dumb) {
-            $key = $this->dumb_key;
-        } else {
-            $key = $this->normal_key;
-        }
-        $this->store->removeAssociation($key, $assoc_handle);
-    }
-}
-
-/**
- * Encode an {@link Auth_OpenID_ServerResponse} to an
- * {@link Auth_OpenID_WebResponse}.
- *
- * @package OpenID
- */
-class Auth_OpenID_Encoder {
-
-    var $responseFactory = 'Auth_OpenID_WebResponse';
-
-    /**
-     * Encode an {@link Auth_OpenID_ServerResponse} and return an
-     * {@link Auth_OpenID_WebResponse}.
-     */
-    function encode($response)
-    {
-        $cls = $this->responseFactory;
-
-        $encode_as = $response->whichEncoding();
-        if ($encode_as == Auth_OpenID_ENCODE_KVFORM) {
-            $wr = new $cls(null, null, $response->encodeToKVForm());
-            if (is_a($response, 'Auth_OpenID_ServerError')) {
-                $wr->code = AUTH_OPENID_HTTP_ERROR;
-            }
-        } else if ($encode_as == Auth_OpenID_ENCODE_URL) {
-            $location = $response->encodeToURL();
-            $wr = new $cls(AUTH_OPENID_HTTP_REDIRECT,
-                           array('location' => $location));
-        } else if ($encode_as == Auth_OpenID_ENCODE_HTML_FORM) {
-          $wr = new $cls(AUTH_OPENID_HTTP_OK, array(),
-                         $response->toHTML());
-        } else {
-            return new Auth_OpenID_EncodingError($response);
-        }
-        /* Allow the response to carry a custom error code (ex: for Association errors) */
-        if(isset($response->code)) {
-            $wr->code = $response->code;
-        }
-        return $wr;
-    }
-}
-
-/**
- * An encoder which also takes care of signing fields when required.
- *
- * @package OpenID
- */
-class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder {
-
-    function Auth_OpenID_SigningEncoder($signatory)
-    {
-        $this->signatory = $signatory;
-    }
-
-    /**
-     * Sign an {@link Auth_OpenID_ServerResponse} and return an
-     * {@link Auth_OpenID_WebResponse}.
-     */
-    function encode($response)
-    {
-        // the isinstance is a bit of a kludge... it means there isn't
-        // really an adapter to make the interfaces quite match.
-        if (!is_a($response, 'Auth_OpenID_ServerError') &&
-            $response->needsSigning()) {
-
-            if (!$this->signatory) {
-                return new Auth_OpenID_ServerError(null,
-                                       "Must have a store to sign request");
-            }
-
-            if ($response->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')) {
-                return new Auth_OpenID_AlreadySigned($response);
-            }
-            $response = $this->signatory->sign($response);
-        }
-
-        return parent::encode($response);
-    }
-}
-
-/**
- * Decode an incoming query into an Auth_OpenID_Request.
- *
- * @package OpenID
- */
-class Auth_OpenID_Decoder {
-
-    function Auth_OpenID_Decoder($server)
-    {
-        $this->server = $server;
-
-        $this->handlers = array(
-            'checkid_setup' => 'Auth_OpenID_CheckIDRequest',
-            'checkid_immediate' => 'Auth_OpenID_CheckIDRequest',
-            'check_authentication' => 'Auth_OpenID_CheckAuthRequest',
-            'associate' => 'Auth_OpenID_AssociateRequest'
-            );
-    }
-
-    /**
-     * Given an HTTP query in an array (key-value pairs), decode it
-     * into an Auth_OpenID_Request object.
-     */
-    function decode($query)
-    {
-        if (!$query) {
-            return null;
-        }
-
-        $message = Auth_OpenID_Message::fromPostArgs($query);
-
-        if ($message === null) {
-            /*
-             * It's useful to have a Message attached to a
-             * ProtocolError, so we override the bad ns value to build
-             * a Message out of it.  Kinda kludgy, since it's made of
-             * lies, but the parts that aren't lies are more useful
-             * than a 'None'.
-             */
-            $old_ns = $query['openid.ns'];
-
-            $query['openid.ns'] = Auth_OpenID_OPENID2_NS;
-            $message = Auth_OpenID_Message::fromPostArgs($query);
-            return new Auth_OpenID_ServerError(
-                  $message,
-                  sprintf("Invalid OpenID namespace URI: %s", $old_ns));
-        }
-
-        $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
-        if (!$mode) {
-            return new Auth_OpenID_ServerError($message,
-                                               "No mode value in message");
-        }
-
-        if (Auth_OpenID::isFailure($mode)) {
-            return new Auth_OpenID_ServerError($message,
-                                               $mode->message);
-        }
-
-        $handlerCls = Auth_OpenID::arrayGet($this->handlers, $mode,
-                                            $this->defaultDecoder($message));
-
-        if (!is_a($handlerCls, 'Auth_OpenID_ServerError')) {
-            return call_user_func_array(array($handlerCls, 'fromMessage'),
-                                        array($message, $this->server));
-        } else {
-            return $handlerCls;
-        }
-    }
-
-    function defaultDecoder($message)
-    {
-        $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
-
-        if (Auth_OpenID::isFailure($mode)) {
-            return new Auth_OpenID_ServerError($message,
-                                               $mode->message);
-        }
-
-        return new Auth_OpenID_ServerError($message,
-                       sprintf("Unrecognized OpenID mode %s", $mode));
-    }
-}
-
-/**
- * An error that indicates an encoding problem occurred.
- *
- * @package OpenID
- */
-class Auth_OpenID_EncodingError {
-    function Auth_OpenID_EncodingError($response)
-    {
-        $this->response = $response;
-    }
-}
-
-/**
- * An error that indicates that a response was already signed.
- *
- * @package OpenID
- */
-class Auth_OpenID_AlreadySigned extends Auth_OpenID_EncodingError {
-    // This response is already signed.
-}
-
-/**
- * An error that indicates that the given return_to is not under the
- * given trust_root.
- *
- * @package OpenID
- */
-class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError {
-    function Auth_OpenID_UntrustedReturnURL($message, $return_to,
-                                            $trust_root)
-    {
-        parent::Auth_OpenID_ServerError($message, "Untrusted return_to URL");
-        $this->return_to = $return_to;
-        $this->trust_root = $trust_root;
-    }
-
-    function toString()
-    {
-        return sprintf("return_to %s not under trust_root %s",
-                       $this->return_to, $this->trust_root);
-    }
-}
-
-/**
- * I handle requests for an OpenID server.
- *
- * Some types of requests (those which are not checkid requests) may
- * be handed to my {@link handleRequest} method, and I will take care
- * of it and return a response.
- *
- * For your convenience, I also provide an interface to {@link
- * Auth_OpenID_Decoder::decode()} and {@link
- * Auth_OpenID_SigningEncoder::encode()} through my methods {@link
- * decodeRequest} and {@link encodeResponse}.
- *
- * All my state is encapsulated in an {@link Auth_OpenID_OpenIDStore}.
- *
- * Example:
- *
- * <pre> $oserver = new Auth_OpenID_Server(Auth_OpenID_FileStore($data_path),
- *                                   "http://example.com/op");
- * $request = $oserver->decodeRequest();
- * if (in_array($request->mode, array('checkid_immediate',
- *                                    'checkid_setup'))) {
- *     if ($app->isAuthorized($request->identity, $request->trust_root)) {
- *         $response = $request->answer(true);
- *     } else if ($request->immediate) {
- *         $response = $request->answer(false);
- *     } else {
- *         $app->showDecidePage($request);
- *         return;
- *     }
- * } else {
- *     $response = $oserver->handleRequest($request);
- * }
- *
- * $webresponse = $oserver->encode($response);</pre>
- *
- * @package OpenID
- */
-class Auth_OpenID_Server {
-    function Auth_OpenID_Server($store, $op_endpoint=null)
-    {
-        $this->store = $store;
-        $this->signatory = new Auth_OpenID_Signatory($this->store);
-        $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory);
-        $this->decoder = new Auth_OpenID_Decoder($this);
-        $this->op_endpoint = $op_endpoint;
-        $this->negotiator = Auth_OpenID_getDefaultNegotiator();
-    }
-
-    /**
-     * Handle a request.  Given an {@link Auth_OpenID_Request} object,
-     * call the appropriate {@link Auth_OpenID_Server} method to
-     * process the request and generate a response.
-     *
-     * @param Auth_OpenID_Request $request An {@link Auth_OpenID_Request}
-     * returned by {@link Auth_OpenID_Server::decodeRequest()}.
-     *
-     * @return Auth_OpenID_ServerResponse $response A response object
-     * capable of generating a user-agent reply.
-     */
-    function handleRequest($request)
-    {
-        if (method_exists($this, "openid_" . $request->mode)) {
-            $handler = array($this, "openid_" . $request->mode);
-            return call_user_func_array($handler, array($request));
-        }
-        return null;
-    }
-
-    /**
-     * The callback for 'check_authentication' messages.
-     */
-    function openid_check_authentication($request)
-    {
-        return $request->answer($this->signatory);
-    }
-
-    /**
-     * The callback for 'associate' messages.
-     */
-    function openid_associate($request)
-    {
-        $assoc_type = $request->assoc_type;
-        $session_type = $request->session->session_type;
-        if ($this->negotiator->isAllowed($assoc_type, $session_type)) {
-            $assoc = $this->signatory->createAssociation(false,
-                                                         $assoc_type);
-            return $request->answer($assoc);
-        } else {
-            $message = sprintf('Association type %s is not supported with '.
-                               'session type %s', $assoc_type, $session_type);
-            list($preferred_assoc_type, $preferred_session_type) =
-                $this->negotiator->getAllowedType();
-            return $request->answerUnsupported($message,
-                                               $preferred_assoc_type,
-                                               $preferred_session_type);
-        }
-    }
-
-    /**
-     * Encodes as response in the appropriate format suitable for
-     * sending to the user agent.
-     */
-    function encodeResponse($response)
-    {
-        return $this->encoder->encode($response);
-    }
-
-    /**
-     * Decodes a query args array into the appropriate
-     * {@link Auth_OpenID_Request} object.
-     */
-    function decodeRequest($query=null)
-    {
-        if ($query === null) {
-            $query = Auth_OpenID::getQuery();
-        }
-
-        return $this->decoder->decode($query);
-    }
-}
-
-
diff --git a/lib/Auth/OpenID/ServerRequest.php b/lib/Auth/OpenID/ServerRequest.php
deleted file mode 100644
index 69222a5e0466851779cb9e6ea57707f6b0f7ef90..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/ServerRequest.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-/**
- * OpenID Server Request
- *
- * @see Auth_OpenID_Server
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Imports
- */
-require_once "Auth/OpenID.php";
-
-/**
- * Object that holds the state of a request to the OpenID server
- *
- * With accessor functions to get at the internal request data.
- *
- * @see Auth_OpenID_Server
- * @package OpenID
- */
-class Auth_OpenID_ServerRequest {
-    function Auth_OpenID_ServerRequest()
-    {
-        $this->mode = null;
-    }
-}
-
diff --git a/lib/Auth/OpenID/TrustRoot.php b/lib/Auth/OpenID/TrustRoot.php
deleted file mode 100644
index 000440b5888649b75f7b3d81f8b29eb283b06450..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/TrustRoot.php
+++ /dev/null
@@ -1,461 +0,0 @@
-<?php
-/**
- * Functions for dealing with OpenID trust roots
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/OpenID/Discover.php';
-
-/**
- * A regular expression that matches a domain ending in a top-level domains.
- * Used in checking trust roots for sanity.
- *
- * @access private
- */
-define('Auth_OpenID___TLDs',
-       '/\.(ac|ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|asia' .
-       '|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br' .
-       '|bs|bt|bv|bw|by|bz|ca|cat|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co' .
-       '|com|coop|cr|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg' .
-       '|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl' .
-       '|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie' .
-       '|il|im|in|info|int|io|iq|ir|is|it|je|jm|jo|jobs|jp|ke|kg|kh' .
-       '|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly' .
-       '|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mobi|mp|mq|mr|ms|mt' .
-       '|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no' .
-       '|np|nr|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt' .
-       '|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl' .
-       '|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tel|tf|tg|th|tj|tk|tl|tm' .
-       '|tn|to|tp|tr|travel|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve' .
-       '|vg|vi|vn|vu|wf|ws|xn--0zwm56d|xn--11b5bs3a9aj6g' .
-       '|xn--80akhbyknj4f|xn--9t4b11yi5a|xn--deba0ad|xn--g6w251d' .
-       '|xn--hgbk6aj7f53bba|xn--hlcj6aya9esc7a|xn--jxalpdlp' .
-       '|xn--kgbechtv|xn--zckzah|ye|yt|yu|za|zm|zw)\.?$/');
-
-define('Auth_OpenID___HostSegmentRe',
-       "/^(?:[-a-zA-Z0-9!$&'\\(\\)\\*+,;=._~]|%[a-zA-Z0-9]{2})*$/");
-
-/**
- * A wrapper for trust-root related functions
- */
-class Auth_OpenID_TrustRoot {
-    /*
-     * Return a discovery URL for this realm.
-     *
-     * Return null if the realm could not be parsed or was not valid.
-     *
-     * @param return_to The relying party return URL of the OpenID
-     * authentication request
-     *
-     * @return The URL upon which relying party discovery should be
-     * run in order to verify the return_to URL
-     */
-    static function buildDiscoveryURL($realm)
-    {
-        $parsed = Auth_OpenID_TrustRoot::_parse($realm);
-
-        if ($parsed === false) {
-            return false;
-        }
-
-        if ($parsed['wildcard']) {
-            // Use "www." in place of the star
-            if ($parsed['host'][0] != '.') {
-                return false;
-            }
-
-            $www_domain = 'www' . $parsed['host'];
-
-            return sprintf('%s://%s%s', $parsed['scheme'],
-                           $www_domain, $parsed['path']);
-        } else {
-            return $parsed['unparsed'];
-        }
-    }
-
-    /**
-     * Parse a URL into its trust_root parts.
-     *
-     * @static
-     *
-     * @access private
-     *
-     * @param string $trust_root The url to parse
-     *
-     * @return mixed $parsed Either an associative array of trust root
-     * parts or false if parsing failed.
-     */
-    static function _parse($trust_root)
-    {
-        $trust_root = Auth_OpenID_urinorm($trust_root);
-        if ($trust_root === null) {
-            return false;
-        }
-
-        if (preg_match("/:\/\/[^:]+(:\d+){2,}(\/|$)/", $trust_root)) {
-            return false;
-        }
-
-        $parts = @parse_url($trust_root);
-        if ($parts === false) {
-            return false;
-        }
-
-        $required_parts = array('scheme', 'host');
-        $forbidden_parts = array('user', 'pass', 'fragment');
-        $keys = array_keys($parts);
-        if (array_intersect($keys, $required_parts) != $required_parts) {
-            return false;
-        }
-
-        if (array_intersect($keys, $forbidden_parts) != array()) {
-            return false;
-        }
-
-        if (!preg_match(Auth_OpenID___HostSegmentRe, $parts['host'])) {
-            return false;
-        }
-
-        $scheme = strtolower($parts['scheme']);
-        $allowed_schemes = array('http', 'https');
-        if (!in_array($scheme, $allowed_schemes)) {
-            return false;
-        }
-        $parts['scheme'] = $scheme;
-
-        $host = strtolower($parts['host']);
-        $hostparts = explode('*', $host);
-        switch (count($hostparts)) {
-        case 1:
-            $parts['wildcard'] = false;
-            break;
-        case 2:
-            if ($hostparts[0] ||
-                ($hostparts[1] && substr($hostparts[1], 0, 1) != '.')) {
-                return false;
-            }
-            $host = $hostparts[1];
-            $parts['wildcard'] = true;
-            break;
-        default:
-            return false;
-        }
-        if (strpos($host, ':') !== false) {
-            return false;
-        }
-
-        $parts['host'] = $host;
-
-        if (isset($parts['path'])) {
-            $path = strtolower($parts['path']);
-            if (substr($path, 0, 1) != '/') {
-                return false;
-            }
-        } else {
-            $path = '/';
-        }
-
-        $parts['path'] = $path;
-        if (!isset($parts['port'])) {
-            $parts['port'] = false;
-        }
-
-
-        $parts['unparsed'] = $trust_root;
-
-        return $parts;
-    }
-
-    /**
-     * Is this trust root sane?
-     *
-     * A trust root is sane if it is syntactically valid and it has a
-     * reasonable domain name. Specifically, the domain name must be
-     * more than one level below a standard TLD or more than two
-     * levels below a two-letter tld.
-     *
-     * For example, '*.com' is not a sane trust root, but '*.foo.com'
-     * is.  '*.co.uk' is not sane, but '*.bbc.co.uk' is.
-     *
-     * This check is not always correct, but it attempts to err on the
-     * side of marking sane trust roots insane instead of marking
-     * insane trust roots sane. For example, 'kink.fm' is marked as
-     * insane even though it "should" (for some meaning of should) be
-     * marked sane.
-     *
-     * This function should be used when creating OpenID servers to
-     * alert the users of the server when a consumer attempts to get
-     * the user to accept a suspicious trust root.
-     *
-     * @static
-     * @param string $trust_root The trust root to check
-     * @return bool $sanity Whether the trust root looks OK
-     */
-    static function isSane($trust_root)
-    {
-        $parts = Auth_OpenID_TrustRoot::_parse($trust_root);
-        if ($parts === false) {
-            return false;
-        }
-
-        // Localhost is a special case
-        if ($parts['host'] == 'localhost') {
-            return true;
-        }
-        
-        $host_parts = explode('.', $parts['host']);
-        if ($parts['wildcard']) {
-            // Remove the empty string from the beginning of the array
-            array_shift($host_parts);
-        }
-
-        if ($host_parts && !$host_parts[count($host_parts) - 1]) {
-            array_pop($host_parts);
-        }
-
-        if (!$host_parts) {
-            return false;
-        }
-
-        // Don't allow adjacent dots
-        if (in_array('', $host_parts, true)) {
-            return false;
-        }
-
-        // Get the top-level domain of the host. If it is not a valid TLD,
-        // it's not sane.
-        preg_match(Auth_OpenID___TLDs, $parts['host'], $matches);
-        if (!$matches) {
-            return false;
-        }
-        $tld = $matches[1];
-
-        if (count($host_parts) == 1) {
-            return false;
-        }
-
-        if ($parts['wildcard']) {
-            // It's a 2-letter tld with a short second to last segment
-            // so there needs to be more than two segments specified
-            // (e.g. *.co.uk is insane)
-            $second_level = $host_parts[count($host_parts) - 2];
-            if (strlen($tld) == 2 && strlen($second_level) <= 3) {
-                return count($host_parts) > 2;
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * Does this URL match the given trust root?
-     *
-     * Return whether the URL falls under the given trust root. This
-     * does not check whether the trust root is sane. If the URL or
-     * trust root do not parse, this function will return false.
-     *
-     * @param string $trust_root The trust root to match against
-     *
-     * @param string $url The URL to check
-     *
-     * @return bool $matches Whether the URL matches against the
-     * trust root
-     */
-    static function match($trust_root, $url)
-    {
-        $trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root);
-        $url_parsed = Auth_OpenID_TrustRoot::_parse($url);
-        if (!$trust_root_parsed || !$url_parsed) {
-            return false;
-        }
-
-        // Check hosts matching
-        if ($url_parsed['wildcard']) {
-            return false;
-        }
-        if ($trust_root_parsed['wildcard']) {
-            $host_tail = $trust_root_parsed['host'];
-            $host = $url_parsed['host'];
-            if ($host_tail &&
-                substr($host, -(strlen($host_tail))) != $host_tail &&
-                substr($host_tail, 1) != $host) {
-                return false;
-            }
-        } else {
-            if ($trust_root_parsed['host'] != $url_parsed['host']) {
-                return false;
-            }
-        }
-
-        // Check path and query matching
-        $base_path = $trust_root_parsed['path'];
-        $path = $url_parsed['path'];
-        if (!isset($trust_root_parsed['query'])) {
-            if ($base_path != $path) {
-                if (substr($path, 0, strlen($base_path)) != $base_path) {
-                    return false;
-                }
-                if (substr($base_path, strlen($base_path) - 1, 1) != '/' &&
-                    substr($path, strlen($base_path), 1) != '/') {
-                    return false;
-                }
-            }
-        } else {
-            $base_query = $trust_root_parsed['query'];
-            $query = @$url_parsed['query'];
-            $qplus = substr($query, 0, strlen($base_query) + 1);
-            $bqplus = $base_query . '&';
-            if ($base_path != $path ||
-                ($base_query != $query && $qplus != $bqplus)) {
-                return false;
-            }
-        }
-
-        // The port and scheme need to match exactly
-        return ($trust_root_parsed['scheme'] == $url_parsed['scheme'] &&
-                $url_parsed['port'] === $trust_root_parsed['port']);
-    }
-}
-
-/*
- * If the endpoint is a relying party OpenID return_to endpoint,
- * return the endpoint URL. Otherwise, return None.
- *
- * This function is intended to be used as a filter for the Yadis
- * filtering interface.
- *
- * @see: C{L{openid.yadis.services}}
- * @see: C{L{openid.yadis.filters}}
- *
- * @param endpoint: An XRDS BasicServiceEndpoint, as returned by
- * performing Yadis dicovery.
- *
- * @returns: The endpoint URL or None if the endpoint is not a
- * relying party endpoint.
- */
-function filter_extractReturnURL($endpoint)
-{
-    if ($endpoint->matchTypes(array(Auth_OpenID_RP_RETURN_TO_URL_TYPE))) {
-        return $endpoint;
-    } else {
-        return null;
-    }
-}
-
-function &Auth_OpenID_extractReturnURL(&$endpoint_list)
-{
-    $result = array();
-
-    foreach ($endpoint_list as $endpoint) {
-        if (filter_extractReturnURL($endpoint)) {
-            $result[] = $endpoint;
-        }
-    }
-
-    return $result;
-}
-
-/*
- * Is the return_to URL under one of the supplied allowed return_to
- * URLs?
- */
-function Auth_OpenID_returnToMatches($allowed_return_to_urls, $return_to)
-{
-    foreach ($allowed_return_to_urls as $allowed_return_to) {
-        // A return_to pattern works the same as a realm, except that
-        // it's not allowed to use a wildcard. We'll model this by
-        // parsing it as a realm, and not trying to match it if it has
-        // a wildcard.
-
-        $return_realm = Auth_OpenID_TrustRoot::_parse($allowed_return_to);
-        if (// Parses as a trust root
-            ($return_realm !== false) &&
-            // Does not have a wildcard
-            (!$return_realm['wildcard']) &&
-            // Matches the return_to that we passed in with it
-            (Auth_OpenID_TrustRoot::match($allowed_return_to, $return_to))) {
-            return true;
-        }
-    }
-
-    // No URL in the list matched
-    return false;
-}
-
-/*
- * Given a relying party discovery URL return a list of return_to
- * URLs.
- */
-function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,
-              $discover_function=null)
-{
-    if ($discover_function === null) {
-        $discover_function = array('Auth_Yadis_Yadis', 'discover');
-    }
-
-    $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'consumerFromXRDS');
-
-    list($rp_url_after_redirects, $endpoints) =
-        Auth_Yadis_getServiceEndpoints($relying_party_url, $xrds_parse_cb,
-                                       $discover_function, $fetcher);
-
-    if ($rp_url_after_redirects != $relying_party_url) {
-        // Verification caused a redirect
-        return false;
-    }
-
-    call_user_func_array($discover_function,
-                         array($relying_party_url, &$fetcher));
-
-    $return_to_urls = array();
-    $matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);
-
-    foreach ($matching_endpoints as $e) {
-        $return_to_urls[] = $e->server_url;
-    }
-
-    return $return_to_urls;
-}
-
-/*
- * Verify that a return_to URL is valid for the given realm.
- *
- * This function builds a discovery URL, performs Yadis discovery on
- * it, makes sure that the URL does not redirect, parses out the
- * return_to URLs, and finally checks to see if the current return_to
- * URL matches the return_to.
- *
- * @return true if the return_to URL is valid for the realm
- */
-function Auth_OpenID_verifyReturnTo($realm_str, $return_to, $fetcher,
-              $_vrfy='Auth_OpenID_getAllowedReturnURLs')
-{
-    $disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str);
-
-    if ($disco_url === false) {
-        return false;
-    }
-
-    $allowable_urls = call_user_func_array($_vrfy,
-                           array($disco_url, $fetcher));
-
-    // The realm_str could not be parsed.
-    if ($allowable_urls === false) {
-        return false;
-    }
-
-    if (Auth_OpenID_returnToMatches($allowable_urls, $return_to)) {
-        return true;
-    } else {
-        return false;
-    }
-}
-
diff --git a/lib/Auth/OpenID/URINorm.php b/lib/Auth/OpenID/URINorm.php
deleted file mode 100644
index c051b550aa1b1e3d339cb7110f6bc80ddedaa8d8..0000000000000000000000000000000000000000
--- a/lib/Auth/OpenID/URINorm.php
+++ /dev/null
@@ -1,249 +0,0 @@
-<?php
-
-/**
- * URI normalization routines.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/Yadis/Misc.php';
-
-// from appendix B of rfc 3986 (http://www.ietf.org/rfc/rfc3986.txt)
-function Auth_OpenID_getURIPattern()
-{
-    return '&^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?&';
-}
-
-function Auth_OpenID_getAuthorityPattern()
-{
-    return '/^([^@]*@)?([^:]*)(:.*)?/';
-}
-
-function Auth_OpenID_getEncodedPattern()
-{
-    return '/%([0-9A-Fa-f]{2})/';
-}
-
-# gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"
-#
-# sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
-#                  / "*" / "+" / "," / ";" / "="
-#
-# unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
-function Auth_OpenID_getURLIllegalCharRE()
-{
-    return "/([^-A-Za-z0-9:\/\?#\[\]@\!\$&'\(\)\*\+,;=\._~\%])/";
-}
-
-function Auth_OpenID_getUnreserved()
-{
-    $_unreserved = array();
-    for ($i = 0; $i < 256; $i++) {
-        $_unreserved[$i] = false;
-    }
-
-    for ($i = ord('A'); $i <= ord('Z'); $i++) {
-        $_unreserved[$i] = true;
-    }
-
-    for ($i = ord('0'); $i <= ord('9'); $i++) {
-        $_unreserved[$i] = true;
-    }
-
-    for ($i = ord('a'); $i <= ord('z'); $i++) {
-        $_unreserved[$i] = true;
-    }
-
-    $_unreserved[ord('-')] = true;
-    $_unreserved[ord('.')] = true;
-    $_unreserved[ord('_')] = true;
-    $_unreserved[ord('~')] = true;
-
-    return $_unreserved;
-}
-
-function Auth_OpenID_getEscapeRE()
-{
-    $parts = array();
-    foreach (array_merge(Auth_Yadis_getUCSChars(),
-                         Auth_Yadis_getIPrivateChars()) as $pair) {
-        list($m, $n) = $pair;
-        $parts[] = sprintf("%s-%s", chr($m), chr($n));
-    }
-
-    return sprintf('[%s]', implode('', $parts));
-}
-
-function Auth_OpenID_pct_encoded_replace_unreserved($mo)
-{
-    $_unreserved = Auth_OpenID_getUnreserved();
-
-    $i = intval($mo[1], 16);
-    if ($_unreserved[$i]) {
-        return chr($i);
-    } else {
-        return strtoupper($mo[0]);
-    }
-
-    return $mo[0];
-}
-
-function Auth_OpenID_pct_encoded_replace($mo)
-{
-    return chr(intval($mo[1], 16));
-}
-
-function Auth_OpenID_remove_dot_segments($path)
-{
-    $result_segments = array();
-
-    while ($path) {
-        if (Auth_Yadis_startswith($path, '../')) {
-            $path = substr($path, 3);
-        } else if (Auth_Yadis_startswith($path, './')) {
-            $path = substr($path, 2);
-        } else if (Auth_Yadis_startswith($path, '/./')) {
-            $path = substr($path, 2);
-        } else if ($path == '/.') {
-            $path = '/';
-        } else if (Auth_Yadis_startswith($path, '/../')) {
-            $path = substr($path, 3);
-            if ($result_segments) {
-                array_pop($result_segments);
-            }
-        } else if ($path == '/..') {
-            $path = '/';
-            if ($result_segments) {
-                array_pop($result_segments);
-            }
-        } else if (($path == '..') ||
-                   ($path == '.')) {
-            $path = '';
-        } else {
-            $i = 0;
-            if ($path[0] == '/') {
-                $i = 1;
-            }
-            $i = strpos($path, '/', $i);
-            if ($i === false) {
-                $i = strlen($path);
-            }
-            $result_segments[] = substr($path, 0, $i);
-            $path = substr($path, $i);
-        }
-    }
-
-    return implode('', $result_segments);
-}
-
-function Auth_OpenID_urinorm($uri)
-{
-    $uri_matches = array();
-    preg_match(Auth_OpenID_getURIPattern(), $uri, $uri_matches);
-
-    if (count($uri_matches) < 9) {
-        for ($i = count($uri_matches); $i <= 9; $i++) {
-            $uri_matches[] = '';
-        }
-    }
-
-    $illegal_matches = array();
-    preg_match(Auth_OpenID_getURLIllegalCharRE(),
-               $uri, $illegal_matches);
-    if ($illegal_matches) {
-        return null;
-    }
-
-    $scheme = $uri_matches[2];
-    if ($scheme) {
-        $scheme = strtolower($scheme);
-    }
-
-    $scheme = $uri_matches[2];
-    if ($scheme === '') {
-        // No scheme specified
-        return null;
-    }
-
-    $scheme = strtolower($scheme);
-    if (!in_array($scheme, array('http', 'https'))) {
-        // Not an absolute HTTP or HTTPS URI
-        return null;
-    }
-
-    $authority = $uri_matches[4];
-    if ($authority === '') {
-        // Not an absolute URI
-        return null;
-    }
-
-    $authority_matches = array();
-    preg_match(Auth_OpenID_getAuthorityPattern(),
-               $authority, $authority_matches);
-    if (count($authority_matches) === 0) {
-        // URI does not have a valid authority
-        return null;
-    }
-
-    if (count($authority_matches) < 4) {
-        for ($i = count($authority_matches); $i <= 4; $i++) {
-            $authority_matches[] = '';
-        }
-    }
-
-    list($_whole, $userinfo, $host, $port) = $authority_matches;
-
-    if ($userinfo === null) {
-        $userinfo = '';
-    }
-
-    if (strpos($host, '%') !== -1) {
-        $host = strtolower($host);
-        $host = preg_replace_callback(
-                  Auth_OpenID_getEncodedPattern(),
-                  'Auth_OpenID_pct_encoded_replace', $host);
-        // NO IDNA.
-        // $host = unicode($host, 'utf-8').encode('idna');
-    } else {
-        $host = strtolower($host);
-    }
-
-    if ($port) {
-        if (($port == ':') ||
-            ($scheme == 'http' && $port == ':80') ||
-            ($scheme == 'https' && $port == ':443')) {
-            $port = '';
-        }
-    } else {
-        $port = '';
-    }
-
-    $authority = $userinfo . $host . $port;
-
-    $path = $uri_matches[5];
-    $path = preg_replace_callback(
-               Auth_OpenID_getEncodedPattern(),
-               'Auth_OpenID_pct_encoded_replace_unreserved', $path);
-
-    $path = Auth_OpenID_remove_dot_segments($path);
-    if (!$path) {
-        $path = '/';
-    }
-
-    $query = $uri_matches[6];
-    if ($query === null) {
-        $query = '';
-    }
-
-    $fragment = $uri_matches[8];
-    if ($fragment === null) {
-        $fragment = '';
-    }
-
-    return $scheme . '://' . $authority . $path . $query . $fragment;
-}
-
-
diff --git a/lib/Auth/Yadis/HTTPFetcher.php b/lib/Auth/Yadis/HTTPFetcher.php
deleted file mode 100644
index 148cde1b2edc4d61dfd4402455402eeda62e84c1..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/HTTPFetcher.php
+++ /dev/null
@@ -1,174 +0,0 @@
-<?php
-
-/**
- * This module contains the HTTP fetcher interface
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require logging functionality
- */
-require_once "Auth/OpenID.php";
-
-define('Auth_OpenID_FETCHER_MAX_RESPONSE_KB', 1024);
-define('Auth_OpenID_USER_AGENT', 
-       'php-openid/'.Auth_OpenID_VERSION.' (php/'.phpversion().')');
-
-class Auth_Yadis_HTTPResponse {
-    function Auth_Yadis_HTTPResponse($final_url = null, $status = null,
-                                         $headers = null, $body = null)
-    {
-        $this->final_url = $final_url;
-        $this->status = $status;
-        $this->headers = $headers;
-        $this->body = $body;
-    }
-}
-
-/**
- * This class is the interface for HTTP fetchers the Yadis library
- * uses.  This interface is only important if you need to write a new
- * fetcher for some reason.
- *
- * @access private
- * @package OpenID
- */
-class Auth_Yadis_HTTPFetcher {
-
-    var $timeout = 20; // timeout in seconds.
-
-    /**
-     * Return whether a URL can be fetched.  Returns false if the URL
-     * scheme is not allowed or is not supported by this fetcher
-     * implementation; returns true otherwise.
-     *
-     * @return bool
-     */
-    function canFetchURL($url)
-    {
-        if ($this->isHTTPS($url) && !$this->supportsSSL()) {
-            Auth_OpenID::log("HTTPS URL unsupported fetching %s",
-                             $url);
-            return false;
-        }
-
-        if (!$this->allowedURL($url)) {
-            Auth_OpenID::log("URL fetching not allowed for '%s'",
-                             $url);
-            return false;
-        }
-
-        return true;
-    }
-
-    /**
-     * Return whether a URL should be allowed. Override this method to
-     * conform to your local policy.
-     *
-     * By default, will attempt to fetch any http or https URL.
-     */
-    function allowedURL($url)
-    {
-        return $this->URLHasAllowedScheme($url);
-    }
-
-    /**
-     * Does this fetcher implementation (and runtime) support fetching
-     * HTTPS URLs?  May inspect the runtime environment.
-     *
-     * @return bool $support True if this fetcher supports HTTPS
-     * fetching; false if not.
-     */
-    function supportsSSL()
-    {
-        trigger_error("not implemented", E_USER_ERROR);
-    }
-
-    /**
-     * Is this an https URL?
-     *
-     * @access private
-     */
-    function isHTTPS($url)
-    {
-        return (bool)preg_match('/^https:\/\//i', $url);
-    }
-
-    /**
-     * Is this an http or https URL?
-     *
-     * @access private
-     */
-    function URLHasAllowedScheme($url)
-    {
-        return (bool)preg_match('/^https?:\/\//i', $url);
-    }
-
-    /**
-     * @access private
-     */
-    function _findRedirect($headers, $url)
-    {
-        foreach ($headers as $line) {
-            if (strpos(strtolower($line), "location: ") === 0) {
-                $parts = explode(" ", $line, 2);
-                $loc = $parts[1];
-                $ppos = strpos($loc, "://");
-                if ($ppos === false || $ppos > strpos($loc, "/")) {
-                  /* no host; add it */
-                  $hpos = strpos($url, "://");
-                  $prt = substr($url, 0, $hpos+3);
-                  $url = substr($url, $hpos+3);
-                  if (substr($loc, 0, 1) == "/") {
-                    /* absolute path */
-                    $fspos = strpos($url, "/");
-                    if ($fspos) $loc = $prt.substr($url, 0, $fspos).$loc;
-                    else $loc = $prt.$url.$loc;
-                  } else {
-                    /* relative path */
-                    $pp = $prt;
-                    while (1) {
-                      $xpos = strpos($url, "/");
-                      if ($xpos === false) break;
-                      $apos = strpos($url, "?");
-                      if ($apos !== false && $apos < $xpos) break;
-                      $apos = strpos($url, "&");
-                      if ($apos !== false && $apos < $xpos) break;
-                      $pp .= substr($url, 0, $xpos+1);
-                      $url = substr($url, $xpos+1);
-                    }
-                    $loc = $pp.$loc;
-                  }
-                }
-                return $loc;
-            }
-        }
-        return null;
-    }
-
-    /**
-     * Fetches the specified URL using optional extra headers and
-     * returns the server's response.
-     *
-     * @param string $url The URL to be fetched.
-     * @param array $extra_headers An array of header strings
-     * (e.g. "Accept: text/html").
-     * @return mixed $result An array of ($code, $url, $headers,
-     * $body) if the URL could be fetched; null if the URL does not
-     * pass the URLHasAllowedScheme check or if the server's response
-     * is malformed.
-     */
-    function get($url, $headers = null)
-    {
-        trigger_error("not implemented", E_USER_ERROR);
-    }
-}
-
diff --git a/lib/Auth/Yadis/Manager.php b/lib/Auth/Yadis/Manager.php
deleted file mode 100644
index 3f54fd0bcd908eab5f3037567fc3e5bf77f437f5..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/Manager.php
+++ /dev/null
@@ -1,523 +0,0 @@
-<?php
-
-/**
- * Yadis service manager to be used during yadis-driven authentication
- * attempts.
- *
- * @package OpenID
- */
-
-/**
- * The base session class used by the Auth_Yadis_Manager.  This
- * class wraps the default PHP session machinery and should be
- * subclassed if your application doesn't use PHP sessioning.
- *
- * @package OpenID
- */
-class Auth_Yadis_PHPSession {
-    /**
-     * Set a session key/value pair.
-     *
-     * @param string $name The name of the session key to add.
-     * @param string $value The value to add to the session.
-     */
-    function set($name, $value)
-    {
-        $_SESSION[$name] = $value;
-    }
-
-    /**
-     * Get a key's value from the session.
-     *
-     * @param string $name The name of the key to retrieve.
-     * @param string $default The optional value to return if the key
-     * is not found in the session.
-     * @return string $result The key's value in the session or
-     * $default if it isn't found.
-     */
-    function get($name, $default=null)
-    {
-        if (array_key_exists($name, $_SESSION)) {
-            return $_SESSION[$name];
-        } else {
-            return $default;
-        }
-    }
-
-    /**
-     * Remove a key/value pair from the session.
-     *
-     * @param string $name The name of the key to remove.
-     */
-    function del($name)
-    {
-        unset($_SESSION[$name]);
-    }
-
-    /**
-     * Return the contents of the session in array form.
-     */
-    function contents()
-    {
-        return $_SESSION;
-    }
-}
-
-/**
- * A session helper class designed to translate between arrays and
- * objects.  Note that the class used must have a constructor that
- * takes no parameters.  This is not a general solution, but it works
- * for dumb objects that just need to have attributes set.  The idea
- * is that you'll subclass this and override $this->check($data) ->
- * bool to implement your own session data validation.
- *
- * @package OpenID
- */
-class Auth_Yadis_SessionLoader {
-    /**
-     * Override this.
-     *
-     * @access private
-     */
-    function check($data)
-    {
-        return true;
-    }
-
-    /**
-     * Given a session data value (an array), this creates an object
-     * (returned by $this->newObject()) whose attributes and values
-     * are those in $data.  Returns null if $data lacks keys found in
-     * $this->requiredKeys().  Returns null if $this->check($data)
-     * evaluates to false.  Returns null if $this->newObject()
-     * evaluates to false.
-     *
-     * @access private
-     */
-    function fromSession($data)
-    {
-        if (!$data) {
-            return null;
-        }
-
-        $required = $this->requiredKeys();
-
-        foreach ($required as $k) {
-            if (!array_key_exists($k, $data)) {
-                return null;
-            }
-        }
-
-        if (!$this->check($data)) {
-            return null;
-        }
-
-        $data = array_merge($data, $this->prepareForLoad($data));
-        $obj = $this->newObject($data);
-
-        if (!$obj) {
-            return null;
-        }
-
-        foreach ($required as $k) {
-            $obj->$k = $data[$k];
-        }
-
-        return $obj;
-    }
-
-    /**
-     * Prepares the data array by making any necessary changes.
-     * Returns an array whose keys and values will be used to update
-     * the original data array before calling $this->newObject($data).
-     *
-     * @access private
-     */
-    function prepareForLoad($data)
-    {
-        return array();
-    }
-
-    /**
-     * Returns a new instance of this loader's class, using the
-     * session data to construct it if necessary.  The object need
-     * only be created; $this->fromSession() will take care of setting
-     * the object's attributes.
-     *
-     * @access private
-     */
-    function newObject($data)
-    {
-        return null;
-    }
-
-    /**
-     * Returns an array of keys and values built from the attributes
-     * of $obj.  If $this->prepareForSave($obj) returns an array, its keys
-     * and values are used to update the $data array of attributes
-     * from $obj.
-     *
-     * @access private
-     */
-    function toSession($obj)
-    {
-        $data = array();
-        foreach ($obj as $k => $v) {
-            $data[$k] = $v;
-        }
-
-        $extra = $this->prepareForSave($obj);
-
-        if ($extra && is_array($extra)) {
-            foreach ($extra as $k => $v) {
-                $data[$k] = $v;
-            }
-        }
-
-        return $data;
-    }
-
-    /**
-     * Override this.
-     *
-     * @access private
-     */
-    function prepareForSave($obj)
-    {
-        return array();
-    }
-}
-
-/**
- * A concrete loader implementation for Auth_OpenID_ServiceEndpoints.
- *
- * @package OpenID
- */
-class Auth_OpenID_ServiceEndpointLoader extends Auth_Yadis_SessionLoader {
-    function newObject($data)
-    {
-        return new Auth_OpenID_ServiceEndpoint();
-    }
-
-    function requiredKeys()
-    {
-        $obj = new Auth_OpenID_ServiceEndpoint();
-        $data = array();
-        foreach ($obj as $k => $v) {
-            $data[] = $k;
-        }
-        return $data;
-    }
-
-    function check($data)
-    {
-        return is_array($data['type_uris']);
-    }
-}
-
-/**
- * A concrete loader implementation for Auth_Yadis_Managers.
- *
- * @package OpenID
- */
-class Auth_Yadis_ManagerLoader extends Auth_Yadis_SessionLoader {
-    function requiredKeys()
-    {
-        return array('starting_url',
-                     'yadis_url',
-                     'services',
-                     'session_key',
-                     '_current',
-                     'stale');
-    }
-
-    function newObject($data)
-    {
-        return new Auth_Yadis_Manager($data['starting_url'],
-                                          $data['yadis_url'],
-                                          $data['services'],
-                                          $data['session_key']);
-    }
-
-    function check($data)
-    {
-        return is_array($data['services']);
-    }
-
-    function prepareForLoad($data)
-    {
-        $loader = new Auth_OpenID_ServiceEndpointLoader();
-        $services = array();
-        foreach ($data['services'] as $s) {
-            $services[] = $loader->fromSession($s);
-        }
-        return array('services' => $services);
-    }
-
-    function prepareForSave($obj)
-    {
-        $loader = new Auth_OpenID_ServiceEndpointLoader();
-        $services = array();
-        foreach ($obj->services as $s) {
-            $services[] = $loader->toSession($s);
-        }
-        return array('services' => $services);
-    }
-}
-
-/**
- * The Yadis service manager which stores state in a session and
- * iterates over <Service> elements in a Yadis XRDS document and lets
- * a caller attempt to use each one.  This is used by the Yadis
- * library internally.
- *
- * @package OpenID
- */
-class Auth_Yadis_Manager {
-
-    /**
-     * Intialize a new yadis service manager.
-     *
-     * @access private
-     */
-    function Auth_Yadis_Manager($starting_url, $yadis_url,
-                                    $services, $session_key)
-    {
-        // The URL that was used to initiate the Yadis protocol
-        $this->starting_url = $starting_url;
-
-        // The URL after following redirects (the identifier)
-        $this->yadis_url = $yadis_url;
-
-        // List of service elements
-        $this->services = $services;
-
-        $this->session_key = $session_key;
-
-        // Reference to the current service object
-        $this->_current = null;
-
-        // Stale flag for cleanup if PHP lib has trouble.
-        $this->stale = false;
-    }
-
-    /**
-     * @access private
-     */
-    function length()
-    {
-        // How many untried services remain?
-        return count($this->services);
-    }
-
-    /**
-     * Return the next service
-     *
-     * $this->current() will continue to return that service until the
-     * next call to this method.
-     */
-    function nextService()
-    {
-
-        if ($this->services) {
-            $this->_current = array_shift($this->services);
-        } else {
-            $this->_current = null;
-        }
-
-        return $this->_current;
-    }
-
-    /**
-     * @access private
-     */
-    function current()
-    {
-        // Return the current service.
-        // Returns None if there are no services left.
-        return $this->_current;
-    }
-
-    /**
-     * @access private
-     */
-    function forURL($url)
-    {
-        return in_array($url, array($this->starting_url, $this->yadis_url));
-    }
-
-    /**
-     * @access private
-     */
-    function started()
-    {
-        // Has the first service been returned?
-        return $this->_current !== null;
-    }
-}
-
-/**
- * State management for discovery.
- *
- * High-level usage pattern is to call .getNextService(discover) in
- * order to find the next available service for this user for this
- * session. Once a request completes, call .cleanup() to clean up the
- * session state.
- *
- * @package OpenID
- */
-class Auth_Yadis_Discovery {
-
-    /**
-     * @access private
-     */
-    var $DEFAULT_SUFFIX = 'auth';
-
-    /**
-     * @access private
-     */
-    var $PREFIX = '_yadis_services_';
-
-    /**
-     * Initialize a discovery object.
-     *
-     * @param Auth_Yadis_PHPSession $session An object which
-     * implements the Auth_Yadis_PHPSession API.
-     * @param string $url The URL on which to attempt discovery.
-     * @param string $session_key_suffix The optional session key
-     * suffix override.
-     */
-    function Auth_Yadis_Discovery($session, $url,
-                                      $session_key_suffix = null)
-    {
-        /// Initialize a discovery object
-        $this->session = $session;
-        $this->url = $url;
-        if ($session_key_suffix === null) {
-            $session_key_suffix = $this->DEFAULT_SUFFIX;
-        }
-
-        $this->session_key_suffix = $session_key_suffix;
-        $this->session_key = $this->PREFIX . $this->session_key_suffix;
-    }
-
-    /**
-     * Return the next authentication service for the pair of
-     * user_input and session. This function handles fallback.
-     */
-    function getNextService($discover_cb, $fetcher)
-    {
-        $manager = $this->getManager();
-        if (!$manager || (!$manager->services)) {
-            $this->destroyManager();
-
-            list($yadis_url, $services) = call_user_func_array($discover_cb,
-                                                               array(
-                                                                $this->url,
-                                                                &$fetcher,
-                                                               ));
-
-            $manager = $this->createManager($services, $yadis_url);
-        }
-
-        if ($manager) {
-            $loader = new Auth_Yadis_ManagerLoader();
-            $service = $manager->nextService();
-            $this->session->set($this->session_key,
-                                serialize($loader->toSession($manager)));
-        } else {
-            $service = null;
-        }
-
-        return $service;
-    }
-
-    /**
-     * Clean up Yadis-related services in the session and return the
-     * most-recently-attempted service from the manager, if one
-     * exists.
-     *
-     * @param $force True if the manager should be deleted regardless
-     * of whether it's a manager for $this->url.
-     */
-    function cleanup($force=false)
-    {
-        $manager = $this->getManager($force);
-        if ($manager) {
-            $service = $manager->current();
-            $this->destroyManager($force);
-        } else {
-            $service = null;
-        }
-
-        return $service;
-    }
-
-    /**
-     * @access private
-     */
-    function getSessionKey()
-    {
-        // Get the session key for this starting URL and suffix
-        return $this->PREFIX . $this->session_key_suffix;
-    }
-
-    /**
-     * @access private
-     *
-     * @param $force True if the manager should be returned regardless
-     * of whether it's a manager for $this->url.
-     */
-    function getManager($force=false)
-    {
-        // Extract the YadisServiceManager for this object's URL and
-        // suffix from the session.
-
-        $manager_str = $this->session->get($this->getSessionKey());
-        $manager = null;
-
-        if ($manager_str !== null) {
-            $loader = new Auth_Yadis_ManagerLoader();
-            $manager = $loader->fromSession(unserialize($manager_str));
-        }
-
-        if ($manager && ($manager->forURL($this->url) || $force)) {
-            return $manager;
-        }
-    }
-
-    /**
-     * @access private
-     */
-    function createManager($services, $yadis_url = null)
-    {
-        $key = $this->getSessionKey();
-        if ($this->getManager()) {
-            return $this->getManager();
-        }
-
-        if ($services) {
-            $loader = new Auth_Yadis_ManagerLoader();
-            $manager = new Auth_Yadis_Manager($this->url, $yadis_url,
-                                              $services, $key);
-            $this->session->set($this->session_key,
-                                serialize($loader->toSession($manager)));
-            return $manager;
-        }
-    }
-
-    /**
-     * @access private
-     *
-     * @param $force True if the manager should be deleted regardless
-     * of whether it's a manager for $this->url.
-     */
-    function destroyManager($force=false)
-    {
-        if ($this->getManager($force) !== null) {
-            $key = $this->getSessionKey();
-            $this->session->del($key);
-        }
-    }
-}
-
diff --git a/lib/Auth/Yadis/Misc.php b/lib/Auth/Yadis/Misc.php
deleted file mode 100644
index a5afa8e9a82c2f46aa0feb7e73cc62da8176f381..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/Misc.php
+++ /dev/null
@@ -1,58 +0,0 @@
-<?php
-
-/**
- * Miscellaneous utility values and functions for OpenID and Yadis.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-function Auth_Yadis_getUCSChars()
-{
-    return array(
-                 array(0xA0, 0xD7FF),
-                 array(0xF900, 0xFDCF),
-                 array(0xFDF0, 0xFFEF),
-                 array(0x10000, 0x1FFFD),
-                 array(0x20000, 0x2FFFD),
-                 array(0x30000, 0x3FFFD),
-                 array(0x40000, 0x4FFFD),
-                 array(0x50000, 0x5FFFD),
-                 array(0x60000, 0x6FFFD),
-                 array(0x70000, 0x7FFFD),
-                 array(0x80000, 0x8FFFD),
-                 array(0x90000, 0x9FFFD),
-                 array(0xA0000, 0xAFFFD),
-                 array(0xB0000, 0xBFFFD),
-                 array(0xC0000, 0xCFFFD),
-                 array(0xD0000, 0xDFFFD),
-                 array(0xE1000, 0xEFFFD)
-                 );
-}
-
-function Auth_Yadis_getIPrivateChars()
-{
-    return array(
-                 array(0xE000, 0xF8FF),
-                 array(0xF0000, 0xFFFFD),
-                 array(0x100000, 0x10FFFD)
-                 );
-}
-
-function Auth_Yadis_pct_escape_unicode($char_match)
-{
-    $c = $char_match[0];
-    $result = "";
-    for ($i = 0; $i < strlen($c); $i++) {
-        $result .= "%".sprintf("%X", ord($c[$i]));
-    }
-    return $result;
-}
-
-function Auth_Yadis_startswith($s, $stuff)
-{
-    return strpos($s, $stuff) === 0;
-}
-
diff --git a/lib/Auth/Yadis/ParanoidHTTPFetcher.php b/lib/Auth/Yadis/ParanoidHTTPFetcher.php
deleted file mode 100644
index c44adfe923f21c6e9ce5416067df7a2e043e1b4b..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/ParanoidHTTPFetcher.php
+++ /dev/null
@@ -1,267 +0,0 @@
-<?php
-
-/**
- * This module contains the CURL-based HTTP fetcher implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Interface import
- */
-require_once "Auth/Yadis/HTTPFetcher.php";
-
-require_once "Auth/OpenID.php";
-
-/**
- * A paranoid {@link Auth_Yadis_HTTPFetcher} class which uses CURL
- * for fetching.
- *
- * @package OpenID
- */
-class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
-    function Auth_Yadis_ParanoidHTTPFetcher()
-    {
-        $this->reset();
-    }
-
-    function reset()
-    {
-        $this->headers = array();
-        $this->data = "";
-    }
-
-    /**
-     * @access private
-     */
-    function _writeHeader($ch, $header)
-    {
-        array_push($this->headers, rtrim($header));
-        return strlen($header);
-    }
-
-    /**
-     * @access private
-     */
-    function _writeData($ch, $data)
-    {
-        if (strlen($this->data) > 1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB) {
-            return 0;
-        } else {
-            $this->data .= $data;
-            return strlen($data);
-        }
-    }
-
-    /**
-     * Does this fetcher support SSL URLs?
-     */
-    function supportsSSL()
-    {
-        $v = curl_version();
-        if(is_array($v)) {
-            return in_array('https', $v['protocols']);
-        } elseif (is_string($v)) {
-            return preg_match('/OpenSSL/i', $v);
-        } else {
-            return 0;
-        }
-    }
-
-    function get($url, $extra_headers = null)
-    {
-        if (!$this->canFetchURL($url)) {
-            return null;
-        }
-
-        $stop = time() + $this->timeout;
-        $off = $this->timeout;
-
-        $redir = true;
-
-        while ($redir && ($off > 0)) {
-            $this->reset();
-
-            $c = curl_init();
-
-            if ($c === false) {
-                Auth_OpenID::log(
-                    "curl_init returned false; could not " .
-                    "initialize for URL '%s'", $url);
-                return null;
-            }
-
-            if (defined('CURLOPT_NOSIGNAL')) {
-                curl_setopt($c, CURLOPT_NOSIGNAL, true);
-            }
-
-            if (!$this->allowedURL($url)) {
-                Auth_OpenID::log("Fetching URL not allowed: %s",
-                                 $url);
-                return null;
-            }
-
-            curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                        array($this, "_writeData"));
-            curl_setopt($c, CURLOPT_HEADERFUNCTION,
-                        array($this, "_writeHeader"));
-
-            if ($extra_headers) {
-                curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
-            }
-
-            $cv = curl_version();
-            if(is_array($cv)) {
-              $curl_user_agent = 'curl/'.$cv['version'];
-            } else {
-              $curl_user_agent = $cv;
-            }
-            curl_setopt($c, CURLOPT_USERAGENT,
-                        Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
-            curl_setopt($c, CURLOPT_TIMEOUT, $off);
-            curl_setopt($c, CURLOPT_URL, $url);
-
-            if (defined('Auth_OpenID_VERIFY_HOST')) {
-                // set SSL verification options only if Auth_OpenID_VERIFY_HOST
-                // is explicitly set, otherwise use system default.
-                if (Auth_OpenID_VERIFY_HOST) {
-                    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
-                    curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
-                    if (defined('Auth_OpenID_CAINFO')) {
-                        curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
-                    }
-                } else {
-                    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
-                }
-            }
-
-            curl_exec($c);
-
-            $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
-            $body = $this->data;
-            $headers = $this->headers;
-
-            if (!$code) {
-                Auth_OpenID::log("Got no response code when fetching %s", $url);
-                Auth_OpenID::log("CURL error (%s): %s",
-                                 curl_errno($c), curl_error($c));
-                return null;
-            }
-
-            if (in_array($code, array(301, 302, 303, 307))) {
-                $url = $this->_findRedirect($headers, $url);
-                $redir = true;
-            } else {
-                $redir = false;
-                curl_close($c);
-
-                if (defined('Auth_OpenID_VERIFY_HOST') &&
-                    Auth_OpenID_VERIFY_HOST == true &&
-                    $this->isHTTPS($url)) {
-                    Auth_OpenID::log('OpenID: Verified SSL host %s using '.
-                                     'curl/get', $url);
-                }
-                $new_headers = array();
-
-                foreach ($headers as $header) {
-                    if (strpos($header, ': ')) {
-                        list($name, $value) = explode(': ', $header, 2);
-                        $new_headers[$name] = $value;
-                    }
-                }
-
-                Auth_OpenID::log(
-                    "Successfully fetched '%s': GET response code %s",
-                    $url, $code);
-
-                return new Auth_Yadis_HTTPResponse($url, $code,
-                                                    $new_headers, $body);
-            }
-
-            $off = $stop - time();
-        }
-
-        return null;
-    }
-
-    function post($url, $body, $extra_headers = null)
-    {
-        if (!$this->canFetchURL($url)) {
-            return null;
-        }
-
-        $this->reset();
-
-        $c = curl_init();
-
-        if (defined('CURLOPT_NOSIGNAL')) {
-            curl_setopt($c, CURLOPT_NOSIGNAL, true);
-        }
-
-        curl_setopt($c, CURLOPT_POST, true);
-        curl_setopt($c, CURLOPT_POSTFIELDS, $body);
-        curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
-        curl_setopt($c, CURLOPT_URL, $url);
-        curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                    array($this, "_writeData"));
-
-        if (defined('Auth_OpenID_VERIFY_HOST')) {
-            // set SSL verification options only if Auth_OpenID_VERIFY_HOST
-            // is explicitly set, otherwise use system default.
-            if (Auth_OpenID_VERIFY_HOST) {
-                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
-                curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
-                if (defined('Auth_OpenID_CAINFO')) {
-                    curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
-                }
-            } else {
-                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
-            }
-        }
-
-        curl_exec($c);
-
-        $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
-
-        if (!$code) {
-            Auth_OpenID::log("Got no response code when fetching %s", $url);
-            Auth_OpenID::log("CURL error (%s): %s",
-                             curl_errno($c), curl_error($c));
-            return null;
-        }
-
-        if (defined('Auth_OpenID_VERIFY_HOST') &&
-            Auth_OpenID_VERIFY_HOST == true &&
-            $this->isHTTPS($url)) {
-            Auth_OpenID::log('OpenID: Verified SSL host %s using '.
-                             'curl/post', $url);
-        }
-        $body = $this->data;
-
-        curl_close($c);
-
-        $new_headers = $extra_headers;
-
-        foreach ($this->headers as $header) {
-            if (strpos($header, ': ')) {
-                list($name, $value) = explode(': ', $header, 2);
-                $new_headers[$name] = $value;
-            }
-
-        }
-
-        Auth_OpenID::log("Successfully fetched '%s': POST response code %s",
-                         $url, $code);
-
-        return new Auth_Yadis_HTTPResponse($url, $code,
-                                           $new_headers, $body);
-    }
-}
-
diff --git a/lib/Auth/Yadis/ParseHTML.php b/lib/Auth/Yadis/ParseHTML.php
deleted file mode 100644
index 6f0f8b7e282574a62b651a5f470bab923b40d324..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/ParseHTML.php
+++ /dev/null
@@ -1,258 +0,0 @@
-<?php
-
-/**
- * This is the HTML pseudo-parser for the Yadis library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * This class is responsible for scanning an HTML string to find META
- * tags and their attributes.  This is used by the Yadis discovery
- * process.  This class must be instantiated to be used.
- *
- * @package OpenID
- */
-class Auth_Yadis_ParseHTML {
-
-    /**
-     * @access private
-     */
-    var $_re_flags = "si";
-
-    /**
-     * @access private
-     */
-    var $_removed_re =
-           "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>";
-
-    /**
-     * @access private
-     */
-    var $_tag_expr = "<%s%s(?:\s.*?)?%s>";
-
-    /**
-     * @access private
-     */
-    var $_attr_find = '\b([-\w]+)=(".*?"|\'.*?\'|.+?)[\/\s>]';
-
-    function Auth_Yadis_ParseHTML()
-    {
-        $this->_attr_find = sprintf("/%s/%s",
-                                    $this->_attr_find,
-                                    $this->_re_flags);
-
-        $this->_removed_re = sprintf("/%s/%s",
-                                     $this->_removed_re,
-                                     $this->_re_flags);
-
-        $this->_entity_replacements = array(
-                                            'amp' => '&',
-                                            'lt' => '<',
-                                            'gt' => '>',
-                                            'quot' => '"'
-                                            );
-
-        $this->_ent_replace =
-            sprintf("&(%s);", implode("|",
-                                      $this->_entity_replacements));
-    }
-
-    /**
-     * Replace HTML entities (amp, lt, gt, and quot) as well as
-     * numeric entities (e.g. #x9f;) with their actual values and
-     * return the new string.
-     *
-     * @access private
-     * @param string $str The string in which to look for entities
-     * @return string $new_str The new string entities decoded
-     */
-    function replaceEntities($str)
-    {
-        foreach ($this->_entity_replacements as $old => $new) {
-            $str = preg_replace(sprintf("/&%s;/", $old), $new, $str);
-        }
-
-        // Replace numeric entities because html_entity_decode doesn't
-        // do it for us.
-        $str = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $str);
-        $str = preg_replace('~&#([0-9]+);~e', 'chr(\\1)', $str);
-
-        return $str;
-    }
-
-    /**
-     * Strip single and double quotes off of a string, if they are
-     * present.
-     *
-     * @access private
-     * @param string $str The original string
-     * @return string $new_str The new string with leading and
-     * trailing quotes removed
-     */
-    function removeQuotes($str)
-    {
-        $matches = array();
-        $double = '/^"(.*)"$/';
-        $single = "/^\'(.*)\'$/";
-
-        if (preg_match($double, $str, $matches)) {
-            return $matches[1];
-        } else if (preg_match($single, $str, $matches)) {
-            return $matches[1];
-        } else {
-            return $str;
-        }
-    }
-
-    /**
-     * Create a regular expression that will match an opening 
-     * or closing tag from a set of names.
-     *
-     * @access private
-     * @param mixed $tag_names Tag names to match
-     * @param mixed $close false/0 = no, true/1 = yes, other = maybe
-     * @param mixed $self_close false/0 = no, true/1 = yes, other = maybe
-     * @return string $regex A regular expression string to be used
-     * in, say, preg_match.
-     */
-    function tagPattern($tag_names, $close, $self_close)
-    {
-        if (is_array($tag_names)) {
-            $tag_names = '(?:'.implode('|',$tag_names).')';
-        }
-        if ($close) {
-            $close = '\/' . (($close == 1)? '' : '?');
-        } else {
-            $close = '';
-        }
-        if ($self_close) {
-            $self_close = '(?:\/\s*)' . (($self_close == 1)? '' : '?');
-        } else {
-            $self_close = '';
-        }
-        $expr = sprintf($this->_tag_expr, $close, $tag_names, $self_close);
-
-        return sprintf("/%s/%s", $expr, $this->_re_flags);
-    }
-
-    /**
-     * Given an HTML document string, this finds all the META tags in
-     * the document, provided they are found in the
-     * <HTML><HEAD>...</HEAD> section of the document.  The <HTML> tag
-     * may be missing.
-     *
-     * @access private
-     * @param string $html_string An HTMl document string
-     * @return array $tag_list Array of tags; each tag is an array of
-     * attribute -> value.
-     */
-    function getMetaTags($html_string)
-    {
-        $html_string = preg_replace($this->_removed_re,
-                                    "",
-                                    $html_string);
-
-        $key_tags = array($this->tagPattern('html', false, false),
-                          $this->tagPattern('head', false, false),
-                          $this->tagPattern('head', true, false),
-                          $this->tagPattern('html', true, false),
-                          $this->tagPattern(array(
-                          'body', 'frameset', 'frame', 'p', 'div',
-                          'table','span','a'), 'maybe', 'maybe'));
-        $key_tags_pos = array();
-        foreach ($key_tags as $pat) {
-            $matches = array();
-            preg_match($pat, $html_string, $matches, PREG_OFFSET_CAPTURE);
-            if($matches) {
-                $key_tags_pos[] = $matches[0][1];
-            } else {
-                $key_tags_pos[] = null;
-            }
-        }
-        // no opening head tag
-        if (is_null($key_tags_pos[1])) {
-            return array();
-        }
-        // the effective </head> is the min of the following
-        if (is_null($key_tags_pos[2])) {
-            $key_tags_pos[2] = strlen($html_string);
-        }
-        foreach (array($key_tags_pos[3], $key_tags_pos[4]) as $pos) {
-            if (!is_null($pos) && $pos < $key_tags_pos[2]) {
-                $key_tags_pos[2] = $pos;
-            }
-        }
-        // closing head tag comes before opening head tag
-        if ($key_tags_pos[1] > $key_tags_pos[2]) {
-            return array();
-        }
-        // if there is an opening html tag, make sure the opening head tag
-        // comes after it
-        if (!is_null($key_tags_pos[0]) && $key_tags_pos[1] < $key_tags_pos[0]) {
-            return array();
-        }
-        $html_string = substr($html_string, $key_tags_pos[1],
-                              ($key_tags_pos[2]-$key_tags_pos[1]));
-
-        $link_data = array();
-        $link_matches = array();
-        
-        if (!preg_match_all($this->tagPattern('meta', false, 'maybe'),
-                            $html_string, $link_matches)) {
-            return array();
-        }
-
-        foreach ($link_matches[0] as $link) {
-            $attr_matches = array();
-            preg_match_all($this->_attr_find, $link, $attr_matches);
-            $link_attrs = array();
-            foreach ($attr_matches[0] as $index => $full_match) {
-                $name = $attr_matches[1][$index];
-                $value = $this->replaceEntities(
-                              $this->removeQuotes($attr_matches[2][$index]));
-
-                $link_attrs[strtolower($name)] = $value;
-            }
-            $link_data[] = $link_attrs;
-        }
-
-        return $link_data;
-    }
-
-    /**
-     * Looks for a META tag with an "http-equiv" attribute whose value
-     * is one of ("x-xrds-location", "x-yadis-location"), ignoring
-     * case.  If such a META tag is found, its "content" attribute
-     * value is returned.
-     *
-     * @param string $html_string An HTML document in string format
-     * @return mixed $content The "content" attribute value of the
-     * META tag, if found, or null if no such tag was found.
-     */
-    function getHTTPEquiv($html_string)
-    {
-        $meta_tags = $this->getMetaTags($html_string);
-
-        if ($meta_tags) {
-            foreach ($meta_tags as $tag) {
-                if (array_key_exists('http-equiv', $tag) &&
-                    (in_array(strtolower($tag['http-equiv']),
-                              array('x-xrds-location', 'x-yadis-location'))) &&
-                    array_key_exists('content', $tag)) {
-                    return $tag['content'];
-                }
-            }
-        }
-
-        return null;
-    }
-}
-
diff --git a/lib/Auth/Yadis/PlainHTTPFetcher.php b/lib/Auth/Yadis/PlainHTTPFetcher.php
deleted file mode 100644
index 26890539aad69fa3c991d2c41c04c1140ee1a4a0..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/PlainHTTPFetcher.php
+++ /dev/null
@@ -1,248 +0,0 @@
-<?php
-
-/**
- * This module contains the plain non-curl HTTP fetcher
- * implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Interface import
- */
-require_once "Auth/Yadis/HTTPFetcher.php";
-
-/**
- * This class implements a plain, hand-built socket-based fetcher
- * which will be used in the event that CURL is unavailable.
- *
- * @package OpenID
- */
-class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher {
-    /**
-     * Does this fetcher support SSL URLs?
-     */
-    function supportsSSL()
-    {
-        return function_exists('openssl_open');
-    }
-
-    function get($url, $extra_headers = null)
-    {
-        if (!$this->canFetchURL($url)) {
-            return null;
-        }
-
-        $redir = true;
-
-        $stop = time() + $this->timeout;
-        $off = $this->timeout;
-
-        while ($redir && ($off > 0)) {
-
-            $parts = parse_url($url);
-
-            $specify_port = true;
-
-            // Set a default port.
-            if (!array_key_exists('port', $parts)) {
-                $specify_port = false;
-                if ($parts['scheme'] == 'http') {
-                    $parts['port'] = 80;
-                } elseif ($parts['scheme'] == 'https') {
-                    $parts['port'] = 443;
-                } else {
-                    return null;
-                }
-            }
-
-            if (!array_key_exists('path', $parts)) {
-                $parts['path'] = '/';
-            }
-
-            $host = $parts['host'];
-
-            if ($parts['scheme'] == 'https') {
-                $host = 'ssl://' . $host;
-            }
-
-            $user_agent = Auth_OpenID_USER_AGENT;
-
-            $headers = array(
-                             "GET ".$parts['path'].
-                             (array_key_exists('query', $parts) ?
-                              "?".$parts['query'] : "").
-                                 " HTTP/1.0",
-                             "User-Agent: $user_agent",
-                             "Host: ".$parts['host'].
-                                ($specify_port ? ":".$parts['port'] : ""),
-                             "Port: ".$parts['port']);
-
-            $errno = 0;
-            $errstr = '';
-
-            if ($extra_headers) {
-                foreach ($extra_headers as $h) {
-                    $headers[] = $h;
-                }
-            }
-
-            @$sock = fsockopen($host, $parts['port'], $errno, $errstr,
-                               $this->timeout);
-            if ($sock === false) {
-                return false;
-            }
-
-            stream_set_timeout($sock, $this->timeout);
-
-            fputs($sock, implode("\r\n", $headers) . "\r\n\r\n");
-
-            $data = "";
-            $kilobytes = 0;
-            while (!feof($sock) &&
-                   $kilobytes < Auth_OpenID_FETCHER_MAX_RESPONSE_KB ) {
-                $data .= fgets($sock, 1024);
-                $kilobytes += 1;
-            }
-
-            fclose($sock);
-
-            // Split response into header and body sections
-            list($headers, $body) = explode("\r\n\r\n", $data, 2);
-            $headers = explode("\r\n", $headers);
-
-            $http_code = explode(" ", $headers[0]);
-            $code = $http_code[1];
-
-            if (in_array($code, array('301', '302'))) {
-                $url = $this->_findRedirect($headers, $url);
-                $redir = true;
-            } else {
-                $redir = false;
-            }
-
-            $off = $stop - time();
-        }
-
-        $new_headers = array();
-
-        foreach ($headers as $header) {
-            if (preg_match("/:/", $header)) {
-                $parts = explode(": ", $header, 2);
-
-                if (count($parts) == 2) {
-                    list($name, $value) = $parts;
-                    $new_headers[$name] = $value;
-                }
-            }
-
-        }
-
-        return new Auth_Yadis_HTTPResponse($url, $code, $new_headers, $body);
-    }
-
-    function post($url, $body, $extra_headers = null)
-    {
-        if (!$this->canFetchURL($url)) {
-            return null;
-        }
-
-        $parts = parse_url($url);
-
-        $headers = array();
-
-        $post_path = $parts['path'];
-        if (isset($parts['query'])) {
-            $post_path .= '?' . $parts['query'];
-        }
-
-        $headers[] = "POST ".$post_path." HTTP/1.0";
-        $headers[] = "Host: " . $parts['host'];
-        $headers[] = "Content-type: application/x-www-form-urlencoded";
-        $headers[] = "Content-length: " . strval(strlen($body));
-
-        if ($extra_headers &&
-            is_array($extra_headers)) {
-            $headers = array_merge($headers, $extra_headers);
-        }
-
-        // Join all headers together.
-        $all_headers = implode("\r\n", $headers);
-
-        // Add headers, two newlines, and request body.
-        $request = $all_headers . "\r\n\r\n" . $body;
-
-        // Set a default port.
-        if (!array_key_exists('port', $parts)) {
-            if ($parts['scheme'] == 'http') {
-                $parts['port'] = 80;
-            } elseif ($parts['scheme'] == 'https') {
-                $parts['port'] = 443;
-            } else {
-                return null;
-            }
-        }
-
-        if ($parts['scheme'] == 'https') {
-            $parts['host'] = sprintf("ssl://%s", $parts['host']);
-        }
-
-        // Connect to the remote server.
-        $errno = 0;
-        $errstr = '';
-
-        $sock = fsockopen($parts['host'], $parts['port'], $errno, $errstr,
-                          $this->timeout);
-
-        if ($sock === false) {
-            return null;
-        }
-
-        stream_set_timeout($sock, $this->timeout);
-
-        // Write the POST request.
-        fputs($sock, $request);
-
-        // Get the response from the server.
-        $response = "";
-        while (!feof($sock)) {
-            if ($data = fgets($sock, 128)) {
-                $response .= $data;
-            } else {
-                break;
-            }
-        }
-
-        // Split the request into headers and body.
-        list($headers, $response_body) = explode("\r\n\r\n", $response, 2);
-
-        $headers = explode("\r\n", $headers);
-
-        // Expect the first line of the headers data to be something
-        // like HTTP/1.1 200 OK.  Split the line on spaces and take
-        // the second token, which should be the return code.
-        $http_code = explode(" ", $headers[0]);
-        $code = $http_code[1];
-
-        $new_headers = array();
-
-        foreach ($headers as $header) {
-            if (preg_match("/:/", $header)) {
-                list($name, $value) = explode(": ", $header, 2);
-                $new_headers[$name] = $value;
-            }
-
-        }
-
-        return new Auth_Yadis_HTTPResponse($url, $code,
-                                           $new_headers, $response_body);
-    }
-}
-
diff --git a/lib/Auth/Yadis/XML.php b/lib/Auth/Yadis/XML.php
deleted file mode 100644
index cf1f5c41b28638f32c4126ea651dfbf93dc984f2..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/XML.php
+++ /dev/null
@@ -1,352 +0,0 @@
-<?php
-
-/**
- * XML-parsing classes to wrap the domxml and DOM extensions for PHP 4
- * and 5, respectively.
- *
- * @package OpenID
- */
-
-/**
- * The base class for wrappers for available PHP XML-parsing
- * extensions.  To work with this Yadis library, subclasses of this
- * class MUST implement the API as defined in the remarks for this
- * class.  Subclasses of Auth_Yadis_XMLParser are used to wrap
- * particular PHP XML extensions such as 'domxml'.  These are used
- * internally by the library depending on the availability of
- * supported PHP XML extensions.
- *
- * @package OpenID
- */
-class Auth_Yadis_XMLParser {
-    /**
-     * Initialize an instance of Auth_Yadis_XMLParser with some
-     * XML and namespaces.  This SHOULD NOT be overridden by
-     * subclasses.
-     *
-     * @param string $xml_string A string of XML to be parsed.
-     * @param array $namespace_map An array of ($ns_name => $ns_uri)
-     * to be registered with the XML parser.  May be empty.
-     * @return boolean $result True if the initialization and
-     * namespace registration(s) succeeded; false otherwise.
-     */
-    function init($xml_string, $namespace_map)
-    {
-        if (!$this->setXML($xml_string)) {
-            return false;
-        }
-
-        foreach ($namespace_map as $prefix => $uri) {
-            if (!$this->registerNamespace($prefix, $uri)) {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * Register a namespace with the XML parser.  This should be
-     * overridden by subclasses.
-     *
-     * @param string $prefix The namespace prefix to appear in XML tag
-     * names.
-     *
-     * @param string $uri The namespace URI to be used to identify the
-     * namespace in the XML.
-     *
-     * @return boolean $result True if the registration succeeded;
-     * false otherwise.
-     */
-    function registerNamespace($prefix, $uri)
-    {
-        // Not implemented.
-    }
-
-    /**
-     * Set this parser object's XML payload.  This should be
-     * overridden by subclasses.
-     *
-     * @param string $xml_string The XML string to pass to this
-     * object's XML parser.
-     *
-     * @return boolean $result True if the initialization succeeded;
-     * false otherwise.
-     */
-    function setXML($xml_string)
-    {
-        // Not implemented.
-    }
-
-    /**
-     * Evaluate an XPath expression and return the resulting node
-     * list.  This should be overridden by subclasses.
-     *
-     * @param string $xpath The XPath expression to be evaluated.
-     *
-     * @param mixed $node A node object resulting from a previous
-     * evalXPath call.  This node, if specified, provides the context
-     * for the evaluation of this xpath expression.
-     *
-     * @return array $node_list An array of matching opaque node
-     * objects to be used with other methods of this parser class.
-     */
-    function &evalXPath($xpath, $node = null)
-    {
-        // Not implemented.
-    }
-
-    /**
-     * Return the textual content of a specified node.
-     *
-     * @param mixed $node A node object from a previous call to
-     * $this->evalXPath().
-     *
-     * @return string $content The content of this node.
-     */
-    function content($node)
-    {
-        // Not implemented.
-    }
-
-    /**
-     * Return the attributes of a specified node.
-     *
-     * @param mixed $node A node object from a previous call to
-     * $this->evalXPath().
-     *
-     * @return array $attrs An array mapping attribute names to
-     * values.
-     */
-    function attributes($node)
-    {
-        // Not implemented.
-    }
-}
-
-/**
- * This concrete implementation of Auth_Yadis_XMLParser implements
- * the appropriate API for the 'domxml' extension which is typically
- * packaged with PHP 4.  This class will be used whenever the 'domxml'
- * extension is detected.  See the Auth_Yadis_XMLParser class for
- * details on this class's methods.
- *
- * @package OpenID
- */
-class Auth_Yadis_domxml extends Auth_Yadis_XMLParser {
-    function Auth_Yadis_domxml()
-    {
-        $this->xml = null;
-        $this->doc = null;
-        $this->xpath = null;
-        $this->errors = array();
-    }
-
-    function setXML($xml_string)
-    {
-        $this->xml = $xml_string;
-        $this->doc = @domxml_open_mem($xml_string, DOMXML_LOAD_PARSING,
-                                      $this->errors);
-
-        if (!$this->doc) {
-            return false;
-        }
-
-        $this->xpath = $this->doc->xpath_new_context();
-
-        return true;
-    }
-
-    function registerNamespace($prefix, $uri)
-    {
-        return xpath_register_ns($this->xpath, $prefix, $uri);
-    }
-
-    function &evalXPath($xpath, $node = null)
-    {
-        if ($node) {
-            $result = @$this->xpath->xpath_eval($xpath, $node);
-        } else {
-            $result = @$this->xpath->xpath_eval($xpath);
-        }
-
-        if (!$result) {
-            $n = array();
-            return $n;
-        }
-
-        if (!$result->nodeset) {
-            $n = array();
-            return $n;
-        }
-
-        return $result->nodeset;
-    }
-
-    function content($node)
-    {
-        if ($node) {
-            return $node->get_content();
-        }
-    }
-
-    function attributes($node)
-    {
-        if ($node) {
-            $arr = $node->attributes();
-            $result = array();
-
-            if ($arr) {
-                foreach ($arr as $attrnode) {
-                    $result[$attrnode->name] = $attrnode->value;
-                }
-            }
-
-            return $result;
-        }
-    }
-}
-
-/**
- * This concrete implementation of Auth_Yadis_XMLParser implements
- * the appropriate API for the 'dom' extension which is typically
- * packaged with PHP 5.  This class will be used whenever the 'dom'
- * extension is detected.  See the Auth_Yadis_XMLParser class for
- * details on this class's methods.
- *
- * @package OpenID
- */
-class Auth_Yadis_dom extends Auth_Yadis_XMLParser {
-    function Auth_Yadis_dom()
-    {
-        $this->xml = null;
-        $this->doc = null;
-        $this->xpath = null;
-        $this->errors = array();
-    }
-
-    function setXML($xml_string)
-    {
-        $this->xml = $xml_string;
-        $this->doc = new DOMDocument;
-
-        if (!$this->doc) {
-            return false;
-        }
-
-        if (!@$this->doc->loadXML($xml_string)) {
-            return false;
-        }
-
-        $this->xpath = new DOMXPath($this->doc);
-
-        if ($this->xpath) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    function registerNamespace($prefix, $uri)
-    {
-        return $this->xpath->registerNamespace($prefix, $uri);
-    }
-
-    function &evalXPath($xpath, $node = null)
-    {
-        if ($node) {
-            $result = @$this->xpath->query($xpath, $node);
-        } else {
-            $result = @$this->xpath->query($xpath);
-        }
-
-        $n = array();
-
-        if (!$result) {
-            return $n;
-        }
-
-        for ($i = 0; $i < $result->length; $i++) {
-            $n[] = $result->item($i);
-        }
-
-        return $n;
-    }
-
-    function content($node)
-    {
-        if ($node) {
-            return $node->textContent;
-        }
-    }
-
-    function attributes($node)
-    {
-        if ($node) {
-            $arr = $node->attributes;
-            $result = array();
-
-            if ($arr) {
-                for ($i = 0; $i < $arr->length; $i++) {
-                    $node = $arr->item($i);
-                    $result[$node->nodeName] = $node->nodeValue;
-                }
-            }
-
-            return $result;
-        }
-    }
-}
-
-global $__Auth_Yadis_defaultParser;
-$__Auth_Yadis_defaultParser = null;
-
-/**
- * Set a default parser to override the extension-driven selection of
- * available parser classes.  This is helpful in a test environment or
- * one in which multiple parsers can be used but one is more
- * desirable.
- *
- * @param Auth_Yadis_XMLParser $parser An instance of a
- * Auth_Yadis_XMLParser subclass.
- */
-function Auth_Yadis_setDefaultParser($parser)
-{
-    global $__Auth_Yadis_defaultParser;
-    $__Auth_Yadis_defaultParser = $parser;
-}
-
-function Auth_Yadis_getSupportedExtensions()
-{
-    return array('dom'    => 'Auth_Yadis_dom',
-                 'domxml' => 'Auth_Yadis_domxml');
-}
-
-/**
- * Returns an instance of a Auth_Yadis_XMLParser subclass based on
- * the availability of PHP extensions for XML parsing.  If
- * Auth_Yadis_setDefaultParser has been called, the parser used in
- * that call will be returned instead.
- */
-function Auth_Yadis_getXMLParser()
-{
-    global $__Auth_Yadis_defaultParser;
-    
-    if (isset($__Auth_Yadis_defaultParser)) {
-        return $__Auth_Yadis_defaultParser;
-    }
-    
-    foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname)
-    {
-      if (extension_loaded($extension))
-      {
-        $p = new $classname();
-        Auth_Yadis_setDefaultParser($p);
-        return $p;
-      }
-    }
-    
-    return false;
-}
-
-
diff --git a/lib/Auth/Yadis/XRDS.php b/lib/Auth/Yadis/XRDS.php
deleted file mode 100644
index 1f5af96fb21a69c0dcc0641fde44567eb72e9a24..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/XRDS.php
+++ /dev/null
@@ -1,478 +0,0 @@
-<?php
-
-/**
- * This module contains the XRDS parsing code.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require the XPath implementation.
- */
-require_once 'Auth/Yadis/XML.php';
-
-/**
- * This match mode means a given service must match ALL filters passed
- * to the Auth_Yadis_XRDS::services() call.
- */
-define('SERVICES_YADIS_MATCH_ALL', 101);
-
-/**
- * This match mode means a given service must match ANY filters (at
- * least one) passed to the Auth_Yadis_XRDS::services() call.
- */
-define('SERVICES_YADIS_MATCH_ANY', 102);
-
-/**
- * The priority value used for service elements with no priority
- * specified.
- */
-define('SERVICES_YADIS_MAX_PRIORITY', pow(2, 30));
-
-/**
- * XRD XML namespace
- */
-define('Auth_Yadis_XMLNS_XRD_2_0', 'xri://$xrd*($v*2.0)');
-
-/**
- * XRDS XML namespace
- */
-define('Auth_Yadis_XMLNS_XRDS', 'xri://$xrds');
-
-function Auth_Yadis_getNSMap()
-{
-    return array('xrds' => Auth_Yadis_XMLNS_XRDS,
-                 'xrd' => Auth_Yadis_XMLNS_XRD_2_0);
-}
-
-/**
- * @access private
- */
-function Auth_Yadis_array_scramble($arr)
-{
-    $result = array();
-
-    while (count($arr)) {
-        $index = array_rand($arr, 1);
-        $result[] = $arr[$index];
-        unset($arr[$index]);
-    }
-
-    return $result;
-}
-
-/**
- * This class represents a <Service> element in an XRDS document.
- * Objects of this type are returned by
- * Auth_Yadis_XRDS::services() and
- * Auth_Yadis_Yadis::services().  Each object corresponds directly
- * to a <Service> element in the XRDS and supplies a
- * getElements($name) method which you should use to inspect the
- * element's contents.  See {@link Auth_Yadis_Yadis} for more
- * information on the role this class plays in Yadis discovery.
- *
- * @package OpenID
- */
-class Auth_Yadis_Service {
-
-    /**
-     * Creates an empty service object.
-     */
-    function Auth_Yadis_Service()
-    {
-        $this->element = null;
-        $this->parser = null;
-    }
-
-    /**
-     * Return the URIs in the "Type" elements, if any, of this Service
-     * element.
-     *
-     * @return array $type_uris An array of Type URI strings.
-     */
-    function getTypes()
-    {
-        $t = array();
-        foreach ($this->getElements('xrd:Type') as $elem) {
-            $c = $this->parser->content($elem);
-            if ($c) {
-                $t[] = $c;
-            }
-        }
-        return $t;
-    }
-
-    function matchTypes($type_uris)
-    {
-        $result = array();
-
-        foreach ($this->getTypes() as $typ) {
-            if (in_array($typ, $type_uris)) {
-                $result[] = $typ;
-            }
-        }
-
-        return $result;
-    }
-
-    /**
-     * Return the URIs in the "URI" elements, if any, of this Service
-     * element.  The URIs are returned sorted in priority order.
-     *
-     * @return array $uris An array of URI strings.
-     */
-    function getURIs()
-    {
-        $uris = array();
-        $last = array();
-
-        foreach ($this->getElements('xrd:URI') as $elem) {
-            $uri_string = $this->parser->content($elem);
-            $attrs = $this->parser->attributes($elem);
-            if ($attrs &&
-                array_key_exists('priority', $attrs)) {
-                $priority = intval($attrs['priority']);
-                if (!array_key_exists($priority, $uris)) {
-                    $uris[$priority] = array();
-                }
-
-                $uris[$priority][] = $uri_string;
-            } else {
-                $last[] = $uri_string;
-            }
-        }
-
-        $keys = array_keys($uris);
-        sort($keys);
-
-        // Rebuild array of URIs.
-        $result = array();
-        foreach ($keys as $k) {
-            $new_uris = Auth_Yadis_array_scramble($uris[$k]);
-            $result = array_merge($result, $new_uris);
-        }
-
-        $result = array_merge($result,
-                              Auth_Yadis_array_scramble($last));
-
-        return $result;
-    }
-
-    /**
-     * Returns the "priority" attribute value of this <Service>
-     * element, if the attribute is present.  Returns null if not.
-     *
-     * @return mixed $result Null or integer, depending on whether
-     * this Service element has a 'priority' attribute.
-     */
-    function getPriority()
-    {
-        $attributes = $this->parser->attributes($this->element);
-
-        if (array_key_exists('priority', $attributes)) {
-            return intval($attributes['priority']);
-        }
-
-        return null;
-    }
-
-    /**
-     * Used to get XML elements from this object's <Service> element.
-     *
-     * This is what you should use to get all custom information out
-     * of this element. This is used by service filter functions to
-     * determine whether a service element contains specific tags,
-     * etc.  NOTE: this only considers elements which are direct
-     * children of the <Service> element for this object.
-     *
-     * @param string $name The name of the element to look for
-     * @return array $list An array of elements with the specified
-     * name which are direct children of the <Service> element.  The
-     * nodes returned by this function can be passed to $this->parser
-     * methods (see {@link Auth_Yadis_XMLParser}).
-     */
-    function getElements($name)
-    {
-        return $this->parser->evalXPath($name, $this->element);
-    }
-}
-
-/*
- * Return the expiration date of this XRD element, or None if no
- * expiration was specified.
- *
- * @param $default The value to use as the expiration if no expiration
- * was specified in the XRD.
- */
-function Auth_Yadis_getXRDExpiration($xrd_element, $default=null)
-{
-    $expires_element = $xrd_element->$parser->evalXPath('/xrd:Expires');
-    if ($expires_element === null) {
-        return $default;
-    } else {
-        $expires_string = $expires_element->text;
-
-        // Will raise ValueError if the string is not the expected
-        // format
-        $t = strptime($expires_string, "%Y-%m-%dT%H:%M:%SZ");
-
-        if ($t === false) {
-            return false;
-        }
-
-        // [int $hour [, int $minute [, int $second [,
-        //  int $month [, int $day [, int $year ]]]]]]
-        return mktime($t['tm_hour'], $t['tm_min'], $t['tm_sec'],
-                      $t['tm_mon'], $t['tm_day'], $t['tm_year']);
-    }
-}
-
-/**
- * This class performs parsing of XRDS documents.
- *
- * You should not instantiate this class directly; rather, call
- * parseXRDS statically:
- *
- * <pre>  $xrds = Auth_Yadis_XRDS::parseXRDS($xml_string);</pre>
- *
- * If the XRDS can be parsed and is valid, an instance of
- * Auth_Yadis_XRDS will be returned.  Otherwise, null will be
- * returned.  This class is used by the Auth_Yadis_Yadis::discover
- * method.
- *
- * @package OpenID
- */
-class Auth_Yadis_XRDS {
-
-    /**
-     * Instantiate a Auth_Yadis_XRDS object.  Requires an XPath
-     * instance which has been used to parse a valid XRDS document.
-     */
-    function Auth_Yadis_XRDS($xmlParser, $xrdNodes)
-    {
-        $this->parser = $xmlParser;
-        $this->xrdNode = $xrdNodes[count($xrdNodes) - 1];
-        $this->allXrdNodes = $xrdNodes;
-        $this->serviceList = array();
-        $this->_parse();
-    }
-
-    /**
-     * Parse an XML string (XRDS document) and return either a
-     * Auth_Yadis_XRDS object or null, depending on whether the
-     * XRDS XML is valid.
-     *
-     * @param string $xml_string An XRDS XML string.
-     * @return mixed $xrds An instance of Auth_Yadis_XRDS or null,
-     * depending on the validity of $xml_string
-     */
-    static function parseXRDS($xml_string, $extra_ns_map = null)
-    {
-        $_null = null;
-
-        if (!$xml_string) {
-            return $_null;
-        }
-
-        $parser = Auth_Yadis_getXMLParser();
-
-        $ns_map = Auth_Yadis_getNSMap();
-
-        if ($extra_ns_map && is_array($extra_ns_map)) {
-            $ns_map = array_merge($ns_map, $extra_ns_map);
-        }
-
-        if (!($parser && $parser->init($xml_string, $ns_map))) {
-            return $_null;
-        }
-
-        // Try to get root element.
-        $root = $parser->evalXPath('/xrds:XRDS[1]');
-        if (!$root) {
-            return $_null;
-        }
-
-        if (is_array($root)) {
-            $root = $root[0];
-        }
-
-        $attrs = $parser->attributes($root);
-
-        if (array_key_exists('xmlns:xrd', $attrs) &&
-            $attrs['xmlns:xrd'] != Auth_Yadis_XMLNS_XRDS) {
-            return $_null;
-        } else if (array_key_exists('xmlns', $attrs) &&
-                   preg_match('/xri/', $attrs['xmlns']) &&
-                   $attrs['xmlns'] != Auth_Yadis_XMLNS_XRD_2_0) {
-            return $_null;
-        }
-
-        // Get the last XRD node.
-        $xrd_nodes = $parser->evalXPath('/xrds:XRDS[1]/xrd:XRD');
-
-        if (!$xrd_nodes) {
-            return $_null;
-        }
-
-        $xrds = new Auth_Yadis_XRDS($parser, $xrd_nodes);
-        return $xrds;
-    }
-
-    /**
-     * @access private
-     */
-    function _addService($priority, $service)
-    {
-        $priority = intval($priority);
-
-        if (!array_key_exists($priority, $this->serviceList)) {
-            $this->serviceList[$priority] = array();
-        }
-
-        $this->serviceList[$priority][] = $service;
-    }
-
-    /**
-     * Creates the service list using nodes from the XRDS XML
-     * document.
-     *
-     * @access private
-     */
-    function _parse()
-    {
-        $this->serviceList = array();
-
-        $services = $this->parser->evalXPath('xrd:Service', $this->xrdNode);
-
-        foreach ($services as $node) {
-            $s = new Auth_Yadis_Service();
-            $s->element = $node;
-            $s->parser = $this->parser;
-
-            $priority = $s->getPriority();
-
-            if ($priority === null) {
-                $priority = SERVICES_YADIS_MAX_PRIORITY;
-            }
-
-            $this->_addService($priority, $s);
-        }
-    }
-
-    /**
-     * Returns a list of service objects which correspond to <Service>
-     * elements in the XRDS XML document for this object.
-     *
-     * Optionally, an array of filter callbacks may be given to limit
-     * the list of returned service objects.  Furthermore, the default
-     * mode is to return all service objects which match ANY of the
-     * specified filters, but $filter_mode may be
-     * SERVICES_YADIS_MATCH_ALL if you want to be sure that the
-     * returned services match all the given filters.  See {@link
-     * Auth_Yadis_Yadis} for detailed usage information on filter
-     * functions.
-     *
-     * @param mixed $filters An array of callbacks to filter the
-     * returned services, or null if all services are to be returned.
-     * @param integer $filter_mode SERVICES_YADIS_MATCH_ALL or
-     * SERVICES_YADIS_MATCH_ANY, depending on whether the returned
-     * services should match ALL or ANY of the specified filters,
-     * respectively.
-     * @return mixed $services An array of {@link
-     * Auth_Yadis_Service} objects if $filter_mode is a valid
-     * mode; null if $filter_mode is an invalid mode (i.e., not
-     * SERVICES_YADIS_MATCH_ANY or SERVICES_YADIS_MATCH_ALL).
-     */
-    function services($filters = null,
-                      $filter_mode = SERVICES_YADIS_MATCH_ANY)
-    {
-
-        $pri_keys = array_keys($this->serviceList);
-        sort($pri_keys, SORT_NUMERIC);
-
-        // If no filters are specified, return the entire service
-        // list, ordered by priority.
-        if (!$filters ||
-            (!is_array($filters))) {
-
-            $result = array();
-            foreach ($pri_keys as $pri) {
-                $result = array_merge($result, $this->serviceList[$pri]);
-            }
-
-            return $result;
-        }
-
-        // If a bad filter mode is specified, return null.
-        if (!in_array($filter_mode, array(SERVICES_YADIS_MATCH_ANY,
-                                          SERVICES_YADIS_MATCH_ALL))) {
-            return null;
-        }
-
-        // Otherwise, use the callbacks in the filter list to
-        // determine which services are returned.
-        $filtered = array();
-
-        foreach ($pri_keys as $priority_value) {
-            $service_obj_list = $this->serviceList[$priority_value];
-
-            foreach ($service_obj_list as $service) {
-
-                $matches = 0;
-
-                foreach ($filters as $filter) {
-
-                    if (call_user_func_array($filter, array(&$service))) {
-                        $matches++;
-
-                        if ($filter_mode == SERVICES_YADIS_MATCH_ANY) {
-                            $pri = $service->getPriority();
-                            if ($pri === null) {
-                                $pri = SERVICES_YADIS_MAX_PRIORITY;
-                            }
-
-                            if (!array_key_exists($pri, $filtered)) {
-                                $filtered[$pri] = array();
-                            }
-
-                            $filtered[$pri][] = $service;
-                            break;
-                        }
-                    }
-                }
-
-                if (($filter_mode == SERVICES_YADIS_MATCH_ALL) &&
-                    ($matches == count($filters))) {
-
-                    $pri = $service->getPriority();
-                    if ($pri === null) {
-                        $pri = SERVICES_YADIS_MAX_PRIORITY;
-                    }
-
-                    if (!array_key_exists($pri, $filtered)) {
-                        $filtered[$pri] = array();
-                    }
-                    $filtered[$pri][] = $service;
-                }
-            }
-        }
-
-        $pri_keys = array_keys($filtered);
-        sort($pri_keys, SORT_NUMERIC);
-
-        $result = array();
-        foreach ($pri_keys as $pri) {
-            $result = array_merge($result, $filtered[$pri]);
-        }
-
-        return $result;
-    }
-}
-
diff --git a/lib/Auth/Yadis/XRI.php b/lib/Auth/Yadis/XRI.php
deleted file mode 100644
index 0143a692e0d12138c91e37dd6059be814d8525af..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/XRI.php
+++ /dev/null
@@ -1,234 +0,0 @@
-<?php
-
-/**
- * Routines for XRI resolution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/Yadis/Misc.php';
-require_once 'Auth/Yadis/Yadis.php';
-require_once 'Auth/OpenID.php';
-
-function Auth_Yadis_getDefaultProxy()
-{
-    return 'http://xri.net/';
-}
-
-function Auth_Yadis_getXRIAuthorities()
-{
-    return array('!', '=', '@', '+', '$', '(');
-}
-
-function Auth_Yadis_getEscapeRE()
-{
-    $parts = array();
-    foreach (array_merge(Auth_Yadis_getUCSChars(),
-                         Auth_Yadis_getIPrivateChars()) as $pair) {
-        list($m, $n) = $pair;
-        $parts[] = sprintf("%s-%s", chr($m), chr($n));
-    }
-
-    return sprintf('/[%s]/', implode('', $parts));
-}
-
-function Auth_Yadis_getXrefRE()
-{
-    return '/\((.*?)\)/';
-}
-
-function Auth_Yadis_identifierScheme($identifier)
-{
-    if (Auth_Yadis_startswith($identifier, 'xri://') ||
-        ($identifier &&
-          in_array($identifier[0], Auth_Yadis_getXRIAuthorities()))) {
-        return "XRI";
-    } else {
-        return "URI";
-    }
-}
-
-function Auth_Yadis_toIRINormal($xri)
-{
-    if (!Auth_Yadis_startswith($xri, 'xri://')) {
-        $xri = 'xri://' . $xri;
-    }
-
-    return Auth_Yadis_escapeForIRI($xri);
-}
-
-function _escape_xref($xref_match)
-{
-    $xref = $xref_match[0];
-    $xref = str_replace('/', '%2F', $xref);
-    $xref = str_replace('?', '%3F', $xref);
-    $xref = str_replace('#', '%23', $xref);
-    return $xref;
-}
-
-function Auth_Yadis_escapeForIRI($xri)
-{
-    $xri = str_replace('%', '%25', $xri);
-    $xri = preg_replace_callback(Auth_Yadis_getXrefRE(),
-                                 '_escape_xref', $xri);
-    return $xri;
-}
-
-function Auth_Yadis_toURINormal($xri)
-{
-    return Auth_Yadis_iriToURI(Auth_Yadis_toIRINormal($xri));
-}
-
-function Auth_Yadis_iriToURI($iri)
-{
-    if (1) {
-        return $iri;
-    } else {
-        // According to RFC 3987, section 3.1, "Mapping of IRIs to URIs"
-        return preg_replace_callback(Auth_Yadis_getEscapeRE(),
-                                     'Auth_Yadis_pct_escape_unicode', $iri);
-    }
-}
-
-
-function Auth_Yadis_XRIAppendArgs($url, $args)
-{
-    // Append some arguments to an HTTP query.  Yes, this is just like
-    // OpenID's appendArgs, but with special seasoning for XRI
-    // queries.
-
-    if (count($args) == 0) {
-        return $url;
-    }
-
-    // Non-empty array; if it is an array of arrays, use multisort;
-    // otherwise use sort.
-    if (array_key_exists(0, $args) &&
-        is_array($args[0])) {
-        // Do nothing here.
-    } else {
-        $keys = array_keys($args);
-        sort($keys);
-        $new_args = array();
-        foreach ($keys as $key) {
-            $new_args[] = array($key, $args[$key]);
-        }
-        $args = $new_args;
-    }
-
-    // According to XRI Resolution section "QXRI query parameters":
-    //
-    // "If the original QXRI had a null query component (only a
-    //  leading question mark), or a query component consisting of
-    //  only question marks, one additional leading question mark MUST
-    //  be added when adding any XRI resolution parameters."
-    if (strpos(rtrim($url, '?'), '?') !== false) {
-        $sep = '&';
-    } else {
-        $sep = '?';
-    }
-
-    return $url . $sep . Auth_OpenID::httpBuildQuery($args);
-}
-
-function Auth_Yadis_providerIsAuthoritative($providerID, $canonicalID)
-{
-    $lastbang = strrpos($canonicalID, '!');
-    $p = substr($canonicalID, 0, $lastbang);
-    return $p == $providerID;
-}
-
-function Auth_Yadis_rootAuthority($xri)
-{
-    // Return the root authority for an XRI.
-
-    $root = null;
-
-    if (Auth_Yadis_startswith($xri, 'xri://')) {
-        $xri = substr($xri, 6);
-    }
-
-    $authority = explode('/', $xri, 2);
-    $authority = $authority[0];
-    if ($authority[0] == '(') {
-        // Cross-reference.
-        // XXX: This is incorrect if someone nests cross-references so
-        //   there is another close-paren in there.  Hopefully nobody
-        //   does that before we have a real xriparse function.
-        //   Hopefully nobody does that *ever*.
-        $root = substr($authority, 0, strpos($authority, ')') + 1);
-    } else if (in_array($authority[0], Auth_Yadis_getXRIAuthorities())) {
-        // Other XRI reference.
-        $root = $authority[0];
-    } else {
-        // IRI reference.
-        $_segments = explode("!", $authority);
-        $segments = array();
-        foreach ($_segments as $s) {
-            $segments = array_merge($segments, explode("*", $s));
-        }
-        $root = $segments[0];
-    }
-
-    return Auth_Yadis_XRI($root);
-}
-
-function Auth_Yadis_XRI($xri)
-{
-    if (!Auth_Yadis_startswith($xri, 'xri://')) {
-        $xri = 'xri://' . $xri;
-    }
-    return $xri;
-}
-
-function Auth_Yadis_getCanonicalID($iname, $xrds)
-{
-    // Returns false or a canonical ID value.
-
-    // Now nodes are in reverse order.
-    $xrd_list = array_reverse($xrds->allXrdNodes);
-    $parser = $xrds->parser;
-    $node = $xrd_list[0];
-
-    $canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node);
-
-    if (!$canonicalID_nodes) {
-        return false;
-    }
-
-    $canonicalID = $canonicalID_nodes[0];
-    $canonicalID = Auth_Yadis_XRI($parser->content($canonicalID));
-
-    $childID = $canonicalID;
-
-    for ($i = 1; $i < count($xrd_list); $i++) {
-        $xrd = $xrd_list[$i];
-
-        $parent_sought = substr($childID, 0, strrpos($childID, '!'));
-        $parentCID = $parser->evalXPath('xrd:CanonicalID', $xrd);
-        if (!$parentCID) {
-            return false;
-        }
-        $parentCID = Auth_Yadis_XRI($parser->content($parentCID[0]));
-
-        if (strcasecmp($parent_sought, $parentCID)) {
-            // raise XRDSFraud.
-            return false;
-        }
-
-        $childID = $parent_sought;
-    }
-
-    $root = Auth_Yadis_rootAuthority($iname);
-    if (!Auth_Yadis_providerIsAuthoritative($root, $childID)) {
-        // raise XRDSFraud.
-        return false;
-    }
-
-    return $canonicalID;
-}
-
-
diff --git a/lib/Auth/Yadis/XRIRes.php b/lib/Auth/Yadis/XRIRes.php
deleted file mode 100644
index 5e11587352aa2cbfcc26ecd6589b42ec5c0244f1..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/XRIRes.php
+++ /dev/null
@@ -1,72 +0,0 @@
-<?php
-
-/**
- * Code for using a proxy XRI resolver.
- */
-
-require_once 'Auth/Yadis/XRDS.php';
-require_once 'Auth/Yadis/XRI.php';
-
-class Auth_Yadis_ProxyResolver {
-    function Auth_Yadis_ProxyResolver($fetcher, $proxy_url = null)
-    {
-        $this->fetcher = $fetcher;
-        $this->proxy_url = $proxy_url;
-        if (!$this->proxy_url) {
-            $this->proxy_url = Auth_Yadis_getDefaultProxy();
-        }
-    }
-
-    function queryURL($xri, $service_type = null)
-    {
-        // trim off the xri:// prefix
-        $qxri = substr(Auth_Yadis_toURINormal($xri), 6);
-        $hxri = $this->proxy_url . $qxri;
-        $args = array(
-                      '_xrd_r' => 'application/xrds+xml'
-                      );
-
-        if ($service_type) {
-            $args['_xrd_t'] = $service_type;
-        } else {
-            // Don't perform service endpoint selection.
-            $args['_xrd_r'] .= ';sep=false';
-        }
-
-        $query = Auth_Yadis_XRIAppendArgs($hxri, $args);
-        return $query;
-    }
-
-    function query($xri, $service_types, $filters = array())
-    {
-        $services = array();
-        $canonicalID = null;
-        foreach ($service_types as $service_type) {
-            $url = $this->queryURL($xri, $service_type);
-            $response = $this->fetcher->get($url);
-            if ($response->status != 200 and $response->status != 206) {
-                continue;
-            }
-            $xrds = Auth_Yadis_XRDS::parseXRDS($response->body);
-            if (!$xrds) {
-                continue;
-            }
-            $canonicalID = Auth_Yadis_getCanonicalID($xri,
-                                                         $xrds);
-
-            if ($canonicalID === false) {
-                return null;
-            }
-
-            $some_services = $xrds->services($filters);
-            $services = array_merge($services, $some_services);
-            // TODO:
-            //  * If we do get hits for multiple service_types, we're
-            //    almost certainly going to have duplicated service
-            //    entries and broken priority ordering.
-        }
-        return array($canonicalID, $services);
-    }
-}
-
-
diff --git a/lib/Auth/Yadis/Yadis.php b/lib/Auth/Yadis/Yadis.php
deleted file mode 100644
index 9ea2db7f91f5c9aa626912235d6d239a0afa4577..0000000000000000000000000000000000000000
--- a/lib/Auth/Yadis/Yadis.php
+++ /dev/null
@@ -1,382 +0,0 @@
-<?php
-
-/**
- * The core PHP Yadis implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Need both fetcher types so we can use the right one based on the
- * presence or absence of CURL.
- */
-require_once "Auth/Yadis/PlainHTTPFetcher.php";
-require_once "Auth/Yadis/ParanoidHTTPFetcher.php";
-
-/**
- * Need this for parsing HTML (looking for META tags).
- */
-require_once "Auth/Yadis/ParseHTML.php";
-
-/**
- * Need this to parse the XRDS document during Yadis discovery.
- */
-require_once "Auth/Yadis/XRDS.php";
-
-/**
- * XRDS (yadis) content type
- */
-define('Auth_Yadis_CONTENT_TYPE', 'application/xrds+xml');
-
-/**
- * Yadis header
- */
-define('Auth_Yadis_HEADER_NAME', 'X-XRDS-Location');
-
-/**
- * Contains the result of performing Yadis discovery on a URI.
- *
- * @package OpenID
- */
-class Auth_Yadis_DiscoveryResult {
-
-    // The URI that was passed to the fetcher
-    var $request_uri = null;
-
-    // The result of following redirects from the request_uri
-    var $normalized_uri = null;
-
-    // The URI from which the response text was returned (set to
-    // None if there was no XRDS document found)
-    var $xrds_uri = null;
-
-    var $xrds = null;
-
-    // The content-type returned with the response_text
-    var $content_type = null;
-
-    // The document returned from the xrds_uri
-    var $response_text = null;
-
-    // Did the discovery fail miserably?
-    var $failed = false;
-
-    function Auth_Yadis_DiscoveryResult($request_uri)
-    {
-        // Initialize the state of the object
-        // sets all attributes to None except the request_uri
-        $this->request_uri = $request_uri;
-    }
-
-    function fail()
-    {
-        $this->failed = true;
-    }
-
-    function isFailure()
-    {
-        return $this->failed;
-    }
-
-    /**
-     * Returns the list of service objects as described by the XRDS
-     * document, if this yadis object represents a successful Yadis
-     * discovery.
-     *
-     * @return array $services An array of {@link Auth_Yadis_Service}
-     * objects
-     */
-    function services()
-    {
-        if ($this->xrds) {
-            return $this->xrds->services();
-        }
-
-        return null;
-    }
-
-    function usedYadisLocation()
-    {
-        // Was the Yadis protocol's indirection used?
-        return ($this->xrds_uri && $this->normalized_uri != $this->xrds_uri);
-    }
-
-    function isXRDS()
-    {
-        // Is the response text supposed to be an XRDS document?
-        return ($this->usedYadisLocation() ||
-                $this->content_type == Auth_Yadis_CONTENT_TYPE);
-    }
-}
-
-/**
- *
- * Perform the Yadis protocol on the input URL and return an iterable
- * of resulting endpoint objects.
- *
- * input_url: The URL on which to perform the Yadis protocol
- *
- * @return: The normalized identity URL and an iterable of endpoint
- * objects generated by the filter function.
- *
- * xrds_parse_func: a callback which will take (uri, xrds_text) and
- * return an array of service endpoint objects or null.  Usually
- * array('Auth_OpenID_ServiceEndpoint', 'fromXRDS').
- *
- * discover_func: if not null, a callback which should take (uri) and
- * return an Auth_Yadis_Yadis object or null.
- */
-function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
-                                        $discover_func=null, $fetcher=null)
-{
-    if ($discover_func === null) {
-        $discover_function = array('Auth_Yadis_Yadis', 'discover');
-    }
-
-    $yadis_result = call_user_func_array($discover_func,
-                                         array($input_url, &$fetcher));
-
-    if ($yadis_result === null) {
-        return array($input_url, array());
-    }
-
-    $endpoints = call_user_func_array($xrds_parse_func,
-                      array($yadis_result->normalized_uri,
-                            $yadis_result->response_text));
-
-    if ($endpoints === null) {
-        $endpoints = array();
-    }
-
-    return array($yadis_result->normalized_uri, $endpoints);
-}
-
-/**
- * This is the core of the PHP Yadis library.  This is the only class
- * a user needs to use to perform Yadis discovery.  This class
- * performs the discovery AND stores the result of the discovery.
- *
- * First, require this library into your program source:
- *
- * <pre>  require_once "Auth/Yadis/Yadis.php";</pre>
- *
- * To perform Yadis discovery, first call the "discover" method
- * statically with a URI parameter:
- *
- * <pre>  $http_response = array();
- *  $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
- *  $yadis_object = Auth_Yadis_Yadis::discover($uri,
- *                                    $http_response, $fetcher);</pre>
- *
- * If the discovery succeeds, $yadis_object will be an instance of
- * {@link Auth_Yadis_Yadis}.  If not, it will be null.  The XRDS
- * document found during discovery should have service descriptions,
- * which can be accessed by calling
- *
- * <pre>  $service_list = $yadis_object->services();</pre>
- *
- * which returns an array of objects which describe each service.
- * These objects are instances of Auth_Yadis_Service.  Each object
- * describes exactly one whole Service element, complete with all of
- * its Types and URIs (no expansion is performed).  The common use
- * case for using the service objects returned by services() is to
- * write one or more filter functions and pass those to services():
- *
- * <pre>  $service_list = $yadis_object->services(
- *                               array("filterByURI",
- *                                     "filterByExtension"));</pre>
- *
- * The filter functions (whose names appear in the array passed to
- * services()) take the following form:
- *
- * <pre>  function myFilter($service) {
- *       // Query $service object here.  Return true if the service
- *       // matches your query; false if not.
- *  }</pre>
- *
- * This is an example of a filter which uses a regular expression to
- * match the content of URI tags (note that the Auth_Yadis_Service
- * class provides a getURIs() method which you should use instead of
- * this contrived example):
- *
- * <pre>
- *  function URIMatcher($service) {
- *      foreach ($service->getElements('xrd:URI') as $uri) {
- *          if (preg_match("/some_pattern/",
- *                         $service->parser->content($uri))) {
- *              return true;
- *          }
- *      }
- *      return false;
- *  }</pre>
- *
- * The filter functions you pass will be called for each service
- * object to determine which ones match the criteria your filters
- * specify.  The default behavior is that if a given service object
- * matches ANY of the filters specified in the services() call, it
- * will be returned.  You can specify that a given service object will
- * be returned ONLY if it matches ALL specified filters by changing
- * the match mode of services():
- *
- * <pre>  $yadis_object->services(array("filter1", "filter2"),
- *                          SERVICES_YADIS_MATCH_ALL);</pre>
- *
- * See {@link SERVICES_YADIS_MATCH_ALL} and {@link
- * SERVICES_YADIS_MATCH_ANY}.
- *
- * Services described in an XRDS should have a library which you'll
- * probably be using.  Those libraries are responsible for defining
- * filters that can be used with the "services()" call.  If you need
- * to write your own filter, see the documentation for {@link
- * Auth_Yadis_Service}.
- *
- * @package OpenID
- */
-class Auth_Yadis_Yadis {
-
-    /**
-     * Returns an HTTP fetcher object.  If the CURL extension is
-     * present, an instance of {@link Auth_Yadis_ParanoidHTTPFetcher}
-     * is returned.  If not, an instance of
-     * {@link Auth_Yadis_PlainHTTPFetcher} is returned.
-     *
-     * If Auth_Yadis_CURL_OVERRIDE is defined, this method will always
-     * return a {@link Auth_Yadis_PlainHTTPFetcher}.
-     */
-    static function getHTTPFetcher($timeout = 20)
-    {
-        if (Auth_Yadis_Yadis::curlPresent() &&
-            (!defined('Auth_Yadis_CURL_OVERRIDE'))) {
-            $fetcher = new Auth_Yadis_ParanoidHTTPFetcher($timeout);
-        } else {
-            $fetcher = new Auth_Yadis_PlainHTTPFetcher($timeout);
-        }
-        return $fetcher;
-    }
-
-    static function curlPresent()
-    {
-        return function_exists('curl_init');
-    }
-
-    /**
-     * @access private
-     */
-   static function _getHeader($header_list, $names)
-    {
-        foreach ($header_list as $name => $value) {
-            foreach ($names as $n) {
-                if (strtolower($name) == strtolower($n)) {
-                    return $value;
-                }
-            }
-        }
-
-        return null;
-    }
-
-    /**
-     * @access private
-     */
-    static function _getContentType($content_type_header)
-    {
-        if ($content_type_header) {
-            $parts = explode(";", $content_type_header);
-            return strtolower($parts[0]);
-        }
-    }
-
-    /**
-     * This should be called statically and will build a Yadis
-     * instance if the discovery process succeeds.  This implements
-     * Yadis discovery as specified in the Yadis specification.
-     *
-     * @param string $uri The URI on which to perform Yadis discovery.
-     *
-     * @param array $http_response An array reference where the HTTP
-     * response object will be stored (see {@link
-     * Auth_Yadis_HTTPResponse}.
-     *
-     * @param Auth_Yadis_HTTPFetcher $fetcher An instance of a
-     * Auth_Yadis_HTTPFetcher subclass.
-     *
-     * @param array $extra_ns_map An array which maps namespace names
-     * to namespace URIs to be used when parsing the Yadis XRDS
-     * document.
-     *
-     * @param integer $timeout An optional fetcher timeout, in seconds.
-     *
-     * @return mixed $obj Either null or an instance of
-     * Auth_Yadis_Yadis, depending on whether the discovery
-     * succeeded.
-     */
-    static function discover($uri, $fetcher,
-                      $extra_ns_map = null, $timeout = 20)
-    {
-        $result = new Auth_Yadis_DiscoveryResult($uri);
-
-        $request_uri = $uri;
-        $headers = array("Accept: " . Auth_Yadis_CONTENT_TYPE .
-                         ', text/html; q=0.3, application/xhtml+xml; q=0.5');
-
-        if ($fetcher === null) {
-            $fetcher = Auth_Yadis_Yadis::getHTTPFetcher($timeout);
-        }
-
-        $response = $fetcher->get($uri, $headers);
-
-        if (!$response || ($response->status != 200 and
-                           $response->status != 206)) {
-            $result->fail();
-            return $result;
-        }
-
-        $result->normalized_uri = $response->final_url;
-        $result->content_type = Auth_Yadis_Yadis::_getHeader(
-                                       $response->headers,
-                                       array('content-type'));
-
-        if ($result->content_type &&
-            (Auth_Yadis_Yadis::_getContentType($result->content_type) ==
-             Auth_Yadis_CONTENT_TYPE)) {
-            $result->xrds_uri = $result->normalized_uri;
-        } else {
-            $yadis_location = Auth_Yadis_Yadis::_getHeader(
-                                                 $response->headers,
-                                                 array(Auth_Yadis_HEADER_NAME));
-
-            if (!$yadis_location) {
-                $parser = new Auth_Yadis_ParseHTML();
-                $yadis_location = $parser->getHTTPEquiv($response->body);
-            }
-
-            if ($yadis_location) {
-                $result->xrds_uri = $yadis_location;
-
-                $response = $fetcher->get($yadis_location);
-
-                if ((!$response) || ($response->status != 200 and
-                                     $response->status != 206)) {
-                    $result->fail();
-                    return $result;
-                }
-
-                $result->content_type = Auth_Yadis_Yadis::_getHeader(
-                                                         $response->headers,
-                                                         array('content-type'));
-            }
-        }
-
-        $result->response_text = $response->body;
-        return $result;
-    }
-}
-
-
diff --git a/lib/SAML2/ArtifactResolve.php b/lib/SAML2/ArtifactResolve.php
deleted file mode 100644
index b0e100649cc6836733e8cb4160a4cd8f0f7e4a02..0000000000000000000000000000000000000000
--- a/lib/SAML2/ArtifactResolve.php
+++ /dev/null
@@ -1,65 +0,0 @@
-<?php
-/**
- * The Artifact is part of the SAML 2.0 IdP code, and it builds an artifact object.
- * I am using strings, because I find them easier to work with.
- * I want to use this, to be consistent with the other saml2_requests
- *
- * @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_ArtifactResolve extends SAML2_Request {
-
-
-	private  $artifact;
-
-
-
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('ArtifactResolve', $xml);
-
-		if(!is_null($xml)){
-			$results = SAML2_Utils::xpQuery($xml, './saml_protocol:Artifact');
-			$this->artifact = $results[0]->textContent;
-		}
-
-	}
-
-
-	/**
-	 * Retrieve the Artifact in this response.
-	 *
-	 * @return string artifact.
-	 */
-	public function getArtifact() {
-		return $this->artifact;
-	}
-
-
-	/**
-	 * Set the artifact that should be included in this response.
-	 *
-	 * @param String  The $artifact.
-	 */
-	public function setArtifact($artifact) {
-		assert('is_string($artifact)');
-		$this->artifact = $artifact;
-	}
-
-	/**
-	 * Convert the response message to an XML element.
-	 *
-	 * @return DOMElement  This response.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-		$artifactelement = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Artifact', $this->artifact);
-		$root->appendChild($artifactelement);
-		return $root;
-	}
-
-
-
-
-}
diff --git a/lib/SAML2/ArtifactResponse.php b/lib/SAML2/ArtifactResponse.php
deleted file mode 100644
index e8186826d371563fd73b571372197403d800b129..0000000000000000000000000000000000000000
--- a/lib/SAML2/ArtifactResponse.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-
-/**
- * The SAML2_ArtifactResponse, is the response to the SAML2_ArtifactResolve.
- *
- * @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_ArtifactResponse extends SAML2_StatusResponse {
-
-
-	/**
-	 * The DOMElement with the message the artifact refers
-	 * to, or NULL if we don't refer to any artifact.
-	 *
-	 * @var DOMElement|NULL
-	 */
-	private $any;
-
-
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('ArtifactResponse', $xml);
-
-		if(!is_null($xml)){
-
-			$status = SAML2_Utils::xpQuery($xml, './saml_protocol:Status');
-			assert('!empty($status)'); /* Will have failed during StatusResponse parsing. */
-
-			$status = $status[0];
-
-			for ($any = $status->nextSibling; $any !== NULL; $any = $any->nextSibling) {
-				if ($any instanceof DOMElement) {
-					$this->any = $any;
-					break;
-				}
-				/* Ignore comments and text nodes. */
-			}
-		}
-
-	}
-
-
-	public function setAny(DOMElement $any = NULL) {
-		$this->any = $any;
-	}
-
-
-	public function getAny() {
-		return $this->any;
-	}
-
-
-	/**
-	 * Convert the response message to an XML element.
-	 *
-	 * @return DOMElement  This response.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-		if (isset($this->any)) {
-			$node = $root->ownerDocument->importNode($this->any, TRUE);
-			$root->appendChild($node);
-
-		}
-
-		return $root;
-	}
-
-}
diff --git a/lib/SAML2/Assertion.php b/lib/SAML2/Assertion.php
deleted file mode 100644
index 630a60abf4dc23fc85f5acc92eacc4ddebf173fa..0000000000000000000000000000000000000000
--- a/lib/SAML2/Assertion.php
+++ /dev/null
@@ -1,1324 +0,0 @@
-<?php
-
-/**
- * Class representing a SAML 2 assertion.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_Assertion implements SAML2_SignedElement {
-
-	/**
-	 * The identifier of this assertion.
-	 *
-	 * @var string
-	 */
-	private $id;
-
-
-	/**
-	 * The issue timestamp of this assertion, as an UNIX timestamp.
-	 *
-	 * @var int
-	 */
-	private $issueInstant;
-
-
-	/**
-	 * The entity id of the issuer of this assertion.
-	 *
-	 * @var string
-	 */
-	private $issuer;
-
-
-	/**
-	 * The NameId of the subject in the assertion.
-	 *
-	 * If the NameId is NULL, no subject was included in the assertion.
-	 *
-	 * @var array|NULL
-	 */
-	private $nameId;
-
-
-	/**
-	 * The encrypted NameId of the subject.
-	 *
-	 * If this is not NULL, the NameId needs decryption before it can be accessed.
-	 *
-	 * @var DOMElement|NULL
-	 */
-	private $encryptedNameId;
-
-
-	/**
-	 * The encrypted Attributes.
-	 *
-	 * If this is not NULL, the Attributes needs decryption before it can be accessed.
-	 *
-	 * @var array|NULL
-	 */
-	 private $encryptedAttribute;
-
-
-	 /**
-	 * The earliest time this assertion is valid, as an UNIX timestamp.
-	 *
-	 * @var int
-	 */
-	private $notBefore;
-
-
-	/**
-	 * The time this assertion expires, as an UNIX timestamp.
-	 *
-	 * @var int
-	 */
-	private $notOnOrAfter;
-
-
-	/**
-	 * The set of audiences that are allowed to receive this assertion.
-	 *
-	 * This is an array of valid service providers.
-	 *
-	 * If no restrictions on the audience are present, this variable contains NULL.
-	 *
-	 * @var array|NULL
-	 */
-	private $validAudiences;
-
-
-	/**
-	 * The session expiration timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	private $sessionNotOnOrAfter;
-
-
-	/**
-	 * The session index for this user on the IdP.
-	 *
-	 * Contains NULL if no session index is present.
-	 *
-	 * @var string|NULL
-	 */
-	private $sessionIndex;
-
-
-	/**
-	 * The timestamp the user was authenticated, as an UNIX timestamp.
-	 *
-	 * @var int
-	 */
-	private $authnInstant;
-
-
-	/**
-	 * The authentication context for this assertion.
-	 *
-	 * @var string|NULL
-	 */
-	private $authnContext;
-
-	/**
-	 * The list of AuthenticatingAuthorities for this assertion.
-	 *
-	 * @var array
-	 */
-	private $AuthenticatingAuthority;
-
-
-	/**
-	 * The attributes, as an associative array.
-	 *
-	 * @var array
-	 */
-	private $attributes;
-
-
-	/**
-	 * The NameFormat used on all attributes.
-	 *
-	 * If more than one NameFormat is used, this will contain
-	 * the unspecified nameformat.
-	 *
-	 * @var string
-	 */
-	private $nameFormat;
-
-
-	/**
-	 * The private key we should use to sign the assertion.
-	 *
-	 * The private key can be NULL, in which case the assertion is sent unsigned.
-	 *
-	 * @var XMLSecurityKey|NULL
-	 */
-	private $signatureKey;
-
-
-	/**
-	 * List of certificates that should be included in the assertion.
-	 *
-	 * @var array
-	 */
-	private $certificates;
-
-
-	/**
-	 * The data needed to verify the signature.
-	 *
-	 * @var array|NULL
-	 */
-	private $signatureData;
-
-
-	/**
-	 * Boolean that indicates if attributes are encrypted in the
-	 * assertion or not.
-	 *
-	 * @var boolean
-	 */
-	private $requiredEncAttributes;
-
-
-	/**
-	 * The SubjectConfirmation elements of the Subject in the assertion.
-	 *
-	 * @var array  Array of SAML2_XML_saml_SubjectConfirmation elements.
-	 */
-	private $SubjectConfirmation;
-
-
-	/**
-	 * Constructor for SAML 2 assertions.
-	 *
-	 * @param DOMElement|NULL $xml  The input assertion.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		$this->id = SimpleSAML_Utilities::generateID();
-		$this->issueInstant = time();
-		$this->issuer = '';
-		$this->authnInstant = time();
-		$this->attributes = array();
-		$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-		$this->certificates = array();
-		$this->AuthenticatingAuthority = array();
-		$this->SubjectConfirmation = array();
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('ID')) {
-			throw new Exception('Missing ID attribute on SAML assertion.');
-		}
-		$this->id = $xml->getAttribute('ID');
-
-		if ($xml->getAttribute('Version') !== '2.0') {
-			/* Currently a very strict check. */
-			throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
-		}
-
-		$this->issueInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('IssueInstant'));
-
-		$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
-		if (empty($issuer)) {
-			throw new Exception('Missing <saml:Issuer> in assertion.');
-		}
-		$this->issuer = trim($issuer[0]->textContent);
-
-		$this->parseSubject($xml);
-		$this->parseConditions($xml);
-		$this->parseAuthnStatement($xml);
-		$this->parseAttributes($xml);
-		$this->parseEncryptedAttributes($xml);
-		$this->parseSignature($xml);
-	}
-
-
-	/**
-	 * Parse subject in assertion.
-	 *
-	 * @param DOMElement $xml  The assertion XML element.
-	 */
-	private function parseSubject(DOMElement $xml) {
-
-		$subject = SAML2_Utils::xpQuery($xml, './saml_assertion:Subject');
-		if (empty($subject)) {
-			/* No Subject node. */
-			return;
-		} elseif (count($subject) > 1) {
-			throw new Exception('More than one <saml:Subject> in <saml:Assertion>.');
-		}
-		$subject = $subject[0];
-
-		$nameId = SAML2_Utils::xpQuery($subject, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
-		if (empty($nameId)) {
-			throw new Exception('Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
-		} elseif (count($nameId) > 1) {
-			throw new Exception('More than one <saml:NameID> or <saml:EncryptedD> in <saml:Subject>.');
-		}
-		$nameId = $nameId[0];
-		if ($nameId->localName === 'EncryptedData') {
-			/* The NameID element is encrypted. */
-			$this->encryptedNameId = $nameId;
-		} else {
-			$this->nameId = SAML2_Utils::parseNameId($nameId);
-		}
-
-		$subjectConfirmation = SAML2_Utils::xpQuery($subject, './saml_assertion:SubjectConfirmation');
-		if (empty($subjectConfirmation)) {
-			throw new Exception('Missing <saml:SubjectConfirmation> in <saml:Subject>.');
-		}
-
-		foreach ($subjectConfirmation as $sc) {
-			$this->SubjectConfirmation[] = new SAML2_XML_saml_SubjectConfirmation($sc);
-		}
-	}
-
-
-	/**
-	 * Parse conditions in assertion.
-	 *
-	 * @param DOMElement $xml  The assertion XML element.
-	 */
-	private function parseConditions(DOMElement $xml) {
-
-		$conditions = SAML2_Utils::xpQuery($xml, './saml_assertion:Conditions');
-		if (empty($conditions)) {
-			/* No <saml:Conditions> node. */
-			return;
-		} elseif (count($conditions) > 1) {
-			throw new Exception('More than one <saml:Conditions> in <saml:Assertion>.');
-		}
-		$conditions = $conditions[0];
-
-		if ($conditions->hasAttribute('NotBefore')) {
-			$notBefore = SimpleSAML_Utilities::parseSAML2Time($conditions->getAttribute('NotBefore'));
-			if ($this->notBefore === NULL || $this->notBefore < $notBefore) {
-				$this->notBefore = $notBefore;
-			}
-		}
-		if ($conditions->hasAttribute('NotOnOrAfter')) {
-			$notOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($conditions->getAttribute('NotOnOrAfter'));
-			if ($this->notOnOrAfter === NULL || $this->notOnOrAfter > $notOnOrAfter) {
-				$this->notOnOrAfter = $notOnOrAfter;
-			}
-		}
-
-
-		for ($node = $conditions->firstChild; $node !== NULL; $node = $node->nextSibling) {
-			if ($node instanceof DOMText) {
-				continue;
-			}
-			if ($node->namespaceURI !== SAML2_Const::NS_SAML) {
-				throw new Exception('Unknown namespace of condition: ' . var_export($node->namespaceURI, TRUE));
-			}
-			switch ($node->localName) {
-			case 'AudienceRestriction':
-				$audiences = SAML2_Utils::extractStrings($node, SAML2_Const::NS_SAML, 'Audience');
-				if ($this->validAudiences === NULL) {
-					/* The first (and probably last) AudienceRestriction element. */
-					$this->validAudiences = $audiences;
-
-				} else {
-					/*
-					 * The set of AudienceRestriction are ANDed together, so we need
-					 * the subset that are present in all of them.
-					 */
-					$this->validAudiences = array_intersect($this->validAudiences, $audiences);
-				}
-				break;
-			case 'OneTimeUse':
-				/* Currently ignored. */
-				break;
-			case 'ProxyRestriction':
-				/* Currently ignored. */
-				break;
-			default:
-				throw new Exception('Unknown condition: ' . var_export($node->localName, TRUE));
-			}
-		}
-
-	}
-
-
-	/**
-	 * Parse AuthnStatement in assertion.
-	 *
-	 * @param DOMElement $xml  The assertion XML element.
-	 */
-	private function parseAuthnStatement(DOMElement $xml) {
-
-		$as = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement');
-		if (empty($as)) {
-			$this->authnInstant = NULL;
-			return;
-		} elseif (count($as) > 1) {
-			throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.');
-		}
-		$as = $as[0];
-		$this->authnStatement = array();
-
-		if (!$as->hasAttribute('AuthnInstant')) {
-			throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
-		}
-		$this->authnInstant = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('AuthnInstant'));
-
-		if ($as->hasAttribute('SessionNotOnOrAfter')) {
-			$this->sessionNotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('SessionNotOnOrAfter'));
-		}
-
-		if ($as->hasAttribute('SessionIndex')) {
-			$this->sessionIndex = $as->getAttribute('SessionIndex');
-		}
-
-		$ac = SAML2_Utils::xpQuery($as, './saml_assertion:AuthnContext');
-		if (empty($ac)) {
-			throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
-		} elseif (count($ac) > 1) {
-			throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
-		}
-		$ac = $ac[0];
-
-		$accr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextClassRef');
-		if (empty($accr)) {
-			$acdr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextDeclRef');
-			if (empty($acdr)) {
-				throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.');
-			} elseif (count($accr) > 1) {
-				throw new Exception('More than one <saml:AuthnContextDeclRef> in <saml:AuthnContext>.');
-			}
-			$this->authnContext = trim($acdr[0]->textContent);
-		} elseif (count($accr) > 1) {
-			throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
-		} else {
-			$this->authnContext = trim($accr[0]->textContent);
-		}
-		
-		$this->AuthenticatingAuthority = SAML2_Utils::extractStrings($ac, SAML2_Const::NS_SAML, 'AuthenticatingAuthority');
-	}
-
-
-	/**
-	 * Parse attribute statements in assertion.
-	 *
-	 * @param DOMElement $xml  The XML element with the assertion.
-	 */
-	private function parseAttributes(DOMElement $xml) {
-
-		$firstAttribute = TRUE;
-		$attributes = SAML2_Utils::xpQuery($xml, './saml_assertion:AttributeStatement/saml_assertion:Attribute');
-		foreach ($attributes as $attribute) {
-			if (!$attribute->hasAttribute('Name')) {
-				throw new Exception('Missing name on <saml:Attribute> element.');
-			}
-			$name = $attribute->getAttribute('Name');
-
-			if ($attribute->hasAttribute('NameFormat')) {
-				$nameFormat = $attribute->getAttribute('NameFormat');
-			} else {
-				$nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-			}
-
-			if ($firstAttribute) {
-				$this->nameFormat = $nameFormat;
-				$firstAttribute = FALSE;
-			} else {
-				if ($this->nameFormat !== $nameFormat) {
-					$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-				}
-			}
-
-			if (!array_key_exists($name, $this->attributes)) {
-				$this->attributes[$name] = array();
-			}
-
-			$values = SAML2_Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
-			foreach ($values as $value) {
-				$this->attributes[$name][] = trim($value->textContent);
-			}
-		}
-	}
-
-
-	/**
-	 * Parse encrypted attribute statements in assertion.
-	 *
-	 * @param DOMElement $xml  The XML element with the assertion.
-	 */
-	private function parseEncryptedAttributes(DOMElement $xml) {
-
-		$this->encryptedAttribute = SAML2_Utils::xpQuery($xml, './saml_assertion:AttributeStatement/saml_assertion:EncryptedAttribute');
-	}
-
-
-	/**
-	 * Parse signature on assertion.
-	 *
-	 * @param DOMElement $xml  The assertion XML element.
-	 */
-	private function parseSignature(DOMElement $xml) {
-
-		/* Validate the signature element of the message. */
-		$sig = SAML2_Utils::validateElement($xml);
-		if ($sig !== FALSE) {
-			$this->certificates = $sig['Certificates'];
-			$this->signatureData = $sig;
-		}
-	}
-
-
-	/**
-	 * Validate this assertion against a public key.
-	 *
-	 * If no signature was present on the assertion, we will return FALSE.
-	 * Otherwise, TRUE will be returned. An exception is thrown if the
-	 * signature validation fails.
-	 *
-	 * @param XMLSecurityKey $key  The key we should check against.
-	 * @return boolean  TRUE if successful, FALSE if it is unsigned.
-	 */
-	public function validate(XMLSecurityKey $key) {
-		assert('$key->type === XMLSecurityKey::RSA_SHA1');
-
-		if ($this->signatureData === NULL) {
-			return FALSE;
-		}
-
-		SAML2_Utils::validateSignature($this->signatureData, $key);
-
-		return TRUE;
-	}
-
-
-	/**
-	 * Retrieve the identifier of this assertion.
-	 *
-	 * @return string  The identifier of this assertion.
-	 */
-	public function getId() {
-		return $this->id;
-	}
-
-
-	/**
-	 * Set the identifier of this assertion.
-	 *
-	 * @param string $id  The new identifier of this assertion.
-	 */
-	public function setId($id) {
-		assert('is_string($id)');
-
-		$this->id = $id;
-	}
-
-
-	/**
-	 * Retrieve the issue timestamp of this assertion.
-	 *
-	 * @return int  The issue timestamp of this assertion, as an UNIX timestamp.
-	 */
-	public function getIssueInstant() {
-		return $this->issueInstant;
-	}
-
-
-	/**
-	 * Set the issue timestamp of this assertion.
-	 *
-	 * @param int $issueInstant  The new issue timestamp of this assertion, as an UNIX timestamp.
-	 */
-	public function setIssueInstant($issueInstant) {
-		assert('is_int($issueInstant)');
-
-		$this->issueInstant = $issueInstant;
-	}
-
-
-	/**
-	 * Retrieve the issuer if this assertion.
-	 *
-	 * @return string  The issuer of this assertion.
-	 */
-	public function getIssuer() {
-		return $this->issuer;
-	}
-
-
-	/**
-	 * Set the issuer of this message.
-	 *
-	 * @param string $issuer  The new issuer of this assertion.
-	 */
-	public function setIssuer($issuer) {
-		assert('is_string($issuer)');
-
-		$this->issuer = $issuer;
-	}
-
-
-	/**
-	 * Retrieve the NameId of the subject in the assertion.
-	 *
-	 * The returned NameId is in the format used by SAML2_Utils::addNameId().
-	 *
-	 * @see SAML2_Utils::addNameId()
-	 * @return array|NULL  The name identifier of the assertion.
-	 */
-	public function getNameId() {
-
-		if ($this->encryptedNameId !== NULL) {
-			throw new Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
-		}
-
-		return $this->nameId;
-	}
-
-
-	/**
-	 * Set the NameId of the subject in the assertion.
-	 *
-	 * The NameId must be in the format accepted by SAML2_Utils::addNameId().
-	 *
-	 * @see SAML2_Utils::addNameId()
-	 * @param array|NULL $nameId  The name identifier of the assertion.
-	 */
-	public function setNameId($nameId) {
-		assert('is_array($nameId) || is_null($nameId)');
-
-		$this->nameId = $nameId;
-	}
-
-
-	/**
-	 * Check whether the NameId is encrypted.
-	 *
-	 * @return TRUE if the NameId is encrypted, FALSE if not.
-	 */
-	public function isNameIdEncrypted() {
-
-		if ($this->encryptedNameId !== NULL) {
-			return TRUE;
-		}
-
-		return FALSE;
-	}
-
-
-	/**
-	 * Encrypt the NameID in the Assertion.
-	 *
-	 * @param XMLSecurityKey $key  The encryption key.
-	 */
-	public function encryptNameId(XMLSecurityKey $key) {
-
-		/* First create a XML representation of the NameID. */
-		$doc = new DOMDocument();
-		$root = $doc->createElement('root');
-		$doc->appendChild($root);
-		SAML2_Utils::addNameId($root, $this->nameId);
-		$nameId = $root->firstChild;
-
-		SimpleSAML_Utilities::debugMessage($nameId, 'encrypt');
-
-		/* Encrypt the NameID. */
-		$enc = new XMLSecEnc();
-		$enc->setNode($nameId);
-		$enc->type = XMLSecEnc::Element;
-
-		$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
-		$symmetricKey->generateSessionKey();
-		$enc->encryptKey($key, $symmetricKey);
-
-		$this->encryptedNameId = $enc->encryptNode($symmetricKey);
-		$this->nameId = NULL;
-	}
-
-
-	/**
-	 * Decrypt the NameId of the subject in the assertion.
-	 *
-	 * @param XMLSecurityKey $key  The decryption key.
-	 * @param array $blacklist  Blacklisted decryption algorithms.
-	 */
-	public function decryptNameId(XMLSecurityKey $key, array $blacklist = array()) {
-
-		if ($this->encryptedNameId === NULL) {
-			/* No NameID to decrypt. */
-			return;
-		}
-
-		$nameId = SAML2_Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
-		SimpleSAML_Utilities::debugMessage($nameId, 'decrypt');
-		$this->nameId = SAML2_Utils::parseNameId($nameId);
-
-		$this->encryptedNameId = NULL;
-	}
-
-
-	public function decryptAttributes($key, array $blacklist = array()){
-		$firstAttribute = TRUE;
-
-		if($this->encryptedAttribute === null){
-			return;
-		}
-		$attributes = $this->encryptedAttribute;
-		foreach ($attributes as $attributeEnc) {
-			/*Decrypt node <EncryptedAttribute>*/
-			$attribute = SAML2_Utils::decryptElement($attributeEnc->getElementsByTagName('EncryptedData')->item(0), $key, $blacklist);
-
-			if (!$attribute->hasAttribute('Name')) {
-				throw new Exception('Missing name on <saml:Attribute> element.');
-			}
-			$name = $attribute->getAttribute('Name');
-
-			if ($attribute->hasAttribute('NameFormat')) {
-				$nameFormat = $attribute->getAttribute('NameFormat');
-			} else {
-				$nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-			}
-
-			if ($firstAttribute) {
-				$this->nameFormat = $nameFormat;
-				$firstAttribute = FALSE;
-			} else {
-				if ($this->nameFormat !== $nameFormat) {
-					$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-				}
-			}
-
-			if (!array_key_exists($name, $this->attributes)) {
-				$this->attributes[$name] = array();
-			}
-
-			$values = SAML2_Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
-			foreach ($values as $value) {
-				$this->attributes[$name][] = trim($value->textContent);
-			}
-		}
-	}
-
-
-	/**
-	 * Retrieve the earliest timestamp this assertion is valid.
-	 *
-	 * This function returns NULL if there are no restrictions on how early the
-	 * assertion can be used.
-	 *
-	 * @return int|NULL  The earliest timestamp this assertion is valid.
-	 */
-	public function getNotBefore() {
-
-		return $this->notBefore;
-	}
-
-
-	/**
-	 * Set the earliest timestamp this assertion can be used.
-	 *
-	 * Set this to NULL if no limit is required.
-	 *
-	 * @param int|NULL $notBefore  The earliest timestamp this assertion is valid.
-	 */
-	public function setNotBefore($notBefore) {
-		assert('is_int($notBefore) || is_null($notBefore)');
-
-		$this->notBefore = $notBefore;
-	}
-
-
-	/**
-	 * Retrieve the expiration timestamp of this assertion.
-	 *
-	 * This function returns NULL if there are no restrictions on how
-	 * late the assertion can be used.
-	 *
-	 * @return int|NULL  The latest timestamp this assertion is valid.
-	 */
-	public function getNotOnOrAfter() {
-
-		return $this->notOnOrAfter;
-	}
-
-
-	/**
-	 * Set the expiration timestamp of this assertion.
-	 *
-	 * Set this to NULL if no limit is required.
-	 *
-	 * @param int|NULL $notOnOrAfter  The latest timestamp this assertion is valid.
-	 */
-	public function setNotOnOrAfter($notOnOrAfter) {
-		assert('is_int($notOnOrAfter) || is_null($notOnOrAfter)');
-
-		$this->notOnOrAfter = $notOnOrAfter;
-	}
-
-
-	/**
-	 * Set $EncryptedAttributes if attributes will send encrypted
-	 *
-	 * @param boolean $ea  TRUE to encrypt attributes in the assertion.
-	 */
-	public function setEncryptedAttributes($ea) {
-		$this->requiredEncAttributes = $ea;
-	}
-
-
-	/**
-	 * Retrieve the audiences that are allowed to receive this assertion.
-	 *
-	 * This may be NULL, in which case all audiences are allowed.
-	 *
-	 * @return array|NULL  The allowed audiences.
-	 */
-	public function getValidAudiences() {
-
-		return $this->validAudiences;
-	}
-
-
-	/**
-	 * Set the audiences that are allowed to receive this assertion.
-	 *
-	 * This may be NULL, in which case all audiences are allowed.
-	 *
-	 * @param array|NULL $validAudiences  The allowed audiences.
-	 */
-	public function setValidAudiences(array $validAudiences = NULL) {
-
-		$this->validAudiences = $validAudiences;
-	}
-
-
-	/**
-	 * Retrieve the AuthnInstant of the assertion.
-	 *
-	 * @return int|NULL  The timestamp the user was authenticated, or NULL if the user isn't authenticated.
-	 */
-	public function getAuthnInstant() {
-
-		return $this->authnInstant;
-	}
-
-
-	/**
-	 * Set the AuthnInstant of the assertion.
-	 *
-	 * @param int|NULL $authnInstant  The timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.
-	 */
-	public function setAuthnInstant($authnInstant) {
-		assert('is_int($authnInstant) || is_null($authnInstant)');
-
-		$this->authnInstant = $authnInstant;
-	}
-
-
-	/**
-	 * Retrieve the session expiration timestamp.
-	 *
-	 * This function returns NULL if there are no restrictions on the
-	 * session lifetime.
-	 *
-	 * @return int|NULL  The latest timestamp this session is valid.
-	 */
-	public function getSessionNotOnOrAfter() {
-
-		return $this->sessionNotOnOrAfter;
-	}
-
-
-	/**
-	 * Set the session expiration timestamp.
-	 *
-	 * Set this to NULL if no limit is required.
-	 *
-	 * @param int|NULL $sessionLifetime  The latest timestamp this session is valid.
-	 */
-	public function setSessionNotOnOrAfter($sessionNotOnOrAfter) {
-		assert('is_int($sessionNotOnOrAfter) || is_null($sessionNotOnOrAfter)');
-
-		$this->sessionNotOnOrAfter = $sessionNotOnOrAfter;
-	}
-
-
-	/**
-	 * Retrieve the session index of the user at the IdP.
-	 *
-	 * @return string|NULL  The session index of the user at the IdP.
-	 */
-	public function getSessionIndex() {
-
-		return $this->sessionIndex;
-	}
-
-
-	/**
-	 * Set the session index of the user at the IdP.
-	 *
-	 * Note that the authentication context must be set before the
-	 * session index can be inluded in the assertion.
-	 *
-	 * @param string|NULL $sessionIndex  The session index of the user at the IdP.
-	 */
-	public function setSessionIndex($sessionIndex) {
-		assert('is_string($sessionIndex) || is_null($sessionIndex)');
-
-		$this->sessionIndex = $sessionIndex;
-	}
-
-
-	/**
-	 * Retrieve the authentication method used to authenticate the user.
-	 *
-	 * This will return NULL if no authentication statement was
-	 * included in the assertion.
-	 *
-	 * @return string|NULL  The authentication method.
-	 */
-	public function getAuthnContext() {
-
-		return $this->authnContext;
-	}
-
-
-	/**
-	 * Set the authentication method used to authenticate the user.
-	 *
-	 * If this is set to NULL, no authentication statement will be
-	 * included in the assertion. The default is NULL.
-	 *
-	 * @param string|NULL $authnContext  The authentication method.
-	 */
-	public function setAuthnContext($authnContext) {
-		assert('is_string($authnContext) || is_null($authnContext)');
-
-		$this->authnContext = $authnContext;
-	}
-
-
-	/**
-	 * Retrieve the AuthenticatingAuthority.
-	 *
-	 *
-	 * @return array
-	 */
-	public function getAuthenticatingAuthority() {
-
-		return $this->AuthenticatingAuthority;
-	}
-
-
-	/**
-	 * Set the AuthenticatingAuthority
-	 *
-	 *
-	 * @param array.
-	 */
-	public function setAuthenticatingAuthority($AuthenticatingAuthority) {
-		$this->AuthenticatingAuthority = $AuthenticatingAuthority;
-	}
-
-
-	/**
-	 * Retrieve all attributes.
-	 *
-	 * @return array  All attributes, as an associative array.
-	 */
-	public function getAttributes() {
-
-		return $this->attributes;
-	}
-
-
-	/**
-	 * Replace all attributes.
-	 *
-	 * @param array $attributes  All new attributes, as an associative array.
-	 */
-	public function setAttributes(array $attributes) {
-
-		$this->attributes = $attributes;
-	}
-
-
-	/**
-	 * Retrieve the NameFormat used on all attributes.
-	 *
-	 * If more than one NameFormat is used in the received attributes, this
-	 * returns the unspecified NameFormat.
-	 *
-	 * @return string  The NameFormat used on all attributes.
-	 */
-	public function getAttributeNameFormat() {
-		return $this->nameFormat;
-	}
-
-
-	/**
-	 * Set the NameFormat used on all attributes.
-	 *
-	 * @param string $nameFormat  The NameFormat used on all attributes.
-	 */
-	public function setAttributeNameFormat($nameFormat) {
-		assert('is_string($nameFormat)');
-
-		$this->nameFormat = $nameFormat;
-	}
-
-
-	/**
-	 * Retrieve the SubjectConfirmation elements we have in our Subject element.
-	 *
-	 * @return array  Array of SAML2_XML_saml_SubjectConfirmation elements.
-	 */
-	public function getSubjectConfirmation() {
-		return $this->SubjectConfirmation;
-	}
-
-
-	/**
-	 * Set the SubjectConfirmation elements that should be included in the assertion.
-	 *
-	 * @param array $SubjectConfirmation Array of SAML2_XML_saml_SubjectConfirmation elements.
-	 */
-	public function setSubjectConfirmation(array $SubjectConfirmation) {
-
-		$this->SubjectConfirmation = $SubjectConfirmation;
-	}
-
-
-	/**
-	 * Retrieve the private key we should use to sign the assertion.
-	 *
-	 * @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
-	 */
-	public function getSignatureKey() {
-		return $this->signatureKey;
-	}
-
-
-	/**
-	 * Set the private key we should use to sign the assertion.
-	 *
-	 * If the key is NULL, the assertion will be sent unsigned.
-	 *
-	 * @param XMLSecurityKey|NULL $key
-	 */
-	public function setSignatureKey(XMLsecurityKey $signatureKey = NULL) {
-		$this->signatureKey = $signatureKey;
-	}
-
-
-	/**
-	 * Return the key we should use to encrypt the assertion.
-	 *
-	 * @return XMLSecurityKey|NULL The key, or NULL if no key is specified..
-	 *
-	 */
-
-
-	public function getEncryptionKey() {
-		return $this->encryptionKey;
-	}
-
-
-	/**
-	 * Set the private key we should use to encrypt the attributes.
-	 *
-	 * @param XMLSecurityKey|NULL $key
-	 */
-	public function setEncryptionKey(XMLSecurityKey $Key = NULL) {
-		$this->encryptionKey = $Key;
-	}
-
-	/**
-	 * Set the certificates that should be included in the assertion.
-	 *
-	 * The certificates should be strings with the PEM encoded data.
-	 *
-	 * @param array $certificates  An array of certificates.
-	 */
-	public function setCertificates(array $certificates) {
-		$this->certificates = $certificates;
-	}
-
-
-	/**
-	 * Retrieve the certificates that are included in the assertion.
-	 *
-	 * @return array  An array of certificates.
-	 */
-	public function getCertificates() {
-		return $this->certificates;
-	}
-
-
-	/**
-	 * Convert this assertion to an XML element.
-	 *
-	 * @param DOMNode|NULL $parentElement  The DOM node the assertion should be created in.
-	 * @return DOMElement  This assertion.
-	 */
-	public function toXML(DOMNode $parentElement = NULL) {
-
-		if ($parentElement === NULL) {
-			$document = new DOMDocument();
-			$parentElement = $document;
-		} else {
-			$document = $parentElement->ownerDocument;
-		}
-
-		$root = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'Assertion');
-		$parentElement->appendChild($root);
-
-		/* Ugly hack to add another namespace declaration to the root element. */
-		$root->setAttributeNS(SAML2_Const::NS_SAMLP, 'samlp:tmp', 'tmp');
-		$root->removeAttributeNS(SAML2_Const::NS_SAMLP, 'tmp');
-		$root->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:tmp', 'tmp');
-		$root->removeAttributeNS(SAML2_Const::NS_XSI, 'tmp');
-		$root->setAttributeNS(SAML2_Const::NS_XS, 'xs:tmp', 'tmp');
-		$root->removeAttributeNS(SAML2_Const::NS_XS, 'tmp');
-
-		$root->setAttribute('ID', $this->id);
-		$root->setAttribute('Version', '2.0');
-		$root->setAttribute('IssueInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant));
-
-		$issuer = SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer);
-
-		$this->addSubject($root);
-		$this->addConditions($root);
-		$this->addAuthnStatement($root);
-		if($this->requiredEncAttributes == false)
-			$this->addAttributeStatement($root);
-		else
-			$this->addEncryptedAttributeStatement($root);
-
-		if ($this->signatureKey !== NULL) {
-			SAML2_Utils::insertSignature($this->signatureKey, $this->certificates, $root, $issuer->nextSibling);
-		}
-
-		return $root;
-	}
-
-
-	/**
-	 * Add a Subject-node to the assertion.
-	 *
-	 * @param DOMElement $root  The assertion element we should add the subject to.
-	 */
-	private function addSubject(DOMElement $root) {
-
-		if ($this->nameId === NULL && $this->encryptedNameId === NULL) {
-			/* We don't have anything to create a Subject node for. */
-			return;
-		}
-
-		$subject = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Subject');
-		$root->appendChild($subject);
-
-		if ($this->encryptedNameId === NULL) {
-			SAML2_Utils::addNameId($subject, $this->nameId);
-		} else {
-			$eid = $subject->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID');
-			$subject->appendChild($eid);
-			$eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, TRUE));
-		}
-
-		foreach ($this->SubjectConfirmation as $sc) {
-			$sc->toXML($subject);
-		}
-	}
-
-
-	/**
-	 * Add a Conditions-node to the assertion.
-	 *
-	 * @param DOMElement $root  The assertion element we should add the conditions to.
-	 */
-	private function addConditions(DOMElement $root) {
-
-		$document = $root->ownerDocument;
-
-		$conditions = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:Conditions');
-		$root->appendChild($conditions);
-
-		if ($this->notBefore !== NULL) {
-			$conditions->setAttribute('NotBefore', gmdate('Y-m-d\TH:i:s\Z', $this->notBefore));
-		}
-		if ($this->notOnOrAfter !== NULL) {
-			$conditions->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
-		}
-
-		if ($this->validAudiences !== NULL) {
-			$ar = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AudienceRestriction');
-			$conditions->appendChild($ar);
-
-			SAML2_Utils::addStrings($ar, SAML2_Const::NS_SAML, 'saml:Audience', FALSE, $this->validAudiences);
-		}
-	}
-
-
-	/**
-	 * Add a AuthnStatement-node to the assertion.
-	 *
-	 * @param DOMElement $root  The assertion element we should add the authentication statement to.
-	 */
-	private function addAuthnStatement(DOMElement $root) {
-
-		if ($this->authnContext === NULL || $this->authnInstant === NULL) {
-			/* No authentication context or AuthnInstant => no authentication statement. */
-			return;
-		}
-
-		$document = $root->ownerDocument;
-
-		$as = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement');
-		$root->appendChild($as);
-
-		$as->setAttribute('AuthnInstant', gmdate('Y-m-d\TH:i:s\Z', $this->authnInstant));
-
-		if ($this->sessionNotOnOrAfter !== NULL) {
-			$as->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter));
-		}
-		if ($this->sessionIndex !== NULL) {
-			$as->setAttribute('SessionIndex', $this->sessionIndex);
-		}
-
-		$ac = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnContext');
-		$as->appendChild($ac);
-
-		SAML2_Utils::addString($ac, SAML2_Const::NS_SAML, 'saml:AuthnContextClassRef', $this->authnContext);
-		SAML2_Utils::addStrings($ac, SAML2_Const::NS_SAML, 'saml:AuthenticatingAuthority', false, $this->AuthenticatingAuthority);
-	}
-
-
-	/**
-	 * Add an AttributeStatement-node to the assertion.
-	 *
-	 * @param DOMElement $root  The assertion element we should add the subject to.
-	 */
-	private function addAttributeStatement(DOMElement $root) {
-
-		if (empty($this->attributes)) {
-			return;
-		}
-
-		$document = $root->ownerDocument;
-
-		$attributeStatement = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeStatement');
-		$root->appendChild($attributeStatement);
-
-		foreach ($this->attributes as $name => $values) {
-			$attribute = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute');
-			$attributeStatement->appendChild($attribute);
-			$attribute->setAttribute('Name', $name);
-
-			if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
-				$attribute->setAttribute('NameFormat', $this->nameFormat);
-			}
-
-			foreach ($values as $value) {
-				if (is_string($value)) {
-					$type = 'xs:string';
-				} elseif (is_int($value)) {
-					$type = 'xs:integer';
-				} else {
-					$type = NULL;
-				}
-
-				$attributeValue = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeValue');
-				$attribute->appendChild($attributeValue);
-				if ($type !== NULL) {
-					$attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type);
-				}
-
-				if ($value instanceof DOMNodeList) {
-					for ($i = 0; $i < $value->length; $i++) {
-						$node = $document->importNode($value->item($i), TRUE);
-						$attributeValue->appendChild($node);
-					}
-				} else {
-					$attributeValue->appendChild($document->createTextNode($value));
-				}
-			}
-		}
-	}
-
-
-	/**
-	 * Add an EncryptedAttribute Statement-node to the assertion.
-	 *
-	 * @param DOMElement $root  The assertion element we should add the Encrypted Attribute Statement to.
-	 */
-	private function addEncryptedAttributeStatement(DOMElement $root) {
-
-		if ($this->requiredEncAttributes == FALSE)
-			return;
-
-		$document = $root->ownerDocument;
-
-		$attributeStatement = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeStatement');
-		$root->appendChild($attributeStatement);
-
-		foreach ($this->attributes as $name => $values) {
-			$document2 = new DOMDocument();
-			$attribute = $document2->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute');
-			$attribute->setAttribute('Name', $name);
-			$document2->appendChild($attribute);
-
-			if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
-				$attribute->setAttribute('NameFormat', $this->nameFormat);
-			}
-
-			foreach ($values as $value) {
-				if (is_string($value)) {
-					$type = 'xs:string';
-				} elseif (is_int($value)) {
-					$type = 'xs:integer';
-				} else {
-					$type = NULL;
-				}
-
-				$attributeValue = $document2->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeValue');
-				$attribute->appendChild($attributeValue);
-				if ($type !== NULL) {
-					$attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type);
-				}
-
-				if ($value instanceof DOMNodeList) {
-					for ($i = 0; $i < $value->length; $i++) {
-						$node = $document2->importNode($value->item($i), TRUE);
-						$attributeValue->appendChild($node);
-					}
-				} else {
-					$attributeValue->appendChild($document2->createTextNode($value));
-				}
-			}
-			/*Once the attribute nodes are built, the are encrypted*/
-			$EncAssert = new XMLSecEnc();
-			$EncAssert->setNode($document2->documentElement);
-			$EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element';
-			/*
-			 * Attributes are encrypted with a session key and this one with
-			 * $EncryptionKey
-			 */
-			$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
-			$symmetricKey->generateSessionKey();
-			$EncAssert->encryptKey($this->encryptionKey, $symmetricKey);
-			$EncrNode = $EncAssert->encryptNode($symmetricKey);
-
-			$EncAttribute = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:EncryptedAttribute');
-			$attributeStatement->appendChild($EncAttribute);
-			$n = $document->importNode($EncrNode,true);
-			$EncAttribute->appendChild($n);
-		}
-	}
-
-}
diff --git a/lib/SAML2/AttributeQuery.php b/lib/SAML2/AttributeQuery.php
deleted file mode 100644
index 09b70b7841a64c41784b752fe5ebd93b5f30729b..0000000000000000000000000000000000000000
--- a/lib/SAML2/AttributeQuery.php
+++ /dev/null
@@ -1,176 +0,0 @@
-<?php
-
-/**
- * Class for SAML 2 attribute query messages.
- *
- * An attribute query asks for a set of attributes. The following
- * rules apply:
- *
- * - If no attributes are present in the query, all attributes should be
- *   returned.
- * - If any attributes are present, only those attributes which are present
- *   in the query should be returned.
- * - If an attribute contains any attribute values, only the attribute values
- *   which match those in the query should be returned.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_AttributeQuery extends SAML2_SubjectQuery {
-
-
-	/**
-	 * The attributes, as an associative array.
-	 *
-	 * @var array
-	 */
-	private $attributes;
-
-
-	/**
-	 * The NameFormat used on all attributes.
-	 *
-	 * If more than one NameFormat is used, this will contain
-	 * the unspecified nameformat.
-	 *
-	 * @var string
-	 */
-	private $nameFormat;
-
-
-	/**
-	 * Constructor for SAML 2 attribute query messages.
-	 *
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('AttributeQuery', $xml);
-
-		$this->attributes = array();
-		$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$firstAttribute = TRUE;
-		$attributes = SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute');
-		foreach ($attributes as $attribute) {
-			if (!$attribute->hasAttribute('Name')) {
-				throw new Exception('Missing name on <saml:Attribute> element.');
-			}
-			$name = $attribute->getAttribute('Name');
-
-			if ($attribute->hasAttribute('NameFormat')) {
-				$nameFormat = $attribute->getAttribute('NameFormat');
-			} else {
-				$nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-			}
-
-			if ($firstAttribute) {
-				$this->nameFormat = $nameFormat;
-				$firstAttribute = FALSE;
-			} else {
-				if ($this->nameFormat !== $nameFormat) {
-					$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
-				}
-			}
-
-			if (!array_key_exists($name, $this->attributes)) {
-				$this->attributes[$name] = array();
-			}
-
-			$values = SAML2_Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
-			foreach ($values as $value) {
-				$this->attributes[$name][] = trim($value->textContent);
-			}
-		}
-	}
-
-
-	/**
-	 * Retrieve all requested attributes.
-	 *
-	 * @return array  All requested attributes, as an associative array.
-	 */
-	public function getAttributes() {
-
-		return $this->attributes;
-	}
-
-
-	/**
-	 * Set all requested attributes.
-	 *
-	 * @param array $attributes  All requested attributes, as an associative array.
-	 */
-	public function setAttributes(array $attributes) {
-
-		$this->attributes = $attributes;
-	}
-
-
-	/**
-	 * Retrieve the NameFormat used on all attributes.
-	 *
-	 * If more than one NameFormat is used in the received attributes, this
-	 * returns the unspecified NameFormat.
-	 *
-	 * @return string  The NameFormat used on all attributes.
-	 */
-	public function getAttributeNameFormat() {
-		return $this->nameFormat;
-	}
-
-
-	/**
-	 * Set the NameFormat used on all attributes.
-	 *
-	 * @param string $nameFormat  The NameFormat used on all attributes.
-	 */
-	public function setAttributeNameFormat($nameFormat) {
-		assert('is_string($nameFormat)');
-
-		$this->nameFormat = $nameFormat;
-	}
-
-
-	/**
-	 * Convert the attribute query message to an XML element.
-	 *
-	 * @return DOMElement  This attribute query.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-
-		foreach ($this->attributes as $name => $values) {
-			$attribute = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute');
-			$root->appendChild($attribute);
-			$attribute->setAttribute('Name', $name);
-
-			if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
-				$attribute->setAttribute('NameFormat', $this->nameFormat);
-			}
-
-			foreach ($values as $value) {
-				if (is_string($value)) {
-					$type = 'xs:string';
-				} elseif (is_int($value)) {
-					$type = 'xs:integer';
-				} else {
-					$type = NULL;
-				}
-
-				$attributeValue = SAML2_Utils::addString($attribute, SAML2_Const::NS_SAML, 'saml:AttributeValue', $value);
-				if ($type !== NULL) {
-					$attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type);
-				}
-			}
-		}
-
-		return $root;
-	}
-
-
-}
diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
deleted file mode 100644
index b536dce249231be4664e896397beae7d0c66e17d..0000000000000000000000000000000000000000
--- a/lib/SAML2/AuthnRequest.php
+++ /dev/null
@@ -1,533 +0,0 @@
-<?php
-
-/**
- * Class for SAML 2 authentication request messages.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_AuthnRequest extends SAML2_Request {
-
-	/**
-	 * The options for what type of name identifier should be returned.
-	 *
-	 * @var array
-	 */
-	private $nameIdPolicy;
-
-	/**
-	 * Whether the Identity Provider must authenticate the user again.
-	 *
-	 * @var bool
-	 */
-	private $forceAuthn;
-
-
-	/**
-	 * Set to TRUE if this request is passive.
-	 *
-	 * @var bool.
-	 */
-	private $isPassive;
-
-	/**
-	 * The list of providerIDs in this request's scoping element
-	 *
-	 * @var array
-	*/
-	private $IDPList = array();
-
-	/**
-	 * The ProxyCount in this request's scoping element
-	 *
-	 * @var int
-	*/
-	private $ProxyCount = null;
-
-	/**
-	 * The RequesterID list in this request's scoping element
-	 *
-	 * @var array
-	*/
-
-	private $RequesterID = array();
-
-	/**
-	 * The URL of the asertion consumer service where the response should be delivered.
-	 *
-	 * @var string|NULL
-	 */
-	private $assertionConsumerServiceURL;
-
-
-	/**
-	 * What binding should be used when sending the response.
-	 *
-	 * @var string|NULL
-	 */
-	private $protocolBinding;
-
-
-	/**
-	 * The index of the AttributeConsumingService.
-	 *
-	 * @var int|NULL
-	 */
-	private $attributeConsumingServiceIndex;
-
-	/**
-	 * The index of the AssertionConsumerService.
-	 *
-	 * @var int|NULL
-	 */
-	private $assertionConsumerServiceIndex;
-
-
-	/**
-	 * What authentication context was requested.
-	 *
-	 * Array with the following elements.
-	 * - AuthnContextClassRef (required)
-	 * - Comparison (optinal)
-	 *
-	 * @var array
-	 */
-	private $requestedAuthnContext;
-
-	/**
-	 * Request extensions.
-	 *
-	 * @var array
-	 */
-	private $extensions;
-
-	/**
-	 * Constructor for SAML 2 authentication request messages.
-	 *
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('AuthnRequest', $xml);
-
-		$this->nameIdPolicy = array();
-		$this->forceAuthn = FALSE;
-		$this->isPassive = FALSE;
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->forceAuthn = SAML2_Utils::parseBoolean($xml, 'ForceAuthn', FALSE);
-		$this->isPassive = SAML2_Utils::parseBoolean($xml, 'IsPassive', FALSE);
-
-		if ($xml->hasAttribute('AssertionConsumerServiceURL')) {
-			$this->assertionConsumerServiceURL = $xml->getAttribute('AssertionConsumerServiceURL');
-		}
-
-		if ($xml->hasAttribute('ProtocolBinding')) {
-			$this->protocolBinding = $xml->getAttribute('ProtocolBinding');
-		}
-
-		if ($xml->hasAttribute('AttributeConsumingServiceIndex')) {
-			$this->attributeConsumingServiceIndex = (int)$xml->getAttribute('AttributeConsumingServiceIndex');
-		}
-
-		if ($xml->hasAttribute('AssertionConsumerServiceIndex')) {
-			$this->assertionConsumerServiceIndex = (int)$xml->getAttribute('AssertionConsumerServiceIndex');
-		}
-
-		$nameIdPolicy = SAML2_Utils::xpQuery($xml, './saml_protocol:NameIDPolicy');
-
-		if (!empty($nameIdPolicy)) {
-			$nameIdPolicy = $nameIdPolicy[0];
-			if ($nameIdPolicy->hasAttribute('Format')) {
-				$this->nameIdPolicy['Format'] = $nameIdPolicy->getAttribute('Format');
-			}
-			if ($nameIdPolicy->hasAttribute('SPNameQualifier')) {
-				$this->nameIdPolicy['SPNameQualifier'] = $nameIdPolicy->getAttribute('SPNameQualifier');
-			}
-			if ($nameIdPolicy->hasAttribute('AllowCreate')) {
-				$this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
-			}
-		}
-
-		$requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
-		if (!empty($requestedAuthnContext)) {
-			$requestedAuthnContext = $requestedAuthnContext[0];
-
-			$rac = array(
-				'AuthnContextClassRef' => array(),
-				'Comparison' => 'exact',
-			);
-
-			$accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
-			foreach ($accr as $i) {
-				$rac['AuthnContextClassRef'][] = trim($i->textContent);
-			}
-
-			if ($requestedAuthnContext->hasAttribute('Comparison')) {
-				$rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
-			}
-
-			$this->requestedAuthnContext = $rac;
-		}
-
-		$scoping = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping');
-		if (!empty($scoping)) {
-			$scoping =$scoping[0];
-
-			if ($scoping->hasAttribute('ProxyCount')) {
-				$this->ProxyCount = (int)$scoping->getAttribute('ProxyCount');
-			}
-			$idpEntries = SAML2_Utils::xpQuery($scoping, './saml_protocol:IDPList/saml_protocol:IDPEntry');
-
-			foreach($idpEntries as $idpEntry) {
-				if (!$idpEntry->hasAttribute('ProviderID')) {
-					throw new Exception("Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
-				}
-				$this->IDPList[] = $idpEntry->getAttribute('ProviderID');
-			}
-
-			$requesterIDs = SAML2_Utils::xpQuery($scoping, './saml_protocol:RequesterID');
-			foreach ($requesterIDs as $requesterID) {
-				$this->RequesterID[] = trim($requesterID->textContent);
-			}
-
-		}
-
-		$this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
-	}
-
-
-	/**
-	 * Retrieve the NameIdPolicy.
-	 *
-	 * @see SAML2_AuthnRequest::setNameIdPolicy()
-	 * @return array  The NameIdPolicy.
-	 */
-	public function getNameIdPolicy() {
-		return $this->nameIdPolicy;
-	}
-
-
-	/**
-	 * Set the NameIDPolicy.
-	 *
-	 * This function accepts an array with the following options:
-	 *  - 'Format'
-	 *  - 'SPNameQualifier'
-	 *  - 'AllowCreate'
-	 *
-	 * @param array $nameIdPolicy  The NameIDPolicy.
-	 */
-	public function setNameIdPolicy(array $nameIdPolicy) {
-
-		$this->nameIdPolicy = $nameIdPolicy;
-	}
-
-
-	/**
-	 * Retrieve the value of the ForceAuthn attribute.
-	 *
-	 * @return bool  The ForceAuthn attribute.
-	 */
-	public function getForceAuthn() {
-		return $this->forceAuthn;
-	}
-
-
-	/**
-	 * Set the value of the ForceAuthn attribute.
-	 *
-	 * @param bool $forceAuthn  The ForceAuthn attribute.
-	 */
-	public function setForceAuthn($forceAuthn) {
-		assert('is_bool($forceAuthn)');
-
-		$this->forceAuthn = $forceAuthn;
-	}
-
-
-	/**
-	 * Retrieve the value of the IsPassive attribute.
-	 *
-	 * @return bool  The IsPassive attribute.
-	 */
-	public function getIsPassive() {
-		return $this->isPassive;
-	}
-
-
-	/**
-	 * Set the value of the IsPassive attribute.
-	 *
-	 * @param bool $isPassive  The IsPassive attribute.
-	 */
-	public function setIsPassive($isPassive) {
-		assert('is_bool($isPassive)');
-
-		$this->isPassive = $isPassive;
-	}
-
-
-	/**
-	 * This function sets the scoping for the request
-	 * See Core 3.4.1.2 for the definition of scoping
-	 * Currently we only support an IDPList of idpEntries
-	 * and only the required ProviderID in an IDPEntry
-	 * $providerIDs is an array of Entity Identifiers
-	 *
-	 */
-	public function setIDPList($IDPList) {
-		assert('is_array($IDPList)');
-		$this->IDPList = $IDPList;
-	}
-
-
-	/**
-	 * This function retrieves the list of providerIDs from this authentication request.
-	 * Currently we only support a list of ipd ientity id's.
-	 * @return The list of idpidentityids from the request
-	 */
-	 
-	public function getIDPList() {
-		return $this->IDPList;
-	}
-
-	public function setProxyCount($ProxyCount) {
-		assert('is_int($ProxyCount)');
-		$this->ProxyCount = $ProxyCount;
-	}
-
-	public function getProxyCount() {
-		return $this->ProxyCount;
-	}
-	
-	public function setRequesterID(array $RequesterID) {
-		$this->RequesterID = $RequesterID;
-	}
-
-	public function getRequesterID() {
-		return $this->RequesterID;
-	}
-
-	/**
-	 * Retrieve the value of the AssertionConsumerServiceURL attribute.
-	 *
-	 * @return string|NULL  The AssertionConsumerServiceURL attribute.
-	 */
-	public function getAssertionConsumerServiceURL() {
-		return $this->assertionConsumerServiceURL;
-	}
-
-
-	/**
-	 * Set the value of the AssertionConsumerServiceURL attribute.
-	 *
-	 * @param string|NULL $assertionConsumerServiceURL  The AssertionConsumerServiceURL attribute.
-	 */
-	public function setAssertionConsumerServiceURL($assertionConsumerServiceURL) {
-		assert('is_string($assertionConsumerServiceURL) || is_null($assertionConsumerServiceURL)');
-
-		$this->assertionConsumerServiceURL = $assertionConsumerServiceURL;
-	}
-
-
-	/**
-	 * Retrieve the value of the ProtocolBinding attribute.
-	 *
-	 * @return string|NULL  The ProtocolBinding attribute.
-	 */
-	public function getProtocolBinding() {
-		return $this->protocolBinding;
-	}
-
-
-	/**
-	 * Set the value of the ProtocolBinding attribute.
-	 *
-	 * @param string $protocolBinding  The ProtocolBinding attribute.
-	 */
-	public function setProtocolBinding($protocolBinding) {
-		assert('is_string($protocolBinding) || is_null($protocolBinding)');
-
-		$this->protocolBinding = $protocolBinding;
-	}
-
-	/**
-	 * Retrieve the value of the AttributeConsumingServiceIndex attribute.
-	 *
-	 * @return int|NULL  The AttributeConsumingServiceIndex attribute.
-	 */
-	public function getAttributeConsumingServiceIndex() {
-		return $this->attributeConsumingServiceIndex;
-	}
-
-
-	/**
-	 * Set the value of the AttributeConsumingServiceIndex attribute.
-	 *
-	 * @param int|NULL $attributeConsumingServiceIndex  The AttributeConsumingServiceIndex attribute.
-	 */
-	public function setAttributeConsumingServiceIndex($attributeConsumingServiceIndex) {
-		assert('is_int($attributeConsumingServiceIndex) || is_null($attributeConsumingServiceIndex)');
-
-		$this->attributeConsumingServiceIndex = $attributeConsumingServiceIndex;
-	}
-
-
-	/**
-	 * Retrieve the value of the AssertionConsumerServiceIndex attribute.
-	 *
-	 * @return int|NULL  The AssertionConsumerServiceIndex attribute.
-	 */
-	public function getAssertionConsumerServiceIndex() {
-		return $this->assertionConsumerServiceIndex;
-	}
-
-
-	/**
-	 * Set the value of the AssertionConsumerServiceIndex attribute.
-	 *
-	 * @param int|NULL $assertionConsumerServiceIndex  The AssertionConsumerServiceIndex attribute.
-	 */
-	public function setAssertionConsumerServiceIndex($assertionConsumerServiceIndex) {
-		assert('is_int($assertionConsumerServiceIndex) || is_null($assertionConsumerServiceIndex)');
-
-		$this->assertionConsumerServiceIndex = $assertionConsumerServiceIndex;
-	}
-
-
-	/**
-	 * Retrieve the RequestedAuthnContext.
-	 *
-	 * @return array|NULL  The RequestedAuthnContext.
-	 */
-	public function getRequestedAuthnContext() {
-		return $this->requestedAuthnContext;
-	}
-
-
-	/**
-	 * Set the RequestedAuthnContext.
-	 *
-	 * @param array|NULL $requestedAuthnContext  The RequestedAuthnContext.
-	 */
-	public function setRequestedAuthnContext($requestedAuthnContext) {
-		assert('is_array($requestedAuthnContext) || is_null($requestedAuthnContext)');
-
-		$this->requestedAuthnContext = $requestedAuthnContext;
-	}
-
-
-	/**
-	 * Retrieve the Extensions.
-	 *
-	 * @return SAML2_XML_samlp_Extensions.
-	 */
-	public function getExtensions() {
-		return $this->extensions;
-	}
-
-
-	/**
-	 * Set the Extensions.
-	 *
-	 * @param array|NULL $extensions The Extensions.
-	 */
-	public function setExtensions($extensions) {
-		assert('is_array($extensions) || is_null($extensions)');
-
-		$this->extensions = $extensions;
-	}
-
-
-	/**
-	 * Convert this authentication request to an XML element.
-	 *
-	 * @return DOMElement  This authentication request.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-
-		if ($this->forceAuthn) {
-			$root->setAttribute('ForceAuthn', 'true');
-		}
-
-		if ($this->isPassive) {
-			$root->setAttribute('IsPassive', 'true');
-		}
-
-		if ($this->assertionConsumerServiceIndex !== NULL) {
-			$root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
-		} else {
-			if ($this->assertionConsumerServiceURL !== NULL) {
-				$root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
-			}
-			if ($this->protocolBinding !== NULL) {
-				$root->setAttribute('ProtocolBinding', $this->protocolBinding);
-			}
-		}
-
-		if ($this->attributeConsumingServiceIndex !== NULL) {
-			$root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
-		}
-
-		if (!empty($this->nameIdPolicy)) {
-			$nameIdPolicy = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'NameIDPolicy');
-			if (array_key_exists('Format', $this->nameIdPolicy)) {
-				$nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']);
-			}
-			if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) {
-				$nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']);
-			}
-			if (array_key_exists('AllowCreate', $this->nameIdPolicy) && $this->nameIdPolicy['AllowCreate']) {
-				$nameIdPolicy->setAttribute('AllowCreate', 'true');
-			}
-			$root->appendChild($nameIdPolicy);
-		}
-
-		$rac = $this->requestedAuthnContext;
-		if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
-			$e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
-			$root->appendChild($e);
-			if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
-				$e->setAttribute('Comparison', $rac['Comparison']);
-			}
-			foreach ($rac['AuthnContextClassRef'] as $accr) {
-				SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'AuthnContextClassRef', $accr);
-			}
-		}
-
-		if (!empty($this->extensions)) {
-			SAML2_XML_samlp_Extensions::addList($root, $this->extensions);
-		}
-
-		if ($this->ProxyCount !== null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
-			$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
-			$root->appendChild($scoping);
-			if ($this->ProxyCount !== null) {
-				$scoping->setAttribute('ProxyCount', $this->ProxyCount);
-			}
-			if (count($this->IDPList) > 0) {
-				$idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');
-				foreach ($this->IDPList as $provider) {
-					$idpEntry = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPEntry');
-					$idpEntry->setAttribute('ProviderID', $provider);
-					$idplist->appendChild($idpEntry);
-				}
-				$scoping->appendChild($idplist);
-			}
-			if (count($this->RequesterID) > 0) {
-				SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID);
-			}
-		}
-
-		return $root;
-	}
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/Binding.php b/lib/SAML2/Binding.php
deleted file mode 100644
index cc5f1ccb9083a329330be97bb5ae94e28f34895c..0000000000000000000000000000000000000000
--- a/lib/SAML2/Binding.php
+++ /dev/null
@@ -1,147 +0,0 @@
-<?php
-
-/**
- * Base class for SAML 2 bindings.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-abstract class SAML2_Binding {
-
-	/**
-	 * The destination of messages.
-	 *
-	 * This can be NULL, in which case the destination in the message is used.
-	 */
-	protected $destination;
-
-
-	/**
-	 * Retrieve a binding with the given URN.
-	 *
-	 * Will throw an exception if it is unable to locate the binding.
-	 *
-	 * @param string $urn  The URN of the binding.
-	 * @return SAML2_Binding  The binding.
-	 */
-	public static function getBinding($urn) {
-		assert('is_string($urn)');
-
-		switch ($urn) {
-		case SAML2_Const::BINDING_HTTP_POST:
-			return new SAML2_HTTPPost();
-		case SAML2_Const::BINDING_HTTP_REDIRECT:
-			return new SAML2_HTTPRedirect();
-		case SAML2_Const::BINDING_HTTP_ARTIFACT:
-			return new SAML2_HTTPArtifact();
-		case SAML2_Const::BINDING_HOK_SSO:
-			return new SAML2_HTTPPost();
-		default:
-			throw new Exception('Unsupported binding: ' . var_export($urn, TRUE));
-		}
-	}
-
-
-	/**
-	 * Guess the current binding.
-	 *
-	 * This function guesses the current binding and creates an instance
-	 * of SAML2_Binding matching that binding.
-	 *
-	 * An exception will be thrown if it is unable to guess the binding.
-	 *
-	 * @return SAML2_Binding  The binding.
-	 */
-	public static function getCurrentBinding() {
-		switch ($_SERVER['REQUEST_METHOD']) {
-		case 'GET':
-			if (array_key_exists('SAMLRequest', $_GET) || array_key_exists('SAMLResponse', $_GET)) {
-				return new SAML2_HTTPRedirect();
-			} elseif (array_key_exists('SAMLart', $_GET) ){
-				return new SAML2_HTTPArtifact();
-			}
-			break;
-
-		case 'POST':
-			if (isset($_SERVER['CONTENT_TYPE'])) {
-				$contentType = $_SERVER['CONTENT_TYPE'];
-				$contentType = explode(';', $contentType);
-				$contentType = $contentType[0]; /* Remove charset. */
-			} else {
-				$contentType = NULL;
-			}
-			if (array_key_exists('SAMLRequest', $_POST) || array_key_exists('SAMLResponse', $_POST)) {
-				return new SAML2_HTTPPost();
-			} elseif (array_key_exists('SAMLart', $_POST) ){
-				return new SAML2_HTTPArtifact();
-			} elseif ($contentType === 'text/xml') {
-				return new SAML2_SOAP();
-			}
-			break;
-		}
-
-		SimpleSAML_Logger::warning('Unable to find the SAML 2 binding used for this request.');
-		SimpleSAML_Logger::warning('Request method: ' . var_export($_SERVER['REQUEST_METHOD'], TRUE));
-		if (!empty($_GET)) {
-			SimpleSAML_Logger::warning("GET parameters: '" . implode("', '", array_map('addslashes', array_keys($_GET))) . "'");
-		}
-		if (!empty($_POST)) {
-			SimpleSAML_Logger::warning("POST parameters: '" . implode("', '", array_map('addslashes', array_keys($_POST))) . "'");
-		}
-		if (isset($_SERVER['CONTENT_TYPE'])) {
-			SimpleSAML_Logger::warning('Content-Type: ' . var_export($_SERVER['CONTENT_TYPE'], TRUE));
-		}
-
-		throw new Exception('Unable to find the current binding.');
-	}
-
-
-	/**
-	 * Retrieve the destination of a message.
-	 *
-	 * @return string|NULL $destination  The destination the message will be delivered to.
-	 */
-	public function getDestination() {
-
-		return $this->destination;
-	}
-
-
-	/**
-	 * Override the destination of a message.
-	 *
-	 * Set to NULL to use the destination set in the message.
-	 *
-	 * @param string|NULL $destination  The destination the message should be delivered to.
-	 */
-	public function setDestination($destination) {
-		assert('is_string($destination) || is_null($destination)');
-
-		$this->destination = $destination;
-	}
-
-
-	/**
-	 * Send a SAML 2 message.
-	 *
-	 * This function will send a message using the specified binding.
-	 * The message will be delivered to the destination set in the message.
-	 *
-	 * @param SAML2_Message $message  The message which should be sent.
-	 */
-	abstract public function send(SAML2_Message $message);
-
-
-	/**
-	 * Receive a SAML 2 message.
-	 *
-	 * This function will extract the message from the current request.
-	 * An exception will be thrown if we are unable to process the message.
-	 *
-	 * @return SAML2_Message  The received message.
-	 */
-	abstract public function receive();
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/Const.php b/lib/SAML2/Const.php
deleted file mode 100644
index c5361867becb0b98de4770ef115e920c1277841c..0000000000000000000000000000000000000000
--- a/lib/SAML2/Const.php
+++ /dev/null
@@ -1,160 +0,0 @@
-<?php
-
-/**
- * Various SAML 2 constants.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_Const {
-
-	/**
-	 * Password authentication context.
-	 */
-	const AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password';
-
-	/**
-	 * Unspecified authentication context.
-	 */
-	const AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified';
-
-
-	/**
-	 * The URN for the HTTP-POST binding.
-	 */
-	const BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST';
-
-	/**
-	 * The URN for the HTTP-Redirect binding.
-	 */
-	const BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect';
-
-	/**
-	 * The URN for the HTTP-ARTIFACT binding.
-	 */
-	const BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact';
-
-	/**
-	 * The URN for the SOAP binding.
-	 */
-	const BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP';
-
-	/**
-	 * The URN for the Holder-of-Key Web Browser SSO Profile binding
-	 */
-	const BINDING_HOK_SSO = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
-
-
-	/**
-	 * Bearer subject confirmation method.
-	 */
-	const CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer';
-
-	/**
-	* Holder-of-Key subject confirmation method.
-	*/
-	const CM_HOK = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key';
-
-
-	/**
-	 * The URN for the unspecified attribute NameFormat.
-	 */
-	const NAMEFORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified';
-
-
-	/**
-	 * Unspecified NameID format.
-	 */
-	const NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified';
-
-	/**
-	 * Persistent NameID format.
-	 */
-	const NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';
-
-	/**
-	 * Transient NameID format.
-	 */
-	const NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
-
-	/**
-	 * Encrypted NameID format.
-	 */
-	const NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted';
-
-
-	/**
-	 * The namespace for the SOAP protocol.
-	 */
-	const NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/';
-
-	/**
-	 * The namespace for the SAML 2 protocol.
-	 */
-	const NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol';
-
-	/**
-	 * The namespace for the SAML 2 assertions.
-	 */
-	const NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion';
-
-	/**
-	 * The namespace for the SAML 2 metadata.
-	 */
-	const NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata';
-
-	/**
-	 * The namespace fox XML schema.
-	 */
-	const NS_XS = 'http://www.w3.org/2001/XMLSchema';
-
-	/**
-	 * The namespace for XML schema instance.
-	 */
-	const NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance';
-
-	/**
-	 * The namespace for the SAML 2 HoK Web Browser SSO Profile.
-	 */
-	const NS_HOK = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
-
-	/**
-	 * Top-level status code indicating successful processing of the request.
-	 */
-	const STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success';
-
-	/**
-	 * Top-level status code indicating that there was a problem with the request.
-	 */
-	const STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester';
-
-	/**
-	 * Top-level status code indicating that there was a problem generating the response.
-	 */
-	const STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder';
-
-	/**
-	 * Top-level status code indicating that the request was from an unsupported version of the SAML protocol.
-	 */
-	const STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch';
-
-
-	/**
-	 * Second-level status code for NoPassive errors.
-	 */
-	const STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive';
-
-	/**
-	 * Second-level status code for PartialLogout.
-	 */
-	const STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout';
-
-	/**
-	 * Second-level status code for ProxyCountExceeded.
-	 */
-	const STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded';
-	
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/EncryptedAssertion.php b/lib/SAML2/EncryptedAssertion.php
deleted file mode 100644
index dc831789e432c0d31a82957b5160ea4f89ce3aa9..0000000000000000000000000000000000000000
--- a/lib/SAML2/EncryptedAssertion.php
+++ /dev/null
@@ -1,120 +0,0 @@
-<?php
-
-/**
- * Class handling encrypted assertions.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_EncryptedAssertion {
-
-	/**
-	 * The current encrypted assertion.
-	 *
-	 * @var DOMElement
-	 */
-	private $encryptedData;
-
-
-	/**
-	 * Constructor for SAML 2 encrypted assertions.
-	 *
-	 * @param DOMElement|NULL $xml  The encrypted assertion XML element.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		if ($xml === NULL) {
-			return;
-		}
-
-		$data = SAML2_Utils::xpQuery($xml, './xenc:EncryptedData');
-		if (count($data) === 0) {
-			throw new Exception('Missing encrypted data in <saml:EncryptedAssertion>.');
-		} elseif (count($data) > 1) {
-			throw new Exception('More than one encrypted data element in <saml:EncryptedAssertion>.');
-		}
-		$this->encryptedData = $data[0];
-	}
-
-
-	/**
-	 * Set the assertion.
-	 *
-	 * @param SAML2_Assertion $assertion  The assertion.
-	 * @param XMLSecurityKey $key  The key we should use to encrypt the assertion.
-	 */
-	public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key) {
-
-		$xml = $assertion->toXML();
-
-		SimpleSAML_Utilities::debugMessage($xml, 'encrypt');
-
-		$enc = new XMLSecEnc();
-		$enc->setNode($xml);
-		$enc->type = XMLSecEnc::Element;
-
-		switch ($key->type) {
-		case XMLSecurityKey::TRIPLEDES_CBC:
-		case XMLSecurityKey::AES128_CBC:
-		case XMLSecurityKey::AES192_CBC:
-		case XMLSecurityKey::AES256_CBC:
-			$symmetricKey = $key;
-			break;
-
-		case XMLSecurityKey::RSA_1_5:
-		case XMLSecurityKey::RSA_OAEP_MGF1P:
-			$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
-			$symmetricKey->generateSessionKey();
-
-			$enc->encryptKey($key, $symmetricKey);
-
-			break;
-
-		default:
-			throw new Exception('Unknown key type for encryption: ' . $key->type);
-		}
-
-		$this->encryptedData = $enc->encryptNode($symmetricKey);
-	}
-
-
-	/**
-	 * Retrieve the assertion.
-	 *
-	 * @param XMLSecurityKey $key  The key we should use to decrypt the assertion.
-	 * @param array $blacklist  Blacklisted decryption algorithms.
-	 * @return SAML2_Assertion  The decrypted assertion.
-	 */
-	public function getAssertion(XMLSecurityKey $inputKey, array $blacklist = array()) {
-
-		$assertionXML = SAML2_Utils::decryptElement($this->encryptedData, $inputKey, $blacklist);
-
-		SimpleSAML_Utilities::debugMessage($assertionXML, 'decrypt');
-
-		return new SAML2_Assertion($assertionXML);
-	}
-
-
-	/**
-	 * Convert this encrypted assertion to an XML element.
-	 *
-	 * @param DOMNode|NULL $parentElement  The DOM node the assertion should be created in.
-	 * @return DOMElement  This encrypted assertion.
-	 */
-	public function toXML(DOMNode $parentElement = NULL) {
-
-		if ($parentElement === NULL) {
-			$document = new DOMDocument();
-			$parentElement = $document;
-		} else {
-			$document = $parentElement->ownerDocument;
-		}
-
-		$root = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedAssertion');
-		$parentElement->appendChild($root);
-
-		$root->appendChild($document->importNode($this->encryptedData, TRUE));
-
-		return $root;
-	}
-
-}
\ No newline at end of file
diff --git a/lib/SAML2/HTTPArtifact.php b/lib/SAML2/HTTPArtifact.php
deleted file mode 100644
index 2294c959b59b587a60e3976cdf5eb3788963e5b0..0000000000000000000000000000000000000000
--- a/lib/SAML2/HTTPArtifact.php
+++ /dev/null
@@ -1,155 +0,0 @@
-<?php
-
-
-/**
- * Class which implements the HTTP-Redirect binding.
- *
- * @author  Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_HTTPArtifact extends SAML2_Binding {
-
-	private $spMetadata;
-
-	/**
-	 * Create the redirect URL for a message.
-	 *
-	 * @param SAML2_Message $message  The message.
-	 * @return string  The URL the user should be redirected to in order to send a message.
-	 */
-	public function getRedirectURL(SAML2_Message $message) {
-
-		$store = SimpleSAML_Store::getInstance();
-		if ($store === FALSE) {
-			throw new Exception('Unable to send artifact without a datastore configured.');
-		}
-
-		$generatedId = pack('H*', ((string)  SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20))));
-		$artifact = base64_encode("\x00\x04\x00\x00" . sha1($message->getIssuer(), TRUE) . $generatedId) ;
-		$artifactData = $message->toUnsignedXML();
-		$artifactDataString = $artifactData->ownerDocument->saveXML($artifactData);
-
-		$store->set('artifact', $artifact, $artifactDataString, time() + 15*60);
-
-		$params = array(
-			'SAMLart' => $artifact,
-		);
-		$relayState = $message->getRelayState();
-		if ($relayState !== NULL) {
-			$params['RelayState'] = $relayState;
-		}
-
-		return SimpleSAML_Utilities::addURLparameter($message->getDestination(), $params);
-	}
-
-
-	/**
-	 * Send a SAML 2 message using the HTTP-Redirect binding.
-	 *
-	 * Note: This function never returns.
-	 *
-	 * @param SAML2_Message $message  The message we should send.
-	 */
-	public function send(SAML2_Message $message) {
-
-		$destination = $this->getRedirectURL($message);
-		SimpleSAML_Utilities::redirect($destination);
-	}
-
-
-	/**
-	 * Receive a SAML 2 message sent using the HTTP-Artifact binding.
-	 *
-	 * Throws an exception if it is unable receive the message.
-	 *
-	 * @return SAML2_Message  The received message.
-	 */
-	public function receive() {
-
-		if (array_key_exists('SAMLart', $_REQUEST)) {
-			$artifact = base64_decode($_REQUEST['SAMLart']);
-			$endpointIndex =  bin2hex(substr($artifact,2,2));
-			$sourceId = bin2hex(substr($artifact,4,20));
-
-		}else{
-			throw new Exception('Missing SAMLArt parameter.');
-		}
-
-		$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-		$idpmetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote');
-
-		if ($idpmetadata === NULL) {
-			throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE));
-		}
-
-		$endpoint = NULL;
-		foreach ($idpmetadata->getEndpoints('ArtifactResolutionService') as $ep) {
-			if ($ep['index'] ===  hexdec($endpointIndex)) {
-				$endpoint = $ep;
-				break;
-			}
-		}
-
-		if ($endpoint === NULL) {
-			throw new Exception('No ArtifactResolutionService with the correct index.');
-		}
-
-		SimpleSAML_Logger::debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']);
-
-		//Construct the ArtifactResolve Request
-		$ar = new SAML2_ArtifactResolve();
-
-		/* Set the request attributes */
-
-		$ar->setIssuer($this->spMetadata->getString('entityid'));
-		$ar->setArtifact($_REQUEST['SAMLart']);
-		$ar->setDestination($endpoint['Location']);
-
-		/* Sign the request */
-		sspmod_saml_Message::addSign($this->spMetadata, $idpmetadata, $ar); // Shoaib - moved from the SOAPClient.
-
-		$soap = new SAML2_SOAPClient();
-
-		// Send message through SoapClient
-		$artifactResponse = $soap->send($ar, $this->spMetadata);
-
-		if (!$artifactResponse->isSuccess()) {
-			throw new Exception('Received error from ArtifactResolutionService.');
-		}
-
-		$xml = $artifactResponse->getAny();
-		if ($xml === NULL) {
-			/* Empty ArtifactResponse - possibly because of Artifact replay? */
-			return NULL;
-		}
-
-		$samlresponse = SAML2_Message::fromXML($xml);
-		$samlresponse->addValidator(array(get_class($this), 'validateSignature'), $artifactResponse);
-
-
-		if (isset($_REQUEST['RelayState'])) {
-			$samlresponse->setRelayState($_REQUEST['RelayState']);
-		}
-
-		return $samlresponse;
-	}
-
-
-	public function setSPMetadata($sp){
-		$this->spMetadata = $sp;
-	}
-
-
-	/**
-	 * A validator which returns TRUE if the ArtifactResponse was signed with the given key
-	 *
-	 * @return TRUE
-	 */
-	public static function validateSignature(SAML2_ArtifactResponse $message, XMLSecurityKey $key) {
-
-		return $message->validate($key);
-	}
-
-}
diff --git a/lib/SAML2/HTTPPost.php b/lib/SAML2/HTTPPost.php
deleted file mode 100644
index 951a88a8e18acba26189f67c00ac1011c50935f8..0000000000000000000000000000000000000000
--- a/lib/SAML2/HTTPPost.php
+++ /dev/null
@@ -1,87 +0,0 @@
-<?php
-
-/**
- * Class which implements the HTTP-POST binding.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_HTTPPost extends SAML2_Binding {
-
-	/**
-	 * Send a SAML 2 message using the HTTP-POST binding.
-	 *
-	 * Note: This function never returns.
-	 *
-	 * @param SAML2_Message $message  The message we should send.
-	 */
-	public function send(SAML2_Message $message) {
-
-		if ($this->destination === NULL) {
-			$destination = $message->getDestination();
-		} else {
-			$destination = $this->destination;
-		}
-		$relayState = $message->getRelayState();
-
-		$msgStr = $message->toSignedXML();
-		$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
-
-		SimpleSAML_Utilities::debugMessage($msgStr, 'out');
-
-		$msgStr = base64_encode($msgStr);
-
-		if ($message instanceof SAML2_Request) {
-			$msgType = 'SAMLRequest';
-		} else {
-			$msgType = 'SAMLResponse';
-		}
-
-		$post = array();
-		$post[$msgType] = $msgStr;
-
-		if ($relayState !== NULL) {
-			$post['RelayState'] = $relayState;
-		}
-
-		SimpleSAML_Utilities::postRedirect($destination, $post);
-	}
-
-
-	/**
-	 * Receive a SAML 2 message sent using the HTTP-POST binding.
-	 *
-	 * Throws an exception if it is unable receive the message.
-	 *
-	 * @return SAML2_Message  The received message.
-	 */
-	public function receive() {
-
-		if (array_key_exists('SAMLRequest', $_POST)) {
-			$msg = $_POST['SAMLRequest'];
-		} elseif (array_key_exists('SAMLResponse', $_POST)) {
-			$msg = $_POST['SAMLResponse'];
-		} else {
-			throw new Exception('Missing SAMLRequest or SAMLResponse parameter.');
-		}
-
-		$msg = base64_decode($msg);
-
-		SimpleSAML_Utilities::debugMessage($msg, 'in');
-
-		$document = new DOMDocument();
-		$document->loadXML($msg);
-		$xml = $document->firstChild;
-
-		$msg = SAML2_Message::fromXML($xml);
-
-		if (array_key_exists('RelayState', $_POST)) {
-			$msg->setRelayState($_POST['RelayState']);
-		}
-
-		return $msg;
-	}
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/HTTPRedirect.php b/lib/SAML2/HTTPRedirect.php
deleted file mode 100644
index ddafea9d3fd10539e0b4869583bdb77fbc484674..0000000000000000000000000000000000000000
--- a/lib/SAML2/HTTPRedirect.php
+++ /dev/null
@@ -1,240 +0,0 @@
-<?php
-
-/**
- * Class which implements the HTTP-Redirect binding.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_HTTPRedirect extends SAML2_Binding {
-
-	const DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE';
-
-	/**
-	 * Create the redirect URL for a message.
-	 *
-	 * @param SAML2_Message $message  The message.
-	 * @return string  The URL the user should be redirected to in order to send a message.
-	 */
-	public function getRedirectURL(SAML2_Message $message) {
-
-		if ($this->destination === NULL) {
-			$destination = $message->getDestination();
-		} else {
-			$destination = $this->destination;
-		}
-
-		$relayState = $message->getRelayState();
-
-		$key = $message->getSignatureKey();
-
-		$msgStr = $message->toUnsignedXML();
-		$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
-
-		SimpleSAML_Utilities::debugMessage($msgStr, 'out');
-
-		$msgStr = gzdeflate($msgStr);
-		$msgStr = base64_encode($msgStr);
-
-		/* Build the query string. */
-
-		if ($message instanceof SAML2_Request) {
-			$msg = 'SAMLRequest=';
-		} else {
-			$msg = 'SAMLResponse=';
-		}
-		$msg .= urlencode($msgStr);
-
-		if ($relayState !== NULL) {
-			$msg .= '&RelayState=' . urlencode($relayState);
-		}
-
-		if ($key !== NULL) {
-			/* Add the signature. */
-			$msg .= '&SigAlg=' . urlencode($key->type);
-
-			$signature = $key->signData($msg);
-			$msg .= '&Signature=' . urlencode(base64_encode($signature));
-		}
-
-		if (strpos($destination, '?') === FALSE) {
-			$destination .= '?' . $msg;
-		} else {
-			$destination .= '&' . $msg;
-		}
-
-		return $destination;
-	}
-
-
-	/**
-	 * Send a SAML 2 message using the HTTP-Redirect binding.
-	 *
-	 * Note: This function never returns.
-	 *
-	 * @param SAML2_Message $message  The message we should send.
-	 */
-	public function send(SAML2_Message $message) {
-
-		$destination = $this->getRedirectURL($message);
-		SimpleSAML_Logger::debug('Redirect to ' . strlen($destination) . ' byte URL: ' . $destination);
-		SimpleSAML_Utilities::redirect($destination);
-	}
-
-
-	/**
-	 * Receive a SAML 2 message sent using the HTTP-Redirect binding.
-	 *
-	 * Throws an exception if it is unable receive the message.
-	 *
-	 * @return SAML2_Message  The received message.
-	 */
-	public function receive() {
-
-		$data = self::parseQuery();
-
-		if (array_key_exists('SAMLRequest', $data)) {
-			$msg = $data['SAMLRequest'];
-		} elseif (array_key_exists('SAMLResponse', $data)) {
-			$msg = $data['SAMLResponse'];
-		} else {
-			throw new Exception('Missing SAMLRequest or SAMLResponse parameter.');
-		}
-
-		if (array_key_exists('SAMLEncoding', $data)) {
-			$encoding = $data['SAMLEncoding'];
-		} else {
-			$encoding = self::DEFLATE;
-		}
-
-		$msg = base64_decode($msg);
-		switch ($encoding) {
-		case self::DEFLATE:
-			$msg = gzinflate($msg);
-			break;
-		default:
-			throw new Exception('Unknown SAMLEncoding: ' . var_export($encoding, TRUE));
-		}
-
-		SimpleSAML_Utilities::debugMessage($msg, 'in');
-
-		$document = new DOMDocument();
-		$document->loadXML($msg);
-		$xml = $document->firstChild;
-
-		$msg = SAML2_Message::fromXML($xml);
-
-		if (array_key_exists('Signature', $data)) {
-			/* Save the signature validation data until we need it. */
-			$signatureValidationData = array(
-				'Signature' => $data['Signature'],
-				'Query' => $data['SignedQuery'],
-				);
-		}
-
-
-		if (array_key_exists('RelayState', $data)) {
-			$msg->setRelayState($data['RelayState']);
-		}
-
-		if (array_key_exists('Signature', $data)) {
-			if (!array_key_exists('SigAlg', $data)) {
-				throw new Exception('Missing signature algorithm.');
-			}
-
-			$signData = array(
-				'Signature' => $data['Signature'],
-				'SigAlg' => $data['SigAlg'],
-				'Query' => $data['SignedQuery'],
-				);
-			$msg->addValidator(array(get_class($this), 'validateSignature'), $signData);
-		}
-
-		return $msg;
-	}
-
-
-	/**
-	 * Helper function to parse query data.
-	 *
-	 * This function returns the query string split into key=>value pairs.
-	 * It also adds a new parameter, SignedQuery, which contains the data that is
-	 * signed.
-	 *
-	 * @return string  The query data that is signed.
-	 */
-	private static function parseQuery() {
-		/*
-		 * Parse the query string. We need to do this ourself, so that we get access
-		 * to the raw (urlencoded) values. This is required because different software
-		 * can urlencode to different values.
-		 */
-		$data = array();
-		$relayState = '';
-		$sigAlg = '';
-		foreach (explode('&', $_SERVER['QUERY_STRING']) as $e) {
-			$tmp = explode('=', $e, 2);
-			$name = $tmp[0];
-			if (count($tmp) === 2) {
-				$value = $tmp[1];
-			} else {
-				/* No value for this paramter. */
-				$value = '';
-			}
-			$name = urldecode($name);
-			$data[$name] = urldecode($value);
-
-			switch ($name) {
-			case 'SAMLRequest':
-			case 'SAMLResponse':
-				$sigQuery = $name . '=' . $value;
-				break;
-			case 'RelayState':
-				$relayState = '&RelayState=' . $value;
-				break;
-			case 'SigAlg':
-				$sigAlg = '&SigAlg=' . $value;
-				break;
-			}
-		}
-
-		$data['SignedQuery'] = $sigQuery . $relayState . $sigAlg;
-
-		return $data;
-	}
-
-
-	/**
-	 * Validate the signature on a HTTP-Redirect message.
-	 *
-	 * Throws an exception if we are unable to validate the signature.
-	 *
-	 * @param array $data  The data we need to validate the query string.
-	 * @param XMLSecurityKey $key  The key we should validate the query against.
-	 */
-	public static function validateSignature(array $data, XMLSecurityKey $key) {
-		assert('array_key_exists("Query", $data)');
-		assert('array_key_exists("SigAlg", $data)');
-		assert('array_key_exists("Signature", $data)');
-
-		$query = $data['Query'];
-		$sigAlg = $data['SigAlg'];
-		$signature = $data['Signature'];
-
-		$signature = base64_decode($signature);
-
-		if ($key->type !== XMLSecurityKey::RSA_SHA1) {
-			throw new Exception('Invalid key type for validating signature on query string.');
-		}
-		if ($key->type !== $sigAlg) {
-			$key = SAML2_Utils::castKey($key, $sigAlg);
-		}
-
-		if (!$key->verifySignature($query,$signature)) {
-			throw new Exception('Unable to validate signature on query string.');
-		}
-	}
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/LogoutRequest.php b/lib/SAML2/LogoutRequest.php
deleted file mode 100644
index 1a9cf1e25f75c97853c08cfc0ef3f7b1dc8e7f75..0000000000000000000000000000000000000000
--- a/lib/SAML2/LogoutRequest.php
+++ /dev/null
@@ -1,282 +0,0 @@
-<?php
-
-/**
- * Class for SAML 2 logout request messages.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_LogoutRequest extends SAML2_Request {
-
-	/**
-	 * The expiration time of this request.
-	 *
-	 * @var int|NULL
-	 */
-	private $notOnOrAfter;
-
-
-	/**
-	 * The encrypted NameID in the request.
-	 *
-	 * If this is not NULL, the NameID needs decryption before it can be accessed.
-	 *
-	 * @var DOMElement|NULL
-	 */
-	private $encryptedNameId;
-
-
-	/**
-	 * The name identifier of the session that should be terminated.
-	 *
-	 * @var array
-	 */
-	private $nameId;
-
-
-	/**
-	 * The SessionIndexes of the sessions that should be terminated.
-	 *
-	 * @var array
-	 */
-	private $sessionIndexes;
-
-
-	/**
-	 * Constructor for SAML 2 logout request messages.
-	 *
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('LogoutRequest', $xml);
-
-		$this->sessionIndexes = array();
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('NotOnOrAfter')) {
-			$this->notOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('NotOnOrAfter'));
-		}
-
-		$nameId = SAML2_Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
-		if (empty($nameId)) {
-			throw new Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
-		} elseif (count($nameId) > 1) {
-			throw new Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
-		}
-		$nameId = $nameId[0];
-		if ($nameId->localName === 'EncryptedData') {
-			/* The NameID element is encrypted. */
-			$this->encryptedNameId = $nameId;
-		} else {
-			$this->nameId = SAML2_Utils::parseNameId($nameId);
-		}
-
-		$sessionIndexes = SAML2_Utils::xpQuery($xml, './saml_protocol:SessionIndex');
-		foreach ($sessionIndexes as $sessionIndex) {
-			$this->sessionIndexes[] = trim($sessionIndex->textContent);
-		}
-	}
-
-
-	/**
-	 * Retrieve the expiration time of this request.
-	 *
-	 * @return int|NULL  The expiration time of this request.
-	 */
-	public function getNotOnOrAfter() {
-
-		return $this->notOnOrAfter;
-	}
-
-
-	/**
-	 * Set the expiration time of this request.
-	 *
-	 * @param int|NULL $notOnOrAfter  The expiration time of this request.
-	 */
-	public function setNotOnOrAfter($notOnOrAfter) {
-		assert('is_int($notOnOrAfter) || is_null($notOnOrAfter)');
-
-		$this->notOnOrAfter = $notOnOrAfter;
-	}
-
-
-	/**
-	 * Check whether the NameId is encrypted.
-	 *
-	 * @return TRUE if the NameId is encrypted, FALSE if not.
-	 */
-	public function isNameIdEncrypted() {
-
-		if ($this->encryptedNameId !== NULL) {
-			return TRUE;
-		}
-
-		return FALSE;
-	}
-
-
-	/**
-	 * Encrypt the NameID in the LogoutRequest.
-	 *
-	 * @param XMLSecurityKey $key  The encryption key.
-	 */
-	public function encryptNameId(XMLSecurityKey $key) {
-
-		/* First create a XML representation of the NameID. */
-		$doc = new DOMDocument();
-		$root = $doc->createElement('root');
-		$doc->appendChild($root);
-		SAML2_Utils::addNameId($root, $this->nameId);
-		$nameId = $root->firstChild;
-
-		SimpleSAML_Utilities::debugMessage($nameId, 'encrypt');
-
-		/* Encrypt the NameID. */
-		$enc = new XMLSecEnc();
-		$enc->setNode($nameId);
-		$enc->type = XMLSecEnc::Element;
-
-		$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
-		$symmetricKey->generateSessionKey();
-		$enc->encryptKey($key, $symmetricKey);
-
-		$this->encryptedNameId = $enc->encryptNode($symmetricKey);
-		$this->nameId = NULL;
-	}
-
-
-	/**
-	 * Decrypt the NameID in the LogoutRequest.
-	 *
-	 * @param XMLSecurityKey $key  The decryption key.
-	 * @param array $blacklist  Blacklisted decryption algorithms.
-	 */
-	public function decryptNameId(XMLSecurityKey $key, array $blacklist = array()) {
-
-		if ($this->encryptedNameId === NULL) {
-			/* No NameID to decrypt. */
-			return;
-		}
-
-		$nameId = SAML2_Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
-		SimpleSAML_Utilities::debugMessage($nameId, 'decrypt');
-		$this->nameId = SAML2_Utils::parseNameId($nameId);
-
-		$this->encryptedNameId = NULL;
-	}
-
-
-	/**
-	 * Retrieve the name identifier of the session that should be terminated.
-	 *
-	 * @return array  The name identifier of the session that should be terminated.
-	 */
-	public function getNameId() {
-
-		if ($this->encryptedNameId !== NULL) {
-			throw new Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
-		}
-
-		return $this->nameId;
-	}
-
-
-	/**
-	 * Set the name identifier of the session that should be terminated.
-	 *
-	 * The name identifier must be in the format accepted by SAML2_message::buildNameId().
-	 *
-	 * @see SAML2_message::buildNameId()
-	 * @param array $nameId  The name identifier of the session that should be terminated.
-	 */
-	public function setNameId($nameId) {
-		assert('is_array($nameId)');
-
-		$this->nameId = $nameId;
-	}
-
-
-	/**
-	 * Retrieve the SessionIndexes of the sessions that should be terminated.
-	 *
-	 * @return array  The SessionIndexes, or an empty array if all sessions should be terminated.
-	 */
-	public function getSessionIndexes() {
-		return $this->sessionIndexes;
-	}
-
-
-	/**
-	 * Set the SessionIndexes of the sessions that should be terminated.
-	 *
-	 * @param array $sessionIndexes  The SessionIndexes, or an empty array if all sessions should be terminated.
-	 */
-	public function setSessionIndexes(array $sessionIndexes) {
-		$this->sessionIndexes = $sessionIndexes;
-	}
-
-
-	/**
-	 * Retrieve the sesion index of the session that should be terminated.
-	 *
-	 * @return string|NULL  The sesion index of the session that should be terminated.
-	 */
-	public function getSessionIndex() {
-
-		if (empty($this->sessionIndexes)) {
-			return NULL;
-		}
-
-		return $this->sessionIndexes[0];
-	}
-
-
-	/**
-	 * Set the sesion index of the session that should be terminated.
-	 *
-	 * @param string|NULL $sessionIndex The sesion index of the session that should be terminated.
-	 */
-	public function setSessionIndex($sessionIndex) {
-		assert('is_string($sessionIndex) || is_null($sessionIndex)');
-
-		if (is_null($sessionIndex)) {
-			$this->sessionIndexes = array();
-		} else {
-			$this->sessionIndexes = array($sessionIndex);
-		}
-	}
-
-
-	/**
-	 * Convert this logout request message to an XML element.
-	 *
-	 * @return DOMElement  This logout request.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-
-		if ($this->notOnOrAfter !== NULL) {
-			$root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
-		}
-
-		if ($this->encryptedNameId === NULL) {
-			SAML2_Utils::addNameId($root, $this->nameId);
-		} else {
-			$eid = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID');
-			$root->appendChild($eid);
-			$eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, TRUE));
-		}
-
-		foreach ($this->sessionIndexes as $sessionIndex) {
-			SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $sessionIndex);
-		}
-
-		return $root;
-	}
-
-}
diff --git a/lib/SAML2/LogoutResponse.php b/lib/SAML2/LogoutResponse.php
deleted file mode 100644
index b242d679aeb55f5a1e47a360beb9e1d1902e391f..0000000000000000000000000000000000000000
--- a/lib/SAML2/LogoutResponse.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-/**
- * Class for SAML 2 LogoutResponse messages.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_LogoutResponse extends SAML2_StatusResponse {
-
-	/**
-	 * Constructor for SAML 2 response messages.
-	 *
-	 * @param string $tagName  The tag name of the root element.
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('LogoutResponse', $xml);
-
-		/* No new fields added by LogoutResponse. */
-	}
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/Message.php b/lib/SAML2/Message.php
deleted file mode 100644
index c2d12a8ea355623585124f0e345a20f08054e29c..0000000000000000000000000000000000000000
--- a/lib/SAML2/Message.php
+++ /dev/null
@@ -1,484 +0,0 @@
-<?php
-
-/**
- * Base class for all SAML 2 messages.
- *
- * Implements what is common between the samlp:RequestAbstractType and
- * samlp:StatusResponseType element types.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-abstract class SAML2_Message implements SAML2_SignedElement {
-
-	/**
-	 * The name of the root element of the DOM tree for the message.
-	 *
-	 * Used when creating a DOM tree from the message.
-	 *
-	 * @var string
-	 */
-	private $tagName;
-
-
-	/**
-	 * The identifier of this message.
-	 *
-	 * @var string
-	 */
-	private $id;
-
-
-	/**
-	 * The issue timestamp of this message, as an UNIX timestamp.
-	 *
-	 * @var int
-	 */
-	private $issueInstant;
-
-
-	/**
-	 * The destination URL of this message if it is known.
-	 *
-	 * @var string|NULL
-	 */
-	private $destination;
-
-
-	/**
-	 * The entity id of the issuer of this message, or NULL if unknown.
-	 *
-	 * @var string|NULL
-	 */
-	private $issuer;
-
-
-	/**
-	 * The RelayState associated with this message.
-	 *
-	 * @var string|NULL
-	 */
-	private $relayState;
-
-
-	/**
-	 * The DOMDocument we are currently building.
-	 *
-	 * This variable is used while generating XML from this message. It holds the
-	 * DOMDocument of the XML we are generating.
-	 *
-	 * @var DOMDocument
-	 */
-	protected $document;
-
-
-	/**
-	 * The private key we should use to sign the message.
-	 *
-	 * The private key can be NULL, in which case the message is sent unsigned.
-	 *
-	 * @var XMLSecurityKey|NULL
-	 */
-	private $signatureKey;
-
-
-	/**
-	 * List of certificates that should be included in the message.
-	 *
-	 * @var array
-	 */
-	private $certificates;
-
-
-	/**
-	 * Available methods for validating this message.
-	 *
-	 * @var array
-	 */
-	private $validators;
-
-
-	/**
-	 * Initialize a message.
-	 *
-	 * This constructor takes an optional parameter with a DOMElement. If this
-	 * parameter is given, the message will be initialized with data from that
-	 * XML element.
-	 *
-	 * If no XML element is given, the message is initialized with suitable
-	 * default values.
-	 *
-	 * @param string $tagName  The tag name of the root element.
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	protected function __construct($tagName, DOMElement $xml = NULL) {
-		assert('is_string($tagName)');
-		$this->tagName = $tagName;
-
-		$this->id = SimpleSAML_Utilities::generateID();
-		$this->issueInstant = time();
-		$this->certificates = array();
-		$this->validators = array();
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('ID')) {
-			throw new Exception('Missing ID attribute on SAML message.');
-		}
-		$this->id = $xml->getAttribute('ID');
-
-		if ($xml->getAttribute('Version') !== '2.0') {
-			/* Currently a very strict check. */
-			throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
-		}
-
-		$this->issueInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('IssueInstant'));
-
-		if ($xml->hasAttribute('Destination')) {
-			$this->destination = $xml->getAttribute('Destination');
-		}
-
-		$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
-		if (!empty($issuer)) {
-			$this->issuer = trim($issuer[0]->textContent);
-		}
-
-
-		/* Validate the signature element of the message. */
-		try {
-			$sig = SAML2_Utils::validateElement($xml);
-
-			if ($sig !== FALSE) {
-				$this->certificates = $sig['Certificates'];
-				$this->validators[] = array(
-					'Function' => array('SAML2_Utils', 'validateSignature'),
-					'Data' => $sig,
-					);
-			}
-
-		} catch (Exception $e) {
-			/* Ignore signature validation errors. */
-		}
-
-	}
-
-
-	/**
-	 * Add a method for validating this message.
-	 *
-	 * This function is used by the HTTP-Redirect binding, to make it possible to
-	 * check the signature against the one included in the query string.
-	 *
-	 * @param callback $function  The function which should be called.
-	 * @param mixed $data  The data that should be included as the first parameter to the function.
-	 */
-	public function addValidator($function, $data) {
-		assert('is_callable($function)');
-
-		$this->validators[] = array(
-			'Function' => $function,
-			'Data' => $data,
-			);
-	}
-
-
-	/**
-	 * Validate this message against a public key.
-	 *
-	 * TRUE is returned on success, FALSE is returned if we don't have any
-	 * signature we can validate. An exception is thrown if the signature
-	 * validation fails.
-	 *
-	 * @param XMLSecurityKey $key  The key we should check against.
-	 * @return boolean  TRUE on success, FALSE when we don't have a signature.
-	 */
-	public function validate(XMLSecurityKey $key) {
-
-		if (count($this->validators) === 0) {
-			return FALSE;
-		}
-
-		$exceptions = array();
-
-		foreach ($this->validators as $validator) {
-			$function = $validator['Function'];
-			$data = $validator['Data'];
-
-			try {
-				call_user_func($function, $data, $key);
-				/* We were able to validate the message with this validator. */
-				return TRUE;
-			} catch (Exception $e) {
-				$exceptions[] = $e;
-			}
-		}
-
-		/* No validators were able to validate the message. */
-		throw $exceptions[0];
-	}
-
-
-	/**
-	 * Retrieve the identifier of this message.
-	 *
-	 * @return string  The identifier of this message.
-	 */
-	public function getId() {
-		return $this->id;
-	}
-
-
-	/**
-	 * Set the identifier of this message.
-	 *
-	 * @param string $id  The new identifier of this message.
-	 */
-	public function setId($id) {
-		assert('is_string($id)');
-
-		$this->id = $id;
-	}
-
-
-	/**
-	 * Retrieve the issue timestamp of this message.
-	 *
-	 * @return int  The issue timestamp of this message, as an UNIX timestamp.
-	 */
-	public function getIssueInstant() {
-		return $this->issueInstant;
-	}
-
-
-	/**
-	 * Set the issue timestamp of this message.
-	 *
-	 * @param int $issueInstant  The new issue timestamp of this message, as an UNIX timestamp.
-	 */
-	public function setIssueInstant($issueInstant) {
-		assert('is_int($issueInstant)');
-
-		$this->issueInstant = $issueInstant;
-	}
-
-
-	/**
-	 * Retrieve the destination of this message.
-	 *
-	 * @return string|NULL  The destination of this message, or NULL if no destination is given.
-	 */
-	public function getDestination() {
-		return $this->destination;
-	}
-
-
-	/**
-	 * Set the destination of this message.
-	 *
-	 * @param string|NULL $destination  The new destination of this message.
-	 */
-	public function setDestination($destination) {
-		assert('is_string($destination) || is_null($destination)');
-
-		$this->destination = $destination;
-	}
-
-
-	/**
-	 * Retrieve the issuer if this message.
-	 *
-	 * @return string|NULL  The issuer of this message, or NULL if no issuer is given.
-	 */
-	public function getIssuer() {
-		return $this->issuer;
-	}
-
-
-	/**
-	 * Set the issuer of this message.
-	 *
-	 * @param string|NULL $issuer  The new issuer of this message.
-	 */
-	public function setIssuer($issuer) {
-		assert('is_string($issuer) || is_null($issuer)');
-
-		$this->issuer = $issuer;
-	}
-
-
-	/**
-	 * Retrieve the RelayState associated with this message.
-	 *
-	 * @return string|NULL  The RelayState, or NULL if no RelayState is given.
-	 */
-	public function getRelayState() {
-		return $this->relayState;
-	}
-
-
-	/**
-	 * Set the RelayState associated with this message.
-	 *
-	 * @param string|NULL $relayState  The new RelayState.
-	 */
-	public function setRelayState($relayState) {
-		assert('is_string($relayState) || is_null($relayState)');
-
-		$this->relayState = $relayState;
-	}
-
-
-	/**
-	 * Convert this message to an unsigned XML document.
-	 *
-	 * This method does not sign the resulting XML document.
-	 *
-	 * @return DOMElement  The root element of the DOM tree.
-	 */
-	public function toUnsignedXML() {
-
-		$this->document = new DOMDocument();
-
-		$root = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:' . $this->tagName);
-		$this->document->appendChild($root);
-
-		/* Ugly hack to add another namespace declaration to the root element. */
-		$root->setAttributeNS(SAML2_Const::NS_SAML, 'saml:tmp', 'tmp');
-		$root->removeAttributeNS(SAML2_Const::NS_SAML, 'tmp');
-
-		$root->setAttribute('ID', $this->id);
-		$root->setAttribute('Version', '2.0');
-		$root->setAttribute('IssueInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant));
-
-		if ($this->destination !== NULL) {
-			$root->setAttribute('Destination', $this->destination);
-		}
-
-		if ($this->issuer !== NULL) {
-			SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer);
-		}
-
-		return $root;
-	}
-
-
-	/**
-	 * Convert this message to a signed XML document.
-	 *
-	 * This method sign the resulting XML document if the private key for
-	 * the signature is set.
-	 *
-	 * @return DOMElement  The root element of the DOM tree.
-	 */
-	public function toSignedXML() {
-
-		$root = $this->toUnsignedXML();
-
-		if ($this->signatureKey === NULL) {
-			/* We don't have a key to sign it with. */
-			return $root;
-		}
-
-
-		/* Find the position we should insert the signature node at. */
-		if ($this->issuer !== NULL) {
-			/*
-			 * We have an issuer node. The signature node should come
-			 * after the issuer node.
-			 */
-			$issuerNode = $root->firstChild;
-			$insertBefore = $issuerNode->nextSibling;
-		} else {
-			/* No issuer node - the signature element should be the first element. */
-			$insertBefore = $root->firstChild;
-		}
-
-
-		SAML2_Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
-
-		return $root;
-	}
-
-
-	/**
-	 * Retrieve the private key we should use to sign the message.
-	 *
-	 * @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
-	 */
-	public function getSignatureKey() {
-		return $this->signatureKey;
-	}
-
-
-	/**
-	 * Set the private key we should use to sign the message.
-	 *
-	 * If the key is NULL, the message will be sent unsigned.
-	 *
-	 * @param XMLSecurityKey|NULL $key
-	 */
-	public function setSignatureKey(XMLsecurityKey $signatureKey = NULL) {
-		$this->signatureKey = $signatureKey;
-	}
-
-
-	/**
-	 * Set the certificates that should be included in the message.
-	 *
-	 * The certificates should be strings with the PEM encoded data.
-	 *
-	 * @param array $certificates  An array of certificates.
-	 */
-	public function setCertificates(array $certificates) {
-		$this->certificates = $certificates;
-	}
-
-
-	/**
-	 * Retrieve the certificates that are included in the message.
-	 *
-	 * @return array  An array of certificates.
-	 */
-	public function getCertificates() {
-		return $this->certificates;
-	}
-
-
-	/**
-	 * Convert an XML element into a message.
-	 *
-	 * @param DOMElement $xml  The root XML element.
-	 * @return SAML2_Message  The message.
-	 */
-	public static function fromXML(DOMElement $xml) {
-
-		if ($xml->namespaceURI !== SAML2_Const::NS_SAMLP) {
-			throw new Exception('Unknown namespace of SAML message: ' . var_export($xml->namespaceURI, TRUE));
-		}
-
-		switch ($xml->localName) {
-		case 'AttributeQuery':
-			return new SAML2_AttributeQuery($xml);
-		case 'AuthnRequest':
-			return new SAML2_AuthnRequest($xml);
-		case 'LogoutResponse':
-			return new SAML2_LogoutResponse($xml);
-		case 'LogoutRequest':
-			return new SAML2_LogoutRequest($xml);
-		case 'Response':
-			return new SAML2_Response($xml);
-		case 'ArtifactResponse':
-			return new SAML2_ArtifactResponse($xml);
-		case 'ArtifactResolve':
-			return new SAML2_ArtifactResolve($xml);
-		default:
-			throw new Exception('Unknown SAML message: ' . var_export($xml->localName, TRUE));
-		}
-
-	}
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/Request.php b/lib/SAML2/Request.php
deleted file mode 100644
index a38f51f26cd455e0d43ed8af9c9de1380648d3ed..0000000000000000000000000000000000000000
--- a/lib/SAML2/Request.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php
-
-/**
- * Base class for all SAML 2 request messages.
- *
- * Implements samlp:RequestAbstractType. All of the elements in that type is
- * stored in the SAML2_Message class, and this class is therefore empty. It
- * is included mainly to make it easy to separate requests from responses.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-abstract class SAML2_Request extends SAML2_Message {
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/Response.php b/lib/SAML2/Response.php
deleted file mode 100644
index adae1fed0e0b0400f2c94190689087a2a4ffa588..0000000000000000000000000000000000000000
--- a/lib/SAML2/Response.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-
-/**
- * Class for SAML 2 Response messages.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_Response extends SAML2_StatusResponse {
-
-	/**
-	 * The assertions in this response.
-	 */
-	private $assertions;
-
-
-	/**
-	 * Constructor for SAML 2 response messages.
-	 *
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('Response', $xml);
-
-		$this->assertions = array();
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) {
-			if ($node->namespaceURI !== SAML2_Const::NS_SAML) {
-				continue;
-			}
-
-			if ($node->localName === 'Assertion') {
-				$this->assertions[] = new SAML2_Assertion($node);
-			} elseif($node->localName === 'EncryptedAssertion') {
-				$this->assertions[] = new SAML2_EncryptedAssertion($node);
-			}
-		}
-	}
-
-
-	/**
-	 * Retrieve the assertions in this response.
-	 *
-	 * @return array  Array of SAML2_Assertion and SAML2_EncryptedAssertion objects.
-	 */
-	public function getAssertions() {
-		return $this->assertions;
-	}
-
-
-	/**
-	 * Set the assertions that should be included in this response.
-	 *
-	 * @param array  The assertions.
-	 */
-	public function setAssertions(array $assertions) {
-
-		$this->assertions = $assertions;
-	}
-
-
-	/**
-	 * Convert the response message to an XML element.
-	 *
-	 * @return DOMElement  This response.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-
-		foreach ($this->assertions as $assertion) {
-			$node = $assertion->toXML($root);
-		}
-
-		return $root;
-	}
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/SOAP.php b/lib/SAML2/SOAP.php
deleted file mode 100644
index e55646c871a36c1ca5ce6ea20940504c1a278c6f..0000000000000000000000000000000000000000
--- a/lib/SAML2/SOAP.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-/**
- * Class which implements the SOAP binding.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_SOAP extends SAML2_Binding {
-
-	/**
-	 * Send a SAML 2 message using the SOAP binding.
-	 *
-	 * Note: This function never returns.
-	 *
-	 * @param SAML2_Message $message  The message we should send.
-	 */
-	public function send(SAML2_Message $message) {
-		header('Content-Type: text/xml',true);
-		$outputFromIdp = '<?xml version="1.0" encoding="UTF-8"?>';
-		$outputFromIdp .= '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">';
-		$outputFromIdp .= '<SOAP-ENV:Body>';
-		$xmlMessage = $message->toSignedXML();
-		SimpleSAML_Utilities::debugMessage($xmlMessage, 'out');
-		$tempOutputFromIdp = $xmlMessage->ownerDocument->saveXML($xmlMessage);
-		$outputFromIdp .= $tempOutputFromIdp;
-		$outputFromIdp .= '</SOAP-ENV:Body>';
-		$outputFromIdp .= '</SOAP-ENV:Envelope>';
-		print($outputFromIdp);
-		exit(0);
-	}
-
-
-	/**
-	 * Receive a SAML 2 message sent using the HTTP-POST binding.
-	 *
-	 * Throws an exception if it is unable receive the message.
-	 *
-	 * @return SAML2_Message  The received message.
-	 */
-	public function receive() {
-
-		$postText = file_get_contents('php://input');
-
-		if(empty($postText)){
-			throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.');
-		}
-
-		$document = new DOMDocument();
-		$document->loadXML($postText);
-		$xml = $document->firstChild;
-		SimpleSAML_Utilities::debugMessage($xml, 'in');
-		$results = SAML2_Utils::xpQuery($xml, '/soap-env:Envelope/soap-env:Body/*[1]');
-		return SAML2_Message::fromXML($results[0]);
-	}
-
-}
diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
deleted file mode 100644
index 0ba6ebea8fd984aa710b0ecab120ba9d411d1df8..0000000000000000000000000000000000000000
--- a/lib/SAML2/SOAPClient.php
+++ /dev/null
@@ -1,223 +0,0 @@
-<?php
-/**
- * Implementation of the SAML 2.0 SOAP binding.
- *
- * @author Shoaib Ali
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_SOAPClient {
-
-	const START_SOAP_ENVELOPE = '<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header/><soap-env:Body>';
-	const END_SOAP_ENVELOPE = '</soap-env:Body></soap-env:Envelope>';
-
-	/**
-	 * This function sends the SOAP message to the service location and returns SOAP response
-	 *
-	 * @param SAML2_Message $m  The request that should be sent.
-	 * @param SimpleSAML_Configuration $srcMetadata  The metadata of the issuer of the message.
-	 * @param SimpleSAML_Configuration $dstMetadata  The metadata of the destination of the message.
-	 * @return SAML2_Message  The response we received.
-	 */
-	public function send(SAML2_Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata = NULL) {
-
-		$issuer = $msg->getIssuer();
-
-		$ctxOpts = array(
-			'ssl' => array(
-				'capture_peer_cert' => TRUE,
-			),
-		);
-
-		// Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
-		if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
-			$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
-			if ($cert !== FALSE) {
-				$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
-				if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
-					$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
-				}
-			}
-		} else {
-			/* Use the SP certificate and privatekey if it is configured. */
-			$privateKey = SimpleSAML_Utilities::loadPrivateKey($srcMetadata);
-			$publicKey = SimpleSAML_Utilities::loadPublicKey($srcMetadata);
-			if ($privateKey !== NULL && $publicKey !== NULL && isset($publicKey['PEM'])) {
-				$keyCertData = $privateKey['PEM'] . $publicKey['PEM'];
-				$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($keyCertData) . '.pem';
-				if (!file_exists($file)) {
-					SimpleSAML_Utilities::writeFile($file, $keyCertData);
-				}
-				$ctxOpts['ssl']['local_cert'] = $file;
-				if (isset($privateKey['password'])) {
-					$ctxOpts['ssl']['passphrase'] = $privateKey['password'];
-				}
-			}
-		}
-
-		// do peer certificate verification
-		if ($dstMetadata !== NULL) {
-			$peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
-			$certData = '';
-			foreach ($peerPublicKeys as $key) {
-				if ($key['type'] !== 'X509Certificate') {
-					continue;
-				}
-				$certData .= "-----BEGIN CERTIFICATE-----\n" .
-					chunk_split($key['X509Certificate'], 64) .
-					"-----END CERTIFICATE-----\n";
-			}
-			$peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
-			if (!file_exists($peerCertFile)) {
-				SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
-			}
-			// create ssl context
-			$ctxOpts['ssl']['verify_peer'] = TRUE;
-			$ctxOpts['ssl']['verify_depth'] = 1;
-			$ctxOpts['ssl']['cafile'] = $peerCertFile;
-		}
-
-		$context = stream_context_create($ctxOpts);
-		if ($context === NULL) {
-			throw new Exception('Unable to create SSL stream context');
-		}
-
-		$options = array(
-			'uri' => $issuer,
-			'location' => $msg->getDestination(),
-			'stream_context' => $context,
-		);
-
-		$x = new SoapClient(NULL, $options);
-
-		// Add soap-envelopes
-		$request = $msg->toSignedXML();
-		$request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;
-
-		SimpleSAML_Utilities::debugMessage($request, 'out');
-
-		$action = 'http://www.oasis-open.org/committees/security';
-		$version = '1.1';
-		$destination = $msg->getDestination();
-
-
-		/* Perform SOAP Request over HTTP */
-		$soapresponsexml = $x->__doRequest($request, $destination, $action, $version);
-		if ($soapresponsexml === NULL || $soapresponsexml === "") {
-			throw new Exception('Empty SOAP response, check peer certificate.');
-		}
-
-		SimpleSAML_Utilities::debugMessage($soapresponsexml, 'in');
-
-		// Convert to SAML2_Message (DOMElement)
-		$dom = new DOMDocument();
-		if (!$dom->loadXML($soapresponsexml)) {
-			throw new Exception('Not a SOAP response.');
-		}
-
-		$soapfault = $this->getSOAPFault($dom);
-		if (isset($soapfault)) {
-			throw new Exception($soapfault);
-		}
-		//Extract the message from the response
-		$xml = $dom->firstChild;    /* Soap Envelope */
-		$samlresponse = SAML2_Utils::xpQuery($dom->firstChild, '/soap-env:Envelope/soap-env:Body/*[1]');
-		$samlresponse = SAML2_Message::fromXML($samlresponse[0]);
-
-		/* Add validator to message which uses the SSL context. */
-		self::addSSLValidator($samlresponse, $context);
-
-		SimpleSAML_Logger::debug("Valid ArtifactResponse received from IdP");
-
-		return $samlresponse;
-
-	}
-
-
-	/**
-	 * Add a signature validator based on a SSL context.
-	 *
-	 * @param SAML2_Message $msg  The message we should add a validator to.
-	 * @param resource $context  The stream context.
-	 */
-	private static function addSSLValidator(SAML2_Message $msg, $context) {
-		$options = stream_context_get_options($context);
-		if (!isset($options['ssl']['peer_certificate'])) {
-			return;
-		}
-
-		//$out = '';
-		//openssl_x509_export($options['ssl']['peer_certificate'], $out);
-
-		$key = openssl_pkey_get_public($options['ssl']['peer_certificate']);
-		if ($key === FALSE) {
-			SimpleSAML_Logger::warning('Unable to get public key from peer certificate.');
-			return;
-		}
-
-		$keyInfo = openssl_pkey_get_details($key);
-		if ($keyInfo === FALSE) {
-			SimpleSAML_Logger::warning('Unable to get key details from public key.');
-			return;
-		}
-
-		if (!isset($keyInfo['key'])) {
-			SimpleSAML_Logger::warning('Missing key in public key details.');
-			return;
-		}
-
-		$msg->addValidator(array('SAML2_SOAPClient', 'validateSSL'), $keyInfo['key']);
-	}
-
-
-	/**
-	 * Validate a SOAP message against the certificate on the SSL connection.
-	 *
-	 * @param string $data  The public key that was used on the connection.
-	 * @param XMLSecurityKey $key  The key we should validate the certificate against.
-	 */
-	public static function validateSSL($data, XMLSecurityKey $key) {
-		assert('is_string($data)');
-
-		$keyInfo = openssl_pkey_get_details($key->key);
-		if ($keyInfo === FALSE) {
-			throw new Exception('Unable to get key details from XMLSecurityKey.');
-		}
-
-		if (!isset($keyInfo['key'])) {
-			throw new Exception('Missing key in public key details.');
-		}
-
-		if ($keyInfo['key'] !== $data) {
-			SimpleSAML_Logger::debug('Key on SSL connection did not match key we validated against.');
-			return FALSE;
-		}
-
-		SimpleSAML_Logger::debug('Message validated based on SSL certificate.');
-	}
-
-
-	/*
-	 * Extracts the SOAP Fault from SOAP message
-	 * @param $soapmessage Soap response needs to be type DOMDocument
-	 * @return $soapfaultstring string|NULL
-	 */
-	private function getSOAPFault($soapmessage) {
-
-		$soapfault = SAML2_Utils::xpQuery($soapmessage->firstChild, '/soap-env:Envelope/soap-env:Body/soap-env:Fault');
-
-		if (empty($soapfault)) {
-			/* No fault. */
-			return NULL;
-		}
-		$soapfaultelement = $soapfault[0];
-		$soapfaultstring = "Unknown fault string found"; // There is a fault element but we havn't found out what the fault string is
-		// find out the fault string
-		$faultstringelement =   SAML2_Utils::xpQuery($soapfaultelement, './soap-env:faultstring') ;
-		if (!empty($faultstringelement)) {
-			return $faultstringelement[0]->textContent;
-		}
-		return $soapfaultstring;
-	}
-
-}
diff --git a/lib/SAML2/SignedElement.php b/lib/SAML2/SignedElement.php
deleted file mode 100644
index 903cf568cce09d2835fde9e62db029d77f5f5b93..0000000000000000000000000000000000000000
--- a/lib/SAML2/SignedElement.php
+++ /dev/null
@@ -1,58 +0,0 @@
-<?php
-
-
-/**
- * Interface to a SAML 2 element which may be signed.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-interface SAML2_SignedElement {
-
-	/**
-	 * Validate this element against a public key.
-	 *
-	 * If no signature is present, FALSE is returned. If a signature is present,
-	 * but cannot be verified, an exception will be thrown.
-	 *
-	 * @param XMLSecurityKey $key  The key we should check against.
-	 * @return boolean  TRUE if successful, FALSE if we don't have a signature that can be verified.
-	 */
-	public function validate(XMLSecurityKey $key);
-
-
-	/**
-	 * Set the certificates that should be included in the element.
-	 *
-	 * The certificates should be strings with the PEM encoded data.
-	 *
-	 * @param array $certificates  An array of certificates.
-	 */
-	public function setCertificates(array $certificates);
-
-
-	/**
-	 * Retrieve the certificates that are included in the element (if any).
-	 *
-	 * @return array  An array of certificates.
-	 */
-	public function getCertificates();
-
-
-	/**
-	 * Retrieve the private key we should use to sign the element.
-	 *
-	 * @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
-	 */
-	public function getSignatureKey();
-
-
-	/**
-	 * Set the private key we should use to sign the element.
-	 *
-	 * If the key is NULL, the message will be sent unsigned.
-	 *
-	 * @param XMLSecurityKey|NULL $key
-	 */
-	public function setSignatureKey(XMLsecurityKey $signatureKey = NULL);
-}
\ No newline at end of file
diff --git a/lib/SAML2/SignedElementHelper.php b/lib/SAML2/SignedElementHelper.php
deleted file mode 100644
index 8036f4f4baf0c21b5fb0a78436c81d5ae01ca4bf..0000000000000000000000000000000000000000
--- a/lib/SAML2/SignedElementHelper.php
+++ /dev/null
@@ -1,220 +0,0 @@
-<?php
-
-/**
- * Helper class for processing signed elements.
- *
- * Can either be inherited from, or can be used by proxy.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_SignedElementHelper implements SAML2_SignedElement {
-
-	/**
-	 * The private key we should use to sign the message.
-	 *
-	 * The private key can be NULL, in which case the message is sent unsigned.
-	 *
-	 * @var XMLSecurityKey|NULL
-	 */
-	private $signatureKey;
-
-
-	/**
-	 * List of certificates that should be included in the message.
-	 *
-	 * @var array
-	 */
-	private $certificates;
-
-
-	/**
-	 * Available methods for validating this message.
-	 *
-	 * @var array
-	 */
-	private $validators;
-
-
-	/**
-	 * Initialize the helper class.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element which may be signed.
-	 */
-	protected function __construct(DOMElement $xml = NULL) {
-
-		$this->certificates = array();
-		$this->validators = array();
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		/* Validate the signature element of the message. */
-		try {
-			$sig = SAML2_Utils::validateElement($xml);
-
-			if ($sig !== FALSE) {
-				$this->certificates = $sig['Certificates'];
-				$this->validators[] = array(
-					'Function' => array('SAML2_Utils', 'validateSignature'),
-					'Data' => $sig,
-					);
-			}
-
-		} catch (Exception $e) {
-			/* Ignore signature validation errors. */
-		}
-	}
-
-
-	/**
-	 * Add a method for validating this element.
-	 *
-	 * This function is used for custom validation extensions
-	 *
-	 * @param callback $function  The function which should be called.
-	 * @param mixed $data  The data that should be included as the first parameter to the function.
-	 */
-	public function addValidator($function, $data) {
-		assert('is_callable($function)');
-
-		$this->validators[] = array(
-			'Function' => $function,
-			'Data' => $data,
-			);
-	}
-
-
-	/**
-	 * Validate this element against a public key.
-	 *
-	 * TRUE is returned on success, FALSE is returned if we don't have any
-	 * signature we can validate. An exception is thrown if the signature
-	 * validation fails.
-	 *
-	 * @param XMLSecurityKey $key  The key we should check against.
-	 * @return boolean  TRUE on success, FALSE when we don't have a signature.
-	 */
-	public function validate(XMLSecurityKey $key) {
-
-		if (count($this->validators) === 0) {
-			return FALSE;
-		}
-
-		$exceptions = array();
-
-		foreach ($this->validators as $validator) {
-			$function = $validator['Function'];
-			$data = $validator['Data'];
-
-			try {
-				call_user_func($function, $data, $key);
-				/* We were able to validate the message with this validator. */
-				return TRUE;
-			} catch (Exception $e) {
-				$exceptions[] = $e;
-			}
-		}
-
-		/* No validators were able to validate the message. */
-		throw $exceptions[0];
-	}
-
-
-	/**
-	 * Retrieve the private key we should use to sign the message.
-	 *
-	 * @return XMLSecurityKey|NULL The key, or NULL if no key is specified.
-	 */
-	public function getSignatureKey() {
-		return $this->signatureKey;
-	}
-
-
-	/**
-	 * Set the private key we should use to sign the message.
-	 *
-	 * If the key is NULL, the message will be sent unsigned.
-	 *
-	 * @param XMLSecurityKey|NULL $key
-	 */
-	public function setSignatureKey(XMLsecurityKey $signatureKey = NULL) {
-		$this->signatureKey = $signatureKey;
-	}
-
-
-	/**
-	 * Set the certificates that should be included in the message.
-	 *
-	 * The certificates should be strings with the PEM encoded data.
-	 *
-	 * @param array $certificates  An array of certificates.
-	 */
-	public function setCertificates(array $certificates) {
-		$this->certificates = $certificates;
-	}
-
-
-	/**
-	 * Retrieve the certificates that are included in the message.
-	 *
-	 * @return array  An array of certificates.
-	 */
-	public function getCertificates() {
-		return $this->certificates;
-	}
-
-
-	/**
-	 * Retrieve certificates that sign this element.
-	 *
-	 * @return array  Array with certificates.
-	 */
-	public function getValidatingCertificates() {
-
-		$ret = array();
-		foreach ($this->certificates as $cert) {
-
-			/* We have found a matching fingerprint. */
-			$pemCert = "-----BEGIN CERTIFICATE-----\n" .
-				chunk_split($cert, 64) .
-				"-----END CERTIFICATE-----\n";
-
-			/* Extract the public key from the certificate for validation. */
-			$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
-			$key->loadKey($pemCert);
-
-			try {
-				/* Check the signature. */
-				if ($this->validate($key)) {
-					$ret[] = $cert;
-				}
-			} catch (Exception $e) {
-				/* This certificate does not sign this element. */
-			}
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Sign the given XML element.
-	 *
-	 * @param DOMElement $root  The element we should sign.
-	 * @param DOMElement|NULL $insertBefore  The element we should insert the signature node before.
-	 */
-	protected function signElement(DOMElement $root, DOMElement $insertBefore = NULL) {
-
-		if ($this->signatureKey === NULL) {
-			/* We cannot sign this element. */
-			return;
-		}
-
-		SAML2_Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
-
-		return $root;
-	}
-
-}
diff --git a/lib/SAML2/StatusResponse.php b/lib/SAML2/StatusResponse.php
deleted file mode 100644
index bc264fbf0e4629e09ea2d7957329dfe251d658ae..0000000000000000000000000000000000000000
--- a/lib/SAML2/StatusResponse.php
+++ /dev/null
@@ -1,193 +0,0 @@
-<?php
-
-/**
- * Base class for all SAML 2 response messages.
- *
- * Implements samlp:StatusResponseType. All of the elements in that type is
- * stored in the SAML2_Message class, and this class is therefore more
- * or less empty. It is included mainly to make it easy to separate requests from
- * responses.
- *
- * The status code is represented as an array on the following form:
- * array(
- *   'Code' => '<top-level status code>',
- *   'SubCode' => '<second-level status code>',
- *   'Message' => '<status message>',
- * )
- *
- * Only the 'Code' field is required. The others will be set to NULL if they
- * aren't present.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-abstract class SAML2_StatusResponse extends SAML2_Message {
-
-	/**
-	 * The ID of the request this is a response to, or NULL if this is an unsolicited response.
-	 *
-	 * @var string|NULL
-	 */
-	private $inResponseTo;
-
-
-	/**
-	 * The status code of the response.
-	 *
-	 * @var array
-	 */
-	private $status;
-
-
-	/**
-	 * Constructor for SAML 2 response messages.
-	 *
-	 * @param string $tagName  The tag name of the root element.
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	protected function __construct($tagName, DOMElement $xml = NULL) {
-		parent::__construct($tagName, $xml);
-
-		$this->status = array(
-			'Code' => SAML2_Const::STATUS_SUCCESS,
-			'SubCode' => NULL,
-			'Message' => NULL,
-			);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('InResponseTo')) {
-			$this->inResponseTo = $xml->getAttribute('InResponseTo');
-		}
-
-		$status = SAML2_Utils::xpQuery($xml, './saml_protocol:Status');
-		if (empty($status)) {
-			throw new Exception('Missing status code on response.');
-		}
-		$status = $status[0];
-
-		$statusCode = SAML2_Utils::xpQuery($status, './saml_protocol:StatusCode');
-		if (empty($statusCode)) {
-			throw new Exception('Missing status code in status element.');
-		}
-		$statusCode = $statusCode[0];
-
-		$this->status['Code'] = $statusCode->getAttribute('Value');
-
-		$subCode = SAML2_Utils::xpQuery($statusCode, './saml_protocol:StatusCode');
-		if (!empty($subCode)) {
-			$this->status['SubCode'] = $subCode[0]->getAttribute('Value');
-		}
-
-		$message = SAML2_Utils::xpQuery($status, './saml_protocol:StatusMessage');
-		if (!empty($message)) {
-			$this->status['Message'] = trim($message[0]->textContent);
-		}
-	}
-
-
-	/**
-	 * Determine whether this is a successful response.
-	 *
-	 * @return boolean  TRUE if the status code is success, FALSE if not.
-	 */
-	public function isSuccess() {
-		assert('array_key_exists("Code", $this->status)');
-
-		if ($this->status['Code'] === SAML2_Const::STATUS_SUCCESS) {
-			return TRUE;
-		}
-
-		return FALSE;
-	}
-
-
-	/**
-	 * Retrieve the ID of the request this is a response to.
-	 *
-	 * @return string|NULL  The ID of the request.
-	 */
-	public function getInResponseTo() {
-		return $this->inResponseTo;
-	}
-
-
-	/**
-	 * Set the ID of the request this is a response to.
-	 *
-	 * @param string|NULL $inResponseTo  The ID of the request.
-	 */
-	public function setInResponseTo($inResponseTo) {
-		assert('is_string($inResponseTo) || is_null($inResponseTo)');
-
-		$this->inResponseTo = $inResponseTo;
-	}
-
-
-	/**
-	 * Retrieve the status code.
-	 *
-	 * @return array  The status code.
-	 */
-	public function getStatus() {
-		return $this->status;
-	}
-
-
-	/**
-	 * Set the status code.
-	 *
-	 * @param array $status  The status code.
-	 */
-	public function setStatus(array $status) {
-		assert('array_key_exists("Code", $status)');
-
-		$this->status = $status;
-		if (!array_key_exists('SubCode', $status)) {
-			$this->status['SubCode'] = NULL;
-		}
-		if (!array_key_exists('Message', $status)) {
-			$this->status['Message'] = NULL;
-		}
-	}
-
-
-	/**
-	 * Convert status response message to an XML element.
-	 *
-	 * @return DOMElement  This status response.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-
-		if ($this->inResponseTo !== NULL) {
-			$root->setAttribute('InResponseTo', $this->inResponseTo);
-		}
-
-		$status = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Status');
-		$root->appendChild($status);
-
-		$statusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
-		$statusCode->setAttribute('Value', $this->status['Code']);
-		$status->appendChild($statusCode);
-
-		if (!is_null($this->status['SubCode'])) {
-			$subStatusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
-			$subStatusCode->setAttribute('Value', $this->status['SubCode']);
-			$statusCode->appendChild($subStatusCode);
-		}
-
-		if (!is_null($this->status['Message'])) {
-			SAML2_Utils::addString($status, SAML2_Const::NS_SAMLP, 'StatusMessage', $this->status['Message']);
-		}
-
-		return $root;
-	}
-
-
-}
-
-?>
\ No newline at end of file
diff --git a/lib/SAML2/SubjectQuery.php b/lib/SAML2/SubjectQuery.php
deleted file mode 100644
index 6591f7f7bd2e19bf9c4103d359c1508cc5ba6a4b..0000000000000000000000000000000000000000
--- a/lib/SAML2/SubjectQuery.php
+++ /dev/null
@@ -1,116 +0,0 @@
-<?php
-
-/**
- * Base class for SAML 2 subject query messages.
- *
- * This base class can be used for various requests which ask for
- * information about a particular subject.
- *
- * Note that this class currently only handles the simple case - where the
- * subject doesn't contain any sort of subject confirmation requirements.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-abstract class SAML2_SubjectQuery extends SAML2_Request {
-
-	/**
-	 * The NameId of the subject in the query.
-	 *
-	 * @var array
-	 */
-	private $nameId;
-
-
-	/**
-	 * Constructor for SAML 2 subject query messages.
-	 *
-	 * @param string $tagName  The tag name of the root element.
-	 * @param DOMElement|NULL $xml  The input message.
-	 */
-	protected function __construct($tagName, DOMElement $xml = NULL) {
-		parent::__construct($tagName, $xml);
-
-		$nameId = array();
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->parseSubject($xml);
-	}
-
-
-	/**
-	 * Parse subject in query.
-	 *
-	 * @param DOMElement $xml  The SubjectQuery XML element.
-	 */
-	private function parseSubject(DOMElement $xml) {
-
-		$subject = SAML2_Utils::xpQuery($xml, './saml_assertion:Subject');
-		if (empty($subject)) {
-			/* No Subject node. */
-			throw new Exception('Missing subject in subject query.');
-		} elseif (count($subject) > 1) {
-			throw new Exception('More than one <saml:Subject> in <saml:Assertion>.');
-		}
-		$subject = $subject[0];
-
-		$nameId = SAML2_Utils::xpQuery($subject, './saml_assertion:NameID');
-		if (empty($nameId)) {
-			throw new Exception('Missing <saml:NameID> in <saml:Subject>.');
-		} elseif (count($nameId) > 1) {
-			throw new Exception('More than one <saml:NameID> in <saml:Subject>.');
-		}
-		$nameId = $nameId[0];
-		$this->nameId = SAML2_Utils::parseNameId($nameId);
-	}
-
-
-	/**
-	 * Retrieve the NameId of the subject in the query.
-	 *
-	 * The returned NameId is in the format used by SAML2_Utils::addNameId().
-	 *
-	 * @see SAML2_Utils::addNameId()
-	 * @return array|NULL  The name identifier of the assertion.
-	 */
-	public function getNameId() {
-		return $this->nameId;
-	}
-
-
-	/**
-	 * Set the NameId of the subject in the query.
-	 *
-	 * The NameId must be in the format accepted by SAML2_Utils::addNameId().
-	 *
-	 * @see SAML2_Utils::addNameId()
-	 * @param array|NULL $nameId  The name identifier of the assertion.
-	 */
-	public function setNameId($nameId) {
-		assert('is_array($nameId) || is_null($nameId)');
-
-		$this->nameId = $nameId;
-	}
-
-
-	/**
-	 * Convert subject query message to an XML element.
-	 *
-	 * @return DOMElement  This subject query.
-	 */
-	public function toUnsignedXML() {
-
-		$root = parent::toUnsignedXML();
-
-		$subject = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Subject');
-		$root->appendChild($subject);
-
-		SAML2_Utils::addNameId($subject, $this->nameId);
-
-		return $root;
-	}
-
-}
\ No newline at end of file
diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php
deleted file mode 100644
index 5120639cc9a57159ef1de7d65daa5af823691b12..0000000000000000000000000000000000000000
--- a/lib/SAML2/Utils.php
+++ /dev/null
@@ -1,641 +0,0 @@
-<?php
-
-/**
- * Helper functions for the SAML2 library.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_Utils {
-
-	/**
-	 * Check the Signature in a XML element.
-	 *
-	 * This function expects the XML element to contain a Signature-element
-	 * which contains a reference to the XML-element. This is common for both
-	 * messages and assertions.
-	 *
-	 * Note that this function only validates the element itself. It does not
-	 * check this against any local keys.
-	 *
-	 * If no Signature-element is located, this function will return FALSE. All
-	 * other validation errors result in an exception. On successful validation
-	 * an array will be returned. This array contains the information required to
-	 * check the signature against a public key.
-	 *
-	 * @param DOMElement $root  The element which should be validated.
-	 * @return array|FALSE  An array with information about the Signature-element.
-	 */
-	public static function validateElement(DOMElement $root) {
-
-		/* Create an XML security object. */
-		$objXMLSecDSig = new XMLSecurityDSig();
-
-		/* Both SAML messages and SAML assertions use the 'ID' attribute. */
-		$objXMLSecDSig->idKeys[] = 'ID';
-
-		/* Locate the XMLDSig Signature element to be used. */
-		$signatureElement = self::xpQuery($root, './ds:Signature');
-		if (count($signatureElement) === 0) {
-			/* We don't have a signature element ot validate. */
-			return FALSE;
-		} elseif (count($signatureElement) > 1) {
-			throw new Exception('XMLSec: more than one signature element in root.');
-		}
-		$signatureElement = $signatureElement[0];
-		$objXMLSecDSig->sigNode = $signatureElement;
-
-		/* Canonicalize the XMLDSig SignedInfo element in the message. */
-		$objXMLSecDSig->canonicalizeSignedInfo();
-
-		/* Validate referenced xml nodes. */
-		if (!$objXMLSecDSig->validateReference()) {
-			throw new Exception('XMLsec: digest validation failed');
-		}
-
-		/* Check that $root is one of the signed nodes. */
-		$rootSigned = FALSE;
-		foreach ($objXMLSecDSig->getValidatedNodes() as $signedNode) {
-			if ($signedNode->isSameNode($root)) {
-				$rootSigned = TRUE;
-				break;
-			} elseif ($root->parentNode instanceof DOMDocument && $signedNode->isSameNode($root->ownerDocument)) {
-				/* $root is the root element of a signed document. */
-				$rootSigned = TRUE;
-				break;
-			}
-		}
-		if (!$rootSigned) {
-			throw new Exception('XMLSec: The root element is not signed.');
-		}
-
-		/* Now we extract all available X509 certificates in the signature element. */
-		$certificates = array();
-		foreach (self::xpQuery($signatureElement, './ds:KeyInfo/ds:X509Data/ds:X509Certificate') as $certNode) {
-			$certData = trim($certNode->textContent);
-			$certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
-			$certificates[] = $certData;
-		}
-
-		$ret = array(
-			'Signature' => $objXMLSecDSig,
-			'Certificates' => $certificates,
-			);
-
-		return $ret;
-	}
-
-
-	/**
-	 * Helper function to convert a XMLSecurityKey to the correct algorithm.
-	 *
-	 * @param XMLSecurityKey $key  The key.
-	 * @param string $algorithm  The desired algorithm.
-	 * @param string $types  Public or private key, defaults to public.
-	 * @return XMLSecurityKey  The new key.
-	 */
-	public static function castKey(XMLSecurityKey $key, $algorithm, $type = 'public') {
-		assert('is_string($algorithm)');
-		assert('$type === "public" || $type === "private"');
-
-		// do nothing if algorithm is already the type of the key
-		if ($key->type === $algorithm) {
-			return $key;
-		}
-
-		$keyInfo = openssl_pkey_get_details($key->key);
-		if ($keyInfo === FALSE) {
-			throw new Exception('Unable to get key details from XMLSecurityKey.');
-		}
-		if (!isset($keyInfo['key'])) {
-			throw new Exception('Missing key in public key details.');
-		}
-
-		$newKey = new XMLSecurityKey($algorithm, array('type'=>$type));
-		$newKey->loadKey($keyInfo['key']);
-		return $newKey;
-	}
-
-
-	/**
-	 * Check a signature against a key.
-	 *
-	 * An exception is thrown if we are unable to validate the signature.
-	 *
-	 * @param array $info  The information returned by the validateElement()-function.
-	 * @param XMLSecurityKey $key  The publickey that should validate the Signature object.
-	 */
-	public static function validateSignature(array $info, XMLSecurityKey $key) {
-		assert('array_key_exists("Signature", $info)');
-
-		$objXMLSecDSig = $info['Signature'];
-
-		$sigMethod = self::xpQuery($objXMLSecDSig->sigNode, './ds:SignedInfo/ds:SignatureMethod');
-		if (empty($sigMethod)) {
-			throw new Exception('Missing SignatureMethod element.');
-		}
-		$sigMethod = $sigMethod[0];
-		if (!$sigMethod->hasAttribute('Algorithm')) {
-			throw new Exception('Missing Algorithm-attribute on SignatureMethod element.');
-		}
-		$algo = $sigMethod->getAttribute('Algorithm');
-
-		if ($key->type === XMLSecurityKey::RSA_SHA1 && $algo !== $key->type) {
-			$key = self::castKey($key, $algo);
-		}
-
-		/* Check the signature. */
-		if (! $objXMLSecDSig->verify($key)) {
-			throw new Exception("Unable to validate Signature");
-		}
-	}
-
-
-	/**
-	 * Do an XPath query on an XML node.
-	 *
-	 * @param DOMNode $node  The XML node.
-	 * @param string $query  The query.
-	 * @return array  Array with matching DOM nodes.
-	 */
-	public static function xpQuery(DOMNode $node, $query) {
-		assert('is_string($query)');
-		static $xpCache = NULL;
-
-		if ($node instanceof DOMDocument) {
-			$doc = $node;
-		} else {
-			$doc = $node->ownerDocument;
-		}
-
-		if ($xpCache === NULL || !$xpCache->document->isSameNode($doc)) {
-			$xpCache = new DOMXPath($doc);
-			$xpCache->registerNamespace('soap-env', SAML2_Const::NS_SOAP);
-			$xpCache->registerNamespace('saml_protocol', SAML2_Const::NS_SAMLP);
-			$xpCache->registerNamespace('saml_assertion', SAML2_Const::NS_SAML);
-			$xpCache->registerNamespace('saml_metadata', SAML2_Const::NS_MD);
-			$xpCache->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS);
-			$xpCache->registerNamespace('xenc', XMLSecEnc::XMLENCNS);
-		}
-
-		$results = $xpCache->query($query, $node);
-		$ret = array();
-		for ($i = 0; $i < $results->length; $i++) {
-			$ret[$i] = $results->item($i);
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Make an exact copy the specific DOMElement.
-	 *
-	 * @param DOMElement $element  The element we should copy.
-	 * @param DOMElement|NULL $parent  The target parent element.
-	 * @return DOMElement  The copied element.
-	 */
-	public static function copyElement(DOMElement $element, DOMElement $parent = NULL) {
-
-		if ($parent === NULL) {
-			$document = new DOMDocument();
-		} else {
-			$document = $parent->ownerDocument;
-		}
-
-		$namespaces = array();
-		for ($e = $element; $e !== NULL; $e = $e->parentNode) {
-			foreach (SAML2_Utils::xpQuery($e, './namespace::*') as $ns) {
-				$prefix = $ns->localName;
-				if ($prefix === 'xml' || $prefix === 'xmlns') {
-					continue;
-				}
-				$uri = $ns->nodeValue;
-				if (!isset($namespaces[$prefix])) {
-					$namespaces[$prefix] = $uri;
-				}
-			}
-		}
-
-		$newElement = $document->importNode($element, TRUE);
-		if ($parent !== NULL) {
-			/* We need to append the child to the parent before we add the namespaces. */
-			$parent->appendChild($newElement);
-		}
-
-		foreach ($namespaces as $prefix => $uri) {
-			$newElement->setAttributeNS($uri, $prefix . ':__ns_workaround__', 'tmp');
-			$newElement->removeAttributeNS($uri, '__ns_workaround__');
-		}
-
-		return $newElement;
-	}
-
-
-	/**
-	 * Parse a boolean attribute.
-	 *
-	 * @param DOMElement $node  The element we should fetch the attribute from.
-	 * @param string $attributeName  The name of the attribute.
-	 * @param mixed $default  The value that should be returned if the attribute doesn't exist.
-	 * @return bool|mixed  The value of the attribute, or $default if the attribute doesn't exist.
-	 */
-	public static function parseBoolean(DOMElement $node, $attributeName, $default = NULL) {
-		assert('is_string($attributeName)');
-
-		if (!$node->hasAttribute($attributeName)) {
-			return $default;
-		}
-		$value = $node->getAttribute($attributeName);
-		switch (strtolower($value)) {
-		case '0':
-		case 'false':
-			return FALSE;
-		case '1':
-		case 'true':
-			return TRUE;
-		default:
-			throw new Exception('Invalid value of boolean attribute ' . var_export($attributeName, TRUE) . ': ' . var_export($value, TRUE));
-		}
-	}
-
-
-	/**
-	 * Create a NameID element.
-	 *
-	 * The NameId array can have the following elements: 'Value', 'Format',
-	 *   'NameQualifier, 'SPNameQualifier'
-	 *
-	 * Only the 'Value'-element is required.
-	 *
-	 * @param DOMElement $node  The DOM node we should append the NameId to.
-	 * @param array $nameId  The name identifier.
-	 */
-	public static function addNameId(DOMElement $node, array $nameId) {
-		assert('array_key_exists("Value", $nameId)');
-
-		$xml = SAML2_Utils::addString($node, SAML2_Const::NS_SAML, 'saml:NameID', $nameId['Value']);
-
-		if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== NULL) {
-			$xml->setAttribute('NameQualifier', $nameId['NameQualifier']);
-		}
-		if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== NULL) {
-			$xml->setAttribute('SPNameQualifier', $nameId['SPNameQualifier']);
-		}
-		if (array_key_exists('Format', $nameId) && $nameId['Format'] !== NULL) {
-			$xml->setAttribute('Format', $nameId['Format']);
-		}
-	}
-
-
-	/**
-	 * Parse a NameID element.
-	 *
-	 * @param DOMElement $xml  The DOM element we should parse.
-	 * @return array  The parsed name identifier.
-	 */
-	public static function parseNameId(DOMElement $xml) {
-
-		$ret = array('Value' => trim($xml->textContent));
-
-		foreach (array('NameQualifier', 'SPNameQualifier', 'Format') as $attr) {
-			if ($xml->hasAttribute($attr)) {
-				$ret[$attr] = $xml->getAttribute($attr);
-			}
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Insert a Signature-node.
-	 *
-	 * @param XMLSecurityKey $key  The key we should use to sign the message.
-	 * @param array $certificates  The certificates we should add to the signature node.
-	 * @param DOMElement $root  The XML node we should sign.
-	 * @param DomElement $insertBefore  The XML element we should insert the signature element before.
-	 */
-	public static function insertSignature(XMLSecurityKey $key, array $certificates, DOMElement $root, DOMNode $insertBefore = NULL) {
-
-		$objXMLSecDSig = new XMLSecurityDSig();
-		$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
-
-		switch ($key->type) {
-			case XMLSecurityKey::RSA_SHA256:
-				$type = XMLSecurityDSig::SHA256;
-				break;
-			case XMLSecurityKey::RSA_SHA384:
-				$type = XMLSecurityDSig::SHA384;
-				break;
-			case XMLSecurityKey::RSA_SHA512:
-				$type = XMLSecurityDSig::SHA512;
-				break;
-			default:
-				$type = XMLSecurityDSig::SHA1;
-		}
-
-		$objXMLSecDSig->addReferenceList(
-			array($root),
-			$type,
-			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
-			array('id_name' => 'ID', 'overwrite' => FALSE)
-			);
-
-		$objXMLSecDSig->sign($key);
-
-		foreach ($certificates as $certificate) {
-			$objXMLSecDSig->add509Cert($certificate, TRUE);
-		}
-
-		$objXMLSecDSig->insertSignature($root, $insertBefore);
-
-	}
-
-
-	/**
-	 * Decrypt an encrypted element.
-	 *
-	 * This is an internal helper function.
-	 *
-	 * @param DOMElement $encryptedData  The encrypted data.
-	 * @param XMLSecurityKey $inputKey  The decryption key.
-	 * @param array &$blacklist  Blacklisted decryption algorithms.
-	 * @return DOMElement  The decrypted element.
-	 */
-	private static function _decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, array &$blacklist) {
-
-		$enc = new XMLSecEnc();
-
-		$enc->setNode($encryptedData);
-		$enc->type = $encryptedData->getAttribute("Type");
-
-		$symmetricKey = $enc->locateKey($encryptedData);
-		if (!$symmetricKey) {
-			throw new Exception('Could not locate key algorithm in encrypted data.');
-		}
-
-		$symmetricKeyInfo = $enc->locateKeyInfo($symmetricKey);
-		if (!$symmetricKeyInfo) {
-			throw new Exception('Could not locate <dsig:KeyInfo> for the encrypted key.');
-		}
-
-		$inputKeyAlgo = $inputKey->getAlgorith();
-		if ($symmetricKeyInfo->isEncrypted) {
-			$symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith();
-
-			if (in_array($symKeyInfoAlgo, $blacklist, TRUE)) {
-				throw new Exception('Algorithm disabled: ' . var_export($symKeyInfoAlgo, TRUE));
-			}
-
-			if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) {
-				/*
-				 * The RSA key formats are equal, so loading an RSA_1_5 key
-				 * into an RSA_OAEP_MGF1P key can be done without problems.
-				 * We therefore pretend that the input key is an
-				 * RSA_OAEP_MGF1P key.
-				 */
-				$inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P;
-			}
-
-			/* Make sure that the input key format is the same as the one used to encrypt the key. */
-			if ($inputKeyAlgo !== $symKeyInfoAlgo) {
-				throw new Exception('Algorithm mismatch between input key and key used to encrypt ' .
-					' the symmetric key for the message. Key was: ' .
-					var_export($inputKeyAlgo, TRUE) . '; message was: ' .
-					var_export($symKeyInfoAlgo, TRUE));
-			}
-
-			$encKey = $symmetricKeyInfo->encryptedCtx;
-			$symmetricKeyInfo->key = $inputKey->key;
-
-			$keySize = $symmetricKey->getSymmetricKeySize();
-			if ($keySize === NULL) {
-				/* To protect against "key oracle" attacks, we need to be able to create a
-				 * symmetric key, and for that we need to know the key size.
-				 */
-				throw new Exception('Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, TRUE));
-			}
-
-			try {
-				$key = $encKey->decryptKey($symmetricKeyInfo);
-				if (strlen($key) != $keySize) {
-					throw new Exception('Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' .
-										var_export($symmetricKey->type, TRUE));
-				}
-			} catch (Exception $e) {
-				/* We failed to decrypt this key. Log it, and substitute a "random" key. */
-				SimpleSAML_Logger::error('Failed to decrypt symmetric key: ' . $e->getMessage());
-				/* Create a replacement key, so that it looks like we fail in the same way as if the key was correctly padded. */
-
-				/* We base the symmetric key on the encrypted key and private key, so that we always behave the
-				 * same way for a given input key.
-				 */
-				$encryptedKey = $encKey->getCipherValue();
-				$pkey = openssl_pkey_get_details($symmetricKeyInfo->key);
-				$pkey = sha1(serialize($pkey), TRUE);
-				$key = sha1($encryptedKey . $pkey, TRUE);
-
-				/* Make sure that the key has the correct length. */
-				if (strlen($key) > $keySize) {
-					$key = substr($key, 0, $keySize);
-				} elseif (strlen($key) < $keySize) {
-					$key = str_pad($key, $keySize);
-				}
-			}
-			$symmetricKey->loadkey($key);
-
-		} else {
-			$symKeyAlgo = $symmetricKey->getAlgorith();
-			/* Make sure that the input key has the correct format. */
-			if ($inputKeyAlgo !== $symKeyAlgo) {
-				throw new Exception('Algorithm mismatch between input key and key in message. ' .
-					'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' .
-					var_export($symKeyAlgo, TRUE));
-			}
-			$symmetricKey = $inputKey;
-		}
-
-		$algorithm = $symmetricKey->getAlgorith();
-		if (in_array($algorithm, $blacklist, TRUE)) {
-			throw new Exception('Algorithm disabled: ' . var_export($algorithm, TRUE));
-		}
-
-		$decrypted = $enc->decryptNode($symmetricKey, FALSE);
-
-		/*
-		 * This is a workaround for the case where only a subset of the XML
-		 * tree was serialized for encryption. In that case, we may miss the
-		 * namespaces needed to parse the XML.
-		 */
-		$xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'.$decrypted.'</root>';
-		$newDoc = new DOMDocument();
-		if (!@$newDoc->loadXML($xml)) {
-			throw new Exception('Failed to parse decrypted XML. Maybe the wrong sharedkey was used?');
-		}
-		$decryptedElement = $newDoc->firstChild->firstChild;
-		if ($decryptedElement === NULL) {
-			throw new Exception('Missing encrypted element.');
-		}
-
-		if (!($decryptedElement instanceof DOMElement)) {
-			throw new Exception('Decrypted element was not actually a DOMElement.');
-		}
-
-		return $decryptedElement;
-	}
-
-
-	/**
-	 * Decrypt an encrypted element.
-	 *
-	 * @param DOMElement $encryptedData  The encrypted data.
-	 * @param XMLSecurityKey $inputKey  The decryption key.
-	 * @param array $blacklist  Blacklisted decryption algorithms.
-	 * @return DOMElement  The decrypted element.
-	 */
-	public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, array $blacklist = array()) {
-
-		try {
-			return self::_decryptElement($encryptedData, $inputKey, $blacklist);
-		} catch (Exception $e) {
-			/*
-			 * Something went wrong during decryption, but for security
-			 * reasons we cannot tell the user what failed.
-			 */
-			SimpleSAML_Logger::error('Decryption failed: ' . $e->getMessage());
-			throw new Exception('Failed to decrypt XML element.');
-		}
-	}
-
-
-	/**
-	 * Extract localized strings from a set of nodes.
-	 *
-	 * @param DOMElement $parent  The element that contains the localized strings.
-	 * @param string $namespaceURI  The namespace URI the localized strings should have.
-	 * @param string $localName  The localName of the localized strings.
-	 * @return array  Localized strings.
-	 */
-	public static function extractLocalizedStrings(DOMElement $parent, $namespaceURI, $localName) {
-		assert('is_string($namespaceURI)');
-		assert('is_string($localName)');
-
-		$ret = array();
-		for ($node = $parent->firstChild; $node !== NULL; $node = $node->nextSibling) {
-			if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) {
-				continue;
-			}
-
-			if ($node->hasAttribute('xml:lang')) {
-				$language = $node->getAttribute('xml:lang');
-			} else {
-				$language = 'en';
-			}
-			$ret[$language] = trim($node->textContent);
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Extract strings from a set of nodes.
-	 *
-	 * @param DOMElement $parent  The element that contains the localized strings.
-	 * @param string $namespaceURI  The namespace URI the string elements should have.
-	 * @param string $localName  The localName of the string elements.
-	 * @return array  The string values of the various nodes.
-	 */
-	public static function extractStrings(DOMElement $parent, $namespaceURI, $localName) {
-		assert('is_string($namespaceURI)');
-		assert('is_string($localName)');
-
-		$ret = array();
-		for ($node = $parent->firstChild; $node !== NULL; $node = $node->nextSibling) {
-			if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) {
-				continue;
-			}
-			$ret[] = trim($node->textContent);
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Append string element.
-	 *
-	 * @param DOMElement $parent  The parent element we should append the new nodes to.
-	 * @param string $namespace  The namespace of the created element.
-	 * @param string $name  The name of the created element.
-	 * @param string $value  The value of the element.
-	 * @return DOMElement  The generated element.
-	 */
-	public static function addString(DOMElement $parent, $namespace, $name, $value) {
-		assert('is_string($namespace)');
-		assert('is_string($name)');
-		assert('is_string($value)');
-
-		$doc = $parent->ownerDocument;
-
-		$n = $doc->createElementNS($namespace, $name);
-		$n->appendChild($doc->createTextNode($value));
-		$parent->appendChild($n);
-
-		return $n;
-	}
-
-
-	/**
-	 * Append string elements.
-	 *
-	 * @param DOMElement $parent  The parent element we should append the new nodes to.
-	 * @param string $namespace  The namespace of the created elements
-	 * @param string $name  The name of the created elements
-	 * @param bool $localized  Whether the strings are localized, and should include the xml:lang attribute.
-	 * @param array $values  The values we should create the elements from.
-	 */
-	public static function addStrings(DOMElement $parent, $namespace, $name, $localized, array $values) {
-		assert('is_string($namespace)');
-		assert('is_string($name)');
-		assert('is_bool($localized)');
-
-		$doc = $parent->ownerDocument;
-
-		foreach ($values as $index => $value) {
-			$n = $doc->createElementNS($namespace, $name);
-			$n->appendChild($doc->createTextNode($value));
-			if ($localized) {
-				$n->setAttribute('xml:lang', $index);
-			}
-			$parent->appendChild($n);
-		}
-	}
-
-
-	/**
-	 * Create a KeyDescriptor with the given certificate.
-	 *
-	 * @param string $x509Data  The certificate, as a base64-encoded DER data.
-	 * @return SAML2_XML_md_KeyDescriptor  The keydescriptor.
-	 */
-	public static function createKeyDescriptor($x509Data) {
-		assert('is_string($x509Data)');
-
-		$x509Certificate = new SAML2_XML_ds_X509Certificate();
-		$x509Certificate->certificate = $x509Data;
-
-		$x509Data = new SAML2_XML_ds_X509Data();
-		$x509Data->data[] = $x509Certificate;
-
-		$keyInfo = new SAML2_XML_ds_KeyInfo();
-		$keyInfo->info[] = $x509Data;
-
-		$keyDescriptor = new SAML2_XML_md_KeyDescriptor();
-		$keyDescriptor->KeyInfo = $keyInfo;
-
-		return $keyDescriptor;
-	}
-
-}
diff --git a/lib/SAML2/XML/Chunk.php b/lib/SAML2/XML/Chunk.php
deleted file mode 100644
index 9f614d3dc180547ddcb2f0b7b00fd71115336fce..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/Chunk.php
+++ /dev/null
@@ -1,104 +0,0 @@
-<?php
-
-/**
- * Serializable class used to hold an XML element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_Chunk {
-
-	/**
-	 * The localName of the element.
-	 *
-	 * @var string
-	 */
-	public $localName;
-
-
-	/**
-	 * The namespaceURI of this element.
-	 *
-	 * @var string
-	 */
-	public $namespaceURI;
-
-
-	/**
-	 * The DOMElement we contain.
-	 *
-	 * @var DOMElement
-	 */
-	private $xml;
-
-
-	/**
-	 * The DOMElement as a text string. Used during serialization.
-	 *
-	 * @var string|NULL
-	 */
-	private $xmlString;
-
-
-	/**
-	 * Create a XMLChunk from a copy of the given DOMElement.
-	 *
-	 * @param DOMElement $xml  The element we should copy.
-	 */
-	public function __construct(DOMElement $xml) {
-
-		$this->localName = $xml->localName;
-		$this->namespaceURI = $xml->namespaceURI;
-
-		$this->xml = SAML2_Utils::copyElement($xml);
-	}
-
-
-	/**
-	 * Get this DOMElement.
-	 *
-	 * @return DOMElement  This element.
-	 */
-	public function getXML() {
-		assert('$this->xml instanceof DOMElement || is_string($this->xmlString)');
-
-		if ($this->xml === NULL) {
-			$doc = new DOMDocument();
-			$doc->loadXML($this->xmlString);
-			$this->xml = $doc->firstChild;
-		}
-
-		return $this->xml;
-	}
-
-
-	/**
-	 * Append this XML element to a different XML element.
-	 *
-	 * @param DOMElement $parent  The element we should append this element to.
-	 * @return DOMElement  The new element.
-	 */
-	public function toXML(DOMElement $parent) {
-
-		return SAML2_Utils::copyElement($this->getXML(), $parent);
-	}
-
-
-	/**
-	 * Serialization handler.
-	 *
-	 * Converts the XML data to a string that can be serialized
-	 *
-	 * @return array  List of properties that should be serialized.
-	 */
-	public function __sleep() {
-		assert('$this->xml instanceof DOMElement || is_string($this->xmlString)');
-
-		if ($this->xmlString === NULL) {
-			$this->xmlString = $this->xml->ownerDocument->saveXML($this->xml);
-		}
-
-		return array('xmlString', 'localName', 'namespaceURI');
-	}
-
-}
diff --git a/lib/SAML2/XML/ds/KeyInfo.php b/lib/SAML2/XML/ds/KeyInfo.php
deleted file mode 100644
index 44b4b0d0ed3af3e48392a45d0066400a1387388a..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/ds/KeyInfo.php
+++ /dev/null
@@ -1,94 +0,0 @@
-<?php
-
-/**
- * Class representing a ds:KeyInfo element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_ds_KeyInfo {
-
-	/**
-	 * The Id attribute on this element.
-	 *
-	 * @var string|NULL
-	 */
-	public $Id = NULL;
-
-
-	/**
-	 * The various key information elements.
-	 *
-	 * Array with various elements describing this key.
-	 * Unknown elements will be represented by SAML2_XML_Chunk.
-	 *
-	 * @var array
-	 */
-	public $info = array();
-
-
-	/**
-	 * Initialize a KeyInfo element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('Id')) {
-			$this->Id = $xml->getAttribute('Id');
-		}
-
-		for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) {
-			if (!($n instanceof DOMElement)) {
-				continue;
-			}
-
-			if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) {
-				$this->info[] = new SAML2_XML_Chunk($n);
-				continue;
-			}
-			switch ($n->localName) {
-			case 'KeyName':
-				$this->info[] = new SAML2_XML_ds_KeyName($n);
-				break;
-			case 'X509Data':
-				$this->info[] = new SAML2_XML_ds_X509Data($n);
-				break;
-			default:
-				$this->info[] = new SAML2_XML_Chunk($n);
-				break;
-			}
-		}
-	}
-
-
-	/**
-	 * Convert this KeyInfo to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this KeyInfo to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_null($this->Id) || is_string($this->Id)');
-		assert('is_array($this->info)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:KeyInfo');
-		$parent->appendChild($e);
-
-		if (isset($this->Id)) {
-			$e->setAttribute('Id', $this->Id);
-		}
-
-		foreach ($this->info as $n) {
-			$n->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/ds/KeyName.php b/lib/SAML2/XML/ds/KeyName.php
deleted file mode 100644
index 6eae3a4f2addb5cbe4304495da5ac2f4d0f6334e..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/ds/KeyName.php
+++ /dev/null
@@ -1,45 +0,0 @@
-<?php
-
-/**
- * Class representing a ds:KeyName element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_ds_KeyName {
-
-	/**
-	 * The key name.
-	 *
-	 * @var string
-	 */
-	public $name;
-
-
-	/**
-	 * Initialize a KeyName element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->name = $xml->textContent;
-	}
-
-
-	/**
-	 * Convert this KeyName element to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this KeyName element to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->name)');
-
-		return SAML2_Utils::addString($parent, XMLSecurityDSig::XMLDSIGNS, 'ds:KeyName', $this->name);
-	}
-
-}
diff --git a/lib/SAML2/XML/ds/X509Certificate.php b/lib/SAML2/XML/ds/X509Certificate.php
deleted file mode 100644
index c4dcac197951b0e1c87b28814f845d45acf90c87..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/ds/X509Certificate.php
+++ /dev/null
@@ -1,45 +0,0 @@
-<?php
-
-/**
- * Class representing a ds:X509Certificate element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_ds_X509Certificate {
-
-	/**
-	 * The base64-encoded certificate.
-	 *
-	 * @var string
-	 */
-	public $certificate;
-
-
-	/**
-	 * Initialize an X509Certificate element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->certificate = $xml->textContent;
-	}
-
-
-	/**
-	 * Convert this X509Certificate element to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this X509Certificate element to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->certificate)');
-
-		return SAML2_Utils::addString($parent, XMLSecurityDSig::XMLDSIGNS, 'ds:X509Certificate', $this->certificate);
-	}
-
-}
diff --git a/lib/SAML2/XML/ds/X509Data.php b/lib/SAML2/XML/ds/X509Data.php
deleted file mode 100644
index e6b3c066f59461fb335cd337ee87a08ae19c364c..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/ds/X509Data.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-
-/**
- * Class representing a ds:X509Data element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_ds_X509Data {
-
-	/**
-	 * The various X509 data elements.
-	 *
-	 * Array with various elements describing this certificate.
-	 * Unknown elements will be represented by SAML2_XML_Chunk.
-	 *
-	 * @var array
-	 */
-	public $data = array();
-
-
-	/**
-	 * Initialize a X509Data.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) {
-			if (!($n instanceof DOMElement)) {
-				continue;
-			}
-
-			if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) {
-				$this->data[] = new SAML2_XML_Chunk($n);
-				continue;
-			}
-			switch ($n->localName) {
-			case 'X509Certificate':
-				$this->data[] = new SAML2_XML_ds_X509Certificate($n);
-				break;
-			default:
-				$this->data[] = new SAML2_XML_Chunk($n);
-				break;
-			}
-		}
-	}
-
-
-	/**
-	 * Convert this X509Data element to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this X509Data element to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->data)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
-		$parent->appendChild($e);
-
-		foreach ($this->data as $n) {
-			$n->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/AdditionalMetadataLocation.php b/lib/SAML2/XML/md/AdditionalMetadataLocation.php
deleted file mode 100644
index 3bdb6ba72354877bc177ca4a289f8b6b2a7a0d70..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/AdditionalMetadataLocation.php
+++ /dev/null
@@ -1,62 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 metadata AdditionalMetadataLocation element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_AdditionalMetadataLocation {
-
-	/**
-	 * The namespace of this metadata.
-	 *
-	 * @var string
-	 */
-	public $namespace;
-
-	/**
-	 * The URI where the metadata is located.
-	 *
-	 * @var string
-	 */
-	public $location;
-
-
-	/**
-	 * Initialize an AdditionalMetadataLocation element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('namespace')) {
-			throw new Exception('Missing namespace attribute on AdditionalMetadataLocation element.');
-		}
-		$this->namespace = $xml->getAttribute('namespace');
-
-		$this->location = $xml->textContent;
-	}
-
-
-	/**
-	 * Convert this AdditionalMetadataLocation to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append to.
-	 * @return DOMElement  This AdditionalMetadataLocation-element.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->namespace)');
-		assert('is_string($this->location)');
-
-		$e = SAML2_Utils::addString($parent, SAML2_Const::NS_MD, 'md:AdditionalMetadataLocation', $this->location);
-		$e->setAttribute('namespace', $this->namespace);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/AffiliationDescriptor.php b/lib/SAML2/XML/md/AffiliationDescriptor.php
deleted file mode 100644
index 927ad1f8387de3f75e285e4fd83548cc3181b316..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/AffiliationDescriptor.php
+++ /dev/null
@@ -1,162 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 AffiliationDescriptor element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_AffiliationDescriptor extends SAML2_SignedElementHelper {
-
-	/**
-	 * The affiliationOwnerID.
-	 *
-	 * @var string
-	 */
-	public $affiliationOwnerID;
-
-
-	/**
-	 * The ID of this element.
-	 *
-	 * @var string|NULL
-	 */
-	public $ID;
-
-
-	/**
-	 * How long this element is valid, as a unix timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $validUntil;
-
-
-	/**
-	 * The length of time this element can be cached, as string.
-	 *
-	 * @var string|NULL
-	 */
-	public $cacheDuration;
-
-
-	/**
-	 * Extensions on this element.
-	 *
-	 * Array of extension elements.
-	 *
-	 * @var array
-	 */
-	public $Extensions = array();
-
-
-	/**
-	 * The AffiliateMember(s).
-	 *
-	 * Array of entity ID strings.
-	 *
-	 * @var array
-	 */
-	public $AffiliateMember = array();
-
-
-	/**
-	 * KeyDescriptor elements.
-	 *
-	 * Array of SAML2_XML_md_KeyDescriptor elements.
-	 *
-	 * @var array
-	 */
-	public $KeyDescriptor = array();
-
-
-	/**
-	 * Initialize a AffiliationDescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		parent::__construct($xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('affiliationOwnerID')) {
-			throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.');
-		}
-		$this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID');
-
-		if ($xml->hasAttribute('ID')) {
-			$this->ID = $xml->getAttribute('ID');
-		}
-
-		if ($xml->hasAttribute('validUntil')) {
-			$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
-		}
-
-		if ($xml->hasAttribute('cacheDuration')) {
-			$this->cacheDuration = $xml->getAttribute('cacheDuration');
-		}
-
-		$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
-
-		$this->AffiliateMember = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AffiliateMember');
-		if (empty($this->AffiliateMember)) {
-			throw new Exception('Missing AffiliateMember in AffiliationDescriptor.');
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
-			$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
-		}
-	}
-
-
-	/**
-	 * Add this AffiliationDescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this endpoint to.
-	 * @param string $name  The name of the element we should create.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->affiliationOwnerID)');
-		assert('is_null($this->ID) || is_string($this->ID)');
-		assert('is_null($this->validUntil) || is_int($this->validUntil)');
-		assert('is_null($this->cacheDuration) || is_string($this->cacheDuration)');
-		assert('is_array($this->Extensions)');
-		assert('is_array($this->AffiliateMember)');
-		assert('!empty($this->AffiliateMember)');
-		assert('is_array($this->KeyDescriptor)');
-
-		$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, 'md:AffiliationDescriptor');
-		$parent->appendChild($e);
-
-		$e->setAttribute('affiliationOwnerID', $this->affiliationOwnerID);
-
-		if (isset($this->ID)) {
-			$e->setAttribute('ID', $this->ID);
-		}
-
-		if (isset($this->validUntil)) {
-			$e->setAttribute('validUntil', gmdate('Y-m-d\TH:i:s\Z', $this->validUntil));
-		}
-
-		if (isset($this->cacheDuration)) {
-			$e->setAttribute('cacheDuration', $this->cacheDuration);
-		}
-
-		SAML2_XML_md_Extensions::addList($e, $this->Extensions);
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:AffiliateMember', FALSE, $this->AffiliateMember);
-
-		foreach ($this->KeyDescriptor as $kd) {
-			$kd->toXML($e);
-		}
-
-		$this->signElement($e, $e->firstChild);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/AttributeAuthorityDescriptor.php b/lib/SAML2/XML/md/AttributeAuthorityDescriptor.php
deleted file mode 100644
index 68eefee68fff4ed676ef4b95327d4fb00644e7ff..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/AttributeAuthorityDescriptor.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 metadata AttributeAuthorityDescriptor.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_AttributeAuthorityDescriptor extends SAML2_XML_md_RoleDescriptor {
-
-	/**
-	 * List of AttributeService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AttributeService = array();
-
-
-	/**
-	 * List of AssertionIDRequestService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AssertionIDRequestService = array();
-
-
-	/**
-	 * List of supported NameID formats.
-	 *
-	 * Array of strings.
-	 *
-	 * @var array
-	 */
-	public $NameIDFormat = array();
-
-
-	/**
-	 * List of supported attribute profiles.
-	 *
-	 * Array with strings.
-	 *
-	 * @var array
-	 */
-	public $AttributeProfile = array();
-
-
-	/**
-	 * List of supported attributes.
-	 *
-	 * Array with SAML2_XML_saml_Attribute objects.
-	 *
-	 * @var array
-	 */
-	public $Attribute = array();
-
-
-	/**
-	 * Initialize an IDPSSODescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('md:AttributeAuthorityDescriptor', $xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AttributeService') as $ep) {
-			$this->AttributeService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-		if (empty($this->AttributeService)) {
-			throw new Exception('Must have at least one AttributeService in AttributeAuthorityDescriptor.');
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
-			$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
-
-		$this->AttributeProfile = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AttributeProfile');
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) {
-			$this->Attribute[] = new SAML2_XML_saml_Attribute($a);
-		}
-	}
-
-
-	/**
-	 * Add this AttributeAuthorityDescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this IDPSSODescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->AttributeService)');
-		assert('!empty($this->AttributeService)');
-		assert('is_array($this->AssertionIDRequestService)');
-		assert('is_array($this->NameIDFormat)');
-		assert('is_array($this->AttributeProfile)');
-		assert('is_array($this->Attribute)');
-
-		$e = parent::toXML($parent);
-
-		foreach ($this->AttributeService as $ep) {
-			$ep->toXML($e, 'md:AttributeService');
-		}
-
-		foreach ($this->AssertionIDRequestService as $ep) {
-			$ep->toXML($e, 'md:AssertionIDRequestService');
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:NameIDFormat', FALSE, $this->NameIDFormat);
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:AttributeProfile', FALSE, $this->AttributeProfile);
-
-		foreach ($this->Attribute as $a) {
-			$a->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/AttributeConsumingService.php b/lib/SAML2/XML/md/AttributeConsumingService.php
deleted file mode 100644
index 427fd28533303b3e12f729fc352b6ed803e02565..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/AttributeConsumingService.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 Metadata AttributeConsumingService element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_AttributeConsumingService {
-
-	/**
-	 * The index of this AttributeConsumingService.
-	 *
-	 * @var int
-	 */
-	public $index;
-
-
-	/**
-	 * Whether this is the default AttributeConsumingService.
-	 *
-	 * @var bool|NULL
-	 */
-	public $isDefault = NULL;
-
-
-	/**
-	 * The ServiceName of this AttributeConsumingService.
-	 *
-	 * This is an associative array with language => translation.
-	 *
-	 * @var array
-	 */
-	public $ServiceName = array();
-
-
-	/**
-	 * The ServiceDescription of this AttributeConsumingService.
-	 *
-	 * This is an associative array with language => translation.
-	 *
-	 * @var array
-	 */
-	public $ServiceDescription = array();
-
-
-	/**
-	 * The RequestedAttribute elements.
-	 *
-	 * This is an array of SAML_RequestedAttributeType elements.
-	 *
-	 * @var array
-	 */
-	public $RequestedAttribute = array();
-
-
-	/**
-	 * Initialize / parse an AttributeConsumingService.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-
-		if (!$xml->hasAttribute('index')) {
-			throw new Exception('Missing index on AttributeConsumingService.');
-		}
-		$this->index = (int)$xml->getAttribute('index');
-
-		$this->isDefault = SAML2_Utils::parseBoolean($xml, 'isDefault', NULL);
-
-		$this->ServiceName = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'ServiceName');
-		if (empty($this->ServiceName)) {
-			throw new Exception('Missing ServiceName in AttributeConsumingService.');
-		}
-
-		$this->ServiceDescription = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'ServiceDescription');
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:RequestedAttribute') as $ra) {
-			$this->RequestedAttribute[] = new SAML2_XML_md_RequestedAttribute($ra);
-		}
-	}
-
-
-	/**
-	 * Convert to DOMElement.
-	 *
-	 * @param DOMElement $parent  The element we should append this AttributeConsumingService to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_int($this->index)');
-		assert('is_null($this->isDefault) || is_bool($this->isDefault)');
-		assert('is_array($this->ServiceName)');
-		assert('is_array($this->ServiceDescription)');
-		assert('is_array($this->RequestedAttribute)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:AttributeConsumingService');
-		$parent->appendChild($e);
-
-		$e->setAttribute('index', (string)$this->index);
-
-		if ($this->isDefault === TRUE) {
-			$e->setAttribute('isDefault', 'true');
-		} elseif ($this->isDefault === FALSE) {
-			$e->setAttribute('isDefault', 'false');
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:ServiceName', TRUE, $this->ServiceName);
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:ServiceDescription', TRUE, $this->ServiceDescription);
-
-		foreach ($this->RequestedAttribute as $ra) {
-			$ra->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/AuthnAuthorityDescriptor.php b/lib/SAML2/XML/md/AuthnAuthorityDescriptor.php
deleted file mode 100644
index 52124abc99cb0e1b19f694b73dad7202353e3d53..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/AuthnAuthorityDescriptor.php
+++ /dev/null
@@ -1,94 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 metadata AuthnAuthorityDescriptor.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_AuthnAuthorityDescriptor extends SAML2_XML_md_RoleDescriptor {
-
-	/**
-	 * List of AuthnQueryService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AuthnQueryService = array();
-
-
-	/**
-	 * List of AssertionIDRequestService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AssertionIDRequestService = array();
-
-
-	/**
-	 * List of supported NameID formats.
-	 *
-	 * Array of strings.
-	 *
-	 * @var array
-	 */
-	public $NameIDFormat = array();
-
-
-	/**
-	 * Initialize an IDPSSODescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('md:AuthnAuthorityDescriptor', $xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AuthnQueryService') as $ep) {
-			$this->AuthnQueryService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-		if (empty($this->AuthnQueryService)) {
-			throw new Exception('Must have at least one AuthnQueryService in AuthnAuthorityDescriptor.');
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
-			$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
-	}
-
-
-	/**
-	 * Add this IDPSSODescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this AuthnAuthorityDescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->AuthnQueryService)');
-		assert('!empty($this->AuthnQueryService)');
-		assert('is_array($this->AssertionIDRequestService)');
-		assert('is_array($this->NameIDFormat)');
-
-		$e = parent::toXML($parent);
-
-		foreach ($this->AuthnQueryService as $ep) {
-			$ep->toXML($e, 'md:AuthnQueryService');
-		}
-
-		foreach ($this->AssertionIDRequestService as $ep) {
-			$ep->toXML($e, 'md:AssertionIDRequestService');
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:NameIDFormat', FALSE, $this->NameIDFormat);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/ContactPerson.php b/lib/SAML2/XML/md/ContactPerson.php
deleted file mode 100644
index ea347c3f908ff0724357604b8da8fa6c6160c5e2..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/ContactPerson.php
+++ /dev/null
@@ -1,182 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 ContactPerson.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_ContactPerson {
-
-	/**
-	 * The contact type.
-	 *
-	 * @var string
-	 */
-	public $contactType;
-
-
-	/**
-	 * Extensions on this element.
-	 *
-	 * Array of extension elements.
-	 *
-	 * @var array
-	 */
-	public $Extensions = array();
-
-
-	/**
-	 * The Company of this contact.
-	 *
-	 * @var string
-	 */
-	public $Company = NULL;
-
-
-	/**
-	 * The GivenName of this contact.
-	 *
-	 * @var string
-	 */
-	public $GivenName = NULL;
-
-
-	/**
-	 * The SurName of this contact.
-	 *
-	 * @var string
-	 */
-	public $SurName = NULL;
-
-
-	/**
-	 * The EmailAddresses of this contact.
-	 *
-	 * @var array
-	 */
-	public $EmailAddress = array();
-
-
-	/**
-	 * The TelephoneNumbers of this contact.
-	 *
-	 * @var array
-	 */
-	public $TelephoneNumber = array();
-
-
-	/**
-	 * Initialize a ContactPerson element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('contactType')) {
-			throw new Exception('Missing contactType on ContactPerson.');
-		}
-		$this->contactType = $xml->getAttribute('contactType');
-
-		$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
-
-
-		$this->Company = self::getStringElement($xml, 'Company');
-		$this->GivenName = self::getStringElement($xml, 'GivenName');
-		$this->SurName = self::getStringElement($xml, 'SurName');
-		$this->EmailAddress = self::getStringElements($xml, 'EmailAddress');
-		$this->TelephoneNumber = self::getStringElements($xml, 'TelephoneNumber');
-	}
-
-
-	/**
-	 * Retrieve the value of a child DOMElements as an array of strings.
-	 *
-	 * @param DOMElement $parent  The parent element.
-	 * @param string $name  The name of the child elements.
-	 * @return array  The value of the child elements.
-	 */
-	private static function getStringElements(DOMElement $parent, $name) {
-		assert('is_string($name)');
-
-		$e = SAML2_Utils::xpQuery($parent, './saml_metadata:' . $name);
-
-		$ret = array();
-		foreach ($e as $i) {
-			$ret[] = $i->textContent;
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Retrieve the value of a child DOMElement as a string.
-	 *
-	 * @param DOMElement $parent  The parent element.
-	 * @param string $name  The name of the child element.
-	 * @return string|NULL  The value of the child element.
-	 */
-	private static function getStringElement(DOMElement $parent, $name) {
-		assert('is_string($name)');
-
-		$e = self::getStringElements($parent, $name);
-		if (empty($e)) {
-			return NULL;
-		}
-		if (count($e) > 1) {
-			throw new Exception('More than one ' . $name . ' in ' . $parent->tagName);
-		}
-
-		return $e[0];
-	}
-
-
-	/**
-	 * Convert this ContactPerson to XML.
-	 *
-	 * @param DOMElement $parent  The element we should add this contact to.
-	 * @return DOMElement  The new ContactPerson-element.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->contactType)');
-		assert('is_array($this->Extensions)');
-		assert('is_null($this->Company) || is_string($this->Company)');
-		assert('is_null($this->GivenName) || is_string($this->GivenName)');
-		assert('is_null($this->SurName) || is_string($this->SurName)');
-		assert('is_array($this->EmailAddress)');
-		assert('is_array($this->TelephoneNumber)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:ContactPerson');
-		$parent->appendChild($e);
-
-		$e->setAttribute('contactType', $this->contactType);
-
-		SAML2_XML_md_Extensions::addList($e, $this->Extensions);
-
-		if (isset($this->Company)) {
-			SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:Company', $this->Company);
-		}
-		if (isset($this->GivenName)) {
-			SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:GivenName', $this->GivenName);
-		}
-		if (isset($this->SurName)) {
-			SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:SurName', $this->SurName);
-		}
-		if (!empty($this->EmailAddress)) {
-			SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:EmailAddress', FALSE, $this->EmailAddress);
-		}
-		if (!empty($this->TelephoneNumber)) {
-			SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:TelephoneNumber', FALSE, $this->TelephoneNumber);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/EndpointType.php b/lib/SAML2/XML/md/EndpointType.php
deleted file mode 100644
index e4317e607a8057e86dda4963ecf656dcadd3eb42..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/EndpointType.php
+++ /dev/null
@@ -1,187 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 EndpointType.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_EndpointType {
-
-	/**
-	 * The binding for this endpoint.
-	 *
-	 * @var string
-	 */
-	public $Binding;
-
-
-	/**
-	 * The URI to this endpoint.
-	 *
-	 * @var string
-	 */
-	public $Location;
-
-
-	/**
-	 * The URI where responses can be delivered.
-	 *
-	 * @var string|NULL
-	 */
-	public $ResponseLocation = NULL;
-
-
-	/**
-	 * Extra (namespace qualified) attributes.
-	 *
-	 * @var array
-	 */
-	private $attributes = array();
-
-
-	/**
-	 * Initialize an EndpointType.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('Binding')) {
-			throw new Exception('Missing Binding on ' . $xml->tagName);
-		}
-		$this->Binding = $xml->getAttribute('Binding');
-
-		if (!$xml->hasAttribute('Location')) {
-			throw new Exception('Missing Location on ' . $xml->tagName);
-		}
-		$this->Location = $xml->getAttribute('Location');
-
-		if ($xml->hasAttribute('ResponseLocation')) {
-			$this->ResponseLocation = $xml->getAttribute('ResponseLocation');
-		}
-
-		foreach ($xml->attributes as $a) {
-			if ($a->namespaceURI === NULL) {
-				continue; /* Not namespace-qualified -- skip. */
-			}
-			$fullName = '{' . $a->namespaceURI . '}' . $a->localName;
-			$this->attributes[$fullName] = array(
-				'qualifiedName' => $a->nodeName,
-				'namespaceURI' => $a->namespaceURI,
-				'value' => $a->value,
-			);
-		}
-	}
-
-
-	/**
-	 * Check if a namespace-qualified attribute exists.
-	 *
-	 * @param string $namespaceURI  The namespace URI.
-	 * @param string $localName  The local name.
-	 * @return boolean  TRUE if the attribute exists, FALSE if not.
-	 */
-	public function hasAttributeNS($namespaceURI, $localName) {
-		assert('is_string($namespaceURI)');
-		assert('is_string($localName)');
-
-		$fullName = '{' . $namespaceURI . '}' . $localName;
-		return isset($this->attributes[$fullName]);
-	}
-
-
-	/**
-	 * Get a namespace-qualified attribute.
-	 *
-	 * @param string $namespaceURI  The namespace URI.
-	 * @param string $localName  The local name.
-	 * @return string  The value of the attribute, or an empty string if the attribute does not exist.
-	 */
-	public function getAttributeNS($namespaceURI, $localName) {
-		assert('is_string($namespaceURI)');
-		assert('is_string($localName)');
-
-		$fullName = '{' . $namespaceURI . '}' . $localName;
-		if (!isset($this->attributes[$fullName])) {
-			return '';
-		}
-		return $this->attributes[$fullName]['value'];
-	}
-
-
-	/**
-	 * Get a namespace-qualified attribute.
-	 *
-	 * @param string $namespaceURI  The namespace URI.
-	 * @param string $qualifiedName  The local name.
-	 * @param string $value  The attribute value.
-	 */
-	public function setAttributeNS($namespaceURI, $qualifiedName, $value) {
-		assert('is_string($namespaceURI)');
-		assert('is_string($qualifiedName)');
-
-		$name = explode(':', $qualifiedName, 2);
-		if (count($name) < 2) {
-			throw new Exception('Not a qualified name.');
-		}
-		$localName = $name[1];
-
-		$fullName = '{' . $namespaceURI . '}' . $localName;
-		$this->attributes[$fullName] = array(
-			'qualifiedName' => $qualifiedName,
-			'namespaceURI' => $namespaceURI,
-			'value' => $value,
-		);
-	}
-
-
-	/**
-	 * Remove a namespace-qualified attribute.
-	 *
-	 * @param string $namespaceURI  The namespace URI.
-	 * @param string $localName  The local name.
-	 */
-	public function removeAttributeNS($namespaceURI, $localName) {
-		assert('is_string($namespaceURI)');
-		assert('is_string($localName)');
-
-		$fullName = '{' . $namespaceURI . '}' . $localName;
-		unset($this->attributes[$fullName]);
-	}
-
-
-	/**
-	 * Add this endpoint to an XML element.
-	 *
-	 * @param DOMElement $parent  The element we should append this endpoint to.
-	 * @param string $name  The name of the element we should create.
-	 */
-	public function toXML(DOMElement $parent, $name) {
-		assert('is_string($name)');
-		assert('is_string($this->Binding)');
-		assert('is_string($this->Location)');
-		assert('is_null($this->ResponseLocation) || is_string($this->ResponseLocation)');
-
-		$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, $name);
-		$parent->appendChild($e);
-
-		$e->setAttribute('Binding', $this->Binding);
-		$e->setAttribute('Location', $this->Location);
-
-		if (isset($this->ResponseLocation)) {
-			$e->setAttribute('ResponseLocation', $this->ResponseLocation);
-		}
-
-		foreach ($this->attributes as $a) {
-			$e->setAttributeNS($a['namespaceURI'], $a['qualifiedName'], $a['value']);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/EntitiesDescriptor.php b/lib/SAML2/XML/md/EntitiesDescriptor.php
deleted file mode 100644
index c0e91345f691a7b43587cd1c9bd3722c762bd644..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/EntitiesDescriptor.php
+++ /dev/null
@@ -1,147 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 EntitiesDescriptor element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_EntitiesDescriptor extends SAML2_SignedElementHelper {
-
-	/**
-	 * The ID of this element.
-	 *
-	 * @var string|NULL
-	 */
-	public $ID;
-
-
-	/**
-	 * How long this element is valid, as a unix timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $validUntil;
-
-
-	/**
-	 * The length of time this element can be cached, as string.
-	 *
-	 * @var string|NULL
-	 */
-	public $cacheDuration;
-
-
-	/**
-	 * The name of this entity collection.
-	 *
-	 * @var string|NULL
-	 */
-	public $Name;
-
-
-	/**
-	 * Extensions on this element.
-	 *
-	 * Array of extension elements.
-	 *
-	 * @var array
-	 */
-	public $Extensions = array();
-
-
-	/**
-	 * Child EntityDescriptor and EntitiesDescriptor elements.
-	 *
-	 * @var array
-	 */
-	public $children = array();
-
-
-	/**
-	 * Initialize an EntitiesDescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct($xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('ID')) {
-			$this->ID = $xml->getAttribute('ID');
-		}
-		if ($xml->hasAttribute('validUntil')) {
-			$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
-		}
-		if ($xml->hasAttribute('cacheDuration')) {
-			$this->cacheDuration = $xml->getAttribute('cacheDuration');
-		}
-		if ($xml->hasAttribute('Name')) {
-			$this->Name = $xml->getAttribute('Name');
-		}
-
-		$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EntityDescriptor|./saml_metadata:EntitiesDescriptor') as $node) {
-			if ($node->localName === 'EntityDescriptor') {
-				$this->children[] = new SAML2_XML_md_EntityDescriptor($node);
-			} else {
-				$this->children[] = new SAML2_XML_md_EntitiesDescriptor($node);
-			}
-		}
-	}
-
-
-	/**
-	 * Convert this EntitiesDescriptor to XML.
-	 *
-	 * @param DOMElement|NULL $parent  The EntitiesDescriptor we should append this EntitiesDescriptor to.
-	 */
-	public function toXML(DOMElement $parent = NULL) {
-		assert('is_null($this->ID) || is_string($this->ID)');
-		assert('is_null($this->validUntil) || is_int($this->validUntil)');
-		assert('is_null($this->cacheDuration) || is_string($this->cacheDuration)');
-		assert('is_null($this->Name) || is_string($this->Name)');
-		assert('is_array($this->Extensions)');
-		assert('is_array($this->children)');
-
-		if ($parent === NULL) {
-			$doc = new DOMDocument();
-			$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:EntitiesDescriptor');
-			$doc->appendChild($e);
-		} else {
-			$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, 'md:EntitiesDescriptor');
-			$parent->appendChild($e);
-		}
-
-		if (isset($this->ID)) {
-			$e->setAttribute('ID', $this->ID);
-		}
-
-		if (isset($this->validUntil)) {
-			$e->setAttribute('validUntil', gmdate('Y-m-d\TH:i:s\Z', $this->validUntil));
-		}
-
-		if (isset($this->cacheDuration)) {
-			$e->setAttribute('cacheDuration', $this->cacheDuration);
-		}
-
-		if (isset($this->Name)) {
-			$e->setAttribute('Name', $this->Name);
-		}
-
-		SAML2_XML_md_Extensions::addList($e, $this->Extensions);
-
-		foreach ($this->children as $node) {
-			$node->toXML($e);
-		}
-
-		$this->signElement($e, $e->firstChild);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/EntityDescriptor.php b/lib/SAML2/XML/md/EntityDescriptor.php
deleted file mode 100644
index 89c7dcefc8ab082c24248195a46ced036b70681e..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/EntityDescriptor.php
+++ /dev/null
@@ -1,252 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 EntityDescriptor element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_EntityDescriptor extends SAML2_SignedElementHelper {
-
-	/**
-	 * The entityID this EntityDescriptor represents.
-	 *
-	 * @var string
-	 */
-	public $entityID;
-
-
-	/**
-	 * The ID of this element.
-	 *
-	 * @var string|NULL
-	 */
-	public $ID;
-
-
-	/**
-	 * How long this element is valid, as a unix timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $validUntil;
-
-
-	/**
-	 * The length of time this element can be cached, as string.
-	 *
-	 * @var string|NULL
-	 */
-	public $cacheDuration;
-
-
-	/**
-	 * Extensions on this element.
-	 *
-	 * Array of extension elements.
-	 *
-	 * @var array
-	 */
-	public $Extensions = array();
-
-
-	/**
-	 * Array with all roles for this entity.
-	 *
-	 * Array of SAML2_XML_md_RoleDescriptor objects (and subclasses of RoleDescriptor).
-	 *
-	 * @var array
-	 */
-	public $RoleDescriptor = array();
-
-
-	/**
-	 * AffiliationDescriptor of this entity.
-	 *
-	 * @var SAML2_XML_md_AffiliationDescriptor|NULL
-	 */
-	public $AffiliationDescriptor = NULL;
-
-
-	/**
-	 * Organization of this entity.
-	 *
-	 * @var SAML2_XML_md_Organization|NULL
-	 */
-	public $Organization = NULL;
-
-
-	/**
-	 * ContactPerson elements for this entity.
-	 *
-	 * @var array
-	 */
-	public $ContactPerson = array();
-
-
-	/**
-	 * AdditionalMetadataLocation elements for this entity.
-	 *
-	 * @var array
-	 */
-	public $AdditionalMetadataLocation = array();
-
-
-	/**
-	 * Initialize an EntitiyDescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct($xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('entityID')) {
-			throw new Exception('Missing required attribute entityID on EntityDescriptor.');
-		}
-		$this->entityID = $xml->getAttribute('entityID');
-
-		if ($xml->hasAttribute('ID')) {
-			$this->ID = $xml->getAttribute('ID');
-		}
-		if ($xml->hasAttribute('validUntil')) {
-			$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
-		}
-		if ($xml->hasAttribute('cacheDuration')) {
-			$this->cacheDuration = $xml->getAttribute('cacheDuration');
-		}
-
-		$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
-
-		for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) {
-			if (!($node instanceof DOMElement)) {
-				continue;
-			}
-
-			if ($node->namespaceURI !== SAML2_Const::NS_MD) {
-				continue;
-			}
-
-			switch ($node->localName) {
-			case 'RoleDescriptor':
-				$this->RoleDescriptor[] = new SAML2_XML_md_UnknownRoleDescriptor($node);
-				break;
-			case 'IDPSSODescriptor':
-				$this->RoleDescriptor[] = new SAML2_XML_md_IDPSSODescriptor($node);
-				break;
-			case 'SPSSODescriptor':
-				$this->RoleDescriptor[] = new SAML2_XML_md_SPSSODescriptor($node);
-				break;
-			case 'AuthnAuthorityDescriptor':
-				$this->RoleDescriptor[] = new SAML2_XML_md_AuthnAuthorityDescriptor($node);
-				break;
-			case 'AttributeAuthorityDescriptor':
-				$this->RoleDescriptor[] = new SAML2_XML_md_AttributeAuthorityDescriptor($node);
-				break;
-			case 'PDPDescriptor':
-				$this->RoleDescriptor[] = new SAML2_XML_md_PDPDescriptor($node);
-				break;
-			}
-		}
-
-		$affiliationDescriptor = SAML2_Utils::xpQuery($xml, './saml_metadata:AffiliationDescriptor');
-		if (count($affiliationDescriptor) > 1) {
-			throw new Exception('More than one AffiliationDescriptor in the entity.');
-		} elseif (!empty($affiliationDescriptor)) {
-			$this->AffiliationDescriptor = new SAML2_XML_md_AffiliationDescriptor($affiliationDescriptor[0]);
-		}
-
-		if (empty($this->RoleDescriptor) && is_null($this->AffiliationDescriptor)) {
-			throw new Exception('Must have either one of the RoleDescriptors or an AffiliationDescriptor in EntityDescriptor.');
-		} elseif (!empty($this->RoleDescriptor) && !is_null($this->AffiliationDescriptor)) {
-			throw new Exception('AffiliationDescriptor cannot be combined with other RoleDescriptor elements in EntityDescriptor.');
-		}
-
-		$organization = SAML2_Utils::xpQuery($xml, './saml_metadata:Organization');
-		if (count($organization) > 1) {
-			throw new Exception('More than one Organization in the entity.');
-		} elseif (!empty($organization)) {
-			$this->Organization = new SAML2_XML_md_Organization($organization[0]);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ContactPerson') as $cp) {
-			$this->ContactPerson[] = new SAML2_XML_md_ContactPerson($cp);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AdditionalMetadataLocation') as $aml) {
-			$this->AdditionalMetadataLocation[] = new SAML2_XML_md_AdditionalMetadataLocation($aml);
-		}
-	}
-
-
-	/**
-	 * Create this EntityDescriptor.
-	 *
-	 * @param DOMElement|NULL $parent  The EntitiesDescriptor we should append this EntityDescriptor to.
-	 */
-	public function toXML(DOMElement $parent = NULL) {
-		assert('is_string($this->entityID)');
-		assert('is_null($this->ID) || is_string($this->ID)');
-		assert('is_null($this->validUntil) || is_int($this->validUntil)');
-		assert('is_null($this->cacheDuration) || is_string($this->cacheDuration)');
-		assert('is_array($this->Extensions)');
-		assert('is_array($this->RoleDescriptor)');
-		assert('is_null($this->AffiliationDescriptor) || $this->AffiliationDescriptor instanceof SAML2_XML_md_AffiliationDescriptor');
-		assert('is_null($this->Organization) || $this->Organization instanceof SAML2_XML_md_Organization');
-		assert('is_array($this->ContactPerson)');
-		assert('is_array($this->AdditionalMetadataLocation)');
-
-		if ($parent === NULL) {
-			$doc = new DOMDocument();
-			$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:EntityDescriptor');
-			$doc->appendChild($e);
-		} else {
-			$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, 'md:EntityDescriptor');
-			$parent->appendChild($e);
-		}
-
-		$e->setAttribute('entityID', $this->entityID);
-
-		if (isset($this->ID)) {
-			$e->setAttribute('ID', $this->ID);
-		}
-
-		if (isset($this->validUntil)) {
-			$e->setAttribute('validUntil', gmdate('Y-m-d\TH:i:s\Z', $this->validUntil));
-		}
-
-		if (isset($this->cacheDuration)) {
-			$e->setAttribute('cacheDuration', $this->cacheDuration);
-		}
-
-		SAML2_XML_md_Extensions::addList($e, $this->Extensions);
-
-		foreach ($this->RoleDescriptor as $n) {
-			$n->toXML($e);
-		}
-
-		if (isset($this->AffiliationDescriptor)) {
-			$this->AffiliationDescriptor->toXML($e);
-		}
-
-		if (isset($this->Organization)) {
-			$this->Organization->toXML($e);
-		}
-
-		foreach ($this->ContactPerson as $cp) {
-			$cp->toXML($e);
-		}
-
-		foreach ($this->AdditionalMetadataLocation as $n) {
-			$n->toXML($e);
-		}
-
-		$this->signElement($e, $e->firstChild);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/Extensions.php b/lib/SAML2/XML/md/Extensions.php
deleted file mode 100644
index 797bdaf09e3ffc13505d20ebfae3897708e27d80..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/Extensions.php
+++ /dev/null
@@ -1,62 +0,0 @@
-<?php
-
-/**
- * Class for handling SAML2 metadata extensions.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_Extensions {
-
-	/**
-	 * Get a list of Extensions in the given element.
-	 *
-	 * @param DOMElement $parent  The element that may contain the md:Extensions element.
-	 * @return array  Array of extensions.
-	 */
-	public static function getList(DOMElement $parent) {
-
-		$ret = array();
-		foreach (SAML2_Utils::xpQuery($parent, './saml_metadata:Extensions/*') as $node) {
-			if ($node->namespaceURI === SAML2_XML_shibmd_Scope::NS && $node->localName === 'Scope') {
-				$ret[] = new SAML2_XML_shibmd_Scope($node);
-			} elseif ($node->namespaceURI === SAML2_XML_mdattr_EntityAttributes::NS && $node->localName === 'EntityAttributes') {
-				$ret[] = new SAML2_XML_mdattr_EntityAttributes($node);
-			} elseif ($node->namespaceURI === SAML2_XML_mdrpi_Common::NS_MDRPI && $node->localName === 'RegistrationInfo') {
-				$ret[] = new SAML2_XML_mdrpi_RegistrationInfo($node);
-			} elseif ($node->namespaceURI === SAML2_XML_mdrpi_Common::NS_MDRPI && $node->localName === 'PublicationInfo') {
-				$ret[] = new SAML2_XML_mdrpi_PublicationInfo($node);
-			} elseif ($node->namespaceURI === SAML2_XML_mdui_UIInfo::NS && $node->localName === 'UIInfo') {
-				$ret[] = new SAML2_XML_mdui_UIInfo($node);
-			} elseif ($node->namespaceURI === SAML2_XML_mdui_DiscoHints::NS && $node->localName === 'DiscoHints') {
-				$ret[] = new SAML2_XML_mdui_DiscoHints($node);
-			} else {
-				$ret[] = new SAML2_XML_Chunk($node);
-			}
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Add a list of Extensions to the given element.
-	 *
-	 * @param DOMElement $parent  The element we should add the extensions to.
-	 * @param array $extensions  List of extension objects.
-	 */
-	public static function addList(DOMElement $parent, array $extensions) {
-
-		if (empty($extensions)) {
-			return;
-		}
-
-		$extElement = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, 'md:Extensions');
-		$parent->appendChild($extElement);
-
-		foreach ($extensions as $ext) {
-			$ext->toXML($extElement);
-		}
-	}
-
-}
diff --git a/lib/SAML2/XML/md/IDPSSODescriptor.php b/lib/SAML2/XML/md/IDPSSODescriptor.php
deleted file mode 100644
index 0479d98123231e5880c8d3e2b1383bf0fb95ce15..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/IDPSSODescriptor.php
+++ /dev/null
@@ -1,145 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 IDPSSODescriptor.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_IDPSSODescriptor extends SAML2_XML_md_SSODescriptorType {
-
-	/**
-	 * Whether AuthnRequests sent to this IdP should be signed.
-	 *
-	 * @var bool|NULL
-	 */
-	public $WantAuthnRequestsSigned = NULL;
-
-
-	/**
-	 * List of SingleSignOnService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $SingleSignOnService = array();
-
-
-	/**
-	 * List of NameIDMappingService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $NameIDMappingService = array();
-
-
-	/**
-	 * List of AssertionIDRequestService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AssertionIDRequestService = array();
-
-
-	/**
-	 * List of supported attribute profiles.
-	 *
-	 * Array with strings.
-	 *
-	 * @var array
-	 */
-	public $AttributeProfile = array();
-
-
-	/**
-	 * List of supported attributes.
-	 *
-	 * Array with SAML2_XML_saml_Attribute objects.
-	 *
-	 * @var array
-	 */
-	public $Attribute = array();
-
-
-	/**
-	 * Initialize an IDPSSODescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('md:IDPSSODescriptor', $xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->WantAuthnRequestsSigned = SAML2_Utils::parseBoolean($xml, 'WantAuthnRequestsSigned', NULL);
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:SingleSignOnService') as $ep) {
-			$this->SingleSignOnService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:NameIDMappingService') as $ep) {
-			$this->NameIDMappingService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
-			$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		$this->AttributeProfile = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AttributeProfile');
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) {
-			$this->Attribute[] = new SAML2_XML_saml_Attribute($a);
-		}
-	}
-
-
-	/**
-	 * Add this IDPSSODescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this IDPSSODescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_null($this->WantAuthnRequestsSigned) || is_bool($this->WantAuthnRequestsSigned)');
-		assert('is_array($this->SingleSignOnService)');
-		assert('is_array($this->NameIDMappingService)');
-		assert('is_array($this->AssertionIDRequestService)');
-		assert('is_array($this->AttributeProfile)');
-		assert('is_array($this->Attribute)');
-
-		$e = parent::toXML($parent);
-
-		if ($this->WantAuthnRequestsSigned === TRUE) {
-			$e->setAttribute('WantAuthnRequestsSigned', 'true');
-		} elseif ($this->WantAuthnRequestsSigned === FALSE) {
-			$e->setAttribute('WantAuthnRequestsSigned', 'false');
-		}
-
-		foreach ($this->SingleSignOnService as $ep) {
-			$ep->toXML($e, 'md:SingleSignOnService');
-		}
-
-		foreach ($this->NameIDMappingService as $ep) {
-			$ep->toXML($e, 'md:NameIDMappingService');
-		}
-
-		foreach ($this->AssertionIDRequestService as $ep) {
-			$ep->toXML($e, 'md:AssertionIDRequestService');
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:AttributeProfile', FALSE, $this->AttributeProfile);
-
-		foreach ($this->Attribute as $a) {
-			$a->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/IndexedEndpointType.php b/lib/SAML2/XML/md/IndexedEndpointType.php
deleted file mode 100644
index c0191525c945d2bcf935cbbad1747a31b48101ab..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/IndexedEndpointType.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 IndexedEndpointType.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_IndexedEndpointType extends SAML2_XML_md_EndpointType {
-
-	/**
-	 * The index for this endpoint.
-	 *
-	 * @var int
-	 */
-	public $index;
-
-
-	/**
-	 * Whether this endpoint is the default.
-	 *
-	 * @var bool|NULL
-	 */
-	public $isDefault = NULL;
-
-
-	/**
-	 * Initialize an IndexedEndpointType.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct($xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('index')) {
-			throw new Exception('Missing index on ' . $xml->tagName);
-		}
-		$this->index = (int)$xml->getAttribute('index');
-
-		$this->isDefault = SAML2_Utils::parseBoolean($xml, 'isDefault', NULL);
-	}
-
-
-	/**
-	 * Add this endpoint to an XML element.
-	 *
-	 * @param DOMElement $parent  The element we should append this endpoint to.
-	 * @param string $name  The name of the element we should create.
-	 */
-	public function toXML(DOMElement $parent, $name) {
-		assert('is_string($name)');
-		assert('is_int($this->index)');
-		assert('is_null($this->isDefault) || is_bool($this->isDefault)');
-
-		$e = parent::toXML($parent, $name);
-		$e->setAttribute('index', (string)$this->index);
-
-		if ($this->isDefault === TRUE) {
-			$e->setAttribute('isDefault', 'true');
-		} elseif ($this->isDefault === FALSE) {
-			$e->setAttribute('isDefault', 'false');
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/KeyDescriptor.php b/lib/SAML2/XML/md/KeyDescriptor.php
deleted file mode 100644
index aeaffe9a53cc424fd19c24cf475f6fa9c010a39d..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/KeyDescriptor.php
+++ /dev/null
@@ -1,97 +0,0 @@
-<?php
-
-/**
- * Class representing a KeyDescriptor element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_KeyDescriptor {
-
-	/**
-	 * What this key can be used for.
-	 *
-	 * 'encryption', 'signing' or NULL.
-	 *
-	 * @var string|NULL
-	 */
-	public $use;
-
-
-	/**
-	 * The KeyInfo for this key.
-	 *
-	 * @var SAML2_XML_ds_KeyInfo
-	 */
-	public $KeyInfo;
-
-
-	/**
-	 * Supported EncryptionMethods.
-	 *
-	 * Array of SAML2_XML_Chunk objects.
-	 *
-	 * @var array
-	 */
-	public $EncryptionMethod = array();
-
-
-	/**
-	 * Initialize an KeyDescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('use')) {
-			$this->use = $xml->getAttribute('use');
-		}
-
-		$keyInfo = SAML2_Utils::xpQuery($xml, './ds:KeyInfo');
-		if (count($keyInfo) > 1) {
-			throw new Exception('More than one ds:KeyInfo in the KeyDescriptor.');
-		} elseif (empty($keyInfo)) {
-			throw new Exception('No ds:KeyInfo in the KeyDescriptor.');
-		}
-		$this->KeyInfo = new SAML2_XML_ds_KeyInfo($keyInfo[0]);
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EncryptionMethod') as $em) {
-			$this->EncryptionMethod[] = new SAML2_XML_Chunk($em);
-		}
-
-	}
-
-
-	/**
-	 * Convert this KeyDescriptor to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this KeyDescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_null($this->use) || is_string($this->use)');
-		assert('$this->KeyInfo instanceof SAML2_XML_ds_KeyInfo');
-		assert('is_array($this->EncryptionMethod)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:KeyDescriptor');
-		$parent->appendChild($e);
-
-		if (isset($this->use)) {
-			$e->setAttribute('use', $this->use);
-		}
-
-		$this->KeyInfo->toXML($e);
-
-		foreach ($this->EncryptionMethod as $em) {
-			$em->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/Organization.php b/lib/SAML2/XML/md/Organization.php
deleted file mode 100644
index 5ceaeed5bca1dcce75757ca44468feaadaf84bba..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/Organization.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 Organization element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_Organization {
-
-	/**
-	 * Extensions on this element.
-	 *
-	 * Array of extension elements.
-	 *
-	 * @var array
-	 */
-	public $Extensions = array();
-
-
-	/**
-	 * The OrganizationName, as an array of language => translation.
-	 *
-	 * @var array
-	 */
-	public $OrganizationName = array();
-
-
-	/**
-	 * The OrganizationDisplayName, as an array of language => translation.
-	 *
-	 * @var array
-	 */
-	public $OrganizationDisplayName = array();
-
-
-	/**
-	 * The OrganizationURL, as an array of language => translation.
-	 *
-	 * @var array
-	 */
-	public $OrganizationURL = array();
-
-
-	/**
-	 * Initialize an Organization element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
-
-
-		$this->OrganizationName = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'OrganizationName');
-		if (empty($this->OrganizationName)) {
-			$this->OrganizationName = array('invalid' => '');
-		}
-
-		$this->OrganizationDisplayName = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'OrganizationDisplayName');
-		if (empty($this->OrganizationDisplayName)) {
-			$this->OrganizationDisplayName = array('invalid' => '');
-		}
-
-		$this->OrganizationURL = SAML2_Utils::extractLocalizedStrings($xml, SAML2_Const::NS_MD, 'OrganizationURL');
-		if (empty($this->OrganizationURL)) {
-			$this->OrganizationURL = array('invalid' => '');
-		}
-	}
-
-
-	/**
-	 * Convert this Organization to XML.
-	 *
-	 * @param DOMElement $parent  The element we should add this organization to.
-	 * @return DOMElement  This Organization-element.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->Extensions)');
-		assert('is_array($this->OrganizationName)');
-		assert('!empty($this->OrganizationName)');
-		assert('is_array($this->OrganizationDisplayName)');
-		assert('!empty($this->OrganizationDisplayName)');
-		assert('is_array($this->OrganizationURL)');
-		assert('!empty($this->OrganizationURL)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:Organization');
-		$parent->appendChild($e);
-
-		SAML2_XML_md_Extensions::addList($e, $this->Extensions);
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:OrganizationName', TRUE, $this->OrganizationName);
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:OrganizationDisplayName', TRUE, $this->OrganizationDisplayName);
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:OrganizationURL', TRUE, $this->OrganizationURL);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/PDPDescriptor.php b/lib/SAML2/XML/md/PDPDescriptor.php
deleted file mode 100644
index f09d054cd1469d8e58e8b8258811cb46102358d6..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/PDPDescriptor.php
+++ /dev/null
@@ -1,94 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 metadata PDPDescriptor.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_PDPDescriptor extends SAML2_XML_md_RoleDescriptor {
-
-	/**
-	 * List of AuthzService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AuthzService = array();
-
-
-	/**
-	 * List of AssertionIDRequestService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AssertionIDRequestService = array();
-
-
-	/**
-	 * List of supported NameID formats.
-	 *
-	 * Array of strings.
-	 *
-	 * @var array
-	 */
-	public $NameIDFormat = array();
-
-
-	/**
-	 * Initialize an IDPSSODescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('md:PDPDescriptor', $xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AuthzService') as $ep) {
-			$this->AuthzService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-		if (empty($this->AuthzService)) {
-			throw new Exception('Must have at least one AuthzService in PDPDescriptor.');
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
-			$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
-	}
-
-
-	/**
-	 * Add this PDPDescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this IDPSSODescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->AuthzService)');
-		assert('!empty($this->AuthzService)');
-		assert('is_array($this->AssertionIDRequestService)');
-		assert('is_array($this->NameIDFormat)');
-
-		$e = parent::toXML($parent);
-
-		foreach ($this->AuthzService as $ep) {
-			$ep->toXML($e, 'md:AuthzService');
-		}
-
-		foreach ($this->AssertionIDRequestService as $ep) {
-			$ep->toXML($e, 'md:AssertionIDRequestService');
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:NameIDFormat', FALSE, $this->NameIDFormat);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/RequestedAttribute.php b/lib/SAML2/XML/md/RequestedAttribute.php
deleted file mode 100644
index 124a25daa2139633865241a4d6f9116dc54462e8..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/RequestedAttribute.php
+++ /dev/null
@@ -1,54 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 metadata RequestedAttribute.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_RequestedAttribute extends SAML2_XML_saml_Attribute {
-
-	/**
-	 * Whether this attribute is required.
-	 *
-	 * @var bool|NULL
-	 */
-	public $isRequired = NULL;
-
-
-	/**
-	 * Initialize an RequestedAttribute.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct($xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->isRequired = SAML2_Utils::parseBoolean($xml, 'isRequired', NULL);
-	}
-
-
-	/**
-	 * Convert this RequestedAttribute to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this RequestedAttribute to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_bool($this->isRequired) || is_null($this->isRequired)');
-
-		$e = $this->toXMLInternal($parent, SAML2_Const::NS_MD, 'md:RequestedAttribute');
-
-		if ($this->isRequired === TRUE) {
-			$e->setAttribute('isRequired', 'true');
-		} elseif ($this->isRequired === FALSE) {
-			$e->setAttribute('isRequired', 'false');
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/RoleDescriptor.php b/lib/SAML2/XML/md/RoleDescriptor.php
deleted file mode 100644
index 346d34cc1376419d54f29c1c775dc212e24b93d0..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/RoleDescriptor.php
+++ /dev/null
@@ -1,208 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 RoleDescriptor element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_RoleDescriptor extends SAML2_SignedElementHelper {
-
-	/**
-	 * The name of this descriptor element.
-	 *
-	 * @var string
-	 */
-	private $elementName;
-
-
-	/**
-	 * The ID of this element.
-	 *
-	 * @var string|NULL
-	 */
-	public $ID;
-
-
-	/**
-	 * How long this element is valid, as a unix timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $validUntil;
-
-
-	/**
-	 * The length of time this element can be cached, as string.
-	 *
-	 * @var string|NULL
-	 */
-	public $cacheDuration;
-
-
-	/**
-	 * List of supported protocols.
-	 *
-	 * @var array
-	 */
-	public $protocolSupportEnumeration = array();
-
-
-	/**
-	 * Error URL for this role.
-	 *
-	 * @var string|NULL
-	 */
-	public $errorURL;
-
-
-	/**
-	 * Extensions on this element.
-	 *
-	 * Array of extension elements.
-	 *
-	 * @var array
-	 */
-	public $Extensions = array();
-
-
-	/**
-	 * KeyDescriptor elements.
-	 *
-	 * Array of SAML2_XML_md_KeyDescriptor elements.
-	 *
-	 * @var array
-	 */
-	public $KeyDescriptor = array();
-
-
-	/**
-	 * Organization of this role.
-	 *
-	 * @var SAML2_XML_md_Organization|NULL
-	 */
-	public $Organization = NULL;
-
-
-	/**
-	 * ContactPerson elements for this role.
-	 *
-	 * Array of SAML2_XML_md_ContactPerson objects.
-	 *
-	 * @var array
-	 */
-	public $ContactPerson = array();
-
-
-	/**
-	 * Initialize a RoleDescriptor.
-	 *
-	 * @param string $elementName  The name of this element.
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	protected function __construct($elementName, DOMElement $xml = NULL) {
-		assert('is_string($elementName)');
-
-		parent::__construct($xml);
-		$this->elementName = $elementName;
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('ID')) {
-			$this->ID = $xml->getAttribute('ID');
-		}
-		if ($xml->hasAttribute('validUntil')) {
-			$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
-		}
-		if ($xml->hasAttribute('cacheDuration')) {
-			$this->cacheDuration = $xml->getAttribute('cacheDuration');
-		}
-
-		if (!$xml->hasAttribute('protocolSupportEnumeration')) {
-			throw new Exception('Missing protocolSupportEnumeration attribute on ' . $xml->localName);
-		}
-		$this->protocolSupportEnumeration = preg_split('/[\s]+/', $xml->getAttribute('protocolSupportEnumeration'));
-
-		if ($xml->hasAttribute('errorURL')) {
-			$this->errorURL = $xml->getAttribute('errorURL');
-		}
-
-
-		$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
-			$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
-		}
-
-		$organization = SAML2_Utils::xpQuery($xml, './saml_metadata:Organization');
-		if (count($organization) > 1) {
-			throw new Exception('More than one Organization in the entity.');
-		} elseif (!empty($organization)) {
-			$this->Organization = new SAML2_XML_md_Organization($organization[0]);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ContactPerson') as $cp) {
-			$this->contactPersons[] = new SAML2_XML_md_ContactPerson($cp);
-		}
-	}
-
-
-	/**
-	 * Add this RoleDescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this endpoint to.
-	 * @param string $name  The name of the element we should create.
-	 */
-	protected function toXML(DOMElement $parent) {
-		assert('is_null($this->ID) || is_string($this->ID)');
-		assert('is_null($this->validUntil) || is_int($this->validUntil)');
-		assert('is_null($this->cacheDuration) || is_string($this->cacheDuration)');
-		assert('is_array($this->protocolSupportEnumeration)');
-		assert('is_null($this->errorURL) || is_string($this->errorURL)');
-		assert('is_array($this->Extensions)');
-		assert('is_array($this->KeyDescriptor)');
-		assert('is_null($this->Organization) || $this->Organization instanceof SAML2_XML_md_Organization');
-		assert('is_array($this->ContactPerson)');
-
-		$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_MD, $this->elementName);
-		$parent->appendChild($e);
-
-		if (isset($this->ID)) {
-			$e->setAttribute('ID', $this->ID);
-		}
-
-		if (isset($this->validUntil)) {
-			$e->setAttribute('validUntil', gmdate('Y-m-d\TH:i:s\Z', $this->validUntil));
-		}
-
-		if (isset($this->cacheDuration)) {
-			$e->setAttribute('cacheDuration', $this->cacheDuration);
-		}
-
-		$e->setAttribute('protocolSupportEnumeration', implode(' ', $this->protocolSupportEnumeration));
-
-		if (isset($this->errorURL)) {
-			$e->setAttribute('errorURL', $this->errorURL);
-		}
-
-
-		SAML2_XML_md_Extensions::addList($e, $this->Extensions);
-
-		foreach ($this->KeyDescriptor as $kd) {
-			$kd->toXML($e);
-		}
-
-		if (isset($this->Organization)) {
-			$this->Organization->toXML($e);
-		}
-
-		foreach ($this->ContactPerson as $cp) {
-			$cp->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/SPSSODescriptor.php b/lib/SAML2/XML/md/SPSSODescriptor.php
deleted file mode 100644
index da7077e0028d6ff82d31314867d72141c2a5f72b..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/SPSSODescriptor.php
+++ /dev/null
@@ -1,107 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 SPSSODescriptor.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_SPSSODescriptor extends SAML2_XML_md_SSODescriptorType {
-
-	/**
-	 * Whether this SP signs authentication requests.
-	 *
-	 * @var bool|NULL
-	 */
-	public $AuthnRequestsSigned = NULL;
-
-
-	/**
-	 * Whether this SP wants the Assertion elements to be signed.
-	 *
-	 * @var bool|NULL
-	 */
-	public $WantAssertionsSigned = NULL;
-
-
-	/**
-	 * List of AssertionConsumerService endpoints for this SP.
-	 *
-	 * Array with IndexedEndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $AssertionConsumerService = array();
-
-
-	/**
-	 * List of AttributeConsumingService descriptors for this SP.
-	 *
-	 * Array with SAML2_XML_md_AttribteConsumingService objects.
-	 *
-	 * @var array
-	 */
-	public $AttributeConsumingService = array();
-
-
-	/**
-	 * Initialize a SPSSODescriptor.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-		parent::__construct('md:SPSSODescriptor', $xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->AuthnRequestsSigned = SAML2_Utils::parseBoolean($xml, 'AuthnRequestsSigned', NULL);
-		$this->WantAssertionsSigned = SAML2_Utils::parseBoolean($xml, 'WantAssertionsSigned', NULL);
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionConsumerService') as $ep) {
-			$this->AssertionConsumerService[] = new SAML2_XML_md_IndexedEndpointType($ep);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AttributeConsumingService') as $acs) {
-			$this->AttributeConsumingService[] = new SAML2_XML_md_AttributeConsumingService($acs);
-		}
-	}
-
-
-	/**
-	 * Add this SPSSODescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this SPSSODescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_null($this->AuthnRequestsSigned) || is_bool($this->AuthnRequestsSigned)');
-		assert('is_null($this->WantAssertionsSigned) || is_bool($this->WantAssertionsSigned)');
-		assert('is_array($this->AssertionConsumerService)');
-		assert('is_array($this->AttributeConsumingService)');
-
-		$e = parent::toXML($parent);
-
-		if ($this->AuthnRequestsSigned === TRUE) {
-			$e->setAttribute('AuthnRequestsSigned', 'true');
-		} elseif ($this->AuthnRequestsSigned === FALSE) {
-			$e->setAttribute('AuthnRequestsSigned', 'false');
-		}
-
-		if ($this->WantAssertionsSigned === TRUE) {
-			$e->setAttribute('WantAssertionsSigned', 'true');
-		} elseif ($this->WantAssertionsSigned === FALSE) {
-			$e->setAttribute('WantAssertionsSigned', 'false');
-		}
-
-
-		foreach ($this->AssertionConsumerService as $ep) {
-			$ep->toXML($e, 'md:AssertionConsumerService');
-		}
-
-		foreach ($this->AttributeConsumingService as $acs) {
-			$acs->toXML($e);
-		}
-	}
-
-}
diff --git a/lib/SAML2/XML/md/SSODescriptorType.php b/lib/SAML2/XML/md/SSODescriptorType.php
deleted file mode 100644
index bdb8e965ff69b5d2550e632463bce734e6d3fe9c..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/SSODescriptorType.php
+++ /dev/null
@@ -1,114 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 SSODescriptorType.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-abstract class SAML2_XML_md_SSODescriptorType extends SAML2_XML_md_RoleDescriptor {
-
-	/**
-	 * List of ArtifactResolutionService endpoints.
-	 *
-	 * Array with IndexedEndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $ArtifactResolutionService = array();
-
-
-	/**
-	 * List of SingleLogoutService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $SingleLogoutService = array();
-
-
-	/**
-	 * List of ManageNameIDService endpoints.
-	 *
-	 * Array with EndpointType objects.
-	 *
-	 * @var array
-	 */
-	public $ManageNameIDService = array();
-
-
-	/**
-	 * List of supported NameID formats.
-	 *
-	 * Array of strings.
-	 *
-	 * @var array
-	 */
-	public $NameIDFormat = array();
-
-
-	/**
-	 * Initialize a SSODescriptor.
-	 *
-	 * @param string $elementName  The name of this element.
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	protected function __construct($elementName, DOMElement $xml = NULL) {
-		assert('is_string($elementName)');
-
-		parent::__construct($elementName, $xml);
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ArtifactResolutionService') as $ep) {
-			$this->ArtifactResolutionService[] = new SAML2_XML_md_IndexedEndpointType($ep);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:SingleLogoutService') as $ep) {
-			$this->SingleLogoutService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ManageNameIDService') as $ep) {
-			$this->ManageNameIDService[] = new SAML2_XML_md_EndpointType($ep);
-		}
-
-		$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
-	}
-
-
-	/**
-	 * Add this SSODescriptorType to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this SSODescriptorType to.
-	 * @param string $name  The name of the element we should create.
-	 * @return DOMElement  The generated SSODescriptor DOMElement.
-	 */
-	protected function toXML(DOMElement $parent) {
-		assert('is_array($this->ArtifactResolutionService)');
-		assert('is_array($this->SingleLogoutService)');
-		assert('is_array($this->ManageNameIDService)');
-		assert('is_array($this->NameIDFormat)');
-
-		$e = parent::toXML($parent);
-
-		foreach ($this->ArtifactResolutionService as $ep) {
-			$ep->toXML($e, 'md:ArtifactResolutionService');
-		}
-
-		foreach ($this->SingleLogoutService as $ep) {
-			$ep->toXML($e, 'md:SingleLogoutService');
-		}
-
-		foreach ($this->ManageNameIDService as $ep) {
-			$ep->toXML($e, 'md:ManageNameIDService');
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:NameIDFormat', FALSE, $this->NameIDFormat);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/md/UnknownRoleDescriptor.php b/lib/SAML2/XML/md/UnknownRoleDescriptor.php
deleted file mode 100644
index 66e3a7986a643a46ca52afbe9dfcb44b820ec529..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/md/UnknownRoleDescriptor.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-/**
- * Class representing unknown RoleDescriptors.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_md_UnknownRoleDescriptor extends SAML2_XML_md_RoleDescriptor {
-
-	/**
-	 * This RoleDescriptor as XML
-	 *
-	 * @var SAML2_XML_Chunk
-	 */
-	private $xml;
-
-
-	/**
-	 * Initialize an unknown RoleDescriptor.
-	 *
-	 * @param DOMElement $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml) {
-		parent::__construct('md:RoleDescriptor', $xml);
-
-		$this->xml = new SAML2_XML_Chunk($xml);
-	}
-
-
-	/**
-	 * Add this RoleDescriptor to an EntityDescriptor.
-	 *
-	 * @param DOMElement $parent  The EntityDescriptor we should append this RoleDescriptor to.
-	 */
-	public function toXML(DOMElement $parent) {
-
-		$this->xml->toXML($parent);
-	}
-
-}
diff --git a/lib/SAML2/XML/mdattr/EntityAttributes.php b/lib/SAML2/XML/mdattr/EntityAttributes.php
deleted file mode 100644
index 93590081cde847bed2334e5864e5599099d74761..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdattr/EntityAttributes.php
+++ /dev/null
@@ -1,72 +0,0 @@
-<?php
-
-/**
- * Class for handling the EntityAttributes metadata extension.
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr-cs-01.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdattr_EntityAttributes {
-
-	/**
-	 * The namespace used for the EntityAttributes extension.
-	 */
-	const NS = 'urn:oasis:names:tc:SAML:metadata:attribute';
-
-
-	/**
-	 * Array with child elements.
-	 *
-	 * The elements can be SAML2_XML_saml_Attribute or SAML2_XML_Chunk elements.
-	 *
-	 * @var array
-	 */
-	public $children;
-
-
-	/**
-	 * Create a EntityAttributes element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute|./saml_assertion:Assertion') as $node) {
-			if ($node->localName === 'Attribute') {
-				$this->children[] = new SAML2_XML_saml_Attribute($node);
-			} else {
-				$this->children[] = new SAML2_XML_Chunk($node);
-			}
-		}
-
-	}
-
-
-	/**
-	 * Convert this EntityAttributes to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->children)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_XML_mdattr_EntityAttributes::NS, 'mdattr:EntityAttributes');
-		$parent->appendChild($e);
-
-		if (!empty($this->children)) {
-			foreach ($this->children as $child) {
-				$child->toXML($e);
-			}
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/mdrpi/Common.php b/lib/SAML2/XML/mdrpi/Common.php
deleted file mode 100644
index f6a4dc3d3976955ec9f5609a28098e87e6affb03..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdrpi/Common.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-
-/**
- * Common definitions for the mdrpi metadata extension.
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdrpi_Common {
-
-	const NS_MDRPI = 'urn:oasis:names:tc:SAML:metadata:rpi';
-
-}
diff --git a/lib/SAML2/XML/mdrpi/PublicationInfo.php b/lib/SAML2/XML/mdrpi/PublicationInfo.php
deleted file mode 100644
index bf6bff8d39d6f876fe9b3c81dcb67c756ea4532f..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdrpi/PublicationInfo.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-
-/**
- * Class for handling the mdrpi:PublicationInfo element.
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdrpi_PublicationInfo {
-
-	/**
-	 * The identifier of the metadata publisher.
-	 *
-	 * @var string
-	 */
-	public $publisher;
-
-	/**
-	 * The creation timestamp for the metadata, as a UNIX timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $creationInstant;
-
-	/**
-	 * Identifier for this metadata publication.
-	 *
-	 * @var string|NULL
-	 */
-	public $publicationId;
-
-	/**
-	 * Link to usage policy for this metadata.
-	 *
-	 * This is an associative array with language=>URL.
-	 *
-	 * @var array
-	 */
-	public $UsagePolicy = array();
-
-
-	/**
-	 * Create/parse a mdrpi:PublicationInfo element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('publisher')) {
-			throw new Exception('Missing required attribute "publisher" in mdrpi:PublicationInfo element.');
-		}
-		$this->publisher = $xml->getAttribute('publisher');
-
-		if ($xml->hasAttribute('creationInstant')) {
-			$this->creationInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('creationInstant'));
-		}
-
-		if ($xml->hasAttribute('publicationId')) {
-			$this->publicationId = $xml->getAttribute('publicationId');
-		}
-
-		$this->UsagePolicy = SAML2_Utils::extractLocalizedStrings($xml, SAML2_XML_mdrpi_Common::NS_MDRPI, 'UsagePolicy');
-	}
-
-
-	/**
-	 * Convert this element to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->publisher)');
-		assert('is_int($this->creationInstant) || is_null($this->creationInstant)');
-		assert('is_string($this->publicationId) || is_null($this->publicationId)');
-		assert('is_array($this->UsagePolicy)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_XML_mdrpi_Common::NS_MDRPI, 'mdrpi:PublicationInfo');
-		$parent->appendChild($e);
-
-		$e->setAttribute('publisher', $this->publisher);
-
-		if ($this->creationInstant !== NULL) {
-			$e->setAttribute('creationInstant', gmdate('Y-m-d\TH:i:s\Z', $this->creationInstant));
-		}
-
-		if ($this->publicationId !== NULL) {
-			$e->setAttribute('publicationId', $this->publicationId);
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_XML_mdrpi_Common::NS_MDRPI, 'mdrpi:UsagePolicy', TRUE, $this->UsagePolicy);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/mdrpi/RegistrationInfo.php b/lib/SAML2/XML/mdrpi/RegistrationInfo.php
deleted file mode 100644
index 4bb334a4d038c14ec44895c08cae2015b10b9656..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdrpi/RegistrationInfo.php
+++ /dev/null
@@ -1,86 +0,0 @@
-<?php
-
-/**
- * Class for handling the mdrpi:RegistrationInfo element.
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/saml-metadata-rpi-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdrpi_RegistrationInfo {
-
-	/**
-	 * The identifier of the metadata registration authority.
-	 *
-	 * @var string
-	 */
-	public $registrationAuthority;
-
-	/**
-	 * The registration timestamp for the metadata, as a UNIX timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $registrationInstant;
-
-	/**
-	 * Link to registration policy for this metadata.
-	 *
-	 * This is an associative array with language=>URL.
-	 *
-	 * @var array
-	 */
-	public $RegistrationPolicy = array();
-
-
-	/**
-	 * Create/parse a mdrpi:RegistrationInfo element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('registrationAuthority')) {
-			throw new Exception('Missing required attribute "registrationAuthority" in mdrpi:RegistrationInfo element.');
-		}
-		$this->registrationAuthority = $xml->getAttribute('registrationAuthority');
-
-		if ($xml->hasAttribute('registrationInstant')) {
-			$this->registrationInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('registrationInstant'));
-		}
-
-		$this->RegistrationPolicy = SAML2_Utils::extractLocalizedStrings($xml, SAML2_XML_mdrpi_Common::NS_MDRPI, 'RegistrationPolicy');
-	}
-
-
-	/**
-	 * Convert this element to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->registrationAuthority)');
-		assert('is_int($this->registrationInstant) || is_null($this->registrationInstant)');
-		assert('is_array($this->RegistrationPolicy)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_XML_mdrpi_Common::NS_MDRPI, 'mdrpi:RegistrationInfo');
-		$parent->appendChild($e);
-
-		$e->setAttribute('registrationAuthority', $this->registrationAuthority);
-
-		if ($this->registrationInstant !== NULL) {
-			$e->setAttribute('registrationInstant', gmdate('Y-m-d\TH:i:s\Z', $this->registrationInstant));
-		}
-
-		SAML2_Utils::addStrings($e, SAML2_XML_mdrpi_Common::NS_MDRPI, 'mdrpi:RegistrationPolicy', TRUE, $this->RegistrationPolicy);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/mdui/DiscoHints.php b/lib/SAML2/XML/mdui/DiscoHints.php
deleted file mode 100644
index 8ff510d96fb50a98f6994698248a9ee54bbea46e..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdui/DiscoHints.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php
-
-/**
- * Class for handling the metadata extensions for login and discovery user interface
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdui_DiscoHints {
-
-	/**
-	 * The namespace used for the DiscoHints extension.
-	 */
-	const NS = 'urn:oasis:names:tc:SAML:metadata:ui';
-
-
-	/**
-	 * Array with child elements.
-	 *
-	 * The elements can be any of the other SAML2_XML_mdui_* elements.
-	 *
-	 * @var array
-	 */
-	public $children = array();
-
-
-	/**
-	 * The IPHint, as an array of strings.
-	 *
-	 * @var array
-	 */
-	public $IPHint = array();
-
-
-	/**
-	 * The DomainHint, as an array of strings.
-	 *
-	 * @var array
-	 */
-	public $DomainHint = array();
-
-
-	/**
-	 * The GeolocationHint, as an array of strings.
-	 *
-	 * @var array
-	 */
-	public $GeolocationHint = array();
-
-	/**
-	 * Create a DiscoHints element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->IPHint =          SAML2_Utils::extractStrings($xml, self::NS, 'IPHint');
-		$this->DomainHint =      SAML2_Utils::extractStrings($xml, self::NS, 'DomainHint');
-		$this->GeolocationHint = SAML2_Utils::extractStrings($xml, self::NS, 'GeolocationHint');
-
-		foreach (SAML2_Utils::xpQuery($xml, "./*[namespace-uri()!='".self::NS."']") as $node) {
-			$this->children[] = new SAML2_XML_Chunk($node);
-		}
-	}
-
-
-	/**
-	 * Convert this DiscoHints to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->IPHint)');
-		assert('is_array($this->DomainHint)');
-		assert('is_array($this->GeolocationHint)');
-		assert('is_array($this->children)');
-
-		if (!empty($this->IPHint)
-		 || !empty($this->DomainHint)
-		 || !empty($this->GeolocationHint)
-		 || !empty($this->children)) {
-			$doc = $parent->ownerDocument;
-
-			$e = $doc->createElementNS(self::NS, 'mdui:DiscoHints');
-			$parent->appendChild($e);
-
-			if (!empty($this->children)) {
-				foreach ($this->children as $child) {
-					$child->toXML($e);
-				}
-			}
-
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:IPHint',          FALSE, $this->IPHint);
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:DomainHint',      FALSE, $this->DomainHint);
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:GeolocationHint', FALSE, $this->GeolocationHint);
-
-			return $e;
-		}
-	}
-
-}
diff --git a/lib/SAML2/XML/mdui/Keywords.php b/lib/SAML2/XML/mdui/Keywords.php
deleted file mode 100644
index 161f5e97341a48a298378259c626c80ead4356e0..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdui/Keywords.php
+++ /dev/null
@@ -1,80 +0,0 @@
-<?php
-
-/**
- * Class for handling the Keywords metadata extensions for login and discovery user interface
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdui_Keywords {
-
-	/**
-	 * The keywords of this item.
-	 *
-	 * @var string
-	 */
-	public $Keywords;
-
-
-	/**
-	 * The language of this item.
-	 *
-	 * @var string
-	 */
-	public $lang;
-
-
-	/**
-	 * Initialize a Keywords.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('xml:lang')) {
-			throw new Exception('Missing lang on Keywords.');
-		}
-		if (!is_string($xml->textContent) || !strlen($xml->textContent)) {
-			throw new Exception('Missing value for Keywords.');
-		}
-		$this->Keywords = array();
-		foreach (explode(' ', $xml->textContent) as $keyword) {
-			$this->Keywords[] = str_replace('+', ' ', $keyword);
-		}
-		$this->lang = $xml->getAttribute('xml:lang');
-	}
-
-
-	/**
-	 * Convert this Keywords to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this Keywords to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->lang)');
-		assert('is_array($this->Keywords)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_XML_mdui_UIInfo::NS, 'mdui:Keywords');
-		$e->setAttribute('xml:lang', $this->lang);
-		$value = '';
-		foreach ($this->Keywords as $keyword) {
-			if (strpos($keyword, "+") !== false) {
-				throw new Exception('Keywords may not contain a "+" character.');
-			}
-			$value .= str_replace(' ', '+', $keyword) . ' ';
-		}
-		$value = rtrim($value);
-		$e->appendChild($doc->createTextNode($value));
-		$parent->appendChild($e);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/mdui/Logo.php b/lib/SAML2/XML/mdui/Logo.php
deleted file mode 100644
index 93bcf533404838cb4b64ac61d90d010402b60e5b..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdui/Logo.php
+++ /dev/null
@@ -1,94 +0,0 @@
-<?php
-
-/**
- * Class for handling the Logo metadata extensions for login and discovery user interface
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdui_Logo {
-
-	/**
-	 * The url of this logo.
-	 *
-	 * @var string
-	 */
-	public $url;
-
-
-	/**
-	 * The width of this logo.
-	 *
-	 * @var string
-	 */
-	public $width;
-
-
-	/**
-	 * The height of this logo.
-	 *
-	 * @var string
-	 */
-	public $height;
-
-	/**
-	 * The language of this item.
-	 *
-	 * @var string
-	 */
-	public $lang;
-
-
-	/**
-	 * Initialize a Logo.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('width')) {
-			throw new Exception('Missing width of Logo.');
-		}
-		if (!$xml->hasAttribute('height')) {
-			throw new Exception('Missing height of Logo.');
-		}
-		if (!is_string($xml->textContent) || !strlen($xml->textContent)) {
-			throw new Exception('Missing url value for Logo.');
-		}
-		$this->url = $xml->textContent;
-		$this->width = (int)$xml->getAttribute('width');
-		$this->height = (int)$xml->getAttribute('height');
-		$this->lang = $xml->hasAttribute('xml:lang') ? $xml->getAttribute('xml:lang') : NULL;
-	}
-
-
-	/**
-	 * Convert this Logo to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this Logo to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_int($this->width)');
-		assert('is_int($this->height)');
-		assert('is_string($this->url)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_XML_mdui_UIInfo::NS, 'mdui:Logo');
-		$e->appendChild($doc->createTextNode($this->url));
-		$e->setAttribute('width', (int)$this->width);
-		$e->setAttribute('height', (int)$this->height);
-		if (isset($this->lang)) {
-			$e->setAttribute('xml:lang', $this->lang);
-		}
-		$parent->appendChild($e);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/mdui/UIInfo.php b/lib/SAML2/XML/mdui/UIInfo.php
deleted file mode 100644
index 2023abe73884aa2d68b20858c65531cff5e0b60f..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/mdui/UIInfo.php
+++ /dev/null
@@ -1,154 +0,0 @@
-<?php
-
-/**
- * Class for handling the metadata extensions for login and discovery user interface
- *
- * @link: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_mdui_UIInfo {
-
-	/**
-	 * The namespace used for the UIInfo extension.
-	 */
-	const NS = 'urn:oasis:names:tc:SAML:metadata:ui';
-
-
-	/**
-	 * Array with child elements.
-	 *
-	 * The elements can be any of the other SAML2_XML_mdui_* elements.
-	 *
-	 * @var array
-	 */
-	public $children = array();
-
-	/**
-	 * The DisplayName, as an array of language => translation.
-	 *
-	 * @var array
-	 */
-	public $DisplayName = array();
-
-	/**
-	 * The Description, as an array of language => translation.
-	 *
-	 * @var array
-	 */
-	public $Description = array();
-
-	/**
-	 * The InformationURL, as an array of language => url.
-	 *
-	 * @var array
-	 */
-	public $InformationURL = array();
-
-	/**
-	 * The PrivacyStatementURL, as an array of language => url.
-	 *
-	 * @var array
-	 */
-	public $PrivacyStatementURL = array();
-
-	/**
-	 * The Keywords, as an array of language => array of strings.
-	 *
-	 * @var array
-	 */
-	public $Keywords = array();
-
-	/**
-	 * The Logo, as an array of associative arrays containing url, width, height, and optional lang.
-	 *
-	 * @var array
-	 */
-	public $Logo = array();
-
-
-	/**
-	 * Create a UIInfo element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->DisplayName         = SAML2_Utils::extractLocalizedStrings($xml, self::NS, 'DisplayName');
-		$this->Description         = SAML2_Utils::extractLocalizedStrings($xml, self::NS, 'Description');
-		$this->InformationURL      = SAML2_Utils::extractLocalizedStrings($xml, self::NS, 'InformationURL');
-		$this->PrivacyStatementURL = SAML2_Utils::extractLocalizedStrings($xml, self::NS, 'PrivacyStatementURL');
-
-		foreach (SAML2_Utils::xpQuery($xml, './*') as $node) {
-			if ($node->namespaceURI === self::NS) {
-				switch ($node->localName) {
-					case 'Keywords':
-						$this->Keywords[] = new SAML2_XML_mdui_Keywords($node);
-					break;
-					case 'Logo':
-						$this->Logo[] = new SAML2_XML_mdui_Logo($node);
-					break;
-				}
-			} else {
-				$this->children[] = new SAML2_XML_Chunk($node);
-			}
-		}
-	}
-
-
-	/**
-	 * Convert this UIInfo to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_array($this->DisplayName)');
-		assert('is_array($this->InformationURL)');
-		assert('is_array($this->PrivacyStatementURL)');
-		assert('is_array($this->Keywords)');
-		assert('is_array($this->Logo)');
-		assert('is_array($this->children)');
-
-		if (!empty($this->DisplayName)
-		 || !empty($this->Description)
-		 || !empty($this->InformationURL)
-		 || !empty($this->PrivacyStatementURL)
-		 || !empty($this->Keywords)
-		 || !empty($this->Logo)
-		 || !empty($this->children)) {
-			$doc = $parent->ownerDocument;
-
-			$e = $doc->createElementNS(self::NS, 'mdui:UIInfo');
-			$parent->appendChild($e);
-
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:DisplayName',         TRUE, $this->DisplayName);
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:Description',         TRUE, $this->Description);
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:InformationURL',      TRUE, $this->InformationURL);
-			SAML2_Utils::addStrings($e, self::NS, 'mdui:PrivacyStatementURL', TRUE, $this->PrivacyStatementURL);
-
-			if (!empty($this->Keywords)) {
-				foreach ($this->Keywords as $child) {
-					$child->toXML($e);
-				}
-			}
-
-			if (!empty($this->Logo)) {
-				foreach ($this->Logo as $child) {
-					$child->toXML($e);
-				}
-			}
-
-			if (!empty($this->children)) {
-				foreach ($this->children as $child) {
-					$child->toXML($e);
-				}
-			}
-		}
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/saml/Attribute.php b/lib/SAML2/XML/saml/Attribute.php
deleted file mode 100644
index afbf0cbbe5f5c22a84813e6f53497604e31bc845..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/saml/Attribute.php
+++ /dev/null
@@ -1,121 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 Attribute.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_saml_Attribute {
-
-	/**
-	 * The Name of this attribute.
-	 *
-	 * @var string
-	 */
-	public $Name;
-
-
-	/**
-	 * The NameFormat of this attribute.
-	 *
-	 * @var string|NULL
-	 */
-	public $NameFormat;
-
-
-	/**
-	 * The FriendlyName of this attribute.
-	 *
-	 * @var string|NULL
-	 */
-	public $FriendlyName = NULL;
-
-
-	/**
-	 * List of attribute values.
-	 *
-	 * Array of SAML2_XML_saml_AttributeValue elements.
-	 *
-	 * @var array
-	 */
-	public $AttributeValue = array();
-
-
-	/**
-	 * Initialize an Attribute.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('Name')) {
-			throw new Exception('Missing Name on Attribute.');
-		}
-		$this->Name = $xml->getAttribute('Name');
-
-		if ($xml->hasAttribute('NameFormat')) {
-			$this->NameFormat = $xml->getAttribute('NameFormat');
-		}
-
-		if ($xml->hasAttribute('FriendlyName')) {
-			$this->FriendlyName = $xml->getAttribute('FriendlyName');
-		}
-
-		foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:AttributeValue') as $av) {
-			$this->AttributeValue[] = new SAML2_XML_saml_AttributeValue($av);
-		}
-	}
-
-
-	/**
-	 * Internal implementation of toXML.
-	 * This function allows RequestedAttribute to specify the element name and namespace.
-	 *
-	 * @param DOMElement $parent  The element we should append this Attribute to.
-	 * @param string $namespace  The namespace the element should be created in.
-	 * @param string $name  The name of the element.
-	 */
-	protected function toXMLInternal(DOMElement $parent, $namespace, $name) {
-		assert('is_string($namespace)');
-		assert('is_string($name)');
-		assert('is_string($this->Name)');
-		assert('is_null($this->NameFormat) || is_string($this->NameFormat)');
-		assert('is_null($this->FriendlyName) || is_string($this->FriendlyName)');
-		assert('is_array($this->AttributeValue)');
-
-		$e = $parent->ownerDocument->createElementNS($namespace, $name);
-		$parent->appendChild($e);
-
-		$e->setAttribute('Name', $this->Name);
-
-		if (isset($this->NameFormat)) {
-			$e->setAttribute('NameFormat', $this->NameFormat);
-		}
-
-		if (isset($this->FriendlyName)) {
-			$e->setAttribute('FriendlyName', $this->FriendlyName);
-		}
-
-		foreach ($this->AttributeValue as $av) {
-			$av->toXML($e);
-		}
-
-		return $e;
-	}
-
-
-	/**
-	 * Convert this Attribute to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this Attribute to.
-	 */
-	public function toXML(DOMElement $parent) {
-		return $this->toXMLInternal($parent, SAML2_Const::NS_SAML, 'saml:Attribute');
-	}
-
-}
diff --git a/lib/SAML2/XML/saml/AttributeValue.php b/lib/SAML2/XML/saml/AttributeValue.php
deleted file mode 100644
index bc890559260d34be7868996613d6964a21eb23c4..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/saml/AttributeValue.php
+++ /dev/null
@@ -1,99 +0,0 @@
-<?php
-
-/**
- * Class representing an AttributeValue.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_saml_AttributeValue {
-
-	/**
-	 * The raw DOMElement representing this value.
-	 *
-	 * @var DOMElement
-	 */
-	public $element;
-
-
-	/**
-	 * Create an AttributeValue.
-	 *
-	 * @param mixed $value
-	 * The value of this element.
-	 * Can be one of:
-	 *  - string                      Create an attribute value with a simple string.
-	 *  - DOMElement(AttributeValue)  Create an attribute value of the given DOMElement.
-	 *  - DOMElement                  Create an attribute value with the given DOMElement as a child.
-	 */
-	public function __construct($value) {
-		assert('is_string($value) || $value instanceof DOMElement');
-
-		if (is_string($value)) {
-			$doc = new DOMDocument();
-			$this->element = $doc->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeValue');
-			$this->element->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', 'xs:string');
-			$this->element->appendChild($doc->createTextNode($value));
-
-			/* Make sure that the xs-namespace is available in the AttributeValue (for xs:string). */
-			$this->element->setAttributeNS(SAML2_Const::NS_XS, 'xs:tmp', 'tmp');
-			$this->element->removeAttributeNS(SAML2_Const::NS_XS, 'tmp');
-
-			return;
-		}
-
-		if ($value->namespaceURI === SAML2_Const::NS_SAML && $value->localName === 'AttributeValue') {
-			$this->element = SAML2_Utils::copyElement($value);
-			return;
-		}
-
-		$doc = new DOMDocument();
-		$this->element = $doc->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeValue');
-		SAML2_Utils::copyElement($value, $this->element);
-	}
-
-
-	/**
-	 * Append this attribute value to an element.
-	 *
-	 * @param DOMElement $parent  The element we should append this attribute value to.
-	 * @return DOMElement  The generated AttributeValue element.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('$this->element instanceof DOMElement');
-		assert('$this->element->namespaceURI === SAML2_Const::NS_SAML && $this->element->localName === "AttributeValue"');
-
-		$v = SAML2_Utils::copyElement($this->element, $parent);
-
-		return $v;
-	}
-
-	/*
-	 * Returns a plain text content of the attribute value.
-	 */
-	public function getString() {
-		return $this->element->textContent;
-	}
-
-
-	/**
-	 * Convert this attribute value to a string.
-	 *
-	 * If this element contains XML data, that data vil be encoded as a string and returned.
-	 *
-	 * @return string  This attribute value.
-	 */
-	public function __toString() {
-		assert('$this->element instanceof DOMElement');
-
-		$doc = $this->element->ownerDocument;
-
-		$ret = '';
-		foreach ($this->element->childNodes as $c) {
-			$ret .= $doc->saveXML($c);
-		}
-
-		return $ret;
-	}
-
-}
diff --git a/lib/SAML2/XML/saml/NameID.php b/lib/SAML2/XML/saml/NameID.php
deleted file mode 100644
index b31a00c91efd44f5b93504e1026ed132eaa10170..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/saml/NameID.php
+++ /dev/null
@@ -1,125 +0,0 @@
-<?php
-
-/**
- * Class representing the saml:NameID element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_saml_NameID {
-
-	/**
-	 * The NameQualifier or the NameID.
-	 *
-	 * @var string|NULL
-	 */
-	public $NameQualifier;
-
-	/**
-	 * The SPNameQualifier or the NameID.
-	 *
-	 * @var string|NULL
-	 */
-	public $SPNameQualifier;
-
-
-	/**
-	 * The Format or the NameID.
-	 *
-	 * @var string|NULL
-	 */
-	public $Format;
-
-
-	/**
-	 * The SPProvidedID or the NameID.
-	 *
-	 * @var string|NULL
-	 */
-	public $SPProvidedID;
-
-
-	/**
-	 * The value of this NameID.
-	 *
-	 * @var string
-	 */
-	public $value;
-
-
-	/**
-	 * Initialize a saml:NameID.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('SPNameQualifier')) {
-			$this->SPNameQualifier = $xml->getAttribute('SPNameQualifier');
-		}
-
-		if ($xml->hasAttribute('NameQualifier')) {
-			$this->NameQualifier = $xml->getAttribute('NameQualifier');
-		}
-
-		if ($xml->hasAttribute('Format')) {
-			$this->Format = $xml->getAttribute('Format');
-		}
-
-		if ($xml->hasAttribute('SPProvidedID')) {
-			$this->SPProvidedID = $xml->getAttribute('SPProvidedID');
-		}
-
-		$this->value = trim($xml->textContent);
-	}
-
-
-	/**
-	 * Convert this NameID to XML.
-	 *
-	 * @param DOMElement|NULL $parent  The element we should append to.
-	 * @return DOMElement  This AdditionalMetadataLocation-element.
-	 */
-	public function toXML(DOMElement $parent = NULL) {
-		assert('is_string($this->NameQualifier) || is_null($this->NameQualifier)');
-		assert('is_string($this->SPNameQualifier) || is_null($this->SPNameQualifier)');
-		assert('is_string($this->Format) || is_null($this->Format)');
-		assert('is_string($this->SPProvidedID) || is_null($this->SPProvidedID)');
-		assert('is_string($this->value)');
-
-		if ($parent === NULL) {
-			$parent = new DOMDocument();
-			$doc = $parent;
-		} else {
-			$doc = $parent->ownerDocument;
-		}
-		$e = $doc->createElementNS(SAML2_Const::NS_SAML, 'saml:NameID');
-		$parent->appendChild($e);
-
-		if ($this->NameQualifier !== NULL) {
-			$e->setAttribute('NameQualifier', $this->NameQualifier);
-		}
-
-		if ($this->SPNameQualifier !== NULL) {
-			$e->setAttribute('SPNameQualifier', $this->SPNameQualifier);
-		}
-
-		if ($this->Format !== NULL) {
-			$e->setAttribute('Format', $this->Format);
-		}
-
-		if ($this->SPProvidedID !== NULL) {
-			$e->setAttribute('SPProvidedID', $this->SPProvidedID);
-		}
-
-		$t = $doc->createTextNode($this->value);
-		$e->appendChild($t);
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/saml/SubjectConfirmation.php b/lib/SAML2/XML/saml/SubjectConfirmation.php
deleted file mode 100644
index 857ee4b44c8811fcc6e7b717713923e6ae69c7ce..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/saml/SubjectConfirmation.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 SubjectConfirmation element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_saml_SubjectConfirmation {
-
-	/**
-	 * The method we can use to verify this Subject.
-	 *
-	 * @var string
-	 */
-	public $Method;
-
-
-	/**
-	 * The NameID of the entity that can use this element to verify the Subject.
-	 *
-	 * @var SAML2_XML_saml_NameID|NULL
-	 */
-	public $NameID;
-
-
-	/**
-	 * SubjectConfirmationData element with extra data for verification of the Subject.
-	 *
-	 * @var SAML2_XML_saml_SubjectConfirmationData|NULL
-	 */
-	public $SubjectConfirmationData;
-
-
-	/**
-	 * Initialize (and parse? a SubjectConfirmation element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if (!$xml->hasAttribute('Method')) {
-			throw new Exception('SubjectConfirmation element without Method attribute.');
-		}
-		$this->Method = $xml->getAttribute('Method');
-
-		$nid = SAML2_Utils::xpQuery($xml, './saml_assertion:NameID');
-		if (count($nid) > 1) {
-			throw new Exception('More than one NameID in a SubjectConfirmation element.');
-		} elseif (!empty($nid)) {
-			$this->NameID = new SAML2_XML_saml_NameID($nid[0]);
-		}
-
-		$scd = SAML2_Utils::xpQuery($xml, './saml_assertion:SubjectConfirmationData');
-		if (count($scd) > 1) {
-			throw new Exception('More than one SubjectConfirmationData child in a SubjectConfirmation element.');
-		} elseif (!empty($scd)) {
-			$this->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData($scd[0]);
-		}
-	}
-
-
-	/**
-	 * Convert this element to XML.
-	 *
-	 * @param DOMElement $parent  The parent element we should append this element to.
-	 * @return DOMElement  This element, as XML.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->Method)');
-		assert('is_null($this->NameID) || $this->NameID instanceof SAML2_XML_saml_NameID');
-		assert('is_null($this->SubjectConfirmationData) || $this->SubjectConfirmationData instanceof SAML2_XML_saml_SubjectConfirmationData');
-
-		$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:SubjectConfirmation');
-		$parent->appendChild($e);
-
-		$e->setAttribute('Method', $this->Method);
-
-		if (isset($this->NameID)) {
-			$this->NameID->toXML($e);
-		}
-		if (isset($this->SubjectConfirmationData)) {
-			$this->SubjectConfirmationData->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/saml/SubjectConfirmationData.php b/lib/SAML2/XML/saml/SubjectConfirmationData.php
deleted file mode 100644
index 1c28c65c8df37559c5977d1a8893763eb64efd6f..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/saml/SubjectConfirmationData.php
+++ /dev/null
@@ -1,146 +0,0 @@
-<?php
-
-/**
- * Class representing SAML 2 SubjectConfirmationData element.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_saml_SubjectConfirmationData {
-
-	/**
-	 * The time before this element is valid, as an unix timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $NotBefore;
-
-
-	/**
-	 * The time after which this element is invalid, as an unix timestamp.
-	 *
-	 * @var int|NULL
-	 */
-	public $NotOnOrAfter;
-
-
-	/**
-	 * The Recipient this Subject is valid for. Either an entity or a location.
-	 *
-	 * @var string|NULL
-	 */
-	public $Recipient;
-
-
-	/**
-	 * The ID of the AuthnRequest this is a response to.
-	 *
-	 * @var string|NULL
-	 */
-	public $InResponseTo;
-
-
-	/**
-	 * The IP(v6) address of the user.
-	 *
-	 * @var string|NULL
-	 */
-	public $Address;
-
-
-	/**
-	 * The various key information elements.
-	 *
-	 * Array with various elements describing this key.
-	 * Unknown elements will be represented by SAML2_XML_Chunk.
-	 *
-	 * @var array
-	 */
-	public $info = array();
-
-
-	/**
-	 * Initialize (and parse) a SubjectConfirmationData element.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		if ($xml->hasAttribute('NotBefore')) {
-			$this->NotBefore = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('NotBefore'));
-		}
-		if ($xml->hasAttribute('NotOnOrAfter')) {
-			$this->NotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('NotOnOrAfter'));
-		}
-		if ($xml->hasAttribute('Recipient')) {
-			$this->Recipient = $xml->getAttribute('Recipient');
-		}
-		if ($xml->hasAttribute('InResponseTo')) {
-			$this->InResponseTo = $xml->getAttribute('InResponseTo');
-		}
-		if ($xml->hasAttribute('Address')) {
-			$this->Address = $xml->getAttribute('Address');
-		}
-		for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) {
-			if (!($n instanceof DOMElement)) {
-				continue;
-			}
-			if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) {
-				$this->info[] = new SAML2_XML_Chunk($n);
-				continue;
-			}
-			switch ($n->localName) {
-			case 'KeyInfo':
-				$this->info[] = new SAML2_XML_ds_KeyInfo($n);
-				break;
-			default:
-				$this->info[] = new SAML2_XML_Chunk($n);
-				break;
-			}
-		}
-	}
-
-
-	/**
-	 * Convert this element to XML.
-	 *
-	 * @param DOMElement $parent  The parent element we should append this element to.
-	 * @return DOMElement  This element, as XML.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_null($this->NotBefore) || is_int($this->NotBefore)');
-		assert('is_null($this->NotOnOrAfter) || is_int($this->NotOnOrAfter)');
-		assert('is_null($this->Recipient) || is_string($this->Recipient)');
-		assert('is_null($this->InResponseTo) || is_string($this->InResponseTo)');
-		assert('is_null($this->Address) || is_string($this->Address)');
-
-		$e = $parent->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:SubjectConfirmationData');
-		$parent->appendChild($e);
-
-		if (isset($this->NotBefore)) {
-			$e->setAttribute('NotBefore', gmdate('Y-m-d\TH:i:s\Z', $this->NotBefore));
-		}
-		if (isset($this->NotOnOrAfter)) {
-			$e->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->NotOnOrAfter));
-		}
-		if (isset($this->Recipient)) {
-			$e->setAttribute('Recipient', $this->Recipient);
-		}
-		if (isset($this->InResponseTo)) {
-			$e->setAttribute('InResponseTo', $this->InResponseTo);
-		}
-		if (isset($this->Address)) {
-			$e->setAttribute('Address', $this->Address);
-		}
-		foreach ($this->info as $n) {
-			$n->toXML($e);
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SAML2/XML/samlp/Extensions.php b/lib/SAML2/XML/samlp/Extensions.php
deleted file mode 100644
index ad86c3f5852fa63bca8b68693ba9d105fbc7504e..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/samlp/Extensions.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
-/**
- * Class for handling SAML2 extensions.
- *
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_samlp_Extensions {
-
-	/**
-	 * Get a list of Extensions in the given element.
-	 *
-	 * @param DOMElement $parent  The element that may contain the samlp:Extensions element.
-	 * @return array  Array of extensions.
-	 */
-	public static function getList(DOMElement $parent) {
-
-		$ret = array();
-		foreach (SAML2_Utils::xpQuery($parent, './saml_protocol:Extensions/*') as $node) {
-			$ret[] = new SAML2_XML_Chunk($node);
-		}
-
-		return $ret;
-	}
-
-
-	/**
-	 * Add a list of Extensions to the given element.
-	 *
-	 * @param DOMElement $parent  The element we should add the extensions to.
-	 * @param array $extensions  List of extension objects.
-	 */
-	public static function addList(DOMElement $parent, array $extensions) {
-
-		if (empty($extensions)) {
-			return;
-		}
-
-		$extElement = $parent->ownerDocument->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:Extensions');
-		$parent->appendChild($extElement);
-
-		foreach ($extensions as $ext) {
-			$ext->toXML($extElement);
-		}
-	}
-
-}
diff --git a/lib/SAML2/XML/shibmd/Scope.php b/lib/SAML2/XML/shibmd/Scope.php
deleted file mode 100644
index 9847546775078963c821012f9460914749ca7e4e..0000000000000000000000000000000000000000
--- a/lib/SAML2/XML/shibmd/Scope.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-
-/**
- * Class which represents the Scope element found in Shibboleth metadata.
- *
- * @link https://wiki.shibboleth.net/confluence/display/SHIB/ShibbolethMetadataProfile
- * @package simpleSAMLphp
- * @version $Id$
- */
-class SAML2_XML_shibmd_Scope {
-
-	/**
-	 * The namespace used for the Scope extension element.
-	 */
-	const NS = 'urn:mace:shibboleth:metadata:1.0';
-
-
-	/**
-	 * The scope.
-	 *
-	 * @var string
-	 */
-	public $scope;
-
-	/**
-	 * Whether this is a regexp scope.
-	 *
-	 * @var bool|NULL
-	 */
-	public $regexp = NULL;
-
-
-	/**
-	 * Create a Scope.
-	 *
-	 * @param DOMElement|NULL $xml  The XML element we should load.
-	 */
-	public function __construct(DOMElement $xml = NULL) {
-
-		if ($xml === NULL) {
-			return;
-		}
-
-		$this->scope = $xml->textContent;
-		$this->regexp = SAML2_Utils::parseBoolean($xml, 'regexp', NULL);
-	}
-
-
-	/**
-	 * Convert this Scope to XML.
-	 *
-	 * @param DOMElement $parent  The element we should append this Scope to.
-	 */
-	public function toXML(DOMElement $parent) {
-		assert('is_string($this->scope)');
-		assert('is_bool($this->regexp) || is_null($this->regexp)');
-
-		$doc = $parent->ownerDocument;
-
-		$e = $doc->createElementNS(SAML2_XML_shibmd_Scope::NS, 'shibmd:Scope');
-		$parent->appendChild($e);
-
-		$e->appendChild($doc->createTextNode($this->scope));
-
-		if ($this->regexp === TRUE) {
-			$e->setAttribute('regexp', 'true');
-		} elseif ($this->regexp === FALSE) {
-			$e->setAttribute('regexp', 'false');
-		}
-
-		return $e;
-	}
-
-}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index ad814918c9afcb41b0c9244c4442e13a05696a35..1635da3a9d9d5a4d64bc79631e0ae2c3bb026099 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -302,14 +302,14 @@ class SimpleSAML_Utilities {
 		$currentTime = time();
 	
 		if (! empty($start)) {
-			$startTime = self::parseSAML2Time($start);
+			$startTime = SAML2_Utils::parseSAML2Time($start);
 			/* Allow for a 10 minute difference in Time */
 			if (($startTime < 0) || (($startTime - 600) > $currentTime)) {
 				return FALSE;
 			}
 		}
 		if (! empty($end)) {
-			$endTime = self::parseSAML2Time($end);
+			$endTime = SAML2_Utils::parseSAML2Time($end);
 			if (($endTime < 0) || ($endTime <= $currentTime)) {
 				return FALSE;
 			}
@@ -337,55 +337,6 @@ class SimpleSAML_Utilities {
 	}
 
 
-	/* This function converts a SAML2 timestamp on the form
-	 * yyyy-mm-ddThh:mm:ss(\.s+)?Z to a UNIX timestamp. The sub-second
-	 * part is ignored.
-	 *
-	 * Andreas comments:
-	 *  I got this timestamp from Shibboleth 1.3 IdP: 2008-01-17T11:28:03.577Z
-	 *  Therefore I added to possibliity to have microseconds to the format.
-	 * Added: (\.\\d{1,3})? to the regex.
-	 *
-	 *
-	 * Parameters:
-	 *  $time     The time we should convert.
-	 *
-	 * Returns:
-	 *  $time converted to a unix timestamp.
-	 */
-	public static function parseSAML2Time($time) {
-		$matches = array();
-
-
-		/* We use a very strict regex to parse the timestamp. */
-		if(preg_match('/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)' .
-		              'T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)?Z$/D',
-		              $time, $matches) == 0) {
-			throw new Exception(
-				'Invalid SAML2 timestamp passed to' .
-				' parseSAML2Time: ' . $time);
-		}
-
-		/* Extract the different components of the time from the
-		 * matches in the regex. intval will ignore leading zeroes
-		 * in the string.
-		 */
-		$year = intval($matches[1]);
-		$month = intval($matches[2]);
-		$day = intval($matches[3]);
-		$hour = intval($matches[4]);
-		$minute = intval($matches[5]);
-		$second = intval($matches[6]);
-
-		/* We use gmmktime because the timestamp will always be given
-		 * in UTC.
-		 */
-		$ts = gmmktime($hour, $minute, $second, $month, $day, $year);
-
-		return $ts;
-	}
-
-
 	/**
 	 * Interpret a ISO8601 duration value relative to a given timestamp.
 	 *
diff --git a/lib/_autoload.php b/lib/_autoload.php
index 8e0ec7c123d2c51f811e11208b3ce74b9707eb49..ec9947970e270badedaf96895ad9cc14fb42c530 100644
--- a/lib/_autoload.php
+++ b/lib/_autoload.php
@@ -1,70 +1,22 @@
 <?php
 
 /**
- * This file implements a autoloader for simpleSAMLphp. This autoloader
- * will search for files under the simpleSAMLphp directory.
+ * This file is a backwards compatible autoloader for simpleSAMLphp.
+ * Loads the Composer autoloader.
  *
  * @author Olav Morken, UNINETT AS.
  * @package simpleSAMLphp
  * @version $Id$
  */
 
-
-/**
- * Autoload function for simpleSAMLphp.
- *
- * It will autoload all classes stored in the lib-directory.
- *
- * @param $className  The name of the class.
- */
-function SimpleSAML_autoload($className) {
-
-	$libDir = dirname(__FILE__) . '/';
-
-	/* Special handling for xmlseclibs.php. */
-	if(in_array($className, array('XMLSecurityKey', 'XMLSecurityDSig', 'XMLSecEnc'), TRUE)) {
-		require_once($libDir . 'xmlseclibs.php');
-		return;
-	}
-
-	/* Handlig of modules. */
-	if(substr($className, 0, 7) === 'sspmod_') {
-		$modNameEnd = strpos($className, '_', 7);
-		$module = substr($className, 7, $modNameEnd - 7);
-		$moduleClass = substr($className, $modNameEnd + 1);
-
-		if(!SimpleSAML_Module::isModuleEnabled($module)) {
-			return;
-		}
-
-		$file = SimpleSAML_Module::getModuleDir($module) . '/lib/' . str_replace('_', '/', $moduleClass) . '.php';
-	} else {
-		$file = $libDir . str_replace('_', '/', $className) . '.php';
-	}
-
-	if(file_exists($file)) {
-		require_once($file);
-	}
+// SSP is loaded as a separate project
+if (file_exists(dirname(dirname(__FILE__)) . '/vendor/autoload.php')) {
+	require_once dirname(dirname(__FILE__)) . '/vendor/autoload.php';
 }
-
-/* Register autoload function for simpleSAMLphp. */
-if(function_exists('spl_autoload_register')) {
-	/* Use the spl_autoload_register function if it is available. It should be available
-	 * for PHP versions >= 5.1.2.
-	 */
-	spl_autoload_register('SimpleSAML_autoload');
-} else {
-
-	/* spl_autoload_register is unavailable - let us hope that no one else uses the __autoload function. */
-
-	/**
-	 * Autoload function for those who don't have spl_autoload_register.
-	 *
-	 * @param $className  The name of the requested class.
-	 */
-	function __autoload($className) {
-		SimpleSAML_autoload($className);
-	}
+// SSP is loaded as a library.
+else if (file_exists(dirname(dirname(__FILE__)) . '/../../autoload.php')) {
+	require_once dirname(dirname(__FILE__)) . '/../../autoload.php';
+}
+else {
+	throw new Exception('Unable to load Composer autoloader');
 }
-
-?>
\ No newline at end of file
diff --git a/lib/_autoload_modules.php b/lib/_autoload_modules.php
new file mode 100644
index 0000000000000000000000000000000000000000..1ea5da05c330c99b9157713345ad5f5e8f8b6477
--- /dev/null
+++ b/lib/_autoload_modules.php
@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * This file implements a autoloader for simpleSAMLphp modules.
+ *
+ * @author Boy Baukema, SURFnet
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+/**
+ * Autoload function for simpleSAMLphp modules.
+ *
+ * @param string $className Name of the class.
+ */
+function SimpleSAML_autoload($className)
+{
+    $modulePrefixLength = strlen('sspmod_');
+    $classPrefix = substr($className, 0, $modulePrefixLength);
+    if ($classPrefix !== 'sspmod_') {
+        return;
+    }
+
+    $modNameEnd = strpos($className, '_', $modulePrefixLength);
+    $module = substr($className, $modulePrefixLength, $modNameEnd - $modulePrefixLength);
+    $moduleClass = substr($className, $modNameEnd + 1);
+
+    if (!SimpleSAML_Module::isModuleEnabled($module)) {
+        return;
+    }
+
+    $file = SimpleSAML_Module::getModuleDir($module) . '/lib/' . str_replace('_', '/', $moduleClass) . '.php';
+
+    if (file_exists($file)) {
+        require_once($file);
+    }
+}
+
+spl_autoload_register('SimpleSAML_autoload');
diff --git a/lib/xmlseclibs.php b/lib/xmlseclibs.php
deleted file mode 100644
index 75de0b64f0a1eb641001f2488380f208a9146bbc..0000000000000000000000000000000000000000
--- a/lib/xmlseclibs.php
+++ /dev/null
@@ -1,1768 +0,0 @@
-<?php
-/**
- * xmlseclibs.php
- *
- * Copyright (c) 2007-2010, Robert Richards <rrichards@cdatazone.org>.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *
- *   * Neither the name of Robert Richards nor the names of his
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- * @author     Robert Richards <rrichards@cdatazone.org>
- * @copyright  2007-2011 Robert Richards <rrichards@cdatazone.org>
- * @license    http://www.opensource.org/licenses/bsd-license.php  BSD License
- * @version    1.3.0
- */
-
-/*
-Functions to generate simple cases of Exclusive Canonical XML - Callable function is C14NGeneral()
-i.e.: $canonical = C14NGeneral($domelement, TRUE);
-*/
-
-/* helper function */
-function sortAndAddAttrs($element, $arAtts) {
-   $newAtts = array();
-   foreach ($arAtts AS $attnode) {
-      $newAtts[$attnode->nodeName] = $attnode;
-   }
-   ksort($newAtts);
-   foreach ($newAtts as $attnode) {
-      $element->setAttribute($attnode->nodeName, $attnode->nodeValue);
-   }
-}
-
-/* helper function */
-function canonical($tree, $element, $withcomments) {
-    if ($tree->nodeType != XML_DOCUMENT_NODE) {
-        $dom = $tree->ownerDocument;
-    } else {
-        $dom = $tree;
-    }
-    if ($element->nodeType != XML_ELEMENT_NODE) {
-        if ($element->nodeType == XML_DOCUMENT_NODE) {
-            foreach ($element->childNodes AS $node) {
-                canonical($dom, $node, $withcomments);
-            }
-            return;
-        }
-        if ($element->nodeType == XML_COMMENT_NODE && ! $withcomments) {
-            return;
-        }
-        $tree->appendChild($dom->importNode($element, TRUE));
-        return;
-    }
-    $arNS = array();
-    if ($element->namespaceURI != "") {
-        if ($element->prefix == "") {
-            $elCopy = $dom->createElementNS($element->namespaceURI, $element->nodeName);
-        } else {
-            $prefix = $tree->lookupPrefix($element->namespaceURI);
-            if ($prefix == $element->prefix) {
-                $elCopy = $dom->createElementNS($element->namespaceURI, $element->nodeName);
-            } else {
-                $elCopy = $dom->createElement($element->nodeName);
-                $arNS[$element->namespaceURI] = $element->prefix;
-            }
-        }
-    } else {
-        $elCopy = $dom->createElement($element->nodeName);
-    }
-    $tree->appendChild($elCopy);
-
-    /* Create DOMXPath based on original document */
-    $xPath = new DOMXPath($element->ownerDocument);
-
-    /* Get namespaced attributes */
-    $arAtts = $xPath->query('attribute::*[namespace-uri(.) != ""]', $element);
-
-    /* Create an array with namespace URIs as keys, and sort them */
-    foreach ($arAtts AS $attnode) {
-        if (array_key_exists($attnode->namespaceURI, $arNS) &&
-            ($arNS[$attnode->namespaceURI] == $attnode->prefix)) {
-            continue;
-        }
-        $prefix = $tree->lookupPrefix($attnode->namespaceURI);
-        if ($prefix != $attnode->prefix) {
-           $arNS[$attnode->namespaceURI] = $attnode->prefix;
-        } else {
-            $arNS[$attnode->namespaceURI] = NULL;
-        }
-    }
-    if (count($arNS) > 0) {
-        asort($arNS);
-    }
-
-    /* Add namespace nodes */
-    foreach ($arNS AS $namespaceURI=>$prefix) {
-        if ($prefix != NULL) {
-              $elCopy->setAttributeNS("http://www.w3.org/2000/xmlns/",
-                               "xmlns:".$prefix, $namespaceURI);
-        }
-    }
-    if (count($arNS) > 0) {
-        ksort($arNS);
-    }
-
-    /* Get attributes not in a namespace, and then sort and add them */
-    $arAtts = $xPath->query('attribute::*[namespace-uri(.) = ""]', $element);
-    sortAndAddAttrs($elCopy, $arAtts);
-
-    /* Loop through the URIs, and then sort and add attributes within that namespace */
-    foreach ($arNS as $nsURI=>$prefix) {
-       $arAtts = $xPath->query('attribute::*[namespace-uri(.) = "'.$nsURI.'"]', $element);
-       sortAndAddAttrs($elCopy, $arAtts);
-    }
-
-    foreach ($element->childNodes AS $node) {
-        canonical($elCopy, $node, $withcomments);
-    }
-}
-
-/*
-$element - DOMElement for which to produce the canonical version of
-$exclusive - boolean to indicate exclusive canonicalization (must pass TRUE)
-$withcomments - boolean indicating wether or not to include comments in canonicalized form
-*/
-function C14NGeneral($element, $exclusive=FALSE, $withcomments=FALSE) {
-    /* IF PHP 5.2+ then use built in canonical functionality */
-    $php_version = explode('.', PHP_VERSION);
-    if (($php_version[0] > 5) || ($php_version[0] == 5 && $php_version[1] >= 2) ) {
-        return $element->C14N($exclusive, $withcomments);
-    }
-
-    /* Must be element or document */
-    if (! $element instanceof DOMElement && ! $element instanceof DOMDocument) {
-        return NULL;
-    }
-    /* Currently only exclusive XML is supported */
-    if ($exclusive == FALSE) {
-        throw new Exception("Only exclusive canonicalization is supported in this version of PHP");
-    }
-
-    $copyDoc = new DOMDocument();
-    canonical($copyDoc, $element, $withcomments);
-    return $copyDoc->saveXML($copyDoc->documentElement, LIBXML_NOEMPTYTAG);
-}
-
-class XMLSecurityKey {
-    const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc';
-    const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc';
-    const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc';
-    const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
-    const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
-    const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
-    const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1';
-    const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
-    const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
-    const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384';
-    const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
-
-    private $cryptParams = array();
-    public $type = 0;
-    public $key = NULL;
-    public $passphrase = "";
-    public $iv = NULL;
-    public $name = NULL;
-    public $keyChain = NULL;
-    public $isEncrypted = FALSE;
-    public $encryptedCtx = NULL;
-    public $guid = NULL;
-
-    /**
-     * This variable contains the certificate as a string if this key represents an X509-certificate.
-     * If this key doesn't represent a certificate, this will be NULL.
-     */
-    private $x509Certificate = NULL;
-
-    /* This variable contains the certificate thunbprint if we have loaded an X509-certificate. */
-    private $X509Thumbprint = NULL;
-
-    public function __construct($type, $params=NULL) {
-        srand();
-        switch ($type) {
-            case (XMLSecurityKey::TRIPLEDES_CBC):
-                $this->cryptParams['library'] = 'mcrypt';
-                $this->cryptParams['cipher'] = MCRYPT_TRIPLEDES;
-                $this->cryptParams['mode'] = MCRYPT_MODE_CBC;
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc';
-                $this->cryptParams['keysize'] = 24;
-                break;
-            case (XMLSecurityKey::AES128_CBC):
-                $this->cryptParams['library'] = 'mcrypt';
-                $this->cryptParams['cipher'] = MCRYPT_RIJNDAEL_128;
-                $this->cryptParams['mode'] = MCRYPT_MODE_CBC;
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc';
-                $this->cryptParams['keysize'] = 16;
-                break;
-            case (XMLSecurityKey::AES192_CBC):
-                $this->cryptParams['library'] = 'mcrypt';
-                $this->cryptParams['cipher'] = MCRYPT_RIJNDAEL_128;
-                $this->cryptParams['mode'] = MCRYPT_MODE_CBC;
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc';
-                $this->cryptParams['keysize'] = 24;
-                break;
-            case (XMLSecurityKey::AES256_CBC):
-                $this->cryptParams['library'] = 'mcrypt';
-                $this->cryptParams['cipher'] = MCRYPT_RIJNDAEL_128;
-                $this->cryptParams['mode'] = MCRYPT_MODE_CBC;
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
-                $this->cryptParams['keysize'] = 32;
-                break;
-            case (XMLSecurityKey::RSA_1_5):
-                $this->cryptParams['library'] = 'openssl';
-                $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
-                if (is_array($params) && ! empty($params['type'])) {
-                    if ($params['type'] == 'public' || $params['type'] == 'private') {
-                        $this->cryptParams['type'] = $params['type'];
-                        break;
-                    }
-                }
-                throw new Exception('Certificate "type" (private/public) must be passed via parameters');
-                return;
-            case (XMLSecurityKey::RSA_OAEP_MGF1P):
-                $this->cryptParams['library'] = 'openssl';
-                $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING;
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
-                $this->cryptParams['hash'] = NULL;
-                if (is_array($params) && ! empty($params['type'])) {
-                    if ($params['type'] == 'public' || $params['type'] == 'private') {
-                        $this->cryptParams['type'] = $params['type'];
-                        break;
-                    }
-                }
-                throw new Exception('Certificate "type" (private/public) must be passed via parameters');
-                return;
-            case (XMLSecurityKey::RSA_SHA1):
-                $this->cryptParams['library'] = 'openssl';
-                $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
-                $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
-                if (is_array($params) && ! empty($params['type'])) {
-                    if ($params['type'] == 'public' || $params['type'] == 'private') {
-                        $this->cryptParams['type'] = $params['type'];
-                        break;
-                    }
-                }
-                throw new Exception('Certificate "type" (private/public) must be passed via parameters');
-                break;
-            case (XMLSecurityKey::RSA_SHA256):
-                $this->cryptParams['library'] = 'openssl';
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
-                $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
-                $this->cryptParams['digest'] = 'SHA256';
-                if (is_array($params) && ! empty($params['type'])) {
-                    if ($params['type'] == 'public' || $params['type'] == 'private') {
-                        $this->cryptParams['type'] = $params['type'];
-                        break;
-                    }
-                }
-                throw new Exception('Certificate "type" (private/public) must be passed via parameters');
-                break;
-            case (XMLSecurityKey::RSA_SHA384):
-                $this->cryptParams['library'] = 'openssl';
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384';
-                $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
-                $this->cryptParams['digest'] = 'SHA384';
-                if (is_array($params) && ! empty($params['type'])) {
-                    if ($params['type'] == 'public' || $params['type'] == 'private') {
-                        $this->cryptParams['type'] = $params['type'];
-                        break;
-                    }
-                }
-            case (XMLSecurityKey::RSA_SHA512):
-                $this->cryptParams['library'] = 'openssl';
-                $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
-                $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
-                $this->cryptParams['digest'] = 'SHA512';
-                if (is_array($params) && ! empty($params['type'])) {
-                    if ($params['type'] == 'public' || $params['type'] == 'private') {
-                        $this->cryptParams['type'] = $params['type'];
-                        break;
-                    }
-                }
-            default:
-                throw new Exception('Invalid Key Type');
-                return;
-        }
-        $this->type = $type;
-    }
-
-    /**
-     * Retrieve the key size for the symmetric encryption algorithm..
-     *
-     * If the key size is unknown, or this isn't a symmetric encryption algorithm,
-     * NULL is returned.
-     *
-     * @return int|NULL  The number of bytes in the key.
-     */
-    public function getSymmetricKeySize() {
-        if (! isset($this->cryptParams['keysize'])) {
-            return NULL;
-        }
-        return $this->cryptParams['keysize'];
-    }
-      
-    public function generateSessionKey() {
-        if (!isset($this->cryptParams['keysize'])) {
-            throw new Exception('Unknown key size for type "' . $this->type . '".');
-        }
-        $keysize = $this->cryptParams['keysize'];
-        
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            /* We have PHP >= 5.3 - use openssl to generate session key. */
-            $key = openssl_random_pseudo_bytes($keysize);
-        } else {
-            /* Generating random key using iv generation routines */
-            $key = mcrypt_create_iv($keysize, MCRYPT_RAND);
-        }
-        
-        if ($this->type === XMLSecurityKey::TRIPLEDES_CBC) {
-            /* Make sure that the generated key has the proper parity bits set.
-             * Mcrypt doesn't care about the parity bits, but others may care.
-            */
-            for ($i = 0; $i < strlen($key); $i++) {
-                $byte = ord($key[$i]) & 0xfe;
-                $parity = 1;
-                for ($j = 1; $j < 8; $j++) {
-                    $parity ^= ($byte >> $j) & 1;
-                }
-                $byte |= $parity;
-                $key[$i] = chr($byte);
-            }
-        }
-        
-        $this->key = $key;
-        return $key;
-    }
-
-    public static function getRawThumbprint($cert) {
-
-        $arCert = explode("\n", $cert);
-        $data = '';
-        $inData = FALSE;
-
-        foreach ($arCert AS $curData) {
-            if (! $inData) {
-                if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
-                    $inData = TRUE;
-                }
-            } else {
-                if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
-                    $inData = FALSE;
-                    break;
-                }
-                $data .= trim($curData);
-            }
-        }
-
-        if (! empty($data)) {
-            return strtolower(sha1(base64_decode($data)));
-        }
-
-        return NULL;
-    }
-
-    public function loadKey($key, $isFile=FALSE, $isCert = FALSE) {
-        if ($isFile) {
-            $this->key = file_get_contents($key);
-        } else {
-            $this->key = $key;
-        }
-        if ($isCert) {
-            $this->key = openssl_x509_read($this->key);
-            openssl_x509_export($this->key, $str_cert);
-            $this->x509Certificate = $str_cert;
-            $this->key = $str_cert;
-        } else {
-            $this->x509Certificate = NULL;
-        }
-        if ($this->cryptParams['library'] == 'openssl') {
-            if ($this->cryptParams['type'] == 'public') {
-                if ($isCert) {
-                    /* Load the thumbprint if this is an X509 certificate. */
-                    $this->X509Thumbprint = self::getRawThumbprint($this->key);
-                }
-                $this->key = openssl_get_publickey($this->key);
-            } else {
-                $this->key = openssl_get_privatekey($this->key, $this->passphrase);
-            }
-        } else if ($this->cryptParams['cipher'] == MCRYPT_RIJNDAEL_128) {
-            /* Check key length */
-            switch ($this->type) {
-                case (XMLSecurityKey::AES256_CBC):
-                    if (strlen($this->key) < 25) {
-                        throw new Exception('Key must contain at least 25 characters for this cipher');
-                    }
-                    break;
-                case (XMLSecurityKey::AES192_CBC):
-                    if (strlen($this->key) < 17) {
-                        throw new Exception('Key must contain at least 17 characters for this cipher');
-                    }
-                    break;
-            }
-        }
-    }
-
-    private function encryptMcrypt($data) {
-        $td = mcrypt_module_open($this->cryptParams['cipher'], '', $this->cryptParams['mode'], '');
-        $this->iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
-        mcrypt_generic_init($td, $this->key, $this->iv);
-        if ($this->cryptParams['mode'] == MCRYPT_MODE_CBC) {
-            $bs = mcrypt_enc_get_block_size($td);
-            for ($datalen0=$datalen=strlen($data); (($datalen%$bs)!=($bs-1)); $datalen++)
-                $data.=chr(rand(1, 127));
-            $data.=chr($datalen-$datalen0+1);
-        }
-        $encrypted_data = $this->iv.mcrypt_generic($td, $data);
-        mcrypt_generic_deinit($td);
-        mcrypt_module_close($td);
-        return $encrypted_data;
-    }
-
-    private function decryptMcrypt($data) {
-        $td = mcrypt_module_open($this->cryptParams['cipher'], '', $this->cryptParams['mode'], '');
-        $iv_length = mcrypt_enc_get_iv_size($td);
-
-        $this->iv = substr($data, 0, $iv_length);
-        $data = substr($data, $iv_length);
-
-        mcrypt_generic_init($td, $this->key, $this->iv);
-        $decrypted_data = mdecrypt_generic($td, $data);
-        mcrypt_generic_deinit($td);
-        mcrypt_module_close($td);
-        if ($this->cryptParams['mode'] == MCRYPT_MODE_CBC) {
-            $dataLen = strlen($decrypted_data);
-            $paddingLength = substr($decrypted_data, $dataLen - 1, 1);
-            $decrypted_data = substr($decrypted_data, 0, $dataLen - ord($paddingLength));
-        }
-        return $decrypted_data;
-    }
-
-    private function encryptOpenSSL($data) {
-        if ($this->cryptParams['type'] == 'public') {
-            if (! openssl_public_encrypt($data, $encrypted_data, $this->key, $this->cryptParams['padding'])) {
-                throw new Exception('Failure encrypting Data');
-                return;
-            }
-        } else {
-            if (! openssl_private_encrypt($data, $encrypted_data, $this->key, $this->cryptParams['padding'])) {
-                throw new Exception('Failure encrypting Data');
-                return;
-            }
-        }
-        return $encrypted_data;
-    }
-
-    private function decryptOpenSSL($data) {
-        if ($this->cryptParams['type'] == 'public') {
-            if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
-                throw new Exception('Failure decrypting Data');
-                return;
-            }
-        } else {
-            if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
-                throw new Exception('Failure decrypting Data');
-                return;
-            }
-        }
-        return $decrypted;
-    }
-
-    private function signOpenSSL($data) {
-	    $algo = OPENSSL_ALGO_SHA1;
-	    if (! empty($this->cryptParams['digest'])) {
-	        $algo = $this->cryptParams['digest'];
-	    }
-        if (! openssl_sign ($data, $signature, $this->key, $algo)) {
-            throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo);
-            return;
-        }
-        return $signature;
-    }
-
-    private function verifyOpenSSL($data, $signature) {
-	    $algo = OPENSSL_ALGO_SHA1;
-	    if (! empty($this->cryptParams['digest'])) {
-	        $algo = $this->cryptParams['digest'];
-	    }
-        return openssl_verify ($data, $signature, $this->key, $algo);
-    }
-
-    public function encryptData($data) {
-        switch ($this->cryptParams['library']) {
-            case 'mcrypt':
-                return $this->encryptMcrypt($data);
-                break;
-            case 'openssl':
-                return $this->encryptOpenSSL($data);
-                break;
-        }
-    }
-
-    public function decryptData($data) {
-        switch ($this->cryptParams['library']) {
-            case 'mcrypt':
-                return $this->decryptMcrypt($data);
-                break;
-            case 'openssl':
-                return $this->decryptOpenSSL($data);
-                break;
-        }
-    }
-
-    public function signData($data) {
-        switch ($this->cryptParams['library']) {
-            case 'openssl':
-                return $this->signOpenSSL($data);
-                break;
-        }
-    }
-
-    public function verifySignature($data, $signature) {
-        switch ($this->cryptParams['library']) {
-            case 'openssl':
-                return $this->verifyOpenSSL($data, $signature);
-                break;
-        }
-    }
-
-    public function getAlgorith() {
-        return $this->cryptParams['method'];
-    }
-
-    static function makeAsnSegment($type, $string) {
-        switch ($type){
-            case 0x02:
-                if (ord($string) > 0x7f)
-                    $string = chr(0).$string;
-                break;
-            case 0x03:
-                $string = chr(0).$string;
-                break;
-        }
-
-        $length = strlen($string);
-
-        if ($length < 128){
-           $output = sprintf("%c%c%s", $type, $length, $string);
-        } else if ($length < 0x0100){
-           $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string);
-        } else if ($length < 0x010000) {
-           $output = sprintf("%c%c%c%c%s", $type, 0x82, $length/0x0100, $length%0x0100, $string);
-        } else {
-            $output = NULL;
-        }
-        return($output);
-    }
-
-    /* Modulus and Exponent must already be base64 decoded */
-    static function convertRSA($modulus, $exponent) {
-        /* make an ASN publicKeyInfo */
-        $exponentEncoding = XMLSecurityKey::makeAsnSegment(0x02, $exponent);
-        $modulusEncoding = XMLSecurityKey::makeAsnSegment(0x02, $modulus);
-        $sequenceEncoding = XMLSecurityKey:: makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding);
-        $bitstringEncoding = XMLSecurityKey::makeAsnSegment(0x03, $sequenceEncoding);
-        $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500");
-        $publicKeyInfo = XMLSecurityKey::makeAsnSegment (0x30, $rsaAlgorithmIdentifier.$bitstringEncoding);
-
-        /* encode the publicKeyInfo in base64 and add PEM brackets */
-        $publicKeyInfoBase64 = base64_encode($publicKeyInfo);
-        $encoding = "-----BEGIN PUBLIC KEY-----\n";
-        $offset = 0;
-        while ($segment=substr($publicKeyInfoBase64, $offset, 64)){
-           $encoding = $encoding.$segment."\n";
-           $offset += 64;
-        }
-        return $encoding."-----END PUBLIC KEY-----\n";
-    }
-
-    public function serializeKey($parent) {
-
-    }
-    
-
-
-    /**
-     * Retrieve the X509 certificate this key represents.
-     *
-     * Will return the X509 certificate in PEM-format if this key represents
-     * an X509 certificate.
-     *
-     * @return  The X509 certificate or NULL if this key doesn't represent an X509-certificate.
-     */
-    public function getX509Certificate() {
-        return $this->x509Certificate;
-    }
-
-    /* Get the thumbprint of this X509 certificate.
-     *
-     * Returns:
-     *  The thumbprint as a lowercase 40-character hexadecimal number, or NULL
-     *  if this isn't a X509 certificate.
-     */
-    public function getX509Thumbprint() {
-        return $this->X509Thumbprint;
-    }
-
-
-    /**
-     * Create key from an EncryptedKey-element.
-     *
-     * @param DOMElement $element  The EncryptedKey-element.
-     * @return XMLSecurityKey  The new key.
-     */
-    public static function fromEncryptedKeyElement(DOMElement $element) {
-
-        $objenc = new XMLSecEnc();
-        $objenc->setNode($element);
-        if (! $objKey = $objenc->locateKey()) {
-            throw new Exception("Unable to locate algorithm for this Encrypted Key");
-        }
-        $objKey->isEncrypted = TRUE;
-        $objKey->encryptedCtx = $objenc;
-        XMLSecEnc::staticLocateKeyInfo($objKey, $element);
-        return $objKey;
-    }
-
-}
-
-class XMLSecurityDSig {
-    const XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#';
-    const SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1';
-    const SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256';
-    const SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384';
-    const SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512';
-    const RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160';
-
-    const C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
-    const C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments';
-    const EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#';
-    const EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments';
-
-    const template = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <ds:SignedInfo>
-    <ds:SignatureMethod />
-  </ds:SignedInfo>
-</ds:Signature>';
-
-    public $sigNode = NULL;
-    public $idKeys = array();
-    public $idNS = array();
-    private $signedInfo = NULL;
-    private $xPathCtx = NULL;
-    private $canonicalMethod = NULL;
-    private $prefix = 'ds';
-    private $searchpfx = 'secdsig';
-
-    /* This variable contains an associative array of validated nodes. */
-    private $validatedNodes = NULL;
-
-    public function __construct() {
-        $sigdoc = new DOMDocument();
-        $sigdoc->loadXML(XMLSecurityDSig::template);
-        $this->sigNode = $sigdoc->documentElement;
-    }
-
-    private function resetXPathObj() {
-        $this->xPathCtx = NULL;
-    }
-	
-    private function getXPathObj() {
-        if (empty($this->xPathCtx) && ! empty($this->sigNode)) {
-            $xpath = new DOMXPath($this->sigNode->ownerDocument);
-            $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-            $this->xPathCtx = $xpath;
-        }
-        return $this->xPathCtx;
-    }
-
-    static function generate_GUID($prefix='pfx') {
-        $uuid = md5(uniqid(rand(), true));
-        $guid =  $prefix.substr($uuid,0,8)."-".
-                substr($uuid,8,4)."-".
-                substr($uuid,12,4)."-".
-                substr($uuid,16,4)."-".
-                substr($uuid,20,12);
-        return $guid;
-    }
-
-    public function locateSignature($objDoc) {
-        if ($objDoc instanceof DOMDocument) {
-            $doc = $objDoc;
-        } else {
-            $doc = $objDoc->ownerDocument;
-        }
-        if ($doc) {
-            $xpath = new DOMXPath($doc);
-            $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-            $query = ".//secdsig:Signature";
-            $nodeset = $xpath->query($query, $objDoc);
-            $this->sigNode = $nodeset->item(0);
-            return $this->sigNode;
-        }
-        return NULL;
-    }
-
-    public function createNewSignNode($name, $value=NULL) {
-        $doc = $this->sigNode->ownerDocument;
-        if (! is_null($value)) {
-            $node = $doc->createElementNS(XMLSecurityDSig::XMLDSIGNS, $this->prefix.':'.$name, $value);
-        } else {
-            $node = $doc->createElementNS(XMLSecurityDSig::XMLDSIGNS, $this->prefix.':'.$name);
-        }
-        return $node;
-    }
-
-    public function setCanonicalMethod($method) {
-        switch ($method) {
-            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
-            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
-            case 'http://www.w3.org/2001/10/xml-exc-c14n#':
-            case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
-                $this->canonicalMethod = $method;
-                break;
-            default:
-                throw new Exception('Invalid Canonical Method');
-        }
-        if ($xpath = $this->getXPathObj()) {
-            $query = './'.$this->searchpfx.':SignedInfo';
-            $nodeset = $xpath->query($query, $this->sigNode);
-            if ($sinfo = $nodeset->item(0)) {
-                $query = './'.$this->searchpfx.'CanonicalizationMethod';
-                $nodeset = $xpath->query($query, $sinfo);
-                if (! ($canonNode = $nodeset->item(0))) {
-                    $canonNode = $this->createNewSignNode('CanonicalizationMethod');
-                    $sinfo->insertBefore($canonNode, $sinfo->firstChild);
-                }
-                $canonNode->setAttribute('Algorithm', $this->canonicalMethod);
-            }
-        }
-    }
-
-    private function canonicalizeData($node, $canonicalmethod, $arXPath=NULL, $prefixList=NULL) {
-        $exclusive = FALSE;
-        $withComments = FALSE;
-        switch ($canonicalmethod) {
-            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
-                $exclusive = FALSE;
-                $withComments = FALSE;
-                break;
-            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
-                $withComments = TRUE;
-                break;
-            case 'http://www.w3.org/2001/10/xml-exc-c14n#':
-                $exclusive = TRUE;
-                break;
-            case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
-                $exclusive = TRUE;
-                $withComments = TRUE;
-                break;
-        }
-/* Support PHP versions < 5.2 not containing C14N methods in DOM extension */
-        $php_version = explode('.', PHP_VERSION);
-        if (($php_version[0] < 5) || ($php_version[0] == 5 && $php_version[1] < 2) ) {
-            if (! is_null($arXPath)) {
-                throw new Exception("PHP 5.2.0 or higher is required to perform XPath Transformations");
-            }
-            return C14NGeneral($node, $exclusive, $withComments);
-        }
-        return $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
-    }
-
-    public function canonicalizeSignedInfo() {
-
-        $doc = $this->sigNode->ownerDocument;
-        $canonicalmethod = NULL;
-        if ($doc) {
-            $xpath = $this->getXPathObj();
-            $query = "./secdsig:SignedInfo";
-            $nodeset = $xpath->query($query, $this->sigNode);
-            if ($signInfoNode = $nodeset->item(0)) {
-                $query = "./secdsig:CanonicalizationMethod";
-                $nodeset = $xpath->query($query, $signInfoNode);
-                if ($canonNode = $nodeset->item(0)) {
-                    $canonicalmethod = $canonNode->getAttribute('Algorithm');
-                }
-                $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod);
-                return $this->signedInfo;
-            }
-        }
-        return NULL;
-    }
-
-    public function calculateDigest ($digestAlgorithm, $data) {
-        switch ($digestAlgorithm) {
-            case XMLSecurityDSig::SHA1:
-                $alg = 'sha1';
-                break;
-            case XMLSecurityDSig::SHA256:
-                $alg = 'sha256';
-                break;
-            case XMLSecurityDSig::SHA384:
-                $alg = 'sha384';
-                break;
-            case XMLSecurityDSig::SHA512:
-                $alg = 'sha512';
-                break;
-            case XMLSecurityDSig::RIPEMD160:
-                $alg = 'ripemd160';
-                break;
-            default:
-                throw new Exception("Cannot validate digest: Unsupported Algorith <$digestAlgorithm>");
-        }
-        if (function_exists('hash')) {
-            return base64_encode(hash($alg, $data, TRUE));
-        } elseif (function_exists('mhash')) {
-            $alg = "MHASH_" . strtoupper($alg);
-            return base64_encode(mhash(constant($alg), $data));
-        } elseif ($alg === 'sha1') {
-            return base64_encode(sha1($data, TRUE));
-        } else {
-            throw new Exception('xmlseclibs is unable to calculate a digest. Maybe you need the mhash library?');
-        }
-    }
-
-    public function validateDigest($refNode, $data) {
-        $xpath = new DOMXPath($refNode->ownerDocument);
-        $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-        $query = 'string(./secdsig:DigestMethod/@Algorithm)';
-        $digestAlgorithm = $xpath->evaluate($query, $refNode);
-        $digValue = $this->calculateDigest($digestAlgorithm, $data);
-        $query = 'string(./secdsig:DigestValue)';
-        $digestValue = $xpath->evaluate($query, $refNode);
-        return ($digValue == $digestValue);
-    }
-
-    public function processTransforms($refNode, $objData, $includeCommentNodes = TRUE) {
-        $data = $objData;
-        $xpath = new DOMXPath($refNode->ownerDocument);
-        $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-        $query = './secdsig:Transforms/secdsig:Transform';
-        $nodelist = $xpath->query($query, $refNode);
-        $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
-        $arXPath = NULL;
-        $prefixList = NULL;
-        foreach ($nodelist AS $transform) {
-            $algorithm = $transform->getAttribute("Algorithm");
-            switch ($algorithm) {
-                case 'http://www.w3.org/2001/10/xml-exc-c14n#':
-                case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
-
-                    if(!$includeCommentNodes) {
-                        /* We remove comment nodes by forcing it to use a canonicalization
-                         * without comments.
-                         */
-                        $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#';
-                    } else {
-                        $canonicalMethod = $algorithm;
-                    }
-
-                    $node = $transform->firstChild;
-                    while ($node) {
-                        if ($node->localName == 'InclusiveNamespaces') {
-                            if ($pfx = $node->getAttribute('PrefixList')) {
-                                $arpfx = array();
-                                $pfxlist = explode(" ", $pfx);
-                                foreach ($pfxlist AS $pfx) {
-                                    $val = trim($pfx);
-                                    if (! empty($val)) {
-                                        $arpfx[] = $val;
-                                    }
-                                }
-                                if (count($arpfx) > 0) {
-                                    $prefixList = $arpfx;
-                                }
-                            }
-                            break;
-                        }
-                        $node = $node->nextSibling;
-                    }
-		    break;
-                case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
-                case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
-                    if(!$includeCommentNodes) {
-                        /* We remove comment nodes by forcing it to use a canonicalization
-                         * without comments.
-                         */
-                        $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
-                    } else {
-                        $canonicalMethod = $algorithm;
-                    }
-
-                    break;
-                case 'http://www.w3.org/TR/1999/REC-xpath-19991116':
-                    $node = $transform->firstChild;
-                    while ($node) {
-                        if ($node->localName == 'XPath') {
-                            $arXPath = array();
-                            $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']';
-                            $arXpath['namespaces'] = array();
-                            $nslist = $xpath->query('./namespace::*', $node);
-                            foreach ($nslist AS $nsnode) {
-                                if ($nsnode->localName != "xml") {
-                                    $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue;
-                                }
-                            }
-                            break;
-                        }
-                        $node = $node->nextSibling;
-                    }
-                    break;
-            }
-        }
-        if ($data instanceof DOMNode) {
-            $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList);
-        }
-        return $data;
-    }
-
-    public function processRefNode($refNode) {
-        $dataObject = NULL;
-
-        /*
-         * Depending on the URI, we may not want to include comments in the result
-         * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel
-         */
-        $includeCommentNodes = TRUE;
-
-        if ($uri = $refNode->getAttribute("URI")) {
-            $arUrl = parse_url($uri);
-            if (empty($arUrl['path'])) {
-                if ($identifier = $arUrl['fragment']) {
-
-                    /* This reference identifies a node with the given id by using
-                     * a URI on the form "#identifier". This should not include comments.
-                     */
-                    $includeCommentNodes = FALSE;
-
-                    $xPath = new DOMXPath($refNode->ownerDocument);
-                    if ($this->idNS && is_array($this->idNS)) {
-                        foreach ($this->idNS AS $nspf=>$ns) {
-                            $xPath->registerNamespace($nspf, $ns);
-                        }
-                    }
-                    $iDlist = '@Id="'.$identifier.'"';
-                    if (is_array($this->idKeys)) {
-                        foreach ($this->idKeys AS $idKey) {
-                            $iDlist .= " or @$idKey='$identifier'";
-                        }
-                    }
-                    $query = '//*['.$iDlist.']';
-                    $dataObject = $xPath->query($query)->item(0);
-                } else {
-                    $dataObject = $refNode->ownerDocument;
-                }
-            } else {
-                $dataObject = file_get_contents($arUrl);
-            }
-        } else {
-            /* This reference identifies the root node with an empty URI. This should
-             * not include comments.
-             */
-            $includeCommentNodes = FALSE;
-
-            $dataObject = $refNode->ownerDocument;
-        }
-        $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes);
-        if (!$this->validateDigest($refNode, $data)) {
-            return FALSE;
-        }
-
-        if ($dataObject instanceof DOMNode) {
-            /* Add this node to the list of validated nodes. */
-            if(! empty($identifier)) {
-                $this->validatedNodes[$identifier] = $dataObject;
-            } else {
-                $this->validatedNodes[] = $dataObject;
-            }
-        }
-
-        return TRUE;
-    }
-
-    public function getRefNodeID($refNode) {
-        if ($uri = $refNode->getAttribute("URI")) {
-            $arUrl = parse_url($uri);
-            if (empty($arUrl['path'])) {
-                if ($identifier = $arUrl['fragment']) {
-                    return $identifier;
-                }
-            }
-        }
-        return null;
-    }
-
-    public function getRefIDs() {
-        $refids = array();
-        $doc = $this->sigNode->ownerDocument;
-
-        $xpath = $this->getXPathObj();
-        $query = "./secdsig:SignedInfo/secdsig:Reference";
-        $nodeset = $xpath->query($query, $this->sigNode);
-        if ($nodeset->length == 0) {
-            throw new Exception("Reference nodes not found");
-        }
-        foreach ($nodeset AS $refNode) {
-            $refids[] = $this->getRefNodeID($refNode);
-        }
-        return $refids;
-    }
-
-    public function validateReference() {
-        $doc = $this->sigNode->ownerDocument;
-        if (! $doc->isSameNode($this->sigNode)) {
-            $this->sigNode->parentNode->removeChild($this->sigNode);
-        }
-        $xpath = $this->getXPathObj();
-        $query = "./secdsig:SignedInfo/secdsig:Reference";
-        $nodeset = $xpath->query($query, $this->sigNode);
-        if ($nodeset->length == 0) {
-            throw new Exception("Reference nodes not found");
-        }
-        
-        /* Initialize/reset the list of validated nodes. */
-        $this->validatedNodes = array();
-        
-        foreach ($nodeset AS $refNode) {
-            if (! $this->processRefNode($refNode)) {
-                /* Clear the list of validated nodes. */
-                $this->validatedNodes = NULL;
-                throw new Exception("Reference validation failed");
-            }
-        }
-        return TRUE;
-    }
-
-    private function addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=NULL, $options=NULL) {
-        $prefix = NULL;
-        $prefix_ns = NULL;
-        $id_name = 'Id';
-        $overwrite_id  = TRUE;
-        $force_uri = FALSE;
-
-        if (is_array($options)) {
-            $prefix = empty($options['prefix'])?NULL:$options['prefix'];
-            $prefix_ns = empty($options['prefix_ns'])?NULL:$options['prefix_ns'];
-            $id_name = empty($options['id_name'])?'Id':$options['id_name'];
-            $overwrite_id = !isset($options['overwrite'])?TRUE:(bool)$options['overwrite'];
-            $force_uri = !isset($options['force_uri'])?FALSE:(bool)$options['force_uri'];
-        }
-
-        $attname = $id_name;
-        if (! empty($prefix)) {
-            $attname = $prefix.':'.$attname;
-        }
-
-        $refNode = $this->createNewSignNode('Reference');
-        $sinfoNode->appendChild($refNode);
-
-        if (! $node instanceof DOMDocument) {
-            $uri = NULL;
-            if (! $overwrite_id) {
-                $uri = $node->getAttributeNS($prefix_ns, $attname);
-            }
-            if (empty($uri)) {
-                $uri = XMLSecurityDSig::generate_GUID();
-                $node->setAttributeNS($prefix_ns, $attname, $uri);
-            }
-            $refNode->setAttribute("URI", '#'.$uri);
-        } elseif ($force_uri) {
-            $refNode->setAttribute("URI", '');
-        }
-
-        $transNodes = $this->createNewSignNode('Transforms');
-        $refNode->appendChild($transNodes);
-
-        if (is_array($arTransforms)) {
-            foreach ($arTransforms AS $transform) {
-                $transNode = $this->createNewSignNode('Transform');
-                $transNodes->appendChild($transNode);
-                if (is_array($transform) && 
-                    (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) && 
-                    (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) {
-                    $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116');
-                    $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']);
-                    $transNode->appendChild($XPathNode);
-                    if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) {
-                        foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) {
-                            $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace);
-                        }
-                    }
-                } else {
-                    $transNode->setAttribute('Algorithm', $transform);
-                }
-            }
-        } elseif (! empty($this->canonicalMethod)) {
-            $transNode = $this->createNewSignNode('Transform');
-            $transNodes->appendChild($transNode);
-            $transNode->setAttribute('Algorithm', $this->canonicalMethod);
-        }
-
-        $canonicalData = $this->processTransforms($refNode, $node);
-        $digValue = $this->calculateDigest($algorithm, $canonicalData);
-
-        $digestMethod = $this->createNewSignNode('DigestMethod');
-        $refNode->appendChild($digestMethod);
-        $digestMethod->setAttribute('Algorithm', $algorithm);
-
-        $digestValue = $this->createNewSignNode('DigestValue', $digValue);
-        $refNode->appendChild($digestValue);
-    }
-
-    public function addReference($node, $algorithm, $arTransforms=NULL, $options=NULL) {
-        if ($xpath = $this->getXPathObj()) {
-            $query = "./secdsig:SignedInfo";
-            $nodeset = $xpath->query($query, $this->sigNode);
-            if ($sInfo = $nodeset->item(0)) {
-                $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
-            }
-        }
-    }
-
-    public function addReferenceList($arNodes, $algorithm, $arTransforms=NULL, $options=NULL) {
-        if ($xpath = $this->getXPathObj()) {
-            $query = "./secdsig:SignedInfo";
-            $nodeset = $xpath->query($query, $this->sigNode);
-            if ($sInfo = $nodeset->item(0)) {
-                foreach ($arNodes AS $node) {
-                    $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
-                }
-            }
-        }
-    }
-
-   public function addObject($data, $mimetype=NULL, $encoding=NULL) {
-      $objNode = $this->createNewSignNode('Object');
-      $this->sigNode->appendChild($objNode);
-      if (! empty($mimetype)) {
-         $objNode->setAtribute('MimeType', $mimetype);
-      }
-      if (! empty($encoding)) {
-         $objNode->setAttribute('Encoding', $encoding);
-      }
-
-      if ($data instanceof DOMElement) {
-         $newData = $this->sigNode->ownerDocument->importNode($data, TRUE);
-      } else {
-         $newData = $this->sigNode->ownerDocument->createTextNode($data);
-      }
-      $objNode->appendChild($newData);
-
-      return $objNode;
-   }
-
-    public function locateKey($node=NULL) {
-        if (empty($node)) {
-            $node = $this->sigNode;
-        }
-        if (! $node instanceof DOMNode) {
-            return NULL;
-        }
-        if ($doc = $node->ownerDocument) {
-            $xpath = new DOMXPath($doc);
-            $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-            $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)";
-            $algorithm = $xpath->evaluate($query, $node);
-            if ($algorithm) {
-                try {
-                    $objKey = new XMLSecurityKey($algorithm, array('type'=>'public'));
-                } catch (Exception $e) {
-                    return NULL;
-                }
-                return $objKey;
-            }
-        }
-        return NULL;
-    }
-
-    public function verify($objKey) {
-        $doc = $this->sigNode->ownerDocument;
-        $xpath = new DOMXPath($doc);
-        $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-        $query = "string(./secdsig:SignatureValue)";
-        $sigValue = $xpath->evaluate($query, $this->sigNode);
-        if (empty($sigValue)) {
-            throw new Exception("Unable to locate SignatureValue");
-        }
-        return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue));
-    }
-
-    public function signData($objKey, $data) {
-        return $objKey->signData($data);
-    }
-
-    public function sign($objKey, $appendToNode = NULL) {
-        // If we have a parent node append it now so C14N properly works
-        if ($appendToNode != NULL) {
-            $this->resetXPathObj();
-            $this->appendSignature($appendToNode);
-            $this->sigNode = $appendToNode->lastChild;
-        }
-        if ($xpath = $this->getXPathObj()) {
-            $query = "./secdsig:SignedInfo";
-            $nodeset = $xpath->query($query, $this->sigNode);
-            if ($sInfo = $nodeset->item(0)) {
-                $query = "./secdsig:SignatureMethod";
-                $nodeset = $xpath->query($query, $sInfo);
-                $sMethod = $nodeset->item(0);
-                $sMethod->setAttribute('Algorithm', $objKey->type);
-                $data = $this->canonicalizeData($sInfo, $this->canonicalMethod);
-                $sigValue = base64_encode($this->signData($objKey, $data));
-                $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue);
-                if ($infoSibling = $sInfo->nextSibling) {
-                    $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling);
-                } else {
-                    $this->sigNode->appendChild($sigValueNode);
-                }
-            }
-        }
-    }
-
-    public function appendCert() {
-
-    }
-
-    public function appendKey($objKey, $parent=NULL) {
-        $objKey->serializeKey($parent);
-    }
-
-
-    /**
-     * This function inserts the signature element.
-     *
-     * The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode
-     * is specified, the signature element will be inserted as the last element before $beforeNode.
-     *
-     * @param $node  The node the signature element should be inserted into.
-     * @param $beforeNode  The node the signature element should be located before.
-     * 
-     * @return DOMNode The signature element node
-     */
-    public function insertSignature($node, $beforeNode = NULL) {
-
-        $document = $node->ownerDocument;
-        $signatureElement = $document->importNode($this->sigNode, TRUE);
-
-        if($beforeNode == NULL) {
-            return $node->insertBefore($signatureElement);
-        } else {
-            return $node->insertBefore($signatureElement, $beforeNode);
-        }
-    }
-
-    public function appendSignature($parentNode, $insertBefore = FALSE) {
-        $beforeNode = $insertBefore ? $parentNode->firstChild : NULL;
-        return $this->insertSignature($parentNode, $beforeNode);
-    }
-
-    static function get509XCert($cert, $isPEMFormat=TRUE) {
-        $certs = XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat);
-        if (! empty($certs)) {
-            return $certs[0];
-        }
-        return '';
-    }
-
-    static function staticGet509XCerts($certs, $isPEMFormat=TRUE) {
-        if ($isPEMFormat) {
-            $data = '';
-            $certlist = array();
-            $arCert = explode("\n", $certs);
-            $inData = FALSE;
-            foreach ($arCert AS $curData) {
-                if (! $inData) {
-                    if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
-                        $inData = TRUE;
-                    }
-                } else {
-                    if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
-                        $inData = FALSE;
-                        $certlist[] = $data;
-                        $data = '';
-                        continue;
-                    }
-                    $data .= trim($curData);
-                }
-            }
-            return $certlist;
-        } else {
-            return array($certs);
-        }
-    }
-
-    static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=TRUE, $isURL=False, $xpath=NULL) {
-          if ($isURL) {
-            $cert = file_get_contents($cert);
-          }
-          if (! $parentRef instanceof DOMElement) {
-            throw new Exception('Invalid parent Node parameter');
-          }
-          $baseDoc = $parentRef->ownerDocument;
-
-          if (empty($xpath)) {
-              $xpath = new DOMXPath($parentRef->ownerDocument);
-              $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
-          }
-
-         $query = "./secdsig:KeyInfo";
-         $nodeset = $xpath->query($query, $parentRef);
-         $keyInfo = $nodeset->item(0);
-         if (! $keyInfo) {
-              $inserted = FALSE;
-              $keyInfo = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:KeyInfo');
-
-               $query = "./secdsig:Object";
-               $nodeset = $xpath->query($query, $parentRef);
-               if ($sObject = $nodeset->item(0)) {
-                    $sObject->parentNode->insertBefore($keyInfo, $sObject);
-                    $inserted = TRUE;
-               }
-
-              if (! $inserted) {
-                   $parentRef->appendChild($keyInfo);
-              }
-         }
-
-         // Add all certs if there are more than one
-         $certs = XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat);
-
-         // Atach X509 data node
-         $x509DataNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
-         $keyInfo->appendChild($x509DataNode);
-
-         // Atach all certificate nodes
-         foreach ($certs as $X509Cert){
-            $x509CertNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Certificate', $X509Cert);
-         $x509DataNode->appendChild($x509CertNode);
-         }
-     }
-
-    public function add509Cert($cert, $isPEMFormat=TRUE, $isURL=False) {
-         if ($xpath = $this->getXPathObj()) {
-            self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath);
-         }
-    }
-    
-    /* This function retrieves an associative array of the validated nodes.
-     *
-     * The array will contain the id of the referenced node as the key and the node itself
-     * as the value.
-     *
-     * Returns:
-     *  An associative array of validated nodes or NULL if no nodes have been validated.
-     */
-    public function getValidatedNodes() {
-        return $this->validatedNodes;
-    }
-}
-
-class XMLSecEnc {
-    const template = "<xenc:EncryptedData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
-   <xenc:CipherData>
-      <xenc:CipherValue></xenc:CipherValue>
-   </xenc:CipherData>
-</xenc:EncryptedData>";
-
-    const Element = 'http://www.w3.org/2001/04/xmlenc#Element';
-    const Content = 'http://www.w3.org/2001/04/xmlenc#Content';
-    const URI = 3;
-    const XMLENCNS = 'http://www.w3.org/2001/04/xmlenc#';
-
-    private $encdoc = NULL;
-    private $rawNode = NULL;
-    public $type = NULL;
-    public $encKey = NULL;
-    private $references = array();
-
-    public function __construct() {
-        $this->_resetTemplate();
-    }
-
-    private function _resetTemplate(){
-        $this->encdoc = new DOMDocument();
-        $this->encdoc->loadXML(XMLSecEnc::template);
-    }
-
-    public function addReference($name, $node, $type) {
-	    if (! $node instanceOf DOMNode) {
-	        throw new Exception('$node is not of type DOMNode');
-	    }
-        $curencdoc = $this->encdoc;
-        $this->_resetTemplate();
-        $encdoc = $this->encdoc;
-        $this->encdoc = $curencdoc;
-        $refuri = XMLSecurityDSig::generate_GUID();
-        $element = $encdoc->documentElement;
-        $element->setAttribute("Id", $refuri);
-	    $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri);
-    }
-
-    public function setNode($node) {
-        $this->rawNode = $node;
-    }
-
-    public function encryptNode($objKey, $replace=TRUE) {
-        $data = '';
-        if (empty($this->rawNode)) {
-            throw new Exception('Node to encrypt has not been set');
-        }
-        if (! $objKey instanceof XMLSecurityKey) {
-            throw new Exception('Invalid Key');
-        }
-        $doc = $this->rawNode->ownerDocument;
-        $xPath = new DOMXPath($this->encdoc);
-        $objList = $xPath->query('/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue');
-        $cipherValue = $objList->item(0);
-        if ($cipherValue == NULL) {
-            throw new Exception('Error locating CipherValue element within template');
-        }
-        switch ($this->type) {
-            case (XMLSecEnc::Element):
-                $data = $doc->saveXML($this->rawNode);
-                $this->encdoc->documentElement->setAttribute('Type', XMLSecEnc::Element);
-                break;
-            case (XMLSecEnc::Content):
-                $children = $this->rawNode->childNodes;
-                foreach ($children AS $child) {
-                    $data .= $doc->saveXML($child);
-                }
-                $this->encdoc->documentElement->setAttribute('Type', XMLSecEnc::Content);
-                break;
-            default:
-                throw new Exception('Type is currently not supported');
-                return;
-        }
-
-        $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:EncryptionMethod'));
-        $encMethod->setAttribute('Algorithm', $objKey->getAlgorith());
-        $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild);
-
-        $strEncrypt = base64_encode($objKey->encryptData($data));
-        $value = $this->encdoc->createTextNode($strEncrypt);
-        $cipherValue->appendChild($value);
-
-        if ($replace) {
-            switch ($this->type) {
-                case (XMLSecEnc::Element):
-                    if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
-                        return $this->encdoc;
-                    }
-                    $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, TRUE);
-                    $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
-                    return $importEnc;
-                    break;
-                case (XMLSecEnc::Content):
-                    $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, TRUE);
-                    while($this->rawNode->firstChild) {
-                        $this->rawNode->removeChild($this->rawNode->firstChild);
-                    }
-                    $this->rawNode->appendChild($importEnc);
-                    return $importEnc;
-                    break;
-            }
-        }
-    }
-
-    public function encryptReferences($objKey) {
-        $curRawNode = $this->rawNode;
-        $curType = $this->type;
-        foreach ($this->references AS $name=>$reference) {
-            $this->encdoc = $reference["encnode"];
-            $this->rawNode = $reference["node"];
-            $this->type = $reference["type"];
-            try {
-                $encNode = $this->encryptNode($objKey);
-                $this->references[$name]["encnode"] = $encNode;
-            } catch (Exception $e) {
-                $this->rawNode = $curRawNode;
-                $this->type = $curType;
-                throw $e;
-            }
-        }
-        $this->rawNode = $curRawNode;
-        $this->type = $curType;
-    }
-
-    /**
-     * Retrieve the CipherValue text from this encrypted node.
-     *
-     * @return string|NULL  The Ciphervalue text, or NULL if no CipherValue is found.
-     */
-    public function getCipherValue() {
-        if (empty($this->rawNode)) {
-            throw new Exception('Node to decrypt has not been set');
-        }
-
-        $doc = $this->rawNode->ownerDocument;
-        $xPath = new DOMXPath($doc);
-        $xPath->registerNamespace('xmlencr', XMLSecEnc::XMLENCNS);
-        /* Only handles embedded content right now and not a reference */
-        $query = "./xmlencr:CipherData/xmlencr:CipherValue";
-        $nodeset = $xPath->query($query, $this->rawNode);
-        $node = $nodeset->item(0);
-
-        if (!$node) {
-                return NULL;
-        }
-
-        return base64_decode($node->nodeValue);
-    }
-
-    /**
-     * Decrypt this encrypted node.
-     *
-     * The behaviour of this function depends on the value of $replace.
-     * If $replace is FALSE, we will return the decrypted data as a string.
-     * If $replace is TRUE, we will insert the decrypted element(s) into the
-     * document, and return the decrypted element(s).
-     *
-     * @params XMLSecurityKey $objKey  The decryption key that should be used when decrypting the node.
-     * @params boolean $replace  Whether we should replace the encrypted node in the XML document with the decrypted data. The default is TRUE.
-     * @return string|DOMElement  The decrypted data.
-     */     
-    public function decryptNode($objKey, $replace=TRUE) {
-        if (! $objKey instanceof XMLSecurityKey) {
-            throw new Exception('Invalid Key');
-        }
-
-        $encryptedData = $this->getCipherValue();
-        if ($encryptedData) {
-            $decrypted = $objKey->decryptData($encryptedData);
-            if ($replace) {
-                switch ($this->type) {
-                    case (XMLSecEnc::Element):
-                        $newdoc = new DOMDocument();
-                        $newdoc->loadXML($decrypted);
-                        if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
-                            return $newdoc;
-                        }
-                        $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, TRUE);
-                        $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
-                        return $importEnc;
-                        break;
-                    case (XMLSecEnc::Content):
-                        if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
-                            $doc = $this->rawNode;
-                        } else {
-                            $doc = $this->rawNode->ownerDocument;
-                        }
-                        $newFrag = $doc->createDocumentFragment();
-                        $newFrag->appendXML($decrypted);
-                        $parent = $this->rawNode->parentNode;
-                        $parent->replaceChild($newFrag, $this->rawNode);
-                        return $parent;
-                        break;
-                    default:
-                        return $decrypted;
-                }
-            } else {
-                return $decrypted;
-            }
-        } else {
-            throw new Exception("Cannot locate encrypted data");
-        }
-    }
-
-    public function encryptKey($srcKey, $rawKey, $append=TRUE) {
-        if ((! $srcKey instanceof XMLSecurityKey) || (! $rawKey instanceof XMLSecurityKey)) {
-            throw new Exception('Invalid Key');
-        }
-        $strEncKey = base64_encode($srcKey->encryptData($rawKey->key));
-        $root = $this->encdoc->documentElement;
-        $encKey = $this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:EncryptedKey');
-        if ($append) {
-            $keyInfo = $root->insertBefore($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'), $root->firstChild);
-            $keyInfo->appendChild($encKey);
-        } else {
-            $this->encKey = $encKey;
-        }
-        $encMethod = $encKey->appendChild($this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:EncryptionMethod'));
-        $encMethod->setAttribute('Algorithm', $srcKey->getAlgorith());
-        if (! empty($srcKey->name)) {
-            $keyInfo = $encKey->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo'));
-            $keyInfo->appendChild($this->encdoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyName', $srcKey->name));
-        }
-        $cipherData = $encKey->appendChild($this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:CipherData'));
-        $cipherData->appendChild($this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:CipherValue', $strEncKey));
-        if (is_array($this->references) && count($this->references) > 0) {
-           $refList =  $encKey->appendChild($this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:ReferenceList'));
-            foreach ($this->references AS $name=>$reference) {
-                $refuri = $reference["refuri"];
-                $dataRef = $refList->appendChild($this->encdoc->createElementNS(XMLSecEnc::XMLENCNS, 'xenc:DataReference'));
-                $dataRef->setAttribute("URI", '#' . $refuri);
-            }
-        }
-        return;
-    }
-
-    public function decryptKey($encKey) {
-        if (! $encKey->isEncrypted) {
-            throw new Exception("Key is not Encrypted");
-        }
-        if (empty($encKey->key)) {
-            throw new Exception("Key is missing data to perform the decryption");
-        }
-        return $this->decryptNode($encKey, FALSE);
-    }
-
-    public function locateEncryptedData($element) {
-        if ($element instanceof DOMDocument) {
-            $doc = $element;
-        } else {
-            $doc = $element->ownerDocument;
-        }
-        if ($doc) {
-            $xpath = new DOMXPath($doc);
-            $query = "//*[local-name()='EncryptedData' and namespace-uri()='".XMLSecEnc::XMLENCNS."']";
-            $nodeset = $xpath->query($query);
-            return $nodeset->item(0);
-        }
-        return NULL;
-    }
-
-    public function locateKey($node=NULL) {
-        if (empty($node)) {
-            $node = $this->rawNode;
-        }
-        if (! $node instanceof DOMNode) {
-            return NULL;
-        }
-        if ($doc = $node->ownerDocument) {
-            $xpath = new DOMXPath($doc);
-            $xpath->registerNamespace('xmlsecenc', XMLSecEnc::XMLENCNS);
-            $query = ".//xmlsecenc:EncryptionMethod";
-            $nodeset = $xpath->query($query, $node);
-            if ($encmeth = $nodeset->item(0)) {
-                   $attrAlgorithm = $encmeth->getAttribute("Algorithm");
-                try {
-                    $objKey = new XMLSecurityKey($attrAlgorithm, array('type'=>'private'));
-                } catch (Exception $e) {
-                    return NULL;
-                }
-                return $objKey;
-            }
-        }
-        return NULL;
-    }
-
-    static function staticLocateKeyInfo($objBaseKey=NULL, $node=NULL) {
-        if (empty($node) || (! $node instanceof DOMNode)) {
-            return NULL;
-        }
-        $doc = $node->ownerDocument;
-        if (!$doc) {
-            return NULL;
-        }
-
-        $xpath = new DOMXPath($doc);
-        $xpath->registerNamespace('xmlsecenc', XMLSecEnc::XMLENCNS);
-        $xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
-        $query = "./xmlsecdsig:KeyInfo";
-        $nodeset = $xpath->query($query, $node);
-        $encmeth = $nodeset->item(0);
-        if (!$encmeth) {
-            /* No KeyInfo in EncryptedData / EncryptedKey. */
-            return $objBaseKey;
-        }
-
-        foreach ($encmeth->childNodes AS $child) {
-            switch ($child->localName) {
-                case 'KeyName':
-                    if (! empty($objBaseKey)) {
-                        $objBaseKey->name = $child->nodeValue;
-                    }
-                    break;
-                case 'KeyValue':
-                    foreach ($child->childNodes AS $keyval) {
-                        switch ($keyval->localName) {
-                            case 'DSAKeyValue':
-                                throw new Exception("DSAKeyValue currently not supported");
-                                break;
-                            case 'RSAKeyValue':
-                                $modulus = NULL;
-                                $exponent = NULL;
-                                if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) {
-                                    $modulus = base64_decode($modulusNode->nodeValue);
-                                }
-                                if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) {
-                                    $exponent = base64_decode($exponentNode->nodeValue);
-                                }
-                                if (empty($modulus) || empty($exponent)) {
-                                    throw new Exception("Missing Modulus or Exponent");
-                                }
-                                $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent);
-                                $objBaseKey->loadKey($publicKey);
-                                break;
-                        }
-                    }
-                    break;
-                case 'RetrievalMethod':
-                    $type = $child->getAttribute('Type');
-                    if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') {
-                        /* Unsupported key type. */
-                        break;
-                    }
-                    $uri = $child->getAttribute('URI');
-                    if ($uri[0] !== '#') {
-                        /* URI not a reference - unsupported. */
-                        break;
-                    }
-                    $id = substr($uri, 1);
-
-                    $query = "//xmlsecenc:EncryptedKey[@Id='$id']";
-                    $keyElement = $xpath->query($query)->item(0);
-                    if (!$keyElement) {
-                        throw new Exception("Unable to locate EncryptedKey with @Id='$id'.");
-                    }
-
-                    return XMLSecurityKey::fromEncryptedKeyElement($keyElement);
-                case 'EncryptedKey':
-                    return XMLSecurityKey::fromEncryptedKeyElement($child);
-                case 'X509Data':
-                    if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) {
-                        if ($x509certNodes->length > 0) {
-                            $x509cert = $x509certNodes->item(0)->textContent;
-                            $x509cert = str_replace(array("\r", "\n"), "", $x509cert);
-                            $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n";
-                            $objBaseKey->loadKey($x509cert, FALSE, TRUE);
-                        }
-                    }
-                    break;
-            }
-        }
-        return $objBaseKey;
-    }
-
-    public function locateKeyInfo($objBaseKey=NULL, $node=NULL) {
-        if (empty($node)) {
-            $node = $this->rawNode;
-        }
-        return XMLSecEnc::staticLocateKeyInfo($objBaseKey, $node);
-    }
-}