OpenID demo updated

[Karl Koscher]

>LiveJournal now speaks OpenID.  (yadis with all those renaming changes)
>  
>
SupportOffice now does as well, although I ran into a few quirks.

Does your demo do signature verification? Mine is failing only a 
fraction of the time, and I can't find anything different that happens 
only when it fails. It works for 46, 47, and 48 byte keys. The clocks 
are in sync, although it's failing after the timestamp check anyway. It 
even fails when checking it manually:

mrsaturn at cerebellum mrsaturn $ echo 
"MC0CFFqCX/GlnukRUeqAcriOONjJK2VSAhUA53DbHVtSnNQ2fud7p8Ed8zcxB0c=" | 
decode-base64 > yadisSig
mrsaturn at cerebellum mrsaturn $ echo -n 
"2005-05-18T09:49:47Z::assert_identity::http://www.livejournal.com/users/supersat/::http://www.supportoffice.org/accounts/yadisbind.php?site=lj&username=supersat&yvv=7245a7cf2493f50bec742d6eb08d1597" 
| openssl dgst -dss1 -verify lj-dsa.pem -signature yadisSig
Verification Failure

Other keys work fine, though:

mrsaturn at cerebellum mrsaturn $ echo 
"MC4CFQCLvocBKJl1eYEgbHjE4nkIL5oyPwIVAMw293jeFO+Cx0kUPj4xDNIffJNA" | 
decode-base64 > yadisSig
mrsaturn at cerebellum mrsaturn $ echo -n 
"2005-05-18T10:04:36Z::assert_identity::http://www.livejournal.com/users/supersat/::http://www.supportoffice.org/accounts/yadisbind.php?site=lj&username=supersat&yvv=7245a7cf2493f50bec742d6eb08d1597" 
| openssl dgst -dss1 -verify lj-dsa.pem -signature yadisSig
Verified OK

I'm using OpenSSL 0.9.7d, which isn't the latest and greatest, but a 
quick look at the changes file shows that there hasn't been any changes 
that would affect DSA signature verification. I could be overlooking 
something, though.

Other quirks:

LiveJournal doesn't like URLs in the form of 
http://www.livejournal.com/users/username. It needs a trailing slash, 
otherwise it thinks you're attempting to auth as "www".

It also turns out that PHP renames the arguments from openid.* to 
openid_*, which is somewhat annoying.

- Karl