basic_RP: add methods for accessing identity information passed from OP.

Signed-off-by: Michael Krelin <hacker@klever.net>

2 files changed, 63 insertions, 2 deletions

diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h
index d5356aa..d096e0a 100644
--- a/include/opkele/basic_rp.h
+++ b/include/opkele/basic_rp.h
@@ -12,2 +12,10 @@ namespace opkele {
         public:
+            /**
+             * Claimed identifier from a parsed id_res message.
+             */
+            string claimed_id;
+            /**
+             * OP-Local identifier from a parsed id_res message.
+             */
+            string identity;
 
@@ -15,2 +23,30 @@ namespace opkele {
 
+            void reset_vars();
+
+            /**
+             * @name Assertion information retrieval
+             * Retrieval of the information passed with openid message
+             * @{
+             */
+            /**
+             * Find out if the assertion is about identity
+             * @return true if so
+             */
+            bool has_identity() const;
+            /**
+             * Get claimed identifier supplied with the request
+             * @return claimed identifier
+             * @throw non_identity if request is not about identity
+             */
+            const string& get_claimed_id() const;
+            /**
+             * Get the identity (OP-Local identifier) confirmed
+             * @return identity
+             * @throw non_identity if request is not about identity
+             */
+            const string& get_identity() const;
+            /**
+             * @}
+             */
+
             /**
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index e65d9fb..3357d0b 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -10,2 +10,3 @@
 #include <opkele/curl.h>
+#include <opkele/debug.h>
 
@@ -13,2 +14,20 @@ namespace opkele {
 
+    void basic_RP::reset_vars() {
+        claimed_id.clear(); identity.clear();
+    }
+
+    const string& basic_RP::get_claimed_id() const {
+        if(claimed_id.empty())
+            throw non_identity(OPKELE_CP_ "attempting to retreive claimed_id of non-identity assertion");
+        assert(!identity.empty());
+        return claimed_id;
+    }
+
+    const string& basic_RP::get_identity() const {
+        if(identity.empty())
+            throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related assertion");
+        assert(!claimed_id.empty());
+        return identity;
+    }
+
     static void dh_get_secret(
@@ -198,2 +217,3 @@ namespace opkele {
     void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) {
+        reset_vars();
         bool o2 = om.has_field("ns")
@@ -273,8 +293,13 @@ namespace opkele {
             if(om.has_field("claimed_id")) {
+                claimed_id = om.get_field("claimed_id");
+                identity = om.get_field("identity");
                 verify_OP(
                         om.get_field("op_endpoint"),
-                        om.get_field("claimed_id"),
-                        om.get_field("identity") );
+                        claimed_id, identity );
             }
 
+        }else{
+            claimed_id = get_endpoint().claimed_id;
+            /* TODO: check if this is the identity we asked for */
+            identity = om.get_field("identity");
         }