summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2008-02-03 16:17:47 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-03 16:17:47 (UTC)
commit434d42b37ecab09fc91ac8e6c752d3292c10a3b1 (patch) (side-by-side diff)
treeec069e72e22cc2861e681e912d6f9e3ef4a65a2b
parent23a6d48436e24d3d145b742984ef68ec3bae2bfd (diff)
downloadlibopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.zip
libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.gz
libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.bz2
added verify_op that performs discovery on the relying party
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/Makefile.am5
-rw-r--r--include/opkele/verify_op.h16
-rw-r--r--lib/Makefile.am5
-rw-r--r--lib/verify_op.cc53
4 files changed, 73 insertions, 6 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index 37fb961..9f5982c 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,33 +1,32 @@
NODIST_HEADERS_ = \
opkele/acconfig.h \
opkele/tr1-mem.h
nobase_include_HEADERS = \
opkele/opkele-config.h \
opkele/types.h \
opkele/association.h \
opkele/exception.h \
opkele/server.h \
opkele/consumer.h \
opkele/extension.h \
opkele/sreg.h \
opkele/extension_chain.h \
opkele/xconsumer.h \
opkele/xserver.h \
opkele/uris.h \
opkele/tr1-mem.h \
- opkele/basic_rp.h \
- opkele/prequeue_rp.h \
+ opkele/basic_rp.h opkele/prequeue_rp.h \
opkele/iterator.h \
- opkele/basic_op.h \
+ opkele/basic_op.h opkele/verify_op.h \
${NODIST_HEADERS_}
noinst_HEADERS = \
opkele/data.h \
opkele/curl.h opkele/expat.h opkele/tidy.h \
opkele/util.h \
opkele/debug.h \
opkele/discovery.h
dist-hook:
rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_})
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
new file mode 100644
index 0000000..f5c97b2
--- a/dev/null
+++ b/include/opkele/verify_op.h
@@ -0,0 +1,16 @@
+#ifndef __OPKELE_VERIFY_OP_H
+#define __OPKELE_VERIFY_OP_H
+
+#include <opkele/basic_op.h>
+
+namespace opkele {
+
+ class verify_op : public basic_op {
+ public:
+
+ void verify_return_to();
+ };
+
+}
+
+#endif /* __OPKELE_VERIFY_OP_H */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index ac312d1..e8bfbf5 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,35 +1,34 @@
lib_LTLIBRARIES = libopkele.la
AM_CPPFLAGS = ${CPPFLAGS_DEBUG}
DEFAULT_INCLUDES = -I${top_builddir}
INCLUDES = \
-I${top_builddir}/include/ -I${top_srcdir}/include/ \
${KONFORKA_CFLAGS} \
${OPENSSL_CFLAGS} \
${LIBCURL_CPPFLAGS} \
${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}
libopkele_la_LIBADD = \
${LIBCURL} \
${PCRE_LIBS} ${EXPAT_LIBS} \
${OPENSSL_LIBS} \
${KONFORKA_LIBS} ${TIDY_LIBS}
libopkele_la_SOURCES = \
params.cc \
util.cc \
server.cc \
secret.cc \
data.cc \
consumer.cc \
exception.cc \
extension.cc \
sreg.cc \
extension_chain.cc \
curl.cc expat.cc \
discovery.cc \
- basic_rp.cc \
- prequeue_rp.cc \
+ basic_rp.cc prequeue_rp.cc \
openid_message.cc \
- basic_op.cc
+ basic_op.cc verify_op.cc
libopkele_la_LDFLAGS = \
-version-info 2:0:0
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
new file mode 100644
index 0000000..e7c26b5
--- a/dev/null
+++ b/lib/verify_op.cc
@@ -0,0 +1,53 @@
+#include <opkele/verify_op.h>
+#include <opkele/discovery.h>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/uris.h>
+
+namespace opkele {
+ using std::output_iterator_tag;
+
+ class __RP_verifier_good_input : public exception {
+ public:
+ __RP_verifier_good_input(OPKELE_E_PARS)
+ : exception(OPKELE_E_CONS) { }
+ };
+
+ class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
+ public:
+ int seen;
+ const string& return_to;
+
+ RP_verifier(const string& rt)
+ : return_to(rt), seen(0) { }
+
+ RP_verifier& operator*() { return *this; }
+ RP_verifier& operator=(const openid_endpoint_t& oep) {
+ if(util::uri_matches_realm(return_to,oep.uri))
+ throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
+ return *this;
+ }
+
+ RP_verifier& operator++() { ++seen; return *this; }
+ RP_verifier& operator++(int) { +seen; return *this; }
+ };
+
+ void verify_op::verify_return_to() {
+ basic_op::verify_return_to();
+ try {
+ RP_verifier rpv(return_to);
+ string drealm = realm;
+ string::size_type csss = drealm.find("://*.");
+ if(csss==4 || csss==5)
+ drealm.replace(csss+3,1,"www");
+ const char *rtt[] = { STURI_OPENID20_RT, 0 };
+ yadiscover(rpv,drealm,rtt,false);
+ if(rpv.seen)
+ throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP");
+ }catch(__RP_verifier_good_input&) {
+ }catch(bad_return_to& brt) {
+ throw;
+ }catch(exception_network&) { }
+ }
+
+}