author | Michael Krelin <hacker@klever.net> | 2008-02-03 16:17:47 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-02-03 16:17:47 (UTC) |
commit | 434d42b37ecab09fc91ac8e6c752d3292c10a3b1 (patch) (side-by-side diff) | |
tree | ec069e72e22cc2861e681e912d6f9e3ef4a65a2b | |
parent | 23a6d48436e24d3d145b742984ef68ec3bae2bfd (diff) | |
download | libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.zip libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.gz libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.bz2 |
added verify_op that performs discovery on the relying party
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | include/Makefile.am | 5 | ||||
-rw-r--r-- | include/opkele/verify_op.h | 16 | ||||
-rw-r--r-- | lib/Makefile.am | 5 | ||||
-rw-r--r-- | lib/verify_op.cc | 53 |
4 files changed, 73 insertions, 6 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index 37fb961..9f5982c 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1,33 +1,32 @@ NODIST_HEADERS_ = \ opkele/acconfig.h \ opkele/tr1-mem.h nobase_include_HEADERS = \ opkele/opkele-config.h \ opkele/types.h \ opkele/association.h \ opkele/exception.h \ opkele/server.h \ opkele/consumer.h \ opkele/extension.h \ opkele/sreg.h \ opkele/extension_chain.h \ opkele/xconsumer.h \ opkele/xserver.h \ opkele/uris.h \ opkele/tr1-mem.h \ - opkele/basic_rp.h \ - opkele/prequeue_rp.h \ + opkele/basic_rp.h opkele/prequeue_rp.h \ opkele/iterator.h \ - opkele/basic_op.h \ + opkele/basic_op.h opkele/verify_op.h \ ${NODIST_HEADERS_} noinst_HEADERS = \ opkele/data.h \ opkele/curl.h opkele/expat.h opkele/tidy.h \ opkele/util.h \ opkele/debug.h \ opkele/discovery.h dist-hook: rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_}) diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h new file mode 100644 index 0000000..f5c97b2 --- a/dev/null +++ b/include/opkele/verify_op.h @@ -0,0 +1,16 @@ +#ifndef __OPKELE_VERIFY_OP_H +#define __OPKELE_VERIFY_OP_H + +#include <opkele/basic_op.h> + +namespace opkele { + + class verify_op : public basic_op { + public: + + void verify_return_to(); + }; + +} + +#endif /* __OPKELE_VERIFY_OP_H */ diff --git a/lib/Makefile.am b/lib/Makefile.am index ac312d1..e8bfbf5 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,35 +1,34 @@ lib_LTLIBRARIES = libopkele.la AM_CPPFLAGS = ${CPPFLAGS_DEBUG} DEFAULT_INCLUDES = -I${top_builddir} INCLUDES = \ -I${top_builddir}/include/ -I${top_srcdir}/include/ \ ${KONFORKA_CFLAGS} \ ${OPENSSL_CFLAGS} \ ${LIBCURL_CPPFLAGS} \ ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS} libopkele_la_LIBADD = \ ${LIBCURL} \ ${PCRE_LIBS} ${EXPAT_LIBS} \ ${OPENSSL_LIBS} \ ${KONFORKA_LIBS} ${TIDY_LIBS} libopkele_la_SOURCES = \ params.cc \ util.cc \ server.cc \ secret.cc \ data.cc \ consumer.cc \ exception.cc \ extension.cc \ sreg.cc \ extension_chain.cc \ curl.cc expat.cc \ discovery.cc \ - basic_rp.cc \ - prequeue_rp.cc \ + basic_rp.cc prequeue_rp.cc \ openid_message.cc \ - basic_op.cc + basic_op.cc verify_op.cc libopkele_la_LDFLAGS = \ -version-info 2:0:0 diff --git a/lib/verify_op.cc b/lib/verify_op.cc new file mode 100644 index 0000000..e7c26b5 --- a/dev/null +++ b/lib/verify_op.cc @@ -0,0 +1,53 @@ +#include <opkele/verify_op.h> +#include <opkele/discovery.h> +#include <opkele/exception.h> +#include <opkele/util.h> +#include <opkele/uris.h> + +namespace opkele { + using std::output_iterator_tag; + + class __RP_verifier_good_input : public exception { + public: + __RP_verifier_good_input(OPKELE_E_PARS) + : exception(OPKELE_E_CONS) { } + }; + + class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { + public: + int seen; + const string& return_to; + + RP_verifier(const string& rt) + : return_to(rt), seen(0) { } + + RP_verifier& operator*() { return *this; } + RP_verifier& operator=(const openid_endpoint_t& oep) { + if(util::uri_matches_realm(return_to,oep.uri)) + throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); + return *this; + } + + RP_verifier& operator++() { ++seen; return *this; } + RP_verifier& operator++(int) { +seen; return *this; } + }; + + void verify_op::verify_return_to() { + basic_op::verify_return_to(); + try { + RP_verifier rpv(return_to); + string drealm = realm; + string::size_type csss = drealm.find("://*."); + if(csss==4 || csss==5) + drealm.replace(csss+3,1,"www"); + const char *rtt[] = { STURI_OPENID20_RT, 0 }; + yadiscover(rpv,drealm,rtt,false); + if(rpv.seen) + throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); + }catch(__RP_verifier_good_input&) { + }catch(bad_return_to& brt) { + throw; + }catch(exception_network&) { } + } + +} |