summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2008-02-08 21:26:55 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-08 21:26:55 (UTC)
commit1a4d8acd92d17ec1363886383bd171eabef2e25e (patch) (unidiff)
tree7c330603957c5f6eff2bfeaa9155ff5ccb701e82
parent2e93c9940944edab87c29a2a13d60090f15fea86 (diff)
downloadlibopkele-1a4d8acd92d17ec1363886383bd171eabef2e25e.zip
libopkele-1a4d8acd92d17ec1363886383bd171eabef2e25e.tar.gz
libopkele-1a4d8acd92d17ec1363886383bd171eabef2e25e.tar.bz2
renamed verify_op to verify_OP
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_op.h2
-rw-r--r--include/opkele/verify_op.h2
-rw-r--r--lib/verify_op.cc2
-rw-r--r--test/OP.cc2
4 files changed, 4 insertions, 4 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h
index 0e3231d..0326508 100644
--- a/include/opkele/basic_op.h
+++ b/include/opkele/basic_op.h
@@ -121,129 +121,129 @@ namespace opkele {
121 */ 121 */
122 basic_openid_message& associate( 122 basic_openid_message& associate(
123 basic_openid_message& oum, 123 basic_openid_message& oum,
124 const basic_openid_message& inm); 124 const basic_openid_message& inm);
125 125
126 /** 126 /**
127 * Parse the checkid_* request. The function parses input message, 127 * Parse the checkid_* request. The function parses input message,
128 * retrieves the information needed for further processing, 128 * retrieves the information needed for further processing,
129 * verifies what can be verified at this stage. 129 * verifies what can be verified at this stage.
130 * @param inm incoming OpenID message 130 * @param inm incoming OpenID message
131 * @param ext extension/chain of extensions supported 131 * @param ext extension/chain of extensions supported
132 */ 132 */
133 void checkid_(const basic_openid_message& inm,extension_t *ext=0); 133 void checkid_(const basic_openid_message& inm,extension_t *ext=0);
134 /** 134 /**
135 * Build and sign a positive assertion message 135 * Build and sign a positive assertion message
136 * @param om outpu OpenID message 136 * @param om outpu OpenID message
137 * @param ext extension/chain of extensions supported 137 * @param ext extension/chain of extensions supported
138 * @return reference to om 138 * @return reference to om
139 */ 139 */
140 basic_openid_message& id_res(basic_openid_message& om, 140 basic_openid_message& id_res(basic_openid_message& om,
141 extension_t *ext=0); 141 extension_t *ext=0);
142 /** 142 /**
143 * Build a 'cancel' negative assertion 143 * Build a 'cancel' negative assertion
144 * @param om output OpenID message 144 * @param om output OpenID message
145 * @return reference to om 145 * @return reference to om
146 */ 146 */
147 basic_openid_message& cancel(basic_openid_message& om); 147 basic_openid_message& cancel(basic_openid_message& om);
148 /** 148 /**
149 * Build an 'error' reply 149 * Build an 'error' reply
150 * @param om output OpenID message 150 * @param om output OpenID message
151 * @param error a human-readable message indicating the cause 151 * @param error a human-readable message indicating the cause
152 * @param contact contact address for the server administrator (can be empty) 152 * @param contact contact address for the server administrator (can be empty)
153 * @param reference a reference token (can be empty) 153 * @param reference a reference token (can be empty)
154 * @return reference to om 154 * @return reference to om
155 */ 155 */
156 basic_openid_message& error(basic_openid_message& om, 156 basic_openid_message& error(basic_openid_message& om,
157 const string& error,const string& contact, 157 const string& error,const string& contact,
158 const string& reference ); 158 const string& reference );
159 /** 159 /**
160 * Build a setup_needed reply to checkid_immediate request 160 * Build a setup_needed reply to checkid_immediate request
161 * @param oum output OpenID message 161 * @param oum output OpenID message
162 * @param inm incoming OpenID request being processed 162 * @param inm incoming OpenID request being processed
163 * @return reference to oum 163 * @return reference to oum
164 */ 164 */
165 basic_openid_message& setup_needed( 165 basic_openid_message& setup_needed(
166 basic_openid_message& oum,const basic_openid_message& inm); 166 basic_openid_message& oum,const basic_openid_message& inm);
167 167
168 /** 168 /**
169 * Process check_authentication request 169 * Process check_authentication request
170 * @param oum output OpenID message 170 * @param oum output OpenID message
171 * @param inm incoming request 171 * @param inm incoming request
172 * @return reference to oum 172 * @return reference to oum
173 */ 173 */
174 basic_openid_message& check_authentication( 174 basic_openid_message& check_authentication(
175 basic_openid_message& oum,const basic_openid_message& inm); 175 basic_openid_message& oum,const basic_openid_message& inm);
176 /** 176 /**
177 * @} 177 * @}
178 */ 178 */
179 179
180 /** 180 /**
181 * Verify return_to url. The default implementation checks whether 181 * Verify return_to url. The default implementation checks whether
182 * return_to URI matches the realm 182 * return_to URI matches the realm
183 * @throw bad_realm in case of invalid realm 183 * @throw bad_realm in case of invalid realm
184 * @throw bad_return_to if return_to doesn't match the realm 184 * @throw bad_return_to if return_to doesn't match the realm
185 * @see verify_op::verify_return_to() 185 * @see verify_OP::verify_return_to()
186 */ 186 */
187 virtual void verify_return_to(); 187 virtual void verify_return_to();
188 188
189 /** 189 /**
190 * @name Global persistent store API 190 * @name Global persistent store API
191 * These functions are related to the associations with RPs storage 191 * These functions are related to the associations with RPs storage
192 * and retrieval and nonce management. 192 * and retrieval and nonce management.
193 * @{ 193 * @{
194 */ 194 */
195 /** 195 /**
196 * Allocate association. 196 * Allocate association.
197 * @param type association type 197 * @param type association type
198 * @param kl association key length 198 * @param kl association key length
199 * @param sl true if the association is stateless 199 * @param sl true if the association is stateless
200 * @return association object 200 * @return association object
201 */ 201 */
202 virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0; 202 virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0;
203 /** 203 /**
204 * Retrieve valid unexpired association 204 * Retrieve valid unexpired association
205 * @param handle association handle 205 * @param handle association handle
206 * @return association object 206 * @return association object
207 */ 207 */
208 virtual assoc_t retrieve_assoc(const string& handle) = 0; 208 virtual assoc_t retrieve_assoc(const string& handle) = 0;
209 /** 209 /**
210 * Allocate nonce. 210 * Allocate nonce.
211 * @param nonce input-output parameter containing timestamp part of 211 * @param nonce input-output parameter containing timestamp part of
212 * the nonce on input 212 * the nonce on input
213 * @param sl true if the nonce is 213 * @param sl true if the nonce is
214 * @return reference to nonce 214 * @return reference to nonce
215 * @throw failed_lookup if no such valid unexpired association 215 * @throw failed_lookup if no such valid unexpired association
216 * could be retrieved 216 * could be retrieved
217 */ 217 */
218 virtual string& alloc_nonce(string& nonce) = 0; 218 virtual string& alloc_nonce(string& nonce) = 0;
219 /** 219 /**
220 * Check nonce validity 220 * Check nonce validity
221 * @param nonce nonce to check 221 * @param nonce nonce to check
222 * @return true if nonce found and isn't yet invalidated 222 * @return true if nonce found and isn't yet invalidated
223 */ 223 */
224 virtual bool check_nonce(const string& nonce) = 0; 224 virtual bool check_nonce(const string& nonce) = 0;
225 /** 225 /**
226 * Invalidate nonce 226 * Invalidate nonce
227 * @param nonce nonce to check 227 * @param nonce nonce to check
228 */ 228 */
229 virtual void invalidate_nonce(const string& nonce) = 0; 229 virtual void invalidate_nonce(const string& nonce) = 0;
230 /** 230 /**
231 * @} 231 * @}
232 */ 232 */
233 233
234 /** 234 /**
235 * @name Site particulars API 235 * @name Site particulars API
236 * @{ 236 * @{
237 */ 237 */
238 /** 238 /**
239 * Query the absolute URL of the op endpoint 239 * Query the absolute URL of the op endpoint
240 * @return fully qualified url of the OP endpoint 240 * @return fully qualified url of the OP endpoint
241 */ 241 */
242 virtual const string get_op_endpoint() const = 0; 242 virtual const string get_op_endpoint() const = 0;
243 /** 243 /**
244 * @} 244 * @}
245 */ 245 */
246 246
247 }; 247 };
248} 248}
249 249
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
index 6b94240..9e29bac 100644
--- a/include/opkele/verify_op.h
+++ b/include/opkele/verify_op.h
@@ -1,26 +1,26 @@
1#ifndef __OPKELE_VERIFY_OP_H 1#ifndef __OPKELE_VERIFY_OP_H
2#define __OPKELE_VERIFY_OP_H 2#define __OPKELE_VERIFY_OP_H
3 3
4#include <opkele/basic_op.h> 4#include <opkele/basic_op.h>
5 5
6namespace opkele { 6namespace opkele {
7 7
8 /** 8 /**
9 * The OP implementation that does discovery verification on RP 9 * The OP implementation that does discovery verification on RP
10 */ 10 */
11 class verify_op : public basic_OP { 11 class verify_OP : public basic_OP {
12 public: 12 public:
13 13
14 /** 14 /**
15 * In addition to basic_OP::verify_return_to() functionality this 15 * In addition to basic_OP::verify_return_to() functionality this
16 * implementation does the discovery on RP to see if return_to matches 16 * implementation does the discovery on RP to see if return_to matches
17 * the realm 17 * the realm
18 * @throw bad_return_to in case we fail to discover corresponding 18 * @throw bad_return_to in case we fail to discover corresponding
19 * service endpoint 19 * service endpoint
20 */ 20 */
21 void verify_return_to(); 21 void verify_return_to();
22 }; 22 };
23 23
24} 24}
25 25
26#endif /* __OPKELE_VERIFY_OP_H */ 26#endif /* __OPKELE_VERIFY_OP_H */
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
index 0beca2d..ab21b4f 100644
--- a/lib/verify_op.cc
+++ b/lib/verify_op.cc
@@ -1,53 +1,53 @@
1#include <opkele/verify_op.h> 1#include <opkele/verify_op.h>
2#include <opkele/discovery.h> 2#include <opkele/discovery.h>
3#include <opkele/exception.h> 3#include <opkele/exception.h>
4#include <opkele/util.h> 4#include <opkele/util.h>
5#include <opkele/uris.h> 5#include <opkele/uris.h>
6 6
7namespace opkele { 7namespace opkele {
8 using std::output_iterator_tag; 8 using std::output_iterator_tag;
9 9
10 class __RP_verifier_good_input : public exception { 10 class __RP_verifier_good_input : public exception {
11 public: 11 public:
12 __RP_verifier_good_input(OPKELE_E_PARS) 12 __RP_verifier_good_input(OPKELE_E_PARS)
13 : exception(OPKELE_E_CONS) { } 13 : exception(OPKELE_E_CONS) { }
14 }; 14 };
15 15
16 class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { 16 class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
17 public: 17 public:
18 int seen; 18 int seen;
19 const string& return_to; 19 const string& return_to;
20 20
21 RP_verifier(const string& rt) 21 RP_verifier(const string& rt)
22 : return_to(rt), seen(0) { } 22 : return_to(rt), seen(0) { }
23 23
24 RP_verifier& operator*() { return *this; } 24 RP_verifier& operator*() { return *this; }
25 RP_verifier& operator=(const openid_endpoint_t& oep) { 25 RP_verifier& operator=(const openid_endpoint_t& oep) {
26 if(util::uri_matches_realm(return_to,oep.uri)) 26 if(util::uri_matches_realm(return_to,oep.uri))
27 throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); 27 throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
28 return *this; 28 return *this;
29 } 29 }
30 30
31 RP_verifier& operator++() { ++seen; return *this; } 31 RP_verifier& operator++() { ++seen; return *this; }
32 RP_verifier& operator++(int) { +seen; return *this; } 32 RP_verifier& operator++(int) { +seen; return *this; }
33 }; 33 };
34 34
35 void verify_op::verify_return_to() { 35 void verify_OP::verify_return_to() {
36 basic_OP::verify_return_to(); 36 basic_OP::verify_return_to();
37 try { 37 try {
38 RP_verifier rpv(return_to); 38 RP_verifier rpv(return_to);
39 string drealm = realm; 39 string drealm = realm;
40 string::size_type csss = drealm.find("://*."); 40 string::size_type csss = drealm.find("://*.");
41 if(csss==4 || csss==5) 41 if(csss==4 || csss==5)
42 drealm.replace(csss+3,1,"www"); 42 drealm.replace(csss+3,1,"www");
43 const char *rtt[] = { STURI_OPENID20_RT, 0 }; 43 const char *rtt[] = { STURI_OPENID20_RT, 0 };
44 yadiscover(rpv,drealm,rtt,false); 44 yadiscover(rpv,drealm,rtt,false);
45 if(rpv.seen) 45 if(rpv.seen)
46 throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); 46 throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP");
47 }catch(__RP_verifier_good_input&) { 47 }catch(__RP_verifier_good_input&) {
48 }catch(bad_return_to& brt) { 48 }catch(bad_return_to& brt) {
49 throw; 49 throw;
50 }catch(exception_network&) { } 50 }catch(exception_network&) { }
51 } 51 }
52 52
53} 53}
diff --git a/test/OP.cc b/test/OP.cc
index ce54d92..851d831 100644
--- a/test/OP.cc
+++ b/test/OP.cc
@@ -1,119 +1,119 @@
1#include <uuid/uuid.h> 1#include <uuid/uuid.h>
2#include <iostream> 2#include <iostream>
3#include <cassert> 3#include <cassert>
4#include <string> 4#include <string>
5#include <ext/algorithm> 5#include <ext/algorithm>
6using namespace std; 6using namespace std;
7#include <kingate/exception.h> 7#include <kingate/exception.h>
8#include <kingate/plaincgi.h> 8#include <kingate/plaincgi.h>
9#include <kingate/cgi_gateway.h> 9#include <kingate/cgi_gateway.h>
10#include <opkele/exception.h> 10#include <opkele/exception.h>
11#include <opkele/util.h> 11#include <opkele/util.h>
12#include <opkele/uris.h> 12#include <opkele/uris.h>
13#include <opkele/extension.h> 13#include <opkele/extension.h>
14#include <opkele/association.h> 14#include <opkele/association.h>
15#include <opkele/debug.h> 15#include <opkele/debug.h>
16#include <opkele/verify_op.h> 16#include <opkele/verify_op.h>
17#include <opkele/sreg.h> 17#include <opkele/sreg.h>
18 18
19#include "sqlite.h" 19#include "sqlite.h"
20#include "kingate_openid_message.h" 20#include "kingate_openid_message.h"
21 21
22static const string get_self_url(const kingate::cgi_gateway& gw) { 22static const string get_self_url(const kingate::cgi_gateway& gw) {
23 bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); 23 bool s = gw.has_meta("SSL_PROTOCOL_VERSION");
24 string rv = s?"https://":"http://"; 24 string rv = s?"https://":"http://";
25 rv += gw.http_request_header("Host"); 25 rv += gw.http_request_header("Host");
26 const string& port = gw.get_meta("SERVER_PORT"); 26 const string& port = gw.get_meta("SERVER_PORT");
27 if( port!=(s?"443":"80") ) { 27 if( port!=(s?"443":"80") ) {
28 rv += ':'; rv += port; 28 rv += ':'; rv += port;
29 } 29 }
30 rv += gw.get_meta("REQUEST_URI"); 30 rv += gw.get_meta("REQUEST_URI");
31 string::size_type q = rv.find('?'); 31 string::size_type q = rv.find('?');
32 if(q!=string::npos) 32 if(q!=string::npos)
33 rv.erase(q); 33 rv.erase(q);
34 return rv; 34 return rv;
35} 35}
36 36
37class opdb_t : public sqlite3_t { 37class opdb_t : public sqlite3_t {
38 public: 38 public:
39 opdb_t() 39 opdb_t()
40 : sqlite3_t("/tmp/OP.db") { 40 : sqlite3_t("/tmp/OP.db") {
41 assert(_D); 41 assert(_D);
42 char **resp; int nr,nc; char *errm; 42 char **resp; int nr,nc; char *errm;
43 if(sqlite3_get_table( 43 if(sqlite3_get_table(
44 _D, "SELECT a_op FROM assoc LIMIT 0", 44 _D, "SELECT a_op FROM assoc LIMIT 0",
45 &resp,&nr,&nc,&errm)!=SQLITE_OK) { 45 &resp,&nr,&nc,&errm)!=SQLITE_OK) {
46 extern const char *__OP_db_bootstrap; 46 extern const char *__OP_db_bootstrap;
47 DOUT_("Bootstrapping DB"); 47 DOUT_("Bootstrapping DB");
48 if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) 48 if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK)
49 throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); 49 throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm);
50 }else 50 }else
51 sqlite3_free_table(resp); 51 sqlite3_free_table(resp);
52 } 52 }
53}; 53};
54 54
55class example_op_t : public opkele::verify_op { 55class example_op_t : public opkele::verify_OP {
56 public: 56 public:
57 kingate::cgi_gateway& gw; 57 kingate::cgi_gateway& gw;
58 opdb_t db; 58 opdb_t db;
59 kingate::cookie htc; 59 kingate::cookie htc;
60 60
61 61
62 example_op_t(kingate::cgi_gateway& gw) 62 example_op_t(kingate::cgi_gateway& gw)
63 : gw(gw) { 63 : gw(gw) {
64 try { 64 try {
65 htc = gw.cookies.get_cookie("htop_session"); 65 htc = gw.cookies.get_cookie("htop_session");
66 sqlite3_mem_t<char*> S = sqlite3_mprintf( 66 sqlite3_mem_t<char*> S = sqlite3_mprintf(
67 "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", 67 "SELECT 1 FROM ht_sessions WHERE hts_id=%Q",
68 htc.get_value().c_str()); 68 htc.get_value().c_str());
69 sqlite3_table_t T; int nr,nc; 69 sqlite3_table_t T; int nr,nc;
70 db.get_table(S,T,&nr,&nc); 70 db.get_table(S,T,&nr,&nc);
71 if(nr<1) 71 if(nr<1)
72 throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); 72 throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation");
73 }catch(kingate::exception_notfound& kenf) { 73 }catch(kingate::exception_notfound& kenf) {
74 uuid_t uuid; uuid_generate(uuid); 74 uuid_t uuid; uuid_generate(uuid);
75 htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); 75 htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid)));
76 sqlite3_mem_t<char*> S = sqlite3_mprintf( 76 sqlite3_mem_t<char*> S = sqlite3_mprintf(
77 "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", 77 "INSERT INTO ht_sessions (hts_id) VALUES (%Q)",
78 htc.get_value().c_str()); 78 htc.get_value().c_str());
79 db.exec(S); 79 db.exec(S);
80 } 80 }
81 } 81 }
82 82
83 void set_authorized(bool a) { 83 void set_authorized(bool a) {
84 sqlite3_mem_t<char*> 84 sqlite3_mem_t<char*>
85 S = sqlite3_mprintf( 85 S = sqlite3_mprintf(
86 "UPDATE ht_sessions" 86 "UPDATE ht_sessions"
87 " SET authorized=%d" 87 " SET authorized=%d"
88 " WHERE hts_id=%Q", 88 " WHERE hts_id=%Q",
89 (int)a,htc.get_value().c_str()); 89 (int)a,htc.get_value().c_str());
90 db.exec(S); 90 db.exec(S);
91 } 91 }
92 bool get_authorized() { 92 bool get_authorized() {
93 sqlite3_mem_t<char*> 93 sqlite3_mem_t<char*>
94 S = sqlite3_mprintf( 94 S = sqlite3_mprintf(
95 "SELECT authorized" 95 "SELECT authorized"
96 " FROM ht_sessions" 96 " FROM ht_sessions"
97 " WHERE hts_id=%Q", 97 " WHERE hts_id=%Q",
98 htc.get_value().c_str()); 98 htc.get_value().c_str());
99 sqlite3_table_t T; int nr,nc; 99 sqlite3_table_t T; int nr,nc;
100 db.get_table(S,T,&nr,&nc); 100 db.get_table(S,T,&nr,&nc);
101 assert(nr==1); assert(nc=1); 101 assert(nr==1); assert(nc=1);
102 return opkele::util::string_to_long(T.get(1,0,nc)); 102 return opkele::util::string_to_long(T.get(1,0,nc));
103 } 103 }
104 104
105 ostream& cookie_header(ostream& o) const { 105 ostream& cookie_header(ostream& o) const {
106 o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; 106 o << "Set-Cookie: " << htc.set_cookie_header() << "\n";
107 return o; 107 return o;
108 } 108 }
109 109
110 opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { 110 opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) {
111 uuid_t uuid; uuid_generate(uuid); 111 uuid_t uuid; uuid_generate(uuid);
112 string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); 112 string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid));
113 opkele::secret_t a_secret; 113 opkele::secret_t a_secret;
114 generate_n( 114 generate_n(
115 back_insert_iterator<opkele::secret_t>(a_secret),klength, 115 back_insert_iterator<opkele::secret_t>(a_secret),klength,
116 rand ); 116 rand );
117 string ssecret; a_secret.to_base64(ssecret); 117 string ssecret; a_secret.to_base64(ssecret);
118 time_t now = time(0); 118 time_t now = time(0);
119 int expires_in = sl?3600*2:3600*24*7*2; 119 int expires_in = sl?3600*2:3600*24*7*2;