added verify_op that performs discovery on the relying party

Signed-off-by: Michael Krelin <hacker@klever.net>

4 files changed, 73 insertions, 6 deletions

diff --git a/include/Makefile.am b/include/Makefile.am
index 37fb961..9f5982c 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -11,20 +11,19 @@ nobase_include_HEADERS = \
 	opkele/consumer.h \
 	opkele/extension.h \
 	opkele/sreg.h \
 	opkele/extension_chain.h \
 	opkele/xconsumer.h \
 	opkele/xserver.h \
 	opkele/uris.h \
 	opkele/tr1-mem.h \
-	opkele/basic_rp.h \
-	opkele/prequeue_rp.h \
+	opkele/basic_rp.h opkele/prequeue_rp.h \
 	opkele/iterator.h \
-	opkele/basic_op.h \
+	opkele/basic_op.h opkele/verify_op.h \
 	${NODIST_HEADERS_}
 
 noinst_HEADERS = \
 	opkele/data.h \
 	opkele/curl.h opkele/expat.h opkele/tidy.h \
 	opkele/util.h \
 	opkele/debug.h \
 	opkele/discovery.h
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
new file mode 100644
index 0000000..f5c97b2
--- a/dev/null
+++ b/include/opkele/verify_op.h
@@ -0,0 +1,16 @@
+#ifndef __OPKELE_VERIFY_OP_H
+#define __OPKELE_VERIFY_OP_H
+
+#include <opkele/basic_op.h>
+
+namespace opkele {
+
+    class verify_op : public basic_op {
+	public:
+
+	void verify_return_to();
+    };
+
+}
+
+#endif /* __OPKELE_VERIFY_OP_H */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index ac312d1..e8bfbf5 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -22,14 +22,13 @@ libopkele_la_SOURCES = \
 		       data.cc \
 		       consumer.cc \
 		       exception.cc \
 		       extension.cc \
 		       sreg.cc \
 		       extension_chain.cc \
 		       curl.cc expat.cc \
 		       discovery.cc \
-		       basic_rp.cc \
-		       prequeue_rp.cc \
+		       basic_rp.cc prequeue_rp.cc \
 		       openid_message.cc \
-		       basic_op.cc
+		       basic_op.cc verify_op.cc
 libopkele_la_LDFLAGS = \
 	-version-info 2:0:0
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
new file mode 100644
index 0000000..e7c26b5
--- a/dev/null
+++ b/lib/verify_op.cc
@@ -0,0 +1,53 @@
+#include <opkele/verify_op.h>
+#include <opkele/discovery.h>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/uris.h>
+
+namespace opkele {
+    using std::output_iterator_tag;
+
+    class __RP_verifier_good_input : public exception {
+	public:
+	    __RP_verifier_good_input(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+
+    class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
+	public:
+	    int seen;
+	    const string& return_to;
+
+	    RP_verifier(const string& rt)
+		: return_to(rt), seen(0) { }
+
+	    RP_verifier& operator*() { return *this; }
+	    RP_verifier& operator=(const openid_endpoint_t& oep) {
+		if(util::uri_matches_realm(return_to,oep.uri))
+		    throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
+		return *this;
+	    }
+
+	    RP_verifier& operator++() { ++seen; return *this; }
+	    RP_verifier& operator++(int) { +seen; return *this; }
+    };
+
+    void verify_op::verify_return_to() {
+	basic_op::verify_return_to();
+	try {
+	    RP_verifier rpv(return_to);
+	    string drealm = realm;
+	    string::size_type csss = drealm.find("://*.");
+	    if(csss==4 || csss==5)
+		drealm.replace(csss+3,1,"www");
+	    const char *rtt[] = { STURI_OPENID20_RT, 0 };
+	    yadiscover(rpv,drealm,rtt,false);
+	    if(rpv.seen)
+		throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP");
+	}catch(__RP_verifier_good_input&) {
+	}catch(bad_return_to& brt) {
+	    throw;
+	}catch(exception_network&) { }
+    }
+
+}