Merge branch 'next' into devel/xri

4 files changed, 21 insertions, 6 deletions

diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h
index 50ff692..c463787 100644
--- a/include/opkele/consumer.h
+++ b/include/opkele/consumer.h
@@ -67,6 +67,11 @@ namespace opkele {
 	     * function should never return an expired or invalidated
 	     * association.
 	     *
+	     * @note
+	     * It may be a good idea to pre-expire associations shortly before
+	     * their time is really up to avoid association expiry in the
+	     * middle of negotiations.
+	     *
 	     * @param server the OpenID server
 	     * @return the auto_ptr<> for the newly allocated association_t object
 	     * @throw failed_lookup in case of absence of the handle
@@ -137,6 +142,7 @@ namespace opkele {
 	     * @throw id_res_setup in case of openid.user_setup_url failure
 	     * (supposedly checkid_immediate only)
 	     * @throw id_res_failed in case of failure
+	     * @throw id_res_expired_on_delivery if the association expired before it could've been verified
 	     * @throw exception in case of other failures
 	     */
 	    virtual void id_res(const params_t& pin,const string& identity="",extension_t *ext=0);
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
index a654d59..8913665 100644
--- a/include/opkele/exception.h
+++ b/include/opkele/exception.h
@@ -170,6 +170,15 @@ namespace opkele {
     };
 
     /**
+     * thrown if the association has expired before it could've been verified.
+     */
+    class id_res_expired_on_delivery : public id_res_failed {
+	public:
+	    id_res_expired_on_delivery(OPKELE_E_PARS)
+		: id_res_failed(OPKELE_E_CONS) { }
+    };
+
+    /**
      * openssl malfunction occured
      */
     class exception_openssl : public exception {
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 66db7dd..9f7530f 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -184,8 +184,8 @@ namespace opkele {
 	params_t ps;
 	try {
 	    assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
-	    if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */
-		throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
+	    if(assoc->is_expired())
+		throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
 	    const string& sigenc = pin.get_param("openid.sig");
 	    vector<unsigned char> sig;
 	    util::decode_base64(sigenc,sig);
@@ -214,7 +214,7 @@ namespace opkele {
 		    0,&md_len);
 	    if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
 		throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
-	}catch(failed_lookup& e) { /* XXX: more specific? */
+	}catch(failed_lookup& e) {
 	    const string& slist = pin.get_param("openid.signed");
 	    string::size_type pp = 0;
 	    params_t p;
diff --git a/lib/util.cc b/lib/util.cc
index 83f0eef..4600576 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -221,9 +221,9 @@ namespace opkele {
 		 char *eptr = 0;
 		 long port = strtol(nptr,&eptr,10);
 		 if( (port>0) && (port<65535) && port!=(s?443:80) ) {
-		     char tmp[6];
-		     snprintf(tmp,sizeof(tmp),"%ld",port);
-		     rv += ':'; rv += tmp;
+		     char tmp[8];
+		     snprintf(tmp,sizeof(tmp),":%ld",port);
+		     rv += tmp;
 		 }
 		 if(ni==string::npos) {
 		     rv += '/'; return rv;