author | Michael Krelin <hacker@klever.net> | 2007-01-11 00:57:06 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2007-01-11 00:57:06 (UTC) |
commit | 06eaf00c48fc563245b85c2be4b8b5a03ef2cfe9 (patch) (unidiff) | |
tree | ef978c5d86188d2fc4c7e98a921804d7bfeb5557 /lib/server.cc | |
parent | 100199abfdf7a353f9ba2aa9618e0711213290d3 (diff) | |
download | libopkele-06eaf00c48fc563245b85c2be4b8b5a03ef2cfe9.zip libopkele-06eaf00c48fc563245b85c2be4b8b5a03ef2cfe9.tar.gz libopkele-06eaf00c48fc563245b85c2be4b8b5a03ef2cfe9.tar.bz2 |
introduced extension hooks framework
-rw-r--r-- | lib/server.cc | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/server.cc b/lib/server.cc index 5eee1f3..8c29abb 100644 --- a/lib/server.cc +++ b/lib/server.cc | |||
@@ -58,33 +58,33 @@ namespace opkele { | |||
58 | switch(st) { | 58 | switch(st) { |
59 | case sess_dh_sha1: | 59 | case sess_dh_sha1: |
60 | pout["session_type"] = "DH-SHA1"; | 60 | pout["session_type"] = "DH-SHA1"; |
61 | pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key); | 61 | pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key); |
62 | secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]); | 62 | secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]); |
63 | break; | 63 | break; |
64 | default: | 64 | default: |
65 | secret.to_base64(pout["mac_key"]); | 65 | secret.to_base64(pout["mac_key"]); |
66 | break; | 66 | break; |
67 | } | 67 | } |
68 | } | 68 | } |
69 | 69 | ||
70 | void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout) { | 70 | void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
71 | checkid_(mode_checkid_immediate,pin,return_to,pout); | 71 | checkid_(mode_checkid_immediate,pin,return_to,pout,ext); |
72 | } | 72 | } |
73 | 73 | ||
74 | void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout) { | 74 | void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
75 | checkid_(mode_checkid_setup,pin,return_to,pout); | 75 | checkid_(mode_checkid_setup,pin,return_to,pout,ext); |
76 | } | 76 | } |
77 | 77 | ||
78 | void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout) { | 78 | void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
79 | if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) | 79 | if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) |
80 | throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); | 80 | throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); |
81 | pout.clear(); | 81 | pout.clear(); |
82 | assoc_t assoc; | 82 | assoc_t assoc; |
83 | try { | 83 | try { |
84 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); | 84 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); |
85 | }catch(failed_lookup& fl) { | 85 | }catch(failed_lookup& fl) { |
86 | // no handle specified or no valid handle found, going dumb | 86 | // no handle specified or no valid handle found, going dumb |
87 | assoc = alloc_assoc(mode_checkid_setup); | 87 | assoc = alloc_assoc(mode_checkid_setup); |
88 | if(pin.has_param("openid.assoc_handle")) | 88 | if(pin.has_param("openid.assoc_handle")) |
89 | pout["invalidate_handle"]=pin.get_param("openid.assoc_handle"); | 89 | pout["invalidate_handle"]=pin.get_param("openid.assoc_handle"); |
90 | } | 90 | } |
@@ -97,25 +97,27 @@ namespace opkele { | |||
97 | validate(*assoc,pin,identity,trust_root); | 97 | validate(*assoc,pin,identity,trust_root); |
98 | pout["mode"] = "id_res"; | 98 | pout["mode"] = "id_res"; |
99 | pout["assoc_handle"] = assoc->handle(); | 99 | pout["assoc_handle"] = assoc->handle(); |
100 | if(pin.has_param("openid.assoc_handle") && assoc->stateless()) | 100 | if(pin.has_param("openid.assoc_handle") && assoc->stateless()) |
101 | pout["invalidate_handle"] = pin.get_param("openid.assoc_handle"); | 101 | pout["invalidate_handle"] = pin.get_param("openid.assoc_handle"); |
102 | pout["identity"] = identity; | 102 | pout["identity"] = identity; |
103 | pout["return_to"] = return_to; | 103 | pout["return_to"] = return_to; |
104 | /* TODO: eventually remove deprecated stuff */ | 104 | /* TODO: eventually remove deprecated stuff */ |
105 | time_t now = time(0); | 105 | time_t now = time(0); |
106 | pout["issued"] = util::time_to_w3c(now); | 106 | pout["issued"] = util::time_to_w3c(now); |
107 | pout["valid_to"] = util::time_to_w3c(now+120); | 107 | pout["valid_to"] = util::time_to_w3c(now+120); |
108 | pout["exipres_in"] = "120"; | 108 | pout["exipres_in"] = "120"; |
109 | pout.sign(assoc->secret(),pout["sig"],pout["signed"]="mode,identity,return_to"); | 109 | pout["signed"]="mode,identity,return_to"; |
110 | if(ext) ext->checkid_hook(pin,pout); | ||
111 | pout.sign(assoc->secret(),pout["sig"],pout["signed"]); | ||
110 | } | 112 | } |
111 | 113 | ||
112 | void server_t::check_authentication(const params_t& pin,params_t& pout) { | 114 | void server_t::check_authentication(const params_t& pin,params_t& pout) { |
113 | vector<unsigned char> sig; | 115 | vector<unsigned char> sig; |
114 | mimetic::Base64::Decoder b; | 116 | mimetic::Base64::Decoder b; |
115 | const string& sigenc = pin.get_param("openid.sig"); | 117 | const string& sigenc = pin.get_param("openid.sig"); |
116 | mimetic::decode( | 118 | mimetic::decode( |
117 | sigenc.begin(),sigenc.end(), b, | 119 | sigenc.begin(),sigenc.end(), b, |
118 | back_insert_iterator<vector<unsigned char> >(sig)); | 120 | back_insert_iterator<vector<unsigned char> >(sig)); |
119 | assoc_t assoc; | 121 | assoc_t assoc; |
120 | try { | 122 | try { |
121 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); | 123 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); |