| author | Michael Krelin <hacker@klever.net> | 2008-02-19 10:52:09 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2008-02-19 10:52:09 (UTC) |
| commit | 42e4fb613d190508b3e8b8993d233044eeea4d20 (patch) (side-by-side diff) | |
| tree | 9b8ebc420942554f927a777e03c70a7c65305a88 /lib | |
| parent | a3db32747e8370cab8cfdcc382fee875613b7b77 (diff) | |
| download | libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.zip libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.gz libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.bz2 | |
basic_RP: add methods for accessing identity information passed from OP.
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | lib/basic_rp.cc | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index e65d9fb..3357d0b 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc @@ -5,15 +5,34 @@ #include <opkele/exception.h> #include <opkele/uris.h> #include <opkele/data.h> #include <opkele/util.h> #include <opkele/util-internal.h> #include <opkele/curl.h> +#include <opkele/debug.h> namespace opkele { + void basic_RP::reset_vars() { + claimed_id.clear(); identity.clear(); + } + + const string& basic_RP::get_claimed_id() const { + if(claimed_id.empty()) + throw non_identity(OPKELE_CP_ "attempting to retreive claimed_id of non-identity assertion"); + assert(!identity.empty()); + return claimed_id; + } + + const string& basic_RP::get_identity() const { + if(identity.empty()) + throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related assertion"); + assert(!claimed_id.empty()); + return identity; + } + static void dh_get_secret( secret_t& secret, const basic_openid_message& om, const char *exp_assoc, const char *exp_sess, util::dh_t& dh, size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*), size_t exp_s_len) try { @@ -193,12 +212,13 @@ namespace opkele { q = ++am; } } } void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) { + reset_vars(); bool o2 = om.has_field("ns") && om.get_field("ns")==OIURI_OPENID20; if( (!o2) && om.has_field("user_setup_url")) throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided", om.get_field("user_setup_url")); string m = om.get_field("mode"); @@ -268,18 +288,23 @@ namespace opkele { throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request"); if(tpi->second!=rpi->second) throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request"); } if(om.has_field("claimed_id")) { + claimed_id = om.get_field("claimed_id"); + identity = om.get_field("identity"); verify_OP( om.get_field("op_endpoint"), - om.get_field("claimed_id"), - om.get_field("identity") ); + claimed_id, identity ); } + }else{ + claimed_id = get_endpoint().claimed_id; + /* TODO: check if this is the identity we asked for */ + identity = om.get_field("identity"); } if(ext) ext->rp_id_res_hook(om,signeds); } void basic_RP::check_authentication(const string& OP, const basic_openid_message& om){ |