-rw-r--r-- | include/opkele/basic_rp.h | 18 | ||||
-rw-r--r-- | include/opkele/types.h | 18 |
2 files changed, 18 insertions, 18 deletions
diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h index 3f17fd9..d5356aa 100644 --- a/include/opkele/basic_rp.h +++ b/include/opkele/basic_rp.h @@ -1,218 +1,200 @@ #ifndef __OPKELE_BASIC_RP_H #define __OPKELE_BASIC_RP_H -#include <cstring> #include <string> #include <opkele/types.h> #include <opkele/extension.h> namespace opkele { using std::string; - struct openid_endpoint_t { - string uri; - string claimed_id; - string local_id; - - openid_endpoint_t() { } - openid_endpoint_t(const string& u,const string& cid,const string& lid) - : uri(u), claimed_id(cid), local_id(lid) { } - - bool operator==(const openid_endpoint_t& x) const { - return uri==x.uri && local_id==x.local_id; } - bool operator<(const openid_endpoint_t& x) const { - int c; - return (c=strcmp(uri.c_str(),x.uri.c_str())) - ? (c<0) : (strcmp(local_id.c_str(),x.local_id.c_str())<0); } - }; - class basic_RP { public: virtual ~basic_RP() { } /** * @name Global persistent store API * These are functions related to the associations with OP storage * and retrieval and nonce records. They provide an interface to * the persistent storage which is shared by all sessions. If the * implementor prefers the dumb mode instead, the function should * throw dumb_RP exception instead. * @see opkele::dumb_RP * @{ */ /** * Store association and return allocated association object. * @param OP OP endpoint * @param handle association handle * @param type association type * @param secret association secret * @params expires_in the number of seconds association expires in * @return the association object * @throw dumb_RP for dumb RP */ virtual assoc_t store_assoc( const string& OP,const string& handle, const string& type,const secret_t& secret, int expires_in) = 0; /** * Find valid unexpired association with an OP. * @param OP OP endpoint URL * @return association found * @throw failed_lookup if no association found * @throw dumb_RP for dumb RP */ virtual assoc_t find_assoc( const string& OP) = 0; /** * Retrieve valid association handle for an OP by handle. * @param OP OP endpoint URL * @param handle association handle * @return association found * @throw failed_lookup if no association found * @throw dumb_RP for dumb RP */ virtual assoc_t retrieve_assoc( const string& OP,const string& handle) = 0; /** * Invalidate association with OP * @param OP OP endpoint URL * @param handle association handle * @throw dumb_RP for dumb RP */ virtual void invalidate_assoc(const string& OP,const string& handle) = 0; /** * Check the nonce validity. That is, check that we haven't * accepted request with this nonce from this OP, yet. May involve * cutting off by the timestamp and checking the rest against the * store of seen nonces. * @param OP OP endpoint URL * @param nonce nonce value * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e. * either too old or seen. */ virtual void check_nonce(const string& OP,const string& nonce) = 0; /** * @} */ /** * @name Session persistent store API * @{ */ /** * Retrieve OpenID endpoint being currently used for * authentication. If there is no endpoint available, throw a * no_endpoint exception. * @return reference to the service endpoint object * @see next_endpoint * @throw no_endpoint if no endpoint available */ virtual const openid_endpoint_t& get_endpoint() const = 0; /** * Advance to the next endpoint to try. * @see get_endpoint() * @throw no_endpoint if there are no more endpoints */ virtual void next_endpoint() = 0; /** * @} */ /** * @name Site particulars API * @{ */ /** * Return an absolute URL of the page being processed, includining * query parameters. It is used to validate return_to URL on * positive assertions. * @return fully qualified url of the page being processed. */ virtual const string get_this_url() const = 0; /** * @} */ /** * @name OpenID actions * @{ */ /** * Initiates authentication session, doing discovery, normalization * and whatever implementor wants to do at this point. * @param usi User-supplied identity */ virtual void initiate(const string& usi) = 0; /** * Prepare checkid_request. * @param rv reference to the openid message to prepare * @param mode checkid_setup or checkid_immediate * @param return_to the URL OP should redirect to after completion * @param realm authentication realm to pass to OP * @param ext pointer to extension to use in request preparation * @return reference to the openid message */ basic_openid_message& checkid_( basic_openid_message& rv, mode_t mode, const string& return_to,const string& realm, extension_t *ext=0); /** * Verify assertion at the end of round-trip. * @param om incoming openid message * @param ext pointer to extention to use in parsing assertion * @throw id_res_setup if checkid_immediate request could not be * completed * @throw id_res_cancel if authentication request was canceled * @throw id_res_mismatch in case of signature mismatch * @throw id_res_bad_return_to if return_to url seems to be * tampered with * @throw id_res_unauthorized if OP is not authorized to make * assertions regarding the identity */ void id_res(const basic_openid_message& om,extension_t *ext=0); /** * Establish association with OP * @param OP OP to establish association with * @throw dumb_RP if for a dumb RP */ virtual assoc_t associate(const string& OP); /** * Check authentication with OP and invalidate handle if requested * and confirmed * @param OP OP to check with * @param om message to check * @throw failed_check_authentication if OP fails to confirm * authenticity of the assertion */ void check_authentication(const string& OP,const basic_openid_message& om); /** * @} */ /** * @name Miscellanea * @{ */ /** * Verify OP authority. Return normally if OP is authorized to make * an assertion, throw an exception otherwise. * @param OP OP endpoint * @param claimed_id claimed identity * @param identity OP-Local identifier * @throw id_res_unauthorized if OP is not authorized to make * assertion regarding this identity. */ virtual void verify_OP(const string& OP, const string& claimed_id,const string& identity) const = 0; /** * @} */ }; } #endif /* __OPKELE_BASIC_RP_H */ diff --git a/include/opkele/types.h b/include/opkele/types.h index 5d39a5c..6ab51ef 100644 --- a/include/opkele/types.h +++ b/include/opkele/types.h @@ -1,211 +1,229 @@ #ifndef __OPKELE_TYPES_H #define __OPKELE_TYPES_H /** * @file * @brief various types declarations */ +#include <cstring> #include <ostream> #include <vector> #include <string> #include <map> #include <set> #include <list> #include <opkele/iterator.h> #include <opkele/tr1-mem.h> namespace opkele { using std::vector; using std::string; using std::map; using std::ostream; using std::multimap; using std::set; using std::list; using std::iterator; using std::forward_iterator_tag; /** * the OpenID operation mode */ typedef enum _mode_t { mode_unknown = 0, mode_associate, mode_checkid_immediate, mode_checkid_setup, mode_check_association } mode_t; /** * the association secret container */ class secret_t : public vector<unsigned char> { public: /** * xor the secret and hmac together and encode, using base64 * @param key_d pointer to the message digest * @param rv reference to the return value */ void enxor_to_base64(const unsigned char *key_d,string& rv) const; /** * decode base64-encoded secret and xor it with the message digest * @param key_d pointer to the message digest * @param b64 base64-encoded secret value */ void enxor_from_base64(const unsigned char *key_d,const string& b64); /** * plainly encode to base64 representation * @param rv reference to the return value */ void to_base64(string& rv) const; /** * decode cleartext secret from base64 * @param b64 base64-encoded representation of the secret value */ void from_base64(const string& b64); }; /** * Interface to the association. */ class association_t { public: virtual ~association_t() { } /** * retrieve the server with which association was established. * @return server name */ virtual string server() const = 0; /** * retrieve the association handle. * @return handle */ virtual string handle() const = 0; /** * retrieve the association type. * @return association type */ virtual string assoc_type() const = 0; /** * retrieve the association secret. * @return association secret */ virtual secret_t secret() const = 0; /** * retrieve the number of seconds the association expires in. * @return seconds till expiration */ virtual int expires_in() const = 0; /** * check whether the association is stateless. * @return true if stateless */ virtual bool stateless() const = 0; /** * check whether the association is expired. * @return true if expired */ virtual bool is_expired() const = 0; }; /** * the shared_ptr<> for association_t object type */ typedef tr1mem::shared_ptr<association_t> assoc_t; class basic_openid_message { public: typedef list<string> fields_t; typedef util::forward_iterator_proxy< string,const string&,const string* > fields_iterator; basic_openid_message() { } basic_openid_message(const basic_openid_message& x); void copy_to(basic_openid_message& x) const; virtual bool has_field(const string& n) const = 0; virtual const string& get_field(const string& n) const = 0; virtual bool has_ns(const string& uri) const; virtual string get_ns(const string& uri) const; virtual fields_iterator fields_begin() const = 0; virtual fields_iterator fields_end() const = 0; virtual string append_query(const string& url) const; virtual string query_string() const; virtual void reset_fields(); virtual void set_field(const string& n,const string& v); virtual void reset_field(const string& n); virtual void from_keyvalues(const string& kv); virtual void to_keyvalues(ostream& o) const; virtual void to_htmlhiddens(ostream& o) const; void add_to_signed(const string& fields); string find_ns(const string& uri,const char *pfx) const; string allocate_ns(const string& uri,const char *pfx); }; class openid_message_t : public basic_openid_message, public map<string,string> { public: openid_message_t() { } openid_message_t(const basic_openid_message& x) : basic_openid_message(x) { } void copy_to(basic_openid_message& x) const; bool has_field(const string& n) const; const string& get_field(const string& n) const; virtual fields_iterator fields_begin() const; virtual fields_iterator fields_end() const; void reset_fields(); void set_field(const string& n,const string& v); void reset_field(const string& n); }; /** * request/response parameters map */ class params_t : public openid_message_t { public: /** * check whether the parameter is present. * @param n the parameter name * @return true if yes */ bool has_param(const string& n) const { return has_field(n); } /** * retrieve the parameter (const version) * @param n the parameter name * @return the parameter value * @throw failed_lookup if there is no such parameter */ const string& get_param(const string& n) const { return get_field(n); } /** * parse the OpenID key/value data. * @param kv the OpenID key/value data */ void parse_keyvalues(const string& kv) { from_keyvalues(kv); } string append_query(const string& url,const char *prefix="openid.") const; }; + struct openid_endpoint_t { + string uri; + string claimed_id; + string local_id; + + openid_endpoint_t() { } + openid_endpoint_t(const string& u,const string& cid,const string& lid) + : uri(u), claimed_id(cid), local_id(lid) { } + + bool operator==(const openid_endpoint_t& x) const { + return uri==x.uri && local_id==x.local_id; } + bool operator<(const openid_endpoint_t& x) const { + int c; + return (c=strcmp(uri.c_str(),x.uri.c_str())) + ? (c<0) : (strcmp(local_id.c_str(),x.local_id.c_str())<0); } + }; + } #endif /* __OPKELE_TYPES_H */ |