| -rw-r--r-- | include/opkele/basic_op.h | 2 | ||||
| -rw-r--r-- | include/opkele/verify_op.h | 2 | ||||
| -rw-r--r-- | lib/verify_op.cc | 2 | ||||
| -rw-r--r-- | test/OP.cc | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h index 0e3231d..0326508 100644 --- a/include/opkele/basic_op.h +++ b/include/opkele/basic_op.h @@ -121,129 +121,129 @@ namespace opkele { */ basic_openid_message& associate( basic_openid_message& oum, const basic_openid_message& inm); /** * Parse the checkid_* request. The function parses input message, * retrieves the information needed for further processing, * verifies what can be verified at this stage. * @param inm incoming OpenID message * @param ext extension/chain of extensions supported */ void checkid_(const basic_openid_message& inm,extension_t *ext=0); /** * Build and sign a positive assertion message * @param om outpu OpenID message * @param ext extension/chain of extensions supported * @return reference to om */ basic_openid_message& id_res(basic_openid_message& om, extension_t *ext=0); /** * Build a 'cancel' negative assertion * @param om output OpenID message * @return reference to om */ basic_openid_message& cancel(basic_openid_message& om); /** * Build an 'error' reply * @param om output OpenID message * @param error a human-readable message indicating the cause * @param contact contact address for the server administrator (can be empty) * @param reference a reference token (can be empty) * @return reference to om */ basic_openid_message& error(basic_openid_message& om, const string& error,const string& contact, const string& reference ); /** * Build a setup_needed reply to checkid_immediate request * @param oum output OpenID message * @param inm incoming OpenID request being processed * @return reference to oum */ basic_openid_message& setup_needed( basic_openid_message& oum,const basic_openid_message& inm); /** * Process check_authentication request * @param oum output OpenID message * @param inm incoming request * @return reference to oum */ basic_openid_message& check_authentication( basic_openid_message& oum,const basic_openid_message& inm); /** * @} */ /** * Verify return_to url. The default implementation checks whether * return_to URI matches the realm * @throw bad_realm in case of invalid realm * @throw bad_return_to if return_to doesn't match the realm - * @see verify_op::verify_return_to() + * @see verify_OP::verify_return_to() */ virtual void verify_return_to(); /** * @name Global persistent store API * These functions are related to the associations with RPs storage * and retrieval and nonce management. * @{ */ /** * Allocate association. * @param type association type * @param kl association key length * @param sl true if the association is stateless * @return association object */ virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0; /** * Retrieve valid unexpired association * @param handle association handle * @return association object */ virtual assoc_t retrieve_assoc(const string& handle) = 0; /** * Allocate nonce. * @param nonce input-output parameter containing timestamp part of * the nonce on input * @param sl true if the nonce is * @return reference to nonce * @throw failed_lookup if no such valid unexpired association * could be retrieved */ virtual string& alloc_nonce(string& nonce) = 0; /** * Check nonce validity * @param nonce nonce to check * @return true if nonce found and isn't yet invalidated */ virtual bool check_nonce(const string& nonce) = 0; /** * Invalidate nonce * @param nonce nonce to check */ virtual void invalidate_nonce(const string& nonce) = 0; /** * @} */ /** * @name Site particulars API * @{ */ /** * Query the absolute URL of the op endpoint * @return fully qualified url of the OP endpoint */ virtual const string get_op_endpoint() const = 0; /** * @} */ }; } diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h index 6b94240..9e29bac 100644 --- a/include/opkele/verify_op.h +++ b/include/opkele/verify_op.h @@ -1,26 +1,26 @@ #ifndef __OPKELE_VERIFY_OP_H #define __OPKELE_VERIFY_OP_H #include <opkele/basic_op.h> namespace opkele { /** * The OP implementation that does discovery verification on RP */ - class verify_op : public basic_OP { + class verify_OP : public basic_OP { public: /** * In addition to basic_OP::verify_return_to() functionality this * implementation does the discovery on RP to see if return_to matches * the realm * @throw bad_return_to in case we fail to discover corresponding * service endpoint */ void verify_return_to(); }; } #endif /* __OPKELE_VERIFY_OP_H */ diff --git a/lib/verify_op.cc b/lib/verify_op.cc index 0beca2d..ab21b4f 100644 --- a/lib/verify_op.cc +++ b/lib/verify_op.cc @@ -1,53 +1,53 @@ #include <opkele/verify_op.h> #include <opkele/discovery.h> #include <opkele/exception.h> #include <opkele/util.h> #include <opkele/uris.h> namespace opkele { using std::output_iterator_tag; class __RP_verifier_good_input : public exception { public: __RP_verifier_good_input(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { public: int seen; const string& return_to; RP_verifier(const string& rt) : return_to(rt), seen(0) { } RP_verifier& operator*() { return *this; } RP_verifier& operator=(const openid_endpoint_t& oep) { if(util::uri_matches_realm(return_to,oep.uri)) throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); return *this; } RP_verifier& operator++() { ++seen; return *this; } RP_verifier& operator++(int) { +seen; return *this; } }; - void verify_op::verify_return_to() { + void verify_OP::verify_return_to() { basic_OP::verify_return_to(); try { RP_verifier rpv(return_to); string drealm = realm; string::size_type csss = drealm.find("://*."); if(csss==4 || csss==5) drealm.replace(csss+3,1,"www"); const char *rtt[] = { STURI_OPENID20_RT, 0 }; yadiscover(rpv,drealm,rtt,false); if(rpv.seen) throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); }catch(__RP_verifier_good_input&) { }catch(bad_return_to& brt) { throw; }catch(exception_network&) { } } } @@ -1,119 +1,119 @@ #include <uuid/uuid.h> #include <iostream> #include <cassert> #include <string> #include <ext/algorithm> using namespace std; #include <kingate/exception.h> #include <kingate/plaincgi.h> #include <kingate/cgi_gateway.h> #include <opkele/exception.h> #include <opkele/util.h> #include <opkele/uris.h> #include <opkele/extension.h> #include <opkele/association.h> #include <opkele/debug.h> #include <opkele/verify_op.h> #include <opkele/sreg.h> #include "sqlite.h" #include "kingate_openid_message.h" static const string get_self_url(const kingate::cgi_gateway& gw) { bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); string rv = s?"https://":"http://"; rv += gw.http_request_header("Host"); const string& port = gw.get_meta("SERVER_PORT"); if( port!=(s?"443":"80") ) { rv += ':'; rv += port; } rv += gw.get_meta("REQUEST_URI"); string::size_type q = rv.find('?'); if(q!=string::npos) rv.erase(q); return rv; } class opdb_t : public sqlite3_t { public: opdb_t() : sqlite3_t("/tmp/OP.db") { assert(_D); char **resp; int nr,nc; char *errm; if(sqlite3_get_table( _D, "SELECT a_op FROM assoc LIMIT 0", &resp,&nr,&nc,&errm)!=SQLITE_OK) { extern const char *__OP_db_bootstrap; DOUT_("Bootstrapping DB"); if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); }else sqlite3_free_table(resp); } }; -class example_op_t : public opkele::verify_op { +class example_op_t : public opkele::verify_OP { public: kingate::cgi_gateway& gw; opdb_t db; kingate::cookie htc; example_op_t(kingate::cgi_gateway& gw) : gw(gw) { try { htc = gw.cookies.get_cookie("htop_session"); sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", htc.get_value().c_str()); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); if(nr<1) throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); }catch(kingate::exception_notfound& kenf) { uuid_t uuid; uuid_generate(uuid); htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); sqlite3_mem_t<char*> S = sqlite3_mprintf( "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", htc.get_value().c_str()); db.exec(S); } } void set_authorized(bool a) { sqlite3_mem_t<char*> S = sqlite3_mprintf( "UPDATE ht_sessions" " SET authorized=%d" " WHERE hts_id=%Q", (int)a,htc.get_value().c_str()); db.exec(S); } bool get_authorized() { sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT authorized" " FROM ht_sessions" " WHERE hts_id=%Q", htc.get_value().c_str()); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); assert(nr==1); assert(nc=1); return opkele::util::string_to_long(T.get(1,0,nc)); } ostream& cookie_header(ostream& o) const { o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; return o; } opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { uuid_t uuid; uuid_generate(uuid); string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); opkele::secret_t a_secret; generate_n( back_insert_iterator<opkele::secret_t>(a_secret),klength, rand ); string ssecret; a_secret.to_base64(ssecret); time_t now = time(0); int expires_in = sl?3600*2:3600*24*7*2; |