summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_op.h77
1 files changed, 75 insertions, 2 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h
index 4daed02..a0f0af0 100644
--- a/include/opkele/basic_op.h
+++ b/include/opkele/basic_op.h
@@ -1,132 +1,205 @@
1#ifndef __OPKELE_BASIC_OP_H 1#ifndef __OPKELE_BASIC_OP_H
2#define __OPKELE_BASIC_OP_H 2#define __OPKELE_BASIC_OP_H
3 3
4#include <string> 4#include <string>
5#include <opkele/types.h> 5#include <opkele/types.h>
6#include <opkele/extension.h> 6#include <opkele/extension.h>
7 7
8namespace opkele { 8namespace opkele {
9 using std::string; 9 using std::string;
10 10
11 class basic_OP { 11 class basic_OP {
12 public: 12 public:
13 /**
14 * The request mode for the request being processed
15 */
13 mode_t mode; 16 mode_t mode;
17 /**
18 * association used in transaction. reset in case of dumb operation
19 */
14 assoc_t assoc; 20 assoc_t assoc;
21 /**
22 * true if the request is openid2 request
23 */
15 bool openid2; 24 bool openid2;
25 /**
26 * The return_to RP endpoint
27 */
16 string return_to; 28 string return_to;
29 /**
30 * The realm we authenticate for
31 */
17 string realm; 32 string realm;
33 /**
34 * Claimed identifier
35 */
18 string claimed_id; 36 string claimed_id;
37 /**
38 * The OP-Local identifier
39 */
19 string identity; 40 string identity;
41 /**
42 * The invalidate handle for the reply request
43 */
20 string invalidate_handle; 44 string invalidate_handle;
21 45
22 void reset_vars(); 46 void reset_vars();
23 47
48 /**
49 * @name Request information access
50 * Setting and retrieval of the information pertaining to the request being processed
51 * @{
52 */
53 /**
54 * Check if the RP expects us to get back to them.
55 * @return true if RP supplied return_to URL
56 */
24 bool has_return_to() const; 57 bool has_return_to() const;
58 /**
59 * Find out where the RP is waiting for us.
60 * @return the return_to URL supplied
61 * @throw no_return_to if no return_to is supplied with the request
62 */
25 const string& get_return_to() const; 63 const string& get_return_to() const;
26 64
65 /**
66 * Find out what realm we are authenticating user for
67 * @return the realm
68 */
27 const string& get_realm() const; 69 const string& get_realm() const;
28 70
71 /**
72 * Check if request is about identity
73 * @return true if so
74 */
29 bool has_identity() const; 75 bool has_identity() const;
76 /**
77 * Get claimed identifier supplied with the request
78 * @return claimed identifier
79 * @throw non_identity if request is not about identity
80 */
30 const string& get_claimed_id() const; 81 const string& get_claimed_id() const;
82 /**
83 * Get the identity (OP-Local identifier) being confirmed
84 * @return identity
85 * @throw non_identity if request is not about identity
86 */
31 const string& get_identity() const; 87 const string& get_identity() const;
32 88
89 /**
90 * Is identifier supposed to be selected on our side?
91 * @return true if identity is a special identifier select URI
92 */
33 bool is_id_select() const; 93 bool is_id_select() const;
34 94
35 void select_identity(const string& c,const string& i); 95 /**
36 void set_claimed_id(const string& c); 96 * Select the identity for identifier select request
97 * @param cid claimed identifier
98 * @param lid local identifier
99 */
100 void select_identity(const string& cid,const string& lid);
101 /**
102 * Set claimed identifier (for instance if it's supposed to have
103 * fragment part)
104 * @param cid claimed identifier
105 */
106 void set_claimed_id(const string& cid);
107 /**
108 * @}
109 */
37 110
38 /** @name OpenID operations 111 /** @name OpenID operations
39 * @{ 112 * @{
40 */ 113 */
41 /** 114 /**
42 * Establish association with RP 115 * Establish association with RP
43 * @param oum reply message 116 * @param oum reply message
44 * @param inm request message 117 * @param inm request message
45 */ 118 */
46 basic_openid_message& associate( 119 basic_openid_message& associate(
47 basic_openid_message& oum, 120 basic_openid_message& oum,
48 const basic_openid_message& inm); 121 const basic_openid_message& inm);
49 122
50 /** 123 /**
51 * Parse the checkid_* request. The function parses input message, 124 * Parse the checkid_* request. The function parses input message,
52 * retrieves the information needed for further processing, 125 * retrieves the information needed for further processing,
53 * verifies what can be verified at this stage. 126 * verifies what can be verified at this stage.
54 * @param inm incoming OpenID message 127 * @param inm incoming OpenID message
55 * @param ext extension/chain of extensions supported 128 * @param ext extension/chain of extensions supported
56 */ 129 */
57 void checkid_(const basic_openid_message& inm,extension_t *ext=0); 130 void checkid_(const basic_openid_message& inm,extension_t *ext=0);
58 /** 131 /**
59 * Build and sign a positive assertion message 132 * Build and sign a positive assertion message
60 * @param om outpu OpenID message 133 * @param om outpu OpenID message
61 * @param ext extension/chain of extensions supported 134 * @param ext extension/chain of extensions supported
62 * @return reference to om 135 * @return reference to om
63 */ 136 */
64 basic_openid_message& id_res(basic_openid_message& om, 137 basic_openid_message& id_res(basic_openid_message& om,
65 extension_t *ext=0); 138 extension_t *ext=0);
66 /** 139 /**
67 * Build a 'cancel' negative assertion 140 * Build a 'cancel' negative assertion
68 * @param om output OpenID message 141 * @param om output OpenID message
69 * @return reference to om 142 * @return reference to om
70 */ 143 */
71 basic_openid_message& cancel(basic_openid_message& om); 144 basic_openid_message& cancel(basic_openid_message& om);
72 /** 145 /**
73 * Build an 'error' reply 146 * Build an 'error' reply
74 * @param om output OpenID message 147 * @param om output OpenID message
75 * @param error a human-readable message indicating the cause 148 * @param error a human-readable message indicating the cause
76 * @param contact contact address for the server administrator (can be empty) 149 * @param contact contact address for the server administrator (can be empty)
77 * @param reference a reference token (can be empty) 150 * @param reference a reference token (can be empty)
78 * @return reference to om 151 * @return reference to om
79 */ 152 */
80 basic_openid_message& error(basic_openid_message& om, 153 basic_openid_message& error(basic_openid_message& om,
81 const string& error,const string& contact, 154 const string& error,const string& contact,
82 const string& reference ); 155 const string& reference );
83 /** 156 /**
84 * Build a setup_needed reply to checkid_immediate request 157 * Build a setup_needed reply to checkid_immediate request
85 * @param oum output OpenID message 158 * @param oum output OpenID message
86 * @param inm incoming OpenID request being processed 159 * @param inm incoming OpenID request being processed
87 * @return reference to oum 160 * @return reference to oum
88 */ 161 */
89 basic_openid_message& setup_needed( 162 basic_openid_message& setup_needed(
90 basic_openid_message& oum,const basic_openid_message& inm); 163 basic_openid_message& oum,const basic_openid_message& inm);
91 164
92 /** 165 /**
93 * Process check_authentication request 166 * Process check_authentication request
94 * @param oum output OpenID message 167 * @param oum output OpenID message
95 * @param inm incoming request 168 * @param inm incoming request
96 * @return reference to oum 169 * @return reference to oum
97 */ 170 */
98 basic_openid_message& check_authentication( 171 basic_openid_message& check_authentication(
99 basic_openid_message& oum,const basic_openid_message& inm); 172 basic_openid_message& oum,const basic_openid_message& inm);
100 /** 173 /**
101 * @} 174 * @}
102 */ 175 */
103 176
104 /** 177 /**
105 * Verify return_to url. The default implementation checks whether 178 * Verify return_to url. The default implementation checks whether
106 * return_to URI matches the realm 179 * return_to URI matches the realm
107 * @throw bad_realm in case of invalid realm 180 * @throw bad_realm in case of invalid realm
108 * @throw bad_return_to if return_to doesn't match the realm 181 * @throw bad_return_to if return_to doesn't match the realm
109 * @see verify_op::verify_return_to() 182 * @see verify_op::verify_return_to()
110 */ 183 */
111 virtual void verify_return_to(); 184 virtual void verify_return_to();
112 185
113 /** 186 /**
114 * @name Global persistent store API 187 * @name Global persistent store API
115 * These functions are related to the associations with RPs storage 188 * These functions are related to the associations with RPs storage
116 * and retrieval and nonce management. 189 * and retrieval and nonce management.
117 * @{ 190 * @{
118 */ 191 */
119 /** 192 /**
120 * Allocate association. 193 * Allocate association.
121 * @param type association type 194 * @param type association type
122 * @param kl association key length 195 * @param kl association key length
123 * @param sl true if the association is stateless 196 * @param sl true if the association is stateless
124 * @return association object 197 * @return association object
125 */ 198 */
126 virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0; 199 virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0;
127 /** 200 /**
128 * Retrieve valid unexpired association 201 * Retrieve valid unexpired association
129 * @param handle association handle 202 * @param handle association handle
130 * @return association object 203 * @return association object
131 */ 204 */
132 virtual assoc_t retrieve_assoc(const string& handle) = 0; 205 virtual assoc_t retrieve_assoc(const string& handle) = 0;