-rw-r--r-- | include/Makefile.am | 3 | ||||
-rw-r--r-- | include/opkele/consumer.h | 25 | ||||
-rw-r--r-- | include/opkele/exception.h | 10 | ||||
-rw-r--r-- | include/opkele/extension.h | 59 | ||||
-rw-r--r-- | include/opkele/server.h | 10 | ||||
-rw-r--r-- | lib/Makefile.am | 3 | ||||
-rw-r--r-- | lib/consumer.cc | 16 | ||||
-rw-r--r-- | lib/extension.cc | 15 | ||||
-rw-r--r-- | lib/server.cc | 14 |
9 files changed, 127 insertions, 28 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index b014752..72931eb 100644 --- a/include/Makefile.am +++ b/include/Makefile.am | |||
@@ -5,7 +5,8 @@ nobase_include_HEADERS = \ | |||
5 | opkele/association.h \ | 5 | opkele/association.h \ |
6 | opkele/exception.h \ | 6 | opkele/exception.h \ |
7 | opkele/server.h \ | 7 | opkele/server.h \ |
8 | opkele/consumer.h | 8 | opkele/consumer.h \ |
9 | opkele/extension.h | ||
9 | EXTRA_DIST = \ | 10 | EXTRA_DIST = \ |
10 | opkele/data.h \ | 11 | opkele/data.h \ |
11 | opkele/util.h | 12 | opkele/util.h |
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h index 9932315..f9939cf 100644 --- a/include/opkele/consumer.h +++ b/include/opkele/consumer.h | |||
@@ -2,6 +2,7 @@ | |||
2 | #define __OPKELE_CONSUMER_H | 2 | #define __OPKELE_CONSUMER_H |
3 | 3 | ||
4 | #include <opkele/types.h> | 4 | #include <opkele/types.h> |
5 | #include <opkele/extension.h> | ||
5 | 6 | ||
6 | /** | 7 | /** |
7 | * @file | 8 | * @file |
@@ -82,20 +83,22 @@ namespace opkele { | |||
82 | * @param identity the identity to verify | 83 | * @param identity the identity to verify |
83 | * @param return_to the return_to url to pass with the request | 84 | * @param return_to the return_to url to pass with the request |
84 | * @param trust_root the trust root to advertise with the request | 85 | * @param trust_root the trust root to advertise with the request |
86 | * @param ext pointer to an extension(s) hooks object | ||
85 | * @return the location string | 87 | * @return the location string |
86 | * @throw exception in case of error | 88 | * @throw exception in case of error |
87 | */ | 89 | */ |
88 | string checkid_immediate(const string& identity,const string& return_to,const string& trust_root=""); | 90 | string checkid_immediate(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); |
89 | /** | 91 | /** |
90 | * prepare the parameters for the checkid_setup | 92 | * prepare the parameters for the checkid_setup |
91 | * request. | 93 | * request. |
92 | * @param identity the identity to verify | 94 | * @param identity the identity to verify |
93 | * @param return_to the return_to url to pass with the request | 95 | * @param return_to the return_to url to pass with the request |
94 | * @param trust_root the trust root to advertise with the request | 96 | * @param trust_root the trust root to advertise with the request |
97 | * @param ext pointer to an extension(s) hooks object | ||
95 | * @return the location string | 98 | * @return the location string |
96 | * @throw exception in case of error | 99 | * @throw exception in case of error |
97 | */ | 100 | */ |
98 | string checkid_setup(const string& identity,const string& return_to,const string& trust_root=""); | 101 | string checkid_setup(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); |
99 | /** | 102 | /** |
100 | * the actual implementation behind checkid_immediate() and | 103 | * the actual implementation behind checkid_immediate() and |
101 | * checkid_setup() functions. | 104 | * checkid_setup() functions. |
@@ -103,24 +106,24 @@ namespace opkele { | |||
103 | * @param identity the identity to verify | 106 | * @param identity the identity to verify |
104 | * @param return_to the return_to url to pass with the request | 107 | * @param return_to the return_to url to pass with the request |
105 | * @param trust_root the trust root to advertise with the request | 108 | * @param trust_root the trust root to advertise with the request |
109 | * @param ext pointer to an extension(s) hooks object | ||
106 | * @return the location string | 110 | * @return the location string |
107 | * @throw exception in case of error | 111 | * @throw exception in case of error |
108 | */ | 112 | */ |
109 | string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root=""); | 113 | string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); |
110 | /** | 114 | /** |
111 | * verify the id_res response | 115 | * verify the id_res response |
112 | * @param pin the response parameters | 116 | * @param pin the response parameters |
113 | * @param identity the identity being checked (if not specified, extracted | 117 | * @param identity the identity being checked (if not specified, |
114 | * from the openid.identity parameter | 118 | * @param ext pointer to an extension(s) hooks object |
115 | * @throw id_res_mismatch in case of signature | 119 | * extracted from the openid.identity parameter |
116 | * mismatch | 120 | * @throw id_res_mismatch in case of signature mismatch |
117 | * @throw id_res_setup in case of | 121 | * @throw id_res_setup in case of openid.user_setup_url failure |
118 | * openid.user_setup_url failure (supposedly | 122 | * (supposedly checkid_immediate only) |
119 | * checkid_immediate only) | ||
120 | * @throw id_res_failed in case of failure | 123 | * @throw id_res_failed in case of failure |
121 | * @throw exception in case of other failures | 124 | * @throw exception in case of other failures |
122 | */ | 125 | */ |
123 | void id_res(const params_t& pin,const string& identity=""); | 126 | void id_res(const params_t& pin,const string& identity="",extension_t *ext=0); |
124 | /** | 127 | /** |
125 | * perform a check_authentication request. | 128 | * perform a check_authentication request. |
126 | * @param server the OpenID server | 129 | * @param server the OpenID server |
diff --git a/include/opkele/exception.h b/include/opkele/exception.h index c5f5811..9fc9bd3 100644 --- a/include/opkele/exception.h +++ b/include/opkele/exception.h | |||
@@ -205,6 +205,16 @@ namespace opkele { | |||
205 | ~exception_curl() throw() { } | 205 | ~exception_curl() throw() { } |
206 | }; | 206 | }; |
207 | 207 | ||
208 | /** | ||
209 | * not implemented (think pure virtual) member function executed, signfies | ||
210 | * programmer error | ||
211 | */ | ||
212 | class not_implemented : public exception { | ||
213 | public: | ||
214 | not_implemented(OPKELE_E_PARS) | ||
215 | : exception(OPKELE_E_CONS) { } | ||
216 | }; | ||
217 | |||
208 | } | 218 | } |
209 | 219 | ||
210 | #endif /* __OPKELE_EXCEPTION_H */ | 220 | #endif /* __OPKELE_EXCEPTION_H */ |
diff --git a/include/opkele/extension.h b/include/opkele/extension.h new file mode 100644 index 0000000..3fb5f6e --- a/dev/null +++ b/include/opkele/extension.h | |||
@@ -0,0 +1,59 @@ | |||
1 | #ifndef __OPKELE_EXTENSIONS_H | ||
2 | #define __OPKELE_EXTENSIONS_H | ||
3 | |||
4 | /** | ||
5 | * @file | ||
6 | * @brief extensions framework basics | ||
7 | */ | ||
8 | |||
9 | #include <opkele/types.h> | ||
10 | |||
11 | /** | ||
12 | * @brief the main opkele namespace | ||
13 | */ | ||
14 | namespace opkele { | ||
15 | |||
16 | /** | ||
17 | * OpenID consumer extension hooks base class | ||
18 | */ | ||
19 | class extension_t { | ||
20 | public: | ||
21 | /** | ||
22 | * hook called by consumer before submitting data to OpenID server. | ||
23 | * It is supposed to manipulate parameters list. | ||
24 | * @param p parameters about to be submitted to server | ||
25 | * @param identity identity being verified. It may differ from the | ||
26 | * one available in parameters list in case of delegation | ||
27 | */ | ||
28 | virtual void checkid_hook(params_t& p,const string& identity); | ||
29 | /** | ||
30 | * hook called by consumer after identity information received from | ||
31 | * OpenID server is verified. | ||
32 | * @param p parameters received from server | ||
33 | * @param sp signed parameters received from server with 'openid.' | ||
34 | * leader stripped | ||
35 | * @param identity identity confirmed. May differ from the one | ||
36 | * available in parameters list in case of delegation. May also be | ||
37 | * empty which means - extract one from parameters | ||
38 | */ | ||
39 | virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); | ||
40 | |||
41 | /** | ||
42 | * hook called by server before returning information to consumer. | ||
43 | * The hook may manipulate output parameters. It is important to | ||
44 | * note that modified pout["signed"] is used for signing response. | ||
45 | * @param pin request parameters list | ||
46 | * @param put response parameters list | ||
47 | */ | ||
48 | virtual void checkid_hook(const params_t& pin,params_t& pout); | ||
49 | |||
50 | /** | ||
51 | * Casts the object to pointer to itself. For convenient passing | ||
52 | * of pointer. | ||
53 | */ | ||
54 | operator extension_t*(void) { return this; } | ||
55 | }; | ||
56 | |||
57 | } | ||
58 | |||
59 | #endif /* __OPKELE_EXTENSIONS_H */ | ||
diff --git a/include/opkele/server.h b/include/opkele/server.h index fe07448..bf131d8 100644 --- a/include/opkele/server.h +++ b/include/opkele/server.h | |||
@@ -7,6 +7,7 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <opkele/types.h> | 9 | #include <opkele/types.h> |
10 | #include <opkele/extension.h> | ||
10 | 11 | ||
11 | /** | 12 | /** |
12 | * @brief the main opkele namespace | 13 | * @brief the main opkele namespace |
@@ -60,17 +61,19 @@ namespace opkele { | |||
60 | * @param pin the incoming request parameters | 61 | * @param pin the incoming request parameters |
61 | * @param return_to reference to the object to store return_to url to | 62 | * @param return_to reference to the object to store return_to url to |
62 | * @param pout the response parameters | 63 | * @param pout the response parameters |
64 | * @param ext pointer to the extension hooks object | ||
63 | * @throw exception in case of errors or negative reply | 65 | * @throw exception in case of errors or negative reply |
64 | */ | 66 | */ |
65 | void checkid_immediate(const params_t& pin,string& return_to,params_t& pout); | 67 | void checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); |
66 | /** | 68 | /** |
67 | * process the checkid_setup request. | 69 | * process the checkid_setup request. |
68 | * @param pin the incoming request parameters | 70 | * @param pin the incoming request parameters |
69 | * @param return_to reference to the object to store return_to url to | 71 | * @param return_to reference to the object to store return_to url to |
70 | * @param pout the response parameters | 72 | * @param pout the response parameters |
73 | * @param ext pointer to the extension hooks object | ||
71 | * @throw exception in case of errors or negative reply | 74 | * @throw exception in case of errors or negative reply |
72 | */ | 75 | */ |
73 | void checkid_setup(const params_t& pin,string& return_to,params_t& pout); | 76 | void checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); |
74 | /** | 77 | /** |
75 | * the actual functionality behind checkid_immediate() and | 78 | * the actual functionality behind checkid_immediate() and |
76 | * checkid_setup() | 79 | * checkid_setup() |
@@ -79,9 +82,10 @@ namespace opkele { | |||
79 | * @param pin the incoming request parameters | 82 | * @param pin the incoming request parameters |
80 | * @param return_to reference to the object to store return_to url to | 83 | * @param return_to reference to the object to store return_to url to |
81 | * @param pout the response parameters | 84 | * @param pout the response parameters |
85 | * @param ext pointer to the extension hooks object | ||
82 | * @throw exception in case of errors or negative reply | 86 | * @throw exception in case of errors or negative reply |
83 | */ | 87 | */ |
84 | void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout); | 88 | void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); |
85 | /** | 89 | /** |
86 | * process the check_authentication request. | 90 | * process the check_authentication request. |
87 | * @param pin incoming request parameters | 91 | * @param pin incoming request parameters |
diff --git a/lib/Makefile.am b/lib/Makefile.am index 6f3f9f3..69c749e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am | |||
@@ -21,4 +21,5 @@ libopkele_la_SOURCES = \ | |||
21 | secret.cc \ | 21 | secret.cc \ |
22 | data.cc \ | 22 | data.cc \ |
23 | consumer.cc \ | 23 | consumer.cc \ |
24 | exception.cc | 24 | exception.cc \ |
25 | extension.cc | ||
diff --git a/lib/consumer.cc b/lib/consumer.cc index bb6358c..10c2fa0 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc | |||
@@ -123,13 +123,13 @@ namespace opkele { | |||
123 | return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); | 123 | return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); |
124 | } | 124 | } |
125 | 125 | ||
126 | string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root) { | 126 | string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { |
127 | return checkid_(mode_checkid_immediate,identity,return_to,trust_root); | 127 | return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); |
128 | } | 128 | } |
129 | string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root) { | 129 | string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { |
130 | return checkid_(mode_checkid_setup,identity,return_to,trust_root); | 130 | return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); |
131 | } | 131 | } |
132 | string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root) { | 132 | string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { |
133 | params_t p; | 133 | params_t p; |
134 | if(mode==mode_checkid_immediate) | 134 | if(mode==mode_checkid_immediate) |
135 | p["mode"]="checkid_immediate"; | 135 | p["mode"]="checkid_immediate"; |
@@ -153,14 +153,16 @@ namespace opkele { | |||
153 | p["assoc_handle"] = ah; | 153 | p["assoc_handle"] = ah; |
154 | } | 154 | } |
155 | }catch(exception& e) { } | 155 | }catch(exception& e) { } |
156 | if(ext) ext->checkid_hook(p,identity); | ||
156 | return p.append_query(server); | 157 | return p.append_query(server); |
157 | } | 158 | } |
158 | 159 | ||
159 | void consumer_t::id_res(const params_t& pin,const string& identity) { | 160 | void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { |
160 | if(pin.has_param("openid.user_setup_url")) | 161 | if(pin.has_param("openid.user_setup_url")) |
161 | throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); | 162 | throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); |
162 | string server,delegate; | 163 | string server,delegate; |
163 | retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); | 164 | retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); |
165 | params_t ps; | ||
164 | try { | 166 | try { |
165 | assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); | 167 | assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); |
166 | const string& sigenc = pin.get_param("openid.sig"); | 168 | const string& sigenc = pin.get_param("openid.sig"); |
@@ -180,6 +182,7 @@ namespace opkele { | |||
180 | f.insert(0,"openid."); | 182 | f.insert(0,"openid."); |
181 | kv += pin.get_param(f); | 183 | kv += pin.get_param(f); |
182 | kv += '\n'; | 184 | kv += '\n'; |
185 | if(ext) ps[f.substr(sizeof("openid."))] = pin.get_param(f); | ||
183 | if(co==string::npos) | 186 | if(co==string::npos) |
184 | break; | 187 | break; |
185 | p = co+1; | 188 | p = co+1; |
@@ -219,6 +222,7 @@ namespace opkele { | |||
219 | throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); | 222 | throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); |
220 | } | 223 | } |
221 | } | 224 | } |
225 | if(ext) ext->id_res_hook(pin,ps,identity); | ||
222 | } | 226 | } |
223 | 227 | ||
224 | void consumer_t::check_authentication(const string& server,const params_t& p) { | 228 | void consumer_t::check_authentication(const string& server,const params_t& p) { |
diff --git a/lib/extension.cc b/lib/extension.cc new file mode 100644 index 0000000..bd2195d --- a/dev/null +++ b/lib/extension.cc | |||
@@ -0,0 +1,15 @@ | |||
1 | #include <opkele/exception.h> | ||
2 | #include <opkele/extension.h> | ||
3 | |||
4 | namespace opkele { | ||
5 | |||
6 | void extension_t::checkid_hook(params_t& p,const string& identity) { | ||
7 | throw not_implemented(OPKELE_CP_ "Consumer checkid_hook not implemented"); | ||
8 | } | ||
9 | void id_res_hook(const params_t& p,const params_t& sp,const string& identity) { | ||
10 | throw not_implemented(OPKELE_CP_ "Consumer id_res_hook not implemented"); | ||
11 | } | ||
12 | void checkid_hook(const params_t& pin,params_t& pout) { | ||
13 | throw not_implemented(OPKELE_CP_ "Server checkid_hook not implemented"); | ||
14 | } | ||
15 | } | ||
diff --git a/lib/server.cc b/lib/server.cc index 5eee1f3..8c29abb 100644 --- a/lib/server.cc +++ b/lib/server.cc | |||
@@ -67,15 +67,15 @@ namespace opkele { | |||
67 | } | 67 | } |
68 | } | 68 | } |
69 | 69 | ||
70 | void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout) { | 70 | void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
71 | checkid_(mode_checkid_immediate,pin,return_to,pout); | 71 | checkid_(mode_checkid_immediate,pin,return_to,pout,ext); |
72 | } | 72 | } |
73 | 73 | ||
74 | void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout) { | 74 | void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
75 | checkid_(mode_checkid_setup,pin,return_to,pout); | 75 | checkid_(mode_checkid_setup,pin,return_to,pout,ext); |
76 | } | 76 | } |
77 | 77 | ||
78 | void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout) { | 78 | void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
79 | if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) | 79 | if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) |
80 | throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); | 80 | throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); |
81 | pout.clear(); | 81 | pout.clear(); |
@@ -106,7 +106,9 @@ namespace opkele { | |||
106 | pout["issued"] = util::time_to_w3c(now); | 106 | pout["issued"] = util::time_to_w3c(now); |
107 | pout["valid_to"] = util::time_to_w3c(now+120); | 107 | pout["valid_to"] = util::time_to_w3c(now+120); |
108 | pout["exipres_in"] = "120"; | 108 | pout["exipres_in"] = "120"; |
109 | pout.sign(assoc->secret(),pout["sig"],pout["signed"]="mode,identity,return_to"); | 109 | pout["signed"]="mode,identity,return_to"; |
110 | if(ext) ext->checkid_hook(pin,pout); | ||
111 | pout.sign(assoc->secret(),pout["sig"],pout["signed"]); | ||
110 | } | 112 | } |
111 | 113 | ||
112 | void server_t::check_authentication(const params_t& pin,params_t& pout) { | 114 | void server_t::check_authentication(const params_t& pin,params_t& pout) { |