summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/Makefile.am3
-rw-r--r--include/opkele/consumer.h25
-rw-r--r--include/opkele/exception.h10
-rw-r--r--include/opkele/extension.h59
-rw-r--r--include/opkele/server.h10
-rw-r--r--lib/Makefile.am3
-rw-r--r--lib/consumer.cc16
-rw-r--r--lib/extension.cc15
-rw-r--r--lib/server.cc14
9 files changed, 127 insertions, 28 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index b014752..72931eb 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -5,7 +5,8 @@ nobase_include_HEADERS = \
5 opkele/association.h \ 5 opkele/association.h \
6 opkele/exception.h \ 6 opkele/exception.h \
7 opkele/server.h \ 7 opkele/server.h \
8 opkele/consumer.h 8 opkele/consumer.h \
9 opkele/extension.h
9EXTRA_DIST = \ 10EXTRA_DIST = \
10 opkele/data.h \ 11 opkele/data.h \
11 opkele/util.h 12 opkele/util.h
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h
index 9932315..f9939cf 100644
--- a/include/opkele/consumer.h
+++ b/include/opkele/consumer.h
@@ -2,6 +2,7 @@
2#define __OPKELE_CONSUMER_H 2#define __OPKELE_CONSUMER_H
3 3
4#include <opkele/types.h> 4#include <opkele/types.h>
5#include <opkele/extension.h>
5 6
6/** 7/**
7 * @file 8 * @file
@@ -82,20 +83,22 @@ namespace opkele {
82 * @param identity the identity to verify 83 * @param identity the identity to verify
83 * @param return_to the return_to url to pass with the request 84 * @param return_to the return_to url to pass with the request
84 * @param trust_root the trust root to advertise with the request 85 * @param trust_root the trust root to advertise with the request
86 * @param ext pointer to an extension(s) hooks object
85 * @return the location string 87 * @return the location string
86 * @throw exception in case of error 88 * @throw exception in case of error
87 */ 89 */
88 string checkid_immediate(const string& identity,const string& return_to,const string& trust_root=""); 90 string checkid_immediate(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
89 /** 91 /**
90 * prepare the parameters for the checkid_setup 92 * prepare the parameters for the checkid_setup
91 * request. 93 * request.
92 * @param identity the identity to verify 94 * @param identity the identity to verify
93 * @param return_to the return_to url to pass with the request 95 * @param return_to the return_to url to pass with the request
94 * @param trust_root the trust root to advertise with the request 96 * @param trust_root the trust root to advertise with the request
97 * @param ext pointer to an extension(s) hooks object
95 * @return the location string 98 * @return the location string
96 * @throw exception in case of error 99 * @throw exception in case of error
97 */ 100 */
98 string checkid_setup(const string& identity,const string& return_to,const string& trust_root=""); 101 string checkid_setup(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
99 /** 102 /**
100 * the actual implementation behind checkid_immediate() and 103 * the actual implementation behind checkid_immediate() and
101 * checkid_setup() functions. 104 * checkid_setup() functions.
@@ -103,24 +106,24 @@ namespace opkele {
103 * @param identity the identity to verify 106 * @param identity the identity to verify
104 * @param return_to the return_to url to pass with the request 107 * @param return_to the return_to url to pass with the request
105 * @param trust_root the trust root to advertise with the request 108 * @param trust_root the trust root to advertise with the request
109 * @param ext pointer to an extension(s) hooks object
106 * @return the location string 110 * @return the location string
107 * @throw exception in case of error 111 * @throw exception in case of error
108 */ 112 */
109 string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root=""); 113 string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
110 /** 114 /**
111 * verify the id_res response 115 * verify the id_res response
112 * @param pin the response parameters 116 * @param pin the response parameters
113 * @param identity the identity being checked (if not specified, extracted 117 * @param identity the identity being checked (if not specified,
114 * from the openid.identity parameter 118 * @param ext pointer to an extension(s) hooks object
115 * @throw id_res_mismatch in case of signature 119 * extracted from the openid.identity parameter
116 * mismatch 120 * @throw id_res_mismatch in case of signature mismatch
117 * @throw id_res_setup in case of 121 * @throw id_res_setup in case of openid.user_setup_url failure
118 * openid.user_setup_url failure (supposedly 122 * (supposedly checkid_immediate only)
119 * checkid_immediate only)
120 * @throw id_res_failed in case of failure 123 * @throw id_res_failed in case of failure
121 * @throw exception in case of other failures 124 * @throw exception in case of other failures
122 */ 125 */
123 void id_res(const params_t& pin,const string& identity=""); 126 void id_res(const params_t& pin,const string& identity="",extension_t *ext=0);
124 /** 127 /**
125 * perform a check_authentication request. 128 * perform a check_authentication request.
126 * @param server the OpenID server 129 * @param server the OpenID server
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
index c5f5811..9fc9bd3 100644
--- a/include/opkele/exception.h
+++ b/include/opkele/exception.h
@@ -205,6 +205,16 @@ namespace opkele {
205 ~exception_curl() throw() { } 205 ~exception_curl() throw() { }
206 }; 206 };
207 207
208 /**
209 * not implemented (think pure virtual) member function executed, signfies
210 * programmer error
211 */
212 class not_implemented : public exception {
213 public:
214 not_implemented(OPKELE_E_PARS)
215 : exception(OPKELE_E_CONS) { }
216 };
217
208} 218}
209 219
210#endif /* __OPKELE_EXCEPTION_H */ 220#endif /* __OPKELE_EXCEPTION_H */
diff --git a/include/opkele/extension.h b/include/opkele/extension.h
new file mode 100644
index 0000000..3fb5f6e
--- a/dev/null
+++ b/include/opkele/extension.h
@@ -0,0 +1,59 @@
1#ifndef __OPKELE_EXTENSIONS_H
2#define __OPKELE_EXTENSIONS_H
3
4/**
5 * @file
6 * @brief extensions framework basics
7 */
8
9#include <opkele/types.h>
10
11/**
12 * @brief the main opkele namespace
13 */
14namespace opkele {
15
16 /**
17 * OpenID consumer extension hooks base class
18 */
19 class extension_t {
20 public:
21 /**
22 * hook called by consumer before submitting data to OpenID server.
23 * It is supposed to manipulate parameters list.
24 * @param p parameters about to be submitted to server
25 * @param identity identity being verified. It may differ from the
26 * one available in parameters list in case of delegation
27 */
28 virtual void checkid_hook(params_t& p,const string& identity);
29 /**
30 * hook called by consumer after identity information received from
31 * OpenID server is verified.
32 * @param p parameters received from server
33 * @param sp signed parameters received from server with 'openid.'
34 * leader stripped
35 * @param identity identity confirmed. May differ from the one
36 * available in parameters list in case of delegation. May also be
37 * empty which means - extract one from parameters
38 */
39 virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity);
40
41 /**
42 * hook called by server before returning information to consumer.
43 * The hook may manipulate output parameters. It is important to
44 * note that modified pout["signed"] is used for signing response.
45 * @param pin request parameters list
46 * @param put response parameters list
47 */
48 virtual void checkid_hook(const params_t& pin,params_t& pout);
49
50 /**
51 * Casts the object to pointer to itself. For convenient passing
52 * of pointer.
53 */
54 operator extension_t*(void) { return this; }
55 };
56
57}
58
59#endif /* __OPKELE_EXTENSIONS_H */
diff --git a/include/opkele/server.h b/include/opkele/server.h
index fe07448..bf131d8 100644
--- a/include/opkele/server.h
+++ b/include/opkele/server.h
@@ -7,6 +7,7 @@
7 */ 7 */
8 8
9#include <opkele/types.h> 9#include <opkele/types.h>
10#include <opkele/extension.h>
10 11
11/** 12/**
12 * @brief the main opkele namespace 13 * @brief the main opkele namespace
@@ -60,17 +61,19 @@ namespace opkele {
60 * @param pin the incoming request parameters 61 * @param pin the incoming request parameters
61 * @param return_to reference to the object to store return_to url to 62 * @param return_to reference to the object to store return_to url to
62 * @param pout the response parameters 63 * @param pout the response parameters
64 * @param ext pointer to the extension hooks object
63 * @throw exception in case of errors or negative reply 65 * @throw exception in case of errors or negative reply
64 */ 66 */
65 void checkid_immediate(const params_t& pin,string& return_to,params_t& pout); 67 void checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0);
66 /** 68 /**
67 * process the checkid_setup request. 69 * process the checkid_setup request.
68 * @param pin the incoming request parameters 70 * @param pin the incoming request parameters
69 * @param return_to reference to the object to store return_to url to 71 * @param return_to reference to the object to store return_to url to
70 * @param pout the response parameters 72 * @param pout the response parameters
73 * @param ext pointer to the extension hooks object
71 * @throw exception in case of errors or negative reply 74 * @throw exception in case of errors or negative reply
72 */ 75 */
73 void checkid_setup(const params_t& pin,string& return_to,params_t& pout); 76 void checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0);
74 /** 77 /**
75 * the actual functionality behind checkid_immediate() and 78 * the actual functionality behind checkid_immediate() and
76 * checkid_setup() 79 * checkid_setup()
@@ -79,9 +82,10 @@ namespace opkele {
79 * @param pin the incoming request parameters 82 * @param pin the incoming request parameters
80 * @param return_to reference to the object to store return_to url to 83 * @param return_to reference to the object to store return_to url to
81 * @param pout the response parameters 84 * @param pout the response parameters
85 * @param ext pointer to the extension hooks object
82 * @throw exception in case of errors or negative reply 86 * @throw exception in case of errors or negative reply
83 */ 87 */
84 void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout); 88 void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0);
85 /** 89 /**
86 * process the check_authentication request. 90 * process the check_authentication request.
87 * @param pin incoming request parameters 91 * @param pin incoming request parameters
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 6f3f9f3..69c749e 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -21,4 +21,5 @@ libopkele_la_SOURCES = \
21 secret.cc \ 21 secret.cc \
22 data.cc \ 22 data.cc \
23 consumer.cc \ 23 consumer.cc \
24 exception.cc 24 exception.cc \
25 extension.cc
diff --git a/lib/consumer.cc b/lib/consumer.cc
index bb6358c..10c2fa0 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -123,13 +123,13 @@ namespace opkele {
123 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); 123 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
124 } 124 }
125 125
126 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root) { 126 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
127 return checkid_(mode_checkid_immediate,identity,return_to,trust_root); 127 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
128 } 128 }
129 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root) { 129 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
130 return checkid_(mode_checkid_setup,identity,return_to,trust_root); 130 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
131 } 131 }
132 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root) { 132 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
133 params_t p; 133 params_t p;
134 if(mode==mode_checkid_immediate) 134 if(mode==mode_checkid_immediate)
135 p["mode"]="checkid_immediate"; 135 p["mode"]="checkid_immediate";
@@ -153,14 +153,16 @@ namespace opkele {
153 p["assoc_handle"] = ah; 153 p["assoc_handle"] = ah;
154 } 154 }
155 }catch(exception& e) { } 155 }catch(exception& e) { }
156 if(ext) ext->checkid_hook(p,identity);
156 return p.append_query(server); 157 return p.append_query(server);
157 } 158 }
158 159
159 void consumer_t::id_res(const params_t& pin,const string& identity) { 160 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
160 if(pin.has_param("openid.user_setup_url")) 161 if(pin.has_param("openid.user_setup_url"))
161 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 162 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
162 string server,delegate; 163 string server,delegate;
163 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 164 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
165 params_t ps;
164 try { 166 try {
165 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 167 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
166 const string& sigenc = pin.get_param("openid.sig"); 168 const string& sigenc = pin.get_param("openid.sig");
@@ -180,6 +182,7 @@ namespace opkele {
180 f.insert(0,"openid."); 182 f.insert(0,"openid.");
181 kv += pin.get_param(f); 183 kv += pin.get_param(f);
182 kv += '\n'; 184 kv += '\n';
185 if(ext) ps[f.substr(sizeof("openid."))] = pin.get_param(f);
183 if(co==string::npos) 186 if(co==string::npos)
184 break; 187 break;
185 p = co+1; 188 p = co+1;
@@ -219,6 +222,7 @@ namespace opkele {
219 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 222 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
220 } 223 }
221 } 224 }
225 if(ext) ext->id_res_hook(pin,ps,identity);
222 } 226 }
223 227
224 void consumer_t::check_authentication(const string& server,const params_t& p) { 228 void consumer_t::check_authentication(const string& server,const params_t& p) {
diff --git a/lib/extension.cc b/lib/extension.cc
new file mode 100644
index 0000000..bd2195d
--- a/dev/null
+++ b/lib/extension.cc
@@ -0,0 +1,15 @@
1#include <opkele/exception.h>
2#include <opkele/extension.h>
3
4namespace opkele {
5
6 void extension_t::checkid_hook(params_t& p,const string& identity) {
7 throw not_implemented(OPKELE_CP_ "Consumer checkid_hook not implemented");
8 }
9 void id_res_hook(const params_t& p,const params_t& sp,const string& identity) {
10 throw not_implemented(OPKELE_CP_ "Consumer id_res_hook not implemented");
11 }
12 void checkid_hook(const params_t& pin,params_t& pout) {
13 throw not_implemented(OPKELE_CP_ "Server checkid_hook not implemented");
14 }
15}
diff --git a/lib/server.cc b/lib/server.cc
index 5eee1f3..8c29abb 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -67,15 +67,15 @@ namespace opkele {
67 } 67 }
68 } 68 }
69 69
70 void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout) { 70 void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
71 checkid_(mode_checkid_immediate,pin,return_to,pout); 71 checkid_(mode_checkid_immediate,pin,return_to,pout,ext);
72 } 72 }
73 73
74 void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout) { 74 void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
75 checkid_(mode_checkid_setup,pin,return_to,pout); 75 checkid_(mode_checkid_setup,pin,return_to,pout,ext);
76 } 76 }
77 77
78 void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout) { 78 void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
79 if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) 79 if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup)
80 throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); 80 throw bad_input(OPKELE_CP_ "invalid checkid_* mode");
81 pout.clear(); 81 pout.clear();
@@ -106,7 +106,9 @@ namespace opkele {
106 pout["issued"] = util::time_to_w3c(now); 106 pout["issued"] = util::time_to_w3c(now);
107 pout["valid_to"] = util::time_to_w3c(now+120); 107 pout["valid_to"] = util::time_to_w3c(now+120);
108 pout["exipres_in"] = "120"; 108 pout["exipres_in"] = "120";
109 pout.sign(assoc->secret(),pout["sig"],pout["signed"]="mode,identity,return_to"); 109 pout["signed"]="mode,identity,return_to";
110 if(ext) ext->checkid_hook(pin,pout);
111 pout.sign(assoc->secret(),pout["sig"],pout["signed"]);
110 } 112 }
111 113
112 void server_t::check_authentication(const params_t& pin,params_t& pout) { 114 void server_t::check_authentication(const params_t& pin,params_t& pout) {