summaryrefslogtreecommitdiffabout
path: root/include/opkele
Unidiff
Diffstat (limited to 'include/opkele') (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/.gitignore2
-rw-r--r--include/opkele/acconfig.h.in3
-rw-r--r--include/opkele/association.h89
-rw-r--r--include/opkele/consumer.h135
-rw-r--r--include/opkele/data.h12
-rw-r--r--include/opkele/exception.h206
-rw-r--r--include/opkele/opkele-config.h6
-rw-r--r--include/opkele/server.h95
-rw-r--r--include/opkele/types.h168
-rw-r--r--include/opkele/util.h60
10 files changed, 776 insertions, 0 deletions
diff --git a/include/opkele/.gitignore b/include/opkele/.gitignore
new file mode 100644
index 0000000..ffa24dc
--- a/dev/null
+++ b/include/opkele/.gitignore
@@ -0,0 +1,2 @@
1acconfig.h
2stamp-h2
diff --git a/include/opkele/acconfig.h.in b/include/opkele/acconfig.h.in
new file mode 100644
index 0000000..d56a1cd
--- a/dev/null
+++ b/include/opkele/acconfig.h.in
@@ -0,0 +1,3 @@
1
2/* defined in presence of konforka library */
3#undef OPKELE_HAVE_KONFORKA
diff --git a/include/opkele/association.h b/include/opkele/association.h
new file mode 100644
index 0000000..5eb1cc3
--- a/dev/null
+++ b/include/opkele/association.h
@@ -0,0 +1,89 @@
1#ifndef __OPKELE_ASSOCIATION_H
2#define __OPKELE_ASSOCIATION_H
3
4#include <time.h>
5#include <opkele/types.h>
6
7/**
8 * @file
9 * @brief reference implementation of association_t
10 */
11
12/**
13 * @brief the main opkele namespace
14 */
15namespace opkele {
16
17 /**
18 * reference implementation of association_t class.
19 */
20 class association : public association_t {
21 public:
22 /**
23 * OpenID server name
24 */
25 string _server;
26 /**
27 * association handle
28 */
29 string _handle;
30 /**
31 * association type
32 */
33 string _assoc_type;
34 /**
35 * the secret
36 */
37 secret_t _secret;
38 /**
39 * expiration time
40 */
41 time_t _expires;
42 /**
43 * statelessness of the assoc_handle
44 */
45 bool _stateless;
46
47 /**
48 * @param __server the server name
49 * @param __handle association handle
50 * @param __assoc_type association type
51 * @param __secret the secret
52 * @param __expires expiration time
53 * @param __stateless statelessness of the assoc_handle
54 */
55 association(const string& __server, const string& __handle,
56 const string& __assoc_type, const secret_t& __secret,
57 time_t __expires, bool __stateless)
58 : _server(__server), _handle(__handle), _assoc_type(__assoc_type),
59 _secret(__secret), _expires(__expires), _stateless(__stateless) { }
60
61 /**
62 * @overload association_t::server()
63 */
64 virtual string server() const { return _server; }
65 /**
66 * @overload association_t::handle()
67 */
68 virtual string handle() const { return _handle; }
69 /**
70 * @overload association_t::assoc_type()
71 */
72 virtual string assoc_type() const { return _assoc_type; }
73 /**
74 * @overload association_t::secret()
75 */
76 virtual secret_t secret() const { return _secret; }
77 /**
78 * @overload association_t::expires_in()
79 */
80 virtual int expires_in() const { return _expires-time(0); }
81 /**
82 * @overload associationn_t::stateless()
83 */
84 virtual bool stateless() const { return _stateless; }
85 };
86
87}
88
89#endif /* __OPKELE_ASSOCIATION_H */
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h
new file mode 100644
index 0000000..b9c29bd
--- a/dev/null
+++ b/include/opkele/consumer.h
@@ -0,0 +1,135 @@
1#ifndef __OPKELE_CONSUMER_H
2#define __OPKELE_CONSUMER_H
3
4#include <opkele/types.h>
5
6/**
7 * @file
8 * @brief OpenID consumer-side functionality
9 */
10
11/**
12 * @brief the main opkele namespace
13 */
14namespace opkele {
15
16 /**
17 * implementation of basic consumer functionality
18 */
19 class consumer_t {
20 public:
21
22 /**
23 * store association. The function should be overridden in the real
24 * implementation to provide persistent associations store.
25 * @param server the OpenID server
26 * @param handle association handle
27 * @param secret the secret associated with the server and handle
28 * @param expires_in the number of seconds until the handle is expired
29 * @return the auto_ptr<> for the newly allocated association_t object
30 */
31 virtual assoc_t store_assoc(const string& server,const string& handle,const secret_t& secret,int expires_in) = 0;
32 /**
33 * retrieve stored association. The function should be overridden
34 * in the real implementation to provide persistent assocations
35 * store.
36 * @param server the OpenID server
37 * @param handle association handle
38 * @return the autho_ptr<> for the newly allocated association_t object
39 * @throw failed_lookup in case of error
40 */
41 virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0;
42 /**
43 * invalidate stored association. The function should be overridden
44 * in the real implementation of the consumer.
45 * @param server the OpenID server
46 * @param handle association handle
47 */
48 virtual void invalidate_assoc(const string& server,const string& handle) = 0;
49 /**
50 * retrieve any unexpired association for the server. If the
51 * function is not overridden in the real implementation, the new
52 * association will be established for each request.
53 * @param server the OpenID server
54 * @return the auto_ptr<> for the newly allocated association_t object
55 * @throw failed_lookup in case of absence of the handle
56 */
57 virtual assoc_t find_assoc(const string& server);
58
59 /**
60 * retrieve the metainformation contained in link tags from the
61 * page pointed by url. the function may implement caching of the
62 * information.
63 * @param url url to harvest for link tags
64 * @param server reference to the string object where to put
65 * openid.server value
66 * @param delegate reference to the string object where to put the
67 * openid.delegate value (if any)
68 */
69 virtual void retrieve_links(const string& url,string& server,string& delegate);
70
71 /**
72 * perform the associate request to OpenID server.
73 * @param server the OpenID server
74 * @return the auto_ptr<> for the newly allocated association_t
75 * object, representing established association
76 * @throw exception in case of error
77 */
78 assoc_t associate(const string& server);
79 /**
80 * prepare the parameters for the checkid_immediate
81 * request.
82 * @param identity the identity to verify
83 * @param return_to the return_to url to pass with the request
84 * @param trust_root the trust root to advertise with the request
85 * @return the location string
86 * @throw exception in case of error
87 */
88 string checkid_immediate(const string& identity,const string& return_to,const string& trust_root="");
89 /**
90 * prepare the parameters for the checkid_setup
91 * request.
92 * @param identity the identity to verify
93 * @param return_to the return_to url to pass with the request
94 * @param trust_root the trust root to advertise with the request
95 * @return the location string
96 * @throw exception in case of error
97 */
98 string checkid_setup(const string& identity,const string& return_to,const string& trust_root="");
99 /**
100 * the actual implementation behind checkid_immediate() and
101 * checkid_setup() functions.
102 * @param mode checkid_* mode - either mode_checkid_immediate or mode_checkid_setup
103 * @param identity the identity to verify
104 * @param return_to the return_to url to pass with the request
105 * @param trust_root the trust root to advertise with the request
106 * @return the location string
107 * @throw exception in case of error
108 */
109 string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="");
110 /**
111 * verify the id_res response
112 * @param pin the response parameters
113 * @param identity the identity being checked (if not specified, extracted
114 * from the openid.identity parameter
115 * @throw id_res_mismatch in case of signature
116 * mismatch
117 * @throw id_res_setup in case of
118 * openid.user_setup_url failure (supposedly
119 * checkid_immediate only)
120 * @throw id_res_failed in case of failure
121 * @throw exception in case of other failures
122 */
123 void id_res(const params_t& pin,const string& identity="");
124 /**
125 * perform a check_authentication request.
126 * @param server the OpenID server
127 * @param p request parameters
128 */
129 void check_authentication(const string& server,const params_t& p);
130
131 };
132
133}
134
135#endif /* __OPKELE_CONSUMER_H */
diff --git a/include/opkele/data.h b/include/opkele/data.h
new file mode 100644
index 0000000..7fc635b
--- a/dev/null
+++ b/include/opkele/data.h
@@ -0,0 +1,12 @@
1#ifndef __OPKELE_DATA_H
2#define __OPKELE_DATA_H
3
4namespace opkele {
5
6 namespace data {
7 extern const char *_default_p;
8 extern const char *_default_g;
9 }
10}
11
12#endif /* __OPKELE_DATA_H */
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
new file mode 100644
index 0000000..2ac0661
--- a/dev/null
+++ b/include/opkele/exception.h
@@ -0,0 +1,206 @@
1#ifndef __OPKELE_EXCEPTION_H
2#define __OPKELE_EXCEPTION_H
3
4/**
5 * @file
6 * @brief opkele exceptions
7 */
8
9#include <curl/curl.h>
10
11#include <opkele/opkele-config.h>
12#ifdef OPKELE_HAVE_KONFORKA
13# include <konforka/exception.h>
14/**
15 * the exception parameters declaration
16 */
17# define OPKELE_E_PARS const string& fi,const string&fu,int l,const string& w
18/**
19 * the exception parameters list to pass to constructor
20 */
21# define OPKELE_E_CONS_ fi,fu,l,
22/**
23 * the exception codepoint specification
24 */
25# define OPKELE_CP_ CODEPOINT,
26/**
27 * the simple rethrow of konforka-based exception
28 */
29# define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw }
30#else /* OPKELE_HAVE_KONFORKA */
31# include <stdexcept>
32/**
33 * the exception parameter declaration
34 */
35# define OPKELE_E_PARS const string& w
36/**
37 * the dummy prefix for exception parameters list to prepend in the absence of
38 * konforka library
39 */
40# define OPKELE_E_CONS_
41/**
42 * the dummy placeholder for konforka exception codepoint specification
43 */
44# define OPKELE_CP_
45/**
46 * the dummy define for the konforka-based rethrow of exception
47 */
48# define OPKELE_RETHROW
49#endif /* OPKELE_HAVE_KONFORKA */
50/**
51 * the exception parameters list to pass to constructor
52 */
53# define OPKELE_E_CONS OPKELE_E_CONS_ w
54
55/*
56 * @brief the main opkele namespace
57 */
58namespace opkele {
59 using std::string;
60
61 /**
62 * the base opkele exception class
63 */
64 class exception : public
65# ifdef OPKELE_HAVE_KONFORKA
66 konforka::exception
67# else
68 std::exception
69# endif
70 {
71 public:
72# ifdef OPKELE_HAVE_KONFORKA
73 explicit
74 exception(const string& fi,const string& fu,int l,const string& w)
75 : konforka::exception(fi,fu,l,w) { }
76# else /* OPKELE_HAVE_KONFORKA */
77 explicit
78 exception(const string& w)
79 : std::exception(w) { }
80# endif /* OPKELE_HAVE_KONFORKA */
81 };
82
83 /**
84 * thrown in case of failed conversion
85 */
86 class failed_conversion : public exception {
87 public:
88 failed_conversion(OPKELE_E_PARS)
89 : exception(OPKELE_E_CONS) { }
90 };
91 /**
92 * thrown in case of failed lookup (either parameter or persistent store)
93 */
94 class failed_lookup : public exception {
95 public:
96 failed_lookup(OPKELE_E_PARS)
97 : exception(OPKELE_E_CONS) { }
98 };
99 /**
100 * thrown in case of bad input (either local or network)
101 */
102 class bad_input : public exception {
103 public:
104 bad_input(OPKELE_E_PARS)
105 : exception(OPKELE_E_CONS) { }
106 };
107
108 /**
109 * thrown on failed assertion
110 */
111 class failed_assertion : public exception {
112 public:
113 failed_assertion(OPKELE_E_PARS)
114 : exception(OPKELE_E_CONS) { }
115 };
116
117 /**
118 * thrown if the handle being retrieved is invalid
119 */
120 class invalid_handle : public exception {
121 public:
122 invalid_handle(OPKELE_E_PARS)
123 : exception(OPKELE_E_CONS) { }
124 };
125 /**
126 * thrown if the handle passed to check_authentication request is not
127 * stateless
128 */
129 class stateful_handle : public exception {
130 public:
131 stateful_handle(OPKELE_E_PARS)
132 : exception(OPKELE_E_CONS) { }
133 };
134
135 /**
136 * thrown if check_authentication request fails
137 */
138 class failed_check_authentication : public exception {
139 public:
140 failed_check_authentication(OPKELE_E_PARS)
141 : exception(OPKELE_E_CONS) { }
142 };
143
144 /**
145 * thrown if the id_res request result is negative
146 */
147 class id_res_failed : public exception {
148 public:
149 id_res_failed(OPKELE_E_PARS)
150 : exception(OPKELE_E_CONS) { }
151 };
152 /**
153 * thrown if the user_setup_url is provided with negative response
154 */
155 class id_res_setup : public id_res_failed {
156 public:
157 string setup_url;
158 id_res_setup(OPKELE_E_PARS,const string& su)
159 : id_res_failed(OPKELE_E_CONS), setup_url(su) { }
160 ~id_res_setup() throw() { }
161 };
162 /**
163 * thrown in case of signature mismatch
164 */
165 class id_res_mismatch : public id_res_failed {
166 public:
167 id_res_mismatch(OPKELE_E_PARS)
168 : id_res_failed(OPKELE_E_CONS) { }
169 };
170
171 /**
172 * openssl malfunction occured
173 */
174 class exception_openssl : public exception {
175 public:
176 unsigned long _error;
177 string _ssl_string;
178 exception_openssl(OPKELE_E_PARS);
179 ~exception_openssl() throw() { }
180 };
181
182 /**
183 * network operation related error occured
184 */
185 class exception_network : public exception {
186 public:
187 exception_network(OPKELE_E_PARS)
188 : exception(OPKELE_E_CONS) { }
189 };
190
191 /**
192 * network operation related error occured, specifically, related to
193 * libcurl
194 */
195 class exception_curl : public exception_network {
196 public:
197 CURLcode _error;
198 string _curl_string;
199 exception_curl(OPKELE_E_PARS);
200 exception_curl(OPKELE_E_PARS,CURLcode e);
201 ~exception_curl() throw() { }
202 };
203
204}
205
206#endif /* __OPKELE_EXCEPTION_H */
diff --git a/include/opkele/opkele-config.h b/include/opkele/opkele-config.h
new file mode 100644
index 0000000..70c2d26
--- a/dev/null
+++ b/include/opkele/opkele-config.h
@@ -0,0 +1,6 @@
1#ifndef __OPKELE_OPKELE_CONFIG_H
2#define __OPKELE_OPKELE_CONFIG_H
3
4#include "opkele/acconfig.h"
5
6#endif /* __OPKELE_OPKELE_CONFIG_H */
diff --git a/include/opkele/server.h b/include/opkele/server.h
new file mode 100644
index 0000000..fe07448
--- a/dev/null
+++ b/include/opkele/server.h
@@ -0,0 +1,95 @@
1#ifndef __OPKELE_SERVER_H
2#define __OPKELE_SERVER_H
3
4/**
5 * @file
6 * @brief OpenID server-side functionality
7 */
8
9#include <opkele/types.h>
10
11/**
12 * @brief the main opkele namespace
13 */
14namespace opkele {
15
16 /**
17 * implementation of basic server functionality
18 */
19 class server_t {
20 public:
21
22 /**
23 * allocate the new association. The function should be overridden
24 * in the real implementation to provide persistent assocations
25 * store.
26 * @param mode the mode of request being processed to base the
27 * statelessness of the association upon
28 * @return the auto_ptr<> for the newly allocated association_t object
29 */
30 virtual assoc_t alloc_assoc(mode_t mode) = 0;
31 /**
32 * retrieve the association. The function should be overridden in
33 * the reqal implementation to provide persistent assocations
34 * store.
35 * @param h association handle
36 * @return the auto_ptr<> for the newly allocated association_t object
37 * @throw failed_lookup in case of failure
38 */
39 virtual assoc_t retrieve_assoc(const string& h) = 0;
40
41 /**
42 * validate the identity.
43 * @param assoc association object
44 * @param pin incoming request parameters
45 * @param identity being verified
46 * @param trust_root presented in the request
47 * @throw exception if identity can not be confirmed
48 */
49 virtual void validate(const association_t& assoc,const params_t& pin,const string& identity,const string& trust_root) = 0;
50
51
52 /**
53 * process the associate request.
54 * @param pin the incoming request parameters
55 * @param pout the store for the response parameters
56 */
57 void associate(const params_t& pin,params_t& pout);
58 /**
59 * process the checkid_immediate request.
60 * @param pin the incoming request parameters
61 * @param return_to reference to the object to store return_to url to
62 * @param pout the response parameters
63 * @throw exception in case of errors or negative reply
64 */
65 void checkid_immediate(const params_t& pin,string& return_to,params_t& pout);
66 /**
67 * process the checkid_setup request.
68 * @param pin the incoming request parameters
69 * @param return_to reference to the object to store return_to url to
70 * @param pout the response parameters
71 * @throw exception in case of errors or negative reply
72 */
73 void checkid_setup(const params_t& pin,string& return_to,params_t& pout);
74 /**
75 * the actual functionality behind checkid_immediate() and
76 * checkid_setup()
77 * @param mode the request being processed (either
78 * mode_checkid_immediate or mode_checkid_setup)
79 * @param pin the incoming request parameters
80 * @param return_to reference to the object to store return_to url to
81 * @param pout the response parameters
82 * @throw exception in case of errors or negative reply
83 */
84 void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout);
85 /**
86 * process the check_authentication request.
87 * @param pin incoming request parameters
88 * @param pout response parameters
89 */
90 void check_authentication(const params_t& pin,params_t& pout);
91 };
92
93}
94
95#endif /* __OPKELE_SERVER_H */
diff --git a/include/opkele/types.h b/include/opkele/types.h
new file mode 100644
index 0000000..ba06776
--- a/dev/null
+++ b/include/opkele/types.h
@@ -0,0 +1,168 @@
1#ifndef __OPKELE_TYPES_H
2#define __OPKELE_TYPES_H
3
4/**
5 * @file
6 * @brief various types declarations
7 */
8
9#include <ostream>
10#include <vector>
11#include <string>
12#include <map>
13#include <memory>
14
15/**
16 * @brief the main opkele namespace
17 */
18namespace opkele {
19 using std::vector;
20 using std::string;
21 using std::map;
22 using std::ostream;
23 using std::auto_ptr;
24
25 /**
26 * the OpenID operation mode
27 */
28 typedef enum _mode_t {
29 mode_associate,
30 mode_checkid_immediate,
31 mode_checkid_setup,
32 mode_check_association
33 } mode_t;
34
35 /**
36 * the association secret container
37 */
38 class secret_t : public vector<unsigned char> {
39 public:
40
41 /**
42 * xor the secret and hmac together and encode, using base64
43 * @param key_sha1 pointer to the sha1 digest
44 * @param rv reference to the return value
45 */
46 void enxor_to_base64(const unsigned char *key_sha1,string& rv) const;
47 /**
48 * decode base64-encoded secret and xor it with the sha1 digest
49 * @param key_sha1 pointer to the message digest
50 * @param b64 base64-encoded secret value
51 */
52 void enxor_from_base64(const unsigned char *key_sha1,const string& b64);
53 /**
54 * plainly encode to base64 representation
55 * @param rv reference to the return value
56 */
57 void to_base64(string& rv) const;
58 /**
59 * decode cleartext secret from base64
60 * @param b64 base64-encoded representation of the secret value
61 */
62 void from_base64(const string& b64);
63 };
64
65 /**
66 * Interface to the association.
67 */
68 class association_t {
69 public:
70
71 /**
72 * retrieve the server with which association was established.
73 * @return server name
74 */
75 virtual string server() const = 0;
76 /**
77 * retrieve the association handle.
78 * @return handle
79 */
80 virtual string handle() const = 0;
81 /**
82 * retrieve the association type.
83 * @return association type
84 */
85 virtual string assoc_type() const = 0;
86 /**
87 * retrieve the association secret.
88 * @return association secret
89 */
90 virtual secret_t secret() const = 0;
91 /**
92 * retrieve the number of seconds the association expires in.
93 * @return seconds till expiration
94 */
95 virtual int expires_in() const = 0;
96 /**
97 * check whether the association is stateless.
98 * @return true if stateless
99 */
100 virtual bool stateless() const = 0;
101 };
102
103 /**
104 * the auto_ptr<> for association_t object type
105 */
106 typedef auto_ptr<association_t> assoc_t;
107
108 /**
109 * request/response parameters map
110 */
111 class params_t : public map<string,string> {
112 public:
113
114 /**
115 * check whether the parameter is present.
116 * @param n the parameter name
117 * @return true if yes
118 */
119 bool has_param(const string& n) const;
120 /**
121 * retrieve the parameter (const version)
122 * @param n the parameter name
123 * @return the parameter value
124 * @throw failed_lookup if there is no such parameter
125 */
126 const string& get_param(const string& n) const;
127 /**
128 * retrieve the parameter.
129 * @param n the parameter name
130 * @return the parameter value
131 * @throw failed_lookup if there is no such parameter
132 */
133 string& get_param(const string& n);
134
135 /**
136 * parse the OpenID key/value data.
137 * @param kv the OpenID key/value data
138 */
139 void parse_keyvalues(const string& kv);
140 /**
141 * sign the fields.
142 * @param secret the secret used for signing
143 * @param sig reference to the string, containing base64-encoded
144 * result
145 * @param slist the comma-separated list of fields to sign
146 * @param prefix the string to prepend to parameter names
147 */
148 void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const;
149
150 /**
151 * append parameters to the URL as a GET-request parameters.
152 * @param url the base URL
153 * @param prefix the string to prepend to parameter names
154 * @return the ready-to-use location
155 */
156 string append_query(const string& url,const char *prefix = "openid.") const;
157 };
158
159 /**
160 * dump the key/value pairs for the parameters to the stream.
161 * @param o output stream
162 * @param p the parameters
163 */
164 ostream& operator << (ostream& o,const params_t& p);
165
166}
167
168#endif /* __OPKELE_TYPES_H */
diff --git a/include/opkele/util.h b/include/opkele/util.h
new file mode 100644
index 0000000..fbbef93
--- a/dev/null
+++ b/include/opkele/util.h
@@ -0,0 +1,60 @@
1#ifndef __OPKELE_UTIL_H
2#define __OPKELE_UTIL_H
3
4#include <time.h>
5#include <string>
6#include <openssl/bn.h>
7#include <openssl/dh.h>
8
9namespace opkele {
10 using std::string;
11
12 namespace util {
13
14 class bignum_t {
15 public:
16 BIGNUM *_bn;
17
18 bignum_t() : _bn(0) { }
19 bignum_t(BIGNUM *bn) : _bn(bn) { }
20 ~bignum_t() throw() { if(_bn) BN_free(_bn); }
21
22 bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; }
23
24 operator const BIGNUM*(void) const { return _bn; }
25 operator BIGNUM*(void) { return _bn; }
26 };
27 class dh_t {
28 public:
29 DH *_dh;
30
31 dh_t() : _dh(0) { }
32 dh_t(DH *dh) : _dh(dh) { }
33 ~dh_t() throw() { if(_dh) DH_free(_dh); }
34
35 dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; }
36
37 operator const DH*(void) const { return _dh; }
38 operator DH*(void) { return _dh; }
39
40 DH* operator->() { return _dh; }
41 const DH* operator->() const { return _dh; }
42 };
43
44 BIGNUM *base64_to_bignum(const string& b64);
45 BIGNUM *dec_to_bignum(const string& dec);
46 string bignum_to_base64(const BIGNUM *bn);
47
48 string time_to_w3c(time_t t);
49 time_t w3c_to_time(const string& w);
50
51 string canonicalize_url(const string& url);
52 string url_encode(const string& str);
53
54 string long_to_string(long l);
55 long string_to_long(const string& s);
56 }
57
58}
59
60#endif /* __OPKELE_UTIL_H */