summaryrefslogtreecommitdiffabout
path: root/lib/server.cc
Side-by-side diff
Diffstat (limited to 'lib/server.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/server.cc14
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/server.cc b/lib/server.cc
index 5eee1f3..8c29abb 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -58,33 +58,33 @@ namespace opkele {
switch(st) {
case sess_dh_sha1:
pout["session_type"] = "DH-SHA1";
pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key);
secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]);
break;
default:
secret.to_base64(pout["mac_key"]);
break;
}
}
- void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout) {
- checkid_(mode_checkid_immediate,pin,return_to,pout);
+ void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
+ checkid_(mode_checkid_immediate,pin,return_to,pout,ext);
}
- void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout) {
- checkid_(mode_checkid_setup,pin,return_to,pout);
+ void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
+ checkid_(mode_checkid_setup,pin,return_to,pout,ext);
}
- void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout) {
+ void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup)
throw bad_input(OPKELE_CP_ "invalid checkid_* mode");
pout.clear();
assoc_t assoc;
try {
assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
}catch(failed_lookup& fl) {
// no handle specified or no valid handle found, going dumb
assoc = alloc_assoc(mode_checkid_setup);
if(pin.has_param("openid.assoc_handle"))
pout["invalidate_handle"]=pin.get_param("openid.assoc_handle");
}
@@ -97,25 +97,27 @@ namespace opkele {
validate(*assoc,pin,identity,trust_root);
pout["mode"] = "id_res";
pout["assoc_handle"] = assoc->handle();
if(pin.has_param("openid.assoc_handle") && assoc->stateless())
pout["invalidate_handle"] = pin.get_param("openid.assoc_handle");
pout["identity"] = identity;
pout["return_to"] = return_to;
/* TODO: eventually remove deprecated stuff */
time_t now = time(0);
pout["issued"] = util::time_to_w3c(now);
pout["valid_to"] = util::time_to_w3c(now+120);
pout["exipres_in"] = "120";
- pout.sign(assoc->secret(),pout["sig"],pout["signed"]="mode,identity,return_to");
+ pout["signed"]="mode,identity,return_to";
+ if(ext) ext->checkid_hook(pin,pout);
+ pout.sign(assoc->secret(),pout["sig"],pout["signed"]);
}
void server_t::check_authentication(const params_t& pin,params_t& pout) {
vector<unsigned char> sig;
mimetic::Base64::Decoder b;
const string& sigenc = pin.get_param("openid.sig");
mimetic::decode(
sigenc.begin(),sigenc.end(), b,
back_insert_iterator<vector<unsigned char> >(sig));
assoc_t assoc;
try {
assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));