| -rw-r--r-- | lib/Makefile.am | 5 | ||||
| -rw-r--r-- | lib/verify_op.cc | 53 |
2 files changed, 55 insertions, 3 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index ac312d1..e8bfbf5 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -6,30 +6,29 @@ INCLUDES = \ -I${top_builddir}/include/ -I${top_srcdir}/include/ \ ${KONFORKA_CFLAGS} \ ${OPENSSL_CFLAGS} \ ${LIBCURL_CPPFLAGS} \ ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS} libopkele_la_LIBADD = \ ${LIBCURL} \ ${PCRE_LIBS} ${EXPAT_LIBS} \ ${OPENSSL_LIBS} \ ${KONFORKA_LIBS} ${TIDY_LIBS} libopkele_la_SOURCES = \ params.cc \ util.cc \ server.cc \ secret.cc \ data.cc \ consumer.cc \ exception.cc \ extension.cc \ sreg.cc \ extension_chain.cc \ curl.cc expat.cc \ discovery.cc \ - basic_rp.cc \ - prequeue_rp.cc \ + basic_rp.cc prequeue_rp.cc \ openid_message.cc \ - basic_op.cc + basic_op.cc verify_op.cc libopkele_la_LDFLAGS = \ -version-info 2:0:0 diff --git a/lib/verify_op.cc b/lib/verify_op.cc new file mode 100644 index 0000000..e7c26b5 --- a/dev/null +++ b/lib/verify_op.cc @@ -0,0 +1,53 @@ +#include <opkele/verify_op.h> +#include <opkele/discovery.h> +#include <opkele/exception.h> +#include <opkele/util.h> +#include <opkele/uris.h> + +namespace opkele { + using std::output_iterator_tag; + + class __RP_verifier_good_input : public exception { + public: + __RP_verifier_good_input(OPKELE_E_PARS) + : exception(OPKELE_E_CONS) { } + }; + + class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { + public: + int seen; + const string& return_to; + + RP_verifier(const string& rt) + : return_to(rt), seen(0) { } + + RP_verifier& operator*() { return *this; } + RP_verifier& operator=(const openid_endpoint_t& oep) { + if(util::uri_matches_realm(return_to,oep.uri)) + throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); + return *this; + } + + RP_verifier& operator++() { ++seen; return *this; } + RP_verifier& operator++(int) { +seen; return *this; } + }; + + void verify_op::verify_return_to() { + basic_op::verify_return_to(); + try { + RP_verifier rpv(return_to); + string drealm = realm; + string::size_type csss = drealm.find("://*."); + if(csss==4 || csss==5) + drealm.replace(csss+3,1,"www"); + const char *rtt[] = { STURI_OPENID20_RT, 0 }; + yadiscover(rpv,drealm,rtt,false); + if(rpv.seen) + throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); + }catch(__RP_verifier_good_input&) { + }catch(bad_return_to& brt) { + throw; + }catch(exception_network&) { } + } + +} |