From 9163a26ec8839a31df888920418280a62ebc5595 Mon Sep 17 00:00:00 2001 From: Michael Krelin Date: Mon, 04 Feb 2008 22:39:59 +0000 Subject: reworked extensions framework * changed {checkid,id_res}_hook to {rp,op}_{checkid,id_res}_hook * deprecated older hooks, although implemented it in sreg and chain extensions * added extension processing to basic_op * added sreg to test OP Signed-off-by: Michael Krelin --- diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h index 7f4e481..5bba1bf 100644 --- a/include/opkele/basic_op.h +++ b/include/opkele/basic_op.h @@ -40,7 +40,8 @@ namespace opkele { const basic_openid_message& inm); void checkid_(const basic_openid_message& inm,extension_t *ext=0); - basic_openid_message& id_res(basic_openid_message& om); + basic_openid_message& id_res(basic_openid_message& om, + extension_t *ext=0); basic_openid_message& cancel(basic_openid_message& om); basic_openid_message& error(basic_openid_message& om, const string& error,const string& contact, diff --git a/include/opkele/extension.h b/include/opkele/extension.h index 3ee25ee..37bcb90 100644 --- a/include/opkele/extension.h +++ b/include/opkele/extension.h @@ -6,6 +6,7 @@ * @brief extensions framework basics */ +#include #include namespace opkele { @@ -19,39 +20,33 @@ namespace opkele { virtual ~extension_t() { } /** - * hook called by consumer before submitting data to OpenID server. - * It is supposed to manipulate parameters list. - * @param p parameters about to be submitted to server - * @param identity identity being verified. It may differ from the - * one available in parameters list in case of delegation - * @see consumer_t::checkid_ - * @see consumer_t::checkid_immediate - * @see consumer_t::checkid_setup + * hook called by RP before submitting the message to OP. + * @param om openid message to be submit */ - virtual void checkid_hook(basic_openid_message& om); + virtual void rp_checkid_hook(basic_openid_message& om); + /** - * hook called by consumer after identity information received from - * OpenID server is verified. - * @param p parameters received from server - * @param sp signed parameters received from server with 'openid.' - * leader stripped - * @param identity identity confirmed. May differ from the one - * available in parameters list in case of delegation. May also be - * empty which means - extract one from parameters - * @see consumer_t::id_res + * hook called by RP after verifying information received from OP. + * @param om openid message received + * @param sp signed part of the message */ - virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp); + virtual void rp_id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp); /** - * hook called by server before returning information to consumer. - * The hook may manipulate output parameters. It is important to - * note that modified pout["signed"] is used for signing response. - * @param pin request parameters list with "openid." prefix - * @param pout response parameters list without "openid." prefix - * @see server_t::checkid_ - * @see server_t::checkid_immediate - * @see server_t::checkid_setup + * hook called by OP after parsing incoming message + * @param inm message received from RP + */ + virtual void op_checkid_hook(const basic_openid_message& inm); + /** + * hook called by OP before signing the reply to RP + * @param oum message to be sent to RP */ + virtual void op_id_res_hook(basic_openid_message& oum); + + virtual void checkid_hook(basic_openid_message& om) OPKELE_DEPRECATE; + virtual void id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp) OPKELE_DEPRECATE; virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); /** diff --git a/include/opkele/extension_chain.h b/include/opkele/extension_chain.h index fb9bc84..9692934 100644 --- a/include/opkele/extension_chain.h +++ b/include/opkele/extension_chain.h @@ -28,6 +28,12 @@ namespace opkele { */ extension_chain_t(extension_t *e) { push_back(e); } + virtual void rp_checkid_hook(basic_openid_message& om); + virtual void rp_id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp); + virtual void op_checkid_hook(const basic_openid_message& inm); + virtual void op_id_res_hook(basic_openid_message& oum); + virtual void checkid_hook(basic_openid_message& om); virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp); virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); diff --git a/include/opkele/sreg.h b/include/opkele/sreg.h index 24cb315..513e221 100644 --- a/include/opkele/sreg.h +++ b/include/opkele/sreg.h @@ -135,18 +135,17 @@ namespace opkele { sreg_t(long fr=fields_NONE,long fo=fields_NONE,const string& pu="") : fields_required(fr), fields_optional(fo), policy_url(pu), has_fields(0) { } - /** - * Implementation of consumer's checkid hook - */ + virtual void rp_checkid_hook(basic_openid_message& om); + virtual void rp_id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp); + virtual void op_checkid_hook(const basic_openid_message& inm); + virtual void op_id_res_hook(basic_openid_message& oum); + virtual void checkid_hook(basic_openid_message& om); - /** - * Implementation of consumer's id_res hook - */ - virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp); - /** - * Implementation of server's checkid_hook - */ - virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); + virtual void id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp); + virtual void checkid_hook(const basic_openid_message& inm, + basic_openid_message& oum); /** * Check and see if we have value for some particular field. @@ -191,11 +190,13 @@ namespace opkele { * as we have. The function is supposed to set the data and * fields_response. * @see fields_response - * @param pin input request parameters with "openid." prefix - * @param pout output request parameters without "openid." prefix. - * @see checkid_hook(const params_t&,params_t&) + * @param inm incoming openid message + * @param oum outgoing openid message */ - virtual void setup_response(const basic_openid_message& inm,basic_openid_message& oum); + virtual void setup_response(const basic_openid_message& inm, + basic_openid_message& oum); + + virtual void setup_response(); }; } diff --git a/lib/basic_op.cc b/lib/basic_op.cc index c89d1d7..9e2ea5a 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc @@ -193,9 +193,11 @@ namespace opkele { "claimed_id and identity must be either both present or both absent"); } verify_return_to(); + if(ext) ext->op_checkid_hook(inm); } - basic_openid_message& basic_op::id_res(basic_openid_message& om) { + basic_openid_message& basic_op::id_res(basic_openid_message& om, + extension_t *ext) { assert(assoc); assert(!return_to.empty()); assert(!is_id_select()); @@ -224,6 +226,7 @@ namespace opkele { } om.set_field("assoc_handle",assoc->handle()); om.add_to_signed(ats); + if(ext) ext->op_id_res_hook(om); om.set_field("sig",util::base64_signature(assoc,om)); return om; } diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index a884583..bd45d99 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc @@ -129,7 +129,7 @@ namespace opkele { rv.set_field("assoc_handle",associate(ep.uri)->handle()); }catch(dumb_RP& drp) { } } OPKELE_RETHROW - if(ext) ext->checkid_hook(rv); + if(ext) ext->rp_checkid_hook(rv); return rv; } @@ -275,7 +275,7 @@ namespace opkele { } } - if(ext) ext->id_res_hook(om,signeds); + if(ext) ext->rp_id_res_hook(om,signeds); } void basic_RP::check_authentication(const string& OP, diff --git a/lib/extension.cc b/lib/extension.cc index 6451249..f7aaea5 100644 --- a/lib/extension.cc +++ b/lib/extension.cc @@ -3,13 +3,24 @@ namespace opkele { + void extension_t::rp_checkid_hook(basic_openid_message&) { + throw not_implemented(OPKELE_CP_ "RP checkid_* hook not implemented"); } + void extension_t::rp_id_res_hook(const basic_openid_message&, + const basic_openid_message&) { + throw not_implemented(OPKELE_CP_ "RP id_res hook not implemented"); } + + void extension_t::op_checkid_hook(const basic_openid_message&) { + throw not_implemented(OPKELE_CP_ "OP checkid_* hook not implemented"); } + void extension_t::op_id_res_hook(basic_openid_message& om) { + throw not_implemented(OPKELE_CP_ "OP id_res hook not implemented"); } + + void extension_t::checkid_hook(basic_openid_message&) { - throw not_implemented(OPKELE_CP_ "Consumer checkid_hook not implemented"); - } - void extension_t::id_res_hook(const basic_openid_message&,const basic_openid_message&) { - throw not_implemented(OPKELE_CP_ "Consumer id_res_hook not implemented"); - } + throw not_implemented(OPKELE_CP_ "deprecated consumer checkid_* hook not implemented"); } + void extension_t::id_res_hook(const basic_openid_message&, + const basic_openid_message&) { + throw not_implemented(OPKELE_CP_ "deprecated consumer id_res hook not implemented"); } + void extension_t::checkid_hook(const basic_openid_message&,basic_openid_message&) { - throw not_implemented(OPKELE_CP_ "Server checkid_hook not implemented"); - } + throw not_implemented(OPKELE_CP_ "deprecated server checkid hook not implemented"); } } diff --git a/lib/extension_chain.cc b/lib/extension_chain.cc index 5c2afd9..5483740 100644 --- a/lib/extension_chain.cc +++ b/lib/extension_chain.cc @@ -3,14 +3,25 @@ namespace opkele { + void extension_chain_t::rp_checkid_hook(basic_openid_message& om) { + for(iterator i=begin();i!=end();++i) (*i)->rp_checkid_hook(om); } + void extension_chain_t::rp_id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp) { + for(iterator i=begin();i!=end();++i) (*i)->rp_id_res_hook(om,sp); } + + void extension_chain_t::op_checkid_hook(const basic_openid_message& inm) { + for(iterator i=begin();i!=end();++i) (*i)->op_checkid_hook(inm); } + void extension_chain_t::op_id_res_hook(basic_openid_message& oum) { + for(iterator i=begin();i!=end();++i) (*i)->op_id_res_hook(oum); } + + void extension_chain_t::checkid_hook(basic_openid_message& om){ - for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(om); - } - void extension_chain_t::id_res_hook(const basic_openid_message& om,const basic_openid_message& sp) { - for(iterator i=begin();i!=end();++i) (*i)->id_res_hook(om,sp); - } - void extension_chain_t::checkid_hook(const basic_openid_message& inm,basic_openid_message& oum) { - for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(inm,oum); - } + for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(om); } + void extension_chain_t::id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp) { + for(iterator i=begin();i!=end();++i) (*i)->id_res_hook(om,sp); } + void extension_chain_t::checkid_hook(const basic_openid_message& inm, + basic_openid_message& oum) { + for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(inm,oum); } } diff --git a/lib/sreg.cc b/lib/sreg.cc index 7e2d588..b40cd45 100644 --- a/lib/sreg.cc +++ b/lib/sreg.cc @@ -28,7 +28,7 @@ namespace opkele { return fd.fieldname==fn; } - void sreg_t::checkid_hook(basic_openid_message& om) { + void sreg_t::rp_checkid_hook(basic_openid_message& om) { string fr, fo; for(fields_iterator f=fields_BEGIN;ffieldbit&fields_required) { @@ -46,7 +46,11 @@ namespace opkele { if(!policy_url.empty()) om.set_field(pfx+".policy_url",policy_url); } - void sreg_t::id_res_hook(const basic_openid_message& om,const basic_openid_message& sp) { + void sreg_t::checkid_hook(basic_openid_message& om) { + rp_checkid_hook(om); } + + void sreg_t::rp_id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp) { clear(); string pfx; try { @@ -67,6 +71,10 @@ namespace opkele { } } + void sreg_t::id_res_hook(const basic_openid_message& om, + const basic_openid_message& sp) { + rp_id_res_hook(om,sp); } + const string& sreg_t::get_field(fieldbit_t fb) const { response_t::const_iterator i = response.find(fb); if(i==response.end()) @@ -105,7 +113,7 @@ namespace opkele { return rv; } - void sreg_t::checkid_hook(const basic_openid_message& inm,basic_openid_message& oum) { + void sreg_t::op_checkid_hook(const basic_openid_message& inm) { string ins = inm.find_ns(OIURI_SREG11,"sreg"); fields_optional = 0; fields_required = 0; policy_url.erase(); fields_response = 0; @@ -120,7 +128,9 @@ namespace opkele { try { policy_url = inm.get_field(ins+".policy_url"); }catch(failed_lookup&) { } - setup_response(inm,oum); + } + + void sreg_t::op_id_res_hook(basic_openid_message& oum) { string ons = oum.allocate_ns(OIURI_SREG11,"sreg"); fields_response &= has_fields; string signeds = "ns."+ons; @@ -134,7 +144,17 @@ namespace opkele { oum.add_to_signed(signeds); } + void sreg_t::checkid_hook(const basic_openid_message& inm, + basic_openid_message& oum) { + op_checkid_hook(inm); + setup_response(inm,oum); + op_id_res_hook(oum); + } + void sreg_t::setup_response(const basic_openid_message& /* inm */,basic_openid_message& /* oum */) { + setup_response(); + } + void sreg_t::setup_response() { fields_response = (fields_required|fields_optional)&has_fields; } } diff --git a/test/OP.cc b/test/OP.cc index 1196c0c..c919d7f 100644 --- a/test/OP.cc +++ b/test/OP.cc @@ -14,6 +14,7 @@ using namespace std; #include #include #include +#include #include "sqlite.h" #include "kingate_openid_message.h" @@ -269,7 +270,8 @@ int main(int argc,char *argv[]) { example_op_t OP(gw); if(gw.get_param("hts_id")!=OP.htc.get_value()) throw opkele::exception(OPKELE_CP_ "toying around, huh?"); - OP.checkid_(inm,0); + opkele::sreg_t sreg; + OP.checkid_(inm,sreg); OP.cookie_header(cout); opkele::openid_message_t om; if(op=="id_res") { @@ -278,9 +280,13 @@ int main(int argc,char *argv[]) { if(OP.is_id_select()) { OP.select_identity( get_self_url(gw), get_self_url(gw) ); } + sreg.set_field(opkele::sreg_t::field_nickname,"anonymous"); + sreg.set_field(opkele::sreg_t::field_fullname,"Ann O'Nymus"); + sreg.set_field(opkele::sreg_t::field_gender,"F"); + sreg.setup_response(); cout << "Status: 302 Going back to RP with id_res\n" - "Location: " << OP.id_res(om).append_query(OP.get_return_to()) + "Location: " << OP.id_res(om,sreg).append_query(OP.get_return_to()) << "\n\n"; }else{ cout << -- cgit v0.9.0.2