added util::change_mode_message_proxy class

generatlized checkauth_message_proxy and added it to util namespace. To be
later used for constructing setup url in 1.0 checkid_immediate reply.

Signed-off-by: Michael Krelin <hacker@klever.net>

2 files changed, 20 insertions, 19 deletions

diff --git a/include/opkele/util.h b/include/opkele/util.h
index e9176b0..6f3ddf6 100644
--- a/include/opkele/util.h
+++ b/include/opkele/util.h
@@ -99,53 +99,71 @@ namespace opkele {
 	 */
 	string url_encode(const string& str);
 
 	/**
 	 * Convert number to string
 	 * @param l number
 	 * @return string representation
 	 * @throw failed_conversion in case of failure
 	 */
 	string long_to_string(long l);
 	/**
 	 * Convert string to number
 	 * @param s string, containing the number
 	 * @return the number
 	 * @throw failed_conversion in case of failure
 	 */
 	long string_to_long(const string& s);
 
 	/**
 	 * Encode binary data using base64.
 	 * @param data pointer to binary data
 	 * @param length length of data
 	 * @return encoded data
 	 */
 	string encode_base64(const void *data,size_t length);
 	/**
 	 * Decode binary data from base64 representation.
 	 * @param data base64-encoded data
 	 * @param rv container for decoded binary
 	 */
 	void decode_base64(const string& data,vector<unsigned char>& rv);
 
 	/**
 	 * Normalize http(s) URI according to RFC3986, section 6. URI is
 	 * expected to have scheme: in front of it.
 	 * @param uri URI
 	 * @return normalized URI
 	 * @throw not_implemented in case of non-httpi(s) URI
 	 * @throw bad_input in case of malformed URI
 	 */
 	string rfc_3986_normalize_uri(const string& uri);
 
 	string& strip_uri_fragment_part(string& uri);
 
 	string abi_demangle(const char* mn);
 
 	string base64_signature(const assoc_t& assoc,const basic_openid_message& om);
 
+	class change_mode_message_proxy : public basic_openid_message {
+	    public:
+		const basic_openid_message& x;
+		const string& mode;
+
+		change_mode_message_proxy(const basic_openid_message& xx,const string& m) : x(xx), mode(m) { }
+
+		bool has_field(const string& n) const { return x.has_field(n); }
+		const string& get_field(const string& n) const {
+		    return (n=="mode")?mode:x.get_field(n); }
+		bool has_ns(const string& uri) const {return x.has_ns(uri); }
+		string get_ns(const string& uri) const { return x.get_ns(uri); }
+		fields_iterator fields_begin() const {
+		    return x.fields_begin(); }
+		fields_iterator fields_end() const {
+		    return x.fields_end(); }
+	};
+
     }
 
 }
 
 #endif /* __OPKELE_UTIL_H */
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 2da8416..a884583 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -233,82 +233,65 @@ namespace opkele {
 		    om.get_field("response_nonce"));
 	    static const char *mustsign[] = {
 		"op_endpoint", "return_to", "response_nonce", "assoc_handle",
 		"claimed_id", "identity" };
 	    for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) {
 		if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms]))
 		    throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs");
 	    }
 	    if( (
 		    (om.has_field("claimed_id")?1:0)
 		    ^
 		    (om.has_field("identity")?1:0)
 		)&1 )
 		throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent");
 
 	    string turl = util::rfc_3986_normalize_uri(get_this_url());
 	    util::strip_uri_fragment_part(turl);
 	    string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to"));
 	    util::strip_uri_fragment_part(rurl);
 	    string::size_type
 		tq = turl.find('?'), rq = rurl.find('?');
 	    if(
 		    ((tq==string::npos)?turl:turl.substr(0,tq))
 		    !=
 		    ((rq==string::npos)?rurl:rurl.substr(0,rq))
 	      )
 		throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");
 	    map<string,string> tp; parse_query(turl,tq,tp);
 	    map<string,string> rp; parse_query(rurl,rq,rp);
 	    for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {
 		map<string,string>::const_iterator tpi = tp.find(rpi->first);
 		if(tpi==tp.end())
 		    throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");
 		if(tpi->second!=rpi->second)
 		    throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request");
 	    }
 
 	    if(om.has_field("claimed_id")) {
 		verify_OP(
 			om.get_field("op_endpoint"),
 			om.get_field("claimed_id"),
 			om.get_field("identity") );
 	    }
 
 	}
 	if(ext) ext->id_res_hook(om,signeds);
     }
 
-    class check_auth_message_proxy : public basic_openid_message {
-	public:
-	    const basic_openid_message& x;
-
-	    check_auth_message_proxy(const basic_openid_message& xx) : x(xx) { }
-
-	    bool has_field(const string& n) const { return x.has_field(n); }
-	    const string& get_field(const string& n) const {
-		static const string checkauthmode="check_authentication";
-		return (n=="mode")?checkauthmode:x.get_field(n); }
-	    bool has_ns(const string& uri) const {return x.has_ns(uri); }
-	    string get_ns(const string& uri) const { return x.get_ns(uri); }
-	    fields_iterator fields_begin() const {
-		return x.fields_begin(); }
-	    fields_iterator fields_end() const {
-		return x.fields_end(); }
-    };
-
     void basic_RP::check_authentication(const string& OP,
 	    const basic_openid_message& om){
 	openid_message_t res;
-	direct_request(res,check_auth_message_proxy(om),OP);
+	static const string checkauthmode = "check_authentication";
+	direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);
 	if(res.has_field("is_valid")) {
 	    if(res.get_field("is_valid")=="true") {
 		if(res.has_field("invalidate_handle"))
 		    invalidate_assoc(OP,res.get_field("invalidate_handle"));
 		return;
 	    }
 	}
 	throw failed_check_authentication(
 		OPKELE_CP_ "failed to verify response");
     }
 
 }