added verify_op that performs discovery on the relying party

Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2008-02-03 16:17:47 (UTC)
committer: Michael Krelin <hacker@klever.net> 2008-02-03 16:17:47 (UTC)
commit: 434d42b37ecab09fc91ac8e6c752d3292c10a3b1 (patch) (unidiff)
tree: ec069e72e22cc2861e681e912d6f9e3ef4a65a2b
parent: 23a6d48436e24d3d145b742984ef68ec3bae2bfd (diff)
download: libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.zip
libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.gz
libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.bz2
4 files changed, 73 insertions, 6 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index 37fb961..9f5982c 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,33 +1,32 @@
 NODIST_HEADERS_ = \
        opkele/acconfig.h \
        opkele/tr1-mem.h
 nobase_include_HEADERS = \
        opkele/opkele-config.h \
        opkele/types.h \
        opkele/association.h \
        opkele/exception.h \
        opkele/server.h \
        opkele/consumer.h \
        opkele/extension.h \
        opkele/sreg.h \
        opkele/extension_chain.h \
        opkele/xconsumer.h \
        opkele/xserver.h \
        opkele/uris.h \
        opkele/tr1-mem.h \
-        opkele/basic_rp.h \
+        opkele/basic_rp.h opkele/prequeue_rp.h \
-        opkele/prequeue_rp.h \
        opkele/iterator.h \
-        opkele/basic_op.h \
+        opkele/basic_op.h opkele/verify_op.h \
        ${NODIST_HEADERS_}
 noinst_HEADERS = \
        opkele/data.h \
        opkele/curl.h opkele/expat.h opkele/tidy.h \
        opkele/util.h \
        opkele/debug.h \
        opkele/discovery.h
 dist-hook:
        rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_})
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
new file mode 100644
index 0000000..f5c97b2
--- a/dev/null
+++ b/include/opkele/verify_op.h
@@ -0,0 +1,16 @@
+#ifndef __OPKELE_VERIFY_OP_H
+#define __OPKELE_VERIFY_OP_H
+#include <opkele/basic_op.h>
+namespace opkele {
+    class verify_op : public basic_op {
+        public:
+        void verify_return_to();
+    };
+}
+#endif /* __OPKELE_VERIFY_OP_H */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index ac312d1..e8bfbf5 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,35 +1,34 @@
 lib_LTLIBRARIES = libopkele.la
 AM_CPPFLAGS = ${CPPFLAGS_DEBUG}
 DEFAULT_INCLUDES = -I${top_builddir}
 INCLUDES = \
           -I${top_builddir}/include/ -I${top_srcdir}/include/ \
           ${KONFORKA_CFLAGS} \
           ${OPENSSL_CFLAGS} \
           ${LIBCURL_CPPFLAGS} \
           ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}
 libopkele_la_LIBADD = \
        ${LIBCURL} \
        ${PCRE_LIBS} ${EXPAT_LIBS} \
        ${OPENSSL_LIBS} \
        ${KONFORKA_LIBS} ${TIDY_LIBS}
 libopkele_la_SOURCES = \
                       params.cc \
                       util.cc \
                       server.cc \
                       secret.cc \
                       data.cc \
                       consumer.cc \
                       exception.cc \
                       extension.cc \
                       sreg.cc \
                       extension_chain.cc \
                       curl.cc expat.cc \
                       discovery.cc \
-                       basic_rp.cc \
+                       basic_rp.cc prequeue_rp.cc \
-                       prequeue_rp.cc \
                       openid_message.cc \
-                       basic_op.cc
+                       basic_op.cc verify_op.cc
 libopkele_la_LDFLAGS = \
        -version-info 2:0:0
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
new file mode 100644
index 0000000..e7c26b5
--- a/dev/null
+++ b/lib/verify_op.cc
@@ -0,0 +1,53 @@
+#include <opkele/verify_op.h>
+#include <opkele/discovery.h>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/uris.h>
+namespace opkele {
+    using std::output_iterator_tag;
+    class __RP_verifier_good_input : public exception {
+        public:
+            __RP_verifier_good_input(OPKELE_E_PARS)
+                : exception(OPKELE_E_CONS) { }
+    };
+    class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
+        public:
+            int seen;
+            const string& return_to;
+            RP_verifier(const string& rt)
+                : return_to(rt), seen(0) { }
+            RP_verifier& operator*() { return *this; }
+            RP_verifier& operator=(const openid_endpoint_t& oep) {
+                if(util::uri_matches_realm(return_to,oep.uri))
+                    throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
+                return *this;
+            }
+            RP_verifier& operator++() { ++seen; return *this; }
+            RP_verifier& operator++(int) { +seen; return *this; }
+    };
+    void verify_op::verify_return_to() {
+        basic_op::verify_return_to();
+        try {
+            RP_verifier rpv(return_to);
+            string drealm = realm;
+            string::size_type csss = drealm.find("://*.");
+            if(csss==4 || csss==5)
+                drealm.replace(csss+3,1,"www");
+            const char *rtt[] = { STURI_OPENID20_RT, 0 };
+            yadiscover(rpv,drealm,rtt,false);
+            if(rpv.seen)
+                throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP");
+        }catch(__RP_verifier_good_input&) {
+        }catch(bad_return_to& brt) {
+            throw;
+        }catch(exception_network&) { }
+    }
+}
author	Michael Krelin <hacker@klever.net>	2008-02-03 16:17:47 (UTC)
committer	Michael Krelin <hacker@klever.net>	2008-02-03 16:17:47 (UTC)
commit	434d42b37ecab09fc91ac8e6c752d3292c10a3b1 (patch) (unidiff)
tree	ec069e72e22cc2861e681e912d6f9e3ef4a65a2b
parent	23a6d48436e24d3d145b742984ef68ec3bae2bfd (diff)
download	libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.zip libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.gz libopkele-434d42b37ecab09fc91ac8e6c752d3292c10a3b1.tar.bz2

diff --git a/include/Makefile.am b/include/Makefile.am index 37fb961..9f5982c 100644 --- a/include/Makefile.am +++ b/include/Makefile.am
@@ -1,33 +1,32 @@
1	NODIST_HEADERS_ = \	1	NODIST_HEADERS_ = \
2	opkele/acconfig.h \	2	opkele/acconfig.h \
3	opkele/tr1-mem.h	3	opkele/tr1-mem.h
4		4
5	nobase_include_HEADERS = \	5	nobase_include_HEADERS = \
6	opkele/opkele-config.h \	6	opkele/opkele-config.h \
7	opkele/types.h \	7	opkele/types.h \
8	opkele/association.h \	8	opkele/association.h \
9	opkele/exception.h \	9	opkele/exception.h \
10	opkele/server.h \	10	opkele/server.h \
11	opkele/consumer.h \	11	opkele/consumer.h \
12	opkele/extension.h \	12	opkele/extension.h \
13	opkele/sreg.h \	13	opkele/sreg.h \
14	opkele/extension_chain.h \	14	opkele/extension_chain.h \
15	opkele/xconsumer.h \	15	opkele/xconsumer.h \
16	opkele/xserver.h \	16	opkele/xserver.h \
17	opkele/uris.h \	17	opkele/uris.h \
18	opkele/tr1-mem.h \	18	opkele/tr1-mem.h \
19	opkele/basic_rp.h \	19	opkele/basic_rp.h opkele/prequeue_rp.h \
20	opkele/prequeue_rp.h \
21	opkele/iterator.h \	20	opkele/iterator.h \
22	opkele/basic_op.h \	21	opkele/basic_op.h opkele/verify_op.h \
23	${NODIST_HEADERS_}	22	${NODIST_HEADERS_}
24		23
25	noinst_HEADERS = \	24	noinst_HEADERS = \
26	opkele/data.h \	25	opkele/data.h \
27	opkele/curl.h opkele/expat.h opkele/tidy.h \	26	opkele/curl.h opkele/expat.h opkele/tidy.h \
28	opkele/util.h \	27	opkele/util.h \
29	opkele/debug.h \	28	opkele/debug.h \
30	opkele/discovery.h	29	opkele/discovery.h
31		30
32	dist-hook:	31	dist-hook:
33	rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_})	32	rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_})


diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h new file mode 100644 index 0000000..f5c97b2 --- a/dev/null +++ b/include/opkele/verify_op.h
@@ -0,0 +1,16 @@
		1	#ifndef __OPKELE_VERIFY_OP_H
		2	#define __OPKELE_VERIFY_OP_H
		3
		4	#include <opkele/basic_op.h>
		5
		6	namespace opkele {
		7
		8	class verify_op : public basic_op {
		9	public:
		10
		11	void verify_return_to();
		12	};
		13
		14	}
		15
		16	#endif /* __OPKELE_VERIFY_OP_H */


diff --git a/lib/Makefile.am b/lib/Makefile.am index ac312d1..e8bfbf5 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am
@@ -1,35 +1,34 @@
1	lib_LTLIBRARIES = libopkele.la	1	lib_LTLIBRARIES = libopkele.la
2		2
3	AM_CPPFLAGS = ${CPPFLAGS_DEBUG}	3	AM_CPPFLAGS = ${CPPFLAGS_DEBUG}
4	DEFAULT_INCLUDES = -I${top_builddir}	4	DEFAULT_INCLUDES = -I${top_builddir}
5	INCLUDES = \	5	INCLUDES = \
6	-I${top_builddir}/include/ -I${top_srcdir}/include/ \	6	-I${top_builddir}/include/ -I${top_srcdir}/include/ \
7	${KONFORKA_CFLAGS} \	7	${KONFORKA_CFLAGS} \
8	${OPENSSL_CFLAGS} \	8	${OPENSSL_CFLAGS} \
9	${LIBCURL_CPPFLAGS} \	9	${LIBCURL_CPPFLAGS} \
10	${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}	10	${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}
11	libopkele_la_LIBADD = \	11	libopkele_la_LIBADD = \
12	${LIBCURL} \	12	${LIBCURL} \
13	${PCRE_LIBS} ${EXPAT_LIBS} \	13	${PCRE_LIBS} ${EXPAT_LIBS} \
14	${OPENSSL_LIBS} \	14	${OPENSSL_LIBS} \
15	${KONFORKA_LIBS} ${TIDY_LIBS}	15	${KONFORKA_LIBS} ${TIDY_LIBS}
16		16
17	libopkele_la_SOURCES = \	17	libopkele_la_SOURCES = \
18	params.cc \	18	params.cc \
19	util.cc \	19	util.cc \
20	server.cc \	20	server.cc \
21	secret.cc \	21	secret.cc \
22	data.cc \	22	data.cc \
23	consumer.cc \	23	consumer.cc \
24	exception.cc \	24	exception.cc \
25	extension.cc \	25	extension.cc \
26	sreg.cc \	26	sreg.cc \
27	extension_chain.cc \	27	extension_chain.cc \
28	curl.cc expat.cc \	28	curl.cc expat.cc \
29	discovery.cc \	29	discovery.cc \
30	basic_rp.cc \	30	basic_rp.cc prequeue_rp.cc \
31	prequeue_rp.cc \
32	openid_message.cc \	31	openid_message.cc \
33	basic_op.cc	32	basic_op.cc verify_op.cc
34	libopkele_la_LDFLAGS = \	33	libopkele_la_LDFLAGS = \
35	-version-info 2:0:0	34	-version-info 2:0:0


diff --git a/lib/verify_op.cc b/lib/verify_op.cc new file mode 100644 index 0000000..e7c26b5 --- a/dev/null +++ b/lib/verify_op.cc
@@ -0,0 +1,53 @@
		1	#include <opkele/verify_op.h>
		2	#include <opkele/discovery.h>
		3	#include <opkele/exception.h>
		4	#include <opkele/util.h>
		5	#include <opkele/uris.h>
		6
		7	namespace opkele {
		8	using std::output_iterator_tag;
		9
		10	class __RP_verifier_good_input : public exception {
		11	public:
		12	__RP_verifier_good_input(OPKELE_E_PARS)
		13	: exception(OPKELE_E_CONS) { }
		14	};
		15
		16	class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
		17	public:
		18	int seen;
		19	const string& return_to;
		20
		21	RP_verifier(const string& rt)
		22	: return_to(rt), seen(0) { }
		23
		24	RP_verifier& operator() { return this; }
		25	RP_verifier& operator=(const openid_endpoint_t& oep) {
		26	if(util::uri_matches_realm(return_to,oep.uri))
		27	throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
		28	return *this;
		29	}
		30
		31	RP_verifier& operator++() { ++seen; return *this; }
		32	RP_verifier& operator++(int) { +seen; return *this; }
		33	};
		34
		35	void verify_op::verify_return_to() {
		36	basic_op::verify_return_to();
		37	try {
		38	RP_verifier rpv(return_to);
		39	string drealm = realm;
		40	string::size_type csss = drealm.find("://*.");
		41	if(csss==4 \|\| csss==5)
		42	drealm.replace(csss+3,1,"www");
		43	const char *rtt[] = { STURI_OPENID20_RT, 0 };
		44	yadiscover(rpv,drealm,rtt,false);
		45	if(rpv.seen)
		46	throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP");
		47	}catch(__RP_verifier_good_input&) {
		48	}catch(bad_return_to& brt) {
		49	throw;
		50	}catch(exception_network&) { }
		51	}
		52
		53	}