summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2008-02-19 10:52:09 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-19 10:52:09 (UTC)
commit42e4fb613d190508b3e8b8993d233044eeea4d20 (patch) (side-by-side diff)
tree9b8ebc420942554f927a777e03c70a7c65305a88
parenta3db32747e8370cab8cfdcc382fee875613b7b77 (diff)
downloadlibopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.zip
libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.gz
libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.bz2
basic_RP: add methods for accessing identity information passed from OP.
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_rp.h36
-rw-r--r--lib/basic_rp.cc29
2 files changed, 63 insertions, 2 deletions
diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h
index d5356aa..d096e0a 100644
--- a/include/opkele/basic_rp.h
+++ b/include/opkele/basic_rp.h
@@ -10,9 +10,45 @@ namespace opkele {
class basic_RP {
public:
+ /**
+ * Claimed identifier from a parsed id_res message.
+ */
+ string claimed_id;
+ /**
+ * OP-Local identifier from a parsed id_res message.
+ */
+ string identity;
virtual ~basic_RP() { }
+ void reset_vars();
+
+ /**
+ * @name Assertion information retrieval
+ * Retrieval of the information passed with openid message
+ * @{
+ */
+ /**
+ * Find out if the assertion is about identity
+ * @return true if so
+ */
+ bool has_identity() const;
+ /**
+ * Get claimed identifier supplied with the request
+ * @return claimed identifier
+ * @throw non_identity if request is not about identity
+ */
+ const string& get_claimed_id() const;
+ /**
+ * Get the identity (OP-Local identifier) confirmed
+ * @return identity
+ * @throw non_identity if request is not about identity
+ */
+ const string& get_identity() const;
+ /**
+ * @}
+ */
+
/**
* @name Global persistent store API
* These are functions related to the associations with OP storage
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index e65d9fb..3357d0b 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -8,9 +8,28 @@
#include <opkele/util.h>
#include <opkele/util-internal.h>
#include <opkele/curl.h>
+#include <opkele/debug.h>
namespace opkele {
+ void basic_RP::reset_vars() {
+ claimed_id.clear(); identity.clear();
+ }
+
+ const string& basic_RP::get_claimed_id() const {
+ if(claimed_id.empty())
+ throw non_identity(OPKELE_CP_ "attempting to retreive claimed_id of non-identity assertion");
+ assert(!identity.empty());
+ return claimed_id;
+ }
+
+ const string& basic_RP::get_identity() const {
+ if(identity.empty())
+ throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related assertion");
+ assert(!claimed_id.empty());
+ return identity;
+ }
+
static void dh_get_secret(
secret_t& secret, const basic_openid_message& om,
const char *exp_assoc, const char *exp_sess,
@@ -196,6 +215,7 @@ namespace opkele {
}
void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) {
+ reset_vars();
bool o2 = om.has_field("ns")
&& om.get_field("ns")==OIURI_OPENID20;
if( (!o2) && om.has_field("user_setup_url"))
@@ -271,12 +291,17 @@ namespace opkele {
}
if(om.has_field("claimed_id")) {
+ claimed_id = om.get_field("claimed_id");
+ identity = om.get_field("identity");
verify_OP(
om.get_field("op_endpoint"),
- om.get_field("claimed_id"),
- om.get_field("identity") );
+ claimed_id, identity );
}
+ }else{
+ claimed_id = get_endpoint().claimed_id;
+ /* TODO: check if this is the identity we asked for */
+ identity = om.get_field("identity");
}
if(ext) ext->rp_id_res_hook(om,signeds);
}