author | Michael Krelin <hacker@klever.net> | 2008-02-19 10:52:09 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-02-19 10:52:09 (UTC) |
commit | 42e4fb613d190508b3e8b8993d233044eeea4d20 (patch) (unidiff) | |
tree | 9b8ebc420942554f927a777e03c70a7c65305a88 /include/opkele/basic_rp.h | |
parent | a3db32747e8370cab8cfdcc382fee875613b7b77 (diff) | |
download | libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.zip libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.gz libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.bz2 |
basic_RP: add methods for accessing identity information passed from OP.
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | include/opkele/basic_rp.h | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h index d5356aa..d096e0a 100644 --- a/include/opkele/basic_rp.h +++ b/include/opkele/basic_rp.h | |||
@@ -1,111 +1,147 @@ | |||
1 | #ifndef __OPKELE_BASIC_RP_H | 1 | #ifndef __OPKELE_BASIC_RP_H |
2 | #define __OPKELE_BASIC_RP_H | 2 | #define __OPKELE_BASIC_RP_H |
3 | 3 | ||
4 | #include <string> | 4 | #include <string> |
5 | #include <opkele/types.h> | 5 | #include <opkele/types.h> |
6 | #include <opkele/extension.h> | 6 | #include <opkele/extension.h> |
7 | 7 | ||
8 | namespace opkele { | 8 | namespace opkele { |
9 | using std::string; | 9 | using std::string; |
10 | 10 | ||
11 | class basic_RP { | 11 | class basic_RP { |
12 | public: | 12 | public: |
13 | /** | ||
14 | * Claimed identifier from a parsed id_res message. | ||
15 | */ | ||
16 | string claimed_id; | ||
17 | /** | ||
18 | * OP-Local identifier from a parsed id_res message. | ||
19 | */ | ||
20 | string identity; | ||
13 | 21 | ||
14 | virtual ~basic_RP() { } | 22 | virtual ~basic_RP() { } |
15 | 23 | ||
24 | void reset_vars(); | ||
25 | |||
26 | /** | ||
27 | * @name Assertion information retrieval | ||
28 | * Retrieval of the information passed with openid message | ||
29 | * @{ | ||
30 | */ | ||
31 | /** | ||
32 | * Find out if the assertion is about identity | ||
33 | * @return true if so | ||
34 | */ | ||
35 | bool has_identity() const; | ||
36 | /** | ||
37 | * Get claimed identifier supplied with the request | ||
38 | * @return claimed identifier | ||
39 | * @throw non_identity if request is not about identity | ||
40 | */ | ||
41 | const string& get_claimed_id() const; | ||
42 | /** | ||
43 | * Get the identity (OP-Local identifier) confirmed | ||
44 | * @return identity | ||
45 | * @throw non_identity if request is not about identity | ||
46 | */ | ||
47 | const string& get_identity() const; | ||
48 | /** | ||
49 | * @} | ||
50 | */ | ||
51 | |||
16 | /** | 52 | /** |
17 | * @name Global persistent store API | 53 | * @name Global persistent store API |
18 | * These are functions related to the associations with OP storage | 54 | * These are functions related to the associations with OP storage |
19 | * and retrieval and nonce records. They provide an interface to | 55 | * and retrieval and nonce records. They provide an interface to |
20 | * the persistent storage which is shared by all sessions. If the | 56 | * the persistent storage which is shared by all sessions. If the |
21 | * implementor prefers the dumb mode instead, the function should | 57 | * implementor prefers the dumb mode instead, the function should |
22 | * throw dumb_RP exception instead. | 58 | * throw dumb_RP exception instead. |
23 | * @see opkele::dumb_RP | 59 | * @see opkele::dumb_RP |
24 | * @{ | 60 | * @{ |
25 | */ | 61 | */ |
26 | /** | 62 | /** |
27 | * Store association and return allocated association object. | 63 | * Store association and return allocated association object. |
28 | * @param OP OP endpoint | 64 | * @param OP OP endpoint |
29 | * @param handle association handle | 65 | * @param handle association handle |
30 | * @param type association type | 66 | * @param type association type |
31 | * @param secret association secret | 67 | * @param secret association secret |
32 | * @params expires_in the number of seconds association expires in | 68 | * @params expires_in the number of seconds association expires in |
33 | * @return the association object | 69 | * @return the association object |
34 | * @throw dumb_RP for dumb RP | 70 | * @throw dumb_RP for dumb RP |
35 | */ | 71 | */ |
36 | virtual assoc_t store_assoc( | 72 | virtual assoc_t store_assoc( |
37 | const string& OP,const string& handle, | 73 | const string& OP,const string& handle, |
38 | const string& type,const secret_t& secret, | 74 | const string& type,const secret_t& secret, |
39 | int expires_in) = 0; | 75 | int expires_in) = 0; |
40 | /** | 76 | /** |
41 | * Find valid unexpired association with an OP. | 77 | * Find valid unexpired association with an OP. |
42 | * @param OP OP endpoint URL | 78 | * @param OP OP endpoint URL |
43 | * @return association found | 79 | * @return association found |
44 | * @throw failed_lookup if no association found | 80 | * @throw failed_lookup if no association found |
45 | * @throw dumb_RP for dumb RP | 81 | * @throw dumb_RP for dumb RP |
46 | */ | 82 | */ |
47 | virtual assoc_t find_assoc( | 83 | virtual assoc_t find_assoc( |
48 | const string& OP) = 0; | 84 | const string& OP) = 0; |
49 | /** | 85 | /** |
50 | * Retrieve valid association handle for an OP by handle. | 86 | * Retrieve valid association handle for an OP by handle. |
51 | * @param OP OP endpoint URL | 87 | * @param OP OP endpoint URL |
52 | * @param handle association handle | 88 | * @param handle association handle |
53 | * @return association found | 89 | * @return association found |
54 | * @throw failed_lookup if no association found | 90 | * @throw failed_lookup if no association found |
55 | * @throw dumb_RP for dumb RP | 91 | * @throw dumb_RP for dumb RP |
56 | */ | 92 | */ |
57 | virtual assoc_t retrieve_assoc( | 93 | virtual assoc_t retrieve_assoc( |
58 | const string& OP,const string& handle) = 0; | 94 | const string& OP,const string& handle) = 0; |
59 | /** | 95 | /** |
60 | * Invalidate association with OP | 96 | * Invalidate association with OP |
61 | * @param OP OP endpoint URL | 97 | * @param OP OP endpoint URL |
62 | * @param handle association handle | 98 | * @param handle association handle |
63 | * @throw dumb_RP for dumb RP | 99 | * @throw dumb_RP for dumb RP |
64 | */ | 100 | */ |
65 | virtual void invalidate_assoc(const string& OP,const string& handle) = 0; | 101 | virtual void invalidate_assoc(const string& OP,const string& handle) = 0; |
66 | 102 | ||
67 | /** | 103 | /** |
68 | * Check the nonce validity. That is, check that we haven't | 104 | * Check the nonce validity. That is, check that we haven't |
69 | * accepted request with this nonce from this OP, yet. May involve | 105 | * accepted request with this nonce from this OP, yet. May involve |
70 | * cutting off by the timestamp and checking the rest against the | 106 | * cutting off by the timestamp and checking the rest against the |
71 | * store of seen nonces. | 107 | * store of seen nonces. |
72 | * @param OP OP endpoint URL | 108 | * @param OP OP endpoint URL |
73 | * @param nonce nonce value | 109 | * @param nonce nonce value |
74 | * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e. | 110 | * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e. |
75 | * either too old or seen. | 111 | * either too old or seen. |
76 | */ | 112 | */ |
77 | virtual void check_nonce(const string& OP,const string& nonce) = 0; | 113 | virtual void check_nonce(const string& OP,const string& nonce) = 0; |
78 | /** | 114 | /** |
79 | * @} | 115 | * @} |
80 | */ | 116 | */ |
81 | 117 | ||
82 | /** | 118 | /** |
83 | * @name Session persistent store API | 119 | * @name Session persistent store API |
84 | * @{ | 120 | * @{ |
85 | */ | 121 | */ |
86 | /** | 122 | /** |
87 | * Retrieve OpenID endpoint being currently used for | 123 | * Retrieve OpenID endpoint being currently used for |
88 | * authentication. If there is no endpoint available, throw a | 124 | * authentication. If there is no endpoint available, throw a |
89 | * no_endpoint exception. | 125 | * no_endpoint exception. |
90 | * @return reference to the service endpoint object | 126 | * @return reference to the service endpoint object |
91 | * @see next_endpoint | 127 | * @see next_endpoint |
92 | * @throw no_endpoint if no endpoint available | 128 | * @throw no_endpoint if no endpoint available |
93 | */ | 129 | */ |
94 | virtual const openid_endpoint_t& get_endpoint() const = 0; | 130 | virtual const openid_endpoint_t& get_endpoint() const = 0; |
95 | /** | 131 | /** |
96 | * Advance to the next endpoint to try. | 132 | * Advance to the next endpoint to try. |
97 | * @see get_endpoint() | 133 | * @see get_endpoint() |
98 | * @throw no_endpoint if there are no more endpoints | 134 | * @throw no_endpoint if there are no more endpoints |
99 | */ | 135 | */ |
100 | virtual void next_endpoint() = 0; | 136 | virtual void next_endpoint() = 0; |
101 | /** | 137 | /** |
102 | * @} | 138 | * @} |
103 | */ | 139 | */ |
104 | 140 | ||
105 | /** | 141 | /** |
106 | * @name Site particulars API | 142 | * @name Site particulars API |
107 | * @{ | 143 | * @{ |
108 | */ | 144 | */ |
109 | /** | 145 | /** |
110 | * Return an absolute URL of the page being processed, includining | 146 | * Return an absolute URL of the page being processed, includining |
111 | * query parameters. It is used to validate return_to URL on | 147 | * query parameters. It is used to validate return_to URL on |