summaryrefslogtreecommitdiffabout
path: root/include/opkele
authorMichael Krelin <hacker@klever.net>2008-01-20 21:08:05 (UTC)
committer Michael Krelin <hacker@klever.net>2008-01-20 21:08:05 (UTC)
commit9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc (patch) (unidiff)
tree702473142242e80538c4801cc379ec98fba199dd /include/opkele
parent395a126cbf59b7a50f44da3096b68bab412ab33d (diff)
downloadlibopkele-9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc.zip
libopkele-9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc.tar.gz
libopkele-9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc.tar.bz2
the whole library rewritten
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (limited to 'include/opkele') (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_rp.h218
-rw-r--r--include/opkele/discovery.h88
-rw-r--r--include/opkele/exception.h19
-rw-r--r--include/opkele/extension.h7
-rw-r--r--include/opkele/extension_chain.h6
-rw-r--r--include/opkele/prequeue_rp.h81
-rw-r--r--include/opkele/sreg.h8
-rw-r--r--include/opkele/types.h171
-rw-r--r--include/opkele/util.h8
9 files changed, 479 insertions, 127 deletions
diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h
new file mode 100644
index 0000000..3f17fd9
--- a/dev/null
+++ b/include/opkele/basic_rp.h
@@ -0,0 +1,218 @@
1#ifndef __OPKELE_BASIC_RP_H
2#define __OPKELE_BASIC_RP_H
3
4#include <cstring>
5#include <string>
6#include <opkele/types.h>
7#include <opkele/extension.h>
8
9namespace opkele {
10 using std::string;
11
12 struct openid_endpoint_t {
13 string uri;
14 string claimed_id;
15 string local_id;
16
17 openid_endpoint_t() { }
18 openid_endpoint_t(const string& u,const string& cid,const string& lid)
19 : uri(u), claimed_id(cid), local_id(lid) { }
20
21 bool operator==(const openid_endpoint_t& x) const {
22 return uri==x.uri && local_id==x.local_id; }
23 bool operator<(const openid_endpoint_t& x) const {
24 int c;
25 return (c=strcmp(uri.c_str(),x.uri.c_str()))
26 ? (c<0) : (strcmp(local_id.c_str(),x.local_id.c_str())<0); }
27 };
28
29 class basic_RP {
30 public:
31
32 virtual ~basic_RP() { }
33
34 /**
35 * @name Global persistent store API
36 * These are functions related to the associations with OP storage
37 * and retrieval and nonce records. They provide an interface to
38 * the persistent storage which is shared by all sessions. If the
39 * implementor prefers the dumb mode instead, the function should
40 * throw dumb_RP exception instead.
41 * @see opkele::dumb_RP
42 * @{
43 */
44 /**
45 * Store association and return allocated association object.
46 * @param OP OP endpoint
47 * @param handle association handle
48 * @param type association type
49 * @param secret association secret
50 * @params expires_in the number of seconds association expires in
51 * @return the association object
52 * @throw dumb_RP for dumb RP
53 */
54 virtual assoc_t store_assoc(
55 const string& OP,const string& handle,
56 const string& type,const secret_t& secret,
57 int expires_in) = 0;
58 /**
59 * Find valid unexpired association with an OP.
60 * @param OP OP endpoint URL
61 * @return association found
62 * @throw failed_lookup if no association found
63 * @throw dumb_RP for dumb RP
64 */
65 virtual assoc_t find_assoc(
66 const string& OP) = 0;
67 /**
68 * Retrieve valid association handle for an OP by handle.
69 * @param OP OP endpoint URL
70 * @param handle association handle
71 * @return association found
72 * @throw failed_lookup if no association found
73 * @throw dumb_RP for dumb RP
74 */
75 virtual assoc_t retrieve_assoc(
76 const string& OP,const string& handle) = 0;
77 /**
78 * Invalidate association with OP
79 * @param OP OP endpoint URL
80 * @param handle association handle
81 * @throw dumb_RP for dumb RP
82 */
83 virtual void invalidate_assoc(const string& OP,const string& handle) = 0;
84
85 /**
86 * Check the nonce validity. That is, check that we haven't
87 * accepted request with this nonce from this OP, yet. May involve
88 * cutting off by the timestamp and checking the rest against the
89 * store of seen nonces.
90 * @param OP OP endpoint URL
91 * @param nonce nonce value
92 * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e.
93 * either too old or seen.
94 */
95 virtual void check_nonce(const string& OP,const string& nonce) = 0;
96 /**
97 * @}
98 */
99
100 /**
101 * @name Session persistent store API
102 * @{
103 */
104 /**
105 * Retrieve OpenID endpoint being currently used for
106 * authentication. If there is no endpoint available, throw a
107 * no_endpoint exception.
108 * @return reference to the service endpoint object
109 * @see next_endpoint
110 * @throw no_endpoint if no endpoint available
111 */
112 virtual const openid_endpoint_t& get_endpoint() const = 0;
113 /**
114 * Advance to the next endpoint to try.
115 * @see get_endpoint()
116 * @throw no_endpoint if there are no more endpoints
117 */
118 virtual void next_endpoint() = 0;
119 /**
120 * @}
121 */
122
123 /**
124 * @name Site particulars API
125 * @{
126 */
127 /**
128 * Return an absolute URL of the page being processed, includining
129 * query parameters. It is used to validate return_to URL on
130 * positive assertions.
131 * @return fully qualified url of the page being processed.
132 */
133 virtual const string get_this_url() const = 0;
134 /**
135 * @}
136 */
137
138 /**
139 * @name OpenID actions
140 * @{
141 */
142 /**
143 * Initiates authentication session, doing discovery, normalization
144 * and whatever implementor wants to do at this point.
145 * @param usi User-supplied identity
146 */
147 virtual void initiate(const string& usi) = 0;
148 /**
149 * Prepare checkid_request.
150 * @param rv reference to the openid message to prepare
151 * @param mode checkid_setup or checkid_immediate
152 * @param return_to the URL OP should redirect to after completion
153 * @param realm authentication realm to pass to OP
154 * @param ext pointer to extension to use in request preparation
155 * @return reference to the openid message
156 */
157 basic_openid_message& checkid_(
158 basic_openid_message& rv,
159 mode_t mode,
160 const string& return_to,const string& realm,
161 extension_t *ext=0);
162 /**
163 * Verify assertion at the end of round-trip.
164 * @param om incoming openid message
165 * @param ext pointer to extention to use in parsing assertion
166 * @throw id_res_setup if checkid_immediate request could not be
167 * completed
168 * @throw id_res_cancel if authentication request was canceled
169 * @throw id_res_mismatch in case of signature mismatch
170 * @throw id_res_bad_return_to if return_to url seems to be
171 * tampered with
172 * @throw id_res_unauthorized if OP is not authorized to make
173 * assertions regarding the identity
174 */
175 void id_res(const basic_openid_message& om,extension_t *ext=0);
176
177 /**
178 * Establish association with OP
179 * @param OP OP to establish association with
180 * @throw dumb_RP if for a dumb RP
181 */
182 virtual assoc_t associate(const string& OP);
183 /**
184 * Check authentication with OP and invalidate handle if requested
185 * and confirmed
186 * @param OP OP to check with
187 * @param om message to check
188 * @throw failed_check_authentication if OP fails to confirm
189 * authenticity of the assertion
190 */
191 void check_authentication(const string& OP,const basic_openid_message& om);
192 /**
193 * @}
194 */
195
196 /**
197 * @name Miscellanea
198 * @{
199 */
200 /**
201 * Verify OP authority. Return normally if OP is authorized to make
202 * an assertion, throw an exception otherwise.
203 * @param OP OP endpoint
204 * @param claimed_id claimed identity
205 * @param identity OP-Local identifier
206 * @throw id_res_unauthorized if OP is not authorized to make
207 * assertion regarding this identity.
208 */
209 virtual void verify_OP(const string& OP,
210 const string& claimed_id,const string& identity) const = 0;
211 /**
212 * @}
213 */
214 };
215
216}
217
218#endif /* __OPKELE_BASIC_RP_H */
diff --git a/include/opkele/discovery.h b/include/opkele/discovery.h
index af4aa29..ab4b9d9 100644
--- a/include/opkele/discovery.h
+++ b/include/opkele/discovery.h
@@ -1,40 +1,104 @@
1#ifndef __OPKELE_DISCOVERY_H 1#ifndef __OPKELE_DISCOVERY_H
2#define __OPKELE_DISCOVERY_H 2#define __OPKELE_DISCOVERY_H
3 3
4#include <string> 4#include <string>
5#include <opkele/types.h> 5#include <opkele/types.h>
6#include <opkele/basic_rp.h>
6 7
7namespace opkele { 8namespace opkele {
8 using std::string; 9 using std::string;
9 10
10 struct idiscovery_t; 11 namespace xrd {
11 12
12 void idiscover(idiscovery_t& result,const string& identity); 13 struct priority_compare {
14 inline bool operator()(long a,long b) const {
15 return (a<0) ? false : (b<0) ? true : (a<b);
16 }
17 };
18
19 template <typename _DT>
20 class priority_map : public multimap<long,_DT,priority_compare> {
21 typedef multimap<long,_DT,priority_compare> map_type;
22 public:
23
24 inline _DT& add(long priority,const _DT& d) {
25 return insert(typename map_type::value_type(priority,d))->second;
26 }
27
28 bool has_value(const _DT& d) const {
29 for(typename map_type::const_iterator i=this->begin();i!=this->end();++i)
30 if(i->second==d) return true;
31 return false;
32 }
33 };
34
35 typedef priority_map<string> canonical_ids_t;
36 typedef priority_map<string> local_ids_t;
37 typedef set<string> types_t;
38 typedef priority_map<string> uris_t;
39
40 class service_t {
41 public:
42 types_t types;
43 uris_t uris;
44 local_ids_t local_ids;
45 string provider_id;
46
47 void clear() {
48 types.clear();
49 uris.clear(); local_ids.clear();
50 provider_id.clear();
51 }
52 };
53 typedef priority_map<service_t> services_t;
54
55 class XRD_t {
56 public:
57 time_t expires;
58
59 canonical_ids_t canonical_ids;
60 local_ids_t local_ids;
61 services_t services;
62 string provider_id;
63
64 void clear() {
65 expires = 0;
66 canonical_ids.clear(); local_ids.clear();
67 services.clear();
68 provider_id.clear();
69 }
70 bool empty() const {
71 return
72 canonical_ids.empty()
73 && local_ids.empty()
74 && services.empty();
75 }
76
77 };
78
79 }
80
81 typedef util::output_iterator_proxy<openid_endpoint_t>
82 endpoint_discovery_iterator;
83
84 string idiscover(
85 endpoint_discovery_iterator oi,
86 const string& identity);
13 87
14 struct idiscovery_t { 88 struct idiscovery_t {
15 bool xri_identity; 89 bool xri_identity;
16 string normalized_id; 90 string normalized_id;
17 string canonicalized_id; 91 string canonicalized_id;
18 xrd::XRD_t xrd; 92 xrd::XRD_t xrd;
19 93
20 idiscovery_t() { } 94 idiscovery_t() { }
21 idiscovery_t(const string& i) {
22 idiscover(*this,i);
23 }
24 idiscovery_t(const char *i) {
25 idiscover(*this,i);
26 }
27 95
28 void clear() { 96 void clear() {
29 normalized_id.clear(); canonicalized_id.clear(); 97 normalized_id.clear(); canonicalized_id.clear();
30 xrd.clear(); 98 xrd.clear();
31 } 99 }
32 100
33 idiscovery_t& operator=(const string& i) {
34 idiscover(*this,i); return *this; }
35 idiscovery_t& operator=(const char *i) {
36 idiscover(*this,i); return *this; }
37 }; 101 };
38} 102}
39 103
40#endif /* __OPKELE_DISCOVERY_H */ 104#endif /* __OPKELE_DISCOVERY_H */
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
index a8c3339..ccb39d9 100644
--- a/include/opkele/exception.h
+++ b/include/opkele/exception.h
@@ -266,51 +266,70 @@ namespace opkele {
266 /** 266 /**
267 * exception thrown in case of failed discovery 267 * exception thrown in case of failed discovery
268 */ 268 */
269 class failed_discovery : public exception { 269 class failed_discovery : public exception {
270 public: 270 public:
271 failed_discovery(OPKELE_E_PARS) 271 failed_discovery(OPKELE_E_PARS)
272 : exception(OPKELE_E_CONS) { } 272 : exception(OPKELE_E_CONS) { }
273 }; 273 };
274 274
275 /** 275 /**
276 * unsuccessfull xri resolution 276 * unsuccessfull xri resolution
277 */ 277 */
278 class failed_xri_resolution : public failed_discovery { 278 class failed_xri_resolution : public failed_discovery {
279 public: 279 public:
280 long _code; 280 long _code;
281 failed_xri_resolution(OPKELE_E_PARS,long _c=-1) 281 failed_xri_resolution(OPKELE_E_PARS,long _c=-1)
282 : failed_discovery(OPKELE_E_CONS), _code(_c) { } 282 : failed_discovery(OPKELE_E_CONS), _code(_c) { }
283 }; 283 };
284 284
285 /** 285 /**
286 * not implemented (think pure virtual) member function executed, signfies 286 * not implemented (think pure virtual) member function executed, signfies
287 * programmer error 287 * programmer error
288 */ 288 */
289 class not_implemented : public exception { 289 class not_implemented : public exception {
290 public: 290 public:
291 not_implemented(OPKELE_E_PARS) 291 not_implemented(OPKELE_E_PARS)
292 : exception(OPKELE_E_CONS) { } 292 : exception(OPKELE_E_CONS) { }
293 }; 293 };
294 294
295 /** 295 /**
296 * internal error, indicates internal libopkele problem 296 * internal error, indicates internal libopkele problem
297 */ 297 */
298 class internal_error : public exception { 298 class internal_error : public exception {
299 public: 299 public:
300 internal_error(OPKELE_E_PARS) 300 internal_error(OPKELE_E_PARS)
301 : exception(OPKELE_E_CONS) { } 301 : exception(OPKELE_E_CONS) { }
302 }; 302 };
303 303
304 /** 304 /**
305 * thrown in case of unsupported parameter encountered (e.g. unsupported 305 * thrown in case of unsupported parameter encountered (e.g. unsupported
306 * association type). 306 * association type).
307 */ 307 */
308 class unsupported : public exception { 308 class unsupported : public exception {
309 public: 309 public:
310 unsupported(OPKELE_E_PARS) 310 unsupported(OPKELE_E_PARS)
311 : exception(OPKELE_E_CONS) { } 311 : exception(OPKELE_E_CONS) { }
312 }; 312 };
313 313
314 /**
315 * thrown by associations store related functions in case of dumb RP.
316 */
317 class dumb_RP : public exception {
318 public:
319 dumb_RP(OPKELE_E_PARS)
320 : exception(OPKELE_E_CONS) { }
321 };
322
323 /**
324 * thrown by endpoint-queue related function if endpoint is being
325 * accessed but there's no endpoint available.
326 */
327 class no_endpoint : public exception {
328 public:
329 no_endpoint(OPKELE_E_PARS)
330 : exception(OPKELE_E_CONS) { }
331 };
332
314} 333}
315 334
316#endif /* __OPKELE_EXCEPTION_H */ 335#endif /* __OPKELE_EXCEPTION_H */
diff --git a/include/opkele/extension.h b/include/opkele/extension.h
index 513672f..3ee25ee 100644
--- a/include/opkele/extension.h
+++ b/include/opkele/extension.h
@@ -1,65 +1,66 @@
1#ifndef __OPKELE_EXTENSION_H 1#ifndef __OPKELE_EXTENSION_H
2#define __OPKELE_EXTENSION_H 2#define __OPKELE_EXTENSION_H
3 3
4/** 4/**
5 * @file 5 * @file
6 * @brief extensions framework basics 6 * @brief extensions framework basics
7 */ 7 */
8 8
9#include <opkele/types.h> 9#include <opkele/types.h>
10 10
11namespace opkele { 11namespace opkele {
12 12
13 /** 13 /**
14 * OpenID extension hooks base class 14 * OpenID extension hooks base class
15 */ 15 */
16 class extension_t { 16 class extension_t {
17 public: 17 public:
18 18
19 virtual ~extension_t() { } 19 virtual ~extension_t() { }
20
20 /** 21 /**
21 * hook called by consumer before submitting data to OpenID server. 22 * hook called by consumer before submitting data to OpenID server.
22 * It is supposed to manipulate parameters list. 23 * It is supposed to manipulate parameters list.
23 * @param p parameters about to be submitted to server 24 * @param p parameters about to be submitted to server
24 * @param identity identity being verified. It may differ from the 25 * @param identity identity being verified. It may differ from the
25 * one available in parameters list in case of delegation 26 * one available in parameters list in case of delegation
26 * @see consumer_t::checkid_ 27 * @see consumer_t::checkid_
27 * @see consumer_t::checkid_immediate 28 * @see consumer_t::checkid_immediate
28 * @see consumer_t::checkid_setup 29 * @see consumer_t::checkid_setup
29 */ 30 */
30 virtual void checkid_hook(params_t& p,const string& identity); 31 virtual void checkid_hook(basic_openid_message& om);
31 /** 32 /**
32 * hook called by consumer after identity information received from 33 * hook called by consumer after identity information received from
33 * OpenID server is verified. 34 * OpenID server is verified.
34 * @param p parameters received from server 35 * @param p parameters received from server
35 * @param sp signed parameters received from server with 'openid.' 36 * @param sp signed parameters received from server with 'openid.'
36 * leader stripped 37 * leader stripped
37 * @param identity identity confirmed. May differ from the one 38 * @param identity identity confirmed. May differ from the one
38 * available in parameters list in case of delegation. May also be 39 * available in parameters list in case of delegation. May also be
39 * empty which means - extract one from parameters 40 * empty which means - extract one from parameters
40 * @see consumer_t::id_res 41 * @see consumer_t::id_res
41 */ 42 */
42 virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); 43 virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp);
43 44
44 /** 45 /**
45 * hook called by server before returning information to consumer. 46 * hook called by server before returning information to consumer.
46 * The hook may manipulate output parameters. It is important to 47 * The hook may manipulate output parameters. It is important to
47 * note that modified pout["signed"] is used for signing response. 48 * note that modified pout["signed"] is used for signing response.
48 * @param pin request parameters list with "openid." prefix 49 * @param pin request parameters list with "openid." prefix
49 * @param pout response parameters list without "openid." prefix 50 * @param pout response parameters list without "openid." prefix
50 * @see server_t::checkid_ 51 * @see server_t::checkid_
51 * @see server_t::checkid_immediate 52 * @see server_t::checkid_immediate
52 * @see server_t::checkid_setup 53 * @see server_t::checkid_setup
53 */ 54 */
54 virtual void checkid_hook(const params_t& pin,params_t& pout); 55 virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum);
55 56
56 /** 57 /**
57 * Casts the object to pointer to itself. For convenient passing 58 * Casts the object to pointer to itself. For convenient passing
58 * of pointer. 59 * of pointer.
59 */ 60 */
60 operator extension_t*(void) { return this; } 61 operator extension_t*(void) { return this; }
61 }; 62 };
62 63
63} 64}
64 65
65#endif /* __OPKELE_EXTENSION_H */ 66#endif /* __OPKELE_EXTENSION_H */
diff --git a/include/opkele/extension_chain.h b/include/opkele/extension_chain.h
index f0eea94..fb9bc84 100644
--- a/include/opkele/extension_chain.h
+++ b/include/opkele/extension_chain.h
@@ -1,38 +1,38 @@
1#ifndef __OPKELE_EXTENSION_CHAIN_H 1#ifndef __OPKELE_EXTENSION_CHAIN_H
2#define __OPKELE_EXTENSION_CHAIN_H 2#define __OPKELE_EXTENSION_CHAIN_H
3 3
4/** 4/**
5 * @file 5 * @file
6 * @brief extension chain extension 6 * @brief extension chain extension
7 */ 7 */
8 8
9#include <list> 9#include <list>
10#include <opkele/extension.h> 10#include <opkele/extension.h>
11 11
12namespace opkele { 12namespace opkele {
13 using std::list; 13 using std::list;
14 14
15 /** 15 /**
16 * OpenID extensions chain used to combine extensions, it is actually an 16 * OpenID extensions chain used to combine extensions, it is actually an
17 * stl list of pointers to extensions. 17 * stl list of pointers to extensions.
18 */ 18 */
19 class extension_chain_t : public extension_t, public list<extension_t*> { 19 class extension_chain_t : public extension_t, public list<extension_t*> {
20 public: 20 public:
21 21
22 /** 22 /**
23 * Default constructor creates an empty chain 23 * Default constructor creates an empty chain
24 */ 24 */
25 extension_chain_t() { } 25 extension_chain_t() { }
26 /** 26 /**
27 * Create extension chain with a single extension in it 27 * Create extension chain with a single extension in it
28 */ 28 */
29 extension_chain_t(extension_t *e) { push_back(e); } 29 extension_chain_t(extension_t *e) { push_back(e); }
30 30
31 virtual void checkid_hook(params_t& p,const string& identity); 31 virtual void checkid_hook(basic_openid_message& om);
32 virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); 32 virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp);
33 virtual void checkid_hook(const params_t& pin,params_t& pout); 33 virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum);
34 }; 34 };
35 35
36} 36}
37 37
38#endif /* __OPKELE_EXTENSION_CHAIN_H */ 38#endif /* __OPKELE_EXTENSION_CHAIN_H */
diff --git a/include/opkele/prequeue_rp.h b/include/opkele/prequeue_rp.h
new file mode 100644
index 0000000..b98dd5a
--- a/dev/null
+++ b/include/opkele/prequeue_rp.h
@@ -0,0 +1,81 @@
1#ifndef __OPKELE_RP_H
2#define __OPKELE_RP_H
3
4#include <string>
5#include <set>
6#include <iterator>
7#include <opkele/basic_rp.h>
8
9namespace opkele {
10 using std::string;
11 using std::set;
12 using std::iterator;
13 using std::output_iterator_tag;
14
15 class prequeue_RP : public basic_RP {
16 public:
17 /**
18 * @name Session persistent store API
19 * @{
20 */
21 /**
22 * Called before queueing discovered endpoints. Typically happens
23 * while initiating authentication session.
24 * @see queue_endpoint()
25 * @see end_queueing()
26 */
27 virtual void begin_queueing() { }
28 /**
29 * Used to queue discovered endpoint. It is implementors
30 * responsibility to store the endpoint wherever he choses to store
31 * it.
32 * @param oep the endpoint to queue
33 * @see begin_queueing()
34 * @see end_queueing()
35 */
36 virtual void queue_endpoint(const openid_endpoint_t& oep) = 0;
37 /**
38 * Called after all discovered endpoints were queued. Implementor
39 * may chose to use this virtual to commit endpoints queue to
40 * persistent store.
41 * @see begin_queueing()
42 * @see queue_endpoint()
43 */
44 virtual void end_queueing() { }
45
46 /**
47 * Used to store normalized id when initiating request.
48 * The default implementation does nothing, because implementor
49 * doesn't have to care.
50 * @param nid normalized id
51 * @see get_normalzied_id()
52 */
53 virtual void set_normalized_id(const string& nid);
54 /**
55 * Return the normalized id previously set by set_normalized_id().
56 * Provided for the sake of completeness because default
57 * implementation doesn't use it.
58 * @return the normalized identity
59 */
60 virtual const string get_normalized_id() const;
61 /**
62 * @}
63 */
64
65 /**
66 * @name Actions
67 * @{
68 */
69 void initiate(const string& usi);
70
71 /**
72 * @}
73 */
74
75 void verify_OP(const string& OP,
76 const string& claimed_id,const string& identity) const;
77 };
78
79}
80
81#endif /* __OPKELE_RP_H */
diff --git a/include/opkele/sreg.h b/include/opkele/sreg.h
index df37a86..24cb315 100644
--- a/include/opkele/sreg.h
+++ b/include/opkele/sreg.h
@@ -93,111 +93,111 @@ namespace opkele {
93 */ 93 */
94 long fields_required; 94 long fields_required;
95 /** 95 /**
96 * Bitmask for fields that will be used by the Consumer, but whose 96 * Bitmask for fields that will be used by the Consumer, but whose
97 * absence will not prevent the registration from completing. 97 * absence will not prevent the registration from completing.
98 */ 98 */
99 long fields_optional; 99 long fields_optional;
100 /** 100 /**
101 * A URL which the Consumer provides to give the End User a place 101 * A URL which the Consumer provides to give the End User a place
102 * to read about the how the profile data will be used. The 102 * to read about the how the profile data will be used. The
103 * Identity Provider SHOULD display this URL to the End User if it 103 * Identity Provider SHOULD display this URL to the End User if it
104 * is given. 104 * is given.
105 */ 105 */
106 string policy_url; 106 string policy_url;
107 107
108 /** 108 /**
109 * Bitmask for fields present in response 109 * Bitmask for fields present in response
110 */ 110 */
111 long has_fields; 111 long has_fields;
112 /** 112 /**
113 * Container type for response fields values 113 * Container type for response fields values
114 */ 114 */
115 typedef map<fieldbit_t,string> response_t; 115 typedef map<fieldbit_t,string> response_t;
116 /** 116 /**
117 * Response contents 117 * Response contents
118 */ 118 */
119 response_t response; 119 response_t response;
120 120
121 /** 121 /**
122 * Fields bitmask to send in response 122 * Fields bitmask to send in response
123 */ 123 */
124 long fields_response; 124 long fields_response;
125 125
126 /** 126 /**
127 * Consumer constructor. 127 * Consumer constructor.
128 * @param fr required fields 128 * @param fr required fields
129 * @see fields_required 129 * @see fields_required
130 * @param fo optional fields 130 * @param fo optional fields
131 * @see fields_optional 131 * @see fields_optional
132 * @param pu policy url 132 * @param pu policy url
133 * @see policy_url 133 * @see policy_url
134 */ 134 */
135 sreg_t(long fr=fields_NONE,long fo=fields_NONE,const string& pu="") 135 sreg_t(long fr=fields_NONE,long fo=fields_NONE,const string& pu="")
136 : fields_required(fr), fields_optional(fo), policy_url(pu), has_fields(0) { } 136 : fields_required(fr), fields_optional(fo), policy_url(pu), has_fields(0) { }
137 137
138 /** 138 /**
139 * Implementation of consumer's checkid hook 139 * Implementation of consumer's checkid hook
140 */ 140 */
141 virtual void checkid_hook(params_t& p,const string& identity); 141 virtual void checkid_hook(basic_openid_message& om);
142 /** 142 /**
143 * Implementation of consumer's id_res hook 143 * Implementation of consumer's id_res hook
144 */ 144 */
145 virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); 145 virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp);
146 /** 146 /**
147 * Implementation of server's checkid_hook 147 * Implementation of server's checkid_hook
148 */ 148 */
149 virtual void checkid_hook(const params_t& pin,params_t& pout); 149 virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum);
150 150
151 /** 151 /**
152 * Check and see if we have value for some particular field. 152 * Check and see if we have value for some particular field.
153 * @param fb field in question 153 * @param fb field in question
154 * @see fieldbit_t 154 * @see fieldbit_t
155 * @return true if the value is available 155 * @return true if the value is available
156 */ 156 */
157 bool has_field(fieldbit_t fb) const { return has_fields&fb; } 157 bool has_field(fieldbit_t fb) const { return has_fields&fb; }
158 158
159 /** 159 /**
160 * Retrieve the value for a field. 160 * Retrieve the value for a field.
161 * @param fb field in question 161 * @param fb field in question
162 * @see fieldbit_t 162 * @see fieldbit_t
163 * @return field value 163 * @return field value
164 * @throw failed_lookup if no data avaialble 164 * @throw failed_lookup if no data avaialble
165 */ 165 */
166 const string& get_field(fieldbit_t fb) const; 166 const string& get_field(fieldbit_t fb) const;
167 167
168 /** 168 /**
169 * Set the value for a field. 169 * Set the value for a field.
170 * @param fb field in question 170 * @param fb field in question
171 * @see fieldbit_t 171 * @see fieldbit_t
172 * @param fv field value 172 * @param fv field value
173 */ 173 */
174 void set_field(fieldbit_t fb,const string& fv); 174 void set_field(fieldbit_t fb,const string& fv);
175 175
176 /** 176 /**
177 * Remove the value for a field. 177 * Remove the value for a field.
178 * @param fb field in question 178 * @param fb field in question
179 * @see fieldbit_t 179 * @see fieldbit_t
180 */ 180 */
181 void reset_field(fieldbit_t fb); 181 void reset_field(fieldbit_t fb);
182 182
183 /** 183 /**
184 * Reset field data 184 * Reset field data
185 */ 185 */
186 void clear(); 186 void clear();
187 187
188 /** 188 /**
189 * Function called after parsing sreg request to set up response 189 * Function called after parsing sreg request to set up response
190 * fields. The default implementation tries to send as much fields 190 * fields. The default implementation tries to send as much fields
191 * as we have. The function is supposed to set the data and 191 * as we have. The function is supposed to set the data and
192 * fields_response. 192 * fields_response.
193 * @see fields_response 193 * @see fields_response
194 * @param pin input request parameters with "openid." prefix 194 * @param pin input request parameters with "openid." prefix
195 * @param pout output request parameters without "openid." prefix. 195 * @param pout output request parameters without "openid." prefix.
196 * @see checkid_hook(const params_t&,params_t&) 196 * @see checkid_hook(const params_t&,params_t&)
197 */ 197 */
198 virtual void setup_response(const params_t& pin,params_t& pout); 198 virtual void setup_response(const basic_openid_message& inm,basic_openid_message& oum);
199 199
200 }; 200 };
201} 201}
202 202
203#endif /* __OPKELE_SREG_H */ 203#endif /* __OPKELE_SREG_H */
diff --git a/include/opkele/types.h b/include/opkele/types.h
index de44a5c..d5ad258 100644
--- a/include/opkele/types.h
+++ b/include/opkele/types.h
@@ -1,246 +1,207 @@
1#ifndef __OPKELE_TYPES_H 1#ifndef __OPKELE_TYPES_H
2#define __OPKELE_TYPES_H 2#define __OPKELE_TYPES_H
3 3
4/** 4/**
5 * @file 5 * @file
6 * @brief various types declarations 6 * @brief various types declarations
7 */ 7 */
8 8
9#include <ostream> 9#include <ostream>
10#include <vector> 10#include <vector>
11#include <string> 11#include <string>
12#include <map> 12#include <map>
13#include <set> 13#include <set>
14#include <list>
15#include <opkele/iterator.h>
14#include <opkele/tr1-mem.h> 16#include <opkele/tr1-mem.h>
15 17
16namespace opkele { 18namespace opkele {
17 using std::vector; 19 using std::vector;
18 using std::string; 20 using std::string;
19 using std::map; 21 using std::map;
20 using std::ostream; 22 using std::ostream;
21 using std::multimap; 23 using std::multimap;
22 using std::set; 24 using std::set;
25 using std::list;
26 using std::iterator;
27 using std::forward_iterator_tag;
23 28
24 /** 29 /**
25 * the OpenID operation mode 30 * the OpenID operation mode
26 */ 31 */
27 typedef enum _mode_t { 32 typedef enum _mode_t {
28 mode_associate, 33 mode_associate,
29 mode_checkid_immediate, 34 mode_checkid_immediate,
30 mode_checkid_setup, 35 mode_checkid_setup,
31 mode_check_association 36 mode_check_association
32 } mode_t; 37 } mode_t;
33 38
34 /** 39 /**
35 * the association secret container 40 * the association secret container
36 */ 41 */
37 class secret_t : public vector<unsigned char> { 42 class secret_t : public vector<unsigned char> {
38 public: 43 public:
39 44
40 /** 45 /**
41 * xor the secret and hmac together and encode, using base64 46 * xor the secret and hmac together and encode, using base64
42 * @param key_d pointer to the message digest 47 * @param key_d pointer to the message digest
43 * @param rv reference to the return value 48 * @param rv reference to the return value
44 */ 49 */
45 void enxor_to_base64(const unsigned char *key_d,string& rv) const; 50 void enxor_to_base64(const unsigned char *key_d,string& rv) const;
46 /** 51 /**
47 * decode base64-encoded secret and xor it with the message digest 52 * decode base64-encoded secret and xor it with the message digest
48 * @param key_d pointer to the message digest 53 * @param key_d pointer to the message digest
49 * @param b64 base64-encoded secret value 54 * @param b64 base64-encoded secret value
50 */ 55 */
51 void enxor_from_base64(const unsigned char *key_d,const string& b64); 56 void enxor_from_base64(const unsigned char *key_d,const string& b64);
52 /** 57 /**
53 * plainly encode to base64 representation 58 * plainly encode to base64 representation
54 * @param rv reference to the return value 59 * @param rv reference to the return value
55 */ 60 */
56 void to_base64(string& rv) const; 61 void to_base64(string& rv) const;
57 /** 62 /**
58 * decode cleartext secret from base64 63 * decode cleartext secret from base64
59 * @param b64 base64-encoded representation of the secret value 64 * @param b64 base64-encoded representation of the secret value
60 */ 65 */
61 void from_base64(const string& b64); 66 void from_base64(const string& b64);
62 }; 67 };
63 68
64 /** 69 /**
65 * Interface to the association. 70 * Interface to the association.
66 */ 71 */
67 class association_t { 72 class association_t {
68 public: 73 public:
69 74
70 virtual ~association_t() { } 75 virtual ~association_t() { }
71 76
72 /** 77 /**
73 * retrieve the server with which association was established. 78 * retrieve the server with which association was established.
74 * @return server name 79 * @return server name
75 */ 80 */
76 virtual string server() const = 0; 81 virtual string server() const = 0;
77 /** 82 /**
78 * retrieve the association handle. 83 * retrieve the association handle.
79 * @return handle 84 * @return handle
80 */ 85 */
81 virtual string handle() const = 0; 86 virtual string handle() const = 0;
82 /** 87 /**
83 * retrieve the association type. 88 * retrieve the association type.
84 * @return association type 89 * @return association type
85 */ 90 */
86 virtual string assoc_type() const = 0; 91 virtual string assoc_type() const = 0;
87 /** 92 /**
88 * retrieve the association secret. 93 * retrieve the association secret.
89 * @return association secret 94 * @return association secret
90 */ 95 */
91 virtual secret_t secret() const = 0; 96 virtual secret_t secret() const = 0;
92 /** 97 /**
93 * retrieve the number of seconds the association expires in. 98 * retrieve the number of seconds the association expires in.
94 * @return seconds till expiration 99 * @return seconds till expiration
95 */ 100 */
96 virtual int expires_in() const = 0; 101 virtual int expires_in() const = 0;
97 /** 102 /**
98 * check whether the association is stateless. 103 * check whether the association is stateless.
99 * @return true if stateless 104 * @return true if stateless
100 */ 105 */
101 virtual bool stateless() const = 0; 106 virtual bool stateless() const = 0;
102 /** 107 /**
103 * check whether the association is expired. 108 * check whether the association is expired.
104 * @return true if expired 109 * @return true if expired
105 */ 110 */
106 virtual bool is_expired() const = 0; 111 virtual bool is_expired() const = 0;
107 }; 112 };
108 113
109 /** 114 /**
110 * the shared_ptr<> for association_t object type 115 * the shared_ptr<> for association_t object type
111 */ 116 */
112 typedef tr1mem::shared_ptr<association_t> assoc_t; 117 typedef tr1mem::shared_ptr<association_t> assoc_t;
113 118
119 class basic_openid_message {
120 public:
121 typedef list<string> fields_t;
122 typedef util::forward_iterator_proxy<
123 string,const string&,const string*
124 > fields_iterator;
125
126 basic_openid_message() { }
127 basic_openid_message(const basic_openid_message& x);
128 void copy_to(basic_openid_message& x) const;
129
130 virtual bool has_field(const string& n) const = 0;
131 virtual const string& get_field(const string& n) const = 0;
132
133 virtual bool has_ns(const string& uri) const;
134 virtual string get_ns(const string& uri) const;
135
136 virtual fields_iterator fields_begin() const = 0;
137 virtual fields_iterator fields_end() const = 0;
138
139 virtual string append_query(const string& url) const;
140 virtual string query_string() const;
141
142
143 virtual void reset_fields();
144 virtual void set_field(const string& n,const string& v);
145 virtual void reset_field(const string& n);
146
147 virtual void from_keyvalues(const string& kv);
148
149 void add_to_signed(const string& fields);
150 string find_ns(const string& uri,const char *pfx) const;
151 string allocate_ns(const string& uri,const char *pfx);
152 };
153
154 class openid_message_t : public basic_openid_message, public map<string,string> {
155 public:
156 openid_message_t() { }
157 openid_message_t(const basic_openid_message& x)
158 : basic_openid_message(x) { }
159
160 void copy_to(basic_openid_message& x) const;
161
162 bool has_field(const string& n) const;
163 const string& get_field(const string& n) const;
164 virtual fields_iterator fields_begin() const;
165 virtual fields_iterator fields_end() const;
166
167 void reset_fields();
168 void set_field(const string& n,const string& v);
169 void reset_field(const string& n);
170 };
171
114 /** 172 /**
115 * request/response parameters map 173 * request/response parameters map
116 */ 174 */
117 class params_t : public map<string,string> { 175 class params_t : public openid_message_t {
118 public: 176 public:
119 177
120 /** 178 /**
121 * check whether the parameter is present. 179 * check whether the parameter is present.
122 * @param n the parameter name 180 * @param n the parameter name
123 * @return true if yes 181 * @return true if yes
124 */ 182 */
125 bool has_param(const string& n) const; 183 bool has_param(const string& n) const {
184 return has_field(n); }
126 /** 185 /**
127 * retrieve the parameter (const version) 186 * retrieve the parameter (const version)
128 * @param n the parameter name 187 * @param n the parameter name
129 * @return the parameter value 188 * @return the parameter value
130 * @throw failed_lookup if there is no such parameter 189 * @throw failed_lookup if there is no such parameter
131 */ 190 */
132 const string& get_param(const string& n) const; 191 const string& get_param(const string& n) const {
133 /** 192 return get_field(n); }
134 * retrieve the parameter.
135 * @param n the parameter name
136 * @return the parameter value
137 * @throw failed_lookup if there is no such parameter
138 */
139 string& get_param(const string& n);
140 193
141 /** 194 /**
142 * parse the OpenID key/value data. 195 * parse the OpenID key/value data.
143 * @param kv the OpenID key/value data 196 * @param kv the OpenID key/value data
144 */ 197 */
145 void parse_keyvalues(const string& kv); 198 void parse_keyvalues(const string& kv) {
146 /** 199 from_keyvalues(kv); }
147 * sign the fields.
148 * @param secret the secret used for signing
149 * @param sig reference to the string, containing base64-encoded
150 * result
151 * @param slist the comma-separated list of fields to sign
152 * @param prefix the string to prepend to parameter names
153 */
154 void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const;
155 200
156 /** 201 string append_query(const string& url,const char *prefix="openid.") const;
157 * append parameters to the URL as a GET-request parameters.
158 * @param url the base URL
159 * @param prefix the string to prepend to parameter names
160 * @return the ready-to-use location
161 */
162 string append_query(const string& url,const char *prefix = "openid.") const;
163 202
164 /**
165 * make up a query string suitable for use in GET and POST
166 * requests.
167 * @param prefix string to prened to parameter names
168 * @return query string
169 */
170 string query_string(const char *prefix = "openid.") const;
171 }; 203 };
172 204
173 /**
174 * dump the key/value pairs for the parameters to the stream.
175 * @param o output stream
176 * @param p the parameters
177 */
178 ostream& operator << (ostream& o,const params_t& p);
179
180 namespace xrd {
181
182 struct priority_compare {
183 inline bool operator()(long a,long b) const {
184 return (a<0) ? false : (b<0) ? true : (a<b);
185 }
186 };
187
188 template <typename _DT>
189 class priority_map : public multimap<long,_DT,priority_compare> {
190 typedef multimap<long,_DT,priority_compare> map_type;
191 public:
192
193 inline _DT& add(long priority,const _DT& d) {
194 return insert(typename map_type::value_type(priority,d))->second;
195 }
196 };
197
198 typedef priority_map<string> canonical_ids_t;
199 typedef priority_map<string> local_ids_t;
200 typedef set<string> types_t;
201 typedef priority_map<string> uris_t;
202
203 class service_t {
204 public:
205 types_t types;
206 uris_t uris;
207 local_ids_t local_ids;
208 string provider_id;
209
210 void clear() {
211 types.clear();
212 uris.clear(); local_ids.clear();
213 provider_id.clear();
214 }
215 };
216 typedef priority_map<service_t> services_t;
217
218 class XRD_t {
219 public:
220 time_t expires;
221
222 canonical_ids_t canonical_ids;
223 local_ids_t local_ids;
224 services_t services;
225 string provider_id;
226
227 void clear() {
228 expires = 0;
229 canonical_ids.clear(); local_ids.clear();
230 services.clear();
231 provider_id.clear();
232 }
233 bool empty() const {
234 return
235 canonical_ids.empty()
236 && local_ids.empty()
237 && services.empty();
238 }
239
240 };
241
242 }
243
244} 205}
245 206
246#endif /* __OPKELE_TYPES_H */ 207#endif /* __OPKELE_TYPES_H */
diff --git a/include/opkele/util.h b/include/opkele/util.h
index 085c9e6..e9176b0 100644
--- a/include/opkele/util.h
+++ b/include/opkele/util.h
@@ -1,56 +1,57 @@
1#ifndef __OPKELE_UTIL_H 1#ifndef __OPKELE_UTIL_H
2#define __OPKELE_UTIL_H 2#define __OPKELE_UTIL_H
3 3
4#include <time.h> 4#include <time.h>
5#include <string> 5#include <string>
6#include <vector> 6#include <vector>
7#include <openssl/bn.h> 7#include <openssl/bn.h>
8#include <openssl/dh.h> 8#include <openssl/dh.h>
9#include <opkele/types.h>
9 10
10namespace opkele { 11namespace opkele {
11 using std::string; 12 using std::string;
12 using std::vector; 13 using std::vector;
13 14
14 /** 15 /**
15 * @brief opkele utils namespace 16 * @brief opkele utils namespace
16 */ 17 */
17 namespace util { 18 namespace util {
18 19
19 /** 20 /**
20 * Convenience class encapsulating SSL BIGNUM object for the purpose of 21 * Convenience class encapsulating SSL BIGNUM object for the purpose of
21 * automatical freeing. 22 * automatical freeing.
22 */ 23 */
23 class bignum_t { 24 class bignum_t {
24 public: 25 public:
25 BIGNUM *_bn; 26 BIGNUM *_bn;
26 27
27 bignum_t() : _bn(0) { } 28 bignum_t() : _bn(0) { }
28 bignum_t(BIGNUM *bn) : _bn(bn) { } 29 bignum_t(BIGNUM *bn) : _bn(bn) { }
29 ~bignum_t() throw() { if(_bn) BN_free(_bn); } 30 ~bignum_t() throw() { if(_bn) BN_free(_bn); }
30 31
31 bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; } 32 bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; }
32 33
33 operator const BIGNUM*(void) const { return _bn; } 34 operator const BIGNUM*(void) const { return _bn; }
34 operator BIGNUM*(void) { return _bn; } 35 operator BIGNUM*(void) { return _bn; }
35 }; 36 };
36 /** 37 /**
37 * Convenience clas encapsulating SSL DH object for the purpose of 38 * Convenience clas encapsulating SSL DH object for the purpose of
38 * automatic freeing. 39 * automatic freeing.
39 */ 40 */
40 class dh_t { 41 class dh_t {
41 public: 42 public:
42 DH *_dh; 43 DH *_dh;
43 44
44 dh_t() : _dh(0) { } 45 dh_t() : _dh(0) { }
45 dh_t(DH *dh) : _dh(dh) { } 46 dh_t(DH *dh) : _dh(dh) { }
46 ~dh_t() throw() { if(_dh) DH_free(_dh); } 47 ~dh_t() throw() { if(_dh) DH_free(_dh); }
47 48
48 dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; } 49 dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; }
49 50
50 operator const DH*(void) const { return _dh; } 51 operator const DH*(void) const { return _dh; }
51 operator DH*(void) { return _dh; } 52 operator DH*(void) { return _dh; }
52 53
53 DH* operator->() { return _dh; } 54 DH* operator->() { return _dh; }
54 const DH* operator->() const { return _dh; } 55 const DH* operator->() const { return _dh; }
55 }; 56 };
56 57
@@ -91,53 +92,60 @@ namespace opkele {
91 time_t w3c_to_time(const string& w); 92 time_t w3c_to_time(const string& w);
92 93
93 /** 94 /**
94 * Encode string to the representation suitable for using in URL. 95 * Encode string to the representation suitable for using in URL.
95 * @param str string to encode 96 * @param str string to encode
96 * @return encoded string 97 * @return encoded string
97 * @throw failed_conversion in case of failure 98 * @throw failed_conversion in case of failure
98 */ 99 */
99 string url_encode(const string& str); 100 string url_encode(const string& str);
100 101
101 /** 102 /**
102 * Convert number to string 103 * Convert number to string
103 * @param l number 104 * @param l number
104 * @return string representation 105 * @return string representation
105 * @throw failed_conversion in case of failure 106 * @throw failed_conversion in case of failure
106 */ 107 */
107 string long_to_string(long l); 108 string long_to_string(long l);
108 /** 109 /**
109 * Convert string to number 110 * Convert string to number
110 * @param s string, containing the number 111 * @param s string, containing the number
111 * @return the number 112 * @return the number
112 * @throw failed_conversion in case of failure 113 * @throw failed_conversion in case of failure
113 */ 114 */
114 long string_to_long(const string& s); 115 long string_to_long(const string& s);
115 116
116 /** 117 /**
117 * Encode binary data using base64. 118 * Encode binary data using base64.
118 * @param data pointer to binary data 119 * @param data pointer to binary data
119 * @param length length of data 120 * @param length length of data
120 * @return encoded data 121 * @return encoded data
121 */ 122 */
122 string encode_base64(const void *data,size_t length); 123 string encode_base64(const void *data,size_t length);
123 /** 124 /**
124 * Decode binary data from base64 representation. 125 * Decode binary data from base64 representation.
125 * @param data base64-encoded data 126 * @param data base64-encoded data
126 * @param rv container for decoded binary 127 * @param rv container for decoded binary
127 */ 128 */
128 void decode_base64(const string& data,vector<unsigned char>& rv); 129 void decode_base64(const string& data,vector<unsigned char>& rv);
129 130
130 /** 131 /**
131 * Normalize http(s) URI according to RFC3986, section 6. URI is 132 * Normalize http(s) URI according to RFC3986, section 6. URI is
132 * expected to have scheme: in front of it. 133 * expected to have scheme: in front of it.
133 * @param uri URI 134 * @param uri URI
134 * @return normalized URI 135 * @return normalized URI
135 * @throw not_implemented in case of non-httpi(s) URI 136 * @throw not_implemented in case of non-httpi(s) URI
136 * @throw bad_input in case of malformed URI 137 * @throw bad_input in case of malformed URI
137 */ 138 */
138 string rfc_3986_normalize_uri(const string& uri); 139 string rfc_3986_normalize_uri(const string& uri);
140
141 string& strip_uri_fragment_part(string& uri);
142
143 string abi_demangle(const char* mn);
144
145 string base64_signature(const assoc_t& assoc,const basic_openid_message& om);
146
139 } 147 }
140 148
141} 149}
142 150
143#endif /* __OPKELE_UTIL_H */ 151#endif /* __OPKELE_UTIL_H */