author | Michael Krelin <hacker@klever.net> | 2008-01-20 21:08:05 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-01-20 21:08:05 (UTC) |
commit | 9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc (patch) (unidiff) | |
tree | 702473142242e80538c4801cc379ec98fba199dd /include | |
parent | 395a126cbf59b7a50f44da3096b68bab412ab33d (diff) | |
download | libopkele-9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc.zip libopkele-9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc.tar.gz libopkele-9bfb6fadf71c46bf4cb5adabba0c96c32e84c1bc.tar.bz2 |
the whole library rewritten
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | include/Makefile.am | 21 | ||||
-rw-r--r-- | include/opkele/basic_rp.h | 218 | ||||
-rw-r--r-- | include/opkele/discovery.h | 88 | ||||
-rw-r--r-- | include/opkele/exception.h | 19 | ||||
-rw-r--r-- | include/opkele/extension.h | 7 | ||||
-rw-r--r-- | include/opkele/extension_chain.h | 6 | ||||
-rw-r--r-- | include/opkele/prequeue_rp.h | 81 | ||||
-rw-r--r-- | include/opkele/sreg.h | 8 | ||||
-rw-r--r-- | include/opkele/types.h | 171 | ||||
-rw-r--r-- | include/opkele/util.h | 8 |
10 files changed, 495 insertions, 132 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index 51dcea1..50fcb62 100644 --- a/include/Makefile.am +++ b/include/Makefile.am | |||
@@ -1,21 +1,32 @@ | |||
1 | nobase_include_HEADERS = \ | 1 | NODIST_HEADERS_ = \ |
2 | opkele/acconfig.h \ | 2 | opkele/acconfig.h \ |
3 | opkele/tr1-mem.h | ||
4 | |||
5 | nobase_include_HEADERS = \ | ||
3 | opkele/opkele-config.h \ | 6 | opkele/opkele-config.h \ |
4 | opkele/types.h \ | 7 | opkele/types.h \ |
5 | opkele/association.h \ | 8 | opkele/association.h \ |
6 | opkele/exception.h \ | 9 | opkele/exception.h \ |
7 | opkele/server.h \ | 10 | opkele/server.h \ |
8 | opkele/consumer.h \ | 11 | opkele/consumer.h \ |
9 | opkele/extension.h \ | 12 | opkele/extension.h \ |
10 | opkele/sreg.h \ | 13 | opkele/sreg.h \ |
11 | opkele/extension_chain.h \ | 14 | opkele/extension_chain.h \ |
12 | opkele/xconsumer.h \ | 15 | opkele/xconsumer.h \ |
13 | opkele/xserver.h \ | 16 | opkele/xserver.h \ |
14 | opkele/discovery.h \ | ||
15 | opkele/uris.h \ | 17 | opkele/uris.h \ |
16 | opkele/tr1-mem.h | 18 | opkele/tr1-mem.h \ |
17 | EXTRA_DIST = \ | 19 | opkele/basic_rp.h \ |
20 | opkele/prequeue_rp.h \ | ||
21 | opkele/iterator.h \ | ||
22 | ${NODIST_HEADERS_} | ||
23 | |||
24 | noinst_HEADERS = \ | ||
18 | opkele/data.h \ | 25 | opkele/data.h \ |
19 | opkele/curl.h opkele/expat.h opkele/tidy.h \ | 26 | opkele/curl.h opkele/expat.h opkele/tidy.h \ |
20 | opkele/util.h \ | 27 | opkele/util.h \ |
21 | opkele/debug.h | 28 | opkele/debug.h \ |
29 | opkele/discovery.h | ||
30 | |||
31 | dist-hook: | ||
32 | rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_}) | ||
diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h new file mode 100644 index 0000000..3f17fd9 --- a/dev/null +++ b/include/opkele/basic_rp.h | |||
@@ -0,0 +1,218 @@ | |||
1 | #ifndef __OPKELE_BASIC_RP_H | ||
2 | #define __OPKELE_BASIC_RP_H | ||
3 | |||
4 | #include <cstring> | ||
5 | #include <string> | ||
6 | #include <opkele/types.h> | ||
7 | #include <opkele/extension.h> | ||
8 | |||
9 | namespace opkele { | ||
10 | using std::string; | ||
11 | |||
12 | struct openid_endpoint_t { | ||
13 | string uri; | ||
14 | string claimed_id; | ||
15 | string local_id; | ||
16 | |||
17 | openid_endpoint_t() { } | ||
18 | openid_endpoint_t(const string& u,const string& cid,const string& lid) | ||
19 | : uri(u), claimed_id(cid), local_id(lid) { } | ||
20 | |||
21 | bool operator==(const openid_endpoint_t& x) const { | ||
22 | return uri==x.uri && local_id==x.local_id; } | ||
23 | bool operator<(const openid_endpoint_t& x) const { | ||
24 | int c; | ||
25 | return (c=strcmp(uri.c_str(),x.uri.c_str())) | ||
26 | ? (c<0) : (strcmp(local_id.c_str(),x.local_id.c_str())<0); } | ||
27 | }; | ||
28 | |||
29 | class basic_RP { | ||
30 | public: | ||
31 | |||
32 | virtual ~basic_RP() { } | ||
33 | |||
34 | /** | ||
35 | * @name Global persistent store API | ||
36 | * These are functions related to the associations with OP storage | ||
37 | * and retrieval and nonce records. They provide an interface to | ||
38 | * the persistent storage which is shared by all sessions. If the | ||
39 | * implementor prefers the dumb mode instead, the function should | ||
40 | * throw dumb_RP exception instead. | ||
41 | * @see opkele::dumb_RP | ||
42 | * @{ | ||
43 | */ | ||
44 | /** | ||
45 | * Store association and return allocated association object. | ||
46 | * @param OP OP endpoint | ||
47 | * @param handle association handle | ||
48 | * @param type association type | ||
49 | * @param secret association secret | ||
50 | * @params expires_in the number of seconds association expires in | ||
51 | * @return the association object | ||
52 | * @throw dumb_RP for dumb RP | ||
53 | */ | ||
54 | virtual assoc_t store_assoc( | ||
55 | const string& OP,const string& handle, | ||
56 | const string& type,const secret_t& secret, | ||
57 | int expires_in) = 0; | ||
58 | /** | ||
59 | * Find valid unexpired association with an OP. | ||
60 | * @param OP OP endpoint URL | ||
61 | * @return association found | ||
62 | * @throw failed_lookup if no association found | ||
63 | * @throw dumb_RP for dumb RP | ||
64 | */ | ||
65 | virtual assoc_t find_assoc( | ||
66 | const string& OP) = 0; | ||
67 | /** | ||
68 | * Retrieve valid association handle for an OP by handle. | ||
69 | * @param OP OP endpoint URL | ||
70 | * @param handle association handle | ||
71 | * @return association found | ||
72 | * @throw failed_lookup if no association found | ||
73 | * @throw dumb_RP for dumb RP | ||
74 | */ | ||
75 | virtual assoc_t retrieve_assoc( | ||
76 | const string& OP,const string& handle) = 0; | ||
77 | /** | ||
78 | * Invalidate association with OP | ||
79 | * @param OP OP endpoint URL | ||
80 | * @param handle association handle | ||
81 | * @throw dumb_RP for dumb RP | ||
82 | */ | ||
83 | virtual void invalidate_assoc(const string& OP,const string& handle) = 0; | ||
84 | |||
85 | /** | ||
86 | * Check the nonce validity. That is, check that we haven't | ||
87 | * accepted request with this nonce from this OP, yet. May involve | ||
88 | * cutting off by the timestamp and checking the rest against the | ||
89 | * store of seen nonces. | ||
90 | * @param OP OP endpoint URL | ||
91 | * @param nonce nonce value | ||
92 | * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e. | ||
93 | * either too old or seen. | ||
94 | */ | ||
95 | virtual void check_nonce(const string& OP,const string& nonce) = 0; | ||
96 | /** | ||
97 | * @} | ||
98 | */ | ||
99 | |||
100 | /** | ||
101 | * @name Session persistent store API | ||
102 | * @{ | ||
103 | */ | ||
104 | /** | ||
105 | * Retrieve OpenID endpoint being currently used for | ||
106 | * authentication. If there is no endpoint available, throw a | ||
107 | * no_endpoint exception. | ||
108 | * @return reference to the service endpoint object | ||
109 | * @see next_endpoint | ||
110 | * @throw no_endpoint if no endpoint available | ||
111 | */ | ||
112 | virtual const openid_endpoint_t& get_endpoint() const = 0; | ||
113 | /** | ||
114 | * Advance to the next endpoint to try. | ||
115 | * @see get_endpoint() | ||
116 | * @throw no_endpoint if there are no more endpoints | ||
117 | */ | ||
118 | virtual void next_endpoint() = 0; | ||
119 | /** | ||
120 | * @} | ||
121 | */ | ||
122 | |||
123 | /** | ||
124 | * @name Site particulars API | ||
125 | * @{ | ||
126 | */ | ||
127 | /** | ||
128 | * Return an absolute URL of the page being processed, includining | ||
129 | * query parameters. It is used to validate return_to URL on | ||
130 | * positive assertions. | ||
131 | * @return fully qualified url of the page being processed. | ||
132 | */ | ||
133 | virtual const string get_this_url() const = 0; | ||
134 | /** | ||
135 | * @} | ||
136 | */ | ||
137 | |||
138 | /** | ||
139 | * @name OpenID actions | ||
140 | * @{ | ||
141 | */ | ||
142 | /** | ||
143 | * Initiates authentication session, doing discovery, normalization | ||
144 | * and whatever implementor wants to do at this point. | ||
145 | * @param usi User-supplied identity | ||
146 | */ | ||
147 | virtual void initiate(const string& usi) = 0; | ||
148 | /** | ||
149 | * Prepare checkid_request. | ||
150 | * @param rv reference to the openid message to prepare | ||
151 | * @param mode checkid_setup or checkid_immediate | ||
152 | * @param return_to the URL OP should redirect to after completion | ||
153 | * @param realm authentication realm to pass to OP | ||
154 | * @param ext pointer to extension to use in request preparation | ||
155 | * @return reference to the openid message | ||
156 | */ | ||
157 | basic_openid_message& checkid_( | ||
158 | basic_openid_message& rv, | ||
159 | mode_t mode, | ||
160 | const string& return_to,const string& realm, | ||
161 | extension_t *ext=0); | ||
162 | /** | ||
163 | * Verify assertion at the end of round-trip. | ||
164 | * @param om incoming openid message | ||
165 | * @param ext pointer to extention to use in parsing assertion | ||
166 | * @throw id_res_setup if checkid_immediate request could not be | ||
167 | * completed | ||
168 | * @throw id_res_cancel if authentication request was canceled | ||
169 | * @throw id_res_mismatch in case of signature mismatch | ||
170 | * @throw id_res_bad_return_to if return_to url seems to be | ||
171 | * tampered with | ||
172 | * @throw id_res_unauthorized if OP is not authorized to make | ||
173 | * assertions regarding the identity | ||
174 | */ | ||
175 | void id_res(const basic_openid_message& om,extension_t *ext=0); | ||
176 | |||
177 | /** | ||
178 | * Establish association with OP | ||
179 | * @param OP OP to establish association with | ||
180 | * @throw dumb_RP if for a dumb RP | ||
181 | */ | ||
182 | virtual assoc_t associate(const string& OP); | ||
183 | /** | ||
184 | * Check authentication with OP and invalidate handle if requested | ||
185 | * and confirmed | ||
186 | * @param OP OP to check with | ||
187 | * @param om message to check | ||
188 | * @throw failed_check_authentication if OP fails to confirm | ||
189 | * authenticity of the assertion | ||
190 | */ | ||
191 | void check_authentication(const string& OP,const basic_openid_message& om); | ||
192 | /** | ||
193 | * @} | ||
194 | */ | ||
195 | |||
196 | /** | ||
197 | * @name Miscellanea | ||
198 | * @{ | ||
199 | */ | ||
200 | /** | ||
201 | * Verify OP authority. Return normally if OP is authorized to make | ||
202 | * an assertion, throw an exception otherwise. | ||
203 | * @param OP OP endpoint | ||
204 | * @param claimed_id claimed identity | ||
205 | * @param identity OP-Local identifier | ||
206 | * @throw id_res_unauthorized if OP is not authorized to make | ||
207 | * assertion regarding this identity. | ||
208 | */ | ||
209 | virtual void verify_OP(const string& OP, | ||
210 | const string& claimed_id,const string& identity) const = 0; | ||
211 | /** | ||
212 | * @} | ||
213 | */ | ||
214 | }; | ||
215 | |||
216 | } | ||
217 | |||
218 | #endif /* __OPKELE_BASIC_RP_H */ | ||
diff --git a/include/opkele/discovery.h b/include/opkele/discovery.h index af4aa29..ab4b9d9 100644 --- a/include/opkele/discovery.h +++ b/include/opkele/discovery.h | |||
@@ -1,40 +1,104 @@ | |||
1 | #ifndef __OPKELE_DISCOVERY_H | 1 | #ifndef __OPKELE_DISCOVERY_H |
2 | #define __OPKELE_DISCOVERY_H | 2 | #define __OPKELE_DISCOVERY_H |
3 | 3 | ||
4 | #include <string> | 4 | #include <string> |
5 | #include <opkele/types.h> | 5 | #include <opkele/types.h> |
6 | #include <opkele/basic_rp.h> | ||
6 | 7 | ||
7 | namespace opkele { | 8 | namespace opkele { |
8 | using std::string; | 9 | using std::string; |
9 | 10 | ||
10 | struct idiscovery_t; | 11 | namespace xrd { |
11 | 12 | ||
12 | void idiscover(idiscovery_t& result,const string& identity); | 13 | struct priority_compare { |
14 | inline bool operator()(long a,long b) const { | ||
15 | return (a<0) ? false : (b<0) ? true : (a<b); | ||
16 | } | ||
17 | }; | ||
18 | |||
19 | template <typename _DT> | ||
20 | class priority_map : public multimap<long,_DT,priority_compare> { | ||
21 | typedef multimap<long,_DT,priority_compare> map_type; | ||
22 | public: | ||
23 | |||
24 | inline _DT& add(long priority,const _DT& d) { | ||
25 | return insert(typename map_type::value_type(priority,d))->second; | ||
26 | } | ||
27 | |||
28 | bool has_value(const _DT& d) const { | ||
29 | for(typename map_type::const_iterator i=this->begin();i!=this->end();++i) | ||
30 | if(i->second==d) return true; | ||
31 | return false; | ||
32 | } | ||
33 | }; | ||
34 | |||
35 | typedef priority_map<string> canonical_ids_t; | ||
36 | typedef priority_map<string> local_ids_t; | ||
37 | typedef set<string> types_t; | ||
38 | typedef priority_map<string> uris_t; | ||
39 | |||
40 | class service_t { | ||
41 | public: | ||
42 | types_t types; | ||
43 | uris_t uris; | ||
44 | local_ids_t local_ids; | ||
45 | string provider_id; | ||
46 | |||
47 | void clear() { | ||
48 | types.clear(); | ||
49 | uris.clear(); local_ids.clear(); | ||
50 | provider_id.clear(); | ||
51 | } | ||
52 | }; | ||
53 | typedef priority_map<service_t> services_t; | ||
54 | |||
55 | class XRD_t { | ||
56 | public: | ||
57 | time_t expires; | ||
58 | |||
59 | canonical_ids_t canonical_ids; | ||
60 | local_ids_t local_ids; | ||
61 | services_t services; | ||
62 | string provider_id; | ||
63 | |||
64 | void clear() { | ||
65 | expires = 0; | ||
66 | canonical_ids.clear(); local_ids.clear(); | ||
67 | services.clear(); | ||
68 | provider_id.clear(); | ||
69 | } | ||
70 | bool empty() const { | ||
71 | return | ||
72 | canonical_ids.empty() | ||
73 | && local_ids.empty() | ||
74 | && services.empty(); | ||
75 | } | ||
76 | |||
77 | }; | ||
78 | |||
79 | } | ||
80 | |||
81 | typedef util::output_iterator_proxy<openid_endpoint_t> | ||
82 | endpoint_discovery_iterator; | ||
83 | |||
84 | string idiscover( | ||
85 | endpoint_discovery_iterator oi, | ||
86 | const string& identity); | ||
13 | 87 | ||
14 | struct idiscovery_t { | 88 | struct idiscovery_t { |
15 | bool xri_identity; | 89 | bool xri_identity; |
16 | string normalized_id; | 90 | string normalized_id; |
17 | string canonicalized_id; | 91 | string canonicalized_id; |
18 | xrd::XRD_t xrd; | 92 | xrd::XRD_t xrd; |
19 | 93 | ||
20 | idiscovery_t() { } | 94 | idiscovery_t() { } |
21 | idiscovery_t(const string& i) { | ||
22 | idiscover(*this,i); | ||
23 | } | ||
24 | idiscovery_t(const char *i) { | ||
25 | idiscover(*this,i); | ||
26 | } | ||
27 | 95 | ||
28 | void clear() { | 96 | void clear() { |
29 | normalized_id.clear(); canonicalized_id.clear(); | 97 | normalized_id.clear(); canonicalized_id.clear(); |
30 | xrd.clear(); | 98 | xrd.clear(); |
31 | } | 99 | } |
32 | 100 | ||
33 | idiscovery_t& operator=(const string& i) { | ||
34 | idiscover(*this,i); return *this; } | ||
35 | idiscovery_t& operator=(const char *i) { | ||
36 | idiscover(*this,i); return *this; } | ||
37 | }; | 101 | }; |
38 | } | 102 | } |
39 | 103 | ||
40 | #endif /* __OPKELE_DISCOVERY_H */ | 104 | #endif /* __OPKELE_DISCOVERY_H */ |
diff --git a/include/opkele/exception.h b/include/opkele/exception.h index a8c3339..ccb39d9 100644 --- a/include/opkele/exception.h +++ b/include/opkele/exception.h | |||
@@ -1,316 +1,335 @@ | |||
1 | #ifndef __OPKELE_EXCEPTION_H | 1 | #ifndef __OPKELE_EXCEPTION_H |
2 | #define __OPKELE_EXCEPTION_H | 2 | #define __OPKELE_EXCEPTION_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief opkele exceptions | 6 | * @brief opkele exceptions |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <curl/curl.h> | 9 | #include <curl/curl.h> |
10 | 10 | ||
11 | #include <opkele/opkele-config.h> | 11 | #include <opkele/opkele-config.h> |
12 | #ifdef OPKELE_HAVE_KONFORKA | 12 | #ifdef OPKELE_HAVE_KONFORKA |
13 | # include <konforka/exception.h> | 13 | # include <konforka/exception.h> |
14 | /** | 14 | /** |
15 | * the exception parameters declaration | 15 | * the exception parameters declaration |
16 | */ | 16 | */ |
17 | # define OPKELE_E_PARS const string& fi,const string&fu,int l,const string& w | 17 | # define OPKELE_E_PARS const string& fi,const string&fu,int l,const string& w |
18 | /** | 18 | /** |
19 | * the exception parameters list to pass to constructor | 19 | * the exception parameters list to pass to constructor |
20 | */ | 20 | */ |
21 | # define OPKELE_E_CONS_ fi,fu,l, | 21 | # define OPKELE_E_CONS_ fi,fu,l, |
22 | /** | 22 | /** |
23 | * the exception codepoint specification | 23 | * the exception codepoint specification |
24 | */ | 24 | */ |
25 | # define OPKELE_CP_ CODEPOINT, | 25 | # define OPKELE_CP_ CODEPOINT, |
26 | /** | 26 | /** |
27 | * open function-try-block | 27 | * open function-try-block |
28 | */ | 28 | */ |
29 | # define OPKELE_FUNC_TRY try | 29 | # define OPKELE_FUNC_TRY try |
30 | /** | 30 | /** |
31 | * the simple rethrow of konforka-based exception | 31 | * the simple rethrow of konforka-based exception |
32 | */ | 32 | */ |
33 | # define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw; } | 33 | # define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw; } |
34 | #else /* OPKELE_HAVE_KONFORKA */ | 34 | #else /* OPKELE_HAVE_KONFORKA */ |
35 | # include <exception> | 35 | # include <exception> |
36 | # include <string> | 36 | # include <string> |
37 | /** | 37 | /** |
38 | * the exception parameter declaration | 38 | * the exception parameter declaration |
39 | */ | 39 | */ |
40 | # define OPKELE_E_PARS const string& w | 40 | # define OPKELE_E_PARS const string& w |
41 | /** | 41 | /** |
42 | * the dummy prefix for exception parameters list to prepend in the absence of | 42 | * the dummy prefix for exception parameters list to prepend in the absence of |
43 | * konforka library | 43 | * konforka library |
44 | */ | 44 | */ |
45 | # define OPKELE_E_CONS_ | 45 | # define OPKELE_E_CONS_ |
46 | /** | 46 | /** |
47 | * the dummy placeholder for konforka exception codepoint specification | 47 | * the dummy placeholder for konforka exception codepoint specification |
48 | */ | 48 | */ |
49 | # define OPKELE_CP_ | 49 | # define OPKELE_CP_ |
50 | /** | 50 | /** |
51 | * the dummy define for the opening function-try-block | 51 | * the dummy define for the opening function-try-block |
52 | */ | 52 | */ |
53 | # define OPKELE_FUNC_TRY | 53 | # define OPKELE_FUNC_TRY |
54 | /** | 54 | /** |
55 | * the dummy define for the konforka-based rethrow of exception | 55 | * the dummy define for the konforka-based rethrow of exception |
56 | */ | 56 | */ |
57 | # define OPKELE_RETHROW | 57 | # define OPKELE_RETHROW |
58 | #endif /* OPKELE_HAVE_KONFORKA */ | 58 | #endif /* OPKELE_HAVE_KONFORKA */ |
59 | /** | 59 | /** |
60 | * the exception parameters list to pass to constructor | 60 | * the exception parameters list to pass to constructor |
61 | */ | 61 | */ |
62 | # define OPKELE_E_CONS OPKELE_E_CONS_ w | 62 | # define OPKELE_E_CONS OPKELE_E_CONS_ w |
63 | 63 | ||
64 | namespace opkele { | 64 | namespace opkele { |
65 | using std::string; | 65 | using std::string; |
66 | 66 | ||
67 | /** | 67 | /** |
68 | * the base opkele exception class | 68 | * the base opkele exception class |
69 | */ | 69 | */ |
70 | class exception : public | 70 | class exception : public |
71 | # ifdef OPKELE_HAVE_KONFORKA | 71 | # ifdef OPKELE_HAVE_KONFORKA |
72 | konforka::exception | 72 | konforka::exception |
73 | # else | 73 | # else |
74 | std::exception | 74 | std::exception |
75 | # endif | 75 | # endif |
76 | { | 76 | { |
77 | public: | 77 | public: |
78 | # ifdef OPKELE_HAVE_KONFORKA | 78 | # ifdef OPKELE_HAVE_KONFORKA |
79 | explicit | 79 | explicit |
80 | exception(const string& fi,const string& fu,int l,const string& w); | 80 | exception(const string& fi,const string& fu,int l,const string& w); |
81 | # else /* OPKELE_HAVE_KONFORKA */ | 81 | # else /* OPKELE_HAVE_KONFORKA */ |
82 | string _what; | 82 | string _what; |
83 | explicit exception(const string& w); | 83 | explicit exception(const string& w); |
84 | virtual ~exception() throw(); | 84 | virtual ~exception() throw(); |
85 | virtual const char * what() const throw(); | 85 | virtual const char * what() const throw(); |
86 | # endif /* OPKELE_HAVE_KONFORKA */ | 86 | # endif /* OPKELE_HAVE_KONFORKA */ |
87 | }; | 87 | }; |
88 | 88 | ||
89 | /** | 89 | /** |
90 | * thrown in case of failed conversion | 90 | * thrown in case of failed conversion |
91 | */ | 91 | */ |
92 | class failed_conversion : public exception { | 92 | class failed_conversion : public exception { |
93 | public: | 93 | public: |
94 | failed_conversion(OPKELE_E_PARS) | 94 | failed_conversion(OPKELE_E_PARS) |
95 | : exception(OPKELE_E_CONS) { } | 95 | : exception(OPKELE_E_CONS) { } |
96 | }; | 96 | }; |
97 | /** | 97 | /** |
98 | * thrown in case of failed lookup (either parameter or persistent store) | 98 | * thrown in case of failed lookup (either parameter or persistent store) |
99 | */ | 99 | */ |
100 | class failed_lookup : public exception { | 100 | class failed_lookup : public exception { |
101 | public: | 101 | public: |
102 | failed_lookup(OPKELE_E_PARS) | 102 | failed_lookup(OPKELE_E_PARS) |
103 | : exception(OPKELE_E_CONS) { } | 103 | : exception(OPKELE_E_CONS) { } |
104 | }; | 104 | }; |
105 | /** | 105 | /** |
106 | * thrown in case of bad input (either local or network) | 106 | * thrown in case of bad input (either local or network) |
107 | */ | 107 | */ |
108 | class bad_input : public exception { | 108 | class bad_input : public exception { |
109 | public: | 109 | public: |
110 | bad_input(OPKELE_E_PARS) | 110 | bad_input(OPKELE_E_PARS) |
111 | : exception(OPKELE_E_CONS) { } | 111 | : exception(OPKELE_E_CONS) { } |
112 | }; | 112 | }; |
113 | 113 | ||
114 | /** | 114 | /** |
115 | * thrown on failed assertion | 115 | * thrown on failed assertion |
116 | */ | 116 | */ |
117 | class failed_assertion : public exception { | 117 | class failed_assertion : public exception { |
118 | public: | 118 | public: |
119 | failed_assertion(OPKELE_E_PARS) | 119 | failed_assertion(OPKELE_E_PARS) |
120 | : exception(OPKELE_E_CONS) { } | 120 | : exception(OPKELE_E_CONS) { } |
121 | }; | 121 | }; |
122 | 122 | ||
123 | /** | 123 | /** |
124 | * thrown if the handle being retrieved is invalid | 124 | * thrown if the handle being retrieved is invalid |
125 | */ | 125 | */ |
126 | class invalid_handle : public exception { | 126 | class invalid_handle : public exception { |
127 | public: | 127 | public: |
128 | invalid_handle(OPKELE_E_PARS) | 128 | invalid_handle(OPKELE_E_PARS) |
129 | : exception(OPKELE_E_CONS) { } | 129 | : exception(OPKELE_E_CONS) { } |
130 | }; | 130 | }; |
131 | /** | 131 | /** |
132 | * thrown if the handle passed to check_authentication request is not | 132 | * thrown if the handle passed to check_authentication request is not |
133 | * stateless | 133 | * stateless |
134 | */ | 134 | */ |
135 | class stateful_handle : public exception { | 135 | class stateful_handle : public exception { |
136 | public: | 136 | public: |
137 | stateful_handle(OPKELE_E_PARS) | 137 | stateful_handle(OPKELE_E_PARS) |
138 | : exception(OPKELE_E_CONS) { } | 138 | : exception(OPKELE_E_CONS) { } |
139 | }; | 139 | }; |
140 | 140 | ||
141 | /** | 141 | /** |
142 | * thrown if check_authentication request fails | 142 | * thrown if check_authentication request fails |
143 | */ | 143 | */ |
144 | class failed_check_authentication : public exception { | 144 | class failed_check_authentication : public exception { |
145 | public: | 145 | public: |
146 | failed_check_authentication(OPKELE_E_PARS) | 146 | failed_check_authentication(OPKELE_E_PARS) |
147 | : exception(OPKELE_E_CONS) { } | 147 | : exception(OPKELE_E_CONS) { } |
148 | }; | 148 | }; |
149 | 149 | ||
150 | /** | 150 | /** |
151 | * thrown if the id_res request result is negative | 151 | * thrown if the id_res request result is negative |
152 | */ | 152 | */ |
153 | class id_res_failed : public exception { | 153 | class id_res_failed : public exception { |
154 | public: | 154 | public: |
155 | id_res_failed(OPKELE_E_PARS) | 155 | id_res_failed(OPKELE_E_PARS) |
156 | : exception(OPKELE_E_CONS) { } | 156 | : exception(OPKELE_E_CONS) { } |
157 | }; | 157 | }; |
158 | /** | 158 | /** |
159 | * thrown if the user_setup_url is provided with negative response | 159 | * thrown if the user_setup_url is provided with negative response |
160 | */ | 160 | */ |
161 | class id_res_setup : public id_res_failed { | 161 | class id_res_setup : public id_res_failed { |
162 | public: | 162 | public: |
163 | string setup_url; | 163 | string setup_url; |
164 | id_res_setup(OPKELE_E_PARS,const string& su="") | 164 | id_res_setup(OPKELE_E_PARS,const string& su="") |
165 | : id_res_failed(OPKELE_E_CONS), setup_url(su) { } | 165 | : id_res_failed(OPKELE_E_CONS), setup_url(su) { } |
166 | ~id_res_setup() throw() { } | 166 | ~id_res_setup() throw() { } |
167 | }; | 167 | }; |
168 | /** | 168 | /** |
169 | * thrown in case of signature mismatch | 169 | * thrown in case of signature mismatch |
170 | */ | 170 | */ |
171 | class id_res_mismatch : public id_res_failed { | 171 | class id_res_mismatch : public id_res_failed { |
172 | public: | 172 | public: |
173 | id_res_mismatch(OPKELE_E_PARS) | 173 | id_res_mismatch(OPKELE_E_PARS) |
174 | : id_res_failed(OPKELE_E_CONS) { } | 174 | : id_res_failed(OPKELE_E_CONS) { } |
175 | }; | 175 | }; |
176 | 176 | ||
177 | /** | 177 | /** |
178 | * thrown if the association has expired before it could've been verified. | 178 | * thrown if the association has expired before it could've been verified. |
179 | */ | 179 | */ |
180 | class id_res_expired_on_delivery : public id_res_failed { | 180 | class id_res_expired_on_delivery : public id_res_failed { |
181 | public: | 181 | public: |
182 | id_res_expired_on_delivery(OPKELE_E_PARS) | 182 | id_res_expired_on_delivery(OPKELE_E_PARS) |
183 | : id_res_failed(OPKELE_E_CONS) { } | 183 | : id_res_failed(OPKELE_E_CONS) { } |
184 | }; | 184 | }; |
185 | 185 | ||
186 | /** | 186 | /** |
187 | * thown when the user cancelled authentication process. | 187 | * thown when the user cancelled authentication process. |
188 | */ | 188 | */ |
189 | class id_res_cancel : public id_res_failed { | 189 | class id_res_cancel : public id_res_failed { |
190 | public: | 190 | public: |
191 | id_res_cancel(OPKELE_E_PARS) | 191 | id_res_cancel(OPKELE_E_PARS) |
192 | : id_res_failed(OPKELE_E_CONS) { } | 192 | : id_res_failed(OPKELE_E_CONS) { } |
193 | }; | 193 | }; |
194 | 194 | ||
195 | /** | 195 | /** |
196 | * thrown in case of nonce reuse or otherwise imperfect nonce. | 196 | * thrown in case of nonce reuse or otherwise imperfect nonce. |
197 | */ | 197 | */ |
198 | class id_res_bad_nonce : public id_res_failed { | 198 | class id_res_bad_nonce : public id_res_failed { |
199 | public: | 199 | public: |
200 | id_res_bad_nonce(OPKELE_E_PARS) | 200 | id_res_bad_nonce(OPKELE_E_PARS) |
201 | : id_res_failed(OPKELE_E_CONS) { } | 201 | : id_res_failed(OPKELE_E_CONS) { } |
202 | }; | 202 | }; |
203 | 203 | ||
204 | /** | 204 | /** |
205 | * thrown if return_to didn't pass verification | 205 | * thrown if return_to didn't pass verification |
206 | */ | 206 | */ |
207 | class id_res_bad_return_to : public id_res_failed { | 207 | class id_res_bad_return_to : public id_res_failed { |
208 | public: | 208 | public: |
209 | id_res_bad_return_to(OPKELE_E_PARS) | 209 | id_res_bad_return_to(OPKELE_E_PARS) |
210 | : id_res_failed(OPKELE_E_CONS) { } | 210 | : id_res_failed(OPKELE_E_CONS) { } |
211 | }; | 211 | }; |
212 | 212 | ||
213 | /** | 213 | /** |
214 | * thrown if OP isn't authorized to make an assertion | 214 | * thrown if OP isn't authorized to make an assertion |
215 | */ | 215 | */ |
216 | class id_res_unauthorized : public id_res_failed { | 216 | class id_res_unauthorized : public id_res_failed { |
217 | public: | 217 | public: |
218 | id_res_unauthorized(OPKELE_E_PARS) | 218 | id_res_unauthorized(OPKELE_E_PARS) |
219 | : id_res_failed(OPKELE_E_CONS) { } | 219 | : id_res_failed(OPKELE_E_CONS) { } |
220 | }; | 220 | }; |
221 | 221 | ||
222 | /** | 222 | /** |
223 | * openssl malfunction occured | 223 | * openssl malfunction occured |
224 | */ | 224 | */ |
225 | class exception_openssl : public exception { | 225 | class exception_openssl : public exception { |
226 | public: | 226 | public: |
227 | unsigned long _error; | 227 | unsigned long _error; |
228 | string _ssl_string; | 228 | string _ssl_string; |
229 | exception_openssl(OPKELE_E_PARS); | 229 | exception_openssl(OPKELE_E_PARS); |
230 | ~exception_openssl() throw() { } | 230 | ~exception_openssl() throw() { } |
231 | }; | 231 | }; |
232 | 232 | ||
233 | /** | 233 | /** |
234 | * network operation related error occured | 234 | * network operation related error occured |
235 | */ | 235 | */ |
236 | class exception_network : public exception { | 236 | class exception_network : public exception { |
237 | public: | 237 | public: |
238 | exception_network(OPKELE_E_PARS) | 238 | exception_network(OPKELE_E_PARS) |
239 | : exception(OPKELE_E_CONS) { } | 239 | : exception(OPKELE_E_CONS) { } |
240 | }; | 240 | }; |
241 | 241 | ||
242 | /** | 242 | /** |
243 | * network operation related error occured, specifically, related to | 243 | * network operation related error occured, specifically, related to |
244 | * libcurl | 244 | * libcurl |
245 | */ | 245 | */ |
246 | class exception_curl : public exception_network { | 246 | class exception_curl : public exception_network { |
247 | public: | 247 | public: |
248 | CURLcode _error; | 248 | CURLcode _error; |
249 | string _curl_string; | 249 | string _curl_string; |
250 | exception_curl(OPKELE_E_PARS); | 250 | exception_curl(OPKELE_E_PARS); |
251 | exception_curl(OPKELE_E_PARS,CURLcode e); | 251 | exception_curl(OPKELE_E_PARS,CURLcode e); |
252 | ~exception_curl() throw() { } | 252 | ~exception_curl() throw() { } |
253 | }; | 253 | }; |
254 | 254 | ||
255 | /** | 255 | /** |
256 | * htmltidy related error occured | 256 | * htmltidy related error occured |
257 | */ | 257 | */ |
258 | class exception_tidy : public exception { | 258 | class exception_tidy : public exception { |
259 | public: | 259 | public: |
260 | int _rc; | 260 | int _rc; |
261 | exception_tidy(OPKELE_E_PARS); | 261 | exception_tidy(OPKELE_E_PARS); |
262 | exception_tidy(OPKELE_E_PARS,int r); | 262 | exception_tidy(OPKELE_E_PARS,int r); |
263 | ~exception_tidy() throw() { } | 263 | ~exception_tidy() throw() { } |
264 | }; | 264 | }; |
265 | 265 | ||
266 | /** | 266 | /** |
267 | * exception thrown in case of failed discovery | 267 | * exception thrown in case of failed discovery |
268 | */ | 268 | */ |
269 | class failed_discovery : public exception { | 269 | class failed_discovery : public exception { |
270 | public: | 270 | public: |
271 | failed_discovery(OPKELE_E_PARS) | 271 | failed_discovery(OPKELE_E_PARS) |
272 | : exception(OPKELE_E_CONS) { } | 272 | : exception(OPKELE_E_CONS) { } |
273 | }; | 273 | }; |
274 | 274 | ||
275 | /** | 275 | /** |
276 | * unsuccessfull xri resolution | 276 | * unsuccessfull xri resolution |
277 | */ | 277 | */ |
278 | class failed_xri_resolution : public failed_discovery { | 278 | class failed_xri_resolution : public failed_discovery { |
279 | public: | 279 | public: |
280 | long _code; | 280 | long _code; |
281 | failed_xri_resolution(OPKELE_E_PARS,long _c=-1) | 281 | failed_xri_resolution(OPKELE_E_PARS,long _c=-1) |
282 | : failed_discovery(OPKELE_E_CONS), _code(_c) { } | 282 | : failed_discovery(OPKELE_E_CONS), _code(_c) { } |
283 | }; | 283 | }; |
284 | 284 | ||
285 | /** | 285 | /** |
286 | * not implemented (think pure virtual) member function executed, signfies | 286 | * not implemented (think pure virtual) member function executed, signfies |
287 | * programmer error | 287 | * programmer error |
288 | */ | 288 | */ |
289 | class not_implemented : public exception { | 289 | class not_implemented : public exception { |
290 | public: | 290 | public: |
291 | not_implemented(OPKELE_E_PARS) | 291 | not_implemented(OPKELE_E_PARS) |
292 | : exception(OPKELE_E_CONS) { } | 292 | : exception(OPKELE_E_CONS) { } |
293 | }; | 293 | }; |
294 | 294 | ||
295 | /** | 295 | /** |
296 | * internal error, indicates internal libopkele problem | 296 | * internal error, indicates internal libopkele problem |
297 | */ | 297 | */ |
298 | class internal_error : public exception { | 298 | class internal_error : public exception { |
299 | public: | 299 | public: |
300 | internal_error(OPKELE_E_PARS) | 300 | internal_error(OPKELE_E_PARS) |
301 | : exception(OPKELE_E_CONS) { } | 301 | : exception(OPKELE_E_CONS) { } |
302 | }; | 302 | }; |
303 | 303 | ||
304 | /** | 304 | /** |
305 | * thrown in case of unsupported parameter encountered (e.g. unsupported | 305 | * thrown in case of unsupported parameter encountered (e.g. unsupported |
306 | * association type). | 306 | * association type). |
307 | */ | 307 | */ |
308 | class unsupported : public exception { | 308 | class unsupported : public exception { |
309 | public: | 309 | public: |
310 | unsupported(OPKELE_E_PARS) | 310 | unsupported(OPKELE_E_PARS) |
311 | : exception(OPKELE_E_CONS) { } | 311 | : exception(OPKELE_E_CONS) { } |
312 | }; | 312 | }; |
313 | 313 | ||
314 | /** | ||
315 | * thrown by associations store related functions in case of dumb RP. | ||
316 | */ | ||
317 | class dumb_RP : public exception { | ||
318 | public: | ||
319 | dumb_RP(OPKELE_E_PARS) | ||
320 | : exception(OPKELE_E_CONS) { } | ||
321 | }; | ||
322 | |||
323 | /** | ||
324 | * thrown by endpoint-queue related function if endpoint is being | ||
325 | * accessed but there's no endpoint available. | ||
326 | */ | ||
327 | class no_endpoint : public exception { | ||
328 | public: | ||
329 | no_endpoint(OPKELE_E_PARS) | ||
330 | : exception(OPKELE_E_CONS) { } | ||
331 | }; | ||
332 | |||
314 | } | 333 | } |
315 | 334 | ||
316 | #endif /* __OPKELE_EXCEPTION_H */ | 335 | #endif /* __OPKELE_EXCEPTION_H */ |
diff --git a/include/opkele/extension.h b/include/opkele/extension.h index 513672f..3ee25ee 100644 --- a/include/opkele/extension.h +++ b/include/opkele/extension.h | |||
@@ -1,65 +1,66 @@ | |||
1 | #ifndef __OPKELE_EXTENSION_H | 1 | #ifndef __OPKELE_EXTENSION_H |
2 | #define __OPKELE_EXTENSION_H | 2 | #define __OPKELE_EXTENSION_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief extensions framework basics | 6 | * @brief extensions framework basics |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <opkele/types.h> | 9 | #include <opkele/types.h> |
10 | 10 | ||
11 | namespace opkele { | 11 | namespace opkele { |
12 | 12 | ||
13 | /** | 13 | /** |
14 | * OpenID extension hooks base class | 14 | * OpenID extension hooks base class |
15 | */ | 15 | */ |
16 | class extension_t { | 16 | class extension_t { |
17 | public: | 17 | public: |
18 | 18 | ||
19 | virtual ~extension_t() { } | 19 | virtual ~extension_t() { } |
20 | |||
20 | /** | 21 | /** |
21 | * hook called by consumer before submitting data to OpenID server. | 22 | * hook called by consumer before submitting data to OpenID server. |
22 | * It is supposed to manipulate parameters list. | 23 | * It is supposed to manipulate parameters list. |
23 | * @param p parameters about to be submitted to server | 24 | * @param p parameters about to be submitted to server |
24 | * @param identity identity being verified. It may differ from the | 25 | * @param identity identity being verified. It may differ from the |
25 | * one available in parameters list in case of delegation | 26 | * one available in parameters list in case of delegation |
26 | * @see consumer_t::checkid_ | 27 | * @see consumer_t::checkid_ |
27 | * @see consumer_t::checkid_immediate | 28 | * @see consumer_t::checkid_immediate |
28 | * @see consumer_t::checkid_setup | 29 | * @see consumer_t::checkid_setup |
29 | */ | 30 | */ |
30 | virtual void checkid_hook(params_t& p,const string& identity); | 31 | virtual void checkid_hook(basic_openid_message& om); |
31 | /** | 32 | /** |
32 | * hook called by consumer after identity information received from | 33 | * hook called by consumer after identity information received from |
33 | * OpenID server is verified. | 34 | * OpenID server is verified. |
34 | * @param p parameters received from server | 35 | * @param p parameters received from server |
35 | * @param sp signed parameters received from server with 'openid.' | 36 | * @param sp signed parameters received from server with 'openid.' |
36 | * leader stripped | 37 | * leader stripped |
37 | * @param identity identity confirmed. May differ from the one | 38 | * @param identity identity confirmed. May differ from the one |
38 | * available in parameters list in case of delegation. May also be | 39 | * available in parameters list in case of delegation. May also be |
39 | * empty which means - extract one from parameters | 40 | * empty which means - extract one from parameters |
40 | * @see consumer_t::id_res | 41 | * @see consumer_t::id_res |
41 | */ | 42 | */ |
42 | virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); | 43 | virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp); |
43 | 44 | ||
44 | /** | 45 | /** |
45 | * hook called by server before returning information to consumer. | 46 | * hook called by server before returning information to consumer. |
46 | * The hook may manipulate output parameters. It is important to | 47 | * The hook may manipulate output parameters. It is important to |
47 | * note that modified pout["signed"] is used for signing response. | 48 | * note that modified pout["signed"] is used for signing response. |
48 | * @param pin request parameters list with "openid." prefix | 49 | * @param pin request parameters list with "openid." prefix |
49 | * @param pout response parameters list without "openid." prefix | 50 | * @param pout response parameters list without "openid." prefix |
50 | * @see server_t::checkid_ | 51 | * @see server_t::checkid_ |
51 | * @see server_t::checkid_immediate | 52 | * @see server_t::checkid_immediate |
52 | * @see server_t::checkid_setup | 53 | * @see server_t::checkid_setup |
53 | */ | 54 | */ |
54 | virtual void checkid_hook(const params_t& pin,params_t& pout); | 55 | virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); |
55 | 56 | ||
56 | /** | 57 | /** |
57 | * Casts the object to pointer to itself. For convenient passing | 58 | * Casts the object to pointer to itself. For convenient passing |
58 | * of pointer. | 59 | * of pointer. |
59 | */ | 60 | */ |
60 | operator extension_t*(void) { return this; } | 61 | operator extension_t*(void) { return this; } |
61 | }; | 62 | }; |
62 | 63 | ||
63 | } | 64 | } |
64 | 65 | ||
65 | #endif /* __OPKELE_EXTENSION_H */ | 66 | #endif /* __OPKELE_EXTENSION_H */ |
diff --git a/include/opkele/extension_chain.h b/include/opkele/extension_chain.h index f0eea94..fb9bc84 100644 --- a/include/opkele/extension_chain.h +++ b/include/opkele/extension_chain.h | |||
@@ -1,38 +1,38 @@ | |||
1 | #ifndef __OPKELE_EXTENSION_CHAIN_H | 1 | #ifndef __OPKELE_EXTENSION_CHAIN_H |
2 | #define __OPKELE_EXTENSION_CHAIN_H | 2 | #define __OPKELE_EXTENSION_CHAIN_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief extension chain extension | 6 | * @brief extension chain extension |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <list> | 9 | #include <list> |
10 | #include <opkele/extension.h> | 10 | #include <opkele/extension.h> |
11 | 11 | ||
12 | namespace opkele { | 12 | namespace opkele { |
13 | using std::list; | 13 | using std::list; |
14 | 14 | ||
15 | /** | 15 | /** |
16 | * OpenID extensions chain used to combine extensions, it is actually an | 16 | * OpenID extensions chain used to combine extensions, it is actually an |
17 | * stl list of pointers to extensions. | 17 | * stl list of pointers to extensions. |
18 | */ | 18 | */ |
19 | class extension_chain_t : public extension_t, public list<extension_t*> { | 19 | class extension_chain_t : public extension_t, public list<extension_t*> { |
20 | public: | 20 | public: |
21 | 21 | ||
22 | /** | 22 | /** |
23 | * Default constructor creates an empty chain | 23 | * Default constructor creates an empty chain |
24 | */ | 24 | */ |
25 | extension_chain_t() { } | 25 | extension_chain_t() { } |
26 | /** | 26 | /** |
27 | * Create extension chain with a single extension in it | 27 | * Create extension chain with a single extension in it |
28 | */ | 28 | */ |
29 | extension_chain_t(extension_t *e) { push_back(e); } | 29 | extension_chain_t(extension_t *e) { push_back(e); } |
30 | 30 | ||
31 | virtual void checkid_hook(params_t& p,const string& identity); | 31 | virtual void checkid_hook(basic_openid_message& om); |
32 | virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); | 32 | virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp); |
33 | virtual void checkid_hook(const params_t& pin,params_t& pout); | 33 | virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); |
34 | }; | 34 | }; |
35 | 35 | ||
36 | } | 36 | } |
37 | 37 | ||
38 | #endif /* __OPKELE_EXTENSION_CHAIN_H */ | 38 | #endif /* __OPKELE_EXTENSION_CHAIN_H */ |
diff --git a/include/opkele/prequeue_rp.h b/include/opkele/prequeue_rp.h new file mode 100644 index 0000000..b98dd5a --- a/dev/null +++ b/include/opkele/prequeue_rp.h | |||
@@ -0,0 +1,81 @@ | |||
1 | #ifndef __OPKELE_RP_H | ||
2 | #define __OPKELE_RP_H | ||
3 | |||
4 | #include <string> | ||
5 | #include <set> | ||
6 | #include <iterator> | ||
7 | #include <opkele/basic_rp.h> | ||
8 | |||
9 | namespace opkele { | ||
10 | using std::string; | ||
11 | using std::set; | ||
12 | using std::iterator; | ||
13 | using std::output_iterator_tag; | ||
14 | |||
15 | class prequeue_RP : public basic_RP { | ||
16 | public: | ||
17 | /** | ||
18 | * @name Session persistent store API | ||
19 | * @{ | ||
20 | */ | ||
21 | /** | ||
22 | * Called before queueing discovered endpoints. Typically happens | ||
23 | * while initiating authentication session. | ||
24 | * @see queue_endpoint() | ||
25 | * @see end_queueing() | ||
26 | */ | ||
27 | virtual void begin_queueing() { } | ||
28 | /** | ||
29 | * Used to queue discovered endpoint. It is implementors | ||
30 | * responsibility to store the endpoint wherever he choses to store | ||
31 | * it. | ||
32 | * @param oep the endpoint to queue | ||
33 | * @see begin_queueing() | ||
34 | * @see end_queueing() | ||
35 | */ | ||
36 | virtual void queue_endpoint(const openid_endpoint_t& oep) = 0; | ||
37 | /** | ||
38 | * Called after all discovered endpoints were queued. Implementor | ||
39 | * may chose to use this virtual to commit endpoints queue to | ||
40 | * persistent store. | ||
41 | * @see begin_queueing() | ||
42 | * @see queue_endpoint() | ||
43 | */ | ||
44 | virtual void end_queueing() { } | ||
45 | |||
46 | /** | ||
47 | * Used to store normalized id when initiating request. | ||
48 | * The default implementation does nothing, because implementor | ||
49 | * doesn't have to care. | ||
50 | * @param nid normalized id | ||
51 | * @see get_normalzied_id() | ||
52 | */ | ||
53 | virtual void set_normalized_id(const string& nid); | ||
54 | /** | ||
55 | * Return the normalized id previously set by set_normalized_id(). | ||
56 | * Provided for the sake of completeness because default | ||
57 | * implementation doesn't use it. | ||
58 | * @return the normalized identity | ||
59 | */ | ||
60 | virtual const string get_normalized_id() const; | ||
61 | /** | ||
62 | * @} | ||
63 | */ | ||
64 | |||
65 | /** | ||
66 | * @name Actions | ||
67 | * @{ | ||
68 | */ | ||
69 | void initiate(const string& usi); | ||
70 | |||
71 | /** | ||
72 | * @} | ||
73 | */ | ||
74 | |||
75 | void verify_OP(const string& OP, | ||
76 | const string& claimed_id,const string& identity) const; | ||
77 | }; | ||
78 | |||
79 | } | ||
80 | |||
81 | #endif /* __OPKELE_RP_H */ | ||
diff --git a/include/opkele/sreg.h b/include/opkele/sreg.h index df37a86..24cb315 100644 --- a/include/opkele/sreg.h +++ b/include/opkele/sreg.h | |||
@@ -1,203 +1,203 @@ | |||
1 | #ifndef __OPKELE_SREG_H | 1 | #ifndef __OPKELE_SREG_H |
2 | #define __OPKELE_SREG_H | 2 | #define __OPKELE_SREG_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief Simple registration extension | 6 | * @brief Simple registration extension |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <opkele/extension.h> | 9 | #include <opkele/extension.h> |
10 | 10 | ||
11 | namespace opkele { | 11 | namespace opkele { |
12 | using std::map; | 12 | using std::map; |
13 | 13 | ||
14 | /** | 14 | /** |
15 | * OpenID simple registration extension implementation | 15 | * OpenID simple registration extension implementation |
16 | * http://openid.net/specs/openid-simple-registration-extension-1_0.html | 16 | * http://openid.net/specs/openid-simple-registration-extension-1_0.html |
17 | */ | 17 | */ |
18 | class sreg_t : public extension_t { | 18 | class sreg_t : public extension_t { |
19 | public: | 19 | public: |
20 | /** | 20 | /** |
21 | * sreg fields enumeration | 21 | * sreg fields enumeration |
22 | */ | 22 | */ |
23 | enum fieldbit_t { | 23 | enum fieldbit_t { |
24 | /** | 24 | /** |
25 | * Any UTF-8 string that the End User wants to use as a nickname. | 25 | * Any UTF-8 string that the End User wants to use as a nickname. |
26 | */ | 26 | */ |
27 | field_nickname = 1, | 27 | field_nickname = 1, |
28 | /** | 28 | /** |
29 | * The email address of the End User as specified in section 3.4.1 of [RFC2822] | 29 | * The email address of the End User as specified in section 3.4.1 of [RFC2822] |
30 | */ | 30 | */ |
31 | field_email = 2, | 31 | field_email = 2, |
32 | /** | 32 | /** |
33 | * UTF-8 string free text representation of the End User's full name. | 33 | * UTF-8 string free text representation of the End User's full name. |
34 | */ | 34 | */ |
35 | field_fullname = 4, | 35 | field_fullname = 4, |
36 | /** | 36 | /** |
37 | * The End User's date of birth as YYYY-MM-DD. Any values whose | 37 | * The End User's date of birth as YYYY-MM-DD. Any values whose |
38 | * representation uses fewer than the specified number of | 38 | * representation uses fewer than the specified number of |
39 | * digits should be zero-padded. The length of this value MUST | 39 | * digits should be zero-padded. The length of this value MUST |
40 | * always be 10. If the End User user does not want to reveal | 40 | * always be 10. If the End User user does not want to reveal |
41 | * any particular component of this value, it MUST be set to | 41 | * any particular component of this value, it MUST be set to |
42 | * zero. | 42 | * zero. |
43 | * | 43 | * |
44 | * For instance, if a End User wants to specify that his date | 44 | * For instance, if a End User wants to specify that his date |
45 | * of birth is in 1980, but not the month or day, the value | 45 | * of birth is in 1980, but not the month or day, the value |
46 | * returned SHALL be "1980-00-00". | 46 | * returned SHALL be "1980-00-00". |
47 | */ | 47 | */ |
48 | field_dob = 8, | 48 | field_dob = 8, |
49 | /** | 49 | /** |
50 | * Alias to field_dob | 50 | * Alias to field_dob |
51 | */ | 51 | */ |
52 | field_birthdate = field_dob, | 52 | field_birthdate = field_dob, |
53 | /** | 53 | /** |
54 | * The End User's gender, "M" for male, "F" for female. | 54 | * The End User's gender, "M" for male, "F" for female. |
55 | */ | 55 | */ |
56 | field_gender = 16, | 56 | field_gender = 16, |
57 | /** | 57 | /** |
58 | * Alias to field_gender | 58 | * Alias to field_gender |
59 | */ | 59 | */ |
60 | field_sex = field_gender, | 60 | field_sex = field_gender, |
61 | /** | 61 | /** |
62 | * UTF-8 string free text that SHOULD conform to the End User's | 62 | * UTF-8 string free text that SHOULD conform to the End User's |
63 | * country's postal system. | 63 | * country's postal system. |
64 | */ | 64 | */ |
65 | field_postcode = 32, | 65 | field_postcode = 32, |
66 | /** | 66 | /** |
67 | * The End User's country of residence as specified by ISO3166 | 67 | * The End User's country of residence as specified by ISO3166 |
68 | */ | 68 | */ |
69 | field_country = 64, | 69 | field_country = 64, |
70 | /** | 70 | /** |
71 | * End User's preferred language as specified by ISO639 | 71 | * End User's preferred language as specified by ISO639 |
72 | */ | 72 | */ |
73 | field_language = 128, | 73 | field_language = 128, |
74 | /** | 74 | /** |
75 | * ASCII string from TimeZone database | 75 | * ASCII string from TimeZone database |
76 | * | 76 | * |
77 | * For example, "Europe/Paris" or "America/Los_Angeles". | 77 | * For example, "Europe/Paris" or "America/Los_Angeles". |
78 | */ | 78 | */ |
79 | field_timezone = 256, | 79 | field_timezone = 256, |
80 | /** | 80 | /** |
81 | * All fields bits combined | 81 | * All fields bits combined |
82 | */ | 82 | */ |
83 | fields_ALL = 511, | 83 | fields_ALL = 511, |
84 | /** | 84 | /** |
85 | * No fields | 85 | * No fields |
86 | */ | 86 | */ |
87 | fields_NONE = 0 | 87 | fields_NONE = 0 |
88 | }; | 88 | }; |
89 | /** | 89 | /** |
90 | * Bitmask for fields which, if absent from the response, will | 90 | * Bitmask for fields which, if absent from the response, will |
91 | * prevent the Consumer from completing the registration without | 91 | * prevent the Consumer from completing the registration without |
92 | * End User interation. | 92 | * End User interation. |
93 | */ | 93 | */ |
94 | long fields_required; | 94 | long fields_required; |
95 | /** | 95 | /** |
96 | * Bitmask for fields that will be used by the Consumer, but whose | 96 | * Bitmask for fields that will be used by the Consumer, but whose |
97 | * absence will not prevent the registration from completing. | 97 | * absence will not prevent the registration from completing. |
98 | */ | 98 | */ |
99 | long fields_optional; | 99 | long fields_optional; |
100 | /** | 100 | /** |
101 | * A URL which the Consumer provides to give the End User a place | 101 | * A URL which the Consumer provides to give the End User a place |
102 | * to read about the how the profile data will be used. The | 102 | * to read about the how the profile data will be used. The |
103 | * Identity Provider SHOULD display this URL to the End User if it | 103 | * Identity Provider SHOULD display this URL to the End User if it |
104 | * is given. | 104 | * is given. |
105 | */ | 105 | */ |
106 | string policy_url; | 106 | string policy_url; |
107 | 107 | ||
108 | /** | 108 | /** |
109 | * Bitmask for fields present in response | 109 | * Bitmask for fields present in response |
110 | */ | 110 | */ |
111 | long has_fields; | 111 | long has_fields; |
112 | /** | 112 | /** |
113 | * Container type for response fields values | 113 | * Container type for response fields values |
114 | */ | 114 | */ |
115 | typedef map<fieldbit_t,string> response_t; | 115 | typedef map<fieldbit_t,string> response_t; |
116 | /** | 116 | /** |
117 | * Response contents | 117 | * Response contents |
118 | */ | 118 | */ |
119 | response_t response; | 119 | response_t response; |
120 | 120 | ||
121 | /** | 121 | /** |
122 | * Fields bitmask to send in response | 122 | * Fields bitmask to send in response |
123 | */ | 123 | */ |
124 | long fields_response; | 124 | long fields_response; |
125 | 125 | ||
126 | /** | 126 | /** |
127 | * Consumer constructor. | 127 | * Consumer constructor. |
128 | * @param fr required fields | 128 | * @param fr required fields |
129 | * @see fields_required | 129 | * @see fields_required |
130 | * @param fo optional fields | 130 | * @param fo optional fields |
131 | * @see fields_optional | 131 | * @see fields_optional |
132 | * @param pu policy url | 132 | * @param pu policy url |
133 | * @see policy_url | 133 | * @see policy_url |
134 | */ | 134 | */ |
135 | sreg_t(long fr=fields_NONE,long fo=fields_NONE,const string& pu="") | 135 | sreg_t(long fr=fields_NONE,long fo=fields_NONE,const string& pu="") |
136 | : fields_required(fr), fields_optional(fo), policy_url(pu), has_fields(0) { } | 136 | : fields_required(fr), fields_optional(fo), policy_url(pu), has_fields(0) { } |
137 | 137 | ||
138 | /** | 138 | /** |
139 | * Implementation of consumer's checkid hook | 139 | * Implementation of consumer's checkid hook |
140 | */ | 140 | */ |
141 | virtual void checkid_hook(params_t& p,const string& identity); | 141 | virtual void checkid_hook(basic_openid_message& om); |
142 | /** | 142 | /** |
143 | * Implementation of consumer's id_res hook | 143 | * Implementation of consumer's id_res hook |
144 | */ | 144 | */ |
145 | virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); | 145 | virtual void id_res_hook(const basic_openid_message& om,const basic_openid_message& sp); |
146 | /** | 146 | /** |
147 | * Implementation of server's checkid_hook | 147 | * Implementation of server's checkid_hook |
148 | */ | 148 | */ |
149 | virtual void checkid_hook(const params_t& pin,params_t& pout); | 149 | virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); |
150 | 150 | ||
151 | /** | 151 | /** |
152 | * Check and see if we have value for some particular field. | 152 | * Check and see if we have value for some particular field. |
153 | * @param fb field in question | 153 | * @param fb field in question |
154 | * @see fieldbit_t | 154 | * @see fieldbit_t |
155 | * @return true if the value is available | 155 | * @return true if the value is available |
156 | */ | 156 | */ |
157 | bool has_field(fieldbit_t fb) const { return has_fields&fb; } | 157 | bool has_field(fieldbit_t fb) const { return has_fields&fb; } |
158 | 158 | ||
159 | /** | 159 | /** |
160 | * Retrieve the value for a field. | 160 | * Retrieve the value for a field. |
161 | * @param fb field in question | 161 | * @param fb field in question |
162 | * @see fieldbit_t | 162 | * @see fieldbit_t |
163 | * @return field value | 163 | * @return field value |
164 | * @throw failed_lookup if no data avaialble | 164 | * @throw failed_lookup if no data avaialble |
165 | */ | 165 | */ |
166 | const string& get_field(fieldbit_t fb) const; | 166 | const string& get_field(fieldbit_t fb) const; |
167 | 167 | ||
168 | /** | 168 | /** |
169 | * Set the value for a field. | 169 | * Set the value for a field. |
170 | * @param fb field in question | 170 | * @param fb field in question |
171 | * @see fieldbit_t | 171 | * @see fieldbit_t |
172 | * @param fv field value | 172 | * @param fv field value |
173 | */ | 173 | */ |
174 | void set_field(fieldbit_t fb,const string& fv); | 174 | void set_field(fieldbit_t fb,const string& fv); |
175 | 175 | ||
176 | /** | 176 | /** |
177 | * Remove the value for a field. | 177 | * Remove the value for a field. |
178 | * @param fb field in question | 178 | * @param fb field in question |
179 | * @see fieldbit_t | 179 | * @see fieldbit_t |
180 | */ | 180 | */ |
181 | void reset_field(fieldbit_t fb); | 181 | void reset_field(fieldbit_t fb); |
182 | 182 | ||
183 | /** | 183 | /** |
184 | * Reset field data | 184 | * Reset field data |
185 | */ | 185 | */ |
186 | void clear(); | 186 | void clear(); |
187 | 187 | ||
188 | /** | 188 | /** |
189 | * Function called after parsing sreg request to set up response | 189 | * Function called after parsing sreg request to set up response |
190 | * fields. The default implementation tries to send as much fields | 190 | * fields. The default implementation tries to send as much fields |
191 | * as we have. The function is supposed to set the data and | 191 | * as we have. The function is supposed to set the data and |
192 | * fields_response. | 192 | * fields_response. |
193 | * @see fields_response | 193 | * @see fields_response |
194 | * @param pin input request parameters with "openid." prefix | 194 | * @param pin input request parameters with "openid." prefix |
195 | * @param pout output request parameters without "openid." prefix. | 195 | * @param pout output request parameters without "openid." prefix. |
196 | * @see checkid_hook(const params_t&,params_t&) | 196 | * @see checkid_hook(const params_t&,params_t&) |
197 | */ | 197 | */ |
198 | virtual void setup_response(const params_t& pin,params_t& pout); | 198 | virtual void setup_response(const basic_openid_message& inm,basic_openid_message& oum); |
199 | 199 | ||
200 | }; | 200 | }; |
201 | } | 201 | } |
202 | 202 | ||
203 | #endif /* __OPKELE_SREG_H */ | 203 | #endif /* __OPKELE_SREG_H */ |
diff --git a/include/opkele/types.h b/include/opkele/types.h index de44a5c..d5ad258 100644 --- a/include/opkele/types.h +++ b/include/opkele/types.h | |||
@@ -1,246 +1,207 @@ | |||
1 | #ifndef __OPKELE_TYPES_H | 1 | #ifndef __OPKELE_TYPES_H |
2 | #define __OPKELE_TYPES_H | 2 | #define __OPKELE_TYPES_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief various types declarations | 6 | * @brief various types declarations |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <ostream> | 9 | #include <ostream> |
10 | #include <vector> | 10 | #include <vector> |
11 | #include <string> | 11 | #include <string> |
12 | #include <map> | 12 | #include <map> |
13 | #include <set> | 13 | #include <set> |
14 | #include <list> | ||
15 | #include <opkele/iterator.h> | ||
14 | #include <opkele/tr1-mem.h> | 16 | #include <opkele/tr1-mem.h> |
15 | 17 | ||
16 | namespace opkele { | 18 | namespace opkele { |
17 | using std::vector; | 19 | using std::vector; |
18 | using std::string; | 20 | using std::string; |
19 | using std::map; | 21 | using std::map; |
20 | using std::ostream; | 22 | using std::ostream; |
21 | using std::multimap; | 23 | using std::multimap; |
22 | using std::set; | 24 | using std::set; |
25 | using std::list; | ||
26 | using std::iterator; | ||
27 | using std::forward_iterator_tag; | ||
23 | 28 | ||
24 | /** | 29 | /** |
25 | * the OpenID operation mode | 30 | * the OpenID operation mode |
26 | */ | 31 | */ |
27 | typedef enum _mode_t { | 32 | typedef enum _mode_t { |
28 | mode_associate, | 33 | mode_associate, |
29 | mode_checkid_immediate, | 34 | mode_checkid_immediate, |
30 | mode_checkid_setup, | 35 | mode_checkid_setup, |
31 | mode_check_association | 36 | mode_check_association |
32 | } mode_t; | 37 | } mode_t; |
33 | 38 | ||
34 | /** | 39 | /** |
35 | * the association secret container | 40 | * the association secret container |
36 | */ | 41 | */ |
37 | class secret_t : public vector<unsigned char> { | 42 | class secret_t : public vector<unsigned char> { |
38 | public: | 43 | public: |
39 | 44 | ||
40 | /** | 45 | /** |
41 | * xor the secret and hmac together and encode, using base64 | 46 | * xor the secret and hmac together and encode, using base64 |
42 | * @param key_d pointer to the message digest | 47 | * @param key_d pointer to the message digest |
43 | * @param rv reference to the return value | 48 | * @param rv reference to the return value |
44 | */ | 49 | */ |
45 | void enxor_to_base64(const unsigned char *key_d,string& rv) const; | 50 | void enxor_to_base64(const unsigned char *key_d,string& rv) const; |
46 | /** | 51 | /** |
47 | * decode base64-encoded secret and xor it with the message digest | 52 | * decode base64-encoded secret and xor it with the message digest |
48 | * @param key_d pointer to the message digest | 53 | * @param key_d pointer to the message digest |
49 | * @param b64 base64-encoded secret value | 54 | * @param b64 base64-encoded secret value |
50 | */ | 55 | */ |
51 | void enxor_from_base64(const unsigned char *key_d,const string& b64); | 56 | void enxor_from_base64(const unsigned char *key_d,const string& b64); |
52 | /** | 57 | /** |
53 | * plainly encode to base64 representation | 58 | * plainly encode to base64 representation |
54 | * @param rv reference to the return value | 59 | * @param rv reference to the return value |
55 | */ | 60 | */ |
56 | void to_base64(string& rv) const; | 61 | void to_base64(string& rv) const; |
57 | /** | 62 | /** |
58 | * decode cleartext secret from base64 | 63 | * decode cleartext secret from base64 |
59 | * @param b64 base64-encoded representation of the secret value | 64 | * @param b64 base64-encoded representation of the secret value |
60 | */ | 65 | */ |
61 | void from_base64(const string& b64); | 66 | void from_base64(const string& b64); |
62 | }; | 67 | }; |
63 | 68 | ||
64 | /** | 69 | /** |
65 | * Interface to the association. | 70 | * Interface to the association. |
66 | */ | 71 | */ |
67 | class association_t { | 72 | class association_t { |
68 | public: | 73 | public: |
69 | 74 | ||
70 | virtual ~association_t() { } | 75 | virtual ~association_t() { } |
71 | 76 | ||
72 | /** | 77 | /** |
73 | * retrieve the server with which association was established. | 78 | * retrieve the server with which association was established. |
74 | * @return server name | 79 | * @return server name |
75 | */ | 80 | */ |
76 | virtual string server() const = 0; | 81 | virtual string server() const = 0; |
77 | /** | 82 | /** |
78 | * retrieve the association handle. | 83 | * retrieve the association handle. |
79 | * @return handle | 84 | * @return handle |
80 | */ | 85 | */ |
81 | virtual string handle() const = 0; | 86 | virtual string handle() const = 0; |
82 | /** | 87 | /** |
83 | * retrieve the association type. | 88 | * retrieve the association type. |
84 | * @return association type | 89 | * @return association type |
85 | */ | 90 | */ |
86 | virtual string assoc_type() const = 0; | 91 | virtual string assoc_type() const = 0; |
87 | /** | 92 | /** |
88 | * retrieve the association secret. | 93 | * retrieve the association secret. |
89 | * @return association secret | 94 | * @return association secret |
90 | */ | 95 | */ |
91 | virtual secret_t secret() const = 0; | 96 | virtual secret_t secret() const = 0; |
92 | /** | 97 | /** |
93 | * retrieve the number of seconds the association expires in. | 98 | * retrieve the number of seconds the association expires in. |
94 | * @return seconds till expiration | 99 | * @return seconds till expiration |
95 | */ | 100 | */ |
96 | virtual int expires_in() const = 0; | 101 | virtual int expires_in() const = 0; |
97 | /** | 102 | /** |
98 | * check whether the association is stateless. | 103 | * check whether the association is stateless. |
99 | * @return true if stateless | 104 | * @return true if stateless |
100 | */ | 105 | */ |
101 | virtual bool stateless() const = 0; | 106 | virtual bool stateless() const = 0; |
102 | /** | 107 | /** |
103 | * check whether the association is expired. | 108 | * check whether the association is expired. |
104 | * @return true if expired | 109 | * @return true if expired |
105 | */ | 110 | */ |
106 | virtual bool is_expired() const = 0; | 111 | virtual bool is_expired() const = 0; |
107 | }; | 112 | }; |
108 | 113 | ||
109 | /** | 114 | /** |
110 | * the shared_ptr<> for association_t object type | 115 | * the shared_ptr<> for association_t object type |
111 | */ | 116 | */ |
112 | typedef tr1mem::shared_ptr<association_t> assoc_t; | 117 | typedef tr1mem::shared_ptr<association_t> assoc_t; |
113 | 118 | ||
119 | class basic_openid_message { | ||
120 | public: | ||
121 | typedef list<string> fields_t; | ||
122 | typedef util::forward_iterator_proxy< | ||
123 | string,const string&,const string* | ||
124 | > fields_iterator; | ||
125 | |||
126 | basic_openid_message() { } | ||
127 | basic_openid_message(const basic_openid_message& x); | ||
128 | void copy_to(basic_openid_message& x) const; | ||
129 | |||
130 | virtual bool has_field(const string& n) const = 0; | ||
131 | virtual const string& get_field(const string& n) const = 0; | ||
132 | |||
133 | virtual bool has_ns(const string& uri) const; | ||
134 | virtual string get_ns(const string& uri) const; | ||
135 | |||
136 | virtual fields_iterator fields_begin() const = 0; | ||
137 | virtual fields_iterator fields_end() const = 0; | ||
138 | |||
139 | virtual string append_query(const string& url) const; | ||
140 | virtual string query_string() const; | ||
141 | |||
142 | |||
143 | virtual void reset_fields(); | ||
144 | virtual void set_field(const string& n,const string& v); | ||
145 | virtual void reset_field(const string& n); | ||
146 | |||
147 | virtual void from_keyvalues(const string& kv); | ||
148 | |||
149 | void add_to_signed(const string& fields); | ||
150 | string find_ns(const string& uri,const char *pfx) const; | ||
151 | string allocate_ns(const string& uri,const char *pfx); | ||
152 | }; | ||
153 | |||
154 | class openid_message_t : public basic_openid_message, public map<string,string> { | ||
155 | public: | ||
156 | openid_message_t() { } | ||
157 | openid_message_t(const basic_openid_message& x) | ||
158 | : basic_openid_message(x) { } | ||
159 | |||
160 | void copy_to(basic_openid_message& x) const; | ||
161 | |||
162 | bool has_field(const string& n) const; | ||
163 | const string& get_field(const string& n) const; | ||
164 | virtual fields_iterator fields_begin() const; | ||
165 | virtual fields_iterator fields_end() const; | ||
166 | |||
167 | void reset_fields(); | ||
168 | void set_field(const string& n,const string& v); | ||
169 | void reset_field(const string& n); | ||
170 | }; | ||
171 | |||
114 | /** | 172 | /** |
115 | * request/response parameters map | 173 | * request/response parameters map |
116 | */ | 174 | */ |
117 | class params_t : public map<string,string> { | 175 | class params_t : public openid_message_t { |
118 | public: | 176 | public: |
119 | 177 | ||
120 | /** | 178 | /** |
121 | * check whether the parameter is present. | 179 | * check whether the parameter is present. |
122 | * @param n the parameter name | 180 | * @param n the parameter name |
123 | * @return true if yes | 181 | * @return true if yes |
124 | */ | 182 | */ |
125 | bool has_param(const string& n) const; | 183 | bool has_param(const string& n) const { |
184 | return has_field(n); } | ||
126 | /** | 185 | /** |
127 | * retrieve the parameter (const version) | 186 | * retrieve the parameter (const version) |
128 | * @param n the parameter name | 187 | * @param n the parameter name |
129 | * @return the parameter value | 188 | * @return the parameter value |
130 | * @throw failed_lookup if there is no such parameter | 189 | * @throw failed_lookup if there is no such parameter |
131 | */ | 190 | */ |
132 | const string& get_param(const string& n) const; | 191 | const string& get_param(const string& n) const { |
133 | /** | 192 | return get_field(n); } |
134 | * retrieve the parameter. | ||
135 | * @param n the parameter name | ||
136 | * @return the parameter value | ||
137 | * @throw failed_lookup if there is no such parameter | ||
138 | */ | ||
139 | string& get_param(const string& n); | ||
140 | 193 | ||
141 | /** | 194 | /** |
142 | * parse the OpenID key/value data. | 195 | * parse the OpenID key/value data. |
143 | * @param kv the OpenID key/value data | 196 | * @param kv the OpenID key/value data |
144 | */ | 197 | */ |
145 | void parse_keyvalues(const string& kv); | 198 | void parse_keyvalues(const string& kv) { |
146 | /** | 199 | from_keyvalues(kv); } |
147 | * sign the fields. | ||
148 | * @param secret the secret used for signing | ||
149 | * @param sig reference to the string, containing base64-encoded | ||
150 | * result | ||
151 | * @param slist the comma-separated list of fields to sign | ||
152 | * @param prefix the string to prepend to parameter names | ||
153 | */ | ||
154 | void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const; | ||
155 | 200 | ||
156 | /** | 201 | string append_query(const string& url,const char *prefix="openid.") const; |
157 | * append parameters to the URL as a GET-request parameters. | ||
158 | * @param url the base URL | ||
159 | * @param prefix the string to prepend to parameter names | ||
160 | * @return the ready-to-use location | ||
161 | */ | ||
162 | string append_query(const string& url,const char *prefix = "openid.") const; | ||
163 | 202 | ||
164 | /** | ||
165 | * make up a query string suitable for use in GET and POST | ||
166 | * requests. | ||
167 | * @param prefix string to prened to parameter names | ||
168 | * @return query string | ||
169 | */ | ||
170 | string query_string(const char *prefix = "openid.") const; | ||
171 | }; | 203 | }; |
172 | 204 | ||
173 | /** | ||
174 | * dump the key/value pairs for the parameters to the stream. | ||
175 | * @param o output stream | ||
176 | * @param p the parameters | ||
177 | */ | ||
178 | ostream& operator << (ostream& o,const params_t& p); | ||
179 | |||
180 | namespace xrd { | ||
181 | |||
182 | struct priority_compare { | ||
183 | inline bool operator()(long a,long b) const { | ||
184 | return (a<0) ? false : (b<0) ? true : (a<b); | ||
185 | } | ||
186 | }; | ||
187 | |||
188 | template <typename _DT> | ||
189 | class priority_map : public multimap<long,_DT,priority_compare> { | ||
190 | typedef multimap<long,_DT,priority_compare> map_type; | ||
191 | public: | ||
192 | |||
193 | inline _DT& add(long priority,const _DT& d) { | ||
194 | return insert(typename map_type::value_type(priority,d))->second; | ||
195 | } | ||
196 | }; | ||
197 | |||
198 | typedef priority_map<string> canonical_ids_t; | ||
199 | typedef priority_map<string> local_ids_t; | ||
200 | typedef set<string> types_t; | ||
201 | typedef priority_map<string> uris_t; | ||
202 | |||
203 | class service_t { | ||
204 | public: | ||
205 | types_t types; | ||
206 | uris_t uris; | ||
207 | local_ids_t local_ids; | ||
208 | string provider_id; | ||
209 | |||
210 | void clear() { | ||
211 | types.clear(); | ||
212 | uris.clear(); local_ids.clear(); | ||
213 | provider_id.clear(); | ||
214 | } | ||
215 | }; | ||
216 | typedef priority_map<service_t> services_t; | ||
217 | |||
218 | class XRD_t { | ||
219 | public: | ||
220 | time_t expires; | ||
221 | |||
222 | canonical_ids_t canonical_ids; | ||
223 | local_ids_t local_ids; | ||
224 | services_t services; | ||
225 | string provider_id; | ||
226 | |||
227 | void clear() { | ||
228 | expires = 0; | ||
229 | canonical_ids.clear(); local_ids.clear(); | ||
230 | services.clear(); | ||
231 | provider_id.clear(); | ||
232 | } | ||
233 | bool empty() const { | ||
234 | return | ||
235 | canonical_ids.empty() | ||
236 | && local_ids.empty() | ||
237 | && services.empty(); | ||
238 | } | ||
239 | |||
240 | }; | ||
241 | |||
242 | } | ||
243 | |||
244 | } | 205 | } |
245 | 206 | ||
246 | #endif /* __OPKELE_TYPES_H */ | 207 | #endif /* __OPKELE_TYPES_H */ |
diff --git a/include/opkele/util.h b/include/opkele/util.h index 085c9e6..e9176b0 100644 --- a/include/opkele/util.h +++ b/include/opkele/util.h | |||
@@ -1,143 +1,151 @@ | |||
1 | #ifndef __OPKELE_UTIL_H | 1 | #ifndef __OPKELE_UTIL_H |
2 | #define __OPKELE_UTIL_H | 2 | #define __OPKELE_UTIL_H |
3 | 3 | ||
4 | #include <time.h> | 4 | #include <time.h> |
5 | #include <string> | 5 | #include <string> |
6 | #include <vector> | 6 | #include <vector> |
7 | #include <openssl/bn.h> | 7 | #include <openssl/bn.h> |
8 | #include <openssl/dh.h> | 8 | #include <openssl/dh.h> |
9 | #include <opkele/types.h> | ||
9 | 10 | ||
10 | namespace opkele { | 11 | namespace opkele { |
11 | using std::string; | 12 | using std::string; |
12 | using std::vector; | 13 | using std::vector; |
13 | 14 | ||
14 | /** | 15 | /** |
15 | * @brief opkele utils namespace | 16 | * @brief opkele utils namespace |
16 | */ | 17 | */ |
17 | namespace util { | 18 | namespace util { |
18 | 19 | ||
19 | /** | 20 | /** |
20 | * Convenience class encapsulating SSL BIGNUM object for the purpose of | 21 | * Convenience class encapsulating SSL BIGNUM object for the purpose of |
21 | * automatical freeing. | 22 | * automatical freeing. |
22 | */ | 23 | */ |
23 | class bignum_t { | 24 | class bignum_t { |
24 | public: | 25 | public: |
25 | BIGNUM *_bn; | 26 | BIGNUM *_bn; |
26 | 27 | ||
27 | bignum_t() : _bn(0) { } | 28 | bignum_t() : _bn(0) { } |
28 | bignum_t(BIGNUM *bn) : _bn(bn) { } | 29 | bignum_t(BIGNUM *bn) : _bn(bn) { } |
29 | ~bignum_t() throw() { if(_bn) BN_free(_bn); } | 30 | ~bignum_t() throw() { if(_bn) BN_free(_bn); } |
30 | 31 | ||
31 | bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; } | 32 | bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; } |
32 | 33 | ||
33 | operator const BIGNUM*(void) const { return _bn; } | 34 | operator const BIGNUM*(void) const { return _bn; } |
34 | operator BIGNUM*(void) { return _bn; } | 35 | operator BIGNUM*(void) { return _bn; } |
35 | }; | 36 | }; |
36 | /** | 37 | /** |
37 | * Convenience clas encapsulating SSL DH object for the purpose of | 38 | * Convenience clas encapsulating SSL DH object for the purpose of |
38 | * automatic freeing. | 39 | * automatic freeing. |
39 | */ | 40 | */ |
40 | class dh_t { | 41 | class dh_t { |
41 | public: | 42 | public: |
42 | DH *_dh; | 43 | DH *_dh; |
43 | 44 | ||
44 | dh_t() : _dh(0) { } | 45 | dh_t() : _dh(0) { } |
45 | dh_t(DH *dh) : _dh(dh) { } | 46 | dh_t(DH *dh) : _dh(dh) { } |
46 | ~dh_t() throw() { if(_dh) DH_free(_dh); } | 47 | ~dh_t() throw() { if(_dh) DH_free(_dh); } |
47 | 48 | ||
48 | dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; } | 49 | dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; } |
49 | 50 | ||
50 | operator const DH*(void) const { return _dh; } | 51 | operator const DH*(void) const { return _dh; } |
51 | operator DH*(void) { return _dh; } | 52 | operator DH*(void) { return _dh; } |
52 | 53 | ||
53 | DH* operator->() { return _dh; } | 54 | DH* operator->() { return _dh; } |
54 | const DH* operator->() const { return _dh; } | 55 | const DH* operator->() const { return _dh; } |
55 | }; | 56 | }; |
56 | 57 | ||
57 | /** | 58 | /** |
58 | * Convert base64-encoded SSL BIGNUM to internal representation. | 59 | * Convert base64-encoded SSL BIGNUM to internal representation. |
59 | * @param b64 base64-encoded number | 60 | * @param b64 base64-encoded number |
60 | * @return SSL BIGNUM | 61 | * @return SSL BIGNUM |
61 | * @throw failed_conversion in case of error | 62 | * @throw failed_conversion in case of error |
62 | */ | 63 | */ |
63 | BIGNUM *base64_to_bignum(const string& b64); | 64 | BIGNUM *base64_to_bignum(const string& b64); |
64 | /** | 65 | /** |
65 | * Convert decimal representation to SSL BIGNUM. | 66 | * Convert decimal representation to SSL BIGNUM. |
66 | * @param dec decimal representation | 67 | * @param dec decimal representation |
67 | * @return resulting BIGNUM | 68 | * @return resulting BIGNUM |
68 | * @throw failed_conversion in case of error | 69 | * @throw failed_conversion in case of error |
69 | */ | 70 | */ |
70 | BIGNUM *dec_to_bignum(const string& dec); | 71 | BIGNUM *dec_to_bignum(const string& dec); |
71 | /** | 72 | /** |
72 | * Convert SSL BIGNUM data to base64 encoded string. | 73 | * Convert SSL BIGNUM data to base64 encoded string. |
73 | * @param bn BIGNUM | 74 | * @param bn BIGNUM |
74 | * @return base64encoded string | 75 | * @return base64encoded string |
75 | */ | 76 | */ |
76 | string bignum_to_base64(const BIGNUM *bn); | 77 | string bignum_to_base64(const BIGNUM *bn); |
77 | 78 | ||
78 | /** | 79 | /** |
79 | * Convert internal time representation to w3c format | 80 | * Convert internal time representation to w3c format |
80 | * @param t internal representation | 81 | * @param t internal representation |
81 | * @return w3c time | 82 | * @return w3c time |
82 | * @throw failed_conversion in case of error | 83 | * @throw failed_conversion in case of error |
83 | */ | 84 | */ |
84 | string time_to_w3c(time_t t); | 85 | string time_to_w3c(time_t t); |
85 | /** | 86 | /** |
86 | * Convert W3C time representation to internal time_t | 87 | * Convert W3C time representation to internal time_t |
87 | * @param w w3c representation | 88 | * @param w w3c representation |
88 | * @return converted time | 89 | * @return converted time |
89 | * @throw failed_conversion in case of error | 90 | * @throw failed_conversion in case of error |
90 | */ | 91 | */ |
91 | time_t w3c_to_time(const string& w); | 92 | time_t w3c_to_time(const string& w); |
92 | 93 | ||
93 | /** | 94 | /** |
94 | * Encode string to the representation suitable for using in URL. | 95 | * Encode string to the representation suitable for using in URL. |
95 | * @param str string to encode | 96 | * @param str string to encode |
96 | * @return encoded string | 97 | * @return encoded string |
97 | * @throw failed_conversion in case of failure | 98 | * @throw failed_conversion in case of failure |
98 | */ | 99 | */ |
99 | string url_encode(const string& str); | 100 | string url_encode(const string& str); |
100 | 101 | ||
101 | /** | 102 | /** |
102 | * Convert number to string | 103 | * Convert number to string |
103 | * @param l number | 104 | * @param l number |
104 | * @return string representation | 105 | * @return string representation |
105 | * @throw failed_conversion in case of failure | 106 | * @throw failed_conversion in case of failure |
106 | */ | 107 | */ |
107 | string long_to_string(long l); | 108 | string long_to_string(long l); |
108 | /** | 109 | /** |
109 | * Convert string to number | 110 | * Convert string to number |
110 | * @param s string, containing the number | 111 | * @param s string, containing the number |
111 | * @return the number | 112 | * @return the number |
112 | * @throw failed_conversion in case of failure | 113 | * @throw failed_conversion in case of failure |
113 | */ | 114 | */ |
114 | long string_to_long(const string& s); | 115 | long string_to_long(const string& s); |
115 | 116 | ||
116 | /** | 117 | /** |
117 | * Encode binary data using base64. | 118 | * Encode binary data using base64. |
118 | * @param data pointer to binary data | 119 | * @param data pointer to binary data |
119 | * @param length length of data | 120 | * @param length length of data |
120 | * @return encoded data | 121 | * @return encoded data |
121 | */ | 122 | */ |
122 | string encode_base64(const void *data,size_t length); | 123 | string encode_base64(const void *data,size_t length); |
123 | /** | 124 | /** |
124 | * Decode binary data from base64 representation. | 125 | * Decode binary data from base64 representation. |
125 | * @param data base64-encoded data | 126 | * @param data base64-encoded data |
126 | * @param rv container for decoded binary | 127 | * @param rv container for decoded binary |
127 | */ | 128 | */ |
128 | void decode_base64(const string& data,vector<unsigned char>& rv); | 129 | void decode_base64(const string& data,vector<unsigned char>& rv); |
129 | 130 | ||
130 | /** | 131 | /** |
131 | * Normalize http(s) URI according to RFC3986, section 6. URI is | 132 | * Normalize http(s) URI according to RFC3986, section 6. URI is |
132 | * expected to have scheme: in front of it. | 133 | * expected to have scheme: in front of it. |
133 | * @param uri URI | 134 | * @param uri URI |
134 | * @return normalized URI | 135 | * @return normalized URI |
135 | * @throw not_implemented in case of non-httpi(s) URI | 136 | * @throw not_implemented in case of non-httpi(s) URI |
136 | * @throw bad_input in case of malformed URI | 137 | * @throw bad_input in case of malformed URI |
137 | */ | 138 | */ |
138 | string rfc_3986_normalize_uri(const string& uri); | 139 | string rfc_3986_normalize_uri(const string& uri); |
140 | |||
141 | string& strip_uri_fragment_part(string& uri); | ||
142 | |||
143 | string abi_demangle(const char* mn); | ||
144 | |||
145 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om); | ||
146 | |||
139 | } | 147 | } |
140 | 148 | ||
141 | } | 149 | } |
142 | 150 | ||
143 | #endif /* __OPKELE_UTIL_H */ | 151 | #endif /* __OPKELE_UTIL_H */ |