summaryrefslogtreecommitdiffabout
path: root/include
authorMichael Krelin <hacker@klever.net>2008-02-19 10:52:09 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-19 10:52:09 (UTC)
commit42e4fb613d190508b3e8b8993d233044eeea4d20 (patch) (unidiff)
tree9b8ebc420942554f927a777e03c70a7c65305a88 /include
parenta3db32747e8370cab8cfdcc382fee875613b7b77 (diff)
downloadlibopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.zip
libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.gz
libopkele-42e4fb613d190508b3e8b8993d233044eeea4d20.tar.bz2
basic_RP: add methods for accessing identity information passed from OP.
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (limited to 'include') (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_rp.h36
1 files changed, 36 insertions, 0 deletions
diff --git a/include/opkele/basic_rp.h b/include/opkele/basic_rp.h
index d5356aa..d096e0a 100644
--- a/include/opkele/basic_rp.h
+++ b/include/opkele/basic_rp.h
@@ -1,200 +1,236 @@
1#ifndef __OPKELE_BASIC_RP_H 1#ifndef __OPKELE_BASIC_RP_H
2#define __OPKELE_BASIC_RP_H 2#define __OPKELE_BASIC_RP_H
3 3
4#include <string> 4#include <string>
5#include <opkele/types.h> 5#include <opkele/types.h>
6#include <opkele/extension.h> 6#include <opkele/extension.h>
7 7
8namespace opkele { 8namespace opkele {
9 using std::string; 9 using std::string;
10 10
11 class basic_RP { 11 class basic_RP {
12 public: 12 public:
13 /**
14 * Claimed identifier from a parsed id_res message.
15 */
16 string claimed_id;
17 /**
18 * OP-Local identifier from a parsed id_res message.
19 */
20 string identity;
13 21
14 virtual ~basic_RP() { } 22 virtual ~basic_RP() { }
15 23
24 void reset_vars();
25
26 /**
27 * @name Assertion information retrieval
28 * Retrieval of the information passed with openid message
29 * @{
30 */
31 /**
32 * Find out if the assertion is about identity
33 * @return true if so
34 */
35 bool has_identity() const;
36 /**
37 * Get claimed identifier supplied with the request
38 * @return claimed identifier
39 * @throw non_identity if request is not about identity
40 */
41 const string& get_claimed_id() const;
42 /**
43 * Get the identity (OP-Local identifier) confirmed
44 * @return identity
45 * @throw non_identity if request is not about identity
46 */
47 const string& get_identity() const;
48 /**
49 * @}
50 */
51
16 /** 52 /**
17 * @name Global persistent store API 53 * @name Global persistent store API
18 * These are functions related to the associations with OP storage 54 * These are functions related to the associations with OP storage
19 * and retrieval and nonce records. They provide an interface to 55 * and retrieval and nonce records. They provide an interface to
20 * the persistent storage which is shared by all sessions. If the 56 * the persistent storage which is shared by all sessions. If the
21 * implementor prefers the dumb mode instead, the function should 57 * implementor prefers the dumb mode instead, the function should
22 * throw dumb_RP exception instead. 58 * throw dumb_RP exception instead.
23 * @see opkele::dumb_RP 59 * @see opkele::dumb_RP
24 * @{ 60 * @{
25 */ 61 */
26 /** 62 /**
27 * Store association and return allocated association object. 63 * Store association and return allocated association object.
28 * @param OP OP endpoint 64 * @param OP OP endpoint
29 * @param handle association handle 65 * @param handle association handle
30 * @param type association type 66 * @param type association type
31 * @param secret association secret 67 * @param secret association secret
32 * @params expires_in the number of seconds association expires in 68 * @params expires_in the number of seconds association expires in
33 * @return the association object 69 * @return the association object
34 * @throw dumb_RP for dumb RP 70 * @throw dumb_RP for dumb RP
35 */ 71 */
36 virtual assoc_t store_assoc( 72 virtual assoc_t store_assoc(
37 const string& OP,const string& handle, 73 const string& OP,const string& handle,
38 const string& type,const secret_t& secret, 74 const string& type,const secret_t& secret,
39 int expires_in) = 0; 75 int expires_in) = 0;
40 /** 76 /**
41 * Find valid unexpired association with an OP. 77 * Find valid unexpired association with an OP.
42 * @param OP OP endpoint URL 78 * @param OP OP endpoint URL
43 * @return association found 79 * @return association found
44 * @throw failed_lookup if no association found 80 * @throw failed_lookup if no association found
45 * @throw dumb_RP for dumb RP 81 * @throw dumb_RP for dumb RP
46 */ 82 */
47 virtual assoc_t find_assoc( 83 virtual assoc_t find_assoc(
48 const string& OP) = 0; 84 const string& OP) = 0;
49 /** 85 /**
50 * Retrieve valid association handle for an OP by handle. 86 * Retrieve valid association handle for an OP by handle.
51 * @param OP OP endpoint URL 87 * @param OP OP endpoint URL
52 * @param handle association handle 88 * @param handle association handle
53 * @return association found 89 * @return association found
54 * @throw failed_lookup if no association found 90 * @throw failed_lookup if no association found
55 * @throw dumb_RP for dumb RP 91 * @throw dumb_RP for dumb RP
56 */ 92 */
57 virtual assoc_t retrieve_assoc( 93 virtual assoc_t retrieve_assoc(
58 const string& OP,const string& handle) = 0; 94 const string& OP,const string& handle) = 0;
59 /** 95 /**
60 * Invalidate association with OP 96 * Invalidate association with OP
61 * @param OP OP endpoint URL 97 * @param OP OP endpoint URL
62 * @param handle association handle 98 * @param handle association handle
63 * @throw dumb_RP for dumb RP 99 * @throw dumb_RP for dumb RP
64 */ 100 */
65 virtual void invalidate_assoc(const string& OP,const string& handle) = 0; 101 virtual void invalidate_assoc(const string& OP,const string& handle) = 0;
66 102
67 /** 103 /**
68 * Check the nonce validity. That is, check that we haven't 104 * Check the nonce validity. That is, check that we haven't
69 * accepted request with this nonce from this OP, yet. May involve 105 * accepted request with this nonce from this OP, yet. May involve
70 * cutting off by the timestamp and checking the rest against the 106 * cutting off by the timestamp and checking the rest against the
71 * store of seen nonces. 107 * store of seen nonces.
72 * @param OP OP endpoint URL 108 * @param OP OP endpoint URL
73 * @param nonce nonce value 109 * @param nonce nonce value
74 * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e. 110 * @throw id_res_bad_nonce if the nonce is not to be accepted, i.e.
75 * either too old or seen. 111 * either too old or seen.
76 */ 112 */
77 virtual void check_nonce(const string& OP,const string& nonce) = 0; 113 virtual void check_nonce(const string& OP,const string& nonce) = 0;
78 /** 114 /**
79 * @} 115 * @}
80 */ 116 */
81 117
82 /** 118 /**
83 * @name Session persistent store API 119 * @name Session persistent store API
84 * @{ 120 * @{
85 */ 121 */
86 /** 122 /**
87 * Retrieve OpenID endpoint being currently used for 123 * Retrieve OpenID endpoint being currently used for
88 * authentication. If there is no endpoint available, throw a 124 * authentication. If there is no endpoint available, throw a
89 * no_endpoint exception. 125 * no_endpoint exception.
90 * @return reference to the service endpoint object 126 * @return reference to the service endpoint object
91 * @see next_endpoint 127 * @see next_endpoint
92 * @throw no_endpoint if no endpoint available 128 * @throw no_endpoint if no endpoint available
93 */ 129 */
94 virtual const openid_endpoint_t& get_endpoint() const = 0; 130 virtual const openid_endpoint_t& get_endpoint() const = 0;
95 /** 131 /**
96 * Advance to the next endpoint to try. 132 * Advance to the next endpoint to try.
97 * @see get_endpoint() 133 * @see get_endpoint()
98 * @throw no_endpoint if there are no more endpoints 134 * @throw no_endpoint if there are no more endpoints
99 */ 135 */
100 virtual void next_endpoint() = 0; 136 virtual void next_endpoint() = 0;
101 /** 137 /**
102 * @} 138 * @}
103 */ 139 */
104 140
105 /** 141 /**
106 * @name Site particulars API 142 * @name Site particulars API
107 * @{ 143 * @{
108 */ 144 */
109 /** 145 /**
110 * Return an absolute URL of the page being processed, includining 146 * Return an absolute URL of the page being processed, includining
111 * query parameters. It is used to validate return_to URL on 147 * query parameters. It is used to validate return_to URL on
112 * positive assertions. 148 * positive assertions.
113 * @return fully qualified url of the page being processed. 149 * @return fully qualified url of the page being processed.
114 */ 150 */
115 virtual const string get_this_url() const = 0; 151 virtual const string get_this_url() const = 0;
116 /** 152 /**
117 * @} 153 * @}
118 */ 154 */
119 155
120 /** 156 /**
121 * @name OpenID actions 157 * @name OpenID actions
122 * @{ 158 * @{
123 */ 159 */
124 /** 160 /**
125 * Initiates authentication session, doing discovery, normalization 161 * Initiates authentication session, doing discovery, normalization
126 * and whatever implementor wants to do at this point. 162 * and whatever implementor wants to do at this point.
127 * @param usi User-supplied identity 163 * @param usi User-supplied identity
128 */ 164 */
129 virtual void initiate(const string& usi) = 0; 165 virtual void initiate(const string& usi) = 0;
130 /** 166 /**
131 * Prepare checkid_request. 167 * Prepare checkid_request.
132 * @param rv reference to the openid message to prepare 168 * @param rv reference to the openid message to prepare
133 * @param mode checkid_setup or checkid_immediate 169 * @param mode checkid_setup or checkid_immediate
134 * @param return_to the URL OP should redirect to after completion 170 * @param return_to the URL OP should redirect to after completion
135 * @param realm authentication realm to pass to OP 171 * @param realm authentication realm to pass to OP
136 * @param ext pointer to extension to use in request preparation 172 * @param ext pointer to extension to use in request preparation
137 * @return reference to the openid message 173 * @return reference to the openid message
138 */ 174 */
139 basic_openid_message& checkid_( 175 basic_openid_message& checkid_(
140 basic_openid_message& rv, 176 basic_openid_message& rv,
141 mode_t mode, 177 mode_t mode,
142 const string& return_to,const string& realm, 178 const string& return_to,const string& realm,
143 extension_t *ext=0); 179 extension_t *ext=0);
144 /** 180 /**
145 * Verify assertion at the end of round-trip. 181 * Verify assertion at the end of round-trip.
146 * @param om incoming openid message 182 * @param om incoming openid message
147 * @param ext pointer to extention to use in parsing assertion 183 * @param ext pointer to extention to use in parsing assertion
148 * @throw id_res_setup if checkid_immediate request could not be 184 * @throw id_res_setup if checkid_immediate request could not be
149 * completed 185 * completed
150 * @throw id_res_cancel if authentication request was canceled 186 * @throw id_res_cancel if authentication request was canceled
151 * @throw id_res_mismatch in case of signature mismatch 187 * @throw id_res_mismatch in case of signature mismatch
152 * @throw id_res_bad_return_to if return_to url seems to be 188 * @throw id_res_bad_return_to if return_to url seems to be
153 * tampered with 189 * tampered with
154 * @throw id_res_unauthorized if OP is not authorized to make 190 * @throw id_res_unauthorized if OP is not authorized to make
155 * assertions regarding the identity 191 * assertions regarding the identity
156 */ 192 */
157 void id_res(const basic_openid_message& om,extension_t *ext=0); 193 void id_res(const basic_openid_message& om,extension_t *ext=0);
158 194
159 /** 195 /**
160 * Establish association with OP 196 * Establish association with OP
161 * @param OP OP to establish association with 197 * @param OP OP to establish association with
162 * @throw dumb_RP if for a dumb RP 198 * @throw dumb_RP if for a dumb RP
163 */ 199 */
164 virtual assoc_t associate(const string& OP); 200 virtual assoc_t associate(const string& OP);
165 /** 201 /**
166 * Check authentication with OP and invalidate handle if requested 202 * Check authentication with OP and invalidate handle if requested
167 * and confirmed 203 * and confirmed
168 * @param OP OP to check with 204 * @param OP OP to check with
169 * @param om message to check 205 * @param om message to check
170 * @throw failed_check_authentication if OP fails to confirm 206 * @throw failed_check_authentication if OP fails to confirm
171 * authenticity of the assertion 207 * authenticity of the assertion
172 */ 208 */
173 void check_authentication(const string& OP,const basic_openid_message& om); 209 void check_authentication(const string& OP,const basic_openid_message& om);
174 /** 210 /**
175 * @} 211 * @}
176 */ 212 */
177 213
178 /** 214 /**
179 * @name Miscellanea 215 * @name Miscellanea
180 * @{ 216 * @{
181 */ 217 */
182 /** 218 /**
183 * Verify OP authority. Return normally if OP is authorized to make 219 * Verify OP authority. Return normally if OP is authorized to make
184 * an assertion, throw an exception otherwise. 220 * an assertion, throw an exception otherwise.
185 * @param OP OP endpoint 221 * @param OP OP endpoint
186 * @param claimed_id claimed identity 222 * @param claimed_id claimed identity
187 * @param identity OP-Local identifier 223 * @param identity OP-Local identifier
188 * @throw id_res_unauthorized if OP is not authorized to make 224 * @throw id_res_unauthorized if OP is not authorized to make
189 * assertion regarding this identity. 225 * assertion regarding this identity.
190 */ 226 */
191 virtual void verify_OP(const string& OP, 227 virtual void verify_OP(const string& OP,
192 const string& claimed_id,const string& identity) const = 0; 228 const string& claimed_id,const string& identity) const = 0;
193 /** 229 /**
194 * @} 230 * @}
195 */ 231 */
196 }; 232 };
197 233
198} 234}
199 235
200#endif /* __OPKELE_BASIC_RP_H */ 236#endif /* __OPKELE_BASIC_RP_H */