renamed basic_op class to basic_OP

and doxygenated basic_OP a bit. Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2008-02-08 21:02:26 (UTC)
committer: Michael Krelin <hacker@klever.net> 2008-02-08 21:02:26 (UTC)
commit: 9e902e373ba72fd8725c5a1ffdfdc0447b664369 (patch) (unidiff)
tree: 5006b406209f13f684fbce235e470252386da818 /lib/basic_op.cc
parent: a62ccf212acb27a092a48d3af8ee0bfb3efdb666 (diff)
download: libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.zip
libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.tar.gz
libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.tar.bz2
1 files changed, 19 insertions, 19 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index 7a2dbd2..18446dc 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -1,73 +1,73 @@
 #include <time.h>
 #include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/data.h>
 #include <opkele/basic_op.h>
 #include <opkele/exception.h>
 #include <opkele/util.h>
 #include <opkele/uris.h>
 namespace opkele {
-    void basic_op::reset_vars() {
+    void basic_OP::reset_vars() {
        assoc.reset();
        return_to.clear(); realm.clear();
        claimed_id.clear(); identity.clear();
        invalidate_handle.clear();
    }
-    bool basic_op::has_return_to() const {
+    bool basic_OP::has_return_to() const {
        return !return_to.empty();
    }
-    const string& basic_op::get_return_to() const {
+    const string& basic_OP::get_return_to() const {
        if(return_to.empty())
            throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");
        return return_to;
    }
-    const string& basic_op::get_realm() const {
+    const string& basic_OP::get_realm() const {
        assert(!realm.empty());
        return realm;
    }
-    bool basic_op::has_identity() const {
+    bool basic_OP::has_identity() const {
        return !identity.empty();
    }
-    const string& basic_op::get_claimed_id() const {
+    const string& basic_OP::get_claimed_id() const {
        if(claimed_id.empty())
            throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");
        assert(!identity.empty());
        return claimed_id;
    }
-    const string& basic_op::get_identity() const {
+    const string& basic_OP::get_identity() const {
        if(identity.empty())
            throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request");
        assert(!claimed_id.empty());
        return identity;
    }
-    bool basic_op::is_id_select() const {
+    bool basic_OP::is_id_select() const {
        return identity==IDURI_SELECT20;
    }
-    void basic_op::select_identity(const string& c,const string& i) {
+    void basic_OP::select_identity(const string& c,const string& i) {
        claimed_id = c; identity = i;
    }
-    void basic_op::set_claimed_id(const string& c) {
+    void basic_OP::set_claimed_id(const string& c) {
        claimed_id = c;
    }
-    basic_openid_message& basic_op::associate(
+    basic_openid_message& basic_OP::associate(
            basic_openid_message& oum,
            const basic_openid_message& inm) try {
        assert(inm.get_field("mode")=="associate");
        util::dh_t dh;
        util::bignum_t c_pub;
        unsigned char key_digest[SHA256_DIGEST_LENGTH];
        size_t d_len = 0;
        enum {
            sess_cleartext, sess_dh_sha1, sess_dh_sha256
        } st = sess_cleartext;
        string sts = inm.get_field("session_type");
        string ats = inm.get_field("assoc_type");
@@ -122,25 +122,25 @@ namespace opkele {
            throw unsupported(OPKELE_CP_ "Unsupported session type");
        return oum;
    } catch(unsupported& u) {
        oum.reset_fields();
        oum.set_field("ns",OIURI_OPENID20);
        oum.set_field("error",u.what());
        oum.set_field("error_code","unsupported-type");
        oum.set_field("session_type","DH-SHA256");
        oum.set_field("assoc_type","HMAC-SHA256");
        return oum;
    }
-    void basic_op::checkid_(const basic_openid_message& inm,
+    void basic_OP::checkid_(const basic_openid_message& inm,
            extension_t *ext) {
        reset_vars();
        string mode = inm.get_field("mode");
        if(mode=="checkid_setup")
            mode = mode_checkid_setup;
        else if(mode=="checkid_immediate")
            mode = mode_checkid_immediate;
        else
            throw bad_input(OPKELE_CP_ "Invalid checkid_* mode");
        try {
            assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle"));
            invalidate_handle.clear();
@@ -184,98 +184,98 @@ namespace opkele {
                            "claimed_id and identity must be either both present or both absent");
                claimed_id = identity;
            }
        }catch(failed_lookup&) {
            if(openid2 && inm.has_field("claimed_id"))
                throw bad_input(OPKELE_CP_
                    "claimed_id and identity must be either both present or both absent");
        }
        verify_return_to();
        if(ext) ext->op_checkid_hook(inm);
    }
-    basic_openid_message& basic_op::id_res(basic_openid_message& om,
+    basic_openid_message& basic_OP::id_res(basic_openid_message& om,
            extension_t *ext) {
        assert(!return_to.empty());
        assert(!is_id_select());
        if(!assoc) {
            assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true);
        }
        time_t now = time(0);
        struct tm gmt; gmtime_r(&now,&gmt);
        char w3timestr[24];
        if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt))
            throw failed_conversion(OPKELE_CP_
                    "Failed to build time string for nonce" );
        om.set_field("ns",OIURI_OPENID20);
        om.set_field("mode","id_res");
        om.set_field("op_endpoint",get_op_endpoint());
        string ats = "ns,mode,op_endpoint,return_to,response_nonce,"
            "assoc_handle,signed";
        if(!identity.empty()) {
            om.set_field("identity",identity);
            om.set_field("claimed_id",claimed_id);
            ats += ",identity,claimed_id";
        }
        om.set_field("return_to",return_to);
        string nonce = w3timestr;
-        om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless()));
+        om.set_field("response_nonce",alloc_nonce(nonce));
        if(!invalidate_handle.empty()) {
            om.set_field("invalidate_handle",invalidate_handle);
            ats += ",invalidate_handle";
        }
        om.set_field("assoc_handle",assoc->handle());
        om.add_to_signed(ats);
        if(ext) ext->op_id_res_hook(om);
        om.set_field("sig",util::base64_signature(assoc,om));
        return om;
    }
-    basic_openid_message& basic_op::cancel(basic_openid_message& om) {
+    basic_openid_message& basic_OP::cancel(basic_openid_message& om) {
        assert(!return_to.empty());
        om.set_field("ns",OIURI_OPENID20);
        om.set_field("mode","cancel");
        return om;
    }
-    basic_openid_message& basic_op::error(basic_openid_message& om,
+    basic_openid_message& basic_OP::error(basic_openid_message& om,
            const string& error,const string& contact,
            const string& reference ) {
        assert(!return_to.empty());
        om.set_field("ns",OIURI_OPENID20);
        om.set_field("mode","error");
        om.set_field("error",error);
        om.set_field("contact",contact);
        om.set_field("reference",reference);
        return om;
    }
-    basic_openid_message& basic_op::setup_needed(
+    basic_openid_message& basic_OP::setup_needed(
            basic_openid_message& oum,const basic_openid_message& inm) {
        assert(mode==mode_checkid_immediate);
        assert(!return_to.empty());
        if(openid2) {
            oum.set_field("ns",OIURI_OPENID20);
            oum.set_field("mode","setup_needed");
        }else{
            oum.set_field("mode","id_res");
            static const string setupmode = "checkid_setup";
            oum.set_field("user_setup_url",
                    util::change_mode_message_proxy(inm,setupmode)
                    .append_query(get_op_endpoint()));
        }
        return oum;
    }
-    basic_openid_message& basic_op::check_authentication(
+    basic_openid_message& basic_OP::check_authentication(
            basic_openid_message& oum,
            const basic_openid_message& inm) try {
        assert(inm.get_field("mode")=="check_authentication");
        oum.reset_fields();
        oum.set_field("ns",OIURI_OPENID20);
        bool o2;
        try {
            o2 = (inm.get_field("ns")==OIURI_OPENID20);
        }catch(failed_lookup&) { o2 = false; }
        string nonce;
        if(o2) {
            try {
@@ -311,20 +311,20 @@ namespace opkele {
            }
        }catch(failed_lookup&) { }
        if(o2) {
            assert(!nonce.empty());
            invalidate_nonce(nonce);
        }
        return oum;
    }catch(failed_check_authentication& ) {
        oum.set_field("is_valid","false");
        return oum;
    }
-    void basic_op::verify_return_to() {
+    void basic_OP::verify_return_to() {
        if(realm.find('#')!=string::npos)
            throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment");
        if(!util::uri_matches_realm(return_to,realm))
            throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match realm");
    }
 }
author	Michael Krelin <hacker@klever.net>	2008-02-08 21:02:26 (UTC)
committer	Michael Krelin <hacker@klever.net>	2008-02-08 21:02:26 (UTC)
commit	9e902e373ba72fd8725c5a1ffdfdc0447b664369 (patch) (unidiff)
tree	5006b406209f13f684fbce235e470252386da818 /lib/basic_op.cc
parent	a62ccf212acb27a092a48d3af8ee0bfb3efdb666 (diff)
download	libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.zip libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.tar.gz libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.tar.bz2

diff --git a/lib/basic_op.cc b/lib/basic_op.cc index 7a2dbd2..18446dc 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc
@@ -1,73 +1,73 @@
1	#include <time.h>	1	#include <time.h>
2	#include <cassert>	2	#include <cassert>
3	#include <openssl/sha.h>	3	#include <openssl/sha.h>
4	#include <openssl/hmac.h>	4	#include <openssl/hmac.h>
5	#include <opkele/data.h>	5	#include <opkele/data.h>
6	#include <opkele/basic_op.h>	6	#include <opkele/basic_op.h>
7	#include <opkele/exception.h>	7	#include <opkele/exception.h>
8	#include <opkele/util.h>	8	#include <opkele/util.h>
9	#include <opkele/uris.h>	9	#include <opkele/uris.h>
10		10
11	namespace opkele {	11	namespace opkele {
12		12
13	void basic_op::reset_vars() {	13	void basic_OP::reset_vars() {
14	assoc.reset();	14	assoc.reset();
15	return_to.clear(); realm.clear();	15	return_to.clear(); realm.clear();
16	claimed_id.clear(); identity.clear();	16	claimed_id.clear(); identity.clear();
17	invalidate_handle.clear();	17	invalidate_handle.clear();
18	}	18	}
19		19
20	bool basic_op::has_return_to() const {	20	bool basic_OP::has_return_to() const {
21	return !return_to.empty();	21	return !return_to.empty();
22	}	22	}
23	const string& basic_op::get_return_to() const {	23	const string& basic_OP::get_return_to() const {
24	if(return_to.empty())	24	if(return_to.empty())
25	throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");	25	throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");
26	return return_to;	26	return return_to;
27	}	27	}
28		28
29	const string& basic_op::get_realm() const {	29	const string& basic_OP::get_realm() const {
30	assert(!realm.empty());	30	assert(!realm.empty());
31	return realm;	31	return realm;
32	}	32	}
33		33
34	bool basic_op::has_identity() const {	34	bool basic_OP::has_identity() const {
35	return !identity.empty();	35	return !identity.empty();
36	}	36	}
37	const string& basic_op::get_claimed_id() const {	37	const string& basic_OP::get_claimed_id() const {
38	if(claimed_id.empty())	38	if(claimed_id.empty())
39	throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");	39	throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");
40	assert(!identity.empty());	40	assert(!identity.empty());
41	return claimed_id;	41	return claimed_id;
42	}	42	}
43	const string& basic_op::get_identity() const {	43	const string& basic_OP::get_identity() const {
44	if(identity.empty())	44	if(identity.empty())
45	throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request");	45	throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request");
46	assert(!claimed_id.empty());	46	assert(!claimed_id.empty());
47	return identity;	47	return identity;
48	}	48	}
49		49
50	bool basic_op::is_id_select() const {	50	bool basic_OP::is_id_select() const {
51	return identity==IDURI_SELECT20;	51	return identity==IDURI_SELECT20;
52	}	52	}
53		53
54	void basic_op::select_identity(const string& c,const string& i) {	54	void basic_OP::select_identity(const string& c,const string& i) {
55	claimed_id = c; identity = i;	55	claimed_id = c; identity = i;
56	}	56	}
57	void basic_op::set_claimed_id(const string& c) {	57	void basic_OP::set_claimed_id(const string& c) {
58	claimed_id = c;	58	claimed_id = c;
59	}	59	}
60		60
61	basic_openid_message& basic_op::associate(	61	basic_openid_message& basic_OP::associate(
62	basic_openid_message& oum,	62	basic_openid_message& oum,
63	const basic_openid_message& inm) try {	63	const basic_openid_message& inm) try {
64	assert(inm.get_field("mode")=="associate");	64	assert(inm.get_field("mode")=="associate");
65	util::dh_t dh;	65	util::dh_t dh;
66	util::bignum_t c_pub;	66	util::bignum_t c_pub;
67	unsigned char key_digest[SHA256_DIGEST_LENGTH];	67	unsigned char key_digest[SHA256_DIGEST_LENGTH];
68	size_t d_len = 0;	68	size_t d_len = 0;
69	enum {	69	enum {
70	sess_cleartext, sess_dh_sha1, sess_dh_sha256	70	sess_cleartext, sess_dh_sha1, sess_dh_sha256
71	} st = sess_cleartext;	71	} st = sess_cleartext;
72	string sts = inm.get_field("session_type");	72	string sts = inm.get_field("session_type");
73	string ats = inm.get_field("assoc_type");	73	string ats = inm.get_field("assoc_type");
@@ -122,25 +122,25 @@ namespace opkele {
122	throw unsupported(OPKELE_CP_ "Unsupported session type");	122	throw unsupported(OPKELE_CP_ "Unsupported session type");
123	return oum;	123	return oum;
124	} catch(unsupported& u) {	124	} catch(unsupported& u) {
125	oum.reset_fields();	125	oum.reset_fields();
126	oum.set_field("ns",OIURI_OPENID20);	126	oum.set_field("ns",OIURI_OPENID20);
127	oum.set_field("error",u.what());	127	oum.set_field("error",u.what());
128	oum.set_field("error_code","unsupported-type");	128	oum.set_field("error_code","unsupported-type");
129	oum.set_field("session_type","DH-SHA256");	129	oum.set_field("session_type","DH-SHA256");
130	oum.set_field("assoc_type","HMAC-SHA256");	130	oum.set_field("assoc_type","HMAC-SHA256");
131	return oum;	131	return oum;
132	}	132	}
133		133
134	void basic_op::checkid_(const basic_openid_message& inm,	134	void basic_OP::checkid_(const basic_openid_message& inm,
135	extension_t *ext) {	135	extension_t *ext) {
136	reset_vars();	136	reset_vars();
137	string mode = inm.get_field("mode");	137	string mode = inm.get_field("mode");
138	if(mode=="checkid_setup")	138	if(mode=="checkid_setup")
139	mode = mode_checkid_setup;	139	mode = mode_checkid_setup;
140	else if(mode=="checkid_immediate")	140	else if(mode=="checkid_immediate")
141	mode = mode_checkid_immediate;	141	mode = mode_checkid_immediate;
142	else	142	else
143	throw bad_input(OPKELE_CP_ "Invalid checkid_* mode");	143	throw bad_input(OPKELE_CP_ "Invalid checkid_* mode");
144	try {	144	try {
145	assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle"));	145	assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle"));
146	invalidate_handle.clear();	146	invalidate_handle.clear();
@@ -184,98 +184,98 @@ namespace opkele {
184	"claimed_id and identity must be either both present or both absent");	184	"claimed_id and identity must be either both present or both absent");
185	claimed_id = identity;	185	claimed_id = identity;
186	}	186	}
187	}catch(failed_lookup&) {	187	}catch(failed_lookup&) {
188	if(openid2 && inm.has_field("claimed_id"))	188	if(openid2 && inm.has_field("claimed_id"))
189	throw bad_input(OPKELE_CP_	189	throw bad_input(OPKELE_CP_
190	"claimed_id and identity must be either both present or both absent");	190	"claimed_id and identity must be either both present or both absent");
191	}	191	}
192	verify_return_to();	192	verify_return_to();
193	if(ext) ext->op_checkid_hook(inm);	193	if(ext) ext->op_checkid_hook(inm);
194	}	194	}
195		195
196	basic_openid_message& basic_op::id_res(basic_openid_message& om,	196	basic_openid_message& basic_OP::id_res(basic_openid_message& om,
197	extension_t *ext) {	197	extension_t *ext) {
198	assert(!return_to.empty());	198	assert(!return_to.empty());
199	assert(!is_id_select());	199	assert(!is_id_select());
200	if(!assoc) {	200	if(!assoc) {
201	assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true);	201	assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true);
202	}	202	}
203	time_t now = time(0);	203	time_t now = time(0);
204	struct tm gmt; gmtime_r(&now,&gmt);	204	struct tm gmt; gmtime_r(&now,&gmt);
205	char w3timestr[24];	205	char w3timestr[24];
206	if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt))	206	if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt))
207	throw failed_conversion(OPKELE_CP_	207	throw failed_conversion(OPKELE_CP_
208	"Failed to build time string for nonce" );	208	"Failed to build time string for nonce" );
209	om.set_field("ns",OIURI_OPENID20);	209	om.set_field("ns",OIURI_OPENID20);
210	om.set_field("mode","id_res");	210	om.set_field("mode","id_res");
211	om.set_field("op_endpoint",get_op_endpoint());	211	om.set_field("op_endpoint",get_op_endpoint());
212	string ats = "ns,mode,op_endpoint,return_to,response_nonce,"	212	string ats = "ns,mode,op_endpoint,return_to,response_nonce,"
213	"assoc_handle,signed";	213	"assoc_handle,signed";
214	if(!identity.empty()) {	214	if(!identity.empty()) {
215	om.set_field("identity",identity);	215	om.set_field("identity",identity);
216	om.set_field("claimed_id",claimed_id);	216	om.set_field("claimed_id",claimed_id);
217	ats += ",identity,claimed_id";	217	ats += ",identity,claimed_id";
218	}	218	}
219	om.set_field("return_to",return_to);	219	om.set_field("return_to",return_to);
220	string nonce = w3timestr;	220	string nonce = w3timestr;
221	om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless()));	221	om.set_field("response_nonce",alloc_nonce(nonce));
222	if(!invalidate_handle.empty()) {	222	if(!invalidate_handle.empty()) {
223	om.set_field("invalidate_handle",invalidate_handle);	223	om.set_field("invalidate_handle",invalidate_handle);
224	ats += ",invalidate_handle";	224	ats += ",invalidate_handle";
225	}	225	}
226	om.set_field("assoc_handle",assoc->handle());	226	om.set_field("assoc_handle",assoc->handle());
227	om.add_to_signed(ats);	227	om.add_to_signed(ats);
228	if(ext) ext->op_id_res_hook(om);	228	if(ext) ext->op_id_res_hook(om);
229	om.set_field("sig",util::base64_signature(assoc,om));	229	om.set_field("sig",util::base64_signature(assoc,om));
230	return om;	230	return om;
231	}	231	}
232		232
233	basic_openid_message& basic_op::cancel(basic_openid_message& om) {	233	basic_openid_message& basic_OP::cancel(basic_openid_message& om) {
234	assert(!return_to.empty());	234	assert(!return_to.empty());
235	om.set_field("ns",OIURI_OPENID20);	235	om.set_field("ns",OIURI_OPENID20);
236	om.set_field("mode","cancel");	236	om.set_field("mode","cancel");
237	return om;	237	return om;
238	}	238	}
239		239
240	basic_openid_message& basic_op::error(basic_openid_message& om,	240	basic_openid_message& basic_OP::error(basic_openid_message& om,
241	const string& error,const string& contact,	241	const string& error,const string& contact,
242	const string& reference ) {	242	const string& reference ) {
243	assert(!return_to.empty());	243	assert(!return_to.empty());
244	om.set_field("ns",OIURI_OPENID20);	244	om.set_field("ns",OIURI_OPENID20);
245	om.set_field("mode","error");	245	om.set_field("mode","error");
246	om.set_field("error",error);	246	om.set_field("error",error);
247	om.set_field("contact",contact);	247	om.set_field("contact",contact);
248	om.set_field("reference",reference);	248	om.set_field("reference",reference);
249	return om;	249	return om;
250	}	250	}
251		251
252	basic_openid_message& basic_op::setup_needed(	252	basic_openid_message& basic_OP::setup_needed(
253	basic_openid_message& oum,const basic_openid_message& inm) {	253	basic_openid_message& oum,const basic_openid_message& inm) {
254	assert(mode==mode_checkid_immediate);	254	assert(mode==mode_checkid_immediate);
255	assert(!return_to.empty());	255	assert(!return_to.empty());
256	if(openid2) {	256	if(openid2) {
257	oum.set_field("ns",OIURI_OPENID20);	257	oum.set_field("ns",OIURI_OPENID20);
258	oum.set_field("mode","setup_needed");	258	oum.set_field("mode","setup_needed");
259	}else{	259	}else{
260	oum.set_field("mode","id_res");	260	oum.set_field("mode","id_res");
261	static const string setupmode = "checkid_setup";	261	static const string setupmode = "checkid_setup";
262	oum.set_field("user_setup_url",	262	oum.set_field("user_setup_url",
263	util::change_mode_message_proxy(inm,setupmode)	263	util::change_mode_message_proxy(inm,setupmode)
264	.append_query(get_op_endpoint()));	264	.append_query(get_op_endpoint()));
265	}	265	}
266	return oum;	266	return oum;
267	}	267	}
268		268
269	basic_openid_message& basic_op::check_authentication(	269	basic_openid_message& basic_OP::check_authentication(
270	basic_openid_message& oum,	270	basic_openid_message& oum,
271	const basic_openid_message& inm) try {	271	const basic_openid_message& inm) try {
272	assert(inm.get_field("mode")=="check_authentication");	272	assert(inm.get_field("mode")=="check_authentication");
273	oum.reset_fields();	273	oum.reset_fields();
274	oum.set_field("ns",OIURI_OPENID20);	274	oum.set_field("ns",OIURI_OPENID20);
275	bool o2;	275	bool o2;
276	try {	276	try {
277	o2 = (inm.get_field("ns")==OIURI_OPENID20);	277	o2 = (inm.get_field("ns")==OIURI_OPENID20);
278	}catch(failed_lookup&) { o2 = false; }	278	}catch(failed_lookup&) { o2 = false; }
279	string nonce;	279	string nonce;
280	if(o2) {	280	if(o2) {
281	try {	281	try {
@@ -311,20 +311,20 @@ namespace opkele {
311	}	311	}
312	}catch(failed_lookup&) { }	312	}catch(failed_lookup&) { }
313	if(o2) {	313	if(o2) {
314	assert(!nonce.empty());	314	assert(!nonce.empty());
315	invalidate_nonce(nonce);	315	invalidate_nonce(nonce);
316	}	316	}
317	return oum;	317	return oum;
318	}catch(failed_check_authentication& ) {	318	}catch(failed_check_authentication& ) {
319	oum.set_field("is_valid","false");	319	oum.set_field("is_valid","false");
320	return oum;	320	return oum;
321	}	321	}
322		322
323	void basic_op::verify_return_to() {	323	void basic_OP::verify_return_to() {
324	if(realm.find('#')!=string::npos)	324	if(realm.find('#')!=string::npos)
325	throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment");	325	throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment");
326	if(!util::uri_matches_realm(return_to,realm))	326	if(!util::uri_matches_realm(return_to,realm))
327	throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match realm");	327	throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match realm");
328	}	328	}
329		329
330	}	330	}