author | Michael Krelin <hacker@klever.net> | 2008-02-08 21:02:26 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-02-08 21:02:26 (UTC) |
commit | 9e902e373ba72fd8725c5a1ffdfdc0447b664369 (patch) (unidiff) | |
tree | 5006b406209f13f684fbce235e470252386da818 /lib/basic_op.cc | |
parent | a62ccf212acb27a092a48d3af8ee0bfb3efdb666 (diff) | |
download | libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.zip libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.tar.gz libopkele-9e902e373ba72fd8725c5a1ffdfdc0447b664369.tar.bz2 |
renamed basic_op class to basic_OP
and doxygenated basic_OP a bit.
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | lib/basic_op.cc | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index 7a2dbd2..18446dc 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc | |||
@@ -1,73 +1,73 @@ | |||
1 | #include <time.h> | 1 | #include <time.h> |
2 | #include <cassert> | 2 | #include <cassert> |
3 | #include <openssl/sha.h> | 3 | #include <openssl/sha.h> |
4 | #include <openssl/hmac.h> | 4 | #include <openssl/hmac.h> |
5 | #include <opkele/data.h> | 5 | #include <opkele/data.h> |
6 | #include <opkele/basic_op.h> | 6 | #include <opkele/basic_op.h> |
7 | #include <opkele/exception.h> | 7 | #include <opkele/exception.h> |
8 | #include <opkele/util.h> | 8 | #include <opkele/util.h> |
9 | #include <opkele/uris.h> | 9 | #include <opkele/uris.h> |
10 | 10 | ||
11 | namespace opkele { | 11 | namespace opkele { |
12 | 12 | ||
13 | void basic_op::reset_vars() { | 13 | void basic_OP::reset_vars() { |
14 | assoc.reset(); | 14 | assoc.reset(); |
15 | return_to.clear(); realm.clear(); | 15 | return_to.clear(); realm.clear(); |
16 | claimed_id.clear(); identity.clear(); | 16 | claimed_id.clear(); identity.clear(); |
17 | invalidate_handle.clear(); | 17 | invalidate_handle.clear(); |
18 | } | 18 | } |
19 | 19 | ||
20 | bool basic_op::has_return_to() const { | 20 | bool basic_OP::has_return_to() const { |
21 | return !return_to.empty(); | 21 | return !return_to.empty(); |
22 | } | 22 | } |
23 | const string& basic_op::get_return_to() const { | 23 | const string& basic_OP::get_return_to() const { |
24 | if(return_to.empty()) | 24 | if(return_to.empty()) |
25 | throw no_return_to(OPKELE_CP_ "No return_to URL provided with request"); | 25 | throw no_return_to(OPKELE_CP_ "No return_to URL provided with request"); |
26 | return return_to; | 26 | return return_to; |
27 | } | 27 | } |
28 | 28 | ||
29 | const string& basic_op::get_realm() const { | 29 | const string& basic_OP::get_realm() const { |
30 | assert(!realm.empty()); | 30 | assert(!realm.empty()); |
31 | return realm; | 31 | return realm; |
32 | } | 32 | } |
33 | 33 | ||
34 | bool basic_op::has_identity() const { | 34 | bool basic_OP::has_identity() const { |
35 | return !identity.empty(); | 35 | return !identity.empty(); |
36 | } | 36 | } |
37 | const string& basic_op::get_claimed_id() const { | 37 | const string& basic_OP::get_claimed_id() const { |
38 | if(claimed_id.empty()) | 38 | if(claimed_id.empty()) |
39 | throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request"); | 39 | throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request"); |
40 | assert(!identity.empty()); | 40 | assert(!identity.empty()); |
41 | return claimed_id; | 41 | return claimed_id; |
42 | } | 42 | } |
43 | const string& basic_op::get_identity() const { | 43 | const string& basic_OP::get_identity() const { |
44 | if(identity.empty()) | 44 | if(identity.empty()) |
45 | throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request"); | 45 | throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request"); |
46 | assert(!claimed_id.empty()); | 46 | assert(!claimed_id.empty()); |
47 | return identity; | 47 | return identity; |
48 | } | 48 | } |
49 | 49 | ||
50 | bool basic_op::is_id_select() const { | 50 | bool basic_OP::is_id_select() const { |
51 | return identity==IDURI_SELECT20; | 51 | return identity==IDURI_SELECT20; |
52 | } | 52 | } |
53 | 53 | ||
54 | void basic_op::select_identity(const string& c,const string& i) { | 54 | void basic_OP::select_identity(const string& c,const string& i) { |
55 | claimed_id = c; identity = i; | 55 | claimed_id = c; identity = i; |
56 | } | 56 | } |
57 | void basic_op::set_claimed_id(const string& c) { | 57 | void basic_OP::set_claimed_id(const string& c) { |
58 | claimed_id = c; | 58 | claimed_id = c; |
59 | } | 59 | } |
60 | 60 | ||
61 | basic_openid_message& basic_op::associate( | 61 | basic_openid_message& basic_OP::associate( |
62 | basic_openid_message& oum, | 62 | basic_openid_message& oum, |
63 | const basic_openid_message& inm) try { | 63 | const basic_openid_message& inm) try { |
64 | assert(inm.get_field("mode")=="associate"); | 64 | assert(inm.get_field("mode")=="associate"); |
65 | util::dh_t dh; | 65 | util::dh_t dh; |
66 | util::bignum_t c_pub; | 66 | util::bignum_t c_pub; |
67 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; | 67 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; |
68 | size_t d_len = 0; | 68 | size_t d_len = 0; |
69 | enum { | 69 | enum { |
70 | sess_cleartext, sess_dh_sha1, sess_dh_sha256 | 70 | sess_cleartext, sess_dh_sha1, sess_dh_sha256 |
71 | } st = sess_cleartext; | 71 | } st = sess_cleartext; |
72 | string sts = inm.get_field("session_type"); | 72 | string sts = inm.get_field("session_type"); |
73 | string ats = inm.get_field("assoc_type"); | 73 | string ats = inm.get_field("assoc_type"); |
@@ -122,25 +122,25 @@ namespace opkele { | |||
122 | throw unsupported(OPKELE_CP_ "Unsupported session type"); | 122 | throw unsupported(OPKELE_CP_ "Unsupported session type"); |
123 | return oum; | 123 | return oum; |
124 | } catch(unsupported& u) { | 124 | } catch(unsupported& u) { |
125 | oum.reset_fields(); | 125 | oum.reset_fields(); |
126 | oum.set_field("ns",OIURI_OPENID20); | 126 | oum.set_field("ns",OIURI_OPENID20); |
127 | oum.set_field("error",u.what()); | 127 | oum.set_field("error",u.what()); |
128 | oum.set_field("error_code","unsupported-type"); | 128 | oum.set_field("error_code","unsupported-type"); |
129 | oum.set_field("session_type","DH-SHA256"); | 129 | oum.set_field("session_type","DH-SHA256"); |
130 | oum.set_field("assoc_type","HMAC-SHA256"); | 130 | oum.set_field("assoc_type","HMAC-SHA256"); |
131 | return oum; | 131 | return oum; |
132 | } | 132 | } |
133 | 133 | ||
134 | void basic_op::checkid_(const basic_openid_message& inm, | 134 | void basic_OP::checkid_(const basic_openid_message& inm, |
135 | extension_t *ext) { | 135 | extension_t *ext) { |
136 | reset_vars(); | 136 | reset_vars(); |
137 | string mode = inm.get_field("mode"); | 137 | string mode = inm.get_field("mode"); |
138 | if(mode=="checkid_setup") | 138 | if(mode=="checkid_setup") |
139 | mode = mode_checkid_setup; | 139 | mode = mode_checkid_setup; |
140 | else if(mode=="checkid_immediate") | 140 | else if(mode=="checkid_immediate") |
141 | mode = mode_checkid_immediate; | 141 | mode = mode_checkid_immediate; |
142 | else | 142 | else |
143 | throw bad_input(OPKELE_CP_ "Invalid checkid_* mode"); | 143 | throw bad_input(OPKELE_CP_ "Invalid checkid_* mode"); |
144 | try { | 144 | try { |
145 | assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); | 145 | assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); |
146 | invalidate_handle.clear(); | 146 | invalidate_handle.clear(); |
@@ -184,98 +184,98 @@ namespace opkele { | |||
184 | "claimed_id and identity must be either both present or both absent"); | 184 | "claimed_id and identity must be either both present or both absent"); |
185 | claimed_id = identity; | 185 | claimed_id = identity; |
186 | } | 186 | } |
187 | }catch(failed_lookup&) { | 187 | }catch(failed_lookup&) { |
188 | if(openid2 && inm.has_field("claimed_id")) | 188 | if(openid2 && inm.has_field("claimed_id")) |
189 | throw bad_input(OPKELE_CP_ | 189 | throw bad_input(OPKELE_CP_ |
190 | "claimed_id and identity must be either both present or both absent"); | 190 | "claimed_id and identity must be either both present or both absent"); |
191 | } | 191 | } |
192 | verify_return_to(); | 192 | verify_return_to(); |
193 | if(ext) ext->op_checkid_hook(inm); | 193 | if(ext) ext->op_checkid_hook(inm); |
194 | } | 194 | } |
195 | 195 | ||
196 | basic_openid_message& basic_op::id_res(basic_openid_message& om, | 196 | basic_openid_message& basic_OP::id_res(basic_openid_message& om, |
197 | extension_t *ext) { | 197 | extension_t *ext) { |
198 | assert(!return_to.empty()); | 198 | assert(!return_to.empty()); |
199 | assert(!is_id_select()); | 199 | assert(!is_id_select()); |
200 | if(!assoc) { | 200 | if(!assoc) { |
201 | assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true); | 201 | assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true); |
202 | } | 202 | } |
203 | time_t now = time(0); | 203 | time_t now = time(0); |
204 | struct tm gmt; gmtime_r(&now,&gmt); | 204 | struct tm gmt; gmtime_r(&now,&gmt); |
205 | char w3timestr[24]; | 205 | char w3timestr[24]; |
206 | if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt)) | 206 | if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt)) |
207 | throw failed_conversion(OPKELE_CP_ | 207 | throw failed_conversion(OPKELE_CP_ |
208 | "Failed to build time string for nonce" ); | 208 | "Failed to build time string for nonce" ); |
209 | om.set_field("ns",OIURI_OPENID20); | 209 | om.set_field("ns",OIURI_OPENID20); |
210 | om.set_field("mode","id_res"); | 210 | om.set_field("mode","id_res"); |
211 | om.set_field("op_endpoint",get_op_endpoint()); | 211 | om.set_field("op_endpoint",get_op_endpoint()); |
212 | string ats = "ns,mode,op_endpoint,return_to,response_nonce," | 212 | string ats = "ns,mode,op_endpoint,return_to,response_nonce," |
213 | "assoc_handle,signed"; | 213 | "assoc_handle,signed"; |
214 | if(!identity.empty()) { | 214 | if(!identity.empty()) { |
215 | om.set_field("identity",identity); | 215 | om.set_field("identity",identity); |
216 | om.set_field("claimed_id",claimed_id); | 216 | om.set_field("claimed_id",claimed_id); |
217 | ats += ",identity,claimed_id"; | 217 | ats += ",identity,claimed_id"; |
218 | } | 218 | } |
219 | om.set_field("return_to",return_to); | 219 | om.set_field("return_to",return_to); |
220 | string nonce = w3timestr; | 220 | string nonce = w3timestr; |
221 | om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless())); | 221 | om.set_field("response_nonce",alloc_nonce(nonce)); |
222 | if(!invalidate_handle.empty()) { | 222 | if(!invalidate_handle.empty()) { |
223 | om.set_field("invalidate_handle",invalidate_handle); | 223 | om.set_field("invalidate_handle",invalidate_handle); |
224 | ats += ",invalidate_handle"; | 224 | ats += ",invalidate_handle"; |
225 | } | 225 | } |
226 | om.set_field("assoc_handle",assoc->handle()); | 226 | om.set_field("assoc_handle",assoc->handle()); |
227 | om.add_to_signed(ats); | 227 | om.add_to_signed(ats); |
228 | if(ext) ext->op_id_res_hook(om); | 228 | if(ext) ext->op_id_res_hook(om); |
229 | om.set_field("sig",util::base64_signature(assoc,om)); | 229 | om.set_field("sig",util::base64_signature(assoc,om)); |
230 | return om; | 230 | return om; |
231 | } | 231 | } |
232 | 232 | ||
233 | basic_openid_message& basic_op::cancel(basic_openid_message& om) { | 233 | basic_openid_message& basic_OP::cancel(basic_openid_message& om) { |
234 | assert(!return_to.empty()); | 234 | assert(!return_to.empty()); |
235 | om.set_field("ns",OIURI_OPENID20); | 235 | om.set_field("ns",OIURI_OPENID20); |
236 | om.set_field("mode","cancel"); | 236 | om.set_field("mode","cancel"); |
237 | return om; | 237 | return om; |
238 | } | 238 | } |
239 | 239 | ||
240 | basic_openid_message& basic_op::error(basic_openid_message& om, | 240 | basic_openid_message& basic_OP::error(basic_openid_message& om, |
241 | const string& error,const string& contact, | 241 | const string& error,const string& contact, |
242 | const string& reference ) { | 242 | const string& reference ) { |
243 | assert(!return_to.empty()); | 243 | assert(!return_to.empty()); |
244 | om.set_field("ns",OIURI_OPENID20); | 244 | om.set_field("ns",OIURI_OPENID20); |
245 | om.set_field("mode","error"); | 245 | om.set_field("mode","error"); |
246 | om.set_field("error",error); | 246 | om.set_field("error",error); |
247 | om.set_field("contact",contact); | 247 | om.set_field("contact",contact); |
248 | om.set_field("reference",reference); | 248 | om.set_field("reference",reference); |
249 | return om; | 249 | return om; |
250 | } | 250 | } |
251 | 251 | ||
252 | basic_openid_message& basic_op::setup_needed( | 252 | basic_openid_message& basic_OP::setup_needed( |
253 | basic_openid_message& oum,const basic_openid_message& inm) { | 253 | basic_openid_message& oum,const basic_openid_message& inm) { |
254 | assert(mode==mode_checkid_immediate); | 254 | assert(mode==mode_checkid_immediate); |
255 | assert(!return_to.empty()); | 255 | assert(!return_to.empty()); |
256 | if(openid2) { | 256 | if(openid2) { |
257 | oum.set_field("ns",OIURI_OPENID20); | 257 | oum.set_field("ns",OIURI_OPENID20); |
258 | oum.set_field("mode","setup_needed"); | 258 | oum.set_field("mode","setup_needed"); |
259 | }else{ | 259 | }else{ |
260 | oum.set_field("mode","id_res"); | 260 | oum.set_field("mode","id_res"); |
261 | static const string setupmode = "checkid_setup"; | 261 | static const string setupmode = "checkid_setup"; |
262 | oum.set_field("user_setup_url", | 262 | oum.set_field("user_setup_url", |
263 | util::change_mode_message_proxy(inm,setupmode) | 263 | util::change_mode_message_proxy(inm,setupmode) |
264 | .append_query(get_op_endpoint())); | 264 | .append_query(get_op_endpoint())); |
265 | } | 265 | } |
266 | return oum; | 266 | return oum; |
267 | } | 267 | } |
268 | 268 | ||
269 | basic_openid_message& basic_op::check_authentication( | 269 | basic_openid_message& basic_OP::check_authentication( |
270 | basic_openid_message& oum, | 270 | basic_openid_message& oum, |
271 | const basic_openid_message& inm) try { | 271 | const basic_openid_message& inm) try { |
272 | assert(inm.get_field("mode")=="check_authentication"); | 272 | assert(inm.get_field("mode")=="check_authentication"); |
273 | oum.reset_fields(); | 273 | oum.reset_fields(); |
274 | oum.set_field("ns",OIURI_OPENID20); | 274 | oum.set_field("ns",OIURI_OPENID20); |
275 | bool o2; | 275 | bool o2; |
276 | try { | 276 | try { |
277 | o2 = (inm.get_field("ns")==OIURI_OPENID20); | 277 | o2 = (inm.get_field("ns")==OIURI_OPENID20); |
278 | }catch(failed_lookup&) { o2 = false; } | 278 | }catch(failed_lookup&) { o2 = false; } |
279 | string nonce; | 279 | string nonce; |
280 | if(o2) { | 280 | if(o2) { |
281 | try { | 281 | try { |
@@ -311,20 +311,20 @@ namespace opkele { | |||
311 | } | 311 | } |
312 | }catch(failed_lookup&) { } | 312 | }catch(failed_lookup&) { } |
313 | if(o2) { | 313 | if(o2) { |
314 | assert(!nonce.empty()); | 314 | assert(!nonce.empty()); |
315 | invalidate_nonce(nonce); | 315 | invalidate_nonce(nonce); |
316 | } | 316 | } |
317 | return oum; | 317 | return oum; |
318 | }catch(failed_check_authentication& ) { | 318 | }catch(failed_check_authentication& ) { |
319 | oum.set_field("is_valid","false"); | 319 | oum.set_field("is_valid","false"); |
320 | return oum; | 320 | return oum; |
321 | } | 321 | } |
322 | 322 | ||
323 | void basic_op::verify_return_to() { | 323 | void basic_OP::verify_return_to() { |
324 | if(realm.find('#')!=string::npos) | 324 | if(realm.find('#')!=string::npos) |
325 | throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment"); | 325 | throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment"); |
326 | if(!util::uri_matches_realm(return_to,realm)) | 326 | if(!util::uri_matches_realm(return_to,realm)) |
327 | throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match realm"); | 327 | throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match realm"); |
328 | } | 328 | } |
329 | 329 | ||
330 | } | 330 | } |