summaryrefslogtreecommitdiffabout
path: root/lib
authorMichael Krelin <hacker@klever.net>2008-02-04 22:39:59 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-04 22:39:59 (UTC)
commit9163a26ec8839a31df888920418280a62ebc5595 (patch) (unidiff)
tree55339b4ecf0a3f24817eb5cc1b0b24f831ac895b /lib
parentc0eeee1cfd41d0f5f6ff6ac3d6fe021421376a69 (diff)
downloadlibopkele-9163a26ec8839a31df888920418280a62ebc5595.zip
libopkele-9163a26ec8839a31df888920418280a62ebc5595.tar.gz
libopkele-9163a26ec8839a31df888920418280a62ebc5595.tar.bz2
reworked extensions framework
* changed {checkid,id_res}_hook to {rp,op}_{checkid,id_res}_hook * deprecated older hooks, although implemented it in sreg and chain extensions * added extension processing to basic_op * added sreg to test OP Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (limited to 'lib') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_op.cc5
-rw-r--r--lib/basic_rp.cc4
-rw-r--r--lib/extension.cc25
-rw-r--r--lib/extension_chain.cc27
-rw-r--r--lib/sreg.cc28
5 files changed, 67 insertions, 22 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index c89d1d7..9e2ea5a 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -148,127 +148,130 @@ namespace opkele {
148 // no handle specified or no valid assoc found, go dumb 148 // no handle specified or no valid assoc found, go dumb
149 assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true); 149 assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true);
150 } 150 }
151 try { 151 try {
152 openid2 = (inm.get_field("ns")==OIURI_OPENID20); 152 openid2 = (inm.get_field("ns")==OIURI_OPENID20);
153 }catch(failed_lookup&) { openid2 = false; } 153 }catch(failed_lookup&) { openid2 = false; }
154 try { 154 try {
155 return_to = inm.get_field("return_to"); 155 return_to = inm.get_field("return_to");
156 }catch(failed_lookup&) { } 156 }catch(failed_lookup&) { }
157 if(openid2) { 157 if(openid2) {
158 try { 158 try {
159 realm = inm.get_field("realm"); 159 realm = inm.get_field("realm");
160 }catch(failed_lookup&) { 160 }catch(failed_lookup&) {
161 try { 161 try {
162 realm = inm.get_field("trust_root"); 162 realm = inm.get_field("trust_root");
163 }catch(failed_lookup&) { 163 }catch(failed_lookup&) {
164 if(return_to.empty()) 164 if(return_to.empty())
165 throw bad_input(OPKELE_CP_ 165 throw bad_input(OPKELE_CP_
166 "Both realm and return_to are unset"); 166 "Both realm and return_to are unset");
167 realm = return_to; 167 realm = return_to;
168 } 168 }
169 } 169 }
170 }else{ 170 }else{
171 try { 171 try {
172 realm = inm.get_field("trust_root"); 172 realm = inm.get_field("trust_root");
173 }catch(failed_lookup&) { 173 }catch(failed_lookup&) {
174 if(return_to.empty()) 174 if(return_to.empty())
175 throw bad_input(OPKELE_CP_ 175 throw bad_input(OPKELE_CP_
176 "Both realm and return_to are unset"); 176 "Both realm and return_to are unset");
177 realm = return_to; 177 realm = return_to;
178 } 178 }
179 } 179 }
180 try { 180 try {
181 identity = inm.get_field("identity"); 181 identity = inm.get_field("identity");
182 try { 182 try {
183 claimed_id = inm.get_field("claimed_id"); 183 claimed_id = inm.get_field("claimed_id");
184 }catch(failed_lookup&) { 184 }catch(failed_lookup&) {
185 if(openid2) 185 if(openid2)
186 throw bad_input(OPKELE_CP_ 186 throw bad_input(OPKELE_CP_
187 "claimed_id and identity must be either both present or both absent"); 187 "claimed_id and identity must be either both present or both absent");
188 claimed_id = identity; 188 claimed_id = identity;
189 } 189 }
190 }catch(failed_lookup&) { 190 }catch(failed_lookup&) {
191 if(openid2 && inm.has_field("claimed_id")) 191 if(openid2 && inm.has_field("claimed_id"))
192 throw bad_input(OPKELE_CP_ 192 throw bad_input(OPKELE_CP_
193 "claimed_id and identity must be either both present or both absent"); 193 "claimed_id and identity must be either both present or both absent");
194 } 194 }
195 verify_return_to(); 195 verify_return_to();
196 if(ext) ext->op_checkid_hook(inm);
196 } 197 }
197 198
198 basic_openid_message& basic_op::id_res(basic_openid_message& om) { 199 basic_openid_message& basic_op::id_res(basic_openid_message& om,
200 extension_t *ext) {
199 assert(assoc); 201 assert(assoc);
200 assert(!return_to.empty()); 202 assert(!return_to.empty());
201 assert(!is_id_select()); 203 assert(!is_id_select());
202 time_t now = time(0); 204 time_t now = time(0);
203 struct tm gmt; gmtime_r(&now,&gmt); 205 struct tm gmt; gmtime_r(&now,&gmt);
204 char w3timestr[24]; 206 char w3timestr[24];
205 if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt)) 207 if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt))
206 throw failed_conversion(OPKELE_CP_ 208 throw failed_conversion(OPKELE_CP_
207 "Failed to build time string for nonce" ); 209 "Failed to build time string for nonce" );
208 om.set_field("ns",OIURI_OPENID20); 210 om.set_field("ns",OIURI_OPENID20);
209 om.set_field("mode","id_res"); 211 om.set_field("mode","id_res");
210 om.set_field("op_endpoint",get_op_endpoint()); 212 om.set_field("op_endpoint",get_op_endpoint());
211 string ats = "ns,mode,op_endpoint,return_to,response_nonce," 213 string ats = "ns,mode,op_endpoint,return_to,response_nonce,"
212 "assoc_handle,signed"; 214 "assoc_handle,signed";
213 if(!identity.empty()) { 215 if(!identity.empty()) {
214 om.set_field("identity",identity); 216 om.set_field("identity",identity);
215 om.set_field("claimed_id",claimed_id); 217 om.set_field("claimed_id",claimed_id);
216 ats += ",identity,claimed_id"; 218 ats += ",identity,claimed_id";
217 } 219 }
218 om.set_field("return_to",return_to); 220 om.set_field("return_to",return_to);
219 string nonce = w3timestr; 221 string nonce = w3timestr;
220 om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless())); 222 om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless()));
221 if(!invalidate_handle.empty()) { 223 if(!invalidate_handle.empty()) {
222 om.set_field("invalidate_handle",invalidate_handle); 224 om.set_field("invalidate_handle",invalidate_handle);
223 ats += ",invalidate_handle"; 225 ats += ",invalidate_handle";
224 } 226 }
225 om.set_field("assoc_handle",assoc->handle()); 227 om.set_field("assoc_handle",assoc->handle());
226 om.add_to_signed(ats); 228 om.add_to_signed(ats);
229 if(ext) ext->op_id_res_hook(om);
227 om.set_field("sig",util::base64_signature(assoc,om)); 230 om.set_field("sig",util::base64_signature(assoc,om));
228 return om; 231 return om;
229 } 232 }
230 233
231 basic_openid_message& basic_op::cancel(basic_openid_message& om) { 234 basic_openid_message& basic_op::cancel(basic_openid_message& om) {
232 assert(!return_to.empty()); 235 assert(!return_to.empty());
233 om.set_field("ns",OIURI_OPENID20); 236 om.set_field("ns",OIURI_OPENID20);
234 om.set_field("mode","cancel"); 237 om.set_field("mode","cancel");
235 return om; 238 return om;
236 } 239 }
237 240
238 basic_openid_message& basic_op::error(basic_openid_message& om, 241 basic_openid_message& basic_op::error(basic_openid_message& om,
239 const string& error,const string& contact, 242 const string& error,const string& contact,
240 const string& reference ) { 243 const string& reference ) {
241 assert(!return_to.empty()); 244 assert(!return_to.empty());
242 om.set_field("ns",OIURI_OPENID20); 245 om.set_field("ns",OIURI_OPENID20);
243 om.set_field("mode","error"); 246 om.set_field("mode","error");
244 om.set_field("error",error); 247 om.set_field("error",error);
245 om.set_field("contact",contact); 248 om.set_field("contact",contact);
246 om.set_field("reference",reference); 249 om.set_field("reference",reference);
247 return om; 250 return om;
248 } 251 }
249 252
250 basic_openid_message& basic_op::setup_needed( 253 basic_openid_message& basic_op::setup_needed(
251 basic_openid_message& oum,const basic_openid_message& inm) { 254 basic_openid_message& oum,const basic_openid_message& inm) {
252 assert(mode==mode_checkid_immediate); 255 assert(mode==mode_checkid_immediate);
253 assert(!return_to.empty()); 256 assert(!return_to.empty());
254 if(openid2) { 257 if(openid2) {
255 oum.set_field("ns",OIURI_OPENID20); 258 oum.set_field("ns",OIURI_OPENID20);
256 oum.set_field("mode","setup_needed"); 259 oum.set_field("mode","setup_needed");
257 }else{ 260 }else{
258 oum.set_field("mode","id_res"); 261 oum.set_field("mode","id_res");
259 static const string setupmode = "checkid_setup"; 262 static const string setupmode = "checkid_setup";
260 oum.set_field("user_setup_url", 263 oum.set_field("user_setup_url",
261 util::change_mode_message_proxy(inm,setupmode) 264 util::change_mode_message_proxy(inm,setupmode)
262 .append_query(get_op_endpoint())); 265 .append_query(get_op_endpoint()));
263 } 266 }
264 return oum; 267 return oum;
265 } 268 }
266 269
267 basic_openid_message& basic_op::check_authentication( 270 basic_openid_message& basic_op::check_authentication(
268 basic_openid_message& oum, 271 basic_openid_message& oum,
269 const basic_openid_message& inm) try { 272 const basic_openid_message& inm) try {
270 assert(inm.get_field("mode")=="check_authentication"); 273 assert(inm.get_field("mode")=="check_authentication");
271 oum.reset_fields(); 274 oum.reset_fields();
272 oum.set_field("ns",OIURI_OPENID20); 275 oum.set_field("ns",OIURI_OPENID20);
273 bool o2; 276 bool o2;
274 try { 277 try {
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index a884583..bd45d99 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -84,97 +84,97 @@ namespace opkele {
84 req.set_field("session_type","DH-SHA1"); 84 req.set_field("session_type","DH-SHA1");
85 direct_request(res,req,OP); 85 direct_request(res,req,OP);
86 dh_get_secret( secret, res, 86 dh_get_secret( secret, res,
87 "HMAC-SHA1", "DH-SHA1", 87 "HMAC-SHA1", "DH-SHA1",
88 dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); 88 dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH );
89 expires_in = util::string_to_long(res.get_field("expires_in")); 89 expires_in = util::string_to_long(res.get_field("expires_in"));
90 }catch(bad_input& e) { 90 }catch(bad_input& e) {
91 throw dumb_RP(OPKELE_CP_ "OP failed to supply an association"); 91 throw dumb_RP(OPKELE_CP_ "OP failed to supply an association");
92 } 92 }
93 } 93 }
94 return store_assoc( 94 return store_assoc(
95 OP, res.get_field("assoc_handle"), 95 OP, res.get_field("assoc_handle"),
96 res.get_field("assoc_type"), secret, 96 res.get_field("assoc_type"), secret,
97 expires_in ); 97 expires_in );
98 } 98 }
99 99
100 basic_openid_message& basic_RP::checkid_( 100 basic_openid_message& basic_RP::checkid_(
101 basic_openid_message& rv, 101 basic_openid_message& rv,
102 mode_t mode, 102 mode_t mode,
103 const string& return_to,const string& realm, 103 const string& return_to,const string& realm,
104 extension_t *ext) { 104 extension_t *ext) {
105 rv.reset_fields(); 105 rv.reset_fields();
106 rv.set_field("ns",OIURI_OPENID20); 106 rv.set_field("ns",OIURI_OPENID20);
107 if(mode==mode_checkid_immediate) 107 if(mode==mode_checkid_immediate)
108 rv.set_field("mode","checkid_immediate"); 108 rv.set_field("mode","checkid_immediate");
109 else if(mode==mode_checkid_setup) 109 else if(mode==mode_checkid_setup)
110 rv.set_field("mode","checkid_setup"); 110 rv.set_field("mode","checkid_setup");
111 else 111 else
112 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 112 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
113 if(realm.empty() && return_to.empty()) 113 if(realm.empty() && return_to.empty())
114 throw bad_input(OPKELE_CP_ "At least one of realm and return_to must be non-empty"); 114 throw bad_input(OPKELE_CP_ "At least one of realm and return_to must be non-empty");
115 if(!realm.empty()) { 115 if(!realm.empty()) {
116 rv.set_field("realm",realm); 116 rv.set_field("realm",realm);
117 rv.set_field("trust_root",realm); 117 rv.set_field("trust_root",realm);
118 } 118 }
119 if(!return_to.empty()) 119 if(!return_to.empty())
120 rv.set_field("return_to",return_to); 120 rv.set_field("return_to",return_to);
121 const openid_endpoint_t& ep = get_endpoint(); 121 const openid_endpoint_t& ep = get_endpoint();
122 rv.set_field("claimed_id",ep.claimed_id); 122 rv.set_field("claimed_id",ep.claimed_id);
123 rv.set_field("identity",ep.local_id); 123 rv.set_field("identity",ep.local_id);
124 try { 124 try {
125 rv.set_field("assoc_handle",find_assoc(ep.uri)->handle()); 125 rv.set_field("assoc_handle",find_assoc(ep.uri)->handle());
126 }catch(dumb_RP& drp) { 126 }catch(dumb_RP& drp) {
127 }catch(failed_lookup& fl) { 127 }catch(failed_lookup& fl) {
128 try { 128 try {
129 rv.set_field("assoc_handle",associate(ep.uri)->handle()); 129 rv.set_field("assoc_handle",associate(ep.uri)->handle());
130 }catch(dumb_RP& drp) { } 130 }catch(dumb_RP& drp) { }
131 } OPKELE_RETHROW 131 } OPKELE_RETHROW
132 if(ext) ext->checkid_hook(rv); 132 if(ext) ext->rp_checkid_hook(rv);
133 return rv; 133 return rv;
134 } 134 }
135 135
136 class signed_part_message_proxy : public basic_openid_message { 136 class signed_part_message_proxy : public basic_openid_message {
137 public: 137 public:
138 const basic_openid_message& x; 138 const basic_openid_message& x;
139 set<string> signeds; 139 set<string> signeds;
140 140
141 signed_part_message_proxy(const basic_openid_message& xx) : x(xx) { 141 signed_part_message_proxy(const basic_openid_message& xx) : x(xx) {
142 const string& slist = x.get_field("signed"); 142 const string& slist = x.get_field("signed");
143 string::size_type p = 0; 143 string::size_type p = 0;
144 while(true) { 144 while(true) {
145 string::size_type co = slist.find(',',p); 145 string::size_type co = slist.find(',',p);
146 string f = (co==string::npos) 146 string f = (co==string::npos)
147 ?slist.substr(p):slist.substr(p,co-p); 147 ?slist.substr(p):slist.substr(p,co-p);
148 signeds.insert(f); 148 signeds.insert(f);
149 if(co==string::npos) break; 149 if(co==string::npos) break;
150 p = co+1; 150 p = co+1;
151 } 151 }
152 } 152 }
153 153
154 bool has_field(const string& n) const { 154 bool has_field(const string& n) const {
155 return signeds.find(n)!=signeds.end() && x.has_field(n); } 155 return signeds.find(n)!=signeds.end() && x.has_field(n); }
156 const string& get_field(const string& n) const { 156 const string& get_field(const string& n) const {
157 if(signeds.find(n)==signeds.end()) 157 if(signeds.find(n)==signeds.end())
158 throw failed_lookup(OPKELE_CP_ "The field isn't known to be signed"); 158 throw failed_lookup(OPKELE_CP_ "The field isn't known to be signed");
159 return x.get_field(n); } 159 return x.get_field(n); }
160 160
161 fields_iterator fields_begin() const { 161 fields_iterator fields_begin() const {
162 return signeds.begin(); } 162 return signeds.begin(); }
163 fields_iterator fields_end() const { 163 fields_iterator fields_end() const {
164 return signeds.end(); } 164 return signeds.end(); }
165 }; 165 };
166 166
167 static void parse_query(const string& u,string::size_type q, 167 static void parse_query(const string& u,string::size_type q,
168 map<string,string>& p) { 168 map<string,string>& p) {
169 if(q==string::npos) 169 if(q==string::npos)
170 return; 170 return;
171 assert(u[q]=='?'); 171 assert(u[q]=='?');
172 ++q; 172 ++q;
173 string::size_type l = u.size(); 173 string::size_type l = u.size();
174 while(q<l) { 174 while(q<l) {
175 string::size_type eq = u.find('=',q); 175 string::size_type eq = u.find('=',q);
176 string::size_type am = u.find('&',q); 176 string::size_type am = u.find('&',q);
177 if(am==string::npos) { 177 if(am==string::npos) {
178 if(eq==string::npos) { 178 if(eq==string::npos) {
179 p[""] = u.substr(q); 179 p[""] = u.substr(q);
180 }else{ 180 }else{
@@ -230,68 +230,68 @@ namespace opkele {
230 signed_part_message_proxy signeds(om); 230 signed_part_message_proxy signeds(om);
231 if(o2) { 231 if(o2) {
232 check_nonce(om.get_field("op_endpoint"), 232 check_nonce(om.get_field("op_endpoint"),
233 om.get_field("response_nonce")); 233 om.get_field("response_nonce"));
234 static const char *mustsign[] = { 234 static const char *mustsign[] = {
235 "op_endpoint", "return_to", "response_nonce", "assoc_handle", 235 "op_endpoint", "return_to", "response_nonce", "assoc_handle",
236 "claimed_id", "identity" }; 236 "claimed_id", "identity" };
237 for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { 237 for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) {
238 if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) 238 if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms]))
239 throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); 239 throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs");
240 } 240 }
241 if( ( 241 if( (
242 (om.has_field("claimed_id")?1:0) 242 (om.has_field("claimed_id")?1:0)
243 ^ 243 ^
244 (om.has_field("identity")?1:0) 244 (om.has_field("identity")?1:0)
245 )&1 ) 245 )&1 )
246 throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent"); 246 throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent");
247 247
248 string turl = util::rfc_3986_normalize_uri(get_this_url()); 248 string turl = util::rfc_3986_normalize_uri(get_this_url());
249 util::strip_uri_fragment_part(turl); 249 util::strip_uri_fragment_part(turl);
250 string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to")); 250 string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to"));
251 util::strip_uri_fragment_part(rurl); 251 util::strip_uri_fragment_part(rurl);
252 string::size_type 252 string::size_type
253 tq = turl.find('?'), rq = rurl.find('?'); 253 tq = turl.find('?'), rq = rurl.find('?');
254 if( 254 if(
255 ((tq==string::npos)?turl:turl.substr(0,tq)) 255 ((tq==string::npos)?turl:turl.substr(0,tq))
256 != 256 !=
257 ((rq==string::npos)?rurl:rurl.substr(0,rq)) 257 ((rq==string::npos)?rurl:rurl.substr(0,rq))
258 ) 258 )
259 throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url"); 259 throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");
260 map<string,string> tp; parse_query(turl,tq,tp); 260 map<string,string> tp; parse_query(turl,tq,tp);
261 map<string,string> rp; parse_query(rurl,rq,rp); 261 map<string,string> rp; parse_query(rurl,rq,rp);
262 for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) { 262 for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {
263 map<string,string>::const_iterator tpi = tp.find(rpi->first); 263 map<string,string>::const_iterator tpi = tp.find(rpi->first);
264 if(tpi==tp.end()) 264 if(tpi==tp.end())
265 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request"); 265 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");
266 if(tpi->second!=rpi->second) 266 if(tpi->second!=rpi->second)
267 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request"); 267 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request");
268 } 268 }
269 269
270 if(om.has_field("claimed_id")) { 270 if(om.has_field("claimed_id")) {
271 verify_OP( 271 verify_OP(
272 om.get_field("op_endpoint"), 272 om.get_field("op_endpoint"),
273 om.get_field("claimed_id"), 273 om.get_field("claimed_id"),
274 om.get_field("identity") ); 274 om.get_field("identity") );
275 } 275 }
276 276
277 } 277 }
278 if(ext) ext->id_res_hook(om,signeds); 278 if(ext) ext->rp_id_res_hook(om,signeds);
279 } 279 }
280 280
281 void basic_RP::check_authentication(const string& OP, 281 void basic_RP::check_authentication(const string& OP,
282 const basic_openid_message& om){ 282 const basic_openid_message& om){
283 openid_message_t res; 283 openid_message_t res;
284 static const string checkauthmode = "check_authentication"; 284 static const string checkauthmode = "check_authentication";
285 direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP); 285 direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);
286 if(res.has_field("is_valid")) { 286 if(res.has_field("is_valid")) {
287 if(res.get_field("is_valid")=="true") { 287 if(res.get_field("is_valid")=="true") {
288 if(res.has_field("invalidate_handle")) 288 if(res.has_field("invalidate_handle"))
289 invalidate_assoc(OP,res.get_field("invalidate_handle")); 289 invalidate_assoc(OP,res.get_field("invalidate_handle"));
290 return; 290 return;
291 } 291 }
292 } 292 }
293 throw failed_check_authentication( 293 throw failed_check_authentication(
294 OPKELE_CP_ "failed to verify response"); 294 OPKELE_CP_ "failed to verify response");
295 } 295 }
296 296
297} 297}
diff --git a/lib/extension.cc b/lib/extension.cc
index 6451249..f7aaea5 100644
--- a/lib/extension.cc
+++ b/lib/extension.cc
@@ -1,15 +1,26 @@
1#include <opkele/exception.h> 1#include <opkele/exception.h>
2#include <opkele/extension.h> 2#include <opkele/extension.h>
3 3
4namespace opkele { 4namespace opkele {
5 5
6 void extension_t::rp_checkid_hook(basic_openid_message&) {
7 throw not_implemented(OPKELE_CP_ "RP checkid_* hook not implemented"); }
8 void extension_t::rp_id_res_hook(const basic_openid_message&,
9 const basic_openid_message&) {
10 throw not_implemented(OPKELE_CP_ "RP id_res hook not implemented"); }
11
12 void extension_t::op_checkid_hook(const basic_openid_message&) {
13 throw not_implemented(OPKELE_CP_ "OP checkid_* hook not implemented"); }
14 void extension_t::op_id_res_hook(basic_openid_message& om) {
15 throw not_implemented(OPKELE_CP_ "OP id_res hook not implemented"); }
16
17
6 void extension_t::checkid_hook(basic_openid_message&) { 18 void extension_t::checkid_hook(basic_openid_message&) {
7 throw not_implemented(OPKELE_CP_ "Consumer checkid_hook not implemented"); 19 throw not_implemented(OPKELE_CP_ "deprecated consumer checkid_* hook not implemented"); }
8 } 20 void extension_t::id_res_hook(const basic_openid_message&,
9 void extension_t::id_res_hook(const basic_openid_message&,const basic_openid_message&) { 21 const basic_openid_message&) {
10 throw not_implemented(OPKELE_CP_ "Consumer id_res_hook not implemented"); 22 throw not_implemented(OPKELE_CP_ "deprecated consumer id_res hook not implemented"); }
11 } 23
12 void extension_t::checkid_hook(const basic_openid_message&,basic_openid_message&) { 24 void extension_t::checkid_hook(const basic_openid_message&,basic_openid_message&) {
13 throw not_implemented(OPKELE_CP_ "Server checkid_hook not implemented"); 25 throw not_implemented(OPKELE_CP_ "deprecated server checkid hook not implemented"); }
14 }
15} 26}
diff --git a/lib/extension_chain.cc b/lib/extension_chain.cc
index 5c2afd9..5483740 100644
--- a/lib/extension_chain.cc
+++ b/lib/extension_chain.cc
@@ -1,16 +1,27 @@
1#include <cstdarg> 1#include <cstdarg>
2#include <opkele/extension_chain.h> 2#include <opkele/extension_chain.h>
3 3
4namespace opkele { 4namespace opkele {
5 5
6 void extension_chain_t::rp_checkid_hook(basic_openid_message& om) {
7 for(iterator i=begin();i!=end();++i) (*i)->rp_checkid_hook(om); }
8 void extension_chain_t::rp_id_res_hook(const basic_openid_message& om,
9 const basic_openid_message& sp) {
10 for(iterator i=begin();i!=end();++i) (*i)->rp_id_res_hook(om,sp); }
11
12 void extension_chain_t::op_checkid_hook(const basic_openid_message& inm) {
13 for(iterator i=begin();i!=end();++i) (*i)->op_checkid_hook(inm); }
14 void extension_chain_t::op_id_res_hook(basic_openid_message& oum) {
15 for(iterator i=begin();i!=end();++i) (*i)->op_id_res_hook(oum); }
16
17
6 void extension_chain_t::checkid_hook(basic_openid_message& om){ 18 void extension_chain_t::checkid_hook(basic_openid_message& om){
7 for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(om); 19 for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(om); }
8 } 20 void extension_chain_t::id_res_hook(const basic_openid_message& om,
9 void extension_chain_t::id_res_hook(const basic_openid_message& om,const basic_openid_message& sp) { 21 const basic_openid_message& sp) {
10 for(iterator i=begin();i!=end();++i) (*i)->id_res_hook(om,sp); 22 for(iterator i=begin();i!=end();++i) (*i)->id_res_hook(om,sp); }
11 } 23 void extension_chain_t::checkid_hook(const basic_openid_message& inm,
12 void extension_chain_t::checkid_hook(const basic_openid_message& inm,basic_openid_message& oum) { 24 basic_openid_message& oum) {
13 for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(inm,oum); 25 for(iterator i=begin();i!=end();++i) (*i)->checkid_hook(inm,oum); }
14 }
15 26
16} 27}
diff --git a/lib/sreg.cc b/lib/sreg.cc
index 7e2d588..b40cd45 100644
--- a/lib/sreg.cc
+++ b/lib/sreg.cc
@@ -1,140 +1,160 @@
1#include <opkele/exception.h> 1#include <opkele/exception.h>
2#include <opkele/sreg.h> 2#include <opkele/sreg.h>
3#include <opkele/uris.h> 3#include <opkele/uris.h>
4#include <algorithm> 4#include <algorithm>
5 5
6namespace opkele { 6namespace opkele {
7 using std::find; 7 using std::find;
8 8
9 static const struct _sreg_field { 9 static const struct _sreg_field {
10 const char *fieldname; 10 const char *fieldname;
11 sreg_t::fieldbit_t fieldbit; 11 sreg_t::fieldbit_t fieldbit;
12 }fields[] = { 12 }fields[] = {
13 { "nickname", sreg_t::field_nickname }, 13 { "nickname", sreg_t::field_nickname },
14 { "email", sreg_t::field_email }, 14 { "email", sreg_t::field_email },
15 { "fullname", sreg_t::field_fullname }, 15 { "fullname", sreg_t::field_fullname },
16 { "dob", sreg_t::field_dob }, 16 { "dob", sreg_t::field_dob },
17 { "gender", sreg_t::field_gender }, 17 { "gender", sreg_t::field_gender },
18 { "postcode", sreg_t::field_postcode }, 18 { "postcode", sreg_t::field_postcode },
19 { "country", sreg_t::field_country }, 19 { "country", sreg_t::field_country },
20 { "language", sreg_t::field_language }, 20 { "language", sreg_t::field_language },
21 { "timezone", sreg_t::field_timezone } 21 { "timezone", sreg_t::field_timezone }
22 }; 22 };
23 # define fields_BEGINfields 23 # define fields_BEGINfields
24# define fields_END &fields[sizeof(fields)/sizeof(*fields)] 24# define fields_END &fields[sizeof(fields)/sizeof(*fields)]
25 typedef const struct _sreg_field *fields_iterator; 25 typedef const struct _sreg_field *fields_iterator;
26 26
27 bool operator==(const struct _sreg_field& fd,const string& fn) { 27 bool operator==(const struct _sreg_field& fd,const string& fn) {
28 return fd.fieldname==fn; 28 return fd.fieldname==fn;
29 } 29 }
30 30
31 void sreg_t::checkid_hook(basic_openid_message& om) { 31 void sreg_t::rp_checkid_hook(basic_openid_message& om) {
32 string fr, fo; 32 string fr, fo;
33 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { 33 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
34 if(f->fieldbit&fields_required) { 34 if(f->fieldbit&fields_required) {
35 if(!fr.empty()) fr+=","; 35 if(!fr.empty()) fr+=",";
36 fr += f->fieldname; 36 fr += f->fieldname;
37 } 37 }
38 if(f->fieldbit&fields_optional) { 38 if(f->fieldbit&fields_optional) {
39 if(!fo.empty()) fo+=","; 39 if(!fo.empty()) fo+=",";
40 fo += f->fieldname; 40 fo += f->fieldname;
41 } 41 }
42 } 42 }
43 string pfx = om.allocate_ns(OIURI_SREG11,"sreg"); 43 string pfx = om.allocate_ns(OIURI_SREG11,"sreg");
44 if(!fr.empty()) om.set_field(pfx+".required",fr); 44 if(!fr.empty()) om.set_field(pfx+".required",fr);
45 if(!fo.empty()) om.set_field(pfx+".optional",fo); 45 if(!fo.empty()) om.set_field(pfx+".optional",fo);
46 if(!policy_url.empty()) om.set_field(pfx+".policy_url",policy_url); 46 if(!policy_url.empty()) om.set_field(pfx+".policy_url",policy_url);
47 } 47 }
48 48
49 void sreg_t::id_res_hook(const basic_openid_message& om,const basic_openid_message& sp) { 49 void sreg_t::checkid_hook(basic_openid_message& om) {
50 rp_checkid_hook(om); }
51
52 void sreg_t::rp_id_res_hook(const basic_openid_message& om,
53 const basic_openid_message& sp) {
50 clear(); 54 clear();
51 string pfx; 55 string pfx;
52 try { 56 try {
53 pfx = om.find_ns(OIURI_SREG11,"sreg"); 57 pfx = om.find_ns(OIURI_SREG11,"sreg");
54 }catch(failed_lookup& fl) { 58 }catch(failed_lookup& fl) {
55 try { 59 try {
56 pfx = om.find_ns(OIURI_SREG10,"sreg"); 60 pfx = om.find_ns(OIURI_SREG10,"sreg");
57 }catch(failed_lookup& fl) { 61 }catch(failed_lookup& fl) {
58 return; 62 return;
59 } 63 }
60 } 64 }
61 pfx += '.'; 65 pfx += '.';
62 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { 66 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
63 string fn = pfx; fn+=f->fieldname; 67 string fn = pfx; fn+=f->fieldname;
64 if(!sp.has_field(fn)) continue; 68 if(!sp.has_field(fn)) continue;
65 has_fields |= f->fieldbit; 69 has_fields |= f->fieldbit;
66 response[f->fieldbit]=sp.get_field(fn); 70 response[f->fieldbit]=sp.get_field(fn);
67 } 71 }
68 } 72 }
69 73
74 void sreg_t::id_res_hook(const basic_openid_message& om,
75 const basic_openid_message& sp) {
76 rp_id_res_hook(om,sp); }
77
70 const string& sreg_t::get_field(fieldbit_t fb) const { 78 const string& sreg_t::get_field(fieldbit_t fb) const {
71 response_t::const_iterator i = response.find(fb); 79 response_t::const_iterator i = response.find(fb);
72 if(i==response.end()) 80 if(i==response.end())
73 throw failed_lookup(OPKELE_CP_ "no field data available"); 81 throw failed_lookup(OPKELE_CP_ "no field data available");
74 return i->second; 82 return i->second;
75 } 83 }
76 84
77 void sreg_t::set_field(fieldbit_t fb,const string& fv) { 85 void sreg_t::set_field(fieldbit_t fb,const string& fv) {
78 response[fb] = fv; 86 response[fb] = fv;
79 has_fields |= fb; 87 has_fields |= fb;
80 } 88 }
81 89
82 void sreg_t::reset_field(fieldbit_t fb) { 90 void sreg_t::reset_field(fieldbit_t fb) {
83 has_fields &= ~fb; 91 has_fields &= ~fb;
84 response.erase(fb); 92 response.erase(fb);
85 } 93 }
86 94
87 void sreg_t::clear() { 95 void sreg_t::clear() {
88 has_fields = 0; response.clear(); 96 has_fields = 0; response.clear();
89 } 97 }
90 98
91 static long fields_list_to_bitmask(string& fl) { 99 static long fields_list_to_bitmask(string& fl) {
92 long rv = 0; 100 long rv = 0;
93 while(!fl.empty()) { 101 while(!fl.empty()) {
94 string::size_type co = fl.find(','); 102 string::size_type co = fl.find(',');
95 string fn; 103 string fn;
96 if(co==string::npos) { 104 if(co==string::npos) {
97 fn = fl; fl.erase(); 105 fn = fl; fl.erase();
98 }else{ 106 }else{
99 fn = fl.substr(0,co); fl.erase(0,co+1); 107 fn = fl.substr(0,co); fl.erase(0,co+1);
100 } 108 }
101 fields_iterator f = find(fields_BEGIN,fields_END,fn); 109 fields_iterator f = find(fields_BEGIN,fields_END,fn);
102 if(f!=fields_END) 110 if(f!=fields_END)
103 rv |= f->fieldbit; 111 rv |= f->fieldbit;
104 } 112 }
105 return rv; 113 return rv;
106 } 114 }
107 115
108 void sreg_t::checkid_hook(const basic_openid_message& inm,basic_openid_message& oum) { 116 void sreg_t::op_checkid_hook(const basic_openid_message& inm) {
109 string ins = inm.find_ns(OIURI_SREG11,"sreg"); 117 string ins = inm.find_ns(OIURI_SREG11,"sreg");
110 fields_optional = 0; fields_required = 0; policy_url.erase(); 118 fields_optional = 0; fields_required = 0; policy_url.erase();
111 fields_response = 0; 119 fields_response = 0;
112 try { 120 try {
113 string fl = inm.get_field(ins+".required"); 121 string fl = inm.get_field(ins+".required");
114 fields_required = fields_list_to_bitmask(fl); 122 fields_required = fields_list_to_bitmask(fl);
115 }catch(failed_lookup&) { } 123 }catch(failed_lookup&) { }
116 try { 124 try {
117 string fl = inm.get_field(ins+".optional"); 125 string fl = inm.get_field(ins+".optional");
118 fields_optional = fields_list_to_bitmask(fl); 126 fields_optional = fields_list_to_bitmask(fl);
119 }catch(failed_lookup&) { } 127 }catch(failed_lookup&) { }
120 try { 128 try {
121 policy_url = inm.get_field(ins+".policy_url"); 129 policy_url = inm.get_field(ins+".policy_url");
122 }catch(failed_lookup&) { } 130 }catch(failed_lookup&) { }
123 setup_response(inm,oum); 131 }
132
133 void sreg_t::op_id_res_hook(basic_openid_message& oum) {
124 string ons = oum.allocate_ns(OIURI_SREG11,"sreg"); 134 string ons = oum.allocate_ns(OIURI_SREG11,"sreg");
125 fields_response &= has_fields; 135 fields_response &= has_fields;
126 string signeds = "ns."+ons; 136 string signeds = "ns."+ons;
127 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { 137 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
128 if(!(f->fieldbit&fields_response)) continue; 138 if(!(f->fieldbit&fields_response)) continue;
129 signeds +=','; 139 signeds +=',';
130 string pn = ons; pn += '.'; pn += f->fieldname; 140 string pn = ons; pn += '.'; pn += f->fieldname;
131 signeds += pn; 141 signeds += pn;
132 oum.set_field(pn,get_field(f->fieldbit)); 142 oum.set_field(pn,get_field(f->fieldbit));
133 } 143 }
134 oum.add_to_signed(signeds); 144 oum.add_to_signed(signeds);
135 } 145 }
136 146
147 void sreg_t::checkid_hook(const basic_openid_message& inm,
148 basic_openid_message& oum) {
149 op_checkid_hook(inm);
150 setup_response(inm,oum);
151 op_id_res_hook(oum);
152 }
153
137 void sreg_t::setup_response(const basic_openid_message& /* inm */,basic_openid_message& /* oum */) { 154 void sreg_t::setup_response(const basic_openid_message& /* inm */,basic_openid_message& /* oum */) {
155 setup_response();
156 }
157 void sreg_t::setup_response() {
138 fields_response = (fields_required|fields_optional)&has_fields; 158 fields_response = (fields_required|fields_optional)&has_fields;
139 } 159 }
140} 160}