-rw-r--r-- | include/opkele/basic_op.h | 119 | ||||
-rw-r--r-- | include/opkele/verify_op.h | 2 | ||||
-rw-r--r-- | lib/basic_op.cc | 38 | ||||
-rw-r--r-- | lib/verify_op.cc | 2 | ||||
-rw-r--r-- | test/OP.cc | 2 |
5 files changed, 134 insertions, 29 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h index 5bba1bf..4daed02 100644 --- a/include/opkele/basic_op.h +++ b/include/opkele/basic_op.h | |||
@@ -10,3 +10,3 @@ namespace opkele { | |||
10 | 10 | ||
11 | class basic_op { | 11 | class basic_OP { |
12 | public: | 12 | public: |
@@ -37,2 +37,10 @@ namespace opkele { | |||
37 | 37 | ||
38 | /** @name OpenID operations | ||
39 | * @{ | ||
40 | */ | ||
41 | /** | ||
42 | * Establish association with RP | ||
43 | * @param oum reply message | ||
44 | * @param inm request message | ||
45 | */ | ||
38 | basic_openid_message& associate( | 46 | basic_openid_message& associate( |
@@ -41,6 +49,32 @@ namespace opkele { | |||
41 | 49 | ||
50 | /** | ||
51 | * Parse the checkid_* request. The function parses input message, | ||
52 | * retrieves the information needed for further processing, | ||
53 | * verifies what can be verified at this stage. | ||
54 | * @param inm incoming OpenID message | ||
55 | * @param ext extension/chain of extensions supported | ||
56 | */ | ||
42 | void checkid_(const basic_openid_message& inm,extension_t *ext=0); | 57 | void checkid_(const basic_openid_message& inm,extension_t *ext=0); |
58 | /** | ||
59 | * Build and sign a positive assertion message | ||
60 | * @param om outpu OpenID message | ||
61 | * @param ext extension/chain of extensions supported | ||
62 | * @return reference to om | ||
63 | */ | ||
43 | basic_openid_message& id_res(basic_openid_message& om, | 64 | basic_openid_message& id_res(basic_openid_message& om, |
44 | extension_t *ext=0); | 65 | extension_t *ext=0); |
66 | /** | ||
67 | * Build a 'cancel' negative assertion | ||
68 | * @param om output OpenID message | ||
69 | * @return reference to om | ||
70 | */ | ||
45 | basic_openid_message& cancel(basic_openid_message& om); | 71 | basic_openid_message& cancel(basic_openid_message& om); |
72 | /** | ||
73 | * Build an 'error' reply | ||
74 | * @param om output OpenID message | ||
75 | * @param error a human-readable message indicating the cause | ||
76 | * @param contact contact address for the server administrator (can be empty) | ||
77 | * @param reference a reference token (can be empty) | ||
78 | * @return reference to om | ||
79 | */ | ||
46 | basic_openid_message& error(basic_openid_message& om, | 80 | basic_openid_message& error(basic_openid_message& om, |
@@ -48,2 +82,8 @@ namespace opkele { | |||
48 | const string& reference ); | 82 | const string& reference ); |
83 | /** | ||
84 | * Build a setup_needed reply to checkid_immediate request | ||
85 | * @param oum output OpenID message | ||
86 | * @param inm incoming OpenID request being processed | ||
87 | * @return reference to oum | ||
88 | */ | ||
49 | basic_openid_message& setup_needed( | 89 | basic_openid_message& setup_needed( |
@@ -51,15 +91,80 @@ namespace opkele { | |||
51 | 91 | ||
92 | /** | ||
93 | * Process check_authentication request | ||
94 | * @param oum output OpenID message | ||
95 | * @param inm incoming request | ||
96 | * @return reference to oum | ||
97 | */ | ||
52 | basic_openid_message& check_authentication( | 98 | basic_openid_message& check_authentication( |
53 | basic_openid_message& oum,const basic_openid_message& inm); | 99 | basic_openid_message& oum,const basic_openid_message& inm); |
54 | 100 | /** | |
101 | * @} | ||
102 | */ | ||
103 | |||
104 | /** | ||
105 | * Verify return_to url. The default implementation checks whether | ||
106 | * return_to URI matches the realm | ||
107 | * @throw bad_realm in case of invalid realm | ||
108 | * @throw bad_return_to if return_to doesn't match the realm | ||
109 | * @see verify_op::verify_return_to() | ||
110 | */ | ||
55 | virtual void verify_return_to(); | 111 | virtual void verify_return_to(); |
56 | 112 | ||
57 | virtual assoc_t alloc_assoc(const string& t,size_t kl,bool sl) = 0; | 113 | /** |
58 | virtual assoc_t retrieve_assoc(const string& h) = 0; | 114 | * @name Global persistent store API |
59 | 115 | * These functions are related to the associations with RPs storage | |
60 | virtual string& alloc_nonce(string& nonce,bool sl) = 0; | 116 | * and retrieval and nonce management. |
117 | * @{ | ||
118 | */ | ||
119 | /** | ||
120 | * Allocate association. | ||
121 | * @param type association type | ||
122 | * @param kl association key length | ||
123 | * @param sl true if the association is stateless | ||
124 | * @return association object | ||
125 | */ | ||
126 | virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0; | ||
127 | /** | ||
128 | * Retrieve valid unexpired association | ||
129 | * @param handle association handle | ||
130 | * @return association object | ||
131 | */ | ||
132 | virtual assoc_t retrieve_assoc(const string& handle) = 0; | ||
133 | /** | ||
134 | * Allocate nonce. | ||
135 | * @param nonce input-output parameter containing timestamp part of | ||
136 | * the nonce on input | ||
137 | * @param sl true if the nonce is | ||
138 | * @return reference to nonce | ||
139 | * @throw failed_lookup if no such valid unexpired association | ||
140 | * could be retrieved | ||
141 | */ | ||
142 | virtual string& alloc_nonce(string& nonce) = 0; | ||
143 | /** | ||
144 | * Check nonce validity | ||
145 | * @param nonce nonce to check | ||
146 | * @return true if nonce found and isn't yet invalidated | ||
147 | */ | ||
61 | virtual bool check_nonce(const string& nonce) = 0; | 148 | virtual bool check_nonce(const string& nonce) = 0; |
149 | /** | ||
150 | * Invalidate nonce | ||
151 | * @param nonce nonce to check | ||
152 | */ | ||
62 | virtual void invalidate_nonce(const string& nonce) = 0; | 153 | virtual void invalidate_nonce(const string& nonce) = 0; |
63 | 154 | /** | |
155 | * @} | ||
156 | */ | ||
157 | |||
158 | /** | ||
159 | * @name Site particulars API | ||
160 | * @{ | ||
161 | */ | ||
162 | /** | ||
163 | * Query the absolute URL of the op endpoint | ||
164 | * @return fully qualified url of the OP endpoint | ||
165 | */ | ||
64 | virtual const string get_op_endpoint() const = 0; | 166 | virtual const string get_op_endpoint() const = 0; |
167 | /** | ||
168 | * @} | ||
169 | */ | ||
65 | 170 | ||
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h index f5c97b2..6c3c386 100644 --- a/include/opkele/verify_op.h +++ b/include/opkele/verify_op.h | |||
@@ -7,3 +7,3 @@ namespace opkele { | |||
7 | 7 | ||
8 | class verify_op : public basic_op { | 8 | class verify_op : public basic_OP { |
9 | public: | 9 | public: |
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index 7a2dbd2..18446dc 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc | |||
@@ -12,3 +12,3 @@ namespace opkele { | |||
12 | 12 | ||
13 | void basic_op::reset_vars() { | 13 | void basic_OP::reset_vars() { |
14 | assoc.reset(); | 14 | assoc.reset(); |
@@ -19,6 +19,6 @@ namespace opkele { | |||
19 | 19 | ||
20 | bool basic_op::has_return_to() const { | 20 | bool basic_OP::has_return_to() const { |
21 | return !return_to.empty(); | 21 | return !return_to.empty(); |
22 | } | 22 | } |
23 | const string& basic_op::get_return_to() const { | 23 | const string& basic_OP::get_return_to() const { |
24 | if(return_to.empty()) | 24 | if(return_to.empty()) |
@@ -28,3 +28,3 @@ namespace opkele { | |||
28 | 28 | ||
29 | const string& basic_op::get_realm() const { | 29 | const string& basic_OP::get_realm() const { |
30 | assert(!realm.empty()); | 30 | assert(!realm.empty()); |
@@ -33,6 +33,6 @@ namespace opkele { | |||
33 | 33 | ||
34 | bool basic_op::has_identity() const { | 34 | bool basic_OP::has_identity() const { |
35 | return !identity.empty(); | 35 | return !identity.empty(); |
36 | } | 36 | } |
37 | const string& basic_op::get_claimed_id() const { | 37 | const string& basic_OP::get_claimed_id() const { |
38 | if(claimed_id.empty()) | 38 | if(claimed_id.empty()) |
@@ -42,3 +42,3 @@ namespace opkele { | |||
42 | } | 42 | } |
43 | const string& basic_op::get_identity() const { | 43 | const string& basic_OP::get_identity() const { |
44 | if(identity.empty()) | 44 | if(identity.empty()) |
@@ -49,3 +49,3 @@ namespace opkele { | |||
49 | 49 | ||
50 | bool basic_op::is_id_select() const { | 50 | bool basic_OP::is_id_select() const { |
51 | return identity==IDURI_SELECT20; | 51 | return identity==IDURI_SELECT20; |
@@ -53,6 +53,6 @@ namespace opkele { | |||
53 | 53 | ||
54 | void basic_op::select_identity(const string& c,const string& i) { | 54 | void basic_OP::select_identity(const string& c,const string& i) { |
55 | claimed_id = c; identity = i; | 55 | claimed_id = c; identity = i; |
56 | } | 56 | } |
57 | void basic_op::set_claimed_id(const string& c) { | 57 | void basic_OP::set_claimed_id(const string& c) { |
58 | claimed_id = c; | 58 | claimed_id = c; |
@@ -60,3 +60,3 @@ namespace opkele { | |||
60 | 60 | ||
61 | basic_openid_message& basic_op::associate( | 61 | basic_openid_message& basic_OP::associate( |
62 | basic_openid_message& oum, | 62 | basic_openid_message& oum, |
@@ -133,3 +133,3 @@ namespace opkele { | |||
133 | 133 | ||
134 | void basic_op::checkid_(const basic_openid_message& inm, | 134 | void basic_OP::checkid_(const basic_openid_message& inm, |
135 | extension_t *ext) { | 135 | extension_t *ext) { |
@@ -195,3 +195,3 @@ namespace opkele { | |||
195 | 195 | ||
196 | basic_openid_message& basic_op::id_res(basic_openid_message& om, | 196 | basic_openid_message& basic_OP::id_res(basic_openid_message& om, |
197 | extension_t *ext) { | 197 | extension_t *ext) { |
@@ -220,3 +220,3 @@ namespace opkele { | |||
220 | string nonce = w3timestr; | 220 | string nonce = w3timestr; |
221 | om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless())); | 221 | om.set_field("response_nonce",alloc_nonce(nonce)); |
222 | if(!invalidate_handle.empty()) { | 222 | if(!invalidate_handle.empty()) { |
@@ -232,3 +232,3 @@ namespace opkele { | |||
232 | 232 | ||
233 | basic_openid_message& basic_op::cancel(basic_openid_message& om) { | 233 | basic_openid_message& basic_OP::cancel(basic_openid_message& om) { |
234 | assert(!return_to.empty()); | 234 | assert(!return_to.empty()); |
@@ -239,3 +239,3 @@ namespace opkele { | |||
239 | 239 | ||
240 | basic_openid_message& basic_op::error(basic_openid_message& om, | 240 | basic_openid_message& basic_OP::error(basic_openid_message& om, |
241 | const string& error,const string& contact, | 241 | const string& error,const string& contact, |
@@ -251,3 +251,3 @@ namespace opkele { | |||
251 | 251 | ||
252 | basic_openid_message& basic_op::setup_needed( | 252 | basic_openid_message& basic_OP::setup_needed( |
253 | basic_openid_message& oum,const basic_openid_message& inm) { | 253 | basic_openid_message& oum,const basic_openid_message& inm) { |
@@ -268,3 +268,3 @@ namespace opkele { | |||
268 | 268 | ||
269 | basic_openid_message& basic_op::check_authentication( | 269 | basic_openid_message& basic_OP::check_authentication( |
270 | basic_openid_message& oum, | 270 | basic_openid_message& oum, |
@@ -322,3 +322,3 @@ namespace opkele { | |||
322 | 322 | ||
323 | void basic_op::verify_return_to() { | 323 | void basic_OP::verify_return_to() { |
324 | if(realm.find('#')!=string::npos) | 324 | if(realm.find('#')!=string::npos) |
diff --git a/lib/verify_op.cc b/lib/verify_op.cc index e7c26b5..0beca2d 100644 --- a/lib/verify_op.cc +++ b/lib/verify_op.cc | |||
@@ -35,3 +35,3 @@ namespace opkele { | |||
35 | void verify_op::verify_return_to() { | 35 | void verify_op::verify_return_to() { |
36 | basic_op::verify_return_to(); | 36 | basic_OP::verify_return_to(); |
37 | try { | 37 | try { |
@@ -163,3 +163,3 @@ class example_op_t : public opkele::verify_op { | |||
163 | 163 | ||
164 | string& alloc_nonce(string& nonce,bool stateless) { | 164 | string& alloc_nonce(string& nonce) { |
165 | uuid_t uuid; uuid_generate(uuid); | 165 | uuid_t uuid; uuid_generate(uuid); |