summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_op.h3
-rw-r--r--include/opkele/extension.h8
-rw-r--r--include/opkele/verify_op.h10
3 files changed, 21 insertions, 0 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h
index a0f0af0..0e3231d 100644
--- a/include/opkele/basic_op.h
+++ b/include/opkele/basic_op.h
@@ -1,138 +1,141 @@
1#ifndef __OPKELE_BASIC_OP_H 1#ifndef __OPKELE_BASIC_OP_H
2#define __OPKELE_BASIC_OP_H 2#define __OPKELE_BASIC_OP_H
3 3
4#include <string> 4#include <string>
5#include <opkele/types.h> 5#include <opkele/types.h>
6#include <opkele/extension.h> 6#include <opkele/extension.h>
7 7
8namespace opkele { 8namespace opkele {
9 using std::string; 9 using std::string;
10 10
11 /**
12 * Implementation of basic OP functionality
13 */
11 class basic_OP { 14 class basic_OP {
12 public: 15 public:
13 /** 16 /**
14 * The request mode for the request being processed 17 * The request mode for the request being processed
15 */ 18 */
16 mode_t mode; 19 mode_t mode;
17 /** 20 /**
18 * association used in transaction. reset in case of dumb operation 21 * association used in transaction. reset in case of dumb operation
19 */ 22 */
20 assoc_t assoc; 23 assoc_t assoc;
21 /** 24 /**
22 * true if the request is openid2 request 25 * true if the request is openid2 request
23 */ 26 */
24 bool openid2; 27 bool openid2;
25 /** 28 /**
26 * The return_to RP endpoint 29 * The return_to RP endpoint
27 */ 30 */
28 string return_to; 31 string return_to;
29 /** 32 /**
30 * The realm we authenticate for 33 * The realm we authenticate for
31 */ 34 */
32 string realm; 35 string realm;
33 /** 36 /**
34 * Claimed identifier 37 * Claimed identifier
35 */ 38 */
36 string claimed_id; 39 string claimed_id;
37 /** 40 /**
38 * The OP-Local identifier 41 * The OP-Local identifier
39 */ 42 */
40 string identity; 43 string identity;
41 /** 44 /**
42 * The invalidate handle for the reply request 45 * The invalidate handle for the reply request
43 */ 46 */
44 string invalidate_handle; 47 string invalidate_handle;
45 48
46 void reset_vars(); 49 void reset_vars();
47 50
48 /** 51 /**
49 * @name Request information access 52 * @name Request information access
50 * Setting and retrieval of the information pertaining to the request being processed 53 * Setting and retrieval of the information pertaining to the request being processed
51 * @{ 54 * @{
52 */ 55 */
53 /** 56 /**
54 * Check if the RP expects us to get back to them. 57 * Check if the RP expects us to get back to them.
55 * @return true if RP supplied return_to URL 58 * @return true if RP supplied return_to URL
56 */ 59 */
57 bool has_return_to() const; 60 bool has_return_to() const;
58 /** 61 /**
59 * Find out where the RP is waiting for us. 62 * Find out where the RP is waiting for us.
60 * @return the return_to URL supplied 63 * @return the return_to URL supplied
61 * @throw no_return_to if no return_to is supplied with the request 64 * @throw no_return_to if no return_to is supplied with the request
62 */ 65 */
63 const string& get_return_to() const; 66 const string& get_return_to() const;
64 67
65 /** 68 /**
66 * Find out what realm we are authenticating user for 69 * Find out what realm we are authenticating user for
67 * @return the realm 70 * @return the realm
68 */ 71 */
69 const string& get_realm() const; 72 const string& get_realm() const;
70 73
71 /** 74 /**
72 * Check if request is about identity 75 * Check if request is about identity
73 * @return true if so 76 * @return true if so
74 */ 77 */
75 bool has_identity() const; 78 bool has_identity() const;
76 /** 79 /**
77 * Get claimed identifier supplied with the request 80 * Get claimed identifier supplied with the request
78 * @return claimed identifier 81 * @return claimed identifier
79 * @throw non_identity if request is not about identity 82 * @throw non_identity if request is not about identity
80 */ 83 */
81 const string& get_claimed_id() const; 84 const string& get_claimed_id() const;
82 /** 85 /**
83 * Get the identity (OP-Local identifier) being confirmed 86 * Get the identity (OP-Local identifier) being confirmed
84 * @return identity 87 * @return identity
85 * @throw non_identity if request is not about identity 88 * @throw non_identity if request is not about identity
86 */ 89 */
87 const string& get_identity() const; 90 const string& get_identity() const;
88 91
89 /** 92 /**
90 * Is identifier supposed to be selected on our side? 93 * Is identifier supposed to be selected on our side?
91 * @return true if identity is a special identifier select URI 94 * @return true if identity is a special identifier select URI
92 */ 95 */
93 bool is_id_select() const; 96 bool is_id_select() const;
94 97
95 /** 98 /**
96 * Select the identity for identifier select request 99 * Select the identity for identifier select request
97 * @param cid claimed identifier 100 * @param cid claimed identifier
98 * @param lid local identifier 101 * @param lid local identifier
99 */ 102 */
100 void select_identity(const string& cid,const string& lid); 103 void select_identity(const string& cid,const string& lid);
101 /** 104 /**
102 * Set claimed identifier (for instance if it's supposed to have 105 * Set claimed identifier (for instance if it's supposed to have
103 * fragment part) 106 * fragment part)
104 * @param cid claimed identifier 107 * @param cid claimed identifier
105 */ 108 */
106 void set_claimed_id(const string& cid); 109 void set_claimed_id(const string& cid);
107 /** 110 /**
108 * @} 111 * @}
109 */ 112 */
110 113
111 /** @name OpenID operations 114 /** @name OpenID operations
112 * @{ 115 * @{
113 */ 116 */
114 /** 117 /**
115 * Establish association with RP 118 * Establish association with RP
116 * @param oum reply message 119 * @param oum reply message
117 * @param inm request message 120 * @param inm request message
118 */ 121 */
119 basic_openid_message& associate( 122 basic_openid_message& associate(
120 basic_openid_message& oum, 123 basic_openid_message& oum,
121 const basic_openid_message& inm); 124 const basic_openid_message& inm);
122 125
123 /** 126 /**
124 * Parse the checkid_* request. The function parses input message, 127 * Parse the checkid_* request. The function parses input message,
125 * retrieves the information needed for further processing, 128 * retrieves the information needed for further processing,
126 * verifies what can be verified at this stage. 129 * verifies what can be verified at this stage.
127 * @param inm incoming OpenID message 130 * @param inm incoming OpenID message
128 * @param ext extension/chain of extensions supported 131 * @param ext extension/chain of extensions supported
129 */ 132 */
130 void checkid_(const basic_openid_message& inm,extension_t *ext=0); 133 void checkid_(const basic_openid_message& inm,extension_t *ext=0);
131 /** 134 /**
132 * Build and sign a positive assertion message 135 * Build and sign a positive assertion message
133 * @param om outpu OpenID message 136 * @param om outpu OpenID message
134 * @param ext extension/chain of extensions supported 137 * @param ext extension/chain of extensions supported
135 * @return reference to om 138 * @return reference to om
136 */ 139 */
137 basic_openid_message& id_res(basic_openid_message& om, 140 basic_openid_message& id_res(basic_openid_message& om,
138 extension_t *ext=0); 141 extension_t *ext=0);
diff --git a/include/opkele/extension.h b/include/opkele/extension.h
index 37bcb90..38f61e3 100644
--- a/include/opkele/extension.h
+++ b/include/opkele/extension.h
@@ -1,61 +1,69 @@
1#ifndef __OPKELE_EXTENSION_H 1#ifndef __OPKELE_EXTENSION_H
2#define __OPKELE_EXTENSION_H 2#define __OPKELE_EXTENSION_H
3 3
4/** 4/**
5 * @file 5 * @file
6 * @brief extensions framework basics 6 * @brief extensions framework basics
7 */ 7 */
8 8
9#include <opkele/opkele-config.h> 9#include <opkele/opkele-config.h>
10#include <opkele/types.h> 10#include <opkele/types.h>
11 11
12namespace opkele { 12namespace opkele {
13 13
14 /** 14 /**
15 * OpenID extension hooks base class 15 * OpenID extension hooks base class
16 */ 16 */
17 class extension_t { 17 class extension_t {
18 public: 18 public:
19 19
20 virtual ~extension_t() { } 20 virtual ~extension_t() { }
21 21
22 /** 22 /**
23 * hook called by RP before submitting the message to OP. 23 * hook called by RP before submitting the message to OP.
24 * @param om openid message to be submit 24 * @param om openid message to be submit
25 */ 25 */
26 virtual void rp_checkid_hook(basic_openid_message& om); 26 virtual void rp_checkid_hook(basic_openid_message& om);
27 27
28 /** 28 /**
29 * hook called by RP after verifying information received from OP. 29 * hook called by RP after verifying information received from OP.
30 * @param om openid message received 30 * @param om openid message received
31 * @param sp signed part of the message 31 * @param sp signed part of the message
32 */ 32 */
33 virtual void rp_id_res_hook(const basic_openid_message& om, 33 virtual void rp_id_res_hook(const basic_openid_message& om,
34 const basic_openid_message& sp); 34 const basic_openid_message& sp);
35 35
36 /** 36 /**
37 * hook called by OP after parsing incoming message 37 * hook called by OP after parsing incoming message
38 * @param inm message received from RP 38 * @param inm message received from RP
39 */ 39 */
40 virtual void op_checkid_hook(const basic_openid_message& inm); 40 virtual void op_checkid_hook(const basic_openid_message& inm);
41 /** 41 /**
42 * hook called by OP before signing the reply to RP 42 * hook called by OP before signing the reply to RP
43 * @param oum message to be sent to RP 43 * @param oum message to be sent to RP
44 */ 44 */
45 virtual void op_id_res_hook(basic_openid_message& oum); 45 virtual void op_id_res_hook(basic_openid_message& oum);
46 46
47 /**
48 * @name deprecated hooks, used by the deprecated consumer_t and
49 * server_t implementations
50 * @{
51 */
47 virtual void checkid_hook(basic_openid_message& om) OPKELE_DEPRECATE; 52 virtual void checkid_hook(basic_openid_message& om) OPKELE_DEPRECATE;
48 virtual void id_res_hook(const basic_openid_message& om, 53 virtual void id_res_hook(const basic_openid_message& om,
49 const basic_openid_message& sp) OPKELE_DEPRECATE; 54 const basic_openid_message& sp) OPKELE_DEPRECATE;
50 virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum); 55 virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum);
56 /**
57 * @}
58 */
51 59
52 /** 60 /**
53 * Casts the object to pointer to itself. For convenient passing 61 * Casts the object to pointer to itself. For convenient passing
54 * of pointer. 62 * of pointer.
55 */ 63 */
56 operator extension_t*(void) { return this; } 64 operator extension_t*(void) { return this; }
57 }; 65 };
58 66
59} 67}
60 68
61#endif /* __OPKELE_EXTENSION_H */ 69#endif /* __OPKELE_EXTENSION_H */
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
index 6c3c386..6b94240 100644
--- a/include/opkele/verify_op.h
+++ b/include/opkele/verify_op.h
@@ -1,16 +1,26 @@
1#ifndef __OPKELE_VERIFY_OP_H 1#ifndef __OPKELE_VERIFY_OP_H
2#define __OPKELE_VERIFY_OP_H 2#define __OPKELE_VERIFY_OP_H
3 3
4#include <opkele/basic_op.h> 4#include <opkele/basic_op.h>
5 5
6namespace opkele { 6namespace opkele {
7 7
8 /**
9 * The OP implementation that does discovery verification on RP
10 */
8 class verify_op : public basic_OP { 11 class verify_op : public basic_OP {
9 public: 12 public:
10 13
14 /**
15 * In addition to basic_OP::verify_return_to() functionality this
16 * implementation does the discovery on RP to see if return_to matches
17 * the realm
18 * @throw bad_return_to in case we fail to discover corresponding
19 * service endpoint
20 */
11 void verify_return_to(); 21 void verify_return_to();
12 }; 22 };
13 23
14} 24}
15 25
16#endif /* __OPKELE_VERIFY_OP_H */ 26#endif /* __OPKELE_VERIFY_OP_H */