summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--include/opkele/types.h5
-rw-r--r--lib/consumer.cc2
2 files changed, 5 insertions, 2 deletions
diff --git a/include/opkele/types.h b/include/opkele/types.h
index 757c0af..8f4bf73 100644
--- a/include/opkele/types.h
+++ b/include/opkele/types.h
@@ -74,48 +74,53 @@ namespace opkele {
74 * retrieve the association handle. 74 * retrieve the association handle.
75 * @return handle 75 * @return handle
76 */ 76 */
77 virtual string handle() const = 0; 77 virtual string handle() const = 0;
78 /** 78 /**
79 * retrieve the association type. 79 * retrieve the association type.
80 * @return association type 80 * @return association type
81 */ 81 */
82 virtual string assoc_type() const = 0; 82 virtual string assoc_type() const = 0;
83 /** 83 /**
84 * retrieve the association secret. 84 * retrieve the association secret.
85 * @return association secret 85 * @return association secret
86 */ 86 */
87 virtual secret_t secret() const = 0; 87 virtual secret_t secret() const = 0;
88 /** 88 /**
89 * retrieve the number of seconds the association expires in. 89 * retrieve the number of seconds the association expires in.
90 * @return seconds till expiration 90 * @return seconds till expiration
91 */ 91 */
92 virtual int expires_in() const = 0; 92 virtual int expires_in() const = 0;
93 /** 93 /**
94 * check whether the association is stateless. 94 * check whether the association is stateless.
95 * @return true if stateless 95 * @return true if stateless
96 */ 96 */
97 virtual bool stateless() const = 0; 97 virtual bool stateless() const = 0;
98 /**
99 * check whether the association is expired.
100 * @return true if expired
101 */
102 virtual bool is_expired() const = 0;
98 }; 103 };
99 104
100 /** 105 /**
101 * the auto_ptr<> for association_t object type 106 * the auto_ptr<> for association_t object type
102 */ 107 */
103 typedef auto_ptr<association_t> assoc_t; 108 typedef auto_ptr<association_t> assoc_t;
104 109
105 /** 110 /**
106 * request/response parameters map 111 * request/response parameters map
107 */ 112 */
108 class params_t : public map<string,string> { 113 class params_t : public map<string,string> {
109 public: 114 public:
110 115
111 /** 116 /**
112 * check whether the parameter is present. 117 * check whether the parameter is present.
113 * @param n the parameter name 118 * @param n the parameter name
114 * @return true if yes 119 * @return true if yes
115 */ 120 */
116 bool has_param(const string& n) const; 121 bool has_param(const string& n) const;
117 /** 122 /**
118 * retrieve the parameter (const version) 123 * retrieve the parameter (const version)
119 * @param n the parameter name 124 * @param n the parameter name
120 * @return the parameter value 125 * @return the parameter value
121 * @throw failed_lookup if there is no such parameter 126 * @throw failed_lookup if there is no such parameter
diff --git a/lib/consumer.cc b/lib/consumer.cc
index af309c1..8f66688 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -123,50 +123,48 @@ namespace opkele {
123 123
124 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 124 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
125 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); 125 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
126 } 126 }
127 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 127 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
128 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); 128 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
129 } 129 }
130 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 130 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
131 params_t p; 131 params_t p;
132 if(mode==mode_checkid_immediate) 132 if(mode==mode_checkid_immediate)
133 p["mode"]="checkid_immediate"; 133 p["mode"]="checkid_immediate";
134 else if(mode==mode_checkid_setup) 134 else if(mode==mode_checkid_setup)
135 p["mode"]="checkid_setup"; 135 p["mode"]="checkid_setup";
136 else 136 else
137 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 137 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
138 string iurl = canonicalize(identity); 138 string iurl = canonicalize(identity);
139 string server, delegate; 139 string server, delegate;
140 retrieve_links(iurl,server,delegate); 140 retrieve_links(iurl,server,delegate);
141 p["identity"] = delegate.empty()?iurl:delegate; 141 p["identity"] = delegate.empty()?iurl:delegate;
142 if(!trust_root.empty()) 142 if(!trust_root.empty())
143 p["trust_root"] = trust_root; 143 p["trust_root"] = trust_root;
144 p["return_to"] = return_to; 144 p["return_to"] = return_to;
145 try { 145 try {
146 string ah = find_assoc(server)->handle(); 146 string ah = find_assoc(server)->handle();
147 if(ah->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */
148 throw failed_lookup(OPKELE_CP_ "find_assoc() has returned expired handle");
149 p["assoc_handle"] = ah; 147 p["assoc_handle"] = ah;
150 }catch(failed_lookup& fl) { 148 }catch(failed_lookup& fl) {
151 string ah = associate(server)->handle(); 149 string ah = associate(server)->handle();
152 p["assoc_handle"] = ah; 150 p["assoc_handle"] = ah;
153 } 151 }
154 if(ext) ext->checkid_hook(p,identity); 152 if(ext) ext->checkid_hook(p,identity);
155 return p.append_query(server); 153 return p.append_query(server);
156 } 154 }
157 155
158 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 156 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
159 if(pin.has_param("openid.user_setup_url")) 157 if(pin.has_param("openid.user_setup_url"))
160 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 158 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
161 string server,delegate; 159 string server,delegate;
162 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 160 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
163 params_t ps; 161 params_t ps;
164 try { 162 try {
165 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 163 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
166 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ 164 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */
167 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 165 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
168 const string& sigenc = pin.get_param("openid.sig"); 166 const string& sigenc = pin.get_param("openid.sig");
169 vector<unsigned char> sig; 167 vector<unsigned char> sig;
170 util::decode_base64(sigenc,sig); 168 util::decode_base64(sigenc,sig);
171 const string& slist = pin.get_param("openid.signed"); 169 const string& slist = pin.get_param("openid.signed");
172 string kv; 170 string kv;