-rw-r--r-- | include/Makefile.am | 5 | ||||
-rw-r--r-- | include/opkele/verify_op.h | 16 | ||||
-rw-r--r-- | lib/Makefile.am | 5 | ||||
-rw-r--r-- | lib/verify_op.cc | 53 |
4 files changed, 73 insertions, 6 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index 37fb961..9f5982c 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -13,16 +13,15 @@ nobase_include_HEADERS = \ opkele/sreg.h \ opkele/extension_chain.h \ opkele/xconsumer.h \ opkele/xserver.h \ opkele/uris.h \ opkele/tr1-mem.h \ - opkele/basic_rp.h \ - opkele/prequeue_rp.h \ + opkele/basic_rp.h opkele/prequeue_rp.h \ opkele/iterator.h \ - opkele/basic_op.h \ + opkele/basic_op.h opkele/verify_op.h \ ${NODIST_HEADERS_} noinst_HEADERS = \ opkele/data.h \ opkele/curl.h opkele/expat.h opkele/tidy.h \ opkele/util.h \ diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h new file mode 100644 index 0000000..f5c97b2 --- a/dev/null +++ b/include/opkele/verify_op.h @@ -0,0 +1,16 @@ +#ifndef __OPKELE_VERIFY_OP_H +#define __OPKELE_VERIFY_OP_H + +#include <opkele/basic_op.h> + +namespace opkele { + + class verify_op : public basic_op { + public: + + void verify_return_to(); + }; + +} + +#endif /* __OPKELE_VERIFY_OP_H */ diff --git a/lib/Makefile.am b/lib/Makefile.am index ac312d1..e8bfbf5 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -24,12 +24,11 @@ libopkele_la_SOURCES = \ exception.cc \ extension.cc \ sreg.cc \ extension_chain.cc \ curl.cc expat.cc \ discovery.cc \ - basic_rp.cc \ - prequeue_rp.cc \ + basic_rp.cc prequeue_rp.cc \ openid_message.cc \ - basic_op.cc + basic_op.cc verify_op.cc libopkele_la_LDFLAGS = \ -version-info 2:0:0 diff --git a/lib/verify_op.cc b/lib/verify_op.cc new file mode 100644 index 0000000..e7c26b5 --- a/dev/null +++ b/lib/verify_op.cc @@ -0,0 +1,53 @@ +#include <opkele/verify_op.h> +#include <opkele/discovery.h> +#include <opkele/exception.h> +#include <opkele/util.h> +#include <opkele/uris.h> + +namespace opkele { + using std::output_iterator_tag; + + class __RP_verifier_good_input : public exception { + public: + __RP_verifier_good_input(OPKELE_E_PARS) + : exception(OPKELE_E_CONS) { } + }; + + class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { + public: + int seen; + const string& return_to; + + RP_verifier(const string& rt) + : return_to(rt), seen(0) { } + + RP_verifier& operator*() { return *this; } + RP_verifier& operator=(const openid_endpoint_t& oep) { + if(util::uri_matches_realm(return_to,oep.uri)) + throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); + return *this; + } + + RP_verifier& operator++() { ++seen; return *this; } + RP_verifier& operator++(int) { +seen; return *this; } + }; + + void verify_op::verify_return_to() { + basic_op::verify_return_to(); + try { + RP_verifier rpv(return_to); + string drealm = realm; + string::size_type csss = drealm.find("://*."); + if(csss==4 || csss==5) + drealm.replace(csss+3,1,"www"); + const char *rtt[] = { STURI_OPENID20_RT, 0 }; + yadiscover(rpv,drealm,rtt,false); + if(rpv.seen) + throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); + }catch(__RP_verifier_good_input&) { + }catch(bad_return_to& brt) { + throw; + }catch(exception_network&) { } + } + +} |