summaryrefslogtreecommitdiffabout
Side-by-side diff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_op.h3
-rw-r--r--include/opkele/extension.h8
-rw-r--r--include/opkele/verify_op.h10
3 files changed, 21 insertions, 0 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h
index a0f0af0..0e3231d 100644
--- a/include/opkele/basic_op.h
+++ b/include/opkele/basic_op.h
@@ -1,74 +1,77 @@
#ifndef __OPKELE_BASIC_OP_H
#define __OPKELE_BASIC_OP_H
#include <string>
#include <opkele/types.h>
#include <opkele/extension.h>
namespace opkele {
using std::string;
+ /**
+ * Implementation of basic OP functionality
+ */
class basic_OP {
public:
/**
* The request mode for the request being processed
*/
mode_t mode;
/**
* association used in transaction. reset in case of dumb operation
*/
assoc_t assoc;
/**
* true if the request is openid2 request
*/
bool openid2;
/**
* The return_to RP endpoint
*/
string return_to;
/**
* The realm we authenticate for
*/
string realm;
/**
* Claimed identifier
*/
string claimed_id;
/**
* The OP-Local identifier
*/
string identity;
/**
* The invalidate handle for the reply request
*/
string invalidate_handle;
void reset_vars();
/**
* @name Request information access
* Setting and retrieval of the information pertaining to the request being processed
* @{
*/
/**
* Check if the RP expects us to get back to them.
* @return true if RP supplied return_to URL
*/
bool has_return_to() const;
/**
* Find out where the RP is waiting for us.
* @return the return_to URL supplied
* @throw no_return_to if no return_to is supplied with the request
*/
const string& get_return_to() const;
/**
* Find out what realm we are authenticating user for
* @return the realm
*/
const string& get_realm() const;
/**
* Check if request is about identity
* @return true if so
*/
diff --git a/include/opkele/extension.h b/include/opkele/extension.h
index 37bcb90..38f61e3 100644
--- a/include/opkele/extension.h
+++ b/include/opkele/extension.h
@@ -1,61 +1,69 @@
#ifndef __OPKELE_EXTENSION_H
#define __OPKELE_EXTENSION_H
/**
* @file
* @brief extensions framework basics
*/
#include <opkele/opkele-config.h>
#include <opkele/types.h>
namespace opkele {
/**
* OpenID extension hooks base class
*/
class extension_t {
public:
virtual ~extension_t() { }
/**
* hook called by RP before submitting the message to OP.
* @param om openid message to be submit
*/
virtual void rp_checkid_hook(basic_openid_message& om);
/**
* hook called by RP after verifying information received from OP.
* @param om openid message received
* @param sp signed part of the message
*/
virtual void rp_id_res_hook(const basic_openid_message& om,
const basic_openid_message& sp);
/**
* hook called by OP after parsing incoming message
* @param inm message received from RP
*/
virtual void op_checkid_hook(const basic_openid_message& inm);
/**
* hook called by OP before signing the reply to RP
* @param oum message to be sent to RP
*/
virtual void op_id_res_hook(basic_openid_message& oum);
+ /**
+ * @name deprecated hooks, used by the deprecated consumer_t and
+ * server_t implementations
+ * @{
+ */
virtual void checkid_hook(basic_openid_message& om) OPKELE_DEPRECATE;
virtual void id_res_hook(const basic_openid_message& om,
const basic_openid_message& sp) OPKELE_DEPRECATE;
virtual void checkid_hook(const basic_openid_message& inm,basic_openid_message& oum);
+ /**
+ * @}
+ */
/**
* Casts the object to pointer to itself. For convenient passing
* of pointer.
*/
operator extension_t*(void) { return this; }
};
}
#endif /* __OPKELE_EXTENSION_H */
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
index 6c3c386..6b94240 100644
--- a/include/opkele/verify_op.h
+++ b/include/opkele/verify_op.h
@@ -1,16 +1,26 @@
#ifndef __OPKELE_VERIFY_OP_H
#define __OPKELE_VERIFY_OP_H
#include <opkele/basic_op.h>
namespace opkele {
+ /**
+ * The OP implementation that does discovery verification on RP
+ */
class verify_op : public basic_OP {
public:
+ /**
+ * In addition to basic_OP::verify_return_to() functionality this
+ * implementation does the discovery on RP to see if return_to matches
+ * the realm
+ * @throw bad_return_to in case we fail to discover corresponding
+ * service endpoint
+ */
void verify_return_to();
};
}
#endif /* __OPKELE_VERIFY_OP_H */