-rw-r--r-- | include/opkele/consumer.h | 2 | ||||
-rw-r--r-- | include/opkele/extension.h | 2 | ||||
-rw-r--r-- | include/opkele/server.h | 2 | ||||
-rw-r--r-- | include/opkele/types.h | 2 |
4 files changed, 8 insertions, 0 deletions
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h index b9d1e54..50ff692 100644 --- a/include/opkele/consumer.h +++ b/include/opkele/consumer.h | |||
@@ -1,72 +1,74 @@ | |||
1 | #ifndef __OPKELE_CONSUMER_H | 1 | #ifndef __OPKELE_CONSUMER_H |
2 | #define __OPKELE_CONSUMER_H | 2 | #define __OPKELE_CONSUMER_H |
3 | 3 | ||
4 | #include <opkele/types.h> | 4 | #include <opkele/types.h> |
5 | #include <opkele/extension.h> | 5 | #include <opkele/extension.h> |
6 | 6 | ||
7 | /** | 7 | /** |
8 | * @file | 8 | * @file |
9 | * @brief OpenID consumer-side functionality | 9 | * @brief OpenID consumer-side functionality |
10 | */ | 10 | */ |
11 | 11 | ||
12 | namespace opkele { | 12 | namespace opkele { |
13 | 13 | ||
14 | /** | 14 | /** |
15 | * implementation of basic consumer functionality | 15 | * implementation of basic consumer functionality |
16 | * | 16 | * |
17 | * @note | 17 | * @note |
18 | * The consumer uses libcurl internally, which means that if you're using | 18 | * The consumer uses libcurl internally, which means that if you're using |
19 | * libopkele in multithreaded environment you should call curl_global_init | 19 | * libopkele in multithreaded environment you should call curl_global_init |
20 | * yourself before spawning any threads. | 20 | * yourself before spawning any threads. |
21 | */ | 21 | */ |
22 | class consumer_t { | 22 | class consumer_t { |
23 | public: | 23 | public: |
24 | 24 | ||
25 | virtual ~consumer_t() { } | ||
26 | |||
25 | /** | 27 | /** |
26 | * store association. The function should be overridden in the real | 28 | * store association. The function should be overridden in the real |
27 | * implementation to provide persistent associations store. | 29 | * implementation to provide persistent associations store. |
28 | * @param server the OpenID server | 30 | * @param server the OpenID server |
29 | * @param handle association handle | 31 | * @param handle association handle |
30 | * @param secret the secret associated with the server and handle | 32 | * @param secret the secret associated with the server and handle |
31 | * @param expires_in the number of seconds until the handle is expired | 33 | * @param expires_in the number of seconds until the handle is expired |
32 | * @return the auto_ptr<> for the newly allocated association_t object | 34 | * @return the auto_ptr<> for the newly allocated association_t object |
33 | */ | 35 | */ |
34 | virtual assoc_t store_assoc(const string& server,const string& handle,const secret_t& secret,int expires_in) = 0; | 36 | virtual assoc_t store_assoc(const string& server,const string& handle,const secret_t& secret,int expires_in) = 0; |
35 | /** | 37 | /** |
36 | * retrieve stored association. The function should be overridden | 38 | * retrieve stored association. The function should be overridden |
37 | * in the real implementation to provide persistent assocations | 39 | * in the real implementation to provide persistent assocations |
38 | * store. | 40 | * store. |
39 | * | 41 | * |
40 | * @note | 42 | * @note |
41 | * The user is responsible for handling associations expiry and | 43 | * The user is responsible for handling associations expiry and |
42 | * this function should never return an expired or invalidated | 44 | * this function should never return an expired or invalidated |
43 | * association. | 45 | * association. |
44 | * | 46 | * |
45 | * @param server the OpenID server | 47 | * @param server the OpenID server |
46 | * @param handle association handle | 48 | * @param handle association handle |
47 | * @return the autho_ptr<> for the newly allocated association_t object | 49 | * @return the autho_ptr<> for the newly allocated association_t object |
48 | * @throw failed_lookup if no unexpired association found | 50 | * @throw failed_lookup if no unexpired association found |
49 | */ | 51 | */ |
50 | virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; | 52 | virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; |
51 | /** | 53 | /** |
52 | * invalidate stored association. The function should be overridden | 54 | * invalidate stored association. The function should be overridden |
53 | * in the real implementation of the consumer. | 55 | * in the real implementation of the consumer. |
54 | * @param server the OpenID server | 56 | * @param server the OpenID server |
55 | * @param handle association handle | 57 | * @param handle association handle |
56 | */ | 58 | */ |
57 | virtual void invalidate_assoc(const string& server,const string& handle) = 0; | 59 | virtual void invalidate_assoc(const string& server,const string& handle) = 0; |
58 | /** | 60 | /** |
59 | * retrieve any unexpired association for the server. If the | 61 | * retrieve any unexpired association for the server. If the |
60 | * function is not overridden in the real implementation, the new | 62 | * function is not overridden in the real implementation, the new |
61 | * association will be established for each request. | 63 | * association will be established for each request. |
62 | * | 64 | * |
63 | * @note | 65 | * @note |
64 | * The user is responsible for handling associations and this | 66 | * The user is responsible for handling associations and this |
65 | * function should never return an expired or invalidated | 67 | * function should never return an expired or invalidated |
66 | * association. | 68 | * association. |
67 | * | 69 | * |
68 | * @param server the OpenID server | 70 | * @param server the OpenID server |
69 | * @return the auto_ptr<> for the newly allocated association_t object | 71 | * @return the auto_ptr<> for the newly allocated association_t object |
70 | * @throw failed_lookup in case of absence of the handle | 72 | * @throw failed_lookup in case of absence of the handle |
71 | */ | 73 | */ |
72 | virtual assoc_t find_assoc(const string& server); | 74 | virtual assoc_t find_assoc(const string& server); |
diff --git a/include/opkele/extension.h b/include/opkele/extension.h index ea0c74c..513672f 100644 --- a/include/opkele/extension.h +++ b/include/opkele/extension.h | |||
@@ -1,63 +1,65 @@ | |||
1 | #ifndef __OPKELE_EXTENSION_H | 1 | #ifndef __OPKELE_EXTENSION_H |
2 | #define __OPKELE_EXTENSION_H | 2 | #define __OPKELE_EXTENSION_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief extensions framework basics | 6 | * @brief extensions framework basics |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <opkele/types.h> | 9 | #include <opkele/types.h> |
10 | 10 | ||
11 | namespace opkele { | 11 | namespace opkele { |
12 | 12 | ||
13 | /** | 13 | /** |
14 | * OpenID extension hooks base class | 14 | * OpenID extension hooks base class |
15 | */ | 15 | */ |
16 | class extension_t { | 16 | class extension_t { |
17 | public: | 17 | public: |
18 | |||
19 | virtual ~extension_t() { } | ||
18 | /** | 20 | /** |
19 | * hook called by consumer before submitting data to OpenID server. | 21 | * hook called by consumer before submitting data to OpenID server. |
20 | * It is supposed to manipulate parameters list. | 22 | * It is supposed to manipulate parameters list. |
21 | * @param p parameters about to be submitted to server | 23 | * @param p parameters about to be submitted to server |
22 | * @param identity identity being verified. It may differ from the | 24 | * @param identity identity being verified. It may differ from the |
23 | * one available in parameters list in case of delegation | 25 | * one available in parameters list in case of delegation |
24 | * @see consumer_t::checkid_ | 26 | * @see consumer_t::checkid_ |
25 | * @see consumer_t::checkid_immediate | 27 | * @see consumer_t::checkid_immediate |
26 | * @see consumer_t::checkid_setup | 28 | * @see consumer_t::checkid_setup |
27 | */ | 29 | */ |
28 | virtual void checkid_hook(params_t& p,const string& identity); | 30 | virtual void checkid_hook(params_t& p,const string& identity); |
29 | /** | 31 | /** |
30 | * hook called by consumer after identity information received from | 32 | * hook called by consumer after identity information received from |
31 | * OpenID server is verified. | 33 | * OpenID server is verified. |
32 | * @param p parameters received from server | 34 | * @param p parameters received from server |
33 | * @param sp signed parameters received from server with 'openid.' | 35 | * @param sp signed parameters received from server with 'openid.' |
34 | * leader stripped | 36 | * leader stripped |
35 | * @param identity identity confirmed. May differ from the one | 37 | * @param identity identity confirmed. May differ from the one |
36 | * available in parameters list in case of delegation. May also be | 38 | * available in parameters list in case of delegation. May also be |
37 | * empty which means - extract one from parameters | 39 | * empty which means - extract one from parameters |
38 | * @see consumer_t::id_res | 40 | * @see consumer_t::id_res |
39 | */ | 41 | */ |
40 | virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); | 42 | virtual void id_res_hook(const params_t& p,const params_t& sp,const string& identity); |
41 | 43 | ||
42 | /** | 44 | /** |
43 | * hook called by server before returning information to consumer. | 45 | * hook called by server before returning information to consumer. |
44 | * The hook may manipulate output parameters. It is important to | 46 | * The hook may manipulate output parameters. It is important to |
45 | * note that modified pout["signed"] is used for signing response. | 47 | * note that modified pout["signed"] is used for signing response. |
46 | * @param pin request parameters list with "openid." prefix | 48 | * @param pin request parameters list with "openid." prefix |
47 | * @param pout response parameters list without "openid." prefix | 49 | * @param pout response parameters list without "openid." prefix |
48 | * @see server_t::checkid_ | 50 | * @see server_t::checkid_ |
49 | * @see server_t::checkid_immediate | 51 | * @see server_t::checkid_immediate |
50 | * @see server_t::checkid_setup | 52 | * @see server_t::checkid_setup |
51 | */ | 53 | */ |
52 | virtual void checkid_hook(const params_t& pin,params_t& pout); | 54 | virtual void checkid_hook(const params_t& pin,params_t& pout); |
53 | 55 | ||
54 | /** | 56 | /** |
55 | * Casts the object to pointer to itself. For convenient passing | 57 | * Casts the object to pointer to itself. For convenient passing |
56 | * of pointer. | 58 | * of pointer. |
57 | */ | 59 | */ |
58 | operator extension_t*(void) { return this; } | 60 | operator extension_t*(void) { return this; } |
59 | }; | 61 | }; |
60 | 62 | ||
61 | } | 63 | } |
62 | 64 | ||
63 | #endif /* __OPKELE_EXTENSION_H */ | 65 | #endif /* __OPKELE_EXTENSION_H */ |
diff --git a/include/opkele/server.h b/include/opkele/server.h index e7e5bb3..dd7fc41 100644 --- a/include/opkele/server.h +++ b/include/opkele/server.h | |||
@@ -1,67 +1,69 @@ | |||
1 | #ifndef __OPKELE_SERVER_H | 1 | #ifndef __OPKELE_SERVER_H |
2 | #define __OPKELE_SERVER_H | 2 | #define __OPKELE_SERVER_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @file | 5 | * @file |
6 | * @brief OpenID server-side functionality | 6 | * @brief OpenID server-side functionality |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <opkele/types.h> | 9 | #include <opkele/types.h> |
10 | #include <opkele/extension.h> | 10 | #include <opkele/extension.h> |
11 | 11 | ||
12 | namespace opkele { | 12 | namespace opkele { |
13 | 13 | ||
14 | /** | 14 | /** |
15 | * implementation of basic server functionality | 15 | * implementation of basic server functionality |
16 | */ | 16 | */ |
17 | class server_t { | 17 | class server_t { |
18 | public: | 18 | public: |
19 | 19 | ||
20 | virtual ~server_t() { } | ||
21 | |||
20 | /** | 22 | /** |
21 | * allocate the new association. The function should be overridden | 23 | * allocate the new association. The function should be overridden |
22 | * in the real implementation to provide persistent assocations | 24 | * in the real implementation to provide persistent assocations |
23 | * store. | 25 | * store. |
24 | * @param mode the mode of request being processed to base the | 26 | * @param mode the mode of request being processed to base the |
25 | * statelessness of the association upon | 27 | * statelessness of the association upon |
26 | * @return the auto_ptr<> for the newly allocated association_t object | 28 | * @return the auto_ptr<> for the newly allocated association_t object |
27 | */ | 29 | */ |
28 | virtual assoc_t alloc_assoc(mode_t mode) = 0; | 30 | virtual assoc_t alloc_assoc(mode_t mode) = 0; |
29 | /** | 31 | /** |
30 | * retrieve the association. The function should be overridden in | 32 | * retrieve the association. The function should be overridden in |
31 | * the reqal implementation to provide persistent assocations | 33 | * the reqal implementation to provide persistent assocations |
32 | * store. | 34 | * store. |
33 | * @param h association handle | 35 | * @param h association handle |
34 | * @return the auto_ptr<> for the newly allocated association_t object | 36 | * @return the auto_ptr<> for the newly allocated association_t object |
35 | * @throw failed_lookup in case of failure | 37 | * @throw failed_lookup in case of failure |
36 | */ | 38 | */ |
37 | virtual assoc_t retrieve_assoc(const string& h) = 0; | 39 | virtual assoc_t retrieve_assoc(const string& h) = 0; |
38 | 40 | ||
39 | /** | 41 | /** |
40 | * validate the identity. | 42 | * validate the identity. |
41 | * @param assoc association object | 43 | * @param assoc association object |
42 | * @param pin incoming request parameters | 44 | * @param pin incoming request parameters |
43 | * @param identity being verified | 45 | * @param identity being verified |
44 | * @param trust_root presented in the request | 46 | * @param trust_root presented in the request |
45 | * @throw exception if identity can not be confirmed | 47 | * @throw exception if identity can not be confirmed |
46 | */ | 48 | */ |
47 | virtual void validate(const association_t& assoc,const params_t& pin,const string& identity,const string& trust_root) = 0; | 49 | virtual void validate(const association_t& assoc,const params_t& pin,const string& identity,const string& trust_root) = 0; |
48 | 50 | ||
49 | 51 | ||
50 | /** | 52 | /** |
51 | * process the associate request. | 53 | * process the associate request. |
52 | * @param pin the incoming request parameters | 54 | * @param pin the incoming request parameters |
53 | * @param pout the store for the response parameters | 55 | * @param pout the store for the response parameters |
54 | */ | 56 | */ |
55 | void associate(const params_t& pin,params_t& pout); | 57 | void associate(const params_t& pin,params_t& pout); |
56 | /** | 58 | /** |
57 | * process the checkid_immediate request. | 59 | * process the checkid_immediate request. |
58 | * @param pin the incoming request parameters | 60 | * @param pin the incoming request parameters |
59 | * @param return_to reference to the object to store return_to url to | 61 | * @param return_to reference to the object to store return_to url to |
60 | * @param pout the response parameters | 62 | * @param pout the response parameters |
61 | * @param ext pointer to the extension hooks object | 63 | * @param ext pointer to the extension hooks object |
62 | * @throw exception in case of errors or negative reply | 64 | * @throw exception in case of errors or negative reply |
63 | */ | 65 | */ |
64 | virtual void checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); | 66 | virtual void checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); |
65 | /** | 67 | /** |
66 | * process the checkid_setup request. | 68 | * process the checkid_setup request. |
67 | * @param pin the incoming request parameters | 69 | * @param pin the incoming request parameters |
diff --git a/include/opkele/types.h b/include/opkele/types.h index 8f4bf73..f732a1e 100644 --- a/include/opkele/types.h +++ b/include/opkele/types.h | |||
@@ -20,96 +20,98 @@ namespace opkele { | |||
20 | using std::auto_ptr; | 20 | using std::auto_ptr; |
21 | 21 | ||
22 | /** | 22 | /** |
23 | * the OpenID operation mode | 23 | * the OpenID operation mode |
24 | */ | 24 | */ |
25 | typedef enum _mode_t { | 25 | typedef enum _mode_t { |
26 | mode_associate, | 26 | mode_associate, |
27 | mode_checkid_immediate, | 27 | mode_checkid_immediate, |
28 | mode_checkid_setup, | 28 | mode_checkid_setup, |
29 | mode_check_association | 29 | mode_check_association |
30 | } mode_t; | 30 | } mode_t; |
31 | 31 | ||
32 | /** | 32 | /** |
33 | * the association secret container | 33 | * the association secret container |
34 | */ | 34 | */ |
35 | class secret_t : public vector<unsigned char> { | 35 | class secret_t : public vector<unsigned char> { |
36 | public: | 36 | public: |
37 | 37 | ||
38 | /** | 38 | /** |
39 | * xor the secret and hmac together and encode, using base64 | 39 | * xor the secret and hmac together and encode, using base64 |
40 | * @param key_sha1 pointer to the sha1 digest | 40 | * @param key_sha1 pointer to the sha1 digest |
41 | * @param rv reference to the return value | 41 | * @param rv reference to the return value |
42 | */ | 42 | */ |
43 | void enxor_to_base64(const unsigned char *key_sha1,string& rv) const; | 43 | void enxor_to_base64(const unsigned char *key_sha1,string& rv) const; |
44 | /** | 44 | /** |
45 | * decode base64-encoded secret and xor it with the sha1 digest | 45 | * decode base64-encoded secret and xor it with the sha1 digest |
46 | * @param key_sha1 pointer to the message digest | 46 | * @param key_sha1 pointer to the message digest |
47 | * @param b64 base64-encoded secret value | 47 | * @param b64 base64-encoded secret value |
48 | */ | 48 | */ |
49 | void enxor_from_base64(const unsigned char *key_sha1,const string& b64); | 49 | void enxor_from_base64(const unsigned char *key_sha1,const string& b64); |
50 | /** | 50 | /** |
51 | * plainly encode to base64 representation | 51 | * plainly encode to base64 representation |
52 | * @param rv reference to the return value | 52 | * @param rv reference to the return value |
53 | */ | 53 | */ |
54 | void to_base64(string& rv) const; | 54 | void to_base64(string& rv) const; |
55 | /** | 55 | /** |
56 | * decode cleartext secret from base64 | 56 | * decode cleartext secret from base64 |
57 | * @param b64 base64-encoded representation of the secret value | 57 | * @param b64 base64-encoded representation of the secret value |
58 | */ | 58 | */ |
59 | void from_base64(const string& b64); | 59 | void from_base64(const string& b64); |
60 | }; | 60 | }; |
61 | 61 | ||
62 | /** | 62 | /** |
63 | * Interface to the association. | 63 | * Interface to the association. |
64 | */ | 64 | */ |
65 | class association_t { | 65 | class association_t { |
66 | public: | 66 | public: |
67 | 67 | ||
68 | virtual ~association_t() { } | ||
69 | |||
68 | /** | 70 | /** |
69 | * retrieve the server with which association was established. | 71 | * retrieve the server with which association was established. |
70 | * @return server name | 72 | * @return server name |
71 | */ | 73 | */ |
72 | virtual string server() const = 0; | 74 | virtual string server() const = 0; |
73 | /** | 75 | /** |
74 | * retrieve the association handle. | 76 | * retrieve the association handle. |
75 | * @return handle | 77 | * @return handle |
76 | */ | 78 | */ |
77 | virtual string handle() const = 0; | 79 | virtual string handle() const = 0; |
78 | /** | 80 | /** |
79 | * retrieve the association type. | 81 | * retrieve the association type. |
80 | * @return association type | 82 | * @return association type |
81 | */ | 83 | */ |
82 | virtual string assoc_type() const = 0; | 84 | virtual string assoc_type() const = 0; |
83 | /** | 85 | /** |
84 | * retrieve the association secret. | 86 | * retrieve the association secret. |
85 | * @return association secret | 87 | * @return association secret |
86 | */ | 88 | */ |
87 | virtual secret_t secret() const = 0; | 89 | virtual secret_t secret() const = 0; |
88 | /** | 90 | /** |
89 | * retrieve the number of seconds the association expires in. | 91 | * retrieve the number of seconds the association expires in. |
90 | * @return seconds till expiration | 92 | * @return seconds till expiration |
91 | */ | 93 | */ |
92 | virtual int expires_in() const = 0; | 94 | virtual int expires_in() const = 0; |
93 | /** | 95 | /** |
94 | * check whether the association is stateless. | 96 | * check whether the association is stateless. |
95 | * @return true if stateless | 97 | * @return true if stateless |
96 | */ | 98 | */ |
97 | virtual bool stateless() const = 0; | 99 | virtual bool stateless() const = 0; |
98 | /** | 100 | /** |
99 | * check whether the association is expired. | 101 | * check whether the association is expired. |
100 | * @return true if expired | 102 | * @return true if expired |
101 | */ | 103 | */ |
102 | virtual bool is_expired() const = 0; | 104 | virtual bool is_expired() const = 0; |
103 | }; | 105 | }; |
104 | 106 | ||
105 | /** | 107 | /** |
106 | * the auto_ptr<> for association_t object type | 108 | * the auto_ptr<> for association_t object type |
107 | */ | 109 | */ |
108 | typedef auto_ptr<association_t> assoc_t; | 110 | typedef auto_ptr<association_t> assoc_t; |
109 | 111 | ||
110 | /** | 112 | /** |
111 | * request/response parameters map | 113 | * request/response parameters map |
112 | */ | 114 | */ |
113 | class params_t : public map<string,string> { | 115 | class params_t : public map<string,string> { |
114 | public: | 116 | public: |
115 | 117 | ||