/usr/include/opkele/basic_op.h is in libopkele-dev 2.0.4-8.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 | #ifndef __OPKELE_BASIC_OP_H
#define __OPKELE_BASIC_OP_H
#include <string>
#include <opkele/types.h>
#include <opkele/extension.h>
namespace opkele {
using std::string;
/**
* Implementation of basic OP functionality
*/
class basic_OP {
public:
/**
* The request mode for the request being processed
*/
mode_t mode;
/**
* association used in transaction. reset in case of dumb operation
*/
assoc_t assoc;
/**
* true if the request is openid2 request
*/
bool openid2;
/**
* The return_to RP endpoint
*/
string return_to;
/**
* The realm we authenticate for
*/
string realm;
/**
* Claimed identifier
*/
string claimed_id;
/**
* The OP-Local identifier
*/
string identity;
/**
* The invalidate handle for the reply request
*/
string invalidate_handle;
virtual ~basic_OP() { }
void reset_vars();
/**
* @name Request information access
* Setting and retrieval of the information pertaining to the request being processed
* @{
*/
/**
* Check if the RP expects us to get back to them.
* @return true if RP supplied return_to URL
*/
bool has_return_to() const;
/**
* Find out where the RP is waiting for us.
* @return the return_to URL supplied
* @throw no_return_to if no return_to is supplied with the request
*/
const string& get_return_to() const;
/**
* Find out what realm we are authenticating user for
* @return the realm
*/
const string& get_realm() const;
/**
* Check if request is about identity
* @return true if so
*/
bool has_identity() const;
/**
* Get claimed identifier supplied with the request
* @return claimed identifier
* @throw non_identity if request is not about identity
*/
const string& get_claimed_id() const;
/**
* Get the identity (OP-Local identifier) being confirmed
* @return identity
* @throw non_identity if request is not about identity
*/
const string& get_identity() const;
/**
* Is identifier supposed to be selected on our side?
* @return true if identity is a special identifier select URI
*/
bool is_id_select() const;
/**
* Select the identity for identifier select request
* @param cid claimed identifier
* @param lid local identifier
*/
void select_identity(const string& cid,const string& lid);
/**
* Set claimed identifier (for instance if it's supposed to have
* fragment part)
* @param cid claimed identifier
*/
void set_claimed_id(const string& cid);
/**
* @}
*/
/** @name OpenID operations
* @{
*/
/**
* Establish association with RP
* @param oum reply message
* @param inm request message
*/
basic_openid_message& associate(
basic_openid_message& oum,
const basic_openid_message& inm);
/**
* Parse the checkid_* request. The function parses input message,
* retrieves the information needed for further processing,
* verifies what can be verified at this stage.
* @param inm incoming OpenID message
* @param ext extension/chain of extensions supported
*/
void checkid_(const basic_openid_message& inm,extension_t *ext=0);
/**
* Build and sign a positive assertion message
* @param om outpu OpenID message
* @param ext extension/chain of extensions supported
* @return reference to om
*/
basic_openid_message& id_res(basic_openid_message& om,
extension_t *ext=0);
/**
* Build a 'cancel' negative assertion
* @param om output OpenID message
* @return reference to om
*/
basic_openid_message& cancel(basic_openid_message& om);
/**
* Build an 'error' reply
* @param om output OpenID message
* @param error a human-readable message indicating the cause
* @param contact contact address for the server administrator (can be empty)
* @param reference a reference token (can be empty)
* @return reference to om
*/
basic_openid_message& error(basic_openid_message& om,
const string& error,const string& contact,
const string& reference );
/**
* Build a setup_needed reply to checkid_immediate request
* @param oum output OpenID message
* @param inm incoming OpenID request being processed
* @return reference to oum
*/
basic_openid_message& setup_needed(
basic_openid_message& oum,const basic_openid_message& inm);
/**
* Process check_authentication request
* @param oum output OpenID message
* @param inm incoming request
* @return reference to oum
*/
basic_openid_message& check_authentication(
basic_openid_message& oum,const basic_openid_message& inm);
/**
* @}
*/
/**
* Verify return_to url. The default implementation checks whether
* return_to URI matches the realm
* @throw bad_realm in case of invalid realm
* @throw bad_return_to if return_to doesn't match the realm
* @see verify_OP::verify_return_to()
*/
virtual void verify_return_to();
/**
* @name Global persistent store API
* These functions are related to the associations with RPs storage
* and retrieval and nonce management.
* @{
*/
/**
* Allocate association.
* @param type association type
* @param kl association key length
* @param sl true if the association is stateless
* @return association object
*/
virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0;
/**
* Retrieve valid unexpired association
* @param handle association handle
* @return association object
*/
virtual assoc_t retrieve_assoc(const string& handle) = 0;
/**
* Allocate nonce.
* @param nonce input-output parameter containing timestamp part of
* the nonce on input
* @param sl true if the nonce is
* @return reference to nonce
* @throw failed_lookup if no such valid unexpired association
* could be retrieved
*/
virtual string& alloc_nonce(string& nonce) = 0;
/**
* Check nonce validity
* @param nonce nonce to check
* @return true if nonce found and isn't yet invalidated
*/
virtual bool check_nonce(const string& nonce) = 0;
/**
* Invalidate nonce
* @param nonce nonce to check
*/
virtual void invalidate_nonce(const string& nonce) = 0;
/**
* @}
*/
/**
* @name Site particulars API
* @{
*/
/**
* Query the absolute URL of the op endpoint
* @return fully qualified url of the OP endpoint
*/
virtual const string get_op_endpoint() const = 0;
/**
* @}
*/
};
}
#endif /* __OPKELE_BASIC_OP_H */
|