author | Michael Krelin <hacker@klever.net> | 2008-02-19 23:48:32 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-02-19 23:48:32 (UTC) |
commit | daf2d4bcb4a31df6b46d3da7a33ee3f98d85e464 (patch) (unidiff) | |
tree | 7d929285bc296777c63d4f482c7bb07f8541bce2 | |
parent | 42e4fb613d190508b3e8b8993d233044eeea4d20 (diff) | |
download | libopkele-daf2d4bcb4a31df6b46d3da7a33ee3f98d85e464.zip libopkele-daf2d4bcb4a31df6b46d3da7a33ee3f98d85e464.tar.gz libopkele-daf2d4bcb4a31df6b46d3da7a33ee3f98d85e464.tar.bz2 |
added an identifier normalization utility function
* moved iname leader characters and whitespace characters strings to
opkele::data namespace
* added opkele::util::normalize_identifier() function
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | include/opkele/data.h | 2 | ||||
-rw-r--r-- | include/opkele/util.h | 2 | ||||
-rw-r--r-- | lib/data.cc | 3 | ||||
-rw-r--r-- | lib/discovery.cc | 17 | ||||
-rw-r--r-- | lib/util.cc | 41 |
5 files changed, 53 insertions, 12 deletions
diff --git a/include/opkele/data.h b/include/opkele/data.h index d0b0516..904b5ae 100644 --- a/include/opkele/data.h +++ b/include/opkele/data.h | |||
@@ -1,18 +1,20 @@ | |||
1 | #ifndef __OPKELE_DATA_H | 1 | #ifndef __OPKELE_DATA_H |
2 | #define __OPKELE_DATA_H | 2 | #define __OPKELE_DATA_H |
3 | 3 | ||
4 | /** | 4 | /** |
5 | * @brief the main opkele namespace | 5 | * @brief the main opkele namespace |
6 | */ | 6 | */ |
7 | namespace opkele { | 7 | namespace opkele { |
8 | 8 | ||
9 | /** | 9 | /** |
10 | * @brief internal data opkele namespace | 10 | * @brief internal data opkele namespace |
11 | */ | 11 | */ |
12 | namespace data { | 12 | namespace data { |
13 | extern const char *_default_p; | 13 | extern const char *_default_p; |
14 | extern const char *_default_g; | 14 | extern const char *_default_g; |
15 | extern const char *_iname_leaders; | ||
16 | extern const char *_whitespace_chars; | ||
15 | } | 17 | } |
16 | } | 18 | } |
17 | 19 | ||
18 | #endif /* __OPKELE_DATA_H */ | 20 | #endif /* __OPKELE_DATA_H */ |
diff --git a/include/opkele/util.h b/include/opkele/util.h index 60955e1..fd974a1 100644 --- a/include/opkele/util.h +++ b/include/opkele/util.h | |||
@@ -63,48 +63,50 @@ namespace opkele { | |||
63 | /** | 63 | /** |
64 | * Encode binary data using base64. | 64 | * Encode binary data using base64. |
65 | * @param data pointer to binary data | 65 | * @param data pointer to binary data |
66 | * @param length length of data | 66 | * @param length length of data |
67 | * @return encoded data | 67 | * @return encoded data |
68 | */ | 68 | */ |
69 | string encode_base64(const void *data,size_t length); | 69 | string encode_base64(const void *data,size_t length); |
70 | /** | 70 | /** |
71 | * Decode binary data from base64 representation. | 71 | * Decode binary data from base64 representation. |
72 | * @param data base64-encoded data | 72 | * @param data base64-encoded data |
73 | * @param rv container for decoded binary | 73 | * @param rv container for decoded binary |
74 | */ | 74 | */ |
75 | void decode_base64(const string& data,vector<unsigned char>& rv); | 75 | void decode_base64(const string& data,vector<unsigned char>& rv); |
76 | 76 | ||
77 | /** | 77 | /** |
78 | * Normalize http(s) URI according to RFC3986, section 6. URI is | 78 | * Normalize http(s) URI according to RFC3986, section 6. URI is |
79 | * expected to have scheme: in front of it. | 79 | * expected to have scheme: in front of it. |
80 | * @param uri URI | 80 | * @param uri URI |
81 | * @return normalized URI | 81 | * @return normalized URI |
82 | * @throw not_implemented in case of non-httpi(s) URI | 82 | * @throw not_implemented in case of non-httpi(s) URI |
83 | * @throw bad_input in case of malformed URI | 83 | * @throw bad_input in case of malformed URI |
84 | */ | 84 | */ |
85 | string rfc_3986_normalize_uri(const string& uri); | 85 | string rfc_3986_normalize_uri(const string& uri); |
86 | 86 | ||
87 | string normalize_identifier(const string& usi,bool strip_fragment); | ||
88 | |||
87 | /** | 89 | /** |
88 | * Match URI against realm | 90 | * Match URI against realm |
89 | * @param uri URI to match | 91 | * @param uri URI to match |
90 | * @param realm realm to match against | 92 | * @param realm realm to match against |
91 | * @return true if URI matches realm | 93 | * @return true if URI matches realm |
92 | */ | 94 | */ |
93 | bool uri_matches_realm(const string& uri,const string& realm); | 95 | bool uri_matches_realm(const string& uri,const string& realm); |
94 | 96 | ||
95 | /** | 97 | /** |
96 | * Strip fragment part from URI | 98 | * Strip fragment part from URI |
97 | * @param uri input/output parameter containing the URI | 99 | * @param uri input/output parameter containing the URI |
98 | * @return reference to uri | 100 | * @return reference to uri |
99 | */ | 101 | */ |
100 | string& strip_uri_fragment_part(string& uri); | 102 | string& strip_uri_fragment_part(string& uri); |
101 | 103 | ||
102 | /** | 104 | /** |
103 | * Calculate signature and encode it using base64 | 105 | * Calculate signature and encode it using base64 |
104 | * @param assoc association being used for signing | 106 | * @param assoc association being used for signing |
105 | * @param om openid message | 107 | * @param om openid message |
106 | * @return base64 representation of the signature | 108 | * @return base64 representation of the signature |
107 | */ | 109 | */ |
108 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om); | 110 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om); |
109 | 111 | ||
110 | } | 112 | } |
diff --git a/lib/data.cc b/lib/data.cc index c040430..f71788f 100644 --- a/lib/data.cc +++ b/lib/data.cc | |||
@@ -1,11 +1,14 @@ | |||
1 | #include <opkele/data.h> | 1 | #include <opkele/data.h> |
2 | 2 | ||
3 | namespace opkele { | 3 | namespace opkele { |
4 | 4 | ||
5 | namespace data { | 5 | namespace data { |
6 | 6 | ||
7 | const char *_default_p = "155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443"; | 7 | const char *_default_p = "155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443"; |
8 | const char *_default_g = "2"; | 8 | const char *_default_g = "2"; |
9 | 9 | ||
10 | const char *_iname_leaders = "=@+$!("; | ||
11 | const char *_whitespace_chars = " \t\r\n"; | ||
12 | |||
10 | } | 13 | } |
11 | } | 14 | } |
diff --git a/lib/discovery.cc b/lib/discovery.cc index b7f2db6..5913ad4 100644 --- a/lib/discovery.cc +++ b/lib/discovery.cc | |||
@@ -1,49 +1,48 @@ | |||
1 | #include <list> | 1 | #include <list> |
2 | #include <opkele/curl.h> | 2 | #include <opkele/curl.h> |
3 | #include <opkele/expat.h> | 3 | #include <opkele/expat.h> |
4 | #include <opkele/uris.h> | 4 | #include <opkele/uris.h> |
5 | #include <opkele/discovery.h> | 5 | #include <opkele/discovery.h> |
6 | #include <opkele/exception.h> | 6 | #include <opkele/exception.h> |
7 | #include <opkele/util.h> | 7 | #include <opkele/util.h> |
8 | #include <opkele/tidy.h> | 8 | #include <opkele/tidy.h> |
9 | #include <opkele/data.h> | ||
9 | #include <opkele/debug.h> | 10 | #include <opkele/debug.h> |
10 | 11 | ||
11 | #include "config.h" | 12 | #include "config.h" |
12 | 13 | ||
13 | #define XRDS_HEADER "X-XRDS-Location" | 14 | #define XRDS_HEADER "X-XRDS-Location" |
14 | #define CT_HEADER "Content-Type" | 15 | #define CT_HEADER "Content-Type" |
15 | 16 | ||
16 | namespace opkele { | 17 | namespace opkele { |
17 | using std::list; | 18 | using std::list; |
18 | using xrd::XRD_t; | 19 | using xrd::XRD_t; |
19 | using xrd::service_t; | 20 | using xrd::service_t; |
20 | 21 | ||
21 | /* TODO: the whole discovery thing needs cleanup and optimization due to | 22 | /* TODO: the whole discovery thing needs cleanup and optimization due to |
22 | * many changes of concept. */ | 23 | * many changes of concept. */ |
23 | 24 | ||
24 | static const char *whitespace = " \t\r\n"; | ||
25 | static const char *i_leaders = "=@+$!("; | ||
26 | static const size_t max_html = 16384; | 25 | static const size_t max_html = 16384; |
27 | 26 | ||
28 | static const struct service_type_t { | 27 | static const struct service_type_t { |
29 | const char *uri; | 28 | const char *uri; |
30 | const char *forceid; | 29 | const char *forceid; |
31 | } op_service_types[] = { | 30 | } op_service_types[] = { |
32 | { STURI_OPENID20_OP, IDURI_SELECT20 }, | 31 | { STURI_OPENID20_OP, IDURI_SELECT20 }, |
33 | { STURI_OPENID20, 0 }, | 32 | { STURI_OPENID20, 0 }, |
34 | { STURI_OPENID11, 0 }, | 33 | { STURI_OPENID11, 0 }, |
35 | { STURI_OPENID10, 0 } | 34 | { STURI_OPENID10, 0 } |
36 | }; | 35 | }; |
37 | enum { | 36 | enum { |
38 | st_index_1 = 2, st_index_2 = 1 | 37 | st_index_1 = 2, st_index_2 = 1 |
39 | }; | 38 | }; |
40 | 39 | ||
41 | 40 | ||
42 | static inline bool is_qelement(const XML_Char *n,const char *qen) { | 41 | static inline bool is_qelement(const XML_Char *n,const char *qen) { |
43 | return !strcasecmp(n,qen); | 42 | return !strcasecmp(n,qen); |
44 | } | 43 | } |
45 | static inline bool is_element(const XML_Char *n,const char *en) { | 44 | static inline bool is_element(const XML_Char *n,const char *en) { |
46 | if(!strcasecmp(n,en)) return true; | 45 | if(!strcasecmp(n,en)) return true; |
47 | int nl = strlen(n), enl = strlen(en); | 46 | int nl = strlen(n), enl = strlen(en); |
48 | if( (nl>=(enl+1)) && n[nl-enl-1]=='\t' | 47 | if( (nl>=(enl+1)) && n[nl-enl-1]=='\t' |
49 | && !strcasecmp(&n[nl-enl],en) ) | 48 | && !strcasecmp(&n[nl-enl],en) ) |
@@ -107,60 +106,60 @@ namespace opkele { | |||
107 | || (r=set_header()) | 106 | || (r=set_header()) |
108 | ; | 107 | ; |
109 | if(r) | 108 | if(r) |
110 | throw exception_curl(OPKELE_CP_ "failed to set curly options",r); | 109 | throw exception_curl(OPKELE_CP_ "failed to set curly options",r); |
111 | } | 110 | } |
112 | ~idigger_t() throw() { } | 111 | ~idigger_t() throw() { } |
113 | 112 | ||
114 | void yadiscover(endpoint_discovery_iterator oi,const string& yurl,const char **types,bool redirs) { | 113 | void yadiscover(endpoint_discovery_iterator oi,const string& yurl,const char **types,bool redirs) { |
115 | idiscovery_t idis; | 114 | idiscovery_t idis; |
116 | idis.xri_identity = false; | 115 | idis.xri_identity = false; |
117 | discover_at(idis,yurl,xmode_html|xmode_xrd|(redirs?0:xmode_noredirs)); | 116 | discover_at(idis,yurl,xmode_html|xmode_xrd|(redirs?0:xmode_noredirs)); |
118 | if(!xrds_location.empty()) { | 117 | if(!xrds_location.empty()) { |
119 | idis.clear(); | 118 | idis.clear(); |
120 | discover_at(idis,xrds_location,xmode_xrd); | 119 | discover_at(idis,xrds_location,xmode_xrd); |
121 | } | 120 | } |
122 | idis.normalized_id = idis.canonicalized_id = yurl; | 121 | idis.normalized_id = idis.canonicalized_id = yurl; |
123 | service_type_t st; | 122 | service_type_t st; |
124 | for(st.uri=*types;*types;st.uri=*(++types)) | 123 | for(st.uri=*types;*types;st.uri=*(++types)) |
125 | queue_endpoints(oi,idis,&st); | 124 | queue_endpoints(oi,idis,&st); |
126 | } | 125 | } |
127 | 126 | ||
128 | string discover(endpoint_discovery_iterator& oi,const string& identity) { | 127 | string discover(endpoint_discovery_iterator& oi,const string& identity) { |
129 | string rv; | 128 | string rv; |
130 | idiscovery_t idis; | 129 | idiscovery_t idis; |
131 | string::size_type fsc = identity.find_first_not_of(whitespace); | 130 | string::size_type fsc = identity.find_first_not_of(data::_whitespace_chars); |
132 | if(fsc==string::npos) | 131 | if(fsc==string::npos) |
133 | throw bad_input(OPKELE_CP_ "whitespace-only identity"); | 132 | throw bad_input(OPKELE_CP_ "whitespace-only identity"); |
134 | string::size_type lsc = identity.find_last_not_of(whitespace); | 133 | string::size_type lsc = identity.find_last_not_of(data::_whitespace_chars); |
135 | assert(lsc!=string::npos); | 134 | assert(lsc!=string::npos); |
136 | if(!strncasecmp(identity.c_str()+fsc,"xri://",sizeof("xri://")-1)) | 135 | if(!strncasecmp(identity.c_str()+fsc,"xri://",sizeof("xri://")-1)) |
137 | fsc += sizeof("xri://")-1; | 136 | fsc += sizeof("xri://")-1; |
138 | if((fsc+1)>=lsc) | 137 | if((fsc+1)>=lsc) |
139 | throw bad_input(OPKELE_CP_ "not a character of importance in identity"); | 138 | throw bad_input(OPKELE_CP_ "not a character of importance in identity"); |
140 | string id(identity,fsc,lsc-fsc+1); | 139 | string id(identity,fsc,lsc-fsc+1); |
141 | idis.clear(); | 140 | idis.clear(); |
142 | if(strchr(i_leaders,id[0])) { | 141 | if(strchr(data::_iname_leaders,id[0])) { |
143 | /* TODO: further normalize xri identity? Like folding case | 142 | /* TODO: further normalize xri identity? Like folding case |
144 | * or whatever... */ | 143 | * or whatever... */ |
145 | rv = id; | 144 | rv = id; |
146 | set<string> cids; | 145 | set<string> cids; |
147 | for(const struct service_type_t *st=op_service_types; | 146 | for(const struct service_type_t *st=op_service_types; |
148 | st<&op_service_types[sizeof(op_service_types)/sizeof(*op_service_types)];++st) { | 147 | st<&op_service_types[sizeof(op_service_types)/sizeof(*op_service_types)];++st) { |
149 | idis.clear(); | 148 | idis.clear(); |
150 | discover_at( idis, | 149 | discover_at( idis, |
151 | xri_proxy + util::url_encode(id)+ | 150 | xri_proxy + util::url_encode(id)+ |
152 | "?_xrd_t="+util::url_encode(st->uri)+ | 151 | "?_xrd_t="+util::url_encode(st->uri)+ |
153 | "&_xrd_r=application/xrd%2Bxml" | 152 | "&_xrd_r=application/xrd%2Bxml" |
154 | ";sep=true;refs=true", | 153 | ";sep=true;refs=true", |
155 | xmode_xrd ); | 154 | xmode_xrd ); |
156 | if(status_code==241) continue; | 155 | if(status_code==241) continue; |
157 | if(status_code!=100) | 156 | if(status_code!=100) |
158 | throw failed_xri_resolution(OPKELE_CP_ | 157 | throw failed_xri_resolution(OPKELE_CP_ |
159 | "XRI resolution failed with '"+status_string+"' message" | 158 | "XRI resolution failed with '"+status_string+"' message" |
160 | ", while looking for SEP with type '"+st->uri+"'", status_code); | 159 | ", while looking for SEP with type '"+st->uri+"'", status_code); |
161 | if(idis.xrd.canonical_ids.empty()) | 160 | if(idis.xrd.canonical_ids.empty()) |
162 | throw opkele::failed_discovery(OPKELE_CP_ "No CanonicalID for XRI identity found"); | 161 | throw opkele::failed_discovery(OPKELE_CP_ "No CanonicalID for XRI identity found"); |
163 | string cid = idis.xrd.canonical_ids.begin()->second; | 162 | string cid = idis.xrd.canonical_ids.begin()->second; |
164 | if(cids.find(cid)==cids.end()) { | 163 | if(cids.find(cid)==cids.end()) { |
165 | cids.insert(cid); | 164 | cids.insert(cid); |
166 | idis.clear(); | 165 | idis.clear(); |
@@ -474,55 +473,55 @@ namespace opkele { | |||
474 | 473 | ||
475 | void html_start_element(const XML_Char *n,const XML_Char **a) { | 474 | void html_start_element(const XML_Char *n,const XML_Char **a) { |
476 | if(is_element(n,"meta")) { | 475 | if(is_element(n,"meta")) { |
477 | bool heq = false; | 476 | bool heq = false; |
478 | string l; | 477 | string l; |
479 | for(;*a;a+=2) { | 478 | for(;*a;a+=2) { |
480 | if(!( strcasecmp(a[0],"http-equiv") | 479 | if(!( strcasecmp(a[0],"http-equiv") |
481 | || strcasecmp(a[1],XRDS_HEADER) )) | 480 | || strcasecmp(a[1],XRDS_HEADER) )) |
482 | heq = true; | 481 | heq = true; |
483 | else if(!strcasecmp(a[0],"content")) | 482 | else if(!strcasecmp(a[0],"content")) |
484 | l.assign(a[1]); | 483 | l.assign(a[1]); |
485 | } | 484 | } |
486 | if(heq) | 485 | if(heq) |
487 | xrds_location = l; | 486 | xrds_location = l; |
488 | }else if(is_element(n,"link")) { | 487 | }else if(is_element(n,"link")) { |
489 | string rels; | 488 | string rels; |
490 | string href; | 489 | string href; |
491 | for(;*a;a+=2) { | 490 | for(;*a;a+=2) { |
492 | if( !strcasecmp(a[0],"rel") ) { | 491 | if( !strcasecmp(a[0],"rel") ) { |
493 | rels.assign(a[1]); | 492 | rels.assign(a[1]); |
494 | }else if( !strcasecmp(a[0],"href") ) { | 493 | }else if( !strcasecmp(a[0],"href") ) { |
495 | const char *ns = a[1]; | 494 | const char *ns = a[1]; |
496 | for(;*ns && isspace(*ns);++ns); | 495 | for(;*ns && isspace(*ns);++ns); |
497 | href.assign(ns); | 496 | href.assign(ns); |
498 | string::size_type lns=href.find_last_not_of(whitespace); | 497 | string::size_type lns=href.find_last_not_of(data::_whitespace_chars); |
499 | href.erase(lns+1); | 498 | href.erase(lns+1); |
500 | } | 499 | } |
501 | } | 500 | } |
502 | for(string::size_type ns=rels.find_first_not_of(whitespace); | 501 | for(string::size_type ns=rels.find_first_not_of(data::_whitespace_chars); |
503 | ns!=string::npos; ns=rels.find_first_not_of(whitespace,ns)) { | 502 | ns!=string::npos; ns=rels.find_first_not_of(data::_whitespace_chars,ns)) { |
504 | string::size_type s = rels.find_first_of(whitespace,ns); | 503 | string::size_type s = rels.find_first_of(data::_whitespace_chars,ns); |
505 | string rel; | 504 | string rel; |
506 | if(s==string::npos) { | 505 | if(s==string::npos) { |
507 | rel.assign(rels,ns,string::npos); | 506 | rel.assign(rels,ns,string::npos); |
508 | ns = string::npos; | 507 | ns = string::npos; |
509 | }else{ | 508 | }else{ |
510 | rel.assign(rels,ns,s-ns); | 509 | rel.assign(rels,ns,s-ns); |
511 | ns = s; | 510 | ns = s; |
512 | } | 511 | } |
513 | if(rel=="openid.server") | 512 | if(rel=="openid.server") |
514 | html_openid1.uris.add(-1,xrd::uri_t(href)); | 513 | html_openid1.uris.add(-1,xrd::uri_t(href)); |
515 | else if(rel=="openid.delegate") | 514 | else if(rel=="openid.delegate") |
516 | html_openid1.local_ids.add(-1,href); | 515 | html_openid1.local_ids.add(-1,href); |
517 | else if(rel=="openid2.provider") | 516 | else if(rel=="openid2.provider") |
518 | html_openid2.uris.add(-1,xrd::uri_t(href)); | 517 | html_openid2.uris.add(-1,xrd::uri_t(href)); |
519 | else if(rel=="openid2.local_id") | 518 | else if(rel=="openid2.local_id") |
520 | html_openid2.local_ids.add(-1,href); | 519 | html_openid2.local_ids.add(-1,href); |
521 | } | 520 | } |
522 | }else if(is_element(n,"body")) { | 521 | }else if(is_element(n,"body")) { |
523 | skipping = -1; | 522 | skipping = -1; |
524 | } | 523 | } |
525 | } | 524 | } |
526 | 525 | ||
527 | void queue_endpoints(endpoint_discovery_iterator& oi, | 526 | void queue_endpoints(endpoint_discovery_iterator& oi, |
528 | const idiscovery_t &id, | 527 | const idiscovery_t &id, |
diff --git a/lib/util.cc b/lib/util.cc index bb8a2e8..29e6738 100644 --- a/lib/util.cc +++ b/lib/util.cc | |||
@@ -1,39 +1,40 @@ | |||
1 | #include <errno.h> | 1 | #include <errno.h> |
2 | #include <cassert> | 2 | #include <cassert> |
3 | #include <cctype> | 3 | #include <cctype> |
4 | #include <cstring> | 4 | #include <cstring> |
5 | #include <vector> | 5 | #include <vector> |
6 | #include <string> | 6 | #include <string> |
7 | #include <stack> | 7 | #include <stack> |
8 | #include <algorithm> | 8 | #include <algorithm> |
9 | #include <openssl/bio.h> | 9 | #include <openssl/bio.h> |
10 | #include <openssl/evp.h> | 10 | #include <openssl/evp.h> |
11 | #include <openssl/sha.h> | 11 | #include <openssl/sha.h> |
12 | #include <openssl/hmac.h> | 12 | #include <openssl/hmac.h> |
13 | #include <curl/curl.h> | 13 | #include <curl/curl.h> |
14 | #include <opkele/util.h> | 14 | #include <opkele/util.h> |
15 | #include <opkele/exception.h> | 15 | #include <opkele/exception.h> |
16 | #include <opkele/data.h> | ||
16 | #include <opkele/debug.h> | 17 | #include <opkele/debug.h> |
17 | 18 | ||
18 | #include <config.h> | 19 | #include <config.h> |
19 | #ifdef HAVE_DEMANGLE | 20 | #ifdef HAVE_DEMANGLE |
20 | # include <cxxabi.h> | 21 | # include <cxxabi.h> |
21 | #endif | 22 | #endif |
22 | 23 | ||
23 | namespace opkele { | 24 | namespace opkele { |
24 | using namespace std; | 25 | using namespace std; |
25 | 26 | ||
26 | namespace util { | 27 | namespace util { |
27 | 28 | ||
28 | /* | 29 | /* |
29 | * base64 | 30 | * base64 |
30 | */ | 31 | */ |
31 | string encode_base64(const void *data,size_t length) { | 32 | string encode_base64(const void *data,size_t length) { |
32 | BIO *b64 = 0, *bmem = 0; | 33 | BIO *b64 = 0, *bmem = 0; |
33 | try { | 34 | try { |
34 | b64 = BIO_new(BIO_f_base64()); | 35 | b64 = BIO_new(BIO_f_base64()); |
35 | if(!b64) | 36 | if(!b64) |
36 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); | 37 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); |
37 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); | 38 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
38 | bmem = BIO_new(BIO_s_mem()); | 39 | bmem = BIO_new(BIO_s_mem()); |
39 | BIO_set_flags(b64,BIO_CLOSE); | 40 | BIO_set_flags(b64,BIO_CLOSE); |
@@ -190,61 +191,60 @@ namespace opkele { | |||
190 | throw failed_conversion(OPKELE_CP_ "failed to snprintf()"); | 191 | throw failed_conversion(OPKELE_CP_ "failed to snprintf()"); |
191 | return rv; | 192 | return rv; |
192 | } | 193 | } |
193 | 194 | ||
194 | long string_to_long(const string& s) { | 195 | long string_to_long(const string& s) { |
195 | char *endptr = 0; | 196 | char *endptr = 0; |
196 | long rv = strtol(s.c_str(),&endptr,10); | 197 | long rv = strtol(s.c_str(),&endptr,10); |
197 | if((!endptr) || endptr==s.c_str()) | 198 | if((!endptr) || endptr==s.c_str()) |
198 | throw failed_conversion(OPKELE_CP_ "failed to strtol()"); | 199 | throw failed_conversion(OPKELE_CP_ "failed to strtol()"); |
199 | return rv; | 200 | return rv; |
200 | } | 201 | } |
201 | 202 | ||
202 | /* | 203 | /* |
203 | * Normalize URL according to the rules, described in rfc 3986, section 6 | 204 | * Normalize URL according to the rules, described in rfc 3986, section 6 |
204 | * | 205 | * |
205 | * - uppercase hex triplets (e.g. %ab -> %AB) | 206 | * - uppercase hex triplets (e.g. %ab -> %AB) |
206 | * - lowercase scheme and host | 207 | * - lowercase scheme and host |
207 | * - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3, | 208 | * - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3, |
208 | * that is - [:alpha:][:digit:]._~- | 209 | * that is - [:alpha:][:digit:]._~- |
209 | * - remove dot segments | 210 | * - remove dot segments |
210 | * - remove empty and default ports | 211 | * - remove empty and default ports |
211 | * - if there's no path component, add '/' | 212 | * - if there's no path component, add '/' |
212 | */ | 213 | */ |
213 | string rfc_3986_normalize_uri(const string& uri) { | 214 | string rfc_3986_normalize_uri(const string& uri) { |
214 | static const char *whitespace = " \t\r\n"; | ||
215 | string rv; | 215 | string rv; |
216 | string::size_type ns = uri.find_first_not_of(whitespace); | 216 | string::size_type ns = uri.find_first_not_of(data::_whitespace_chars); |
217 | if(ns==string::npos) | 217 | if(ns==string::npos) |
218 | throw bad_input(OPKELE_CP_ "Can't normalize empty URI"); | 218 | throw bad_input(OPKELE_CP_ "Can't normalize empty URI"); |
219 | string::size_type colon = uri.find(':',ns); | 219 | string::size_type colon = uri.find(':',ns); |
220 | if(colon==string::npos) | 220 | if(colon==string::npos) |
221 | throw bad_input(OPKELE_CP_ "No scheme specified in URI"); | 221 | throw bad_input(OPKELE_CP_ "No scheme specified in URI"); |
222 | transform( | 222 | transform( |
223 | uri.begin()+ns, uri.begin()+colon+1, | 223 | uri.begin()+ns, uri.begin()+colon+1, |
224 | back_inserter(rv), ::tolower ); | 224 | back_inserter(rv), ::tolower ); |
225 | bool s; | 225 | bool s; |
226 | string::size_type ul = uri.find_last_not_of(whitespace)+1; | 226 | string::size_type ul = uri.find_last_not_of(data::_whitespace_chars)+1; |
227 | if(ul <= (colon+3)) | 227 | if(ul <= (colon+3)) |
228 | throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); | 228 | throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); |
229 | if(uri[colon+1]!='/' || uri[colon+2]!='/') | 229 | if(uri[colon+1]!='/' || uri[colon+2]!='/') |
230 | throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); | 230 | throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); |
231 | if(rv=="http:") | 231 | if(rv=="http:") |
232 | s = false; | 232 | s = false; |
233 | else if(rv=="https:") | 233 | else if(rv=="https:") |
234 | s = true; | 234 | s = true; |
235 | else{ | 235 | else{ |
236 | /* TODO: support more schemes. e.g. xri. How do we normalize | 236 | /* TODO: support more schemes. e.g. xri. How do we normalize |
237 | * xri? | 237 | * xri? |
238 | */ | 238 | */ |
239 | rv.append(uri,colon+1,ul-colon-1); | 239 | rv.append(uri,colon+1,ul-colon-1); |
240 | return rv; | 240 | return rv; |
241 | } | 241 | } |
242 | rv += "//"; | 242 | rv += "//"; |
243 | string::size_type interesting = uri.find_first_of(":/#?",colon+3); | 243 | string::size_type interesting = uri.find_first_of(":/#?",colon+3); |
244 | if(interesting==string::npos) { | 244 | if(interesting==string::npos) { |
245 | transform( | 245 | transform( |
246 | uri.begin()+colon+3,uri.begin()+ul, | 246 | uri.begin()+colon+3,uri.begin()+ul, |
247 | back_inserter(rv), ::tolower ); | 247 | back_inserter(rv), ::tolower ); |
248 | rv += '/'; return rv; | 248 | rv += '/'; return rv; |
249 | } | 249 | } |
250 | transform( | 250 | transform( |
@@ -409,27 +409,62 @@ namespace opkele { | |||
409 | kv += ':'; | 409 | kv += ':'; |
410 | kv += om.get_field(f); | 410 | kv += om.get_field(f); |
411 | kv += '\n'; | 411 | kv += '\n'; |
412 | if(co==string::npos) break; | 412 | if(co==string::npos) break; |
413 | p = co+1; | 413 | p = co+1; |
414 | } | 414 | } |
415 | const secret_t& secret = assoc->secret(); | 415 | const secret_t& secret = assoc->secret(); |
416 | const EVP_MD *evpmd; | 416 | const EVP_MD *evpmd; |
417 | const string& at = assoc->assoc_type(); | 417 | const string& at = assoc->assoc_type(); |
418 | if(at=="HMAC-SHA256") | 418 | if(at=="HMAC-SHA256") |
419 | evpmd = EVP_sha256(); | 419 | evpmd = EVP_sha256(); |
420 | else if(at=="HMAC-SHA1") | 420 | else if(at=="HMAC-SHA1") |
421 | evpmd = EVP_sha1(); | 421 | evpmd = EVP_sha1(); |
422 | else | 422 | else |
423 | throw unsupported(OPKELE_CP_ "unknown association type"); | 423 | throw unsupported(OPKELE_CP_ "unknown association type"); |
424 | unsigned int md_len = 0; | 424 | unsigned int md_len = 0; |
425 | unsigned char md[SHA256_DIGEST_LENGTH]; | 425 | unsigned char md[SHA256_DIGEST_LENGTH]; |
426 | HMAC(evpmd, | 426 | HMAC(evpmd, |
427 | &(secret.front()),secret.size(), | 427 | &(secret.front()),secret.size(), |
428 | (const unsigned char*)kv.data(),kv.length(), | 428 | (const unsigned char*)kv.data(),kv.length(), |
429 | md,&md_len); | 429 | md,&md_len); |
430 | return encode_base64(md,md_len); | 430 | return encode_base64(md,md_len); |
431 | } | 431 | } |
432 | 432 | ||
433 | string normalize_identifier(const string& usi,bool strip_fragment) { | ||
434 | if(usi.empty()) | ||
435 | return usi; | ||
436 | string rv; | ||
437 | string::size_type fsc = usi.find_first_not_of(data::_whitespace_chars); | ||
438 | if(fsc==string::npos) | ||
439 | return rv; | ||
440 | string::size_type lsc = usi.find_last_not_of(data::_whitespace_chars); | ||
441 | assert(lsc!=string::npos); | ||
442 | if(!strncasecmp(usi.c_str()+fsc,"xri://",sizeof("xri://")-1)) | ||
443 | fsc += sizeof("xri://")-1; | ||
444 | if( (fsc+1) >= lsc ) | ||
445 | return rv; | ||
446 | rv.assign(usi,fsc,lsc-fsc+1); | ||
447 | if(strchr(data::_iname_leaders,rv[0])) { | ||
448 | /* TODO: further normalize xri identity, fold case or | ||
449 | * whatever... */ | ||
450 | }else{ | ||
451 | if(rv.find("://")==string::npos) | ||
452 | rv.insert(0,"http://"); | ||
453 | if(strip_fragment) { | ||
454 | string::size_type fp = rv.find('#'); | ||
455 | if(fp!=string::npos) { | ||
456 | string::size_type qp = rv.find('?'); | ||
457 | if(qp==string::npos || qp<fp) | ||
458 | rv.erase(fp); | ||
459 | else if(qp>fp) | ||
460 | rv.erase(fp,qp-fp); | ||
461 | } | ||
462 | } | ||
463 | rv = rfc_3986_normalize_uri(rv); | ||
464 | } | ||
465 | return rv; | ||
466 | } | ||
467 | |||
433 | } | 468 | } |
434 | 469 | ||
435 | } | 470 | } |