a fix

author: Michael Krelin <hacker@klever.net> 2007-01-11 22:35:24 (UTC)
committer: Michael Krelin <hacker@klever.net> 2007-01-11 22:35:24 (UTC)
commit: f6011d4bdd5a78414fba54c0985817fa8d4283e6 (patch) (unidiff)
tree: 116e607667c0b83cec1362a6529dcd92ab74afb6
parent: fc17a506a6647bae8fda0a9943a021a2103f6427 (diff)
download: libopkele-f6011d4bdd5a78414fba54c0985817fa8d4283e6.zip
libopkele-f6011d4bdd5a78414fba54c0985817fa8d4283e6.tar.gz
libopkele-f6011d4bdd5a78414fba54c0985817fa8d4283e6.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 10c2fa0..b215aa8 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -137,97 +137,97 @@ namespace opkele {
            p["mode"]="checkid_setup";
        else
            throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
        string iurl = canonicalize(identity);
        string server, delegate;
        retrieve_links(iurl,server,delegate);
        p["identity"] = delegate.empty()?iurl:delegate;
        if(!trust_root.empty())
            p["trust_root"] = trust_root;
        p["return_to"] = return_to;
        try {
            try {
                string ah = find_assoc(server)->handle();
                p["assoc_handle"] = ah;
            }catch(failed_lookup& fl) {
                string ah = associate(server)->handle();
                p["assoc_handle"] = ah;
            }
        }catch(exception& e) { }
        if(ext) ext->checkid_hook(p,identity);
        return p.append_query(server);
    }
    void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
        if(pin.has_param("openid.user_setup_url"))
            throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
        string server,delegate;
        retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
        params_t ps;
        try {
            assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
            const string& sigenc = pin.get_param("openid.sig");
            mimetic::Base64::Decoder b;
            vector<unsigned char> sig;
            mimetic::decode(
                    sigenc.begin(),sigenc.end(), b,
                    back_insert_iterator<vector<unsigned char> >(sig) );
            const string& slist = pin.get_param("openid.signed");
            string kv;
            string::size_type p = 0;
            while(true) {
                string::size_type co = slist.find(',',p);
                string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
                kv += f;
                kv += ':';
                f.insert(0,"openid.");
                kv += pin.get_param(f);
                kv += '\n';
-                if(ext) ps[f.substr(sizeof("openid."))] = pin.get_param(f);
+                if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
                if(co==string::npos)
                    break;
                p = co+1;
            }
            secret_t secret = assoc->secret();
            unsigned int md_len = 0;
            unsigned char *md = HMAC(
                    EVP_sha1(),
                    &(secret.front()),secret.size(),
                    (const unsigned char *)kv.data(),kv.length(),
                    0,&md_len);
            if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
                throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
        }catch(failed_lookup& e) { /* XXX: more specific? */
            const string& slist = pin.get_param("openid.signed");
            string::size_type pp = 0;
            params_t p;
            while(true) {
                string::size_type co = slist.find(',',pp);
                string f = "openid.";
                f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
                p[f] = pin.get_param(f);
                if(co==string::npos)
                    break;
                pp = co+1;
            }
            p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
            p["openid.sig"] = pin.get_param("openid.sig");
            p["openid.signed"] = pin.get_param("openid.signed");
            try {
                string ih = pin.get_param("openid.invalidate_handle");
                p["openid.invalidate_handle"] = ih;
            }catch(failed_lookup& fl) { }
            try {
                check_authentication(server,p);
            }catch(failed_check_authentication& fca) {
                throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
            }
        }
        if(ext) ext->id_res_hook(pin,ps,identity);
    }
    void consumer_t::check_authentication(const string& server,const params_t& p) {
        string request = "openid.mode=check_authentication";
        for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
            if(i->first!="openid.mode") {
                request += '&';
                request += i->first;
author	Michael Krelin <hacker@klever.net>	2007-01-11 22:35:24 (UTC)
committer	Michael Krelin <hacker@klever.net>	2007-01-11 22:35:24 (UTC)
commit	f6011d4bdd5a78414fba54c0985817fa8d4283e6 (patch) (unidiff)
tree	116e607667c0b83cec1362a6529dcd92ab74afb6
parent	fc17a506a6647bae8fda0a9943a021a2103f6427 (diff)
download	libopkele-f6011d4bdd5a78414fba54c0985817fa8d4283e6.zip libopkele-f6011d4bdd5a78414fba54c0985817fa8d4283e6.tar.gz libopkele-f6011d4bdd5a78414fba54c0985817fa8d4283e6.tar.bz2

diff --git a/lib/consumer.cc b/lib/consumer.cc index 10c2fa0..b215aa8 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc
@@ -137,97 +137,97 @@ namespace opkele {
137	p["mode"]="checkid_setup";	137	p["mode"]="checkid_setup";
138	else	138	else
139	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");	139	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
140	string iurl = canonicalize(identity);	140	string iurl = canonicalize(identity);
141	string server, delegate;	141	string server, delegate;
142	retrieve_links(iurl,server,delegate);	142	retrieve_links(iurl,server,delegate);
143	p["identity"] = delegate.empty()?iurl:delegate;	143	p["identity"] = delegate.empty()?iurl:delegate;
144	if(!trust_root.empty())	144	if(!trust_root.empty())
145	p["trust_root"] = trust_root;	145	p["trust_root"] = trust_root;
146	p["return_to"] = return_to;	146	p["return_to"] = return_to;
147	try {	147	try {
148	try {	148	try {
149	string ah = find_assoc(server)->handle();	149	string ah = find_assoc(server)->handle();
150	p["assoc_handle"] = ah;	150	p["assoc_handle"] = ah;
151	}catch(failed_lookup& fl) {	151	}catch(failed_lookup& fl) {
152	string ah = associate(server)->handle();	152	string ah = associate(server)->handle();
153	p["assoc_handle"] = ah;	153	p["assoc_handle"] = ah;
154	}	154	}
155	}catch(exception& e) { }	155	}catch(exception& e) { }
156	if(ext) ext->checkid_hook(p,identity);	156	if(ext) ext->checkid_hook(p,identity);
157	return p.append_query(server);	157	return p.append_query(server);
158	}	158	}
159		159
160	void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {	160	void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
161	if(pin.has_param("openid.user_setup_url"))	161	if(pin.has_param("openid.user_setup_url"))
162	throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));	162	throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
163	string server,delegate;	163	string server,delegate;
164	retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);	164	retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
165	params_t ps;	165	params_t ps;
166	try {	166	try {
167	assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));	167	assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
168	const string& sigenc = pin.get_param("openid.sig");	168	const string& sigenc = pin.get_param("openid.sig");
169	mimetic::Base64::Decoder b;	169	mimetic::Base64::Decoder b;
170	vector<unsigned char> sig;	170	vector<unsigned char> sig;
171	mimetic::decode(	171	mimetic::decode(
172	sigenc.begin(),sigenc.end(), b,	172	sigenc.begin(),sigenc.end(), b,
173	back_insert_iterator<vector<unsigned char> >(sig) );	173	back_insert_iterator<vector<unsigned char> >(sig) );
174	const string& slist = pin.get_param("openid.signed");	174	const string& slist = pin.get_param("openid.signed");
175	string kv;	175	string kv;
176	string::size_type p = 0;	176	string::size_type p = 0;
177	while(true) {	177	while(true) {
178	string::size_type co = slist.find(',',p);	178	string::size_type co = slist.find(',',p);
179	string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);	179	string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
180	kv += f;	180	kv += f;
181	kv += ':';	181	kv += ':';
182	f.insert(0,"openid.");	182	f.insert(0,"openid.");
183	kv += pin.get_param(f);	183	kv += pin.get_param(f);
184	kv += '\n';	184	kv += '\n';
185	if(ext) ps[f.substr(sizeof("openid."))] = pin.get_param(f);	185	if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
186	if(co==string::npos)	186	if(co==string::npos)
187	break;	187	break;
188	p = co+1;	188	p = co+1;
189	}	189	}
190	secret_t secret = assoc->secret();	190	secret_t secret = assoc->secret();
191	unsigned int md_len = 0;	191	unsigned int md_len = 0;
192	unsigned char *md = HMAC(	192	unsigned char *md = HMAC(
193	EVP_sha1(),	193	EVP_sha1(),
194	&(secret.front()),secret.size(),	194	&(secret.front()),secret.size(),
195	(const unsigned char *)kv.data(),kv.length(),	195	(const unsigned char *)kv.data(),kv.length(),
196	0,&md_len);	196	0,&md_len);
197	if(sig.size()!=md_len \|\| memcmp(&(sig.front()),md,md_len))	197	if(sig.size()!=md_len \|\| memcmp(&(sig.front()),md,md_len))
198	throw id_res_mismatch(OPKELE_CP_ "signature mismatch");	198	throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
199	}catch(failed_lookup& e) { /* XXX: more specific? */	199	}catch(failed_lookup& e) { /* XXX: more specific? */
200	const string& slist = pin.get_param("openid.signed");	200	const string& slist = pin.get_param("openid.signed");
201	string::size_type pp = 0;	201	string::size_type pp = 0;
202	params_t p;	202	params_t p;
203	while(true) {	203	while(true) {
204	string::size_type co = slist.find(',',pp);	204	string::size_type co = slist.find(',',pp);
205	string f = "openid.";	205	string f = "openid.";
206	f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);	206	f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
207	p[f] = pin.get_param(f);	207	p[f] = pin.get_param(f);
208	if(co==string::npos)	208	if(co==string::npos)
209	break;	209	break;
210	pp = co+1;	210	pp = co+1;
211	}	211	}
212	p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");	212	p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
213	p["openid.sig"] = pin.get_param("openid.sig");	213	p["openid.sig"] = pin.get_param("openid.sig");
214	p["openid.signed"] = pin.get_param("openid.signed");	214	p["openid.signed"] = pin.get_param("openid.signed");
215	try {	215	try {
216	string ih = pin.get_param("openid.invalidate_handle");	216	string ih = pin.get_param("openid.invalidate_handle");
217	p["openid.invalidate_handle"] = ih;	217	p["openid.invalidate_handle"] = ih;
218	}catch(failed_lookup& fl) { }	218	}catch(failed_lookup& fl) { }
219	try {	219	try {
220	check_authentication(server,p);	220	check_authentication(server,p);
221	}catch(failed_check_authentication& fca) {	221	}catch(failed_check_authentication& fca) {
222	throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");	222	throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
223	}	223	}
224	}	224	}
225	if(ext) ext->id_res_hook(pin,ps,identity);	225	if(ext) ext->id_res_hook(pin,ps,identity);
226	}	226	}
227		227
228	void consumer_t::check_authentication(const string& server,const params_t& p) {	228	void consumer_t::check_authentication(const string& server,const params_t& p) {
229	string request = "openid.mode=check_authentication";	229	string request = "openid.mode=check_authentication";
230	for(params_t::const_iterator i=p.begin();i!=p.end();++i) {	230	for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
231	if(i->first!="openid.mode") {	231	if(i->first!="openid.mode") {
232	request += '&';	232	request += '&';
233	request += i->first;	233	request += i->first;