initial commit of libopkele - OpenID support library

12 files changed, 789 insertions, 0 deletions

diff --git a/include/.gitignore b/include/.gitignore
new file mode 100644
index 0000000..3dda729
--- a/dev/null
+++ b/include/.gitignore
@@ -0,0 +1,2 @@
+Makefile.in
+Makefile
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..b014752
--- a/dev/null
+++ b/include/Makefile.am
@@ -0,0 +1,11 @@
+nobase_include_HEADERS = \
+	opkele/acconfig.h \
+	opkele/opkele-config.h \
+	opkele/types.h \
+	opkele/association.h \
+	opkele/exception.h \
+	opkele/server.h \
+	opkele/consumer.h
+EXTRA_DIST = \
+	opkele/data.h \
+	opkele/util.h
diff --git a/include/opkele/.gitignore b/include/opkele/.gitignore
new file mode 100644
index 0000000..ffa24dc
--- a/dev/null
+++ b/include/opkele/.gitignore
@@ -0,0 +1,2 @@
+acconfig.h
+stamp-h2
diff --git a/include/opkele/acconfig.h.in b/include/opkele/acconfig.h.in
new file mode 100644
index 0000000..d56a1cd
--- a/dev/null
+++ b/include/opkele/acconfig.h.in
@@ -0,0 +1,3 @@
+
+/* defined in presence of konforka library */
+#undef OPKELE_HAVE_KONFORKA
diff --git a/include/opkele/association.h b/include/opkele/association.h
new file mode 100644
index 0000000..5eb1cc3
--- a/dev/null
+++ b/include/opkele/association.h
@@ -0,0 +1,89 @@
+#ifndef __OPKELE_ASSOCIATION_H
+#define __OPKELE_ASSOCIATION_H
+
+#include <time.h>
+#include <opkele/types.h>
+
+/**
+ * @file
+ * @brief reference implementation of association_t
+ */
+
+/**
+ * @brief the main opkele namespace
+ */
+namespace opkele {
+
+    /**
+     * reference implementation of association_t class.
+     */
+    class association : public association_t {
+	public:
+	    /**
+	     * OpenID server name
+	     */
+	    string _server;
+	    /**
+	     * association handle
+	     */
+	    string _handle;
+	    /**
+	     * association type
+	     */
+	    string _assoc_type;
+	    /**
+	     * the secret
+	     */
+	    secret_t _secret;
+	    /**
+	     * expiration time
+	     */
+	    time_t _expires;
+	    /**
+	     * statelessness of the assoc_handle
+	     */
+	    bool _stateless;
+
+	    /**
+	     * @param __server the server name
+	     * @param __handle association handle
+	     * @param __assoc_type association type
+	     * @param __secret the secret
+	     * @param __expires expiration time
+	     * @param __stateless statelessness of the assoc_handle
+	     */
+	    association(const string& __server, const string& __handle,
+		    const string& __assoc_type, const secret_t& __secret,
+		    time_t __expires, bool __stateless)
+		: _server(__server), _handle(__handle), _assoc_type(__assoc_type),
+		_secret(__secret), _expires(__expires), _stateless(__stateless) { }
+
+	    /**
+	     * @overload association_t::server()
+	     */
+	    virtual string server() const { return _server; }
+	    /**
+	     * @overload association_t::handle()
+	     */
+	    virtual string handle() const { return _handle; }
+	    /**
+	     * @overload association_t::assoc_type()
+	     */
+	    virtual string assoc_type() const { return _assoc_type; }
+	    /**
+	     * @overload association_t::secret()
+	     */
+	    virtual secret_t secret() const { return _secret; }
+	    /**
+	     * @overload association_t::expires_in()
+	     */
+	    virtual int expires_in() const { return _expires-time(0); }
+	    /**
+	     * @overload associationn_t::stateless()
+	     */
+	    virtual bool stateless() const { return _stateless; }
+    };
+
+}
+
+#endif /* __OPKELE_ASSOCIATION_H */
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h
new file mode 100644
index 0000000..b9c29bd
--- a/dev/null
+++ b/include/opkele/consumer.h
@@ -0,0 +1,135 @@
+#ifndef __OPKELE_CONSUMER_H
+#define __OPKELE_CONSUMER_H
+
+#include <opkele/types.h>
+
+/**
+ * @file
+ * @brief OpenID consumer-side functionality
+ */
+
+/**
+ * @brief the main opkele namespace
+ */
+namespace opkele {
+
+    /**
+     * implementation of basic consumer functionality
+     */
+    class consumer_t {
+	public:
+
+	    /**
+	     * store association. The function should be overridden in the real
+	     * implementation to provide persistent associations store.
+	     * @param server the OpenID server
+	     * @param handle association handle
+	     * @param secret the secret associated with the server and handle
+	     * @param expires_in the number of seconds until the handle is expired
+	     * @return the auto_ptr<> for the newly allocated association_t object
+	     */
+	    virtual assoc_t store_assoc(const string& server,const string& handle,const secret_t& secret,int expires_in) = 0;
+	    /**
+	     * retrieve stored association. The function should be overridden
+	     * in the real implementation to provide persistent assocations
+	     * store.
+	     * @param server the OpenID server
+	     * @param handle association handle
+	     * @return the autho_ptr<> for the newly allocated association_t object
+	     * @throw failed_lookup in case of error
+	     */
+	    virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0;
+	    /**
+	     * invalidate stored association. The function should be overridden
+	     * in the real implementation of the consumer.
+	     * @param server the OpenID server
+	     * @param handle association handle
+	     */
+	    virtual void invalidate_assoc(const string& server,const string& handle) = 0;
+	    /**
+	     * retrieve any unexpired association for the server. If the
+	     * function is not overridden in the real implementation, the new
+	     * association will be established for each request.
+	     * @param server the OpenID server
+	     * @return the auto_ptr<> for the newly allocated association_t object
+	     * @throw failed_lookup in case of absence of the handle
+	     */
+	    virtual assoc_t find_assoc(const string& server);
+
+	    /**
+	     * retrieve the metainformation contained in link tags from the
+	     * page pointed by url. the function may implement caching of the
+	     * information.
+	     * @param url url to harvest for link tags
+	     * @param server reference to the string object where to put
+	     * openid.server value
+	     * @param delegate reference to the string object where to put the
+	     * openid.delegate value (if any)
+	     */
+	    virtual void retrieve_links(const string& url,string& server,string& delegate);
+
+	    /**
+	     * perform the associate request to OpenID server.
+	     * @param server the OpenID server
+	     * @return the auto_ptr<> for the newly allocated association_t
+	     * object, representing established association
+	     * @throw exception in case of error
+	     */
+	    assoc_t associate(const string& server);
+	    /**
+	     * prepare the parameters for the checkid_immediate
+	     * request.
+	     * @param identity the identity to verify
+	     * @param return_to the return_to url to pass with the request
+	     * @param trust_root the trust root to advertise with the request
+	     * @return the location string
+	     * @throw exception in case of error
+	     */
+	    string checkid_immediate(const string& identity,const string& return_to,const string& trust_root="");
+	    /**
+	     * prepare the parameters for the checkid_setup
+	     * request.
+	     * @param identity the identity to verify
+	     * @param return_to the return_to url to pass with the request
+	     * @param trust_root the trust root to advertise with the request
+	     * @return the location string
+	     * @throw exception in case of error
+	     */
+	    string checkid_setup(const string& identity,const string& return_to,const string& trust_root="");
+	    /**
+	     * the actual implementation behind checkid_immediate() and
+	     * checkid_setup() functions.
+	     * @param mode checkid_* mode - either mode_checkid_immediate or mode_checkid_setup
+	     * @param identity the identity to verify
+	     * @param return_to the return_to url to pass with the request
+	     * @param trust_root the trust root to advertise with the request
+	     * @return the location string
+	     * @throw exception in case of error
+	     */
+	    string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="");
+	    /**
+	     * verify the id_res response
+	     * @param pin the response parameters
+	     * @param identity the identity being checked (if not specified, extracted
+	     * from the openid.identity parameter
+	     * @throw id_res_mismatch in case of signature
+	     * mismatch
+	     * @throw id_res_setup in case of
+	     * openid.user_setup_url failure (supposedly
+	     * checkid_immediate only)
+	     * @throw id_res_failed in case of failure
+	     * @throw exception in case of other failures
+	     */
+	    void id_res(const params_t& pin,const string& identity="");
+	    /**
+	     * perform a check_authentication request.
+	     * @param server the OpenID server
+	     * @param p request parameters
+	     */
+	    void check_authentication(const string& server,const params_t& p);
+
+    };
+
+}
+
+#endif /* __OPKELE_CONSUMER_H */
diff --git a/include/opkele/data.h b/include/opkele/data.h
new file mode 100644
index 0000000..7fc635b
--- a/dev/null
+++ b/include/opkele/data.h
@@ -0,0 +1,12 @@
+#ifndef __OPKELE_DATA_H
+#define __OPKELE_DATA_H
+
+namespace opkele {
+
+    namespace data {
+	extern const char *_default_p;
+	extern const char *_default_g;
+    }
+}
+
+#endif /* __OPKELE_DATA_H */
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
new file mode 100644
index 0000000..2ac0661
--- a/dev/null
+++ b/include/opkele/exception.h
@@ -0,0 +1,206 @@
+#ifndef __OPKELE_EXCEPTION_H
+#define __OPKELE_EXCEPTION_H
+
+/**
+ * @file
+ * @brief opkele exceptions
+ */
+
+#include <curl/curl.h>
+
+#include <opkele/opkele-config.h>
+#ifdef OPKELE_HAVE_KONFORKA
+# include <konforka/exception.h>
+/**
+ * the exception parameters declaration
+ */
+# define OPKELE_E_PARS const string& fi,const string&fu,int l,const string& w
+/**
+ * the exception parameters list to pass to constructor
+ */
+# define OPKELE_E_CONS_ fi,fu,l,
+/**
+ * the exception codepoint specification
+ */
+# define OPKELE_CP_ CODEPOINT,
+/**
+ * the simple rethrow of konforka-based exception
+ */
+# define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw }
+#else /* OPKELE_HAVE_KONFORKA */
+# include <stdexcept>
+/**
+ * the exception parameter declaration
+ */
+# define OPKELE_E_PARS const string& w
+/**
+ * the dummy prefix for exception parameters list to prepend in the absence of
+ * konforka library
+ */
+# define OPKELE_E_CONS_ 
+/**
+ * the dummy placeholder for konforka exception codepoint specification
+ */
+# define OPKELE_CP_
+/**
+ * the dummy define for the konforka-based rethrow of exception
+ */
+# define OPKELE_RETHROW
+#endif /* OPKELE_HAVE_KONFORKA */
+/**
+ * the exception parameters list to pass to constructor
+ */
+# define OPKELE_E_CONS OPKELE_E_CONS_ w
+
+/*
+ * @brief the main opkele namespace
+ */
+namespace opkele {
+    using std::string;
+
+    /**
+     * the base opkele exception class
+     */
+    class exception : public
+#   ifdef OPKELE_HAVE_KONFORKA
+		      konforka::exception
+#   else
+                      std::exception
+#   endif
+    {
+	public:
+#           ifdef OPKELE_HAVE_KONFORKA
+	    explicit
+		exception(const string& fi,const string& fu,int l,const string& w)
+		    : konforka::exception(fi,fu,l,w) { }
+#           else /* OPKELE_HAVE_KONFORKA */
+	    explicit
+		exception(const string& w)
+		    : std::exception(w) { } 
+#           endif /* OPKELE_HAVE_KONFORKA */
+    };
+
+    /**
+     * thrown in case of failed conversion
+     */
+    class failed_conversion : public exception {
+	public:
+	    failed_conversion(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+    /**
+     * thrown in case of failed lookup (either parameter or persistent store)
+     */
+    class failed_lookup : public exception {
+	public:
+	    failed_lookup(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+    /**
+     * thrown in case of bad input (either local or network)
+     */
+    class bad_input : public exception {
+	public:
+	    bad_input(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+
+    /**
+     * thrown on failed assertion
+     */
+    class failed_assertion : public exception {
+	public:
+	    failed_assertion(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+
+    /**
+     * thrown if the handle being retrieved is invalid
+     */
+    class invalid_handle : public exception {
+	public:
+	    invalid_handle(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+    /**
+     * thrown if the handle passed to check_authentication request is not
+     * stateless
+     */
+    class stateful_handle : public exception {
+	public:
+	    stateful_handle(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+
+    /**
+     * thrown if check_authentication request fails
+     */
+    class failed_check_authentication : public exception {
+	public:
+	    failed_check_authentication(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+
+    /**
+     * thrown if the id_res request result is negative
+     */
+    class id_res_failed : public exception {
+	public:
+	    id_res_failed(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+    /**
+     * thrown if the user_setup_url is provided with negative response
+     */
+    class id_res_setup : public id_res_failed {
+	public:
+	    string setup_url;
+	    id_res_setup(OPKELE_E_PARS,const string& su)
+		: id_res_failed(OPKELE_E_CONS), setup_url(su) { }
+	    ~id_res_setup() throw() { }
+    };
+    /**
+     * thrown in case of signature mismatch
+     */
+    class id_res_mismatch : public id_res_failed {
+	public:
+	    id_res_mismatch(OPKELE_E_PARS)
+		: id_res_failed(OPKELE_E_CONS) { }
+    };
+
+    /**
+     * openssl malfunction occured
+     */
+    class exception_openssl : public exception {
+	public:
+	    unsigned long _error;
+	    string _ssl_string;
+	    exception_openssl(OPKELE_E_PARS);
+	    ~exception_openssl() throw() { }
+    };
+
+    /**
+     * network operation related error occured
+     */
+    class exception_network : public exception {
+	public:
+	    exception_network(OPKELE_E_PARS)
+		: exception(OPKELE_E_CONS) { }
+    };
+
+    /**
+     * network operation related error occured, specifically, related to
+     * libcurl
+     */
+    class exception_curl : public exception_network {
+	public:
+	    CURLcode _error;
+	    string _curl_string;
+	    exception_curl(OPKELE_E_PARS);
+	    exception_curl(OPKELE_E_PARS,CURLcode e);
+	    ~exception_curl() throw() { }
+    };
+
+}
+
+#endif /* __OPKELE_EXCEPTION_H */
diff --git a/include/opkele/opkele-config.h b/include/opkele/opkele-config.h
new file mode 100644
index 0000000..70c2d26
--- a/dev/null
+++ b/include/opkele/opkele-config.h
@@ -0,0 +1,6 @@
+#ifndef __OPKELE_OPKELE_CONFIG_H
+#define __OPKELE_OPKELE_CONFIG_H
+
+#include "opkele/acconfig.h"
+
+#endif /* __OPKELE_OPKELE_CONFIG_H */
diff --git a/include/opkele/server.h b/include/opkele/server.h
new file mode 100644
index 0000000..fe07448
--- a/dev/null
+++ b/include/opkele/server.h
@@ -0,0 +1,95 @@
+#ifndef __OPKELE_SERVER_H
+#define __OPKELE_SERVER_H
+
+/**
+ * @file
+ * @brief OpenID server-side functionality
+ */
+
+#include <opkele/types.h>
+
+/**
+ * @brief the main opkele namespace
+ */
+namespace opkele {
+
+    /**
+     * implementation of basic server functionality
+     */
+    class server_t {
+	public:
+
+	    /**
+	     * allocate the new association. The function should be overridden
+	     * in the real implementation to provide persistent assocations
+	     * store.
+	     * @param mode the mode of request being processed to base the
+	     * statelessness of the association upon
+	     * @return the auto_ptr<> for the newly allocated association_t object
+	     */
+	    virtual assoc_t alloc_assoc(mode_t mode) = 0;
+	    /**
+	     * retrieve the association. The function should be overridden in
+	     * the reqal implementation to provide persistent assocations
+	     * store.
+	     * @param h association handle
+	     * @return the auto_ptr<> for the newly allocated association_t object
+	     * @throw failed_lookup in case of failure
+	     */
+	    virtual assoc_t retrieve_assoc(const string& h) = 0;
+
+	    /**
+	     * validate the identity.
+	     * @param assoc association object
+	     * @param pin incoming request parameters
+	     * @param identity being verified
+	     * @param trust_root presented in the request
+	     * @throw exception if identity can not be confirmed
+	     */
+	    virtual void validate(const association_t& assoc,const params_t& pin,const string& identity,const string& trust_root) = 0;
+
+
+	    /**
+	     * process the associate request.
+	     * @param pin the incoming request parameters
+	     * @param pout the store for the response parameters
+	     */
+	    void associate(const params_t& pin,params_t& pout);
+	    /**
+	     * process the checkid_immediate request.
+	     * @param pin the incoming request parameters
+	     * @param return_to reference to the object to store return_to url to
+	     * @param pout the response parameters
+	     * @throw exception in case of errors or negative reply
+	     */
+	    void checkid_immediate(const params_t& pin,string& return_to,params_t& pout);
+	    /**
+	     * process the checkid_setup request.
+	     * @param pin the incoming request parameters
+	     * @param return_to reference to the object to store return_to url to
+	     * @param pout the response parameters
+	     * @throw exception in case of errors or negative reply
+	     */
+	    void checkid_setup(const params_t& pin,string& return_to,params_t& pout);
+	    /**
+	     * the actual functionality behind checkid_immediate() and
+	     * checkid_setup()
+	     * @param mode the request being processed (either
+	     * mode_checkid_immediate or mode_checkid_setup)
+	     * @param pin the incoming request parameters
+	     * @param return_to reference to the object to store return_to url to
+	     * @param pout the response parameters
+	     * @throw exception in case of errors or negative reply
+	     */
+	    void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout);
+	    /**
+	     * process the check_authentication request.
+	     * @param pin incoming request parameters
+	     * @param pout response parameters
+	     */
+	    void check_authentication(const params_t& pin,params_t& pout);
+    };
+
+}
+
+#endif /* __OPKELE_SERVER_H */
diff --git a/include/opkele/types.h b/include/opkele/types.h
new file mode 100644
index 0000000..ba06776
--- a/dev/null
+++ b/include/opkele/types.h
@@ -0,0 +1,168 @@
+#ifndef __OPKELE_TYPES_H
+#define __OPKELE_TYPES_H
+
+/**
+ * @file
+ * @brief various types declarations
+ */
+
+#include <ostream>
+#include <vector>
+#include <string>
+#include <map>
+#include <memory>
+
+/**
+ * @brief the main opkele namespace
+ */
+namespace opkele {
+    using std::vector;
+    using std::string;
+    using std::map;
+    using std::ostream;
+    using std::auto_ptr;
+
+    /**
+     * the OpenID operation mode
+     */
+    typedef enum _mode_t {
+	mode_associate,
+	mode_checkid_immediate,
+	mode_checkid_setup,
+	mode_check_association
+    } mode_t;
+
+    /**
+     * the association secret container
+     */
+    class secret_t : public vector<unsigned char> {
+	public:
+
+	    /**
+	     * xor the secret and hmac together and encode, using base64
+	     * @param key_sha1 pointer to the sha1 digest
+	     * @param rv reference to the return value
+	     */
+	    void enxor_to_base64(const unsigned char *key_sha1,string& rv) const;
+	    /**
+	     * decode base64-encoded secret and xor it with the sha1 digest
+	     * @param key_sha1 pointer to the message digest
+	     * @param b64 base64-encoded secret value
+	     */
+	    void enxor_from_base64(const unsigned char *key_sha1,const string& b64);
+	    /**
+	     * plainly encode to base64 representation
+	     * @param rv reference to the return value
+	     */
+	    void to_base64(string& rv) const;
+	    /**
+	     * decode cleartext secret from base64
+	     * @param b64 base64-encoded representation of the secret value
+	     */
+	    void from_base64(const string& b64);
+    };
+
+    /**
+     * Interface to the association.
+     */
+    class association_t {
+	public:
+
+	    /**
+	     * retrieve the server with which association was established.
+	     * @return server name
+	     */
+	    virtual string server() const = 0;
+	    /**
+	     * retrieve the association handle.
+	     * @return handle
+	     */
+	    virtual string handle() const = 0;
+	    /**
+	     * retrieve the association type.
+	     * @return association type
+	     */
+	    virtual string assoc_type() const = 0;
+	    /**
+	     * retrieve the association secret.
+	     * @return association secret
+	     */
+	    virtual secret_t secret() const = 0; 
+	    /**
+	     * retrieve the number of seconds the association expires in.
+	     * @return seconds till expiration
+	     */
+	    virtual int expires_in() const = 0;
+	    /**
+	     * check whether the association is stateless.
+	     * @return true if stateless
+	     */
+	    virtual bool stateless() const = 0;
+    };
+
+    /**
+     * the auto_ptr<> for association_t object type
+     */
+    typedef auto_ptr<association_t> assoc_t;
+
+    /**
+     * request/response parameters map
+     */
+    class params_t : public map<string,string> {
+	public:
+
+	    /**
+	     * check whether the parameter is present.
+	     * @param n the parameter name
+	     * @return true if yes
+	     */
+	    bool has_param(const string& n) const;
+	    /**
+	     * retrieve the parameter (const version)
+	     * @param n the parameter name
+	     * @return the parameter value
+	     * @throw failed_lookup if there is no such parameter
+	     */
+	    const string& get_param(const string& n) const;
+	    /**
+	     * retrieve the parameter.
+	     * @param n the parameter name
+	     * @return the parameter value
+	     * @throw failed_lookup if there is no such parameter
+	     */
+	    string& get_param(const string& n);
+
+	    /**
+	     * parse the OpenID key/value data.
+	     * @param kv the OpenID key/value data
+	     */
+	    void parse_keyvalues(const string& kv);
+	    /**
+	     * sign the fields.
+	     * @param secret the secret used for signing
+	     * @param sig reference to the string, containing base64-encoded
+	     * result
+	     * @param slist the comma-separated list of fields to sign
+	     * @param prefix the string to prepend to parameter names
+	     */
+	    void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const;
+
+	    /**
+	     * append parameters to the URL as a GET-request parameters.
+	     * @param url the base URL
+	     * @param prefix the string to prepend to parameter names
+	     * @return the ready-to-use location
+	     */
+	    string append_query(const string& url,const char *prefix = "openid.") const;
+    };
+
+    /**
+     * dump the key/value pairs for the parameters to the stream.
+     * @param o output stream
+     * @param p the parameters
+     */
+    ostream& operator << (ostream& o,const params_t& p);
+
+}
+
+#endif /* __OPKELE_TYPES_H */
diff --git a/include/opkele/util.h b/include/opkele/util.h
new file mode 100644
index 0000000..fbbef93
--- a/dev/null
+++ b/include/opkele/util.h
@@ -0,0 +1,60 @@
+#ifndef __OPKELE_UTIL_H
+#define __OPKELE_UTIL_H
+
+#include <time.h>
+#include <string>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+namespace opkele {
+    using std::string;
+
+    namespace util {
+
+	class bignum_t {
+	    public:
+		BIGNUM *_bn;
+
+		bignum_t() : _bn(0) { }
+		bignum_t(BIGNUM *bn) : _bn(bn) { }
+		~bignum_t() throw() { if(_bn) BN_free(_bn); }
+		
+		bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; }
+
+		operator const BIGNUM*(void) const { return _bn; }
+		operator BIGNUM*(void) { return _bn; }
+	};
+	class dh_t {
+	    public:
+		DH *_dh;
+		
+		dh_t() : _dh(0) { }
+		dh_t(DH *dh) : _dh(dh) { }
+		~dh_t() throw() { if(_dh) DH_free(_dh); }
+
+		dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; }
+
+		operator const DH*(void) const { return _dh; }
+		operator DH*(void) { return _dh; }
+
+		DH* operator->() { return _dh; }
+		const DH* operator->() const { return _dh; }
+	};
+
+	BIGNUM *base64_to_bignum(const string& b64);
+	BIGNUM *dec_to_bignum(const string& dec);
+	string bignum_to_base64(const BIGNUM *bn);
+
+	string time_to_w3c(time_t t);
+	time_t w3c_to_time(const string& w);
+
+	string canonicalize_url(const string& url);
+	string url_encode(const string& str);
+
+	string long_to_string(long l);
+	long string_to_long(const string& s);
+    }
+
+}
+
+#endif /* __OPKELE_UTIL_H */