author | Michael Krelin <hacker@klever.net> | 2008-02-08 22:16:15 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-02-08 22:16:15 (UTC) |
commit | 16667a21c3052c89218d3e56098f0fc29dca2f1a (patch) (unidiff) | |
tree | 7154633a771b96da02cc4c980167b7ad92b6d27e /lib/basic_op.cc | |
parent | f2ba7be73a62d115f293f5d690efabcafd5fcf4f (diff) | |
download | libopkele-16667a21c3052c89218d3e56098f0fc29dca2f1a.zip libopkele-16667a21c3052c89218d3e56098f0fc29dca2f1a.tar.gz libopkele-16667a21c3052c89218d3e56098f0fc29dca2f1a.tar.bz2 |
minor fixes and making compiler a bit happier
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | lib/basic_op.cc | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index 18446dc..2d82147 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc | |||
@@ -53,104 +53,101 @@ namespace opkele { | |||
53 | 53 | ||
54 | void basic_OP::select_identity(const string& c,const string& i) { | 54 | void basic_OP::select_identity(const string& c,const string& i) { |
55 | claimed_id = c; identity = i; | 55 | claimed_id = c; identity = i; |
56 | } | 56 | } |
57 | void basic_OP::set_claimed_id(const string& c) { | 57 | void basic_OP::set_claimed_id(const string& c) { |
58 | claimed_id = c; | 58 | claimed_id = c; |
59 | } | 59 | } |
60 | 60 | ||
61 | basic_openid_message& basic_OP::associate( | 61 | basic_openid_message& basic_OP::associate( |
62 | basic_openid_message& oum, | 62 | basic_openid_message& oum, |
63 | const basic_openid_message& inm) try { | 63 | const basic_openid_message& inm) try { |
64 | assert(inm.get_field("mode")=="associate"); | 64 | assert(inm.get_field("mode")=="associate"); |
65 | util::dh_t dh; | 65 | util::dh_t dh; |
66 | util::bignum_t c_pub; | 66 | util::bignum_t c_pub; |
67 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; | 67 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; |
68 | size_t d_len = 0; | 68 | size_t d_len = 0; |
69 | enum { | ||
70 | sess_cleartext, sess_dh_sha1, sess_dh_sha256 | ||
71 | } st = sess_cleartext; | ||
72 | string sts = inm.get_field("session_type"); | 69 | string sts = inm.get_field("session_type"); |
73 | string ats = inm.get_field("assoc_type"); | 70 | string ats = inm.get_field("assoc_type"); |
74 | if(sts=="DH-SHA1" || sts=="DH-SHA256") { | 71 | if(sts=="DH-SHA1" || sts=="DH-SHA256") { |
75 | if(!(dh = DH_new())) | 72 | if(!(dh = DH_new())) |
76 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); | 73 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); |
77 | c_pub = util::base64_to_bignum(inm.get_field("dh_consumer_public")); | 74 | c_pub = util::base64_to_bignum(inm.get_field("dh_consumer_public")); |
78 | try { dh->p = util::base64_to_bignum(inm.get_field("dh_modulus")); | 75 | try { dh->p = util::base64_to_bignum(inm.get_field("dh_modulus")); |
79 | }catch(failed_lookup&) { | 76 | }catch(failed_lookup&) { |
80 | dh->p = util::dec_to_bignum(data::_default_p); } | 77 | dh->p = util::dec_to_bignum(data::_default_p); } |
81 | try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen")); | 78 | try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen")); |
82 | }catch(failed_lookup&) { | 79 | }catch(failed_lookup&) { |
83 | dh->g = util::dec_to_bignum(data::_default_g); } | 80 | dh->g = util::dec_to_bignum(data::_default_g); } |
84 | if(!DH_generate_key(dh)) | 81 | if(!DH_generate_key(dh)) |
85 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); | 82 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); |
86 | vector<unsigned char> ck(DH_size(dh)+1); | 83 | vector<unsigned char> ck(DH_size(dh)+1); |
87 | unsigned char *ckptr = &(ck.front())+1; | 84 | unsigned char *ckptr = &(ck.front())+1; |
88 | int cklen = DH_compute_key(ckptr,c_pub,dh); | 85 | int cklen = DH_compute_key(ckptr,c_pub,dh); |
89 | if(cklen<0) | 86 | if(cklen<0) |
90 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 87 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
91 | if(cklen && (*ckptr)&0x80) { | 88 | if(cklen && (*ckptr)&0x80) { |
92 | (*(--ckptr)) = 0; ++cklen; } | 89 | (*(--ckptr)) = 0; ++cklen; } |
93 | if(sts=="DH-SHA1") { | 90 | if(sts=="DH-SHA1") { |
94 | SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH; | 91 | SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH; |
95 | }else if(sts=="DH-SHA256") { | 92 | }else if(sts=="DH-SHA256") { |
96 | SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH; | 93 | SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH; |
97 | }else | 94 | }else |
98 | throw internal_error(OPKELE_CP_ "I thought I knew the session type"); | 95 | throw internal_error(OPKELE_CP_ "I thought I knew the session type"); |
99 | }else | 96 | }else |
100 | throw unsupported(OPKELE_CP_ "Unsupported session_type"); | 97 | throw unsupported(OPKELE_CP_ "Unsupported session_type"); |
101 | assoc_t assoc; | 98 | assoc_t a; |
102 | if(ats=="HMAC-SHA1") | 99 | if(ats=="HMAC-SHA1") |
103 | assoc = alloc_assoc(ats,SHA_DIGEST_LENGTH,true); | 100 | a = alloc_assoc(ats,SHA_DIGEST_LENGTH,true); |
104 | else if(ats=="HMAC-SHA256") | 101 | else if(ats=="HMAC-SHA256") |
105 | assoc = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true); | 102 | a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true); |
106 | else | 103 | else |
107 | throw unsupported(OPKELE_CP_ "Unsupported assoc_type"); | 104 | throw unsupported(OPKELE_CP_ "Unsupported assoc_type"); |
108 | oum.reset_fields(); | 105 | oum.reset_fields(); |
109 | oum.set_field("ns",OIURI_OPENID20); | 106 | oum.set_field("ns",OIURI_OPENID20); |
110 | oum.set_field("assoc_type",assoc->assoc_type()); | 107 | oum.set_field("assoc_type",a->assoc_type()); |
111 | oum.set_field("assoc_handle",assoc->handle()); | 108 | oum.set_field("assoc_handle",a->handle()); |
112 | oum.set_field("expires_in",util::long_to_string(assoc->expires_in())); | 109 | oum.set_field("expires_in",util::long_to_string(assoc->expires_in())); |
113 | secret_t secret = assoc->secret(); | 110 | secret_t secret = a->secret(); |
114 | if(sts=="DH-SHA1" || sts=="DH-SHA256") { | 111 | if(sts=="DH-SHA1" || sts=="DH-SHA256") { |
115 | if(d_len != secret.size()) | 112 | if(d_len != secret.size()) |
116 | throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size"); | 113 | throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size"); |
117 | oum.set_field("session_type",sts); | 114 | oum.set_field("session_type",sts); |
118 | oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key)); | 115 | oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key)); |
119 | string b64; secret.enxor_to_base64(key_digest,b64); | 116 | string b64; secret.enxor_to_base64(key_digest,b64); |
120 | oum.set_field("enc_mac_key",b64); | 117 | oum.set_field("enc_mac_key",b64); |
121 | }else /* TODO: support cleartext over encrypted connection */ | 118 | }else /* TODO: support cleartext over encrypted connection */ |
122 | throw unsupported(OPKELE_CP_ "Unsupported session type"); | 119 | throw unsupported(OPKELE_CP_ "Unsupported session type"); |
123 | return oum; | 120 | return oum; |
124 | } catch(unsupported& u) { | 121 | } catch(unsupported& u) { |
125 | oum.reset_fields(); | 122 | oum.reset_fields(); |
126 | oum.set_field("ns",OIURI_OPENID20); | 123 | oum.set_field("ns",OIURI_OPENID20); |
127 | oum.set_field("error",u.what()); | 124 | oum.set_field("error",u.what()); |
128 | oum.set_field("error_code","unsupported-type"); | 125 | oum.set_field("error_code","unsupported-type"); |
129 | oum.set_field("session_type","DH-SHA256"); | 126 | oum.set_field("session_type","DH-SHA256"); |
130 | oum.set_field("assoc_type","HMAC-SHA256"); | 127 | oum.set_field("assoc_type","HMAC-SHA256"); |
131 | return oum; | 128 | return oum; |
132 | } | 129 | } |
133 | 130 | ||
134 | void basic_OP::checkid_(const basic_openid_message& inm, | 131 | void basic_OP::checkid_(const basic_openid_message& inm, |
135 | extension_t *ext) { | 132 | extension_t *ext) { |
136 | reset_vars(); | 133 | reset_vars(); |
137 | string mode = inm.get_field("mode"); | 134 | string modestr = inm.get_field("mode"); |
138 | if(mode=="checkid_setup") | 135 | if(modestr=="checkid_setup") |
139 | mode = mode_checkid_setup; | 136 | mode = mode_checkid_setup; |
140 | else if(mode=="checkid_immediate") | 137 | else if(modestr=="checkid_immediate") |
141 | mode = mode_checkid_immediate; | 138 | mode = mode_checkid_immediate; |
142 | else | 139 | else |
143 | throw bad_input(OPKELE_CP_ "Invalid checkid_* mode"); | 140 | throw bad_input(OPKELE_CP_ "Invalid checkid_* mode"); |
144 | try { | 141 | try { |
145 | assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); | 142 | assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); |
146 | invalidate_handle.clear(); | 143 | invalidate_handle.clear(); |
147 | }catch(failed_lookup&) { } | 144 | }catch(failed_lookup&) { } |
148 | try { | 145 | try { |
149 | openid2 = (inm.get_field("ns")==OIURI_OPENID20); | 146 | openid2 = (inm.get_field("ns")==OIURI_OPENID20); |
150 | }catch(failed_lookup&) { openid2 = false; } | 147 | }catch(failed_lookup&) { openid2 = false; } |
151 | try { | 148 | try { |
152 | return_to = inm.get_field("return_to"); | 149 | return_to = inm.get_field("return_to"); |
153 | }catch(failed_lookup&) { } | 150 | }catch(failed_lookup&) { } |
154 | if(openid2) { | 151 | if(openid2) { |
155 | try { | 152 | try { |
156 | realm = inm.get_field("realm"); | 153 | realm = inm.get_field("realm"); |
@@ -225,40 +222,40 @@ namespace opkele { | |||
225 | } | 222 | } |
226 | om.set_field("assoc_handle",assoc->handle()); | 223 | om.set_field("assoc_handle",assoc->handle()); |
227 | om.add_to_signed(ats); | 224 | om.add_to_signed(ats); |
228 | if(ext) ext->op_id_res_hook(om); | 225 | if(ext) ext->op_id_res_hook(om); |
229 | om.set_field("sig",util::base64_signature(assoc,om)); | 226 | om.set_field("sig",util::base64_signature(assoc,om)); |
230 | return om; | 227 | return om; |
231 | } | 228 | } |
232 | 229 | ||
233 | basic_openid_message& basic_OP::cancel(basic_openid_message& om) { | 230 | basic_openid_message& basic_OP::cancel(basic_openid_message& om) { |
234 | assert(!return_to.empty()); | 231 | assert(!return_to.empty()); |
235 | om.set_field("ns",OIURI_OPENID20); | 232 | om.set_field("ns",OIURI_OPENID20); |
236 | om.set_field("mode","cancel"); | 233 | om.set_field("mode","cancel"); |
237 | return om; | 234 | return om; |
238 | } | 235 | } |
239 | 236 | ||
240 | basic_openid_message& basic_OP::error(basic_openid_message& om, | 237 | basic_openid_message& basic_OP::error(basic_openid_message& om, |
241 | const string& error,const string& contact, | 238 | const string& err,const string& contact, |
242 | const string& reference ) { | 239 | const string& reference ) { |
243 | assert(!return_to.empty()); | 240 | assert(!return_to.empty()); |
244 | om.set_field("ns",OIURI_OPENID20); | 241 | om.set_field("ns",OIURI_OPENID20); |
245 | om.set_field("mode","error"); | 242 | om.set_field("mode","error"); |
246 | om.set_field("error",error); | 243 | om.set_field("error",err); |
247 | om.set_field("contact",contact); | 244 | if(!contact.empty()) om.set_field("contact",contact); |
248 | om.set_field("reference",reference); | 245 | if(!reference.empty()) om.set_field("reference",reference); |
249 | return om; | 246 | return om; |
250 | } | 247 | } |
251 | 248 | ||
252 | basic_openid_message& basic_OP::setup_needed( | 249 | basic_openid_message& basic_OP::setup_needed( |
253 | basic_openid_message& oum,const basic_openid_message& inm) { | 250 | basic_openid_message& oum,const basic_openid_message& inm) { |
254 | assert(mode==mode_checkid_immediate); | 251 | assert(mode==mode_checkid_immediate); |
255 | assert(!return_to.empty()); | 252 | assert(!return_to.empty()); |
256 | if(openid2) { | 253 | if(openid2) { |
257 | oum.set_field("ns",OIURI_OPENID20); | 254 | oum.set_field("ns",OIURI_OPENID20); |
258 | oum.set_field("mode","setup_needed"); | 255 | oum.set_field("mode","setup_needed"); |
259 | }else{ | 256 | }else{ |
260 | oum.set_field("mode","id_res"); | 257 | oum.set_field("mode","id_res"); |
261 | static const string setupmode = "checkid_setup"; | 258 | static const string setupmode = "checkid_setup"; |
262 | oum.set_field("user_setup_url", | 259 | oum.set_field("user_setup_url", |
263 | util::change_mode_message_proxy(inm,setupmode) | 260 | util::change_mode_message_proxy(inm,setupmode) |
264 | .append_query(get_op_endpoint())); | 261 | .append_query(get_op_endpoint())); |