comitting perliminary oauth consumer api

* added the said consumer api and test consumer * added trivial map-based opkele::fields_t container * added UUID flags to libopkele.la build * fixed query_append so that it doesn't append '?' in absence of query parameters * added basic_fields::from_query() Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2008-03-04 21:30:28 (UTC)
committer: Michael Krelin <hacker@klever.net> 2008-03-04 21:34:13 (UTC)
commit: 748a2a29a5667f372bf355ed737208a952ff79f0 (patch) (side-by-side diff)
tree: 1739374b0cb82ad2758af8feddbef1b6a6bf5eee /lib/oauth-consumer.cc
parent: 1e3ed01c149aaeed5a64aacff218a5486128fc92 (diff)
download: libopkele-748a2a29a5667f372bf355ed737208a952ff79f0.zip
libopkele-748a2a29a5667f372bf355ed737208a952ff79f0.tar.gz
libopkele-748a2a29a5667f372bf355ed737208a952ff79f0.tar.bz2
1 files changed, 240 insertions, 0 deletions
diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc
new file mode 100644
index 0000000..d717ed3
--- a/dev/null
+++ b/lib/oauth-consumer.cc
@@ -0,0 +1,240 @@
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <opkele/oauth/consumer.h>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/curl.h>
+#include <opkele/debug.h>
+
+#include "config.h"
+#ifdef HAVE_LIBUUID
+# include <uuid/uuid.h>
+#endif
+
+namespace opkele {
+    namespace oauth {
+
+	const service_endpoint_t&
+	    simple_provider_endpoints::get_request_token_endpoint() const {
+	    return sep_request_token; }
+	const service_endpoint_t&
+	    simple_provider_endpoints::get_authorize_user_endpoint() const {
+	    return sep_authorize_user; }
+	const service_endpoint_t&
+	    simple_provider_endpoints::get_access_token_endpoint() const {
+	    return sep_access_token; }
+	service_endpoint_t&
+	    simple_provider_endpoints::get_url_endpoint(service_endpoint_t& sep,
+		    const string& url) const {
+	    sep = sep_generic;
+	    sep.url = url;
+	    return sep; }
+
+	token_t basic_consumer::get_request_token() {
+	    return acquire_token(get_endpoints().get_request_token_endpoint());
+	}
+
+	const string basic_consumer::get_authorize_url(const token_t& rt,const string& callback) {
+	    fields_t f;
+	    f.set_field("oauth_token",rt.key);
+	    if(!callback.empty())
+		f.set_field("oauth_callback",callback);
+	    return f.append_query(
+		    get_endpoints().get_authorize_user_endpoint().url );
+	}
+
+	token_t basic_consumer::get_access_token(const token_t& rt) {
+	    return acquire_token(get_endpoints().get_access_token_endpoint(),&rt);
+	}
+
+	const string basic_consumer::signature(
+		const string& method, const string& url,
+		const basic_fields& fields,
+		const token_t* at) {
+	    if(fields.get_field("oauth_signature_method")!="HMAC-SHA1")
+		throw opkele::not_implemented(OPKELE_CP_
+			"only HMAC-SHA1 signature is implemented");
+	    string key = util::url_encode(consumer_token.secret);
+	    key += '&';
+	    if(at)
+		key += util::url_encode(at->secret);
+	    /* TODO: do not build the whole subject */
+	    string subject = method;
+	    subject += '&';
+	    string u = util::rfc_3986_normalize_uri(url);
+	    string::size_type uco = u.find_first_of("#?");
+	    if(uco!=string::npos) u.erase(uco);
+	    subject += util::url_encode(u);
+	    subject += '&';
+	    subject += util::url_encode( fields.query_string() );
+	    unsigned char md[SHA_DIGEST_LENGTH];
+	    unsigned int md_len = 0;
+	    HMAC( EVP_sha1(),
+		    key.c_str(),key.size(),
+		    (const unsigned char *)subject.c_str(),subject.size(),
+		    md,&md_len );
+	    assert(md_len==sizeof(md));
+	    return util::encode_base64(md,md_len);
+	}
+
+	static void noquerize_url(string& url,const string& sepurl,basic_fields& f) {
+	    string::size_type q = sepurl.find('?'),
+		p = sepurl.find('#');
+	    if(q==string::npos) {
+		url = sepurl.substr(0,p);
+	    }else{
+		fields_t tmp;
+		tmp.from_query(sepurl.substr(
+			    q+1,
+			    (p==string::npos)?string::npos:(p-q-q)));
+		tmp.append_to(f);
+		url = sepurl.substr(0,(p==string::npos)?q:min(p,q));
+	    }
+	}
+
+	token_t basic_consumer::acquire_token(
+		const service_endpoint_t& sep,
+		const token_t* rt) {
+	    util::curl_pick_t curl = util::curl_t::easy_init();
+	    CURLcode r;
+	    (r=curl.misc_sets())
+		|| (r=curl.set_write());
+	    if(r)
+		throw exception_curl(OPKELE_CP_ "failed to set basic curly options",r);
+	    http_request_t hr(
+		    (sep.oauth_method==oauth_post_body)?"POST":"GET",
+		    "");
+	    fields_t uq;
+	    noquerize_url(hr.url,sep.url,uq);
+	    prepare_request(hr,uq,fields_t(),sep,rt);
+	    switch(sep.oauth_method) {
+		case oauth_auth_header:
+		    throw opkele::not_implemented(OPKELE_CP_
+			    "auth header for token acquisition isn't (yet?) supported");
+		    break;
+		case oauth_post_body:
+		    (r=curl.easy_setopt(CURLOPT_POST,1))
+			|| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str()))
+			|| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size()));
+		    break;
+		case oauth_url_query:
+		    break;
+		default:
+		    throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
+			    "invalid oauth_method for request_token endpoint");
+	    };
+	    if(r)
+		throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
+	    if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) )
+		throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
+	    if( (r=curl.easy_perform()) )
+		throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
+	    token_t rv;
+	    string::size_type p=0;
+	    while(p!=string::npos) {
+		string::size_type np = curl.response.find('&',p);
+		string part;
+		if(np==string::npos) {
+		    part.assign(curl.response.c_str()+p); p = string::npos;
+		}else{
+		    part.assign(curl.response,p,np-p); p = np+1;
+		}
+		string::size_type eq = part.find('=');
+		if(eq==string::npos) continue;
+		string n(part,0,eq);
+		if(n=="oauth_token") {
+		    if(!rv.key.empty()) /* TODO: specialize */
+			throw opkele::exception(OPKELE_CP_ "found oauth_token twice");
+		    rv.key = util::url_decode(part.substr(eq+1));
+		}else if(n=="oauth_token_secret") {
+		    if(!rv.secret.empty()) /* TODO: specialize */
+			throw opkele::exception(OPKELE_CP_ "found oauth_secret twice");
+		    rv.secret = util::url_decode(part.substr(eq+1));
+		}
+	    }
+	    return rv;
+	}
+
+	void basic_consumer::prepare_request(
+		http_request_t& req,
+		const basic_fields& qf,const basic_fields& pf,
+		oauth_method_t om,const string& sm,
+		const token_t *t,const string& realm) {
+	    fields_t op;
+	    op.set_field("oauth_consumer_key",consumer_token.key);
+	    if(t) op.set_field("oauth_token",t->key);
+	    op.set_field("oauth_signature_method",sm);
+	    time_t now;
+	    op.set_field("oauth_timestamp",
+		    util::long_to_string(time(&now)));
+	    op.set_field("oauth_nonce",allocate_nonce(now));
+	    op.set_field("oauth_version","1.0");
+	    /* TODO: normalize and strip down url */
+	    {
+		fields_t af; /* TODO: optimize, I don't want it to be copied */
+		qf.copy_to(af); pf.append_to(af); op.append_to(af);
+		op.set_field("oauth_signature", signature(
+			    req.method,req.url,af,t) );
+	    }
+	    req.authorize_header.clear();
+	    if(om==oauth_auth_header) {
+		req.authorize_header = "OAuth ";
+		req.authorize_header += "realm=\"";
+		req.authorize_header += util::url_encode(realm);
+		req.authorize_header += '\"';
+		for(basic_fields::fields_iterator
+			i=op.fields_begin(),ie=op.fields_end();
+			i!=ie;++i) {
+		    req.authorize_header += ", ";
+		    req.authorize_header += *i;
+		    req.authorize_header += "=\"";
+		    req.authorize_header += util::url_encode(op.get_field(*i));
+		    req.authorize_header += "\"";
+		}
+		req.url = qf.append_query(req.url);
+		req.body = pf.query_string();
+	    }else if(om==oauth_post_body) {
+		assert(req.method=="POST");
+		/* TODO: optimize, don't copy it over and over */
+		fields_t p;
+		pf.append_to(p); op.append_to(p);
+		req.url = qf.append_query(req.url);
+		req.body = p.query_string();
+	    }else if(om==oauth_url_query) {
+		fields_t q;
+		qf.append_to(q); op.append_to(q);
+		req.url = q.append_query(req.url);
+		req.body = pf.query_string();
+	    }else
+		throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
+			"Unknown oauth method");
+	}
+
+	void basic_consumer::prepare_request(
+		http_request_t& req,
+		const basic_fields& qf,const basic_fields& pf,
+		const service_endpoint_t& sep,
+		const token_t *t,const string& realm) {
+	    prepare_request(
+		    req, qf, pf,
+		    sep.oauth_method,sep.signature_method,
+		    t,realm);
+	}
+
+
+	const basic_provider_endpoints& simple_consumer::get_endpoints() const {
+	    return peps; }
+
+	const string simple_consumer::allocate_nonce(time_t ts) {
+#           ifndef HAVE_LIBUUID
+		throw opkele::not_implemented(OPKELE_CP_
+			"not implemented consumer's allocate_nonce()");
+#           else /* HAVE_LIBUUID */
+		uuid_t uuid; uuid_generate(uuid);
+		return util::encode_base64(uuid,sizeof(uuid));
+#           endif /* HAVE_LIBUUID */
+	}
+
+    }
+}
author	Michael Krelin <hacker@klever.net>	2008-03-04 21:30:28 (UTC)
committer	Michael Krelin <hacker@klever.net>	2008-03-04 21:34:13 (UTC)
commit	748a2a29a5667f372bf355ed737208a952ff79f0 (patch) (side-by-side diff)
tree	1739374b0cb82ad2758af8feddbef1b6a6bf5eee /lib/oauth-consumer.cc
parent	1e3ed01c149aaeed5a64aacff218a5486128fc92 (diff)
download	libopkele-748a2a29a5667f372bf355ed737208a952ff79f0.zip libopkele-748a2a29a5667f372bf355ed737208a952ff79f0.tar.gz libopkele-748a2a29a5667f372bf355ed737208a952ff79f0.tar.bz2