moved uri matching into separate procedure

Signed-off-by: Michael Krelin <hacker@klever.net>

1 files changed, 30 insertions, 0 deletions

diff --git a/lib/util.cc b/lib/util.cc
index b7bc437..b85a377 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -1,31 +1,32 @@
 #include <errno.h>
 #include <cassert>
 #include <cctype>
 #include <cstring>
 #include <vector>
 #include <string>
 #include <stack>
+#include <algorithm>
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <curl/curl.h>
 #include "opkele/util.h"
 #include "opkele/exception.h"
 
 #include <config.h>
 #ifdef HAVE_DEMANGLE
 # include <cxxabi.h>
 #endif
 
 namespace opkele {
     using namespace std;
 
     namespace util {
 
         /*
          * base64
          */
         string encode_base64(const void *data,size_t length) {
             BIO *b64 = 0, *bmem = 0;
             try {
                 b64 = BIO_new(BIO_f_base64());
@@ -330,48 +331,77 @@ namespace opkele {
              }
              if(!pseg.empty()) {
                  if(!qf) rv += '/';
                  rv += pseg;
              }
              return rv;
          }
 
         string& strip_uri_fragment_part(string& u) {
             string::size_type q = u.find('?'), f = u.find('#');
             if(q==string::npos) {
                 if(f!=string::npos)
                     u.erase(f);
             }else{
                 if(f!=string::npos) {
                     if(f<q)
                         u.erase(f,q-f);
                     else
                         u.erase(f);
                 }
             }
             return u;
         }
 
+        bool uri_matches_realm(const string& uri,const string& realm) {
+            string nrealm = opkele::util::rfc_3986_normalize_uri(realm);
+            string nu = opkele::util::rfc_3986_normalize_uri(uri);
+            string::size_type pr = nrealm.find("://");
+            string::size_type pu = nu.find("://");
+            assert(!(pr==string::npos || pu==string::npos));
+            pr += sizeof("://")-1;
+            pu += sizeof("://")-1;
+            if(!strncmp(nrealm.c_str()+pr,"*.",2)) {
+                pr = nrealm.find('.',pr);
+                pu = nu.find('.',pu);
+                assert(pr!=string::npos);
+                if(pu==string::npos)
+                    return false;
+                // TODO: check for overgeneralized realm
+            }
+            string::size_type lr = nrealm.length();
+            string::size_type lu = nu.length();
+            if( (lu-pu) < (lr-pr) )
+                return false;
+            pair<const char*,const char*> mp = mismatch(
+                    nrealm.c_str()+pr,nrealm.c_str()+lr,
+                    nu.c_str()+pu);
+            if( (*(mp.first-1))!='/'
+                    && !strchr("/?#",*mp.second) )
+                return false;
+            return true;
+        }
+
         string abi_demangle(const char *mn) {
 #ifndef HAVE_DEMANGLE
             return mn;
 #else /* !HAVE_DEMANGLE */
             int dstat;
             char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);
             if(dstat)
                 return mn;
             string rv = demangled;
             free(demangled);
             return rv;
 #endif /* !HAVE_DEMANGLE */
         }
 
         string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {
             const string& slist = om.get_field("signed");
             string kv;
             string::size_type p=0;
             while(true) {
                 string::size_type co = slist.find(',',p);
                 string f = (co==string::npos)
                     ?slist.substr(p):slist.substr(p,co-p);
                 kv += f;
                 kv += ':';