-rw-r--r-- | include/opkele/types.h | 18 | ||||
-rw-r--r-- | lib/params.cc | 13 | ||||
-rw-r--r-- | lib/secret.cc | 12 |
3 files changed, 30 insertions, 13 deletions
diff --git a/include/opkele/types.h b/include/opkele/types.h index 520618d..ca07df5 100644 --- a/include/opkele/types.h +++ b/include/opkele/types.h @@ -1,235 +1,243 @@ #ifndef __OPKELE_TYPES_H #define __OPKELE_TYPES_H /** * @file * @brief various types declarations */ #include <ostream> #include <vector> #include <string> #include <map> #include <memory> #include <set> namespace opkele { using std::vector; using std::string; using std::map; using std::ostream; using std::auto_ptr; using std::multimap; using std::set; /** * the OpenID operation mode */ typedef enum _mode_t { mode_associate, mode_checkid_immediate, mode_checkid_setup, mode_check_association } mode_t; /** * the association secret container */ class secret_t : public vector<unsigned char> { public: /** * xor the secret and hmac together and encode, using base64 - * @param key_sha1 pointer to the sha1 digest + * @param key_d pointer to the message digest * @param rv reference to the return value */ - void enxor_to_base64(const unsigned char *key_sha1,string& rv) const; + void enxor_to_base64(const unsigned char *key_d,string& rv) const; /** - * decode base64-encoded secret and xor it with the sha1 digest - * @param key_sha1 pointer to the message digest + * decode base64-encoded secret and xor it with the message digest + * @param key_d pointer to the message digest * @param b64 base64-encoded secret value */ - void enxor_from_base64(const unsigned char *key_sha1,const string& b64); + void enxor_from_base64(const unsigned char *key_d,const string& b64); /** * plainly encode to base64 representation * @param rv reference to the return value */ void to_base64(string& rv) const; /** * decode cleartext secret from base64 * @param b64 base64-encoded representation of the secret value */ void from_base64(const string& b64); }; /** * Interface to the association. */ class association_t { public: virtual ~association_t() { } /** * retrieve the server with which association was established. * @return server name */ virtual string server() const = 0; /** * retrieve the association handle. * @return handle */ virtual string handle() const = 0; /** * retrieve the association type. * @return association type */ virtual string assoc_type() const = 0; /** * retrieve the association secret. * @return association secret */ virtual secret_t secret() const = 0; /** * retrieve the number of seconds the association expires in. * @return seconds till expiration */ virtual int expires_in() const = 0; /** * check whether the association is stateless. * @return true if stateless */ virtual bool stateless() const = 0; /** * check whether the association is expired. * @return true if expired */ virtual bool is_expired() const = 0; }; /** * the auto_ptr<> for association_t object type */ typedef auto_ptr<association_t> assoc_t; /** * request/response parameters map */ class params_t : public map<string,string> { public: /** * check whether the parameter is present. * @param n the parameter name * @return true if yes */ bool has_param(const string& n) const; /** * retrieve the parameter (const version) * @param n the parameter name * @return the parameter value * @throw failed_lookup if there is no such parameter */ const string& get_param(const string& n) const; /** * retrieve the parameter. * @param n the parameter name * @return the parameter value * @throw failed_lookup if there is no such parameter */ string& get_param(const string& n); /** * parse the OpenID key/value data. * @param kv the OpenID key/value data */ void parse_keyvalues(const string& kv); /** * sign the fields. * @param secret the secret used for signing * @param sig reference to the string, containing base64-encoded * result * @param slist the comma-separated list of fields to sign * @param prefix the string to prepend to parameter names */ void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const; /** * append parameters to the URL as a GET-request parameters. * @param url the base URL * @param prefix the string to prepend to parameter names * @return the ready-to-use location */ string append_query(const string& url,const char *prefix = "openid.") const; + + /** + * make up a query string suitable for use in GET and POST + * requests. + * @param prefix string to prened to parameter names + * @return query string + */ + string query_string(const char *prefix = "openid.") const; }; /** * dump the key/value pairs for the parameters to the stream. * @param o output stream * @param p the parameters */ ostream& operator << (ostream& o,const params_t& p); namespace xrd { struct priority_compare { inline bool operator()(long a,long b) const { return (a<0) ? false : (b<0) ? false : (a<b); } }; template <typename _DT> class priority_map : public multimap<long,_DT,priority_compare> { typedef multimap<long,_DT,priority_compare> map_type; public: inline _DT& add(long priority,const _DT& d) { return insert(typename map_type::value_type(priority,d))->second; } }; typedef priority_map<string> canonical_ids_t; typedef priority_map<string> local_ids_t; typedef set<string> types_t; typedef priority_map<string> uris_t; class service_t { public: types_t types; uris_t uris; local_ids_t local_ids; void clear() { types.clear(); uris.clear(); local_ids.clear(); } }; typedef priority_map<service_t> services_t; class XRD_t { public: time_t expires; canonical_ids_t canonical_ids; local_ids_t local_ids; services_t services; void clear() { expires = 0; canonical_ids.clear(); local_ids.clear(); services.clear(); } bool empty() const { return canonical_ids.empty() && local_ids.empty() && services.empty(); } }; } } #endif /* __OPKELE_TYPES_H */ diff --git a/lib/params.cc b/lib/params.cc index ea86d3a..7a572c1 100644 --- a/lib/params.cc +++ b/lib/params.cc @@ -1,108 +1,121 @@ #include <opkele/types.h> #include <opkele/exception.h> #include <opkele/util.h> #include <openssl/sha.h> #include <openssl/hmac.h> #include "config.h" namespace opkele { using namespace std; bool params_t::has_param(const string& n) const { return find(n)!=end(); } const string& params_t::get_param(const string& n) const { const_iterator i = find(n); if(i==end()) throw failed_lookup(OPKELE_CP_ n+": no such parameter"); return i->second; } string& params_t::get_param(const string& n) { iterator i = find(n); if(i==end()) throw failed_lookup(OPKELE_CP_ n+": no such parameter"); return i->second; } void params_t::parse_keyvalues(const string& kv) { clear(); string::size_type p = 0; while(true) { string::size_type co = kv.find(':',p); if(co==string::npos) break; #ifndef POSTELS_LAW string::size_type nl = kv.find('\n',co+1); if(nl==string::npos) throw bad_input(OPKELE_CP_ "malformed input"); if(nl>co) insert(value_type(kv.substr(p,co-p),kv.substr(co+1,nl-co-1))); p = nl+1; #else /* POSTELS_LAW */ string::size_type lb = kv.find_first_of("\r\n",co+1); if(lb==string::npos) { insert(value_type(kv.substr(p,co-p),kv.substr(co+1))); break; } if(lb>co) insert(value_type(kv.substr(p,co-p),kv.substr(co+1,lb-co-1))); string::size_type nolb = kv.find_first_not_of("\r\n",lb); if(nolb==string::npos) break; p = nolb; #endif /* POSTELS_LAW */ } } void params_t::sign(secret_t secret,string& sig,const string& slist,const char *prefix) const { string kv; string::size_type p = 0; while(true) { string::size_type co = slist.find(',',p); string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); kv += f; kv += ':'; if(prefix) f.insert(0,prefix); kv += get_param(f); kv += '\n'; if(co==string::npos) break; p = co+1; } unsigned int md_len = 0; unsigned char *md = HMAC( EVP_sha1(), &(secret.front()),secret.size(), (const unsigned char *)kv.data(),kv.length(), 0,&md_len); sig = util::encode_base64(md,md_len); } string params_t::append_query(const string& url,const char *prefix) const { string rv = url; bool p = true; if(rv.find('?')==string::npos) { rv += '?'; p = false; } for(const_iterator i=begin();i!=end();++i) { if(p) rv += '&'; else p = true; rv += prefix; rv += i->first; rv += '='; rv += util::url_encode(i->second); } return rv; } + string params_t::query_string(const char *prefix) const { + string rv; + for(const_iterator i=begin();i!=end();++i) { + if(!rv.empty()) + rv += '&'; + rv += prefix; + rv += i->first; + rv += '='; + rv += util::url_encode(i->second); + } + return rv; + } + ostream& operator << (ostream& o,const params_t& p) { for(params_t::const_iterator i=p.begin();i!=p.end();++i) o << i->first << ':' << i->second << '\n'; return o; } } diff --git a/lib/secret.cc b/lib/secret.cc index 632a2ca..d538890 100644 --- a/lib/secret.cc +++ b/lib/secret.cc @@ -1,49 +1,45 @@ #include <algorithm> #include <functional> #include <opkele/types.h> #include <opkele/exception.h> #include <opkele/util.h> namespace opkele { using namespace std; template<class __a1,class __a2,class __r> struct bitwise_xor : public binary_function<__a1,__a2,__r> { __r operator() (const __a1& a1,const __a2& a2) const { return a1^a2; } }; - void secret_t::enxor_to_base64(const unsigned char *key_sha1,string& rv) const { - if(size()!=20) - throw bad_input(OPKELE_CP_ "wrong secret size"); + void secret_t::enxor_to_base64(const unsigned char *key_d,string& rv) const { vector<unsigned char> tmp; transform( begin(), end(), - key_sha1, + key_d, back_insert_iterator<vector<unsigned char> >(tmp), bitwise_xor<unsigned char,unsigned char,unsigned char>() ); rv = util::encode_base64(&(tmp.front()),tmp.size()); } - void secret_t::enxor_from_base64(const unsigned char *key_sha1,const string& b64) { + void secret_t::enxor_from_base64(const unsigned char *key_d,const string& b64) { clear(); util::decode_base64(b64,*this); transform( begin(), end(), - key_sha1, + key_d, begin(), bitwise_xor<unsigned char,unsigned char,unsigned char>() ); } void secret_t::to_base64(string& rv) const { - if(size()!=20) - throw bad_input(OPKELE_CP_ "wrong secret size"); rv = util::encode_base64(&(front()),size()); } void secret_t::from_base64(const string& b64) { util::decode_base64(b64,*this); } } |