-rw-r--r-- | include/opkele/oauth/consumer.h | 14 | ||||
-rw-r--r-- | lib/oauth-consumer.cc | 18 |
2 files changed, 25 insertions, 7 deletions
diff --git a/include/opkele/oauth/consumer.h b/include/opkele/oauth/consumer.h index 9196297..eb4f753 100644 --- a/include/opkele/oauth/consumer.h +++ b/include/opkele/oauth/consumer.h @@ -1,129 +1,135 @@ #ifndef __OPKELE_OAUTH_CONSUMER_H #define __OPKELE_OAUTH_CONSUMER_H #include <string> #include <opkele/types.h> #include <opkele/oauth.h> #include <opkele/curl.h> namespace opkele { namespace oauth { using std::string; enum oauth_method_t { - oauth_auth_header, oauth_post_body, oauth_url_query + oauth_auth_header, oauth_post_body, oauth_url_query, + oauth_method_default = oauth_auth_header }; struct service_endpoint_t { string url; string signature_method; oauth_method_t oauth_method; - service_endpoint_t(const string& u,const string& sm,oauth_method_t om) + service_endpoint_t() : oauth_method(oauth_method_default) { } + service_endpoint_t(const string& u,const string& sm,oauth_method_t om=oauth_method_default) : url(u), signature_method(sm), oauth_method(om) { } }; class basic_provider_endpoints { public: virtual ~basic_provider_endpoints() { } virtual const service_endpoint_t& get_request_token_endpoint() const = 0; virtual const service_endpoint_t& get_authorize_user_endpoint() const = 0; virtual const service_endpoint_t& get_access_token_endpoint() const = 0; virtual service_endpoint_t& get_url_endpoint(service_endpoint_t& sep, const string& url) const = 0; }; struct http_request_t { string authorize_header; string method; string url; string body; util::curl_slist_t _curl_headers_list; http_request_t(const string& m,const string& u) : method(m), url(u) { } void setup_curl(CURL *curl); }; class basic_consumer { public: token_t consumer_token; basic_consumer(const token_t& ct) : consumer_token(ct) { } virtual ~basic_consumer() { } virtual const basic_provider_endpoints& get_endpoints() const = 0; virtual const string allocate_nonce(time_t ts) = 0; token_t get_request_token(); const string get_authorize_url(const token_t& rt,const string& callback=""); token_t get_access_token(const token_t& rt); - void prepare_request( + http_request_t& prepare_request( http_request_t& req, const basic_fields& qf,const basic_fields& pf, oauth_method_t om,const string& sm, const token_t *t=0,const string& realm=""); - void prepare_request( + http_request_t& prepare_request( http_request_t& req, const basic_fields& qf,const basic_fields& pf, const service_endpoint_t& sep, const token_t *t=0,const string& realm=""); + http_request_t& prepare_request( + http_request_t& req, + const basic_fields& qf,const basic_fields& pf, + const token_t *t=0,const string& realm=""); const string signature( const string& method, const string& url, const basic_fields& fields, const token_t* rt=0); token_t acquire_token( const service_endpoint_t& sep, const token_t* rt=0); }; class simple_provider_endpoints : public basic_provider_endpoints { public: service_endpoint_t sep_request_token; service_endpoint_t sep_authorize_user; service_endpoint_t sep_access_token; service_endpoint_t sep_generic; simple_provider_endpoints( const string& rt,const string& au,const string& at, const string& sm, oauth_method_t ams=oauth_post_body, oauth_method_t amr=oauth_auth_header ) : sep_request_token(rt,sm,ams), sep_authorize_user(au,sm,oauth_url_query), sep_access_token(at,sm,ams), sep_generic("",sm,amr) { } const service_endpoint_t& get_request_token_endpoint() const; const service_endpoint_t& get_authorize_user_endpoint() const; const service_endpoint_t& get_access_token_endpoint() const; service_endpoint_t& get_url_endpoint(service_endpoint_t& sep, const string& url) const; }; class simple_consumer : public basic_consumer { public: simple_provider_endpoints peps; simple_consumer(const simple_provider_endpoints& eps, const token_t& ct) : basic_consumer(ct), peps(eps) { } const basic_provider_endpoints& get_endpoints() const; const string allocate_nonce(time_t ts); }; } } #endif /* __OPKELE_OAUTH_CONSUMER_H */ diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc index 0c4c9e3..bb4e89b 100644 --- a/lib/oauth-consumer.cc +++ b/lib/oauth-consumer.cc @@ -1,268 +1,280 @@ #include <openssl/sha.h> #include <openssl/evp.h> #include <openssl/hmac.h> #include <opkele/oauth/consumer.h> #include <opkele/exception.h> #include <opkele/util.h> #include <opkele/curl.h> #include <opkele/debug.h> #include "config.h" #ifdef HAVE_LIBUUID # include <uuid/uuid.h> #endif namespace opkele { namespace oauth { const service_endpoint_t& simple_provider_endpoints::get_request_token_endpoint() const { return sep_request_token; } const service_endpoint_t& simple_provider_endpoints::get_authorize_user_endpoint() const { return sep_authorize_user; } const service_endpoint_t& simple_provider_endpoints::get_access_token_endpoint() const { return sep_access_token; } service_endpoint_t& simple_provider_endpoints::get_url_endpoint(service_endpoint_t& sep, const string& url) const { sep = sep_generic; sep.url = url; return sep; } token_t basic_consumer::get_request_token() { return acquire_token(get_endpoints().get_request_token_endpoint()); } const string basic_consumer::get_authorize_url(const token_t& rt,const string& callback) { fields_t f; f.set_field("oauth_token",rt.key); if(!callback.empty()) f.set_field("oauth_callback",callback); return f.append_query( get_endpoints().get_authorize_user_endpoint().url ); } token_t basic_consumer::get_access_token(const token_t& rt) { return acquire_token(get_endpoints().get_access_token_endpoint(),&rt); } const string basic_consumer::signature( const string& method, const string& url, const basic_fields& fields, const token_t* at) { if(fields.get_field("oauth_signature_method")!="HMAC-SHA1") throw opkele::not_implemented(OPKELE_CP_ "only HMAC-SHA1 signature is implemented"); string key = util::url_encode(consumer_token.secret); key += '&'; if(at) key += util::url_encode(at->secret); /* TODO: do not build the whole subject */ string subject = method; subject += '&'; string u = util::rfc_3986_normalize_uri(url); string::size_type uco = u.find_first_of("#?"); if(uco!=string::npos) u.erase(uco); subject += util::url_encode(u); subject += '&'; subject += util::url_encode( fields.query_string() ); unsigned char md[SHA_DIGEST_LENGTH]; unsigned int md_len = 0; HMAC( EVP_sha1(), key.c_str(),key.size(), (const unsigned char *)subject.c_str(),subject.size(), md,&md_len ); assert(md_len==sizeof(md)); return util::encode_base64(md,md_len); } static void noquerize_url(string& url,const string& sepurl,basic_fields& f) { string::size_type q = sepurl.find('?'), p = sepurl.find('#'); if(q==string::npos) { url = sepurl.substr(0,p); }else{ fields_t tmp; tmp.from_query(sepurl.substr( q+1, (p==string::npos)?string::npos:(p-q-q))); tmp.append_to(f); url = sepurl.substr(0,(p==string::npos)?q:min(p,q)); } } token_t basic_consumer::acquire_token( const service_endpoint_t& sep, const token_t* rt) { util::curl_pick_t curl = util::curl_t::easy_init(); CURLcode r; (r=curl.misc_sets()) || (r=curl.set_write()); if(r) throw exception_curl(OPKELE_CP_ "failed to set basic curly options",r); http_request_t hr( (sep.oauth_method==oauth_post_body)?"POST":"GET", ""); fields_t uq; noquerize_url(hr.url,sep.url,uq); prepare_request(hr,uq,fields_t(),sep,rt); switch(sep.oauth_method) { case oauth_auth_header: throw opkele::not_implemented(OPKELE_CP_ "auth header for token acquisition isn't (yet?) supported"); break; case oauth_post_body: (r=curl.easy_setopt(CURLOPT_POST,1)) || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str())) || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size())); break; case oauth_url_query: break; default: throw opkele::exception(OPKELE_CP_ /* TODO: specialize */ "invalid oauth_method for request_token endpoint"); }; if(r) throw exception_curl(OPKELE_CP_ "failed to set curly options",r); if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) ) throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r); if( (r=curl.easy_perform()) ) throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); token_t rv; string::size_type p=0; while(p!=string::npos) { string::size_type np = curl.response.find('&',p); string part; if(np==string::npos) { part.assign(curl.response.c_str()+p); p = string::npos; }else{ part.assign(curl.response,p,np-p); p = np+1; } string::size_type eq = part.find('='); if(eq==string::npos) continue; string n(part,0,eq); if(n=="oauth_token") { if(!rv.key.empty()) /* TODO: specialize */ throw opkele::exception(OPKELE_CP_ "found oauth_token twice"); rv.key = util::url_decode(part.substr(eq+1)); }else if(n=="oauth_token_secret") { if(!rv.secret.empty()) /* TODO: specialize */ throw opkele::exception(OPKELE_CP_ "found oauth_secret twice"); rv.secret = util::url_decode(part.substr(eq+1)); } } return rv; } - void basic_consumer::prepare_request( + http_request_t& basic_consumer::prepare_request( http_request_t& req, const basic_fields& qf,const basic_fields& pf, oauth_method_t om,const string& sm, const token_t *t,const string& realm) { fields_t op; op.set_field("oauth_consumer_key",consumer_token.key); if(t) op.set_field("oauth_token",t->key); op.set_field("oauth_signature_method",sm); time_t now; op.set_field("oauth_timestamp", util::long_to_string(time(&now))); op.set_field("oauth_nonce",allocate_nonce(now)); op.set_field("oauth_version","1.0"); /* TODO: normalize and strip down url */ { fields_t af; /* TODO: optimize, I don't want it to be copied */ qf.copy_to(af); pf.append_to(af); op.append_to(af); op.set_field("oauth_signature", signature( req.method,req.url,af,t) ); } req.authorize_header.clear(); if(om==oauth_auth_header) { req.authorize_header = "OAuth "; req.authorize_header += "realm=\""; req.authorize_header += util::url_encode(realm); req.authorize_header += '\"'; for(basic_fields::fields_iterator i=op.fields_begin(),ie=op.fields_end(); i!=ie;++i) { req.authorize_header += ", "; req.authorize_header += *i; req.authorize_header += "=\""; req.authorize_header += util::url_encode(op.get_field(*i)); req.authorize_header += "\""; } req.url = qf.append_query(req.url); req.body = pf.query_string(); }else if(om==oauth_post_body) { assert(req.method=="POST"); /* TODO: optimize, don't copy it over and over */ fields_t p; pf.append_to(p); op.append_to(p); req.url = qf.append_query(req.url); req.body = p.query_string(); }else if(om==oauth_url_query) { fields_t q; qf.append_to(q); op.append_to(q); req.url = q.append_query(req.url); req.body = pf.query_string(); }else throw opkele::exception(OPKELE_CP_ /* TODO: specialize */ "Unknown oauth method"); + return req; } - void basic_consumer::prepare_request( + http_request_t& basic_consumer::prepare_request( http_request_t& req, const basic_fields& qf,const basic_fields& pf, const service_endpoint_t& sep, const token_t *t,const string& realm) { - prepare_request( + return prepare_request( req, qf, pf, sep.oauth_method,sep.signature_method, t,realm); } + http_request_t& basic_consumer::prepare_request( + http_request_t& req, + const basic_fields& qf,const basic_fields& pf, + const token_t *t,const string& realm) { + service_endpoint_t sep; + return prepare_request( + req, qf, pf, + get_endpoints().get_url_endpoint(sep,req.url), + t, realm ); + } + void http_request_t::setup_curl(CURL *curl) { CURLcode r; r = curl_easy_setopt(curl,CURLOPT_URL,url.c_str()); if(r) throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r); if(method=="POST") { (r = curl_easy_setopt(curl,CURLOPT_POST,1)) || (r = curl_easy_setopt(curl,CURLOPT_POSTFIELDS,body.c_str())) || (r = curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,body.size())); }else if(method=="GET") { r = curl_easy_setopt(curl,CURLOPT_HTTPGET,1); }else if(method=="HEAD") { r = curl_easy_setopt(curl,CURLOPT_NOBODY,1); }else /* TODO: specialize exception */ throw exception(OPKELE_CP_ "don't know how to handle http method"); if(r) throw exception_curl(OPKELE_CP_ "failed to set curly options",r); if(!authorize_header.empty()) { r = curl_easy_setopt(curl,CURLOPT_HTTPHEADER,(curl_slist*)( _curl_headers_list = curl_slist_append( 0,string("Authorization: "+authorize_header).c_str() ) ) ); if(r) throw exception_curl(OPKELE_CP_ "failed to setup curlie header"); } } const basic_provider_endpoints& simple_consumer::get_endpoints() const { return peps; } const string simple_consumer::allocate_nonce(time_t ts) { # ifndef HAVE_LIBUUID throw opkele::not_implemented(OPKELE_CP_ "not implemented consumer's allocate_nonce()"); # else /* HAVE_LIBUUID */ uuid_t uuid; uuid_generate(uuid); return util::encode_base64(uuid,sizeof(uuid)); # endif /* HAVE_LIBUUID */ } } } |