summaryrefslogtreecommitdiffabout
Side-by-side diff
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--include/opkele/util.h10
-rw-r--r--lib/util.cc28
2 files changed, 37 insertions, 1 deletions
diff --git a/include/opkele/util.h b/include/opkele/util.h
index fd974a1..0130bff 100644
--- a/include/opkele/util.h
+++ b/include/opkele/util.h
@@ -1,116 +1,124 @@
#ifndef __OPKELE_UTIL_H
#define __OPKELE_UTIL_H
#include <time.h>
#include <string>
#include <vector>
#include <opkele/types.h>
namespace opkele {
using std::string;
using std::vector;
/**
* @brief opkele utils namespace
*/
namespace util {
/**
* Convert internal time representation to w3c format
* @param t internal representation
* @return w3c time
* @throw failed_conversion in case of error
*/
string time_to_w3c(time_t t);
/**
* Convert W3C time representation to internal time_t
* @param w w3c representation
* @return converted time
* @throw failed_conversion in case of error
*/
time_t w3c_to_time(const string& w);
/**
- * Encode string to the representation suitable for using in URL.
+ * Encode string to the representation suitable for using in URL
* @param str string to encode
* @return encoded string
* @throw failed_conversion in case of failure
*/
string url_encode(const string& str);
/**
+ * Decode url-encoded string back to normal
+ * @param str url-encoded string
+ * @return decoded string
+ * @throw failed_conversion in case of failure
+ */
+ string url_decode(const string& str);
+
+ /**
* Make string suitable for using as x(ht)ml attribute.
* @param str string to escape
* @return escaped string
*/
string attr_escape(const string& str);
/**
* Convert number to string
* @param l number
* @return string representation
* @throw failed_conversion in case of failure
*/
string long_to_string(long l);
/**
* Convert string to number
* @param s string, containing the number
* @return the number
* @throw failed_conversion in case of failure
*/
long string_to_long(const string& s);
/**
* Encode binary data using base64.
* @param data pointer to binary data
* @param length length of data
* @return encoded data
*/
string encode_base64(const void *data,size_t length);
/**
* Decode binary data from base64 representation.
* @param data base64-encoded data
* @param rv container for decoded binary
*/
void decode_base64(const string& data,vector<unsigned char>& rv);
/**
* Normalize http(s) URI according to RFC3986, section 6. URI is
* expected to have scheme: in front of it.
* @param uri URI
* @return normalized URI
* @throw not_implemented in case of non-httpi(s) URI
* @throw bad_input in case of malformed URI
*/
string rfc_3986_normalize_uri(const string& uri);
string normalize_identifier(const string& usi,bool strip_fragment);
/**
* Match URI against realm
* @param uri URI to match
* @param realm realm to match against
* @return true if URI matches realm
*/
bool uri_matches_realm(const string& uri,const string& realm);
/**
* Strip fragment part from URI
* @param uri input/output parameter containing the URI
* @return reference to uri
*/
string& strip_uri_fragment_part(string& uri);
/**
* Calculate signature and encode it using base64
* @param assoc association being used for signing
* @param om openid message
* @return base64 representation of the signature
*/
string base64_signature(const assoc_t& assoc,const basic_openid_message& om);
}
}
#endif /* __OPKELE_UTIL_H */
diff --git a/lib/util.cc b/lib/util.cc
index a6e08e2..3e7f3aa 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -1,497 +1,525 @@
#include <errno.h>
#include <cassert>
#include <cctype>
#include <cstring>
#include <vector>
#include <string>
#include <stack>
#include <algorithm>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <opkele/util.h>
#include <opkele/exception.h>
#include <opkele/data.h>
#include <opkele/debug.h>
#include <config.h>
#ifdef HAVE_DEMANGLE
# include <cxxabi.h>
#endif
namespace opkele {
using namespace std;
namespace util {
/*
* base64
*/
string encode_base64(const void *data,size_t length) {
BIO *b64 = 0, *bmem = 0;
try {
b64 = BIO_new(BIO_f_base64());
if(!b64)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder");
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
BIO_set_flags(b64,BIO_CLOSE);
if(!bmem)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer");
BIO_push(b64,bmem);
if(((size_t)BIO_write(b64,data,length))!=length)
throw exception_openssl(OPKELE_CP_ "failed to BIO_write()");
if(BIO_flush(b64)!=1)
throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()");
char *rvd;
long rvl = BIO_get_mem_data(bmem,&rvd);
string rv(rvd,rvl);
BIO_free_all(b64);
return rv;
}catch(...) {
if(b64) BIO_free_all(b64);
throw;
}
}
void decode_base64(const string& data,vector<unsigned char>& rv) {
BIO *b64 = 0, *bmem = 0;
rv.clear();
try {
bmem = BIO_new_mem_buf((void*)data.data(),data.size());
if(!bmem)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()");
b64 = BIO_new(BIO_f_base64());
if(!b64)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder");
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
BIO_push(b64,bmem);
unsigned char tmp[512];
size_t rb = 0;
while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0)
rv.insert(rv.end(),tmp,&tmp[rb]);
BIO_free_all(b64);
}catch(...) {
if(b64) BIO_free_all(b64);
throw;
}
}
/*
* big numerics
*/
BIGNUM *base64_to_bignum(const string& b64) {
vector<unsigned char> bin;
decode_base64(b64,bin);
BIGNUM *rv = BN_bin2bn(&(bin.front()),bin.size(),0);
if(!rv)
throw failed_conversion(OPKELE_CP_ "failed to BN_bin2bn()");
return rv;
}
BIGNUM *dec_to_bignum(const string& dec) {
BIGNUM *rv = 0;
if(!BN_dec2bn(&rv,dec.c_str()))
throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()");
return rv;
}
string bignum_to_base64(const BIGNUM *bn) {
vector<unsigned char> bin(BN_num_bytes(bn)+1);
unsigned char *binptr = &(bin.front())+1;
int l = BN_bn2bin(bn,binptr);
if(l && (*binptr)&0x80){
(*(--binptr)) = 0; ++l;
}
return encode_base64(binptr,l);
}
/*
* w3c times
*/
string time_to_w3c(time_t t) {
struct tm tm_t;
if(!gmtime_r(&t,&tm_t))
throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()");
char rv[25];
if(!strftime(rv,sizeof(rv)-1,"%Y-%m-%dT%H:%M:%SZ",&tm_t))
throw failed_conversion(OPKELE_CP_ "failed to strftime()");
return rv;
}
time_t w3c_to_time(const string& w) {
int fraction;
struct tm tm_t;
memset(&tm_t,0,sizeof(tm_t));
if( (
sscanf(
w.c_str(),
"%04d-%02d-%02dT%02d:%02d:%02dZ",
&tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday,
&tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec
) != 6
) && (
sscanf(
w.c_str(),
"%04d-%02d-%02dT%02d:%02d:%02d.%03dZ",
&tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday,
&tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec,
&fraction
) != 7
) )
throw failed_conversion(OPKELE_CP_ "failed to sscanf()");
tm_t.tm_mon--;
tm_t.tm_year-=1900;
time_t rv = mktime(&tm_t);
if(rv==(time_t)-1)
throw failed_conversion(OPKELE_CP_ "failed to mktime()");
return rv-timezone;
}
/*
*
*/
static inline bool isrfc3986unreserved(int c) {
if(c<'-') return false;
if(c<='.') return true;
if(c<'0') return false; if(c<='9') return true;
if(c<'A') return false; if(c<='Z') return true;
if(c<'_') return false;
if(c=='_') return true;
if(c<'a') return false; if(c<='z') return true;
if(c=='~') return true;
return false;
}
struct __url_encoder : public unary_function<char,void> {
public:
string& rv;
__url_encoder(string& r) : rv(r) { }
result_type operator()(argument_type c) {
if(isrfc3986unreserved(c))
rv += c;
else{
char tmp[4];
snprintf(tmp,sizeof(tmp),"%%%02X",
(c&0xff));
rv += tmp;
}
}
};
string url_encode(const string& str) {
string rv;
for_each(str.begin(),str.end(),
__url_encoder(rv));
return rv;
}
+ string url_decode(const string& str) {
+ string rv;
+ back_insert_iterator<string> ii(rv);
+ for(string::const_iterator i=str.begin(),ie=str.end();
+ i!=ie;++i) {
+ switch(*i) {
+ case '+':
+ *(ii++) = ' '; break;
+ case '%':
+ ++i;
+ static char tmp[3] = {0,0,0};
+ if(i==ie)
+ throw failed_conversion(OPKELE_CP_ "trailing percent in the url-encoded string");
+ tmp[0] == *(i++);
+ if(i==ie)
+ throw failed_conversion(OPKELE_CP_ "not enough hexadecimals after the percent sign in url-encoded string");
+ tmp[1] == *i;
+ if(!(isxdigit(tmp[0]) && isxdigit(tmp[1])))
+ throw failed_conversion(OPKELE_CP_ "non-hex follows percent in url-encoded string");
+ *(ii++) = strtol(tmp,0,16);
+ break;
+ default:
+ *(ii++) = *i; break;
+ }
+ }
+ return rv;
+ }
+
string attr_escape(const string& str) {
static const char *unsafechars = "<>&\n\"'";
string rv;
string::size_type p=0;
while(true) {
string::size_type us = str.find_first_of(unsafechars,p);
if(us==string::npos) {
if(p!=str.length())
rv.append(str,p,str.length()-p);
return rv;
}
rv.append(str,p,us-p);
rv += "&#";
rv += long_to_string((long)str[us]);
rv += ';';
p = us+1;
}
}
string long_to_string(long l) {
char rv[32];
int r=snprintf(rv,sizeof(rv),"%ld",l);
if(r<0 || r>=(int)sizeof(rv))
throw failed_conversion(OPKELE_CP_ "failed to snprintf()");
return rv;
}
long string_to_long(const string& s) {
char *endptr = 0;
long rv = strtol(s.c_str(),&endptr,10);
if((!endptr) || endptr==s.c_str())
throw failed_conversion(OPKELE_CP_ "failed to strtol()");
return rv;
}
/*
* Normalize URL according to the rules, described in rfc 3986, section 6
*
* - uppercase hex triplets (e.g. %ab -> %AB)
* - lowercase scheme and host
* - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3,
* that is - [:alpha:][:digit:]._~-
* - remove dot segments
* - remove empty and default ports
* - if there's no path component, add '/'
*/
string rfc_3986_normalize_uri(const string& uri) {
string rv;
string::size_type ns = uri.find_first_not_of(data::_whitespace_chars);
if(ns==string::npos)
throw bad_input(OPKELE_CP_ "Can't normalize empty URI");
string::size_type colon = uri.find(':',ns);
if(colon==string::npos)
throw bad_input(OPKELE_CP_ "No scheme specified in URI");
transform(
uri.begin()+ns, uri.begin()+colon+1,
back_inserter(rv), ::tolower );
bool s;
string::size_type ul = uri.find_last_not_of(data::_whitespace_chars)+1;
if(ul <= (colon+3))
throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered");
if(uri[colon+1]!='/' || uri[colon+2]!='/')
throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");
if(rv=="http:")
s = false;
else if(rv=="https:")
s = true;
else{
/* TODO: support more schemes. e.g. xri. How do we normalize
* xri?
*/
rv.append(uri,colon+1,ul-colon-1);
return rv;
}
rv += "//";
string::size_type interesting = uri.find_first_of(":/#?",colon+3);
if(interesting==string::npos) {
transform(
uri.begin()+colon+3,uri.begin()+ul,
back_inserter(rv), ::tolower );
rv += '/'; return rv;
}
transform(
uri.begin()+colon+3,uri.begin()+interesting,
back_inserter(rv), ::tolower );
bool qf = false;
char ic = uri[interesting];
if(ic==':') {
string::size_type ni = uri.find_first_of("/#?%",interesting+1);
const char *nptr = uri.data()+interesting+1;
char *eptr = 0;
long port = strtol(nptr,&eptr,10);
if( (port>0) && (port<65535) && port!=(s?443:80) ) {
char tmp[8];
snprintf(tmp,sizeof(tmp),":%ld",port);
rv += tmp;
}
if(ni==string::npos) {
rv += '/'; return rv;
}
interesting = ni;
}else if(ic!='/') {
rv += '/'; rv += ic;
qf = true;
++interesting;
}
string::size_type n = interesting;
char tmp[3] = { 0,0,0 };
stack<string::size_type> psegs; psegs.push(rv.length());
string pseg;
for(;n<ul;) {
string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);
if(unsafe==string::npos) {
pseg.append(uri,n,ul-n-1); n = ul-1;
}else{
pseg.append(uri,n,unsafe-n);
n = unsafe;
}
char c = uri[n++];
if(c=='%') {
if((n+1)>=ul)
throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");
tmp[0] = uri[n++];
tmp[1] = uri[n++];
if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) ))
throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized");
int cc = strtol(tmp,0,16);
if( isalpha(cc) || isdigit(cc) || strchr("._~-",cc) )
pseg += cc;
else{
pseg += '%';
pseg += toupper(tmp[0]); pseg += toupper(tmp[1]);
}
}else if(qf) {
rv += pseg; rv += c;
pseg.clear();
}else if(n>=ul || strchr("?/#",c)) {
if(pseg.empty() || pseg==".") {
}else if(pseg=="..") {
if(psegs.size()>1) {
rv.resize(psegs.top()); psegs.pop();
}
}else{
psegs.push(rv.length());
if(c!='/') {
pseg += c;
qf = true;
}
rv += '/'; rv += pseg;
}
if(c=='/' && (n>=ul || strchr("?#",uri[n])) ) {
rv += '/';
if(n<ul)
qf = true;
}else if(strchr("?#",c)) {
if(psegs.size()==1 && psegs.top()==rv.length())
rv += '/';
if(pseg.empty())
rv += c;
qf = true;
}
pseg.clear();
}else{
pseg += c;
}
}
if(!pseg.empty()) {
if(!qf) rv += '/';
rv += pseg;
}
return rv;
}
string& strip_uri_fragment_part(string& u) {
string::size_type q = u.find('?'), f = u.find('#');
if(q==string::npos) {
if(f!=string::npos)
u.erase(f);
}else{
if(f!=string::npos) {
if(f<q)
u.erase(f,q-f);
else
u.erase(f);
}
}
return u;
}
bool uri_matches_realm(const string& uri,const string& realm) {
string nrealm = opkele::util::rfc_3986_normalize_uri(realm);
string nu = opkele::util::rfc_3986_normalize_uri(uri);
string::size_type pr = nrealm.find("://");
string::size_type pu = nu.find("://");
assert(!(pr==string::npos || pu==string::npos));
pr += sizeof("://")-1;
pu += sizeof("://")-1;
if(!strncmp(nrealm.c_str()+pr,"*.",2)) {
pr = nrealm.find('.',pr);
pu = nu.find('.',pu);
assert(pr!=string::npos);
if(pu==string::npos)
return false;
// TODO: check for overgeneralized realm
}
string::size_type lr = nrealm.length();
string::size_type lu = nu.length();
if( (lu-pu) < (lr-pr) )
return false;
pair<const char*,const char*> mp = mismatch(
nrealm.c_str()+pr,nrealm.c_str()+lr,
nu.c_str()+pu);
if( (*(mp.first-1))!='/'
&& !strchr("/?#",*mp.second) )
return false;
return true;
}
string abi_demangle(const char *mn) {
#ifndef HAVE_DEMANGLE
return mn;
#else /* !HAVE_DEMANGLE */
int dstat;
char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);
if(dstat)
return mn;
string rv = demangled;
free(demangled);
return rv;
#endif /* !HAVE_DEMANGLE */
}
string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {
const string& slist = om.get_field("signed");
string kv;
string::size_type p=0;
while(true) {
string::size_type co = slist.find(',',p);
string f = (co==string::npos)
?slist.substr(p):slist.substr(p,co-p);
kv += f;
kv += ':';
kv += om.get_field(f);
kv += '\n';
if(co==string::npos) break;
p = co+1;
}
const secret_t& secret = assoc->secret();
const EVP_MD *evpmd;
const string& at = assoc->assoc_type();
if(at=="HMAC-SHA256")
evpmd = EVP_sha256();
else if(at=="HMAC-SHA1")
evpmd = EVP_sha1();
else
throw unsupported(OPKELE_CP_ "unknown association type");
unsigned int md_len = 0;
unsigned char md[SHA256_DIGEST_LENGTH];
HMAC(evpmd,
&(secret.front()),secret.size(),
(const unsigned char*)kv.data(),kv.length(),
md,&md_len);
return encode_base64(md,md_len);
}
string normalize_identifier(const string& usi,bool strip_fragment) {
if(usi.empty())
return usi;
string rv;
string::size_type fsc = usi.find_first_not_of(data::_whitespace_chars);
if(fsc==string::npos)
return rv;
string::size_type lsc = usi.find_last_not_of(data::_whitespace_chars);
assert(lsc!=string::npos);
if(!strncasecmp(usi.c_str()+fsc,"xri://",sizeof("xri://")-1))
fsc += sizeof("xri://")-1;
if( (fsc+1) >= lsc )
return rv;
rv.assign(usi,fsc,lsc-fsc+1);
if(strchr(data::_iname_leaders,rv[0])) {
/* TODO: further normalize xri identity, fold case or
* whatever... */
}else{
if(rv.find("://")==string::npos)
rv.insert(0,"http://");
if(strip_fragment) {
string::size_type fp = rv.find('#');
if(fp!=string::npos) {
string::size_type qp = rv.find('?');
if(qp==string::npos || qp<fp)
rv.erase(fp);
else if(qp>fp)
rv.erase(fp,qp-fp);
}
}
rv = rfc_3986_normalize_uri(rv);
}
return rv;
}
}
}