| -rw-r--r-- | lib/util.cc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/util.cc b/lib/util.cc index b85a377..bb8a2e8 100644 --- a/lib/util.cc +++ b/lib/util.cc | |||
| @@ -1,46 +1,48 @@ | |||
| 1 | #include <errno.h> | 1 | #include <errno.h> |
| 2 | #include <cassert> | 2 | #include <cassert> |
| 3 | #include <cctype> | 3 | #include <cctype> |
| 4 | #include <cstring> | 4 | #include <cstring> |
| 5 | #include <vector> | 5 | #include <vector> |
| 6 | #include <string> | 6 | #include <string> |
| 7 | #include <stack> | 7 | #include <stack> |
| 8 | #include <algorithm> | 8 | #include <algorithm> |
| 9 | #include <openssl/bio.h> | 9 | #include <openssl/bio.h> |
| 10 | #include <openssl/evp.h> | 10 | #include <openssl/evp.h> |
| 11 | #include <openssl/sha.h> | ||
| 11 | #include <openssl/hmac.h> | 12 | #include <openssl/hmac.h> |
| 12 | #include <curl/curl.h> | 13 | #include <curl/curl.h> |
| 13 | #include "opkele/util.h" | 14 | #include <opkele/util.h> |
| 14 | #include "opkele/exception.h" | 15 | #include <opkele/exception.h> |
| 16 | #include <opkele/debug.h> | ||
| 15 | 17 | ||
| 16 | #include <config.h> | 18 | #include <config.h> |
| 17 | #ifdef HAVE_DEMANGLE | 19 | #ifdef HAVE_DEMANGLE |
| 18 | # include <cxxabi.h> | 20 | # include <cxxabi.h> |
| 19 | #endif | 21 | #endif |
| 20 | 22 | ||
| 21 | namespace opkele { | 23 | namespace opkele { |
| 22 | using namespace std; | 24 | using namespace std; |
| 23 | 25 | ||
| 24 | namespace util { | 26 | namespace util { |
| 25 | 27 | ||
| 26 | /* | 28 | /* |
| 27 | * base64 | 29 | * base64 |
| 28 | */ | 30 | */ |
| 29 | string encode_base64(const void *data,size_t length) { | 31 | string encode_base64(const void *data,size_t length) { |
| 30 | BIO *b64 = 0, *bmem = 0; | 32 | BIO *b64 = 0, *bmem = 0; |
| 31 | try { | 33 | try { |
| 32 | b64 = BIO_new(BIO_f_base64()); | 34 | b64 = BIO_new(BIO_f_base64()); |
| 33 | if(!b64) | 35 | if(!b64) |
| 34 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); | 36 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); |
| 35 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); | 37 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
| 36 | bmem = BIO_new(BIO_s_mem()); | 38 | bmem = BIO_new(BIO_s_mem()); |
| 37 | BIO_set_flags(b64,BIO_CLOSE); | 39 | BIO_set_flags(b64,BIO_CLOSE); |
| 38 | if(!bmem) | 40 | if(!bmem) |
| 39 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); | 41 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); |
| 40 | BIO_push(b64,bmem); | 42 | BIO_push(b64,bmem); |
| 41 | if(((size_t)BIO_write(b64,data,length))!=length) | 43 | if(((size_t)BIO_write(b64,data,length))!=length) |
| 42 | throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); | 44 | throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); |
| 43 | if(BIO_flush(b64)!=1) | 45 | if(BIO_flush(b64)!=1) |
| 44 | throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); | 46 | throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); |
| 45 | char *rvd; | 47 | char *rvd; |
| 46 | long rvl = BIO_get_mem_data(bmem,&rvd); | 48 | long rvl = BIO_get_mem_data(bmem,&rvd); |
| @@ -391,42 +393,43 @@ namespace opkele { | |||
| 391 | return mn; | 393 | return mn; |
| 392 | string rv = demangled; | 394 | string rv = demangled; |
| 393 | free(demangled); | 395 | free(demangled); |
| 394 | return rv; | 396 | return rv; |
| 395 | #endif /* !HAVE_DEMANGLE */ | 397 | #endif /* !HAVE_DEMANGLE */ |
| 396 | } | 398 | } |
| 397 | 399 | ||
| 398 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { | 400 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { |
| 399 | const string& slist = om.get_field("signed"); | 401 | const string& slist = om.get_field("signed"); |
| 400 | string kv; | 402 | string kv; |
| 401 | string::size_type p=0; | 403 | string::size_type p=0; |
| 402 | while(true) { | 404 | while(true) { |
| 403 | string::size_type co = slist.find(',',p); | 405 | string::size_type co = slist.find(',',p); |
| 404 | string f = (co==string::npos) | 406 | string f = (co==string::npos) |
| 405 | ?slist.substr(p):slist.substr(p,co-p); | 407 | ?slist.substr(p):slist.substr(p,co-p); |
| 406 | kv += f; | 408 | kv += f; |
| 407 | kv += ':'; | 409 | kv += ':'; |
| 408 | kv += om.get_field(f); | 410 | kv += om.get_field(f); |
| 409 | kv += '\n'; | 411 | kv += '\n'; |
| 410 | if(co==string::npos) break; | 412 | if(co==string::npos) break; |
| 411 | p = co+1; | 413 | p = co+1; |
| 412 | } | 414 | } |
| 413 | const secret_t& secret = assoc->secret(); | 415 | const secret_t& secret = assoc->secret(); |
| 414 | const EVP_MD *evpmd; | 416 | const EVP_MD *evpmd; |
| 415 | const string& at = assoc->assoc_type(); | 417 | const string& at = assoc->assoc_type(); |
| 416 | if(at=="HMAC-SHA256") | 418 | if(at=="HMAC-SHA256") |
| 417 | evpmd = EVP_sha256(); | 419 | evpmd = EVP_sha256(); |
| 418 | else if(at=="HMAC-SHA1") | 420 | else if(at=="HMAC-SHA1") |
| 419 | evpmd = EVP_sha1(); | 421 | evpmd = EVP_sha1(); |
| 420 | else | 422 | else |
| 421 | throw unsupported(OPKELE_CP_ "unknown association type"); | 423 | throw unsupported(OPKELE_CP_ "unknown association type"); |
| 422 | unsigned int md_len = 0; | 424 | unsigned int md_len = 0; |
| 423 | unsigned char *md = HMAC(evpmd, | 425 | unsigned char md[SHA256_DIGEST_LENGTH]; |
| 426 | HMAC(evpmd, | ||
| 424 | &(secret.front()),secret.size(), | 427 | &(secret.front()),secret.size(), |
| 425 | (const unsigned char*)kv.data(),kv.length(), | 428 | (const unsigned char*)kv.data(),kv.length(), |
| 426 | 0,&md_len); | 429 | md,&md_len); |
| 427 | return encode_base64(md,md_len); | 430 | return encode_base64(md,md_len); |
| 428 | } | 431 | } |
| 429 | 432 | ||
| 430 | } | 433 | } |
| 431 | 434 | ||
| 432 | } | 435 | } |