1 files changed, 1 insertions, 0 deletions

diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index c247493..fa659ac 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -1,104 +1,105 @@
 #include <time.h>
 #include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/data.h>
 #include <opkele/basic_op.h>
 #include <opkele/exception.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/uris.h>
 
 namespace opkele {
 
     void basic_OP::reset_vars() {
 	assoc.reset();
 	return_to.clear(); realm.clear();
 	claimed_id.clear(); identity.clear();
 	invalidate_handle.clear();
     }
 
     bool basic_OP::has_return_to() const {
 	return !return_to.empty();
     }
     const string& basic_OP::get_return_to() const {
 	if(return_to.empty())
 	    throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");
 	return return_to;
     }
 
     const string& basic_OP::get_realm() const {
 	assert(!realm.empty());
 	return realm;
     }
 
     bool basic_OP::has_identity() const {
 	return !identity.empty();
     }
     const string& basic_OP::get_claimed_id() const {
 	if(claimed_id.empty())
 	    throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");
 	assert(!identity.empty());
 	return claimed_id;
     }
     const string& basic_OP::get_identity() const {
 	if(identity.empty())
 	    throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request");
 	assert(!claimed_id.empty());
 	return identity;
     }
 
     bool basic_OP::is_id_select() const {
 	return identity==IDURI_SELECT20;
     }
 
     void basic_OP::select_identity(const string& c,const string& i) {
 	claimed_id = c; identity = i;
     }
     void basic_OP::set_claimed_id(const string& c) {
 	claimed_id = c;
     }
 
     basic_openid_message& basic_OP::associate(
 	    basic_openid_message& oum,
 	    const basic_openid_message& inm) try {
 	assert(inm.get_field("mode")=="associate");
 	util::dh_t dh;
 	util::bignum_t c_pub;
 	unsigned char key_digest[SHA256_DIGEST_LENGTH];
 	size_t d_len = 0;
 	string sts = inm.get_field("session_type");
 	string ats = inm.get_field("assoc_type");
 	if(sts=="DH-SHA1" || sts=="DH-SHA256") {
 	    if(!(dh = DH_new()))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
 	    c_pub = util::base64_to_bignum(inm.get_field("dh_consumer_public"));
 	    try { dh->p = util::base64_to_bignum(inm.get_field("dh_modulus"));
 	    }catch(failed_lookup&) {
 		dh->p = util::dec_to_bignum(data::_default_p); }
 	    try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen"));
 	    }catch(failed_lookup&) {
 		dh->g = util::dec_to_bignum(data::_default_g); }
 	    if(!DH_generate_key(dh))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
 	    vector<unsigned char> ck(DH_size(dh)+1);
 	    unsigned char *ckptr = &(ck.front())+1;
 	    int cklen = DH_compute_key(ckptr,c_pub,dh);
 	    if(cklen<0)
 		throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
 	    if(cklen && (*ckptr)&0x80) {
 		(*(--ckptr)) = 0; ++cklen; }
 	    if(sts=="DH-SHA1") {
 		SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH;
 	    }else if(sts=="DH-SHA256") {
 		SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH;
 	    }else
 		throw internal_error(OPKELE_CP_ "I thought I knew the session type");
 	}else
 	    throw unsupported(OPKELE_CP_ "Unsupported session_type");
 	assoc_t a;
 	if(ats=="HMAC-SHA1")
 	    a = alloc_assoc(ats,SHA_DIGEST_LENGTH,false);
 	else if(ats=="HMAC-SHA256")
 	    a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,false);
 	else
 	    throw unsupported(OPKELE_CP_ "Unsupported assoc_type");