-rw-r--r-- | lib/basic_rp.cc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 3357d0b..3cad71c 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc | |||
@@ -1,64 +1,65 @@ | |||
1 | #include <sys/types.h> | ||
1 | #include <cassert> | 2 | #include <cassert> |
2 | #include <openssl/sha.h> | 3 | #include <openssl/sha.h> |
3 | #include <openssl/hmac.h> | 4 | #include <openssl/hmac.h> |
4 | #include <opkele/basic_rp.h> | 5 | #include <opkele/basic_rp.h> |
5 | #include <opkele/exception.h> | 6 | #include <opkele/exception.h> |
6 | #include <opkele/uris.h> | 7 | #include <opkele/uris.h> |
7 | #include <opkele/data.h> | 8 | #include <opkele/data.h> |
8 | #include <opkele/util.h> | 9 | #include <opkele/util.h> |
9 | #include <opkele/util-internal.h> | 10 | #include <opkele/util-internal.h> |
10 | #include <opkele/curl.h> | 11 | #include <opkele/curl.h> |
11 | #include <opkele/debug.h> | 12 | #include <opkele/debug.h> |
12 | 13 | ||
13 | namespace opkele { | 14 | namespace opkele { |
14 | 15 | ||
15 | void basic_RP::reset_vars() { | 16 | void basic_RP::reset_vars() { |
16 | claimed_id.clear(); identity.clear(); | 17 | claimed_id.clear(); identity.clear(); |
17 | } | 18 | } |
18 | 19 | ||
19 | const string& basic_RP::get_claimed_id() const { | 20 | const string& basic_RP::get_claimed_id() const { |
20 | if(claimed_id.empty()) | 21 | if(claimed_id.empty()) |
21 | throw non_identity(OPKELE_CP_ "attempting to retreive claimed_id of non-identity assertion"); | 22 | throw non_identity(OPKELE_CP_ "attempting to retreive claimed_id of non-identity assertion"); |
22 | assert(!identity.empty()); | 23 | assert(!identity.empty()); |
23 | return claimed_id; | 24 | return claimed_id; |
24 | } | 25 | } |
25 | 26 | ||
26 | const string& basic_RP::get_identity() const { | 27 | const string& basic_RP::get_identity() const { |
27 | if(identity.empty()) | 28 | if(identity.empty()) |
28 | throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related assertion"); | 29 | throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related assertion"); |
29 | assert(!claimed_id.empty()); | 30 | assert(!claimed_id.empty()); |
30 | return identity; | 31 | return identity; |
31 | } | 32 | } |
32 | 33 | ||
33 | static void dh_get_secret( | 34 | static void dh_get_secret( |
34 | secret_t& secret, const basic_openid_message& om, | 35 | secret_t& secret, const basic_openid_message& om, |
35 | const char *exp_assoc, const char *exp_sess, | 36 | const char *exp_assoc, const char *exp_sess, |
36 | util::dh_t& dh, | 37 | util::dh_t& dh, |
37 | size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*), | 38 | size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*), |
38 | size_t exp_s_len) try { | 39 | size_t exp_s_len) try { |
39 | if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess) | 40 | if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess) |
40 | throw bad_input(OPKELE_CP_ "Unexpected associate response"); | 41 | throw bad_input(OPKELE_CP_ "Unexpected associate response"); |
41 | util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public")); | 42 | util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public")); |
42 | vector<unsigned char> ck(DH_size(dh)+1); | 43 | vector<unsigned char> ck(DH_size(dh)+1); |
43 | unsigned char *ckptr = &(ck.front())+1; | 44 | unsigned char *ckptr = &(ck.front())+1; |
44 | int cklen = DH_compute_key(ckptr,s_pub,dh); | 45 | int cklen = DH_compute_key(ckptr,s_pub,dh); |
45 | if(cklen<0) | 46 | if(cklen<0) |
46 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 47 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
47 | if(cklen && (*ckptr)&0x80) { | 48 | if(cklen && (*ckptr)&0x80) { |
48 | (*(--ckptr))=0; ++cklen; } | 49 | (*(--ckptr))=0; ++cklen; } |
49 | assert(d_len<=SHA256_DIGEST_LENGTH); | 50 | assert(d_len<=SHA256_DIGEST_LENGTH); |
50 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; | 51 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; |
51 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); | 52 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); |
52 | if(secret.size()!=exp_s_len) | 53 | if(secret.size()!=exp_s_len) |
53 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); | 54 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); |
54 | }catch(opkele::failed_lookup& ofl) { | 55 | }catch(opkele::failed_lookup& ofl) { |
55 | throw bad_input(OPKELE_CP_ "Incoherent response from OP"); | 56 | throw bad_input(OPKELE_CP_ "Incoherent response from OP"); |
56 | } OPKELE_RETHROW | 57 | } OPKELE_RETHROW |
57 | 58 | ||
58 | static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) { | 59 | static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) { |
59 | util::curl_pick_t curl = util::curl_pick_t::easy_init(); | 60 | util::curl_pick_t curl = util::curl_pick_t::easy_init(); |
60 | if(!curl) | 61 | if(!curl) |
61 | throw exception_curl(OPKELE_CP_ "failed to initialize curl"); | 62 | throw exception_curl(OPKELE_CP_ "failed to initialize curl"); |
62 | string request = inm.query_string(); | 63 | string request = inm.query_string(); |
63 | CURLcode r; | 64 | CURLcode r; |
64 | (r=curl.misc_sets()) | 65 | (r=curl.misc_sets()) |