summaryrefslogtreecommitdiffabout
path: root/lib/consumer.cc
Unidiff
Diffstat (limited to 'lib/consumer.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/consumer.cc53
1 files changed, 47 insertions, 6 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 8f66688..299b3bc 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,63 +1,70 @@
1#include <algorithm> 1#include <algorithm>
2#include <cassert> 2#include <cassert>
3#include <opkele/util.h> 3#include <opkele/util.h>
4#include <opkele/exception.h> 4#include <opkele/exception.h>
5#include <opkele/data.h> 5#include <opkele/data.h>
6#include <opkele/consumer.h> 6#include <opkele/consumer.h>
7#include <openssl/sha.h> 7#include <openssl/sha.h>
8#include <openssl/hmac.h> 8#include <openssl/hmac.h>
9#include <curl/curl.h> 9#include <curl/curl.h>
10#include <pcre++.h>
11 10
12#include <iostream> 11#include <iostream>
13 12
14#include "config.h" 13#include "config.h"
15 14
15#if defined(USE_LIBPCRECPP)
16# include <pcrecpp.h>
17#elif defined(USE_PCREPP)
18# include <pcre++.h>
19#else
20 /* internal implementation won't be built */
21#endif
22
16namespace opkele { 23namespace opkele {
17 using namespace std; 24 using namespace std;
18 25
19 class curl_t { 26 class curl_t {
20 public: 27 public:
21 CURL *_c; 28 CURL *_c;
22 29
23 curl_t() : _c(0) { } 30 curl_t() : _c(0) { }
24 curl_t(CURL *c) : _c(c) { } 31 curl_t(CURL *c) : _c(c) { }
25 ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } 32 ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); }
26 33
27 curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } 34 curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; }
28 35
29 operator const CURL*(void) const { return _c; } 36 operator const CURL*(void) const { return _c; }
30 operator CURL*(void) { return _c; } 37 operator CURL*(void) { return _c; }
31 }; 38 };
32 39
33 static CURLcode curl_misc_sets(CURL* c) { 40 static CURLcode curl_misc_sets(CURL* c) {
34 CURLcode r; 41 CURLcode r;
35 (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) 42 (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))
36 || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) 43 || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))
37 || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) 44 || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))
38 || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) 45 || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))
39 || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) 46 || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION))
40 || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) 47 || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))
41 #ifdefDISABLE_CURL_SSL_VERIFYHOST 48 #ifdefDISABLE_CURL_SSL_VERIFYHOST
42 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0)) 49 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))
43#endif 50#endif
44 #ifdefDISABLE_CURL_SSL_VERIFYPEER 51 #ifdefDISABLE_CURL_SSL_VERIFYPEER
45 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0)) 52 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))
46#endif 53#endif
47 ; 54 ;
48 return r; 55 return r;
49 } 56 }
50 57
51 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { 58 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) {
52 string *str = (string*)stream; 59 string *str = (string*)stream;
53 size_t bytes = size*nmemb; 60 size_t bytes = size*nmemb;
54 size_t get = min(16384-str->length(),bytes); 61 size_t get = min(16384-str->length(),bytes);
55 str->append((const char*)ptr,get); 62 str->append((const char*)ptr,get);
56 return get; 63 return get;
57 } 64 }
58 65
59 assoc_t consumer_t::associate(const string& server) { 66 assoc_t consumer_t::associate(const string& server) {
60 util::dh_t dh = DH_new(); 67 util::dh_t dh = DH_new();
61 if(!dh) 68 if(!dh)
62 throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); 69 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
63 dh->p = util::dec_to_bignum(data::_default_p); 70 dh->p = util::dec_to_bignum(data::_default_p);
@@ -216,141 +223,175 @@ namespace opkele {
216 }catch(failed_check_authentication& fca) { 223 }catch(failed_check_authentication& fca) {
217 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 224 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
218 } 225 }
219 } 226 }
220 if(ext) ext->id_res_hook(pin,ps,identity); 227 if(ext) ext->id_res_hook(pin,ps,identity);
221 } 228 }
222 229
223 void consumer_t::check_authentication(const string& server,const params_t& p) { 230 void consumer_t::check_authentication(const string& server,const params_t& p) {
224 string request = "openid.mode=check_authentication"; 231 string request = "openid.mode=check_authentication";
225 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 232 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
226 if(i->first!="openid.mode") { 233 if(i->first!="openid.mode") {
227 request += '&'; 234 request += '&';
228 request += i->first; 235 request += i->first;
229 request += '='; 236 request += '=';
230 request += util::url_encode(i->second); 237 request += util::url_encode(i->second);
231 } 238 }
232 } 239 }
233 curl_t curl = curl_easy_init(); 240 curl_t curl = curl_easy_init();
234 if(!curl) 241 if(!curl)
235 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 242 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
236 string response; 243 string response;
237 CURLcode r; 244 CURLcode r;
238 (r=curl_misc_sets(curl)) 245 (r=curl_misc_sets(curl))
239 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) 246 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str()))
240 || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) 247 || (r=curl_easy_setopt(curl,CURLOPT_POST,1))
241 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) 248 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data()))
242 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) 249 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length()))
243 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 250 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
244 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) 251 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response))
245 ; 252 ;
246 if(r) 253 if(r)
247 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 254 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
248 if(r=curl_easy_perform(curl)) 255 if(r=curl_easy_perform(curl))
249 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 256 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
250 params_t pp; pp.parse_keyvalues(response); 257 params_t pp; pp.parse_keyvalues(response);
251 if(pp.has_param("invalidate_handle")) 258 if(pp.has_param("invalidate_handle"))
252 invalidate_assoc(server,pp.get_param("invalidate_handle")); 259 invalidate_assoc(server,pp.get_param("invalidate_handle"));
253 if(pp.has_param("is_valid")) { 260 if(pp.has_param("is_valid")) {
254 if(pp.get_param("is_valid")=="true") 261 if(pp.get_param("is_valid")=="true")
255 return; 262 return;
256 }else if(pp.has_param("lifetime")) { 263 }else if(pp.has_param("lifetime")) {
257 if(util::string_to_long(pp.get_param("lifetime"))) 264 if(util::string_to_long(pp.get_param("lifetime")))
258 return; 265 return;
259 } 266 }
260 throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); 267 throw failed_check_authentication(OPKELE_CP_ "failed to verify response");
261 } 268 }
262 269
263 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { 270 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) {
271#if defined(USE_LIBPCRECPP) || defined(USE_PCREPP)
264 server.erase(); 272 server.erase();
265 delegate.erase(); 273 delegate.erase();
266 curl_t curl = curl_easy_init(); 274 curl_t curl = curl_easy_init();
267 if(!curl) 275 if(!curl)
268 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 276 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
269 string html; 277 string html;
270 CURLcode r; 278 CURLcode r;
271 (r=curl_misc_sets(curl)) 279 (r=curl_misc_sets(curl))
272 || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str())) 280 || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str()))
273 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 281 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
274 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html)) 282 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html))
275 ; 283 ;
276 if(r) 284 if(r)
277 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 285 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
278 r = curl_easy_perform(curl); 286 r = curl_easy_perform(curl);
279 if(r && r!=CURLE_WRITE_ERROR) 287 if(r && r!=CURLE_WRITE_ERROR)
280 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 288 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
281 pcrepp::Pcre bre("<body\\b",PCRE_CASELESS);
282 // strip out everything past body 289 // strip out everything past body
290 static const char *re_hdre = "<head[^>]*>",
291 *re_lre = "<link\\b([^>]+)>",
292 *re_rre = "\\brel=['\"]([^'\"]+)['\"]",
293 *re_hre = "\\bhref=['\"]([^'\"]+)['\"]";
294#if defined(USE_LIBPCRECPP)
295 static pcrecpp::RE_Options ro(PCRE_CASELESS|PCRE_DOTALL);
296 static pcrecpp::RE
297 bre("<body\\b.*",ro), hdre(re_hdre,ro),
298 lre(re_lre,ro), rre(re_rre), hre(re_hre,ro);
299 bre.Replace("",&html);
300 pcrecpp::StringPiece hpiece(html);
301 if(!hdre.FindAndConsume(&hpiece))
302 throw bad_input(OPKELE_CP_ "failed to find head");
303 string attrs;
304 while(lre.FindAndConsume(&hpiece,&attrs)) {
305 pcrecpp::StringPiece rel, href;
306 if(!(rre.PartialMatch(attrs,&rel) && hre.PartialMatch(attrs,&href)))
307 continue;
308 if(rel=="openid.server") {
309 href.CopyToString(&server);
310 if(!delegate.empty())
311 break;
312 }else if(rel=="openid.delegate") {
313 href.CopyToString(&delegate);
314 if(!server.empty())
315 break;
316 }
317 }
318#elif defined(USE_PCREPP)
319 pcrepp::Pcre bre("<body\\b",PCRE_CASELESS);
283 if(bre.search(html)) 320 if(bre.search(html))
284 html.erase(bre.get_match_start()); 321 html.erase(bre.get_match_start());
285 pcrepp::Pcre hdre("<head[^>]*>",PCRE_CASELESS); 322 pcrepp::Pcre hdre(re_hdre,PCRE_CASELESS);
286 if(!hdre.search(html)) 323 if(!hdre.search(html))
287 throw bad_input(OPKELE_CP_ "failed to find head"); 324 throw bad_input(OPKELE_CP_ "failed to find head");
288 html.erase(0,hdre.get_match_end()+1); 325 html.erase(0,hdre.get_match_end()+1);
289 pcrepp::Pcre lre("<link\\b([^>]+)>",PCRE_CASELESS), 326 pcrepp::Pcre lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS);
290 rre("\\brel=['\"]([^'\"]+)['\"]",PCRE_CASELESS),
291 hre("\\bhref=['\"]([^'\"]+)['\"]",PCRE_CASELESS);
292 while(lre.search(html)) { 327 while(lre.search(html)) {
293 string attrs = lre[0]; 328 string attrs = lre[0];
294 html.erase(0,lre.get_match_end()+1); 329 html.erase(0,lre.get_match_end()+1);
295 if(!(rre.search(attrs)&&hre.search(attrs))) 330 if(!(rre.search(attrs)&&hre.search(attrs)))
296 continue; 331 continue;
297 if(rre[0]=="openid.server") { 332 if(rre[0]=="openid.server") {
298 server = hre[0]; 333 server = hre[0];
299 if(!delegate.empty()) 334 if(!delegate.empty())
300 break; 335 break;
301 }else if(rre[0]=="openid.delegate") { 336 }else if(rre[0]=="openid.delegate") {
302 delegate = hre[0]; 337 delegate = hre[0];
303 if(!server.empty()) 338 if(!server.empty())
304 break; 339 break;
305 } 340 }
306 } 341 }
342#else
343 #error "I must have gone crazy"
344#endif
307 if(server.empty()) 345 if(server.empty())
308 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); 346 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration");
347#else /* none of the RE bindings enabled */
348 throw not_implemented(OPKELE_CP_ "No internal implementation of retrieve_links were provided at compile-time");
349#endif
309 } 350 }
310 351
311 assoc_t consumer_t::find_assoc(const string& server) { 352 assoc_t consumer_t::find_assoc(const string& server) {
312 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); 353 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided");
313 } 354 }
314 355
315 string consumer_t::normalize(const string& url) { 356 string consumer_t::normalize(const string& url) {
316 string rv = url; 357 string rv = url;
317 // strip leading and trailing spaces 358 // strip leading and trailing spaces
318 string::size_type i = rv.find_first_not_of(" \t\r\n"); 359 string::size_type i = rv.find_first_not_of(" \t\r\n");
319 if(i==string::npos) 360 if(i==string::npos)
320 throw bad_input(OPKELE_CP_ "empty URL"); 361 throw bad_input(OPKELE_CP_ "empty URL");
321 if(i) 362 if(i)
322 rv.erase(0,i); 363 rv.erase(0,i);
323 i = rv.find_last_not_of(" \t\r\n"); 364 i = rv.find_last_not_of(" \t\r\n");
324 assert(i!=string::npos); 365 assert(i!=string::npos);
325 if(i<(rv.length()-1)) 366 if(i<(rv.length()-1))
326 rv.erase(i+1); 367 rv.erase(i+1);
327 // add missing http:// 368 // add missing http://
328 i = rv.find("://"); 369 i = rv.find("://");
329 if(i==string::npos) { // primitive. but do we need more? 370 if(i==string::npos) { // primitive. but do we need more?
330 rv.insert(0,"http://"); 371 rv.insert(0,"http://");
331 i = sizeof("http://")-1; 372 i = sizeof("http://")-1;
332 }else{ 373 }else{
333 i += sizeof("://")-1; 374 i += sizeof("://")-1;
334 } 375 }
335 string::size_type qm = rv.find('?',i); 376 string::size_type qm = rv.find('?',i);
336 string::size_type sl = rv.find('/',i); 377 string::size_type sl = rv.find('/',i);
337 if(qm!=string::npos) { 378 if(qm!=string::npos) {
338 if(sl==string::npos || sl>qm) 379 if(sl==string::npos || sl>qm)
339 rv.insert(qm,1,'/'); 380 rv.insert(qm,1,'/');
340 }else{ 381 }else{
341 if(sl==string::npos) 382 if(sl==string::npos)
342 rv += '/'; 383 rv += '/';
343 } 384 }
344 return rv; 385 return rv;
345 } 386 }
346 387
347 string consumer_t::canonicalize(const string& url) { 388 string consumer_t::canonicalize(const string& url) {
348 string rv = normalize(url); 389 string rv = normalize(url);
349 curl_t curl = curl_easy_init(); 390 curl_t curl = curl_easy_init();
350 if(!curl) 391 if(!curl)
351 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 392 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
352 string html; 393 string html;
353 CURLcode r; 394 CURLcode r;
354 (r=curl_misc_sets(curl)) 395 (r=curl_misc_sets(curl))
355 || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str())) 396 || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str()))
356 || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1)) 397 || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1))