summaryrefslogtreecommitdiffabout
path: root/lib/oauth-consumer.cc
Unidiff
Diffstat (limited to 'lib/oauth-consumer.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/oauth-consumer.cc240
1 files changed, 240 insertions, 0 deletions
diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc
new file mode 100644
index 0000000..d717ed3
--- a/dev/null
+++ b/lib/oauth-consumer.cc
@@ -0,0 +1,240 @@
1#include <openssl/sha.h>
2#include <openssl/evp.h>
3#include <openssl/hmac.h>
4#include <opkele/oauth/consumer.h>
5#include <opkele/exception.h>
6#include <opkele/util.h>
7#include <opkele/curl.h>
8#include <opkele/debug.h>
9
10#include "config.h"
11#ifdef HAVE_LIBUUID
12# include <uuid/uuid.h>
13#endif
14
15namespace opkele {
16 namespace oauth {
17
18 const service_endpoint_t&
19 simple_provider_endpoints::get_request_token_endpoint() const {
20 return sep_request_token; }
21 const service_endpoint_t&
22 simple_provider_endpoints::get_authorize_user_endpoint() const {
23 return sep_authorize_user; }
24 const service_endpoint_t&
25 simple_provider_endpoints::get_access_token_endpoint() const {
26 return sep_access_token; }
27 service_endpoint_t&
28 simple_provider_endpoints::get_url_endpoint(service_endpoint_t& sep,
29 const string& url) const {
30 sep = sep_generic;
31 sep.url = url;
32 return sep; }
33
34 token_t basic_consumer::get_request_token() {
35 return acquire_token(get_endpoints().get_request_token_endpoint());
36 }
37
38 const string basic_consumer::get_authorize_url(const token_t& rt,const string& callback) {
39 fields_t f;
40 f.set_field("oauth_token",rt.key);
41 if(!callback.empty())
42 f.set_field("oauth_callback",callback);
43 return f.append_query(
44 get_endpoints().get_authorize_user_endpoint().url );
45 }
46
47 token_t basic_consumer::get_access_token(const token_t& rt) {
48 return acquire_token(get_endpoints().get_access_token_endpoint(),&rt);
49 }
50
51 const string basic_consumer::signature(
52 const string& method, const string& url,
53 const basic_fields& fields,
54 const token_t* at) {
55 if(fields.get_field("oauth_signature_method")!="HMAC-SHA1")
56 throw opkele::not_implemented(OPKELE_CP_
57 "only HMAC-SHA1 signature is implemented");
58 string key = util::url_encode(consumer_token.secret);
59 key += '&';
60 if(at)
61 key += util::url_encode(at->secret);
62 /* TODO: do not build the whole subject */
63 string subject = method;
64 subject += '&';
65 string u = util::rfc_3986_normalize_uri(url);
66 string::size_type uco = u.find_first_of("#?");
67 if(uco!=string::npos) u.erase(uco);
68 subject += util::url_encode(u);
69 subject += '&';
70 subject += util::url_encode( fields.query_string() );
71 unsigned char md[SHA_DIGEST_LENGTH];
72 unsigned int md_len = 0;
73 HMAC( EVP_sha1(),
74 key.c_str(),key.size(),
75 (const unsigned char *)subject.c_str(),subject.size(),
76 md,&md_len );
77 assert(md_len==sizeof(md));
78 return util::encode_base64(md,md_len);
79 }
80
81 static void noquerize_url(string& url,const string& sepurl,basic_fields& f) {
82 string::size_type q = sepurl.find('?'),
83 p = sepurl.find('#');
84 if(q==string::npos) {
85 url = sepurl.substr(0,p);
86 }else{
87 fields_t tmp;
88 tmp.from_query(sepurl.substr(
89 q+1,
90 (p==string::npos)?string::npos:(p-q-q)));
91 tmp.append_to(f);
92 url = sepurl.substr(0,(p==string::npos)?q:min(p,q));
93 }
94 }
95
96 token_t basic_consumer::acquire_token(
97 const service_endpoint_t& sep,
98 const token_t* rt) {
99 util::curl_pick_t curl = util::curl_t::easy_init();
100 CURLcode r;
101 (r=curl.misc_sets())
102 || (r=curl.set_write());
103 if(r)
104 throw exception_curl(OPKELE_CP_ "failed to set basic curly options",r);
105 http_request_t hr(
106 (sep.oauth_method==oauth_post_body)?"POST":"GET",
107 "");
108 fields_t uq;
109 noquerize_url(hr.url,sep.url,uq);
110 prepare_request(hr,uq,fields_t(),sep,rt);
111 switch(sep.oauth_method) {
112 case oauth_auth_header:
113 throw opkele::not_implemented(OPKELE_CP_
114 "auth header for token acquisition isn't (yet?) supported");
115 break;
116 case oauth_post_body:
117 (r=curl.easy_setopt(CURLOPT_POST,1))
118 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str()))
119 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size()));
120 break;
121 case oauth_url_query:
122 break;
123 default:
124 throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
125 "invalid oauth_method for request_token endpoint");
126 };
127 if(r)
128 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
129 if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) )
130 throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
131 if( (r=curl.easy_perform()) )
132 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
133 token_t rv;
134 string::size_type p=0;
135 while(p!=string::npos) {
136 string::size_type np = curl.response.find('&',p);
137 string part;
138 if(np==string::npos) {
139 part.assign(curl.response.c_str()+p); p = string::npos;
140 }else{
141 part.assign(curl.response,p,np-p); p = np+1;
142 }
143 string::size_type eq = part.find('=');
144 if(eq==string::npos) continue;
145 string n(part,0,eq);
146 if(n=="oauth_token") {
147 if(!rv.key.empty()) /* TODO: specialize */
148 throw opkele::exception(OPKELE_CP_ "found oauth_token twice");
149 rv.key = util::url_decode(part.substr(eq+1));
150 }else if(n=="oauth_token_secret") {
151 if(!rv.secret.empty()) /* TODO: specialize */
152 throw opkele::exception(OPKELE_CP_ "found oauth_secret twice");
153 rv.secret = util::url_decode(part.substr(eq+1));
154 }
155 }
156 return rv;
157 }
158
159 void basic_consumer::prepare_request(
160 http_request_t& req,
161 const basic_fields& qf,const basic_fields& pf,
162 oauth_method_t om,const string& sm,
163 const token_t *t,const string& realm) {
164 fields_t op;
165 op.set_field("oauth_consumer_key",consumer_token.key);
166 if(t) op.set_field("oauth_token",t->key);
167 op.set_field("oauth_signature_method",sm);
168 time_t now;
169 op.set_field("oauth_timestamp",
170 util::long_to_string(time(&now)));
171 op.set_field("oauth_nonce",allocate_nonce(now));
172 op.set_field("oauth_version","1.0");
173 /* TODO: normalize and strip down url */
174 {
175 fields_t af; /* TODO: optimize, I don't want it to be copied */
176 qf.copy_to(af); pf.append_to(af); op.append_to(af);
177 op.set_field("oauth_signature", signature(
178 req.method,req.url,af,t) );
179 }
180 req.authorize_header.clear();
181 if(om==oauth_auth_header) {
182 req.authorize_header = "OAuth ";
183 req.authorize_header += "realm=\"";
184 req.authorize_header += util::url_encode(realm);
185 req.authorize_header += '\"';
186 for(basic_fields::fields_iterator
187 i=op.fields_begin(),ie=op.fields_end();
188 i!=ie;++i) {
189 req.authorize_header += ", ";
190 req.authorize_header += *i;
191 req.authorize_header += "=\"";
192 req.authorize_header += util::url_encode(op.get_field(*i));
193 req.authorize_header += "\"";
194 }
195 req.url = qf.append_query(req.url);
196 req.body = pf.query_string();
197 }else if(om==oauth_post_body) {
198 assert(req.method=="POST");
199 /* TODO: optimize, don't copy it over and over */
200 fields_t p;
201 pf.append_to(p); op.append_to(p);
202 req.url = qf.append_query(req.url);
203 req.body = p.query_string();
204 }else if(om==oauth_url_query) {
205 fields_t q;
206 qf.append_to(q); op.append_to(q);
207 req.url = q.append_query(req.url);
208 req.body = pf.query_string();
209 }else
210 throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
211 "Unknown oauth method");
212 }
213
214 void basic_consumer::prepare_request(
215 http_request_t& req,
216 const basic_fields& qf,const basic_fields& pf,
217 const service_endpoint_t& sep,
218 const token_t *t,const string& realm) {
219 prepare_request(
220 req, qf, pf,
221 sep.oauth_method,sep.signature_method,
222 t,realm);
223 }
224
225
226 const basic_provider_endpoints& simple_consumer::get_endpoints() const {
227 return peps; }
228
229 const string simple_consumer::allocate_nonce(time_t ts) {
230# ifndef HAVE_LIBUUID
231 throw opkele::not_implemented(OPKELE_CP_
232 "not implemented consumer's allocate_nonce()");
233# else /* HAVE_LIBUUID */
234 uuid_t uuid; uuid_generate(uuid);
235 return util::encode_base64(uuid,sizeof(uuid));
236# endif /* HAVE_LIBUUID */
237 }
238
239 }
240}