1 files changed, 0 insertions, 172 deletions
diff --git a/lib/server.cc b/lib/server.cc
deleted file mode 100644
index 0dea1eb..0000000
--- a/lib/server.cc
+++ b/dev/null
@@ -1,172 +0,0 @@
-#include <cstring>
-#include <vector>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <opkele/util.h>
-#include <opkele/util-internal.h>
-#include <opkele/exception.h>
-#include <opkele/server.h>
-#include <opkele/data.h>
-namespace opkele {
-    using namespace std;
-    void server_t::associate(const params_t& pin,params_t& pout) {
-        util::dh_t dh;
-        util::bignum_t c_pub;
-        unsigned char key_sha1[SHA_DIGEST_LENGTH];
-        enum {
-            sess_cleartext,
-            sess_dh_sha1
-        } st = sess_cleartext;
-        if(
-                pin.has_param("openid.session_type")
-                && pin.get_param("openid.session_type")=="DH-SHA1" ) {
-            /* TODO: fallback to cleartext in case of exceptions here? */
-            if(!(dh = DH_new()))
-                throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
-            c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
-            if(pin.has_param("openid.dh_modulus"))
-                dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
-            else
-                dh->p = util::dec_to_bignum(data::_default_p);
-            if(pin.has_param("openid.dh_gen"))
-                dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
-            else
-                dh->g = util::dec_to_bignum(data::_default_g);
-            if(!DH_generate_key(dh))
-                throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
-            vector<unsigned char> ck(DH_size(dh)+1);
-            unsigned char *ckptr = &(ck.front())+1;
-            int cklen = DH_compute_key(ckptr,c_pub,dh);
-            if(cklen<0)
-                throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
-            if(cklen && (*ckptr)&0x80) {
-                (*(--ckptr)) = 0; ++cklen;
-            }
-            SHA1(ckptr,cklen,key_sha1);
-            st = sess_dh_sha1;
-        }
-        assoc_t assoc = alloc_assoc(mode_associate);
-        time_t now = time(0);
-        pout.clear();
-        pout["assoc_type"] = assoc->assoc_type();
-        pout["assoc_handle"] = assoc->handle();
-        /* TODO: eventually remove deprecated stuff */
-        pout["issued"] = util::time_to_w3c(now);
-        pout["expiry"] = util::time_to_w3c(now+assoc->expires_in());
-        pout["expires_in"] = util::long_to_string(assoc->expires_in());
-        secret_t secret = assoc->secret();
-        switch(st) {
-            case sess_dh_sha1:
-                pout["session_type"] = "DH-SHA1";
-                pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key);
-                secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]);
-                break;
-            default:
-                secret.to_base64(pout["mac_key"]);
-                break;
-        }
-    }
-    void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
-        checkid_(mode_checkid_immediate,pin,return_to,pout,ext);
-    }
-    void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
-        checkid_(mode_checkid_setup,pin,return_to,pout,ext);
-    }
-    void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
-        if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup)
-            throw bad_input(OPKELE_CP_ "invalid checkid_* mode");
-        pout.clear();
-        assoc_t assoc;
-        try {
-            assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
-        }catch(failed_lookup& fl) {
-            // no handle specified or no valid handle found, going dumb
-            assoc = alloc_assoc(mode_checkid_setup);
-            if(pin.has_param("openid.assoc_handle"))
-                pout["invalidate_handle"]=pin.get_param("openid.assoc_handle");
-        }
-        string trust_root;
-        try {
-            trust_root = pin.get_param("openid.trust_root");
-        }catch(failed_lookup& fl) { }
-        string identity = pin.get_param("openid.identity");
-        return_to = pin.get_param("openid.return_to");
-        validate(*assoc,pin,identity,trust_root);
-        pout["mode"] = "id_res";
-        pout["assoc_handle"] = assoc->handle();
-        if(pin.has_param("openid.assoc_handle") && assoc->stateless())
-            pout["invalidate_handle"] = pin.get_param("openid.assoc_handle");
-        pout["identity"] = identity;
-        pout["return_to"] = return_to;
-        /* TODO: eventually remove deprecated stuff */
-        time_t now = time(0);
-        pout["issued"] = util::time_to_w3c(now);
-        pout["valid_to"] = util::time_to_w3c(now+120);
-        pout["exipres_in"] = "120";
-        pout["signed"]="mode,identity,return_to";
-        if(ext) ext->checkid_hook(pin,pout);
-        pout["sig"] = util::base64_signature(assoc,pout);
-    }
-    void server_t::check_authentication(const params_t& pin,params_t& pout) {
-        vector<unsigned char>  sig;
-        const string& sigenc = pin.get_param("openid.sig");
-        util::decode_base64(sigenc,sig);
-        assoc_t assoc;
-        try {
-            assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
-        }catch(failed_lookup& fl) {
-            throw failed_assertion(OPKELE_CP_ "invalid handle or handle not specified");
-        }
-        if(!assoc->stateless())
-            throw stateful_handle(OPKELE_CP_ "will not do check_authentication on a stateful handle");
-        const string& slist = pin.get_param("openid.signed");
-        string kv;
-        string::size_type p =0;
-        while(true) {
-            string::size_type co = slist.find(',',p);
-            string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
-            kv += f;
-            kv += ':';
-            if(f=="mode")
-                kv += "id_res";
-            else {
-                f.insert(0,"openid.");
-                kv += pin.get_param(f);
-            }
-            kv += '\n';
-            if(co==string::npos)
-                break;
-            p = co+1;
-        }
-        secret_t secret = assoc->secret();
-        unsigned int md_len = 0;
-        unsigned char *md = HMAC(
-                EVP_sha1(),
-                &(secret.front()),secret.size(),
-                (const unsigned char *)kv.data(),kv.length(),
-                0,&md_len);
-        pout.clear();
-        if(sig.size()==md_len && !memcmp(&(sig.front()),md,md_len)) {
-            pout["is_valid"]="true";
-            pout["lifetime"]="60"; /* TODO: eventually remove deprecated stuff */
-        }else{
-            pout["is_valid"]="false";
-            pout["lifetime"]="0"; /* TODO: eventually remove deprecated stuff */
-        }
-        if(pin.has_param("openid.invalidate_handle")) {
-            string h = pin.get_param("openid.invalidate_handle");
-            try {
-                assoc_t tmp = retrieve_assoc(h);
-            }catch(invalid_handle& ih) {
-                pout["invalidate_handle"] = h;
-            }catch(failed_lookup& fl) { }
-        }
-    }
-}

diff --git a/lib/server.cc b/lib/server.cc deleted file mode 100644 index 0dea1eb..0000000 --- a/lib/server.cc +++ b/dev/null
@@ -1,172 +0,0 @@
1	#include <cstring>
2	#include <vector>
3	#include <openssl/sha.h>
4	#include <openssl/hmac.h>
5	#include <opkele/util.h>
6	#include <opkele/util-internal.h>
7	#include <opkele/exception.h>
8	#include <opkele/server.h>
9	#include <opkele/data.h>
10
11	namespace opkele {
12	using namespace std;
13
14	void server_t::associate(const params_t& pin,params_t& pout) {
15	util::dh_t dh;
16	util::bignum_t c_pub;
17	unsigned char key_sha1[SHA_DIGEST_LENGTH];
18	enum {
19	sess_cleartext,
20	sess_dh_sha1
21	} st = sess_cleartext;
22	if(
23	pin.has_param("openid.session_type")
24	&& pin.get_param("openid.session_type")=="DH-SHA1" ) {
25	/* TODO: fallback to cleartext in case of exceptions here? */
26	if(!(dh = DH_new()))
27	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
28	c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
29	if(pin.has_param("openid.dh_modulus"))
30	dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
31	else
32	dh->p = util::dec_to_bignum(data::_default_p);
33	if(pin.has_param("openid.dh_gen"))
34	dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
35	else
36	dh->g = util::dec_to_bignum(data::_default_g);
37	if(!DH_generate_key(dh))
38	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
39	vector<unsigned char> ck(DH_size(dh)+1);
40	unsigned char *ckptr = &(ck.front())+1;
41	int cklen = DH_compute_key(ckptr,c_pub,dh);
42	if(cklen<0)
43	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
44	if(cklen && (*ckptr)&0x80) {
45	(*(--ckptr)) = 0; ++cklen;
46	}
47	SHA1(ckptr,cklen,key_sha1);
48	st = sess_dh_sha1;
49	}
50	assoc_t assoc = alloc_assoc(mode_associate);
51	time_t now = time(0);
52	pout.clear();
53	pout["assoc_type"] = assoc->assoc_type();
54	pout["assoc_handle"] = assoc->handle();
55	/* TODO: eventually remove deprecated stuff */
56	pout["issued"] = util::time_to_w3c(now);
57	pout["expiry"] = util::time_to_w3c(now+assoc->expires_in());
58	pout["expires_in"] = util::long_to_string(assoc->expires_in());
59	secret_t secret = assoc->secret();
60	switch(st) {
61	case sess_dh_sha1:
62	pout["session_type"] = "DH-SHA1";
63	pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key);
64	secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]);
65	break;
66	default:
67	secret.to_base64(pout["mac_key"]);
68	break;
69	}
70	}
71
72	void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
73	checkid_(mode_checkid_immediate,pin,return_to,pout,ext);
74	}
75
76	void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
77	checkid_(mode_checkid_setup,pin,return_to,pout,ext);
78	}
79
80	void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
81	if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup)
82	throw bad_input(OPKELE_CP_ "invalid checkid_* mode");
83	pout.clear();
84	assoc_t assoc;
85	try {
86	assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
87	}catch(failed_lookup& fl) {
88	// no handle specified or no valid handle found, going dumb
89	assoc = alloc_assoc(mode_checkid_setup);
90	if(pin.has_param("openid.assoc_handle"))
91	pout["invalidate_handle"]=pin.get_param("openid.assoc_handle");
92	}
93	string trust_root;
94	try {
95	trust_root = pin.get_param("openid.trust_root");
96	}catch(failed_lookup& fl) { }
97	string identity = pin.get_param("openid.identity");
98	return_to = pin.get_param("openid.return_to");
99	validate(*assoc,pin,identity,trust_root);
100	pout["mode"] = "id_res";
101	pout["assoc_handle"] = assoc->handle();
102	if(pin.has_param("openid.assoc_handle") && assoc->stateless())
103	pout["invalidate_handle"] = pin.get_param("openid.assoc_handle");
104	pout["identity"] = identity;
105	pout["return_to"] = return_to;
106	/* TODO: eventually remove deprecated stuff */
107	time_t now = time(0);
108	pout["issued"] = util::time_to_w3c(now);
109	pout["valid_to"] = util::time_to_w3c(now+120);
110	pout["exipres_in"] = "120";
111	pout["signed"]="mode,identity,return_to";
112	if(ext) ext->checkid_hook(pin,pout);
113	pout["sig"] = util::base64_signature(assoc,pout);
114	}
115
116	void server_t::check_authentication(const params_t& pin,params_t& pout) {
117	vector<unsigned char> sig;
118	const string& sigenc = pin.get_param("openid.sig");
119	util::decode_base64(sigenc,sig);
120	assoc_t assoc;
121	try {
122	assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
123	}catch(failed_lookup& fl) {
124	throw failed_assertion(OPKELE_CP_ "invalid handle or handle not specified");
125	}
126	if(!assoc->stateless())
127	throw stateful_handle(OPKELE_CP_ "will not do check_authentication on a stateful handle");
128	const string& slist = pin.get_param("openid.signed");
129	string kv;
130	string::size_type p =0;
131	while(true) {
132	string::size_type co = slist.find(',',p);
133	string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
134	kv += f;
135	kv += ':';
136	if(f=="mode")
137	kv += "id_res";
138	else {
139	f.insert(0,"openid.");
140	kv += pin.get_param(f);
141	}
142	kv += '\n';
143	if(co==string::npos)
144	break;
145	p = co+1;
146	}
147	secret_t secret = assoc->secret();
148	unsigned int md_len = 0;
149	unsigned char *md = HMAC(
150	EVP_sha1(),
151	&(secret.front()),secret.size(),
152	(const unsigned char *)kv.data(),kv.length(),
153	0,&md_len);
154	pout.clear();
155	if(sig.size()==md_len && !memcmp(&(sig.front()),md,md_len)) {
156	pout["is_valid"]="true";
157	pout["lifetime"]="60"; /* TODO: eventually remove deprecated stuff */
158	}else{
159	pout["is_valid"]="false";
160	pout["lifetime"]="0"; /* TODO: eventually remove deprecated stuff */
161	}
162	if(pin.has_param("openid.invalidate_handle")) {
163	string h = pin.get_param("openid.invalidate_handle");
164	try {
165	assoc_t tmp = retrieve_assoc(h);
166	}catch(invalid_handle& ih) {
167	pout["invalidate_handle"] = h;
168	}catch(failed_lookup& fl) { }
169	}
170	}
171
172	}