| -rw-r--r-- | lib/util.cc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/util.cc b/lib/util.cc index b85a377..bb8a2e8 100644 --- a/lib/util.cc +++ b/lib/util.cc | |||
| @@ -1,78 +1,80 @@ | |||
| 1 | #include <errno.h> | 1 | #include <errno.h> |
| 2 | #include <cassert> | 2 | #include <cassert> |
| 3 | #include <cctype> | 3 | #include <cctype> |
| 4 | #include <cstring> | 4 | #include <cstring> |
| 5 | #include <vector> | 5 | #include <vector> |
| 6 | #include <string> | 6 | #include <string> |
| 7 | #include <stack> | 7 | #include <stack> |
| 8 | #include <algorithm> | 8 | #include <algorithm> |
| 9 | #include <openssl/bio.h> | 9 | #include <openssl/bio.h> |
| 10 | #include <openssl/evp.h> | 10 | #include <openssl/evp.h> |
| 11 | #include <openssl/sha.h> | ||
| 11 | #include <openssl/hmac.h> | 12 | #include <openssl/hmac.h> |
| 12 | #include <curl/curl.h> | 13 | #include <curl/curl.h> |
| 13 | #include "opkele/util.h" | 14 | #include <opkele/util.h> |
| 14 | #include "opkele/exception.h" | 15 | #include <opkele/exception.h> |
| 16 | #include <opkele/debug.h> | ||
| 15 | 17 | ||
| 16 | #include <config.h> | 18 | #include <config.h> |
| 17 | #ifdef HAVE_DEMANGLE | 19 | #ifdef HAVE_DEMANGLE |
| 18 | # include <cxxabi.h> | 20 | # include <cxxabi.h> |
| 19 | #endif | 21 | #endif |
| 20 | 22 | ||
| 21 | namespace opkele { | 23 | namespace opkele { |
| 22 | using namespace std; | 24 | using namespace std; |
| 23 | 25 | ||
| 24 | namespace util { | 26 | namespace util { |
| 25 | 27 | ||
| 26 | /* | 28 | /* |
| 27 | * base64 | 29 | * base64 |
| 28 | */ | 30 | */ |
| 29 | string encode_base64(const void *data,size_t length) { | 31 | string encode_base64(const void *data,size_t length) { |
| 30 | BIO *b64 = 0, *bmem = 0; | 32 | BIO *b64 = 0, *bmem = 0; |
| 31 | try { | 33 | try { |
| 32 | b64 = BIO_new(BIO_f_base64()); | 34 | b64 = BIO_new(BIO_f_base64()); |
| 33 | if(!b64) | 35 | if(!b64) |
| 34 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); | 36 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); |
| 35 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); | 37 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
| 36 | bmem = BIO_new(BIO_s_mem()); | 38 | bmem = BIO_new(BIO_s_mem()); |
| 37 | BIO_set_flags(b64,BIO_CLOSE); | 39 | BIO_set_flags(b64,BIO_CLOSE); |
| 38 | if(!bmem) | 40 | if(!bmem) |
| 39 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); | 41 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); |
| 40 | BIO_push(b64,bmem); | 42 | BIO_push(b64,bmem); |
| 41 | if(((size_t)BIO_write(b64,data,length))!=length) | 43 | if(((size_t)BIO_write(b64,data,length))!=length) |
| 42 | throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); | 44 | throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); |
| 43 | if(BIO_flush(b64)!=1) | 45 | if(BIO_flush(b64)!=1) |
| 44 | throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); | 46 | throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); |
| 45 | char *rvd; | 47 | char *rvd; |
| 46 | long rvl = BIO_get_mem_data(bmem,&rvd); | 48 | long rvl = BIO_get_mem_data(bmem,&rvd); |
| 47 | string rv(rvd,rvl); | 49 | string rv(rvd,rvl); |
| 48 | BIO_free_all(b64); | 50 | BIO_free_all(b64); |
| 49 | return rv; | 51 | return rv; |
| 50 | }catch(...) { | 52 | }catch(...) { |
| 51 | if(b64) BIO_free_all(b64); | 53 | if(b64) BIO_free_all(b64); |
| 52 | throw; | 54 | throw; |
| 53 | } | 55 | } |
| 54 | } | 56 | } |
| 55 | 57 | ||
| 56 | void decode_base64(const string& data,vector<unsigned char>& rv) { | 58 | void decode_base64(const string& data,vector<unsigned char>& rv) { |
| 57 | BIO *b64 = 0, *bmem = 0; | 59 | BIO *b64 = 0, *bmem = 0; |
| 58 | rv.clear(); | 60 | rv.clear(); |
| 59 | try { | 61 | try { |
| 60 | bmem = BIO_new_mem_buf((void*)data.data(),data.size()); | 62 | bmem = BIO_new_mem_buf((void*)data.data(),data.size()); |
| 61 | if(!bmem) | 63 | if(!bmem) |
| 62 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()"); | 64 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()"); |
| 63 | b64 = BIO_new(BIO_f_base64()); | 65 | b64 = BIO_new(BIO_f_base64()); |
| 64 | if(!b64) | 66 | if(!b64) |
| 65 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder"); | 67 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder"); |
| 66 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); | 68 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
| 67 | BIO_push(b64,bmem); | 69 | BIO_push(b64,bmem); |
| 68 | unsigned char tmp[512]; | 70 | unsigned char tmp[512]; |
| 69 | size_t rb = 0; | 71 | size_t rb = 0; |
| 70 | while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0) | 72 | while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0) |
| 71 | rv.insert(rv.end(),tmp,&tmp[rb]); | 73 | rv.insert(rv.end(),tmp,&tmp[rb]); |
| 72 | BIO_free_all(b64); | 74 | BIO_free_all(b64); |
| 73 | }catch(...) { | 75 | }catch(...) { |
| 74 | if(b64) BIO_free_all(b64); | 76 | if(b64) BIO_free_all(b64); |
| 75 | throw; | 77 | throw; |
| 76 | } | 78 | } |
| 77 | } | 79 | } |
| 78 | 80 | ||
| @@ -359,74 +361,75 @@ namespace opkele { | |||
| 359 | string::size_type pu = nu.find("://"); | 361 | string::size_type pu = nu.find("://"); |
| 360 | assert(!(pr==string::npos || pu==string::npos)); | 362 | assert(!(pr==string::npos || pu==string::npos)); |
| 361 | pr += sizeof("://")-1; | 363 | pr += sizeof("://")-1; |
| 362 | pu += sizeof("://")-1; | 364 | pu += sizeof("://")-1; |
| 363 | if(!strncmp(nrealm.c_str()+pr,"*.",2)) { | 365 | if(!strncmp(nrealm.c_str()+pr,"*.",2)) { |
| 364 | pr = nrealm.find('.',pr); | 366 | pr = nrealm.find('.',pr); |
| 365 | pu = nu.find('.',pu); | 367 | pu = nu.find('.',pu); |
| 366 | assert(pr!=string::npos); | 368 | assert(pr!=string::npos); |
| 367 | if(pu==string::npos) | 369 | if(pu==string::npos) |
| 368 | return false; | 370 | return false; |
| 369 | // TODO: check for overgeneralized realm | 371 | // TODO: check for overgeneralized realm |
| 370 | } | 372 | } |
| 371 | string::size_type lr = nrealm.length(); | 373 | string::size_type lr = nrealm.length(); |
| 372 | string::size_type lu = nu.length(); | 374 | string::size_type lu = nu.length(); |
| 373 | if( (lu-pu) < (lr-pr) ) | 375 | if( (lu-pu) < (lr-pr) ) |
| 374 | return false; | 376 | return false; |
| 375 | pair<const char*,const char*> mp = mismatch( | 377 | pair<const char*,const char*> mp = mismatch( |
| 376 | nrealm.c_str()+pr,nrealm.c_str()+lr, | 378 | nrealm.c_str()+pr,nrealm.c_str()+lr, |
| 377 | nu.c_str()+pu); | 379 | nu.c_str()+pu); |
| 378 | if( (*(mp.first-1))!='/' | 380 | if( (*(mp.first-1))!='/' |
| 379 | && !strchr("/?#",*mp.second) ) | 381 | && !strchr("/?#",*mp.second) ) |
| 380 | return false; | 382 | return false; |
| 381 | return true; | 383 | return true; |
| 382 | } | 384 | } |
| 383 | 385 | ||
| 384 | string abi_demangle(const char *mn) { | 386 | string abi_demangle(const char *mn) { |
| 385 | #ifndef HAVE_DEMANGLE | 387 | #ifndef HAVE_DEMANGLE |
| 386 | return mn; | 388 | return mn; |
| 387 | #else /* !HAVE_DEMANGLE */ | 389 | #else /* !HAVE_DEMANGLE */ |
| 388 | int dstat; | 390 | int dstat; |
| 389 | char *demangled = abi::__cxa_demangle(mn,0,0,&dstat); | 391 | char *demangled = abi::__cxa_demangle(mn,0,0,&dstat); |
| 390 | if(dstat) | 392 | if(dstat) |
| 391 | return mn; | 393 | return mn; |
| 392 | string rv = demangled; | 394 | string rv = demangled; |
| 393 | free(demangled); | 395 | free(demangled); |
| 394 | return rv; | 396 | return rv; |
| 395 | #endif /* !HAVE_DEMANGLE */ | 397 | #endif /* !HAVE_DEMANGLE */ |
| 396 | } | 398 | } |
| 397 | 399 | ||
| 398 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { | 400 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { |
| 399 | const string& slist = om.get_field("signed"); | 401 | const string& slist = om.get_field("signed"); |
| 400 | string kv; | 402 | string kv; |
| 401 | string::size_type p=0; | 403 | string::size_type p=0; |
| 402 | while(true) { | 404 | while(true) { |
| 403 | string::size_type co = slist.find(',',p); | 405 | string::size_type co = slist.find(',',p); |
| 404 | string f = (co==string::npos) | 406 | string f = (co==string::npos) |
| 405 | ?slist.substr(p):slist.substr(p,co-p); | 407 | ?slist.substr(p):slist.substr(p,co-p); |
| 406 | kv += f; | 408 | kv += f; |
| 407 | kv += ':'; | 409 | kv += ':'; |
| 408 | kv += om.get_field(f); | 410 | kv += om.get_field(f); |
| 409 | kv += '\n'; | 411 | kv += '\n'; |
| 410 | if(co==string::npos) break; | 412 | if(co==string::npos) break; |
| 411 | p = co+1; | 413 | p = co+1; |
| 412 | } | 414 | } |
| 413 | const secret_t& secret = assoc->secret(); | 415 | const secret_t& secret = assoc->secret(); |
| 414 | const EVP_MD *evpmd; | 416 | const EVP_MD *evpmd; |
| 415 | const string& at = assoc->assoc_type(); | 417 | const string& at = assoc->assoc_type(); |
| 416 | if(at=="HMAC-SHA256") | 418 | if(at=="HMAC-SHA256") |
| 417 | evpmd = EVP_sha256(); | 419 | evpmd = EVP_sha256(); |
| 418 | else if(at=="HMAC-SHA1") | 420 | else if(at=="HMAC-SHA1") |
| 419 | evpmd = EVP_sha1(); | 421 | evpmd = EVP_sha1(); |
| 420 | else | 422 | else |
| 421 | throw unsupported(OPKELE_CP_ "unknown association type"); | 423 | throw unsupported(OPKELE_CP_ "unknown association type"); |
| 422 | unsigned int md_len = 0; | 424 | unsigned int md_len = 0; |
| 423 | unsigned char *md = HMAC(evpmd, | 425 | unsigned char md[SHA256_DIGEST_LENGTH]; |
| 426 | HMAC(evpmd, | ||
| 424 | &(secret.front()),secret.size(), | 427 | &(secret.front()),secret.size(), |
| 425 | (const unsigned char*)kv.data(),kv.length(), | 428 | (const unsigned char*)kv.data(),kv.length(), |
| 426 | 0,&md_len); | 429 | md,&md_len); |
| 427 | return encode_base64(md,md_len); | 430 | return encode_base64(md,md_len); |
| 428 | } | 431 | } |
| 429 | 432 | ||
| 430 | } | 433 | } |
| 431 | 434 | ||
| 432 | } | 435 | } |