summaryrefslogtreecommitdiffabout
path: root/lib
Unidiff
Diffstat (limited to 'lib') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_op.cc29
-rw-r--r--lib/basic_rp.cc10
-rw-r--r--lib/discovery.cc2
-rw-r--r--lib/expat.cc1
-rw-r--r--lib/extension.cc2
-rw-r--r--lib/openid_message.cc32
-rw-r--r--lib/prequeue_rp.cc4
-rw-r--r--lib/sreg.cc6
-rw-r--r--lib/verify_op.cc4
9 files changed, 44 insertions, 46 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index 18446dc..2d82147 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -57,27 +57,24 @@ namespace opkele {
57 void basic_OP::set_claimed_id(const string& c) { 57 void basic_OP::set_claimed_id(const string& c) {
58 claimed_id = c; 58 claimed_id = c;
59 } 59 }
60 60
61 basic_openid_message& basic_OP::associate( 61 basic_openid_message& basic_OP::associate(
62 basic_openid_message& oum, 62 basic_openid_message& oum,
63 const basic_openid_message& inm) try { 63 const basic_openid_message& inm) try {
64 assert(inm.get_field("mode")=="associate"); 64 assert(inm.get_field("mode")=="associate");
65 util::dh_t dh; 65 util::dh_t dh;
66 util::bignum_t c_pub; 66 util::bignum_t c_pub;
67 unsigned char key_digest[SHA256_DIGEST_LENGTH]; 67 unsigned char key_digest[SHA256_DIGEST_LENGTH];
68 size_t d_len = 0; 68 size_t d_len = 0;
69 enum {
70 sess_cleartext, sess_dh_sha1, sess_dh_sha256
71 } st = sess_cleartext;
72 string sts = inm.get_field("session_type"); 69 string sts = inm.get_field("session_type");
73 string ats = inm.get_field("assoc_type"); 70 string ats = inm.get_field("assoc_type");
74 if(sts=="DH-SHA1" || sts=="DH-SHA256") { 71 if(sts=="DH-SHA1" || sts=="DH-SHA256") {
75 if(!(dh = DH_new())) 72 if(!(dh = DH_new()))
76 throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); 73 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
77 c_pub = util::base64_to_bignum(inm.get_field("dh_consumer_public")); 74 c_pub = util::base64_to_bignum(inm.get_field("dh_consumer_public"));
78 try { dh->p = util::base64_to_bignum(inm.get_field("dh_modulus")); 75 try { dh->p = util::base64_to_bignum(inm.get_field("dh_modulus"));
79 }catch(failed_lookup&) { 76 }catch(failed_lookup&) {
80 dh->p = util::dec_to_bignum(data::_default_p); } 77 dh->p = util::dec_to_bignum(data::_default_p); }
81 try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen")); 78 try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen"));
82 }catch(failed_lookup&) { 79 }catch(failed_lookup&) {
83 dh->g = util::dec_to_bignum(data::_default_g); } 80 dh->g = util::dec_to_bignum(data::_default_g); }
@@ -89,64 +86,64 @@ namespace opkele {
89 if(cklen<0) 86 if(cklen<0)
90 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 87 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
91 if(cklen && (*ckptr)&0x80) { 88 if(cklen && (*ckptr)&0x80) {
92 (*(--ckptr)) = 0; ++cklen; } 89 (*(--ckptr)) = 0; ++cklen; }
93 if(sts=="DH-SHA1") { 90 if(sts=="DH-SHA1") {
94 SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH; 91 SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH;
95 }else if(sts=="DH-SHA256") { 92 }else if(sts=="DH-SHA256") {
96 SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH; 93 SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH;
97 }else 94 }else
98 throw internal_error(OPKELE_CP_ "I thought I knew the session type"); 95 throw internal_error(OPKELE_CP_ "I thought I knew the session type");
99 }else 96 }else
100 throw unsupported(OPKELE_CP_ "Unsupported session_type"); 97 throw unsupported(OPKELE_CP_ "Unsupported session_type");
101 assoc_t assoc; 98 assoc_t a;
102 if(ats=="HMAC-SHA1") 99 if(ats=="HMAC-SHA1")
103 assoc = alloc_assoc(ats,SHA_DIGEST_LENGTH,true); 100 a = alloc_assoc(ats,SHA_DIGEST_LENGTH,true);
104 else if(ats=="HMAC-SHA256") 101 else if(ats=="HMAC-SHA256")
105 assoc = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true); 102 a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true);
106 else 103 else
107 throw unsupported(OPKELE_CP_ "Unsupported assoc_type"); 104 throw unsupported(OPKELE_CP_ "Unsupported assoc_type");
108 oum.reset_fields(); 105 oum.reset_fields();
109 oum.set_field("ns",OIURI_OPENID20); 106 oum.set_field("ns",OIURI_OPENID20);
110 oum.set_field("assoc_type",assoc->assoc_type()); 107 oum.set_field("assoc_type",a->assoc_type());
111 oum.set_field("assoc_handle",assoc->handle()); 108 oum.set_field("assoc_handle",a->handle());
112 oum.set_field("expires_in",util::long_to_string(assoc->expires_in())); 109 oum.set_field("expires_in",util::long_to_string(assoc->expires_in()));
113 secret_t secret = assoc->secret(); 110 secret_t secret = a->secret();
114 if(sts=="DH-SHA1" || sts=="DH-SHA256") { 111 if(sts=="DH-SHA1" || sts=="DH-SHA256") {
115 if(d_len != secret.size()) 112 if(d_len != secret.size())
116 throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size"); 113 throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size");
117 oum.set_field("session_type",sts); 114 oum.set_field("session_type",sts);
118 oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key)); 115 oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key));
119 string b64; secret.enxor_to_base64(key_digest,b64); 116 string b64; secret.enxor_to_base64(key_digest,b64);
120 oum.set_field("enc_mac_key",b64); 117 oum.set_field("enc_mac_key",b64);
121 }else /* TODO: support cleartext over encrypted connection */ 118 }else /* TODO: support cleartext over encrypted connection */
122 throw unsupported(OPKELE_CP_ "Unsupported session type"); 119 throw unsupported(OPKELE_CP_ "Unsupported session type");
123 return oum; 120 return oum;
124 } catch(unsupported& u) { 121 } catch(unsupported& u) {
125 oum.reset_fields(); 122 oum.reset_fields();
126 oum.set_field("ns",OIURI_OPENID20); 123 oum.set_field("ns",OIURI_OPENID20);
127 oum.set_field("error",u.what()); 124 oum.set_field("error",u.what());
128 oum.set_field("error_code","unsupported-type"); 125 oum.set_field("error_code","unsupported-type");
129 oum.set_field("session_type","DH-SHA256"); 126 oum.set_field("session_type","DH-SHA256");
130 oum.set_field("assoc_type","HMAC-SHA256"); 127 oum.set_field("assoc_type","HMAC-SHA256");
131 return oum; 128 return oum;
132 } 129 }
133 130
134 void basic_OP::checkid_(const basic_openid_message& inm, 131 void basic_OP::checkid_(const basic_openid_message& inm,
135 extension_t *ext) { 132 extension_t *ext) {
136 reset_vars(); 133 reset_vars();
137 string mode = inm.get_field("mode"); 134 string modestr = inm.get_field("mode");
138 if(mode=="checkid_setup") 135 if(modestr=="checkid_setup")
139 mode = mode_checkid_setup; 136 mode = mode_checkid_setup;
140 else if(mode=="checkid_immediate") 137 else if(modestr=="checkid_immediate")
141 mode = mode_checkid_immediate; 138 mode = mode_checkid_immediate;
142 else 139 else
143 throw bad_input(OPKELE_CP_ "Invalid checkid_* mode"); 140 throw bad_input(OPKELE_CP_ "Invalid checkid_* mode");
144 try { 141 try {
145 assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); 142 assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle"));
146 invalidate_handle.clear(); 143 invalidate_handle.clear();
147 }catch(failed_lookup&) { } 144 }catch(failed_lookup&) { }
148 try { 145 try {
149 openid2 = (inm.get_field("ns")==OIURI_OPENID20); 146 openid2 = (inm.get_field("ns")==OIURI_OPENID20);
150 }catch(failed_lookup&) { openid2 = false; } 147 }catch(failed_lookup&) { openid2 = false; }
151 try { 148 try {
152 return_to = inm.get_field("return_to"); 149 return_to = inm.get_field("return_to");
@@ -229,32 +226,32 @@ namespace opkele {
229 om.set_field("sig",util::base64_signature(assoc,om)); 226 om.set_field("sig",util::base64_signature(assoc,om));
230 return om; 227 return om;
231 } 228 }
232 229
233 basic_openid_message& basic_OP::cancel(basic_openid_message& om) { 230 basic_openid_message& basic_OP::cancel(basic_openid_message& om) {
234 assert(!return_to.empty()); 231 assert(!return_to.empty());
235 om.set_field("ns",OIURI_OPENID20); 232 om.set_field("ns",OIURI_OPENID20);
236 om.set_field("mode","cancel"); 233 om.set_field("mode","cancel");
237 return om; 234 return om;
238 } 235 }
239 236
240 basic_openid_message& basic_OP::error(basic_openid_message& om, 237 basic_openid_message& basic_OP::error(basic_openid_message& om,
241 const string& error,const string& contact, 238 const string& err,const string& contact,
242 const string& reference ) { 239 const string& reference ) {
243 assert(!return_to.empty()); 240 assert(!return_to.empty());
244 om.set_field("ns",OIURI_OPENID20); 241 om.set_field("ns",OIURI_OPENID20);
245 om.set_field("mode","error"); 242 om.set_field("mode","error");
246 om.set_field("error",error); 243 om.set_field("error",err);
247 om.set_field("contact",contact); 244 if(!contact.empty()) om.set_field("contact",contact);
248 om.set_field("reference",reference); 245 if(!reference.empty()) om.set_field("reference",reference);
249 return om; 246 return om;
250 } 247 }
251 248
252 basic_openid_message& basic_OP::setup_needed( 249 basic_openid_message& basic_OP::setup_needed(
253 basic_openid_message& oum,const basic_openid_message& inm) { 250 basic_openid_message& oum,const basic_openid_message& inm) {
254 assert(mode==mode_checkid_immediate); 251 assert(mode==mode_checkid_immediate);
255 assert(!return_to.empty()); 252 assert(!return_to.empty());
256 if(openid2) { 253 if(openid2) {
257 oum.set_field("ns",OIURI_OPENID20); 254 oum.set_field("ns",OIURI_OPENID20);
258 oum.set_field("mode","setup_needed"); 255 oum.set_field("mode","setup_needed");
259 }else{ 256 }else{
260 oum.set_field("mode","id_res"); 257 oum.set_field("mode","id_res");
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index bd45d99..a0ad130 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -1,12 +1,13 @@
1#include <cassert>
1#include <openssl/sha.h> 2#include <openssl/sha.h>
2#include <openssl/hmac.h> 3#include <openssl/hmac.h>
3#include <opkele/basic_rp.h> 4#include <opkele/basic_rp.h>
4#include <opkele/exception.h> 5#include <opkele/exception.h>
5#include <opkele/uris.h> 6#include <opkele/uris.h>
6#include <opkele/data.h> 7#include <opkele/data.h>
7#include <opkele/util.h> 8#include <opkele/util.h>
8#include <opkele/curl.h> 9#include <opkele/curl.h>
9 10
10namespace opkele { 11namespace opkele {
11 12
12 static void dh_get_secret( 13 static void dh_get_secret(
@@ -16,25 +17,26 @@ namespace opkele {
16 size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*), 17 size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*),
17 size_t exp_s_len) try { 18 size_t exp_s_len) try {
18 if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess) 19 if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess)
19 throw bad_input(OPKELE_CP_ "Unexpected associate response"); 20 throw bad_input(OPKELE_CP_ "Unexpected associate response");
20 util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public")); 21 util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public"));
21 vector<unsigned char> ck(DH_size(dh)+1); 22 vector<unsigned char> ck(DH_size(dh)+1);
22 unsigned char *ckptr = &(ck.front())+1; 23 unsigned char *ckptr = &(ck.front())+1;
23 int cklen = DH_compute_key(ckptr,s_pub,dh); 24 int cklen = DH_compute_key(ckptr,s_pub,dh);
24 if(cklen<0) 25 if(cklen<0)
25 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 26 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
26 if(cklen && (*ckptr)&0x80) { 27 if(cklen && (*ckptr)&0x80) {
27 (*(--ckptr))=0; ++cklen; } 28 (*(--ckptr))=0; ++cklen; }
28 unsigned char key_digest[d_len]; 29 assert(d_len<=SHA256_DIGEST_LENGTH);
30 unsigned char key_digest[SHA256_DIGEST_LENGTH];
29 secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); 31 secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
30 if(secret.size()!=exp_s_len) 32 if(secret.size()!=exp_s_len)
31 throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); 33 throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
32 }catch(opkele::failed_lookup& ofl) { 34 }catch(opkele::failed_lookup& ofl) {
33 throw bad_input(OPKELE_CP_ "Incoherent response from OP"); 35 throw bad_input(OPKELE_CP_ "Incoherent response from OP");
34 } OPKELE_RETHROW 36 } OPKELE_RETHROW
35 37
36 static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) { 38 static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) {
37 util::curl_pick_t curl = util::curl_pick_t::easy_init(); 39 util::curl_pick_t curl = util::curl_pick_t::easy_init();
38 if(!curl) 40 if(!curl)
39 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 41 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
40 string request = inm.query_string(); 42 string request = inm.query_string();
@@ -69,34 +71,34 @@ namespace opkele {
69 req.set_field("dh_consumer_public",util::bignum_to_base64(dh->pub_key)); 71 req.set_field("dh_consumer_public",util::bignum_to_base64(dh->pub_key));
70 openid_message_t res; 72 openid_message_t res;
71 req.set_field("assoc_type","HMAC-SHA256"); 73 req.set_field("assoc_type","HMAC-SHA256");
72 req.set_field("session_type","DH-SHA256"); 74 req.set_field("session_type","DH-SHA256");
73 secret_t secret; 75 secret_t secret;
74 int expires_in; 76 int expires_in;
75 try { 77 try {
76 direct_request(res,req,OP); 78 direct_request(res,req,OP);
77 dh_get_secret( secret, res, 79 dh_get_secret( secret, res,
78 "HMAC-SHA256", "DH-SHA256", 80 "HMAC-SHA256", "DH-SHA256",
79 dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH ); 81 dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH );
80 expires_in = util::string_to_long(res.get_field("expires_in")); 82 expires_in = util::string_to_long(res.get_field("expires_in"));
81 }catch(exception& e) { 83 }catch(exception&) {
82 try { 84 try {
83 req.set_field("assoc_type","HMAC-SHA1"); 85 req.set_field("assoc_type","HMAC-SHA1");
84 req.set_field("session_type","DH-SHA1"); 86 req.set_field("session_type","DH-SHA1");
85 direct_request(res,req,OP); 87 direct_request(res,req,OP);
86 dh_get_secret( secret, res, 88 dh_get_secret( secret, res,
87 "HMAC-SHA1", "DH-SHA1", 89 "HMAC-SHA1", "DH-SHA1",
88 dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); 90 dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH );
89 expires_in = util::string_to_long(res.get_field("expires_in")); 91 expires_in = util::string_to_long(res.get_field("expires_in"));
90 }catch(bad_input& e) { 92 }catch(bad_input&) {
91 throw dumb_RP(OPKELE_CP_ "OP failed to supply an association"); 93 throw dumb_RP(OPKELE_CP_ "OP failed to supply an association");
92 } 94 }
93 } 95 }
94 return store_assoc( 96 return store_assoc(
95 OP, res.get_field("assoc_handle"), 97 OP, res.get_field("assoc_handle"),
96 res.get_field("assoc_type"), secret, 98 res.get_field("assoc_type"), secret,
97 expires_in ); 99 expires_in );
98 } 100 }
99 101
100 basic_openid_message& basic_RP::checkid_( 102 basic_openid_message& basic_RP::checkid_(
101 basic_openid_message& rv, 103 basic_openid_message& rv,
102 mode_t mode, 104 mode_t mode,
@@ -225,25 +227,25 @@ namespace opkele {
225 check_authentication(OP,om); 227 check_authentication(OP,om);
226 }catch(failed_check_authentication& fca) { 228 }catch(failed_check_authentication& fca) {
227 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 229 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
228 } OPKELE_RETHROW 230 } OPKELE_RETHROW
229 } 231 }
230 signed_part_message_proxy signeds(om); 232 signed_part_message_proxy signeds(om);
231 if(o2) { 233 if(o2) {
232 check_nonce(om.get_field("op_endpoint"), 234 check_nonce(om.get_field("op_endpoint"),
233 om.get_field("response_nonce")); 235 om.get_field("response_nonce"));
234 static const char *mustsign[] = { 236 static const char *mustsign[] = {
235 "op_endpoint", "return_to", "response_nonce", "assoc_handle", 237 "op_endpoint", "return_to", "response_nonce", "assoc_handle",
236 "claimed_id", "identity" }; 238 "claimed_id", "identity" };
237 for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { 239 for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) {
238 if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) 240 if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms]))
239 throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); 241 throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs");
240 } 242 }
241 if( ( 243 if( (
242 (om.has_field("claimed_id")?1:0) 244 (om.has_field("claimed_id")?1:0)
243 ^ 245 ^
244 (om.has_field("identity")?1:0) 246 (om.has_field("identity")?1:0)
245 )&1 ) 247 )&1 )
246 throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent"); 248 throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent");
247 249
248 string turl = util::rfc_3986_normalize_uri(get_this_url()); 250 string turl = util::rfc_3986_normalize_uri(get_this_url());
249 util::strip_uri_fragment_part(turl); 251 util::strip_uri_fragment_part(turl);
diff --git a/lib/discovery.cc b/lib/discovery.cc
index 6f58339..6f9926c 100644
--- a/lib/discovery.cc
+++ b/lib/discovery.cc
@@ -321,25 +321,25 @@ namespace opkele {
321 } 321 }
322 return bytes; 322 return bytes;
323 } 323 }
324 size_t header(void *p,size_t s,size_t nm) { 324 size_t header(void *p,size_t s,size_t nm) {
325 size_t bytes = s*nm; 325 size_t bytes = s*nm;
326 const char *h = (const char*)p; 326 const char *h = (const char*)p;
327 const char *colon = (const char*)memchr(p,':',bytes); 327 const char *colon = (const char*)memchr(p,':',bytes);
328 const char *space = (const char*)memchr(p,' ',bytes); 328 const char *space = (const char*)memchr(p,' ',bytes);
329 if(space && ( (!colon) || space<colon ) ) { 329 if(space && ( (!colon) || space<colon ) ) {
330 xrds_location.clear(); http_content_type.clear(); 330 xrds_location.clear(); http_content_type.clear();
331 }else if(colon) { 331 }else if(colon) {
332 const char *hv = ++colon; 332 const char *hv = ++colon;
333 int hnl = colon-h; 333 size_t hnl = colon-h;
334 int rb; 334 int rb;
335 for(rb = bytes-hnl-1;rb>0 && isspace(*hv);++hv,--rb); 335 for(rb = bytes-hnl-1;rb>0 && isspace(*hv);++hv,--rb);
336 while(rb>0 && isspace(hv[rb-1])) --rb; 336 while(rb>0 && isspace(hv[rb-1])) --rb;
337 if(rb) { 337 if(rb) {
338 if( (hnl>=sizeof(XRDS_HEADER)) 338 if( (hnl>=sizeof(XRDS_HEADER))
339 && !strncasecmp(h,XRDS_HEADER":", 339 && !strncasecmp(h,XRDS_HEADER":",
340 sizeof(XRDS_HEADER)) ) { 340 sizeof(XRDS_HEADER)) ) {
341 xrds_location.assign(hv,rb); 341 xrds_location.assign(hv,rb);
342 }else if( (hnl>=sizeof(CT_HEADER)) 342 }else if( (hnl>=sizeof(CT_HEADER))
343 && !strncasecmp(h,CT_HEADER":", 343 && !strncasecmp(h,CT_HEADER":",
344 sizeof(CT_HEADER)) ) { 344 sizeof(CT_HEADER)) ) {
345 const char *sc = (const char*)memchr( 345 const char *sc = (const char*)memchr(
diff --git a/lib/expat.cc b/lib/expat.cc
index fa6fdde..c4dab7e 100644
--- a/lib/expat.cc
+++ b/lib/expat.cc
@@ -4,24 +4,25 @@ namespace opkele {
4 4
5 namespace util { 5 namespace util {
6 6
7 expat_t::~expat_t() throw() { 7 expat_t::~expat_t() throw() {
8 if(_x) 8 if(_x)
9 XML_ParserFree(_x); 9 XML_ParserFree(_x);
10 } 10 }
11 11
12 expat_t& expat_t::operator=(XML_Parser x) { 12 expat_t& expat_t::operator=(XML_Parser x) {
13 if(_x) 13 if(_x)
14 XML_ParserFree(_x); 14 XML_ParserFree(_x);
15 _x = x; 15 _x = x;
16 return *this;
16 } 17 }
17 18
18 static void _start_element(void* ud,const XML_Char *n,const XML_Char **a) { 19 static void _start_element(void* ud,const XML_Char *n,const XML_Char **a) {
19 ((expat_t*)ud)->start_element(n,a); 20 ((expat_t*)ud)->start_element(n,a);
20 } 21 }
21 static void _end_element(void *ud,const XML_Char *n) { 22 static void _end_element(void *ud,const XML_Char *n) {
22 ((expat_t*)ud)->end_element(n); 23 ((expat_t*)ud)->end_element(n);
23 } 24 }
24 25
25 void expat_t::set_element_handler() { 26 void expat_t::set_element_handler() {
26 assert(_x); 27 assert(_x);
27 XML_SetElementHandler(_x,_start_element,_end_element); 28 XML_SetElementHandler(_x,_start_element,_end_element);
diff --git a/lib/extension.cc b/lib/extension.cc
index f7aaea5..0f121ca 100644
--- a/lib/extension.cc
+++ b/lib/extension.cc
@@ -2,25 +2,25 @@
2#include <opkele/extension.h> 2#include <opkele/extension.h>
3 3
4namespace opkele { 4namespace opkele {
5 5
6 void extension_t::rp_checkid_hook(basic_openid_message&) { 6 void extension_t::rp_checkid_hook(basic_openid_message&) {
7 throw not_implemented(OPKELE_CP_ "RP checkid_* hook not implemented"); } 7 throw not_implemented(OPKELE_CP_ "RP checkid_* hook not implemented"); }
8 void extension_t::rp_id_res_hook(const basic_openid_message&, 8 void extension_t::rp_id_res_hook(const basic_openid_message&,
9 const basic_openid_message&) { 9 const basic_openid_message&) {
10 throw not_implemented(OPKELE_CP_ "RP id_res hook not implemented"); } 10 throw not_implemented(OPKELE_CP_ "RP id_res hook not implemented"); }
11 11
12 void extension_t::op_checkid_hook(const basic_openid_message&) { 12 void extension_t::op_checkid_hook(const basic_openid_message&) {
13 throw not_implemented(OPKELE_CP_ "OP checkid_* hook not implemented"); } 13 throw not_implemented(OPKELE_CP_ "OP checkid_* hook not implemented"); }
14 void extension_t::op_id_res_hook(basic_openid_message& om) { 14 void extension_t::op_id_res_hook(basic_openid_message&) {
15 throw not_implemented(OPKELE_CP_ "OP id_res hook not implemented"); } 15 throw not_implemented(OPKELE_CP_ "OP id_res hook not implemented"); }
16 16
17 17
18 void extension_t::checkid_hook(basic_openid_message&) { 18 void extension_t::checkid_hook(basic_openid_message&) {
19 throw not_implemented(OPKELE_CP_ "deprecated consumer checkid_* hook not implemented"); } 19 throw not_implemented(OPKELE_CP_ "deprecated consumer checkid_* hook not implemented"); }
20 void extension_t::id_res_hook(const basic_openid_message&, 20 void extension_t::id_res_hook(const basic_openid_message&,
21 const basic_openid_message&) { 21 const basic_openid_message&) {
22 throw not_implemented(OPKELE_CP_ "deprecated consumer id_res hook not implemented"); } 22 throw not_implemented(OPKELE_CP_ "deprecated consumer id_res hook not implemented"); }
23 23
24 void extension_t::checkid_hook(const basic_openid_message&,basic_openid_message&) { 24 void extension_t::checkid_hook(const basic_openid_message&,basic_openid_message&) {
25 throw not_implemented(OPKELE_CP_ "deprecated server checkid hook not implemented"); } 25 throw not_implemented(OPKELE_CP_ "deprecated server checkid hook not implemented"); }
26} 26}
diff --git a/lib/openid_message.cc b/lib/openid_message.cc
index fdb4b04..521ea85 100644
--- a/lib/openid_message.cc
+++ b/lib/openid_message.cc
@@ -6,48 +6,48 @@
6 6
7#include "config.h" 7#include "config.h"
8 8
9namespace opkele { 9namespace opkele {
10 using std::input_iterator_tag; 10 using std::input_iterator_tag;
11 using std::unary_function; 11 using std::unary_function;
12 12
13 struct __om_copier : public unary_function<const string&,void> { 13 struct __om_copier : public unary_function<const string&,void> {
14 public: 14 public:
15 const basic_openid_message& from; 15 const basic_openid_message& from;
16 basic_openid_message& to; 16 basic_openid_message& to;
17 17
18 __om_copier(basic_openid_message& to,const basic_openid_message& from) 18 __om_copier(basic_openid_message& t,const basic_openid_message& f)
19 : from(from), to(to) { 19 : from(f), to(t) {
20 to.reset_fields(); 20 to.reset_fields();
21 } 21 }
22 22
23 result_type operator()(argument_type f) { 23 result_type operator()(argument_type f) {
24 to.set_field(f,from.get_field(f)); } 24 to.set_field(f,from.get_field(f)); }
25 }; 25 };
26 26
27 basic_openid_message::basic_openid_message(const basic_openid_message& x) { 27 basic_openid_message::basic_openid_message(const basic_openid_message& x) {
28 x.copy_to(*this); 28 x.copy_to(*this);
29 } 29 }
30 void basic_openid_message::copy_to(basic_openid_message& x) const { 30 void basic_openid_message::copy_to(basic_openid_message& x) const {
31 for_each(fields_begin(),fields_end(), 31 for_each(fields_begin(),fields_end(),
32 __om_copier(x,*this) ); 32 __om_copier(x,*this) );
33 } 33 }
34 34
35 struct __om_ns_finder : public unary_function<const string&,bool> { 35 struct __om_ns_finder : public unary_function<const string&,bool> {
36 public: 36 public:
37 const basic_openid_message& om; 37 const basic_openid_message& om;
38 const string& uri; 38 const string& uri;
39 39
40 __om_ns_finder(const basic_openid_message& om, 40 __om_ns_finder(const basic_openid_message& m,
41 const string& uri) : om(om), uri(uri) { } 41 const string& u) : om(m), uri(u) { }
42 42
43 result_type operator()(argument_type f) { 43 result_type operator()(argument_type f) {
44 return 44 return
45 (!strncmp(f.c_str(),"ns.",sizeof("ns.")-1)) 45 (!strncmp(f.c_str(),"ns.",sizeof("ns.")-1))
46 && om.get_field(f)==uri ; 46 && om.get_field(f)==uri ;
47 } 47 }
48 }; 48 };
49 49
50 bool basic_openid_message::has_ns(const string& uri) const { 50 bool basic_openid_message::has_ns(const string& uri) const {
51 fields_iterator ei = fields_end(); 51 fields_iterator ei = fields_end();
52 fields_iterator i = find_if(fields_begin(),fields_end(), 52 fields_iterator i = find_if(fields_begin(),fields_end(),
53 __om_ns_finder(*this,uri)); 53 __om_ns_finder(*this,uri));
@@ -56,34 +56,34 @@ namespace opkele {
56 string basic_openid_message::get_ns(const string& uri) const { 56 string basic_openid_message::get_ns(const string& uri) const {
57 fields_iterator ei = fields_end(); 57 fields_iterator ei = fields_end();
58 fields_iterator i = find_if(fields_begin(),fields_end(), 58 fields_iterator i = find_if(fields_begin(),fields_end(),
59 __om_ns_finder(*this,uri)); 59 __om_ns_finder(*this,uri));
60 if(i==ei) 60 if(i==ei)
61 throw failed_lookup(OPKELE_CP_ string("failed to find namespace ")+uri); 61 throw failed_lookup(OPKELE_CP_ string("failed to find namespace ")+uri);
62 return i->substr(3); 62 return i->substr(3);
63 } 63 }
64 64
65 struct __om_query_builder : public unary_function<const string&,void> { 65 struct __om_query_builder : public unary_function<const string&,void> {
66 public: 66 public:
67 const basic_openid_message& om; 67 const basic_openid_message& om;
68 string& rv;
69 bool first; 68 bool first;
69 string& rv;
70 70
71 __om_query_builder(string& rv,const basic_openid_message& om) 71 __om_query_builder(string& r,const basic_openid_message& m)
72 : om(om), first(true), rv(rv) { 72 : om(m), first(true), rv(r) {
73 for_each(om.fields_begin(),om.fields_end(),*this); 73 for_each(om.fields_begin(),om.fields_end(),*this);
74 } 74 }
75 __om_query_builder(string& rv,const basic_openid_message& om,const string& url) 75 __om_query_builder(string& r,const basic_openid_message& m,const string& u)
76 : om(om), first(true), rv(rv) { 76 : om(m), first(true), rv(r) {
77 rv = url; 77 rv = u;
78 if(rv.find('?')==string::npos) 78 if(rv.find('?')==string::npos)
79 rv += '?'; 79 rv += '?';
80 else 80 else
81 first = false; 81 first = false;
82 for_each(om.fields_begin(),om.fields_end(),*this); 82 for_each(om.fields_begin(),om.fields_end(),*this);
83 } 83 }
84 84
85 result_type operator()(argument_type f) { 85 result_type operator()(argument_type f) {
86 if(first) 86 if(first)
87 first = false; 87 first = false;
88 else 88 else
89 rv += '&'; 89 rv += '&';
@@ -96,28 +96,28 @@ namespace opkele {
96 string basic_openid_message::append_query(const string& url) const { 96 string basic_openid_message::append_query(const string& url) const {
97 string rv; 97 string rv;
98 return __om_query_builder(rv,*this,url).rv; 98 return __om_query_builder(rv,*this,url).rv;
99 } 99 }
100 string basic_openid_message::query_string() const { 100 string basic_openid_message::query_string() const {
101 string rv; 101 string rv;
102 return __om_query_builder(rv,*this).rv; 102 return __om_query_builder(rv,*this).rv;
103 } 103 }
104 104
105 void basic_openid_message::reset_fields() { 105 void basic_openid_message::reset_fields() {
106 throw not_implemented(OPKELE_CP_ "reset_fields() not implemented"); 106 throw not_implemented(OPKELE_CP_ "reset_fields() not implemented");
107 } 107 }
108 void basic_openid_message::set_field(const string& n,const string& v) { 108 void basic_openid_message::set_field(const string&,const string&) {
109 throw not_implemented(OPKELE_CP_ "set_field() not implemented"); 109 throw not_implemented(OPKELE_CP_ "set_field() not implemented");
110 } 110 }
111 void basic_openid_message::reset_field(const string& n) { 111 void basic_openid_message::reset_field(const string&) {
112 throw not_implemented(OPKELE_CP_ "reset_field() not implemented"); 112 throw not_implemented(OPKELE_CP_ "reset_field() not implemented");
113 } 113 }
114 114
115 void basic_openid_message::from_keyvalues(const string& kv) { 115 void basic_openid_message::from_keyvalues(const string& kv) {
116 reset_fields(); 116 reset_fields();
117 string::size_type p = 0; 117 string::size_type p = 0;
118 while(true) { 118 while(true) {
119 string::size_type co = kv.find(':',p); 119 string::size_type co = kv.find(':',p);
120 if(co==string::npos) 120 if(co==string::npos)
121 break; 121 break;
122#ifndef POSTELS_LAW 122#ifndef POSTELS_LAW
123 string::size_type nl = kv.find('\n',co+1); 123 string::size_type nl = kv.find('\n',co+1);
@@ -138,43 +138,43 @@ namespace opkele {
138 if(nolb==string::npos) 138 if(nolb==string::npos)
139 break; 139 break;
140 p = nolb; 140 p = nolb;
141#endif /* POSTELS_LAW */ 141#endif /* POSTELS_LAW */
142 } 142 }
143 } 143 }
144 144
145 struct __om_kv_outputter : public unary_function<const string&,void> { 145 struct __om_kv_outputter : public unary_function<const string&,void> {
146 public: 146 public:
147 const basic_openid_message& om; 147 const basic_openid_message& om;
148 ostream& os; 148 ostream& os;
149 149
150 __om_kv_outputter(const basic_openid_message& om,ostream& os) 150 __om_kv_outputter(const basic_openid_message& m,ostream& s)
151 : om(om), os(os) { } 151 : om(m), os(s) { }
152 152
153 result_type operator()(argument_type f) { 153 result_type operator()(argument_type f) {
154 os << f << ':' << om.get_field(f) << '\n'; 154 os << f << ':' << om.get_field(f) << '\n';
155 } 155 }
156 }; 156 };
157 157
158 void basic_openid_message::to_keyvalues(ostream& o) const { 158 void basic_openid_message::to_keyvalues(ostream& o) const {
159 for_each(fields_begin(),fields_end(),__om_kv_outputter(*this,o)); 159 for_each(fields_begin(),fields_end(),__om_kv_outputter(*this,o));
160 } 160 }
161 161
162 struct __om_html_outputter : public unary_function<const string&,void> { 162 struct __om_html_outputter : public unary_function<const string&,void> {
163 public: 163 public:
164 const basic_openid_message& om; 164 const basic_openid_message& om;
165 ostream& os; 165 ostream& os;
166 166
167 __om_html_outputter(const basic_openid_message& om,ostream& os) 167 __om_html_outputter(const basic_openid_message& m,ostream& s)
168 : om(om), os(os) { } 168 : om(m), os(s) { }
169 169
170 result_type operator()(argument_type f) { 170 result_type operator()(argument_type f) {
171 os << 171 os <<
172 "<input type=\"hidden\"" 172 "<input type=\"hidden\""
173 " name=\"" << util::attr_escape(f) << "\"" 173 " name=\"" << util::attr_escape(f) << "\""
174 " value=\"" << util::attr_escape(om.get_field(f)) << "\" />"; 174 " value=\"" << util::attr_escape(om.get_field(f)) << "\" />";
175 } 175 }
176 }; 176 };
177 177
178 void basic_openid_message::to_htmlhiddens(ostream& o) const { 178 void basic_openid_message::to_htmlhiddens(ostream& o) const {
179 for_each(fields_begin(),fields_end(),__om_html_outputter(*this,o)); 179 for_each(fields_begin(),fields_end(),__om_html_outputter(*this,o));
180 } 180 }
diff --git a/lib/prequeue_rp.cc b/lib/prequeue_rp.cc
index e242f87..3aa960f 100644
--- a/lib/prequeue_rp.cc
+++ b/lib/prequeue_rp.cc
@@ -46,36 +46,36 @@ namespace opkele {
46 try { 46 try {
47 idiscover(OP_verifier(OP,identity),claimed_id); 47 idiscover(OP_verifier(OP,identity),claimed_id);
48 throw id_res_unauthorized(OPKELE_CP_ 48 throw id_res_unauthorized(OPKELE_CP_
49 "OP is not authorized to make an assertion regarding the identity"); 49 "OP is not authorized to make an assertion regarding the identity");
50 }catch(__OP_verifier_good_input& ovgi) { 50 }catch(__OP_verifier_good_input& ovgi) {
51 } 51 }
52 } 52 }
53 53
54 class endpoint_queuer : public iterator<output_iterator_tag,openid_endpoint_t,void> { 54 class endpoint_queuer : public iterator<output_iterator_tag,openid_endpoint_t,void> {
55 public: 55 public:
56 prequeue_RP& rp; 56 prequeue_RP& rp;
57 57
58 endpoint_queuer(prequeue_RP& rp) : rp(rp) { } 58 endpoint_queuer(prequeue_RP& r) : rp(r) { }
59 59
60 endpoint_queuer& operator*() { return *this; } 60 endpoint_queuer& operator*() { return *this; }
61 endpoint_queuer& operator=(const openid_endpoint_t& oep) { 61 endpoint_queuer& operator=(const openid_endpoint_t& oep) {
62 rp.queue_endpoint(oep); return *this; } 62 rp.queue_endpoint(oep); return *this; }
63 63
64 endpoint_queuer& operator++() { return *this; } 64 endpoint_queuer& operator++() { return *this; }
65 endpoint_queuer& operator++(int) { return *this; } 65 endpoint_queuer& operator++(int) { return *this; }
66 }; 66 };
67 67
68 void prequeue_RP::initiate(const string& usi) { 68 void prequeue_RP::initiate(const string& usi) {
69 begin_queueing(); 69 begin_queueing();
70 set_normalized_id( idiscover(endpoint_queuer(*this),usi) ); 70 set_normalized_id( idiscover(endpoint_queuer(*this),usi) );
71 end_queueing(); 71 end_queueing();
72 } 72 }
73 73
74 void prequeue_RP::set_normalized_id(const string& nid) { 74 void prequeue_RP::set_normalized_id(const string&) {
75 } 75 }
76 76
77 const string prequeue_RP::get_normalized_id() const { 77 const string prequeue_RP::get_normalized_id() const {
78 throw not_implemented(OPKELE_CP_ "get_normalized_id() is not implemented"); 78 throw not_implemented(OPKELE_CP_ "get_normalized_id() is not implemented");
79 } 79 }
80 80
81} 81}
diff --git a/lib/sreg.cc b/lib/sreg.cc
index b40cd45..0bd4d2e 100644
--- a/lib/sreg.cc
+++ b/lib/sreg.cc
@@ -46,30 +46,28 @@ namespace opkele {
46 if(!policy_url.empty()) om.set_field(pfx+".policy_url",policy_url); 46 if(!policy_url.empty()) om.set_field(pfx+".policy_url",policy_url);
47 } 47 }
48 48
49 void sreg_t::checkid_hook(basic_openid_message& om) { 49 void sreg_t::checkid_hook(basic_openid_message& om) {
50 rp_checkid_hook(om); } 50 rp_checkid_hook(om); }
51 51
52 void sreg_t::rp_id_res_hook(const basic_openid_message& om, 52 void sreg_t::rp_id_res_hook(const basic_openid_message& om,
53 const basic_openid_message& sp) { 53 const basic_openid_message& sp) {
54 clear(); 54 clear();
55 string pfx; 55 string pfx;
56 try { 56 try {
57 pfx = om.find_ns(OIURI_SREG11,"sreg"); 57 pfx = om.find_ns(OIURI_SREG11,"sreg");
58 }catch(failed_lookup& fl) { 58 }catch(failed_lookup&) {
59 try { 59 try {
60 pfx = om.find_ns(OIURI_SREG10,"sreg"); 60 pfx = om.find_ns(OIURI_SREG10,"sreg");
61 }catch(failed_lookup& fl) { 61 }catch(failed_lookup&) { return; }
62 return;
63 }
64 } 62 }
65 pfx += '.'; 63 pfx += '.';
66 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { 64 for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
67 string fn = pfx; fn+=f->fieldname; 65 string fn = pfx; fn+=f->fieldname;
68 if(!sp.has_field(fn)) continue; 66 if(!sp.has_field(fn)) continue;
69 has_fields |= f->fieldbit; 67 has_fields |= f->fieldbit;
70 response[f->fieldbit]=sp.get_field(fn); 68 response[f->fieldbit]=sp.get_field(fn);
71 } 69 }
72 } 70 }
73 71
74 void sreg_t::id_res_hook(const basic_openid_message& om, 72 void sreg_t::id_res_hook(const basic_openid_message& om,
75 const basic_openid_message& sp) { 73 const basic_openid_message& sp) {
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
index ab21b4f..c493c12 100644
--- a/lib/verify_op.cc
+++ b/lib/verify_op.cc
@@ -6,39 +6,39 @@
6 6
7namespace opkele { 7namespace opkele {
8 using std::output_iterator_tag; 8 using std::output_iterator_tag;
9 9
10 class __RP_verifier_good_input : public exception { 10 class __RP_verifier_good_input : public exception {
11 public: 11 public:
12 __RP_verifier_good_input(OPKELE_E_PARS) 12 __RP_verifier_good_input(OPKELE_E_PARS)
13 : exception(OPKELE_E_CONS) { } 13 : exception(OPKELE_E_CONS) { }
14 }; 14 };
15 15
16 class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { 16 class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
17 public: 17 public:
18 int seen;
19 const string& return_to; 18 const string& return_to;
19 int seen;
20 20
21 RP_verifier(const string& rt) 21 RP_verifier(const string& rt)
22 : return_to(rt), seen(0) { } 22 : return_to(rt), seen(0) { }
23 23
24 RP_verifier& operator*() { return *this; } 24 RP_verifier& operator*() { return *this; }
25 RP_verifier& operator=(const openid_endpoint_t& oep) { 25 RP_verifier& operator=(const openid_endpoint_t& oep) {
26 if(util::uri_matches_realm(return_to,oep.uri)) 26 if(util::uri_matches_realm(return_to,oep.uri))
27 throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); 27 throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
28 return *this; 28 return *this;
29 } 29 }
30 30
31 RP_verifier& operator++() { ++seen; return *this; } 31 RP_verifier& operator++() { ++seen; return *this; }
32 RP_verifier& operator++(int) { +seen; return *this; } 32 RP_verifier& operator++(int) { ++seen; return *this; }
33 }; 33 };
34 34
35 void verify_OP::verify_return_to() { 35 void verify_OP::verify_return_to() {
36 basic_OP::verify_return_to(); 36 basic_OP::verify_return_to();
37 try { 37 try {
38 RP_verifier rpv(return_to); 38 RP_verifier rpv(return_to);
39 string drealm = realm; 39 string drealm = realm;
40 string::size_type csss = drealm.find("://*."); 40 string::size_type csss = drealm.find("://*.");
41 if(csss==4 || csss==5) 41 if(csss==4 || csss==5)
42 drealm.replace(csss+3,1,"www"); 42 drealm.replace(csss+3,1,"www");
43 const char *rtt[] = { STURI_OPENID20_RT, 0 }; 43 const char *rtt[] = { STURI_OPENID20_RT, 0 };
44 yadiscover(rpv,drealm,rtt,false); 44 yadiscover(rpv,drealm,rtt,false);