3 files changed, 300 insertions, 8 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 20d15b8..6b1fad6 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,34 +1,37 @@
 lib_LTLIBRARIES = libopkele.la
 AM_CPPFLAGS = ${CPPFLAGS_DEBUG}
 DEFAULT_INCLUDES = -I${top_builddir}
 INCLUDES = \
           -I${top_builddir}/include/ -I${top_srcdir}/include/ \
           ${KONFORKA_CFLAGS} \
           ${OPENSSL_CFLAGS} \
           ${LIBCURL_CPPFLAGS} \
-           ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}
+           ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS} \
+           ${UUID_CFLAGS}
 libopkele_la_LIBADD = \
        ${LIBCURL} \
        ${PCRE_LIBS} ${EXPAT_LIBS} \
        ${OPENSSL_LIBS} \
-        ${KONFORKA_LIBS} ${TIDY_LIBS}
+        ${KONFORKA_LIBS} ${TIDY_LIBS} \
+        ${UUID_LIBS}
 libopkele_la_SOURCES = \
                       params.cc \
                       util.cc \
                       server.cc \
                       secret.cc \
                       data.cc \
                       consumer.cc \
                       exception.cc \
                       extension.cc \
                       sreg.cc \
                       extension_chain.cc \
                       curl.cc expat.cc \
                       discovery.cc \
                       basic_rp.cc prequeue_rp.cc \
                       fields.cc message.cc \
-                       basic_op.cc verify_op.cc
+                       basic_op.cc verify_op.cc \
+                       oauth-consumer.cc
 libopkele_la_LDFLAGS = \
        -version-info 2:0:0
diff --git a/lib/fields.cc b/lib/fields.cc
index d494098..916b603 100644
--- a/lib/fields.cc
+++ b/lib/fields.cc
@@ -34,30 +34,34 @@ namespace opkele {
        public:
            const basic_fields& om;
            bool first;
            string& rv;
            const char *pfx;
            __om_query_builder(const char *p,string& r,const basic_fields& m)
                : om(m), first(true), rv(r), pfx(p) {
                    for_each(om.fields_begin(),om.fields_end(),*this);
                }
            __om_query_builder(const char *p,string& r,const basic_fields& m,const string& u)
                : om(m), first(true), rv(r), pfx(p) {
+                    basic_fields::fields_iterator i=om.fields_begin(),
+                        ie=om.fields_end();
                    rv = u;
-                    if(rv.find('?')==string::npos)
+                    if(i!=ie) {
-                        rv += '?';
+                        if(rv.find('?')==string::npos)
-                    else
+                            rv += '?';
-                        first = false;
+                        else
-                    for_each(om.fields_begin(),om.fields_end(),*this);
+                            first = false;
+                        for_each(i,ie,*this);
+                    }
                }
            result_type operator()(argument_type f) {
                if(first)
                    first = false;
                else
                    rv += '&';
                if(pfx) rv += pfx;
                rv+= f;
                rv += '=';
                rv += util::url_encode(om.get_field(f));
            }
@@ -73,14 +77,59 @@ namespace opkele {
    }
    void basic_fields::reset_fields() {
        throw not_implemented(OPKELE_CP_ "reset_fields() not implemented");
    }
    void basic_fields::set_field(const string&,const string&) {
        throw not_implemented(OPKELE_CP_ "set_field() not implemented");
    }
    void basic_fields::reset_field(const string&) {
        throw not_implemented(OPKELE_CP_ "reset_field() not implemented");
    }
+    void basic_fields::from_query(const string& qs) {
+        for(string::size_type p=0,np;;p=np+1) {
+            np = qs.find('&',p);
+            string::size_type eq = qs.find('=',p);
+            if(eq==string::npos) break;
+            if(np==string::npos) {
+                set_field(
+                        util::url_decode(qs.substr(p,eq-p)),
+                        util::url_decode(qs.substr(eq+1)) );
+                break;
+            }else if(eq<np) {
+                set_field(
+                        util::url_decode(qs.substr(p,eq-p)),
+                        util::url_decode(qs.substr(eq+1,np-eq-1)) );
+            }
+        }
+    }
+    bool fields_t::has_field(const string& n) const {
+        return find(n)!=end();
+    }
+    const string& fields_t::get_field(const string& n) const {
+        const_iterator i=find(n);
+        if(i==end())
+            throw failed_lookup(OPKELE_CP_ n+": no such field");
+        return i->second;
+    }
+    fields_t::fields_iterator fields_t::fields_begin() const {
+        return util::map_keys_iterator<const_iterator,string,const string&,const string*>(begin(),end());
+    }
+    fields_t::fields_iterator fields_t::fields_end() const {
+        return util::map_keys_iterator<const_iterator,string,const string&,const string*>(end(),end());
+    }
+    void fields_t::reset_fields() {
+        clear();
+    }
+    void fields_t::set_field(const string& n,const string& v) {
+        (*this)[n]=v;
+    }
+    void fields_t::reset_field(const string& n) {
+        erase(n);
+    }
 }
diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc
new file mode 100644
index 0000000..d717ed3
--- a/dev/null
+++ b/lib/oauth-consumer.cc
@@ -0,0 +1,240 @@
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <opkele/oauth/consumer.h>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/curl.h>
+#include <opkele/debug.h>
+#include "config.h"
+#ifdef HAVE_LIBUUID
+# include <uuid/uuid.h>
+#endif
+namespace opkele {
+    namespace oauth {
+        const service_endpoint_t&
+            simple_provider_endpoints::get_request_token_endpoint() const {
+            return sep_request_token; }
+        const service_endpoint_t&
+            simple_provider_endpoints::get_authorize_user_endpoint() const {
+            return sep_authorize_user; }
+        const service_endpoint_t&
+            simple_provider_endpoints::get_access_token_endpoint() const {
+            return sep_access_token; }
+        service_endpoint_t&
+            simple_provider_endpoints::get_url_endpoint(service_endpoint_t& sep,
+                    const string& url) const {
+            sep = sep_generic;
+            sep.url = url;
+            return sep; }
+        token_t basic_consumer::get_request_token() {
+            return acquire_token(get_endpoints().get_request_token_endpoint());
+        }
+        const string basic_consumer::get_authorize_url(const token_t& rt,const string& callback) {
+            fields_t f;
+            f.set_field("oauth_token",rt.key);
+            if(!callback.empty())
+                f.set_field("oauth_callback",callback);
+            return f.append_query(
+                    get_endpoints().get_authorize_user_endpoint().url );
+        }
+        token_t basic_consumer::get_access_token(const token_t& rt) {
+            return acquire_token(get_endpoints().get_access_token_endpoint(),&rt);
+        }
+        const string basic_consumer::signature(
+                const string& method, const string& url,
+                const basic_fields& fields,
+                const token_t* at) {
+            if(fields.get_field("oauth_signature_method")!="HMAC-SHA1")
+                throw opkele::not_implemented(OPKELE_CP_
+                        "only HMAC-SHA1 signature is implemented");
+            string key = util::url_encode(consumer_token.secret);
+            key += '&';
+            if(at)
+                key += util::url_encode(at->secret);
+            /* TODO: do not build the whole subject */
+            string subject = method;
+            subject += '&';
+            string u = util::rfc_3986_normalize_uri(url);
+            string::size_type uco = u.find_first_of("#?");
+            if(uco!=string::npos) u.erase(uco);
+            subject += util::url_encode(u);
+            subject += '&';
+            subject += util::url_encode( fields.query_string() );
+            unsigned char md[SHA_DIGEST_LENGTH];
+            unsigned int md_len = 0;
+            HMAC( EVP_sha1(),
+                    key.c_str(),key.size(),
+                    (const unsigned char *)subject.c_str(),subject.size(),
+                    md,&md_len );
+            assert(md_len==sizeof(md));
+            return util::encode_base64(md,md_len);
+        }
+        static void noquerize_url(string& url,const string& sepurl,basic_fields& f) {
+            string::size_type q = sepurl.find('?'),
+                p = sepurl.find('#');
+            if(q==string::npos) {
+                url = sepurl.substr(0,p);
+            }else{
+                fields_t tmp;
+                tmp.from_query(sepurl.substr(
+                            q+1,
+                            (p==string::npos)?string::npos:(p-q-q)));
+                tmp.append_to(f);
+                url = sepurl.substr(0,(p==string::npos)?q:min(p,q));
+            }
+        }
+        token_t basic_consumer::acquire_token(
+                const service_endpoint_t& sep,
+                const token_t* rt) {
+            util::curl_pick_t curl = util::curl_t::easy_init();
+            CURLcode r;
+            (r=curl.misc_sets())
+                || (r=curl.set_write());
+            if(r)
+                throw exception_curl(OPKELE_CP_ "failed to set basic curly options",r);
+            http_request_t hr(
+                    (sep.oauth_method==oauth_post_body)?"POST":"GET",
+                    "");
+            fields_t uq;
+            noquerize_url(hr.url,sep.url,uq);
+            prepare_request(hr,uq,fields_t(),sep,rt);
+            switch(sep.oauth_method) {
+                case oauth_auth_header:
+                    throw opkele::not_implemented(OPKELE_CP_
+                            "auth header for token acquisition isn't (yet?) supported");
+                    break;
+                case oauth_post_body:
+                    (r=curl.easy_setopt(CURLOPT_POST,1))
+                        || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str()))
+                        || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size()));
+                    break;
+                case oauth_url_query:
+                    break;
+                default:
+                    throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
+                            "invalid oauth_method for request_token endpoint");
+            };
+            if(r)
+                throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
+            if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) )
+                throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
+            if( (r=curl.easy_perform()) )
+                throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
+            token_t rv;
+            string::size_type p=0;
+            while(p!=string::npos) {
+                string::size_type np = curl.response.find('&',p);
+                string part;
+                if(np==string::npos) {
+                    part.assign(curl.response.c_str()+p); p = string::npos;
+                }else{
+                    part.assign(curl.response,p,np-p); p = np+1;
+                }
+                string::size_type eq = part.find('=');
+                if(eq==string::npos) continue;
+                string n(part,0,eq);
+                if(n=="oauth_token") {
+                    if(!rv.key.empty()) /* TODO: specialize */
+                        throw opkele::exception(OPKELE_CP_ "found oauth_token twice");
+                    rv.key = util::url_decode(part.substr(eq+1));
+                }else if(n=="oauth_token_secret") {
+                    if(!rv.secret.empty()) /* TODO: specialize */
+                        throw opkele::exception(OPKELE_CP_ "found oauth_secret twice");
+                    rv.secret = util::url_decode(part.substr(eq+1));
+                }
+            }
+            return rv;
+        }
+        void basic_consumer::prepare_request(
+                http_request_t& req,
+                const basic_fields& qf,const basic_fields& pf,
+                oauth_method_t om,const string& sm,
+                const token_t *t,const string& realm) {
+            fields_t op;
+            op.set_field("oauth_consumer_key",consumer_token.key);
+            if(t) op.set_field("oauth_token",t->key);
+            op.set_field("oauth_signature_method",sm);
+            time_t now;
+            op.set_field("oauth_timestamp",
+                    util::long_to_string(time(&now)));
+            op.set_field("oauth_nonce",allocate_nonce(now));
+            op.set_field("oauth_version","1.0");
+            /* TODO: normalize and strip down url */
+            {
+                fields_t af; /* TODO: optimize, I don't want it to be copied */
+                qf.copy_to(af); pf.append_to(af); op.append_to(af);
+                op.set_field("oauth_signature", signature(
+                            req.method,req.url,af,t) );
+            }
+            req.authorize_header.clear();
+            if(om==oauth_auth_header) {
+                req.authorize_header = "OAuth ";
+                req.authorize_header += "realm=\"";
+                req.authorize_header += util::url_encode(realm);
+                req.authorize_header += '\"';
+                for(basic_fields::fields_iterator
+                        i=op.fields_begin(),ie=op.fields_end();
+                        i!=ie;++i) {
+                    req.authorize_header += ", ";
+                    req.authorize_header += *i;
+                    req.authorize_header += "=\"";
+                    req.authorize_header += util::url_encode(op.get_field(*i));
+                    req.authorize_header += "\"";
+                }
+                req.url = qf.append_query(req.url);
+                req.body = pf.query_string();
+            }else if(om==oauth_post_body) {
+                assert(req.method=="POST");
+                /* TODO: optimize, don't copy it over and over */
+                fields_t p;
+                pf.append_to(p); op.append_to(p);
+                req.url = qf.append_query(req.url);
+                req.body = p.query_string();
+            }else if(om==oauth_url_query) {
+                fields_t q;
+                qf.append_to(q); op.append_to(q);
+                req.url = q.append_query(req.url);
+                req.body = pf.query_string();
+            }else
+                throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
+                        "Unknown oauth method");
+        }
+        void basic_consumer::prepare_request(
+                http_request_t& req,
+                const basic_fields& qf,const basic_fields& pf,
+                const service_endpoint_t& sep,
+                const token_t *t,const string& realm) {
+            prepare_request(
+                    req, qf, pf,
+                    sep.oauth_method,sep.signature_method,
+                    t,realm);
+        }
+        const basic_provider_endpoints& simple_consumer::get_endpoints() const {
+            return peps; }
+        const string simple_consumer::allocate_nonce(time_t ts) {
+#           ifndef HAVE_LIBUUID
+                throw opkele::not_implemented(OPKELE_CP_
+                        "not implemented consumer's allocate_nonce()");
+#           else /* HAVE_LIBUUID */
+                uuid_t uuid; uuid_generate(uuid);
+                return util::encode_base64(uuid,sizeof(uuid));
+#           endif /* HAVE_LIBUUID */
+        }
+    }
+}

diff --git a/lib/Makefile.am b/lib/Makefile.am index 20d15b8..6b1fad6 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am
@@ -1,34 +1,37 @@
1	lib_LTLIBRARIES = libopkele.la	1	lib_LTLIBRARIES = libopkele.la
2		2
3	AM_CPPFLAGS = ${CPPFLAGS_DEBUG}	3	AM_CPPFLAGS = ${CPPFLAGS_DEBUG}
4	DEFAULT_INCLUDES = -I${top_builddir}	4	DEFAULT_INCLUDES = -I${top_builddir}
5	INCLUDES = \	5	INCLUDES = \
6	-I${top_builddir}/include/ -I${top_srcdir}/include/ \	6	-I${top_builddir}/include/ -I${top_srcdir}/include/ \
7	${KONFORKA_CFLAGS} \	7	${KONFORKA_CFLAGS} \
8	${OPENSSL_CFLAGS} \	8	${OPENSSL_CFLAGS} \
9	${LIBCURL_CPPFLAGS} \	9	${LIBCURL_CPPFLAGS} \
10	${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}	10	${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS} \
		11	${UUID_CFLAGS}
11	libopkele_la_LIBADD = \	12	libopkele_la_LIBADD = \
12	${LIBCURL} \	13	${LIBCURL} \
13	${PCRE_LIBS} ${EXPAT_LIBS} \	14	${PCRE_LIBS} ${EXPAT_LIBS} \
14	${OPENSSL_LIBS} \	15	${OPENSSL_LIBS} \
15	${KONFORKA_LIBS} ${TIDY_LIBS}	16	${KONFORKA_LIBS} ${TIDY_LIBS} \
		17	${UUID_LIBS}
16		18
17	libopkele_la_SOURCES = \	19	libopkele_la_SOURCES = \
18	params.cc \	20	params.cc \
19	util.cc \	21	util.cc \
20	server.cc \	22	server.cc \
21	secret.cc \	23	secret.cc \
22	data.cc \	24	data.cc \
23	consumer.cc \	25	consumer.cc \
24	exception.cc \	26	exception.cc \
25	extension.cc \	27	extension.cc \
26	sreg.cc \	28	sreg.cc \
27	extension_chain.cc \	29	extension_chain.cc \
28	curl.cc expat.cc \	30	curl.cc expat.cc \
29	discovery.cc \	31	discovery.cc \
30	basic_rp.cc prequeue_rp.cc \	32	basic_rp.cc prequeue_rp.cc \
31	fields.cc message.cc \	33	fields.cc message.cc \
32	basic_op.cc verify_op.cc	34	basic_op.cc verify_op.cc \
		35	oauth-consumer.cc
33	libopkele_la_LDFLAGS = \	36	libopkele_la_LDFLAGS = \
34	-version-info 2:0:0	37	-version-info 2:0:0


diff --git a/lib/fields.cc b/lib/fields.cc index d494098..916b603 100644 --- a/lib/fields.cc +++ b/lib/fields.cc
@@ -34,30 +34,34 @@ namespace opkele {
34	public:	34	public:
35	const basic_fields& om;	35	const basic_fields& om;
36	bool first;	36	bool first;
37	string& rv;	37	string& rv;
38	const char *pfx;	38	const char *pfx;
39		39
40	__om_query_builder(const char *p,string& r,const basic_fields& m)	40	__om_query_builder(const char *p,string& r,const basic_fields& m)
41	: om(m), first(true), rv(r), pfx(p) {	41	: om(m), first(true), rv(r), pfx(p) {
42	for_each(om.fields_begin(),om.fields_end(),*this);	42	for_each(om.fields_begin(),om.fields_end(),*this);
43	}	43	}
44	__om_query_builder(const char *p,string& r,const basic_fields& m,const string& u)	44	__om_query_builder(const char *p,string& r,const basic_fields& m,const string& u)
45	: om(m), first(true), rv(r), pfx(p) {	45	: om(m), first(true), rv(r), pfx(p) {
		46	basic_fields::fields_iterator i=om.fields_begin(),
		47	ie=om.fields_end();
46	rv = u;	48	rv = u;
47	if(rv.find('?')==string::npos)	49	if(i!=ie) {
48	rv += '?';	50	if(rv.find('?')==string::npos)
49	else	51	rv += '?';
50	first = false;	52	else
51	for_each(om.fields_begin(),om.fields_end(),*this);	53	first = false;
		54	for_each(i,ie,*this);
		55	}
52	}	56	}
53		57
54	result_type operator()(argument_type f) {	58	result_type operator()(argument_type f) {
55	if(first)	59	if(first)
56	first = false;	60	first = false;
57	else	61	else
58	rv += '&';	62	rv += '&';
59	if(pfx) rv += pfx;	63	if(pfx) rv += pfx;
60	rv+= f;	64	rv+= f;
61	rv += '=';	65	rv += '=';
62	rv += util::url_encode(om.get_field(f));	66	rv += util::url_encode(om.get_field(f));
63	}	67	}
@@ -73,14 +77,59 @@ namespace opkele {
73	}	77	}
74		78
75	void basic_fields::reset_fields() {	79	void basic_fields::reset_fields() {
76	throw not_implemented(OPKELE_CP_ "reset_fields() not implemented");	80	throw not_implemented(OPKELE_CP_ "reset_fields() not implemented");
77	}	81	}
78	void basic_fields::set_field(const string&,const string&) {	82	void basic_fields::set_field(const string&,const string&) {
79	throw not_implemented(OPKELE_CP_ "set_field() not implemented");	83	throw not_implemented(OPKELE_CP_ "set_field() not implemented");
80	}	84	}
81	void basic_fields::reset_field(const string&) {	85	void basic_fields::reset_field(const string&) {
82	throw not_implemented(OPKELE_CP_ "reset_field() not implemented");	86	throw not_implemented(OPKELE_CP_ "reset_field() not implemented");
83	}	87	}
84		88
		89	void basic_fields::from_query(const string& qs) {
		90	for(string::size_type p=0,np;;p=np+1) {
		91	np = qs.find('&',p);
		92	string::size_type eq = qs.find('=',p);
		93	if(eq==string::npos) break;
		94	if(np==string::npos) {
		95	set_field(
		96	util::url_decode(qs.substr(p,eq-p)),
		97	util::url_decode(qs.substr(eq+1)) );
		98	break;
		99	}else if(eq<np) {
		100	set_field(
		101	util::url_decode(qs.substr(p,eq-p)),
		102	util::url_decode(qs.substr(eq+1,np-eq-1)) );
		103	}
		104	}
		105	}
		106
		107
		108	bool fields_t::has_field(const string& n) const {
		109	return find(n)!=end();
		110	}
		111	const string& fields_t::get_field(const string& n) const {
		112	const_iterator i=find(n);
		113	if(i==end())
		114	throw failed_lookup(OPKELE_CP_ n+": no such field");
		115	return i->second;
		116	}
		117
		118	fields_t::fields_iterator fields_t::fields_begin() const {
		119	return util::map_keys_iterator<const_iterator,string,const string&,const string*>(begin(),end());
		120	}
		121	fields_t::fields_iterator fields_t::fields_end() const {
		122	return util::map_keys_iterator<const_iterator,string,const string&,const string*>(end(),end());
		123	}
		124
		125	void fields_t::reset_fields() {
		126	clear();
		127	}
		128	void fields_t::set_field(const string& n,const string& v) {
		129	(*this)[n]=v;
		130	}
		131	void fields_t::reset_field(const string& n) {
		132	erase(n);
		133	}
85		134
86	}	135	}


diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc new file mode 100644 index 0000000..d717ed3 --- a/dev/null +++ b/lib/oauth-consumer.cc
@@ -0,0 +1,240 @@
		1	#include <openssl/sha.h>
		2	#include <openssl/evp.h>
		3	#include <openssl/hmac.h>
		4	#include <opkele/oauth/consumer.h>
		5	#include <opkele/exception.h>
		6	#include <opkele/util.h>
		7	#include <opkele/curl.h>
		8	#include <opkele/debug.h>
		9
		10	#include "config.h"
		11	#ifdef HAVE_LIBUUID
		12	# include <uuid/uuid.h>
		13	#endif
		14
		15	namespace opkele {
		16	namespace oauth {
		17
		18	const service_endpoint_t&
		19	simple_provider_endpoints::get_request_token_endpoint() const {
		20	return sep_request_token; }
		21	const service_endpoint_t&
		22	simple_provider_endpoints::get_authorize_user_endpoint() const {
		23	return sep_authorize_user; }
		24	const service_endpoint_t&
		25	simple_provider_endpoints::get_access_token_endpoint() const {
		26	return sep_access_token; }
		27	service_endpoint_t&
		28	simple_provider_endpoints::get_url_endpoint(service_endpoint_t& sep,
		29	const string& url) const {
		30	sep = sep_generic;
		31	sep.url = url;
		32	return sep; }
		33
		34	token_t basic_consumer::get_request_token() {
		35	return acquire_token(get_endpoints().get_request_token_endpoint());
		36	}
		37
		38	const string basic_consumer::get_authorize_url(const token_t& rt,const string& callback) {
		39	fields_t f;
		40	f.set_field("oauth_token",rt.key);
		41	if(!callback.empty())
		42	f.set_field("oauth_callback",callback);
		43	return f.append_query(
		44	get_endpoints().get_authorize_user_endpoint().url );
		45	}
		46
		47	token_t basic_consumer::get_access_token(const token_t& rt) {
		48	return acquire_token(get_endpoints().get_access_token_endpoint(),&rt);
		49	}
		50
		51	const string basic_consumer::signature(
		52	const string& method, const string& url,
		53	const basic_fields& fields,
		54	const token_t* at) {
		55	if(fields.get_field("oauth_signature_method")!="HMAC-SHA1")
		56	throw opkele::not_implemented(OPKELE_CP_
		57	"only HMAC-SHA1 signature is implemented");
		58	string key = util::url_encode(consumer_token.secret);
		59	key += '&';
		60	if(at)
		61	key += util::url_encode(at->secret);
		62	/* TODO: do not build the whole subject */
		63	string subject = method;
		64	subject += '&';
		65	string u = util::rfc_3986_normalize_uri(url);
		66	string::size_type uco = u.find_first_of("#?");
		67	if(uco!=string::npos) u.erase(uco);
		68	subject += util::url_encode(u);
		69	subject += '&';
		70	subject += util::url_encode( fields.query_string() );
		71	unsigned char md[SHA_DIGEST_LENGTH];
		72	unsigned int md_len = 0;
		73	HMAC( EVP_sha1(),
		74	key.c_str(),key.size(),
		75	(const unsigned char *)subject.c_str(),subject.size(),
		76	md,&md_len );
		77	assert(md_len==sizeof(md));
		78	return util::encode_base64(md,md_len);
		79	}
		80
		81	static void noquerize_url(string& url,const string& sepurl,basic_fields& f) {
		82	string::size_type q = sepurl.find('?'),
		83	p = sepurl.find('#');
		84	if(q==string::npos) {
		85	url = sepurl.substr(0,p);
		86	}else{
		87	fields_t tmp;
		88	tmp.from_query(sepurl.substr(
		89	q+1,
		90	(p==string::npos)?string::npos:(p-q-q)));
		91	tmp.append_to(f);
		92	url = sepurl.substr(0,(p==string::npos)?q:min(p,q));
		93	}
		94	}
		95
		96	token_t basic_consumer::acquire_token(
		97	const service_endpoint_t& sep,
		98	const token_t* rt) {
		99	util::curl_pick_t curl = util::curl_t::easy_init();
		100	CURLcode r;
		101	(r=curl.misc_sets())
		102	\|\| (r=curl.set_write());
		103	if(r)
		104	throw exception_curl(OPKELE_CP_ "failed to set basic curly options",r);
		105	http_request_t hr(
		106	(sep.oauth_method==oauth_post_body)?"POST":"GET",
		107	"");
		108	fields_t uq;
		109	noquerize_url(hr.url,sep.url,uq);
		110	prepare_request(hr,uq,fields_t(),sep,rt);
		111	switch(sep.oauth_method) {
		112	case oauth_auth_header:
		113	throw opkele::not_implemented(OPKELE_CP_
		114	"auth header for token acquisition isn't (yet?) supported");
		115	break;
		116	case oauth_post_body:
		117	(r=curl.easy_setopt(CURLOPT_POST,1))
		118	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str()))
		119	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size()));
		120	break;
		121	case oauth_url_query:
		122	break;
		123	default:
		124	throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
		125	"invalid oauth_method for request_token endpoint");
		126	};
		127	if(r)
		128	throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
		129	if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) )
		130	throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
		131	if( (r=curl.easy_perform()) )
		132	throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
		133	token_t rv;
		134	string::size_type p=0;
		135	while(p!=string::npos) {
		136	string::size_type np = curl.response.find('&',p);
		137	string part;
		138	if(np==string::npos) {
		139	part.assign(curl.response.c_str()+p); p = string::npos;
		140	}else{
		141	part.assign(curl.response,p,np-p); p = np+1;
		142	}
		143	string::size_type eq = part.find('=');
		144	if(eq==string::npos) continue;
		145	string n(part,0,eq);
		146	if(n=="oauth_token") {
		147	if(!rv.key.empty()) /* TODO: specialize */
		148	throw opkele::exception(OPKELE_CP_ "found oauth_token twice");
		149	rv.key = util::url_decode(part.substr(eq+1));
		150	}else if(n=="oauth_token_secret") {
		151	if(!rv.secret.empty()) /* TODO: specialize */
		152	throw opkele::exception(OPKELE_CP_ "found oauth_secret twice");
		153	rv.secret = util::url_decode(part.substr(eq+1));
		154	}
		155	}
		156	return rv;
		157	}
		158
		159	void basic_consumer::prepare_request(
		160	http_request_t& req,
		161	const basic_fields& qf,const basic_fields& pf,
		162	oauth_method_t om,const string& sm,
		163	const token_t *t,const string& realm) {
		164	fields_t op;
		165	op.set_field("oauth_consumer_key",consumer_token.key);
		166	if(t) op.set_field("oauth_token",t->key);
		167	op.set_field("oauth_signature_method",sm);
		168	time_t now;
		169	op.set_field("oauth_timestamp",
		170	util::long_to_string(time(&now)));
		171	op.set_field("oauth_nonce",allocate_nonce(now));
		172	op.set_field("oauth_version","1.0");
		173	/* TODO: normalize and strip down url */
		174	{
		175	fields_t af; /* TODO: optimize, I don't want it to be copied */
		176	qf.copy_to(af); pf.append_to(af); op.append_to(af);
		177	op.set_field("oauth_signature", signature(
		178	req.method,req.url,af,t) );
		179	}
		180	req.authorize_header.clear();
		181	if(om==oauth_auth_header) {
		182	req.authorize_header = "OAuth ";
		183	req.authorize_header += "realm=\"";
		184	req.authorize_header += util::url_encode(realm);
		185	req.authorize_header += '\"';
		186	for(basic_fields::fields_iterator
		187	i=op.fields_begin(),ie=op.fields_end();
		188	i!=ie;++i) {
		189	req.authorize_header += ", ";
		190	req.authorize_header += *i;
		191	req.authorize_header += "=\"";
		192	req.authorize_header += util::url_encode(op.get_field(*i));
		193	req.authorize_header += "\"";
		194	}
		195	req.url = qf.append_query(req.url);
		196	req.body = pf.query_string();
		197	}else if(om==oauth_post_body) {
		198	assert(req.method=="POST");
		199	/* TODO: optimize, don't copy it over and over */
		200	fields_t p;
		201	pf.append_to(p); op.append_to(p);
		202	req.url = qf.append_query(req.url);
		203	req.body = p.query_string();
		204	}else if(om==oauth_url_query) {
		205	fields_t q;
		206	qf.append_to(q); op.append_to(q);
		207	req.url = q.append_query(req.url);
		208	req.body = pf.query_string();
		209	}else
		210	throw opkele::exception(OPKELE_CP_ /* TODO: specialize */
		211	"Unknown oauth method");
		212	}
		213
		214	void basic_consumer::prepare_request(
		215	http_request_t& req,
		216	const basic_fields& qf,const basic_fields& pf,
		217	const service_endpoint_t& sep,
		218	const token_t *t,const string& realm) {
		219	prepare_request(
		220	req, qf, pf,
		221	sep.oauth_method,sep.signature_method,
		222	t,realm);
		223	}
		224
		225
		226	const basic_provider_endpoints& simple_consumer::get_endpoints() const {
		227	return peps; }
		228
		229	const string simple_consumer::allocate_nonce(time_t ts) {
		230	# ifndef HAVE_LIBUUID
		231	throw opkele::not_implemented(OPKELE_CP_
		232	"not implemented consumer's allocate_nonce()");
		233	# else /* HAVE_LIBUUID */
		234	uuid_t uuid; uuid_generate(uuid);
		235	return util::encode_base64(uuid,sizeof(uuid));
		236	# endif /* HAVE_LIBUUID */
		237	}
		238
		239	}
		240	}