4 files changed, 4 insertions, 0 deletions

diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index c247493..fa659ac 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -1,56 +1,57 @@
 #include <time.h>
 #include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/data.h>
 #include <opkele/basic_op.h>
 #include <opkele/exception.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/uris.h>
 
 namespace opkele {
 
     void basic_OP::reset_vars() {
 	assoc.reset();
 	return_to.clear(); realm.clear();
 	claimed_id.clear(); identity.clear();
 	invalidate_handle.clear();
     }
 
     bool basic_OP::has_return_to() const {
 	return !return_to.empty();
     }
     const string& basic_OP::get_return_to() const {
 	if(return_to.empty())
 	    throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");
 	return return_to;
     }
 
     const string& basic_OP::get_realm() const {
 	assert(!realm.empty());
 	return realm;
     }
 
     bool basic_OP::has_identity() const {
 	return !identity.empty();
     }
     const string& basic_OP::get_claimed_id() const {
 	if(claimed_id.empty())
 	    throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");
 	assert(!identity.empty());
 	return claimed_id;
     }
     const string& basic_OP::get_identity() const {
 	if(identity.empty())
 	    throw non_identity(OPKELE_CP_ "attempting to retrieve identity of non-identity related request");
 	assert(!claimed_id.empty());
 	return identity;
     }
 
     bool basic_OP::is_id_select() const {
 	return identity==IDURI_SELECT20;
     }
 
     void basic_OP::select_identity(const string& c,const string& i) {
 	claimed_id = c; identity = i;
     }
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index a0ad130..e65d9fb 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -1,56 +1,57 @@
 #include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/basic_rp.h>
 #include <opkele/exception.h>
 #include <opkele/uris.h>
 #include <opkele/data.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/curl.h>
 
 namespace opkele {
 
     static void dh_get_secret(
 	    secret_t& secret, const basic_openid_message& om,
 	    const char *exp_assoc, const char *exp_sess,
 	    util::dh_t& dh,
 	    size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*),
 	    size_t exp_s_len) try {
 	if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess)
 	    throw bad_input(OPKELE_CP_ "Unexpected associate response");
 	util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public"));
 	vector<unsigned char> ck(DH_size(dh)+1);
 	unsigned char *ckptr = &(ck.front())+1;
 	int cklen = DH_compute_key(ckptr,s_pub,dh);
 	if(cklen<0)
 	    throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
 	if(cklen && (*ckptr)&0x80) {
 	    (*(--ckptr))=0; ++cklen; }
 	assert(d_len<=SHA256_DIGEST_LENGTH);
 	unsigned char key_digest[SHA256_DIGEST_LENGTH];
 	secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
 	if(secret.size()!=exp_s_len)
 	    throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
     }catch(opkele::failed_lookup& ofl) {
 	throw bad_input(OPKELE_CP_ "Incoherent response from OP");
     } OPKELE_RETHROW
 
     static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) {
 	util::curl_pick_t curl = util::curl_pick_t::easy_init();
 	if(!curl)
 	    throw exception_curl(OPKELE_CP_ "failed to initialize curl");
 	string request = inm.query_string();
 	CURLcode r;
 	(r=curl.misc_sets())
 	    || (r=curl.easy_setopt(CURLOPT_URL,OP.c_str()))
 	    || (r=curl.easy_setopt(CURLOPT_POST,1))
 	    || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
 	    || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
 	    || (r=curl.set_write());
 	if(r)
 	    throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
 	if( (r=curl.easy_perform()) )
 	    throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
 	oum.from_keyvalues(curl.response);
     }
 
diff --git a/lib/consumer.cc b/lib/consumer.cc
index ebda262..801496e 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,52 +1,53 @@
 #include <algorithm>
 #include <cassert>
 #include <cstring>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/curl.h>
 #include <opkele/exception.h>
 #include <opkele/data.h>
 #include <opkele/consumer.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <iostream>
 
 #include "config.h"
 
 #include <pcre.h>
 
 namespace opkele {
     using namespace std;
     using util::curl_t;
     using util::curl_pick_t;
 
     class pcre_matches_t {
 	public:
 	    int *_ov;
 	    int _s;
 
 	    pcre_matches_t() : _ov(0), _s(0) { }
 	    pcre_matches_t(int s) : _ov(0), _s(s) {
 		if(_s&1) ++_s;
 		_s += _s>>1;
 		_ov = new int[_s];
 	    }
 	    ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
 
 	    int begin(int i) const { return _ov[i<<1]; }
 	    int end(int i) const { return _ov[(i<<1)+1]; }
 	    int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
     };
 
     class pcre_t {
 	public:
 	    pcre *_p;
 
 	    pcre_t() : _p(0) { }
 	    pcre_t(pcre *p) : _p(p) { }
 	    pcre_t(const char *re,int opts) : _p(0) {
 		static const char *errptr; static int erroffset;
 		_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
 		if(!_p)
 		    throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
 	    }
 	    ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
diff --git a/lib/server.cc b/lib/server.cc
index 776f1ae..0dea1eb 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -1,53 +1,54 @@
 #include <cstring>
 #include <vector>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/exception.h>
 #include <opkele/server.h>
 #include <opkele/data.h>
 
 namespace opkele {
     using namespace std;
 
     void server_t::associate(const params_t& pin,params_t& pout) {
 	util::dh_t dh;
 	util::bignum_t c_pub;
 	unsigned char key_sha1[SHA_DIGEST_LENGTH];
 	enum {
 	    sess_cleartext,
 	    sess_dh_sha1
 	} st = sess_cleartext;
 	if(
 		pin.has_param("openid.session_type")
 		&& pin.get_param("openid.session_type")=="DH-SHA1" ) {
 	    /* TODO: fallback to cleartext in case of exceptions here? */
 	    if(!(dh = DH_new()))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
 	    c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
 	    if(pin.has_param("openid.dh_modulus"))
 		dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
 	    else
 		dh->p = util::dec_to_bignum(data::_default_p);
 	    if(pin.has_param("openid.dh_gen"))
 		dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
 	    else
 		dh->g = util::dec_to_bignum(data::_default_g);
 	    if(!DH_generate_key(dh))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
 	    vector<unsigned char> ck(DH_size(dh)+1);
 	    unsigned char *ckptr = &(ck.front())+1;
 	    int cklen = DH_compute_key(ckptr,c_pub,dh);
 	    if(cklen<0)
 		throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
 	    if(cklen && (*ckptr)&0x80) {
 		(*(--ckptr)) = 0; ++cklen;
 	    }
 	    SHA1(ckptr,cklen,key_sha1);
 	    st = sess_dh_sha1;
 	}
 	assoc_t assoc = alloc_assoc(mode_associate);
 	time_t now = time(0);
 	pout.clear();
 	pout["assoc_type"] = assoc->assoc_type();
 	pout["assoc_handle"] = assoc->handle();