|
|
|
| @@ -1,402 +1,401 @@ |
| 1 | #include <uuid/uuid.h> |
1 | #include <uuid/uuid.h> |
| 2 | #include <iostream> |
2 | #include <iostream> |
| 3 | #include <cassert> |
3 | #include <cassert> |
| 4 | #include <stdexcept> |
4 | #include <stdexcept> |
| 5 | #include <string> |
5 | #include <string> |
| 6 | #include <set> |
6 | #include <set> |
| 7 | #include <iterator> |
7 | #include <iterator> |
| 8 | using namespace std; |
8 | using namespace std; |
| 9 | #include <kingate/exception.h> |
9 | #include <kingate/exception.h> |
| 10 | #include <kingate/plaincgi.h> |
10 | #include <kingate/plaincgi.h> |
| 11 | #include <kingate/cgi_gateway.h> |
11 | #include <kingate/cgi_gateway.h> |
| 12 | #include <opkele/exception.h> |
12 | #include <opkele/exception.h> |
| 13 | #include <opkele/types.h> |
13 | #include <opkele/types.h> |
| 14 | #include <opkele/util.h> |
14 | #include <opkele/util.h> |
| 15 | #include <opkele/uris.h> |
15 | #include <opkele/uris.h> |
| 16 | #include <opkele/discovery.h> |
16 | #include <opkele/discovery.h> |
| 17 | #include <opkele/association.h> |
17 | #include <opkele/association.h> |
| 18 | #include <opkele/sreg.h> |
18 | #include <opkele/sreg.h> |
| 19 | using namespace opkele; |
19 | using namespace opkele; |
| 20 | #include <opkele/prequeue_rp.h> |
20 | #include <opkele/prequeue_rp.h> |
| 21 | #include <opkele/debug.h> |
21 | #include <opkele/debug.h> |
| 22 | |
22 | |
| 23 | #include "sqlite.h" |
23 | #include "sqlite.h" |
| 24 | #include "kingate_openid_message.h" |
24 | #include "kingate_openid_message.h" |
| 25 | |
25 | |
| 26 | #undef DUMB_RP |
26 | #undef DUMB_RP |
| 27 | |
27 | |
| 28 | #ifdef DUMB_RP |
28 | #ifdef DUMB_RP |
| 29 | # define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb") |
29 | # define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb") |
| 30 | #else |
30 | #else |
| 31 | # define DUMBTHROW (void)0 |
31 | # define DUMBTHROW (void)0 |
| 32 | #endif |
32 | #endif |
| 33 | |
33 | |
| 34 | class rpdb_t : public sqlite3_t { |
34 | class rpdb_t : public sqlite3_t { |
| 35 | public: |
35 | public: |
| 36 | rpdb_t() |
36 | rpdb_t() |
| 37 | : sqlite3_t("/tmp/RP.db") { |
37 | : sqlite3_t("/tmp/RP.db") { |
| 38 | assert(_D); |
38 | assert(_D); |
| 39 | char **resp; int nrow,ncol; char *errm; |
39 | char **resp; int nrow,ncol; char *errm; |
| 40 | if(sqlite3_get_table( |
40 | if(sqlite3_get_table( |
| 41 | _D,"SELECT a_op FROM assoc LIMIT 0", |
41 | _D,"SELECT a_op FROM assoc LIMIT 0", |
| 42 | &resp,&nrow,&ncol,&errm)!=SQLITE_OK) { |
42 | &resp,&nrow,&ncol,&errm)!=SQLITE_OK) { |
| 43 | extern const char *__RP_db_bootstrap; |
43 | extern const char *__RP_db_bootstrap; |
| 44 | DOUT_("Bootstrapping DB"); |
44 | DOUT_("Bootstrapping DB"); |
| 45 | if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
45 | if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
| 46 | throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm); |
46 | throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm); |
| 47 | }else |
47 | }else |
| 48 | sqlite3_free_table(resp); |
48 | sqlite3_free_table(resp); |
| 49 | |
49 | |
| 50 | } |
50 | } |
| 51 | }; |
51 | }; |
| 52 | |
52 | |
| 53 | class example_rp_t : public opkele::prequeue_RP { |
53 | class example_rp_t : public opkele::prequeue_RP { |
| 54 | public: |
54 | public: |
| 55 | mutable rpdb_t db; |
55 | mutable rpdb_t db; |
| 56 | kingate::cookie htc; |
56 | kingate::cookie htc; |
| 57 | long as_id; |
57 | long as_id; |
| 58 | int ordinal; |
58 | int ordinal; |
| 59 | kingate::cgi_gateway& gw; |
59 | kingate::cgi_gateway& gw; |
| 60 | |
60 | |
| 61 | example_rp_t(kingate::cgi_gateway& g) |
61 | example_rp_t(kingate::cgi_gateway& g) |
| 62 | : as_id(-1), ordinal(0), gw(g), have_eqtop(false) { |
62 | : as_id(-1), ordinal(0), gw(g), have_eqtop(false) { |
| 63 | try { |
63 | try { |
| 64 | htc = gw.cookies.get_cookie("ht_session"); |
64 | htc = gw.cookies.get_cookie("ht_session"); |
| 65 | as_id = opkele::util::string_to_long(gw.get_param("asid")); |
65 | as_id = opkele::util::string_to_long(gw.get_param("asid")); |
| 66 | }catch(kingate::exception_notfound& kenf) { |
66 | }catch(kingate::exception_notfound& kenf) { |
| 67 | uuid_t uuid; uuid_generate(uuid); |
67 | uuid_t uuid; uuid_generate(uuid); |
| 68 | htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid))); |
68 | htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid))); |
| 69 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
69 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 70 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
70 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
| 71 | htc.get_value().c_str()); |
71 | htc.get_value().c_str()); |
| 72 | db.exec(S); |
72 | db.exec(S); |
| 73 | } |
73 | } |
| 74 | } |
74 | } |
| 75 | |
75 | |
| 76 | /* Global persistent store */ |
76 | /* Global persistent store */ |
| 77 | |
77 | |
| 78 | opkele::assoc_t store_assoc( |
78 | opkele::assoc_t store_assoc( |
| 79 | const string& OP,const string& handle, |
79 | const string& OP,const string& handle, |
| 80 | const string& type,const secret_t& secret, |
80 | const string& type,const secret_t& secret, |
| 81 | int expires_in) { |
81 | int expires_in) { |
| 82 | DUMBTHROW; |
82 | DUMBTHROW; |
| 83 | DOUT_("Storing '" << handle << "' assoc with '" << OP << "'"); |
83 | DOUT_("Storing '" << handle << "' assoc with '" << OP << "'"); |
| 84 | time_t exp = time(0)+expires_in; |
84 | time_t exp = time(0)+expires_in; |
| 85 | sqlite3_mem_t<char*> |
85 | sqlite3_mem_t<char*> |
| 86 | S = sqlite3_mprintf( |
86 | S = sqlite3_mprintf( |
| 87 | "INSERT INTO assoc" |
87 | "INSERT INTO assoc" |
| 88 | " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)" |
88 | " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)" |
| 89 | " VALUES (" |
89 | " VALUES (" |
| 90 | " %Q,%Q,%Q," |
90 | " %Q,%Q,%Q," |
| 91 | " datetime('now'), datetime('now','+%d seconds')," |
91 | " datetime('now'), datetime('now','+%d seconds')," |
| 92 | " %Q" |
92 | " %Q" |
| 93 | " );", OP.c_str(), handle.c_str(), type.c_str(), |
93 | " );", OP.c_str(), handle.c_str(), type.c_str(), |
| 94 | expires_in, |
94 | expires_in, |
| 95 | util::encode_base64(&(secret.front()),secret.size()).c_str() ); |
95 | util::encode_base64(&(secret.front()),secret.size()).c_str() ); |
| 96 | db.exec(S); |
96 | db.exec(S); |
| 97 | return opkele::assoc_t(new opkele::association( |
97 | return opkele::assoc_t(new opkele::association( |
| 98 | OP, handle, type, secret, exp, false )); |
98 | OP, handle, type, secret, exp, false )); |
| 99 | } |
99 | } |
| 100 | |
100 | |
| 101 | opkele::assoc_t find_assoc( |
101 | opkele::assoc_t find_assoc( |
| 102 | const string& OP) { |
102 | const string& OP) { |
| 103 | DUMBTHROW; |
103 | DUMBTHROW; |
| 104 | DOUT_("Looking for an assoc with '" << OP << '\''); |
104 | DOUT_("Looking for an assoc with '" << OP << '\''); |
| 105 | sqlite3_mem_t<char*> |
105 | sqlite3_mem_t<char*> |
| 106 | S = sqlite3_mprintf( |
106 | S = sqlite3_mprintf( |
| 107 | "SELECT" |
107 | "SELECT" |
| 108 | " a_op,a_handle,a_type,a_secret," |
108 | " a_op,a_handle,a_type,a_secret," |
| 109 | " strftime('%%s',a_etime) AS a_etime" |
109 | " strftime('%%s',a_etime) AS a_etime" |
| 110 | " FROM assoc" |
110 | " FROM assoc" |
| 111 | " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless" |
111 | " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless" |
| 112 | " AND ( a_etime > datetime('now','-30 seconds') )" |
112 | " AND ( a_etime > datetime('now','-30 seconds') )" |
| 113 | " LIMIT 1", |
113 | " LIMIT 1", |
| 114 | OP.c_str()); |
114 | OP.c_str()); |
| 115 | sqlite3_table_t T; |
115 | sqlite3_table_t T; |
| 116 | int nr,nc; |
116 | int nr,nc; |
| 117 | db.get_table(S,T,&nr,&nc); |
117 | db.get_table(S,T,&nr,&nc); |
| 118 | if(nr<1) |
118 | if(nr<1) |
| 119 | throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle"); |
119 | throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle"); |
| 120 | assert(nr==1); |
120 | assert(nr==1); |
| 121 | assert(nc==5); |
121 | assert(nc==5); |
| 122 | secret_t secret; |
122 | secret_t secret; |
| 123 | util::decode_base64(T.get(1,3,nc),secret); |
123 | util::decode_base64(T.get(1,3,nc),secret); |
| 124 | DOUT_(" found '" << T.get(1,1,nc) << '\''); |
124 | DOUT_(" found '" << T.get(1,1,nc) << '\''); |
| 125 | return opkele::assoc_t(new opkele::association( |
125 | return opkele::assoc_t(new opkele::association( |
| 126 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
126 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
| 127 | secret, strtol(T.get(1,4,nc),0,0), false )); |
127 | secret, strtol(T.get(1,4,nc),0,0), false )); |
| 128 | } |
128 | } |
| 129 | |
129 | |
| 130 | opkele::assoc_t retrieve_assoc( |
130 | opkele::assoc_t retrieve_assoc( |
| 131 | const string& OP,const string& handle) { |
131 | const string& OP,const string& handle) { |
| 132 | DUMBTHROW; |
132 | DUMBTHROW; |
| 133 | DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\''); |
133 | DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\''); |
| 134 | sqlite3_mem_t<char*> |
134 | sqlite3_mem_t<char*> |
| 135 | S = sqlite3_mprintf( |
135 | S = sqlite3_mprintf( |
| 136 | "SELECT" |
136 | "SELECT" |
| 137 | " a_op,a_handle,a_type,a_secret," |
137 | " a_op,a_handle,a_type,a_secret," |
| 138 | " strftime('%%s',a_etime) AS a_etime" |
138 | " strftime('%%s',a_etime) AS a_etime" |
| 139 | " FROM assoc" |
139 | " FROM assoc" |
| 140 | " WHERE a_op=%Q AND a_handle=%Q" |
140 | " WHERE a_op=%Q AND a_handle=%Q" |
| 141 | " AND a_itime IS NULL AND NOT a_stateless" |
141 | " AND a_itime IS NULL AND NOT a_stateless" |
| 142 | " LIMIT 1", |
142 | " LIMIT 1", |
| 143 | OP.c_str(),handle.c_str()); |
143 | OP.c_str(),handle.c_str()); |
| 144 | sqlite3_table_t T; |
144 | sqlite3_table_t T; |
| 145 | int nr,nc; |
145 | int nr,nc; |
| 146 | db.get_table(S,T,&nr,&nc); |
146 | db.get_table(S,T,&nr,&nc); |
| 147 | if(nr<1) |
147 | if(nr<1) |
| 148 | throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association"); |
148 | throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association"); |
| 149 | assert(nr==1); assert(nc==5); |
149 | assert(nr==1); assert(nc==5); |
| 150 | secret_t secret; util::decode_base64(T.get(1,3,nc),secret); |
150 | secret_t secret; util::decode_base64(T.get(1,3,nc),secret); |
| 151 | DOUT_(" found. type=" << T.get(1,2,nc) << '\''); |
151 | DOUT_(" found. type=" << T.get(1,2,nc) << '\''); |
| 152 | return opkele::assoc_t(new opkele::association( |
152 | return opkele::assoc_t(new opkele::association( |
| 153 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
153 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
| 154 | secret, strtol(T.get(1,4,nc),0,0), false )); |
154 | secret, strtol(T.get(1,4,nc),0,0), false )); |
| 155 | } |
155 | } |
| 156 | |
156 | |
| 157 | void invalidate_assoc( |
157 | void invalidate_assoc( |
| 158 | const string& OP,const string& handle) { |
158 | const string& OP,const string& handle) { |
| 159 | DUMBTHROW; |
159 | DUMBTHROW; |
| 160 | DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\''); |
160 | DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\''); |
| 161 | sqlite3_mem_t<char*> |
161 | sqlite3_mem_t<char*> |
| 162 | S = sqlite3_mprintf( |
162 | S = sqlite3_mprintf( |
| 163 | "UPDATE assoc SET a_itime=datetime('now')" |
163 | "UPDATE assoc SET a_itime=datetime('now')" |
| 164 | " WHERE a_op=%Q AND a_handle=%Q", |
164 | " WHERE a_op=%Q AND a_handle=%Q", |
| 165 | OP.c_str(), handle.c_str() ); |
165 | OP.c_str(), handle.c_str() ); |
| 166 | db.exec(S); |
166 | db.exec(S); |
| 167 | } |
167 | } |
| 168 | |
168 | |
| 169 | void check_nonce(const string& OP,const string& nonce) { |
169 | void check_nonce(const string& OP,const string& nonce) { |
| 170 | DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\''); |
170 | DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\''); |
| 171 | sqlite3_mem_t<char*> |
171 | sqlite3_mem_t<char*> |
| 172 | S = sqlite3_mprintf( |
172 | S = sqlite3_mprintf( |
| 173 | "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q", |
173 | "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q", |
| 174 | OP.c_str(), nonce.c_str()); |
174 | OP.c_str(), nonce.c_str()); |
| 175 | sqlite3_table_t T; |
175 | sqlite3_table_t T; |
| 176 | int nr,nc; |
176 | int nr,nc; |
| 177 | db.get_table(S,T,&nr,&nc); |
177 | db.get_table(S,T,&nr,&nc); |
| 178 | if(nr) |
178 | if(nr) |
| 179 | throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce"); |
179 | throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce"); |
| 180 | sqlite3_mem_t<char*> |
180 | sqlite3_mem_t<char*> |
| 181 | SS = sqlite3_mprintf( |
181 | SS = sqlite3_mprintf( |
| 182 | "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)", |
182 | "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)", |
| 183 | OP.c_str(), nonce.c_str()); |
183 | OP.c_str(), nonce.c_str()); |
| 184 | db.exec(SS); |
184 | db.exec(SS); |
| 185 | } |
185 | } |
| 186 | |
186 | |
| 187 | /* Session perisistent store */ |
187 | /* Session perisistent store */ |
| 188 | |
188 | |
| 189 | void begin_queueing() { |
189 | void begin_queueing() { |
| 190 | assert(as_id>=0); |
190 | assert(as_id>=0); |
| 191 | DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id); |
191 | DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id); |
| 192 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
192 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 193 | "DELETE FROM endpoints_queue" |
193 | "DELETE FROM endpoints_queue" |
| 194 | " WHERE as_id=%ld", |
194 | " WHERE as_id=%ld", |
| 195 | as_id); |
195 | as_id); |
| 196 | db.exec(S); |
196 | db.exec(S); |
| 197 | } |
197 | } |
| 198 | |
198 | |
| 199 | void queue_endpoint(const opkele::openid_endpoint_t& ep) { |
199 | void queue_endpoint(const opkele::openid_endpoint_t& ep) { |
| 200 | assert(as_id>=0); |
200 | assert(as_id>=0); |
| 201 | DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri); |
201 | DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri); |
| 202 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
202 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 203 | "INSERT INTO endpoints_queue" |
203 | "INSERT INTO endpoints_queue" |
| 204 | " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)" |
204 | " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)" |
| 205 | " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)", |
205 | " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)", |
| 206 | as_id,ordinal++, |
206 | as_id,ordinal++, |
| 207 | ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str()); |
207 | ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str()); |
| 208 | db.exec(S); |
208 | db.exec(S); |
| 209 | } |
209 | } |
| 210 | |
210 | |
| 211 | mutable openid_endpoint_t eqtop; |
211 | mutable openid_endpoint_t eqtop; |
| 212 | mutable bool have_eqtop; |
212 | mutable bool have_eqtop; |
| 213 | |
213 | |
| 214 | const openid_endpoint_t& get_endpoint() const { |
214 | const openid_endpoint_t& get_endpoint() const { |
| 215 | assert(as_id>=0); |
215 | assert(as_id>=0); |
| 216 | if(!have_eqtop) { |
216 | if(!have_eqtop) { |
| 217 | sqlite3_mem_t<char*> |
217 | sqlite3_mem_t<char*> |
| 218 | S = sqlite3_mprintf( |
218 | S = sqlite3_mprintf( |
| 219 | "SELECT" |
219 | "SELECT" |
| 220 | " eq_uri, eq_claimed_id, eq_local_id" |
220 | " eq_uri, eq_claimed_id, eq_local_id" |
| 221 | " FROM endpoints_queue" |
221 | " FROM endpoints_queue" |
| 222 | " JOIN auth_sessions USING(as_id)" |
222 | " JOIN auth_sessions USING(as_id)" |
| 223 | " WHERE hts_id=%Q AND as_id=%ld" |
223 | " WHERE hts_id=%Q AND as_id=%ld" |
| 224 | " ORDER BY eq_ctime,eq_ordinal" |
224 | " ORDER BY eq_ctime,eq_ordinal" |
| 225 | " LIMIT 1",htc.get_value().c_str(),as_id); |
225 | " LIMIT 1",htc.get_value().c_str(),as_id); |
| 226 | sqlite3_table_t T; int nr,nc; |
226 | sqlite3_table_t T; int nr,nc; |
| 227 | db.get_table(S,T,&nr,&nc); |
227 | db.get_table(S,T,&nr,&nc); |
| 228 | if(nr<1) |
228 | if(nr<1) |
| 229 | throw opkele::exception(OPKELE_CP_ "No more endpoints queued"); |
229 | throw opkele::exception(OPKELE_CP_ "No more endpoints queued"); |
| 230 | assert(nr==1); assert(nc==3); |
230 | assert(nr==1); assert(nc==3); |
| 231 | eqtop.uri = T.get(1,0,nc); |
231 | eqtop.uri = T.get(1,0,nc); |
| 232 | eqtop.claimed_id = T.get(1,1,nc); |
232 | eqtop.claimed_id = T.get(1,1,nc); |
| 233 | eqtop.local_id = T.get(1,2,nc); |
233 | eqtop.local_id = T.get(1,2,nc); |
| 234 | have_eqtop = true; |
234 | have_eqtop = true; |
| 235 | } |
235 | } |
| 236 | return eqtop; |
236 | return eqtop; |
| 237 | } |
237 | } |
| 238 | |
238 | |
| 239 | void next_endpoint() { |
239 | void next_endpoint() { |
| 240 | assert(as_id>=0); |
240 | assert(as_id>=0); |
| 241 | get_endpoint(); |
241 | get_endpoint(); |
| 242 | have_eqtop = false; |
242 | have_eqtop = false; |
| 243 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
243 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 244 | "DELETE FROM endpoints_queue" |
244 | "DELETE FROM endpoints_queue" |
| 245 | " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q", |
245 | " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q", |
| 246 | htc.get_value().c_str(),as_id, |
246 | htc.get_value().c_str(),as_id, |
| 247 | eqtop.uri.c_str()); |
247 | eqtop.uri.c_str()); |
| 248 | db.exec(S); |
248 | db.exec(S); |
| 249 | } |
249 | } |
| 250 | |
250 | |
| 251 | mutable string _cid; |
| |
| 252 | mutable string _nid; |
251 | mutable string _nid; |
| 253 | |
252 | |
| 254 | void set_normalized_id(const string& nid) { |
253 | void set_normalized_id(const string& nid) { |
| 255 | assert(as_id>=0); |
254 | assert(as_id>=0); |
| 256 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
255 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 257 | "UPDATE auth_sessions" |
256 | "UPDATE auth_sessions" |
| 258 | " SET as_normalized_id=%Q" |
257 | " SET as_normalized_id=%Q" |
| 259 | " WHERE hts_id=%Q and as_id=%ld", |
258 | " WHERE hts_id=%Q and as_id=%ld", |
| 260 | nid.c_str(), |
259 | nid.c_str(), |
| 261 | htc.get_value().c_str(),as_id); |
260 | htc.get_value().c_str(),as_id); |
| 262 | db.exec(S); |
261 | db.exec(S); |
| 263 | _nid = nid; |
262 | _nid = nid; |
| 264 | } |
263 | } |
| 265 | const string get_normalized_id() const { |
264 | const string get_normalized_id() const { |
| 266 | assert(as_id>=0); |
265 | assert(as_id>=0); |
| 267 | if(_nid.empty()) { |
266 | if(_nid.empty()) { |
| 268 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
267 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 269 | "SELECT as_normalized_id" |
268 | "SELECT as_normalized_id" |
| 270 | " FROM" |
269 | " FROM" |
| 271 | " auth_sessions" |
270 | " auth_sessions" |
| 272 | " WHERE" |
271 | " WHERE" |
| 273 | " hts_id=%Q AND as_id=%ld", |
272 | " hts_id=%Q AND as_id=%ld", |
| 274 | htc.get_value().c_str(),as_id); |
273 | htc.get_value().c_str(),as_id); |
| 275 | sqlite3_table_t T; int nr,nc; |
274 | sqlite3_table_t T; int nr,nc; |
| 276 | db.get_table(S,T,&nr,&nc); |
275 | db.get_table(S,T,&nr,&nc); |
| 277 | assert(nr==1); assert(nc==1); |
276 | assert(nr==1); assert(nc==1); |
| 278 | _nid = T.get(1,0,nc); |
277 | _nid = T.get(1,0,nc); |
| 279 | } |
278 | } |
| 280 | return _nid; |
279 | return _nid; |
| 281 | } |
280 | } |
| 282 | |
281 | |
| 283 | const string get_this_url() const { |
282 | const string get_this_url() const { |
| 284 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
283 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
| 285 | string rv = s?"https://":"http://"; |
284 | string rv = s?"https://":"http://"; |
| 286 | rv += gw.http_request_header("Host"); |
285 | rv += gw.http_request_header("Host"); |
| 287 | const string& port = gw.get_meta("SERVER_PORT"); |
286 | const string& port = gw.get_meta("SERVER_PORT"); |
| 288 | if( port!=(s?"443":"80") ) { |
287 | if( port!=(s?"443":"80") ) { |
| 289 | rv += ':'; rv += port; |
288 | rv += ':'; rv += port; |
| 290 | } |
289 | } |
| 291 | rv += gw.get_meta("REQUEST_URI"); |
290 | rv += gw.get_meta("REQUEST_URI"); |
| 292 | return rv; |
291 | return rv; |
| 293 | } |
292 | } |
| 294 | |
293 | |
| 295 | void initiate(const string& usi) { |
294 | void initiate(const string& usi) { |
| 296 | allocate_asid(); |
295 | allocate_asid(); |
| 297 | prequeue_RP::initiate(usi); |
296 | prequeue_RP::initiate(usi); |
| 298 | } |
297 | } |
| 299 | |
298 | |
| 300 | string get_self_url() const { |
299 | string get_self_url() const { |
| 301 | string rv = get_this_url(); |
300 | string rv = get_this_url(); |
| 302 | string::size_type q = rv.find('?'); |
301 | string::size_type q = rv.find('?'); |
| 303 | if(q!=string::npos) |
302 | if(q!=string::npos) |
| 304 | rv.erase(q); |
303 | rv.erase(q); |
| 305 | return rv; |
304 | return rv; |
| 306 | } |
305 | } |
| 307 | |
306 | |
| 308 | void allocate_asid() { |
307 | void allocate_asid() { |
| 309 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
308 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 310 | "INSERT INTO auth_sessions (hts_id)" |
309 | "INSERT INTO auth_sessions (hts_id)" |
| 311 | " VALUES (%Q)", |
310 | " VALUES (%Q)", |
| 312 | htc.get_value().c_str()); |
311 | htc.get_value().c_str()); |
| 313 | db.exec(S); |
312 | db.exec(S); |
| 314 | as_id = sqlite3_last_insert_rowid(db); |
313 | as_id = sqlite3_last_insert_rowid(db); |
| 315 | DOUT_("Allocated authentication session id "<<as_id); |
314 | DOUT_("Allocated authentication session id "<<as_id); |
| 316 | assert(as_id>=0); |
315 | assert(as_id>=0); |
| 317 | } |
316 | } |
| 318 | |
317 | |
| 319 | #ifdef DUMB_RP |
318 | #ifdef DUMB_RP |
| 320 | virtual assoc_t associate(const string& OP) { |
319 | virtual assoc_t associate(const string& OP) { |
| 321 | DUMBTHROW; |
320 | DUMBTHROW; |
| 322 | } |
321 | } |
| 323 | #endif |
322 | #endif |
| 324 | }; |
323 | }; |
| 325 | |
324 | |
| 326 | int main(int,char **) { |
325 | int main(int,char **) { |
| 327 | try { |
326 | try { |
| 328 | kingate::plaincgi_interface ci; |
327 | kingate::plaincgi_interface ci; |
| 329 | kingate::cgi_gateway gw(ci); |
328 | kingate::cgi_gateway gw(ci); |
| 330 | string op; |
329 | string op; |
| 331 | try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } |
330 | try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } |
| 332 | if(op=="initiate") { |
331 | if(op=="initiate") { |
| 333 | example_rp_t rp(gw); |
332 | example_rp_t rp(gw); |
| 334 | string usi = gw.get_param("openid_identity"); |
333 | string usi = gw.get_param("openid_identity"); |
| 335 | rp.initiate(usi); |
334 | rp.initiate(usi); |
| 336 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
335 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
| 337 | opkele::openid_message_t cm; |
336 | opkele::openid_message_t cm; |
| 338 | string loc; |
337 | string loc; |
| 339 | cout << |
338 | cout << |
| 340 | "Set-Cookie: " << rp.htc.set_cookie_header() << "\n" |
339 | "Set-Cookie: " << rp.htc.set_cookie_header() << "\n" |
| 341 | "Status: 302 Going to OP\n" |
340 | "Status: 302 Going to OP\n" |
| 342 | "Location: " << ( |
341 | "Location: " << ( |
| 343 | loc = rp.checkid_(cm,opkele::mode_checkid_setup, |
342 | loc = rp.checkid_(cm,opkele::mode_checkid_setup, |
| 344 | rp.get_self_url()+ |
343 | rp.get_self_url()+ |
| 345 | "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id), |
344 | "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id), |
| 346 | rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri) |
345 | rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri) |
| 347 | ) |
346 | ) |
| 348 | << "\n\n"; |
347 | << "\n\n"; |
| 349 | DOUT_("Going to " << loc); |
348 | DOUT_("Going to " << loc); |
| 350 | }else if(op=="confirm") { |
349 | }else if(op=="confirm") { |
| 351 | kingate_openid_message_t om(gw); |
350 | kingate_openid_message_t om(gw); |
| 352 | example_rp_t rp(gw); |
351 | example_rp_t rp(gw); |
| 353 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
352 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
| 354 | rp.id_res(om,&sreg); |
353 | rp.id_res(om,&sreg); |
| 355 | cout << |
354 | cout << |
| 356 | "Content-Type: text/plain\n\n"; |
355 | "Content-Type: text/plain\n\n"; |
| 357 | for(opkele::basic_openid_message::fields_iterator i=om.fields_begin(); |
356 | for(opkele::basic_openid_message::fields_iterator i=om.fields_begin(); |
| 358 | i!=om.fields_end();++i) { |
357 | i!=om.fields_end();++i) { |
| 359 | cout << *i << '=' << om.get_field(*i) << endl; |
358 | cout << *i << '=' << om.get_field(*i) << endl; |
| 360 | } |
359 | } |
| 361 | cout << endl |
360 | cout << endl |
| 362 | << "SREG fields: " << sreg.has_fields << endl; |
361 | << "SREG fields: " << sreg.has_fields << endl; |
| 363 | }else{ |
362 | }else{ |
| 364 | cout << |
363 | cout << |
| 365 | "Content-type: text/html\n\n" |
364 | "Content-type: text/html\n\n" |
| 366 | |
365 | |
| 367 | "<html>" |
366 | "<html>" |
| 368 | "<head><title>test RP</title></head>" |
367 | "<head><title>test RP</title></head>" |
| 369 | "<body>" |
368 | "<body>" |
| 370 | "<form action='' method='post'>" |
369 | "<form action='' method='post'>" |
| 371 | "<input type='hidden' name='op' value='initiate' />" |
370 | "<input type='hidden' name='op' value='initiate' />" |
| 372 | "<input type='text' name='openid_identity'/>" |
371 | "<input type='text' name='openid_identity'/>" |
| 373 | "<input type='submit' name='submit' value='submit' />" |
372 | "<input type='submit' name='submit' value='submit' />" |
| 374 | "</form>" |
373 | "</form>" |
| 375 | "<br/><br/>" |
374 | "<br/><br/>" |
| 376 | "<a href='?op=initiate&openid_identity=www.myopenid.com&dummy=" << time(0) << "'>login with myopenid.com account</a>" |
375 | "<a href='?op=initiate&openid_identity=www.myopenid.com&dummy=" << time(0) << "'>login with myopenid.com account</a>" |
| 377 | "<br/>" |
376 | "<br/>" |
| 378 | "</body" |
377 | "</body" |
| 379 | "</html>" |
378 | "</html>" |
| 380 | ; |
379 | ; |
| 381 | } |
380 | } |
| 382 | #ifdef OPKELE_HAVE_KONFORKA |
381 | #ifdef OPKELE_HAVE_KONFORKA |
| 383 | }catch(konforka::exception& e) { |
382 | }catch(konforka::exception& e) { |
| 384 | #else |
383 | #else |
| 385 | }catch(std::exception& e){ |
384 | }catch(std::exception& e){ |
| 386 | #endif |
385 | #endif |
| 387 | DOUT_("Oops: " << e.what()); |
386 | DOUT_("Oops: " << e.what()); |
| 388 | cout << "Content-Type: text/plain\n\n" |
387 | cout << "Content-Type: text/plain\n\n" |
| 389 | "Exception:\n" |
388 | "Exception:\n" |
| 390 | " what: " << e.what() << endl; |
389 | " what: " << e.what() << endl; |
| 391 | #ifdef OPKELE_HAVE_KONFORKA |
390 | #ifdef OPKELE_HAVE_KONFORKA |
| 392 | cout << " where: " << e.where() << endl; |
391 | cout << " where: " << e.where() << endl; |
| 393 | if(!e._seen.empty()) { |
392 | if(!e._seen.empty()) { |
| 394 | cout << " seen:" << endl; |
393 | cout << " seen:" << endl; |
| 395 | for(list<konforka::code_point>::const_iterator |
394 | for(list<konforka::code_point>::const_iterator |
| 396 | i=e._seen.begin();i!=e._seen.end();++i) { |
395 | i=e._seen.begin();i!=e._seen.end();++i) { |
| 397 | cout << " " << i->c_str() << endl; |
396 | cout << " " << i->c_str() << endl; |
| 398 | } |
397 | } |
| 399 | } |
398 | } |
| 400 | #endif |
399 | #endif |
| 401 | } |
400 | } |
| 402 | } |
401 | } |
|
