summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2007-12-16 00:36:30 (UTC)
committer Michael Krelin <hacker@klever.net>2007-12-17 12:09:16 (UTC)
commit7d8cda044fa3b428eb53ec2bfbeaa2e223114554 (patch) (unidiff)
treed81fc5436f1d22276972ffed473ed8b438bfb5d9
parent52c81fff0274c6bb54f6f9be414432ee6388e723 (diff)
downloadlibopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.zip
libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.gz
libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.bz2
moved curl_fetch_string_t/curl_pick_t classes into curl.h
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/curl.h24
-rw-r--r--lib/consumer.cc20
2 files changed, 25 insertions, 19 deletions
diff --git a/include/opkele/curl.h b/include/opkele/curl.h
index 8020b63..5cf8e48 100644
--- a/include/opkele/curl.h
+++ b/include/opkele/curl.h
@@ -1,48 +1,72 @@
1#ifndef __OPKELE_CURL_H 1#ifndef __OPKELE_CURL_H
2#define __OPKELE_CURL_H 2#define __OPKELE_CURL_H
3 3
4#include <cassert> 4#include <cassert>
5#include <string>
6#include <algorithm>
5#include <curl/curl.h> 7#include <curl/curl.h>
6 8
7namespace opkele { 9namespace opkele {
10 using std::min;
11 using std::string;
8 12
9 namespace util { 13 namespace util {
10 14
11 class curl_t { 15 class curl_t {
12 public: 16 public:
13 CURL *_c; 17 CURL *_c;
14 18
15 curl_t() : _c(0) { } 19 curl_t() : _c(0) { }
16 curl_t(CURL *c) : _c(c) { } 20 curl_t(CURL *c) : _c(c) { }
17 virtual ~curl_t() throw(); 21 virtual ~curl_t() throw();
18 22
19 curl_t& operator=(CURL *c); 23 curl_t& operator=(CURL *c);
20 24
21 operator const CURL*(void) const { return _c; } 25 operator const CURL*(void) const { return _c; }
22 operator CURL*(void) { return _c; } 26 operator CURL*(void) { return _c; }
23 27
24 CURLcode misc_sets(); 28 CURLcode misc_sets();
25 29
26 template<typename PT> 30 template<typename PT>
27 inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); } 31 inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
28 CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); } 32 CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
29 template<typename IT> 33 template<typename IT>
30 inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); } 34 inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
31 35
32 static inline CURL *easy_init() { return curl_easy_init(); } 36 static inline CURL *easy_init() { return curl_easy_init(); }
33 37
34 virtual size_t write(void* /* p */,size_t /* s */,size_t /* nm */) { return 0; } 38 virtual size_t write(void* /* p */,size_t /* s */,size_t /* nm */) { return 0; }
35 CURLcode set_write(); 39 CURLcode set_write();
36 40
37 virtual int progress(double /* dlt */,double /* dln*/ ,double /* ult */,double /* uln */) { return 0; } 41 virtual int progress(double /* dlt */,double /* dln*/ ,double /* ult */,double /* uln */) { return 0; }
38 CURLcode set_progress(); 42 CURLcode set_progress();
39 43
40 virtual size_t header(void* /* p */,size_t s,size_t nm) { return s*nm; } 44 virtual size_t header(void* /* p */,size_t s,size_t nm) { return s*nm; }
41 CURLcode set_header(); 45 CURLcode set_header();
42 }; 46 };
43 47
48 template<int lim>
49 class curl_fetch_string_t : public curl_t {
50 public:
51 curl_fetch_string_t(CURL *c)
52 : curl_t(c) { }
53 ~curl_fetch_string_t() throw() { }
54
55 string response;
56
57 size_t write(void *p,size_t size,size_t nmemb) {
58 size_t bytes = size*nmemb;
59 size_t get = min(lim-response.length(),bytes);
60 response.append((const char *)p,get);
61 return get;
62 }
63 };
64
65 typedef curl_fetch_string_t<16384> curl_pick_t;
66
67
44 } 68 }
45 69
46} 70}
47 71
48#endif /* __OPKELE_CURL_H */ 72#endif /* __OPKELE_CURL_H */
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 9f7530f..3c3b4f8 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,413 +1,395 @@
1#include <algorithm> 1#include <algorithm>
2#include <cassert> 2#include <cassert>
3#include <cstring> 3#include <cstring>
4#include <opkele/util.h> 4#include <opkele/util.h>
5#include <opkele/curl.h> 5#include <opkele/curl.h>
6#include <opkele/exception.h> 6#include <opkele/exception.h>
7#include <opkele/data.h> 7#include <opkele/data.h>
8#include <opkele/consumer.h> 8#include <opkele/consumer.h>
9#include <openssl/sha.h> 9#include <openssl/sha.h>
10#include <openssl/hmac.h> 10#include <openssl/hmac.h>
11#include <iostream> 11#include <iostream>
12 12
13#include "config.h" 13#include "config.h"
14 14
15#include <pcre.h> 15#include <pcre.h>
16 16
17namespace opkele { 17namespace opkele {
18 using namespace std; 18 using namespace std;
19 using util::curl_t; 19 using util::curl_t;
20 20 using util::curl_pick_t;
21 template<int lim>
22 class curl_fetch_string_t : public curl_t {
23 public:
24 curl_fetch_string_t(CURL *c)
25 : curl_t(c) { }
26 ~curl_fetch_string_t() throw() { }
27
28 string response;
29
30 size_t write(void *p,size_t size,size_t nmemb) {
31 size_t bytes = size*nmemb;
32 size_t get = min(lim-response.length(),bytes);
33 response.append((const char *)p,get);
34 return get;
35 }
36 };
37
38 typedef curl_fetch_string_t<16384> curl_pick_t;
39 21
40 class pcre_matches_t { 22 class pcre_matches_t {
41 public: 23 public:
42 int *_ov; 24 int *_ov;
43 int _s; 25 int _s;
44 26
45 pcre_matches_t() : _ov(0), _s(0) { } 27 pcre_matches_t() : _ov(0), _s(0) { }
46 pcre_matches_t(int s) : _ov(0), _s(s) { 28 pcre_matches_t(int s) : _ov(0), _s(s) {
47 if(_s&1) ++_s; 29 if(_s&1) ++_s;
48 _s += _s>>1; 30 _s += _s>>1;
49 _ov = new int[_s]; 31 _ov = new int[_s];
50 } 32 }
51 ~pcre_matches_t() throw() { if(_ov) delete[] _ov; } 33 ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
52 34
53 int begin(int i) const { return _ov[i<<1]; } 35 int begin(int i) const { return _ov[i<<1]; }
54 int end(int i) const { return _ov[(i<<1)+1]; } 36 int end(int i) const { return _ov[(i<<1)+1]; }
55 int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; } 37 int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
56 }; 38 };
57 39
58 class pcre_t { 40 class pcre_t {
59 public: 41 public:
60 pcre *_p; 42 pcre *_p;
61 43
62 pcre_t() : _p(0) { } 44 pcre_t() : _p(0) { }
63 pcre_t(pcre *p) : _p(p) { } 45 pcre_t(pcre *p) : _p(p) { }
64 pcre_t(const char *re,int opts) : _p(0) { 46 pcre_t(const char *re,int opts) : _p(0) {
65 static const char *errptr; static int erroffset; 47 static const char *errptr; static int erroffset;
66 _p = pcre_compile(re,opts,&errptr,&erroffset,NULL); 48 _p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
67 if(!_p) 49 if(!_p)
68 throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr); 50 throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
69 } 51 }
70 ~pcre_t() throw() { if(_p) (*pcre_free)(_p); } 52 ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
71 53
72 pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; } 54 pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
73 55
74 operator const pcre*(void) const { return _p; } 56 operator const pcre*(void) const { return _p; }
75 operator pcre*(void) { return _p; } 57 operator pcre*(void) { return _p; }
76 58
77 int exec(const string& s,pcre_matches_t& m) { 59 int exec(const string& s,pcre_matches_t& m) {
78 if(!_p) 60 if(!_p)
79 throw internal_error(OPKELE_CP_ "Trying to execute absent regexp"); 61 throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
80 return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s); 62 return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
81 } 63 }
82 }; 64 };
83 65
84 assoc_t consumer_t::associate(const string& server) { 66 assoc_t consumer_t::associate(const string& server) {
85 util::dh_t dh = DH_new(); 67 util::dh_t dh = DH_new();
86 if(!dh) 68 if(!dh)
87 throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); 69 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
88 dh->p = util::dec_to_bignum(data::_default_p); 70 dh->p = util::dec_to_bignum(data::_default_p);
89 dh->g = util::dec_to_bignum(data::_default_g); 71 dh->g = util::dec_to_bignum(data::_default_g);
90 if(!DH_generate_key(dh)) 72 if(!DH_generate_key(dh))
91 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); 73 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
92 string request = 74 string request =
93 "openid.mode=associate" 75 "openid.mode=associate"
94 "&openid.assoc_type=HMAC-SHA1" 76 "&openid.assoc_type=HMAC-SHA1"
95 "&openid.session_type=DH-SHA1" 77 "&openid.session_type=DH-SHA1"
96 "&openid.dh_consumer_public="; 78 "&openid.dh_consumer_public=";
97 request += util::url_encode(util::bignum_to_base64(dh->pub_key)); 79 request += util::url_encode(util::bignum_to_base64(dh->pub_key));
98 curl_pick_t curl = curl_pick_t::easy_init(); 80 curl_pick_t curl = curl_pick_t::easy_init();
99 if(!curl) 81 if(!curl)
100 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 82 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
101 CURLcode r; 83 CURLcode r;
102 (r=curl.misc_sets()) 84 (r=curl.misc_sets())
103 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str())) 85 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
104 || (r=curl.easy_setopt(CURLOPT_POST,1)) 86 || (r=curl.easy_setopt(CURLOPT_POST,1))
105 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data())) 87 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
106 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length())) 88 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
107 || (r=curl.set_write()) 89 || (r=curl.set_write())
108 ; 90 ;
109 if(r) 91 if(r)
110 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 92 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
111 if( (r=curl.easy_perform()) ) 93 if( (r=curl.easy_perform()) )
112 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 94 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
113 params_t p; p.parse_keyvalues(curl.response); 95 params_t p; p.parse_keyvalues(curl.response);
114 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") 96 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
115 throw bad_input(OPKELE_CP_ "unsupported assoc_type"); 97 throw bad_input(OPKELE_CP_ "unsupported assoc_type");
116 string st; 98 string st;
117 if(p.has_param("session_type")) st = p.get_param("session_type"); 99 if(p.has_param("session_type")) st = p.get_param("session_type");
118 if((!st.empty()) && st!="DH-SHA1") 100 if((!st.empty()) && st!="DH-SHA1")
119 throw bad_input(OPKELE_CP_ "unsupported session_type"); 101 throw bad_input(OPKELE_CP_ "unsupported session_type");
120 secret_t secret; 102 secret_t secret;
121 if(st.empty()) { 103 if(st.empty()) {
122 secret.from_base64(p.get_param("mac_key")); 104 secret.from_base64(p.get_param("mac_key"));
123 }else{ 105 }else{
124 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); 106 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
125 vector<unsigned char> ck(DH_size(dh)+1); 107 vector<unsigned char> ck(DH_size(dh)+1);
126 unsigned char *ckptr = &(ck.front())+1; 108 unsigned char *ckptr = &(ck.front())+1;
127 int cklen = DH_compute_key(ckptr,s_pub,dh); 109 int cklen = DH_compute_key(ckptr,s_pub,dh);
128 if(cklen<0) 110 if(cklen<0)
129 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 111 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
130 if(cklen && (*ckptr)&0x80) { 112 if(cklen && (*ckptr)&0x80) {
131 (*(--ckptr)) = 0; ++cklen; 113 (*(--ckptr)) = 0; ++cklen;
132 } 114 }
133 unsigned char key_sha1[SHA_DIGEST_LENGTH]; 115 unsigned char key_sha1[SHA_DIGEST_LENGTH];
134 SHA1(ckptr,cklen,key_sha1); 116 SHA1(ckptr,cklen,key_sha1);
135 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); 117 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
136 } 118 }
137 int expires_in = 0; 119 int expires_in = 0;
138 if(p.has_param("expires_in")) { 120 if(p.has_param("expires_in")) {
139 expires_in = util::string_to_long(p.get_param("expires_in")); 121 expires_in = util::string_to_long(p.get_param("expires_in"));
140 }else if(p.has_param("issued") && p.has_param("expiry")) { 122 }else if(p.has_param("issued") && p.has_param("expiry")) {
141 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued")); 123 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
142 }else 124 }else
143 throw bad_input(OPKELE_CP_ "no expiration information"); 125 throw bad_input(OPKELE_CP_ "no expiration information");
144 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); 126 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
145 } 127 }
146 128
147 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 129 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
148 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); 130 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
149 } 131 }
150 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 132 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
151 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); 133 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
152 } 134 }
153 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 135 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
154 params_t p; 136 params_t p;
155 if(mode==mode_checkid_immediate) 137 if(mode==mode_checkid_immediate)
156 p["mode"]="checkid_immediate"; 138 p["mode"]="checkid_immediate";
157 else if(mode==mode_checkid_setup) 139 else if(mode==mode_checkid_setup)
158 p["mode"]="checkid_setup"; 140 p["mode"]="checkid_setup";
159 else 141 else
160 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 142 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
161 string iurl = canonicalize(identity); 143 string iurl = canonicalize(identity);
162 string server, delegate; 144 string server, delegate;
163 retrieve_links(iurl,server,delegate); 145 retrieve_links(iurl,server,delegate);
164 p["identity"] = delegate.empty()?iurl:delegate; 146 p["identity"] = delegate.empty()?iurl:delegate;
165 if(!trust_root.empty()) 147 if(!trust_root.empty())
166 p["trust_root"] = trust_root; 148 p["trust_root"] = trust_root;
167 p["return_to"] = return_to; 149 p["return_to"] = return_to;
168 try { 150 try {
169 string ah = find_assoc(server)->handle(); 151 string ah = find_assoc(server)->handle();
170 p["assoc_handle"] = ah; 152 p["assoc_handle"] = ah;
171 }catch(failed_lookup& fl) { 153 }catch(failed_lookup& fl) {
172 string ah = associate(server)->handle(); 154 string ah = associate(server)->handle();
173 p["assoc_handle"] = ah; 155 p["assoc_handle"] = ah;
174 } 156 }
175 if(ext) ext->checkid_hook(p,identity); 157 if(ext) ext->checkid_hook(p,identity);
176 return p.append_query(server); 158 return p.append_query(server);
177 } 159 }
178 160
179 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 161 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
180 if(pin.has_param("openid.user_setup_url")) 162 if(pin.has_param("openid.user_setup_url"))
181 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 163 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
182 string server,delegate; 164 string server,delegate;
183 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 165 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
184 params_t ps; 166 params_t ps;
185 try { 167 try {
186 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 168 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
187 if(assoc->is_expired()) 169 if(assoc->is_expired())
188 throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 170 throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
189 const string& sigenc = pin.get_param("openid.sig"); 171 const string& sigenc = pin.get_param("openid.sig");
190 vector<unsigned char> sig; 172 vector<unsigned char> sig;
191 util::decode_base64(sigenc,sig); 173 util::decode_base64(sigenc,sig);
192 const string& slist = pin.get_param("openid.signed"); 174 const string& slist = pin.get_param("openid.signed");
193 string kv; 175 string kv;
194 string::size_type p = 0; 176 string::size_type p = 0;
195 while(true) { 177 while(true) {
196 string::size_type co = slist.find(',',p); 178 string::size_type co = slist.find(',',p);
197 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 179 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
198 kv += f; 180 kv += f;
199 kv += ':'; 181 kv += ':';
200 f.insert(0,"openid."); 182 f.insert(0,"openid.");
201 kv += pin.get_param(f); 183 kv += pin.get_param(f);
202 kv += '\n'; 184 kv += '\n';
203 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f); 185 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
204 if(co==string::npos) 186 if(co==string::npos)
205 break; 187 break;
206 p = co+1; 188 p = co+1;
207 } 189 }
208 secret_t secret = assoc->secret(); 190 secret_t secret = assoc->secret();
209 unsigned int md_len = 0; 191 unsigned int md_len = 0;
210 unsigned char *md = HMAC( 192 unsigned char *md = HMAC(
211 EVP_sha1(), 193 EVP_sha1(),
212 &(secret.front()),secret.size(), 194 &(secret.front()),secret.size(),
213 (const unsigned char *)kv.data(),kv.length(), 195 (const unsigned char *)kv.data(),kv.length(),
214 0,&md_len); 196 0,&md_len);
215 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len)) 197 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
216 throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); 198 throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
217 }catch(failed_lookup& e) { 199 }catch(failed_lookup& e) {
218 const string& slist = pin.get_param("openid.signed"); 200 const string& slist = pin.get_param("openid.signed");
219 string::size_type pp = 0; 201 string::size_type pp = 0;
220 params_t p; 202 params_t p;
221 while(true) { 203 while(true) {
222 string::size_type co = slist.find(',',pp); 204 string::size_type co = slist.find(',',pp);
223 string f = "openid."; 205 string f = "openid.";
224 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp); 206 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
225 p[f] = pin.get_param(f); 207 p[f] = pin.get_param(f);
226 if(co==string::npos) 208 if(co==string::npos)
227 break; 209 break;
228 pp = co+1; 210 pp = co+1;
229 } 211 }
230 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle"); 212 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
231 p["openid.sig"] = pin.get_param("openid.sig"); 213 p["openid.sig"] = pin.get_param("openid.sig");
232 p["openid.signed"] = pin.get_param("openid.signed"); 214 p["openid.signed"] = pin.get_param("openid.signed");
233 try { 215 try {
234 string ih = pin.get_param("openid.invalidate_handle"); 216 string ih = pin.get_param("openid.invalidate_handle");
235 p["openid.invalidate_handle"] = ih; 217 p["openid.invalidate_handle"] = ih;
236 }catch(failed_lookup& fl) { } 218 }catch(failed_lookup& fl) { }
237 try { 219 try {
238 check_authentication(server,p); 220 check_authentication(server,p);
239 }catch(failed_check_authentication& fca) { 221 }catch(failed_check_authentication& fca) {
240 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 222 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
241 } 223 }
242 } 224 }
243 if(ext) ext->id_res_hook(pin,ps,identity); 225 if(ext) ext->id_res_hook(pin,ps,identity);
244 } 226 }
245 227
246 void consumer_t::check_authentication(const string& server,const params_t& p) { 228 void consumer_t::check_authentication(const string& server,const params_t& p) {
247 string request = "openid.mode=check_authentication"; 229 string request = "openid.mode=check_authentication";
248 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 230 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
249 if(i->first!="openid.mode") { 231 if(i->first!="openid.mode") {
250 request += '&'; 232 request += '&';
251 request += i->first; 233 request += i->first;
252 request += '='; 234 request += '=';
253 request += util::url_encode(i->second); 235 request += util::url_encode(i->second);
254 } 236 }
255 } 237 }
256 curl_pick_t curl = curl_pick_t::easy_init(); 238 curl_pick_t curl = curl_pick_t::easy_init();
257 if(!curl) 239 if(!curl)
258 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 240 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
259 CURLcode r; 241 CURLcode r;
260 (r=curl.misc_sets()) 242 (r=curl.misc_sets())
261 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str())) 243 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
262 || (r=curl.easy_setopt(CURLOPT_POST,1)) 244 || (r=curl.easy_setopt(CURLOPT_POST,1))
263 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data())) 245 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
264 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length())) 246 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
265 || (r=curl.set_write()) 247 || (r=curl.set_write())
266 ; 248 ;
267 if(r) 249 if(r)
268 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 250 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
269 if( (r=curl.easy_perform()) ) 251 if( (r=curl.easy_perform()) )
270 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 252 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
271 params_t pp; pp.parse_keyvalues(curl.response); 253 params_t pp; pp.parse_keyvalues(curl.response);
272 if(pp.has_param("invalidate_handle")) 254 if(pp.has_param("invalidate_handle"))
273 invalidate_assoc(server,pp.get_param("invalidate_handle")); 255 invalidate_assoc(server,pp.get_param("invalidate_handle"));
274 if(pp.has_param("is_valid")) { 256 if(pp.has_param("is_valid")) {
275 if(pp.get_param("is_valid")=="true") 257 if(pp.get_param("is_valid")=="true")
276 return; 258 return;
277 }else if(pp.has_param("lifetime")) { 259 }else if(pp.has_param("lifetime")) {
278 if(util::string_to_long(pp.get_param("lifetime"))) 260 if(util::string_to_long(pp.get_param("lifetime")))
279 return; 261 return;
280 } 262 }
281 throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); 263 throw failed_check_authentication(OPKELE_CP_ "failed to verify response");
282 } 264 }
283 265
284 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { 266 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) {
285 server.erase(); 267 server.erase();
286 delegate.erase(); 268 delegate.erase();
287 curl_pick_t curl = curl_pick_t::easy_init(); 269 curl_pick_t curl = curl_pick_t::easy_init();
288 if(!curl) 270 if(!curl)
289 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 271 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
290 string& html = curl.response; 272 string& html = curl.response;
291 CURLcode r; 273 CURLcode r;
292 (r=curl.misc_sets()) 274 (r=curl.misc_sets())
293 || (r=curl.easy_setopt(CURLOPT_URL,url.c_str())) 275 || (r=curl.easy_setopt(CURLOPT_URL,url.c_str()))
294 || (r=curl.set_write()); 276 || (r=curl.set_write());
295 ; 277 ;
296 if(r) 278 if(r)
297 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 279 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
298 r = curl.easy_perform(); 280 r = curl.easy_perform();
299 if(r && r!=CURLE_WRITE_ERROR) 281 if(r && r!=CURLE_WRITE_ERROR)
300 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 282 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
301 static const char *re_bre = "<\\s*body\\b", *re_hdre = "<\\s*head[^>]*>", 283 static const char *re_bre = "<\\s*body\\b", *re_hdre = "<\\s*head[^>]*>",
302 *re_lre = "<\\s*link\\b([^>]+)>", 284 *re_lre = "<\\s*link\\b([^>]+)>",
303 *re_rre = "\\brel\\s*=\\s*['\"]([^'\"]+)['\"]", 285 *re_rre = "\\brel\\s*=\\s*['\"]([^'\"]+)['\"]",
304 *re_hre = "\\bhref\\s*=\\s*['\"]\\s*([^'\"\\s]+)\\s*['\"]"; 286 *re_hre = "\\bhref\\s*=\\s*['\"]\\s*([^'\"\\s]+)\\s*['\"]";
305 pcre_matches_t m1(3), m2(3); 287 pcre_matches_t m1(3), m2(3);
306 pcre_t bre(re_bre,PCRE_CASELESS); 288 pcre_t bre(re_bre,PCRE_CASELESS);
307 if(bre.exec(html,m1)>0) 289 if(bre.exec(html,m1)>0)
308 html.erase(m1.begin(0)); 290 html.erase(m1.begin(0));
309 pcre_t hdre(re_hdre,PCRE_CASELESS); 291 pcre_t hdre(re_hdre,PCRE_CASELESS);
310 if(hdre.exec(html,m1)<=0) 292 if(hdre.exec(html,m1)<=0)
311 throw bad_input(OPKELE_CP_ "failed to find <head>"); 293 throw bad_input(OPKELE_CP_ "failed to find <head>");
312 html.erase(0,m1.end(0)+1); 294 html.erase(0,m1.end(0)+1);
313 pcre_t lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS); 295 pcre_t lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS);
314 bool gotit = false; 296 bool gotit = false;
315 while( (!gotit) && lre.exec(html,m1)>=2 ) { 297 while( (!gotit) && lre.exec(html,m1)>=2 ) {
316 static const char *whitespace = " \t"; 298 static const char *whitespace = " \t";
317 string attrs(html,m1.begin(1),m1.length(1)); 299 string attrs(html,m1.begin(1),m1.length(1));
318 html.erase(0,m1.end(0)+1); 300 html.erase(0,m1.end(0)+1);
319 if(!( rre.exec(attrs,m1)>=2 && hre.exec(attrs,m2)>=2 )) 301 if(!( rre.exec(attrs,m1)>=2 && hre.exec(attrs,m2)>=2 ))
320 continue; 302 continue;
321 string rels(attrs,m1.begin(1),m1.length(1)); 303 string rels(attrs,m1.begin(1),m1.length(1));
322 for(string::size_type ns = rels.find_first_not_of(whitespace); 304 for(string::size_type ns = rels.find_first_not_of(whitespace);
323 ns!=string::npos; 305 ns!=string::npos;
324 ns=rels.find_first_not_of(whitespace,ns)) { 306 ns=rels.find_first_not_of(whitespace,ns)) {
325 string::size_type s = rels.find_first_of(whitespace,ns); 307 string::size_type s = rels.find_first_of(whitespace,ns);
326 string rel; 308 string rel;
327 if(s==string::npos) { 309 if(s==string::npos) {
328 rel.assign(rels,ns,string::npos); 310 rel.assign(rels,ns,string::npos);
329 ns=string::npos; 311 ns=string::npos;
330 }else{ 312 }else{
331 rel.assign(rels,ns,s-ns); 313 rel.assign(rels,ns,s-ns);
332 ns=s; 314 ns=s;
333 } 315 }
334 if(rel=="openid.server") { 316 if(rel=="openid.server") {
335 server.assign(attrs,m2.begin(1),m2.length(1)); 317 server.assign(attrs,m2.begin(1),m2.length(1));
336 if(!delegate.empty()) { 318 if(!delegate.empty()) {
337 gotit = true; 319 gotit = true;
338 break; 320 break;
339 } 321 }
340 }else if(rel=="openid.delegate") { 322 }else if(rel=="openid.delegate") {
341 delegate.assign(attrs,m2.begin(1),m2.length(1)); 323 delegate.assign(attrs,m2.begin(1),m2.length(1));
342 if(!server.empty()) { 324 if(!server.empty()) {
343 gotit = true; 325 gotit = true;
344 break; 326 break;
345 } 327 }
346 } 328 }
347 } 329 }
348 } 330 }
349 if(server.empty()) 331 if(server.empty())
350 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); 332 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration");
351 } 333 }
352 334
353 assoc_t consumer_t::find_assoc(const string& /* server */) { 335 assoc_t consumer_t::find_assoc(const string& /* server */) {
354 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); 336 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided");
355 } 337 }
356 338
357 string consumer_t::normalize(const string& url) { 339 string consumer_t::normalize(const string& url) {
358 string rv = url; 340 string rv = url;
359 // strip leading and trailing spaces 341 // strip leading and trailing spaces
360 string::size_type i = rv.find_first_not_of(" \t\r\n"); 342 string::size_type i = rv.find_first_not_of(" \t\r\n");
361 if(i==string::npos) 343 if(i==string::npos)
362 throw bad_input(OPKELE_CP_ "empty URL"); 344 throw bad_input(OPKELE_CP_ "empty URL");
363 if(i) 345 if(i)
364 rv.erase(0,i); 346 rv.erase(0,i);
365 i = rv.find_last_not_of(" \t\r\n"); 347 i = rv.find_last_not_of(" \t\r\n");
366 assert(i!=string::npos); 348 assert(i!=string::npos);
367 if(i<(rv.length()-1)) 349 if(i<(rv.length()-1))
368 rv.erase(i+1); 350 rv.erase(i+1);
369 // add missing http:// 351 // add missing http://
370 i = rv.find("://"); 352 i = rv.find("://");
371 if(i==string::npos) { // primitive. but do we need more? 353 if(i==string::npos) { // primitive. but do we need more?
372 rv.insert(0,"http://"); 354 rv.insert(0,"http://");
373 i = sizeof("http://")-1; 355 i = sizeof("http://")-1;
374 }else{ 356 }else{
375 i += sizeof("://")-1; 357 i += sizeof("://")-1;
376 } 358 }
377 string::size_type qm = rv.find('?',i); 359 string::size_type qm = rv.find('?',i);
378 string::size_type sl = rv.find('/',i); 360 string::size_type sl = rv.find('/',i);
379 if(qm!=string::npos) { 361 if(qm!=string::npos) {
380 if(sl==string::npos || sl>qm) 362 if(sl==string::npos || sl>qm)
381 rv.insert(qm,1,'/'); 363 rv.insert(qm,1,'/');
382 }else{ 364 }else{
383 if(sl==string::npos) 365 if(sl==string::npos)
384 rv += '/'; 366 rv += '/';
385 } 367 }
386 return rv; 368 return rv;
387 } 369 }
388 370
389 string consumer_t::canonicalize(const string& url) { 371 string consumer_t::canonicalize(const string& url) {
390 string rv = normalize(url); 372 string rv = normalize(url);
391 curl_t curl = curl_t::easy_init(); 373 curl_t curl = curl_t::easy_init();
392 if(!curl) 374 if(!curl)
393 throw exception_curl(OPKELE_CP_ "failed to initialize curl()"); 375 throw exception_curl(OPKELE_CP_ "failed to initialize curl()");
394 string html; 376 string html;
395 CURLcode r; 377 CURLcode r;
396 (r=curl.misc_sets()) 378 (r=curl.misc_sets())
397 || (r=curl.easy_setopt(CURLOPT_URL,rv.c_str())) 379 || (r=curl.easy_setopt(CURLOPT_URL,rv.c_str()))
398 || (r=curl.easy_setopt(CURLOPT_NOBODY,1)) 380 || (r=curl.easy_setopt(CURLOPT_NOBODY,1))
399 ; 381 ;
400 if(r) 382 if(r)
401 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 383 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
402 r = curl.easy_perform(); 384 r = curl.easy_perform();
403 if(r) 385 if(r)
404 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 386 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
405 const char *eu = 0; 387 const char *eu = 0;
406 r = curl.easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu); 388 r = curl.easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu);
407 if(r) 389 if(r)
408 throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r); 390 throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r);
409 rv = eu; 391 rv = eu;
410 return normalize(rv); 392 return normalize(rv);
411 } 393 }
412 394
413} 395}