moved curl_fetch_string_t/curl_pick_t classes into curl.h

Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2007-12-16 00:36:30 (UTC)
committer: Michael Krelin <hacker@klever.net> 2007-12-17 12:09:16 (UTC)
commit: 7d8cda044fa3b428eb53ec2bfbeaa2e223114554 (patch) (unidiff)
tree: d81fc5436f1d22276972ffed473ed8b438bfb5d9
parent: 52c81fff0274c6bb54f6f9be414432ee6388e723 (diff)
download: libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.zip
libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.gz
libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.bz2
2 files changed, 25 insertions, 19 deletions
diff --git a/include/opkele/curl.h b/include/opkele/curl.h
index 8020b63..5cf8e48 100644
--- a/include/opkele/curl.h
+++ b/include/opkele/curl.h
@@ -1,48 +1,72 @@
 #ifndef __OPKELE_CURL_H
 #define __OPKELE_CURL_H
 #include <cassert>
+#include <string>
+#include <algorithm>
 #include <curl/curl.h>
 namespace opkele {
+    using std::min;
+    using std::string;
    namespace util {
        class curl_t {
            public:
                CURL *_c;
                curl_t() : _c(0) { }
                curl_t(CURL *c) : _c(c) { }
                virtual ~curl_t() throw();
                curl_t& operator=(CURL *c);
                operator const CURL*(void) const { return _c; }
                operator CURL*(void) { return _c; }
                CURLcode misc_sets();
                template<typename PT>
                    inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
                CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
                template<typename IT>
                    inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
                static inline CURL *easy_init() { return curl_easy_init(); }
                virtual size_t write(void* /* p */,size_t /* s */,size_t /* nm */) { return 0; }
                CURLcode set_write();
                virtual int progress(double /* dlt */,double /* dln*/ ,double /* ult */,double /* uln */) { return 0; }
                CURLcode set_progress();
                virtual size_t header(void* /* p */,size_t s,size_t nm) { return s*nm; }
                CURLcode set_header();
        };
+        template<int lim>
+            class curl_fetch_string_t : public curl_t {
+                public:
+                    curl_fetch_string_t(CURL *c)
+                        : curl_t(c) { }
+                    ~curl_fetch_string_t() throw() { }
+                    string response;
+                    size_t write(void *p,size_t size,size_t nmemb) {
+                        size_t bytes = size*nmemb;
+                        size_t get = min(lim-response.length(),bytes);
+                        response.append((const char *)p,get);
+                        return get;
+                    }
+            };
+        typedef curl_fetch_string_t<16384> curl_pick_t;
    }
 }
 #endif /* __OPKELE_CURL_H */
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 9f7530f..3c3b4f8 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,166 +1,148 @@
 #include <algorithm>
 #include <cassert>
 #include <cstring>
 #include <opkele/util.h>
 #include <opkele/curl.h>
 #include <opkele/exception.h>
 #include <opkele/data.h>
 #include <opkele/consumer.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <iostream>
 #include "config.h"
 #include <pcre.h>
 namespace opkele {
    using namespace std;
    using util::curl_t;
+    using util::curl_pick_t;
-    template<int lim>
-        class curl_fetch_string_t : public curl_t {
-            public:
-                curl_fetch_string_t(CURL *c)
-                    : curl_t(c) { }
-                ~curl_fetch_string_t() throw() { }
-                string response;
-                size_t write(void *p,size_t size,size_t nmemb) {
-                    size_t bytes = size*nmemb;
-                    size_t get = min(lim-response.length(),bytes);
-                    response.append((const char *)p,get);
-                    return get;
-                }
-        };
-    typedef curl_fetch_string_t<16384> curl_pick_t;
    class pcre_matches_t {
        public:
            int *_ov;
            int _s;
            pcre_matches_t() : _ov(0), _s(0) { }
            pcre_matches_t(int s) : _ov(0), _s(s) {
                if(_s&1) ++_s;
                _s += _s>>1;
                _ov = new int[_s];
            }
            ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
            int begin(int i) const { return _ov[i<<1]; }
            int end(int i) const { return _ov[(i<<1)+1]; }
            int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
    };
    class pcre_t {
        public:
            pcre *_p;
            pcre_t() : _p(0) { }
            pcre_t(pcre *p) : _p(p) { }
            pcre_t(const char *re,int opts) : _p(0) {
                static const char *errptr; static int erroffset;
                _p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
                if(!_p)
                    throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
            }
            ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
            pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
            operator const pcre*(void) const { return _p; }
            operator pcre*(void) { return _p; }
            int exec(const string& s,pcre_matches_t& m) {
                if(!_p)
                    throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
                return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
            }
    };
    assoc_t consumer_t::associate(const string& server) {
        util::dh_t dh = DH_new();
        if(!dh)
            throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
        dh->p = util::dec_to_bignum(data::_default_p);
        dh->g = util::dec_to_bignum(data::_default_g);
        if(!DH_generate_key(dh))
            throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
        string request = 
            "openid.mode=associate"
            "&openid.assoc_type=HMAC-SHA1"
            "&openid.session_type=DH-SHA1"
            "&openid.dh_consumer_public=";
        request += util::url_encode(util::bignum_to_base64(dh->pub_key));
        curl_pick_t curl = curl_pick_t::easy_init();
        if(!curl)
            throw exception_curl(OPKELE_CP_ "failed to initialize curl");
        CURLcode r;
        (r=curl.misc_sets())
        || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
        || (r=curl.easy_setopt(CURLOPT_POST,1))
        || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
        || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
        || (r=curl.set_write())
        ;
        if(r)
            throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
        if( (r=curl.easy_perform()) )
            throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
        params_t p; p.parse_keyvalues(curl.response);
        if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
            throw bad_input(OPKELE_CP_ "unsupported assoc_type");
        string st;
        if(p.has_param("session_type")) st = p.get_param("session_type");
        if((!st.empty()) && st!="DH-SHA1")
            throw bad_input(OPKELE_CP_ "unsupported session_type");
        secret_t secret;
        if(st.empty()) {
            secret.from_base64(p.get_param("mac_key"));
        }else{
            util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
            vector<unsigned char> ck(DH_size(dh)+1);
            unsigned char *ckptr = &(ck.front())+1;
            int cklen = DH_compute_key(ckptr,s_pub,dh);
            if(cklen<0)
                throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
            if(cklen && (*ckptr)&0x80) {
                (*(--ckptr)) = 0; ++cklen;
            }
            unsigned char key_sha1[SHA_DIGEST_LENGTH];
            SHA1(ckptr,cklen,key_sha1);
            secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
        }
        int expires_in = 0;
        if(p.has_param("expires_in")) {
            expires_in = util::string_to_long(p.get_param("expires_in"));
        }else if(p.has_param("issued") && p.has_param("expiry")) {
            expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
        }else
            throw bad_input(OPKELE_CP_ "no expiration information");
        return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
    }
    string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
    }
    string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
    }
    string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        params_t p;
        if(mode==mode_checkid_immediate)
            p["mode"]="checkid_immediate";
        else if(mode==mode_checkid_setup)
            p["mode"]="checkid_setup";
        else
            throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
        string iurl = canonicalize(identity);
        string server, delegate;
        retrieve_links(iurl,server,delegate);
        p["identity"] = delegate.empty()?iurl:delegate;
        if(!trust_root.empty())
            p["trust_root"] = trust_root;
author	Michael Krelin <hacker@klever.net>	2007-12-16 00:36:30 (UTC)
committer	Michael Krelin <hacker@klever.net>	2007-12-17 12:09:16 (UTC)
commit	7d8cda044fa3b428eb53ec2bfbeaa2e223114554 (patch) (unidiff)
tree	d81fc5436f1d22276972ffed473ed8b438bfb5d9
parent	52c81fff0274c6bb54f6f9be414432ee6388e723 (diff)
download	libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.zip libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.gz libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.bz2

diff --git a/include/opkele/curl.h b/include/opkele/curl.h index 8020b63..5cf8e48 100644 --- a/include/opkele/curl.h +++ b/include/opkele/curl.h
@@ -1,48 +1,72 @@
1	#ifndef __OPKELE_CURL_H	1	#ifndef __OPKELE_CURL_H
2	#define __OPKELE_CURL_H	2	#define __OPKELE_CURL_H
3		3
4	#include <cassert>	4	#include <cassert>
		5	#include <string>
		6	#include <algorithm>
5	#include <curl/curl.h>	7	#include <curl/curl.h>
6		8
7	namespace opkele {	9	namespace opkele {
		10	using std::min;
		11	using std::string;
8		12
9	namespace util {	13	namespace util {
10		14
11	class curl_t {	15	class curl_t {
12	public:	16	public:
13	CURL *_c;	17	CURL *_c;
14		18
15	curl_t() : _c(0) { }	19	curl_t() : _c(0) { }
16	curl_t(CURL *c) : _c(c) { }	20	curl_t(CURL *c) : _c(c) { }
17	virtual ~curl_t() throw();	21	virtual ~curl_t() throw();
18		22
19	curl_t& operator=(CURL *c);	23	curl_t& operator=(CURL *c);
20		24
21	operator const CURL*(void) const { return _c; }	25	operator const CURL*(void) const { return _c; }
22	operator CURL*(void) { return _c; }	26	operator CURL*(void) { return _c; }
23		27
24	CURLcode misc_sets();	28	CURLcode misc_sets();
25		29
26	template<typename PT>	30	template<typename PT>
27	inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }	31	inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
28	CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }	32	CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
29	template<typename IT>	33	template<typename IT>
30	inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }	34	inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
31		35
32	static inline CURL *easy_init() { return curl_easy_init(); }	36	static inline CURL *easy_init() { return curl_easy_init(); }
33		37
34	virtual size_t write(void* /* p /,size_t / s /,size_t / nm */) { return 0; }	38	virtual size_t write(void* /* p /,size_t / s /,size_t / nm */) { return 0; }
35	CURLcode set_write();	39	CURLcode set_write();
36		40
37	virtual int progress(double /* dlt /,double / dln/ ,double / ult /,double / uln */) { return 0; }	41	virtual int progress(double /* dlt /,double / dln/ ,double / ult /,double / uln */) { return 0; }
38	CURLcode set_progress();	42	CURLcode set_progress();
39		43
40	virtual size_t header(void* /* p /,size_t s,size_t nm) { return snm; }	44	virtual size_t header(void* /* p /,size_t s,size_t nm) { return snm; }
41	CURLcode set_header();	45	CURLcode set_header();
42	};	46	};
43		47
		48	template<int lim>
		49	class curl_fetch_string_t : public curl_t {
		50	public:
		51	curl_fetch_string_t(CURL *c)
		52	: curl_t(c) { }
		53	~curl_fetch_string_t() throw() { }
		54
		55	string response;
		56
		57	size_t write(void *p,size_t size,size_t nmemb) {
		58	size_t bytes = size*nmemb;
		59	size_t get = min(lim-response.length(),bytes);
		60	response.append((const char *)p,get);
		61	return get;
		62	}
		63	};
		64
		65	typedef curl_fetch_string_t<16384> curl_pick_t;
		66
		67
44	}	68	}
45		69
46	}	70	}
47		71
48	#endif /* __OPKELE_CURL_H */	72	#endif /* __OPKELE_CURL_H */


diff --git a/lib/consumer.cc b/lib/consumer.cc index 9f7530f..3c3b4f8 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc
@@ -1,166 +1,148 @@
1	#include <algorithm>	1	#include <algorithm>
2	#include <cassert>	2	#include <cassert>
3	#include <cstring>	3	#include <cstring>
4	#include <opkele/util.h>	4	#include <opkele/util.h>
5	#include <opkele/curl.h>	5	#include <opkele/curl.h>
6	#include <opkele/exception.h>	6	#include <opkele/exception.h>
7	#include <opkele/data.h>	7	#include <opkele/data.h>
8	#include <opkele/consumer.h>	8	#include <opkele/consumer.h>
9	#include <openssl/sha.h>	9	#include <openssl/sha.h>
10	#include <openssl/hmac.h>	10	#include <openssl/hmac.h>
11	#include <iostream>	11	#include <iostream>
12		12
13	#include "config.h"	13	#include "config.h"
14		14
15	#include <pcre.h>	15	#include <pcre.h>
16		16
17	namespace opkele {	17	namespace opkele {
18	using namespace std;	18	using namespace std;
19	using util::curl_t;	19	using util::curl_t;
20		20	using util::curl_pick_t;
21	template<int lim>
22	class curl_fetch_string_t : public curl_t {
23	public:
24	curl_fetch_string_t(CURL *c)
25	: curl_t(c) { }
26	~curl_fetch_string_t() throw() { }
27
28	string response;
29
30	size_t write(void *p,size_t size,size_t nmemb) {
31	size_t bytes = size*nmemb;
32	size_t get = min(lim-response.length(),bytes);
33	response.append((const char *)p,get);
34	return get;
35	}
36	};
37
38	typedef curl_fetch_string_t<16384> curl_pick_t;
39		21
40	class pcre_matches_t {	22	class pcre_matches_t {
41	public:	23	public:
42	int *_ov;	24	int *_ov;
43	int _s;	25	int _s;
44		26
45	pcre_matches_t() : _ov(0), _s(0) { }	27	pcre_matches_t() : _ov(0), _s(0) { }
46	pcre_matches_t(int s) : _ov(0), _s(s) {	28	pcre_matches_t(int s) : _ov(0), _s(s) {
47	if(_s&1) ++_s;	29	if(_s&1) ++_s;
48	_s += _s>>1;	30	_s += _s>>1;
49	_ov = new int[_s];	31	_ov = new int[_s];
50	}	32	}
51	~pcre_matches_t() throw() { if(_ov) delete[] _ov; }	33	~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
52		34
53	int begin(int i) const { return _ov[i<<1]; }	35	int begin(int i) const { return _ov[i<<1]; }
54	int end(int i) const { return _ov[(i<<1)+1]; }	36	int end(int i) const { return _ov[(i<<1)+1]; }
55	int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }	37	int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
56	};	38	};
57		39
58	class pcre_t {	40	class pcre_t {
59	public:	41	public:
60	pcre *_p;	42	pcre *_p;
61		43
62	pcre_t() : _p(0) { }	44	pcre_t() : _p(0) { }
63	pcre_t(pcre *p) : _p(p) { }	45	pcre_t(pcre *p) : _p(p) { }
64	pcre_t(const char *re,int opts) : _p(0) {	46	pcre_t(const char *re,int opts) : _p(0) {
65	static const char *errptr; static int erroffset;	47	static const char *errptr; static int erroffset;
66	_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);	48	_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
67	if(!_p)	49	if(!_p)
68	throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);	50	throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
69	}	51	}
70	~pcre_t() throw() { if(_p) (*pcre_free)(_p); }	52	~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
71		53
72	pcre_t& operator=(pcre p) { if(_p) (pcre_free)(_p); _p=p; return *this; }	54	pcre_t& operator=(pcre p) { if(_p) (pcre_free)(_p); _p=p; return *this; }
73		55
74	operator const pcre*(void) const { return _p; }	56	operator const pcre*(void) const { return _p; }
75	operator pcre*(void) { return _p; }	57	operator pcre*(void) { return _p; }
76		58
77	int exec(const string& s,pcre_matches_t& m) {	59	int exec(const string& s,pcre_matches_t& m) {
78	if(!_p)	60	if(!_p)
79	throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");	61	throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
80	return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);	62	return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
81	}	63	}
82	};	64	};
83		65
84	assoc_t consumer_t::associate(const string& server) {	66	assoc_t consumer_t::associate(const string& server) {
85	util::dh_t dh = DH_new();	67	util::dh_t dh = DH_new();
86	if(!dh)	68	if(!dh)
87	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");	69	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
88	dh->p = util::dec_to_bignum(data::_default_p);	70	dh->p = util::dec_to_bignum(data::_default_p);
89	dh->g = util::dec_to_bignum(data::_default_g);	71	dh->g = util::dec_to_bignum(data::_default_g);
90	if(!DH_generate_key(dh))	72	if(!DH_generate_key(dh))
91	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");	73	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
92	string request =	74	string request =
93	"openid.mode=associate"	75	"openid.mode=associate"
94	"&openid.assoc_type=HMAC-SHA1"	76	"&openid.assoc_type=HMAC-SHA1"
95	"&openid.session_type=DH-SHA1"	77	"&openid.session_type=DH-SHA1"
96	"&openid.dh_consumer_public=";	78	"&openid.dh_consumer_public=";
97	request += util::url_encode(util::bignum_to_base64(dh->pub_key));	79	request += util::url_encode(util::bignum_to_base64(dh->pub_key));
98	curl_pick_t curl = curl_pick_t::easy_init();	80	curl_pick_t curl = curl_pick_t::easy_init();
99	if(!curl)	81	if(!curl)
100	throw exception_curl(OPKELE_CP_ "failed to initialize curl");	82	throw exception_curl(OPKELE_CP_ "failed to initialize curl");
101	CURLcode r;	83	CURLcode r;
102	(r=curl.misc_sets())	84	(r=curl.misc_sets())
103	\|\| (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))	85	\|\| (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
104	\|\| (r=curl.easy_setopt(CURLOPT_POST,1))	86	\|\| (r=curl.easy_setopt(CURLOPT_POST,1))
105	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))	87	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
106	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))	88	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
107	\|\| (r=curl.set_write())	89	\|\| (r=curl.set_write())
108	;	90	;
109	if(r)	91	if(r)
110	throw exception_curl(OPKELE_CP_ "failed to set curly options",r);	92	throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
111	if( (r=curl.easy_perform()) )	93	if( (r=curl.easy_perform()) )
112	throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);	94	throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
113	params_t p; p.parse_keyvalues(curl.response);	95	params_t p; p.parse_keyvalues(curl.response);
114	if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")	96	if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
115	throw bad_input(OPKELE_CP_ "unsupported assoc_type");	97	throw bad_input(OPKELE_CP_ "unsupported assoc_type");
116	string st;	98	string st;
117	if(p.has_param("session_type")) st = p.get_param("session_type");	99	if(p.has_param("session_type")) st = p.get_param("session_type");
118	if((!st.empty()) && st!="DH-SHA1")	100	if((!st.empty()) && st!="DH-SHA1")
119	throw bad_input(OPKELE_CP_ "unsupported session_type");	101	throw bad_input(OPKELE_CP_ "unsupported session_type");
120	secret_t secret;	102	secret_t secret;
121	if(st.empty()) {	103	if(st.empty()) {
122	secret.from_base64(p.get_param("mac_key"));	104	secret.from_base64(p.get_param("mac_key"));
123	}else{	105	}else{
124	util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));	106	util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
125	vector<unsigned char> ck(DH_size(dh)+1);	107	vector<unsigned char> ck(DH_size(dh)+1);
126	unsigned char *ckptr = &(ck.front())+1;	108	unsigned char *ckptr = &(ck.front())+1;
127	int cklen = DH_compute_key(ckptr,s_pub,dh);	109	int cklen = DH_compute_key(ckptr,s_pub,dh);
128	if(cklen<0)	110	if(cklen<0)
129	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");	111	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
130	if(cklen && (*ckptr)&0x80) {	112	if(cklen && (*ckptr)&0x80) {
131	(*(--ckptr)) = 0; ++cklen;	113	(*(--ckptr)) = 0; ++cklen;
132	}	114	}
133	unsigned char key_sha1[SHA_DIGEST_LENGTH];	115	unsigned char key_sha1[SHA_DIGEST_LENGTH];
134	SHA1(ckptr,cklen,key_sha1);	116	SHA1(ckptr,cklen,key_sha1);
135	secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));	117	secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
136	}	118	}
137	int expires_in = 0;	119	int expires_in = 0;
138	if(p.has_param("expires_in")) {	120	if(p.has_param("expires_in")) {
139	expires_in = util::string_to_long(p.get_param("expires_in"));	121	expires_in = util::string_to_long(p.get_param("expires_in"));
140	}else if(p.has_param("issued") && p.has_param("expiry")) {	122	}else if(p.has_param("issued") && p.has_param("expiry")) {
141	expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));	123	expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
142	}else	124	}else
143	throw bad_input(OPKELE_CP_ "no expiration information");	125	throw bad_input(OPKELE_CP_ "no expiration information");
144	return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);	126	return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
145	}	127	}
146		128
147	string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	129	string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
148	return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);	130	return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
149	}	131	}
150	string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	132	string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
151	return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);	133	return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
152	}	134	}
153	string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	135	string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
154	params_t p;	136	params_t p;
155	if(mode==mode_checkid_immediate)	137	if(mode==mode_checkid_immediate)
156	p["mode"]="checkid_immediate";	138	p["mode"]="checkid_immediate";
157	else if(mode==mode_checkid_setup)	139	else if(mode==mode_checkid_setup)
158	p["mode"]="checkid_setup";	140	p["mode"]="checkid_setup";
159	else	141	else
160	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");	142	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
161	string iurl = canonicalize(identity);	143	string iurl = canonicalize(identity);
162	string server, delegate;	144	string server, delegate;
163	retrieve_links(iurl,server,delegate);	145	retrieve_links(iurl,server,delegate);
164	p["identity"] = delegate.empty()?iurl:delegate;	146	p["identity"] = delegate.empty()?iurl:delegate;
165	if(!trust_root.empty())	147	if(!trust_root.empty())
166	p["trust_root"] = trust_root;	148	p["trust_root"] = trust_root;