moved curl_fetch_string_t/curl_pick_t classes into curl.h

Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2007-12-16 00:36:30 (UTC)
committer: Michael Krelin <hacker@klever.net> 2007-12-17 12:09:16 (UTC)
commit: 7d8cda044fa3b428eb53ec2bfbeaa2e223114554 (patch) (unidiff)
tree: d81fc5436f1d22276972ffed473ed8b438bfb5d9
parent: 52c81fff0274c6bb54f6f9be414432ee6388e723 (diff)
download: libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.zip
libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.gz
libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.bz2
2 files changed, 25 insertions, 19 deletions
diff --git a/include/opkele/curl.h b/include/opkele/curl.h
index 8020b63..5cf8e48 100644
--- a/include/opkele/curl.h
+++ b/include/opkele/curl.h
@@ -1,48 +1,72 @@
 #ifndef __OPKELE_CURL_H
 #define __OPKELE_CURL_H
 #include <cassert>
+#include <string>
+#include <algorithm>
 #include <curl/curl.h>
 namespace opkele {
+    using std::min;
+    using std::string;
    namespace util {
        class curl_t {
            public:
                CURL *_c;
                curl_t() : _c(0) { }
                curl_t(CURL *c) : _c(c) { }
                virtual ~curl_t() throw();
                curl_t& operator=(CURL *c);
                operator const CURL*(void) const { return _c; }
                operator CURL*(void) { return _c; }
                CURLcode misc_sets();
                template<typename PT>
                    inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
                CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
                template<typename IT>
                    inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
                static inline CURL *easy_init() { return curl_easy_init(); }
                virtual size_t write(void* /* p */,size_t /* s */,size_t /* nm */) { return 0; }
                CURLcode set_write();
                virtual int progress(double /* dlt */,double /* dln*/ ,double /* ult */,double /* uln */) { return 0; }
                CURLcode set_progress();
                virtual size_t header(void* /* p */,size_t s,size_t nm) { return s*nm; }
                CURLcode set_header();
        };
+        template<int lim>
+            class curl_fetch_string_t : public curl_t {
+                public:
+                    curl_fetch_string_t(CURL *c)
+                        : curl_t(c) { }
+                    ~curl_fetch_string_t() throw() { }
+                    string response;
+                    size_t write(void *p,size_t size,size_t nmemb) {
+                        size_t bytes = size*nmemb;
+                        size_t get = min(lim-response.length(),bytes);
+                        response.append((const char *)p,get);
+                        return get;
+                    }
+            };
+        typedef curl_fetch_string_t<16384> curl_pick_t;
    }
 }
 #endif /* __OPKELE_CURL_H */
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 9f7530f..3c3b4f8 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,230 +1,212 @@
 #include <algorithm>
 #include <cassert>
 #include <cstring>
 #include <opkele/util.h>
 #include <opkele/curl.h>
 #include <opkele/exception.h>
 #include <opkele/data.h>
 #include <opkele/consumer.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <iostream>
 #include "config.h"
 #include <pcre.h>
 namespace opkele {
    using namespace std;
    using util::curl_t;
+    using util::curl_pick_t;
-    template<int lim>
-        class curl_fetch_string_t : public curl_t {
-            public:
-                curl_fetch_string_t(CURL *c)
-                    : curl_t(c) { }
-                ~curl_fetch_string_t() throw() { }
-                string response;
-                size_t write(void *p,size_t size,size_t nmemb) {
-                    size_t bytes = size*nmemb;
-                    size_t get = min(lim-response.length(),bytes);
-                    response.append((const char *)p,get);
-                    return get;
-                }
-        };
-    typedef curl_fetch_string_t<16384> curl_pick_t;
    class pcre_matches_t {
        public:
            int *_ov;
            int _s;
            pcre_matches_t() : _ov(0), _s(0) { }
            pcre_matches_t(int s) : _ov(0), _s(s) {
                if(_s&1) ++_s;
                _s += _s>>1;
                _ov = new int[_s];
            }
            ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
            int begin(int i) const { return _ov[i<<1]; }
            int end(int i) const { return _ov[(i<<1)+1]; }
            int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
    };
    class pcre_t {
        public:
            pcre *_p;
            pcre_t() : _p(0) { }
            pcre_t(pcre *p) : _p(p) { }
            pcre_t(const char *re,int opts) : _p(0) {
                static const char *errptr; static int erroffset;
                _p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
                if(!_p)
                    throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
            }
            ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
            pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
            operator const pcre*(void) const { return _p; }
            operator pcre*(void) { return _p; }
            int exec(const string& s,pcre_matches_t& m) {
                if(!_p)
                    throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
                return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
            }
    };
    assoc_t consumer_t::associate(const string& server) {
        util::dh_t dh = DH_new();
        if(!dh)
            throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
        dh->p = util::dec_to_bignum(data::_default_p);
        dh->g = util::dec_to_bignum(data::_default_g);
        if(!DH_generate_key(dh))
            throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
        string request = 
            "openid.mode=associate"
            "&openid.assoc_type=HMAC-SHA1"
            "&openid.session_type=DH-SHA1"
            "&openid.dh_consumer_public=";
        request += util::url_encode(util::bignum_to_base64(dh->pub_key));
        curl_pick_t curl = curl_pick_t::easy_init();
        if(!curl)
            throw exception_curl(OPKELE_CP_ "failed to initialize curl");
        CURLcode r;
        (r=curl.misc_sets())
        || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
        || (r=curl.easy_setopt(CURLOPT_POST,1))
        || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
        || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
        || (r=curl.set_write())
        ;
        if(r)
            throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
        if( (r=curl.easy_perform()) )
            throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
        params_t p; p.parse_keyvalues(curl.response);
        if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
            throw bad_input(OPKELE_CP_ "unsupported assoc_type");
        string st;
        if(p.has_param("session_type")) st = p.get_param("session_type");
        if((!st.empty()) && st!="DH-SHA1")
            throw bad_input(OPKELE_CP_ "unsupported session_type");
        secret_t secret;
        if(st.empty()) {
            secret.from_base64(p.get_param("mac_key"));
        }else{
            util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
            vector<unsigned char> ck(DH_size(dh)+1);
            unsigned char *ckptr = &(ck.front())+1;
            int cklen = DH_compute_key(ckptr,s_pub,dh);
            if(cklen<0)
                throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
            if(cklen && (*ckptr)&0x80) {
                (*(--ckptr)) = 0; ++cklen;
            }
            unsigned char key_sha1[SHA_DIGEST_LENGTH];
            SHA1(ckptr,cklen,key_sha1);
            secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
        }
        int expires_in = 0;
        if(p.has_param("expires_in")) {
            expires_in = util::string_to_long(p.get_param("expires_in"));
        }else if(p.has_param("issued") && p.has_param("expiry")) {
            expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
        }else
            throw bad_input(OPKELE_CP_ "no expiration information");
        return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
    }
    string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
    }
    string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
    }
    string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        params_t p;
        if(mode==mode_checkid_immediate)
            p["mode"]="checkid_immediate";
        else if(mode==mode_checkid_setup)
            p["mode"]="checkid_setup";
        else
            throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
        string iurl = canonicalize(identity);
        string server, delegate;
        retrieve_links(iurl,server,delegate);
        p["identity"] = delegate.empty()?iurl:delegate;
        if(!trust_root.empty())
            p["trust_root"] = trust_root;
        p["return_to"] = return_to;
        try {
            string ah = find_assoc(server)->handle();
            p["assoc_handle"] = ah;
        }catch(failed_lookup& fl) {
            string ah = associate(server)->handle();
            p["assoc_handle"] = ah;
        }
        if(ext) ext->checkid_hook(p,identity);
        return p.append_query(server);
    }
    void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
        if(pin.has_param("openid.user_setup_url"))
            throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
        string server,delegate;
        retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
        params_t ps;
        try {
            assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
            if(assoc->is_expired())
                throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
            const string& sigenc = pin.get_param("openid.sig");
            vector<unsigned char> sig;
            util::decode_base64(sigenc,sig);
            const string& slist = pin.get_param("openid.signed");
            string kv;
            string::size_type p = 0;
            while(true) {
                string::size_type co = slist.find(',',p);
                string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
                kv += f;
                kv += ':';
                f.insert(0,"openid.");
                kv += pin.get_param(f);
                kv += '\n';
                if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
                if(co==string::npos)
                    break;
                p = co+1;
            }
            secret_t secret = assoc->secret();
            unsigned int md_len = 0;
            unsigned char *md = HMAC(
                    EVP_sha1(),
                    &(secret.front()),secret.size(),
                    (const unsigned char *)kv.data(),kv.length(),
                    0,&md_len);
            if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
                throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
        }catch(failed_lookup& e) {
            const string& slist = pin.get_param("openid.signed");
            string::size_type pp = 0;
            params_t p;
            while(true) {
                string::size_type co = slist.find(',',pp);
                string f = "openid.";
                f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
                p[f] = pin.get_param(f);
                if(co==string::npos)
                    break;
                pp = co+1;
            }
            p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
author	Michael Krelin <hacker@klever.net>	2007-12-16 00:36:30 (UTC)
committer	Michael Krelin <hacker@klever.net>	2007-12-17 12:09:16 (UTC)
commit	7d8cda044fa3b428eb53ec2bfbeaa2e223114554 (patch) (unidiff)
tree	d81fc5436f1d22276972ffed473ed8b438bfb5d9
parent	52c81fff0274c6bb54f6f9be414432ee6388e723 (diff)
download	libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.zip libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.gz libopkele-7d8cda044fa3b428eb53ec2bfbeaa2e223114554.tar.bz2

diff --git a/include/opkele/curl.h b/include/opkele/curl.h index 8020b63..5cf8e48 100644 --- a/include/opkele/curl.h +++ b/include/opkele/curl.h
@@ -1,48 +1,72 @@
1	#ifndef __OPKELE_CURL_H	1	#ifndef __OPKELE_CURL_H
2	#define __OPKELE_CURL_H	2	#define __OPKELE_CURL_H
3		3
4	#include <cassert>	4	#include <cassert>
		5	#include <string>
		6	#include <algorithm>
5	#include <curl/curl.h>	7	#include <curl/curl.h>
6		8
7	namespace opkele {	9	namespace opkele {
		10	using std::min;
		11	using std::string;
8		12
9	namespace util {	13	namespace util {
10		14
11	class curl_t {	15	class curl_t {
12	public:	16	public:
13	CURL *_c;	17	CURL *_c;
14		18
15	curl_t() : _c(0) { }	19	curl_t() : _c(0) { }
16	curl_t(CURL *c) : _c(c) { }	20	curl_t(CURL *c) : _c(c) { }
17	virtual ~curl_t() throw();	21	virtual ~curl_t() throw();
18		22
19	curl_t& operator=(CURL *c);	23	curl_t& operator=(CURL *c);
20		24
21	operator const CURL*(void) const { return _c; }	25	operator const CURL*(void) const { return _c; }
22	operator CURL*(void) { return _c; }	26	operator CURL*(void) { return _c; }
23		27
24	CURLcode misc_sets();	28	CURLcode misc_sets();
25		29
26	template<typename PT>	30	template<typename PT>
27	inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }	31	inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
28	CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }	32	CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
29	template<typename IT>	33	template<typename IT>
30	inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }	34	inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
31		35
32	static inline CURL *easy_init() { return curl_easy_init(); }	36	static inline CURL *easy_init() { return curl_easy_init(); }
33		37
34	virtual size_t write(void* /* p /,size_t / s /,size_t / nm */) { return 0; }	38	virtual size_t write(void* /* p /,size_t / s /,size_t / nm */) { return 0; }
35	CURLcode set_write();	39	CURLcode set_write();
36		40
37	virtual int progress(double /* dlt /,double / dln/ ,double / ult /,double / uln */) { return 0; }	41	virtual int progress(double /* dlt /,double / dln/ ,double / ult /,double / uln */) { return 0; }
38	CURLcode set_progress();	42	CURLcode set_progress();
39		43
40	virtual size_t header(void* /* p /,size_t s,size_t nm) { return snm; }	44	virtual size_t header(void* /* p /,size_t s,size_t nm) { return snm; }
41	CURLcode set_header();	45	CURLcode set_header();
42	};	46	};
43		47
		48	template<int lim>
		49	class curl_fetch_string_t : public curl_t {
		50	public:
		51	curl_fetch_string_t(CURL *c)
		52	: curl_t(c) { }
		53	~curl_fetch_string_t() throw() { }
		54
		55	string response;
		56
		57	size_t write(void *p,size_t size,size_t nmemb) {
		58	size_t bytes = size*nmemb;
		59	size_t get = min(lim-response.length(),bytes);
		60	response.append((const char *)p,get);
		61	return get;
		62	}
		63	};
		64
		65	typedef curl_fetch_string_t<16384> curl_pick_t;
		66
		67
44	}	68	}
45		69
46	}	70	}
47		71
48	#endif /* __OPKELE_CURL_H */	72	#endif /* __OPKELE_CURL_H */


diff --git a/lib/consumer.cc b/lib/consumer.cc index 9f7530f..3c3b4f8 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc
@@ -1,230 +1,212 @@
1	#include <algorithm>	1	#include <algorithm>
2	#include <cassert>	2	#include <cassert>
3	#include <cstring>	3	#include <cstring>
4	#include <opkele/util.h>	4	#include <opkele/util.h>
5	#include <opkele/curl.h>	5	#include <opkele/curl.h>
6	#include <opkele/exception.h>	6	#include <opkele/exception.h>
7	#include <opkele/data.h>	7	#include <opkele/data.h>
8	#include <opkele/consumer.h>	8	#include <opkele/consumer.h>
9	#include <openssl/sha.h>	9	#include <openssl/sha.h>
10	#include <openssl/hmac.h>	10	#include <openssl/hmac.h>
11	#include <iostream>	11	#include <iostream>
12		12
13	#include "config.h"	13	#include "config.h"
14		14
15	#include <pcre.h>	15	#include <pcre.h>
16		16
17	namespace opkele {	17	namespace opkele {
18	using namespace std;	18	using namespace std;
19	using util::curl_t;	19	using util::curl_t;
20		20	using util::curl_pick_t;
21	template<int lim>
22	class curl_fetch_string_t : public curl_t {
23	public:
24	curl_fetch_string_t(CURL *c)
25	: curl_t(c) { }
26	~curl_fetch_string_t() throw() { }
27
28	string response;
29
30	size_t write(void *p,size_t size,size_t nmemb) {
31	size_t bytes = size*nmemb;
32	size_t get = min(lim-response.length(),bytes);
33	response.append((const char *)p,get);
34	return get;
35	}
36	};
37
38	typedef curl_fetch_string_t<16384> curl_pick_t;
39		21
40	class pcre_matches_t {	22	class pcre_matches_t {
41	public:	23	public:
42	int *_ov;	24	int *_ov;
43	int _s;	25	int _s;
44		26
45	pcre_matches_t() : _ov(0), _s(0) { }	27	pcre_matches_t() : _ov(0), _s(0) { }
46	pcre_matches_t(int s) : _ov(0), _s(s) {	28	pcre_matches_t(int s) : _ov(0), _s(s) {
47	if(_s&1) ++_s;	29	if(_s&1) ++_s;
48	_s += _s>>1;	30	_s += _s>>1;
49	_ov = new int[_s];	31	_ov = new int[_s];
50	}	32	}
51	~pcre_matches_t() throw() { if(_ov) delete[] _ov; }	33	~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
52		34
53	int begin(int i) const { return _ov[i<<1]; }	35	int begin(int i) const { return _ov[i<<1]; }
54	int end(int i) const { return _ov[(i<<1)+1]; }	36	int end(int i) const { return _ov[(i<<1)+1]; }
55	int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }	37	int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
56	};	38	};
57		39
58	class pcre_t {	40	class pcre_t {
59	public:	41	public:
60	pcre *_p;	42	pcre *_p;
61		43
62	pcre_t() : _p(0) { }	44	pcre_t() : _p(0) { }
63	pcre_t(pcre *p) : _p(p) { }	45	pcre_t(pcre *p) : _p(p) { }
64	pcre_t(const char *re,int opts) : _p(0) {	46	pcre_t(const char *re,int opts) : _p(0) {
65	static const char *errptr; static int erroffset;	47	static const char *errptr; static int erroffset;
66	_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);	48	_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
67	if(!_p)	49	if(!_p)
68	throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);	50	throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
69	}	51	}
70	~pcre_t() throw() { if(_p) (*pcre_free)(_p); }	52	~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
71		53
72	pcre_t& operator=(pcre p) { if(_p) (pcre_free)(_p); _p=p; return *this; }	54	pcre_t& operator=(pcre p) { if(_p) (pcre_free)(_p); _p=p; return *this; }
73		55
74	operator const pcre*(void) const { return _p; }	56	operator const pcre*(void) const { return _p; }
75	operator pcre*(void) { return _p; }	57	operator pcre*(void) { return _p; }
76		58
77	int exec(const string& s,pcre_matches_t& m) {	59	int exec(const string& s,pcre_matches_t& m) {
78	if(!_p)	60	if(!_p)
79	throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");	61	throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
80	return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);	62	return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
81	}	63	}
82	};	64	};
83		65
84	assoc_t consumer_t::associate(const string& server) {	66	assoc_t consumer_t::associate(const string& server) {
85	util::dh_t dh = DH_new();	67	util::dh_t dh = DH_new();
86	if(!dh)	68	if(!dh)
87	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");	69	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
88	dh->p = util::dec_to_bignum(data::_default_p);	70	dh->p = util::dec_to_bignum(data::_default_p);
89	dh->g = util::dec_to_bignum(data::_default_g);	71	dh->g = util::dec_to_bignum(data::_default_g);
90	if(!DH_generate_key(dh))	72	if(!DH_generate_key(dh))
91	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");	73	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
92	string request =	74	string request =
93	"openid.mode=associate"	75	"openid.mode=associate"
94	"&openid.assoc_type=HMAC-SHA1"	76	"&openid.assoc_type=HMAC-SHA1"
95	"&openid.session_type=DH-SHA1"	77	"&openid.session_type=DH-SHA1"
96	"&openid.dh_consumer_public=";	78	"&openid.dh_consumer_public=";
97	request += util::url_encode(util::bignum_to_base64(dh->pub_key));	79	request += util::url_encode(util::bignum_to_base64(dh->pub_key));
98	curl_pick_t curl = curl_pick_t::easy_init();	80	curl_pick_t curl = curl_pick_t::easy_init();
99	if(!curl)	81	if(!curl)
100	throw exception_curl(OPKELE_CP_ "failed to initialize curl");	82	throw exception_curl(OPKELE_CP_ "failed to initialize curl");
101	CURLcode r;	83	CURLcode r;
102	(r=curl.misc_sets())	84	(r=curl.misc_sets())
103	\|\| (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))	85	\|\| (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
104	\|\| (r=curl.easy_setopt(CURLOPT_POST,1))	86	\|\| (r=curl.easy_setopt(CURLOPT_POST,1))
105	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))	87	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
106	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))	88	\|\| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
107	\|\| (r=curl.set_write())	89	\|\| (r=curl.set_write())
108	;	90	;
109	if(r)	91	if(r)
110	throw exception_curl(OPKELE_CP_ "failed to set curly options",r);	92	throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
111	if( (r=curl.easy_perform()) )	93	if( (r=curl.easy_perform()) )
112	throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);	94	throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
113	params_t p; p.parse_keyvalues(curl.response);	95	params_t p; p.parse_keyvalues(curl.response);
114	if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")	96	if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
115	throw bad_input(OPKELE_CP_ "unsupported assoc_type");	97	throw bad_input(OPKELE_CP_ "unsupported assoc_type");
116	string st;	98	string st;
117	if(p.has_param("session_type")) st = p.get_param("session_type");	99	if(p.has_param("session_type")) st = p.get_param("session_type");
118	if((!st.empty()) && st!="DH-SHA1")	100	if((!st.empty()) && st!="DH-SHA1")
119	throw bad_input(OPKELE_CP_ "unsupported session_type");	101	throw bad_input(OPKELE_CP_ "unsupported session_type");
120	secret_t secret;	102	secret_t secret;
121	if(st.empty()) {	103	if(st.empty()) {
122	secret.from_base64(p.get_param("mac_key"));	104	secret.from_base64(p.get_param("mac_key"));
123	}else{	105	}else{
124	util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));	106	util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
125	vector<unsigned char> ck(DH_size(dh)+1);	107	vector<unsigned char> ck(DH_size(dh)+1);
126	unsigned char *ckptr = &(ck.front())+1;	108	unsigned char *ckptr = &(ck.front())+1;
127	int cklen = DH_compute_key(ckptr,s_pub,dh);	109	int cklen = DH_compute_key(ckptr,s_pub,dh);
128	if(cklen<0)	110	if(cklen<0)
129	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");	111	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
130	if(cklen && (*ckptr)&0x80) {	112	if(cklen && (*ckptr)&0x80) {
131	(*(--ckptr)) = 0; ++cklen;	113	(*(--ckptr)) = 0; ++cklen;
132	}	114	}
133	unsigned char key_sha1[SHA_DIGEST_LENGTH];	115	unsigned char key_sha1[SHA_DIGEST_LENGTH];
134	SHA1(ckptr,cklen,key_sha1);	116	SHA1(ckptr,cklen,key_sha1);
135	secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));	117	secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
136	}	118	}
137	int expires_in = 0;	119	int expires_in = 0;
138	if(p.has_param("expires_in")) {	120	if(p.has_param("expires_in")) {
139	expires_in = util::string_to_long(p.get_param("expires_in"));	121	expires_in = util::string_to_long(p.get_param("expires_in"));
140	}else if(p.has_param("issued") && p.has_param("expiry")) {	122	}else if(p.has_param("issued") && p.has_param("expiry")) {
141	expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));	123	expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
142	}else	124	}else
143	throw bad_input(OPKELE_CP_ "no expiration information");	125	throw bad_input(OPKELE_CP_ "no expiration information");
144	return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);	126	return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
145	}	127	}
146		128
147	string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	129	string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
148	return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);	130	return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
149	}	131	}
150	string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	132	string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
151	return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);	133	return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
152	}	134	}
153	string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	135	string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
154	params_t p;	136	params_t p;
155	if(mode==mode_checkid_immediate)	137	if(mode==mode_checkid_immediate)
156	p["mode"]="checkid_immediate";	138	p["mode"]="checkid_immediate";
157	else if(mode==mode_checkid_setup)	139	else if(mode==mode_checkid_setup)
158	p["mode"]="checkid_setup";	140	p["mode"]="checkid_setup";
159	else	141	else
160	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");	142	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
161	string iurl = canonicalize(identity);	143	string iurl = canonicalize(identity);
162	string server, delegate;	144	string server, delegate;
163	retrieve_links(iurl,server,delegate);	145	retrieve_links(iurl,server,delegate);
164	p["identity"] = delegate.empty()?iurl:delegate;	146	p["identity"] = delegate.empty()?iurl:delegate;
165	if(!trust_root.empty())	147	if(!trust_root.empty())
166	p["trust_root"] = trust_root;	148	p["trust_root"] = trust_root;
167	p["return_to"] = return_to;	149	p["return_to"] = return_to;
168	try {	150	try {
169	string ah = find_assoc(server)->handle();	151	string ah = find_assoc(server)->handle();
170	p["assoc_handle"] = ah;	152	p["assoc_handle"] = ah;
171	}catch(failed_lookup& fl) {	153	}catch(failed_lookup& fl) {
172	string ah = associate(server)->handle();	154	string ah = associate(server)->handle();
173	p["assoc_handle"] = ah;	155	p["assoc_handle"] = ah;
174	}	156	}
175	if(ext) ext->checkid_hook(p,identity);	157	if(ext) ext->checkid_hook(p,identity);
176	return p.append_query(server);	158	return p.append_query(server);
177	}	159	}
178		160
179	void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {	161	void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
180	if(pin.has_param("openid.user_setup_url"))	162	if(pin.has_param("openid.user_setup_url"))
181	throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));	163	throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
182	string server,delegate;	164	string server,delegate;
183	retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);	165	retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
184	params_t ps;	166	params_t ps;
185	try {	167	try {
186	assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));	168	assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
187	if(assoc->is_expired())	169	if(assoc->is_expired())
188	throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");	170	throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
189	const string& sigenc = pin.get_param("openid.sig");	171	const string& sigenc = pin.get_param("openid.sig");
190	vector<unsigned char> sig;	172	vector<unsigned char> sig;
191	util::decode_base64(sigenc,sig);	173	util::decode_base64(sigenc,sig);
192	const string& slist = pin.get_param("openid.signed");	174	const string& slist = pin.get_param("openid.signed");
193	string kv;	175	string kv;
194	string::size_type p = 0;	176	string::size_type p = 0;
195	while(true) {	177	while(true) {
196	string::size_type co = slist.find(',',p);	178	string::size_type co = slist.find(',',p);
197	string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);	179	string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
198	kv += f;	180	kv += f;
199	kv += ':';	181	kv += ':';
200	f.insert(0,"openid.");	182	f.insert(0,"openid.");
201	kv += pin.get_param(f);	183	kv += pin.get_param(f);
202	kv += '\n';	184	kv += '\n';
203	if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);	185	if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
204	if(co==string::npos)	186	if(co==string::npos)
205	break;	187	break;
206	p = co+1;	188	p = co+1;
207	}	189	}
208	secret_t secret = assoc->secret();	190	secret_t secret = assoc->secret();
209	unsigned int md_len = 0;	191	unsigned int md_len = 0;
210	unsigned char *md = HMAC(	192	unsigned char *md = HMAC(
211	EVP_sha1(),	193	EVP_sha1(),
212	&(secret.front()),secret.size(),	194	&(secret.front()),secret.size(),
213	(const unsigned char *)kv.data(),kv.length(),	195	(const unsigned char *)kv.data(),kv.length(),
214	0,&md_len);	196	0,&md_len);
215	if(sig.size()!=md_len \|\| memcmp(&(sig.front()),md,md_len))	197	if(sig.size()!=md_len \|\| memcmp(&(sig.front()),md,md_len))
216	throw id_res_mismatch(OPKELE_CP_ "signature mismatch");	198	throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
217	}catch(failed_lookup& e) {	199	}catch(failed_lookup& e) {
218	const string& slist = pin.get_param("openid.signed");	200	const string& slist = pin.get_param("openid.signed");
219	string::size_type pp = 0;	201	string::size_type pp = 0;
220	params_t p;	202	params_t p;
221	while(true) {	203	while(true) {
222	string::size_type co = slist.find(',',pp);	204	string::size_type co = slist.find(',',pp);
223	string f = "openid.";	205	string f = "openid.";
224	f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);	206	f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
225	p[f] = pin.get_param(f);	207	p[f] = pin.get_param(f);
226	if(co==string::npos)	208	if(co==string::npos)
227	break;	209	break;
228	pp = co+1;	210	pp = co+1;
229	}	211	}
230	p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");	212	p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");