summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2007-11-24 13:33:53 (UTC)
committer Michael Krelin <hacker@klever.net>2007-11-24 13:34:30 (UTC)
commitd788db9c490575e63506ce502a2f089eaaa624ee (patch) (unidiff)
treeb102c7469fe3b20fc37cf0b27977049a1d55b75f
parent986274e9f9a8e2ef0f92b08d2d2c9485bd19adec (diff)
downloadlibopkele-d788db9c490575e63506ce502a2f089eaaa624ee.zip
libopkele-d788db9c490575e63506ce502a2f089eaaa624ee.tar.gz
libopkele-d788db9c490575e63506ce502a2f089eaaa624ee.tar.bz2
more curl wrapper cosmetics
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/curl.h15
-rw-r--r--lib/Makefile.am3
-rw-r--r--lib/consumer.cc105
-rw-r--r--lib/curl.cc42
4 files changed, 101 insertions, 64 deletions
diff --git a/include/opkele/curl.h b/include/opkele/curl.h
index 8794ece..6a7d084 100644
--- a/include/opkele/curl.h
+++ b/include/opkele/curl.h
@@ -1,28 +1,39 @@
1#ifndef __OPKELE_CURL_H 1#ifndef __OPKELE_CURL_H
2#define __OPKELE_CURL_H 2#define __OPKELE_CURL_H
3 3
4#include <cassert>
4#include <curl/curl.h> 5#include <curl/curl.h>
5 6
6namespace opkele { 7namespace opkele {
7 8
8 namespace util { 9 namespace util {
9 10
10 class curl_t { 11 class curl_t {
11 public: 12 public:
12 CURL *_c; 13 CURL *_c;
13 14
14 curl_t() : _c(0) { } 15 curl_t() : _c(0) { }
15 curl_t(CURL *c) : _c(c) { } 16 curl_t(CURL *c) : _c(c) { }
16 ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } 17 virtual ~curl_t() throw();
17 18
18 curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } 19 curl_t& operator=(CURL *c);
19 20
20 operator const CURL*(void) const { return _c; } 21 operator const CURL*(void) const { return _c; }
21 operator CURL*(void) { return _c; } 22 operator CURL*(void) { return _c; }
23
24 CURLcode misc_sets();
25
26 template<typename PT>
27 inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
28 CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
29 template<typename IT>
30 inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
31
32 static inline CURL *easy_init() { return curl_easy_init(); }
22 }; 33 };
23 34
24 } 35 }
25 36
26} 37}
27 38
28#endif /* __OPKELE_CURL_H */ 39#endif /* __OPKELE_CURL_H */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index b008a52..0fe705a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,27 +1,28 @@
1lib_LTLIBRARIES = libopkele.la 1lib_LTLIBRARIES = libopkele.la
2 2
3INCLUDES = \ 3INCLUDES = \
4 -I${top_srcdir}/include/ \ 4 -I${top_srcdir}/include/ \
5 ${KONFORKA_CFLAGS} \ 5 ${KONFORKA_CFLAGS} \
6 ${OPENSSL_CFLAGS} \ 6 ${OPENSSL_CFLAGS} \
7 ${LIBCURL_CPPFLAGS} \ 7 ${LIBCURL_CPPFLAGS} \
8 ${PCRE_CFLAGS} 8 ${PCRE_CFLAGS}
9libopkele_la_LIBADD = \ 9libopkele_la_LIBADD = \
10 ${LIBCURL} \ 10 ${LIBCURL} \
11 ${PCRE_LIBS} \ 11 ${PCRE_LIBS} \
12 ${OPENSSL_LIBS} \ 12 ${OPENSSL_LIBS} \
13 ${KONFORKA_LIBS} 13 ${KONFORKA_LIBS}
14 14
15libopkele_la_SOURCES = \ 15libopkele_la_SOURCES = \
16 params.cc \ 16 params.cc \
17 util.cc \ 17 util.cc \
18 server.cc \ 18 server.cc \
19 secret.cc \ 19 secret.cc \
20 data.cc \ 20 data.cc \
21 consumer.cc \ 21 consumer.cc \
22 exception.cc \ 22 exception.cc \
23 extension.cc \ 23 extension.cc \
24 sreg.cc \ 24 sreg.cc \
25 extension_chain.cc 25 extension_chain.cc \
26 curl.cc
26libopkele_la_LDFLAGS = \ 27libopkele_la_LDFLAGS = \
27 -version-info 2:0:0 28 -version-info 2:0:0
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 20f4174..c155157 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,425 +1,408 @@
1#include <algorithm> 1#include <algorithm>
2#include <cassert> 2#include <cassert>
3#include <cstring> 3#include <cstring>
4#include <opkele/util.h> 4#include <opkele/util.h>
5#include <opkele/curl.h> 5#include <opkele/curl.h>
6#include <opkele/exception.h> 6#include <opkele/exception.h>
7#include <opkele/data.h> 7#include <opkele/data.h>
8#include <opkele/consumer.h> 8#include <opkele/consumer.h>
9#include <openssl/sha.h> 9#include <openssl/sha.h>
10#include <openssl/hmac.h> 10#include <openssl/hmac.h>
11#include <iostream> 11#include <iostream>
12 12
13#include "config.h" 13#include "config.h"
14 14
15#include <pcre.h> 15#include <pcre.h>
16 16
17namespace opkele { 17namespace opkele {
18 using namespace std; 18 using namespace std;
19 using util::curl_t;
19 20
20 class pcre_matches_t { 21 class pcre_matches_t {
21 public: 22 public:
22 int *_ov; 23 int *_ov;
23 int _s; 24 int _s;
24 25
25 pcre_matches_t() : _ov(0), _s(0) { } 26 pcre_matches_t() : _ov(0), _s(0) { }
26 pcre_matches_t(int s) : _ov(0), _s(s) { 27 pcre_matches_t(int s) : _ov(0), _s(s) {
27 if(_s&1) ++_s; 28 if(_s&1) ++_s;
28 _s += _s>>1; 29 _s += _s>>1;
29 _ov = new int[_s]; 30 _ov = new int[_s];
30 } 31 }
31 ~pcre_matches_t() throw() { if(_ov) delete[] _ov; } 32 ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
32 33
33 int begin(int i) const { return _ov[i<<1]; } 34 int begin(int i) const { return _ov[i<<1]; }
34 int end(int i) const { return _ov[(i<<1)+1]; } 35 int end(int i) const { return _ov[(i<<1)+1]; }
35 int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; } 36 int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
36 }; 37 };
37 38
38 class pcre_t { 39 class pcre_t {
39 public: 40 public:
40 pcre *_p; 41 pcre *_p;
41 42
42 pcre_t() : _p(0) { } 43 pcre_t() : _p(0) { }
43 pcre_t(pcre *p) : _p(p) { } 44 pcre_t(pcre *p) : _p(p) { }
44 pcre_t(const char *re,int opts) : _p(0) { 45 pcre_t(const char *re,int opts) : _p(0) {
45 static const char *errptr; static int erroffset; 46 static const char *errptr; static int erroffset;
46 _p = pcre_compile(re,opts,&errptr,&erroffset,NULL); 47 _p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
47 if(!_p) 48 if(!_p)
48 throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr); 49 throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
49 } 50 }
50 ~pcre_t() throw() { if(_p) (*pcre_free)(_p); } 51 ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
51 52
52 pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; } 53 pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
53 54
54 operator const pcre*(void) const { return _p; } 55 operator const pcre*(void) const { return _p; }
55 operator pcre*(void) { return _p; } 56 operator pcre*(void) { return _p; }
56 57
57 int exec(const string& s,pcre_matches_t& m) { 58 int exec(const string& s,pcre_matches_t& m) {
58 if(!_p) 59 if(!_p)
59 throw internal_error(OPKELE_CP_ "Trying to execute absent regexp"); 60 throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
60 return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s); 61 return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
61 } 62 }
62 }; 63 };
63 64
64 static CURLcode curl_misc_sets(CURL* c) {
65 CURLcode r;
66 (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))
67 || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))
68 || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))
69 || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))
70 || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_SRC_VERSION))
71 || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))
72 #ifdefDISABLE_CURL_SSL_VERIFYHOST
73 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))
74#endif
75 #ifdefDISABLE_CURL_SSL_VERIFYPEER
76 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))
77#endif
78 ;
79 return r;
80 }
81
82 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { 65 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) {
83 string *str = (string*)stream; 66 string *str = (string*)stream;
84 size_t bytes = size*nmemb; 67 size_t bytes = size*nmemb;
85 size_t get = min(16384-str->length(),bytes); 68 size_t get = min(16384-str->length(),bytes);
86 str->append((const char*)ptr,get); 69 str->append((const char*)ptr,get);
87 return get; 70 return get;
88 } 71 }
89 72
90 assoc_t consumer_t::associate(const string& server) { 73 assoc_t consumer_t::associate(const string& server) {
91 util::dh_t dh = DH_new(); 74 util::dh_t dh = DH_new();
92 if(!dh) 75 if(!dh)
93 throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); 76 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
94 dh->p = util::dec_to_bignum(data::_default_p); 77 dh->p = util::dec_to_bignum(data::_default_p);
95 dh->g = util::dec_to_bignum(data::_default_g); 78 dh->g = util::dec_to_bignum(data::_default_g);
96 if(!DH_generate_key(dh)) 79 if(!DH_generate_key(dh))
97 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); 80 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
98 string request = 81 string request =
99 "openid.mode=associate" 82 "openid.mode=associate"
100 "&openid.assoc_type=HMAC-SHA1" 83 "&openid.assoc_type=HMAC-SHA1"
101 "&openid.session_type=DH-SHA1" 84 "&openid.session_type=DH-SHA1"
102 "&openid.dh_consumer_public="; 85 "&openid.dh_consumer_public=";
103 request += util::url_encode(util::bignum_to_base64(dh->pub_key)); 86 request += util::url_encode(util::bignum_to_base64(dh->pub_key));
104 util::curl_t curl = curl_easy_init(); 87 curl_t curl = curl_t::easy_init();
105 if(!curl) 88 if(!curl)
106 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 89 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
107 string response; 90 string response;
108 CURLcode r; 91 CURLcode r;
109 (r=curl_misc_sets(curl)) 92 (r=curl.misc_sets())
110 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) 93 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
111 || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) 94 || (r=curl.easy_setopt(CURLOPT_POST,1))
112 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) 95 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
113 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) 96 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
114 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 97 || (r=curl.easy_setopt(CURLOPT_WRITEFUNCTION,_curl_tostring))
115 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) 98 || (r=curl.easy_setopt(CURLOPT_WRITEDATA,&response))
116 ; 99 ;
117 if(r) 100 if(r)
118 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 101 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
119 if( (r=curl_easy_perform(curl)) ) 102 if( (r=curl.easy_perform()) )
120 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 103 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
121 params_t p; p.parse_keyvalues(response); 104 params_t p; p.parse_keyvalues(response);
122 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") 105 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
123 throw bad_input(OPKELE_CP_ "unsupported assoc_type"); 106 throw bad_input(OPKELE_CP_ "unsupported assoc_type");
124 string st; 107 string st;
125 if(p.has_param("session_type")) st = p.get_param("session_type"); 108 if(p.has_param("session_type")) st = p.get_param("session_type");
126 if((!st.empty()) && st!="DH-SHA1") 109 if((!st.empty()) && st!="DH-SHA1")
127 throw bad_input(OPKELE_CP_ "unsupported session_type"); 110 throw bad_input(OPKELE_CP_ "unsupported session_type");
128 secret_t secret; 111 secret_t secret;
129 if(st.empty()) { 112 if(st.empty()) {
130 secret.from_base64(p.get_param("mac_key")); 113 secret.from_base64(p.get_param("mac_key"));
131 }else{ 114 }else{
132 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); 115 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
133 vector<unsigned char> ck(DH_size(dh)+1); 116 vector<unsigned char> ck(DH_size(dh)+1);
134 unsigned char *ckptr = &(ck.front())+1; 117 unsigned char *ckptr = &(ck.front())+1;
135 int cklen = DH_compute_key(ckptr,s_pub,dh); 118 int cklen = DH_compute_key(ckptr,s_pub,dh);
136 if(cklen<0) 119 if(cklen<0)
137 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 120 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
138 if(cklen && (*ckptr)&0x80) { 121 if(cklen && (*ckptr)&0x80) {
139 (*(--ckptr)) = 0; ++cklen; 122 (*(--ckptr)) = 0; ++cklen;
140 } 123 }
141 unsigned char key_sha1[SHA_DIGEST_LENGTH]; 124 unsigned char key_sha1[SHA_DIGEST_LENGTH];
142 SHA1(ckptr,cklen,key_sha1); 125 SHA1(ckptr,cklen,key_sha1);
143 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); 126 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
144 } 127 }
145 int expires_in = 0; 128 int expires_in = 0;
146 if(p.has_param("expires_in")) { 129 if(p.has_param("expires_in")) {
147 expires_in = util::string_to_long(p.get_param("expires_in")); 130 expires_in = util::string_to_long(p.get_param("expires_in"));
148 }else if(p.has_param("issued") && p.has_param("expiry")) { 131 }else if(p.has_param("issued") && p.has_param("expiry")) {
149 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued")); 132 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
150 }else 133 }else
151 throw bad_input(OPKELE_CP_ "no expiration information"); 134 throw bad_input(OPKELE_CP_ "no expiration information");
152 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); 135 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
153 } 136 }
154 137
155 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 138 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
156 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); 139 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
157 } 140 }
158 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 141 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
159 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); 142 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
160 } 143 }
161 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 144 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
162 params_t p; 145 params_t p;
163 if(mode==mode_checkid_immediate) 146 if(mode==mode_checkid_immediate)
164 p["mode"]="checkid_immediate"; 147 p["mode"]="checkid_immediate";
165 else if(mode==mode_checkid_setup) 148 else if(mode==mode_checkid_setup)
166 p["mode"]="checkid_setup"; 149 p["mode"]="checkid_setup";
167 else 150 else
168 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 151 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
169 string iurl = canonicalize(identity); 152 string iurl = canonicalize(identity);
170 string server, delegate; 153 string server, delegate;
171 retrieve_links(iurl,server,delegate); 154 retrieve_links(iurl,server,delegate);
172 p["identity"] = delegate.empty()?iurl:delegate; 155 p["identity"] = delegate.empty()?iurl:delegate;
173 if(!trust_root.empty()) 156 if(!trust_root.empty())
174 p["trust_root"] = trust_root; 157 p["trust_root"] = trust_root;
175 p["return_to"] = return_to; 158 p["return_to"] = return_to;
176 try { 159 try {
177 string ah = find_assoc(server)->handle(); 160 string ah = find_assoc(server)->handle();
178 p["assoc_handle"] = ah; 161 p["assoc_handle"] = ah;
179 }catch(failed_lookup& fl) { 162 }catch(failed_lookup& fl) {
180 string ah = associate(server)->handle(); 163 string ah = associate(server)->handle();
181 p["assoc_handle"] = ah; 164 p["assoc_handle"] = ah;
182 } 165 }
183 if(ext) ext->checkid_hook(p,identity); 166 if(ext) ext->checkid_hook(p,identity);
184 return p.append_query(server); 167 return p.append_query(server);
185 } 168 }
186 169
187 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 170 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
188 if(pin.has_param("openid.user_setup_url")) 171 if(pin.has_param("openid.user_setup_url"))
189 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 172 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
190 string server,delegate; 173 string server,delegate;
191 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 174 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
192 params_t ps; 175 params_t ps;
193 try { 176 try {
194 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 177 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
195 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ 178 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */
196 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 179 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
197 const string& sigenc = pin.get_param("openid.sig"); 180 const string& sigenc = pin.get_param("openid.sig");
198 vector<unsigned char> sig; 181 vector<unsigned char> sig;
199 util::decode_base64(sigenc,sig); 182 util::decode_base64(sigenc,sig);
200 const string& slist = pin.get_param("openid.signed"); 183 const string& slist = pin.get_param("openid.signed");
201 string kv; 184 string kv;
202 string::size_type p = 0; 185 string::size_type p = 0;
203 while(true) { 186 while(true) {
204 string::size_type co = slist.find(',',p); 187 string::size_type co = slist.find(',',p);
205 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 188 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
206 kv += f; 189 kv += f;
207 kv += ':'; 190 kv += ':';
208 f.insert(0,"openid."); 191 f.insert(0,"openid.");
209 kv += pin.get_param(f); 192 kv += pin.get_param(f);
210 kv += '\n'; 193 kv += '\n';
211 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f); 194 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
212 if(co==string::npos) 195 if(co==string::npos)
213 break; 196 break;
214 p = co+1; 197 p = co+1;
215 } 198 }
216 secret_t secret = assoc->secret(); 199 secret_t secret = assoc->secret();
217 unsigned int md_len = 0; 200 unsigned int md_len = 0;
218 unsigned char *md = HMAC( 201 unsigned char *md = HMAC(
219 EVP_sha1(), 202 EVP_sha1(),
220 &(secret.front()),secret.size(), 203 &(secret.front()),secret.size(),
221 (const unsigned char *)kv.data(),kv.length(), 204 (const unsigned char *)kv.data(),kv.length(),
222 0,&md_len); 205 0,&md_len);
223 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len)) 206 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
224 throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); 207 throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
225 }catch(failed_lookup& e) { /* XXX: more specific? */ 208 }catch(failed_lookup& e) { /* XXX: more specific? */
226 const string& slist = pin.get_param("openid.signed"); 209 const string& slist = pin.get_param("openid.signed");
227 string::size_type pp = 0; 210 string::size_type pp = 0;
228 params_t p; 211 params_t p;
229 while(true) { 212 while(true) {
230 string::size_type co = slist.find(',',pp); 213 string::size_type co = slist.find(',',pp);
231 string f = "openid."; 214 string f = "openid.";
232 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp); 215 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
233 p[f] = pin.get_param(f); 216 p[f] = pin.get_param(f);
234 if(co==string::npos) 217 if(co==string::npos)
235 break; 218 break;
236 pp = co+1; 219 pp = co+1;
237 } 220 }
238 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle"); 221 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
239 p["openid.sig"] = pin.get_param("openid.sig"); 222 p["openid.sig"] = pin.get_param("openid.sig");
240 p["openid.signed"] = pin.get_param("openid.signed"); 223 p["openid.signed"] = pin.get_param("openid.signed");
241 try { 224 try {
242 string ih = pin.get_param("openid.invalidate_handle"); 225 string ih = pin.get_param("openid.invalidate_handle");
243 p["openid.invalidate_handle"] = ih; 226 p["openid.invalidate_handle"] = ih;
244 }catch(failed_lookup& fl) { } 227 }catch(failed_lookup& fl) { }
245 try { 228 try {
246 check_authentication(server,p); 229 check_authentication(server,p);
247 }catch(failed_check_authentication& fca) { 230 }catch(failed_check_authentication& fca) {
248 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 231 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
249 } 232 }
250 } 233 }
251 if(ext) ext->id_res_hook(pin,ps,identity); 234 if(ext) ext->id_res_hook(pin,ps,identity);
252 } 235 }
253 236
254 void consumer_t::check_authentication(const string& server,const params_t& p) { 237 void consumer_t::check_authentication(const string& server,const params_t& p) {
255 string request = "openid.mode=check_authentication"; 238 string request = "openid.mode=check_authentication";
256 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 239 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
257 if(i->first!="openid.mode") { 240 if(i->first!="openid.mode") {
258 request += '&'; 241 request += '&';
259 request += i->first; 242 request += i->first;
260 request += '='; 243 request += '=';
261 request += util::url_encode(i->second); 244 request += util::url_encode(i->second);
262 } 245 }
263 } 246 }
264 util::curl_t curl = curl_easy_init(); 247 curl_t curl = curl_t::easy_init();
265 if(!curl) 248 if(!curl)
266 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 249 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
267 string response; 250 string response;
268 CURLcode r; 251 CURLcode r;
269 (r=curl_misc_sets(curl)) 252 (r=curl.misc_sets())
270 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) 253 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
271 || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) 254 || (r=curl.easy_setopt(CURLOPT_POST,1))
272 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) 255 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
273 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) 256 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
274 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 257 || (r=curl.easy_setopt(CURLOPT_WRITEFUNCTION,_curl_tostring))
275 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) 258 || (r=curl.easy_setopt(CURLOPT_WRITEDATA,&response))
276 ; 259 ;
277 if(r) 260 if(r)
278 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 261 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
279 if( (r=curl_easy_perform(curl)) ) 262 if( (r=curl.easy_perform()) )
280 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 263 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
281 params_t pp; pp.parse_keyvalues(response); 264 params_t pp; pp.parse_keyvalues(response);
282 if(pp.has_param("invalidate_handle")) 265 if(pp.has_param("invalidate_handle"))
283 invalidate_assoc(server,pp.get_param("invalidate_handle")); 266 invalidate_assoc(server,pp.get_param("invalidate_handle"));
284 if(pp.has_param("is_valid")) { 267 if(pp.has_param("is_valid")) {
285 if(pp.get_param("is_valid")=="true") 268 if(pp.get_param("is_valid")=="true")
286 return; 269 return;
287 }else if(pp.has_param("lifetime")) { 270 }else if(pp.has_param("lifetime")) {
288 if(util::string_to_long(pp.get_param("lifetime"))) 271 if(util::string_to_long(pp.get_param("lifetime")))
289 return; 272 return;
290 } 273 }
291 throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); 274 throw failed_check_authentication(OPKELE_CP_ "failed to verify response");
292 } 275 }
293 276
294 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { 277 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) {
295 server.erase(); 278 server.erase();
296 delegate.erase(); 279 delegate.erase();
297 util::curl_t curl = curl_easy_init(); 280 curl_t curl = curl_t::easy_init();
298 if(!curl) 281 if(!curl)
299 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 282 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
300 string html; 283 string html;
301 CURLcode r; 284 CURLcode r;
302 (r=curl_misc_sets(curl)) 285 (r=curl.misc_sets())
303 || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str())) 286 || (r=curl.easy_setopt(CURLOPT_URL,url.c_str()))
304 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 287 || (r=curl.easy_setopt(CURLOPT_WRITEFUNCTION,_curl_tostring))
305 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html)) 288 || (r=curl.easy_setopt(CURLOPT_WRITEDATA,&html))
306 ; 289 ;
307 if(r) 290 if(r)
308 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 291 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
309 r = curl_easy_perform(curl); 292 r = curl.easy_perform();
310 if(r && r!=CURLE_WRITE_ERROR) 293 if(r && r!=CURLE_WRITE_ERROR)
311 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 294 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
312 static const char *re_bre = "<\\s*body\\b", *re_hdre = "<\\s*head[^>]*>", 295 static const char *re_bre = "<\\s*body\\b", *re_hdre = "<\\s*head[^>]*>",
313 *re_lre = "<\\s*link\\b([^>]+)>", 296 *re_lre = "<\\s*link\\b([^>]+)>",
314 *re_rre = "\\brel\\s*=\\s*['\"]([^'\"]+)['\"]", 297 *re_rre = "\\brel\\s*=\\s*['\"]([^'\"]+)['\"]",
315 *re_hre = "\\bhref\\s*=\\s*['\"]\\s*([^'\"\\s]+)\\s*['\"]"; 298 *re_hre = "\\bhref\\s*=\\s*['\"]\\s*([^'\"\\s]+)\\s*['\"]";
316 pcre_matches_t m1(3), m2(3); 299 pcre_matches_t m1(3), m2(3);
317 pcre_t bre(re_bre,PCRE_CASELESS); 300 pcre_t bre(re_bre,PCRE_CASELESS);
318 if(bre.exec(html,m1)>0) 301 if(bre.exec(html,m1)>0)
319 html.erase(m1.begin(0)); 302 html.erase(m1.begin(0));
320 pcre_t hdre(re_hdre,PCRE_CASELESS); 303 pcre_t hdre(re_hdre,PCRE_CASELESS);
321 if(hdre.exec(html,m1)<=0) 304 if(hdre.exec(html,m1)<=0)
322 throw bad_input(OPKELE_CP_ "failed to find <head>"); 305 throw bad_input(OPKELE_CP_ "failed to find <head>");
323 html.erase(0,m1.end(0)+1); 306 html.erase(0,m1.end(0)+1);
324 pcre_t lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS); 307 pcre_t lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS);
325 bool gotit = false; 308 bool gotit = false;
326 while( (!gotit) && lre.exec(html,m1)>=2 ) { 309 while( (!gotit) && lre.exec(html,m1)>=2 ) {
327 static const char *whitespace = " \t"; 310 static const char *whitespace = " \t";
328 string attrs(html,m1.begin(1),m1.length(1)); 311 string attrs(html,m1.begin(1),m1.length(1));
329 html.erase(0,m1.end(0)+1); 312 html.erase(0,m1.end(0)+1);
330 if(!( rre.exec(attrs,m1)>=2 && hre.exec(attrs,m2)>=2 )) 313 if(!( rre.exec(attrs,m1)>=2 && hre.exec(attrs,m2)>=2 ))
331 continue; 314 continue;
332 string rels(attrs,m1.begin(1),m1.length(1)); 315 string rels(attrs,m1.begin(1),m1.length(1));
333 for(string::size_type ns = rels.find_first_not_of(whitespace); 316 for(string::size_type ns = rels.find_first_not_of(whitespace);
334 ns!=string::npos; 317 ns!=string::npos;
335 ns=rels.find_first_not_of(whitespace,ns)) { 318 ns=rels.find_first_not_of(whitespace,ns)) {
336 string::size_type s = rels.find_first_of(whitespace,ns); 319 string::size_type s = rels.find_first_of(whitespace,ns);
337 string rel; 320 string rel;
338 if(s==string::npos) { 321 if(s==string::npos) {
339 rel.assign(rels,ns,string::npos); 322 rel.assign(rels,ns,string::npos);
340 ns=string::npos; 323 ns=string::npos;
341 }else{ 324 }else{
342 rel.assign(rels,ns,s-ns); 325 rel.assign(rels,ns,s-ns);
343 ns=s; 326 ns=s;
344 } 327 }
345 if(rel=="openid.server") { 328 if(rel=="openid.server") {
346 server.assign(attrs,m2.begin(1),m2.length(1)); 329 server.assign(attrs,m2.begin(1),m2.length(1));
347 if(!delegate.empty()) { 330 if(!delegate.empty()) {
348 gotit = true; 331 gotit = true;
349 break; 332 break;
350 } 333 }
351 }else if(rel=="openid.delegate") { 334 }else if(rel=="openid.delegate") {
352 delegate.assign(attrs,m2.begin(1),m2.length(1)); 335 delegate.assign(attrs,m2.begin(1),m2.length(1));
353 if(!server.empty()) { 336 if(!server.empty()) {
354 gotit = true; 337 gotit = true;
355 break; 338 break;
356 } 339 }
357 } 340 }
358 if(ns==string::npos) break; 341 if(ns==string::npos) break;
359 } 342 }
360 } 343 }
361 if(server.empty()) 344 if(server.empty())
362 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); 345 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration");
363 } 346 }
364 347
365 assoc_t consumer_t::find_assoc(const string& /* server */) { 348 assoc_t consumer_t::find_assoc(const string& /* server */) {
366 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); 349 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided");
367 } 350 }
368 351
369 string consumer_t::normalize(const string& url) { 352 string consumer_t::normalize(const string& url) {
370 string rv = url; 353 string rv = url;
371 // strip leading and trailing spaces 354 // strip leading and trailing spaces
372 string::size_type i = rv.find_first_not_of(" \t\r\n"); 355 string::size_type i = rv.find_first_not_of(" \t\r\n");
373 if(i==string::npos) 356 if(i==string::npos)
374 throw bad_input(OPKELE_CP_ "empty URL"); 357 throw bad_input(OPKELE_CP_ "empty URL");
375 if(i) 358 if(i)
376 rv.erase(0,i); 359 rv.erase(0,i);
377 i = rv.find_last_not_of(" \t\r\n"); 360 i = rv.find_last_not_of(" \t\r\n");
378 assert(i!=string::npos); 361 assert(i!=string::npos);
379 if(i<(rv.length()-1)) 362 if(i<(rv.length()-1))
380 rv.erase(i+1); 363 rv.erase(i+1);
381 // add missing http:// 364 // add missing http://
382 i = rv.find("://"); 365 i = rv.find("://");
383 if(i==string::npos) { // primitive. but do we need more? 366 if(i==string::npos) { // primitive. but do we need more?
384 rv.insert(0,"http://"); 367 rv.insert(0,"http://");
385 i = sizeof("http://")-1; 368 i = sizeof("http://")-1;
386 }else{ 369 }else{
387 i += sizeof("://")-1; 370 i += sizeof("://")-1;
388 } 371 }
389 string::size_type qm = rv.find('?',i); 372 string::size_type qm = rv.find('?',i);
390 string::size_type sl = rv.find('/',i); 373 string::size_type sl = rv.find('/',i);
391 if(qm!=string::npos) { 374 if(qm!=string::npos) {
392 if(sl==string::npos || sl>qm) 375 if(sl==string::npos || sl>qm)
393 rv.insert(qm,1,'/'); 376 rv.insert(qm,1,'/');
394 }else{ 377 }else{
395 if(sl==string::npos) 378 if(sl==string::npos)
396 rv += '/'; 379 rv += '/';
397 } 380 }
398 return rv; 381 return rv;
399 } 382 }
400 383
401 string consumer_t::canonicalize(const string& url) { 384 string consumer_t::canonicalize(const string& url) {
402 string rv = normalize(url); 385 string rv = normalize(url);
403 util::curl_t curl = curl_easy_init(); 386 curl_t curl = curl_t::easy_init();
404 if(!curl) 387 if(!curl)
405 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 388 throw exception_curl(OPKELE_CP_ "failed to initialize curl()");
406 string html; 389 string html;
407 CURLcode r; 390 CURLcode r;
408 (r=curl_misc_sets(curl)) 391 (r=curl.misc_sets())
409 || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str())) 392 || (r=curl.easy_setopt(CURLOPT_URL,rv.c_str()))
410 || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1)) 393 || (r=curl.easy_setopt(CURLOPT_NOBODY,1))
411 ; 394 ;
412 if(r) 395 if(r)
413 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 396 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
414 r = curl_easy_perform(curl); 397 r = curl.easy_perform();
415 if(r) 398 if(r)
416 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 399 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
417 const char *eu = 0; 400 const char *eu = 0;
418 r = curl_easy_getinfo(curl,CURLINFO_EFFECTIVE_URL,&eu); 401 r = curl.easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu);
419 if(r) 402 if(r)
420 throw exception_curl(OPKELE_CP_ "failed to curl_easy_getinfo(..CURLINFO_EFFECTIVE_URL..)",r); 403 throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r);
421 rv = eu; 404 rv = eu;
422 return normalize(rv); 405 return normalize(rv);
423 } 406 }
424 407
425} 408}
diff --git a/lib/curl.cc b/lib/curl.cc
new file mode 100644
index 0000000..418aa79
--- a/dev/null
+++ b/lib/curl.cc
@@ -0,0 +1,42 @@
1#include <opkele/curl.h>
2
3#include "config.h"
4
5namespace opkele {
6
7 namespace util {
8
9 curl_t::~curl_t() throw() {
10 if(_c)
11 curl_easy_cleanup(_c);
12 }
13
14 curl_t& curl_t::operator=(CURL *c) {
15 if(_c)
16 curl_easy_cleanup(_c);
17 _c = c;
18 return *this;
19 }
20
21 CURLcode curl_t::misc_sets() {
22 assert(_c);
23 CURLcode r;
24 (r=easy_setopt(CURLOPT_FOLLOWLOCATION,1))
25 || (r=easy_setopt(CURLOPT_MAXREDIRS,5))
26 || (r=easy_setopt(CURLOPT_DNS_CACHE_TIMEOUT,120))
27 || (r=easy_setopt(CURLOPT_DNS_USE_GLOBAL_CACHE,1))
28 || (r=easy_setopt(CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_SRC_VERSION))
29 || (r=easy_setopt(CURLOPT_TIMEOUT,20))
30 #ifdefDISABLE_CURL_SSL_VERIFYHOST
31 || (r=easy_setopt(CURLOPT_SSL_VERIFYHOST,0))
32#endif
33 #ifdefDISABLE_CURL_SSL_VERIFYPEER
34 || (r=easy_setopt(CURLOPT_SSL_VERIFYPEER,0))
35#endif
36 ;
37 return r;
38 }
39
40 }
41
42}