first cut on XRI resolver

This commit adds openid service resolver that does discovery using XRI (proxy only), Yadis protocol and html-based discovery. It uses expat as xml parsing engine, which makes it a bit more strict about html it receives, but I think failing to discover links in *severely* broken html is better than misdetecting links, hidden in comments or such. This is highly experimental code and needs more thoughts and testing. Thanks everyone pushing me towards this development. Namely Joseph, John, Gen. Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2007-12-02 21:48:18 (UTC)
committer: Michael Krelin <hacker@klever.net> 2007-12-02 21:51:08 (UTC)
commit: 262f1579f0a9138a01f06afea06d00155cefd4b5 (patch) (unidiff)
tree: fb4db0ee7b679a1957c63abbe6f6af1d2fa82531 /lib/openid_service_resolver.cc
parent: 73d98f3652b498b9a74b183bef395714c7d73fda (diff)
download: libopkele-262f1579f0a9138a01f06afea06d00155cefd4b5.zip
libopkele-262f1579f0a9138a01f06afea06d00155cefd4b5.tar.gz
libopkele-262f1579f0a9138a01f06afea06d00155cefd4b5.tar.bz2
1 files changed, 294 insertions, 0 deletions
diff --git a/lib/openid_service_resolver.cc b/lib/openid_service_resolver.cc
new file mode 100644
index 0000000..5f82955
--- a/dev/null
+++ b/lib/openid_service_resolver.cc
@@ -0,0 +1,294 @@
+#include <cctype>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/openid_service_resolver.h>
+#include <opkele/uris.h>
+#define LOCATION_HEADER "X-XRDS-Location"
+namespace opkele {
+    static const char *whitespace = " \t\r\n";
+    openid_service_resolver_t::openid_service_resolver_t(const string& xp)
+        : util::curl_t(easy_init()),
+        util::expat_t(0),
+        xri_proxy(xp.empty()?"http://beta.xri.net/":xp)
+    {
+        CURLcode r;
+        (r=misc_sets())
+        || (r=set_write())
+        || (r==set_header())
+        ;
+        if(r)
+            throw opkele::exception_curl(OPKELE_CP_ "failed to set curly options",r);
+    }
+    static bool is_element(const XML_Char *n,const char *en) {
+        if(!strcasecmp(n,en)) return true;
+        int nl = strlen(n), enl = strlen(en);
+        if( (nl>=(enl+1)) && n[nl-enl-1]=='\t'
+                && !strcasecmp(&n[nl-enl],en) )
+            return true;
+        return false;
+    }
+    static inline bool is_qelement(const XML_Char *n,const char *qen) {
+        return !strcasecmp(n,qen);
+    }
+    static inline bool is_element(
+            const openid_service_resolver_t::parser_node_t& n,
+            const char *en) {
+        return is_element(n.element.c_str(),en);
+    }
+    static inline bool is_qelement(
+            const openid_service_resolver_t::parser_node_t& n,
+            const char *qen) {
+        return is_qelement(n.element.c_str(),qen);
+    }
+    void openid_service_resolver_t::start_element(const XML_Char *n,const XML_Char **a) {
+        if(state!=state_parse) return;
+        tree.push(n,a);
+        parser_node_t& t = tree.top();
+        if(is_element(n,"html") || is_element(n,"head")
+                || is_qelement(n,NSURI_XRDS "\tXRDS")
+                || is_qelement(n,NSURI_XRD "\tXRD") )
+            t.skip_tags = false;
+        else if(is_qelement(n,NSURI_XRD "\tService")
+                || is_qelement(n,NSURI_XRD "\tType")
+                || is_qelement(n,NSURI_XRD "\tURI")
+                || is_qelement(n,NSURI_OPENID10 "\tDelegate")
+                || is_qelement(n,NSURI_XRD "\tCanonicalID") )
+            t.skip_tags = t.skip_text = false;
+        else if(is_element(n,"body"))
+            state = state_stopping_body;
+    }
+    void openid_service_resolver_t::end_element(const XML_Char *n) {
+        if(state!=state_parse) return;
+        assert(tree.top().element == n);
+        pop_tag();
+    }
+    void openid_service_resolver_t::character_data(const XML_Char *s,int l) {
+        if(state!=state_parse) return;
+        if( !( tree.empty() || tree.top().skip_text ) )
+            tree.top().content.append(s,l);
+    }
+    static void copy_trim_whitespace(string& to,const string& from) {
+        string::size_type ns0 = from.find_first_not_of(whitespace);
+        if(ns0==string::npos) {
+            to.clear(); return;
+        }
+        string::size_type ns1 = from.find_last_not_of(whitespace);
+        assert(ns1!=string::npos);
+        to.assign(from,ns0,ns1-ns0+1);
+    }
+    void openid_service_resolver_t::pop_tag() {
+        assert(!tree.empty());
+        parser_node_t& t = tree.top();
+        if( is_element(t,"meta")
+                && !strcasecmp(t.attrs["http-equiv"].c_str(),LOCATION_HEADER) ) {
+            xrds_location = t.attrs["content"];
+        }else if( is_element(t,"link") ) {
+            parser_node_t::attrs_t::const_iterator ir = t.attrs.find("rel");
+            if(ir!=t.attrs.end()) {
+                const string& rels = ir->second;
+                for(string::size_type ns = rels.find_first_not_of(whitespace);
+                        ns!=string::npos;
+                        ns=rels.find_first_not_of(whitespace,ns)) {
+                    string::size_type s = rels.find_first_of(whitespace,ns);
+                    string rel;
+                    if(s==string::npos) {
+                        rel.assign(rels,ns,string::npos);
+                        ns = string::npos;
+                    }else{
+                        rel.assign(rels,ns,s-ns);
+                        ns = s;
+                    }
+                    if(rel=="openid.server")
+                        copy_trim_whitespace(html_SEP.xrd_URI,t.attrs["href"]);
+                    else if(rel=="openid.delegate")
+                        copy_trim_whitespace(html_SEP.openid_Delegate,t.attrs["href"]);
+                }
+            }
+        }else if( is_element(t,"head") )
+            state = state_stopping_head;
+        else if( is_qelement(t,NSURI_XRD "\tXRD")) {
+            if( !(
+                        (
+                         xri_mode
+                         && t.auth_info.canonical_id.empty()
+                        ) ||
+                        t.auth_info.auth_SEP.xrd_Type.empty()
+                 ) )
+                auth_info = t.auth_info;
+        }else if( tree.size()>1 ) {
+            parser_node_t& p = tree.parent();
+            if( is_qelement(p,NSURI_XRD "\tService") ) {
+                if( is_qelement(t,NSURI_XRD "\tType") ) {
+                    if(t.content==STURI_OPENID10) {
+                        string tmp; copy_trim_whitespace(tmp,t.content);
+                        p.auth_info.auth_SEP.xrd_Type.insert(tmp);
+                    }
+                }else if( is_qelement(t,NSURI_XRD "\tURI") )
+                    copy_trim_whitespace(p.auth_info.auth_SEP.xrd_URI,t.content);
+                else if( is_qelement(t,NSURI_OPENID10 "\tDelegate") )
+                    copy_trim_whitespace(p.auth_info.auth_SEP.openid_Delegate,t.content);
+            }else if( is_qelement(p,NSURI_XRD "\tXRD") ) {
+                if(is_qelement(t,NSURI_XRD "\tService") ) {
+                    if( !t.auth_info.auth_SEP.xrd_Type.empty() ) {
+                        parser_node_t::attrs_t::const_iterator ip
+                            = t.attrs.find("priority");
+                        if(ip!=t.attrs.end()) {
+                            const char *nptr = ip->second.c_str();
+                            char *eptr = 0;
+                            t.auth_info.auth_SEP.priority = strtol(nptr,&eptr,10);
+                            if(nptr==eptr)
+                                t.auth_info.auth_SEP.priority = LONG_MAX;
+                        }
+                        if( (t.auth_info.auth_SEP.priority < p.auth_info.auth_SEP.priority)
+                                || p.auth_info.auth_SEP.xrd_Type.empty() )
+                            p.auth_info.auth_SEP = t.auth_info.auth_SEP;
+                    }
+                }else if( is_qelement(t,NSURI_XRD "\tCanonicalID") )
+                    copy_trim_whitespace(p.auth_info.canonical_id,t.content);
+            }
+        }
+        
+        tree.pop();
+    }
+    size_t openid_service_resolver_t::write(void *p,size_t s,size_t nm) {
+        if(state != state_parse)
+            return 0;
+        /* TODO: limit total size */
+        size_t bytes = s*nm;
+        parse((const char *)p,bytes,false);
+        return bytes;
+    }
+    size_t openid_service_resolver_t::header(void *p,size_t s,size_t nm) {
+        size_t bytes = s*nm;
+        const char *h = (const char *)p;
+        const char *colon = (const char*)memchr(p,':',bytes);
+        const char *space = (const char*)memchr(p,' ',bytes);
+        if(space && ( (!colon) || space<colon ) ) {
+            xrds_location.clear(); http_content_type.clear();
+        }else if(colon) {
+            const char *hv = ++colon;
+            int hnl = colon-h;
+            int rb;
+            for(rb = bytes-hnl-1;
+                    rb>0 && isspace(*hv);
+                    ++hv,--rb );
+            while(rb>0 && isspace(hv[rb-1]))
+                --rb;
+            if(rb) {
+                if( (hnl >= sizeof(LOCATION_HEADER))
+                        && !strncasecmp(h,LOCATION_HEADER ":",
+                            sizeof(LOCATION_HEADER)) ) {
+                    xrds_location.assign(hv,rb);
+                }else if( (hnl >= sizeof("Content-Type"))
+                        && !strncasecmp(h,"Content-Type:",
+                            sizeof("Content-Type")) ) {
+                    const char *sc = (const char*)memchr(
+                            hv,';',rb);
+                    http_content_type.assign(
+                            hv,sc?(sc-hv):rb );
+                }
+            }
+        }
+        return curl_t::header(p,s,nm);
+    }
+    void openid_service_resolver_t::discover_service(const string& url,bool xri) {
+        CURLcode r = easy_setopt(CURLOPT_URL,url.c_str());
+        if(r)
+            throw opkele::exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
+        (*(expat_t*)this) = parser_create_ns();
+        set_user_data(); set_element_handler();
+        set_character_data_handler();
+        tree.clear();
+        state = state_parse;
+        r = easy_perform();
+        if(r && r!=CURLE_WRITE_ERROR)
+            throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
+        parse(0,0,true);
+        while(!tree.empty()) pop_tag();
+    }
+    const openid_auth_info_t& openid_service_resolver_t::resolve(const string& id) {
+        auth_info = openid_auth_info_t();
+        html_SEP = openid_auth_SEP_t();
+        string::size_type fns = id.find_first_not_of(whitespace);
+        if(fns==string::npos)
+            throw opkele::bad_input(OPKELE_CP_ "whitespace-only identity");
+        string::size_type lns = id.find_last_not_of(whitespace);
+        assert(lns!=string::npos);
+        if(!strncasecmp(
+                    id.c_str()+fns,"xri://",
+                    sizeof("xri://")-1))
+            fns+=sizeof("xri://")-1;
+        string nid(id,fns,lns-fns+1);
+        if(nid.empty())
+            throw opkele::bad_input(OPKELE_CP_ "nothing significant in identity");
+        if(strchr("=@+$!(",*nid.c_str())) {
+            discover_service(
+                    xri_proxy + util::url_encode(nid) +
+                    "?_xrd_t=" STURI_OPENID10 "&_xrd_r=application/xrd+xml;sep=true",
+                    true );
+            if(auth_info.canonical_id.empty()
+                    || auth_info.auth_SEP.xrd_Type.empty() )
+                throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service for XRI found");
+            return auth_info;
+        }else{
+            const char *np = nid.c_str();
+            if( (strncasecmp(np,"http",4) || strncmp(
+                            tolower(*(np+4))=='s'? np+5 : np+4, "://", 3))
+#ifndef NDEBUG
+                    && strncasecmp(np,"file:///",sizeof("file:///")-1)
+        #endif  /* XXX: or how do I let tests work? */
+                    )
+                nid.insert(0,"http://");
+            string::size_type fp = nid.find('#');
+            if(fp!=string::npos) {
+                string::size_type qp = nid.find('?');
+                if(qp==string::npos || qp<fp) {
+                    nid.erase(fp);
+                }else if(qp>fp)
+                    nid.erase(fp,qp-fp);
+            }
+            discover_service(nid);
+            const char *eu = 0;
+            CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu);
+            if(r)
+                throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r);
+            string canonicalized_id = util::rfc_3986_normalize_uri(eu);
+            if(xrds_location.empty()) {
+                if(auth_info.auth_SEP.xrd_Type.empty()) {
+                    if(html_SEP.xrd_URI.empty())
+                        throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service discovered");
+                    auth_info.auth_SEP = html_SEP;
+                    auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 );
+                    auth_info.canonical_id = canonicalized_id;
+                }else{
+                    if(auth_info.canonical_id.empty())
+                        auth_info.canonical_id = canonicalized_id;
+                }
+                return auth_info;
+            }else{
+                discover_service(xrds_location);
+                if(auth_info.auth_SEP.xrd_Type.empty())
+                    throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service found in Yadis document");
+                if(auth_info.canonical_id.empty())
+                    auth_info.canonical_id = canonicalized_id;
+                return auth_info;
+            }
+        }
+    }
+}
author	Michael Krelin <hacker@klever.net>	2007-12-02 21:48:18 (UTC)
committer	Michael Krelin <hacker@klever.net>	2007-12-02 21:51:08 (UTC)
commit	262f1579f0a9138a01f06afea06d00155cefd4b5 (patch) (unidiff)
tree	fb4db0ee7b679a1957c63abbe6f6af1d2fa82531 /lib/openid_service_resolver.cc
parent	73d98f3652b498b9a74b183bef395714c7d73fda (diff)
download	libopkele-262f1579f0a9138a01f06afea06d00155cefd4b5.zip libopkele-262f1579f0a9138a01f06afea06d00155cefd4b5.tar.gz libopkele-262f1579f0a9138a01f06afea06d00155cefd4b5.tar.bz2

diff --git a/lib/openid_service_resolver.cc b/lib/openid_service_resolver.cc new file mode 100644 index 0000000..5f82955 --- a/dev/null +++ b/lib/openid_service_resolver.cc
@@ -0,0 +1,294 @@
	1	#include <cctype>
	2	#include <opkele/exception.h>
	3	#include <opkele/util.h>
	4	#include <opkele/openid_service_resolver.h>
	5	#include <opkele/uris.h>
	6
	7	#define LOCATION_HEADER "X-XRDS-Location"
	8
	9	namespace opkele {
	10	static const char *whitespace = " \t\r\n";
	11
	12	openid_service_resolver_t::openid_service_resolver_t(const string& xp)
	13	: util::curl_t(easy_init()),
	14	util::expat_t(0),
	15	xri_proxy(xp.empty()?"http://beta.xri.net/":xp)
	16	{
	17	CURLcode r;
	18	(r=misc_sets())
	19	\|\| (r=set_write())
	20	\|\| (r==set_header())
	21	;
	22	if(r)
	23	throw opkele::exception_curl(OPKELE_CP_ "failed to set curly options",r);
	24	}
	25
	26	static bool is_element(const XML_Char n,const char en) {
	27	if(!strcasecmp(n,en)) return true;
	28	int nl = strlen(n), enl = strlen(en);
	29	if( (nl>=(enl+1)) && n[nl-enl-1]=='\t'
	30	&& !strcasecmp(&n[nl-enl],en) )
	31	return true;
	32	return false;
	33	}
	34	static inline bool is_qelement(const XML_Char n,const char qen) {
	35	return !strcasecmp(n,qen);
	36	}
	37	static inline bool is_element(
	38	const openid_service_resolver_t::parser_node_t& n,
	39	const char *en) {
	40	return is_element(n.element.c_str(),en);
	41	}
	42	static inline bool is_qelement(
	43	const openid_service_resolver_t::parser_node_t& n,
	44	const char *qen) {
	45	return is_qelement(n.element.c_str(),qen);
	46	}
	47
	48	void openid_service_resolver_t::start_element(const XML_Char n,const XML_Char *a) {
	49	if(state!=state_parse) return;
	50	tree.push(n,a);
	51	parser_node_t& t = tree.top();
	52	if(is_element(n,"html") \|\| is_element(n,"head")
	53	\|\| is_qelement(n,NSURI_XRDS "\tXRDS")
	54	\|\| is_qelement(n,NSURI_XRD "\tXRD") )
	55	t.skip_tags = false;
	56	else if(is_qelement(n,NSURI_XRD "\tService")
	57	\|\| is_qelement(n,NSURI_XRD "\tType")
	58	\|\| is_qelement(n,NSURI_XRD "\tURI")
	59	\|\| is_qelement(n,NSURI_OPENID10 "\tDelegate")
	60	\|\| is_qelement(n,NSURI_XRD "\tCanonicalID") )
	61	t.skip_tags = t.skip_text = false;
	62	else if(is_element(n,"body"))
	63	state = state_stopping_body;
	64	}
	65	void openid_service_resolver_t::end_element(const XML_Char *n) {
	66	if(state!=state_parse) return;
	67	assert(tree.top().element == n);
	68	pop_tag();
	69	}
	70	void openid_service_resolver_t::character_data(const XML_Char *s,int l) {
	71	if(state!=state_parse) return;
	72	if( !( tree.empty() \|\| tree.top().skip_text ) )
	73	tree.top().content.append(s,l);
	74	}
	75
	76	static void copy_trim_whitespace(string& to,const string& from) {
	77	string::size_type ns0 = from.find_first_not_of(whitespace);
	78	if(ns0==string::npos) {
	79	to.clear(); return;
	80	}
	81	string::size_type ns1 = from.find_last_not_of(whitespace);
	82	assert(ns1!=string::npos);
	83	to.assign(from,ns0,ns1-ns0+1);
	84	}
	85
	86	void openid_service_resolver_t::pop_tag() {
	87	assert(!tree.empty());
	88	parser_node_t& t = tree.top();
	89	if( is_element(t,"meta")
	90	&& !strcasecmp(t.attrs["http-equiv"].c_str(),LOCATION_HEADER) ) {
	91	xrds_location = t.attrs["content"];
	92	}else if( is_element(t,"link") ) {
	93	parser_node_t::attrs_t::const_iterator ir = t.attrs.find("rel");
	94	if(ir!=t.attrs.end()) {
	95	const string& rels = ir->second;
	96	for(string::size_type ns = rels.find_first_not_of(whitespace);
	97	ns!=string::npos;
	98	ns=rels.find_first_not_of(whitespace,ns)) {
	99	string::size_type s = rels.find_first_of(whitespace,ns);
	100	string rel;
	101	if(s==string::npos) {
	102	rel.assign(rels,ns,string::npos);
	103	ns = string::npos;
	104	}else{
	105	rel.assign(rels,ns,s-ns);
	106	ns = s;
	107	}
	108	if(rel=="openid.server")
	109	copy_trim_whitespace(html_SEP.xrd_URI,t.attrs["href"]);
	110	else if(rel=="openid.delegate")
	111	copy_trim_whitespace(html_SEP.openid_Delegate,t.attrs["href"]);
	112	}
	113	}
	114	}else if( is_element(t,"head") )
	115	state = state_stopping_head;
	116	else if( is_qelement(t,NSURI_XRD "\tXRD")) {
	117	if( !(
	118	(
	119	xri_mode
	120	&& t.auth_info.canonical_id.empty()
	121	) \|\|
	122	t.auth_info.auth_SEP.xrd_Type.empty()
	123	) )
	124	auth_info = t.auth_info;
	125	}else if( tree.size()>1 ) {
	126	parser_node_t& p = tree.parent();
	127	if( is_qelement(p,NSURI_XRD "\tService") ) {
	128	if( is_qelement(t,NSURI_XRD "\tType") ) {
	129	if(t.content==STURI_OPENID10) {
	130	string tmp; copy_trim_whitespace(tmp,t.content);
	131	p.auth_info.auth_SEP.xrd_Type.insert(tmp);
	132	}
	133	}else if( is_qelement(t,NSURI_XRD "\tURI") )
	134	copy_trim_whitespace(p.auth_info.auth_SEP.xrd_URI,t.content);
	135	else if( is_qelement(t,NSURI_OPENID10 "\tDelegate") )
	136	copy_trim_whitespace(p.auth_info.auth_SEP.openid_Delegate,t.content);
	137	}else if( is_qelement(p,NSURI_XRD "\tXRD") ) {
	138	if(is_qelement(t,NSURI_XRD "\tService") ) {
	139	if( !t.auth_info.auth_SEP.xrd_Type.empty() ) {
	140	parser_node_t::attrs_t::const_iterator ip
	141	= t.attrs.find("priority");
	142	if(ip!=t.attrs.end()) {
	143	const char *nptr = ip->second.c_str();
	144	char *eptr = 0;
	145	t.auth_info.auth_SEP.priority = strtol(nptr,&eptr,10);
	146	if(nptr==eptr)
	147	t.auth_info.auth_SEP.priority = LONG_MAX;
	148	}
	149	if( (t.auth_info.auth_SEP.priority < p.auth_info.auth_SEP.priority)
	150	\|\| p.auth_info.auth_SEP.xrd_Type.empty() )
	151	p.auth_info.auth_SEP = t.auth_info.auth_SEP;
	152	}
	153	}else if( is_qelement(t,NSURI_XRD "\tCanonicalID") )
	154	copy_trim_whitespace(p.auth_info.canonical_id,t.content);
	155	}
	156	}
	157
	158	tree.pop();
	159	}
	160
	161	size_t openid_service_resolver_t::write(void *p,size_t s,size_t nm) {
	162	if(state != state_parse)
	163	return 0;
	164	/* TODO: limit total size */
	165	size_t bytes = s*nm;
	166	parse((const char *)p,bytes,false);
	167	return bytes;
	168	}
	169
	170	size_t openid_service_resolver_t::header(void *p,size_t s,size_t nm) {
	171	size_t bytes = s*nm;
	172	const char h = (const char )p;
	173	const char colon = (const char)memchr(p,':',bytes);
	174	const char space = (const char)memchr(p,' ',bytes);
	175	if(space && ( (!colon) \|\| space<colon ) ) {
	176	xrds_location.clear(); http_content_type.clear();
	177	}else if(colon) {
	178	const char *hv = ++colon;
	179	int hnl = colon-h;
	180	int rb;
	181	for(rb = bytes-hnl-1;
	182	rb>0 && isspace(*hv);
	183	++hv,--rb );
	184	while(rb>0 && isspace(hv[rb-1]))
	185	--rb;
	186	if(rb) {
	187	if( (hnl >= sizeof(LOCATION_HEADER))
	188	&& !strncasecmp(h,LOCATION_HEADER ":",
	189	sizeof(LOCATION_HEADER)) ) {
	190	xrds_location.assign(hv,rb);
	191	}else if( (hnl >= sizeof("Content-Type"))
	192	&& !strncasecmp(h,"Content-Type:",
	193	sizeof("Content-Type")) ) {
	194	const char sc = (const char)memchr(
	195	hv,';',rb);
	196	http_content_type.assign(
	197	hv,sc?(sc-hv):rb );
	198	}
	199	}
	200	}
	201	return curl_t::header(p,s,nm);
	202	}
	203
	204	void openid_service_resolver_t::discover_service(const string& url,bool xri) {
	205	CURLcode r = easy_setopt(CURLOPT_URL,url.c_str());
	206	if(r)
	207	throw opkele::exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
	208
	209	((expat_t)this) = parser_create_ns();
	210	set_user_data(); set_element_handler();
	211	set_character_data_handler();
	212	tree.clear();
	213	state = state_parse;
	214
	215	r = easy_perform();
	216	if(r && r!=CURLE_WRITE_ERROR)
	217	throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
	218
	219	parse(0,0,true);
	220	while(!tree.empty()) pop_tag();
	221	}
	222
	223	const openid_auth_info_t& openid_service_resolver_t::resolve(const string& id) {
	224	auth_info = openid_auth_info_t();
	225	html_SEP = openid_auth_SEP_t();
	226
	227	string::size_type fns = id.find_first_not_of(whitespace);
	228	if(fns==string::npos)
	229	throw opkele::bad_input(OPKELE_CP_ "whitespace-only identity");
	230	string::size_type lns = id.find_last_not_of(whitespace);
	231	assert(lns!=string::npos);
	232	if(!strncasecmp(
	233	id.c_str()+fns,"xri://",
	234	sizeof("xri://")-1))
	235	fns+=sizeof("xri://")-1;
	236	string nid(id,fns,lns-fns+1);
	237	if(nid.empty())
	238	throw opkele::bad_input(OPKELE_CP_ "nothing significant in identity");
	239	if(strchr("=@+$!(",*nid.c_str())) {
	240	discover_service(
	241	xri_proxy + util::url_encode(nid) +
	242	"?_xrd_t=" STURI_OPENID10 "&_xrd_r=application/xrd+xml;sep=true",
	243	true );
	244	if(auth_info.canonical_id.empty()
	245	\|\| auth_info.auth_SEP.xrd_Type.empty() )
	246	throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service for XRI found");
	247	return auth_info;
	248	}else{
	249	const char *np = nid.c_str();
	250	if( (strncasecmp(np,"http",4) \|\| strncmp(
	251	tolower(*(np+4))=='s'? np+5 : np+4, "://", 3))
	252	#ifndef NDEBUG
	253	&& strncasecmp(np,"file:///",sizeof("file:///")-1)
	254	#endif /* XXX: or how do I let tests work? */
	255	)
	256	nid.insert(0,"http://");
	257	string::size_type fp = nid.find('#');
	258	if(fp!=string::npos) {
	259	string::size_type qp = nid.find('?');
	260	if(qp==string::npos \|\| qp<fp) {
	261	nid.erase(fp);
	262	}else if(qp>fp)
	263	nid.erase(fp,qp-fp);
	264	}
	265	discover_service(nid);
	266	const char *eu = 0;
	267	CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu);
	268	if(r)
	269	throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r);
	270	string canonicalized_id = util::rfc_3986_normalize_uri(eu);
	271	if(xrds_location.empty()) {
	272	if(auth_info.auth_SEP.xrd_Type.empty()) {
	273	if(html_SEP.xrd_URI.empty())
	274	throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service discovered");
	275	auth_info.auth_SEP = html_SEP;
	276	auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 );
	277	auth_info.canonical_id = canonicalized_id;
	278	}else{
	279	if(auth_info.canonical_id.empty())
	280	auth_info.canonical_id = canonicalized_id;
	281	}
	282	return auth_info;
	283	}else{
	284	discover_service(xrds_location);
	285	if(auth_info.auth_SEP.xrd_Type.empty())
	286	throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service found in Yadis document");
	287	if(auth_info.canonical_id.empty())
	288	auth_info.canonical_id = canonicalized_id;
	289	return auth_info;
	290	}
	291	}
	292	}
	293
	294	}