fixed a typo

author: Michael Krelin <hacker@klever.net> 2007-01-15 00:29:53 (UTC)
committer: Michael Krelin <hacker@klever.net> 2007-01-15 00:29:53 (UTC)
commit: 74abfae8077569260298a67eca0847e90111b13c (patch) (unidiff)
tree: 2e7dbd06110683737cfcca2c2030c07772d4f35e /lib
parent: 6c7a4fbf0c0e68a500a6b5834a1f3877b160bf77 (diff)
download: libopkele-74abfae8077569260298a67eca0847e90111b13c.zip
libopkele-74abfae8077569260298a67eca0847e90111b13c.tar.gz
libopkele-74abfae8077569260298a67eca0847e90111b13c.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index dc49405..30a5507 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,172 +1,172 @@
 #include <algorithm>
 #include <cassert>
 #include <opkele/util.h>
 #include <opkele/exception.h>
 #include <opkele/data.h>
 #include <opkele/consumer.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <curl/curl.h>
 #include <pcre++.h>
 #include <iostream>
 #include "config.h"
 namespace opkele {
    using namespace std;
    class curl_t {
        public:
            CURL *_c;
            curl_t() : _c(0) { }
            curl_t(CURL *c) : _c(c) { }
            ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); }
            curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; }
            operator const CURL*(void) const { return _c; }
            operator CURL*(void) { return _c; }
    };
    static CURLcode curl_misc_sets(CURL* c) {
        CURLcode r;
        (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))
        || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))
        || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))
        || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))
        || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION))
        || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))
        #ifdefDISABLE_CURL_SSL_VERIFYHOST
        || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))
 #endif
-        #ifdefDISABLE_CURL_SSL_VERYPEER
+        #ifdefDISABLE_CURL_SSL_VERIFYPEER
        || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))
 #endif
        ;
        return r;
    }
    static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) {
        string *str = (string*)stream;
        size_t bytes = size*nmemb;
        size_t get = min(16384-str->length(),bytes);
        str->append((const char*)ptr,get);
        return get;
    }
    assoc_t consumer_t::associate(const string& server) {
        util::dh_t dh = DH_new();
        if(!dh)
            throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
        dh->p = util::dec_to_bignum(data::_default_p);
        dh->g = util::dec_to_bignum(data::_default_g);
        if(!DH_generate_key(dh))
            throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
        string request = 
            "openid.mode=associate"
            "&openid.assoc_type=HMAC-SHA1"
            "&openid.session_type=DH-SHA1"
            "&openid.dh_consumer_public=";
        request += util::url_encode(util::bignum_to_base64(dh->pub_key));
        curl_t curl = curl_easy_init();
        if(!curl)
            throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
        string response;
        CURLcode r;
        (r=curl_misc_sets(curl))
        || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str()))
        || (r=curl_easy_setopt(curl,CURLOPT_POST,1))
        || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data()))
        || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length()))
        || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
        || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response))
        ;
        if(r)
            throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
        if(r=curl_easy_perform(curl))
            throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
        params_t p; p.parse_keyvalues(response);
        if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
            throw bad_input(OPKELE_CP_ "unsupported assoc_type");
        string st;
        if(p.has_param("session_type")) st = p.get_param("session_type");
        if((!st.empty()) && st!="DH-SHA1")
            throw bad_input(OPKELE_CP_ "unsupported session_type");
        secret_t secret;
        if(st.empty()) {
            secret.from_base64(p.get_param("mac_key"));
        }else{
            util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
            vector<unsigned char> ck(DH_size(dh));
            int cklen = DH_compute_key(&(ck.front()),s_pub,dh);
            if(cklen<0)
                throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
            ck.resize(cklen);
            // OpenID algorithm requires extra zero in case of set bit here
            if(ck[0]&0x80) ck.insert(ck.begin(),1,0);
            unsigned char key_sha1[SHA_DIGEST_LENGTH];
            SHA1(&(ck.front()),ck.size(),key_sha1);
            secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
        }
        int expires_in = 0;
        if(p.has_param("expires_in")) {
            expires_in = util::string_to_long(p.get_param("expires_in"));
        }else if(p.has_param("issued") && p.has_param("expiry")) {
            expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
        }else
            throw bad_input(OPKELE_CP_ "no expiration information");
        return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
    }
    string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
    }
    string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
    }
    string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
        params_t p;
        if(mode==mode_checkid_immediate)
            p["mode"]="checkid_immediate";
        else if(mode==mode_checkid_setup)
            p["mode"]="checkid_setup";
        else
            throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
        string iurl = canonicalize(identity);
        string server, delegate;
        retrieve_links(iurl,server,delegate);
        p["identity"] = delegate.empty()?iurl:delegate;
        if(!trust_root.empty())
            p["trust_root"] = trust_root;
        p["return_to"] = return_to;
        try {
            try {
                string ah = find_assoc(server)->handle();
                p["assoc_handle"] = ah;
            }catch(failed_lookup& fl) {
                string ah = associate(server)->handle();
                p["assoc_handle"] = ah;
            }
        }catch(exception& e) { }
        if(ext) ext->checkid_hook(p,identity);
        return p.append_query(server);
    }
    void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
        if(pin.has_param("openid.user_setup_url"))
            throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
        string server,delegate;
        retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
        params_t ps;
        try {
            assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
            const string& sigenc = pin.get_param("openid.sig");
            vector<unsigned char> sig;
            util::decode_base64(sigenc,sig);
            const string& slist = pin.get_param("openid.signed");
            string kv;
            string::size_type p = 0;
            while(true) {
                string::size_type co = slist.find(',',p);
author	Michael Krelin <hacker@klever.net>	2007-01-15 00:29:53 (UTC)
committer	Michael Krelin <hacker@klever.net>	2007-01-15 00:29:53 (UTC)
commit	74abfae8077569260298a67eca0847e90111b13c (patch) (unidiff)
tree	2e7dbd06110683737cfcca2c2030c07772d4f35e /lib
parent	6c7a4fbf0c0e68a500a6b5834a1f3877b160bf77 (diff)
download	libopkele-74abfae8077569260298a67eca0847e90111b13c.zip libopkele-74abfae8077569260298a67eca0847e90111b13c.tar.gz libopkele-74abfae8077569260298a67eca0847e90111b13c.tar.bz2

diff --git a/lib/consumer.cc b/lib/consumer.cc index dc49405..30a5507 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc
@@ -1,172 +1,172 @@
1	#include <algorithm>	1	#include <algorithm>
2	#include <cassert>	2	#include <cassert>
3	#include <opkele/util.h>	3	#include <opkele/util.h>
4	#include <opkele/exception.h>	4	#include <opkele/exception.h>
5	#include <opkele/data.h>	5	#include <opkele/data.h>
6	#include <opkele/consumer.h>	6	#include <opkele/consumer.h>
7	#include <openssl/sha.h>	7	#include <openssl/sha.h>
8	#include <openssl/hmac.h>	8	#include <openssl/hmac.h>
9	#include <curl/curl.h>	9	#include <curl/curl.h>
10	#include <pcre++.h>	10	#include <pcre++.h>
11		11
12	#include <iostream>	12	#include <iostream>
13		13
14	#include "config.h"	14	#include "config.h"
15		15
16	namespace opkele {	16	namespace opkele {
17	using namespace std;	17	using namespace std;
18		18
19	class curl_t {	19	class curl_t {
20	public:	20	public:
21	CURL *_c;	21	CURL *_c;
22		22
23	curl_t() : _c(0) { }	23	curl_t() : _c(0) { }
24	curl_t(CURL *c) : _c(c) { }	24	curl_t(CURL *c) : _c(c) { }
25	~curl_t() throw() { if(_c) curl_easy_cleanup(_c); }	25	~curl_t() throw() { if(_c) curl_easy_cleanup(_c); }
26		26
27	curl_t& operator=(CURL c) { if(_c) curl_easy_cleanup(_c); _c=c; return this; }	27	curl_t& operator=(CURL c) { if(_c) curl_easy_cleanup(_c); _c=c; return this; }
28		28
29	operator const CURL*(void) const { return _c; }	29	operator const CURL*(void) const { return _c; }
30	operator CURL*(void) { return _c; }	30	operator CURL*(void) { return _c; }
31	};	31	};
32		32
33	static CURLcode curl_misc_sets(CURL* c) {	33	static CURLcode curl_misc_sets(CURL* c) {
34	CURLcode r;	34	CURLcode r;
35	(r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))	35	(r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))
36	\|\| (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))	36	\|\| (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))
37	\|\| (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))	37	\|\| (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))
38	\|\| (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))	38	\|\| (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))
39	\|\| (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION))	39	\|\| (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION))
40	\|\| (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))	40	\|\| (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))
41	#ifdefDISABLE_CURL_SSL_VERIFYHOST	41	#ifdefDISABLE_CURL_SSL_VERIFYHOST
42	\|\| (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))	42	\|\| (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))
43	#endif	43	#endif
44	#ifdefDISABLE_CURL_SSL_VERYPEER	44	#ifdefDISABLE_CURL_SSL_VERIFYPEER
45	\|\| (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))	45	\|\| (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))
46	#endif	46	#endif
47	;	47	;
48	return r;	48	return r;
49	}	49	}
50		50
51	static size_t _curl_tostring(void ptr,size_t size,size_t nmemb,void stream) {	51	static size_t _curl_tostring(void ptr,size_t size,size_t nmemb,void stream) {
52	string str = (string)stream;	52	string str = (string)stream;
53	size_t bytes = size*nmemb;	53	size_t bytes = size*nmemb;
54	size_t get = min(16384-str->length(),bytes);	54	size_t get = min(16384-str->length(),bytes);
55	str->append((const char*)ptr,get);	55	str->append((const char*)ptr,get);
56	return get;	56	return get;
57	}	57	}
58		58
59	assoc_t consumer_t::associate(const string& server) {	59	assoc_t consumer_t::associate(const string& server) {
60	util::dh_t dh = DH_new();	60	util::dh_t dh = DH_new();
61	if(!dh)	61	if(!dh)
62	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");	62	throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
63	dh->p = util::dec_to_bignum(data::_default_p);	63	dh->p = util::dec_to_bignum(data::_default_p);
64	dh->g = util::dec_to_bignum(data::_default_g);	64	dh->g = util::dec_to_bignum(data::_default_g);
65	if(!DH_generate_key(dh))	65	if(!DH_generate_key(dh))
66	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");	66	throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
67	string request =	67	string request =
68	"openid.mode=associate"	68	"openid.mode=associate"
69	"&openid.assoc_type=HMAC-SHA1"	69	"&openid.assoc_type=HMAC-SHA1"
70	"&openid.session_type=DH-SHA1"	70	"&openid.session_type=DH-SHA1"
71	"&openid.dh_consumer_public=";	71	"&openid.dh_consumer_public=";
72	request += util::url_encode(util::bignum_to_base64(dh->pub_key));	72	request += util::url_encode(util::bignum_to_base64(dh->pub_key));
73	curl_t curl = curl_easy_init();	73	curl_t curl = curl_easy_init();
74	if(!curl)	74	if(!curl)
75	throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");	75	throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
76	string response;	76	string response;
77	CURLcode r;	77	CURLcode r;
78	(r=curl_misc_sets(curl))	78	(r=curl_misc_sets(curl))
79	\|\| (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str()))	79	\|\| (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str()))
80	\|\| (r=curl_easy_setopt(curl,CURLOPT_POST,1))	80	\|\| (r=curl_easy_setopt(curl,CURLOPT_POST,1))
81	\|\| (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data()))	81	\|\| (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data()))
82	\|\| (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length()))	82	\|\| (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length()))
83	\|\| (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))	83	\|\| (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
84	\|\| (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response))	84	\|\| (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response))
85	;	85	;
86	if(r)	86	if(r)
87	throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);	87	throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
88	if(r=curl_easy_perform(curl))	88	if(r=curl_easy_perform(curl))
89	throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);	89	throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
90	params_t p; p.parse_keyvalues(response);	90	params_t p; p.parse_keyvalues(response);
91	if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")	91	if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
92	throw bad_input(OPKELE_CP_ "unsupported assoc_type");	92	throw bad_input(OPKELE_CP_ "unsupported assoc_type");
93	string st;	93	string st;
94	if(p.has_param("session_type")) st = p.get_param("session_type");	94	if(p.has_param("session_type")) st = p.get_param("session_type");
95	if((!st.empty()) && st!="DH-SHA1")	95	if((!st.empty()) && st!="DH-SHA1")
96	throw bad_input(OPKELE_CP_ "unsupported session_type");	96	throw bad_input(OPKELE_CP_ "unsupported session_type");
97	secret_t secret;	97	secret_t secret;
98	if(st.empty()) {	98	if(st.empty()) {
99	secret.from_base64(p.get_param("mac_key"));	99	secret.from_base64(p.get_param("mac_key"));
100	}else{	100	}else{
101	util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));	101	util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
102	vector<unsigned char> ck(DH_size(dh));	102	vector<unsigned char> ck(DH_size(dh));
103	int cklen = DH_compute_key(&(ck.front()),s_pub,dh);	103	int cklen = DH_compute_key(&(ck.front()),s_pub,dh);
104	if(cklen<0)	104	if(cklen<0)
105	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");	105	throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
106	ck.resize(cklen);	106	ck.resize(cklen);
107	// OpenID algorithm requires extra zero in case of set bit here	107	// OpenID algorithm requires extra zero in case of set bit here
108	if(ck[0]&0x80) ck.insert(ck.begin(),1,0);	108	if(ck[0]&0x80) ck.insert(ck.begin(),1,0);
109	unsigned char key_sha1[SHA_DIGEST_LENGTH];	109	unsigned char key_sha1[SHA_DIGEST_LENGTH];
110	SHA1(&(ck.front()),ck.size(),key_sha1);	110	SHA1(&(ck.front()),ck.size(),key_sha1);
111	secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));	111	secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
112	}	112	}
113	int expires_in = 0;	113	int expires_in = 0;
114	if(p.has_param("expires_in")) {	114	if(p.has_param("expires_in")) {
115	expires_in = util::string_to_long(p.get_param("expires_in"));	115	expires_in = util::string_to_long(p.get_param("expires_in"));
116	}else if(p.has_param("issued") && p.has_param("expiry")) {	116	}else if(p.has_param("issued") && p.has_param("expiry")) {
117	expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));	117	expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
118	}else	118	}else
119	throw bad_input(OPKELE_CP_ "no expiration information");	119	throw bad_input(OPKELE_CP_ "no expiration information");
120	return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);	120	return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
121	}	121	}
122		122
123	string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	123	string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
124	return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);	124	return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
125	}	125	}
126	string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	126	string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
127	return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);	127	return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
128	}	128	}
129	string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {	129	string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
130	params_t p;	130	params_t p;
131	if(mode==mode_checkid_immediate)	131	if(mode==mode_checkid_immediate)
132	p["mode"]="checkid_immediate";	132	p["mode"]="checkid_immediate";
133	else if(mode==mode_checkid_setup)	133	else if(mode==mode_checkid_setup)
134	p["mode"]="checkid_setup";	134	p["mode"]="checkid_setup";
135	else	135	else
136	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");	136	throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
137	string iurl = canonicalize(identity);	137	string iurl = canonicalize(identity);
138	string server, delegate;	138	string server, delegate;
139	retrieve_links(iurl,server,delegate);	139	retrieve_links(iurl,server,delegate);
140	p["identity"] = delegate.empty()?iurl:delegate;	140	p["identity"] = delegate.empty()?iurl:delegate;
141	if(!trust_root.empty())	141	if(!trust_root.empty())
142	p["trust_root"] = trust_root;	142	p["trust_root"] = trust_root;
143	p["return_to"] = return_to;	143	p["return_to"] = return_to;
144	try {	144	try {
145	try {	145	try {
146	string ah = find_assoc(server)->handle();	146	string ah = find_assoc(server)->handle();
147	p["assoc_handle"] = ah;	147	p["assoc_handle"] = ah;
148	}catch(failed_lookup& fl) {	148	}catch(failed_lookup& fl) {
149	string ah = associate(server)->handle();	149	string ah = associate(server)->handle();
150	p["assoc_handle"] = ah;	150	p["assoc_handle"] = ah;
151	}	151	}
152	}catch(exception& e) { }	152	}catch(exception& e) { }
153	if(ext) ext->checkid_hook(p,identity);	153	if(ext) ext->checkid_hook(p,identity);
154	return p.append_query(server);	154	return p.append_query(server);
155	}	155	}
156		156
157	void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {	157	void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
158	if(pin.has_param("openid.user_setup_url"))	158	if(pin.has_param("openid.user_setup_url"))
159	throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));	159	throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
160	string server,delegate;	160	string server,delegate;
161	retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);	161	retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
162	params_t ps;	162	params_t ps;
163	try {	163	try {
164	assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));	164	assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
165	const string& sigenc = pin.get_param("openid.sig");	165	const string& sigenc = pin.get_param("openid.sig");
166	vector<unsigned char> sig;	166	vector<unsigned char> sig;
167	util::decode_base64(sigenc,sig);	167	util::decode_base64(sigenc,sig);
168	const string& slist = pin.get_param("openid.signed");	168	const string& slist = pin.get_param("openid.signed");
169	string kv;	169	string kv;
170	string::size_type p = 0;	170	string::size_type p = 0;
171	while(true) {	171	while(true) {
172	string::size_type co = slist.find(',',p);	172	string::size_type co = slist.find(',',p);