| author | Michael Krelin <hacker@klever.net> | 2007-12-09 17:22:06 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2007-12-09 22:08:24 (UTC) |
| commit | c34adc6e274c3dbb63af99ca566000e7d218244c (patch) (unidiff) | |
| tree | 705624c208deb4eaf8d07c119a883e6f4f35236e /lib | |
| parent | 60fdaff7888b455b4d07eadc905cefd20f1ddd3c (diff) | |
| download | libopkele-c34adc6e274c3dbb63af99ca566000e7d218244c.zip libopkele-c34adc6e274c3dbb63af99ca566000e7d218244c.tar.gz libopkele-c34adc6e274c3dbb63af99ca566000e7d218244c.tar.bz2 | |
reworked identity resolution and service discovery
The discovery, which does both XRDS-based (Yadis, XRI, for XRI, using proxy)
and HTML-based search, now returns results in opkele:idiscovery_t structure.
It uses expat-based parser idigger_t, which itself is not exposed via any
header files, but hidden in lib/discovery.cc, the discovery testing program is
renamed from openid_resolve to idiscover.
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | lib/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/discovery.cc | 375 | ||||
| -rw-r--r-- | lib/openid_service_resolver.cc | 298 | ||||
| -rw-r--r-- | lib/util.cc | 22 |
4 files changed, 388 insertions, 309 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index b278faf..185411f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am | |||
| @@ -22,9 +22,9 @@ libopkele_la_SOURCES = \ | |||
| 22 | consumer.cc \ | 22 | consumer.cc \ |
| 23 | exception.cc \ | 23 | exception.cc \ |
| 24 | extension.cc \ | 24 | extension.cc \ |
| 25 | sreg.cc \ | 25 | sreg.cc \ |
| 26 | extension_chain.cc \ | 26 | extension_chain.cc \ |
| 27 | curl.cc expat.cc \ | 27 | curl.cc expat.cc \ |
| 28 | openid_service_resolver.cc | 28 | discovery.cc |
| 29 | libopkele_la_LDFLAGS = \ | 29 | libopkele_la_LDFLAGS = \ |
| 30 | -version-info 2:0:0 | 30 | -version-info 2:0:0 |
diff --git a/lib/discovery.cc b/lib/discovery.cc new file mode 100644 index 0000000..a35ce32 --- a/dev/null +++ b/lib/discovery.cc | |||
| @@ -0,0 +1,375 @@ | |||
| 1 | #include <iostream> | ||
| 2 | using namespace std; | ||
| 3 | #include <list> | ||
| 4 | #include <opkele/curl.h> | ||
| 5 | #include <opkele/expat.h> | ||
| 6 | #include <opkele/uris.h> | ||
| 7 | #include <opkele/discovery.h> | ||
| 8 | #include <opkele/exception.h> | ||
| 9 | #include <opkele/util.h> | ||
| 10 | |||
| 11 | #include "config.h" | ||
| 12 | |||
| 13 | #define XRDS_HEADER "X-XRDS-Location" | ||
| 14 | #define CT_HEADER "Content-Type" | ||
| 15 | |||
| 16 | namespace opkele { | ||
| 17 | using std::list; | ||
| 18 | using xrd::XRD_t; | ||
| 19 | using xrd::service_t; | ||
| 20 | |||
| 21 | static const char *whitespace = " \t\r\n"; | ||
| 22 | static const char *i_leaders = "=@+$!("; | ||
| 23 | |||
| 24 | static inline bool is_qelement(const XML_Char *n,const char *qen) { | ||
| 25 | return !strcasecmp(n,qen); | ||
| 26 | } | ||
| 27 | static inline bool is_element(const XML_Char *n,const char *en) { | ||
| 28 | if(!strcasecmp(n,en)) return true; | ||
| 29 | int nl = strlen(n), enl = strlen(en); | ||
| 30 | if( (nl>=(enl+1)) && n[nl-enl-1]=='\t' | ||
| 31 | && !strcasecmp(&n[nl-enl],en) ) | ||
| 32 | return true; | ||
| 33 | return false; | ||
| 34 | } | ||
| 35 | |||
| 36 | static long element_priority(const XML_Char **a) { | ||
| 37 | for(;*a;++a) | ||
| 38 | if(!strcasecmp(*(a++),"priority")) { | ||
| 39 | long rv; | ||
| 40 | return (sscanf(*a,"%ld",&rv)==1)?rv:-1; | ||
| 41 | } | ||
| 42 | return -1; | ||
| 43 | } | ||
| 44 | |||
| 45 | class idigger_t : public util::curl_t, public util::expat_t { | ||
| 46 | public: | ||
| 47 | string xri_proxy; | ||
| 48 | |||
| 49 | enum { | ||
| 50 | xmode_html = 1, xmode_xrd = 2 | ||
| 51 | }; | ||
| 52 | int xmode; | ||
| 53 | |||
| 54 | string xrds_location; | ||
| 55 | string http_content_type; | ||
| 56 | service_t html_openid1; | ||
| 57 | service_t html_openid2; | ||
| 58 | string cdata_buf; | ||
| 59 | long status_code; | ||
| 60 | string status_string; | ||
| 61 | |||
| 62 | typedef list<string> pt_stack_t; | ||
| 63 | pt_stack_t pt_stack; | ||
| 64 | int skipping; | ||
| 65 | |||
| 66 | XRD_t *xrd; | ||
| 67 | service_t *xrd_service; | ||
| 68 | string* cdata; | ||
| 69 | |||
| 70 | idigger_t() | ||
| 71 | : util::curl_t(easy_init()), | ||
| 72 | util::expat_t(0), | ||
| 73 | xri_proxy(XRI_PROXY_URL) { | ||
| 74 | CURLcode r; | ||
| 75 | (r=misc_sets()) | ||
| 76 | || (r=set_write()) | ||
| 77 | || (r=set_header()) | ||
| 78 | ; | ||
| 79 | if(r) | ||
| 80 | throw exception_curl(OPKELE_CP_ "failed to set curly options",r); | ||
| 81 | } | ||
| 82 | ~idigger_t() throw() { } | ||
| 83 | |||
| 84 | void discover(idiscovery_t& result,const string& identity) { | ||
| 85 | result.clear(); | ||
| 86 | string::size_type fsc = identity.find_first_not_of(whitespace); | ||
| 87 | if(fsc==string::npos) | ||
| 88 | throw bad_input(OPKELE_CP_ "whtiespace-only identity"); | ||
| 89 | string::size_type lsc = identity.find_last_not_of(whitespace); | ||
| 90 | assert(lsc!=string::npos); | ||
| 91 | if(!strncasecmp(identity.c_str()+fsc,"xri://",sizeof("xri://")-1)) | ||
| 92 | fsc += sizeof("xri://")-1; | ||
| 93 | if((fsc+1)>=lsc) | ||
| 94 | throw bad_input(OPKELE_CP_ "not a character of importance in identity"); | ||
| 95 | string id(identity,fsc,lsc-fsc+1); | ||
| 96 | if(strchr(i_leaders,id[0])) { | ||
| 97 | result.normalized_id = id; | ||
| 98 | /* TODO: further canonicalize xri identity? Like folding case or whatever... */ | ||
| 99 | discover_at( | ||
| 100 | result, | ||
| 101 | xri_proxy + util::url_encode(id)+ | ||
| 102 | "?_xrd_r=application/xrd+xml;sep=false", xmode_xrd); | ||
| 103 | if(status_code!=100) | ||
| 104 | throw failed_xri_resolution(OPKELE_CP_ | ||
| 105 | "XRI resolution failed with '"+status_string+"' message",status_code); | ||
| 106 | if(result.xrd.canonical_ids.empty()) | ||
| 107 | throw opkele::failed_discovery(OPKELE_CP_ "No CanonicalID for XRI identity found"); | ||
| 108 | }else{ | ||
| 109 | if(id.find("://")==string::npos) | ||
| 110 | id.insert(0,"http://"); | ||
| 111 | string::size_type fp = id.find('#'); | ||
| 112 | if(fp!=string::npos) { | ||
| 113 | string::size_type qp = id.find('?'); | ||
| 114 | if(qp==string::npos || qp<fp) | ||
| 115 | id.erase(fp); | ||
| 116 | else if(qp>fp) | ||
| 117 | id.erase(fp,qp-fp); | ||
| 118 | } | ||
| 119 | result.normalized_id = util::rfc_3986_normalize_uri(id); | ||
| 120 | discover_at(result,id,xmode_html|xmode_xrd); | ||
| 121 | const char * eu = 0; | ||
| 122 | CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu); | ||
| 123 | if(r) | ||
| 124 | throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r); | ||
| 125 | result.canonicalized_id = util::rfc_3986_normalize_uri(eu); /* XXX: strip fragment part? */ | ||
| 126 | if(xrds_location.empty()) { | ||
| 127 | html2xrd(result.xrd); | ||
| 128 | }else{ | ||
| 129 | discover_at(result,xrds_location,xmode_xrd); | ||
| 130 | if(result.xrd.empty()) | ||
| 131 | html2xrd(result.xrd); | ||
| 132 | } | ||
| 133 | } | ||
| 134 | } | ||
| 135 | |||
| 136 | void discover_at(idiscovery_t& result,const string& url,int xm) { | ||
| 137 | CURLcode r = easy_setopt(CURLOPT_URL,url.c_str()); | ||
| 138 | if(r) | ||
| 139 | throw exception_curl(OPKELE_CP_ "failed to set culry urlie",r); | ||
| 140 | |||
| 141 | (*(expat_t*)this) = parser_create_ns(); | ||
| 142 | set_user_data(); set_element_handler(); | ||
| 143 | set_character_data_handler(); | ||
| 144 | |||
| 145 | xrds_location.clear(); http_content_type.clear(); | ||
| 146 | xmode = xm; | ||
| 147 | if(xmode&xmode_html) { | ||
| 148 | xrds_location.clear(); | ||
| 149 | html_openid1.clear(); html_openid2.clear(); | ||
| 150 | } | ||
| 151 | xrd = &result.xrd; | ||
| 152 | cdata = 0; xrd_service = 0; skipping = 0; | ||
| 153 | status_code = 100; status_string.clear(); | ||
| 154 | |||
| 155 | r = easy_perform(); | ||
| 156 | if(r && r!=CURLE_WRITE_ERROR) | ||
| 157 | throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); | ||
| 158 | |||
| 159 | parse(0,0,true); | ||
| 160 | } | ||
| 161 | |||
| 162 | void html2xrd(XRD_t& x) { | ||
| 163 | if(!html_openid1.uris.empty()) { | ||
| 164 | html_openid1.types.insert(STURI_OPENID11); | ||
| 165 | x.services.add(-1,html_openid1); | ||
| 166 | } | ||
| 167 | if(!html_openid2.uris.empty()) { | ||
| 168 | html_openid2.types.insert(STURI_OPENID20); | ||
| 169 | x.services.add(-1,html_openid2); | ||
| 170 | } | ||
| 171 | } | ||
| 172 | |||
| 173 | size_t write(void *p,size_t s,size_t nm) { | ||
| 174 | if(skipping<0) return 0; | ||
| 175 | /* TODO: limit total size */ | ||
| 176 | size_t bytes = s*nm; | ||
| 177 | parse((const char *)p,bytes,false); | ||
| 178 | return bytes; | ||
| 179 | } | ||
| 180 | size_t header(void *p,size_t s,size_t nm) { | ||
| 181 | size_t bytes = s*nm; | ||
| 182 | const char *h = (const char*)p; | ||
| 183 | const char *colon = (const char*)memchr(p,':',bytes); | ||
| 184 | const char *space = (const char*)memchr(p,' ',bytes); | ||
| 185 | if(space && ( (!colon) || space<colon ) ) { | ||
| 186 | xrds_location.clear(); http_content_type.clear(); | ||
| 187 | }else if(colon) { | ||
| 188 | const char *hv = ++colon; | ||
| 189 | int hnl = colon-h; | ||
| 190 | int rb; | ||
| 191 | for(rb = bytes-hnl-1;rb>0 && isspace(*hv);++hv,--rb); | ||
| 192 | while(rb>0 && isspace(hv[rb-1])) --rb; | ||
| 193 | if(rb) { | ||
| 194 | if( (hnl>=sizeof(XRDS_HEADER)) | ||
| 195 | && !strncasecmp(h,XRDS_HEADER":", | ||
| 196 | sizeof(XRDS_HEADER)) ) { | ||
| 197 | xrds_location.assign(hv,rb); | ||
| 198 | }else if( (hnl>=sizeof(CT_HEADER)) | ||
| 199 | && !strncasecmp(h,CT_HEADER":", | ||
| 200 | sizeof(CT_HEADER)) ) { | ||
| 201 | const char *sc = (const char*)memchr( | ||
| 202 | hv,';',rb); | ||
| 203 | http_content_type.assign(hv,sc?(sc-hv):rb); | ||
| 204 | } | ||
| 205 | } | ||
| 206 | } | ||
| 207 | return curl_t::header(p,s,nm); | ||
| 208 | } | ||
| 209 | |||
| 210 | void start_element(const XML_Char *n,const XML_Char **a) { | ||
| 211 | if(skipping<0) return; | ||
| 212 | if(skipping) { | ||
| 213 | if(xmode&xmode_html) | ||
| 214 | html_start_element(n,a); | ||
| 215 | ++skipping; return; | ||
| 216 | } | ||
| 217 | if(pt_stack.empty()) { | ||
| 218 | if(is_qelement(n,NSURI_XRDS "\tXRDS")) | ||
| 219 | return; | ||
| 220 | if(is_qelement(n,NSURI_XRD "\tXRD")) { | ||
| 221 | assert(xrd); | ||
| 222 | xrd->clear(); | ||
| 223 | pt_stack.push_back(n); | ||
| 224 | }else if(xmode&xmode_html) { | ||
| 225 | html_start_element(n,a); | ||
| 226 | }else{ | ||
| 227 | skipping = -1; | ||
| 228 | } | ||
| 229 | }else{ | ||
| 230 | int pt_s = pt_stack.size(); | ||
| 231 | if(pt_s==1) { | ||
| 232 | /* TODO: xrd:XRD/xrd:Expires */ | ||
| 233 | if(is_qelement(n,NSURI_XRD "\tCanonicalID")) { | ||
| 234 | assert(xrd); | ||
| 235 | cdata = &(xrd->canonical_ids.add(element_priority(a),string())); | ||
| 236 | }else if(is_qelement(n,NSURI_XRD "\tLocalID")) { | ||
| 237 | assert(xrd); | ||
| 238 | cdata = &(xrd->local_ids.add(element_priority(a),string())); | ||
| 239 | }else if(is_qelement(n,NSURI_XRD "\tService")) { | ||
| 240 | assert(xrd); | ||
| 241 | xrd_service = &(xrd->services.add(element_priority(a), | ||
| 242 | service_t())); | ||
| 243 | pt_stack.push_back(n); | ||
| 244 | }else if(is_qelement(n,NSURI_XRD "\tStatus")) { | ||
| 245 | for(;*a;) { | ||
| 246 | if(!strcasecmp(*(a++),"code")) { | ||
| 247 | if(sscanf(*(a++),"%ld",&status_code)==1 && status_code!=100) { | ||
| 248 | cdata = &status_string; | ||
| 249 | pt_stack.push_back(n); | ||
| 250 | break; | ||
| 251 | } | ||
| 252 | } | ||
| 253 | } | ||
| 254 | }else if(xmode&xmode_html) { | ||
| 255 | html_start_element(n,a); | ||
| 256 | }else{ | ||
| 257 | skipping = 1; | ||
| 258 | } | ||
| 259 | }else if(pt_s==2) { | ||
| 260 | if(is_qelement(pt_stack.back().c_str(), NSURI_XRD "\tService")) { | ||
| 261 | if(is_qelement(n,NSURI_XRD "\tType")) { | ||
| 262 | assert(xrd); assert(xrd_service); | ||
| 263 | cdata_buf.clear(); | ||
| 264 | cdata = &cdata_buf; | ||
| 265 | }else if(is_qelement(n,NSURI_XRD "\tURI")) { | ||
| 266 | assert(xrd); assert(xrd_service); | ||
| 267 | cdata = &(xrd_service->uris.add(element_priority(a),string())); | ||
| 268 | }else if(is_qelement(n,NSURI_XRD "\tLocalID") | ||
| 269 | || is_qelement(n,NSURI_OPENID10 "\tDelegate") ) { | ||
| 270 | assert(xrd); assert(xrd_service); | ||
| 271 | cdata = &(xrd_service->uris.add(element_priority(a),string())); | ||
| 272 | }else{ | ||
| 273 | skipping = 1; | ||
| 274 | } | ||
| 275 | }else | ||
| 276 | skipping = 1; | ||
| 277 | }else if(xmode&xmode_html) { | ||
| 278 | html_start_element(n,a); | ||
| 279 | }else{ | ||
| 280 | skipping = 1; | ||
| 281 | } | ||
| 282 | } | ||
| 283 | } | ||
| 284 | void end_element(const XML_Char *n) { | ||
| 285 | if(skipping<0) return; | ||
| 286 | if(skipping) { | ||
| 287 | --skipping; return; | ||
| 288 | } | ||
| 289 | if(is_qelement(n,NSURI_XRD "\tType")) { | ||
| 290 | assert(xrd); assert(xrd_service); assert(cdata==&cdata_buf); | ||
| 291 | xrd_service->types.insert(cdata_buf); | ||
| 292 | }else if(is_qelement(n,NSURI_XRD "\tService")) { | ||
| 293 | assert(xrd); assert(xrd_service); | ||
| 294 | assert(!pt_stack.empty()); | ||
| 295 | assert(pt_stack.back()==(NSURI_XRD "\tService")); | ||
| 296 | pt_stack.pop_back(); | ||
| 297 | xrd_service = 0; | ||
| 298 | }else if(is_qelement(n,NSURI_XRD "\tStatus")) { | ||
| 299 | assert(xrd); | ||
| 300 | if(is_qelement(pt_stack.back().c_str(),n)) { | ||
| 301 | assert(cdata==&status_string); | ||
| 302 | pt_stack.pop_back(); | ||
| 303 | if(status_code!=100) | ||
| 304 | skipping = -1; | ||
| 305 | } | ||
| 306 | }else if((xmode&xmode_html) && is_element(n,"head")) { | ||
| 307 | skipping = -1; | ||
| 308 | } | ||
| 309 | cdata = 0; | ||
| 310 | } | ||
| 311 | void character_data(const XML_Char *s,int l) { | ||
| 312 | if(skipping) return; | ||
| 313 | if(cdata) cdata->append(s,l); | ||
| 314 | } | ||
| 315 | |||
| 316 | void html_start_element(const XML_Char *n,const XML_Char **a) { | ||
| 317 | if(is_element(n,"meta")) { | ||
| 318 | bool heq = false; | ||
| 319 | string l; | ||
| 320 | for(;*a;a+=2) { | ||
| 321 | if(!( strcasecmp(a[0],"http-equiv") | ||
| 322 | || strcasecmp(a[1],XRDS_HEADER) )) | ||
| 323 | heq = true; | ||
| 324 | else if(!strcasecmp(a[0],"content")) | ||
| 325 | l.assign(a[1]); | ||
| 326 | } | ||
| 327 | if(heq) | ||
| 328 | xrds_location = l; | ||
| 329 | }else if(is_element(n,"link")) { | ||
| 330 | string rels; | ||
| 331 | string href; | ||
| 332 | for(;*a;a+=2) { | ||
| 333 | if( !strcasecmp(a[0],"rel") ) { | ||
| 334 | rels.assign(a[1]); | ||
| 335 | }else if( !strcasecmp(a[0],"href") ) { | ||
| 336 | const char *ns = a[1]; | ||
| 337 | for(;*ns && isspace(*ns);++ns); | ||
| 338 | href.assign(ns); | ||
| 339 | string::size_type lns=href.find_last_not_of(whitespace); | ||
| 340 | href.erase(lns+1); | ||
| 341 | } | ||
| 342 | } | ||
| 343 | for(string::size_type ns=rels.find_first_not_of(whitespace); | ||
| 344 | ns!=string::npos; ns=rels.find_first_not_of(whitespace,ns)) { | ||
| 345 | string::size_type s = rels.find_first_of(whitespace,ns); | ||
| 346 | string rel; | ||
| 347 | if(s==string::npos) { | ||
| 348 | rel.assign(rels,ns,string::npos); | ||
| 349 | ns = string::npos; | ||
| 350 | }else{ | ||
| 351 | rel.assign(rels,ns,s-ns); | ||
| 352 | ns = s; | ||
| 353 | } | ||
| 354 | if(rel=="openid.server") | ||
| 355 | html_openid1.uris.add(-1,href); | ||
| 356 | else if(rel=="openid.delegate") | ||
| 357 | html_openid1.local_ids.add(-1,href); | ||
| 358 | else if(rel=="openid2.provider") | ||
| 359 | html_openid2.uris.add(-1,href); | ||
| 360 | else if(rel=="openid2.local_id") | ||
| 361 | html_openid2.local_ids.add(-1,href); | ||
| 362 | } | ||
| 363 | }else if(is_element(n,"body")) { | ||
| 364 | skipping = -1; | ||
| 365 | } | ||
| 366 | } | ||
| 367 | |||
| 368 | }; | ||
| 369 | |||
| 370 | void idiscover(idiscovery_t& result,const string& identity) { | ||
| 371 | idigger_t idigger; | ||
| 372 | idigger.discover(result,identity); | ||
| 373 | } | ||
| 374 | |||
| 375 | } | ||
diff --git a/lib/openid_service_resolver.cc b/lib/openid_service_resolver.cc deleted file mode 100644 index 505e5b2..0000000 --- a/lib/openid_service_resolver.cc +++ b/dev/null | |||
| @@ -1,298 +0,0 @@ | |||
| 1 | #include <cctype> | ||
| 2 | #include <opkele/exception.h> | ||
| 3 | #include <opkele/util.h> | ||
| 4 | #include <opkele/openid_service_resolver.h> | ||
| 5 | #include <opkele/uris.h> | ||
| 6 | |||
| 7 | #define LOCATION_HEADER "X-XRDS-Location" | ||
| 8 | |||
| 9 | namespace opkele { | ||
| 10 | static const char *whitespace = " \t\r\n"; | ||
| 11 | |||
| 12 | openid_service_resolver_t::openid_service_resolver_t(const string& xp) | ||
| 13 | : util::curl_t(easy_init()), | ||
| 14 | util::expat_t(0), | ||
| 15 | xri_proxy(xp.empty()?"http://beta.xri.net/":xp) | ||
| 16 | { | ||
| 17 | CURLcode r; | ||
| 18 | (r=misc_sets()) | ||
| 19 | || (r=set_write()) | ||
| 20 | || (r==set_header()) | ||
| 21 | ; | ||
| 22 | if(r) | ||
| 23 | throw opkele::exception_curl(OPKELE_CP_ "failed to set curly options",r); | ||
| 24 | } | ||
| 25 | |||
| 26 | static bool is_element(const XML_Char *n,const char *en) { | ||
| 27 | if(!strcasecmp(n,en)) return true; | ||
| 28 | int nl = strlen(n), enl = strlen(en); | ||
| 29 | if( (nl>=(enl+1)) && n[nl-enl-1]=='\t' | ||
| 30 | && !strcasecmp(&n[nl-enl],en) ) | ||
| 31 | return true; | ||
| 32 | return false; | ||
| 33 | } | ||
| 34 | static inline bool is_qelement(const XML_Char *n,const char *qen) { | ||
| 35 | return !strcasecmp(n,qen); | ||
| 36 | } | ||
| 37 | static inline bool is_element( | ||
| 38 | const openid_service_resolver_t::parser_node_t& n, | ||
| 39 | const char *en) { | ||
| 40 | return is_element(n.element.c_str(),en); | ||
| 41 | } | ||
| 42 | static inline bool is_qelement( | ||
| 43 | const openid_service_resolver_t::parser_node_t& n, | ||
| 44 | const char *qen) { | ||
| 45 | return is_qelement(n.element.c_str(),qen); | ||
| 46 | } | ||
| 47 | |||
| 48 | void openid_service_resolver_t::start_element(const XML_Char *n,const XML_Char **a) { | ||
| 49 | if(state!=state_parse) return; | ||
| 50 | tree.push(n,a); | ||
| 51 | parser_node_t& t = tree.top(); | ||
| 52 | if(is_element(n,"html") || is_element(n,"head") | ||
| 53 | || is_qelement(n,NSURI_XRDS "\tXRDS") | ||
| 54 | || is_qelement(n,NSURI_XRD "\tXRD") ) | ||
| 55 | t.skip_tags = false; | ||
| 56 | else if(is_qelement(n,NSURI_XRD "\tService") | ||
| 57 | || is_qelement(n,NSURI_XRD "\tType") | ||
| 58 | || is_qelement(n,NSURI_XRD "\tURI") | ||
| 59 | || is_qelement(n,NSURI_OPENID10 "\tDelegate") | ||
| 60 | || is_qelement(n,NSURI_XRD "\tCanonicalID") ) | ||
| 61 | t.skip_tags = t.skip_text = false; | ||
| 62 | else if(is_element(n,"body")) | ||
| 63 | state = state_stopping_body; | ||
| 64 | } | ||
| 65 | void openid_service_resolver_t::end_element(const XML_Char *n) { | ||
| 66 | if(state!=state_parse) return; | ||
| 67 | assert(tree.top().element == n); | ||
| 68 | pop_tag(); | ||
| 69 | } | ||
| 70 | void openid_service_resolver_t::character_data(const XML_Char *s,int l) { | ||
| 71 | if(state!=state_parse) return; | ||
| 72 | if( !( tree.empty() || tree.top().skip_text ) ) | ||
| 73 | tree.top().content.append(s,l); | ||
| 74 | } | ||
| 75 | |||
| 76 | static void copy_trim_whitespace(string& to,const string& from) { | ||
| 77 | string::size_type ns0 = from.find_first_not_of(whitespace); | ||
| 78 | if(ns0==string::npos) { | ||
| 79 | to.clear(); return; | ||
| 80 | } | ||
| 81 | string::size_type ns1 = from.find_last_not_of(whitespace); | ||
| 82 | assert(ns1!=string::npos); | ||
| 83 | to.assign(from,ns0,ns1-ns0+1); | ||
| 84 | } | ||
| 85 | |||
| 86 | void openid_service_resolver_t::pop_tag() { | ||
| 87 | assert(!tree.empty()); | ||
| 88 | parser_node_t& t = tree.top(); | ||
| 89 | if( is_element(t,"meta") | ||
| 90 | && !strcasecmp(t.attrs["http-equiv"].c_str(),LOCATION_HEADER) ) { | ||
| 91 | xrds_location = t.attrs["content"]; | ||
| 92 | }else if( is_element(t,"link") ) { | ||
| 93 | parser_node_t::attrs_t::const_iterator ir = t.attrs.find("rel"); | ||
| 94 | if(ir!=t.attrs.end()) { | ||
| 95 | const string& rels = ir->second; | ||
| 96 | for(string::size_type ns = rels.find_first_not_of(whitespace); | ||
| 97 | ns!=string::npos; | ||
| 98 | ns=rels.find_first_not_of(whitespace,ns)) { | ||
| 99 | string::size_type s = rels.find_first_of(whitespace,ns); | ||
| 100 | string rel; | ||
| 101 | if(s==string::npos) { | ||
| 102 | rel.assign(rels,ns,string::npos); | ||
| 103 | ns = string::npos; | ||
| 104 | }else{ | ||
| 105 | rel.assign(rels,ns,s-ns); | ||
| 106 | ns = s; | ||
| 107 | } | ||
| 108 | if(rel=="openid.server") | ||
| 109 | copy_trim_whitespace(html_SEP.xrd_URI,t.attrs["href"]); | ||
| 110 | else if(rel=="openid.delegate") | ||
| 111 | copy_trim_whitespace(html_SEP.openid_Delegate,t.attrs["href"]); | ||
| 112 | } | ||
| 113 | } | ||
| 114 | }else if( is_element(t,"head") ) | ||
| 115 | state = state_stopping_head; | ||
| 116 | else if( is_qelement(t,NSURI_XRD "\tXRD")) { | ||
| 117 | if( !( | ||
| 118 | ( | ||
| 119 | xri_mode | ||
| 120 | && t.auth_info.canonical_id.empty() | ||
| 121 | ) || | ||
| 122 | t.auth_info.auth_SEP.xrd_Type.empty() | ||
| 123 | ) ) | ||
| 124 | auth_info = t.auth_info; | ||
| 125 | }else if( tree.size()>1 ) { | ||
| 126 | parser_node_t& p = tree.parent(); | ||
| 127 | if( is_qelement(p,NSURI_XRD "\tService") ) { | ||
| 128 | if( is_qelement(t,NSURI_XRD "\tType") ) { | ||
| 129 | if(t.content==STURI_OPENID10) { | ||
| 130 | string tmp; copy_trim_whitespace(tmp,t.content); | ||
| 131 | p.auth_info.auth_SEP.xrd_Type.insert(tmp); | ||
| 132 | } | ||
| 133 | }else if( is_qelement(t,NSURI_XRD "\tURI") ) | ||
| 134 | copy_trim_whitespace(p.auth_info.auth_SEP.xrd_URI,t.content); | ||
| 135 | else if( is_qelement(t,NSURI_OPENID10 "\tDelegate") ) | ||
| 136 | copy_trim_whitespace(p.auth_info.auth_SEP.openid_Delegate,t.content); | ||
| 137 | }else if( is_qelement(p,NSURI_XRD "\tXRD") ) { | ||
| 138 | if(is_qelement(t,NSURI_XRD "\tService") ) { | ||
| 139 | if( !t.auth_info.auth_SEP.xrd_Type.empty() ) { | ||
| 140 | parser_node_t::attrs_t::const_iterator ip | ||
| 141 | = t.attrs.find("priority"); | ||
| 142 | if(ip!=t.attrs.end()) { | ||
| 143 | const char *nptr = ip->second.c_str(); | ||
| 144 | char *eptr = 0; | ||
| 145 | t.auth_info.auth_SEP.priority = strtol(nptr,&eptr,10); | ||
| 146 | if(nptr==eptr) | ||
| 147 | t.auth_info.auth_SEP.priority = LONG_MAX; | ||
| 148 | } | ||
| 149 | if( (t.auth_info.auth_SEP.priority < p.auth_info.auth_SEP.priority) | ||
| 150 | || p.auth_info.auth_SEP.xrd_Type.empty() ) | ||
| 151 | p.auth_info.auth_SEP = t.auth_info.auth_SEP; | ||
| 152 | } | ||
| 153 | }else if( is_qelement(t,NSURI_XRD "\tCanonicalID") ) | ||
| 154 | copy_trim_whitespace(p.auth_info.canonical_id,t.content); | ||
| 155 | } | ||
| 156 | } | ||
| 157 | |||
| 158 | tree.pop(); | ||
| 159 | } | ||
| 160 | |||
| 161 | size_t openid_service_resolver_t::write(void *p,size_t s,size_t nm) { | ||
| 162 | if(state != state_parse) | ||
| 163 | return 0; | ||
| 164 | /* TODO: limit total size */ | ||
| 165 | size_t bytes = s*nm; | ||
| 166 | parse((const char *)p,bytes,false); | ||
| 167 | return bytes; | ||
| 168 | } | ||
| 169 | |||
| 170 | size_t openid_service_resolver_t::header(void *p,size_t s,size_t nm) { | ||
| 171 | size_t bytes = s*nm; | ||
| 172 | const char *h = (const char *)p; | ||
| 173 | const char *colon = (const char*)memchr(p,':',bytes); | ||
| 174 | const char *space = (const char*)memchr(p,' ',bytes); | ||
| 175 | if(space && ( (!colon) || space<colon ) ) { | ||
| 176 | xrds_location.clear(); http_content_type.clear(); | ||
| 177 | }else if(colon) { | ||
| 178 | const char *hv = ++colon; | ||
| 179 | int hnl = colon-h; | ||
| 180 | int rb; | ||
| 181 | for(rb = bytes-hnl-1; | ||
| 182 | rb>0 && isspace(*hv); | ||
| 183 | ++hv,--rb ); | ||
| 184 | while(rb>0 && isspace(hv[rb-1])) | ||
| 185 | --rb; | ||
| 186 | if(rb) { | ||
| 187 | if( (hnl >= sizeof(LOCATION_HEADER)) | ||
| 188 | && !strncasecmp(h,LOCATION_HEADER ":", | ||
| 189 | sizeof(LOCATION_HEADER)) ) { | ||
| 190 | xrds_location.assign(hv,rb); | ||
| 191 | }else if( (hnl >= sizeof("Content-Type")) | ||
| 192 | && !strncasecmp(h,"Content-Type:", | ||
| 193 | sizeof("Content-Type")) ) { | ||
| 194 | const char *sc = (const char*)memchr( | ||
| 195 | hv,';',rb); | ||
| 196 | http_content_type.assign( | ||
| 197 | hv,sc?(sc-hv):rb ); | ||
| 198 | } | ||
| 199 | } | ||
| 200 | } | ||
| 201 | return curl_t::header(p,s,nm); | ||
| 202 | } | ||
| 203 | |||
| 204 | void openid_service_resolver_t::discover_service(const string& url,bool xri) { | ||
| 205 | CURLcode r = easy_setopt(CURLOPT_URL,url.c_str()); | ||
| 206 | if(r) | ||
| 207 | throw opkele::exception_curl(OPKELE_CP_ "failed to set curly urlie",r); | ||
| 208 | |||
| 209 | (*(expat_t*)this) = parser_create_ns(); | ||
| 210 | set_user_data(); set_element_handler(); | ||
| 211 | set_character_data_handler(); | ||
| 212 | tree.clear(); | ||
| 213 | state = state_parse; | ||
| 214 | |||
| 215 | r = easy_perform(); | ||
| 216 | if(r && r!=CURLE_WRITE_ERROR) | ||
| 217 | throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); | ||
| 218 | |||
| 219 | parse(0,0,true); | ||
| 220 | while(!tree.empty()) pop_tag(); | ||
| 221 | } | ||
| 222 | |||
| 223 | const openid_auth_info_t& openid_service_resolver_t::resolve(const string& id) { | ||
| 224 | auth_info = openid_auth_info_t(); | ||
| 225 | html_SEP = openid_auth_SEP_t(); | ||
| 226 | |||
| 227 | string::size_type fns = id.find_first_not_of(whitespace); | ||
| 228 | if(fns==string::npos) | ||
| 229 | throw opkele::bad_input(OPKELE_CP_ "whitespace-only identity"); | ||
| 230 | string::size_type lns = id.find_last_not_of(whitespace); | ||
| 231 | assert(lns!=string::npos); | ||
| 232 | if(!strncasecmp( | ||
| 233 | id.c_str()+fns,"xri://", | ||
| 234 | sizeof("xri://")-1)) | ||
| 235 | fns+=sizeof("xri://")-1; | ||
| 236 | string nid(id,fns,lns-fns+1); | ||
| 237 | if(nid.empty()) | ||
| 238 | throw opkele::bad_input(OPKELE_CP_ "nothing significant in identity"); | ||
| 239 | if(strchr("=@+$!(",*nid.c_str())) { | ||
| 240 | discover_service( | ||
| 241 | xri_proxy + util::url_encode(nid) + | ||
| 242 | "?_xrd_t=" STURI_OPENID10 "&_xrd_r=application/xrd+xml;sep=true", | ||
| 243 | true ); | ||
| 244 | if(auth_info.canonical_id.empty() | ||
| 245 | || auth_info.auth_SEP.xrd_Type.empty() ) | ||
| 246 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service for XRI found"); | ||
| 247 | }else{ | ||
| 248 | const char *np = nid.c_str(); | ||
| 249 | if( (strncasecmp(np,"http",4) || strncmp( | ||
| 250 | tolower(*(np+4))=='s'? np+5 : np+4, "://", 3)) | ||
| 251 | #ifndef NDEBUG | ||
| 252 | && strncasecmp(np,"file:///",sizeof("file:///")-1) | ||
| 253 | #endif /* XXX: or how do I let tests work? */ | ||
| 254 | ) | ||
| 255 | nid.insert(0,"http://"); | ||
| 256 | string::size_type fp = nid.find('#'); | ||
| 257 | if(fp!=string::npos) { | ||
| 258 | string::size_type qp = nid.find('?'); | ||
| 259 | if(qp==string::npos || qp<fp) { | ||
| 260 | nid.erase(fp); | ||
| 261 | }else if(qp>fp) | ||
| 262 | nid.erase(fp,qp-fp); | ||
| 263 | } | ||
| 264 | discover_service(nid); | ||
| 265 | const char *eu = 0; | ||
| 266 | CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu); | ||
| 267 | if(r) | ||
| 268 | throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r); | ||
| 269 | string canonicalized_id = util::rfc_3986_normalize_uri(eu); | ||
| 270 | if(xrds_location.empty()) { | ||
| 271 | if(auth_info.auth_SEP.xrd_Type.empty()) { | ||
| 272 | if(html_SEP.xrd_URI.empty()) | ||
| 273 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID 1.0 service discovered"); | ||
| 274 | auth_info.auth_SEP = html_SEP; | ||
| 275 | auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 ); | ||
| 276 | auth_info.canonical_id = canonicalized_id; | ||
| 277 | }else{ | ||
| 278 | if(auth_info.canonical_id.empty()) | ||
| 279 | auth_info.canonical_id = canonicalized_id; | ||
| 280 | } | ||
| 281 | }else{ | ||
| 282 | discover_service(xrds_location); | ||
| 283 | if(auth_info.auth_SEP.xrd_Type.empty()) { | ||
| 284 | if(html_SEP.xrd_URI.empty()) | ||
| 285 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID 1.0 service discovered"); | ||
| 286 | auth_info.auth_SEP = html_SEP; | ||
| 287 | auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 ); | ||
| 288 | auth_info.canonical_id = canonicalized_id; | ||
| 289 | }else{ | ||
| 290 | if(auth_info.canonical_id.empty()) | ||
| 291 | auth_info.canonical_id = canonicalized_id; | ||
| 292 | } | ||
| 293 | } | ||
| 294 | } | ||
| 295 | return auth_info; | ||
| 296 | } | ||
| 297 | |||
| 298 | } | ||
diff --git a/lib/util.cc b/lib/util.cc index 69d37b5..83f0eef 100644 --- a/lib/util.cc +++ b/lib/util.cc | |||
| @@ -182,27 +182,29 @@ namespace opkele { | |||
| 182 | if(colon==string::npos) | 182 | if(colon==string::npos) |
| 183 | throw bad_input(OPKELE_CP_ "No scheme specified in URI"); | 183 | throw bad_input(OPKELE_CP_ "No scheme specified in URI"); |
| 184 | transform( | 184 | transform( |
| 185 | uri.begin()+ns, uri.begin()+colon+1, | 185 | uri.begin()+ns, uri.begin()+colon+1, |
| 186 | back_inserter(rv), ::tolower ); | 186 | back_inserter(rv), ::tolower ); |
| 187 | bool s; | 187 | bool s; |
| 188 | if(rv=="http:") | ||
| 189 | s = false; | ||
| 190 | else if(rv=="https:") | ||
| 191 | s = true; | ||
| 192 | #ifndef NDEBUG | ||
| 193 | else if(rv=="file:") | ||
| 194 | s = false; | ||
| 195 | #endif /* XXX: or try to make tests work some other way */ | ||
| 196 | else | ||
| 197 | throw not_implemented(OPKELE_CP_ "Only http(s) URIs can be normalized here"); | ||
| 198 | string::size_type ul = uri.find_last_not_of(whitespace)+1; | 188 | string::size_type ul = uri.find_last_not_of(whitespace)+1; |
| 199 | if(ul <= (colon+3)) | 189 | if(ul <= (colon+3)) |
| 200 | throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); | 190 | throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); |
| 201 | if(uri[colon+1]!='/' || uri[colon+2]!='/') | 191 | if(uri[colon+1]!='/' || uri[colon+2]!='/') |
| 202 | throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); | 192 | throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); |
| 193 | if(rv=="http:") | ||
| 194 | s = false; | ||
| 195 | else if(rv=="https:") | ||
| 196 | s = true; | ||
| 197 | else{ | ||
| 198 | /* TODO: support more schemes. | ||
| 199 | * e.g. xri. How do we normalize | ||
| 200 | * xri? | ||
| 201 | */ | ||
| 202 | rv.append(uri,colon+1,ul-colon-1); | ||
| 203 | return rv; | ||
| 204 | } | ||
| 203 | rv += "//"; | 205 | rv += "//"; |
| 204 | string::size_type interesting = uri.find_first_of(":/#?",colon+3); | 206 | string::size_type interesting = uri.find_first_of(":/#?",colon+3); |
| 205 | if(interesting==string::npos) { | 207 | if(interesting==string::npos) { |
| 206 | transform( | 208 | transform( |
| 207 | uri.begin()+colon+3,uri.begin()+ul, | 209 | uri.begin()+colon+3,uri.begin()+ul, |
| 208 | back_inserter(rv), ::tolower ); | 210 | back_inserter(rv), ::tolower ); |