1 files changed, 1 insertions, 1 deletions
diff --git a/lib/util.cc b/lib/util.cc
index 249eeed..4028697 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -247,257 +247,257 @@ namespace opkele {
                    return rv;
                }
                rv.append(str,p,us-p);
                rv += "&#";
                rv += long_to_string((long)str[us]);
                rv += ';';
                p = us+1;
            }
        }
        string long_to_string(long l) {
            char rv[32];
            int r=snprintf(rv,sizeof(rv),"%ld",l);
            if(r<0 || r>=(int)sizeof(rv))
                throw failed_conversion(OPKELE_CP_ "failed to snprintf()");
            return rv;
        }
        long string_to_long(const string& s) {
            char *endptr = 0;
            long rv = strtol(s.c_str(),&endptr,10);
            if((!endptr) || endptr==s.c_str())
                throw failed_conversion(OPKELE_CP_ "failed to strtol()");
            return rv;
        }
        /*
         * Normalize URL according to the rules, described in rfc 3986, section 6
         *
         * - uppercase hex triplets (e.g. %ab -> %AB)
         * - lowercase scheme and host
         * - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3,
         *   that is - [:alpha:][:digit:]._~-
         * - remove dot segments
         * - remove empty and default ports
         * - if there's no path component, add '/'
         */
         string rfc_3986_normalize_uri(const string& uri) {
             string rv;
             string::size_type ns = uri.find_first_not_of(data::_whitespace_chars);
             if(ns==string::npos)
                 throw bad_input(OPKELE_CP_ "Can't normalize empty URI");
             string::size_type colon = uri.find(':',ns);
             if(colon==string::npos)
                 throw bad_input(OPKELE_CP_ "No scheme specified in URI");
             transform(
                     uri.begin()+ns, uri.begin()+colon+1,
                     back_inserter(rv), ::tolower );
             bool s;
             string::size_type ul = uri.find_last_not_of(data::_whitespace_chars)+1;
             if(ul <= (colon+3))
                 throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered");
             if(uri[colon+1]!='/' || uri[colon+2]!='/')
                 throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");
             if(rv=="http:")
                 s = false;
             else if(rv=="https:")
                 s = true;
             else{
                 /* TODO: support more schemes.  e.g. xri. How do we normalize
                  * xri?
                  */
                 rv.append(uri,colon+1,ul-colon-1);
                 return rv;
             }
             rv += "//";
             string::size_type interesting = uri.find_first_of(":/#?",colon+3);
             if(interesting==string::npos) {
                 transform(
                         uri.begin()+colon+3,uri.begin()+ul,
                         back_inserter(rv), ::tolower );
                 rv += '/'; return rv;
             }
             transform(
                     uri.begin()+colon+3,uri.begin()+interesting,
                     back_inserter(rv), ::tolower );
             bool qf = false;
             char ic = uri[interesting];
             if(ic==':') {
                 string::size_type ni = uri.find_first_of("/#?%",interesting+1);
                 const char *nptr = uri.data()+interesting+1;
                 char *eptr = 0;
                 long port = strtol(nptr,&eptr,10);
                 if( (port>0) && (port<65535) && port!=(s?443:80) ) {
                     char tmp[8];
                     snprintf(tmp,sizeof(tmp),":%ld",port);
                     rv += tmp;
                 }
                 if(ni==string::npos) {
                     rv += '/'; return rv;
                 }
                 interesting = ni;
             }else if(ic!='/') {
                 rv += '/'; rv += ic;
                 qf = true;
                 ++interesting;
             }
             string::size_type n = interesting;
             char tmp[3] = { 0,0,0 };
             stack<string::size_type> psegs; psegs.push(rv.length());
             string pseg;
             for(;n<ul;) {
                 string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);
                 if(unsafe==string::npos) {
                     pseg.append(uri,n,ul-n-1); n = ul-1;
                 }else{
                     pseg.append(uri,n,unsafe-n);
                     n = unsafe;
                 }
                 char c = uri[n++];
                 if(c=='%') {
                     if((n+1)>=ul)
                         throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");
                     tmp[0] = uri[n++];
                     tmp[1] = uri[n++];
                     if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) ))
                         throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized");
                     int cc = strtol(tmp,0,16);
                     if( isalpha(cc) || isdigit(cc) || strchr("._~-",cc) )
                         pseg += (char)cc;
                     else{
                         pseg += '%';
                         pseg += (char)toupper(tmp[0]); pseg += (char)toupper(tmp[1]);
                     }
                 }else if(qf) {
                     rv += pseg; rv += c;
                     pseg.clear();
                 }else if(n>=ul || strchr("?/#",c)) {
-                     if(pseg.empty() || pseg==".") {
+                     if( (unsafe!=string::npos && pseg.empty()) || pseg==".") {
                     }else if(pseg=="..") {
                         if(psegs.size()>1) {
                             rv.resize(psegs.top()); psegs.pop();
                         }
                     }else{
                         psegs.push(rv.length());
                         if(c!='/') {
                             pseg += c;
                             qf = true;
                         }
                         rv += '/'; rv += pseg;
                     }
                     if(c=='/' && (n>=ul || strchr("?#",uri[n])) ) {
                         rv += '/';
                         if(n<ul)
                             qf = true;
                     }else if(strchr("?#",c)) {
                         if(psegs.size()==1 && psegs.top()==rv.length())
                             rv += '/';
                         if(pseg.empty())
                             rv += c;
                         qf = true;
                     }
                     pseg.clear();
                 }else{
                     pseg += c;
                 }
             }
             if(!pseg.empty()) {
                 if(!qf) rv += '/';
                 rv += pseg;
             }
             return rv;
         }
        string& strip_uri_fragment_part(string& u) {
            string::size_type q = u.find('?'), f = u.find('#');
            if(q==string::npos) {
                if(f!=string::npos)
                    u.erase(f);
            }else{
                if(f!=string::npos) {
                    if(f<q)
                        u.erase(f,q-f);
                    else
                        u.erase(f);
                }
            }
            return u;
        }
        bool uri_matches_realm(const string& uri,const string& realm) {
            string nrealm = opkele::util::rfc_3986_normalize_uri(realm);
            string nu = opkele::util::rfc_3986_normalize_uri(uri);
            string::size_type pr = nrealm.find("://");
            string::size_type pu = nu.find("://");
            assert(!(pr==string::npos || pu==string::npos));
            pr += sizeof("://")-1;
            pu += sizeof("://")-1;
            if(!strncmp(nrealm.c_str()+pr,"*.",2)) {
                pr = nrealm.find('.',pr);
                pu = nu.find('.',pu);
                assert(pr!=string::npos);
                if(pu==string::npos)
                    return false;
                // TODO: check for overgeneralized realm
            }
            string::size_type lr = nrealm.length();
            string::size_type lu = nu.length();
            if( (lu-pu) < (lr-pr) )
                return false;
            pair<const char*,const char*> mp = mismatch(
                    nrealm.c_str()+pr,nrealm.c_str()+lr,
                    nu.c_str()+pu);
            if( (*(mp.first-1))!='/'
                    && !strchr("/?#",*mp.second) )
                return false;
            return true;
        }
        string abi_demangle(const char *mn) {
 #ifndef HAVE_DEMANGLE
            return mn;
 #else /* !HAVE_DEMANGLE */
            int dstat;
            char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);
            if(dstat)
                return mn;
            string rv = demangled;
            free(demangled);
            return rv;
 #endif /* !HAVE_DEMANGLE */
        }
        string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {
            const string& slist = om.get_field("signed");
            string kv;
            string::size_type p=0;
            while(true) {
                string::size_type co = slist.find(',',p);
                string f = (co==string::npos)
                    ?slist.substr(p):slist.substr(p,co-p);
                kv += f;
                kv += ':';
                kv += om.get_field(f);
                kv += '\n';
                if(co==string::npos) break;
                p = co+1;
            }
            const secret_t& secret = assoc->secret();
            const EVP_MD *evpmd;
            const string& at = assoc->assoc_type();
            if(at=="HMAC-SHA256")
                evpmd = EVP_sha256();
            else if(at=="HMAC-SHA1")
                evpmd = EVP_sha1();
            else
                throw unsupported(OPKELE_CP_ "unknown association type");
            unsigned int md_len = 0;
            unsigned char md[SHA256_DIGEST_LENGTH];
            HMAC(evpmd,
                    &(secret.front()),secret.size(),
                    (const unsigned char*)kv.data(),kv.length(),
                    md,&md_len);
            return encode_base64(md,md_len);
        }
        string normalize_identifier(const string& usi,bool strip_fragment) {

diff --git a/lib/util.cc b/lib/util.cc index 249eeed..4028697 100644 --- a/lib/util.cc +++ b/lib/util.cc
@@ -247,257 +247,257 @@ namespace opkele {
247	return rv;	247	return rv;
248	}	248	}
249	rv.append(str,p,us-p);	249	rv.append(str,p,us-p);
250	rv += "&#";	250	rv += "&#";
251	rv += long_to_string((long)str[us]);	251	rv += long_to_string((long)str[us]);
252	rv += ';';	252	rv += ';';
253	p = us+1;	253	p = us+1;
254	}	254	}
255	}	255	}
256		256
257	string long_to_string(long l) {	257	string long_to_string(long l) {
258	char rv[32];	258	char rv[32];
259	int r=snprintf(rv,sizeof(rv),"%ld",l);	259	int r=snprintf(rv,sizeof(rv),"%ld",l);
260	if(r<0 \|\| r>=(int)sizeof(rv))	260	if(r<0 \|\| r>=(int)sizeof(rv))
261	throw failed_conversion(OPKELE_CP_ "failed to snprintf()");	261	throw failed_conversion(OPKELE_CP_ "failed to snprintf()");
262	return rv;	262	return rv;
263	}	263	}
264		264
265	long string_to_long(const string& s) {	265	long string_to_long(const string& s) {
266	char *endptr = 0;	266	char *endptr = 0;
267	long rv = strtol(s.c_str(),&endptr,10);	267	long rv = strtol(s.c_str(),&endptr,10);
268	if((!endptr) \|\| endptr==s.c_str())	268	if((!endptr) \|\| endptr==s.c_str())
269	throw failed_conversion(OPKELE_CP_ "failed to strtol()");	269	throw failed_conversion(OPKELE_CP_ "failed to strtol()");
270	return rv;	270	return rv;
271	}	271	}
272		272
273	/*	273	/*
274	* Normalize URL according to the rules, described in rfc 3986, section 6	274	* Normalize URL according to the rules, described in rfc 3986, section 6
275	*	275	*
276	* - uppercase hex triplets (e.g. %ab -> %AB)	276	* - uppercase hex triplets (e.g. %ab -> %AB)
277	* - lowercase scheme and host	277	* - lowercase scheme and host
278	* - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3,	278	* - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3,
279	* that is - [:alpha:][:digit:]._~-	279	* that is - [:alpha:][:digit:]._~-
280	* - remove dot segments	280	* - remove dot segments
281	* - remove empty and default ports	281	* - remove empty and default ports
282	* - if there's no path component, add '/'	282	* - if there's no path component, add '/'
283	*/	283	*/
284	string rfc_3986_normalize_uri(const string& uri) {	284	string rfc_3986_normalize_uri(const string& uri) {
285	string rv;	285	string rv;
286	string::size_type ns = uri.find_first_not_of(data::_whitespace_chars);	286	string::size_type ns = uri.find_first_not_of(data::_whitespace_chars);
287	if(ns==string::npos)	287	if(ns==string::npos)
288	throw bad_input(OPKELE_CP_ "Can't normalize empty URI");	288	throw bad_input(OPKELE_CP_ "Can't normalize empty URI");
289	string::size_type colon = uri.find(':',ns);	289	string::size_type colon = uri.find(':',ns);
290	if(colon==string::npos)	290	if(colon==string::npos)
291	throw bad_input(OPKELE_CP_ "No scheme specified in URI");	291	throw bad_input(OPKELE_CP_ "No scheme specified in URI");
292	transform(	292	transform(
293	uri.begin()+ns, uri.begin()+colon+1,	293	uri.begin()+ns, uri.begin()+colon+1,
294	back_inserter(rv), ::tolower );	294	back_inserter(rv), ::tolower );
295	bool s;	295	bool s;
296	string::size_type ul = uri.find_last_not_of(data::_whitespace_chars)+1;	296	string::size_type ul = uri.find_last_not_of(data::_whitespace_chars)+1;
297	if(ul <= (colon+3))	297	if(ul <= (colon+3))
298	throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered");	298	throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered");
299	if(uri[colon+1]!='/' \|\| uri[colon+2]!='/')	299	if(uri[colon+1]!='/' \|\| uri[colon+2]!='/')
300	throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");	300	throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");
301	if(rv=="http:")	301	if(rv=="http:")
302	s = false;	302	s = false;
303	else if(rv=="https:")	303	else if(rv=="https:")
304	s = true;	304	s = true;
305	else{	305	else{
306	/* TODO: support more schemes. e.g. xri. How do we normalize	306	/* TODO: support more schemes. e.g. xri. How do we normalize
307	* xri?	307	* xri?
308	*/	308	*/
309	rv.append(uri,colon+1,ul-colon-1);	309	rv.append(uri,colon+1,ul-colon-1);
310	return rv;	310	return rv;
311	}	311	}
312	rv += "//";	312	rv += "//";
313	string::size_type interesting = uri.find_first_of(":/#?",colon+3);	313	string::size_type interesting = uri.find_first_of(":/#?",colon+3);
314	if(interesting==string::npos) {	314	if(interesting==string::npos) {
315	transform(	315	transform(
316	uri.begin()+colon+3,uri.begin()+ul,	316	uri.begin()+colon+3,uri.begin()+ul,
317	back_inserter(rv), ::tolower );	317	back_inserter(rv), ::tolower );
318	rv += '/'; return rv;	318	rv += '/'; return rv;
319	}	319	}
320	transform(	320	transform(
321	uri.begin()+colon+3,uri.begin()+interesting,	321	uri.begin()+colon+3,uri.begin()+interesting,
322	back_inserter(rv), ::tolower );	322	back_inserter(rv), ::tolower );
323	bool qf = false;	323	bool qf = false;
324	char ic = uri[interesting];	324	char ic = uri[interesting];
325	if(ic==':') {	325	if(ic==':') {
326	string::size_type ni = uri.find_first_of("/#?%",interesting+1);	326	string::size_type ni = uri.find_first_of("/#?%",interesting+1);
327	const char *nptr = uri.data()+interesting+1;	327	const char *nptr = uri.data()+interesting+1;
328	char *eptr = 0;	328	char *eptr = 0;
329	long port = strtol(nptr,&eptr,10);	329	long port = strtol(nptr,&eptr,10);
330	if( (port>0) && (port<65535) && port!=(s?443:80) ) {	330	if( (port>0) && (port<65535) && port!=(s?443:80) ) {
331	char tmp[8];	331	char tmp[8];
332	snprintf(tmp,sizeof(tmp),":%ld",port);	332	snprintf(tmp,sizeof(tmp),":%ld",port);
333	rv += tmp;	333	rv += tmp;
334	}	334	}
335	if(ni==string::npos) {	335	if(ni==string::npos) {
336	rv += '/'; return rv;	336	rv += '/'; return rv;
337	}	337	}
338	interesting = ni;	338	interesting = ni;
339	}else if(ic!='/') {	339	}else if(ic!='/') {
340	rv += '/'; rv += ic;	340	rv += '/'; rv += ic;
341	qf = true;	341	qf = true;
342	++interesting;	342	++interesting;
343	}	343	}
344	string::size_type n = interesting;	344	string::size_type n = interesting;
345	char tmp[3] = { 0,0,0 };	345	char tmp[3] = { 0,0,0 };
346	stack<string::size_type> psegs; psegs.push(rv.length());	346	stack<string::size_type> psegs; psegs.push(rv.length());
347	string pseg;	347	string pseg;
348	for(;n<ul;) {	348	for(;n<ul;) {
349	string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);	349	string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);
350	if(unsafe==string::npos) {	350	if(unsafe==string::npos) {
351	pseg.append(uri,n,ul-n-1); n = ul-1;	351	pseg.append(uri,n,ul-n-1); n = ul-1;
352	}else{	352	}else{
353	pseg.append(uri,n,unsafe-n);	353	pseg.append(uri,n,unsafe-n);
354	n = unsafe;	354	n = unsafe;
355	}	355	}
356	char c = uri[n++];	356	char c = uri[n++];
357	if(c=='%') {	357	if(c=='%') {
358	if((n+1)>=ul)	358	if((n+1)>=ul)
359	throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");	359	throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");
360	tmp[0] = uri[n++];	360	tmp[0] = uri[n++];
361	tmp[1] = uri[n++];	361	tmp[1] = uri[n++];
362	if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) ))	362	if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) ))
363	throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized");	363	throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized");
364	int cc = strtol(tmp,0,16);	364	int cc = strtol(tmp,0,16);
365	if( isalpha(cc) \|\| isdigit(cc) \|\| strchr("._~-",cc) )	365	if( isalpha(cc) \|\| isdigit(cc) \|\| strchr("._~-",cc) )
366	pseg += (char)cc;	366	pseg += (char)cc;
367	else{	367	else{
368	pseg += '%';	368	pseg += '%';
369	pseg += (char)toupper(tmp[0]); pseg += (char)toupper(tmp[1]);	369	pseg += (char)toupper(tmp[0]); pseg += (char)toupper(tmp[1]);
370	}	370	}
371	}else if(qf) {	371	}else if(qf) {
372	rv += pseg; rv += c;	372	rv += pseg; rv += c;
373	pseg.clear();	373	pseg.clear();
374	}else if(n>=ul \|\| strchr("?/#",c)) {	374	}else if(n>=ul \|\| strchr("?/#",c)) {
375	if(pseg.empty() \|\| pseg==".") {	375	if( (unsafe!=string::npos && pseg.empty()) \|\| pseg==".") {
376	}else if(pseg=="..") {	376	}else if(pseg=="..") {
377	if(psegs.size()>1) {	377	if(psegs.size()>1) {
378	rv.resize(psegs.top()); psegs.pop();	378	rv.resize(psegs.top()); psegs.pop();
379	}	379	}
380	}else{	380	}else{
381	psegs.push(rv.length());	381	psegs.push(rv.length());
382	if(c!='/') {	382	if(c!='/') {
383	pseg += c;	383	pseg += c;
384	qf = true;	384	qf = true;
385	}	385	}
386	rv += '/'; rv += pseg;	386	rv += '/'; rv += pseg;
387	}	387	}
388	if(c=='/' && (n>=ul \|\| strchr("?#",uri[n])) ) {	388	if(c=='/' && (n>=ul \|\| strchr("?#",uri[n])) ) {
389	rv += '/';	389	rv += '/';
390	if(n<ul)	390	if(n<ul)
391	qf = true;	391	qf = true;
392	}else if(strchr("?#",c)) {	392	}else if(strchr("?#",c)) {
393	if(psegs.size()==1 && psegs.top()==rv.length())	393	if(psegs.size()==1 && psegs.top()==rv.length())
394	rv += '/';	394	rv += '/';
395	if(pseg.empty())	395	if(pseg.empty())
396	rv += c;	396	rv += c;
397	qf = true;	397	qf = true;
398	}	398	}
399	pseg.clear();	399	pseg.clear();
400	}else{	400	}else{
401	pseg += c;	401	pseg += c;
402	}	402	}
403	}	403	}
404	if(!pseg.empty()) {	404	if(!pseg.empty()) {
405	if(!qf) rv += '/';	405	if(!qf) rv += '/';
406	rv += pseg;	406	rv += pseg;
407	}	407	}
408	return rv;	408	return rv;
409	}	409	}
410		410
411	string& strip_uri_fragment_part(string& u) {	411	string& strip_uri_fragment_part(string& u) {
412	string::size_type q = u.find('?'), f = u.find('#');	412	string::size_type q = u.find('?'), f = u.find('#');
413	if(q==string::npos) {	413	if(q==string::npos) {
414	if(f!=string::npos)	414	if(f!=string::npos)
415	u.erase(f);	415	u.erase(f);
416	}else{	416	}else{
417	if(f!=string::npos) {	417	if(f!=string::npos) {
418	if(f<q)	418	if(f<q)
419	u.erase(f,q-f);	419	u.erase(f,q-f);
420	else	420	else
421	u.erase(f);	421	u.erase(f);
422	}	422	}
423	}	423	}
424	return u;	424	return u;
425	}	425	}
426		426
427	bool uri_matches_realm(const string& uri,const string& realm) {	427	bool uri_matches_realm(const string& uri,const string& realm) {
428	string nrealm = opkele::util::rfc_3986_normalize_uri(realm);	428	string nrealm = opkele::util::rfc_3986_normalize_uri(realm);
429	string nu = opkele::util::rfc_3986_normalize_uri(uri);	429	string nu = opkele::util::rfc_3986_normalize_uri(uri);
430	string::size_type pr = nrealm.find("://");	430	string::size_type pr = nrealm.find("://");
431	string::size_type pu = nu.find("://");	431	string::size_type pu = nu.find("://");
432	assert(!(pr==string::npos \|\| pu==string::npos));	432	assert(!(pr==string::npos \|\| pu==string::npos));
433	pr += sizeof("://")-1;	433	pr += sizeof("://")-1;
434	pu += sizeof("://")-1;	434	pu += sizeof("://")-1;
435	if(!strncmp(nrealm.c_str()+pr,"*.",2)) {	435	if(!strncmp(nrealm.c_str()+pr,"*.",2)) {
436	pr = nrealm.find('.',pr);	436	pr = nrealm.find('.',pr);
437	pu = nu.find('.',pu);	437	pu = nu.find('.',pu);
438	assert(pr!=string::npos);	438	assert(pr!=string::npos);
439	if(pu==string::npos)	439	if(pu==string::npos)
440	return false;	440	return false;
441	// TODO: check for overgeneralized realm	441	// TODO: check for overgeneralized realm
442	}	442	}
443	string::size_type lr = nrealm.length();	443	string::size_type lr = nrealm.length();
444	string::size_type lu = nu.length();	444	string::size_type lu = nu.length();
445	if( (lu-pu) < (lr-pr) )	445	if( (lu-pu) < (lr-pr) )
446	return false;	446	return false;
447	pair<const char,const char> mp = mismatch(	447	pair<const char,const char> mp = mismatch(
448	nrealm.c_str()+pr,nrealm.c_str()+lr,	448	nrealm.c_str()+pr,nrealm.c_str()+lr,
449	nu.c_str()+pu);	449	nu.c_str()+pu);
450	if( (*(mp.first-1))!='/'	450	if( (*(mp.first-1))!='/'
451	&& !strchr("/?#",*mp.second) )	451	&& !strchr("/?#",*mp.second) )
452	return false;	452	return false;
453	return true;	453	return true;
454	}	454	}
455		455
456	string abi_demangle(const char *mn) {	456	string abi_demangle(const char *mn) {
457	#ifndef HAVE_DEMANGLE	457	#ifndef HAVE_DEMANGLE
458	return mn;	458	return mn;
459	#else /* !HAVE_DEMANGLE */	459	#else /* !HAVE_DEMANGLE */
460	int dstat;	460	int dstat;
461	char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);	461	char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);
462	if(dstat)	462	if(dstat)
463	return mn;	463	return mn;
464	string rv = demangled;	464	string rv = demangled;
465	free(demangled);	465	free(demangled);
466	return rv;	466	return rv;
467	#endif /* !HAVE_DEMANGLE */	467	#endif /* !HAVE_DEMANGLE */
468	}	468	}
469		469
470	string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {	470	string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {
471	const string& slist = om.get_field("signed");	471	const string& slist = om.get_field("signed");
472	string kv;	472	string kv;
473	string::size_type p=0;	473	string::size_type p=0;
474	while(true) {	474	while(true) {
475	string::size_type co = slist.find(',',p);	475	string::size_type co = slist.find(',',p);
476	string f = (co==string::npos)	476	string f = (co==string::npos)
477	?slist.substr(p):slist.substr(p,co-p);	477	?slist.substr(p):slist.substr(p,co-p);
478	kv += f;	478	kv += f;
479	kv += ':';	479	kv += ':';
480	kv += om.get_field(f);	480	kv += om.get_field(f);
481	kv += '\n';	481	kv += '\n';
482	if(co==string::npos) break;	482	if(co==string::npos) break;
483	p = co+1;	483	p = co+1;
484	}	484	}
485	const secret_t& secret = assoc->secret();	485	const secret_t& secret = assoc->secret();
486	const EVP_MD *evpmd;	486	const EVP_MD *evpmd;
487	const string& at = assoc->assoc_type();	487	const string& at = assoc->assoc_type();
488	if(at=="HMAC-SHA256")	488	if(at=="HMAC-SHA256")
489	evpmd = EVP_sha256();	489	evpmd = EVP_sha256();
490	else if(at=="HMAC-SHA1")	490	else if(at=="HMAC-SHA1")
491	evpmd = EVP_sha1();	491	evpmd = EVP_sha1();
492	else	492	else
493	throw unsupported(OPKELE_CP_ "unknown association type");	493	throw unsupported(OPKELE_CP_ "unknown association type");
494	unsigned int md_len = 0;	494	unsigned int md_len = 0;
495	unsigned char md[SHA256_DIGEST_LENGTH];	495	unsigned char md[SHA256_DIGEST_LENGTH];
496	HMAC(evpmd,	496	HMAC(evpmd,
497	&(secret.front()),secret.size(),	497	&(secret.front()),secret.size(),
498	(const unsigned char*)kv.data(),kv.length(),	498	(const unsigned char*)kv.data(),kv.length(),
499	md,&md_len);	499	md,&md_len);
500	return encode_base64(md,md_len);	500	return encode_base64(md,md_len);
501	}	501	}
502		502
503	string normalize_identifier(const string& usi,bool strip_fragment) {	503	string normalize_identifier(const string& usi,bool strip_fragment) {