summaryrefslogtreecommitdiffabout
Side-by-side diff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--acinclude.m417
-rw-r--r--configure.ac83
-rw-r--r--include/Makefile.am8
-rw-r--r--include/opkele/.gitignore1
-rw-r--r--include/opkele/consumer.h6
-rw-r--r--include/opkele/curl.h24
-rw-r--r--include/opkele/debug.h17
-rw-r--r--include/opkele/discovery.h40
-rw-r--r--include/opkele/exception.h95
-rw-r--r--include/opkele/expat.h91
-rw-r--r--include/opkele/server.h4
-rw-r--r--include/opkele/tidy.h73
-rw-r--r--include/opkele/tr1-mem.h.in10
-rw-r--r--include/opkele/types.h92
-rw-r--r--include/opkele/uris.h18
-rw-r--r--lib/Makefile.am11
-rw-r--r--lib/consumer.cc20
-rw-r--r--lib/discovery.cc446
-rw-r--r--lib/exception.cc22
-rw-r--r--lib/expat.cc96
-rw-r--r--lib/params.cc13
-rw-r--r--lib/secret.cc12
-rw-r--r--lib/sreg.cc2
-rw-r--r--lib/util.cc55
-rw-r--r--libopkele.pc.in4
-rw-r--r--test/.gitignore1
-rw-r--r--test/Makefile.am6
-rw-r--r--test/idiscover.cc54
28 files changed, 1247 insertions, 74 deletions
diff --git a/acinclude.m4 b/acinclude.m4
index 80defc7..fbb4cdc 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -1,166 +1,183 @@
dnl AC_WITH_DOXYGEN([ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]])
dnl Outputs:
dnl AC_SUBST: DOXYGEN HAVE_DOXYGEN
dnl AM_CONDTIONAL: HAVE_DOXYGEN
AC_DEFUN([AC_WITH_DOXYGEN],[
HAVE_DOXYGEN="no"
AC_PATH_PROG([DOXYGEN],[doxygen],[false])
if test "${DOXYGEN}" = "false" ; then
ifelse([$2], , :, [$2])
else
HAVE_DOXYGEN="yes"
AC_SUBST([DOXYGEN])
$1
fi
AC_SUBST([HAVE_DOXYGEN])
AM_CONDITIONAL([HAVE_DOXYGEN],[test "${HAVE_DOXYGEN}" = "yes"])
])
dnl AC_WITH_DOT([ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]])
dnl Outputs:
dnl AC_SUBST: DOT HAVE_DOT
dnl AM_CONDITIONAL: HAVE_DOT
AC_DEFUN([AC_WITH_DOT],[
HAVE_DOT="no"
AC_PATH_PROG([DOT],[dot],[false])
if test "${DOT}" = "false" ; then
ifelse([$2], , :, [$2])
else
HAVE_DOT="yes"
AC_SUBST([DOT])
$1
fi
AC_SUBST([HAVE_DOT])
AM_CONDITIONAL([HAVE_DOT],[test "${HAVE_DOT}" = "yes"])
])
dnl AC_WITH_PCRE([ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]])
dnl Outputs:
dnl AC_SUBST: PCRE_CONFIG PCRE_PREFIX PCRE_EXEC_PREFIX
dnl PCRE_VERSION PCRE_CFLAGS PCRE_LIBS
dnl PCRE_LIBS_POSIX PCRE_CFLAGS_POSIX
dnl AC_DEFINE: HAVE_PCRE PCRE_VERSION
dnl env: HAVE_PCRE=yes|no
AC_DEFUN([AC_WITH_PCRE],[
HAVE_PCRE="no"
PCRE_CONFIG=""
PCRE_PREFIX=""
PCRE_EXEC_PREFIX=""
PCRE_VERSION=""
PCRE_CFLAGS=""
PCRE_LIBS=""
PCRE_LOCATIONS="${PATH}:/usr/local/bin:/usr/bin"
test -z "$WANT_PCRE" && WANT_PCRE=""
AC_ARG_WITH([pcre],
AC_HELP_STRING([--with-pcre=location],[Look for pcre in specified locations]),
[
if test "${withval}" = "no" ; then
WANT_PCRE="no"
else
if test -x "${withval}" ; then
PCRE_CONFIG="${withval}"
elif test -x "${withval}/pcre-config" ; then
PCRE_CONFIG="${withval}/pcre-config"
elif test -x "${withval}/bin/pcre-config" ; then
PCRE_CONFIG="${withval}/bin/pcre-config"
fi
fi
]
)
if test "${WANT_PCRE}" = "no" ; then
ifelse([$2], , :, [$2])
else
if test -z "${PCRE_CONFIG}" ; then
AC_PATH_PROG(PCRE_CONFIG,[pcre-config],false,[${PCRE_LOCATIONS}])
if test "${PCRE_CONFIG}" = "false" ; then
ifelse([$2], , :, [$2])
else
HAVE_PCRE="yes"
PCRE_PREFIX="`${PCRE_CONFIG} --prefix`"
PCRE_EXEC_PREFIX="`${PCRE_CONFIG} --exec-prefix`"
PCRE_VERSION="`${PCRE_CONFIG} --version`"
PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`"
PCRE_LIBS="`${PCRE_CONFIG} --libs`"
PCRE_CFLAGS_POSIX="`${PCRE_CONFIG} --cflags-posix`"
PCRE_LIBS_POSIX="`${PCRE_CONFIG} --libs-posix`"
AC_SUBST([PCRE_CONFIG])
AC_SUBST([PCRE_PREFIX])
AC_SUBST([PCRE_EXEC_PREFIX])
AC_SUBST([PCRE_VERSION])
AC_SUBST([PCRE_CFLAGS])
AC_SUBST([PCRE_LIBS])
AC_SUBST([PCRE_CFLAGS_POSIX])
AC_SUBST([PCRE_LIBS_POSIX])
AC_DEFINE([HAVE_PCRE],,[pcre support])
AC_DEFINE_UNQUOTED([PCRE_VERSION],["${PCRE_VERSION}"],[pcre version])
$1
fi
fi
fi
])
dnl AC_WITH_PCREPP([ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]])
dnl Outputs:
dnl AC_SUBST: PCREPP_CONFIG PCREPP_PREFIX PCREPP_EXEC_PREFIX
dnl PCREPP_VERSION PCREPP_CFLAGS PCREPP_LIBS
dnl AC_DEFINE: HAVE_PCREPP PCREPP_VERSION
dnl env: HAVE_PCREPP=yes|no
AC_DEFUN([AC_WITH_PCREPP],[
HAVE_PCREPP="no"
PCREPP_CONFIG=""
PCREPP_PREFIX=""
PCREPP_EXEC_PREFIX=""
PCREPP_VERSION=""
PCREPP_CFLAGS=""
PCREPP_LIBS=""
PCREPP_LOCATIONS="${PATH}:/usr/local/bin:/usr/bin"
test -z "$WANT_PCREPP" && WANT_PCREPP=""
AC_ARG_WITH([pcrepp],
AC_HELP_STRING([--with-pcrepp=location],[Look for pcre++ in specified locations]),
[
if test "${withval}" = "no" ; then
WANT_PCREPP="no"
else
if test -x "${withval}" ; then
PCREPP_CONFIG="${withval}"
elif test -x "${withval}/pcre++-config" ; then
PCREPP_CONFIG="${withval}/pcre++-config"
elif test -x "${withval}/bin/pcre++-config" ; then
PCREPP_CONFIG="${withval}/bin/pcre++-config"
fi
fi
]
)
if test "${WANT_PCREPP}" = "no" ; then
ifelse([$2], , :, [$2])
else
if test "${HAVE_PCRE}" != "yes" ; then
ifelse([$2], , :, [$2])
else
if test -z "${PCREPP_CONFIG}" ; then
AC_PATH_PROG([PCREPP_CONFIG],[pcre++-config],false,[${PCREPP_LOCATIONS}])
if test "${PCREPP_CONFIG}" = "false" ; then
ifelse([$2], , :, [$2])
else
HAVE_PCREPP="yes"
PCREPP_PREFIX="`${PCREPP_CONFIG} --prefix`"
PCREPP_EXEC_PREFIX="`${PCREPP_CONFIG} --exec-prefix`"
PCREPP_VERSION="`${PCREPP_CONFIG} --version`"
PCREPP_CFLAGS="`${PCREPP_CONFIG} --cflags` ${PCRE_CFLAGS}"
PCREPP_LIBS="`${PCREPP_CONFIG} --libs` ${PCRE_LIBS}"
AC_SUBST([PCREPP_CONFIG])
AC_SUBST([PCREPP_PREFIX])
AC_SUBST([PCREPP_EXEC_PREFIX])
AC_SUBST([PCREPP_VERSION])
AC_SUBST([PCREPP_CFLAGS])
AC_SUBST([PCREPP_LIBS])
AC_DEFINE([HAVE_PCREPP],,[pcre++ support])
AC_DEFINE_UNQUOTED([PCREPP_VERSION],["${PCREPP_VERSION}"],[pcre++ version])
$1
fi
fi
fi
fi
])
+dnl AC_CHECK_SHAREDPTR(NS,HEADER[,ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]])
+AC_DEFUN([AC_CHECK_SHAREDPTR],[
+ AC_LANG_PUSH([C++])
+ AC_MSG_CHECKING([for $1::shared_ptr<> in $2])
+ AC_COMPILE_IFELSE([
+ #include <$2>
+ int main(int c,char**v) { $1::shared_ptr<int> spi(new int(0)); return *spi; }
+ ],[
+ AC_MSG_RESULT([found])
+ $3
+ ],[
+ AC_MSG_RESULT([not found])
+ $4
+ ])
+ AC_LANG_POP([C++])
+])
+
m4_include([acinclude.d/libcurl.m4])
diff --git a/configure.ac b/configure.ac
index 48a5efb..c28141c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,128 +1,211 @@
AC_INIT([libopkele], [0.4], [libopkele-bugs@klever.net])
AC_CONFIG_SRCDIR([include/opkele/opkele-config.h])
AC_CONFIG_HEADERS([config.h include/opkele/acconfig.h])
AM_INIT_AUTOMAKE([dist-bzip2])
AC_PROG_INSTALL
AC_PROG_CXX
AC_PROG_CC
AC_PROG_LIBTOOL
PKG_PROG_PKG_CONFIG
AC_HEADER_STDC
AC_PATH_PROG([XSLTPROC],[xsltproc],[true])
AC_MSG_CHECKING([for source tree version])
if headrev=$(cd $srcdir && git rev-parse --verify HEAD 2>/dev/null) ; then
PACKAGE_SRC_VERSION="$(cd $srcdir && git describe --tags $headrev)"
test "$PACKAGE_SRC_VERSION" = "$PACKAGE_VERSION" \
-o "${PACKAGE_SRC_VERSION#${PACKAGE_VERSION}-}" != "$PACKAGE_SRC_VERSION" || PACKAGE_SRC_VERSION="${PACKAGE_VERSION}:${PACKAGE_SRC_VERSION}"
( cd $srcdir && git diff-index $headrev | read dirt ) && PACKAGE_SRC_VERSION="${PACKAGE_SRC_VERSION}-dirty"
else
PACKAGE_SRC_VERSION="$PACKAGE_VERSION"
fi
AC_MSG_RESULT([$PACKAGE_SRC_VERSION])
AC_SUBST([PACKAGE_SRC_VERSION])
AC_DEFINE_UNQUOTED([PACKAGE_SRC_VERSION],["$PACKAGE_SRC_VERSION"],[more or less precise source tree version])
+tr1_mem_std="false"
+tr1_mem_boost="false"
+AC_CHECK_SHAREDPTR(std::tr1,tr1/memory,[ tr1_mem_std=true ])
+AC_CHECK_SHAREDPTR(boost,boost/shared_ptr.hpp,[ tr1_mem_boost=true ])
+tr1_mem=""
+AC_ARG_WITH([tr1-memory],
+ AC_HELP_STRING([--with-tr1-memory=<boost|std>],[select tr1/memory (shared_ptr<>) implementation to use]),
+ [ tr1_mem="$withval" ]
+)
+AC_MSG_CHECKING([for tr1/memory implementation to use])
+test -z "$tr1_mem" && $tr1_mem_std && tr1_mem=std
+test -z "$tr1_mem" && $tr1_mem_boost && tr1_mem=boost
+if test -z "$tr1_mem" ; then
+ AC_MSG_RESULT([none found])
+else
+ AC_MSG_RESULT([$tr1_mem])
+fi
+case "$tr1_mem" in
+ std)
+ $tr1_mem_std || AC_MSG_ERROR([std implementation requested, but not found])
+ OPKELE_TR1_MEM_NS=std::tr1
+ OPKELE_TR1_MEM_HEADER=tr1/memory
+ ;;
+ boost)
+ $tr1_mem_boost || AC_MSG_ERROR([boost implementation requested, but not found])
+ OPKELE_TR1_MEM_NS=boost
+ OPKELE_TR1_MEM_HEADER=boost/shared_ptr.hpp
+ ;;
+ *)
+ AC_MSG_ERROR([no shared_ptr<> implementation found])
+ ;;
+esac
+AC_SUBST([OPKELE_TR1_MEM_NS])
+AC_SUBST([OPKELE_TR1_MEM_HEADER])
+
PKG_CHECK_MODULES([OPENSSL],[openssl],,[
AC_MSG_ERROR([no openssl library found. get one from http://www.openssl.org/])
])
WANT_KONFORKA="yes"
AC_ARG_ENABLE([konforka],
AC_HELP_STRING([--disable-konforka],[do not use konforka library (default: use if found)]),
[
test "${enableval}" = "no" && WANT_KONFORKA="no"
]
)
if test "${WANT_KONFORKA}" = "yes" ; then
PKG_CHECK_MODULES([KONFORKA],[konforka],[
AC_SUBST([KONFORKA_CFLAGS])
AC_SUBST([KONFORKA_LIBS])
AC_DEFINE([HAVE_KONFORKA],,[defined in presence of konforka library])
AC_DEFINE([OPKELE_HAVE_KONFORKA],,[defined in presence of konforka library])
AC_SUBST([KONFORKA_KONFORKA],[konforka])
],[true])
fi
WANT_DOXYGEN="yes"
AC_ARG_ENABLE([doxygen],
AC_HELP_STRING([--disable-doxygen],[do not generate documentation]),
[
test "${enableval}" = "no" && WANT_DOXYGEN="no"
]
)
if test "${WANT_DOXYGEN}" = "yes" ; then
AC_WITH_DOXYGEN
AC_WITH_DOT
else
AM_CONDITIONAL([HAVE_DOXYGEN],[false])
AM_CONDITIONAL([HAVE_DOT],[false])
fi
LIBCURL_CHECK_CONFIG(,,,[
AC_MSG_ERROR([no required libcurl library. get one from http://curl.haxx.se/])
])
+AC_CHECK_HEADER([expat.h],[
+ AC_CHECK_LIB([expat],[XML_ParserCreate],[
+ EXPAT_LIBS=-lexpat
+ EXPAT_CFLAGS=
+ AC_SUBST([EXPAT_LIBS])
+ AC_SUBST([EXPAT_CFLAGS])
+ ],[
+ AC_MSG_ERROR([no required expat library. get one from http://expat.sourceforge.net/])
+ ])
+],[
+ AC_MSG_ERROR([no required expat library. get one from http://expat.sourceforge.net/])
+])
+
+AC_CHECK_HEADER([tidy.h],[
+ AC_CHECK_LIB([tidy],[tidyParseBuffer],[
+ TIDY_LIBS=-ltidy
+ TIDY_CFLAGS=
+ AC_SUBST([TIDY_LIBS])
+ AC_SUBST([TIDY_CFLAGS])
+ ],[
+ AC_MSG_ERROR([no required htmltidy library found. get one from http://tidy.sourceforge.net/])
+ ])
+],[
+ AC_MSG_ERROR([no required htmltidy library found. get one from http://tidy.sourceforge.net/])
+])
+
if test -n "$PCRE_LIBS" -a -n "$PCRE_CFLAGS" ; then
AC_SUBST([PCRE_CFLAGS])
AC_SUBST([PCRE_LIBS])
:
else
PKG_CHECK_MODULES([PCRE],[libpcre],,[
AC_MSG_ERROR([no libpcre found, go get it at http://www.pcre.org/])
])
fi
curl_ssl_verify_host="true"
AC_ARG_ENABLE([ssl-verify-host],
AC_HELP_STRING([--disable-ssl-verify-host],[disable cURL cert/host relationships verification]),
[ test "${enableval}" = "no" && curl_ssl_verify_host="false" ]
)
${curl_ssl_verify_host} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYHOST],,[defined if cURL is not to verify cert/host])
curl_ssl_verify_peer="true"
AC_ARG_ENABLE([ssl-verify-peer],
AC_HELP_STRING([--disable-ssl-verify-peer],[disable cURL cert validity verification]),
[ test "${enableval}" = "no" && curl_ssl_verify_peer="false" ]
)
${curl_ssl_verify_peer} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYPEER],,[defined if cURL is not to verify cert validity])
postels_law=true
AC_ARG_ENABLE([postels-law],
AC_HELP_STRING([--disable-postels-law],[Be strict, do not adhere to Postel's Law ("be conservative in what you do, be liberal in what you accept from others", RFC 793)]),
[ test "${enableval}" = "no" && postels_law=false ]
)
$postels_law && AC_DEFINE([POSTELS_LAW],,[defined if we want to adhere to Postel's Law])
AC_DEFINE_UNQUOTED([OPKELE_SRC_DIR],["$PWD"],[source directory])
nitpick=false
AC_ARG_ENABLE([nitpicking],
AC_HELP_STRING([--enable-nitpicking],[make compiler somewhat overly fastidious about the code it deals with]),
[ test "$enableval" = "no" || nitpick=true ]
)
if $nitpick ; then
CPP_NITPICK="-pedantic -Wall -Wextra -Wundef -Wshadow \
-Wunsafe-loop-optimizations -Wconversion -Wmissing-format-attribute \
-Wredundant-decls -ansi"
# -Wlogical-op -Wmissing-noreturn
C_NITPICK="$CPP_NITPICK"
CXX_NITPICK="$C_NITPICK"
CPPFLAGS="$CPPFLAGS $CPP_NITPICK"
CFLAGS="$CFLAGS $C_NITPICK"
CXXFLAGS="$CXXFLAGS $CXX_NITPICK"
fi
+ndebug=true
+AC_ARG_ENABLE([debug],
+ AC_HELP_STRING([--enable-debug],[enable debugging code]),
+ [ test "$enableval" = "no" || ndebug=false ]
+)
+if $ndebug ; then
+ CPPFLAGS_DEBUG="-DNDEBUG"
+else
+ CPPFLAGS_DEBUG=""
+fi
+AC_SUBST([CPPFLAGS_DEBUG])
+
+xri_proxy_url="http://beta.xri.net/"
+AC_MSG_CHECKING([for XRI resolver proxy])
+AC_ARG_ENABLE([xri-proxy],
+ AC_HELP_STRING([--with-xri-proxy=url],[set xri proxy for use when resolving xri identities, default is http://xr_proxy_url]),
+ [ xri_proxy_url="$withval" ]
+)
+AC_MSG_RESULT([$xri_proxy_url])
+AC_DEFINE_UNQUOTED([XRI_PROXY_URL],["$xri_proxy_url"],[XRI proxy resolver URL])
+
AC_CONFIG_FILES([
Makefile
libopkele.pc
Doxyfile
include/Makefile
+ include/opkele/tr1-mem.h
lib/Makefile
test/Makefile
])
AC_OUTPUT
diff --git a/include/Makefile.am b/include/Makefile.am
index b31786d..51dcea1 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,17 +1,21 @@
nobase_include_HEADERS = \
opkele/acconfig.h \
opkele/opkele-config.h \
opkele/types.h \
opkele/association.h \
opkele/exception.h \
opkele/server.h \
opkele/consumer.h \
opkele/extension.h \
opkele/sreg.h \
opkele/extension_chain.h \
opkele/xconsumer.h \
- opkele/xserver.h
+ opkele/xserver.h \
+ opkele/discovery.h \
+ opkele/uris.h \
+ opkele/tr1-mem.h
EXTRA_DIST = \
opkele/data.h \
+ opkele/curl.h opkele/expat.h opkele/tidy.h \
opkele/util.h \
- opkele/curl.h
+ opkele/debug.h
diff --git a/include/opkele/.gitignore b/include/opkele/.gitignore
index ffa24dc..dfc2d2c 100644
--- a/include/opkele/.gitignore
+++ b/include/opkele/.gitignore
@@ -1,2 +1,3 @@
acconfig.h
+tr1-mem.h
stamp-h2
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h
index c463787..3c1d318 100644
--- a/include/opkele/consumer.h
+++ b/include/opkele/consumer.h
@@ -1,174 +1,174 @@
#ifndef __OPKELE_CONSUMER_H
#define __OPKELE_CONSUMER_H
#include <opkele/types.h>
#include <opkele/extension.h>
/**
* @file
* @brief OpenID consumer-side functionality
*/
namespace opkele {
/**
* implementation of basic consumer functionality
*
* @note
* The consumer uses libcurl internally, which means that if you're using
* libopkele in multithreaded environment you should call curl_global_init
* yourself before spawning any threads.
*/
class consumer_t {
public:
virtual ~consumer_t() { }
/**
* store association. The function should be overridden in the real
* implementation to provide persistent associations store.
* @param server the OpenID server
* @param handle association handle
* @param secret the secret associated with the server and handle
* @param expires_in the number of seconds until the handle is expired
- * @return the auto_ptr<> for the newly allocated association_t object
+ * @return the assoc_t for the newly allocated association_t object
*/
virtual assoc_t store_assoc(const string& server,const string& handle,const secret_t& secret,int expires_in) = 0;
/**
* retrieve stored association. The function should be overridden
* in the real implementation to provide persistent assocations
* store.
*
* @note
* The user is responsible for handling associations expiry and
* this function should never return an expired or invalidated
* association.
*
* @param server the OpenID server
* @param handle association handle
* @return the autho_ptr<> for the newly allocated association_t object
* @throw failed_lookup if no unexpired association found
*/
virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0;
/**
* invalidate stored association. The function should be overridden
* in the real implementation of the consumer.
* @param server the OpenID server
* @param handle association handle
*/
virtual void invalidate_assoc(const string& server,const string& handle) = 0;
/**
* retrieve any unexpired association for the server. If the
* function is not overridden in the real implementation, the new
* association will be established for each request.
*
* @note
* The user is responsible for handling associations and this
* function should never return an expired or invalidated
* association.
*
* @note
* It may be a good idea to pre-expire associations shortly before
* their time is really up to avoid association expiry in the
* middle of negotiations.
*
* @param server the OpenID server
- * @return the auto_ptr<> for the newly allocated association_t object
+ * @return the assoc_t for the newly allocated association_t object
* @throw failed_lookup in case of absence of the handle
*/
virtual assoc_t find_assoc(const string& server);
/**
* retrieve the metainformation contained in link tags from the
* page pointed by url. the function may implement caching of the
* information.
* @param url url to harvest for link tags
* @param server reference to the string object where to put
* openid.server value
* @param delegate reference to the string object where to put the
* openid.delegate value (if any)
*/
virtual void retrieve_links(const string& url,string& server,string& delegate);
/**
* perform the associate request to OpenID server.
* @param server the OpenID server
- * @return the auto_ptr<> for the newly allocated association_t
+ * @return the assoc_t for the newly allocated association_t
* object, representing established association
* @throw exception in case of error
*/
assoc_t associate(const string& server);
/**
* prepare the parameters for the checkid_immediate
* request.
* @param identity the identity to verify
* @param return_to the return_to url to pass with the request
* @param trust_root the trust root to advertise with the request
* @param ext pointer to an extension(s) hooks object
* @return the location string
* @throw exception in case of error
*/
virtual string checkid_immediate(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
/**
* prepare the parameters for the checkid_setup
* request.
* @param identity the identity to verify
* @param return_to the return_to url to pass with the request
* @param trust_root the trust root to advertise with the request
* @param ext pointer to an extension(s) hooks object
* @return the location string
* @throw exception in case of error
*/
virtual string checkid_setup(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
/**
* the actual implementation behind checkid_immediate() and
* checkid_setup() functions.
* @param mode checkid_* mode - either mode_checkid_immediate or mode_checkid_setup
* @param identity the identity to verify
* @param return_to the return_to url to pass with the request
* @param trust_root the trust root to advertise with the request
* @param ext pointer to an extension(s) hooks object
* @return the location string
* @throw exception in case of error
*/
virtual string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
/**
* verify the id_res response
* @param pin the response parameters
* @param identity the identity being checked (if not specified,
* @param ext pointer to an extension(s) hooks object
* extracted from the openid.identity parameter
* @throw id_res_mismatch in case of signature mismatch
* @throw id_res_setup in case of openid.user_setup_url failure
* (supposedly checkid_immediate only)
* @throw id_res_failed in case of failure
* @throw id_res_expired_on_delivery if the association expired before it could've been verified
* @throw exception in case of other failures
*/
virtual void id_res(const params_t& pin,const string& identity="",extension_t *ext=0);
/**
* perform a check_authentication request.
* @param server the OpenID server
* @param p request parameters
*/
void check_authentication(const string& server,const params_t& p);
/**
* normalize URL by adding http:// and trailing slash if needed.
* @param url
* @return normalized url
*/
static string normalize(const string& url);
/**
* Canonicalize URL, by normalizing its appearance and following redirects.
* @param url
* @return canonicalized url
*/
virtual string canonicalize(const string& url);
};
}
#endif /* __OPKELE_CONSUMER_H */
diff --git a/include/opkele/curl.h b/include/opkele/curl.h
index 8020b63..5cf8e48 100644
--- a/include/opkele/curl.h
+++ b/include/opkele/curl.h
@@ -1,48 +1,72 @@
#ifndef __OPKELE_CURL_H
#define __OPKELE_CURL_H
#include <cassert>
+#include <string>
+#include <algorithm>
#include <curl/curl.h>
namespace opkele {
+ using std::min;
+ using std::string;
namespace util {
class curl_t {
public:
CURL *_c;
curl_t() : _c(0) { }
curl_t(CURL *c) : _c(c) { }
virtual ~curl_t() throw();
curl_t& operator=(CURL *c);
operator const CURL*(void) const { return _c; }
operator CURL*(void) { return _c; }
CURLcode misc_sets();
template<typename PT>
inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
template<typename IT>
inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
static inline CURL *easy_init() { return curl_easy_init(); }
virtual size_t write(void* /* p */,size_t /* s */,size_t /* nm */) { return 0; }
CURLcode set_write();
virtual int progress(double /* dlt */,double /* dln*/ ,double /* ult */,double /* uln */) { return 0; }
CURLcode set_progress();
virtual size_t header(void* /* p */,size_t s,size_t nm) { return s*nm; }
CURLcode set_header();
};
+ template<int lim>
+ class curl_fetch_string_t : public curl_t {
+ public:
+ curl_fetch_string_t(CURL *c)
+ : curl_t(c) { }
+ ~curl_fetch_string_t() throw() { }
+
+ string response;
+
+ size_t write(void *p,size_t size,size_t nmemb) {
+ size_t bytes = size*nmemb;
+ size_t get = min(lim-response.length(),bytes);
+ response.append((const char *)p,get);
+ return get;
+ }
+ };
+
+ typedef curl_fetch_string_t<16384> curl_pick_t;
+
+
}
}
#endif /* __OPKELE_CURL_H */
diff --git a/include/opkele/debug.h b/include/opkele/debug.h
new file mode 100644
index 0000000..a02f8d4
--- a/dev/null
+++ b/include/opkele/debug.h
@@ -0,0 +1,17 @@
+#ifndef __OPKELE_DEBUG_H
+#define __OPKELE_DEBUG_H
+
+#ifdef NDEBUG
+
+#define D_(x) ((void)0)
+#define DOUT_(x) ((void)0)
+
+#else /* NDEBUG */
+
+#define D_(x) x
+#include <iostream>
+#define DOUT_(x) std::clog << x << std::endl
+
+#endif /* NDEBUG */
+
+#endif /* __OPKELE_DEBUG_H */
diff --git a/include/opkele/discovery.h b/include/opkele/discovery.h
new file mode 100644
index 0000000..af4aa29
--- a/dev/null
+++ b/include/opkele/discovery.h
@@ -0,0 +1,40 @@
+#ifndef __OPKELE_DISCOVERY_H
+#define __OPKELE_DISCOVERY_H
+
+#include <string>
+#include <opkele/types.h>
+
+namespace opkele {
+ using std::string;
+
+ struct idiscovery_t;
+
+ void idiscover(idiscovery_t& result,const string& identity);
+
+ struct idiscovery_t {
+ bool xri_identity;
+ string normalized_id;
+ string canonicalized_id;
+ xrd::XRD_t xrd;
+
+ idiscovery_t() { }
+ idiscovery_t(const string& i) {
+ idiscover(*this,i);
+ }
+ idiscovery_t(const char *i) {
+ idiscover(*this,i);
+ }
+
+ void clear() {
+ normalized_id.clear(); canonicalized_id.clear();
+ xrd.clear();
+ }
+
+ idiscovery_t& operator=(const string& i) {
+ idiscover(*this,i); return *this; }
+ idiscovery_t& operator=(const char *i) {
+ idiscover(*this,i); return *this; }
+ };
+}
+
+#endif /* __OPKELE_DISCOVERY_H */
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
index 2ff44b7..a8c3339 100644
--- a/include/opkele/exception.h
+++ b/include/opkele/exception.h
@@ -1,235 +1,316 @@
#ifndef __OPKELE_EXCEPTION_H
#define __OPKELE_EXCEPTION_H
/**
* @file
* @brief opkele exceptions
*/
#include <curl/curl.h>
#include <opkele/opkele-config.h>
#ifdef OPKELE_HAVE_KONFORKA
# include <konforka/exception.h>
/**
* the exception parameters declaration
*/
# define OPKELE_E_PARS const string& fi,const string&fu,int l,const string& w
/**
* the exception parameters list to pass to constructor
*/
# define OPKELE_E_CONS_ fi,fu,l,
/**
* the exception codepoint specification
*/
# define OPKELE_CP_ CODEPOINT,
/**
+ * open function-try-block
+ */
+# define OPKELE_FUNC_TRY try
+/**
* the simple rethrow of konforka-based exception
*/
-# define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw }
+# define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw; }
#else /* OPKELE_HAVE_KONFORKA */
# include <exception>
# include <string>
/**
* the exception parameter declaration
*/
# define OPKELE_E_PARS const string& w
/**
* the dummy prefix for exception parameters list to prepend in the absence of
* konforka library
*/
# define OPKELE_E_CONS_
/**
* the dummy placeholder for konforka exception codepoint specification
*/
# define OPKELE_CP_
/**
+ * the dummy define for the opening function-try-block
+ */
+# define OPKELE_FUNC_TRY
+/**
* the dummy define for the konforka-based rethrow of exception
*/
# define OPKELE_RETHROW
#endif /* OPKELE_HAVE_KONFORKA */
/**
* the exception parameters list to pass to constructor
*/
# define OPKELE_E_CONS OPKELE_E_CONS_ w
namespace opkele {
using std::string;
/**
* the base opkele exception class
*/
class exception : public
# ifdef OPKELE_HAVE_KONFORKA
konforka::exception
# else
std::exception
# endif
{
public:
# ifdef OPKELE_HAVE_KONFORKA
explicit
- exception(const string& fi,const string& fu,int l,const string& w)
- : konforka::exception(fi,fu,l,w) { }
+ exception(const string& fi,const string& fu,int l,const string& w);
# else /* OPKELE_HAVE_KONFORKA */
string _what;
- explicit
- exception(const string& w)
- : _what(w) { }
+ explicit exception(const string& w);
virtual ~exception() throw();
virtual const char * what() const throw();
# endif /* OPKELE_HAVE_KONFORKA */
};
/**
* thrown in case of failed conversion
*/
class failed_conversion : public exception {
public:
failed_conversion(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown in case of failed lookup (either parameter or persistent store)
*/
class failed_lookup : public exception {
public:
failed_lookup(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown in case of bad input (either local or network)
*/
class bad_input : public exception {
public:
bad_input(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown on failed assertion
*/
class failed_assertion : public exception {
public:
failed_assertion(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown if the handle being retrieved is invalid
*/
class invalid_handle : public exception {
public:
invalid_handle(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown if the handle passed to check_authentication request is not
* stateless
*/
class stateful_handle : public exception {
public:
stateful_handle(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown if check_authentication request fails
*/
class failed_check_authentication : public exception {
public:
failed_check_authentication(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown if the id_res request result is negative
*/
class id_res_failed : public exception {
public:
id_res_failed(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* thrown if the user_setup_url is provided with negative response
*/
class id_res_setup : public id_res_failed {
public:
string setup_url;
- id_res_setup(OPKELE_E_PARS,const string& su)
+ id_res_setup(OPKELE_E_PARS,const string& su="")
: id_res_failed(OPKELE_E_CONS), setup_url(su) { }
~id_res_setup() throw() { }
};
/**
* thrown in case of signature mismatch
*/
class id_res_mismatch : public id_res_failed {
public:
id_res_mismatch(OPKELE_E_PARS)
: id_res_failed(OPKELE_E_CONS) { }
};
/**
* thrown if the association has expired before it could've been verified.
*/
class id_res_expired_on_delivery : public id_res_failed {
public:
id_res_expired_on_delivery(OPKELE_E_PARS)
: id_res_failed(OPKELE_E_CONS) { }
};
/**
+ * thown when the user cancelled authentication process.
+ */
+ class id_res_cancel : public id_res_failed {
+ public:
+ id_res_cancel(OPKELE_E_PARS)
+ : id_res_failed(OPKELE_E_CONS) { }
+ };
+
+ /**
+ * thrown in case of nonce reuse or otherwise imperfect nonce.
+ */
+ class id_res_bad_nonce : public id_res_failed {
+ public:
+ id_res_bad_nonce(OPKELE_E_PARS)
+ : id_res_failed(OPKELE_E_CONS) { }
+ };
+
+ /**
+ * thrown if return_to didn't pass verification
+ */
+ class id_res_bad_return_to : public id_res_failed {
+ public:
+ id_res_bad_return_to(OPKELE_E_PARS)
+ : id_res_failed(OPKELE_E_CONS) { }
+ };
+
+ /**
+ * thrown if OP isn't authorized to make an assertion
+ */
+ class id_res_unauthorized : public id_res_failed {
+ public:
+ id_res_unauthorized(OPKELE_E_PARS)
+ : id_res_failed(OPKELE_E_CONS) { }
+ };
+
+ /**
* openssl malfunction occured
*/
class exception_openssl : public exception {
public:
unsigned long _error;
string _ssl_string;
exception_openssl(OPKELE_E_PARS);
~exception_openssl() throw() { }
};
/**
* network operation related error occured
*/
class exception_network : public exception {
public:
exception_network(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* network operation related error occured, specifically, related to
* libcurl
*/
class exception_curl : public exception_network {
public:
CURLcode _error;
string _curl_string;
exception_curl(OPKELE_E_PARS);
exception_curl(OPKELE_E_PARS,CURLcode e);
~exception_curl() throw() { }
};
/**
+ * htmltidy related error occured
+ */
+ class exception_tidy : public exception {
+ public:
+ int _rc;
+ exception_tidy(OPKELE_E_PARS);
+ exception_tidy(OPKELE_E_PARS,int r);
+ ~exception_tidy() throw() { }
+ };
+
+ /**
+ * exception thrown in case of failed discovery
+ */
+ class failed_discovery : public exception {
+ public:
+ failed_discovery(OPKELE_E_PARS)
+ : exception(OPKELE_E_CONS) { }
+ };
+
+ /**
+ * unsuccessfull xri resolution
+ */
+ class failed_xri_resolution : public failed_discovery {
+ public:
+ long _code;
+ failed_xri_resolution(OPKELE_E_PARS,long _c=-1)
+ : failed_discovery(OPKELE_E_CONS), _code(_c) { }
+ };
+
+ /**
* not implemented (think pure virtual) member function executed, signfies
* programmer error
*/
class not_implemented : public exception {
public:
not_implemented(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
/**
* internal error, indicates internal libopkele problem
*/
class internal_error : public exception {
public:
internal_error(OPKELE_E_PARS)
: exception(OPKELE_E_CONS) { }
};
+ /**
+ * thrown in case of unsupported parameter encountered (e.g. unsupported
+ * association type).
+ */
+ class unsupported : public exception {
+ public:
+ unsupported(OPKELE_E_PARS)
+ : exception(OPKELE_E_CONS) { }
+ };
+
}
#endif /* __OPKELE_EXCEPTION_H */
diff --git a/include/opkele/expat.h b/include/opkele/expat.h
new file mode 100644
index 0000000..60c41ac
--- a/dev/null
+++ b/include/opkele/expat.h
@@ -0,0 +1,91 @@
+#ifndef __OPKELE_EXPAT_H
+#define __OPKELE_EXPAT_H
+
+#include <cassert>
+#include <expat.h>
+
+namespace opkele {
+
+ namespace util {
+
+ class expat_t {
+ public:
+ XML_Parser _x;
+
+ expat_t() : _x(0) { }
+ expat_t(XML_Parser x) : _x(x) { }
+ virtual ~expat_t() throw();
+
+ expat_t& operator=(XML_Parser x);
+
+ operator const XML_Parser(void) const { return _x; }
+ operator XML_Parser(void) { return _x; }
+
+ inline bool parse(const char *s,int len,bool final=false) {
+ assert(_x);
+ return XML_Parse(_x,s,len,final);
+ }
+
+ virtual void start_element(const XML_Char *n,const XML_Char **a) { }
+ virtual void end_element(const XML_Char *n) { }
+ void set_element_handler();
+
+ virtual void character_data(const XML_Char *s,int l) { }
+ void set_character_data_handler();
+
+ virtual void processing_instruction(const XML_Char *t,const XML_Char *d) { }
+ void set_processing_instruction_handler();
+
+ virtual void comment(const XML_Char *d) { }
+ void set_comment_handler();
+
+ virtual void start_cdata_section() { }
+ virtual void end_cdata_section() { }
+ void set_cdata_section_handler();
+
+ virtual void default_handler(const XML_Char *s,int l) { }
+ void set_default_handler();
+ void set_default_handler_expand();
+
+ virtual void start_namespace_decl(const XML_Char *p,const XML_Char *u) { }
+ virtual void end_namespace_decl(const XML_Char *p) { }
+ void set_namespace_decl_handler();
+
+ inline enum XML_Error get_error_code() {
+ assert(_x); return XML_GetErrorCode(_x); }
+ static inline const XML_LChar *error_string(XML_Error c) {
+ return XML_ErrorString(c); }
+
+ inline long get_current_byte_index() {
+ assert(_x); return XML_GetCurrentByteIndex(_x); }
+ inline int get_current_line_number() {
+ assert(_x); return XML_GetCurrentLineNumber(_x); }
+ inline int get_current_column_number() {
+ assert(_x); return XML_GetCurrentColumnNumber(_x); }
+
+ inline void set_user_data() {
+ assert(_x); XML_SetUserData(_x,this); }
+
+ inline bool set_base(const XML_Char *b) {
+ assert(_x); return XML_SetBase(_x,b); }
+ inline const XML_Char *get_base() {
+ assert(_x); return XML_GetBase(_x); }
+
+ inline int get_specified_attribute_count() {
+ assert(_x); return XML_GetSpecifiedAttributeCount(_x); }
+
+ inline bool set_param_entity_parsing(enum XML_ParamEntityParsing c) {
+ assert(_x); return XML_SetParamEntityParsing(_x,c); }
+
+ inline static XML_Parser parser_create(const XML_Char *e=0) {
+ return XML_ParserCreate(e); }
+ inline static XML_Parser parser_create_ns(const XML_Char *e=0,XML_Char s='\t') {
+ return XML_ParserCreateNS(e,s); }
+
+ };
+
+ }
+
+}
+
+#endif /* __OPKELE_EXPAT_H */
diff --git a/include/opkele/server.h b/include/opkele/server.h
index dd7fc41..3c25646 100644
--- a/include/opkele/server.h
+++ b/include/opkele/server.h
@@ -1,98 +1,98 @@
#ifndef __OPKELE_SERVER_H
#define __OPKELE_SERVER_H
/**
* @file
* @brief OpenID server-side functionality
*/
#include <opkele/types.h>
#include <opkele/extension.h>
namespace opkele {
/**
* implementation of basic server functionality
*/
class server_t {
public:
virtual ~server_t() { }
/**
* allocate the new association. The function should be overridden
* in the real implementation to provide persistent assocations
* store.
* @param mode the mode of request being processed to base the
* statelessness of the association upon
- * @return the auto_ptr<> for the newly allocated association_t object
+ * @return the assoc_t for the newly allocated association_t object
*/
virtual assoc_t alloc_assoc(mode_t mode) = 0;
/**
* retrieve the association. The function should be overridden in
* the reqal implementation to provide persistent assocations
* store.
* @param h association handle
- * @return the auto_ptr<> for the newly allocated association_t object
+ * @return the assoc_t for the newly allocated association_t object
* @throw failed_lookup in case of failure
*/
virtual assoc_t retrieve_assoc(const string& h) = 0;
/**
* validate the identity.
* @param assoc association object
* @param pin incoming request parameters
* @param identity being verified
* @param trust_root presented in the request
* @throw exception if identity can not be confirmed
*/
virtual void validate(const association_t& assoc,const params_t& pin,const string& identity,const string& trust_root) = 0;
/**
* process the associate request.
* @param pin the incoming request parameters
* @param pout the store for the response parameters
*/
void associate(const params_t& pin,params_t& pout);
/**
* process the checkid_immediate request.
* @param pin the incoming request parameters
* @param return_to reference to the object to store return_to url to
* @param pout the response parameters
* @param ext pointer to the extension hooks object
* @throw exception in case of errors or negative reply
*/
virtual void checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0);
/**
* process the checkid_setup request.
* @param pin the incoming request parameters
* @param return_to reference to the object to store return_to url to
* @param pout the response parameters
* @param ext pointer to the extension hooks object
* @throw exception in case of errors or negative reply
*/
virtual void checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0);
/**
* the actual functionality behind checkid_immediate() and
* checkid_setup()
* @param mode the request being processed (either
* mode_checkid_immediate or mode_checkid_setup)
* @param pin the incoming request parameters
* @param return_to reference to the object to store return_to url to
* @param pout the response parameters
* @param ext pointer to the extension hooks object
* @throw exception in case of errors or negative reply
*/
virtual void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0);
/**
* process the check_authentication request.
* @param pin incoming request parameters
* @param pout response parameters
*/
void check_authentication(const params_t& pin,params_t& pout);
};
}
#endif /* __OPKELE_SERVER_H */
diff --git a/include/opkele/tidy.h b/include/opkele/tidy.h
new file mode 100644
index 0000000..888e7d4
--- a/dev/null
+++ b/include/opkele/tidy.h
@@ -0,0 +1,73 @@
+#ifndef __OPKELE_TIDY_H
+#define __OPKELE_TIDY_H
+
+#include <cassert>
+#include <tidy.h>
+#include <buffio.h>
+
+namespace opkele {
+ namespace util {
+
+ class tidy_buf_t {
+ public:
+ TidyBuffer _x;
+
+ tidy_buf_t() { tidyBufInit(&_x); }
+ virtual ~tidy_buf_t() throw() {
+ tidyBufFree(&_x); }
+
+ inline operator const TidyBuffer&(void) const { return _x; }
+ inline operator TidyBuffer&(void) { return _x; }
+
+ inline operator const char*(void) const { return (const char*)_x.bp; }
+ inline operator char*(void) { return (char*)_x.bp; }
+
+ inline const char *c_str() const {
+ return (const char*)_x.bp; }
+ inline size_t size() const {
+ return _x.size; }
+ };
+
+ class tidy_doc_t {
+ public:
+ TidyDoc _x;
+
+ tidy_doc_t() : _x(0) { }
+ tidy_doc_t(TidyDoc x) : _x(x) { }
+ virtual ~tidy_doc_t() throw() {
+ if(_x) tidyRelease(_x); }
+
+ tidy_doc_t& operator=(TidyDoc x) {
+ if(_x) tidyRelease(_x);
+ _x = x;
+ return *this;
+ }
+
+ operator const TidyDoc(void) const { return _x; }
+ operator TidyDoc(void) { return _x; }
+
+ inline bool opt_set(TidyOptionId o,bool v) {
+ assert(_x);
+ return tidyOptSetBool(_x,o,v?yes:no); }
+ inline bool opt_set(TidyOptionId o,int v) {
+ assert(_x);
+ return tidyOptSetInt(_x,o,v); }
+
+ inline int parse_string(const string& s) {
+ assert(_x);
+ return tidyParseString(_x,s.c_str()); }
+ inline int clean_and_repair() {
+ assert(_x);
+ return tidyCleanAndRepair(_x); }
+ inline int save_buffer(TidyBuffer& ob) {
+ assert(_x);
+ return tidySaveBuffer(_x,&ob); }
+
+ static inline TidyDoc create() {
+ return tidyCreate(); }
+ };
+
+ }
+}
+
+#endif /* __OPKELE_TIDY_H */
diff --git a/include/opkele/tr1-mem.h.in b/include/opkele/tr1-mem.h.in
new file mode 100644
index 0000000..e9ccf0b
--- a/dev/null
+++ b/include/opkele/tr1-mem.h.in
@@ -0,0 +1,10 @@
+#ifndef __OPKELE_TR1_MEM_H
+#define __OPKELE_TR1_MEM_H
+
+#include <@OPKELE_TR1_MEM_HEADER@>
+
+namespace opkele {
+ namespace tr1mem = @OPKELE_TR1_MEM_NS@;
+}
+
+#endif /* __OPKELE_TR1_MEM_H */
diff --git a/include/opkele/types.h b/include/opkele/types.h
index f732a1e..de44a5c 100644
--- a/include/opkele/types.h
+++ b/include/opkele/types.h
@@ -1,172 +1,246 @@
#ifndef __OPKELE_TYPES_H
#define __OPKELE_TYPES_H
/**
* @file
* @brief various types declarations
*/
#include <ostream>
#include <vector>
#include <string>
#include <map>
-#include <memory>
+#include <set>
+#include <opkele/tr1-mem.h>
namespace opkele {
using std::vector;
using std::string;
using std::map;
using std::ostream;
- using std::auto_ptr;
+ using std::multimap;
+ using std::set;
/**
* the OpenID operation mode
*/
typedef enum _mode_t {
mode_associate,
mode_checkid_immediate,
mode_checkid_setup,
mode_check_association
} mode_t;
/**
* the association secret container
*/
class secret_t : public vector<unsigned char> {
public:
/**
* xor the secret and hmac together and encode, using base64
- * @param key_sha1 pointer to the sha1 digest
+ * @param key_d pointer to the message digest
* @param rv reference to the return value
*/
- void enxor_to_base64(const unsigned char *key_sha1,string& rv) const;
+ void enxor_to_base64(const unsigned char *key_d,string& rv) const;
/**
- * decode base64-encoded secret and xor it with the sha1 digest
- * @param key_sha1 pointer to the message digest
+ * decode base64-encoded secret and xor it with the message digest
+ * @param key_d pointer to the message digest
* @param b64 base64-encoded secret value
*/
- void enxor_from_base64(const unsigned char *key_sha1,const string& b64);
+ void enxor_from_base64(const unsigned char *key_d,const string& b64);
/**
* plainly encode to base64 representation
* @param rv reference to the return value
*/
void to_base64(string& rv) const;
/**
* decode cleartext secret from base64
* @param b64 base64-encoded representation of the secret value
*/
void from_base64(const string& b64);
};
/**
* Interface to the association.
*/
class association_t {
public:
virtual ~association_t() { }
/**
* retrieve the server with which association was established.
* @return server name
*/
virtual string server() const = 0;
/**
* retrieve the association handle.
* @return handle
*/
virtual string handle() const = 0;
/**
* retrieve the association type.
* @return association type
*/
virtual string assoc_type() const = 0;
/**
* retrieve the association secret.
* @return association secret
*/
virtual secret_t secret() const = 0;
/**
* retrieve the number of seconds the association expires in.
* @return seconds till expiration
*/
virtual int expires_in() const = 0;
/**
* check whether the association is stateless.
* @return true if stateless
*/
virtual bool stateless() const = 0;
/**
* check whether the association is expired.
* @return true if expired
*/
virtual bool is_expired() const = 0;
};
/**
- * the auto_ptr<> for association_t object type
+ * the shared_ptr<> for association_t object type
*/
- typedef auto_ptr<association_t> assoc_t;
+ typedef tr1mem::shared_ptr<association_t> assoc_t;
/**
* request/response parameters map
*/
class params_t : public map<string,string> {
public:
/**
* check whether the parameter is present.
* @param n the parameter name
* @return true if yes
*/
bool has_param(const string& n) const;
/**
* retrieve the parameter (const version)
* @param n the parameter name
* @return the parameter value
* @throw failed_lookup if there is no such parameter
*/
const string& get_param(const string& n) const;
/**
* retrieve the parameter.
* @param n the parameter name
* @return the parameter value
* @throw failed_lookup if there is no such parameter
*/
string& get_param(const string& n);
/**
* parse the OpenID key/value data.
* @param kv the OpenID key/value data
*/
void parse_keyvalues(const string& kv);
/**
* sign the fields.
* @param secret the secret used for signing
* @param sig reference to the string, containing base64-encoded
* result
* @param slist the comma-separated list of fields to sign
* @param prefix the string to prepend to parameter names
*/
void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const;
/**
* append parameters to the URL as a GET-request parameters.
* @param url the base URL
* @param prefix the string to prepend to parameter names
* @return the ready-to-use location
*/
string append_query(const string& url,const char *prefix = "openid.") const;
+
+ /**
+ * make up a query string suitable for use in GET and POST
+ * requests.
+ * @param prefix string to prened to parameter names
+ * @return query string
+ */
+ string query_string(const char *prefix = "openid.") const;
};
/**
* dump the key/value pairs for the parameters to the stream.
* @param o output stream
* @param p the parameters
*/
ostream& operator << (ostream& o,const params_t& p);
+ namespace xrd {
+
+ struct priority_compare {
+ inline bool operator()(long a,long b) const {
+ return (a<0) ? false : (b<0) ? true : (a<b);
+ }
+ };
+
+ template <typename _DT>
+ class priority_map : public multimap<long,_DT,priority_compare> {
+ typedef multimap<long,_DT,priority_compare> map_type;
+ public:
+
+ inline _DT& add(long priority,const _DT& d) {
+ return insert(typename map_type::value_type(priority,d))->second;
+ }
+ };
+
+ typedef priority_map<string> canonical_ids_t;
+ typedef priority_map<string> local_ids_t;
+ typedef set<string> types_t;
+ typedef priority_map<string> uris_t;
+
+ class service_t {
+ public:
+ types_t types;
+ uris_t uris;
+ local_ids_t local_ids;
+ string provider_id;
+
+ void clear() {
+ types.clear();
+ uris.clear(); local_ids.clear();
+ provider_id.clear();
+ }
+ };
+ typedef priority_map<service_t> services_t;
+
+ class XRD_t {
+ public:
+ time_t expires;
+
+ canonical_ids_t canonical_ids;
+ local_ids_t local_ids;
+ services_t services;
+ string provider_id;
+
+ void clear() {
+ expires = 0;
+ canonical_ids.clear(); local_ids.clear();
+ services.clear();
+ provider_id.clear();
+ }
+ bool empty() const {
+ return
+ canonical_ids.empty()
+ && local_ids.empty()
+ && services.empty();
+ }
+
+ };
+
+ }
+
}
#endif /* __OPKELE_TYPES_H */
diff --git a/include/opkele/uris.h b/include/opkele/uris.h
new file mode 100644
index 0000000..56c2d6d
--- a/dev/null
+++ b/include/opkele/uris.h
@@ -0,0 +1,18 @@
+#ifndef __OPKELE_URIS_H
+#define __OPKELE_URIS_H
+
+#define NSURI_XRDS "xri://$xrds"
+#define NSURI_XRD "xri://$xrd*($v*2.0)"
+#define NSURI_OPENID10 "http://openid.net/xmlns/1.0"
+
+#define OIURI_OPENID20 "http://specs.openid.net/auth/2.0"
+#define OIURI_SREG11 "http://openid.net/extensions/sreg/1.1"
+
+#define STURI_OPENID10 "http://openid.net/signon/1.0"
+#define STURI_OPENID11 "http://openid.net/signon/1.1"
+#define STURI_OPENID20 "http://specs.openid.net/auth/2.0/signon"
+#define STURI_OPENID20_OP "http://specs.openid.net/auth/2.0/server"
+
+#define IDURI_SELECT20 "http://specs.openid.net/auth/2.0/identifier_select"
+
+#endif /* __OPKELE_URIS_H */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 0fe705a..989de28 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,28 +1,31 @@
lib_LTLIBRARIES = libopkele.la
+AM_CPPFLAGS = ${CPPFLAGS_DEBUG}
+DEFAULT_INCLUDES = -I${top_builddir}
INCLUDES = \
-I${top_srcdir}/include/ \
${KONFORKA_CFLAGS} \
${OPENSSL_CFLAGS} \
${LIBCURL_CPPFLAGS} \
- ${PCRE_CFLAGS}
+ ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS}
libopkele_la_LIBADD = \
${LIBCURL} \
- ${PCRE_LIBS} \
+ ${PCRE_LIBS} ${EXPAT_LIBS} \
${OPENSSL_LIBS} \
- ${KONFORKA_LIBS}
+ ${KONFORKA_LIBS} ${TIDY_LIBS}
libopkele_la_SOURCES = \
params.cc \
util.cc \
server.cc \
secret.cc \
data.cc \
consumer.cc \
exception.cc \
extension.cc \
sreg.cc \
extension_chain.cc \
- curl.cc
+ curl.cc expat.cc \
+ discovery.cc
libopkele_la_LDFLAGS = \
-version-info 2:0:0
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 9f7530f..3c3b4f8 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,230 +1,212 @@
#include <algorithm>
#include <cassert>
#include <cstring>
#include <opkele/util.h>
#include <opkele/curl.h>
#include <opkele/exception.h>
#include <opkele/data.h>
#include <opkele/consumer.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <iostream>
#include "config.h"
#include <pcre.h>
namespace opkele {
using namespace std;
using util::curl_t;
-
- template<int lim>
- class curl_fetch_string_t : public curl_t {
- public:
- curl_fetch_string_t(CURL *c)
- : curl_t(c) { }
- ~curl_fetch_string_t() throw() { }
-
- string response;
-
- size_t write(void *p,size_t size,size_t nmemb) {
- size_t bytes = size*nmemb;
- size_t get = min(lim-response.length(),bytes);
- response.append((const char *)p,get);
- return get;
- }
- };
-
- typedef curl_fetch_string_t<16384> curl_pick_t;
+ using util::curl_pick_t;
class pcre_matches_t {
public:
int *_ov;
int _s;
pcre_matches_t() : _ov(0), _s(0) { }
pcre_matches_t(int s) : _ov(0), _s(s) {
if(_s&1) ++_s;
_s += _s>>1;
_ov = new int[_s];
}
~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
int begin(int i) const { return _ov[i<<1]; }
int end(int i) const { return _ov[(i<<1)+1]; }
int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
};
class pcre_t {
public:
pcre *_p;
pcre_t() : _p(0) { }
pcre_t(pcre *p) : _p(p) { }
pcre_t(const char *re,int opts) : _p(0) {
static const char *errptr; static int erroffset;
_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
if(!_p)
throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
}
~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
operator const pcre*(void) const { return _p; }
operator pcre*(void) { return _p; }
int exec(const string& s,pcre_matches_t& m) {
if(!_p)
throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
}
};
assoc_t consumer_t::associate(const string& server) {
util::dh_t dh = DH_new();
if(!dh)
throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
dh->p = util::dec_to_bignum(data::_default_p);
dh->g = util::dec_to_bignum(data::_default_g);
if(!DH_generate_key(dh))
throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
string request =
"openid.mode=associate"
"&openid.assoc_type=HMAC-SHA1"
"&openid.session_type=DH-SHA1"
"&openid.dh_consumer_public=";
request += util::url_encode(util::bignum_to_base64(dh->pub_key));
curl_pick_t curl = curl_pick_t::easy_init();
if(!curl)
throw exception_curl(OPKELE_CP_ "failed to initialize curl");
CURLcode r;
(r=curl.misc_sets())
|| (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
|| (r=curl.easy_setopt(CURLOPT_POST,1))
|| (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
|| (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
|| (r=curl.set_write())
;
if(r)
throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
if( (r=curl.easy_perform()) )
throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
params_t p; p.parse_keyvalues(curl.response);
if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
throw bad_input(OPKELE_CP_ "unsupported assoc_type");
string st;
if(p.has_param("session_type")) st = p.get_param("session_type");
if((!st.empty()) && st!="DH-SHA1")
throw bad_input(OPKELE_CP_ "unsupported session_type");
secret_t secret;
if(st.empty()) {
secret.from_base64(p.get_param("mac_key"));
}else{
util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
vector<unsigned char> ck(DH_size(dh)+1);
unsigned char *ckptr = &(ck.front())+1;
int cklen = DH_compute_key(ckptr,s_pub,dh);
if(cklen<0)
throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
if(cklen && (*ckptr)&0x80) {
(*(--ckptr)) = 0; ++cklen;
}
unsigned char key_sha1[SHA_DIGEST_LENGTH];
SHA1(ckptr,cklen,key_sha1);
secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
}
int expires_in = 0;
if(p.has_param("expires_in")) {
expires_in = util::string_to_long(p.get_param("expires_in"));
}else if(p.has_param("issued") && p.has_param("expiry")) {
expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
}else
throw bad_input(OPKELE_CP_ "no expiration information");
return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
}
string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
}
string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
}
string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
params_t p;
if(mode==mode_checkid_immediate)
p["mode"]="checkid_immediate";
else if(mode==mode_checkid_setup)
p["mode"]="checkid_setup";
else
throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
string iurl = canonicalize(identity);
string server, delegate;
retrieve_links(iurl,server,delegate);
p["identity"] = delegate.empty()?iurl:delegate;
if(!trust_root.empty())
p["trust_root"] = trust_root;
p["return_to"] = return_to;
try {
string ah = find_assoc(server)->handle();
p["assoc_handle"] = ah;
}catch(failed_lookup& fl) {
string ah = associate(server)->handle();
p["assoc_handle"] = ah;
}
if(ext) ext->checkid_hook(p,identity);
return p.append_query(server);
}
void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
if(pin.has_param("openid.user_setup_url"))
throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
string server,delegate;
retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
params_t ps;
try {
assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
if(assoc->is_expired())
throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
const string& sigenc = pin.get_param("openid.sig");
vector<unsigned char> sig;
util::decode_base64(sigenc,sig);
const string& slist = pin.get_param("openid.signed");
string kv;
string::size_type p = 0;
while(true) {
string::size_type co = slist.find(',',p);
string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
kv += f;
kv += ':';
f.insert(0,"openid.");
kv += pin.get_param(f);
kv += '\n';
if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
if(co==string::npos)
break;
p = co+1;
}
secret_t secret = assoc->secret();
unsigned int md_len = 0;
unsigned char *md = HMAC(
EVP_sha1(),
&(secret.front()),secret.size(),
(const unsigned char *)kv.data(),kv.length(),
0,&md_len);
if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
}catch(failed_lookup& e) {
const string& slist = pin.get_param("openid.signed");
string::size_type pp = 0;
params_t p;
while(true) {
string::size_type co = slist.find(',',pp);
string f = "openid.";
f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
p[f] = pin.get_param(f);
if(co==string::npos)
break;
pp = co+1;
}
p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
diff --git a/lib/discovery.cc b/lib/discovery.cc
new file mode 100644
index 0000000..d868308
--- a/dev/null
+++ b/lib/discovery.cc
@@ -0,0 +1,446 @@
+#include <list>
+#include <opkele/curl.h>
+#include <opkele/expat.h>
+#include <opkele/uris.h>
+#include <opkele/discovery.h>
+#include <opkele/exception.h>
+#include <opkele/util.h>
+#include <opkele/tidy.h>
+#include <opkele/debug.h>
+
+#include "config.h"
+
+#define XRDS_HEADER "X-XRDS-Location"
+#define CT_HEADER "Content-Type"
+
+namespace opkele {
+ using std::list;
+ using xrd::XRD_t;
+ using xrd::service_t;
+
+ static const char *whitespace = " \t\r\n";
+ static const char *i_leaders = "=@+$!(";
+ static const size_t max_html = 16384;
+
+ static inline bool is_qelement(const XML_Char *n,const char *qen) {
+ return !strcasecmp(n,qen);
+ }
+ static inline bool is_element(const XML_Char *n,const char *en) {
+ if(!strcasecmp(n,en)) return true;
+ int nl = strlen(n), enl = strlen(en);
+ if( (nl>=(enl+1)) && n[nl-enl-1]=='\t'
+ && !strcasecmp(&n[nl-enl],en) )
+ return true;
+ return false;
+ }
+
+ static long element_priority(const XML_Char **a) {
+ for(;*a;++a)
+ if(!strcasecmp(*(a++),"priority")) {
+ long rv;
+ return (sscanf(*a,"%ld",&rv)==1)?rv:-1;
+ }
+ return -1;
+ }
+
+ class idigger_t : public util::curl_t, public util::expat_t {
+ public:
+ string xri_proxy;
+
+ enum {
+ xmode_html = 1, xmode_xrd = 2
+ };
+ int xmode;
+
+ string xrds_location;
+ string http_content_type;
+ service_t html_openid1;
+ service_t html_openid2;
+ string cdata_buf;
+ long status_code;
+ string status_string;
+
+ typedef list<string> pt_stack_t;
+ pt_stack_t pt_stack;
+ int skipping;
+ bool parser_choked;
+ string save_html;
+
+ XRD_t *xrd;
+ service_t *xrd_service;
+ string* cdata;
+
+ idigger_t()
+ : util::curl_t(easy_init()),
+ util::expat_t(0),
+ xri_proxy(XRI_PROXY_URL) {
+ CURLcode r;
+ (r=misc_sets())
+ || (r=set_write())
+ || (r=set_header())
+ ;
+ if(r)
+ throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
+ }
+ ~idigger_t() throw() { }
+
+ void discover(idiscovery_t& result,const string& identity) {
+ result.clear();
+ string::size_type fsc = identity.find_first_not_of(whitespace);
+ if(fsc==string::npos)
+ throw bad_input(OPKELE_CP_ "whtiespace-only identity");
+ string::size_type lsc = identity.find_last_not_of(whitespace);
+ assert(lsc!=string::npos);
+ if(!strncasecmp(identity.c_str()+fsc,"xri://",sizeof("xri://")-1))
+ fsc += sizeof("xri://")-1;
+ if((fsc+1)>=lsc)
+ throw bad_input(OPKELE_CP_ "not a character of importance in identity");
+ string id(identity,fsc,lsc-fsc+1);
+ if(strchr(i_leaders,id[0])) {
+ result.normalized_id = id;
+ result.xri_identity = true;
+ /* TODO: further canonicalize xri identity? Like folding case or whatever... */
+ discover_at(
+ result,
+ xri_proxy + util::url_encode(id)+
+ "?_xrd_r=application/xrd+xml;sep=false", xmode_xrd);
+ if(status_code!=100)
+ throw failed_xri_resolution(OPKELE_CP_
+ "XRI resolution failed with '"+status_string+"' message",status_code);
+ if(result.xrd.canonical_ids.empty())
+ throw opkele::failed_discovery(OPKELE_CP_ "No CanonicalID for XRI identity found");
+ result.canonicalized_id = result.xrd.canonical_ids.begin()->second;
+ }else{
+ result.xri_identity = false;
+ if(id.find("://")==string::npos)
+ id.insert(0,"http://");
+ string::size_type fp = id.find('#');
+ if(fp!=string::npos) {
+ string::size_type qp = id.find('?');
+ if(qp==string::npos || qp<fp)
+ id.erase(fp);
+ else if(qp>fp)
+ id.erase(fp,qp-fp);
+ }
+ result.normalized_id = util::rfc_3986_normalize_uri(id);
+ discover_at(result,id,xmode_html|xmode_xrd);
+ const char * eu = 0;
+ CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu);
+ if(r)
+ throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r);
+ result.canonicalized_id = util::rfc_3986_normalize_uri(eu); /* XXX: strip fragment part? */
+ if(xrds_location.empty()) {
+ html2xrd(result.xrd);
+ }else{
+ discover_at(result,xrds_location,xmode_xrd);
+ if(result.xrd.empty())
+ html2xrd(result.xrd);
+ }
+ }
+ }
+
+ void discover_at(idiscovery_t& result,const string& url,int xm) {
+ CURLcode r = easy_setopt(CURLOPT_URL,url.c_str());
+ if(r)
+ throw exception_curl(OPKELE_CP_ "failed to set culry urlie",r);
+
+ http_content_type.clear();
+ xmode = xm;
+ prepare_to_parse();
+ if(xmode&xmode_html) {
+ xrds_location.clear();
+ save_html.clear();
+ save_html.reserve(max_html);
+ }
+ xrd = &result.xrd;
+
+ r = easy_perform();
+ if(r && r!=CURLE_WRITE_ERROR)
+ throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
+
+ if(!parser_choked) {
+ parse(0,0,true);
+ }else{
+ /* TODO: do not bother if we've seen xml */
+ try {
+ util::tidy_doc_t td = util::tidy_doc_t::create();
+ if(!td)
+ throw exception_tidy(OPKELE_CP_ "failed to create htmltidy document");
+#ifndef NDEBUG
+ td.opt_set(TidyQuiet,false);
+ td.opt_set(TidyShowWarnings,false);
+#endif /* NDEBUG */
+ td.opt_set(TidyForceOutput,true);
+ td.opt_set(TidyXhtmlOut,true);
+ td.opt_set(TidyDoctypeMode,TidyDoctypeOmit);
+ td.opt_set(TidyMark,false);
+ if(td.parse_string(save_html)<=0)
+ throw exception_tidy(OPKELE_CP_ "tidy failed to parse document");
+ if(td.clean_and_repair()<=0)
+ throw exception_tidy(OPKELE_CP_ "tidy failed to clean and repair");
+ util::tidy_buf_t tide;
+ if(td.save_buffer(tide)<=0)
+ throw exception_tidy(OPKELE_CP_ "tidy failed to save buffer");
+ prepare_to_parse();
+ parse(tide.c_str(),tide.size(),true);
+ }catch(exception_tidy& et) { }
+ }
+ save_html.clear();
+ }
+
+ void prepare_to_parse() {
+ (*(expat_t*)this) = parser_create_ns();
+ set_user_data(); set_element_handler();
+ set_character_data_handler();
+
+ if(xmode&xmode_html) {
+ html_openid1.clear(); html_openid2.clear();
+ parser_choked = false;
+ }
+
+ cdata = 0; xrd_service = 0; skipping = 0;
+ status_code = 100; status_string.clear();
+ }
+
+ void html2xrd(XRD_t& x) {
+ if(!html_openid1.uris.empty()) {
+ html_openid1.types.insert(STURI_OPENID11);
+ x.services.add(-1,html_openid1);
+ }
+ if(!html_openid2.uris.empty()) {
+ html_openid2.types.insert(STURI_OPENID20);
+ x.services.add(-1,html_openid2);
+ }
+ }
+
+ size_t write(void *p,size_t s,size_t nm) {
+ /* TODO: limit total size */
+ size_t bytes = s*nm;
+ const char *inbuf = (const char*)p;
+ if(xmode&xmode_html) {
+ size_t mbts = save_html.capacity()-save_html.size();
+ size_t bts = 0;
+ if(mbts>0) {
+ bts = (bytes>mbts)?mbts:bytes;
+ save_html.append(inbuf,bts);
+ }
+ if(skipping<0) return bts;
+ }
+ if(skipping<0) return 0;
+ bool rp = parse(inbuf,bytes,false);
+ if(!rp) {
+ parser_choked = true;
+ skipping = -1;
+ if(!(xmode&xmode_html))
+ bytes = 0;
+ }
+ return bytes;
+ }
+ size_t header(void *p,size_t s,size_t nm) {
+ size_t bytes = s*nm;
+ const char *h = (const char*)p;
+ const char *colon = (const char*)memchr(p,':',bytes);
+ const char *space = (const char*)memchr(p,' ',bytes);
+ if(space && ( (!colon) || space<colon ) ) {
+ xrds_location.clear(); http_content_type.clear();
+ }else if(colon) {
+ const char *hv = ++colon;
+ int hnl = colon-h;
+ int rb;
+ for(rb = bytes-hnl-1;rb>0 && isspace(*hv);++hv,--rb);
+ while(rb>0 && isspace(hv[rb-1])) --rb;
+ if(rb) {
+ if( (hnl>=sizeof(XRDS_HEADER))
+ && !strncasecmp(h,XRDS_HEADER":",
+ sizeof(XRDS_HEADER)) ) {
+ xrds_location.assign(hv,rb);
+ }else if( (hnl>=sizeof(CT_HEADER))
+ && !strncasecmp(h,CT_HEADER":",
+ sizeof(CT_HEADER)) ) {
+ const char *sc = (const char*)memchr(
+ hv,';',rb);
+ http_content_type.assign(hv,sc?(sc-hv):rb);
+ }
+ }
+ }
+ return curl_t::header(p,s,nm);
+ }
+
+ void start_element(const XML_Char *n,const XML_Char **a) {
+ if(skipping<0) return;
+ if(skipping) {
+ if(xmode&xmode_html)
+ html_start_element(n,a);
+ ++skipping; return;
+ }
+ if(pt_stack.empty()) {
+ if(is_qelement(n,NSURI_XRDS "\tXRDS"))
+ return;
+ if(is_qelement(n,NSURI_XRD "\tXRD")) {
+ assert(xrd);
+ xrd->clear();
+ pt_stack.push_back(n);
+ }else if(xmode&xmode_html) {
+ html_start_element(n,a);
+ }else{
+ skipping = -1;
+ }
+ }else{
+ int pt_s = pt_stack.size();
+ if(pt_s==1) {
+ if(is_qelement(n,NSURI_XRD "\tCanonicalID")) {
+ assert(xrd);
+ cdata = &(xrd->canonical_ids.add(element_priority(a),string()));
+ }else if(is_qelement(n,NSURI_XRD "\tLocalID")) {
+ assert(xrd);
+ cdata = &(xrd->local_ids.add(element_priority(a),string()));
+ }else if(is_qelement(n,NSURI_XRD "\tProviderID")) {
+ assert(xrd);
+ cdata = &(xrd->provider_id);
+ }else if(is_qelement(n,NSURI_XRD "\tService")) {
+ assert(xrd);
+ xrd_service = &(xrd->services.add(element_priority(a),
+ service_t()));
+ pt_stack.push_back(n);
+ }else if(is_qelement(n,NSURI_XRD "\tStatus")) {
+ for(;*a;) {
+ if(!strcasecmp(*(a++),"code")) {
+ if(sscanf(*(a++),"%ld",&status_code)==1 && status_code!=100) {
+ cdata = &status_string;
+ pt_stack.push_back(n);
+ break;
+ }
+ }
+ }
+ }else if(is_qelement(n,NSURI_XRD "\tExpires")) {
+ assert(xrd);
+ cdata_buf.clear();
+ cdata = &cdata_buf;
+ }else if(xmode&xmode_html) {
+ html_start_element(n,a);
+ }else{
+ skipping = 1;
+ }
+ }else if(pt_s==2) {
+ if(is_qelement(pt_stack.back().c_str(), NSURI_XRD "\tService")) {
+ if(is_qelement(n,NSURI_XRD "\tType")) {
+ assert(xrd); assert(xrd_service);
+ cdata_buf.clear();
+ cdata = &cdata_buf;
+ }else if(is_qelement(n,NSURI_XRD "\tURI")) {
+ assert(xrd); assert(xrd_service);
+ cdata = &(xrd_service->uris.add(element_priority(a),string()));
+ }else if(is_qelement(n,NSURI_XRD "\tLocalID")
+ || is_qelement(n,NSURI_OPENID10 "\tDelegate") ) {
+ assert(xrd); assert(xrd_service);
+ cdata = &(xrd_service->local_ids.add(element_priority(a),string()));
+ }else if(is_qelement(n,NSURI_XRD "\tProviderID")) {
+ assert(xrd); assert(xrd_service);
+ cdata = &(xrd_service->provider_id);
+ }else{
+ skipping = 1;
+ }
+ }else
+ skipping = 1;
+ }else if(xmode&xmode_html) {
+ html_start_element(n,a);
+ }else{
+ skipping = 1;
+ }
+ }
+ }
+ void end_element(const XML_Char *n) {
+ if(skipping<0) return;
+ if(skipping) {
+ --skipping; return;
+ }
+ if(is_qelement(n,NSURI_XRD "\tType")) {
+ assert(xrd); assert(xrd_service); assert(cdata==&cdata_buf);
+ xrd_service->types.insert(cdata_buf);
+ }else if(is_qelement(n,NSURI_XRD "\tService")) {
+ assert(xrd); assert(xrd_service);
+ assert(!pt_stack.empty());
+ assert(pt_stack.back()==(NSURI_XRD "\tService"));
+ pt_stack.pop_back();
+ xrd_service = 0;
+ }else if(is_qelement(n,NSURI_XRD "\tStatus")) {
+ assert(xrd);
+ if(is_qelement(pt_stack.back().c_str(),n)) {
+ assert(cdata==&status_string);
+ pt_stack.pop_back();
+ if(status_code!=100)
+ skipping = -1;
+ }
+ }else if(is_qelement(n,NSURI_XRD "\tExpires")) {
+ assert(xrd);
+ xrd->expires = util::w3c_to_time(cdata_buf);
+ }else if((xmode&xmode_html) && is_element(n,"head")) {
+ skipping = -1;
+ }
+ cdata = 0;
+ }
+ void character_data(const XML_Char *s,int l) {
+ if(skipping) return;
+ if(cdata) cdata->append(s,l);
+ }
+
+ void html_start_element(const XML_Char *n,const XML_Char **a) {
+ if(is_element(n,"meta")) {
+ bool heq = false;
+ string l;
+ for(;*a;a+=2) {
+ if(!( strcasecmp(a[0],"http-equiv")
+ || strcasecmp(a[1],XRDS_HEADER) ))
+ heq = true;
+ else if(!strcasecmp(a[0],"content"))
+ l.assign(a[1]);
+ }
+ if(heq)
+ xrds_location = l;
+ }else if(is_element(n,"link")) {
+ string rels;
+ string href;
+ for(;*a;a+=2) {
+ if( !strcasecmp(a[0],"rel") ) {
+ rels.assign(a[1]);
+ }else if( !strcasecmp(a[0],"href") ) {
+ const char *ns = a[1];
+ for(;*ns && isspace(*ns);++ns);
+ href.assign(ns);
+ string::size_type lns=href.find_last_not_of(whitespace);
+ href.erase(lns+1);
+ }
+ }
+ for(string::size_type ns=rels.find_first_not_of(whitespace);
+ ns!=string::npos; ns=rels.find_first_not_of(whitespace,ns)) {
+ string::size_type s = rels.find_first_of(whitespace,ns);
+ string rel;
+ if(s==string::npos) {
+ rel.assign(rels,ns,string::npos);
+ ns = string::npos;
+ }else{
+ rel.assign(rels,ns,s-ns);
+ ns = s;
+ }
+ if(rel=="openid.server")
+ html_openid1.uris.add(-1,href);
+ else if(rel=="openid.delegate")
+ html_openid1.local_ids.add(-1,href);
+ else if(rel=="openid2.provider")
+ html_openid2.uris.add(-1,href);
+ else if(rel=="openid2.local_id")
+ html_openid2.local_ids.add(-1,href);
+ }
+ }else if(is_element(n,"body")) {
+ skipping = -1;
+ }
+ }
+
+ };
+
+ void idiscover(idiscovery_t& result,const string& identity) {
+ idigger_t idigger;
+ idigger.discover(result,identity);
+ }
+
+}
diff --git a/lib/exception.cc b/lib/exception.cc
index 510982e..e32594b 100644
--- a/lib/exception.cc
+++ b/lib/exception.cc
@@ -1,29 +1,51 @@
#include <openssl/err.h>
#include <curl/curl.h>
#include <opkele/exception.h>
+#include <opkele/debug.h>
namespace opkele {
# ifndef OPKELE_HAVE_KONFORKA
+ exception::exception(const string& w)
+ : _what(w)
+ {
+ DOUT_("throwing exception(\""<<w<<"\")");
+ }
+
exception::~exception() throw() {
}
const char *exception::what() const throw() {
return _what.c_str();
}
+
+# else
+ exception::exception(const string& fi,const string& fu,int l,const string& w)
+ : konforka::exception(fi,fu,l,w)
+ {
+ DOUT_("throwing exception(\""<<w<<"\")");
+ DOUT_(" from "<<fi<<':'<<fu<<':'<<l);
+ }
+
# endif
exception_openssl::exception_openssl(OPKELE_E_PARS)
: exception(OPKELE_E_CONS_ w+" ["+ERR_error_string(ERR_peek_last_error(),0)+']'),
_error(ERR_peek_last_error()),
_ssl_string(ERR_error_string(_error,0)) {
}
exception_curl::exception_curl(OPKELE_E_PARS)
: exception_network(OPKELE_E_CONS), _error(CURLE_OK) { }
exception_curl::exception_curl(OPKELE_E_PARS,CURLcode e)
: exception_network(OPKELE_E_CONS_ w+" ["+curl_easy_strerror(e)+']'),
_error(e), _curl_string(curl_easy_strerror(e)) { }
+ exception_tidy::exception_tidy(OPKELE_E_PARS)
+ : exception(OPKELE_E_CONS), _rc(0) { }
+ exception_tidy::exception_tidy(OPKELE_E_PARS,int r)
+ : exception(OPKELE_E_CONS),
+ _rc(r) { }
+
}
diff --git a/lib/expat.cc b/lib/expat.cc
new file mode 100644
index 0000000..fa6fdde
--- a/dev/null
+++ b/lib/expat.cc
@@ -0,0 +1,96 @@
+#include <opkele/expat.h>
+
+namespace opkele {
+
+ namespace util {
+
+ expat_t::~expat_t() throw() {
+ if(_x)
+ XML_ParserFree(_x);
+ }
+
+ expat_t& expat_t::operator=(XML_Parser x) {
+ if(_x)
+ XML_ParserFree(_x);
+ _x = x;
+ }
+
+ static void _start_element(void* ud,const XML_Char *n,const XML_Char **a) {
+ ((expat_t*)ud)->start_element(n,a);
+ }
+ static void _end_element(void *ud,const XML_Char *n) {
+ ((expat_t*)ud)->end_element(n);
+ }
+
+ void expat_t::set_element_handler() {
+ assert(_x);
+ XML_SetElementHandler(_x,_start_element,_end_element);
+ }
+
+ static void _character_data(void *ud,const XML_Char *s,int l) {
+ ((expat_t*)ud)->character_data(s,l);
+ }
+
+ void expat_t::set_character_data_handler() {
+ assert(_x);
+ XML_SetCharacterDataHandler(_x,_character_data);
+ }
+
+ static void _processing_instruction(void *ud,const XML_Char *t,const XML_Char *d) {
+ ((expat_t*)ud)->processing_instruction(t,d);
+ }
+
+ void expat_t::set_processing_instruction_handler() {
+ assert(_x);
+ XML_SetProcessingInstructionHandler(_x,_processing_instruction);
+ }
+
+ static void _comment(void *ud,const XML_Char *d) {
+ ((expat_t*)ud)->comment(d);
+ }
+
+ void expat_t::set_comment_handler() {
+ assert(_x);
+ XML_SetCommentHandler(_x,_comment);
+ }
+
+ static void _start_cdata_section(void *ud) {
+ ((expat_t*)ud)->start_cdata_section();
+ }
+ static void _end_cdata_section(void *ud) {
+ ((expat_t*)ud)->end_cdata_section();
+ }
+
+ void expat_t::set_cdata_section_handler() {
+ assert(_x);
+ XML_SetCdataSectionHandler(_x,_start_cdata_section,_end_cdata_section);
+ }
+
+ static void _default_handler(void *ud,const XML_Char *s,int l) {
+ ((expat_t*)ud)->default_handler(s,l);
+ }
+
+ void expat_t::set_default_handler() {
+ assert(_x);
+ XML_SetDefaultHandler(_x,_default_handler);
+ }
+ void expat_t::set_default_handler_expand() {
+ assert(_x);
+ XML_SetDefaultHandlerExpand(_x,_default_handler);
+ }
+
+ static void _start_namespace_decl(void *ud,const XML_Char *p,const XML_Char *u) {
+ ((expat_t*)ud)->start_namespace_decl(p,u);
+ }
+ static void _end_namespace_decl(void *ud,const XML_Char *p) {
+ ((expat_t*)ud)->end_namespace_decl(p);
+ }
+
+ void expat_t::set_namespace_decl_handler() {
+ assert(_x);
+ XML_SetNamespaceDeclHandler(_x,_start_namespace_decl,_end_namespace_decl);
+ }
+
+ }
+
+}
diff --git a/lib/params.cc b/lib/params.cc
index ea86d3a..7a572c1 100644
--- a/lib/params.cc
+++ b/lib/params.cc
@@ -1,108 +1,121 @@
#include <opkele/types.h>
#include <opkele/exception.h>
#include <opkele/util.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include "config.h"
namespace opkele {
using namespace std;
bool params_t::has_param(const string& n) const {
return find(n)!=end();
}
const string& params_t::get_param(const string& n) const {
const_iterator i = find(n);
if(i==end())
throw failed_lookup(OPKELE_CP_ n+": no such parameter");
return i->second;
}
string& params_t::get_param(const string& n) {
iterator i = find(n);
if(i==end())
throw failed_lookup(OPKELE_CP_ n+": no such parameter");
return i->second;
}
void params_t::parse_keyvalues(const string& kv) {
clear();
string::size_type p = 0;
while(true) {
string::size_type co = kv.find(':',p);
if(co==string::npos)
break;
#ifndef POSTELS_LAW
string::size_type nl = kv.find('\n',co+1);
if(nl==string::npos)
throw bad_input(OPKELE_CP_ "malformed input");
if(nl>co)
insert(value_type(kv.substr(p,co-p),kv.substr(co+1,nl-co-1)));
p = nl+1;
#else /* POSTELS_LAW */
string::size_type lb = kv.find_first_of("\r\n",co+1);
if(lb==string::npos) {
insert(value_type(kv.substr(p,co-p),kv.substr(co+1)));
break;
}
if(lb>co)
insert(value_type(kv.substr(p,co-p),kv.substr(co+1,lb-co-1)));
string::size_type nolb = kv.find_first_not_of("\r\n",lb);
if(nolb==string::npos)
break;
p = nolb;
#endif /* POSTELS_LAW */
}
}
void params_t::sign(secret_t secret,string& sig,const string& slist,const char *prefix) const {
string kv;
string::size_type p = 0;
while(true) {
string::size_type co = slist.find(',',p);
string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
kv += f;
kv += ':';
if(prefix) f.insert(0,prefix);
kv += get_param(f);
kv += '\n';
if(co==string::npos)
break;
p = co+1;
}
unsigned int md_len = 0;
unsigned char *md = HMAC(
EVP_sha1(),
&(secret.front()),secret.size(),
(const unsigned char *)kv.data(),kv.length(),
0,&md_len);
sig = util::encode_base64(md,md_len);
}
string params_t::append_query(const string& url,const char *prefix) const {
string rv = url;
bool p = true;
if(rv.find('?')==string::npos) {
rv += '?';
p = false;
}
for(const_iterator i=begin();i!=end();++i) {
if(p)
rv += '&';
else
p = true;
rv += prefix;
rv += i->first;
rv += '=';
rv += util::url_encode(i->second);
}
return rv;
}
+ string params_t::query_string(const char *prefix) const {
+ string rv;
+ for(const_iterator i=begin();i!=end();++i) {
+ if(!rv.empty())
+ rv += '&';
+ rv += prefix;
+ rv += i->first;
+ rv += '=';
+ rv += util::url_encode(i->second);
+ }
+ return rv;
+ }
+
ostream& operator << (ostream& o,const params_t& p) {
for(params_t::const_iterator i=p.begin();i!=p.end();++i)
o << i->first << ':' << i->second << '\n';
return o;
}
}
diff --git a/lib/secret.cc b/lib/secret.cc
index 632a2ca..d538890 100644
--- a/lib/secret.cc
+++ b/lib/secret.cc
@@ -1,49 +1,45 @@
#include <algorithm>
#include <functional>
#include <opkele/types.h>
#include <opkele/exception.h>
#include <opkele/util.h>
namespace opkele {
using namespace std;
template<class __a1,class __a2,class __r>
struct bitwise_xor : public binary_function<__a1,__a2,__r> {
__r operator() (const __a1& a1,const __a2& a2) const {
return a1^a2;
}
};
- void secret_t::enxor_to_base64(const unsigned char *key_sha1,string& rv) const {
- if(size()!=20)
- throw bad_input(OPKELE_CP_ "wrong secret size");
+ void secret_t::enxor_to_base64(const unsigned char *key_d,string& rv) const {
vector<unsigned char> tmp;
transform(
begin(), end(),
- key_sha1,
+ key_d,
back_insert_iterator<vector<unsigned char> >(tmp),
bitwise_xor<unsigned char,unsigned char,unsigned char>() );
rv = util::encode_base64(&(tmp.front()),tmp.size());
}
- void secret_t::enxor_from_base64(const unsigned char *key_sha1,const string& b64) {
+ void secret_t::enxor_from_base64(const unsigned char *key_d,const string& b64) {
clear();
util::decode_base64(b64,*this);
transform(
begin(), end(),
- key_sha1,
+ key_d,
begin(),
bitwise_xor<unsigned char,unsigned char,unsigned char>() );
}
void secret_t::to_base64(string& rv) const {
- if(size()!=20)
- throw bad_input(OPKELE_CP_ "wrong secret size");
rv = util::encode_base64(&(front()),size());
}
void secret_t::from_base64(const string& b64) {
util::decode_base64(b64,*this);
}
}
diff --git a/lib/sreg.cc b/lib/sreg.cc
index 60dc691..03edf57 100644
--- a/lib/sreg.cc
+++ b/lib/sreg.cc
@@ -1,124 +1,126 @@
#include <opkele/exception.h>
#include <opkele/sreg.h>
+#include <opkele/uris.h>
#include <algorithm>
namespace opkele {
using std::find;
static const struct _sreg_field {
const char *fieldname;
sreg_t::fieldbit_t fieldbit;
} fields[] = {
{ "nickname", sreg_t::field_nickname },
{ "email", sreg_t::field_email },
{ "fullname", sreg_t::field_fullname },
{ "dob", sreg_t::field_dob },
{ "gender", sreg_t::field_gender },
{ "postcode", sreg_t::field_postcode },
{ "country", sreg_t::field_country },
{ "language", sreg_t::field_language },
{ "timezone", sreg_t::field_timezone }
};
# define fields_BEGIN fields
# define fields_END &fields[sizeof(fields)/sizeof(*fields)]
typedef const struct _sreg_field *fields_iterator;
bool operator==(const struct _sreg_field& fd,const string& fn) {
return fd.fieldname==fn;
}
void sreg_t::checkid_hook(params_t& p,const string& /* identity */) {
string fr, fo;
for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
if(f->fieldbit&fields_required) {
if(!fr.empty()) fr+=",";
fr += f->fieldname;
}
if(f->fieldbit&fields_optional) {
if(!fo.empty()) fo+=",";
fo += f->fieldname;
}
}
+ p["ns.sreg"] = OIURI_SREG11;
if(!fr.empty()) p["sreg.required"]=fr;
if(!fo.empty()) p["sreg.optional"]=fo;
if(!policy_url.empty()) p["sreg.policy_url"]=policy_url;
}
void sreg_t::id_res_hook(const params_t& /* p */,const params_t& sp,const string& /* identity */) {
clear();
for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
string fn = "sreg."; fn+=f->fieldname;
if(!sp.has_param(fn)) continue;
has_fields |= f->fieldbit;
response[f->fieldbit]=sp.get_param(fn);
}
}
const string& sreg_t::get_field(fieldbit_t fb) const {
response_t::const_iterator i = response.find(fb);
if(i==response.end())
throw failed_lookup(OPKELE_CP_ "no field data available");
return i->second;
}
void sreg_t::set_field(fieldbit_t fb,const string& fv) {
response[fb] = fv;
has_fields |= fb;
}
void sreg_t::reset_field(fieldbit_t fb) {
has_fields &= ~fb;
response.erase(fb);
}
void sreg_t::clear() {
has_fields = 0; response.clear();
}
static long fields_list_to_bitmask(string& fl) {
long rv = 0;
while(!fl.empty()) {
string::size_type co = fl.find(',');
string fn;
if(co==string::npos) {
fn = fl; fl.erase();
}else{
fn = fl.substr(0,co); fl.erase(0,co+1);
}
fields_iterator f = find(fields_BEGIN,fields_END,fn);
if(f!=fields_END)
rv |= f->fieldbit;
}
return rv;
}
void sreg_t::checkid_hook(const params_t& pin,params_t& pout) {
fields_optional = 0; fields_required = 0; policy_url.erase();
fields_response = 0;
try {
string fl = pin.get_param("openid.sreg.required");
fields_required = fields_list_to_bitmask(fl);
}catch(failed_lookup&) { }
try {
string fl = pin.get_param("openid.sreg.optional");
fields_optional = fields_list_to_bitmask(fl);
}catch(failed_lookup&) { }
try {
policy_url = pin.get_param("openid.sreg.policy_url");
}catch(failed_lookup&) { }
setup_response(pin,pout);
fields_response &= has_fields;
for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
if(!(f->fieldbit&fields_response)) continue;
if(!pout["signed"].empty())
pout["signed"] +=',';
string pn = "sreg."; pn += f->fieldname;
pout["signed"] += pn;
pout[pn] = get_field(f->fieldbit);
}
}
void sreg_t::setup_response(const params_t& /* pin */,params_t& /* pout */) {
fields_response = (fields_required|fields_optional)&has_fields;
}
}
diff --git a/lib/util.cc b/lib/util.cc
index 416e2cc..a9b9bed 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -1,295 +1,316 @@
#include <errno.h>
#include <cassert>
#include <cctype>
#include <cstring>
#include <vector>
#include <string>
#include <stack>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <curl/curl.h>
#include "opkele/util.h"
#include "opkele/exception.h"
namespace opkele {
using namespace std;
namespace util {
/*
* base64
*/
string encode_base64(const void *data,size_t length) {
BIO *b64 = 0, *bmem = 0;
try {
b64 = BIO_new(BIO_f_base64());
if(!b64)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder");
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
BIO_set_flags(b64,BIO_CLOSE);
if(!bmem)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer");
BIO_push(b64,bmem);
if(((size_t)BIO_write(b64,data,length))!=length)
throw exception_openssl(OPKELE_CP_ "failed to BIO_write()");
if(BIO_flush(b64)!=1)
throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()");
char *rvd;
long rvl = BIO_get_mem_data(bmem,&rvd);
string rv(rvd,rvl);
BIO_free_all(b64);
return rv;
}catch(...) {
if(b64) BIO_free_all(b64);
throw;
}
}
void decode_base64(const string& data,vector<unsigned char>& rv) {
BIO *b64 = 0, *bmem = 0;
rv.clear();
try {
bmem = BIO_new_mem_buf((void*)data.data(),data.size());
if(!bmem)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()");
b64 = BIO_new(BIO_f_base64());
if(!b64)
throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder");
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
BIO_push(b64,bmem);
unsigned char tmp[512];
size_t rb = 0;
while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0)
rv.insert(rv.end(),tmp,&tmp[rb]);
BIO_free_all(b64);
}catch(...) {
if(b64) BIO_free_all(b64);
throw;
}
}
/*
* big numerics
*/
BIGNUM *base64_to_bignum(const string& b64) {
vector<unsigned char> bin;
decode_base64(b64,bin);
BIGNUM *rv = BN_bin2bn(&(bin.front()),bin.size(),0);
if(!rv)
throw failed_conversion(OPKELE_CP_ "failed to BN_bin2bn()");
return rv;
}
BIGNUM *dec_to_bignum(const string& dec) {
BIGNUM *rv = 0;
if(!BN_dec2bn(&rv,dec.c_str()))
throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()");
return rv;
}
string bignum_to_base64(const BIGNUM *bn) {
vector<unsigned char> bin(BN_num_bytes(bn)+1);
unsigned char *binptr = &(bin.front())+1;
int l = BN_bn2bin(bn,binptr);
if(l && (*binptr)&0x80){
(*(--binptr)) = 0; ++l;
}
return encode_base64(binptr,l);
}
/*
* w3c times
*/
string time_to_w3c(time_t t) {
struct tm tm_t;
if(!gmtime_r(&t,&tm_t))
throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()");
char rv[25];
if(!strftime(rv,sizeof(rv)-1,"%Y-%m-%dT%H:%M:%SZ",&tm_t))
throw failed_conversion(OPKELE_CP_ "failed to strftime()");
return rv;
}
time_t w3c_to_time(const string& w) {
+ int fraction;
struct tm tm_t;
memset(&tm_t,0,sizeof(tm_t));
- if(
+ if( (
+ sscanf(
+ w.c_str(),
+ "%04d-%02d-%02dT%02d:%02d:%02dZ",
+ &tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday,
+ &tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec
+ ) != 6
+ ) && (
sscanf(
w.c_str(),
- "%04d-%02d-%02dT%02d:%02d:%02dZ",
+ "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ",
&tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday,
- &tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec
- ) != 6 )
+ &tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec,
+ &fraction
+ ) != 7
+ ) )
throw failed_conversion(OPKELE_CP_ "failed to sscanf()");
tm_t.tm_mon--;
tm_t.tm_year-=1900;
time_t rv = mktime(&tm_t);
if(rv==(time_t)-1)
throw failed_conversion(OPKELE_CP_ "failed to mktime()");
- return rv;
+ return rv-timezone;
}
/*
*
*/
string url_encode(const string& str) {
char * t = curl_escape(str.c_str(),str.length());
if(!t)
throw failed_conversion(OPKELE_CP_ "failed to curl_escape()");
string rv(t);
curl_free(t);
return rv;
}
string long_to_string(long l) {
char rv[32];
int r=snprintf(rv,sizeof(rv),"%ld",l);
if(r<0 || r>=(int)sizeof(rv))
throw failed_conversion(OPKELE_CP_ "failed to snprintf()");
return rv;
}
long string_to_long(const string& s) {
char *endptr = 0;
long rv = strtol(s.c_str(),&endptr,10);
if((!endptr) || endptr==s.c_str())
throw failed_conversion(OPKELE_CP_ "failed to strtol()");
return rv;
}
/*
* Normalize URL according to the rules, described in rfc 3986, section 6
*
- * - uppercase hext triplets (e.g. %ab -> %AB)
+ * - uppercase hex triplets (e.g. %ab -> %AB)
* - lowercase scheme and host
* - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3,
* that is - [:alpha:][:digit:]._~-
* - remove dot segments
* - remove empty and default ports
* - if there's no path component, add '/'
*/
string rfc_3986_normalize_uri(const string& uri) {
+ static const char *whitespace = " \t\r\n";
string rv;
- string::size_type colon = uri.find(':');
+ string::size_type ns = uri.find_first_not_of(whitespace);
+ if(ns==string::npos)
+ throw bad_input(OPKELE_CP_ "Can't normalize empty URI");
+ string::size_type colon = uri.find(':',ns);
if(colon==string::npos)
throw bad_input(OPKELE_CP_ "No scheme specified in URI");
transform(
- uri.begin(), uri.begin()+colon+1,
+ uri.begin()+ns, uri.begin()+colon+1,
back_inserter(rv), ::tolower );
bool s;
- if(rv=="http:")
- s = false;
- else if(rv=="https:")
- s = true;
- else
- throw not_implemented(OPKELE_CP_ "Only http(s) URIs can be normalized here");
- string::size_type ul = uri.length();
+ string::size_type ul = uri.find_last_not_of(whitespace)+1;
if(ul <= (colon+3))
throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered");
if(uri[colon+1]!='/' || uri[colon+2]!='/')
throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");
+ if(rv=="http:")
+ s = false;
+ else if(rv=="https:")
+ s = true;
+ else{
+ /* TODO: support more schemes.
+ * e.g. xri. How do we normalize
+ * xri?
+ */
+ rv.append(uri,colon+1,ul-colon-1);
+ return rv;
+ }
rv += "//";
string::size_type interesting = uri.find_first_of(":/#?",colon+3);
if(interesting==string::npos) {
transform(
- uri.begin()+colon+3,uri.end(),
+ uri.begin()+colon+3,uri.begin()+ul,
back_inserter(rv), ::tolower );
rv += '/'; return rv;
}
transform(
uri.begin()+colon+3,uri.begin()+interesting,
back_inserter(rv), ::tolower );
bool qf = false;
char ic = uri[interesting];
if(ic==':') {
string::size_type ni = uri.find_first_of("/#?%",interesting+1);
const char *nptr = uri.data()+interesting+1;
char *eptr = 0;
long port = strtol(nptr,&eptr,10);
if( (port>0) && (port<65535) && port!=(s?443:80) ) {
char tmp[8];
snprintf(tmp,sizeof(tmp),":%ld",port);
rv += tmp;
}
if(ni==string::npos) {
rv += '/'; return rv;
}
interesting = ni;
}else if(ic!='/') {
rv += '/'; rv += ic;
qf = true;
++interesting;
}
string::size_type n = interesting;
char tmp[3] = { 0,0,0 };
stack<string::size_type> psegs; psegs.push(rv.length());
string pseg;
for(;n<ul;) {
string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);
if(unsafe==string::npos) {
pseg.append(uri,n,ul-n-1); n = ul-1;
}else{
pseg.append(uri,n,unsafe-n);
n = unsafe;
}
char c = uri[n++];
if(c=='%') {
if((n+1)>=ul)
throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");
tmp[0] = uri[n++];
tmp[1] = uri[n++];
if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) ))
throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized");
int cc = strtol(tmp,0,16);
if( isalpha(cc) || isdigit(cc) || strchr("._~-",cc) )
pseg += cc;
else{
pseg += '%';
pseg += toupper(tmp[0]); pseg += toupper(tmp[1]);
}
}else if(qf) {
rv += pseg; rv += c;
pseg.clear();
}else if(n>=ul || strchr("?/#",c)) {
if(pseg.empty() || pseg==".") {
}else if(pseg=="..") {
if(psegs.size()>1) {
rv.resize(psegs.top()); psegs.pop();
}
}else{
psegs.push(rv.length());
if(c!='/') {
pseg += c;
qf = true;
}
rv += '/'; rv += pseg;
}
if(c=='/' && (n>=ul || strchr("?#",uri[n])) ) {
rv += '/';
if(n<ul)
qf = true;
}else if(strchr("?#",c)) {
if(psegs.size()==1 && psegs.top()==rv.length())
rv += '/';
if(pseg.empty())
rv += c;
qf = true;
}
pseg.clear();
}else{
pseg += c;
}
}
if(!pseg.empty()) {
- rv += '/'; rv += pseg;
+ if(!qf) rv += '/';
+ rv += pseg;
}
return rv;
}
}
}
diff --git a/libopkele.pc.in b/libopkele.pc.in
index bc67362..011f2fe 100644
--- a/libopkele.pc.in
+++ b/libopkele.pc.in
@@ -1,11 +1,11 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: libopkele
Description: C++ implementation of OpenID protocol
Version: @VERSION@
Requires: openssl libpcre @KONFORKA_KONFORKA@
-Cflags: -I${includedir} @LIBCURL_CPPFLAGS@ @PCRE_CFLAGS@
-Libs: -L${libdir} -lopkele @LIBCURL@ @PCRE_LIBS@
+Cflags: -I${includedir} @LIBCURL_CPPFLAGS@ @PCRE_CFLAGS@ @EXPAT_CFLAGS@ @TIDY_CFLAGS@
+Libs: -L${libdir} -lopkele @LIBCURL@ @PCRE_LIBS@ @EXPAT_LIBS@ @TIDY_LIBS@
diff --git a/test/.gitignore b/test/.gitignore
index 918b3c9..31ae686 100644
--- a/test/.gitignore
+++ b/test/.gitignore
@@ -1,4 +1,5 @@
/.deps
/.libs
/test
*.o
+/idiscover
diff --git a/test/Makefile.am b/test/Makefile.am
index 0d1c0ef..b573d55 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -1,12 +1,16 @@
-noinst_PROGRAMS = test
+noinst_PROGRAMS = test idiscover
+AM_CPPFLAGS=${CPPFLAGS_DEBUG}
DEFAULT_INCLUDES = -I${top_builddir}
INCLUDES = -I${top_srcdir}/include/ ${KONFORKA_CFLAGS} ${LIBCURL_CPPFLAGS}
test_SOURCES = test.cc
test_LDADD = ${top_builddir}/lib/libopkele.la
EXTRA_DIST=$(addsuffix .html,$(addprefix html/, \
empty head-in-body hkn-delegate hkn-server hkn in-body \
unclosed-head spaced-links spaced-link-attrs 2rels \
))
+
+idiscover_SOURCES = idiscover.cc
+idiscover_LDADD = ${top_builddir}/lib/libopkele.la
diff --git a/test/idiscover.cc b/test/idiscover.cc
new file mode 100644
index 0000000..d9a7c62
--- a/dev/null
+++ b/test/idiscover.cc
@@ -0,0 +1,54 @@
+#include <iostream>
+#include <stdexcept>
+#include <iterator>
+#include <algorithm>
+using namespace std;
+#include <opkele/exception.h>
+#include <opkele/discovery.h>
+
+template<typename _PDT>
+ ostream& operator<<(ostream& o,const opkele::xrd::priority_map<_PDT>& pm) {
+ for(typename opkele::xrd::priority_map<_PDT>::const_iterator i=pm.begin();
+ i!=pm.end();++i)
+ o << ' ' << i->second << '[' << i->first << ']';
+ return o;
+ }
+
+ostream& operator<<(ostream& o,const opkele::xrd::service_t s) {
+ o << "{" << endl
+ << " Type: ";
+ copy(s.types.begin(),s.types.end(),
+ ostream_iterator<string>(o," "));
+ o << endl
+ << " URI: " << s.uris << endl
+ << " LocalID: " << s.local_ids << endl
+ << " ProviderID: " << s.provider_id << endl;
+ o << "}";
+}
+
+int main(int argc,char **argv) {
+ try {
+ if(argc<2)
+ throw opkele::exception(OPKELE_CP_ "Please, give me something to resolve");
+ for(int a=1;a<argc;++a) {
+ opkele::idiscovery_t discovery(argv[a]);
+ clog
+ << "===============================================================" << endl
+ << "User-supplied ID: " << argv[a] << endl
+ << "Normalized ID: " << discovery.normalized_id << endl
+ << "Canonicalized ID: " << discovery.canonicalized_id << endl
+ << "The identity is " << (discovery.xri_identity?"":"not ") << "an i-name" << endl;
+ if(discovery.xrd.expires)
+ clog << "Information expires in " << discovery.xrd.expires-time(0) << " seconds" << endl;
+ clog << endl
+ << "CanonicalID: " << discovery.xrd.canonical_ids << endl
+ << "LocalID: " << discovery.xrd.local_ids << endl
+ << "ProviderID: " << discovery.xrd.provider_id << endl
+ << "Services: " << discovery.xrd.services << endl;
+ }
+ }catch(exception& e) {
+ cerr << "oops: " << e.what() << endl;
+ _exit(1);
+ }
+ _exit(0);
+}