summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/types.h18
-rw-r--r--lib/params.cc13
-rw-r--r--lib/secret.cc12
3 files changed, 30 insertions, 13 deletions
diff --git a/include/opkele/types.h b/include/opkele/types.h
index 520618d..ca07df5 100644
--- a/include/opkele/types.h
+++ b/include/opkele/types.h
@@ -1,235 +1,243 @@
1#ifndef __OPKELE_TYPES_H 1#ifndef __OPKELE_TYPES_H
2#define __OPKELE_TYPES_H 2#define __OPKELE_TYPES_H
3 3
4/** 4/**
5 * @file 5 * @file
6 * @brief various types declarations 6 * @brief various types declarations
7 */ 7 */
8 8
9#include <ostream> 9#include <ostream>
10#include <vector> 10#include <vector>
11#include <string> 11#include <string>
12#include <map> 12#include <map>
13#include <memory> 13#include <memory>
14#include <set> 14#include <set>
15 15
16namespace opkele { 16namespace opkele {
17 using std::vector; 17 using std::vector;
18 using std::string; 18 using std::string;
19 using std::map; 19 using std::map;
20 using std::ostream; 20 using std::ostream;
21 using std::auto_ptr; 21 using std::auto_ptr;
22 using std::multimap; 22 using std::multimap;
23 using std::set; 23 using std::set;
24 24
25 /** 25 /**
26 * the OpenID operation mode 26 * the OpenID operation mode
27 */ 27 */
28 typedef enum _mode_t { 28 typedef enum _mode_t {
29 mode_associate, 29 mode_associate,
30 mode_checkid_immediate, 30 mode_checkid_immediate,
31 mode_checkid_setup, 31 mode_checkid_setup,
32 mode_check_association 32 mode_check_association
33 } mode_t; 33 } mode_t;
34 34
35 /** 35 /**
36 * the association secret container 36 * the association secret container
37 */ 37 */
38 class secret_t : public vector<unsigned char> { 38 class secret_t : public vector<unsigned char> {
39 public: 39 public:
40 40
41 /** 41 /**
42 * xor the secret and hmac together and encode, using base64 42 * xor the secret and hmac together and encode, using base64
43 * @param key_sha1 pointer to the sha1 digest 43 * @param key_d pointer to the message digest
44 * @param rv reference to the return value 44 * @param rv reference to the return value
45 */ 45 */
46 void enxor_to_base64(const unsigned char *key_sha1,string& rv) const; 46 void enxor_to_base64(const unsigned char *key_d,string& rv) const;
47 /** 47 /**
48 * decode base64-encoded secret and xor it with the sha1 digest 48 * decode base64-encoded secret and xor it with the message digest
49 * @param key_sha1 pointer to the message digest 49 * @param key_d pointer to the message digest
50 * @param b64 base64-encoded secret value 50 * @param b64 base64-encoded secret value
51 */ 51 */
52 void enxor_from_base64(const unsigned char *key_sha1,const string& b64); 52 void enxor_from_base64(const unsigned char *key_d,const string& b64);
53 /** 53 /**
54 * plainly encode to base64 representation 54 * plainly encode to base64 representation
55 * @param rv reference to the return value 55 * @param rv reference to the return value
56 */ 56 */
57 void to_base64(string& rv) const; 57 void to_base64(string& rv) const;
58 /** 58 /**
59 * decode cleartext secret from base64 59 * decode cleartext secret from base64
60 * @param b64 base64-encoded representation of the secret value 60 * @param b64 base64-encoded representation of the secret value
61 */ 61 */
62 void from_base64(const string& b64); 62 void from_base64(const string& b64);
63 }; 63 };
64 64
65 /** 65 /**
66 * Interface to the association. 66 * Interface to the association.
67 */ 67 */
68 class association_t { 68 class association_t {
69 public: 69 public:
70 70
71 virtual ~association_t() { } 71 virtual ~association_t() { }
72 72
73 /** 73 /**
74 * retrieve the server with which association was established. 74 * retrieve the server with which association was established.
75 * @return server name 75 * @return server name
76 */ 76 */
77 virtual string server() const = 0; 77 virtual string server() const = 0;
78 /** 78 /**
79 * retrieve the association handle. 79 * retrieve the association handle.
80 * @return handle 80 * @return handle
81 */ 81 */
82 virtual string handle() const = 0; 82 virtual string handle() const = 0;
83 /** 83 /**
84 * retrieve the association type. 84 * retrieve the association type.
85 * @return association type 85 * @return association type
86 */ 86 */
87 virtual string assoc_type() const = 0; 87 virtual string assoc_type() const = 0;
88 /** 88 /**
89 * retrieve the association secret. 89 * retrieve the association secret.
90 * @return association secret 90 * @return association secret
91 */ 91 */
92 virtual secret_t secret() const = 0; 92 virtual secret_t secret() const = 0;
93 /** 93 /**
94 * retrieve the number of seconds the association expires in. 94 * retrieve the number of seconds the association expires in.
95 * @return seconds till expiration 95 * @return seconds till expiration
96 */ 96 */
97 virtual int expires_in() const = 0; 97 virtual int expires_in() const = 0;
98 /** 98 /**
99 * check whether the association is stateless. 99 * check whether the association is stateless.
100 * @return true if stateless 100 * @return true if stateless
101 */ 101 */
102 virtual bool stateless() const = 0; 102 virtual bool stateless() const = 0;
103 /** 103 /**
104 * check whether the association is expired. 104 * check whether the association is expired.
105 * @return true if expired 105 * @return true if expired
106 */ 106 */
107 virtual bool is_expired() const = 0; 107 virtual bool is_expired() const = 0;
108 }; 108 };
109 109
110 /** 110 /**
111 * the auto_ptr<> for association_t object type 111 * the auto_ptr<> for association_t object type
112 */ 112 */
113 typedef auto_ptr<association_t> assoc_t; 113 typedef auto_ptr<association_t> assoc_t;
114 114
115 /** 115 /**
116 * request/response parameters map 116 * request/response parameters map
117 */ 117 */
118 class params_t : public map<string,string> { 118 class params_t : public map<string,string> {
119 public: 119 public:
120 120
121 /** 121 /**
122 * check whether the parameter is present. 122 * check whether the parameter is present.
123 * @param n the parameter name 123 * @param n the parameter name
124 * @return true if yes 124 * @return true if yes
125 */ 125 */
126 bool has_param(const string& n) const; 126 bool has_param(const string& n) const;
127 /** 127 /**
128 * retrieve the parameter (const version) 128 * retrieve the parameter (const version)
129 * @param n the parameter name 129 * @param n the parameter name
130 * @return the parameter value 130 * @return the parameter value
131 * @throw failed_lookup if there is no such parameter 131 * @throw failed_lookup if there is no such parameter
132 */ 132 */
133 const string& get_param(const string& n) const; 133 const string& get_param(const string& n) const;
134 /** 134 /**
135 * retrieve the parameter. 135 * retrieve the parameter.
136 * @param n the parameter name 136 * @param n the parameter name
137 * @return the parameter value 137 * @return the parameter value
138 * @throw failed_lookup if there is no such parameter 138 * @throw failed_lookup if there is no such parameter
139 */ 139 */
140 string& get_param(const string& n); 140 string& get_param(const string& n);
141 141
142 /** 142 /**
143 * parse the OpenID key/value data. 143 * parse the OpenID key/value data.
144 * @param kv the OpenID key/value data 144 * @param kv the OpenID key/value data
145 */ 145 */
146 void parse_keyvalues(const string& kv); 146 void parse_keyvalues(const string& kv);
147 /** 147 /**
148 * sign the fields. 148 * sign the fields.
149 * @param secret the secret used for signing 149 * @param secret the secret used for signing
150 * @param sig reference to the string, containing base64-encoded 150 * @param sig reference to the string, containing base64-encoded
151 * result 151 * result
152 * @param slist the comma-separated list of fields to sign 152 * @param slist the comma-separated list of fields to sign
153 * @param prefix the string to prepend to parameter names 153 * @param prefix the string to prepend to parameter names
154 */ 154 */
155 void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const; 155 void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const;
156 156
157 /** 157 /**
158 * append parameters to the URL as a GET-request parameters. 158 * append parameters to the URL as a GET-request parameters.
159 * @param url the base URL 159 * @param url the base URL
160 * @param prefix the string to prepend to parameter names 160 * @param prefix the string to prepend to parameter names
161 * @return the ready-to-use location 161 * @return the ready-to-use location
162 */ 162 */
163 string append_query(const string& url,const char *prefix = "openid.") const; 163 string append_query(const string& url,const char *prefix = "openid.") const;
164
165 /**
166 * make up a query string suitable for use in GET and POST
167 * requests.
168 * @param prefix string to prened to parameter names
169 * @return query string
170 */
171 string query_string(const char *prefix = "openid.") const;
164 }; 172 };
165 173
166 /** 174 /**
167 * dump the key/value pairs for the parameters to the stream. 175 * dump the key/value pairs for the parameters to the stream.
168 * @param o output stream 176 * @param o output stream
169 * @param p the parameters 177 * @param p the parameters
170 */ 178 */
171 ostream& operator << (ostream& o,const params_t& p); 179 ostream& operator << (ostream& o,const params_t& p);
172 180
173 namespace xrd { 181 namespace xrd {
174 182
175 struct priority_compare { 183 struct priority_compare {
176 inline bool operator()(long a,long b) const { 184 inline bool operator()(long a,long b) const {
177 return (a<0) ? false : (b<0) ? false : (a<b); 185 return (a<0) ? false : (b<0) ? false : (a<b);
178 } 186 }
179 }; 187 };
180 188
181 template <typename _DT> 189 template <typename _DT>
182 class priority_map : public multimap<long,_DT,priority_compare> { 190 class priority_map : public multimap<long,_DT,priority_compare> {
183 typedef multimap<long,_DT,priority_compare> map_type; 191 typedef multimap<long,_DT,priority_compare> map_type;
184 public: 192 public:
185 193
186 inline _DT& add(long priority,const _DT& d) { 194 inline _DT& add(long priority,const _DT& d) {
187 return insert(typename map_type::value_type(priority,d))->second; 195 return insert(typename map_type::value_type(priority,d))->second;
188 } 196 }
189 }; 197 };
190 198
191 typedef priority_map<string> canonical_ids_t; 199 typedef priority_map<string> canonical_ids_t;
192 typedef priority_map<string> local_ids_t; 200 typedef priority_map<string> local_ids_t;
193 typedef set<string> types_t; 201 typedef set<string> types_t;
194 typedef priority_map<string> uris_t; 202 typedef priority_map<string> uris_t;
195 203
196 class service_t { 204 class service_t {
197 public: 205 public:
198 types_t types; 206 types_t types;
199 uris_t uris; 207 uris_t uris;
200 local_ids_t local_ids; 208 local_ids_t local_ids;
201 209
202 void clear() { 210 void clear() {
203 types.clear(); 211 types.clear();
204 uris.clear(); local_ids.clear(); 212 uris.clear(); local_ids.clear();
205 } 213 }
206 }; 214 };
207 typedef priority_map<service_t> services_t; 215 typedef priority_map<service_t> services_t;
208 216
209 class XRD_t { 217 class XRD_t {
210 public: 218 public:
211 time_t expires; 219 time_t expires;
212 220
213 canonical_ids_t canonical_ids; 221 canonical_ids_t canonical_ids;
214 local_ids_t local_ids; 222 local_ids_t local_ids;
215 services_t services; 223 services_t services;
216 224
217 void clear() { 225 void clear() {
218 expires = 0; 226 expires = 0;
219 canonical_ids.clear(); local_ids.clear(); 227 canonical_ids.clear(); local_ids.clear();
220 services.clear(); 228 services.clear();
221 } 229 }
222 bool empty() const { 230 bool empty() const {
223 return 231 return
224 canonical_ids.empty() 232 canonical_ids.empty()
225 && local_ids.empty() 233 && local_ids.empty()
226 && services.empty(); 234 && services.empty();
227 } 235 }
228 236
229 }; 237 };
230 238
231 } 239 }
232 240
233} 241}
234 242
235#endif /* __OPKELE_TYPES_H */ 243#endif /* __OPKELE_TYPES_H */
diff --git a/lib/params.cc b/lib/params.cc
index ea86d3a..7a572c1 100644
--- a/lib/params.cc
+++ b/lib/params.cc
@@ -1,108 +1,121 @@
1#include <opkele/types.h> 1#include <opkele/types.h>
2#include <opkele/exception.h> 2#include <opkele/exception.h>
3#include <opkele/util.h> 3#include <opkele/util.h>
4#include <openssl/sha.h> 4#include <openssl/sha.h>
5#include <openssl/hmac.h> 5#include <openssl/hmac.h>
6 6
7#include "config.h" 7#include "config.h"
8 8
9namespace opkele { 9namespace opkele {
10 using namespace std; 10 using namespace std;
11 11
12 bool params_t::has_param(const string& n) const { 12 bool params_t::has_param(const string& n) const {
13 return find(n)!=end(); 13 return find(n)!=end();
14 } 14 }
15 const string& params_t::get_param(const string& n) const { 15 const string& params_t::get_param(const string& n) const {
16 const_iterator i = find(n); 16 const_iterator i = find(n);
17 if(i==end()) 17 if(i==end())
18 throw failed_lookup(OPKELE_CP_ n+": no such parameter"); 18 throw failed_lookup(OPKELE_CP_ n+": no such parameter");
19 return i->second; 19 return i->second;
20 } 20 }
21 string& params_t::get_param(const string& n) { 21 string& params_t::get_param(const string& n) {
22 iterator i = find(n); 22 iterator i = find(n);
23 if(i==end()) 23 if(i==end())
24 throw failed_lookup(OPKELE_CP_ n+": no such parameter"); 24 throw failed_lookup(OPKELE_CP_ n+": no such parameter");
25 return i->second; 25 return i->second;
26 } 26 }
27 27
28 void params_t::parse_keyvalues(const string& kv) { 28 void params_t::parse_keyvalues(const string& kv) {
29 clear(); 29 clear();
30 string::size_type p = 0; 30 string::size_type p = 0;
31 while(true) { 31 while(true) {
32 string::size_type co = kv.find(':',p); 32 string::size_type co = kv.find(':',p);
33 if(co==string::npos) 33 if(co==string::npos)
34 break; 34 break;
35#ifndef POSTELS_LAW 35#ifndef POSTELS_LAW
36 string::size_type nl = kv.find('\n',co+1); 36 string::size_type nl = kv.find('\n',co+1);
37 if(nl==string::npos) 37 if(nl==string::npos)
38 throw bad_input(OPKELE_CP_ "malformed input"); 38 throw bad_input(OPKELE_CP_ "malformed input");
39 if(nl>co) 39 if(nl>co)
40 insert(value_type(kv.substr(p,co-p),kv.substr(co+1,nl-co-1))); 40 insert(value_type(kv.substr(p,co-p),kv.substr(co+1,nl-co-1)));
41 p = nl+1; 41 p = nl+1;
42#else /* POSTELS_LAW */ 42#else /* POSTELS_LAW */
43 string::size_type lb = kv.find_first_of("\r\n",co+1); 43 string::size_type lb = kv.find_first_of("\r\n",co+1);
44 if(lb==string::npos) { 44 if(lb==string::npos) {
45 insert(value_type(kv.substr(p,co-p),kv.substr(co+1))); 45 insert(value_type(kv.substr(p,co-p),kv.substr(co+1)));
46 break; 46 break;
47 } 47 }
48 if(lb>co) 48 if(lb>co)
49 insert(value_type(kv.substr(p,co-p),kv.substr(co+1,lb-co-1))); 49 insert(value_type(kv.substr(p,co-p),kv.substr(co+1,lb-co-1)));
50 string::size_type nolb = kv.find_first_not_of("\r\n",lb); 50 string::size_type nolb = kv.find_first_not_of("\r\n",lb);
51 if(nolb==string::npos) 51 if(nolb==string::npos)
52 break; 52 break;
53 p = nolb; 53 p = nolb;
54#endif /* POSTELS_LAW */ 54#endif /* POSTELS_LAW */
55 } 55 }
56 } 56 }
57 57
58 void params_t::sign(secret_t secret,string& sig,const string& slist,const char *prefix) const { 58 void params_t::sign(secret_t secret,string& sig,const string& slist,const char *prefix) const {
59 string kv; 59 string kv;
60 string::size_type p = 0; 60 string::size_type p = 0;
61 while(true) { 61 while(true) {
62 string::size_type co = slist.find(',',p); 62 string::size_type co = slist.find(',',p);
63 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 63 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
64 kv += f; 64 kv += f;
65 kv += ':'; 65 kv += ':';
66 if(prefix) f.insert(0,prefix); 66 if(prefix) f.insert(0,prefix);
67 kv += get_param(f); 67 kv += get_param(f);
68 kv += '\n'; 68 kv += '\n';
69 if(co==string::npos) 69 if(co==string::npos)
70 break; 70 break;
71 p = co+1; 71 p = co+1;
72 } 72 }
73 unsigned int md_len = 0; 73 unsigned int md_len = 0;
74 unsigned char *md = HMAC( 74 unsigned char *md = HMAC(
75 EVP_sha1(), 75 EVP_sha1(),
76 &(secret.front()),secret.size(), 76 &(secret.front()),secret.size(),
77 (const unsigned char *)kv.data(),kv.length(), 77 (const unsigned char *)kv.data(),kv.length(),
78 0,&md_len); 78 0,&md_len);
79 sig = util::encode_base64(md,md_len); 79 sig = util::encode_base64(md,md_len);
80 } 80 }
81 81
82 string params_t::append_query(const string& url,const char *prefix) const { 82 string params_t::append_query(const string& url,const char *prefix) const {
83 string rv = url; 83 string rv = url;
84 bool p = true; 84 bool p = true;
85 if(rv.find('?')==string::npos) { 85 if(rv.find('?')==string::npos) {
86 rv += '?'; 86 rv += '?';
87 p = false; 87 p = false;
88 } 88 }
89 for(const_iterator i=begin();i!=end();++i) { 89 for(const_iterator i=begin();i!=end();++i) {
90 if(p) 90 if(p)
91 rv += '&'; 91 rv += '&';
92 else 92 else
93 p = true; 93 p = true;
94 rv += prefix; 94 rv += prefix;
95 rv += i->first; 95 rv += i->first;
96 rv += '='; 96 rv += '=';
97 rv += util::url_encode(i->second); 97 rv += util::url_encode(i->second);
98 } 98 }
99 return rv; 99 return rv;
100 } 100 }
101 101
102 string params_t::query_string(const char *prefix) const {
103 string rv;
104 for(const_iterator i=begin();i!=end();++i) {
105 if(!rv.empty())
106 rv += '&';
107 rv += prefix;
108 rv += i->first;
109 rv += '=';
110 rv += util::url_encode(i->second);
111 }
112 return rv;
113 }
114
102 ostream& operator << (ostream& o,const params_t& p) { 115 ostream& operator << (ostream& o,const params_t& p) {
103 for(params_t::const_iterator i=p.begin();i!=p.end();++i) 116 for(params_t::const_iterator i=p.begin();i!=p.end();++i)
104 o << i->first << ':' << i->second << '\n'; 117 o << i->first << ':' << i->second << '\n';
105 return o; 118 return o;
106 } 119 }
107 120
108} 121}
diff --git a/lib/secret.cc b/lib/secret.cc
index 632a2ca..d538890 100644
--- a/lib/secret.cc
+++ b/lib/secret.cc
@@ -1,49 +1,45 @@
1#include <algorithm> 1#include <algorithm>
2#include <functional> 2#include <functional>
3#include <opkele/types.h> 3#include <opkele/types.h>
4#include <opkele/exception.h> 4#include <opkele/exception.h>
5#include <opkele/util.h> 5#include <opkele/util.h>
6 6
7namespace opkele { 7namespace opkele {
8 using namespace std; 8 using namespace std;
9 9
10 template<class __a1,class __a2,class __r> 10 template<class __a1,class __a2,class __r>
11 struct bitwise_xor : public binary_function<__a1,__a2,__r> { 11 struct bitwise_xor : public binary_function<__a1,__a2,__r> {
12 __r operator() (const __a1& a1,const __a2& a2) const { 12 __r operator() (const __a1& a1,const __a2& a2) const {
13 return a1^a2; 13 return a1^a2;
14 } 14 }
15 }; 15 };
16 16
17 void secret_t::enxor_to_base64(const unsigned char *key_sha1,string& rv) const { 17 void secret_t::enxor_to_base64(const unsigned char *key_d,string& rv) const {
18 if(size()!=20)
19 throw bad_input(OPKELE_CP_ "wrong secret size");
20 vector<unsigned char> tmp; 18 vector<unsigned char> tmp;
21 transform( 19 transform(
22 begin(), end(), 20 begin(), end(),
23 key_sha1, 21 key_d,
24 back_insert_iterator<vector<unsigned char> >(tmp), 22 back_insert_iterator<vector<unsigned char> >(tmp),
25 bitwise_xor<unsigned char,unsigned char,unsigned char>() ); 23 bitwise_xor<unsigned char,unsigned char,unsigned char>() );
26 rv = util::encode_base64(&(tmp.front()),tmp.size()); 24 rv = util::encode_base64(&(tmp.front()),tmp.size());
27 } 25 }
28 26
29 void secret_t::enxor_from_base64(const unsigned char *key_sha1,const string& b64) { 27 void secret_t::enxor_from_base64(const unsigned char *key_d,const string& b64) {
30 clear(); 28 clear();
31 util::decode_base64(b64,*this); 29 util::decode_base64(b64,*this);
32 transform( 30 transform(
33 begin(), end(), 31 begin(), end(),
34 key_sha1, 32 key_d,
35 begin(), 33 begin(),
36 bitwise_xor<unsigned char,unsigned char,unsigned char>() ); 34 bitwise_xor<unsigned char,unsigned char,unsigned char>() );
37 } 35 }
38 36
39 void secret_t::to_base64(string& rv) const { 37 void secret_t::to_base64(string& rv) const {
40 if(size()!=20)
41 throw bad_input(OPKELE_CP_ "wrong secret size");
42 rv = util::encode_base64(&(front()),size()); 38 rv = util::encode_base64(&(front()),size());
43 } 39 }
44 40
45 void secret_t::from_base64(const string& b64) { 41 void secret_t::from_base64(const string& b64) {
46 util::decode_base64(b64,*this); 42 util::decode_base64(b64,*this);
47 } 43 }
48 44
49} 45}