summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/consumer.h6
-rw-r--r--include/opkele/exception.h9
-rw-r--r--lib/consumer.cc6
-rw-r--r--lib/util.cc6
4 files changed, 21 insertions, 6 deletions
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h
index 50ff692..c463787 100644
--- a/include/opkele/consumer.h
+++ b/include/opkele/consumer.h
@@ -38,64 +38,69 @@ namespace opkele {
38 * retrieve stored association. The function should be overridden 38 * retrieve stored association. The function should be overridden
39 * in the real implementation to provide persistent assocations 39 * in the real implementation to provide persistent assocations
40 * store. 40 * store.
41 * 41 *
42 * @note 42 * @note
43 * The user is responsible for handling associations expiry and 43 * The user is responsible for handling associations expiry and
44 * this function should never return an expired or invalidated 44 * this function should never return an expired or invalidated
45 * association. 45 * association.
46 * 46 *
47 * @param server the OpenID server 47 * @param server the OpenID server
48 * @param handle association handle 48 * @param handle association handle
49 * @return the autho_ptr<> for the newly allocated association_t object 49 * @return the autho_ptr<> for the newly allocated association_t object
50 * @throw failed_lookup if no unexpired association found 50 * @throw failed_lookup if no unexpired association found
51 */ 51 */
52 virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; 52 virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0;
53 /** 53 /**
54 * invalidate stored association. The function should be overridden 54 * invalidate stored association. The function should be overridden
55 * in the real implementation of the consumer. 55 * in the real implementation of the consumer.
56 * @param server the OpenID server 56 * @param server the OpenID server
57 * @param handle association handle 57 * @param handle association handle
58 */ 58 */
59 virtual void invalidate_assoc(const string& server,const string& handle) = 0; 59 virtual void invalidate_assoc(const string& server,const string& handle) = 0;
60 /** 60 /**
61 * retrieve any unexpired association for the server. If the 61 * retrieve any unexpired association for the server. If the
62 * function is not overridden in the real implementation, the new 62 * function is not overridden in the real implementation, the new
63 * association will be established for each request. 63 * association will be established for each request.
64 * 64 *
65 * @note 65 * @note
66 * The user is responsible for handling associations and this 66 * The user is responsible for handling associations and this
67 * function should never return an expired or invalidated 67 * function should never return an expired or invalidated
68 * association. 68 * association.
69 * 69 *
70 * @note
71 * It may be a good idea to pre-expire associations shortly before
72 * their time is really up to avoid association expiry in the
73 * middle of negotiations.
74 *
70 * @param server the OpenID server 75 * @param server the OpenID server
71 * @return the auto_ptr<> for the newly allocated association_t object 76 * @return the auto_ptr<> for the newly allocated association_t object
72 * @throw failed_lookup in case of absence of the handle 77 * @throw failed_lookup in case of absence of the handle
73 */ 78 */
74 virtual assoc_t find_assoc(const string& server); 79 virtual assoc_t find_assoc(const string& server);
75 80
76 /** 81 /**
77 * retrieve the metainformation contained in link tags from the 82 * retrieve the metainformation contained in link tags from the
78 * page pointed by url. the function may implement caching of the 83 * page pointed by url. the function may implement caching of the
79 * information. 84 * information.
80 * @param url url to harvest for link tags 85 * @param url url to harvest for link tags
81 * @param server reference to the string object where to put 86 * @param server reference to the string object where to put
82 * openid.server value 87 * openid.server value
83 * @param delegate reference to the string object where to put the 88 * @param delegate reference to the string object where to put the
84 * openid.delegate value (if any) 89 * openid.delegate value (if any)
85 */ 90 */
86 virtual void retrieve_links(const string& url,string& server,string& delegate); 91 virtual void retrieve_links(const string& url,string& server,string& delegate);
87 92
88 /** 93 /**
89 * perform the associate request to OpenID server. 94 * perform the associate request to OpenID server.
90 * @param server the OpenID server 95 * @param server the OpenID server
91 * @return the auto_ptr<> for the newly allocated association_t 96 * @return the auto_ptr<> for the newly allocated association_t
92 * object, representing established association 97 * object, representing established association
93 * @throw exception in case of error 98 * @throw exception in case of error
94 */ 99 */
95 assoc_t associate(const string& server); 100 assoc_t associate(const string& server);
96 /** 101 /**
97 * prepare the parameters for the checkid_immediate 102 * prepare the parameters for the checkid_immediate
98 * request. 103 * request.
99 * @param identity the identity to verify 104 * @param identity the identity to verify
100 * @param return_to the return_to url to pass with the request 105 * @param return_to the return_to url to pass with the request
101 * @param trust_root the trust root to advertise with the request 106 * @param trust_root the trust root to advertise with the request
@@ -108,61 +113,62 @@ namespace opkele {
108 * prepare the parameters for the checkid_setup 113 * prepare the parameters for the checkid_setup
109 * request. 114 * request.
110 * @param identity the identity to verify 115 * @param identity the identity to verify
111 * @param return_to the return_to url to pass with the request 116 * @param return_to the return_to url to pass with the request
112 * @param trust_root the trust root to advertise with the request 117 * @param trust_root the trust root to advertise with the request
113 * @param ext pointer to an extension(s) hooks object 118 * @param ext pointer to an extension(s) hooks object
114 * @return the location string 119 * @return the location string
115 * @throw exception in case of error 120 * @throw exception in case of error
116 */ 121 */
117 virtual string checkid_setup(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); 122 virtual string checkid_setup(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
118 /** 123 /**
119 * the actual implementation behind checkid_immediate() and 124 * the actual implementation behind checkid_immediate() and
120 * checkid_setup() functions. 125 * checkid_setup() functions.
121 * @param mode checkid_* mode - either mode_checkid_immediate or mode_checkid_setup 126 * @param mode checkid_* mode - either mode_checkid_immediate or mode_checkid_setup
122 * @param identity the identity to verify 127 * @param identity the identity to verify
123 * @param return_to the return_to url to pass with the request 128 * @param return_to the return_to url to pass with the request
124 * @param trust_root the trust root to advertise with the request 129 * @param trust_root the trust root to advertise with the request
125 * @param ext pointer to an extension(s) hooks object 130 * @param ext pointer to an extension(s) hooks object
126 * @return the location string 131 * @return the location string
127 * @throw exception in case of error 132 * @throw exception in case of error
128 */ 133 */
129 virtual string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); 134 virtual string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0);
130 /** 135 /**
131 * verify the id_res response 136 * verify the id_res response
132 * @param pin the response parameters 137 * @param pin the response parameters
133 * @param identity the identity being checked (if not specified, 138 * @param identity the identity being checked (if not specified,
134 * @param ext pointer to an extension(s) hooks object 139 * @param ext pointer to an extension(s) hooks object
135 * extracted from the openid.identity parameter 140 * extracted from the openid.identity parameter
136 * @throw id_res_mismatch in case of signature mismatch 141 * @throw id_res_mismatch in case of signature mismatch
137 * @throw id_res_setup in case of openid.user_setup_url failure 142 * @throw id_res_setup in case of openid.user_setup_url failure
138 * (supposedly checkid_immediate only) 143 * (supposedly checkid_immediate only)
139 * @throw id_res_failed in case of failure 144 * @throw id_res_failed in case of failure
145 * @throw id_res_expired_on_delivery if the association expired before it could've been verified
140 * @throw exception in case of other failures 146 * @throw exception in case of other failures
141 */ 147 */
142 virtual void id_res(const params_t& pin,const string& identity="",extension_t *ext=0); 148 virtual void id_res(const params_t& pin,const string& identity="",extension_t *ext=0);
143 /** 149 /**
144 * perform a check_authentication request. 150 * perform a check_authentication request.
145 * @param server the OpenID server 151 * @param server the OpenID server
146 * @param p request parameters 152 * @param p request parameters
147 */ 153 */
148 void check_authentication(const string& server,const params_t& p); 154 void check_authentication(const string& server,const params_t& p);
149 155
150 /** 156 /**
151 * normalize URL by adding http:// and trailing slash if needed. 157 * normalize URL by adding http:// and trailing slash if needed.
152 * @param url 158 * @param url
153 * @return normalized url 159 * @return normalized url
154 */ 160 */
155 static string normalize(const string& url); 161 static string normalize(const string& url);
156 162
157 /** 163 /**
158 * Canonicalize URL, by normalizing its appearance and following redirects. 164 * Canonicalize URL, by normalizing its appearance and following redirects.
159 * @param url 165 * @param url
160 * @return canonicalized url 166 * @return canonicalized url
161 */ 167 */
162 virtual string canonicalize(const string& url); 168 virtual string canonicalize(const string& url);
163 169
164 }; 170 };
165 171
166} 172}
167 173
168#endif /* __OPKELE_CONSUMER_H */ 174#endif /* __OPKELE_CONSUMER_H */
diff --git a/include/opkele/exception.h b/include/opkele/exception.h
index a654d59..8913665 100644
--- a/include/opkele/exception.h
+++ b/include/opkele/exception.h
@@ -141,64 +141,73 @@ namespace opkele {
141 failed_check_authentication(OPKELE_E_PARS) 141 failed_check_authentication(OPKELE_E_PARS)
142 : exception(OPKELE_E_CONS) { } 142 : exception(OPKELE_E_CONS) { }
143 }; 143 };
144 144
145 /** 145 /**
146 * thrown if the id_res request result is negative 146 * thrown if the id_res request result is negative
147 */ 147 */
148 class id_res_failed : public exception { 148 class id_res_failed : public exception {
149 public: 149 public:
150 id_res_failed(OPKELE_E_PARS) 150 id_res_failed(OPKELE_E_PARS)
151 : exception(OPKELE_E_CONS) { } 151 : exception(OPKELE_E_CONS) { }
152 }; 152 };
153 /** 153 /**
154 * thrown if the user_setup_url is provided with negative response 154 * thrown if the user_setup_url is provided with negative response
155 */ 155 */
156 class id_res_setup : public id_res_failed { 156 class id_res_setup : public id_res_failed {
157 public: 157 public:
158 string setup_url; 158 string setup_url;
159 id_res_setup(OPKELE_E_PARS,const string& su) 159 id_res_setup(OPKELE_E_PARS,const string& su)
160 : id_res_failed(OPKELE_E_CONS), setup_url(su) { } 160 : id_res_failed(OPKELE_E_CONS), setup_url(su) { }
161 ~id_res_setup() throw() { } 161 ~id_res_setup() throw() { }
162 }; 162 };
163 /** 163 /**
164 * thrown in case of signature mismatch 164 * thrown in case of signature mismatch
165 */ 165 */
166 class id_res_mismatch : public id_res_failed { 166 class id_res_mismatch : public id_res_failed {
167 public: 167 public:
168 id_res_mismatch(OPKELE_E_PARS) 168 id_res_mismatch(OPKELE_E_PARS)
169 : id_res_failed(OPKELE_E_CONS) { } 169 : id_res_failed(OPKELE_E_CONS) { }
170 }; 170 };
171 171
172 /** 172 /**
173 * thrown if the association has expired before it could've been verified.
174 */
175 class id_res_expired_on_delivery : public id_res_failed {
176 public:
177 id_res_expired_on_delivery(OPKELE_E_PARS)
178 : id_res_failed(OPKELE_E_CONS) { }
179 };
180
181 /**
173 * openssl malfunction occured 182 * openssl malfunction occured
174 */ 183 */
175 class exception_openssl : public exception { 184 class exception_openssl : public exception {
176 public: 185 public:
177 unsigned long _error; 186 unsigned long _error;
178 string _ssl_string; 187 string _ssl_string;
179 exception_openssl(OPKELE_E_PARS); 188 exception_openssl(OPKELE_E_PARS);
180 ~exception_openssl() throw() { } 189 ~exception_openssl() throw() { }
181 }; 190 };
182 191
183 /** 192 /**
184 * network operation related error occured 193 * network operation related error occured
185 */ 194 */
186 class exception_network : public exception { 195 class exception_network : public exception {
187 public: 196 public:
188 exception_network(OPKELE_E_PARS) 197 exception_network(OPKELE_E_PARS)
189 : exception(OPKELE_E_CONS) { } 198 : exception(OPKELE_E_CONS) { }
190 }; 199 };
191 200
192 /** 201 /**
193 * network operation related error occured, specifically, related to 202 * network operation related error occured, specifically, related to
194 * libcurl 203 * libcurl
195 */ 204 */
196 class exception_curl : public exception_network { 205 class exception_curl : public exception_network {
197 public: 206 public:
198 CURLcode _error; 207 CURLcode _error;
199 string _curl_string; 208 string _curl_string;
200 exception_curl(OPKELE_E_PARS); 209 exception_curl(OPKELE_E_PARS);
201 exception_curl(OPKELE_E_PARS,CURLcode e); 210 exception_curl(OPKELE_E_PARS,CURLcode e);
202 ~exception_curl() throw() { } 211 ~exception_curl() throw() { }
203 }; 212 };
204 213
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 66db7dd..9f7530f 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -155,95 +155,95 @@ namespace opkele {
155 if(mode==mode_checkid_immediate) 155 if(mode==mode_checkid_immediate)
156 p["mode"]="checkid_immediate"; 156 p["mode"]="checkid_immediate";
157 else if(mode==mode_checkid_setup) 157 else if(mode==mode_checkid_setup)
158 p["mode"]="checkid_setup"; 158 p["mode"]="checkid_setup";
159 else 159 else
160 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 160 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
161 string iurl = canonicalize(identity); 161 string iurl = canonicalize(identity);
162 string server, delegate; 162 string server, delegate;
163 retrieve_links(iurl,server,delegate); 163 retrieve_links(iurl,server,delegate);
164 p["identity"] = delegate.empty()?iurl:delegate; 164 p["identity"] = delegate.empty()?iurl:delegate;
165 if(!trust_root.empty()) 165 if(!trust_root.empty())
166 p["trust_root"] = trust_root; 166 p["trust_root"] = trust_root;
167 p["return_to"] = return_to; 167 p["return_to"] = return_to;
168 try { 168 try {
169 string ah = find_assoc(server)->handle(); 169 string ah = find_assoc(server)->handle();
170 p["assoc_handle"] = ah; 170 p["assoc_handle"] = ah;
171 }catch(failed_lookup& fl) { 171 }catch(failed_lookup& fl) {
172 string ah = associate(server)->handle(); 172 string ah = associate(server)->handle();
173 p["assoc_handle"] = ah; 173 p["assoc_handle"] = ah;
174 } 174 }
175 if(ext) ext->checkid_hook(p,identity); 175 if(ext) ext->checkid_hook(p,identity);
176 return p.append_query(server); 176 return p.append_query(server);
177 } 177 }
178 178
179 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 179 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
180 if(pin.has_param("openid.user_setup_url")) 180 if(pin.has_param("openid.user_setup_url"))
181 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 181 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
182 string server,delegate; 182 string server,delegate;
183 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 183 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
184 params_t ps; 184 params_t ps;
185 try { 185 try {
186 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 186 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
187 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ 187 if(assoc->is_expired())
188 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 188 throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
189 const string& sigenc = pin.get_param("openid.sig"); 189 const string& sigenc = pin.get_param("openid.sig");
190 vector<unsigned char> sig; 190 vector<unsigned char> sig;
191 util::decode_base64(sigenc,sig); 191 util::decode_base64(sigenc,sig);
192 const string& slist = pin.get_param("openid.signed"); 192 const string& slist = pin.get_param("openid.signed");
193 string kv; 193 string kv;
194 string::size_type p = 0; 194 string::size_type p = 0;
195 while(true) { 195 while(true) {
196 string::size_type co = slist.find(',',p); 196 string::size_type co = slist.find(',',p);
197 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 197 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
198 kv += f; 198 kv += f;
199 kv += ':'; 199 kv += ':';
200 f.insert(0,"openid."); 200 f.insert(0,"openid.");
201 kv += pin.get_param(f); 201 kv += pin.get_param(f);
202 kv += '\n'; 202 kv += '\n';
203 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f); 203 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
204 if(co==string::npos) 204 if(co==string::npos)
205 break; 205 break;
206 p = co+1; 206 p = co+1;
207 } 207 }
208 secret_t secret = assoc->secret(); 208 secret_t secret = assoc->secret();
209 unsigned int md_len = 0; 209 unsigned int md_len = 0;
210 unsigned char *md = HMAC( 210 unsigned char *md = HMAC(
211 EVP_sha1(), 211 EVP_sha1(),
212 &(secret.front()),secret.size(), 212 &(secret.front()),secret.size(),
213 (const unsigned char *)kv.data(),kv.length(), 213 (const unsigned char *)kv.data(),kv.length(),
214 0,&md_len); 214 0,&md_len);
215 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len)) 215 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
216 throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); 216 throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
217 }catch(failed_lookup& e) { /* XXX: more specific? */ 217 }catch(failed_lookup& e) {
218 const string& slist = pin.get_param("openid.signed"); 218 const string& slist = pin.get_param("openid.signed");
219 string::size_type pp = 0; 219 string::size_type pp = 0;
220 params_t p; 220 params_t p;
221 while(true) { 221 while(true) {
222 string::size_type co = slist.find(',',pp); 222 string::size_type co = slist.find(',',pp);
223 string f = "openid."; 223 string f = "openid.";
224 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp); 224 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
225 p[f] = pin.get_param(f); 225 p[f] = pin.get_param(f);
226 if(co==string::npos) 226 if(co==string::npos)
227 break; 227 break;
228 pp = co+1; 228 pp = co+1;
229 } 229 }
230 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle"); 230 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
231 p["openid.sig"] = pin.get_param("openid.sig"); 231 p["openid.sig"] = pin.get_param("openid.sig");
232 p["openid.signed"] = pin.get_param("openid.signed"); 232 p["openid.signed"] = pin.get_param("openid.signed");
233 try { 233 try {
234 string ih = pin.get_param("openid.invalidate_handle"); 234 string ih = pin.get_param("openid.invalidate_handle");
235 p["openid.invalidate_handle"] = ih; 235 p["openid.invalidate_handle"] = ih;
236 }catch(failed_lookup& fl) { } 236 }catch(failed_lookup& fl) { }
237 try { 237 try {
238 check_authentication(server,p); 238 check_authentication(server,p);
239 }catch(failed_check_authentication& fca) { 239 }catch(failed_check_authentication& fca) {
240 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 240 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
241 } 241 }
242 } 242 }
243 if(ext) ext->id_res_hook(pin,ps,identity); 243 if(ext) ext->id_res_hook(pin,ps,identity);
244 } 244 }
245 245
246 void consumer_t::check_authentication(const string& server,const params_t& p) { 246 void consumer_t::check_authentication(const string& server,const params_t& p) {
247 string request = "openid.mode=check_authentication"; 247 string request = "openid.mode=check_authentication";
248 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 248 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
249 if(i->first!="openid.mode") { 249 if(i->first!="openid.mode") {
diff --git a/lib/util.cc b/lib/util.cc
index 83f0eef..4600576 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -192,67 +192,67 @@ namespace opkele {
192 throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); 192 throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");
193 if(rv=="http:") 193 if(rv=="http:")
194 s = false; 194 s = false;
195 else if(rv=="https:") 195 else if(rv=="https:")
196 s = true; 196 s = true;
197 else{ 197 else{
198 /* TODO: support more schemes. 198 /* TODO: support more schemes.
199 * e.g. xri. How do we normalize 199 * e.g. xri. How do we normalize
200 * xri? 200 * xri?
201 */ 201 */
202 rv.append(uri,colon+1,ul-colon-1); 202 rv.append(uri,colon+1,ul-colon-1);
203 return rv; 203 return rv;
204 } 204 }
205 rv += "//"; 205 rv += "//";
206 string::size_type interesting = uri.find_first_of(":/#?",colon+3); 206 string::size_type interesting = uri.find_first_of(":/#?",colon+3);
207 if(interesting==string::npos) { 207 if(interesting==string::npos) {
208 transform( 208 transform(
209 uri.begin()+colon+3,uri.begin()+ul, 209 uri.begin()+colon+3,uri.begin()+ul,
210 back_inserter(rv), ::tolower ); 210 back_inserter(rv), ::tolower );
211 rv += '/'; return rv; 211 rv += '/'; return rv;
212 } 212 }
213 transform( 213 transform(
214 uri.begin()+colon+3,uri.begin()+interesting, 214 uri.begin()+colon+3,uri.begin()+interesting,
215 back_inserter(rv), ::tolower ); 215 back_inserter(rv), ::tolower );
216 bool qf = false; 216 bool qf = false;
217 char ic = uri[interesting]; 217 char ic = uri[interesting];
218 if(ic==':') { 218 if(ic==':') {
219 string::size_type ni = uri.find_first_of("/#?%",interesting+1); 219 string::size_type ni = uri.find_first_of("/#?%",interesting+1);
220 const char *nptr = uri.data()+interesting+1; 220 const char *nptr = uri.data()+interesting+1;
221 char *eptr = 0; 221 char *eptr = 0;
222 long port = strtol(nptr,&eptr,10); 222 long port = strtol(nptr,&eptr,10);
223 if( (port>0) && (port<65535) && port!=(s?443:80) ) { 223 if( (port>0) && (port<65535) && port!=(s?443:80) ) {
224 char tmp[6]; 224 char tmp[8];
225 snprintf(tmp,sizeof(tmp),"%ld",port); 225 snprintf(tmp,sizeof(tmp),":%ld",port);
226 rv += ':'; rv += tmp; 226 rv += tmp;
227 } 227 }
228 if(ni==string::npos) { 228 if(ni==string::npos) {
229 rv += '/'; return rv; 229 rv += '/'; return rv;
230 } 230 }
231 interesting = ni; 231 interesting = ni;
232 }else if(ic!='/') { 232 }else if(ic!='/') {
233 rv += '/'; rv += ic; 233 rv += '/'; rv += ic;
234 qf = true; 234 qf = true;
235 ++interesting; 235 ++interesting;
236 } 236 }
237 string::size_type n = interesting; 237 string::size_type n = interesting;
238 char tmp[3] = { 0,0,0 }; 238 char tmp[3] = { 0,0,0 };
239 stack<string::size_type> psegs; psegs.push(rv.length()); 239 stack<string::size_type> psegs; psegs.push(rv.length());
240 string pseg; 240 string pseg;
241 for(;n<ul;) { 241 for(;n<ul;) {
242 string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n); 242 string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);
243 if(unsafe==string::npos) { 243 if(unsafe==string::npos) {
244 pseg.append(uri,n,ul-n-1); n = ul-1; 244 pseg.append(uri,n,ul-n-1); n = ul-1;
245 }else{ 245 }else{
246 pseg.append(uri,n,unsafe-n); 246 pseg.append(uri,n,unsafe-n);
247 n = unsafe; 247 n = unsafe;
248 } 248 }
249 char c = uri[n++]; 249 char c = uri[n++];
250 if(c=='%') { 250 if(c=='%') {
251 if((n+1)>=ul) 251 if((n+1)>=ul)
252 throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character"); 252 throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");
253 tmp[0] = uri[n++]; 253 tmp[0] = uri[n++];
254 tmp[1] = uri[n++]; 254 tmp[1] = uri[n++];
255 if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) )) 255 if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) ))
256 throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized"); 256 throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized");
257 int cc = strtol(tmp,0,16); 257 int cc = strtol(tmp,0,16);
258 if( isalpha(cc) || isdigit(cc) || strchr("._~-",cc) ) 258 if( isalpha(cc) || isdigit(cc) || strchr("._~-",cc) )