-rw-r--r-- | acinclude.m4 | 17 | ||||
-rw-r--r-- | configure.ac | 83 | ||||
-rw-r--r-- | include/Makefile.am | 8 | ||||
-rw-r--r-- | include/opkele/.gitignore | 1 | ||||
-rw-r--r-- | include/opkele/consumer.h | 6 | ||||
-rw-r--r-- | include/opkele/curl.h | 24 | ||||
-rw-r--r-- | include/opkele/debug.h | 17 | ||||
-rw-r--r-- | include/opkele/discovery.h | 40 | ||||
-rw-r--r-- | include/opkele/exception.h | 95 | ||||
-rw-r--r-- | include/opkele/expat.h | 91 | ||||
-rw-r--r-- | include/opkele/server.h | 4 | ||||
-rw-r--r-- | include/opkele/tidy.h | 73 | ||||
-rw-r--r-- | include/opkele/tr1-mem.h.in | 10 | ||||
-rw-r--r-- | include/opkele/types.h | 92 | ||||
-rw-r--r-- | include/opkele/uris.h | 18 | ||||
-rw-r--r-- | lib/Makefile.am | 11 | ||||
-rw-r--r-- | lib/consumer.cc | 20 | ||||
-rw-r--r-- | lib/discovery.cc | 446 | ||||
-rw-r--r-- | lib/exception.cc | 22 | ||||
-rw-r--r-- | lib/expat.cc | 96 | ||||
-rw-r--r-- | lib/params.cc | 13 | ||||
-rw-r--r-- | lib/secret.cc | 12 | ||||
-rw-r--r-- | lib/sreg.cc | 2 | ||||
-rw-r--r-- | lib/util.cc | 55 | ||||
-rw-r--r-- | libopkele.pc.in | 4 | ||||
-rw-r--r-- | test/.gitignore | 1 | ||||
-rw-r--r-- | test/Makefile.am | 6 | ||||
-rw-r--r-- | test/idiscover.cc | 54 |
28 files changed, 1247 insertions, 74 deletions
diff --git a/acinclude.m4 b/acinclude.m4 index 80defc7..fbb4cdc 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -70,97 +70,114 @@ AC_DEFUN([AC_WITH_PCRE],[ if test "${WANT_PCRE}" = "no" ; then ifelse([$2], , :, [$2]) else if test -z "${PCRE_CONFIG}" ; then AC_PATH_PROG(PCRE_CONFIG,[pcre-config],false,[${PCRE_LOCATIONS}]) if test "${PCRE_CONFIG}" = "false" ; then ifelse([$2], , :, [$2]) else HAVE_PCRE="yes" PCRE_PREFIX="`${PCRE_CONFIG} --prefix`" PCRE_EXEC_PREFIX="`${PCRE_CONFIG} --exec-prefix`" PCRE_VERSION="`${PCRE_CONFIG} --version`" PCRE_CFLAGS="`${PCRE_CONFIG} --cflags`" PCRE_LIBS="`${PCRE_CONFIG} --libs`" PCRE_CFLAGS_POSIX="`${PCRE_CONFIG} --cflags-posix`" PCRE_LIBS_POSIX="`${PCRE_CONFIG} --libs-posix`" AC_SUBST([PCRE_CONFIG]) AC_SUBST([PCRE_PREFIX]) AC_SUBST([PCRE_EXEC_PREFIX]) AC_SUBST([PCRE_VERSION]) AC_SUBST([PCRE_CFLAGS]) AC_SUBST([PCRE_LIBS]) AC_SUBST([PCRE_CFLAGS_POSIX]) AC_SUBST([PCRE_LIBS_POSIX]) AC_DEFINE([HAVE_PCRE],,[pcre support]) AC_DEFINE_UNQUOTED([PCRE_VERSION],["${PCRE_VERSION}"],[pcre version]) $1 fi fi fi ]) dnl AC_WITH_PCREPP([ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]]) dnl Outputs: dnl AC_SUBST: PCREPP_CONFIG PCREPP_PREFIX PCREPP_EXEC_PREFIX dnl PCREPP_VERSION PCREPP_CFLAGS PCREPP_LIBS dnl AC_DEFINE: HAVE_PCREPP PCREPP_VERSION dnl env: HAVE_PCREPP=yes|no AC_DEFUN([AC_WITH_PCREPP],[ HAVE_PCREPP="no" PCREPP_CONFIG="" PCREPP_PREFIX="" PCREPP_EXEC_PREFIX="" PCREPP_VERSION="" PCREPP_CFLAGS="" PCREPP_LIBS="" PCREPP_LOCATIONS="${PATH}:/usr/local/bin:/usr/bin" test -z "$WANT_PCREPP" && WANT_PCREPP="" AC_ARG_WITH([pcrepp], AC_HELP_STRING([--with-pcrepp=location],[Look for pcre++ in specified locations]), [ if test "${withval}" = "no" ; then WANT_PCREPP="no" else if test -x "${withval}" ; then PCREPP_CONFIG="${withval}" elif test -x "${withval}/pcre++-config" ; then PCREPP_CONFIG="${withval}/pcre++-config" elif test -x "${withval}/bin/pcre++-config" ; then PCREPP_CONFIG="${withval}/bin/pcre++-config" fi fi ] ) if test "${WANT_PCREPP}" = "no" ; then ifelse([$2], , :, [$2]) else if test "${HAVE_PCRE}" != "yes" ; then ifelse([$2], , :, [$2]) else if test -z "${PCREPP_CONFIG}" ; then AC_PATH_PROG([PCREPP_CONFIG],[pcre++-config],false,[${PCREPP_LOCATIONS}]) if test "${PCREPP_CONFIG}" = "false" ; then ifelse([$2], , :, [$2]) else HAVE_PCREPP="yes" PCREPP_PREFIX="`${PCREPP_CONFIG} --prefix`" PCREPP_EXEC_PREFIX="`${PCREPP_CONFIG} --exec-prefix`" PCREPP_VERSION="`${PCREPP_CONFIG} --version`" PCREPP_CFLAGS="`${PCREPP_CONFIG} --cflags` ${PCRE_CFLAGS}" PCREPP_LIBS="`${PCREPP_CONFIG} --libs` ${PCRE_LIBS}" AC_SUBST([PCREPP_CONFIG]) AC_SUBST([PCREPP_PREFIX]) AC_SUBST([PCREPP_EXEC_PREFIX]) AC_SUBST([PCREPP_VERSION]) AC_SUBST([PCREPP_CFLAGS]) AC_SUBST([PCREPP_LIBS]) AC_DEFINE([HAVE_PCREPP],,[pcre++ support]) AC_DEFINE_UNQUOTED([PCREPP_VERSION],["${PCREPP_VERSION}"],[pcre++ version]) $1 fi fi fi fi ]) +dnl AC_CHECK_SHAREDPTR(NS,HEADER[,ACTION-IF-FOUND[,ACTION-IF-NOT-FOUND]]) +AC_DEFUN([AC_CHECK_SHAREDPTR],[ + AC_LANG_PUSH([C++]) + AC_MSG_CHECKING([for $1::shared_ptr<> in $2]) + AC_COMPILE_IFELSE([ + #include <$2> + int main(int c,char**v) { $1::shared_ptr<int> spi(new int(0)); return *spi; } + ],[ + AC_MSG_RESULT([found]) + $3 + ],[ + AC_MSG_RESULT([not found]) + $4 + ]) + AC_LANG_POP([C++]) +]) + m4_include([acinclude.d/libcurl.m4]) diff --git a/configure.ac b/configure.ac index 48a5efb..c28141c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,128 +1,211 @@ AC_INIT([libopkele], [0.4], [libopkele-bugs@klever.net]) AC_CONFIG_SRCDIR([include/opkele/opkele-config.h]) AC_CONFIG_HEADERS([config.h include/opkele/acconfig.h]) AM_INIT_AUTOMAKE([dist-bzip2]) AC_PROG_INSTALL AC_PROG_CXX AC_PROG_CC AC_PROG_LIBTOOL PKG_PROG_PKG_CONFIG AC_HEADER_STDC AC_PATH_PROG([XSLTPROC],[xsltproc],[true]) AC_MSG_CHECKING([for source tree version]) if headrev=$(cd $srcdir && git rev-parse --verify HEAD 2>/dev/null) ; then PACKAGE_SRC_VERSION="$(cd $srcdir && git describe --tags $headrev)" test "$PACKAGE_SRC_VERSION" = "$PACKAGE_VERSION" \ -o "${PACKAGE_SRC_VERSION#${PACKAGE_VERSION}-}" != "$PACKAGE_SRC_VERSION" || PACKAGE_SRC_VERSION="${PACKAGE_VERSION}:${PACKAGE_SRC_VERSION}" ( cd $srcdir && git diff-index $headrev | read dirt ) && PACKAGE_SRC_VERSION="${PACKAGE_SRC_VERSION}-dirty" else PACKAGE_SRC_VERSION="$PACKAGE_VERSION" fi AC_MSG_RESULT([$PACKAGE_SRC_VERSION]) AC_SUBST([PACKAGE_SRC_VERSION]) AC_DEFINE_UNQUOTED([PACKAGE_SRC_VERSION],["$PACKAGE_SRC_VERSION"],[more or less precise source tree version]) +tr1_mem_std="false" +tr1_mem_boost="false" +AC_CHECK_SHAREDPTR(std::tr1,tr1/memory,[ tr1_mem_std=true ]) +AC_CHECK_SHAREDPTR(boost,boost/shared_ptr.hpp,[ tr1_mem_boost=true ]) +tr1_mem="" +AC_ARG_WITH([tr1-memory], + AC_HELP_STRING([--with-tr1-memory=<boost|std>],[select tr1/memory (shared_ptr<>) implementation to use]), + [ tr1_mem="$withval" ] +) +AC_MSG_CHECKING([for tr1/memory implementation to use]) +test -z "$tr1_mem" && $tr1_mem_std && tr1_mem=std +test -z "$tr1_mem" && $tr1_mem_boost && tr1_mem=boost +if test -z "$tr1_mem" ; then + AC_MSG_RESULT([none found]) +else + AC_MSG_RESULT([$tr1_mem]) +fi +case "$tr1_mem" in + std) + $tr1_mem_std || AC_MSG_ERROR([std implementation requested, but not found]) + OPKELE_TR1_MEM_NS=std::tr1 + OPKELE_TR1_MEM_HEADER=tr1/memory + ;; + boost) + $tr1_mem_boost || AC_MSG_ERROR([boost implementation requested, but not found]) + OPKELE_TR1_MEM_NS=boost + OPKELE_TR1_MEM_HEADER=boost/shared_ptr.hpp + ;; + *) + AC_MSG_ERROR([no shared_ptr<> implementation found]) + ;; +esac +AC_SUBST([OPKELE_TR1_MEM_NS]) +AC_SUBST([OPKELE_TR1_MEM_HEADER]) + PKG_CHECK_MODULES([OPENSSL],[openssl],,[ AC_MSG_ERROR([no openssl library found. get one from http://www.openssl.org/]) ]) WANT_KONFORKA="yes" AC_ARG_ENABLE([konforka], AC_HELP_STRING([--disable-konforka],[do not use konforka library (default: use if found)]), [ test "${enableval}" = "no" && WANT_KONFORKA="no" ] ) if test "${WANT_KONFORKA}" = "yes" ; then PKG_CHECK_MODULES([KONFORKA],[konforka],[ AC_SUBST([KONFORKA_CFLAGS]) AC_SUBST([KONFORKA_LIBS]) AC_DEFINE([HAVE_KONFORKA],,[defined in presence of konforka library]) AC_DEFINE([OPKELE_HAVE_KONFORKA],,[defined in presence of konforka library]) AC_SUBST([KONFORKA_KONFORKA],[konforka]) ],[true]) fi WANT_DOXYGEN="yes" AC_ARG_ENABLE([doxygen], AC_HELP_STRING([--disable-doxygen],[do not generate documentation]), [ test "${enableval}" = "no" && WANT_DOXYGEN="no" ] ) if test "${WANT_DOXYGEN}" = "yes" ; then AC_WITH_DOXYGEN AC_WITH_DOT else AM_CONDITIONAL([HAVE_DOXYGEN],[false]) AM_CONDITIONAL([HAVE_DOT],[false]) fi LIBCURL_CHECK_CONFIG(,,,[ AC_MSG_ERROR([no required libcurl library. get one from http://curl.haxx.se/]) ]) +AC_CHECK_HEADER([expat.h],[ + AC_CHECK_LIB([expat],[XML_ParserCreate],[ + EXPAT_LIBS=-lexpat + EXPAT_CFLAGS= + AC_SUBST([EXPAT_LIBS]) + AC_SUBST([EXPAT_CFLAGS]) + ],[ + AC_MSG_ERROR([no required expat library. get one from http://expat.sourceforge.net/]) + ]) +],[ + AC_MSG_ERROR([no required expat library. get one from http://expat.sourceforge.net/]) +]) + +AC_CHECK_HEADER([tidy.h],[ + AC_CHECK_LIB([tidy],[tidyParseBuffer],[ + TIDY_LIBS=-ltidy + TIDY_CFLAGS= + AC_SUBST([TIDY_LIBS]) + AC_SUBST([TIDY_CFLAGS]) + ],[ + AC_MSG_ERROR([no required htmltidy library found. get one from http://tidy.sourceforge.net/]) + ]) +],[ + AC_MSG_ERROR([no required htmltidy library found. get one from http://tidy.sourceforge.net/]) +]) + if test -n "$PCRE_LIBS" -a -n "$PCRE_CFLAGS" ; then AC_SUBST([PCRE_CFLAGS]) AC_SUBST([PCRE_LIBS]) : else PKG_CHECK_MODULES([PCRE],[libpcre],,[ AC_MSG_ERROR([no libpcre found, go get it at http://www.pcre.org/]) ]) fi curl_ssl_verify_host="true" AC_ARG_ENABLE([ssl-verify-host], AC_HELP_STRING([--disable-ssl-verify-host],[disable cURL cert/host relationships verification]), [ test "${enableval}" = "no" && curl_ssl_verify_host="false" ] ) ${curl_ssl_verify_host} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYHOST],,[defined if cURL is not to verify cert/host]) curl_ssl_verify_peer="true" AC_ARG_ENABLE([ssl-verify-peer], AC_HELP_STRING([--disable-ssl-verify-peer],[disable cURL cert validity verification]), [ test "${enableval}" = "no" && curl_ssl_verify_peer="false" ] ) ${curl_ssl_verify_peer} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYPEER],,[defined if cURL is not to verify cert validity]) postels_law=true AC_ARG_ENABLE([postels-law], AC_HELP_STRING([--disable-postels-law],[Be strict, do not adhere to Postel's Law ("be conservative in what you do, be liberal in what you accept from others", RFC 793)]), [ test "${enableval}" = "no" && postels_law=false ] ) $postels_law && AC_DEFINE([POSTELS_LAW],,[defined if we want to adhere to Postel's Law]) AC_DEFINE_UNQUOTED([OPKELE_SRC_DIR],["$PWD"],[source directory]) nitpick=false AC_ARG_ENABLE([nitpicking], AC_HELP_STRING([--enable-nitpicking],[make compiler somewhat overly fastidious about the code it deals with]), [ test "$enableval" = "no" || nitpick=true ] ) if $nitpick ; then CPP_NITPICK="-pedantic -Wall -Wextra -Wundef -Wshadow \ -Wunsafe-loop-optimizations -Wconversion -Wmissing-format-attribute \ -Wredundant-decls -ansi" # -Wlogical-op -Wmissing-noreturn C_NITPICK="$CPP_NITPICK" CXX_NITPICK="$C_NITPICK" CPPFLAGS="$CPPFLAGS $CPP_NITPICK" CFLAGS="$CFLAGS $C_NITPICK" CXXFLAGS="$CXXFLAGS $CXX_NITPICK" fi +ndebug=true +AC_ARG_ENABLE([debug], + AC_HELP_STRING([--enable-debug],[enable debugging code]), + [ test "$enableval" = "no" || ndebug=false ] +) +if $ndebug ; then + CPPFLAGS_DEBUG="-DNDEBUG" +else + CPPFLAGS_DEBUG="" +fi +AC_SUBST([CPPFLAGS_DEBUG]) + +xri_proxy_url="http://beta.xri.net/" +AC_MSG_CHECKING([for XRI resolver proxy]) +AC_ARG_ENABLE([xri-proxy], + AC_HELP_STRING([--with-xri-proxy=url],[set xri proxy for use when resolving xri identities, default is http://xr_proxy_url]), + [ xri_proxy_url="$withval" ] +) +AC_MSG_RESULT([$xri_proxy_url]) +AC_DEFINE_UNQUOTED([XRI_PROXY_URL],["$xri_proxy_url"],[XRI proxy resolver URL]) + AC_CONFIG_FILES([ Makefile libopkele.pc Doxyfile include/Makefile + include/opkele/tr1-mem.h lib/Makefile test/Makefile ]) AC_OUTPUT diff --git a/include/Makefile.am b/include/Makefile.am index b31786d..51dcea1 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1,17 +1,21 @@ nobase_include_HEADERS = \ opkele/acconfig.h \ opkele/opkele-config.h \ opkele/types.h \ opkele/association.h \ opkele/exception.h \ opkele/server.h \ opkele/consumer.h \ opkele/extension.h \ opkele/sreg.h \ opkele/extension_chain.h \ opkele/xconsumer.h \ - opkele/xserver.h + opkele/xserver.h \ + opkele/discovery.h \ + opkele/uris.h \ + opkele/tr1-mem.h EXTRA_DIST = \ opkele/data.h \ + opkele/curl.h opkele/expat.h opkele/tidy.h \ opkele/util.h \ - opkele/curl.h + opkele/debug.h diff --git a/include/opkele/.gitignore b/include/opkele/.gitignore index ffa24dc..dfc2d2c 100644 --- a/include/opkele/.gitignore +++ b/include/opkele/.gitignore @@ -1,2 +1,3 @@ acconfig.h +tr1-mem.h stamp-h2 diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h index c463787..3c1d318 100644 --- a/include/opkele/consumer.h +++ b/include/opkele/consumer.h @@ -1,174 +1,174 @@ #ifndef __OPKELE_CONSUMER_H #define __OPKELE_CONSUMER_H #include <opkele/types.h> #include <opkele/extension.h> /** * @file * @brief OpenID consumer-side functionality */ namespace opkele { /** * implementation of basic consumer functionality * * @note * The consumer uses libcurl internally, which means that if you're using * libopkele in multithreaded environment you should call curl_global_init * yourself before spawning any threads. */ class consumer_t { public: virtual ~consumer_t() { } /** * store association. The function should be overridden in the real * implementation to provide persistent associations store. * @param server the OpenID server * @param handle association handle * @param secret the secret associated with the server and handle * @param expires_in the number of seconds until the handle is expired - * @return the auto_ptr<> for the newly allocated association_t object + * @return the assoc_t for the newly allocated association_t object */ virtual assoc_t store_assoc(const string& server,const string& handle,const secret_t& secret,int expires_in) = 0; /** * retrieve stored association. The function should be overridden * in the real implementation to provide persistent assocations * store. * * @note * The user is responsible for handling associations expiry and * this function should never return an expired or invalidated * association. * * @param server the OpenID server * @param handle association handle * @return the autho_ptr<> for the newly allocated association_t object * @throw failed_lookup if no unexpired association found */ virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; /** * invalidate stored association. The function should be overridden * in the real implementation of the consumer. * @param server the OpenID server * @param handle association handle */ virtual void invalidate_assoc(const string& server,const string& handle) = 0; /** * retrieve any unexpired association for the server. If the * function is not overridden in the real implementation, the new * association will be established for each request. * * @note * The user is responsible for handling associations and this * function should never return an expired or invalidated * association. * * @note * It may be a good idea to pre-expire associations shortly before * their time is really up to avoid association expiry in the * middle of negotiations. * * @param server the OpenID server - * @return the auto_ptr<> for the newly allocated association_t object + * @return the assoc_t for the newly allocated association_t object * @throw failed_lookup in case of absence of the handle */ virtual assoc_t find_assoc(const string& server); /** * retrieve the metainformation contained in link tags from the * page pointed by url. the function may implement caching of the * information. * @param url url to harvest for link tags * @param server reference to the string object where to put * openid.server value * @param delegate reference to the string object where to put the * openid.delegate value (if any) */ virtual void retrieve_links(const string& url,string& server,string& delegate); /** * perform the associate request to OpenID server. * @param server the OpenID server - * @return the auto_ptr<> for the newly allocated association_t + * @return the assoc_t for the newly allocated association_t * object, representing established association * @throw exception in case of error */ assoc_t associate(const string& server); /** * prepare the parameters for the checkid_immediate * request. * @param identity the identity to verify * @param return_to the return_to url to pass with the request * @param trust_root the trust root to advertise with the request * @param ext pointer to an extension(s) hooks object * @return the location string * @throw exception in case of error */ virtual string checkid_immediate(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); /** * prepare the parameters for the checkid_setup * request. * @param identity the identity to verify * @param return_to the return_to url to pass with the request * @param trust_root the trust root to advertise with the request * @param ext pointer to an extension(s) hooks object * @return the location string * @throw exception in case of error */ virtual string checkid_setup(const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); /** * the actual implementation behind checkid_immediate() and * checkid_setup() functions. * @param mode checkid_* mode - either mode_checkid_immediate or mode_checkid_setup * @param identity the identity to verify * @param return_to the return_to url to pass with the request * @param trust_root the trust root to advertise with the request * @param ext pointer to an extension(s) hooks object * @return the location string * @throw exception in case of error */ virtual string checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root="",extension_t *ext=0); /** * verify the id_res response * @param pin the response parameters * @param identity the identity being checked (if not specified, * @param ext pointer to an extension(s) hooks object * extracted from the openid.identity parameter * @throw id_res_mismatch in case of signature mismatch * @throw id_res_setup in case of openid.user_setup_url failure * (supposedly checkid_immediate only) * @throw id_res_failed in case of failure * @throw id_res_expired_on_delivery if the association expired before it could've been verified * @throw exception in case of other failures */ virtual void id_res(const params_t& pin,const string& identity="",extension_t *ext=0); /** * perform a check_authentication request. * @param server the OpenID server * @param p request parameters */ void check_authentication(const string& server,const params_t& p); /** * normalize URL by adding http:// and trailing slash if needed. * @param url * @return normalized url */ static string normalize(const string& url); /** * Canonicalize URL, by normalizing its appearance and following redirects. * @param url * @return canonicalized url */ virtual string canonicalize(const string& url); }; } #endif /* __OPKELE_CONSUMER_H */ diff --git a/include/opkele/curl.h b/include/opkele/curl.h index 8020b63..5cf8e48 100644 --- a/include/opkele/curl.h +++ b/include/opkele/curl.h @@ -1,48 +1,72 @@ #ifndef __OPKELE_CURL_H #define __OPKELE_CURL_H #include <cassert> +#include <string> +#include <algorithm> #include <curl/curl.h> namespace opkele { + using std::min; + using std::string; namespace util { class curl_t { public: CURL *_c; curl_t() : _c(0) { } curl_t(CURL *c) : _c(c) { } virtual ~curl_t() throw(); curl_t& operator=(CURL *c); operator const CURL*(void) const { return _c; } operator CURL*(void) { return _c; } CURLcode misc_sets(); template<typename PT> inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); } CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); } template<typename IT> inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); } static inline CURL *easy_init() { return curl_easy_init(); } virtual size_t write(void* /* p */,size_t /* s */,size_t /* nm */) { return 0; } CURLcode set_write(); virtual int progress(double /* dlt */,double /* dln*/ ,double /* ult */,double /* uln */) { return 0; } CURLcode set_progress(); virtual size_t header(void* /* p */,size_t s,size_t nm) { return s*nm; } CURLcode set_header(); }; + template<int lim> + class curl_fetch_string_t : public curl_t { + public: + curl_fetch_string_t(CURL *c) + : curl_t(c) { } + ~curl_fetch_string_t() throw() { } + + string response; + + size_t write(void *p,size_t size,size_t nmemb) { + size_t bytes = size*nmemb; + size_t get = min(lim-response.length(),bytes); + response.append((const char *)p,get); + return get; + } + }; + + typedef curl_fetch_string_t<16384> curl_pick_t; + + } } #endif /* __OPKELE_CURL_H */ diff --git a/include/opkele/debug.h b/include/opkele/debug.h new file mode 100644 index 0000000..a02f8d4 --- a/dev/null +++ b/include/opkele/debug.h @@ -0,0 +1,17 @@ +#ifndef __OPKELE_DEBUG_H +#define __OPKELE_DEBUG_H + +#ifdef NDEBUG + +#define D_(x) ((void)0) +#define DOUT_(x) ((void)0) + +#else /* NDEBUG */ + +#define D_(x) x +#include <iostream> +#define DOUT_(x) std::clog << x << std::endl + +#endif /* NDEBUG */ + +#endif /* __OPKELE_DEBUG_H */ diff --git a/include/opkele/discovery.h b/include/opkele/discovery.h new file mode 100644 index 0000000..af4aa29 --- a/dev/null +++ b/include/opkele/discovery.h @@ -0,0 +1,40 @@ +#ifndef __OPKELE_DISCOVERY_H +#define __OPKELE_DISCOVERY_H + +#include <string> +#include <opkele/types.h> + +namespace opkele { + using std::string; + + struct idiscovery_t; + + void idiscover(idiscovery_t& result,const string& identity); + + struct idiscovery_t { + bool xri_identity; + string normalized_id; + string canonicalized_id; + xrd::XRD_t xrd; + + idiscovery_t() { } + idiscovery_t(const string& i) { + idiscover(*this,i); + } + idiscovery_t(const char *i) { + idiscover(*this,i); + } + + void clear() { + normalized_id.clear(); canonicalized_id.clear(); + xrd.clear(); + } + + idiscovery_t& operator=(const string& i) { + idiscover(*this,i); return *this; } + idiscovery_t& operator=(const char *i) { + idiscover(*this,i); return *this; } + }; +} + +#endif /* __OPKELE_DISCOVERY_H */ diff --git a/include/opkele/exception.h b/include/opkele/exception.h index 2ff44b7..a8c3339 100644 --- a/include/opkele/exception.h +++ b/include/opkele/exception.h @@ -1,235 +1,316 @@ #ifndef __OPKELE_EXCEPTION_H #define __OPKELE_EXCEPTION_H /** * @file * @brief opkele exceptions */ #include <curl/curl.h> #include <opkele/opkele-config.h> #ifdef OPKELE_HAVE_KONFORKA # include <konforka/exception.h> /** * the exception parameters declaration */ # define OPKELE_E_PARS const string& fi,const string&fu,int l,const string& w /** * the exception parameters list to pass to constructor */ # define OPKELE_E_CONS_ fi,fu,l, /** * the exception codepoint specification */ # define OPKELE_CP_ CODEPOINT, /** + * open function-try-block + */ +# define OPKELE_FUNC_TRY try +/** * the simple rethrow of konforka-based exception */ -# define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw } +# define OPKELE_RETHROW catch(konforka::exception& e) { e.see(CODEPOINT); throw; } #else /* OPKELE_HAVE_KONFORKA */ # include <exception> # include <string> /** * the exception parameter declaration */ # define OPKELE_E_PARS const string& w /** * the dummy prefix for exception parameters list to prepend in the absence of * konforka library */ # define OPKELE_E_CONS_ /** * the dummy placeholder for konforka exception codepoint specification */ # define OPKELE_CP_ /** + * the dummy define for the opening function-try-block + */ +# define OPKELE_FUNC_TRY +/** * the dummy define for the konforka-based rethrow of exception */ # define OPKELE_RETHROW #endif /* OPKELE_HAVE_KONFORKA */ /** * the exception parameters list to pass to constructor */ # define OPKELE_E_CONS OPKELE_E_CONS_ w namespace opkele { using std::string; /** * the base opkele exception class */ class exception : public # ifdef OPKELE_HAVE_KONFORKA konforka::exception # else std::exception # endif { public: # ifdef OPKELE_HAVE_KONFORKA explicit - exception(const string& fi,const string& fu,int l,const string& w) - : konforka::exception(fi,fu,l,w) { } + exception(const string& fi,const string& fu,int l,const string& w); # else /* OPKELE_HAVE_KONFORKA */ string _what; - explicit - exception(const string& w) - : _what(w) { } + explicit exception(const string& w); virtual ~exception() throw(); virtual const char * what() const throw(); # endif /* OPKELE_HAVE_KONFORKA */ }; /** * thrown in case of failed conversion */ class failed_conversion : public exception { public: failed_conversion(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown in case of failed lookup (either parameter or persistent store) */ class failed_lookup : public exception { public: failed_lookup(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown in case of bad input (either local or network) */ class bad_input : public exception { public: bad_input(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown on failed assertion */ class failed_assertion : public exception { public: failed_assertion(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown if the handle being retrieved is invalid */ class invalid_handle : public exception { public: invalid_handle(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown if the handle passed to check_authentication request is not * stateless */ class stateful_handle : public exception { public: stateful_handle(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown if check_authentication request fails */ class failed_check_authentication : public exception { public: failed_check_authentication(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown if the id_res request result is negative */ class id_res_failed : public exception { public: id_res_failed(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * thrown if the user_setup_url is provided with negative response */ class id_res_setup : public id_res_failed { public: string setup_url; - id_res_setup(OPKELE_E_PARS,const string& su) + id_res_setup(OPKELE_E_PARS,const string& su="") : id_res_failed(OPKELE_E_CONS), setup_url(su) { } ~id_res_setup() throw() { } }; /** * thrown in case of signature mismatch */ class id_res_mismatch : public id_res_failed { public: id_res_mismatch(OPKELE_E_PARS) : id_res_failed(OPKELE_E_CONS) { } }; /** * thrown if the association has expired before it could've been verified. */ class id_res_expired_on_delivery : public id_res_failed { public: id_res_expired_on_delivery(OPKELE_E_PARS) : id_res_failed(OPKELE_E_CONS) { } }; /** + * thown when the user cancelled authentication process. + */ + class id_res_cancel : public id_res_failed { + public: + id_res_cancel(OPKELE_E_PARS) + : id_res_failed(OPKELE_E_CONS) { } + }; + + /** + * thrown in case of nonce reuse or otherwise imperfect nonce. + */ + class id_res_bad_nonce : public id_res_failed { + public: + id_res_bad_nonce(OPKELE_E_PARS) + : id_res_failed(OPKELE_E_CONS) { } + }; + + /** + * thrown if return_to didn't pass verification + */ + class id_res_bad_return_to : public id_res_failed { + public: + id_res_bad_return_to(OPKELE_E_PARS) + : id_res_failed(OPKELE_E_CONS) { } + }; + + /** + * thrown if OP isn't authorized to make an assertion + */ + class id_res_unauthorized : public id_res_failed { + public: + id_res_unauthorized(OPKELE_E_PARS) + : id_res_failed(OPKELE_E_CONS) { } + }; + + /** * openssl malfunction occured */ class exception_openssl : public exception { public: unsigned long _error; string _ssl_string; exception_openssl(OPKELE_E_PARS); ~exception_openssl() throw() { } }; /** * network operation related error occured */ class exception_network : public exception { public: exception_network(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * network operation related error occured, specifically, related to * libcurl */ class exception_curl : public exception_network { public: CURLcode _error; string _curl_string; exception_curl(OPKELE_E_PARS); exception_curl(OPKELE_E_PARS,CURLcode e); ~exception_curl() throw() { } }; /** + * htmltidy related error occured + */ + class exception_tidy : public exception { + public: + int _rc; + exception_tidy(OPKELE_E_PARS); + exception_tidy(OPKELE_E_PARS,int r); + ~exception_tidy() throw() { } + }; + + /** + * exception thrown in case of failed discovery + */ + class failed_discovery : public exception { + public: + failed_discovery(OPKELE_E_PARS) + : exception(OPKELE_E_CONS) { } + }; + + /** + * unsuccessfull xri resolution + */ + class failed_xri_resolution : public failed_discovery { + public: + long _code; + failed_xri_resolution(OPKELE_E_PARS,long _c=-1) + : failed_discovery(OPKELE_E_CONS), _code(_c) { } + }; + + /** * not implemented (think pure virtual) member function executed, signfies * programmer error */ class not_implemented : public exception { public: not_implemented(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; /** * internal error, indicates internal libopkele problem */ class internal_error : public exception { public: internal_error(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; + /** + * thrown in case of unsupported parameter encountered (e.g. unsupported + * association type). + */ + class unsupported : public exception { + public: + unsupported(OPKELE_E_PARS) + : exception(OPKELE_E_CONS) { } + }; + } #endif /* __OPKELE_EXCEPTION_H */ diff --git a/include/opkele/expat.h b/include/opkele/expat.h new file mode 100644 index 0000000..60c41ac --- a/dev/null +++ b/include/opkele/expat.h @@ -0,0 +1,91 @@ +#ifndef __OPKELE_EXPAT_H +#define __OPKELE_EXPAT_H + +#include <cassert> +#include <expat.h> + +namespace opkele { + + namespace util { + + class expat_t { + public: + XML_Parser _x; + + expat_t() : _x(0) { } + expat_t(XML_Parser x) : _x(x) { } + virtual ~expat_t() throw(); + + expat_t& operator=(XML_Parser x); + + operator const XML_Parser(void) const { return _x; } + operator XML_Parser(void) { return _x; } + + inline bool parse(const char *s,int len,bool final=false) { + assert(_x); + return XML_Parse(_x,s,len,final); + } + + virtual void start_element(const XML_Char *n,const XML_Char **a) { } + virtual void end_element(const XML_Char *n) { } + void set_element_handler(); + + virtual void character_data(const XML_Char *s,int l) { } + void set_character_data_handler(); + + virtual void processing_instruction(const XML_Char *t,const XML_Char *d) { } + void set_processing_instruction_handler(); + + virtual void comment(const XML_Char *d) { } + void set_comment_handler(); + + virtual void start_cdata_section() { } + virtual void end_cdata_section() { } + void set_cdata_section_handler(); + + virtual void default_handler(const XML_Char *s,int l) { } + void set_default_handler(); + void set_default_handler_expand(); + + virtual void start_namespace_decl(const XML_Char *p,const XML_Char *u) { } + virtual void end_namespace_decl(const XML_Char *p) { } + void set_namespace_decl_handler(); + + inline enum XML_Error get_error_code() { + assert(_x); return XML_GetErrorCode(_x); } + static inline const XML_LChar *error_string(XML_Error c) { + return XML_ErrorString(c); } + + inline long get_current_byte_index() { + assert(_x); return XML_GetCurrentByteIndex(_x); } + inline int get_current_line_number() { + assert(_x); return XML_GetCurrentLineNumber(_x); } + inline int get_current_column_number() { + assert(_x); return XML_GetCurrentColumnNumber(_x); } + + inline void set_user_data() { + assert(_x); XML_SetUserData(_x,this); } + + inline bool set_base(const XML_Char *b) { + assert(_x); return XML_SetBase(_x,b); } + inline const XML_Char *get_base() { + assert(_x); return XML_GetBase(_x); } + + inline int get_specified_attribute_count() { + assert(_x); return XML_GetSpecifiedAttributeCount(_x); } + + inline bool set_param_entity_parsing(enum XML_ParamEntityParsing c) { + assert(_x); return XML_SetParamEntityParsing(_x,c); } + + inline static XML_Parser parser_create(const XML_Char *e=0) { + return XML_ParserCreate(e); } + inline static XML_Parser parser_create_ns(const XML_Char *e=0,XML_Char s='\t') { + return XML_ParserCreateNS(e,s); } + + }; + + } + +} + +#endif /* __OPKELE_EXPAT_H */ diff --git a/include/opkele/server.h b/include/opkele/server.h index dd7fc41..3c25646 100644 --- a/include/opkele/server.h +++ b/include/opkele/server.h @@ -1,98 +1,98 @@ #ifndef __OPKELE_SERVER_H #define __OPKELE_SERVER_H /** * @file * @brief OpenID server-side functionality */ #include <opkele/types.h> #include <opkele/extension.h> namespace opkele { /** * implementation of basic server functionality */ class server_t { public: virtual ~server_t() { } /** * allocate the new association. The function should be overridden * in the real implementation to provide persistent assocations * store. * @param mode the mode of request being processed to base the * statelessness of the association upon - * @return the auto_ptr<> for the newly allocated association_t object + * @return the assoc_t for the newly allocated association_t object */ virtual assoc_t alloc_assoc(mode_t mode) = 0; /** * retrieve the association. The function should be overridden in * the reqal implementation to provide persistent assocations * store. * @param h association handle - * @return the auto_ptr<> for the newly allocated association_t object + * @return the assoc_t for the newly allocated association_t object * @throw failed_lookup in case of failure */ virtual assoc_t retrieve_assoc(const string& h) = 0; /** * validate the identity. * @param assoc association object * @param pin incoming request parameters * @param identity being verified * @param trust_root presented in the request * @throw exception if identity can not be confirmed */ virtual void validate(const association_t& assoc,const params_t& pin,const string& identity,const string& trust_root) = 0; /** * process the associate request. * @param pin the incoming request parameters * @param pout the store for the response parameters */ void associate(const params_t& pin,params_t& pout); /** * process the checkid_immediate request. * @param pin the incoming request parameters * @param return_to reference to the object to store return_to url to * @param pout the response parameters * @param ext pointer to the extension hooks object * @throw exception in case of errors or negative reply */ virtual void checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); /** * process the checkid_setup request. * @param pin the incoming request parameters * @param return_to reference to the object to store return_to url to * @param pout the response parameters * @param ext pointer to the extension hooks object * @throw exception in case of errors or negative reply */ virtual void checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); /** * the actual functionality behind checkid_immediate() and * checkid_setup() * @param mode the request being processed (either * mode_checkid_immediate or mode_checkid_setup) * @param pin the incoming request parameters * @param return_to reference to the object to store return_to url to * @param pout the response parameters * @param ext pointer to the extension hooks object * @throw exception in case of errors or negative reply */ virtual void checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext=0); /** * process the check_authentication request. * @param pin incoming request parameters * @param pout response parameters */ void check_authentication(const params_t& pin,params_t& pout); }; } #endif /* __OPKELE_SERVER_H */ diff --git a/include/opkele/tidy.h b/include/opkele/tidy.h new file mode 100644 index 0000000..888e7d4 --- a/dev/null +++ b/include/opkele/tidy.h @@ -0,0 +1,73 @@ +#ifndef __OPKELE_TIDY_H +#define __OPKELE_TIDY_H + +#include <cassert> +#include <tidy.h> +#include <buffio.h> + +namespace opkele { + namespace util { + + class tidy_buf_t { + public: + TidyBuffer _x; + + tidy_buf_t() { tidyBufInit(&_x); } + virtual ~tidy_buf_t() throw() { + tidyBufFree(&_x); } + + inline operator const TidyBuffer&(void) const { return _x; } + inline operator TidyBuffer&(void) { return _x; } + + inline operator const char*(void) const { return (const char*)_x.bp; } + inline operator char*(void) { return (char*)_x.bp; } + + inline const char *c_str() const { + return (const char*)_x.bp; } + inline size_t size() const { + return _x.size; } + }; + + class tidy_doc_t { + public: + TidyDoc _x; + + tidy_doc_t() : _x(0) { } + tidy_doc_t(TidyDoc x) : _x(x) { } + virtual ~tidy_doc_t() throw() { + if(_x) tidyRelease(_x); } + + tidy_doc_t& operator=(TidyDoc x) { + if(_x) tidyRelease(_x); + _x = x; + return *this; + } + + operator const TidyDoc(void) const { return _x; } + operator TidyDoc(void) { return _x; } + + inline bool opt_set(TidyOptionId o,bool v) { + assert(_x); + return tidyOptSetBool(_x,o,v?yes:no); } + inline bool opt_set(TidyOptionId o,int v) { + assert(_x); + return tidyOptSetInt(_x,o,v); } + + inline int parse_string(const string& s) { + assert(_x); + return tidyParseString(_x,s.c_str()); } + inline int clean_and_repair() { + assert(_x); + return tidyCleanAndRepair(_x); } + inline int save_buffer(TidyBuffer& ob) { + assert(_x); + return tidySaveBuffer(_x,&ob); } + + static inline TidyDoc create() { + return tidyCreate(); } + }; + + } +} + +#endif /* __OPKELE_TIDY_H */ diff --git a/include/opkele/tr1-mem.h.in b/include/opkele/tr1-mem.h.in new file mode 100644 index 0000000..e9ccf0b --- a/dev/null +++ b/include/opkele/tr1-mem.h.in @@ -0,0 +1,10 @@ +#ifndef __OPKELE_TR1_MEM_H +#define __OPKELE_TR1_MEM_H + +#include <@OPKELE_TR1_MEM_HEADER@> + +namespace opkele { + namespace tr1mem = @OPKELE_TR1_MEM_NS@; +} + +#endif /* __OPKELE_TR1_MEM_H */ diff --git a/include/opkele/types.h b/include/opkele/types.h index f732a1e..de44a5c 100644 --- a/include/opkele/types.h +++ b/include/opkele/types.h @@ -1,172 +1,246 @@ #ifndef __OPKELE_TYPES_H #define __OPKELE_TYPES_H /** * @file * @brief various types declarations */ #include <ostream> #include <vector> #include <string> #include <map> -#include <memory> +#include <set> +#include <opkele/tr1-mem.h> namespace opkele { using std::vector; using std::string; using std::map; using std::ostream; - using std::auto_ptr; + using std::multimap; + using std::set; /** * the OpenID operation mode */ typedef enum _mode_t { mode_associate, mode_checkid_immediate, mode_checkid_setup, mode_check_association } mode_t; /** * the association secret container */ class secret_t : public vector<unsigned char> { public: /** * xor the secret and hmac together and encode, using base64 - * @param key_sha1 pointer to the sha1 digest + * @param key_d pointer to the message digest * @param rv reference to the return value */ - void enxor_to_base64(const unsigned char *key_sha1,string& rv) const; + void enxor_to_base64(const unsigned char *key_d,string& rv) const; /** - * decode base64-encoded secret and xor it with the sha1 digest - * @param key_sha1 pointer to the message digest + * decode base64-encoded secret and xor it with the message digest + * @param key_d pointer to the message digest * @param b64 base64-encoded secret value */ - void enxor_from_base64(const unsigned char *key_sha1,const string& b64); + void enxor_from_base64(const unsigned char *key_d,const string& b64); /** * plainly encode to base64 representation * @param rv reference to the return value */ void to_base64(string& rv) const; /** * decode cleartext secret from base64 * @param b64 base64-encoded representation of the secret value */ void from_base64(const string& b64); }; /** * Interface to the association. */ class association_t { public: virtual ~association_t() { } /** * retrieve the server with which association was established. * @return server name */ virtual string server() const = 0; /** * retrieve the association handle. * @return handle */ virtual string handle() const = 0; /** * retrieve the association type. * @return association type */ virtual string assoc_type() const = 0; /** * retrieve the association secret. * @return association secret */ virtual secret_t secret() const = 0; /** * retrieve the number of seconds the association expires in. * @return seconds till expiration */ virtual int expires_in() const = 0; /** * check whether the association is stateless. * @return true if stateless */ virtual bool stateless() const = 0; /** * check whether the association is expired. * @return true if expired */ virtual bool is_expired() const = 0; }; /** - * the auto_ptr<> for association_t object type + * the shared_ptr<> for association_t object type */ - typedef auto_ptr<association_t> assoc_t; + typedef tr1mem::shared_ptr<association_t> assoc_t; /** * request/response parameters map */ class params_t : public map<string,string> { public: /** * check whether the parameter is present. * @param n the parameter name * @return true if yes */ bool has_param(const string& n) const; /** * retrieve the parameter (const version) * @param n the parameter name * @return the parameter value * @throw failed_lookup if there is no such parameter */ const string& get_param(const string& n) const; /** * retrieve the parameter. * @param n the parameter name * @return the parameter value * @throw failed_lookup if there is no such parameter */ string& get_param(const string& n); /** * parse the OpenID key/value data. * @param kv the OpenID key/value data */ void parse_keyvalues(const string& kv); /** * sign the fields. * @param secret the secret used for signing * @param sig reference to the string, containing base64-encoded * result * @param slist the comma-separated list of fields to sign * @param prefix the string to prepend to parameter names */ void sign(secret_t secret,string& sig,const string& slist,const char *prefix=0) const; /** * append parameters to the URL as a GET-request parameters. * @param url the base URL * @param prefix the string to prepend to parameter names * @return the ready-to-use location */ string append_query(const string& url,const char *prefix = "openid.") const; + + /** + * make up a query string suitable for use in GET and POST + * requests. + * @param prefix string to prened to parameter names + * @return query string + */ + string query_string(const char *prefix = "openid.") const; }; /** * dump the key/value pairs for the parameters to the stream. * @param o output stream * @param p the parameters */ ostream& operator << (ostream& o,const params_t& p); + namespace xrd { + + struct priority_compare { + inline bool operator()(long a,long b) const { + return (a<0) ? false : (b<0) ? true : (a<b); + } + }; + + template <typename _DT> + class priority_map : public multimap<long,_DT,priority_compare> { + typedef multimap<long,_DT,priority_compare> map_type; + public: + + inline _DT& add(long priority,const _DT& d) { + return insert(typename map_type::value_type(priority,d))->second; + } + }; + + typedef priority_map<string> canonical_ids_t; + typedef priority_map<string> local_ids_t; + typedef set<string> types_t; + typedef priority_map<string> uris_t; + + class service_t { + public: + types_t types; + uris_t uris; + local_ids_t local_ids; + string provider_id; + + void clear() { + types.clear(); + uris.clear(); local_ids.clear(); + provider_id.clear(); + } + }; + typedef priority_map<service_t> services_t; + + class XRD_t { + public: + time_t expires; + + canonical_ids_t canonical_ids; + local_ids_t local_ids; + services_t services; + string provider_id; + + void clear() { + expires = 0; + canonical_ids.clear(); local_ids.clear(); + services.clear(); + provider_id.clear(); + } + bool empty() const { + return + canonical_ids.empty() + && local_ids.empty() + && services.empty(); + } + + }; + + } + } #endif /* __OPKELE_TYPES_H */ diff --git a/include/opkele/uris.h b/include/opkele/uris.h new file mode 100644 index 0000000..56c2d6d --- a/dev/null +++ b/include/opkele/uris.h @@ -0,0 +1,18 @@ +#ifndef __OPKELE_URIS_H +#define __OPKELE_URIS_H + +#define NSURI_XRDS "xri://$xrds" +#define NSURI_XRD "xri://$xrd*($v*2.0)" +#define NSURI_OPENID10 "http://openid.net/xmlns/1.0" + +#define OIURI_OPENID20 "http://specs.openid.net/auth/2.0" +#define OIURI_SREG11 "http://openid.net/extensions/sreg/1.1" + +#define STURI_OPENID10 "http://openid.net/signon/1.0" +#define STURI_OPENID11 "http://openid.net/signon/1.1" +#define STURI_OPENID20 "http://specs.openid.net/auth/2.0/signon" +#define STURI_OPENID20_OP "http://specs.openid.net/auth/2.0/server" + +#define IDURI_SELECT20 "http://specs.openid.net/auth/2.0/identifier_select" + +#endif /* __OPKELE_URIS_H */ diff --git a/lib/Makefile.am b/lib/Makefile.am index 0fe705a..989de28 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,28 +1,31 @@ lib_LTLIBRARIES = libopkele.la +AM_CPPFLAGS = ${CPPFLAGS_DEBUG} +DEFAULT_INCLUDES = -I${top_builddir} INCLUDES = \ -I${top_srcdir}/include/ \ ${KONFORKA_CFLAGS} \ ${OPENSSL_CFLAGS} \ ${LIBCURL_CPPFLAGS} \ - ${PCRE_CFLAGS} + ${PCRE_CFLAGS} ${EXPAT_CFLAGS} ${TIDY_CFLAGS} libopkele_la_LIBADD = \ ${LIBCURL} \ - ${PCRE_LIBS} \ + ${PCRE_LIBS} ${EXPAT_LIBS} \ ${OPENSSL_LIBS} \ - ${KONFORKA_LIBS} + ${KONFORKA_LIBS} ${TIDY_LIBS} libopkele_la_SOURCES = \ params.cc \ util.cc \ server.cc \ secret.cc \ data.cc \ consumer.cc \ exception.cc \ extension.cc \ sreg.cc \ extension_chain.cc \ - curl.cc + curl.cc expat.cc \ + discovery.cc libopkele_la_LDFLAGS = \ -version-info 2:0:0 diff --git a/lib/consumer.cc b/lib/consumer.cc index 9f7530f..3c3b4f8 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc @@ -1,134 +1,116 @@ #include <algorithm> #include <cassert> #include <cstring> #include <opkele/util.h> #include <opkele/curl.h> #include <opkele/exception.h> #include <opkele/data.h> #include <opkele/consumer.h> #include <openssl/sha.h> #include <openssl/hmac.h> #include <iostream> #include "config.h" #include <pcre.h> namespace opkele { using namespace std; using util::curl_t; - - template<int lim> - class curl_fetch_string_t : public curl_t { - public: - curl_fetch_string_t(CURL *c) - : curl_t(c) { } - ~curl_fetch_string_t() throw() { } - - string response; - - size_t write(void *p,size_t size,size_t nmemb) { - size_t bytes = size*nmemb; - size_t get = min(lim-response.length(),bytes); - response.append((const char *)p,get); - return get; - } - }; - - typedef curl_fetch_string_t<16384> curl_pick_t; + using util::curl_pick_t; class pcre_matches_t { public: int *_ov; int _s; pcre_matches_t() : _ov(0), _s(0) { } pcre_matches_t(int s) : _ov(0), _s(s) { if(_s&1) ++_s; _s += _s>>1; _ov = new int[_s]; } ~pcre_matches_t() throw() { if(_ov) delete[] _ov; } int begin(int i) const { return _ov[i<<1]; } int end(int i) const { return _ov[(i<<1)+1]; } int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; } }; class pcre_t { public: pcre *_p; pcre_t() : _p(0) { } pcre_t(pcre *p) : _p(p) { } pcre_t(const char *re,int opts) : _p(0) { static const char *errptr; static int erroffset; _p = pcre_compile(re,opts,&errptr,&erroffset,NULL); if(!_p) throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr); } ~pcre_t() throw() { if(_p) (*pcre_free)(_p); } pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; } operator const pcre*(void) const { return _p; } operator pcre*(void) { return _p; } int exec(const string& s,pcre_matches_t& m) { if(!_p) throw internal_error(OPKELE_CP_ "Trying to execute absent regexp"); return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s); } }; assoc_t consumer_t::associate(const string& server) { util::dh_t dh = DH_new(); if(!dh) throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); dh->p = util::dec_to_bignum(data::_default_p); dh->g = util::dec_to_bignum(data::_default_g); if(!DH_generate_key(dh)) throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); string request = "openid.mode=associate" "&openid.assoc_type=HMAC-SHA1" "&openid.session_type=DH-SHA1" "&openid.dh_consumer_public="; request += util::url_encode(util::bignum_to_base64(dh->pub_key)); curl_pick_t curl = curl_pick_t::easy_init(); if(!curl) throw exception_curl(OPKELE_CP_ "failed to initialize curl"); CURLcode r; (r=curl.misc_sets()) || (r=curl.easy_setopt(CURLOPT_URL,server.c_str())) || (r=curl.easy_setopt(CURLOPT_POST,1)) || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data())) || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length())) || (r=curl.set_write()) ; if(r) throw exception_curl(OPKELE_CP_ "failed to set curly options",r); if( (r=curl.easy_perform()) ) throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); params_t p; p.parse_keyvalues(curl.response); if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") throw bad_input(OPKELE_CP_ "unsupported assoc_type"); string st; if(p.has_param("session_type")) st = p.get_param("session_type"); if((!st.empty()) && st!="DH-SHA1") throw bad_input(OPKELE_CP_ "unsupported session_type"); secret_t secret; if(st.empty()) { secret.from_base64(p.get_param("mac_key")); }else{ util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); vector<unsigned char> ck(DH_size(dh)+1); unsigned char *ckptr = &(ck.front())+1; int cklen = DH_compute_key(ckptr,s_pub,dh); if(cklen<0) throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); if(cklen && (*ckptr)&0x80) { (*(--ckptr)) = 0; ++cklen; } unsigned char key_sha1[SHA_DIGEST_LENGTH]; SHA1(ckptr,cklen,key_sha1); diff --git a/lib/discovery.cc b/lib/discovery.cc new file mode 100644 index 0000000..d868308 --- a/dev/null +++ b/lib/discovery.cc @@ -0,0 +1,446 @@ +#include <list> +#include <opkele/curl.h> +#include <opkele/expat.h> +#include <opkele/uris.h> +#include <opkele/discovery.h> +#include <opkele/exception.h> +#include <opkele/util.h> +#include <opkele/tidy.h> +#include <opkele/debug.h> + +#include "config.h" + +#define XRDS_HEADER "X-XRDS-Location" +#define CT_HEADER "Content-Type" + +namespace opkele { + using std::list; + using xrd::XRD_t; + using xrd::service_t; + + static const char *whitespace = " \t\r\n"; + static const char *i_leaders = "=@+$!("; + static const size_t max_html = 16384; + + static inline bool is_qelement(const XML_Char *n,const char *qen) { + return !strcasecmp(n,qen); + } + static inline bool is_element(const XML_Char *n,const char *en) { + if(!strcasecmp(n,en)) return true; + int nl = strlen(n), enl = strlen(en); + if( (nl>=(enl+1)) && n[nl-enl-1]=='\t' + && !strcasecmp(&n[nl-enl],en) ) + return true; + return false; + } + + static long element_priority(const XML_Char **a) { + for(;*a;++a) + if(!strcasecmp(*(a++),"priority")) { + long rv; + return (sscanf(*a,"%ld",&rv)==1)?rv:-1; + } + return -1; + } + + class idigger_t : public util::curl_t, public util::expat_t { + public: + string xri_proxy; + + enum { + xmode_html = 1, xmode_xrd = 2 + }; + int xmode; + + string xrds_location; + string http_content_type; + service_t html_openid1; + service_t html_openid2; + string cdata_buf; + long status_code; + string status_string; + + typedef list<string> pt_stack_t; + pt_stack_t pt_stack; + int skipping; + bool parser_choked; + string save_html; + + XRD_t *xrd; + service_t *xrd_service; + string* cdata; + + idigger_t() + : util::curl_t(easy_init()), + util::expat_t(0), + xri_proxy(XRI_PROXY_URL) { + CURLcode r; + (r=misc_sets()) + || (r=set_write()) + || (r=set_header()) + ; + if(r) + throw exception_curl(OPKELE_CP_ "failed to set curly options",r); + } + ~idigger_t() throw() { } + + void discover(idiscovery_t& result,const string& identity) { + result.clear(); + string::size_type fsc = identity.find_first_not_of(whitespace); + if(fsc==string::npos) + throw bad_input(OPKELE_CP_ "whtiespace-only identity"); + string::size_type lsc = identity.find_last_not_of(whitespace); + assert(lsc!=string::npos); + if(!strncasecmp(identity.c_str()+fsc,"xri://",sizeof("xri://")-1)) + fsc += sizeof("xri://")-1; + if((fsc+1)>=lsc) + throw bad_input(OPKELE_CP_ "not a character of importance in identity"); + string id(identity,fsc,lsc-fsc+1); + if(strchr(i_leaders,id[0])) { + result.normalized_id = id; + result.xri_identity = true; + /* TODO: further canonicalize xri identity? Like folding case or whatever... */ + discover_at( + result, + xri_proxy + util::url_encode(id)+ + "?_xrd_r=application/xrd+xml;sep=false", xmode_xrd); + if(status_code!=100) + throw failed_xri_resolution(OPKELE_CP_ + "XRI resolution failed with '"+status_string+"' message",status_code); + if(result.xrd.canonical_ids.empty()) + throw opkele::failed_discovery(OPKELE_CP_ "No CanonicalID for XRI identity found"); + result.canonicalized_id = result.xrd.canonical_ids.begin()->second; + }else{ + result.xri_identity = false; + if(id.find("://")==string::npos) + id.insert(0,"http://"); + string::size_type fp = id.find('#'); + if(fp!=string::npos) { + string::size_type qp = id.find('?'); + if(qp==string::npos || qp<fp) + id.erase(fp); + else if(qp>fp) + id.erase(fp,qp-fp); + } + result.normalized_id = util::rfc_3986_normalize_uri(id); + discover_at(result,id,xmode_html|xmode_xrd); + const char * eu = 0; + CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu); + if(r) + throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r); + result.canonicalized_id = util::rfc_3986_normalize_uri(eu); /* XXX: strip fragment part? */ + if(xrds_location.empty()) { + html2xrd(result.xrd); + }else{ + discover_at(result,xrds_location,xmode_xrd); + if(result.xrd.empty()) + html2xrd(result.xrd); + } + } + } + + void discover_at(idiscovery_t& result,const string& url,int xm) { + CURLcode r = easy_setopt(CURLOPT_URL,url.c_str()); + if(r) + throw exception_curl(OPKELE_CP_ "failed to set culry urlie",r); + + http_content_type.clear(); + xmode = xm; + prepare_to_parse(); + if(xmode&xmode_html) { + xrds_location.clear(); + save_html.clear(); + save_html.reserve(max_html); + } + xrd = &result.xrd; + + r = easy_perform(); + if(r && r!=CURLE_WRITE_ERROR) + throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); + + if(!parser_choked) { + parse(0,0,true); + }else{ + /* TODO: do not bother if we've seen xml */ + try { + util::tidy_doc_t td = util::tidy_doc_t::create(); + if(!td) + throw exception_tidy(OPKELE_CP_ "failed to create htmltidy document"); +#ifndef NDEBUG + td.opt_set(TidyQuiet,false); + td.opt_set(TidyShowWarnings,false); +#endif /* NDEBUG */ + td.opt_set(TidyForceOutput,true); + td.opt_set(TidyXhtmlOut,true); + td.opt_set(TidyDoctypeMode,TidyDoctypeOmit); + td.opt_set(TidyMark,false); + if(td.parse_string(save_html)<=0) + throw exception_tidy(OPKELE_CP_ "tidy failed to parse document"); + if(td.clean_and_repair()<=0) + throw exception_tidy(OPKELE_CP_ "tidy failed to clean and repair"); + util::tidy_buf_t tide; + if(td.save_buffer(tide)<=0) + throw exception_tidy(OPKELE_CP_ "tidy failed to save buffer"); + prepare_to_parse(); + parse(tide.c_str(),tide.size(),true); + }catch(exception_tidy& et) { } + } + save_html.clear(); + } + + void prepare_to_parse() { + (*(expat_t*)this) = parser_create_ns(); + set_user_data(); set_element_handler(); + set_character_data_handler(); + + if(xmode&xmode_html) { + html_openid1.clear(); html_openid2.clear(); + parser_choked = false; + } + + cdata = 0; xrd_service = 0; skipping = 0; + status_code = 100; status_string.clear(); + } + + void html2xrd(XRD_t& x) { + if(!html_openid1.uris.empty()) { + html_openid1.types.insert(STURI_OPENID11); + x.services.add(-1,html_openid1); + } + if(!html_openid2.uris.empty()) { + html_openid2.types.insert(STURI_OPENID20); + x.services.add(-1,html_openid2); + } + } + + size_t write(void *p,size_t s,size_t nm) { + /* TODO: limit total size */ + size_t bytes = s*nm; + const char *inbuf = (const char*)p; + if(xmode&xmode_html) { + size_t mbts = save_html.capacity()-save_html.size(); + size_t bts = 0; + if(mbts>0) { + bts = (bytes>mbts)?mbts:bytes; + save_html.append(inbuf,bts); + } + if(skipping<0) return bts; + } + if(skipping<0) return 0; + bool rp = parse(inbuf,bytes,false); + if(!rp) { + parser_choked = true; + skipping = -1; + if(!(xmode&xmode_html)) + bytes = 0; + } + return bytes; + } + size_t header(void *p,size_t s,size_t nm) { + size_t bytes = s*nm; + const char *h = (const char*)p; + const char *colon = (const char*)memchr(p,':',bytes); + const char *space = (const char*)memchr(p,' ',bytes); + if(space && ( (!colon) || space<colon ) ) { + xrds_location.clear(); http_content_type.clear(); + }else if(colon) { + const char *hv = ++colon; + int hnl = colon-h; + int rb; + for(rb = bytes-hnl-1;rb>0 && isspace(*hv);++hv,--rb); + while(rb>0 && isspace(hv[rb-1])) --rb; + if(rb) { + if( (hnl>=sizeof(XRDS_HEADER)) + && !strncasecmp(h,XRDS_HEADER":", + sizeof(XRDS_HEADER)) ) { + xrds_location.assign(hv,rb); + }else if( (hnl>=sizeof(CT_HEADER)) + && !strncasecmp(h,CT_HEADER":", + sizeof(CT_HEADER)) ) { + const char *sc = (const char*)memchr( + hv,';',rb); + http_content_type.assign(hv,sc?(sc-hv):rb); + } + } + } + return curl_t::header(p,s,nm); + } + + void start_element(const XML_Char *n,const XML_Char **a) { + if(skipping<0) return; + if(skipping) { + if(xmode&xmode_html) + html_start_element(n,a); + ++skipping; return; + } + if(pt_stack.empty()) { + if(is_qelement(n,NSURI_XRDS "\tXRDS")) + return; + if(is_qelement(n,NSURI_XRD "\tXRD")) { + assert(xrd); + xrd->clear(); + pt_stack.push_back(n); + }else if(xmode&xmode_html) { + html_start_element(n,a); + }else{ + skipping = -1; + } + }else{ + int pt_s = pt_stack.size(); + if(pt_s==1) { + if(is_qelement(n,NSURI_XRD "\tCanonicalID")) { + assert(xrd); + cdata = &(xrd->canonical_ids.add(element_priority(a),string())); + }else if(is_qelement(n,NSURI_XRD "\tLocalID")) { + assert(xrd); + cdata = &(xrd->local_ids.add(element_priority(a),string())); + }else if(is_qelement(n,NSURI_XRD "\tProviderID")) { + assert(xrd); + cdata = &(xrd->provider_id); + }else if(is_qelement(n,NSURI_XRD "\tService")) { + assert(xrd); + xrd_service = &(xrd->services.add(element_priority(a), + service_t())); + pt_stack.push_back(n); + }else if(is_qelement(n,NSURI_XRD "\tStatus")) { + for(;*a;) { + if(!strcasecmp(*(a++),"code")) { + if(sscanf(*(a++),"%ld",&status_code)==1 && status_code!=100) { + cdata = &status_string; + pt_stack.push_back(n); + break; + } + } + } + }else if(is_qelement(n,NSURI_XRD "\tExpires")) { + assert(xrd); + cdata_buf.clear(); + cdata = &cdata_buf; + }else if(xmode&xmode_html) { + html_start_element(n,a); + }else{ + skipping = 1; + } + }else if(pt_s==2) { + if(is_qelement(pt_stack.back().c_str(), NSURI_XRD "\tService")) { + if(is_qelement(n,NSURI_XRD "\tType")) { + assert(xrd); assert(xrd_service); + cdata_buf.clear(); + cdata = &cdata_buf; + }else if(is_qelement(n,NSURI_XRD "\tURI")) { + assert(xrd); assert(xrd_service); + cdata = &(xrd_service->uris.add(element_priority(a),string())); + }else if(is_qelement(n,NSURI_XRD "\tLocalID") + || is_qelement(n,NSURI_OPENID10 "\tDelegate") ) { + assert(xrd); assert(xrd_service); + cdata = &(xrd_service->local_ids.add(element_priority(a),string())); + }else if(is_qelement(n,NSURI_XRD "\tProviderID")) { + assert(xrd); assert(xrd_service); + cdata = &(xrd_service->provider_id); + }else{ + skipping = 1; + } + }else + skipping = 1; + }else if(xmode&xmode_html) { + html_start_element(n,a); + }else{ + skipping = 1; + } + } + } + void end_element(const XML_Char *n) { + if(skipping<0) return; + if(skipping) { + --skipping; return; + } + if(is_qelement(n,NSURI_XRD "\tType")) { + assert(xrd); assert(xrd_service); assert(cdata==&cdata_buf); + xrd_service->types.insert(cdata_buf); + }else if(is_qelement(n,NSURI_XRD "\tService")) { + assert(xrd); assert(xrd_service); + assert(!pt_stack.empty()); + assert(pt_stack.back()==(NSURI_XRD "\tService")); + pt_stack.pop_back(); + xrd_service = 0; + }else if(is_qelement(n,NSURI_XRD "\tStatus")) { + assert(xrd); + if(is_qelement(pt_stack.back().c_str(),n)) { + assert(cdata==&status_string); + pt_stack.pop_back(); + if(status_code!=100) + skipping = -1; + } + }else if(is_qelement(n,NSURI_XRD "\tExpires")) { + assert(xrd); + xrd->expires = util::w3c_to_time(cdata_buf); + }else if((xmode&xmode_html) && is_element(n,"head")) { + skipping = -1; + } + cdata = 0; + } + void character_data(const XML_Char *s,int l) { + if(skipping) return; + if(cdata) cdata->append(s,l); + } + + void html_start_element(const XML_Char *n,const XML_Char **a) { + if(is_element(n,"meta")) { + bool heq = false; + string l; + for(;*a;a+=2) { + if(!( strcasecmp(a[0],"http-equiv") + || strcasecmp(a[1],XRDS_HEADER) )) + heq = true; + else if(!strcasecmp(a[0],"content")) + l.assign(a[1]); + } + if(heq) + xrds_location = l; + }else if(is_element(n,"link")) { + string rels; + string href; + for(;*a;a+=2) { + if( !strcasecmp(a[0],"rel") ) { + rels.assign(a[1]); + }else if( !strcasecmp(a[0],"href") ) { + const char *ns = a[1]; + for(;*ns && isspace(*ns);++ns); + href.assign(ns); + string::size_type lns=href.find_last_not_of(whitespace); + href.erase(lns+1); + } + } + for(string::size_type ns=rels.find_first_not_of(whitespace); + ns!=string::npos; ns=rels.find_first_not_of(whitespace,ns)) { + string::size_type s = rels.find_first_of(whitespace,ns); + string rel; + if(s==string::npos) { + rel.assign(rels,ns,string::npos); + ns = string::npos; + }else{ + rel.assign(rels,ns,s-ns); + ns = s; + } + if(rel=="openid.server") + html_openid1.uris.add(-1,href); + else if(rel=="openid.delegate") + html_openid1.local_ids.add(-1,href); + else if(rel=="openid2.provider") + html_openid2.uris.add(-1,href); + else if(rel=="openid2.local_id") + html_openid2.local_ids.add(-1,href); + } + }else if(is_element(n,"body")) { + skipping = -1; + } + } + + }; + + void idiscover(idiscovery_t& result,const string& identity) { + idigger_t idigger; + idigger.discover(result,identity); + } + +} diff --git a/lib/exception.cc b/lib/exception.cc index 510982e..e32594b 100644 --- a/lib/exception.cc +++ b/lib/exception.cc @@ -1,29 +1,51 @@ #include <openssl/err.h> #include <curl/curl.h> #include <opkele/exception.h> +#include <opkele/debug.h> namespace opkele { # ifndef OPKELE_HAVE_KONFORKA + exception::exception(const string& w) + : _what(w) + { + DOUT_("throwing exception(\""<<w<<"\")"); + } + exception::~exception() throw() { } const char *exception::what() const throw() { return _what.c_str(); } + +# else + exception::exception(const string& fi,const string& fu,int l,const string& w) + : konforka::exception(fi,fu,l,w) + { + DOUT_("throwing exception(\""<<w<<"\")"); + DOUT_(" from "<<fi<<':'<<fu<<':'<<l); + } + # endif exception_openssl::exception_openssl(OPKELE_E_PARS) : exception(OPKELE_E_CONS_ w+" ["+ERR_error_string(ERR_peek_last_error(),0)+']'), _error(ERR_peek_last_error()), _ssl_string(ERR_error_string(_error,0)) { } exception_curl::exception_curl(OPKELE_E_PARS) : exception_network(OPKELE_E_CONS), _error(CURLE_OK) { } exception_curl::exception_curl(OPKELE_E_PARS,CURLcode e) : exception_network(OPKELE_E_CONS_ w+" ["+curl_easy_strerror(e)+']'), _error(e), _curl_string(curl_easy_strerror(e)) { } + exception_tidy::exception_tidy(OPKELE_E_PARS) + : exception(OPKELE_E_CONS), _rc(0) { } + exception_tidy::exception_tidy(OPKELE_E_PARS,int r) + : exception(OPKELE_E_CONS), + _rc(r) { } + } diff --git a/lib/expat.cc b/lib/expat.cc new file mode 100644 index 0000000..fa6fdde --- a/dev/null +++ b/lib/expat.cc @@ -0,0 +1,96 @@ +#include <opkele/expat.h> + +namespace opkele { + + namespace util { + + expat_t::~expat_t() throw() { + if(_x) + XML_ParserFree(_x); + } + + expat_t& expat_t::operator=(XML_Parser x) { + if(_x) + XML_ParserFree(_x); + _x = x; + } + + static void _start_element(void* ud,const XML_Char *n,const XML_Char **a) { + ((expat_t*)ud)->start_element(n,a); + } + static void _end_element(void *ud,const XML_Char *n) { + ((expat_t*)ud)->end_element(n); + } + + void expat_t::set_element_handler() { + assert(_x); + XML_SetElementHandler(_x,_start_element,_end_element); + } + + static void _character_data(void *ud,const XML_Char *s,int l) { + ((expat_t*)ud)->character_data(s,l); + } + + void expat_t::set_character_data_handler() { + assert(_x); + XML_SetCharacterDataHandler(_x,_character_data); + } + + static void _processing_instruction(void *ud,const XML_Char *t,const XML_Char *d) { + ((expat_t*)ud)->processing_instruction(t,d); + } + + void expat_t::set_processing_instruction_handler() { + assert(_x); + XML_SetProcessingInstructionHandler(_x,_processing_instruction); + } + + static void _comment(void *ud,const XML_Char *d) { + ((expat_t*)ud)->comment(d); + } + + void expat_t::set_comment_handler() { + assert(_x); + XML_SetCommentHandler(_x,_comment); + } + + static void _start_cdata_section(void *ud) { + ((expat_t*)ud)->start_cdata_section(); + } + static void _end_cdata_section(void *ud) { + ((expat_t*)ud)->end_cdata_section(); + } + + void expat_t::set_cdata_section_handler() { + assert(_x); + XML_SetCdataSectionHandler(_x,_start_cdata_section,_end_cdata_section); + } + + static void _default_handler(void *ud,const XML_Char *s,int l) { + ((expat_t*)ud)->default_handler(s,l); + } + + void expat_t::set_default_handler() { + assert(_x); + XML_SetDefaultHandler(_x,_default_handler); + } + void expat_t::set_default_handler_expand() { + assert(_x); + XML_SetDefaultHandlerExpand(_x,_default_handler); + } + + static void _start_namespace_decl(void *ud,const XML_Char *p,const XML_Char *u) { + ((expat_t*)ud)->start_namespace_decl(p,u); + } + static void _end_namespace_decl(void *ud,const XML_Char *p) { + ((expat_t*)ud)->end_namespace_decl(p); + } + + void expat_t::set_namespace_decl_handler() { + assert(_x); + XML_SetNamespaceDeclHandler(_x,_start_namespace_decl,_end_namespace_decl); + } + + } + +} diff --git a/lib/params.cc b/lib/params.cc index ea86d3a..7a572c1 100644 --- a/lib/params.cc +++ b/lib/params.cc @@ -6,103 +6,116 @@ #include "config.h" namespace opkele { using namespace std; bool params_t::has_param(const string& n) const { return find(n)!=end(); } const string& params_t::get_param(const string& n) const { const_iterator i = find(n); if(i==end()) throw failed_lookup(OPKELE_CP_ n+": no such parameter"); return i->second; } string& params_t::get_param(const string& n) { iterator i = find(n); if(i==end()) throw failed_lookup(OPKELE_CP_ n+": no such parameter"); return i->second; } void params_t::parse_keyvalues(const string& kv) { clear(); string::size_type p = 0; while(true) { string::size_type co = kv.find(':',p); if(co==string::npos) break; #ifndef POSTELS_LAW string::size_type nl = kv.find('\n',co+1); if(nl==string::npos) throw bad_input(OPKELE_CP_ "malformed input"); if(nl>co) insert(value_type(kv.substr(p,co-p),kv.substr(co+1,nl-co-1))); p = nl+1; #else /* POSTELS_LAW */ string::size_type lb = kv.find_first_of("\r\n",co+1); if(lb==string::npos) { insert(value_type(kv.substr(p,co-p),kv.substr(co+1))); break; } if(lb>co) insert(value_type(kv.substr(p,co-p),kv.substr(co+1,lb-co-1))); string::size_type nolb = kv.find_first_not_of("\r\n",lb); if(nolb==string::npos) break; p = nolb; #endif /* POSTELS_LAW */ } } void params_t::sign(secret_t secret,string& sig,const string& slist,const char *prefix) const { string kv; string::size_type p = 0; while(true) { string::size_type co = slist.find(',',p); string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); kv += f; kv += ':'; if(prefix) f.insert(0,prefix); kv += get_param(f); kv += '\n'; if(co==string::npos) break; p = co+1; } unsigned int md_len = 0; unsigned char *md = HMAC( EVP_sha1(), &(secret.front()),secret.size(), (const unsigned char *)kv.data(),kv.length(), 0,&md_len); sig = util::encode_base64(md,md_len); } string params_t::append_query(const string& url,const char *prefix) const { string rv = url; bool p = true; if(rv.find('?')==string::npos) { rv += '?'; p = false; } for(const_iterator i=begin();i!=end();++i) { if(p) rv += '&'; else p = true; rv += prefix; rv += i->first; rv += '='; rv += util::url_encode(i->second); } return rv; } + string params_t::query_string(const char *prefix) const { + string rv; + for(const_iterator i=begin();i!=end();++i) { + if(!rv.empty()) + rv += '&'; + rv += prefix; + rv += i->first; + rv += '='; + rv += util::url_encode(i->second); + } + return rv; + } + ostream& operator << (ostream& o,const params_t& p) { for(params_t::const_iterator i=p.begin();i!=p.end();++i) o << i->first << ':' << i->second << '\n'; return o; } } diff --git a/lib/secret.cc b/lib/secret.cc index 632a2ca..d538890 100644 --- a/lib/secret.cc +++ b/lib/secret.cc @@ -1,49 +1,45 @@ #include <algorithm> #include <functional> #include <opkele/types.h> #include <opkele/exception.h> #include <opkele/util.h> namespace opkele { using namespace std; template<class __a1,class __a2,class __r> struct bitwise_xor : public binary_function<__a1,__a2,__r> { __r operator() (const __a1& a1,const __a2& a2) const { return a1^a2; } }; - void secret_t::enxor_to_base64(const unsigned char *key_sha1,string& rv) const { - if(size()!=20) - throw bad_input(OPKELE_CP_ "wrong secret size"); + void secret_t::enxor_to_base64(const unsigned char *key_d,string& rv) const { vector<unsigned char> tmp; transform( begin(), end(), - key_sha1, + key_d, back_insert_iterator<vector<unsigned char> >(tmp), bitwise_xor<unsigned char,unsigned char,unsigned char>() ); rv = util::encode_base64(&(tmp.front()),tmp.size()); } - void secret_t::enxor_from_base64(const unsigned char *key_sha1,const string& b64) { + void secret_t::enxor_from_base64(const unsigned char *key_d,const string& b64) { clear(); util::decode_base64(b64,*this); transform( begin(), end(), - key_sha1, + key_d, begin(), bitwise_xor<unsigned char,unsigned char,unsigned char>() ); } void secret_t::to_base64(string& rv) const { - if(size()!=20) - throw bad_input(OPKELE_CP_ "wrong secret size"); rv = util::encode_base64(&(front()),size()); } void secret_t::from_base64(const string& b64) { util::decode_base64(b64,*this); } } diff --git a/lib/sreg.cc b/lib/sreg.cc index 60dc691..03edf57 100644 --- a/lib/sreg.cc +++ b/lib/sreg.cc @@ -1,124 +1,126 @@ #include <opkele/exception.h> #include <opkele/sreg.h> +#include <opkele/uris.h> #include <algorithm> namespace opkele { using std::find; static const struct _sreg_field { const char *fieldname; sreg_t::fieldbit_t fieldbit; } fields[] = { { "nickname", sreg_t::field_nickname }, { "email", sreg_t::field_email }, { "fullname", sreg_t::field_fullname }, { "dob", sreg_t::field_dob }, { "gender", sreg_t::field_gender }, { "postcode", sreg_t::field_postcode }, { "country", sreg_t::field_country }, { "language", sreg_t::field_language }, { "timezone", sreg_t::field_timezone } }; # define fields_BEGIN fields # define fields_END &fields[sizeof(fields)/sizeof(*fields)] typedef const struct _sreg_field *fields_iterator; bool operator==(const struct _sreg_field& fd,const string& fn) { return fd.fieldname==fn; } void sreg_t::checkid_hook(params_t& p,const string& /* identity */) { string fr, fo; for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { if(f->fieldbit&fields_required) { if(!fr.empty()) fr+=","; fr += f->fieldname; } if(f->fieldbit&fields_optional) { if(!fo.empty()) fo+=","; fo += f->fieldname; } } + p["ns.sreg"] = OIURI_SREG11; if(!fr.empty()) p["sreg.required"]=fr; if(!fo.empty()) p["sreg.optional"]=fo; if(!policy_url.empty()) p["sreg.policy_url"]=policy_url; } void sreg_t::id_res_hook(const params_t& /* p */,const params_t& sp,const string& /* identity */) { clear(); for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { string fn = "sreg."; fn+=f->fieldname; if(!sp.has_param(fn)) continue; has_fields |= f->fieldbit; response[f->fieldbit]=sp.get_param(fn); } } const string& sreg_t::get_field(fieldbit_t fb) const { response_t::const_iterator i = response.find(fb); if(i==response.end()) throw failed_lookup(OPKELE_CP_ "no field data available"); return i->second; } void sreg_t::set_field(fieldbit_t fb,const string& fv) { response[fb] = fv; has_fields |= fb; } void sreg_t::reset_field(fieldbit_t fb) { has_fields &= ~fb; response.erase(fb); } void sreg_t::clear() { has_fields = 0; response.clear(); } static long fields_list_to_bitmask(string& fl) { long rv = 0; while(!fl.empty()) { string::size_type co = fl.find(','); string fn; if(co==string::npos) { fn = fl; fl.erase(); }else{ fn = fl.substr(0,co); fl.erase(0,co+1); } fields_iterator f = find(fields_BEGIN,fields_END,fn); if(f!=fields_END) rv |= f->fieldbit; } return rv; } void sreg_t::checkid_hook(const params_t& pin,params_t& pout) { fields_optional = 0; fields_required = 0; policy_url.erase(); fields_response = 0; try { string fl = pin.get_param("openid.sreg.required"); fields_required = fields_list_to_bitmask(fl); }catch(failed_lookup&) { } try { string fl = pin.get_param("openid.sreg.optional"); fields_optional = fields_list_to_bitmask(fl); }catch(failed_lookup&) { } try { policy_url = pin.get_param("openid.sreg.policy_url"); }catch(failed_lookup&) { } setup_response(pin,pout); fields_response &= has_fields; for(fields_iterator f=fields_BEGIN;f<fields_END;++f) { if(!(f->fieldbit&fields_response)) continue; if(!pout["signed"].empty()) pout["signed"] +=','; string pn = "sreg."; pn += f->fieldname; pout["signed"] += pn; pout[pn] = get_field(f->fieldbit); } } void sreg_t::setup_response(const params_t& /* pin */,params_t& /* pout */) { fields_response = (fields_required|fields_optional)&has_fields; } } diff --git a/lib/util.cc b/lib/util.cc index 416e2cc..a9b9bed 100644 --- a/lib/util.cc +++ b/lib/util.cc @@ -21,275 +21,296 @@ namespace opkele { */ string encode_base64(const void *data,size_t length) { BIO *b64 = 0, *bmem = 0; try { b64 = BIO_new(BIO_f_base64()); if(!b64) throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new(BIO_s_mem()); BIO_set_flags(b64,BIO_CLOSE); if(!bmem) throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); BIO_push(b64,bmem); if(((size_t)BIO_write(b64,data,length))!=length) throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); if(BIO_flush(b64)!=1) throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); char *rvd; long rvl = BIO_get_mem_data(bmem,&rvd); string rv(rvd,rvl); BIO_free_all(b64); return rv; }catch(...) { if(b64) BIO_free_all(b64); throw; } } void decode_base64(const string& data,vector<unsigned char>& rv) { BIO *b64 = 0, *bmem = 0; rv.clear(); try { bmem = BIO_new_mem_buf((void*)data.data(),data.size()); if(!bmem) throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()"); b64 = BIO_new(BIO_f_base64()); if(!b64) throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder"); BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); BIO_push(b64,bmem); unsigned char tmp[512]; size_t rb = 0; while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0) rv.insert(rv.end(),tmp,&tmp[rb]); BIO_free_all(b64); }catch(...) { if(b64) BIO_free_all(b64); throw; } } /* * big numerics */ BIGNUM *base64_to_bignum(const string& b64) { vector<unsigned char> bin; decode_base64(b64,bin); BIGNUM *rv = BN_bin2bn(&(bin.front()),bin.size(),0); if(!rv) throw failed_conversion(OPKELE_CP_ "failed to BN_bin2bn()"); return rv; } BIGNUM *dec_to_bignum(const string& dec) { BIGNUM *rv = 0; if(!BN_dec2bn(&rv,dec.c_str())) throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()"); return rv; } string bignum_to_base64(const BIGNUM *bn) { vector<unsigned char> bin(BN_num_bytes(bn)+1); unsigned char *binptr = &(bin.front())+1; int l = BN_bn2bin(bn,binptr); if(l && (*binptr)&0x80){ (*(--binptr)) = 0; ++l; } return encode_base64(binptr,l); } /* * w3c times */ string time_to_w3c(time_t t) { struct tm tm_t; if(!gmtime_r(&t,&tm_t)) throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()"); char rv[25]; if(!strftime(rv,sizeof(rv)-1,"%Y-%m-%dT%H:%M:%SZ",&tm_t)) throw failed_conversion(OPKELE_CP_ "failed to strftime()"); return rv; } time_t w3c_to_time(const string& w) { + int fraction; struct tm tm_t; memset(&tm_t,0,sizeof(tm_t)); - if( + if( ( + sscanf( + w.c_str(), + "%04d-%02d-%02dT%02d:%02d:%02dZ", + &tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday, + &tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec + ) != 6 + ) && ( sscanf( w.c_str(), - "%04d-%02d-%02dT%02d:%02d:%02dZ", + "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", &tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday, - &tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec - ) != 6 ) + &tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec, + &fraction + ) != 7 + ) ) throw failed_conversion(OPKELE_CP_ "failed to sscanf()"); tm_t.tm_mon--; tm_t.tm_year-=1900; time_t rv = mktime(&tm_t); if(rv==(time_t)-1) throw failed_conversion(OPKELE_CP_ "failed to mktime()"); - return rv; + return rv-timezone; } /* * */ string url_encode(const string& str) { char * t = curl_escape(str.c_str(),str.length()); if(!t) throw failed_conversion(OPKELE_CP_ "failed to curl_escape()"); string rv(t); curl_free(t); return rv; } string long_to_string(long l) { char rv[32]; int r=snprintf(rv,sizeof(rv),"%ld",l); if(r<0 || r>=(int)sizeof(rv)) throw failed_conversion(OPKELE_CP_ "failed to snprintf()"); return rv; } long string_to_long(const string& s) { char *endptr = 0; long rv = strtol(s.c_str(),&endptr,10); if((!endptr) || endptr==s.c_str()) throw failed_conversion(OPKELE_CP_ "failed to strtol()"); return rv; } /* * Normalize URL according to the rules, described in rfc 3986, section 6 * - * - uppercase hext triplets (e.g. %ab -> %AB) + * - uppercase hex triplets (e.g. %ab -> %AB) * - lowercase scheme and host * - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3, * that is - [:alpha:][:digit:]._~- * - remove dot segments * - remove empty and default ports * - if there's no path component, add '/' */ string rfc_3986_normalize_uri(const string& uri) { + static const char *whitespace = " \t\r\n"; string rv; - string::size_type colon = uri.find(':'); + string::size_type ns = uri.find_first_not_of(whitespace); + if(ns==string::npos) + throw bad_input(OPKELE_CP_ "Can't normalize empty URI"); + string::size_type colon = uri.find(':',ns); if(colon==string::npos) throw bad_input(OPKELE_CP_ "No scheme specified in URI"); transform( - uri.begin(), uri.begin()+colon+1, + uri.begin()+ns, uri.begin()+colon+1, back_inserter(rv), ::tolower ); bool s; - if(rv=="http:") - s = false; - else if(rv=="https:") - s = true; - else - throw not_implemented(OPKELE_CP_ "Only http(s) URIs can be normalized here"); - string::size_type ul = uri.length(); + string::size_type ul = uri.find_last_not_of(whitespace)+1; if(ul <= (colon+3)) throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); if(uri[colon+1]!='/' || uri[colon+2]!='/') throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); + if(rv=="http:") + s = false; + else if(rv=="https:") + s = true; + else{ + /* TODO: support more schemes. + * e.g. xri. How do we normalize + * xri? + */ + rv.append(uri,colon+1,ul-colon-1); + return rv; + } rv += "//"; string::size_type interesting = uri.find_first_of(":/#?",colon+3); if(interesting==string::npos) { transform( - uri.begin()+colon+3,uri.end(), + uri.begin()+colon+3,uri.begin()+ul, back_inserter(rv), ::tolower ); rv += '/'; return rv; } transform( uri.begin()+colon+3,uri.begin()+interesting, back_inserter(rv), ::tolower ); bool qf = false; char ic = uri[interesting]; if(ic==':') { string::size_type ni = uri.find_first_of("/#?%",interesting+1); const char *nptr = uri.data()+interesting+1; char *eptr = 0; long port = strtol(nptr,&eptr,10); if( (port>0) && (port<65535) && port!=(s?443:80) ) { char tmp[8]; snprintf(tmp,sizeof(tmp),":%ld",port); rv += tmp; } if(ni==string::npos) { rv += '/'; return rv; } interesting = ni; }else if(ic!='/') { rv += '/'; rv += ic; qf = true; ++interesting; } string::size_type n = interesting; char tmp[3] = { 0,0,0 }; stack<string::size_type> psegs; psegs.push(rv.length()); string pseg; for(;n<ul;) { string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n); if(unsafe==string::npos) { pseg.append(uri,n,ul-n-1); n = ul-1; }else{ pseg.append(uri,n,unsafe-n); n = unsafe; } char c = uri[n++]; if(c=='%') { if((n+1)>=ul) throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character"); tmp[0] = uri[n++]; tmp[1] = uri[n++]; if(!( isxdigit(tmp[0]) && isxdigit(tmp[1]) )) throw bad_input(OPKELE_CP_ "Invalid percent-encoded character in URI being normalized"); int cc = strtol(tmp,0,16); if( isalpha(cc) || isdigit(cc) || strchr("._~-",cc) ) pseg += cc; else{ pseg += '%'; pseg += toupper(tmp[0]); pseg += toupper(tmp[1]); } }else if(qf) { rv += pseg; rv += c; pseg.clear(); }else if(n>=ul || strchr("?/#",c)) { if(pseg.empty() || pseg==".") { }else if(pseg=="..") { if(psegs.size()>1) { rv.resize(psegs.top()); psegs.pop(); } }else{ psegs.push(rv.length()); if(c!='/') { pseg += c; qf = true; } rv += '/'; rv += pseg; } if(c=='/' && (n>=ul || strchr("?#",uri[n])) ) { rv += '/'; if(n<ul) qf = true; }else if(strchr("?#",c)) { if(psegs.size()==1 && psegs.top()==rv.length()) rv += '/'; if(pseg.empty()) rv += c; qf = true; } pseg.clear(); }else{ pseg += c; } } if(!pseg.empty()) { - rv += '/'; rv += pseg; + if(!qf) rv += '/'; + rv += pseg; } return rv; } } } diff --git a/libopkele.pc.in b/libopkele.pc.in index bc67362..011f2fe 100644 --- a/libopkele.pc.in +++ b/libopkele.pc.in @@ -1,11 +1,11 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ Name: libopkele Description: C++ implementation of OpenID protocol Version: @VERSION@ Requires: openssl libpcre @KONFORKA_KONFORKA@ -Cflags: -I${includedir} @LIBCURL_CPPFLAGS@ @PCRE_CFLAGS@ -Libs: -L${libdir} -lopkele @LIBCURL@ @PCRE_LIBS@ +Cflags: -I${includedir} @LIBCURL_CPPFLAGS@ @PCRE_CFLAGS@ @EXPAT_CFLAGS@ @TIDY_CFLAGS@ +Libs: -L${libdir} -lopkele @LIBCURL@ @PCRE_LIBS@ @EXPAT_LIBS@ @TIDY_LIBS@ diff --git a/test/.gitignore b/test/.gitignore index 918b3c9..31ae686 100644 --- a/test/.gitignore +++ b/test/.gitignore @@ -1,4 +1,5 @@ /.deps /.libs /test *.o +/idiscover diff --git a/test/Makefile.am b/test/Makefile.am index 0d1c0ef..b573d55 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -1,12 +1,16 @@ -noinst_PROGRAMS = test +noinst_PROGRAMS = test idiscover +AM_CPPFLAGS=${CPPFLAGS_DEBUG} DEFAULT_INCLUDES = -I${top_builddir} INCLUDES = -I${top_srcdir}/include/ ${KONFORKA_CFLAGS} ${LIBCURL_CPPFLAGS} test_SOURCES = test.cc test_LDADD = ${top_builddir}/lib/libopkele.la EXTRA_DIST=$(addsuffix .html,$(addprefix html/, \ empty head-in-body hkn-delegate hkn-server hkn in-body \ unclosed-head spaced-links spaced-link-attrs 2rels \ )) + +idiscover_SOURCES = idiscover.cc +idiscover_LDADD = ${top_builddir}/lib/libopkele.la diff --git a/test/idiscover.cc b/test/idiscover.cc new file mode 100644 index 0000000..d9a7c62 --- a/dev/null +++ b/test/idiscover.cc @@ -0,0 +1,54 @@ +#include <iostream> +#include <stdexcept> +#include <iterator> +#include <algorithm> +using namespace std; +#include <opkele/exception.h> +#include <opkele/discovery.h> + +template<typename _PDT> + ostream& operator<<(ostream& o,const opkele::xrd::priority_map<_PDT>& pm) { + for(typename opkele::xrd::priority_map<_PDT>::const_iterator i=pm.begin(); + i!=pm.end();++i) + o << ' ' << i->second << '[' << i->first << ']'; + return o; + } + +ostream& operator<<(ostream& o,const opkele::xrd::service_t s) { + o << "{" << endl + << " Type: "; + copy(s.types.begin(),s.types.end(), + ostream_iterator<string>(o," ")); + o << endl + << " URI: " << s.uris << endl + << " LocalID: " << s.local_ids << endl + << " ProviderID: " << s.provider_id << endl; + o << "}"; +} + +int main(int argc,char **argv) { + try { + if(argc<2) + throw opkele::exception(OPKELE_CP_ "Please, give me something to resolve"); + for(int a=1;a<argc;++a) { + opkele::idiscovery_t discovery(argv[a]); + clog + << "===============================================================" << endl + << "User-supplied ID: " << argv[a] << endl + << "Normalized ID: " << discovery.normalized_id << endl + << "Canonicalized ID: " << discovery.canonicalized_id << endl + << "The identity is " << (discovery.xri_identity?"":"not ") << "an i-name" << endl; + if(discovery.xrd.expires) + clog << "Information expires in " << discovery.xrd.expires-time(0) << " seconds" << endl; + clog << endl + << "CanonicalID: " << discovery.xrd.canonical_ids << endl + << "LocalID: " << discovery.xrd.local_ids << endl + << "ProviderID: " << discovery.xrd.provider_id << endl + << "Services: " << discovery.xrd.services << endl; + } + }catch(exception& e) { + cerr << "oops: " << e.what() << endl; + _exit(1); + } + _exit(0); +} |