summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/curl.h3
-rw-r--r--lib/consumer.cc50
-rw-r--r--lib/curl.cc12
3 files changed, 43 insertions, 22 deletions
diff --git a/include/opkele/curl.h b/include/opkele/curl.h
index 6a7d084..1029b34 100644
--- a/include/opkele/curl.h
+++ b/include/opkele/curl.h
@@ -1,39 +1,42 @@
1#ifndef __OPKELE_CURL_H 1#ifndef __OPKELE_CURL_H
2#define __OPKELE_CURL_H 2#define __OPKELE_CURL_H
3 3
4#include <cassert> 4#include <cassert>
5#include <curl/curl.h> 5#include <curl/curl.h>
6 6
7namespace opkele { 7namespace opkele {
8 8
9 namespace util { 9 namespace util {
10 10
11 class curl_t { 11 class curl_t {
12 public: 12 public:
13 CURL *_c; 13 CURL *_c;
14 14
15 curl_t() : _c(0) { } 15 curl_t() : _c(0) { }
16 curl_t(CURL *c) : _c(c) { } 16 curl_t(CURL *c) : _c(c) { }
17 virtual ~curl_t() throw(); 17 virtual ~curl_t() throw();
18 18
19 curl_t& operator=(CURL *c); 19 curl_t& operator=(CURL *c);
20 20
21 operator const CURL*(void) const { return _c; } 21 operator const CURL*(void) const { return _c; }
22 operator CURL*(void) { return _c; } 22 operator CURL*(void) { return _c; }
23 23
24 CURLcode misc_sets(); 24 CURLcode misc_sets();
25 25
26 template<typename PT> 26 template<typename PT>
27 inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); } 27 inline CURLcode easy_setopt(CURLoption o,PT p) { assert(_c); return curl_easy_setopt(_c,o,p); }
28 CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); } 28 CURLcode easy_perform() { assert(_c); return curl_easy_perform(_c); }
29 template<typename IT> 29 template<typename IT>
30 inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); } 30 inline CURLcode easy_getinfo(CURLINFO i,IT p) { assert(_c); return curl_easy_getinfo(_c,i,p); }
31 31
32 static inline CURL *easy_init() { return curl_easy_init(); } 32 static inline CURL *easy_init() { return curl_easy_init(); }
33
34 virtual size_t write(void *p,size_t s,size_t nm) { return 0; }
35 CURLcode set_write();
33 }; 36 };
34 37
35 } 38 }
36 39
37} 40}
38 41
39#endif /* __OPKELE_CURL_H */ 42#endif /* __OPKELE_CURL_H */
diff --git a/lib/consumer.cc b/lib/consumer.cc
index c155157..62bec71 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,384 +1,390 @@
1#include <algorithm> 1#include <algorithm>
2#include <cassert> 2#include <cassert>
3#include <cstring> 3#include <cstring>
4#include <opkele/util.h> 4#include <opkele/util.h>
5#include <opkele/curl.h> 5#include <opkele/curl.h>
6#include <opkele/exception.h> 6#include <opkele/exception.h>
7#include <opkele/data.h> 7#include <opkele/data.h>
8#include <opkele/consumer.h> 8#include <opkele/consumer.h>
9#include <openssl/sha.h> 9#include <openssl/sha.h>
10#include <openssl/hmac.h> 10#include <openssl/hmac.h>
11#include <iostream> 11#include <iostream>
12 12
13#include "config.h" 13#include "config.h"
14 14
15#include <pcre.h> 15#include <pcre.h>
16 16
17namespace opkele { 17namespace opkele {
18 using namespace std; 18 using namespace std;
19 using util::curl_t; 19 using util::curl_t;
20 20
21 template<int lim>
22 class curl_fetch_string_t : public curl_t {
23 public:
24 curl_fetch_string_t(CURL *c)
25 : curl_t(c) { }
26 ~curl_fetch_string_t() throw() { }
27
28 string response;
29
30 size_t write(void *p,size_t size,size_t nmemb) {
31 size_t bytes = size*nmemb;
32 size_t get = min(lim-response.length(),bytes);
33 response.append((const char *)p,get);
34 return get;
35 }
36 };
37
38 typedef curl_fetch_string_t<16384> curl_pick_t;
39
21 class pcre_matches_t { 40 class pcre_matches_t {
22 public: 41 public:
23 int *_ov; 42 int *_ov;
24 int _s; 43 int _s;
25 44
26 pcre_matches_t() : _ov(0), _s(0) { } 45 pcre_matches_t() : _ov(0), _s(0) { }
27 pcre_matches_t(int s) : _ov(0), _s(s) { 46 pcre_matches_t(int s) : _ov(0), _s(s) {
28 if(_s&1) ++_s; 47 if(_s&1) ++_s;
29 _s += _s>>1; 48 _s += _s>>1;
30 _ov = new int[_s]; 49 _ov = new int[_s];
31 } 50 }
32 ~pcre_matches_t() throw() { if(_ov) delete[] _ov; } 51 ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
33 52
34 int begin(int i) const { return _ov[i<<1]; } 53 int begin(int i) const { return _ov[i<<1]; }
35 int end(int i) const { return _ov[(i<<1)+1]; } 54 int end(int i) const { return _ov[(i<<1)+1]; }
36 int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; } 55 int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
37 }; 56 };
38 57
39 class pcre_t { 58 class pcre_t {
40 public: 59 public:
41 pcre *_p; 60 pcre *_p;
42 61
43 pcre_t() : _p(0) { } 62 pcre_t() : _p(0) { }
44 pcre_t(pcre *p) : _p(p) { } 63 pcre_t(pcre *p) : _p(p) { }
45 pcre_t(const char *re,int opts) : _p(0) { 64 pcre_t(const char *re,int opts) : _p(0) {
46 static const char *errptr; static int erroffset; 65 static const char *errptr; static int erroffset;
47 _p = pcre_compile(re,opts,&errptr,&erroffset,NULL); 66 _p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
48 if(!_p) 67 if(!_p)
49 throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr); 68 throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
50 } 69 }
51 ~pcre_t() throw() { if(_p) (*pcre_free)(_p); } 70 ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
52 71
53 pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; } 72 pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
54 73
55 operator const pcre*(void) const { return _p; } 74 operator const pcre*(void) const { return _p; }
56 operator pcre*(void) { return _p; } 75 operator pcre*(void) { return _p; }
57 76
58 int exec(const string& s,pcre_matches_t& m) { 77 int exec(const string& s,pcre_matches_t& m) {
59 if(!_p) 78 if(!_p)
60 throw internal_error(OPKELE_CP_ "Trying to execute absent regexp"); 79 throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
61 return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s); 80 return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
62 } 81 }
63 }; 82 };
64 83
65 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) {
66 string *str = (string*)stream;
67 size_t bytes = size*nmemb;
68 size_t get = min(16384-str->length(),bytes);
69 str->append((const char*)ptr,get);
70 return get;
71 }
72
73 assoc_t consumer_t::associate(const string& server) { 84 assoc_t consumer_t::associate(const string& server) {
74 util::dh_t dh = DH_new(); 85 util::dh_t dh = DH_new();
75 if(!dh) 86 if(!dh)
76 throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); 87 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
77 dh->p = util::dec_to_bignum(data::_default_p); 88 dh->p = util::dec_to_bignum(data::_default_p);
78 dh->g = util::dec_to_bignum(data::_default_g); 89 dh->g = util::dec_to_bignum(data::_default_g);
79 if(!DH_generate_key(dh)) 90 if(!DH_generate_key(dh))
80 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); 91 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
81 string request = 92 string request =
82 "openid.mode=associate" 93 "openid.mode=associate"
83 "&openid.assoc_type=HMAC-SHA1" 94 "&openid.assoc_type=HMAC-SHA1"
84 "&openid.session_type=DH-SHA1" 95 "&openid.session_type=DH-SHA1"
85 "&openid.dh_consumer_public="; 96 "&openid.dh_consumer_public=";
86 request += util::url_encode(util::bignum_to_base64(dh->pub_key)); 97 request += util::url_encode(util::bignum_to_base64(dh->pub_key));
87 curl_t curl = curl_t::easy_init(); 98 curl_pick_t curl = curl_pick_t::easy_init();
88 if(!curl) 99 if(!curl)
89 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 100 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
90 string response;
91 CURLcode r; 101 CURLcode r;
92 (r=curl.misc_sets()) 102 (r=curl.misc_sets())
93 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str())) 103 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
94 || (r=curl.easy_setopt(CURLOPT_POST,1)) 104 || (r=curl.easy_setopt(CURLOPT_POST,1))
95 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data())) 105 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
96 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length())) 106 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
97 || (r=curl.easy_setopt(CURLOPT_WRITEFUNCTION,_curl_tostring)) 107 || (r=curl.set_write())
98 || (r=curl.easy_setopt(CURLOPT_WRITEDATA,&response))
99 ; 108 ;
100 if(r) 109 if(r)
101 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 110 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
102 if( (r=curl.easy_perform()) ) 111 if( (r=curl.easy_perform()) )
103 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 112 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
104 params_t p; p.parse_keyvalues(response); 113 params_t p; p.parse_keyvalues(curl.response);
105 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") 114 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
106 throw bad_input(OPKELE_CP_ "unsupported assoc_type"); 115 throw bad_input(OPKELE_CP_ "unsupported assoc_type");
107 string st; 116 string st;
108 if(p.has_param("session_type")) st = p.get_param("session_type"); 117 if(p.has_param("session_type")) st = p.get_param("session_type");
109 if((!st.empty()) && st!="DH-SHA1") 118 if((!st.empty()) && st!="DH-SHA1")
110 throw bad_input(OPKELE_CP_ "unsupported session_type"); 119 throw bad_input(OPKELE_CP_ "unsupported session_type");
111 secret_t secret; 120 secret_t secret;
112 if(st.empty()) { 121 if(st.empty()) {
113 secret.from_base64(p.get_param("mac_key")); 122 secret.from_base64(p.get_param("mac_key"));
114 }else{ 123 }else{
115 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); 124 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
116 vector<unsigned char> ck(DH_size(dh)+1); 125 vector<unsigned char> ck(DH_size(dh)+1);
117 unsigned char *ckptr = &(ck.front())+1; 126 unsigned char *ckptr = &(ck.front())+1;
118 int cklen = DH_compute_key(ckptr,s_pub,dh); 127 int cklen = DH_compute_key(ckptr,s_pub,dh);
119 if(cklen<0) 128 if(cklen<0)
120 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 129 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
121 if(cklen && (*ckptr)&0x80) { 130 if(cklen && (*ckptr)&0x80) {
122 (*(--ckptr)) = 0; ++cklen; 131 (*(--ckptr)) = 0; ++cklen;
123 } 132 }
124 unsigned char key_sha1[SHA_DIGEST_LENGTH]; 133 unsigned char key_sha1[SHA_DIGEST_LENGTH];
125 SHA1(ckptr,cklen,key_sha1); 134 SHA1(ckptr,cklen,key_sha1);
126 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); 135 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
127 } 136 }
128 int expires_in = 0; 137 int expires_in = 0;
129 if(p.has_param("expires_in")) { 138 if(p.has_param("expires_in")) {
130 expires_in = util::string_to_long(p.get_param("expires_in")); 139 expires_in = util::string_to_long(p.get_param("expires_in"));
131 }else if(p.has_param("issued") && p.has_param("expiry")) { 140 }else if(p.has_param("issued") && p.has_param("expiry")) {
132 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued")); 141 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
133 }else 142 }else
134 throw bad_input(OPKELE_CP_ "no expiration information"); 143 throw bad_input(OPKELE_CP_ "no expiration information");
135 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); 144 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
136 } 145 }
137 146
138 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 147 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
139 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); 148 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
140 } 149 }
141 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 150 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
142 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); 151 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
143 } 152 }
144 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 153 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
145 params_t p; 154 params_t p;
146 if(mode==mode_checkid_immediate) 155 if(mode==mode_checkid_immediate)
147 p["mode"]="checkid_immediate"; 156 p["mode"]="checkid_immediate";
148 else if(mode==mode_checkid_setup) 157 else if(mode==mode_checkid_setup)
149 p["mode"]="checkid_setup"; 158 p["mode"]="checkid_setup";
150 else 159 else
151 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 160 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
152 string iurl = canonicalize(identity); 161 string iurl = canonicalize(identity);
153 string server, delegate; 162 string server, delegate;
154 retrieve_links(iurl,server,delegate); 163 retrieve_links(iurl,server,delegate);
155 p["identity"] = delegate.empty()?iurl:delegate; 164 p["identity"] = delegate.empty()?iurl:delegate;
156 if(!trust_root.empty()) 165 if(!trust_root.empty())
157 p["trust_root"] = trust_root; 166 p["trust_root"] = trust_root;
158 p["return_to"] = return_to; 167 p["return_to"] = return_to;
159 try { 168 try {
160 string ah = find_assoc(server)->handle(); 169 string ah = find_assoc(server)->handle();
161 p["assoc_handle"] = ah; 170 p["assoc_handle"] = ah;
162 }catch(failed_lookup& fl) { 171 }catch(failed_lookup& fl) {
163 string ah = associate(server)->handle(); 172 string ah = associate(server)->handle();
164 p["assoc_handle"] = ah; 173 p["assoc_handle"] = ah;
165 } 174 }
166 if(ext) ext->checkid_hook(p,identity); 175 if(ext) ext->checkid_hook(p,identity);
167 return p.append_query(server); 176 return p.append_query(server);
168 } 177 }
169 178
170 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 179 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
171 if(pin.has_param("openid.user_setup_url")) 180 if(pin.has_param("openid.user_setup_url"))
172 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 181 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
173 string server,delegate; 182 string server,delegate;
174 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 183 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
175 params_t ps; 184 params_t ps;
176 try { 185 try {
177 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 186 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
178 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ 187 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */
179 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 188 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
180 const string& sigenc = pin.get_param("openid.sig"); 189 const string& sigenc = pin.get_param("openid.sig");
181 vector<unsigned char> sig; 190 vector<unsigned char> sig;
182 util::decode_base64(sigenc,sig); 191 util::decode_base64(sigenc,sig);
183 const string& slist = pin.get_param("openid.signed"); 192 const string& slist = pin.get_param("openid.signed");
184 string kv; 193 string kv;
185 string::size_type p = 0; 194 string::size_type p = 0;
186 while(true) { 195 while(true) {
187 string::size_type co = slist.find(',',p); 196 string::size_type co = slist.find(',',p);
188 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 197 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
189 kv += f; 198 kv += f;
190 kv += ':'; 199 kv += ':';
191 f.insert(0,"openid."); 200 f.insert(0,"openid.");
192 kv += pin.get_param(f); 201 kv += pin.get_param(f);
193 kv += '\n'; 202 kv += '\n';
194 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f); 203 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
195 if(co==string::npos) 204 if(co==string::npos)
196 break; 205 break;
197 p = co+1; 206 p = co+1;
198 } 207 }
199 secret_t secret = assoc->secret(); 208 secret_t secret = assoc->secret();
200 unsigned int md_len = 0; 209 unsigned int md_len = 0;
201 unsigned char *md = HMAC( 210 unsigned char *md = HMAC(
202 EVP_sha1(), 211 EVP_sha1(),
203 &(secret.front()),secret.size(), 212 &(secret.front()),secret.size(),
204 (const unsigned char *)kv.data(),kv.length(), 213 (const unsigned char *)kv.data(),kv.length(),
205 0,&md_len); 214 0,&md_len);
206 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len)) 215 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
207 throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); 216 throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
208 }catch(failed_lookup& e) { /* XXX: more specific? */ 217 }catch(failed_lookup& e) { /* XXX: more specific? */
209 const string& slist = pin.get_param("openid.signed"); 218 const string& slist = pin.get_param("openid.signed");
210 string::size_type pp = 0; 219 string::size_type pp = 0;
211 params_t p; 220 params_t p;
212 while(true) { 221 while(true) {
213 string::size_type co = slist.find(',',pp); 222 string::size_type co = slist.find(',',pp);
214 string f = "openid."; 223 string f = "openid.";
215 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp); 224 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
216 p[f] = pin.get_param(f); 225 p[f] = pin.get_param(f);
217 if(co==string::npos) 226 if(co==string::npos)
218 break; 227 break;
219 pp = co+1; 228 pp = co+1;
220 } 229 }
221 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle"); 230 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
222 p["openid.sig"] = pin.get_param("openid.sig"); 231 p["openid.sig"] = pin.get_param("openid.sig");
223 p["openid.signed"] = pin.get_param("openid.signed"); 232 p["openid.signed"] = pin.get_param("openid.signed");
224 try { 233 try {
225 string ih = pin.get_param("openid.invalidate_handle"); 234 string ih = pin.get_param("openid.invalidate_handle");
226 p["openid.invalidate_handle"] = ih; 235 p["openid.invalidate_handle"] = ih;
227 }catch(failed_lookup& fl) { } 236 }catch(failed_lookup& fl) { }
228 try { 237 try {
229 check_authentication(server,p); 238 check_authentication(server,p);
230 }catch(failed_check_authentication& fca) { 239 }catch(failed_check_authentication& fca) {
231 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 240 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
232 } 241 }
233 } 242 }
234 if(ext) ext->id_res_hook(pin,ps,identity); 243 if(ext) ext->id_res_hook(pin,ps,identity);
235 } 244 }
236 245
237 void consumer_t::check_authentication(const string& server,const params_t& p) { 246 void consumer_t::check_authentication(const string& server,const params_t& p) {
238 string request = "openid.mode=check_authentication"; 247 string request = "openid.mode=check_authentication";
239 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 248 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
240 if(i->first!="openid.mode") { 249 if(i->first!="openid.mode") {
241 request += '&'; 250 request += '&';
242 request += i->first; 251 request += i->first;
243 request += '='; 252 request += '=';
244 request += util::url_encode(i->second); 253 request += util::url_encode(i->second);
245 } 254 }
246 } 255 }
247 curl_t curl = curl_t::easy_init(); 256 curl_pick_t curl = curl_pick_t::easy_init();
248 if(!curl) 257 if(!curl)
249 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 258 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
250 string response;
251 CURLcode r; 259 CURLcode r;
252 (r=curl.misc_sets()) 260 (r=curl.misc_sets())
253 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str())) 261 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
254 || (r=curl.easy_setopt(CURLOPT_POST,1)) 262 || (r=curl.easy_setopt(CURLOPT_POST,1))
255 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data())) 263 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
256 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length())) 264 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
257 || (r=curl.easy_setopt(CURLOPT_WRITEFUNCTION,_curl_tostring)) 265 || (r=curl.set_write())
258 || (r=curl.easy_setopt(CURLOPT_WRITEDATA,&response))
259 ; 266 ;
260 if(r) 267 if(r)
261 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 268 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
262 if( (r=curl.easy_perform()) ) 269 if( (r=curl.easy_perform()) )
263 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 270 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
264 params_t pp; pp.parse_keyvalues(response); 271 params_t pp; pp.parse_keyvalues(curl.response);
265 if(pp.has_param("invalidate_handle")) 272 if(pp.has_param("invalidate_handle"))
266 invalidate_assoc(server,pp.get_param("invalidate_handle")); 273 invalidate_assoc(server,pp.get_param("invalidate_handle"));
267 if(pp.has_param("is_valid")) { 274 if(pp.has_param("is_valid")) {
268 if(pp.get_param("is_valid")=="true") 275 if(pp.get_param("is_valid")=="true")
269 return; 276 return;
270 }else if(pp.has_param("lifetime")) { 277 }else if(pp.has_param("lifetime")) {
271 if(util::string_to_long(pp.get_param("lifetime"))) 278 if(util::string_to_long(pp.get_param("lifetime")))
272 return; 279 return;
273 } 280 }
274 throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); 281 throw failed_check_authentication(OPKELE_CP_ "failed to verify response");
275 } 282 }
276 283
277 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { 284 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) {
278 server.erase(); 285 server.erase();
279 delegate.erase(); 286 delegate.erase();
280 curl_t curl = curl_t::easy_init(); 287 curl_pick_t curl = curl_pick_t::easy_init();
281 if(!curl) 288 if(!curl)
282 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 289 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
283 string html; 290 string& html = curl.response;
284 CURLcode r; 291 CURLcode r;
285 (r=curl.misc_sets()) 292 (r=curl.misc_sets())
286 || (r=curl.easy_setopt(CURLOPT_URL,url.c_str())) 293 || (r=curl.easy_setopt(CURLOPT_URL,url.c_str()))
287 || (r=curl.easy_setopt(CURLOPT_WRITEFUNCTION,_curl_tostring)) 294 || (r=curl.set_write());
288 || (r=curl.easy_setopt(CURLOPT_WRITEDATA,&html))
289 ; 295 ;
290 if(r) 296 if(r)
291 throw exception_curl(OPKELE_CP_ "failed to set curly options",r); 297 throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
292 r = curl.easy_perform(); 298 r = curl.easy_perform();
293 if(r && r!=CURLE_WRITE_ERROR) 299 if(r && r!=CURLE_WRITE_ERROR)
294 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); 300 throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
295 static const char *re_bre = "<\\s*body\\b", *re_hdre = "<\\s*head[^>]*>", 301 static const char *re_bre = "<\\s*body\\b", *re_hdre = "<\\s*head[^>]*>",
296 *re_lre = "<\\s*link\\b([^>]+)>", 302 *re_lre = "<\\s*link\\b([^>]+)>",
297 *re_rre = "\\brel\\s*=\\s*['\"]([^'\"]+)['\"]", 303 *re_rre = "\\brel\\s*=\\s*['\"]([^'\"]+)['\"]",
298 *re_hre = "\\bhref\\s*=\\s*['\"]\\s*([^'\"\\s]+)\\s*['\"]"; 304 *re_hre = "\\bhref\\s*=\\s*['\"]\\s*([^'\"\\s]+)\\s*['\"]";
299 pcre_matches_t m1(3), m2(3); 305 pcre_matches_t m1(3), m2(3);
300 pcre_t bre(re_bre,PCRE_CASELESS); 306 pcre_t bre(re_bre,PCRE_CASELESS);
301 if(bre.exec(html,m1)>0) 307 if(bre.exec(html,m1)>0)
302 html.erase(m1.begin(0)); 308 html.erase(m1.begin(0));
303 pcre_t hdre(re_hdre,PCRE_CASELESS); 309 pcre_t hdre(re_hdre,PCRE_CASELESS);
304 if(hdre.exec(html,m1)<=0) 310 if(hdre.exec(html,m1)<=0)
305 throw bad_input(OPKELE_CP_ "failed to find <head>"); 311 throw bad_input(OPKELE_CP_ "failed to find <head>");
306 html.erase(0,m1.end(0)+1); 312 html.erase(0,m1.end(0)+1);
307 pcre_t lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS); 313 pcre_t lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS);
308 bool gotit = false; 314 bool gotit = false;
309 while( (!gotit) && lre.exec(html,m1)>=2 ) { 315 while( (!gotit) && lre.exec(html,m1)>=2 ) {
310 static const char *whitespace = " \t"; 316 static const char *whitespace = " \t";
311 string attrs(html,m1.begin(1),m1.length(1)); 317 string attrs(html,m1.begin(1),m1.length(1));
312 html.erase(0,m1.end(0)+1); 318 html.erase(0,m1.end(0)+1);
313 if(!( rre.exec(attrs,m1)>=2 && hre.exec(attrs,m2)>=2 )) 319 if(!( rre.exec(attrs,m1)>=2 && hre.exec(attrs,m2)>=2 ))
314 continue; 320 continue;
315 string rels(attrs,m1.begin(1),m1.length(1)); 321 string rels(attrs,m1.begin(1),m1.length(1));
316 for(string::size_type ns = rels.find_first_not_of(whitespace); 322 for(string::size_type ns = rels.find_first_not_of(whitespace);
317 ns!=string::npos; 323 ns!=string::npos;
318 ns=rels.find_first_not_of(whitespace,ns)) { 324 ns=rels.find_first_not_of(whitespace,ns)) {
319 string::size_type s = rels.find_first_of(whitespace,ns); 325 string::size_type s = rels.find_first_of(whitespace,ns);
320 string rel; 326 string rel;
321 if(s==string::npos) { 327 if(s==string::npos) {
322 rel.assign(rels,ns,string::npos); 328 rel.assign(rels,ns,string::npos);
323 ns=string::npos; 329 ns=string::npos;
324 }else{ 330 }else{
325 rel.assign(rels,ns,s-ns); 331 rel.assign(rels,ns,s-ns);
326 ns=s; 332 ns=s;
327 } 333 }
328 if(rel=="openid.server") { 334 if(rel=="openid.server") {
329 server.assign(attrs,m2.begin(1),m2.length(1)); 335 server.assign(attrs,m2.begin(1),m2.length(1));
330 if(!delegate.empty()) { 336 if(!delegate.empty()) {
331 gotit = true; 337 gotit = true;
332 break; 338 break;
333 } 339 }
334 }else if(rel=="openid.delegate") { 340 }else if(rel=="openid.delegate") {
335 delegate.assign(attrs,m2.begin(1),m2.length(1)); 341 delegate.assign(attrs,m2.begin(1),m2.length(1));
336 if(!server.empty()) { 342 if(!server.empty()) {
337 gotit = true; 343 gotit = true;
338 break; 344 break;
339 } 345 }
340 } 346 }
341 if(ns==string::npos) break; 347 if(ns==string::npos) break;
342 } 348 }
343 } 349 }
344 if(server.empty()) 350 if(server.empty())
345 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); 351 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration");
346 } 352 }
347 353
348 assoc_t consumer_t::find_assoc(const string& /* server */) { 354 assoc_t consumer_t::find_assoc(const string& /* server */) {
349 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); 355 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided");
350 } 356 }
351 357
352 string consumer_t::normalize(const string& url) { 358 string consumer_t::normalize(const string& url) {
353 string rv = url; 359 string rv = url;
354 // strip leading and trailing spaces 360 // strip leading and trailing spaces
355 string::size_type i = rv.find_first_not_of(" \t\r\n"); 361 string::size_type i = rv.find_first_not_of(" \t\r\n");
356 if(i==string::npos) 362 if(i==string::npos)
357 throw bad_input(OPKELE_CP_ "empty URL"); 363 throw bad_input(OPKELE_CP_ "empty URL");
358 if(i) 364 if(i)
359 rv.erase(0,i); 365 rv.erase(0,i);
360 i = rv.find_last_not_of(" \t\r\n"); 366 i = rv.find_last_not_of(" \t\r\n");
361 assert(i!=string::npos); 367 assert(i!=string::npos);
362 if(i<(rv.length()-1)) 368 if(i<(rv.length()-1))
363 rv.erase(i+1); 369 rv.erase(i+1);
364 // add missing http:// 370 // add missing http://
365 i = rv.find("://"); 371 i = rv.find("://");
366 if(i==string::npos) { // primitive. but do we need more? 372 if(i==string::npos) { // primitive. but do we need more?
367 rv.insert(0,"http://"); 373 rv.insert(0,"http://");
368 i = sizeof("http://")-1; 374 i = sizeof("http://")-1;
369 }else{ 375 }else{
370 i += sizeof("://")-1; 376 i += sizeof("://")-1;
371 } 377 }
372 string::size_type qm = rv.find('?',i); 378 string::size_type qm = rv.find('?',i);
373 string::size_type sl = rv.find('/',i); 379 string::size_type sl = rv.find('/',i);
374 if(qm!=string::npos) { 380 if(qm!=string::npos) {
375 if(sl==string::npos || sl>qm) 381 if(sl==string::npos || sl>qm)
376 rv.insert(qm,1,'/'); 382 rv.insert(qm,1,'/');
377 }else{ 383 }else{
378 if(sl==string::npos) 384 if(sl==string::npos)
379 rv += '/'; 385 rv += '/';
380 } 386 }
381 return rv; 387 return rv;
382 } 388 }
383 389
384 string consumer_t::canonicalize(const string& url) { 390 string consumer_t::canonicalize(const string& url) {
diff --git a/lib/curl.cc b/lib/curl.cc
index 418aa79..3e69b47 100644
--- a/lib/curl.cc
+++ b/lib/curl.cc
@@ -1,42 +1,54 @@
1#include <opkele/curl.h> 1#include <opkele/curl.h>
2 2
3#include "config.h" 3#include "config.h"
4 4
5namespace opkele { 5namespace opkele {
6 6
7 namespace util { 7 namespace util {
8 8
9 curl_t::~curl_t() throw() { 9 curl_t::~curl_t() throw() {
10 if(_c) 10 if(_c)
11 curl_easy_cleanup(_c); 11 curl_easy_cleanup(_c);
12 } 12 }
13 13
14 curl_t& curl_t::operator=(CURL *c) { 14 curl_t& curl_t::operator=(CURL *c) {
15 if(_c) 15 if(_c)
16 curl_easy_cleanup(_c); 16 curl_easy_cleanup(_c);
17 _c = c; 17 _c = c;
18 return *this; 18 return *this;
19 } 19 }
20 20
21 CURLcode curl_t::misc_sets() { 21 CURLcode curl_t::misc_sets() {
22 assert(_c); 22 assert(_c);
23 CURLcode r; 23 CURLcode r;
24 (r=easy_setopt(CURLOPT_FOLLOWLOCATION,1)) 24 (r=easy_setopt(CURLOPT_FOLLOWLOCATION,1))
25 || (r=easy_setopt(CURLOPT_MAXREDIRS,5)) 25 || (r=easy_setopt(CURLOPT_MAXREDIRS,5))
26 || (r=easy_setopt(CURLOPT_DNS_CACHE_TIMEOUT,120)) 26 || (r=easy_setopt(CURLOPT_DNS_CACHE_TIMEOUT,120))
27 || (r=easy_setopt(CURLOPT_DNS_USE_GLOBAL_CACHE,1)) 27 || (r=easy_setopt(CURLOPT_DNS_USE_GLOBAL_CACHE,1))
28 || (r=easy_setopt(CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_SRC_VERSION)) 28 || (r=easy_setopt(CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_SRC_VERSION))
29 || (r=easy_setopt(CURLOPT_TIMEOUT,20)) 29 || (r=easy_setopt(CURLOPT_TIMEOUT,20))
30 #ifdefDISABLE_CURL_SSL_VERIFYHOST 30 #ifdefDISABLE_CURL_SSL_VERIFYHOST
31 || (r=easy_setopt(CURLOPT_SSL_VERIFYHOST,0)) 31 || (r=easy_setopt(CURLOPT_SSL_VERIFYHOST,0))
32#endif 32#endif
33 #ifdefDISABLE_CURL_SSL_VERIFYPEER 33 #ifdefDISABLE_CURL_SSL_VERIFYPEER
34 || (r=easy_setopt(CURLOPT_SSL_VERIFYPEER,0)) 34 || (r=easy_setopt(CURLOPT_SSL_VERIFYPEER,0))
35#endif 35#endif
36 ; 36 ;
37 return r; 37 return r;
38 } 38 }
39 39
40 static size_t _write(void *p,size_t s,size_t nm,void *stream) {
41 return ((curl_t*)stream)->write(p,s,nm);
42 }
43
44 CURLcode curl_t::set_write() {
45 assert(_c);
46 CURLcode r;
47 (r = easy_setopt(CURLOPT_WRITEDATA,this))
48 || (r = easy_setopt(CURLOPT_WRITEFUNCTION,_write));
49 return r;
50 }
51
40 } 52 }
41 53
42} 54}