summaryrefslogtreecommitdiffabout
path: root/lib/consumer.cc
Unidiff
Diffstat (limited to 'lib/consumer.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/consumer.cc6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 66db7dd..9f7530f 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -139,127 +139,127 @@ namespace opkele {
139 expires_in = util::string_to_long(p.get_param("expires_in")); 139 expires_in = util::string_to_long(p.get_param("expires_in"));
140 }else if(p.has_param("issued") && p.has_param("expiry")) { 140 }else if(p.has_param("issued") && p.has_param("expiry")) {
141 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued")); 141 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
142 }else 142 }else
143 throw bad_input(OPKELE_CP_ "no expiration information"); 143 throw bad_input(OPKELE_CP_ "no expiration information");
144 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); 144 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
145 } 145 }
146 146
147 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 147 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
148 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); 148 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
149 } 149 }
150 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 150 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
151 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); 151 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
152 } 152 }
153 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 153 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
154 params_t p; 154 params_t p;
155 if(mode==mode_checkid_immediate) 155 if(mode==mode_checkid_immediate)
156 p["mode"]="checkid_immediate"; 156 p["mode"]="checkid_immediate";
157 else if(mode==mode_checkid_setup) 157 else if(mode==mode_checkid_setup)
158 p["mode"]="checkid_setup"; 158 p["mode"]="checkid_setup";
159 else 159 else
160 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 160 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
161 string iurl = canonicalize(identity); 161 string iurl = canonicalize(identity);
162 string server, delegate; 162 string server, delegate;
163 retrieve_links(iurl,server,delegate); 163 retrieve_links(iurl,server,delegate);
164 p["identity"] = delegate.empty()?iurl:delegate; 164 p["identity"] = delegate.empty()?iurl:delegate;
165 if(!trust_root.empty()) 165 if(!trust_root.empty())
166 p["trust_root"] = trust_root; 166 p["trust_root"] = trust_root;
167 p["return_to"] = return_to; 167 p["return_to"] = return_to;
168 try { 168 try {
169 string ah = find_assoc(server)->handle(); 169 string ah = find_assoc(server)->handle();
170 p["assoc_handle"] = ah; 170 p["assoc_handle"] = ah;
171 }catch(failed_lookup& fl) { 171 }catch(failed_lookup& fl) {
172 string ah = associate(server)->handle(); 172 string ah = associate(server)->handle();
173 p["assoc_handle"] = ah; 173 p["assoc_handle"] = ah;
174 } 174 }
175 if(ext) ext->checkid_hook(p,identity); 175 if(ext) ext->checkid_hook(p,identity);
176 return p.append_query(server); 176 return p.append_query(server);
177 } 177 }
178 178
179 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 179 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
180 if(pin.has_param("openid.user_setup_url")) 180 if(pin.has_param("openid.user_setup_url"))
181 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 181 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
182 string server,delegate; 182 string server,delegate;
183 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 183 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
184 params_t ps; 184 params_t ps;
185 try { 185 try {
186 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 186 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
187 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ 187 if(assoc->is_expired())
188 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 188 throw id_res_expired_on_delivery(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
189 const string& sigenc = pin.get_param("openid.sig"); 189 const string& sigenc = pin.get_param("openid.sig");
190 vector<unsigned char> sig; 190 vector<unsigned char> sig;
191 util::decode_base64(sigenc,sig); 191 util::decode_base64(sigenc,sig);
192 const string& slist = pin.get_param("openid.signed"); 192 const string& slist = pin.get_param("openid.signed");
193 string kv; 193 string kv;
194 string::size_type p = 0; 194 string::size_type p = 0;
195 while(true) { 195 while(true) {
196 string::size_type co = slist.find(',',p); 196 string::size_type co = slist.find(',',p);
197 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 197 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
198 kv += f; 198 kv += f;
199 kv += ':'; 199 kv += ':';
200 f.insert(0,"openid."); 200 f.insert(0,"openid.");
201 kv += pin.get_param(f); 201 kv += pin.get_param(f);
202 kv += '\n'; 202 kv += '\n';
203 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f); 203 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
204 if(co==string::npos) 204 if(co==string::npos)
205 break; 205 break;
206 p = co+1; 206 p = co+1;
207 } 207 }
208 secret_t secret = assoc->secret(); 208 secret_t secret = assoc->secret();
209 unsigned int md_len = 0; 209 unsigned int md_len = 0;
210 unsigned char *md = HMAC( 210 unsigned char *md = HMAC(
211 EVP_sha1(), 211 EVP_sha1(),
212 &(secret.front()),secret.size(), 212 &(secret.front()),secret.size(),
213 (const unsigned char *)kv.data(),kv.length(), 213 (const unsigned char *)kv.data(),kv.length(),
214 0,&md_len); 214 0,&md_len);
215 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len)) 215 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
216 throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); 216 throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
217 }catch(failed_lookup& e) { /* XXX: more specific? */ 217 }catch(failed_lookup& e) {
218 const string& slist = pin.get_param("openid.signed"); 218 const string& slist = pin.get_param("openid.signed");
219 string::size_type pp = 0; 219 string::size_type pp = 0;
220 params_t p; 220 params_t p;
221 while(true) { 221 while(true) {
222 string::size_type co = slist.find(',',pp); 222 string::size_type co = slist.find(',',pp);
223 string f = "openid."; 223 string f = "openid.";
224 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp); 224 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
225 p[f] = pin.get_param(f); 225 p[f] = pin.get_param(f);
226 if(co==string::npos) 226 if(co==string::npos)
227 break; 227 break;
228 pp = co+1; 228 pp = co+1;
229 } 229 }
230 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle"); 230 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
231 p["openid.sig"] = pin.get_param("openid.sig"); 231 p["openid.sig"] = pin.get_param("openid.sig");
232 p["openid.signed"] = pin.get_param("openid.signed"); 232 p["openid.signed"] = pin.get_param("openid.signed");
233 try { 233 try {
234 string ih = pin.get_param("openid.invalidate_handle"); 234 string ih = pin.get_param("openid.invalidate_handle");
235 p["openid.invalidate_handle"] = ih; 235 p["openid.invalidate_handle"] = ih;
236 }catch(failed_lookup& fl) { } 236 }catch(failed_lookup& fl) { }
237 try { 237 try {
238 check_authentication(server,p); 238 check_authentication(server,p);
239 }catch(failed_check_authentication& fca) { 239 }catch(failed_check_authentication& fca) {
240 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 240 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
241 } 241 }
242 } 242 }
243 if(ext) ext->id_res_hook(pin,ps,identity); 243 if(ext) ext->id_res_hook(pin,ps,identity);
244 } 244 }
245 245
246 void consumer_t::check_authentication(const string& server,const params_t& p) { 246 void consumer_t::check_authentication(const string& server,const params_t& p) {
247 string request = "openid.mode=check_authentication"; 247 string request = "openid.mode=check_authentication";
248 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 248 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
249 if(i->first!="openid.mode") { 249 if(i->first!="openid.mode") {
250 request += '&'; 250 request += '&';
251 request += i->first; 251 request += i->first;
252 request += '='; 252 request += '=';
253 request += util::url_encode(i->second); 253 request += util::url_encode(i->second);
254 } 254 }
255 } 255 }
256 curl_pick_t curl = curl_pick_t::easy_init(); 256 curl_pick_t curl = curl_pick_t::easy_init();
257 if(!curl) 257 if(!curl)
258 throw exception_curl(OPKELE_CP_ "failed to initialize curl"); 258 throw exception_curl(OPKELE_CP_ "failed to initialize curl");
259 CURLcode r; 259 CURLcode r;
260 (r=curl.misc_sets()) 260 (r=curl.misc_sets())
261 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str())) 261 || (r=curl.easy_setopt(CURLOPT_URL,server.c_str()))
262 || (r=curl.easy_setopt(CURLOPT_POST,1)) 262 || (r=curl.easy_setopt(CURLOPT_POST,1))
263 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data())) 263 || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
264 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length())) 264 || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
265 || (r=curl.set_write()) 265 || (r=curl.set_write())