| -rw-r--r-- | lib/server.cc | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/server.cc b/lib/server.cc index 8c29abb..e81d4b6 100644 --- a/lib/server.cc +++ b/lib/server.cc | |||
| @@ -1,20 +1,19 @@ | |||
| 1 | #include <vector> | 1 | #include <vector> |
| 2 | #include <openssl/sha.h> | 2 | #include <openssl/sha.h> |
| 3 | #include <openssl/hmac.h> | 3 | #include <openssl/hmac.h> |
| 4 | #include <mimetic/mimetic.h> | ||
| 5 | #include <opkele/util.h> | 4 | #include <opkele/util.h> |
| 6 | #include <opkele/exception.h> | 5 | #include <opkele/exception.h> |
| 7 | #include <opkele/server.h> | 6 | #include <opkele/server.h> |
| 8 | #include <opkele/data.h> | 7 | #include <opkele/data.h> |
| 9 | 8 | ||
| 10 | namespace opkele { | 9 | namespace opkele { |
| 11 | using namespace std; | 10 | using namespace std; |
| 12 | 11 | ||
| 13 | void server_t::associate(const params_t& pin,params_t& pout) { | 12 | void server_t::associate(const params_t& pin,params_t& pout) { |
| 14 | util::dh_t dh; | 13 | util::dh_t dh; |
| 15 | util::bignum_t c_pub; | 14 | util::bignum_t c_pub; |
| 16 | unsigned char key_sha1[SHA_DIGEST_LENGTH]; | 15 | unsigned char key_sha1[SHA_DIGEST_LENGTH]; |
| 17 | enum { | 16 | enum { |
| 18 | sess_cleartext, | 17 | sess_cleartext, |
| 19 | sess_dh_sha1 | 18 | sess_dh_sha1 |
| 20 | } st = sess_cleartext; | 19 | } st = sess_cleartext; |
| @@ -100,37 +99,34 @@ namespace opkele { | |||
| 100 | if(pin.has_param("openid.assoc_handle") && assoc->stateless()) | 99 | if(pin.has_param("openid.assoc_handle") && assoc->stateless()) |
| 101 | pout["invalidate_handle"] = pin.get_param("openid.assoc_handle"); | 100 | pout["invalidate_handle"] = pin.get_param("openid.assoc_handle"); |
| 102 | pout["identity"] = identity; | 101 | pout["identity"] = identity; |
| 103 | pout["return_to"] = return_to; | 102 | pout["return_to"] = return_to; |
| 104 | /* TODO: eventually remove deprecated stuff */ | 103 | /* TODO: eventually remove deprecated stuff */ |
| 105 | time_t now = time(0); | 104 | time_t now = time(0); |
| 106 | pout["issued"] = util::time_to_w3c(now); | 105 | pout["issued"] = util::time_to_w3c(now); |
| 107 | pout["valid_to"] = util::time_to_w3c(now+120); | 106 | pout["valid_to"] = util::time_to_w3c(now+120); |
| 108 | pout["exipres_in"] = "120"; | 107 | pout["exipres_in"] = "120"; |
| 109 | pout["signed"]="mode,identity,return_to"; | 108 | pout["signed"]="mode,identity,return_to"; |
| 110 | if(ext) ext->checkid_hook(pin,pout); | 109 | if(ext) ext->checkid_hook(pin,pout); |
| 111 | pout.sign(assoc->secret(),pout["sig"],pout["signed"]); | 110 | pout.sign(assoc->secret(),pout["sig"],pout["signed"]); |
| 112 | } | 111 | } |
| 113 | 112 | ||
| 114 | void server_t::check_authentication(const params_t& pin,params_t& pout) { | 113 | void server_t::check_authentication(const params_t& pin,params_t& pout) { |
| 115 | vector<unsigned char> sig; | 114 | vector<unsigned char> sig; |
| 116 | mimetic::Base64::Decoder b; | ||
| 117 | const string& sigenc = pin.get_param("openid.sig"); | 115 | const string& sigenc = pin.get_param("openid.sig"); |
| 118 | mimetic::decode( | 116 | util::decode_base64(sigenc,sig); |
| 119 | sigenc.begin(),sigenc.end(), b, | ||
| 120 | back_insert_iterator<vector<unsigned char> >(sig)); | ||
| 121 | assoc_t assoc; | 117 | assoc_t assoc; |
| 122 | try { | 118 | try { |
| 123 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); | 119 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); |
| 124 | }catch(failed_lookup& fl) { | 120 | }catch(failed_lookup& fl) { |
| 125 | throw failed_assertion(OPKELE_CP_ "invalid handle or handle not specified"); | 121 | throw failed_assertion(OPKELE_CP_ "invalid handle or handle not specified"); |
| 126 | } | 122 | } |
| 127 | if(!assoc->stateless()) | 123 | if(!assoc->stateless()) |
| 128 | throw stateful_handle(OPKELE_CP_ "will not do check_authentication on a stateful handle"); | 124 | throw stateful_handle(OPKELE_CP_ "will not do check_authentication on a stateful handle"); |
| 129 | const string& slist = pin.get_param("openid.signed"); | 125 | const string& slist = pin.get_param("openid.signed"); |
| 130 | string kv; | 126 | string kv; |
| 131 | string::size_type p =0; | 127 | string::size_type p =0; |
| 132 | while(true) { | 128 | while(true) { |
| 133 | string::size_type co = slist.find(',',p); | 129 | string::size_type co = slist.find(',',p); |
| 134 | string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); | 130 | string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); |
| 135 | kv += f; | 131 | kv += f; |
| 136 | kv += ':'; | 132 | kv += ':'; |