| -rw-r--r-- | lib/util.cc | 71 |
1 files changed, 69 insertions, 2 deletions
diff --git a/lib/util.cc b/lib/util.cc index a9b9bed..54d6535 100644 --- a/lib/util.cc +++ b/lib/util.cc | |||
| @@ -1,37 +1,43 @@ | |||
| 1 | #include <errno.h> | 1 | #include <errno.h> |
| 2 | #include <cassert> | 2 | #include <cassert> |
| 3 | #include <cctype> | 3 | #include <cctype> |
| 4 | #include <cstring> | 4 | #include <cstring> |
| 5 | #include <vector> | 5 | #include <vector> |
| 6 | #include <string> | 6 | #include <string> |
| 7 | #include <stack> | 7 | #include <stack> |
| 8 | #include <openssl/bio.h> | 8 | #include <openssl/bio.h> |
| 9 | #include <openssl/evp.h> | 9 | #include <openssl/evp.h> |
| 10 | #include <openssl/hmac.h> | ||
| 10 | #include <curl/curl.h> | 11 | #include <curl/curl.h> |
| 11 | #include "opkele/util.h" | 12 | #include "opkele/util.h" |
| 12 | #include "opkele/exception.h" | 13 | #include "opkele/exception.h" |
| 13 | 14 | ||
| 15 | #include <config.h> | ||
| 16 | #ifdef HAVE_DEMANGLE | ||
| 17 | # include <cxxabi.h> | ||
| 18 | #endif | ||
| 19 | |||
| 14 | namespace opkele { | 20 | namespace opkele { |
| 15 | using namespace std; | 21 | using namespace std; |
| 16 | 22 | ||
| 17 | namespace util { | 23 | namespace util { |
| 18 | 24 | ||
| 19 | /* | 25 | /* |
| 20 | * base64 | 26 | * base64 |
| 21 | */ | 27 | */ |
| 22 | string encode_base64(const void *data,size_t length) { | 28 | string encode_base64(const void *data,size_t length) { |
| 23 | BIO *b64 = 0, *bmem = 0; | 29 | BIO *b64 = 0, *bmem = 0; |
| 24 | try { | 30 | try { |
| 25 | b64 = BIO_new(BIO_f_base64()); | 31 | b64 = BIO_new(BIO_f_base64()); |
| 26 | if(!b64) | 32 | if(!b64) |
| 27 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); | 33 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); |
| 28 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); | 34 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
| 29 | bmem = BIO_new(BIO_s_mem()); | 35 | bmem = BIO_new(BIO_s_mem()); |
| 30 | BIO_set_flags(b64,BIO_CLOSE); | 36 | BIO_set_flags(b64,BIO_CLOSE); |
| 31 | if(!bmem) | 37 | if(!bmem) |
| 32 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); | 38 | throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); |
| 33 | BIO_push(b64,bmem); | 39 | BIO_push(b64,bmem); |
| 34 | if(((size_t)BIO_write(b64,data,length))!=length) | 40 | if(((size_t)BIO_write(b64,data,length))!=length) |
| 35 | throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); | 41 | throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); |
| 36 | if(BIO_flush(b64)!=1) | 42 | if(BIO_flush(b64)!=1) |
| 37 | throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); | 43 | throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); |
| @@ -184,50 +190,49 @@ namespace opkele { | |||
| 184 | */ | 190 | */ |
| 185 | string rfc_3986_normalize_uri(const string& uri) { | 191 | string rfc_3986_normalize_uri(const string& uri) { |
| 186 | static const char *whitespace = " \t\r\n"; | 192 | static const char *whitespace = " \t\r\n"; |
| 187 | string rv; | 193 | string rv; |
| 188 | string::size_type ns = uri.find_first_not_of(whitespace); | 194 | string::size_type ns = uri.find_first_not_of(whitespace); |
| 189 | if(ns==string::npos) | 195 | if(ns==string::npos) |
| 190 | throw bad_input(OPKELE_CP_ "Can't normalize empty URI"); | 196 | throw bad_input(OPKELE_CP_ "Can't normalize empty URI"); |
| 191 | string::size_type colon = uri.find(':',ns); | 197 | string::size_type colon = uri.find(':',ns); |
| 192 | if(colon==string::npos) | 198 | if(colon==string::npos) |
| 193 | throw bad_input(OPKELE_CP_ "No scheme specified in URI"); | 199 | throw bad_input(OPKELE_CP_ "No scheme specified in URI"); |
| 194 | transform( | 200 | transform( |
| 195 | uri.begin()+ns, uri.begin()+colon+1, | 201 | uri.begin()+ns, uri.begin()+colon+1, |
| 196 | back_inserter(rv), ::tolower ); | 202 | back_inserter(rv), ::tolower ); |
| 197 | bool s; | 203 | bool s; |
| 198 | string::size_type ul = uri.find_last_not_of(whitespace)+1; | 204 | string::size_type ul = uri.find_last_not_of(whitespace)+1; |
| 199 | if(ul <= (colon+3)) | 205 | if(ul <= (colon+3)) |
| 200 | throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); | 206 | throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); |
| 201 | if(uri[colon+1]!='/' || uri[colon+2]!='/') | 207 | if(uri[colon+1]!='/' || uri[colon+2]!='/') |
| 202 | throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); | 208 | throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); |
| 203 | if(rv=="http:") | 209 | if(rv=="http:") |
| 204 | s = false; | 210 | s = false; |
| 205 | else if(rv=="https:") | 211 | else if(rv=="https:") |
| 206 | s = true; | 212 | s = true; |
| 207 | else{ | 213 | else{ |
| 208 | /* TODO: support more schemes. | 214 | /* TODO: support more schemes. e.g. xri. How do we normalize |
| 209 | * e.g. xri. How do we normalize | ||
| 210 | * xri? | 215 | * xri? |
| 211 | */ | 216 | */ |
| 212 | rv.append(uri,colon+1,ul-colon-1); | 217 | rv.append(uri,colon+1,ul-colon-1); |
| 213 | return rv; | 218 | return rv; |
| 214 | } | 219 | } |
| 215 | rv += "//"; | 220 | rv += "//"; |
| 216 | string::size_type interesting = uri.find_first_of(":/#?",colon+3); | 221 | string::size_type interesting = uri.find_first_of(":/#?",colon+3); |
| 217 | if(interesting==string::npos) { | 222 | if(interesting==string::npos) { |
| 218 | transform( | 223 | transform( |
| 219 | uri.begin()+colon+3,uri.begin()+ul, | 224 | uri.begin()+colon+3,uri.begin()+ul, |
| 220 | back_inserter(rv), ::tolower ); | 225 | back_inserter(rv), ::tolower ); |
| 221 | rv += '/'; return rv; | 226 | rv += '/'; return rv; |
| 222 | } | 227 | } |
| 223 | transform( | 228 | transform( |
| 224 | uri.begin()+colon+3,uri.begin()+interesting, | 229 | uri.begin()+colon+3,uri.begin()+interesting, |
| 225 | back_inserter(rv), ::tolower ); | 230 | back_inserter(rv), ::tolower ); |
| 226 | bool qf = false; | 231 | bool qf = false; |
| 227 | char ic = uri[interesting]; | 232 | char ic = uri[interesting]; |
| 228 | if(ic==':') { | 233 | if(ic==':') { |
| 229 | string::size_type ni = uri.find_first_of("/#?%",interesting+1); | 234 | string::size_type ni = uri.find_first_of("/#?%",interesting+1); |
| 230 | const char *nptr = uri.data()+interesting+1; | 235 | const char *nptr = uri.data()+interesting+1; |
| 231 | char *eptr = 0; | 236 | char *eptr = 0; |
| 232 | long port = strtol(nptr,&eptr,10); | 237 | long port = strtol(nptr,&eptr,10); |
| 233 | if( (port>0) && (port<65535) && port!=(s?443:80) ) { | 238 | if( (port>0) && (port<65535) && port!=(s?443:80) ) { |
| @@ -290,27 +295,89 @@ namespace opkele { | |||
| 290 | } | 295 | } |
| 291 | if(c=='/' && (n>=ul || strchr("?#",uri[n])) ) { | 296 | if(c=='/' && (n>=ul || strchr("?#",uri[n])) ) { |
| 292 | rv += '/'; | 297 | rv += '/'; |
| 293 | if(n<ul) | 298 | if(n<ul) |
| 294 | qf = true; | 299 | qf = true; |
| 295 | }else if(strchr("?#",c)) { | 300 | }else if(strchr("?#",c)) { |
| 296 | if(psegs.size()==1 && psegs.top()==rv.length()) | 301 | if(psegs.size()==1 && psegs.top()==rv.length()) |
| 297 | rv += '/'; | 302 | rv += '/'; |
| 298 | if(pseg.empty()) | 303 | if(pseg.empty()) |
| 299 | rv += c; | 304 | rv += c; |
| 300 | qf = true; | 305 | qf = true; |
| 301 | } | 306 | } |
| 302 | pseg.clear(); | 307 | pseg.clear(); |
| 303 | }else{ | 308 | }else{ |
| 304 | pseg += c; | 309 | pseg += c; |
| 305 | } | 310 | } |
| 306 | } | 311 | } |
| 307 | if(!pseg.empty()) { | 312 | if(!pseg.empty()) { |
| 308 | if(!qf) rv += '/'; | 313 | if(!qf) rv += '/'; |
| 309 | rv += pseg; | 314 | rv += pseg; |
| 310 | } | 315 | } |
| 311 | return rv; | 316 | return rv; |
| 312 | } | 317 | } |
| 313 | 318 | ||
| 319 | string& strip_uri_fragment_part(string& u) { | ||
| 320 | string::size_type q = u.find('?'), f = u.find('#'); | ||
| 321 | if(q==string::npos) { | ||
| 322 | if(f!=string::npos) | ||
| 323 | u.erase(f); | ||
| 324 | }else{ | ||
| 325 | if(f!=string::npos) { | ||
| 326 | if(f<q) | ||
| 327 | u.erase(f,q-f); | ||
| 328 | else | ||
| 329 | u.erase(f); | ||
| 330 | } | ||
| 331 | } | ||
| 332 | return u; | ||
| 333 | } | ||
| 334 | |||
| 335 | string abi_demangle(const char *mn) { | ||
| 336 | #ifndef HAVE_DEMANGLE | ||
| 337 | return mn; | ||
| 338 | #else /* !HAVE_DEMANGLE */ | ||
| 339 | int dstat; | ||
| 340 | char *demangled = abi::__cxa_demangle(mn,0,0,&dstat); | ||
| 341 | if(dstat) | ||
| 342 | return mn; | ||
| 343 | string rv = demangled; | ||
| 344 | free(demangled); | ||
| 345 | return rv; | ||
| 346 | #endif /* !HAVE_DEMANGLE */ | ||
| 347 | } | ||
| 348 | |||
| 349 | string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { | ||
| 350 | const string& slist = om.get_field("signed"); | ||
| 351 | string kv; | ||
| 352 | string::size_type p=0; | ||
| 353 | while(true) { | ||
| 354 | string::size_type co = slist.find(',',p); | ||
| 355 | string f = (co==string::npos) | ||
| 356 | ?slist.substr(p):slist.substr(p,co-p); | ||
| 357 | kv += f; | ||
| 358 | kv += ':'; | ||
| 359 | kv += om.get_field(f); | ||
| 360 | kv += '\n'; | ||
| 361 | if(co==string::npos) break; | ||
| 362 | p = co+1; | ||
| 363 | } | ||
| 364 | const secret_t& secret = assoc->secret(); | ||
| 365 | const EVP_MD *evpmd; | ||
| 366 | const string& at = assoc->assoc_type(); | ||
| 367 | if(at=="HMAC-SHA256") | ||
| 368 | evpmd = EVP_sha256(); | ||
| 369 | else if(at=="HMAC-SHA1") | ||
| 370 | evpmd = EVP_sha1(); | ||
| 371 | else | ||
| 372 | throw unsupported(OPKELE_CP_ "unknown association type"); | ||
| 373 | unsigned int md_len = 0; | ||
| 374 | unsigned char *md = HMAC(evpmd, | ||
| 375 | &(secret.front()),secret.size(), | ||
| 376 | (const unsigned char*)kv.data(),kv.length(), | ||
| 377 | 0,&md_len); | ||
| 378 | return encode_base64(md,md_len); | ||
| 379 | } | ||
| 380 | |||
| 314 | } | 381 | } |
| 315 | 382 | ||
| 316 | } | 383 | } |