summaryrefslogtreecommitdiffabout
path: root/lib/util.cc
Unidiff
Diffstat (limited to 'lib/util.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/util.cc41
1 files changed, 38 insertions, 3 deletions
diff --git a/lib/util.cc b/lib/util.cc
index bb8a2e8..29e6738 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -1,79 +1,80 @@
1#include <errno.h> 1#include <errno.h>
2#include <cassert> 2#include <cassert>
3#include <cctype> 3#include <cctype>
4#include <cstring> 4#include <cstring>
5#include <vector> 5#include <vector>
6#include <string> 6#include <string>
7#include <stack> 7#include <stack>
8#include <algorithm> 8#include <algorithm>
9#include <openssl/bio.h> 9#include <openssl/bio.h>
10#include <openssl/evp.h> 10#include <openssl/evp.h>
11#include <openssl/sha.h> 11#include <openssl/sha.h>
12#include <openssl/hmac.h> 12#include <openssl/hmac.h>
13#include <curl/curl.h> 13#include <curl/curl.h>
14#include <opkele/util.h> 14#include <opkele/util.h>
15#include <opkele/exception.h> 15#include <opkele/exception.h>
16#include <opkele/data.h>
16#include <opkele/debug.h> 17#include <opkele/debug.h>
17 18
18#include <config.h> 19#include <config.h>
19#ifdef HAVE_DEMANGLE 20#ifdef HAVE_DEMANGLE
20# include <cxxabi.h> 21# include <cxxabi.h>
21#endif 22#endif
22 23
23namespace opkele { 24namespace opkele {
24 using namespace std; 25 using namespace std;
25 26
26 namespace util { 27 namespace util {
27 28
28 /* 29 /*
29 * base64 30 * base64
30 */ 31 */
31 string encode_base64(const void *data,size_t length) { 32 string encode_base64(const void *data,size_t length) {
32 BIO *b64 = 0, *bmem = 0; 33 BIO *b64 = 0, *bmem = 0;
33 try { 34 try {
34 b64 = BIO_new(BIO_f_base64()); 35 b64 = BIO_new(BIO_f_base64());
35 if(!b64) 36 if(!b64)
36 throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); 37 throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder");
37 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); 38 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
38 bmem = BIO_new(BIO_s_mem()); 39 bmem = BIO_new(BIO_s_mem());
39 BIO_set_flags(b64,BIO_CLOSE); 40 BIO_set_flags(b64,BIO_CLOSE);
40 if(!bmem) 41 if(!bmem)
41 throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); 42 throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer");
42 BIO_push(b64,bmem); 43 BIO_push(b64,bmem);
43 if(((size_t)BIO_write(b64,data,length))!=length) 44 if(((size_t)BIO_write(b64,data,length))!=length)
44 throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); 45 throw exception_openssl(OPKELE_CP_ "failed to BIO_write()");
45 if(BIO_flush(b64)!=1) 46 if(BIO_flush(b64)!=1)
46 throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); 47 throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()");
47 char *rvd; 48 char *rvd;
48 long rvl = BIO_get_mem_data(bmem,&rvd); 49 long rvl = BIO_get_mem_data(bmem,&rvd);
49 string rv(rvd,rvl); 50 string rv(rvd,rvl);
50 BIO_free_all(b64); 51 BIO_free_all(b64);
51 return rv; 52 return rv;
52 }catch(...) { 53 }catch(...) {
53 if(b64) BIO_free_all(b64); 54 if(b64) BIO_free_all(b64);
54 throw; 55 throw;
55 } 56 }
56 } 57 }
57 58
58 void decode_base64(const string& data,vector<unsigned char>& rv) { 59 void decode_base64(const string& data,vector<unsigned char>& rv) {
59 BIO *b64 = 0, *bmem = 0; 60 BIO *b64 = 0, *bmem = 0;
60 rv.clear(); 61 rv.clear();
61 try { 62 try {
62 bmem = BIO_new_mem_buf((void*)data.data(),data.size()); 63 bmem = BIO_new_mem_buf((void*)data.data(),data.size());
63 if(!bmem) 64 if(!bmem)
64 throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()"); 65 throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()");
65 b64 = BIO_new(BIO_f_base64()); 66 b64 = BIO_new(BIO_f_base64());
66 if(!b64) 67 if(!b64)
67 throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder"); 68 throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder");
68 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); 69 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
69 BIO_push(b64,bmem); 70 BIO_push(b64,bmem);
70 unsigned char tmp[512]; 71 unsigned char tmp[512];
71 size_t rb = 0; 72 size_t rb = 0;
72 while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0) 73 while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0)
73 rv.insert(rv.end(),tmp,&tmp[rb]); 74 rv.insert(rv.end(),tmp,&tmp[rb]);
74 BIO_free_all(b64); 75 BIO_free_all(b64);
75 }catch(...) { 76 }catch(...) {
76 if(b64) BIO_free_all(b64); 77 if(b64) BIO_free_all(b64);
77 throw; 78 throw;
78 } 79 }
79 } 80 }
@@ -150,141 +151,140 @@ namespace opkele {
150 throw failed_conversion(OPKELE_CP_ "failed to mktime()"); 151 throw failed_conversion(OPKELE_CP_ "failed to mktime()");
151 return rv-timezone; 152 return rv-timezone;
152 } 153 }
153 154
154 /* 155 /*
155 * 156 *
156 */ 157 */
157 158
158 string url_encode(const string& str) { 159 string url_encode(const string& str) {
159 char * t = curl_escape(str.c_str(),str.length()); 160 char * t = curl_escape(str.c_str(),str.length());
160 if(!t) 161 if(!t)
161 throw failed_conversion(OPKELE_CP_ "failed to curl_escape()"); 162 throw failed_conversion(OPKELE_CP_ "failed to curl_escape()");
162 string rv(t); 163 string rv(t);
163 curl_free(t); 164 curl_free(t);
164 return rv; 165 return rv;
165 } 166 }
166 167
167 string attr_escape(const string& str) { 168 string attr_escape(const string& str) {
168 static const char *unsafechars = "<>&\n\"'"; 169 static const char *unsafechars = "<>&\n\"'";
169 string rv; 170 string rv;
170 string::size_type p=0; 171 string::size_type p=0;
171 while(true) { 172 while(true) {
172 string::size_type us = str.find_first_of(unsafechars,p); 173 string::size_type us = str.find_first_of(unsafechars,p);
173 if(us==string::npos) { 174 if(us==string::npos) {
174 if(p!=str.length()) 175 if(p!=str.length())
175 rv.append(str,p,str.length()-p); 176 rv.append(str,p,str.length()-p);
176 return rv; 177 return rv;
177 } 178 }
178 rv.append(str,p,us-p); 179 rv.append(str,p,us-p);
179 rv += "&#"; 180 rv += "&#";
180 rv += long_to_string((long)str[us]); 181 rv += long_to_string((long)str[us]);
181 rv += ';'; 182 rv += ';';
182 p = us+1; 183 p = us+1;
183 } 184 }
184 } 185 }
185 186
186 string long_to_string(long l) { 187 string long_to_string(long l) {
187 char rv[32]; 188 char rv[32];
188 int r=snprintf(rv,sizeof(rv),"%ld",l); 189 int r=snprintf(rv,sizeof(rv),"%ld",l);
189 if(r<0 || r>=(int)sizeof(rv)) 190 if(r<0 || r>=(int)sizeof(rv))
190 throw failed_conversion(OPKELE_CP_ "failed to snprintf()"); 191 throw failed_conversion(OPKELE_CP_ "failed to snprintf()");
191 return rv; 192 return rv;
192 } 193 }
193 194
194 long string_to_long(const string& s) { 195 long string_to_long(const string& s) {
195 char *endptr = 0; 196 char *endptr = 0;
196 long rv = strtol(s.c_str(),&endptr,10); 197 long rv = strtol(s.c_str(),&endptr,10);
197 if((!endptr) || endptr==s.c_str()) 198 if((!endptr) || endptr==s.c_str())
198 throw failed_conversion(OPKELE_CP_ "failed to strtol()"); 199 throw failed_conversion(OPKELE_CP_ "failed to strtol()");
199 return rv; 200 return rv;
200 } 201 }
201 202
202 /* 203 /*
203 * Normalize URL according to the rules, described in rfc 3986, section 6 204 * Normalize URL according to the rules, described in rfc 3986, section 6
204 * 205 *
205 * - uppercase hex triplets (e.g. %ab -> %AB) 206 * - uppercase hex triplets (e.g. %ab -> %AB)
206 * - lowercase scheme and host 207 * - lowercase scheme and host
207 * - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3, 208 * - decode %-encoded characters, specified as unreserved in rfc 3986, section 2.3,
208 * that is - [:alpha:][:digit:]._~- 209 * that is - [:alpha:][:digit:]._~-
209 * - remove dot segments 210 * - remove dot segments
210 * - remove empty and default ports 211 * - remove empty and default ports
211 * - if there's no path component, add '/' 212 * - if there's no path component, add '/'
212 */ 213 */
213 string rfc_3986_normalize_uri(const string& uri) { 214 string rfc_3986_normalize_uri(const string& uri) {
214 static const char *whitespace = " \t\r\n";
215 string rv; 215 string rv;
216 string::size_type ns = uri.find_first_not_of(whitespace); 216 string::size_type ns = uri.find_first_not_of(data::_whitespace_chars);
217 if(ns==string::npos) 217 if(ns==string::npos)
218 throw bad_input(OPKELE_CP_ "Can't normalize empty URI"); 218 throw bad_input(OPKELE_CP_ "Can't normalize empty URI");
219 string::size_type colon = uri.find(':',ns); 219 string::size_type colon = uri.find(':',ns);
220 if(colon==string::npos) 220 if(colon==string::npos)
221 throw bad_input(OPKELE_CP_ "No scheme specified in URI"); 221 throw bad_input(OPKELE_CP_ "No scheme specified in URI");
222 transform( 222 transform(
223 uri.begin()+ns, uri.begin()+colon+1, 223 uri.begin()+ns, uri.begin()+colon+1,
224 back_inserter(rv), ::tolower ); 224 back_inserter(rv), ::tolower );
225 bool s; 225 bool s;
226 string::size_type ul = uri.find_last_not_of(whitespace)+1; 226 string::size_type ul = uri.find_last_not_of(data::_whitespace_chars)+1;
227 if(ul <= (colon+3)) 227 if(ul <= (colon+3))
228 throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered"); 228 throw bad_input(OPKELE_CP_ "Unexpected end of URI being normalized encountered");
229 if(uri[colon+1]!='/' || uri[colon+2]!='/') 229 if(uri[colon+1]!='/' || uri[colon+2]!='/')
230 throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component"); 230 throw bad_input(OPKELE_CP_ "Unexpected input in URI being normalized after scheme component");
231 if(rv=="http:") 231 if(rv=="http:")
232 s = false; 232 s = false;
233 else if(rv=="https:") 233 else if(rv=="https:")
234 s = true; 234 s = true;
235 else{ 235 else{
236 /* TODO: support more schemes. e.g. xri. How do we normalize 236 /* TODO: support more schemes. e.g. xri. How do we normalize
237 * xri? 237 * xri?
238 */ 238 */
239 rv.append(uri,colon+1,ul-colon-1); 239 rv.append(uri,colon+1,ul-colon-1);
240 return rv; 240 return rv;
241 } 241 }
242 rv += "//"; 242 rv += "//";
243 string::size_type interesting = uri.find_first_of(":/#?",colon+3); 243 string::size_type interesting = uri.find_first_of(":/#?",colon+3);
244 if(interesting==string::npos) { 244 if(interesting==string::npos) {
245 transform( 245 transform(
246 uri.begin()+colon+3,uri.begin()+ul, 246 uri.begin()+colon+3,uri.begin()+ul,
247 back_inserter(rv), ::tolower ); 247 back_inserter(rv), ::tolower );
248 rv += '/'; return rv; 248 rv += '/'; return rv;
249 } 249 }
250 transform( 250 transform(
251 uri.begin()+colon+3,uri.begin()+interesting, 251 uri.begin()+colon+3,uri.begin()+interesting,
252 back_inserter(rv), ::tolower ); 252 back_inserter(rv), ::tolower );
253 bool qf = false; 253 bool qf = false;
254 char ic = uri[interesting]; 254 char ic = uri[interesting];
255 if(ic==':') { 255 if(ic==':') {
256 string::size_type ni = uri.find_first_of("/#?%",interesting+1); 256 string::size_type ni = uri.find_first_of("/#?%",interesting+1);
257 const char *nptr = uri.data()+interesting+1; 257 const char *nptr = uri.data()+interesting+1;
258 char *eptr = 0; 258 char *eptr = 0;
259 long port = strtol(nptr,&eptr,10); 259 long port = strtol(nptr,&eptr,10);
260 if( (port>0) && (port<65535) && port!=(s?443:80) ) { 260 if( (port>0) && (port<65535) && port!=(s?443:80) ) {
261 char tmp[8]; 261 char tmp[8];
262 snprintf(tmp,sizeof(tmp),":%ld",port); 262 snprintf(tmp,sizeof(tmp),":%ld",port);
263 rv += tmp; 263 rv += tmp;
264 } 264 }
265 if(ni==string::npos) { 265 if(ni==string::npos) {
266 rv += '/'; return rv; 266 rv += '/'; return rv;
267 } 267 }
268 interesting = ni; 268 interesting = ni;
269 }else if(ic!='/') { 269 }else if(ic!='/') {
270 rv += '/'; rv += ic; 270 rv += '/'; rv += ic;
271 qf = true; 271 qf = true;
272 ++interesting; 272 ++interesting;
273 } 273 }
274 string::size_type n = interesting; 274 string::size_type n = interesting;
275 char tmp[3] = { 0,0,0 }; 275 char tmp[3] = { 0,0,0 };
276 stack<string::size_type> psegs; psegs.push(rv.length()); 276 stack<string::size_type> psegs; psegs.push(rv.length());
277 string pseg; 277 string pseg;
278 for(;n<ul;) { 278 for(;n<ul;) {
279 string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n); 279 string::size_type unsafe = uri.find_first_of(qf?"%":"%/?#",n);
280 if(unsafe==string::npos) { 280 if(unsafe==string::npos) {
281 pseg.append(uri,n,ul-n-1); n = ul-1; 281 pseg.append(uri,n,ul-n-1); n = ul-1;
282 }else{ 282 }else{
283 pseg.append(uri,n,unsafe-n); 283 pseg.append(uri,n,unsafe-n);
284 n = unsafe; 284 n = unsafe;
285 } 285 }
286 char c = uri[n++]; 286 char c = uri[n++];
287 if(c=='%') { 287 if(c=='%') {
288 if((n+1)>=ul) 288 if((n+1)>=ul)
289 throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character"); 289 throw bad_input(OPKELE_CP_ "Unexpected end of URI encountered while parsing percent-encoded character");
290 tmp[0] = uri[n++]; 290 tmp[0] = uri[n++];
@@ -369,67 +369,102 @@ namespace opkele {
369 if(pu==string::npos) 369 if(pu==string::npos)
370 return false; 370 return false;
371 // TODO: check for overgeneralized realm 371 // TODO: check for overgeneralized realm
372 } 372 }
373 string::size_type lr = nrealm.length(); 373 string::size_type lr = nrealm.length();
374 string::size_type lu = nu.length(); 374 string::size_type lu = nu.length();
375 if( (lu-pu) < (lr-pr) ) 375 if( (lu-pu) < (lr-pr) )
376 return false; 376 return false;
377 pair<const char*,const char*> mp = mismatch( 377 pair<const char*,const char*> mp = mismatch(
378 nrealm.c_str()+pr,nrealm.c_str()+lr, 378 nrealm.c_str()+pr,nrealm.c_str()+lr,
379 nu.c_str()+pu); 379 nu.c_str()+pu);
380 if( (*(mp.first-1))!='/' 380 if( (*(mp.first-1))!='/'
381 && !strchr("/?#",*mp.second) ) 381 && !strchr("/?#",*mp.second) )
382 return false; 382 return false;
383 return true; 383 return true;
384 } 384 }
385 385
386 string abi_demangle(const char *mn) { 386 string abi_demangle(const char *mn) {
387#ifndef HAVE_DEMANGLE 387#ifndef HAVE_DEMANGLE
388 return mn; 388 return mn;
389#else /* !HAVE_DEMANGLE */ 389#else /* !HAVE_DEMANGLE */
390 int dstat; 390 int dstat;
391 char *demangled = abi::__cxa_demangle(mn,0,0,&dstat); 391 char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);
392 if(dstat) 392 if(dstat)
393 return mn; 393 return mn;
394 string rv = demangled; 394 string rv = demangled;
395 free(demangled); 395 free(demangled);
396 return rv; 396 return rv;
397#endif /* !HAVE_DEMANGLE */ 397#endif /* !HAVE_DEMANGLE */
398 } 398 }
399 399
400 string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { 400 string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {
401 const string& slist = om.get_field("signed"); 401 const string& slist = om.get_field("signed");
402 string kv; 402 string kv;
403 string::size_type p=0; 403 string::size_type p=0;
404 while(true) { 404 while(true) {
405 string::size_type co = slist.find(',',p); 405 string::size_type co = slist.find(',',p);
406 string f = (co==string::npos) 406 string f = (co==string::npos)
407 ?slist.substr(p):slist.substr(p,co-p); 407 ?slist.substr(p):slist.substr(p,co-p);
408 kv += f; 408 kv += f;
409 kv += ':'; 409 kv += ':';
410 kv += om.get_field(f); 410 kv += om.get_field(f);
411 kv += '\n'; 411 kv += '\n';
412 if(co==string::npos) break; 412 if(co==string::npos) break;
413 p = co+1; 413 p = co+1;
414 } 414 }
415 const secret_t& secret = assoc->secret(); 415 const secret_t& secret = assoc->secret();
416 const EVP_MD *evpmd; 416 const EVP_MD *evpmd;
417 const string& at = assoc->assoc_type(); 417 const string& at = assoc->assoc_type();
418 if(at=="HMAC-SHA256") 418 if(at=="HMAC-SHA256")
419 evpmd = EVP_sha256(); 419 evpmd = EVP_sha256();
420 else if(at=="HMAC-SHA1") 420 else if(at=="HMAC-SHA1")
421 evpmd = EVP_sha1(); 421 evpmd = EVP_sha1();
422 else 422 else
423 throw unsupported(OPKELE_CP_ "unknown association type"); 423 throw unsupported(OPKELE_CP_ "unknown association type");
424 unsigned int md_len = 0; 424 unsigned int md_len = 0;
425 unsigned char md[SHA256_DIGEST_LENGTH]; 425 unsigned char md[SHA256_DIGEST_LENGTH];
426 HMAC(evpmd, 426 HMAC(evpmd,
427 &(secret.front()),secret.size(), 427 &(secret.front()),secret.size(),
428 (const unsigned char*)kv.data(),kv.length(), 428 (const unsigned char*)kv.data(),kv.length(),
429 md,&md_len); 429 md,&md_len);
430 return encode_base64(md,md_len); 430 return encode_base64(md,md_len);
431 } 431 }
432 432
433 string normalize_identifier(const string& usi,bool strip_fragment) {
434 if(usi.empty())
435 return usi;
436 string rv;
437 string::size_type fsc = usi.find_first_not_of(data::_whitespace_chars);
438 if(fsc==string::npos)
439 return rv;
440 string::size_type lsc = usi.find_last_not_of(data::_whitespace_chars);
441 assert(lsc!=string::npos);
442 if(!strncasecmp(usi.c_str()+fsc,"xri://",sizeof("xri://")-1))
443 fsc += sizeof("xri://")-1;
444 if( (fsc+1) >= lsc )
445 return rv;
446 rv.assign(usi,fsc,lsc-fsc+1);
447 if(strchr(data::_iname_leaders,rv[0])) {
448 /* TODO: further normalize xri identity, fold case or
449 * whatever... */
450 }else{
451 if(rv.find("://")==string::npos)
452 rv.insert(0,"http://");
453 if(strip_fragment) {
454 string::size_type fp = rv.find('#');
455 if(fp!=string::npos) {
456 string::size_type qp = rv.find('?');
457 if(qp==string::npos || qp<fp)
458 rv.erase(fp);
459 else if(qp>fp)
460 rv.erase(fp,qp-fp);
461 }
462 }
463 rv = rfc_3986_normalize_uri(rv);
464 }
465 return rv;
466 }
467
433 } 468 }
434 469
435} 470}