summaryrefslogtreecommitdiffabout
path: root/lib
Unidiff
Diffstat (limited to 'lib') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/consumer.cc53
1 files changed, 47 insertions, 6 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 8f66688..299b3bc 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,371 +1,412 @@
1#include <algorithm> 1#include <algorithm>
2#include <cassert> 2#include <cassert>
3#include <opkele/util.h> 3#include <opkele/util.h>
4#include <opkele/exception.h> 4#include <opkele/exception.h>
5#include <opkele/data.h> 5#include <opkele/data.h>
6#include <opkele/consumer.h> 6#include <opkele/consumer.h>
7#include <openssl/sha.h> 7#include <openssl/sha.h>
8#include <openssl/hmac.h> 8#include <openssl/hmac.h>
9#include <curl/curl.h> 9#include <curl/curl.h>
10#include <pcre++.h>
11 10
12#include <iostream> 11#include <iostream>
13 12
14#include "config.h" 13#include "config.h"
15 14
15#if defined(USE_LIBPCRECPP)
16# include <pcrecpp.h>
17#elif defined(USE_PCREPP)
18# include <pcre++.h>
19#else
20 /* internal implementation won't be built */
21#endif
22
16namespace opkele { 23namespace opkele {
17 using namespace std; 24 using namespace std;
18 25
19 class curl_t { 26 class curl_t {
20 public: 27 public:
21 CURL *_c; 28 CURL *_c;
22 29
23 curl_t() : _c(0) { } 30 curl_t() : _c(0) { }
24 curl_t(CURL *c) : _c(c) { } 31 curl_t(CURL *c) : _c(c) { }
25 ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } 32 ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); }
26 33
27 curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } 34 curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; }
28 35
29 operator const CURL*(void) const { return _c; } 36 operator const CURL*(void) const { return _c; }
30 operator CURL*(void) { return _c; } 37 operator CURL*(void) { return _c; }
31 }; 38 };
32 39
33 static CURLcode curl_misc_sets(CURL* c) { 40 static CURLcode curl_misc_sets(CURL* c) {
34 CURLcode r; 41 CURLcode r;
35 (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) 42 (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))
36 || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) 43 || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))
37 || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) 44 || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))
38 || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) 45 || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))
39 || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) 46 || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION))
40 || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) 47 || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))
41 #ifdefDISABLE_CURL_SSL_VERIFYHOST 48 #ifdefDISABLE_CURL_SSL_VERIFYHOST
42 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0)) 49 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))
43#endif 50#endif
44 #ifdefDISABLE_CURL_SSL_VERIFYPEER 51 #ifdefDISABLE_CURL_SSL_VERIFYPEER
45 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0)) 52 || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))
46#endif 53#endif
47 ; 54 ;
48 return r; 55 return r;
49 } 56 }
50 57
51 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { 58 static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) {
52 string *str = (string*)stream; 59 string *str = (string*)stream;
53 size_t bytes = size*nmemb; 60 size_t bytes = size*nmemb;
54 size_t get = min(16384-str->length(),bytes); 61 size_t get = min(16384-str->length(),bytes);
55 str->append((const char*)ptr,get); 62 str->append((const char*)ptr,get);
56 return get; 63 return get;
57 } 64 }
58 65
59 assoc_t consumer_t::associate(const string& server) { 66 assoc_t consumer_t::associate(const string& server) {
60 util::dh_t dh = DH_new(); 67 util::dh_t dh = DH_new();
61 if(!dh) 68 if(!dh)
62 throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); 69 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
63 dh->p = util::dec_to_bignum(data::_default_p); 70 dh->p = util::dec_to_bignum(data::_default_p);
64 dh->g = util::dec_to_bignum(data::_default_g); 71 dh->g = util::dec_to_bignum(data::_default_g);
65 if(!DH_generate_key(dh)) 72 if(!DH_generate_key(dh))
66 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); 73 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
67 string request = 74 string request =
68 "openid.mode=associate" 75 "openid.mode=associate"
69 "&openid.assoc_type=HMAC-SHA1" 76 "&openid.assoc_type=HMAC-SHA1"
70 "&openid.session_type=DH-SHA1" 77 "&openid.session_type=DH-SHA1"
71 "&openid.dh_consumer_public="; 78 "&openid.dh_consumer_public=";
72 request += util::url_encode(util::bignum_to_base64(dh->pub_key)); 79 request += util::url_encode(util::bignum_to_base64(dh->pub_key));
73 curl_t curl = curl_easy_init(); 80 curl_t curl = curl_easy_init();
74 if(!curl) 81 if(!curl)
75 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 82 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
76 string response; 83 string response;
77 CURLcode r; 84 CURLcode r;
78 (r=curl_misc_sets(curl)) 85 (r=curl_misc_sets(curl))
79 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) 86 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str()))
80 || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) 87 || (r=curl_easy_setopt(curl,CURLOPT_POST,1))
81 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) 88 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data()))
82 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) 89 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length()))
83 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 90 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
84 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) 91 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response))
85 ; 92 ;
86 if(r) 93 if(r)
87 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 94 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
88 if(r=curl_easy_perform(curl)) 95 if(r=curl_easy_perform(curl))
89 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 96 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
90 params_t p; p.parse_keyvalues(response); 97 params_t p; p.parse_keyvalues(response);
91 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") 98 if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1")
92 throw bad_input(OPKELE_CP_ "unsupported assoc_type"); 99 throw bad_input(OPKELE_CP_ "unsupported assoc_type");
93 string st; 100 string st;
94 if(p.has_param("session_type")) st = p.get_param("session_type"); 101 if(p.has_param("session_type")) st = p.get_param("session_type");
95 if((!st.empty()) && st!="DH-SHA1") 102 if((!st.empty()) && st!="DH-SHA1")
96 throw bad_input(OPKELE_CP_ "unsupported session_type"); 103 throw bad_input(OPKELE_CP_ "unsupported session_type");
97 secret_t secret; 104 secret_t secret;
98 if(st.empty()) { 105 if(st.empty()) {
99 secret.from_base64(p.get_param("mac_key")); 106 secret.from_base64(p.get_param("mac_key"));
100 }else{ 107 }else{
101 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); 108 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
102 vector<unsigned char> ck(DH_size(dh)+1); 109 vector<unsigned char> ck(DH_size(dh)+1);
103 unsigned char *ckptr = &(ck.front())+1; 110 unsigned char *ckptr = &(ck.front())+1;
104 int cklen = DH_compute_key(ckptr,s_pub,dh); 111 int cklen = DH_compute_key(ckptr,s_pub,dh);
105 if(cklen<0) 112 if(cklen<0)
106 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 113 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
107 if(cklen && (*ckptr)&0x80) { 114 if(cklen && (*ckptr)&0x80) {
108 (*(--ckptr)) = 0; ++cklen; 115 (*(--ckptr)) = 0; ++cklen;
109 } 116 }
110 unsigned char key_sha1[SHA_DIGEST_LENGTH]; 117 unsigned char key_sha1[SHA_DIGEST_LENGTH];
111 SHA1(ckptr,cklen,key_sha1); 118 SHA1(ckptr,cklen,key_sha1);
112 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); 119 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
113 } 120 }
114 int expires_in = 0; 121 int expires_in = 0;
115 if(p.has_param("expires_in")) { 122 if(p.has_param("expires_in")) {
116 expires_in = util::string_to_long(p.get_param("expires_in")); 123 expires_in = util::string_to_long(p.get_param("expires_in"));
117 }else if(p.has_param("issued") && p.has_param("expiry")) { 124 }else if(p.has_param("issued") && p.has_param("expiry")) {
118 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued")); 125 expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
119 }else 126 }else
120 throw bad_input(OPKELE_CP_ "no expiration information"); 127 throw bad_input(OPKELE_CP_ "no expiration information");
121 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in); 128 return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
122 } 129 }
123 130
124 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 131 string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
125 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext); 132 return checkid_(mode_checkid_immediate,identity,return_to,trust_root,ext);
126 } 133 }
127 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 134 string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
128 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext); 135 return checkid_(mode_checkid_setup,identity,return_to,trust_root,ext);
129 } 136 }
130 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) { 137 string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root,extension_t *ext) {
131 params_t p; 138 params_t p;
132 if(mode==mode_checkid_immediate) 139 if(mode==mode_checkid_immediate)
133 p["mode"]="checkid_immediate"; 140 p["mode"]="checkid_immediate";
134 else if(mode==mode_checkid_setup) 141 else if(mode==mode_checkid_setup)
135 p["mode"]="checkid_setup"; 142 p["mode"]="checkid_setup";
136 else 143 else
137 throw bad_input(OPKELE_CP_ "unknown checkid_* mode"); 144 throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
138 string iurl = canonicalize(identity); 145 string iurl = canonicalize(identity);
139 string server, delegate; 146 string server, delegate;
140 retrieve_links(iurl,server,delegate); 147 retrieve_links(iurl,server,delegate);
141 p["identity"] = delegate.empty()?iurl:delegate; 148 p["identity"] = delegate.empty()?iurl:delegate;
142 if(!trust_root.empty()) 149 if(!trust_root.empty())
143 p["trust_root"] = trust_root; 150 p["trust_root"] = trust_root;
144 p["return_to"] = return_to; 151 p["return_to"] = return_to;
145 try { 152 try {
146 string ah = find_assoc(server)->handle(); 153 string ah = find_assoc(server)->handle();
147 p["assoc_handle"] = ah; 154 p["assoc_handle"] = ah;
148 }catch(failed_lookup& fl) { 155 }catch(failed_lookup& fl) {
149 string ah = associate(server)->handle(); 156 string ah = associate(server)->handle();
150 p["assoc_handle"] = ah; 157 p["assoc_handle"] = ah;
151 } 158 }
152 if(ext) ext->checkid_hook(p,identity); 159 if(ext) ext->checkid_hook(p,identity);
153 return p.append_query(server); 160 return p.append_query(server);
154 } 161 }
155 162
156 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) { 163 void consumer_t::id_res(const params_t& pin,const string& identity,extension_t *ext) {
157 if(pin.has_param("openid.user_setup_url")) 164 if(pin.has_param("openid.user_setup_url"))
158 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url")); 165 throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
159 string server,delegate; 166 string server,delegate;
160 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); 167 retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
161 params_t ps; 168 params_t ps;
162 try { 169 try {
163 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); 170 assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
164 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ 171 if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */
165 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); 172 throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle");
166 const string& sigenc = pin.get_param("openid.sig"); 173 const string& sigenc = pin.get_param("openid.sig");
167 vector<unsigned char> sig; 174 vector<unsigned char> sig;
168 util::decode_base64(sigenc,sig); 175 util::decode_base64(sigenc,sig);
169 const string& slist = pin.get_param("openid.signed"); 176 const string& slist = pin.get_param("openid.signed");
170 string kv; 177 string kv;
171 string::size_type p = 0; 178 string::size_type p = 0;
172 while(true) { 179 while(true) {
173 string::size_type co = slist.find(',',p); 180 string::size_type co = slist.find(',',p);
174 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p); 181 string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
175 kv += f; 182 kv += f;
176 kv += ':'; 183 kv += ':';
177 f.insert(0,"openid."); 184 f.insert(0,"openid.");
178 kv += pin.get_param(f); 185 kv += pin.get_param(f);
179 kv += '\n'; 186 kv += '\n';
180 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f); 187 if(ext) ps[f.substr(sizeof("openid.")-1)] = pin.get_param(f);
181 if(co==string::npos) 188 if(co==string::npos)
182 break; 189 break;
183 p = co+1; 190 p = co+1;
184 } 191 }
185 secret_t secret = assoc->secret(); 192 secret_t secret = assoc->secret();
186 unsigned int md_len = 0; 193 unsigned int md_len = 0;
187 unsigned char *md = HMAC( 194 unsigned char *md = HMAC(
188 EVP_sha1(), 195 EVP_sha1(),
189 &(secret.front()),secret.size(), 196 &(secret.front()),secret.size(),
190 (const unsigned char *)kv.data(),kv.length(), 197 (const unsigned char *)kv.data(),kv.length(),
191 0,&md_len); 198 0,&md_len);
192 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len)) 199 if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
193 throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); 200 throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
194 }catch(failed_lookup& e) { /* XXX: more specific? */ 201 }catch(failed_lookup& e) { /* XXX: more specific? */
195 const string& slist = pin.get_param("openid.signed"); 202 const string& slist = pin.get_param("openid.signed");
196 string::size_type pp = 0; 203 string::size_type pp = 0;
197 params_t p; 204 params_t p;
198 while(true) { 205 while(true) {
199 string::size_type co = slist.find(',',pp); 206 string::size_type co = slist.find(',',pp);
200 string f = "openid."; 207 string f = "openid.";
201 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp); 208 f += (co==string::npos)?slist.substr(pp):slist.substr(pp,co-pp);
202 p[f] = pin.get_param(f); 209 p[f] = pin.get_param(f);
203 if(co==string::npos) 210 if(co==string::npos)
204 break; 211 break;
205 pp = co+1; 212 pp = co+1;
206 } 213 }
207 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle"); 214 p["openid.assoc_handle"] = pin.get_param("openid.assoc_handle");
208 p["openid.sig"] = pin.get_param("openid.sig"); 215 p["openid.sig"] = pin.get_param("openid.sig");
209 p["openid.signed"] = pin.get_param("openid.signed"); 216 p["openid.signed"] = pin.get_param("openid.signed");
210 try { 217 try {
211 string ih = pin.get_param("openid.invalidate_handle"); 218 string ih = pin.get_param("openid.invalidate_handle");
212 p["openid.invalidate_handle"] = ih; 219 p["openid.invalidate_handle"] = ih;
213 }catch(failed_lookup& fl) { } 220 }catch(failed_lookup& fl) { }
214 try { 221 try {
215 check_authentication(server,p); 222 check_authentication(server,p);
216 }catch(failed_check_authentication& fca) { 223 }catch(failed_check_authentication& fca) {
217 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); 224 throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
218 } 225 }
219 } 226 }
220 if(ext) ext->id_res_hook(pin,ps,identity); 227 if(ext) ext->id_res_hook(pin,ps,identity);
221 } 228 }
222 229
223 void consumer_t::check_authentication(const string& server,const params_t& p) { 230 void consumer_t::check_authentication(const string& server,const params_t& p) {
224 string request = "openid.mode=check_authentication"; 231 string request = "openid.mode=check_authentication";
225 for(params_t::const_iterator i=p.begin();i!=p.end();++i) { 232 for(params_t::const_iterator i=p.begin();i!=p.end();++i) {
226 if(i->first!="openid.mode") { 233 if(i->first!="openid.mode") {
227 request += '&'; 234 request += '&';
228 request += i->first; 235 request += i->first;
229 request += '='; 236 request += '=';
230 request += util::url_encode(i->second); 237 request += util::url_encode(i->second);
231 } 238 }
232 } 239 }
233 curl_t curl = curl_easy_init(); 240 curl_t curl = curl_easy_init();
234 if(!curl) 241 if(!curl)
235 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 242 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
236 string response; 243 string response;
237 CURLcode r; 244 CURLcode r;
238 (r=curl_misc_sets(curl)) 245 (r=curl_misc_sets(curl))
239 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) 246 || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str()))
240 || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) 247 || (r=curl_easy_setopt(curl,CURLOPT_POST,1))
241 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) 248 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data()))
242 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) 249 || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length()))
243 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 250 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
244 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) 251 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response))
245 ; 252 ;
246 if(r) 253 if(r)
247 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 254 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
248 if(r=curl_easy_perform(curl)) 255 if(r=curl_easy_perform(curl))
249 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 256 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
250 params_t pp; pp.parse_keyvalues(response); 257 params_t pp; pp.parse_keyvalues(response);
251 if(pp.has_param("invalidate_handle")) 258 if(pp.has_param("invalidate_handle"))
252 invalidate_assoc(server,pp.get_param("invalidate_handle")); 259 invalidate_assoc(server,pp.get_param("invalidate_handle"));
253 if(pp.has_param("is_valid")) { 260 if(pp.has_param("is_valid")) {
254 if(pp.get_param("is_valid")=="true") 261 if(pp.get_param("is_valid")=="true")
255 return; 262 return;
256 }else if(pp.has_param("lifetime")) { 263 }else if(pp.has_param("lifetime")) {
257 if(util::string_to_long(pp.get_param("lifetime"))) 264 if(util::string_to_long(pp.get_param("lifetime")))
258 return; 265 return;
259 } 266 }
260 throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); 267 throw failed_check_authentication(OPKELE_CP_ "failed to verify response");
261 } 268 }
262 269
263 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { 270 void consumer_t::retrieve_links(const string& url,string& server,string& delegate) {
271#if defined(USE_LIBPCRECPP) || defined(USE_PCREPP)
264 server.erase(); 272 server.erase();
265 delegate.erase(); 273 delegate.erase();
266 curl_t curl = curl_easy_init(); 274 curl_t curl = curl_easy_init();
267 if(!curl) 275 if(!curl)
268 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 276 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
269 string html; 277 string html;
270 CURLcode r; 278 CURLcode r;
271 (r=curl_misc_sets(curl)) 279 (r=curl_misc_sets(curl))
272 || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str())) 280 || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str()))
273 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) 281 || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring))
274 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html)) 282 || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html))
275 ; 283 ;
276 if(r) 284 if(r)
277 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 285 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
278 r = curl_easy_perform(curl); 286 r = curl_easy_perform(curl);
279 if(r && r!=CURLE_WRITE_ERROR) 287 if(r && r!=CURLE_WRITE_ERROR)
280 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 288 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
281 pcrepp::Pcre bre("<body\\b",PCRE_CASELESS);
282 // strip out everything past body 289 // strip out everything past body
290 static const char *re_hdre = "<head[^>]*>",
291 *re_lre = "<link\\b([^>]+)>",
292 *re_rre = "\\brel=['\"]([^'\"]+)['\"]",
293 *re_hre = "\\bhref=['\"]([^'\"]+)['\"]";
294#if defined(USE_LIBPCRECPP)
295 static pcrecpp::RE_Options ro(PCRE_CASELESS|PCRE_DOTALL);
296 static pcrecpp::RE
297 bre("<body\\b.*",ro), hdre(re_hdre,ro),
298 lre(re_lre,ro), rre(re_rre), hre(re_hre,ro);
299 bre.Replace("",&html);
300 pcrecpp::StringPiece hpiece(html);
301 if(!hdre.FindAndConsume(&hpiece))
302 throw bad_input(OPKELE_CP_ "failed to find head");
303 string attrs;
304 while(lre.FindAndConsume(&hpiece,&attrs)) {
305 pcrecpp::StringPiece rel, href;
306 if(!(rre.PartialMatch(attrs,&rel) && hre.PartialMatch(attrs,&href)))
307 continue;
308 if(rel=="openid.server") {
309 href.CopyToString(&server);
310 if(!delegate.empty())
311 break;
312 }else if(rel=="openid.delegate") {
313 href.CopyToString(&delegate);
314 if(!server.empty())
315 break;
316 }
317 }
318#elif defined(USE_PCREPP)
319 pcrepp::Pcre bre("<body\\b",PCRE_CASELESS);
283 if(bre.search(html)) 320 if(bre.search(html))
284 html.erase(bre.get_match_start()); 321 html.erase(bre.get_match_start());
285 pcrepp::Pcre hdre("<head[^>]*>",PCRE_CASELESS); 322 pcrepp::Pcre hdre(re_hdre,PCRE_CASELESS);
286 if(!hdre.search(html)) 323 if(!hdre.search(html))
287 throw bad_input(OPKELE_CP_ "failed to find head"); 324 throw bad_input(OPKELE_CP_ "failed to find head");
288 html.erase(0,hdre.get_match_end()+1); 325 html.erase(0,hdre.get_match_end()+1);
289 pcrepp::Pcre lre("<link\\b([^>]+)>",PCRE_CASELESS), 326 pcrepp::Pcre lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS);
290 rre("\\brel=['\"]([^'\"]+)['\"]",PCRE_CASELESS),
291 hre("\\bhref=['\"]([^'\"]+)['\"]",PCRE_CASELESS);
292 while(lre.search(html)) { 327 while(lre.search(html)) {
293 string attrs = lre[0]; 328 string attrs = lre[0];
294 html.erase(0,lre.get_match_end()+1); 329 html.erase(0,lre.get_match_end()+1);
295 if(!(rre.search(attrs)&&hre.search(attrs))) 330 if(!(rre.search(attrs)&&hre.search(attrs)))
296 continue; 331 continue;
297 if(rre[0]=="openid.server") { 332 if(rre[0]=="openid.server") {
298 server = hre[0]; 333 server = hre[0];
299 if(!delegate.empty()) 334 if(!delegate.empty())
300 break; 335 break;
301 }else if(rre[0]=="openid.delegate") { 336 }else if(rre[0]=="openid.delegate") {
302 delegate = hre[0]; 337 delegate = hre[0];
303 if(!server.empty()) 338 if(!server.empty())
304 break; 339 break;
305 } 340 }
306 } 341 }
342#else
343 #error "I must have gone crazy"
344#endif
307 if(server.empty()) 345 if(server.empty())
308 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); 346 throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration");
347#else /* none of the RE bindings enabled */
348 throw not_implemented(OPKELE_CP_ "No internal implementation of retrieve_links were provided at compile-time");
349#endif
309 } 350 }
310 351
311 assoc_t consumer_t::find_assoc(const string& server) { 352 assoc_t consumer_t::find_assoc(const string& server) {
312 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); 353 throw failed_lookup(OPKELE_CP_ "no find_assoc() provided");
313 } 354 }
314 355
315 string consumer_t::normalize(const string& url) { 356 string consumer_t::normalize(const string& url) {
316 string rv = url; 357 string rv = url;
317 // strip leading and trailing spaces 358 // strip leading and trailing spaces
318 string::size_type i = rv.find_first_not_of(" \t\r\n"); 359 string::size_type i = rv.find_first_not_of(" \t\r\n");
319 if(i==string::npos) 360 if(i==string::npos)
320 throw bad_input(OPKELE_CP_ "empty URL"); 361 throw bad_input(OPKELE_CP_ "empty URL");
321 if(i) 362 if(i)
322 rv.erase(0,i); 363 rv.erase(0,i);
323 i = rv.find_last_not_of(" \t\r\n"); 364 i = rv.find_last_not_of(" \t\r\n");
324 assert(i!=string::npos); 365 assert(i!=string::npos);
325 if(i<(rv.length()-1)) 366 if(i<(rv.length()-1))
326 rv.erase(i+1); 367 rv.erase(i+1);
327 // add missing http:// 368 // add missing http://
328 i = rv.find("://"); 369 i = rv.find("://");
329 if(i==string::npos) { // primitive. but do we need more? 370 if(i==string::npos) { // primitive. but do we need more?
330 rv.insert(0,"http://"); 371 rv.insert(0,"http://");
331 i = sizeof("http://")-1; 372 i = sizeof("http://")-1;
332 }else{ 373 }else{
333 i += sizeof("://")-1; 374 i += sizeof("://")-1;
334 } 375 }
335 string::size_type qm = rv.find('?',i); 376 string::size_type qm = rv.find('?',i);
336 string::size_type sl = rv.find('/',i); 377 string::size_type sl = rv.find('/',i);
337 if(qm!=string::npos) { 378 if(qm!=string::npos) {
338 if(sl==string::npos || sl>qm) 379 if(sl==string::npos || sl>qm)
339 rv.insert(qm,1,'/'); 380 rv.insert(qm,1,'/');
340 }else{ 381 }else{
341 if(sl==string::npos) 382 if(sl==string::npos)
342 rv += '/'; 383 rv += '/';
343 } 384 }
344 return rv; 385 return rv;
345 } 386 }
346 387
347 string consumer_t::canonicalize(const string& url) { 388 string consumer_t::canonicalize(const string& url) {
348 string rv = normalize(url); 389 string rv = normalize(url);
349 curl_t curl = curl_easy_init(); 390 curl_t curl = curl_easy_init();
350 if(!curl) 391 if(!curl)
351 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); 392 throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()");
352 string html; 393 string html;
353 CURLcode r; 394 CURLcode r;
354 (r=curl_misc_sets(curl)) 395 (r=curl_misc_sets(curl))
355 || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str())) 396 || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str()))
356 || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1)) 397 || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1))
357 ; 398 ;
358 if(r) 399 if(r)
359 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); 400 throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r);
360 r = curl_easy_perform(curl); 401 r = curl_easy_perform(curl);
361 if(r) 402 if(r)
362 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); 403 throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r);
363 const char *eu = 0; 404 const char *eu = 0;
364 r = curl_easy_getinfo(curl,CURLINFO_EFFECTIVE_URL,&eu); 405 r = curl_easy_getinfo(curl,CURLINFO_EFFECTIVE_URL,&eu);
365 if(r) 406 if(r)
366 throw exception_curl(OPKELE_CP_ "failed to curl_easy_getinfo(..CURLINFO_EFFECTIVE_URL..)",r); 407 throw exception_curl(OPKELE_CP_ "failed to curl_easy_getinfo(..CURLINFO_EFFECTIVE_URL..)",r);
367 rv = eu; 408 rv = eu;
368 return normalize(rv); 409 return normalize(rv);
369 } 410 }
370 411
371} 412}