summaryrefslogtreecommitdiffabout
path: root/lib
Side-by-side diff
Diffstat (limited to 'lib') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_op.cc1
-rw-r--r--lib/basic_rp.cc1
-rw-r--r--lib/consumer.cc1
-rw-r--r--lib/server.cc1
4 files changed, 4 insertions, 0 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index c247493..fa659ac 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -1,40 +1,41 @@
#include <time.h>
#include <cassert>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <opkele/data.h>
#include <opkele/basic_op.h>
#include <opkele/exception.h>
#include <opkele/util.h>
+#include <opkele/util-internal.h>
#include <opkele/uris.h>
namespace opkele {
void basic_OP::reset_vars() {
assoc.reset();
return_to.clear(); realm.clear();
claimed_id.clear(); identity.clear();
invalidate_handle.clear();
}
bool basic_OP::has_return_to() const {
return !return_to.empty();
}
const string& basic_OP::get_return_to() const {
if(return_to.empty())
throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");
return return_to;
}
const string& basic_OP::get_realm() const {
assert(!realm.empty());
return realm;
}
bool basic_OP::has_identity() const {
return !identity.empty();
}
const string& basic_OP::get_claimed_id() const {
if(claimed_id.empty())
throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");
assert(!identity.empty());
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index a0ad130..e65d9fb 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -1,40 +1,41 @@
#include <cassert>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <opkele/basic_rp.h>
#include <opkele/exception.h>
#include <opkele/uris.h>
#include <opkele/data.h>
#include <opkele/util.h>
+#include <opkele/util-internal.h>
#include <opkele/curl.h>
namespace opkele {
static void dh_get_secret(
secret_t& secret, const basic_openid_message& om,
const char *exp_assoc, const char *exp_sess,
util::dh_t& dh,
size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*),
size_t exp_s_len) try {
if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess)
throw bad_input(OPKELE_CP_ "Unexpected associate response");
util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public"));
vector<unsigned char> ck(DH_size(dh)+1);
unsigned char *ckptr = &(ck.front())+1;
int cklen = DH_compute_key(ckptr,s_pub,dh);
if(cklen<0)
throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
if(cklen && (*ckptr)&0x80) {
(*(--ckptr))=0; ++cklen; }
assert(d_len<=SHA256_DIGEST_LENGTH);
unsigned char key_digest[SHA256_DIGEST_LENGTH];
secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
if(secret.size()!=exp_s_len)
throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
}catch(opkele::failed_lookup& ofl) {
throw bad_input(OPKELE_CP_ "Incoherent response from OP");
} OPKELE_RETHROW
static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) {
util::curl_pick_t curl = util::curl_pick_t::easy_init();
if(!curl)
diff --git a/lib/consumer.cc b/lib/consumer.cc
index ebda262..801496e 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,36 +1,37 @@
#include <algorithm>
#include <cassert>
#include <cstring>
#include <opkele/util.h>
+#include <opkele/util-internal.h>
#include <opkele/curl.h>
#include <opkele/exception.h>
#include <opkele/data.h>
#include <opkele/consumer.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <iostream>
#include "config.h"
#include <pcre.h>
namespace opkele {
using namespace std;
using util::curl_t;
using util::curl_pick_t;
class pcre_matches_t {
public:
int *_ov;
int _s;
pcre_matches_t() : _ov(0), _s(0) { }
pcre_matches_t(int s) : _ov(0), _s(s) {
if(_s&1) ++_s;
_s += _s>>1;
_ov = new int[_s];
}
~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
int begin(int i) const { return _ov[i<<1]; }
int end(int i) const { return _ov[(i<<1)+1]; }
diff --git a/lib/server.cc b/lib/server.cc
index 776f1ae..0dea1eb 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -1,37 +1,38 @@
#include <cstring>
#include <vector>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <opkele/util.h>
+#include <opkele/util-internal.h>
#include <opkele/exception.h>
#include <opkele/server.h>
#include <opkele/data.h>
namespace opkele {
using namespace std;
void server_t::associate(const params_t& pin,params_t& pout) {
util::dh_t dh;
util::bignum_t c_pub;
unsigned char key_sha1[SHA_DIGEST_LENGTH];
enum {
sess_cleartext,
sess_dh_sha1
} st = sess_cleartext;
if(
pin.has_param("openid.session_type")
&& pin.get_param("openid.session_type")=="DH-SHA1" ) {
/* TODO: fallback to cleartext in case of exceptions here? */
if(!(dh = DH_new()))
throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
if(pin.has_param("openid.dh_modulus"))
dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
else
dh->p = util::dec_to_bignum(data::_default_p);
if(pin.has_param("openid.dh_gen"))
dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
else
dh->g = util::dec_to_bignum(data::_default_g);
if(!DH_generate_key(dh))
throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");