summaryrefslogtreecommitdiffabout
path: root/lib
Side-by-side diff
Diffstat (limited to 'lib') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/consumer.cc29
-rw-r--r--lib/util.cc25
2 files changed, 27 insertions, 27 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index bd76b61..cbe0769 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -108,88 +108,88 @@ namespace opkele {
throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
ck.resize(cklen);
// OpenID algorithm requires extra zero in case of set bit here
if(ck[0]&0x80) ck.insert(ck.begin(),1,0);
unsigned char key_sha1[SHA_DIGEST_LENGTH];
SHA1(&(ck.front()),ck.size(),key_sha1);
secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
}
int expires_in = 0;
if(p.has_param("expires_in")) {
expires_in = util::string_to_long(p.get_param("expires_in"));
}else if(p.has_param("issued") && p.has_param("expiry")) {
expires_in = util::w3c_to_time(p.get_param("expiry"))-util::w3c_to_time(p.get_param("issued"));
}else
throw bad_input(OPKELE_CP_ "no expiration information");
return store_assoc(server,p.get_param("assoc_handle"),secret,expires_in);
}
string consumer_t::checkid_immediate(const string& identity,const string& return_to,const string& trust_root) {
return checkid_(mode_checkid_immediate,identity,return_to,trust_root);
}
string consumer_t::checkid_setup(const string& identity,const string& return_to,const string& trust_root) {
return checkid_(mode_checkid_setup,identity,return_to,trust_root);
}
string consumer_t::checkid_(mode_t mode,const string& identity,const string& return_to,const string& trust_root) {
params_t p;
if(mode==mode_checkid_immediate)
p["mode"]="checkid_immediate";
else if(mode==mode_checkid_setup)
p["mode"]="checkid_setup";
else
throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
- string iurl = util::canonicalize_url(identity);
+ string iurl = canonicalize(identity);
string server, delegate;
retrieve_links(iurl,server,delegate);
p["identity"] = delegate.empty()?iurl:delegate;
if(!trust_root.empty())
p["trust_root"] = trust_root;
p["return_to"] = return_to;
try {
try {
string ah = find_assoc(server)->handle();
p["assoc_handle"] = ah;
}catch(failed_lookup& fl) {
string ah = associate(server)->handle();
p["assoc_handle"] = ah;
}
}catch(exception& e) { }
return p.append_query(server);
}
void consumer_t::id_res(const params_t& pin,const string& identity) {
if(pin.has_param("openid.user_setup_url"))
throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",pin.get_param("openid.user_setup_url"));
string server,delegate;
- retrieve_links(identity.empty()?pin.get_param("openid.identity"):util::canonicalize_url(identity),server,delegate);
+ retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate);
try {
assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle"));
const string& sigenc = pin.get_param("openid.sig");
mimetic::Base64::Decoder b;
vector<unsigned char> sig;
mimetic::decode(
sigenc.begin(),sigenc.end(), b,
back_insert_iterator<vector<unsigned char> >(sig) );
const string& slist = pin.get_param("openid.signed");
string kv;
string::size_type p = 0;
while(true) {
string::size_type co = slist.find(',',p);
string f = (co==string::npos)?slist.substr(p):slist.substr(p,co-p);
kv += f;
kv += ':';
f.insert(0,"openid.");
kv += pin.get_param(f);
kv += '\n';
if(co==string::npos)
break;
p = co+1;
}
secret_t secret = assoc->secret();
unsigned int md_len = 0;
unsigned char *md = HMAC(
EVP_sha1(),
&(secret.front()),secret.size(),
(const unsigned char *)kv.data(),kv.length(),
0,&md_len);
if(sig.size()!=md_len || memcmp(&(sig.front()),md,md_len))
throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
@@ -284,33 +284,58 @@ namespace opkele {
if(bre.search(html))
html.erase(bre.get_match_start());
pcrepp::Pcre hdre("<head[^>]*>",PCRE_CASELESS);
if(!hdre.search(html))
throw bad_input(OPKELE_CP_ "failed to find head");
html.erase(0,hdre.get_match_end()+1);
pcrepp::Pcre lre("<link\\b([^>]+)>",PCRE_CASELESS),
rre("\\brel=['\"]([^'\"]+)['\"]",PCRE_CASELESS),
hre("\\bhref=['\"]([^'\"]+)['\"]",PCRE_CASELESS);
while(lre.search(html)) {
string attrs = lre[0];
html.erase(0,lre.get_match_end()+1);
if(!(rre.search(attrs)&&hre.search(attrs)))
continue;
if(rre[0]=="openid.server") {
server = hre[0];
if(!delegate.empty())
break;
}else if(rre[0]=="openid.delegate") {
delegate = hre[0];
if(!server.empty())
break;
}
}
if(server.empty())
throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration");
}
assoc_t consumer_t::find_assoc(const string& server) {
throw failed_lookup(OPKELE_CP_ "no find_assoc() provided");
}
+ string consumer_t::canonicalize(const string& url) {
+ string rv = url;
+ // strip leading and trailing spaces
+ string::size_type i = rv.find_first_not_of(" \t\r\n");
+ if(i==string::npos)
+ throw bad_input(OPKELE_CP_ "empty URL");
+ if(i)
+ rv.erase(0,i);
+ i = rv.find_last_not_of(" \t\r\n");
+ assert(i!=string::npos);
+ if(i<(rv.length()-1))
+ rv.erase(i+1);
+ // add missing http://
+ i = rv.find("://");
+ if(i==string::npos) { // primitive. but do we need more?
+ rv.insert(0,"http://");
+ i = sizeof("http://")-1;
+ }else{
+ i += sizeof("://")-1;
+ }
+ if(rv.find('/',i)==string::npos)
+ rv += '/';
+ return rv;
+ }
+
}
diff --git a/lib/util.cc b/lib/util.cc
index 1e7335c..d78b5e0 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -54,85 +54,60 @@ namespace opkele {
struct tm tm_t;
if(!gmtime_r(&t,&tm_t))
throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()");
char rv[25];
if(!strftime(rv,sizeof(rv)-1,"%Y-%m-%dT%H:%M:%SZ",&tm_t))
throw failed_conversion(OPKELE_CP_ "failed to strftime()");
return rv;
}
time_t w3c_to_time(const string& w) {
struct tm tm_t;
memset(&tm_t,0,sizeof(tm_t));
if(
sscanf(
w.c_str(),
"%04d-%02d-%02dT%02d:%02d:%02dZ",
&tm_t.tm_year,&tm_t.tm_mon,&tm_t.tm_mday,
&tm_t.tm_hour,&tm_t.tm_min,&tm_t.tm_sec
) != 6 )
throw failed_conversion(OPKELE_CP_ "failed to sscanf()");
tm_t.tm_mon--;
tm_t.tm_year-=1900;
time_t rv = mktime(&tm_t);
if(rv==(time_t)-1)
throw failed_conversion(OPKELE_CP_ "failed to mktime()");
return rv;
}
/*
*
*/
- string canonicalize_url(const string& url) {
- string rv = url;
- // strip leading and trailing spaces
- string::size_type i = rv.find_first_not_of(" \t\r\n");
- if(i==string::npos)
- throw bad_input(OPKELE_CP_ "empty URL");
- if(i)
- rv.erase(0,i);
- i = rv.find_last_not_of(" \t\r\n");
- assert(i!=string::npos);
- if(i<(rv.length()-1))
- rv.erase(i+1);
- // add missing http://
- i = rv.find("://");
- if(i==string::npos) { // primitive. but do we need more?
- rv.insert(0,"http://");
- i = sizeof("http://")-1;
- }else{
- i += sizeof("://")-1;
- }
- if(rv.find('/',i)==string::npos)
- rv += '/';
- return rv;
- }
-
string url_encode(const string& str) {
char * t = curl_escape(str.c_str(),str.length());
if(!t)
throw failed_conversion(OPKELE_CP_ "failed to curl_escape()");
string rv(t);
curl_free(t);
return rv;
}
string long_to_string(long l) {
char rv[32];
int r=snprintf(rv,sizeof(rv),"%ld",l);
if(r<0 || r>=sizeof(rv))
throw failed_conversion(OPKELE_CP_ "failed to snprintf()");
return rv;
}
long string_to_long(const string& s) {
char *endptr = 0;
long rv = strtol(s.c_str(),&endptr,10);
if((!endptr) || endptr==s.c_str())
throw failed_conversion(OPKELE_CP_ "failed to strtol()");
return rv;
}
}
}