summaryrefslogtreecommitdiffabout
path: root/test/RP.cc
Unidiff
Diffstat (limited to 'test/RP.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--test/RP.cc538
1 files changed, 538 insertions, 0 deletions
diff --git a/test/RP.cc b/test/RP.cc
new file mode 100644
index 0000000..f2f8851
--- a/dev/null
+++ b/test/RP.cc
@@ -0,0 +1,538 @@
1#include <uuid/uuid.h>
2#include <iostream>
3#include <cassert>
4#include <stdexcept>
5#include <string>
6#include <set>
7#include <iterator>
8using namespace std;
9#include <kingate/exception.h>
10#include <kingate/plaincgi.h>
11#include <kingate/cgi_gateway.h>
12#include <opkele/exception.h>
13#include <opkele/types.h>
14#include <opkele/util.h>
15#include <opkele/uris.h>
16#include <opkele/discovery.h>
17#include <opkele/association.h>
18#include <opkele/sreg.h>
19using namespace opkele;
20#include <opkele/prequeue_rp.h>
21#include <opkele/debug.h>
22
23#include "sqlite.h"
24
25#undef DUMB_RP
26
27#ifdef DUMB_RP
28# define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb")
29#else
30# define DUMBTHROW (void)0
31#endif
32
33template<typename IT>
34class join_iterator : public iterator<
35 input_iterator_tag,typename IT::value_type,
36 void,typename IT::pointer,typename IT::reference> {
37 public:
38 typedef pair<IT,IT> range_t;
39 typedef list<range_t> ranges_t;
40 ranges_t ranges;
41
42 join_iterator() { }
43
44 bool cleanup() {
45 bool rv = false;
46 while(!(ranges.empty() || ranges.front().first!=ranges.front().second)) {
47 ranges.pop_front(); rv = true;
48 }
49 return rv;
50 }
51
52 join_iterator<IT>& add_range(const IT& b,const IT& e) {
53 ranges.push_back(typename ranges_t::value_type(b,e));
54 cleanup();
55 return *this;
56 }
57
58 bool operator==(const join_iterator<IT>& x) const {
59 return ranges==x.ranges; }
60 bool operator!=(const join_iterator<IT>& x) const {
61 return ranges!=x.ranges; }
62
63 typename IT::reference operator*() const {
64 assert(!ranges.empty());
65 assert(ranges.front().first!=ranges.front().second);
66 return *ranges.front().first; }
67 typename IT::pointer operator->() const {
68 assert(!ranges.empty());
69 assert(ranges.front().first!=ranges.front().second);
70 return ranges.front().first.operator->(); }
71
72 join_iterator<IT>& operator++() {
73 cleanup();
74 if(ranges.empty()) return *this;
75 do {
76 ++ranges.front().first;
77 }while(cleanup() && !ranges.empty());
78 return *this;
79 }
80 join_iterator<IT> operator++(int) {
81 join_iterator<IT> rv(*this);
82 ++(*this); return rv; }
83};
84
85template<typename IT>
86class cut_prefix_filterator : public opkele::util::basic_filterator<IT> {
87 public:
88 string pfx;
89 mutable string tmp;
90
91 cut_prefix_filterator() { }
92 cut_prefix_filterator(const IT& bi,const IT&ei,const string& pfx)
93 : opkele::util::basic_filterator<IT>(bi,ei), pfx(pfx) {
94 this->prepare();
95 }
96
97 bool is_interesting() const {
98 return pfx.length()==0 || !strncmp(this->it->c_str(),pfx.c_str(),pfx.length());
99 }
100
101 typename IT::reference operator*() const {
102 assert(!this->empty);
103 tmp = *this->it; tmp.erase(0,pfx.length());
104 return tmp; }
105 typename IT::pointer operator->() const {
106 assert(!this->empty);
107 return &this->operator*(); }
108};
109
110class kingate_openid_message_t : public opkele::basic_openid_message {
111 typedef join_iterator<kingate::cgi_gateway::params_t::const_iterator> jitterator;
112 typedef opkele::util::map_keys_iterator<
113 jitterator,
114 fields_iterator::value_type,
115 fields_iterator::reference,
116 fields_iterator::pointer> keys_iterator;
117 typedef cut_prefix_filterator<keys_iterator> pfilterator;
118 public:
119 const kingate::cgi_gateway& gw;
120
121 kingate_openid_message_t(const kingate::cgi_gateway& g) : gw(g) { }
122
123 bool has_field(const string& n) const {
124 return gw.has_param("openid."+n); }
125 const string& get_field(const string& n) const {
126 return gw.get_param("openid."+n); }
127
128 fields_iterator fields_begin() const {
129 return
130 pfilterator( keys_iterator(
131 jitterator()
132 .add_range( gw.get.begin(), gw.get.end() )
133 .add_range( gw.post.begin(), gw.post.end() ),
134 jitterator()
135 ), keys_iterator(), "openid." );
136 }
137 fields_iterator fields_end() const {
138 return pfilterator();
139 }
140};
141
142class rpdb_t : public sqlite3_t {
143 public:
144 rpdb_t()
145 : sqlite3_t("/tmp/RP.db") {
146 assert(_D);
147 char **resp; int nrow,ncol; char *errm;
148 if(sqlite3_get_table(
149 _D,"SELECT a_op FROM assoc LIMIT 0",
150 &resp,&nrow,&ncol,&errm)!=SQLITE_OK) {
151 extern const char *__RP_db_bootstrap;
152 DOUT_("Bootstrapping DB");
153 if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK)
154 throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm);
155 }else
156 sqlite3_free_table(resp);
157
158 }
159};
160
161class example_rp_t : public opkele::prequeue_RP {
162 public:
163 mutable rpdb_t db;
164 kingate::cookie htc;
165 long as_id;
166 int ordinal;
167 kingate::cgi_gateway& gw;
168
169 example_rp_t(kingate::cgi_gateway& gw)
170 : ordinal(0), have_eqtop(false), gw(gw), as_id(-1) {
171 try {
172 htc = gw.cookies.get_cookie("ht_session");
173 as_id = opkele::util::string_to_long(gw.get_param("asid"));
174 }catch(kingate::exception_notfound& kenf) {
175 uuid_t uuid; uuid_generate(uuid);
176 htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid)));
177 sqlite3_mem_t<char*> S = sqlite3_mprintf(
178 "INSERT INTO ht_sessions (hts_id) VALUES (%Q)",
179 htc.get_value().c_str());
180 db.exec(S);
181 }
182 }
183
184 /* Global persistent store */
185
186 opkele::assoc_t store_assoc(
187 const string& OP,const string& handle,
188 const string& type,const secret_t& secret,
189 int expires_in) {
190 DUMBTHROW;
191 DOUT_("Storing '" << handle << "' assoc with '" << OP << "'");
192 time_t exp = time(0)+expires_in;
193 sqlite3_mem_t<char*>
194 S = sqlite3_mprintf(
195 "INSERT INTO assoc"
196 " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)"
197 " VALUES ("
198 " %Q,%Q,%Q,"
199 " datetime('now'), datetime('now','+%d seconds'),"
200 " %Q"
201 " );", OP.c_str(), handle.c_str(), type.c_str(),
202 expires_in,
203 util::encode_base64(&(secret.front()),secret.size()).c_str() );
204 db.exec(S);
205 return opkele::assoc_t(new opkele::association(
206 OP, handle, type, secret, exp, false ));
207 }
208
209 opkele::assoc_t find_assoc(
210 const string& OP) {
211 DUMBTHROW;
212 DOUT_("Looking for an assoc with '" << OP << '\'');
213 sqlite3_mem_t<char*>
214 S = sqlite3_mprintf(
215 "SELECT"
216 " a_op,a_handle,a_type,a_secret,"
217 " strftime('%%s',a_etime) AS a_etime"
218 " FROM assoc"
219 " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless"
220 " AND ( a_etime > datetime('now','-30 seconds') )"
221 " LIMIT 1",
222 OP.c_str());
223 sqlite3_table_t T;
224 int nr,nc;
225 db.get_table(S,T,&nr,&nc);
226 if(nr<1)
227 throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle");
228 assert(nr==1);
229 assert(nc==5);
230 secret_t secret;
231 util::decode_base64(T.get(1,3,nc),secret);
232 DOUT_(" found '" << T.get(1,1,nc) << '\'');
233 return opkele::assoc_t(new opkele::association(
234 T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc),
235 secret, strtol(T.get(1,4,nc),0,0), false ));
236 }
237
238 opkele::assoc_t retrieve_assoc(
239 const string& OP,const string& handle) {
240 DUMBTHROW;
241 DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\'');
242 sqlite3_mem_t<char*>
243 S = sqlite3_mprintf(
244 "SELECT"
245 " a_op,a_handle,a_type,a_secret,"
246 " strftime('%%s',a_etime) AS a_etime"
247 " FROM assoc"
248 " WHERE a_op=%Q AND a_handle=%Q"
249 " AND a_itime IS NULL AND NOT a_stateless"
250 " LIMIT 1",
251 OP.c_str(),handle.c_str());
252 sqlite3_table_t T;
253 int nr,nc;
254 db.get_table(S,T,&nr,&nc);
255 if(nr<1)
256 throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association");
257 assert(nr==1); assert(nc==5);
258 secret_t secret; util::decode_base64(T.get(1,3,nc),secret);
259 DOUT_(" found. type=" << T.get(1,2,nc) << '\'');
260 return opkele::assoc_t(new opkele::association(
261 T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc),
262 secret, strtol(T.get(1,4,nc),0,0), false ));
263 }
264
265 void invalidate_assoc(
266 const string& OP,const string& handle) {
267 DUMBTHROW;
268 DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\'');
269 sqlite3_mem_t<char*>
270 S = sqlite3_mprintf(
271 "UPDATE assoc SET a_itime=datetime('now')"
272 " WHERE a_op=%Q AND a_handle=%Q",
273 OP.c_str(), handle.c_str() );
274 db.exec(S);
275 }
276
277 void check_nonce(const string& OP,const string& nonce) {
278 DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\'');
279 sqlite3_mem_t<char*>
280 S = sqlite3_mprintf(
281 "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q",
282 OP.c_str(), nonce.c_str());
283 sqlite3_table_t T;
284 int nr,nc;
285 db.get_table(S,T,&nr,&nc);
286 if(nr)
287 throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce");
288 sqlite3_mem_t<char*>
289 SS = sqlite3_mprintf(
290 "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)",
291 OP.c_str(), nonce.c_str());
292 db.exec(SS);
293 }
294
295 /* Session perisistent store */
296
297 void begin_queueing() {
298 assert(as_id>=0);
299 DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id);
300 sqlite3_mem_t<char*> S = sqlite3_mprintf(
301 "DELETE FROM endpoints_queue"
302 " WHERE as_id=%ld",
303 as_id);
304 db.exec(S);
305 }
306
307 void queue_endpoint(const opkele::openid_endpoint_t& ep) {
308 assert(as_id>=0);
309 DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri);
310 sqlite3_mem_t<char*> S = sqlite3_mprintf(
311 "INSERT INTO endpoints_queue"
312 " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)"
313 " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)",
314 as_id,ordinal++,
315 ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str());
316 db.exec(S);
317 }
318
319 mutable openid_endpoint_t eqtop;
320 mutable bool have_eqtop;
321
322 const openid_endpoint_t& get_endpoint() const {
323 assert(as_id>=0);
324 if(!have_eqtop) {
325 sqlite3_mem_t<char*>
326 S = sqlite3_mprintf(
327 "SELECT"
328 " eq_uri, eq_claimed_id, eq_local_id"
329 " FROM endpoints_queue"
330 " JOIN auth_sessions USING(as_id)"
331 " WHERE hts_id=%Q AND as_id=%ld"
332 " ORDER BY eq_ctime,eq_ordinal"
333 " LIMIT 1",htc.get_value().c_str(),as_id);
334 sqlite3_table_t T; int nr,nc;
335 db.get_table(S,T,&nr,&nc);
336 if(nr<1)
337 throw opkele::exception(OPKELE_CP_ "No more endpoints queued");
338 assert(nr==1); assert(nc==3);
339 eqtop.uri = T.get(1,0,nc);
340 eqtop.claimed_id = T.get(1,1,nc);
341 eqtop.local_id = T.get(1,2,nc);
342 have_eqtop = true;
343 }
344 return eqtop;
345 }
346
347 void next_endpoint() {
348 assert(as_id>=0);
349 get_endpoint();
350 have_eqtop = false;
351 sqlite3_mem_t<char*> S = sqlite3_mprintf(
352 "DELETE FROM endpoints_queue"
353 " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q",
354 htc.get_value().c_str(),as_id,
355 eqtop.uri.c_str());
356 db.exec(S);
357 }
358
359 mutable string _cid;
360 mutable string _nid;
361
362 void set_claimed_id(const string& cid) {
363 assert(as_id>=0);
364 sqlite3_mem_t<char*> S = sqlite3_mprintf(
365 "UPDATE auth_sessions"
366 " SET as_claimed_id=%Q"
367 " WHERE hts_id=%Q and as_id=%ld",
368 cid.c_str(),
369 htc.get_value().c_str(),as_id);
370 db.exec(S);
371 _cid = cid;
372 }
373 const string get_claimed_id() const {
374 assert(as_id>=0);
375 if(_cid.empty()) {
376 sqlite3_mem_t<char*> S = sqlite3_mprintf(
377 "SELECT as_claimed_id"
378 " FROM"
379 " auth_sessions"
380 " WHERE"
381 " hts_id=%Q AND as_id=%ld",
382 htc.get_value().c_str(),as_id);
383 sqlite3_table_t T; int nr,nc;
384 db.get_table(S,T,&nr,&nc);
385 assert(nr==1); assert(nc==1);
386 _cid = T.get(1,0,nc);
387 }
388 return _cid;
389 }
390 void set_normalized_id(const string& nid) {
391 assert(as_id>=0);
392 sqlite3_mem_t<char*> S = sqlite3_mprintf(
393 "UPDATE auth_sessions"
394 " SET as_normalized_id=%Q"
395 " WHERE hts_id=%Q and as_id=%ld",
396 nid.c_str(),
397 htc.get_value().c_str(),as_id);
398 db.exec(S);
399 _nid = nid;
400 }
401 const string get_normalized_id() const {
402 assert(as_id>=0);
403 if(_nid.empty()) {
404 sqlite3_mem_t<char*> S = sqlite3_mprintf(
405 "SELECT as_normalized_id"
406 " FROM"
407 " auth_sessions"
408 " WHERE"
409 " hts_id=%Q AND as_id=%ld",
410 htc.get_value().c_str(),as_id);
411 sqlite3_table_t T; int nr,nc;
412 db.get_table(S,T,&nr,&nc);
413 assert(nr==1); assert(nc==1);
414 _nid = T.get(1,0,nc);
415 }
416 return _nid;
417 }
418
419 const string get_this_url() const {
420 bool s = gw.has_meta("SSL_PROTOCOL_VERSION");
421 string rv = s?"https://":"http://";
422 rv += gw.http_request_header("Host");
423 const string& port = gw.get_meta("SERVER_PORT");
424 if( port!=(s?"443":"80") ) {
425 rv += ':'; rv += port;
426 }
427 rv += gw.get_meta("REQUEST_URI");
428 return rv;
429 }
430
431 void initiate(const string& usi) {
432 allocate_asid();
433 prequeue_RP::initiate(usi);
434 }
435
436 string get_self_url() const {
437 string rv = get_this_url();
438 string::size_type q = rv.find('?');
439 if(q!=string::npos)
440 rv.erase(q);
441 return rv;
442 }
443
444 void allocate_asid() {
445 sqlite3_mem_t<char*> S = sqlite3_mprintf(
446 "INSERT INTO auth_sessions (hts_id)"
447 " VALUES (%Q)",
448 htc.get_value().c_str());
449 db.exec(S);
450 as_id = sqlite3_last_insert_rowid(db);
451 DOUT_("Allocated authentication session id "<<as_id);
452 assert(as_id>=0);
453 }
454
455#ifdef DUMB_RP
456 virtual assoc_t associate(const string& OP) {
457 DUMBTHROW;
458 }
459#endif
460};
461
462int main(int argc,char *argv[]) {
463 try {
464 kingate::plaincgi_interface ci;
465 kingate::cgi_gateway gw(ci);
466 string op;
467 try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { }
468 if(op=="initiate") {
469 example_rp_t rp(gw);
470 string usi = gw.get_param("openid_identity");
471 rp.initiate(usi);
472 opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL);
473 opkele::openid_message_t cm;
474 string loc;
475 cout <<
476 "Set-Cookie: " << rp.htc.set_cookie_header() << "\n"
477 "Status: 302 Going to OP\n"
478 "Location: " << (
479 loc = rp.checkid_(cm,opkele::mode_checkid_setup,
480 rp.get_self_url()+
481 "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id),
482 rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri)
483 )
484 << "\n\n";
485 DOUT_("Going to " << loc);
486 }else if(op=="confirm") {
487 kingate_openid_message_t om(gw);
488 example_rp_t rp(gw);
489 opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL);
490 rp.id_res(om,&sreg);
491 cout <<
492 "Content-Type: text/plain\n\n";
493 for(opkele::basic_openid_message::fields_iterator i=om.fields_begin();
494 i!=om.fields_end();++i) {
495 cout << *i << '=' << om.get_field(*i) << endl;
496 }
497 cout << endl
498 << "SREG fields: " << sreg.has_fields << endl;
499 }else{
500 cout <<
501 "Content-type: text/html\n\n"
502
503 "<html>"
504 "<head><title>test RP</title></head>"
505 "<body>"
506 "<form action='' method='post'>"
507 "<input type='hidden' name='op' value='initiate' />"
508 "<input type='text' name='openid_identity'/>"
509 "<input type='submit' name='submit' value='submit' />"
510 "</form>"
511 "<br/><br/>"
512 "<a href='?op=initiate&amp;openid_identity=www.myopenid.com&amp;dummy=" << time(0) << "'>login with myopenid.com account</a>"
513 "<br/>"
514 "</body"
515 "</html>"
516 ;
517 }
518#ifdef OPKELE_HAVE_KONFORKA
519 }catch(konforka::exception& e) {
520#else
521 }catch(std::exception& e){
522#endif
523 DOUT_("Oops: " << e.what());
524 cout << "Content-Type: text/plain\n\n"
525 "Exception:\n"
526 " what: " << e.what() << endl;
527#ifdef OPKELE_HAVE_KONFORKA
528 cout << " where: " << e.where() << endl;
529 if(!e._seen.empty()) {
530 cout << " seen:" << endl;
531 for(list<konforka::code_point>::const_iterator
532 i=e._seen.begin();i!=e._seen.end();++i) {
533 cout << " " << i->c_str() << endl;
534 }
535 }
536#endif
537 }
538}