|
|
|
@@ -1,401 +1,402 @@ |
1 | #include <uuid/uuid.h> |
1 | #include <uuid/uuid.h> |
2 | #include <iostream> |
2 | #include <iostream> |
3 | #include <cassert> |
3 | #include <cassert> |
| |
4 | #include <cstdlib> |
4 | #include <stdexcept> |
5 | #include <stdexcept> |
5 | #include <string> |
6 | #include <string> |
6 | #include <set> |
7 | #include <set> |
7 | #include <iterator> |
8 | #include <iterator> |
8 | using namespace std; |
9 | using namespace std; |
9 | #include <kingate/exception.h> |
10 | #include <kingate/exception.h> |
10 | #include <kingate/plaincgi.h> |
11 | #include <kingate/plaincgi.h> |
11 | #include <kingate/cgi_gateway.h> |
12 | #include <kingate/cgi_gateway.h> |
12 | #include <opkele/exception.h> |
13 | #include <opkele/exception.h> |
13 | #include <opkele/types.h> |
14 | #include <opkele/types.h> |
14 | #include <opkele/util.h> |
15 | #include <opkele/util.h> |
15 | #include <opkele/uris.h> |
16 | #include <opkele/uris.h> |
16 | #include <opkele/discovery.h> |
17 | #include <opkele/discovery.h> |
17 | #include <opkele/association.h> |
18 | #include <opkele/association.h> |
18 | #include <opkele/sreg.h> |
19 | #include <opkele/sreg.h> |
19 | using namespace opkele; |
20 | using namespace opkele; |
20 | #include <opkele/prequeue_rp.h> |
21 | #include <opkele/prequeue_rp.h> |
21 | #include <opkele/debug.h> |
22 | #include <opkele/debug.h> |
22 | |
23 | |
23 | #include "sqlite.h" |
24 | #include "sqlite.h" |
24 | #include "kingate_openid_message.h" |
25 | #include "kingate_openid_message.h" |
25 | |
26 | |
26 | #undef DUMB_RP |
27 | #undef DUMB_RP |
27 | |
28 | |
28 | #ifdef DUMB_RP |
29 | #ifdef DUMB_RP |
29 | # define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb") |
30 | # define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb") |
30 | #else |
31 | #else |
31 | # define DUMBTHROW (void)0 |
32 | # define DUMBTHROW (void)0 |
32 | #endif |
33 | #endif |
33 | |
34 | |
34 | class rpdb_t : public sqlite3_t { |
35 | class rpdb_t : public sqlite3_t { |
35 | public: |
36 | public: |
36 | rpdb_t() |
37 | rpdb_t() |
37 | : sqlite3_t("/tmp/RP.db") { |
38 | : sqlite3_t("/tmp/RP.db") { |
38 | assert(_D); |
39 | assert(_D); |
39 | char **resp; int nrow,ncol; char *errm; |
40 | char **resp; int nrow,ncol; char *errm; |
40 | if(sqlite3_get_table( |
41 | if(sqlite3_get_table( |
41 | _D,"SELECT a_op FROM assoc LIMIT 0", |
42 | _D,"SELECT a_op FROM assoc LIMIT 0", |
42 | &resp,&nrow,&ncol,&errm)!=SQLITE_OK) { |
43 | &resp,&nrow,&ncol,&errm)!=SQLITE_OK) { |
43 | extern const char *__RP_db_bootstrap; |
44 | extern const char *__RP_db_bootstrap; |
44 | DOUT_("Bootstrapping DB"); |
45 | DOUT_("Bootstrapping DB"); |
45 | if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
46 | if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
46 | throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm); |
47 | throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm); |
47 | }else |
48 | }else |
48 | sqlite3_free_table(resp); |
49 | sqlite3_free_table(resp); |
49 | |
50 | |
50 | } |
51 | } |
51 | }; |
52 | }; |
52 | |
53 | |
53 | class example_rp_t : public opkele::prequeue_RP { |
54 | class example_rp_t : public opkele::prequeue_RP { |
54 | public: |
55 | public: |
55 | mutable rpdb_t db; |
56 | mutable rpdb_t db; |
56 | kingate::cookie htc; |
57 | kingate::cookie htc; |
57 | long as_id; |
58 | long as_id; |
58 | int ordinal; |
59 | int ordinal; |
59 | kingate::cgi_gateway& gw; |
60 | kingate::cgi_gateway& gw; |
60 | |
61 | |
61 | example_rp_t(kingate::cgi_gateway& g) |
62 | example_rp_t(kingate::cgi_gateway& g) |
62 | : as_id(-1), ordinal(0), gw(g), have_eqtop(false) { |
63 | : as_id(-1), ordinal(0), gw(g), have_eqtop(false) { |
63 | try { |
64 | try { |
64 | htc = gw.cookies.get_cookie("ht_session"); |
65 | htc = gw.cookies.get_cookie("ht_session"); |
65 | as_id = opkele::util::string_to_long(gw.get_param("asid")); |
66 | as_id = opkele::util::string_to_long(gw.get_param("asid")); |
66 | }catch(kingate::exception_notfound& kenf) { |
67 | }catch(kingate::exception_notfound& kenf) { |
67 | uuid_t uuid; uuid_generate(uuid); |
68 | uuid_t uuid; uuid_generate(uuid); |
68 | htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid))); |
69 | htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid))); |
69 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
70 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
70 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
71 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
71 | htc.get_value().c_str()); |
72 | htc.get_value().c_str()); |
72 | db.exec(S); |
73 | db.exec(S); |
73 | } |
74 | } |
74 | } |
75 | } |
75 | |
76 | |
76 | /* Global persistent store */ |
77 | /* Global persistent store */ |
77 | |
78 | |
78 | opkele::assoc_t store_assoc( |
79 | opkele::assoc_t store_assoc( |
79 | const string& OP,const string& handle, |
80 | const string& OP,const string& handle, |
80 | const string& type,const secret_t& secret, |
81 | const string& type,const secret_t& secret, |
81 | int expires_in) { |
82 | int expires_in) { |
82 | DUMBTHROW; |
83 | DUMBTHROW; |
83 | DOUT_("Storing '" << handle << "' assoc with '" << OP << "'"); |
84 | DOUT_("Storing '" << handle << "' assoc with '" << OP << "'"); |
84 | time_t exp = time(0)+expires_in; |
85 | time_t exp = time(0)+expires_in; |
85 | sqlite3_mem_t<char*> |
86 | sqlite3_mem_t<char*> |
86 | S = sqlite3_mprintf( |
87 | S = sqlite3_mprintf( |
87 | "INSERT INTO assoc" |
88 | "INSERT INTO assoc" |
88 | " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)" |
89 | " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)" |
89 | " VALUES (" |
90 | " VALUES (" |
90 | " %Q,%Q,%Q," |
91 | " %Q,%Q,%Q," |
91 | " datetime('now'), datetime('now','+%d seconds')," |
92 | " datetime('now'), datetime('now','+%d seconds')," |
92 | " %Q" |
93 | " %Q" |
93 | " );", OP.c_str(), handle.c_str(), type.c_str(), |
94 | " );", OP.c_str(), handle.c_str(), type.c_str(), |
94 | expires_in, |
95 | expires_in, |
95 | util::encode_base64(&(secret.front()),secret.size()).c_str() ); |
96 | util::encode_base64(&(secret.front()),secret.size()).c_str() ); |
96 | db.exec(S); |
97 | db.exec(S); |
97 | return opkele::assoc_t(new opkele::association( |
98 | return opkele::assoc_t(new opkele::association( |
98 | OP, handle, type, secret, exp, false )); |
99 | OP, handle, type, secret, exp, false )); |
99 | } |
100 | } |
100 | |
101 | |
101 | opkele::assoc_t find_assoc( |
102 | opkele::assoc_t find_assoc( |
102 | const string& OP) { |
103 | const string& OP) { |
103 | DUMBTHROW; |
104 | DUMBTHROW; |
104 | DOUT_("Looking for an assoc with '" << OP << '\''); |
105 | DOUT_("Looking for an assoc with '" << OP << '\''); |
105 | sqlite3_mem_t<char*> |
106 | sqlite3_mem_t<char*> |
106 | S = sqlite3_mprintf( |
107 | S = sqlite3_mprintf( |
107 | "SELECT" |
108 | "SELECT" |
108 | " a_op,a_handle,a_type,a_secret," |
109 | " a_op,a_handle,a_type,a_secret," |
109 | " strftime('%%s',a_etime) AS a_etime" |
110 | " strftime('%%s',a_etime) AS a_etime" |
110 | " FROM assoc" |
111 | " FROM assoc" |
111 | " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless" |
112 | " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless" |
112 | " AND ( a_etime > datetime('now','-30 seconds') )" |
113 | " AND ( a_etime > datetime('now','-30 seconds') )" |
113 | " LIMIT 1", |
114 | " LIMIT 1", |
114 | OP.c_str()); |
115 | OP.c_str()); |
115 | sqlite3_table_t T; |
116 | sqlite3_table_t T; |
116 | int nr,nc; |
117 | int nr,nc; |
117 | db.get_table(S,T,&nr,&nc); |
118 | db.get_table(S,T,&nr,&nc); |
118 | if(nr<1) |
119 | if(nr<1) |
119 | throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle"); |
120 | throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle"); |
120 | assert(nr==1); |
121 | assert(nr==1); |
121 | assert(nc==5); |
122 | assert(nc==5); |
122 | secret_t secret; |
123 | secret_t secret; |
123 | util::decode_base64(T.get(1,3,nc),secret); |
124 | util::decode_base64(T.get(1,3,nc),secret); |
124 | DOUT_(" found '" << T.get(1,1,nc) << '\''); |
125 | DOUT_(" found '" << T.get(1,1,nc) << '\''); |
125 | return opkele::assoc_t(new opkele::association( |
126 | return opkele::assoc_t(new opkele::association( |
126 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
127 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
127 | secret, strtol(T.get(1,4,nc),0,0), false )); |
128 | secret, strtol(T.get(1,4,nc),0,0), false )); |
128 | } |
129 | } |
129 | |
130 | |
130 | opkele::assoc_t retrieve_assoc( |
131 | opkele::assoc_t retrieve_assoc( |
131 | const string& OP,const string& handle) { |
132 | const string& OP,const string& handle) { |
132 | DUMBTHROW; |
133 | DUMBTHROW; |
133 | DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\''); |
134 | DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\''); |
134 | sqlite3_mem_t<char*> |
135 | sqlite3_mem_t<char*> |
135 | S = sqlite3_mprintf( |
136 | S = sqlite3_mprintf( |
136 | "SELECT" |
137 | "SELECT" |
137 | " a_op,a_handle,a_type,a_secret," |
138 | " a_op,a_handle,a_type,a_secret," |
138 | " strftime('%%s',a_etime) AS a_etime" |
139 | " strftime('%%s',a_etime) AS a_etime" |
139 | " FROM assoc" |
140 | " FROM assoc" |
140 | " WHERE a_op=%Q AND a_handle=%Q" |
141 | " WHERE a_op=%Q AND a_handle=%Q" |
141 | " AND a_itime IS NULL AND NOT a_stateless" |
142 | " AND a_itime IS NULL AND NOT a_stateless" |
142 | " LIMIT 1", |
143 | " LIMIT 1", |
143 | OP.c_str(),handle.c_str()); |
144 | OP.c_str(),handle.c_str()); |
144 | sqlite3_table_t T; |
145 | sqlite3_table_t T; |
145 | int nr,nc; |
146 | int nr,nc; |
146 | db.get_table(S,T,&nr,&nc); |
147 | db.get_table(S,T,&nr,&nc); |
147 | if(nr<1) |
148 | if(nr<1) |
148 | throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association"); |
149 | throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association"); |
149 | assert(nr==1); assert(nc==5); |
150 | assert(nr==1); assert(nc==5); |
150 | secret_t secret; util::decode_base64(T.get(1,3,nc),secret); |
151 | secret_t secret; util::decode_base64(T.get(1,3,nc),secret); |
151 | DOUT_(" found. type=" << T.get(1,2,nc) << '\''); |
152 | DOUT_(" found. type=" << T.get(1,2,nc) << '\''); |
152 | return opkele::assoc_t(new opkele::association( |
153 | return opkele::assoc_t(new opkele::association( |
153 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
154 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
154 | secret, strtol(T.get(1,4,nc),0,0), false )); |
155 | secret, strtol(T.get(1,4,nc),0,0), false )); |
155 | } |
156 | } |
156 | |
157 | |
157 | void invalidate_assoc( |
158 | void invalidate_assoc( |
158 | const string& OP,const string& handle) { |
159 | const string& OP,const string& handle) { |
159 | DUMBTHROW; |
160 | DUMBTHROW; |
160 | DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\''); |
161 | DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\''); |
161 | sqlite3_mem_t<char*> |
162 | sqlite3_mem_t<char*> |
162 | S = sqlite3_mprintf( |
163 | S = sqlite3_mprintf( |
163 | "UPDATE assoc SET a_itime=datetime('now')" |
164 | "UPDATE assoc SET a_itime=datetime('now')" |
164 | " WHERE a_op=%Q AND a_handle=%Q", |
165 | " WHERE a_op=%Q AND a_handle=%Q", |
165 | OP.c_str(), handle.c_str() ); |
166 | OP.c_str(), handle.c_str() ); |
166 | db.exec(S); |
167 | db.exec(S); |
167 | } |
168 | } |
168 | |
169 | |
169 | void check_nonce(const string& OP,const string& nonce) { |
170 | void check_nonce(const string& OP,const string& nonce) { |
170 | DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\''); |
171 | DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\''); |
171 | sqlite3_mem_t<char*> |
172 | sqlite3_mem_t<char*> |
172 | S = sqlite3_mprintf( |
173 | S = sqlite3_mprintf( |
173 | "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q", |
174 | "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q", |
174 | OP.c_str(), nonce.c_str()); |
175 | OP.c_str(), nonce.c_str()); |
175 | sqlite3_table_t T; |
176 | sqlite3_table_t T; |
176 | int nr,nc; |
177 | int nr,nc; |
177 | db.get_table(S,T,&nr,&nc); |
178 | db.get_table(S,T,&nr,&nc); |
178 | if(nr) |
179 | if(nr) |
179 | throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce"); |
180 | throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce"); |
180 | sqlite3_mem_t<char*> |
181 | sqlite3_mem_t<char*> |
181 | SS = sqlite3_mprintf( |
182 | SS = sqlite3_mprintf( |
182 | "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)", |
183 | "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)", |
183 | OP.c_str(), nonce.c_str()); |
184 | OP.c_str(), nonce.c_str()); |
184 | db.exec(SS); |
185 | db.exec(SS); |
185 | } |
186 | } |
186 | |
187 | |
187 | /* Session perisistent store */ |
188 | /* Session perisistent store */ |
188 | |
189 | |
189 | void begin_queueing() { |
190 | void begin_queueing() { |
190 | assert(as_id>=0); |
191 | assert(as_id>=0); |
191 | DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id); |
192 | DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id); |
192 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
193 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
193 | "DELETE FROM endpoints_queue" |
194 | "DELETE FROM endpoints_queue" |
194 | " WHERE as_id=%ld", |
195 | " WHERE as_id=%ld", |
195 | as_id); |
196 | as_id); |
196 | db.exec(S); |
197 | db.exec(S); |
197 | } |
198 | } |
198 | |
199 | |
199 | void queue_endpoint(const opkele::openid_endpoint_t& ep) { |
200 | void queue_endpoint(const opkele::openid_endpoint_t& ep) { |
200 | assert(as_id>=0); |
201 | assert(as_id>=0); |
201 | DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri); |
202 | DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri); |
202 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
203 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
203 | "INSERT INTO endpoints_queue" |
204 | "INSERT INTO endpoints_queue" |
204 | " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)" |
205 | " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)" |
205 | " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)", |
206 | " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)", |
206 | as_id,ordinal++, |
207 | as_id,ordinal++, |
207 | ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str()); |
208 | ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str()); |
208 | db.exec(S); |
209 | db.exec(S); |
209 | } |
210 | } |
210 | |
211 | |
211 | mutable openid_endpoint_t eqtop; |
212 | mutable openid_endpoint_t eqtop; |
212 | mutable bool have_eqtop; |
213 | mutable bool have_eqtop; |
213 | |
214 | |
214 | const openid_endpoint_t& get_endpoint() const { |
215 | const openid_endpoint_t& get_endpoint() const { |
215 | assert(as_id>=0); |
216 | assert(as_id>=0); |
216 | if(!have_eqtop) { |
217 | if(!have_eqtop) { |
217 | sqlite3_mem_t<char*> |
218 | sqlite3_mem_t<char*> |
218 | S = sqlite3_mprintf( |
219 | S = sqlite3_mprintf( |
219 | "SELECT" |
220 | "SELECT" |
220 | " eq_uri, eq_claimed_id, eq_local_id" |
221 | " eq_uri, eq_claimed_id, eq_local_id" |
221 | " FROM endpoints_queue" |
222 | " FROM endpoints_queue" |
222 | " JOIN auth_sessions USING(as_id)" |
223 | " JOIN auth_sessions USING(as_id)" |
223 | " WHERE hts_id=%Q AND as_id=%ld" |
224 | " WHERE hts_id=%Q AND as_id=%ld" |
224 | " ORDER BY eq_ctime,eq_ordinal" |
225 | " ORDER BY eq_ctime,eq_ordinal" |
225 | " LIMIT 1",htc.get_value().c_str(),as_id); |
226 | " LIMIT 1",htc.get_value().c_str(),as_id); |
226 | sqlite3_table_t T; int nr,nc; |
227 | sqlite3_table_t T; int nr,nc; |
227 | db.get_table(S,T,&nr,&nc); |
228 | db.get_table(S,T,&nr,&nc); |
228 | if(nr<1) |
229 | if(nr<1) |
229 | throw opkele::exception(OPKELE_CP_ "No more endpoints queued"); |
230 | throw opkele::exception(OPKELE_CP_ "No more endpoints queued"); |
230 | assert(nr==1); assert(nc==3); |
231 | assert(nr==1); assert(nc==3); |
231 | eqtop.uri = T.get(1,0,nc); |
232 | eqtop.uri = T.get(1,0,nc); |
232 | eqtop.claimed_id = T.get(1,1,nc); |
233 | eqtop.claimed_id = T.get(1,1,nc); |
233 | eqtop.local_id = T.get(1,2,nc); |
234 | eqtop.local_id = T.get(1,2,nc); |
234 | have_eqtop = true; |
235 | have_eqtop = true; |
235 | } |
236 | } |
236 | return eqtop; |
237 | return eqtop; |
237 | } |
238 | } |
238 | |
239 | |
239 | void next_endpoint() { |
240 | void next_endpoint() { |
240 | assert(as_id>=0); |
241 | assert(as_id>=0); |
241 | get_endpoint(); |
242 | get_endpoint(); |
242 | have_eqtop = false; |
243 | have_eqtop = false; |
243 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
244 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
244 | "DELETE FROM endpoints_queue" |
245 | "DELETE FROM endpoints_queue" |
245 | " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q", |
246 | " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q", |
246 | htc.get_value().c_str(),as_id, |
247 | htc.get_value().c_str(),as_id, |
247 | eqtop.uri.c_str()); |
248 | eqtop.uri.c_str()); |
248 | db.exec(S); |
249 | db.exec(S); |
249 | } |
250 | } |
250 | |
251 | |
251 | mutable string _nid; |
252 | mutable string _nid; |
252 | |
253 | |
253 | void set_normalized_id(const string& nid) { |
254 | void set_normalized_id(const string& nid) { |
254 | assert(as_id>=0); |
255 | assert(as_id>=0); |
255 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
256 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
256 | "UPDATE auth_sessions" |
257 | "UPDATE auth_sessions" |
257 | " SET as_normalized_id=%Q" |
258 | " SET as_normalized_id=%Q" |
258 | " WHERE hts_id=%Q and as_id=%ld", |
259 | " WHERE hts_id=%Q and as_id=%ld", |
259 | nid.c_str(), |
260 | nid.c_str(), |
260 | htc.get_value().c_str(),as_id); |
261 | htc.get_value().c_str(),as_id); |
261 | db.exec(S); |
262 | db.exec(S); |
262 | _nid = nid; |
263 | _nid = nid; |
263 | } |
264 | } |
264 | const string get_normalized_id() const { |
265 | const string get_normalized_id() const { |
265 | assert(as_id>=0); |
266 | assert(as_id>=0); |
266 | if(_nid.empty()) { |
267 | if(_nid.empty()) { |
267 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
268 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
268 | "SELECT as_normalized_id" |
269 | "SELECT as_normalized_id" |
269 | " FROM" |
270 | " FROM" |
270 | " auth_sessions" |
271 | " auth_sessions" |
271 | " WHERE" |
272 | " WHERE" |
272 | " hts_id=%Q AND as_id=%ld", |
273 | " hts_id=%Q AND as_id=%ld", |
273 | htc.get_value().c_str(),as_id); |
274 | htc.get_value().c_str(),as_id); |
274 | sqlite3_table_t T; int nr,nc; |
275 | sqlite3_table_t T; int nr,nc; |
275 | db.get_table(S,T,&nr,&nc); |
276 | db.get_table(S,T,&nr,&nc); |
276 | assert(nr==1); assert(nc==1); |
277 | assert(nr==1); assert(nc==1); |
277 | _nid = T.get(1,0,nc); |
278 | _nid = T.get(1,0,nc); |
278 | } |
279 | } |
279 | return _nid; |
280 | return _nid; |
280 | } |
281 | } |
281 | |
282 | |
282 | const string get_this_url() const { |
283 | const string get_this_url() const { |
283 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
284 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
284 | string rv = s?"https://":"http://"; |
285 | string rv = s?"https://":"http://"; |
285 | rv += gw.http_request_header("Host"); |
286 | rv += gw.http_request_header("Host"); |
286 | const string& port = gw.get_meta("SERVER_PORT"); |
287 | const string& port = gw.get_meta("SERVER_PORT"); |
287 | if( port!=(s?"443":"80") ) { |
288 | if( port!=(s?"443":"80") ) { |
288 | rv += ':'; rv += port; |
289 | rv += ':'; rv += port; |
289 | } |
290 | } |
290 | rv += gw.get_meta("REQUEST_URI"); |
291 | rv += gw.get_meta("REQUEST_URI"); |
291 | return rv; |
292 | return rv; |
292 | } |
293 | } |
293 | |
294 | |
294 | void initiate(const string& usi) { |
295 | void initiate(const string& usi) { |
295 | allocate_asid(); |
296 | allocate_asid(); |
296 | prequeue_RP::initiate(usi); |
297 | prequeue_RP::initiate(usi); |
297 | } |
298 | } |
298 | |
299 | |
299 | string get_self_url() const { |
300 | string get_self_url() const { |
300 | string rv = get_this_url(); |
301 | string rv = get_this_url(); |
301 | string::size_type q = rv.find('?'); |
302 | string::size_type q = rv.find('?'); |
302 | if(q!=string::npos) |
303 | if(q!=string::npos) |
303 | rv.erase(q); |
304 | rv.erase(q); |
304 | return rv; |
305 | return rv; |
305 | } |
306 | } |
306 | |
307 | |
307 | void allocate_asid() { |
308 | void allocate_asid() { |
308 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
309 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
309 | "INSERT INTO auth_sessions (hts_id)" |
310 | "INSERT INTO auth_sessions (hts_id)" |
310 | " VALUES (%Q)", |
311 | " VALUES (%Q)", |
311 | htc.get_value().c_str()); |
312 | htc.get_value().c_str()); |
312 | db.exec(S); |
313 | db.exec(S); |
313 | as_id = sqlite3_last_insert_rowid(db); |
314 | as_id = sqlite3_last_insert_rowid(db); |
314 | DOUT_("Allocated authentication session id "<<as_id); |
315 | DOUT_("Allocated authentication session id "<<as_id); |
315 | assert(as_id>=0); |
316 | assert(as_id>=0); |
316 | } |
317 | } |
317 | |
318 | |
318 | #ifdef DUMB_RP |
319 | #ifdef DUMB_RP |
319 | virtual assoc_t associate(const string& OP) { |
320 | virtual assoc_t associate(const string& OP) { |
320 | DUMBTHROW; |
321 | DUMBTHROW; |
321 | } |
322 | } |
322 | #endif |
323 | #endif |
323 | }; |
324 | }; |
324 | |
325 | |
325 | int main(int,char **) { |
326 | int main(int,char **) { |
326 | try { |
327 | try { |
327 | kingate::plaincgi_interface ci; |
328 | kingate::plaincgi_interface ci; |
328 | kingate::cgi_gateway gw(ci); |
329 | kingate::cgi_gateway gw(ci); |
329 | string op; |
330 | string op; |
330 | try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } |
331 | try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } |
331 | if(op=="initiate") { |
332 | if(op=="initiate") { |
332 | example_rp_t rp(gw); |
333 | example_rp_t rp(gw); |
333 | string usi = gw.get_param("openid_identity"); |
334 | string usi = gw.get_param("openid_identity"); |
334 | rp.initiate(usi); |
335 | rp.initiate(usi); |
335 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
336 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
336 | opkele::openid_message_t cm; |
337 | opkele::openid_message_t cm; |
337 | string loc; |
338 | string loc; |
338 | cout << |
339 | cout << |
339 | "Set-Cookie: " << rp.htc.set_cookie_header() << "\n" |
340 | "Set-Cookie: " << rp.htc.set_cookie_header() << "\n" |
340 | "Status: 302 Going to OP\n" |
341 | "Status: 302 Going to OP\n" |
341 | "Location: " << ( |
342 | "Location: " << ( |
342 | loc = rp.checkid_(cm,opkele::mode_checkid_setup, |
343 | loc = rp.checkid_(cm,opkele::mode_checkid_setup, |
343 | rp.get_self_url()+ |
344 | rp.get_self_url()+ |
344 | "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id), |
345 | "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id), |
345 | rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri) |
346 | rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri) |
346 | ) |
347 | ) |
347 | << "\n\n"; |
348 | << "\n\n"; |
348 | DOUT_("Going to " << loc); |
349 | DOUT_("Going to " << loc); |
349 | }else if(op=="confirm") { |
350 | }else if(op=="confirm") { |
350 | kingate_openid_message_t om(gw); |
351 | kingate_openid_message_t om(gw); |
351 | example_rp_t rp(gw); |
352 | example_rp_t rp(gw); |
352 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
353 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
353 | rp.id_res(om,&sreg); |
354 | rp.id_res(om,&sreg); |
354 | cout << |
355 | cout << |
355 | "Content-Type: text/plain\n\n"; |
356 | "Content-Type: text/plain\n\n"; |
356 | for(opkele::basic_openid_message::fields_iterator i=om.fields_begin(); |
357 | for(opkele::basic_openid_message::fields_iterator i=om.fields_begin(); |
357 | i!=om.fields_end();++i) { |
358 | i!=om.fields_end();++i) { |
358 | cout << *i << '=' << om.get_field(*i) << endl; |
359 | cout << *i << '=' << om.get_field(*i) << endl; |
359 | } |
360 | } |
360 | cout << endl |
361 | cout << endl |
361 | << "SREG fields: " << sreg.has_fields << endl; |
362 | << "SREG fields: " << sreg.has_fields << endl; |
362 | }else{ |
363 | }else{ |
363 | cout << |
364 | cout << |
364 | "Content-type: text/html\n\n" |
365 | "Content-type: text/html\n\n" |
365 | |
366 | |
366 | "<html>" |
367 | "<html>" |
367 | "<head><title>test RP</title></head>" |
368 | "<head><title>test RP</title></head>" |
368 | "<body>" |
369 | "<body>" |
369 | "<form action='' method='post'>" |
370 | "<form action='' method='post'>" |
370 | "<input type='hidden' name='op' value='initiate' />" |
371 | "<input type='hidden' name='op' value='initiate' />" |
371 | "<input type='text' name='openid_identity'/>" |
372 | "<input type='text' name='openid_identity'/>" |
372 | "<input type='submit' name='submit' value='submit' />" |
373 | "<input type='submit' name='submit' value='submit' />" |
373 | "</form>" |
374 | "</form>" |
374 | "<br/><br/>" |
375 | "<br/><br/>" |
375 | "<a href='?op=initiate&openid_identity=www.myopenid.com&dummy=" << time(0) << "'>login with myopenid.com account</a>" |
376 | "<a href='?op=initiate&openid_identity=www.myopenid.com&dummy=" << time(0) << "'>login with myopenid.com account</a>" |
376 | "<br/>" |
377 | "<br/>" |
377 | "</body" |
378 | "</body" |
378 | "</html>" |
379 | "</html>" |
379 | ; |
380 | ; |
380 | } |
381 | } |
381 | #ifdef OPKELE_HAVE_KONFORKA |
382 | #ifdef OPKELE_HAVE_KONFORKA |
382 | }catch(konforka::exception& e) { |
383 | }catch(konforka::exception& e) { |
383 | #else |
384 | #else |
384 | }catch(std::exception& e){ |
385 | }catch(std::exception& e){ |
385 | #endif |
386 | #endif |
386 | DOUT_("Oops: " << e.what()); |
387 | DOUT_("Oops: " << e.what()); |
387 | cout << "Content-Type: text/plain\n\n" |
388 | cout << "Content-Type: text/plain\n\n" |
388 | "Exception:\n" |
389 | "Exception:\n" |
389 | " what: " << e.what() << endl; |
390 | " what: " << e.what() << endl; |
390 | #ifdef OPKELE_HAVE_KONFORKA |
391 | #ifdef OPKELE_HAVE_KONFORKA |
391 | cout << " where: " << e.where() << endl; |
392 | cout << " where: " << e.where() << endl; |
392 | if(!e._seen.empty()) { |
393 | if(!e._seen.empty()) { |
393 | cout << " seen:" << endl; |
394 | cout << " seen:" << endl; |
394 | for(list<konforka::code_point>::const_iterator |
395 | for(list<konforka::code_point>::const_iterator |
395 | i=e._seen.begin();i!=e._seen.end();++i) { |
396 | i=e._seen.begin();i!=e._seen.end();++i) { |
396 | cout << " " << i->c_str() << endl; |
397 | cout << " " << i->c_str() << endl; |
397 | } |
398 | } |
398 | } |
399 | } |
399 | #endif |
400 | #endif |
400 | } |
401 | } |
401 | } |
402 | } |
|