|
|
|
| @@ -1,387 +1,388 @@ |
| 1 | #include <uuid/uuid.h> |
1 | #include <uuid/uuid.h> |
| 2 | #include <iostream> |
2 | #include <iostream> |
| 3 | #include <cassert> |
3 | #include <cassert> |
| |
4 | #include <cstdlib> |
| 4 | #include <stdexcept> |
5 | #include <stdexcept> |
| 5 | #include <string> |
6 | #include <string> |
| 6 | #include <set> |
7 | #include <set> |
| 7 | #include <iterator> |
8 | #include <iterator> |
| 8 | using namespace std; |
9 | using namespace std; |
| 9 | #include <kingate/exception.h> |
10 | #include <kingate/exception.h> |
| 10 | #include <kingate/plaincgi.h> |
11 | #include <kingate/plaincgi.h> |
| 11 | #include <kingate/cgi_gateway.h> |
12 | #include <kingate/cgi_gateway.h> |
| 12 | #include <opkele/exception.h> |
13 | #include <opkele/exception.h> |
| 13 | #include <opkele/types.h> |
14 | #include <opkele/types.h> |
| 14 | #include <opkele/util.h> |
15 | #include <opkele/util.h> |
| 15 | #include <opkele/uris.h> |
16 | #include <opkele/uris.h> |
| 16 | #include <opkele/discovery.h> |
17 | #include <opkele/discovery.h> |
| 17 | #include <opkele/association.h> |
18 | #include <opkele/association.h> |
| 18 | #include <opkele/sreg.h> |
19 | #include <opkele/sreg.h> |
| 19 | using namespace opkele; |
20 | using namespace opkele; |
| 20 | #include <opkele/prequeue_rp.h> |
21 | #include <opkele/prequeue_rp.h> |
| 21 | #include <opkele/debug.h> |
22 | #include <opkele/debug.h> |
| 22 | |
23 | |
| 23 | #include "sqlite.h" |
24 | #include "sqlite.h" |
| 24 | #include "kingate_openid_message.h" |
25 | #include "kingate_openid_message.h" |
| 25 | |
26 | |
| 26 | #undef DUMB_RP |
27 | #undef DUMB_RP |
| 27 | |
28 | |
| 28 | #ifdef DUMB_RP |
29 | #ifdef DUMB_RP |
| 29 | # define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb") |
30 | # define DUMBTHROW throw opkele::dumb_RP(OPKELE_CP_ "This RP is dumb") |
| 30 | #else |
31 | #else |
| 31 | # define DUMBTHROW (void)0 |
32 | # define DUMBTHROW (void)0 |
| 32 | #endif |
33 | #endif |
| 33 | |
34 | |
| 34 | class rpdb_t : public sqlite3_t { |
35 | class rpdb_t : public sqlite3_t { |
| 35 | public: |
36 | public: |
| 36 | rpdb_t() |
37 | rpdb_t() |
| 37 | : sqlite3_t("/tmp/RP.db") { |
38 | : sqlite3_t("/tmp/RP.db") { |
| 38 | assert(_D); |
39 | assert(_D); |
| 39 | char **resp; int nrow,ncol; char *errm; |
40 | char **resp; int nrow,ncol; char *errm; |
| 40 | if(sqlite3_get_table( |
41 | if(sqlite3_get_table( |
| 41 | _D,"SELECT a_op FROM assoc LIMIT 0", |
42 | _D,"SELECT a_op FROM assoc LIMIT 0", |
| 42 | &resp,&nrow,&ncol,&errm)!=SQLITE_OK) { |
43 | &resp,&nrow,&ncol,&errm)!=SQLITE_OK) { |
| 43 | extern const char *__RP_db_bootstrap; |
44 | extern const char *__RP_db_bootstrap; |
| 44 | DOUT_("Bootstrapping DB"); |
45 | DOUT_("Bootstrapping DB"); |
| 45 | if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
46 | if(sqlite3_exec(_D,__RP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
| 46 | throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm); |
47 | throw opkele::exception(OPKELE_CP_ string("Failed to bootstrap SQLite database: ")+errm); |
| 47 | }else |
48 | }else |
| 48 | sqlite3_free_table(resp); |
49 | sqlite3_free_table(resp); |
| 49 | |
50 | |
| 50 | } |
51 | } |
| 51 | }; |
52 | }; |
| 52 | |
53 | |
| 53 | class example_rp_t : public opkele::prequeue_RP { |
54 | class example_rp_t : public opkele::prequeue_RP { |
| 54 | public: |
55 | public: |
| 55 | mutable rpdb_t db; |
56 | mutable rpdb_t db; |
| 56 | kingate::cookie htc; |
57 | kingate::cookie htc; |
| 57 | long as_id; |
58 | long as_id; |
| 58 | int ordinal; |
59 | int ordinal; |
| 59 | kingate::cgi_gateway& gw; |
60 | kingate::cgi_gateway& gw; |
| 60 | |
61 | |
| 61 | example_rp_t(kingate::cgi_gateway& g) |
62 | example_rp_t(kingate::cgi_gateway& g) |
| 62 | : as_id(-1), ordinal(0), gw(g), have_eqtop(false) { |
63 | : as_id(-1), ordinal(0), gw(g), have_eqtop(false) { |
| 63 | try { |
64 | try { |
| 64 | htc = gw.cookies.get_cookie("ht_session"); |
65 | htc = gw.cookies.get_cookie("ht_session"); |
| 65 | as_id = opkele::util::string_to_long(gw.get_param("asid")); |
66 | as_id = opkele::util::string_to_long(gw.get_param("asid")); |
| 66 | }catch(kingate::exception_notfound& kenf) { |
67 | }catch(kingate::exception_notfound& kenf) { |
| 67 | uuid_t uuid; uuid_generate(uuid); |
68 | uuid_t uuid; uuid_generate(uuid); |
| 68 | htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid))); |
69 | htc = kingate::cookie("ht_session",util::encode_base64(uuid,sizeof(uuid))); |
| 69 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
70 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 70 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
71 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
| 71 | htc.get_value().c_str()); |
72 | htc.get_value().c_str()); |
| 72 | db.exec(S); |
73 | db.exec(S); |
| 73 | } |
74 | } |
| 74 | } |
75 | } |
| 75 | |
76 | |
| 76 | /* Global persistent store */ |
77 | /* Global persistent store */ |
| 77 | |
78 | |
| 78 | opkele::assoc_t store_assoc( |
79 | opkele::assoc_t store_assoc( |
| 79 | const string& OP,const string& handle, |
80 | const string& OP,const string& handle, |
| 80 | const string& type,const secret_t& secret, |
81 | const string& type,const secret_t& secret, |
| 81 | int expires_in) { |
82 | int expires_in) { |
| 82 | DUMBTHROW; |
83 | DUMBTHROW; |
| 83 | DOUT_("Storing '" << handle << "' assoc with '" << OP << "'"); |
84 | DOUT_("Storing '" << handle << "' assoc with '" << OP << "'"); |
| 84 | time_t exp = time(0)+expires_in; |
85 | time_t exp = time(0)+expires_in; |
| 85 | sqlite3_mem_t<char*> |
86 | sqlite3_mem_t<char*> |
| 86 | S = sqlite3_mprintf( |
87 | S = sqlite3_mprintf( |
| 87 | "INSERT INTO assoc" |
88 | "INSERT INTO assoc" |
| 88 | " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)" |
89 | " (a_op,a_handle,a_type,a_ctime,a_etime,a_secret)" |
| 89 | " VALUES (" |
90 | " VALUES (" |
| 90 | " %Q,%Q,%Q," |
91 | " %Q,%Q,%Q," |
| 91 | " datetime('now'), datetime('now','+%d seconds')," |
92 | " datetime('now'), datetime('now','+%d seconds')," |
| 92 | " %Q" |
93 | " %Q" |
| 93 | " );", OP.c_str(), handle.c_str(), type.c_str(), |
94 | " );", OP.c_str(), handle.c_str(), type.c_str(), |
| 94 | expires_in, |
95 | expires_in, |
| 95 | util::encode_base64(&(secret.front()),secret.size()).c_str() ); |
96 | util::encode_base64(&(secret.front()),secret.size()).c_str() ); |
| 96 | db.exec(S); |
97 | db.exec(S); |
| 97 | return opkele::assoc_t(new opkele::association( |
98 | return opkele::assoc_t(new opkele::association( |
| 98 | OP, handle, type, secret, exp, false )); |
99 | OP, handle, type, secret, exp, false )); |
| 99 | } |
100 | } |
| 100 | |
101 | |
| 101 | opkele::assoc_t find_assoc( |
102 | opkele::assoc_t find_assoc( |
| 102 | const string& OP) { |
103 | const string& OP) { |
| 103 | DUMBTHROW; |
104 | DUMBTHROW; |
| 104 | DOUT_("Looking for an assoc with '" << OP << '\''); |
105 | DOUT_("Looking for an assoc with '" << OP << '\''); |
| 105 | sqlite3_mem_t<char*> |
106 | sqlite3_mem_t<char*> |
| 106 | S = sqlite3_mprintf( |
107 | S = sqlite3_mprintf( |
| 107 | "SELECT" |
108 | "SELECT" |
| 108 | " a_op,a_handle,a_type,a_secret," |
109 | " a_op,a_handle,a_type,a_secret," |
| 109 | " strftime('%%s',a_etime) AS a_etime" |
110 | " strftime('%%s',a_etime) AS a_etime" |
| 110 | " FROM assoc" |
111 | " FROM assoc" |
| 111 | " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless" |
112 | " WHERE a_op=%Q AND a_itime IS NULL AND NOT a_stateless" |
| 112 | " AND ( a_etime > datetime('now','-30 seconds') )" |
113 | " AND ( a_etime > datetime('now','-30 seconds') )" |
| 113 | " LIMIT 1", |
114 | " LIMIT 1", |
| 114 | OP.c_str()); |
115 | OP.c_str()); |
| 115 | sqlite3_table_t T; |
116 | sqlite3_table_t T; |
| 116 | int nr,nc; |
117 | int nr,nc; |
| 117 | db.get_table(S,T,&nr,&nc); |
118 | db.get_table(S,T,&nr,&nc); |
| 118 | if(nr<1) |
119 | if(nr<1) |
| 119 | throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle"); |
120 | throw opkele::failed_lookup(OPKELE_CP_ "Couldn't find unexpired handle"); |
| 120 | assert(nr==1); |
121 | assert(nr==1); |
| 121 | assert(nc==5); |
122 | assert(nc==5); |
| 122 | secret_t secret; |
123 | secret_t secret; |
| 123 | util::decode_base64(T.get(1,3,nc),secret); |
124 | util::decode_base64(T.get(1,3,nc),secret); |
| 124 | DOUT_(" found '" << T.get(1,1,nc) << '\''); |
125 | DOUT_(" found '" << T.get(1,1,nc) << '\''); |
| 125 | return opkele::assoc_t(new opkele::association( |
126 | return opkele::assoc_t(new opkele::association( |
| 126 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
127 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
| 127 | secret, strtol(T.get(1,4,nc),0,0), false )); |
128 | secret, strtol(T.get(1,4,nc),0,0), false )); |
| 128 | } |
129 | } |
| 129 | |
130 | |
| 130 | opkele::assoc_t retrieve_assoc( |
131 | opkele::assoc_t retrieve_assoc( |
| 131 | const string& OP,const string& handle) { |
132 | const string& OP,const string& handle) { |
| 132 | DUMBTHROW; |
133 | DUMBTHROW; |
| 133 | DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\''); |
134 | DOUT_("Retrieving assoc '" << handle << "' with '" << OP << '\''); |
| 134 | sqlite3_mem_t<char*> |
135 | sqlite3_mem_t<char*> |
| 135 | S = sqlite3_mprintf( |
136 | S = sqlite3_mprintf( |
| 136 | "SELECT" |
137 | "SELECT" |
| 137 | " a_op,a_handle,a_type,a_secret," |
138 | " a_op,a_handle,a_type,a_secret," |
| 138 | " strftime('%%s',a_etime) AS a_etime" |
139 | " strftime('%%s',a_etime) AS a_etime" |
| 139 | " FROM assoc" |
140 | " FROM assoc" |
| 140 | " WHERE a_op=%Q AND a_handle=%Q" |
141 | " WHERE a_op=%Q AND a_handle=%Q" |
| 141 | " AND a_itime IS NULL AND NOT a_stateless" |
142 | " AND a_itime IS NULL AND NOT a_stateless" |
| 142 | " LIMIT 1", |
143 | " LIMIT 1", |
| 143 | OP.c_str(),handle.c_str()); |
144 | OP.c_str(),handle.c_str()); |
| 144 | sqlite3_table_t T; |
145 | sqlite3_table_t T; |
| 145 | int nr,nc; |
146 | int nr,nc; |
| 146 | db.get_table(S,T,&nr,&nc); |
147 | db.get_table(S,T,&nr,&nc); |
| 147 | if(nr<1) |
148 | if(nr<1) |
| 148 | throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association"); |
149 | throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid association"); |
| 149 | assert(nr==1); assert(nc==5); |
150 | assert(nr==1); assert(nc==5); |
| 150 | secret_t secret; util::decode_base64(T.get(1,3,nc),secret); |
151 | secret_t secret; util::decode_base64(T.get(1,3,nc),secret); |
| 151 | DOUT_(" found. type=" << T.get(1,2,nc) << '\''); |
152 | DOUT_(" found. type=" << T.get(1,2,nc) << '\''); |
| 152 | return opkele::assoc_t(new opkele::association( |
153 | return opkele::assoc_t(new opkele::association( |
| 153 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
154 | T.get(1,0,nc), T.get(1,1,nc), T.get(1,2,nc), |
| 154 | secret, strtol(T.get(1,4,nc),0,0), false )); |
155 | secret, strtol(T.get(1,4,nc),0,0), false )); |
| 155 | } |
156 | } |
| 156 | |
157 | |
| 157 | void invalidate_assoc( |
158 | void invalidate_assoc( |
| 158 | const string& OP,const string& handle) { |
159 | const string& OP,const string& handle) { |
| 159 | DUMBTHROW; |
160 | DUMBTHROW; |
| 160 | DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\''); |
161 | DOUT_("Invalidating assoc '" << handle << "' with '" << OP << '\''); |
| 161 | sqlite3_mem_t<char*> |
162 | sqlite3_mem_t<char*> |
| 162 | S = sqlite3_mprintf( |
163 | S = sqlite3_mprintf( |
| 163 | "UPDATE assoc SET a_itime=datetime('now')" |
164 | "UPDATE assoc SET a_itime=datetime('now')" |
| 164 | " WHERE a_op=%Q AND a_handle=%Q", |
165 | " WHERE a_op=%Q AND a_handle=%Q", |
| 165 | OP.c_str(), handle.c_str() ); |
166 | OP.c_str(), handle.c_str() ); |
| 166 | db.exec(S); |
167 | db.exec(S); |
| 167 | } |
168 | } |
| 168 | |
169 | |
| 169 | void check_nonce(const string& OP,const string& nonce) { |
170 | void check_nonce(const string& OP,const string& nonce) { |
| 170 | DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\''); |
171 | DOUT_("Checking nonce '" << nonce << "' from '" << OP << '\''); |
| 171 | sqlite3_mem_t<char*> |
172 | sqlite3_mem_t<char*> |
| 172 | S = sqlite3_mprintf( |
173 | S = sqlite3_mprintf( |
| 173 | "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q", |
174 | "SELECT 1 FROM nonces WHERE n_op=%Q AND n_once=%Q", |
| 174 | OP.c_str(), nonce.c_str()); |
175 | OP.c_str(), nonce.c_str()); |
| 175 | sqlite3_table_t T; |
176 | sqlite3_table_t T; |
| 176 | int nr,nc; |
177 | int nr,nc; |
| 177 | db.get_table(S,T,&nr,&nc); |
178 | db.get_table(S,T,&nr,&nc); |
| 178 | if(nr) |
179 | if(nr) |
| 179 | throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce"); |
180 | throw opkele::id_res_bad_nonce(OPKELE_CP_ "already seen that nonce"); |
| 180 | sqlite3_mem_t<char*> |
181 | sqlite3_mem_t<char*> |
| 181 | SS = sqlite3_mprintf( |
182 | SS = sqlite3_mprintf( |
| 182 | "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)", |
183 | "INSERT INTO nonces (n_op,n_once) VALUES (%Q,%Q)", |
| 183 | OP.c_str(), nonce.c_str()); |
184 | OP.c_str(), nonce.c_str()); |
| 184 | db.exec(SS); |
185 | db.exec(SS); |
| 185 | } |
186 | } |
| 186 | |
187 | |
| 187 | /* Session perisistent store */ |
188 | /* Session perisistent store */ |
| 188 | |
189 | |
| 189 | void begin_queueing() { |
190 | void begin_queueing() { |
| 190 | assert(as_id>=0); |
191 | assert(as_id>=0); |
| 191 | DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id); |
192 | DOUT_("Resetting queue for session '" << htc.get_value() << "'/" << as_id); |
| 192 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
193 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 193 | "DELETE FROM endpoints_queue" |
194 | "DELETE FROM endpoints_queue" |
| 194 | " WHERE as_id=%ld", |
195 | " WHERE as_id=%ld", |
| 195 | as_id); |
196 | as_id); |
| 196 | db.exec(S); |
197 | db.exec(S); |
| 197 | } |
198 | } |
| 198 | |
199 | |
| 199 | void queue_endpoint(const opkele::openid_endpoint_t& ep) { |
200 | void queue_endpoint(const opkele::openid_endpoint_t& ep) { |
| 200 | assert(as_id>=0); |
201 | assert(as_id>=0); |
| 201 | DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri); |
202 | DOUT_("Queueing endpoint " << ep.claimed_id << " : " << ep.local_id << " @ " << ep.uri); |
| 202 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
203 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 203 | "INSERT INTO endpoints_queue" |
204 | "INSERT INTO endpoints_queue" |
| 204 | " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)" |
205 | " (as_id,eq_ctime,eq_ordinal,eq_uri,eq_claimed_id,eq_local_id)" |
| 205 | " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)", |
206 | " VALUES (%ld,strftime('%%s','now'),%d,%Q,%Q,%Q)", |
| 206 | as_id,ordinal++, |
207 | as_id,ordinal++, |
| 207 | ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str()); |
208 | ep.uri.c_str(),ep.claimed_id.c_str(),ep.local_id.c_str()); |
| 208 | db.exec(S); |
209 | db.exec(S); |
| 209 | } |
210 | } |
| 210 | |
211 | |
| 211 | mutable openid_endpoint_t eqtop; |
212 | mutable openid_endpoint_t eqtop; |
| 212 | mutable bool have_eqtop; |
213 | mutable bool have_eqtop; |
| 213 | |
214 | |
| 214 | const openid_endpoint_t& get_endpoint() const { |
215 | const openid_endpoint_t& get_endpoint() const { |
| 215 | assert(as_id>=0); |
216 | assert(as_id>=0); |
| 216 | if(!have_eqtop) { |
217 | if(!have_eqtop) { |
| 217 | sqlite3_mem_t<char*> |
218 | sqlite3_mem_t<char*> |
| 218 | S = sqlite3_mprintf( |
219 | S = sqlite3_mprintf( |
| 219 | "SELECT" |
220 | "SELECT" |
| 220 | " eq_uri, eq_claimed_id, eq_local_id" |
221 | " eq_uri, eq_claimed_id, eq_local_id" |
| 221 | " FROM endpoints_queue" |
222 | " FROM endpoints_queue" |
| 222 | " JOIN auth_sessions USING(as_id)" |
223 | " JOIN auth_sessions USING(as_id)" |
| 223 | " WHERE hts_id=%Q AND as_id=%ld" |
224 | " WHERE hts_id=%Q AND as_id=%ld" |
| 224 | " ORDER BY eq_ctime,eq_ordinal" |
225 | " ORDER BY eq_ctime,eq_ordinal" |
| 225 | " LIMIT 1",htc.get_value().c_str(),as_id); |
226 | " LIMIT 1",htc.get_value().c_str(),as_id); |
| 226 | sqlite3_table_t T; int nr,nc; |
227 | sqlite3_table_t T; int nr,nc; |
| 227 | db.get_table(S,T,&nr,&nc); |
228 | db.get_table(S,T,&nr,&nc); |
| 228 | if(nr<1) |
229 | if(nr<1) |
| 229 | throw opkele::exception(OPKELE_CP_ "No more endpoints queued"); |
230 | throw opkele::exception(OPKELE_CP_ "No more endpoints queued"); |
| 230 | assert(nr==1); assert(nc==3); |
231 | assert(nr==1); assert(nc==3); |
| 231 | eqtop.uri = T.get(1,0,nc); |
232 | eqtop.uri = T.get(1,0,nc); |
| 232 | eqtop.claimed_id = T.get(1,1,nc); |
233 | eqtop.claimed_id = T.get(1,1,nc); |
| 233 | eqtop.local_id = T.get(1,2,nc); |
234 | eqtop.local_id = T.get(1,2,nc); |
| 234 | have_eqtop = true; |
235 | have_eqtop = true; |
| 235 | } |
236 | } |
| 236 | return eqtop; |
237 | return eqtop; |
| 237 | } |
238 | } |
| 238 | |
239 | |
| 239 | void next_endpoint() { |
240 | void next_endpoint() { |
| 240 | assert(as_id>=0); |
241 | assert(as_id>=0); |
| 241 | get_endpoint(); |
242 | get_endpoint(); |
| 242 | have_eqtop = false; |
243 | have_eqtop = false; |
| 243 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
244 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 244 | "DELETE FROM endpoints_queue" |
245 | "DELETE FROM endpoints_queue" |
| 245 | " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q", |
246 | " WHERE as_id=%ld AND eq_uri=%Q AND eq_local_id=%Q", |
| 246 | htc.get_value().c_str(),as_id, |
247 | htc.get_value().c_str(),as_id, |
| 247 | eqtop.uri.c_str()); |
248 | eqtop.uri.c_str()); |
| 248 | db.exec(S); |
249 | db.exec(S); |
| 249 | } |
250 | } |
| 250 | |
251 | |
| 251 | mutable string _nid; |
252 | mutable string _nid; |
| 252 | |
253 | |
| 253 | void set_normalized_id(const string& nid) { |
254 | void set_normalized_id(const string& nid) { |
| 254 | assert(as_id>=0); |
255 | assert(as_id>=0); |
| 255 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
256 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 256 | "UPDATE auth_sessions" |
257 | "UPDATE auth_sessions" |
| 257 | " SET as_normalized_id=%Q" |
258 | " SET as_normalized_id=%Q" |
| 258 | " WHERE hts_id=%Q and as_id=%ld", |
259 | " WHERE hts_id=%Q and as_id=%ld", |
| 259 | nid.c_str(), |
260 | nid.c_str(), |
| 260 | htc.get_value().c_str(),as_id); |
261 | htc.get_value().c_str(),as_id); |
| 261 | db.exec(S); |
262 | db.exec(S); |
| 262 | _nid = nid; |
263 | _nid = nid; |
| 263 | } |
264 | } |
| 264 | const string get_normalized_id() const { |
265 | const string get_normalized_id() const { |
| 265 | assert(as_id>=0); |
266 | assert(as_id>=0); |
| 266 | if(_nid.empty()) { |
267 | if(_nid.empty()) { |
| 267 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
268 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 268 | "SELECT as_normalized_id" |
269 | "SELECT as_normalized_id" |
| 269 | " FROM" |
270 | " FROM" |
| 270 | " auth_sessions" |
271 | " auth_sessions" |
| 271 | " WHERE" |
272 | " WHERE" |
| 272 | " hts_id=%Q AND as_id=%ld", |
273 | " hts_id=%Q AND as_id=%ld", |
| 273 | htc.get_value().c_str(),as_id); |
274 | htc.get_value().c_str(),as_id); |
| 274 | sqlite3_table_t T; int nr,nc; |
275 | sqlite3_table_t T; int nr,nc; |
| 275 | db.get_table(S,T,&nr,&nc); |
276 | db.get_table(S,T,&nr,&nc); |
| 276 | assert(nr==1); assert(nc==1); |
277 | assert(nr==1); assert(nc==1); |
| 277 | _nid = T.get(1,0,nc); |
278 | _nid = T.get(1,0,nc); |
| 278 | } |
279 | } |
| 279 | return _nid; |
280 | return _nid; |
| 280 | } |
281 | } |
| 281 | |
282 | |
| 282 | const string get_this_url() const { |
283 | const string get_this_url() const { |
| 283 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
284 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
| 284 | string rv = s?"https://":"http://"; |
285 | string rv = s?"https://":"http://"; |
| 285 | rv += gw.http_request_header("Host"); |
286 | rv += gw.http_request_header("Host"); |
| 286 | const string& port = gw.get_meta("SERVER_PORT"); |
287 | const string& port = gw.get_meta("SERVER_PORT"); |
| 287 | if( port!=(s?"443":"80") ) { |
288 | if( port!=(s?"443":"80") ) { |
| 288 | rv += ':'; rv += port; |
289 | rv += ':'; rv += port; |
| 289 | } |
290 | } |
| 290 | rv += gw.get_meta("REQUEST_URI"); |
291 | rv += gw.get_meta("REQUEST_URI"); |
| 291 | return rv; |
292 | return rv; |
| 292 | } |
293 | } |
| 293 | |
294 | |
| 294 | void initiate(const string& usi) { |
295 | void initiate(const string& usi) { |
| 295 | allocate_asid(); |
296 | allocate_asid(); |
| 296 | prequeue_RP::initiate(usi); |
297 | prequeue_RP::initiate(usi); |
| 297 | } |
298 | } |
| 298 | |
299 | |
| 299 | string get_self_url() const { |
300 | string get_self_url() const { |
| 300 | string rv = get_this_url(); |
301 | string rv = get_this_url(); |
| 301 | string::size_type q = rv.find('?'); |
302 | string::size_type q = rv.find('?'); |
| 302 | if(q!=string::npos) |
303 | if(q!=string::npos) |
| 303 | rv.erase(q); |
304 | rv.erase(q); |
| 304 | return rv; |
305 | return rv; |
| 305 | } |
306 | } |
| 306 | |
307 | |
| 307 | void allocate_asid() { |
308 | void allocate_asid() { |
| 308 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
309 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 309 | "INSERT INTO auth_sessions (hts_id)" |
310 | "INSERT INTO auth_sessions (hts_id)" |
| 310 | " VALUES (%Q)", |
311 | " VALUES (%Q)", |
| 311 | htc.get_value().c_str()); |
312 | htc.get_value().c_str()); |
| 312 | db.exec(S); |
313 | db.exec(S); |
| 313 | as_id = sqlite3_last_insert_rowid(db); |
314 | as_id = sqlite3_last_insert_rowid(db); |
| 314 | DOUT_("Allocated authentication session id "<<as_id); |
315 | DOUT_("Allocated authentication session id "<<as_id); |
| 315 | assert(as_id>=0); |
316 | assert(as_id>=0); |
| 316 | } |
317 | } |
| 317 | |
318 | |
| 318 | #ifdef DUMB_RP |
319 | #ifdef DUMB_RP |
| 319 | virtual assoc_t associate(const string& OP) { |
320 | virtual assoc_t associate(const string& OP) { |
| 320 | DUMBTHROW; |
321 | DUMBTHROW; |
| 321 | } |
322 | } |
| 322 | #endif |
323 | #endif |
| 323 | }; |
324 | }; |
| 324 | |
325 | |
| 325 | int main(int,char **) { |
326 | int main(int,char **) { |
| 326 | try { |
327 | try { |
| 327 | kingate::plaincgi_interface ci; |
328 | kingate::plaincgi_interface ci; |
| 328 | kingate::cgi_gateway gw(ci); |
329 | kingate::cgi_gateway gw(ci); |
| 329 | string op; |
330 | string op; |
| 330 | try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } |
331 | try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } |
| 331 | if(op=="initiate") { |
332 | if(op=="initiate") { |
| 332 | example_rp_t rp(gw); |
333 | example_rp_t rp(gw); |
| 333 | string usi = gw.get_param("openid_identity"); |
334 | string usi = gw.get_param("openid_identity"); |
| 334 | rp.initiate(usi); |
335 | rp.initiate(usi); |
| 335 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
336 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
| 336 | opkele::openid_message_t cm; |
337 | opkele::openid_message_t cm; |
| 337 | string loc; |
338 | string loc; |
| 338 | cout << |
339 | cout << |
| 339 | "Set-Cookie: " << rp.htc.set_cookie_header() << "\n" |
340 | "Set-Cookie: " << rp.htc.set_cookie_header() << "\n" |
| 340 | "Status: 302 Going to OP\n" |
341 | "Status: 302 Going to OP\n" |
| 341 | "Location: " << ( |
342 | "Location: " << ( |
| 342 | loc = rp.checkid_(cm,opkele::mode_checkid_setup, |
343 | loc = rp.checkid_(cm,opkele::mode_checkid_setup, |
| 343 | rp.get_self_url()+ |
344 | rp.get_self_url()+ |
| 344 | "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id), |
345 | "?op=confirm&asid="+opkele::util::long_to_string(rp.as_id), |
| 345 | rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri) |
346 | rp.get_self_url(),&sreg).append_query(rp.get_endpoint().uri) |
| 346 | ) |
347 | ) |
| 347 | << "\n\n"; |
348 | << "\n\n"; |
| 348 | DOUT_("Going to " << loc); |
349 | DOUT_("Going to " << loc); |
| 349 | }else if(op=="confirm") { |
350 | }else if(op=="confirm") { |
| 350 | kingate_openid_message_t om(gw); |
351 | kingate_openid_message_t om(gw); |
| 351 | example_rp_t rp(gw); |
352 | example_rp_t rp(gw); |
| 352 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
353 | opkele::sreg_t sreg(opkele::sreg_t::fields_NONE,opkele::sreg_t::fields_ALL); |
| 353 | rp.id_res(om,&sreg); |
354 | rp.id_res(om,&sreg); |
| 354 | cout << |
355 | cout << |
| 355 | "Content-Type: text/plain\n\n"; |
356 | "Content-Type: text/plain\n\n"; |
| 356 | for(opkele::basic_openid_message::fields_iterator i=om.fields_begin(); |
357 | for(opkele::basic_openid_message::fields_iterator i=om.fields_begin(); |
| 357 | i!=om.fields_end();++i) { |
358 | i!=om.fields_end();++i) { |
| 358 | cout << *i << '=' << om.get_field(*i) << endl; |
359 | cout << *i << '=' << om.get_field(*i) << endl; |
| 359 | } |
360 | } |
| 360 | cout << endl |
361 | cout << endl |
| 361 | << "SREG fields: " << sreg.has_fields << endl; |
362 | << "SREG fields: " << sreg.has_fields << endl; |
| 362 | }else{ |
363 | }else{ |
| 363 | cout << |
364 | cout << |
| 364 | "Content-type: text/html\n\n" |
365 | "Content-type: text/html\n\n" |
| 365 | |
366 | |
| 366 | "<html>" |
367 | "<html>" |
| 367 | "<head><title>test RP</title></head>" |
368 | "<head><title>test RP</title></head>" |
| 368 | "<body>" |
369 | "<body>" |
| 369 | "<form action='' method='post'>" |
370 | "<form action='' method='post'>" |
| 370 | "<input type='hidden' name='op' value='initiate' />" |
371 | "<input type='hidden' name='op' value='initiate' />" |
| 371 | "<input type='text' name='openid_identity'/>" |
372 | "<input type='text' name='openid_identity'/>" |
| 372 | "<input type='submit' name='submit' value='submit' />" |
373 | "<input type='submit' name='submit' value='submit' />" |
| 373 | "</form>" |
374 | "</form>" |
| 374 | "<br/><br/>" |
375 | "<br/><br/>" |
| 375 | "<a href='?op=initiate&openid_identity=www.myopenid.com&dummy=" << time(0) << "'>login with myopenid.com account</a>" |
376 | "<a href='?op=initiate&openid_identity=www.myopenid.com&dummy=" << time(0) << "'>login with myopenid.com account</a>" |
| 376 | "<br/>" |
377 | "<br/>" |
| 377 | "</body" |
378 | "</body" |
| 378 | "</html>" |
379 | "</html>" |
| 379 | ; |
380 | ; |
| 380 | } |
381 | } |
| 381 | #ifdef OPKELE_HAVE_KONFORKA |
382 | #ifdef OPKELE_HAVE_KONFORKA |
| 382 | }catch(konforka::exception& e) { |
383 | }catch(konforka::exception& e) { |
| 383 | #else |
384 | #else |
| 384 | }catch(std::exception& e){ |
385 | }catch(std::exception& e){ |
| 385 | #endif |
386 | #endif |
| 386 | DOUT_("Oops: " << e.what()); |
387 | DOUT_("Oops: " << e.what()); |
| 387 | cout << "Content-Type: text/plain\n\n" |
388 | cout << "Content-Type: text/plain\n\n" |
|
