entp-ruby-openid 2.2

data/lib/openid/extras.rb

@@ -0,0 +1,11 @@
+class String
+  def starts_with?(other)
+    head = self[0, other.length]
+    head == other
+  end
+
+  def ends_with?(other)
+    tail = self[-1 * other.length, other.length]
+    tail == other
+  end
+end

data/lib/openid/fetchers.rb

@@ -0,0 +1,258 @@
+require 'net/http'
+require 'openid'
+require 'openid/util'
+
+begin
+  require 'net/https'
+rescue LoadError
+  OpenID::Util.log('WARNING: no SSL support found.  Will not be able ' +
+                   'to fetch HTTPS URLs!')
+  require 'net/http'
+end
+
+MAX_RESPONSE_KB = 1024
+
+module Net
+  class HTTP
+    def post_connection_check(hostname)
+      check_common_name = true
+      cert = @socket.io.peer_cert
+      cert.extensions.each { |ext|
+        next if ext.oid != "subjectAltName"
+        ext.value.split(/,\s+/).each{ |general_name|
+          if /\ADNS:(.*)/ =~ general_name
+            check_common_name = false
+            reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
+            return true if /\A#{reg}\z/i =~ hostname
+          elsif /\AIP Address:(.*)/ =~ general_name
+            check_common_name = false
+            return true if $1 == hostname
+          end
+        }
+      }
+      if check_common_name
+        cert.subject.to_a.each{ |oid, value|
+          if oid == "CN"
+            reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
+            return true if /\A#{reg}\z/i =~ hostname
+          end
+        }
+      end
+      raise OpenSSL::SSL::SSLError, "hostname does not match"
+    end
+  end
+end
+
+module OpenID
+  # Our HTTPResponse class extends Net::HTTPResponse with an additional
+  # method, final_url.
+  class HTTPResponse
+    attr_accessor :final_url
+
+    attr_accessor :_response
+
+    def self._from_net_response(response, final_url, headers=nil)
+      me = self.new
+      me._response = response
+      me.final_url = final_url
+      return me
+    end
+
+    def method_missing(method, *args)
+      @_response.send(method, *args)
+    end
+
+    def body=(s)
+      @_response.instance_variable_set('@body', s)
+      # XXX Hack to work around ruby's HTTP library behavior.  @body
+      # is only returned if it has been read from the response
+      # object's socket, but since we're not using a socket in this
+      # case, we need to set the @read flag to true to avoid a bug in
+      # Net::HTTPResponse.stream_check when @socket is nil.
+      @_response.instance_variable_set('@read', true)
+    end
+  end
+
+  class FetchingError < OpenIDError
+  end
+
+  class HTTPRedirectLimitReached < FetchingError
+  end
+
+  class SSLFetchingError < FetchingError
+  end
+
+  @fetcher = nil
+
+  def self.fetch(url, body=nil, headers=nil,
+                 redirect_limit=StandardFetcher::REDIRECT_LIMIT)
+    return fetcher.fetch(url, body, headers, redirect_limit)
+  end
+
+  def self.fetcher
+    if @fetcher.nil?
+      @fetcher = StandardFetcher.new
+    end
+
+    return @fetcher
+  end
+
+  def self.fetcher=(fetcher)
+    @fetcher = fetcher
+  end
+
+  # Set the default fetcher to use the HTTP proxy defined in the environment
+  # variable 'http_proxy'.
+  def self.fetcher_use_env_http_proxy
+    proxy_string = ENV['http_proxy']
+    return unless proxy_string
+
+    proxy_uri = URI.parse(proxy_string)
+    @fetcher = StandardFetcher.new(proxy_uri.host, proxy_uri.port,
+                                   proxy_uri.user, proxy_uri.password)
+  end
+
+  class StandardFetcher
+
+    USER_AGENT = "ruby-openid/#{OpenID::VERSION} (#{RUBY_PLATFORM})"
+
+    REDIRECT_LIMIT = 5
+    TIMEOUT = 60
+
+    attr_accessor :ca_file
+    attr_accessor :timeout
+
+    # I can fetch through a HTTP proxy; arguments are as for Net::HTTP::Proxy.
+    def initialize(proxy_addr=nil, proxy_port=nil,
+                   proxy_user=nil, proxy_pass=nil)
+      @ca_file = nil
+      @proxy = Net::HTTP::Proxy(proxy_addr, proxy_port, proxy_user, proxy_pass)
+      @timeout = TIMEOUT
+    end
+
+    def supports_ssl?(conn)
+      return conn.respond_to?(:use_ssl=)
+    end
+
+    def make_http(uri)
+      http = @proxy.new(uri.host, uri.port)
+      http.read_timeout = @timeout
+      http.open_timeout = @timeout
+      return http
+    end
+
+    def set_verified(conn, verify)
+      if verify
+        conn.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      else
+        conn.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
+    def make_connection(uri)
+      conn = make_http(uri)
+
+      if !conn.is_a?(Net::HTTP)
+        raise RuntimeError, sprintf("Expected Net::HTTP object from make_http; got %s",
+                                    conn.class)
+      end
+
+      if uri.scheme == 'https'
+        if supports_ssl?(conn)
+
+          conn.use_ssl = true
+
+          if @ca_file
+            set_verified(conn, true)
+            conn.ca_file = @ca_file
+          else
+            Util.log("WARNING: making https request to #{uri} without verifying " +
+                     "server certificate; no CA path was specified.")
+            set_verified(conn, false)
+          end
+        else
+          raise RuntimeError, "SSL support not found; cannot fetch #{uri}"
+        end
+      end
+
+      return conn
+    end
+
+    def fetch(url, body=nil, headers=nil, redirect_limit=REDIRECT_LIMIT)
+      unparsed_url = url.dup
+      url = URI::parse(url)
+      if url.nil?
+        raise FetchingError, "Invalid URL: #{unparsed_url}"
+      end
+
+      headers ||= {}
+      headers['User-agent'] ||= USER_AGENT
+
+      begin
+        conn = make_connection(url)
+        response = nil
+
+        response = conn.start {
+          # Check the certificate against the URL's hostname
+          if supports_ssl?(conn) and conn.use_ssl?
+            conn.post_connection_check(url.host)
+          end
+
+          if body.nil?
+            conn.request_get(url.request_uri, headers)
+          else
+            headers["Content-type"] ||= "application/x-www-form-urlencoded"
+            conn.request_post(url.request_uri, body, headers)
+          end
+        }
+        setup_encoding(response)
+      rescue Timeout::Error => why
+        raise FetchingError, "Error fetching #{url}: #{why}"
+      rescue RuntimeError => why
+        raise why
+      rescue OpenSSL::SSL::SSLError => why
+        raise SSLFetchingError, "Error connecting to SSL URL #{url}: #{why}"
+      rescue FetchingError => why
+        raise why
+      rescue Exception => why
+        raise FetchingError, "Error fetching #{url}: #{why}"
+      end
+
+      case response
+      when Net::HTTPRedirection
+        if redirect_limit <= 0
+          raise HTTPRedirectLimitReached.new(
+            "Too many redirects, not fetching #{response['location']}")
+        end
+        begin
+          return fetch(response['location'], body, headers, redirect_limit - 1)
+        rescue HTTPRedirectLimitReached => e
+          raise e
+        rescue FetchingError => why
+          raise FetchingError, "Error encountered in redirect from #{url}: #{why}"
+        end
+      else
+        return HTTPResponse._from_net_response(response, unparsed_url)
+      end
+    end
+
+    private
+    def setup_encoding(response)
+      return unless defined?(::Encoding::ASCII_8BIT)
+      charset = response.type_params["charset"]
+      return if charset.nil?
+      encoding = nil
+      begin
+        encoding = Encoding.find(charset)
+      rescue ArgumentError
+      end
+      encoding ||= Encoding::ASCII_8BIT
+      body = response.body
+      if body.respond_to?(:force_encoding)
+        body.force_encoding(encoding)
+      else
+        body.set_encoding(encoding)
+      end
+    end
+  end
+end

data/lib/openid/kvform.rb

@@ -0,0 +1,136 @@
+
+module OpenID
+
+  class KVFormError < Exception
+  end
+
+  module Util
+
+    def Util.seq_to_kv(seq, strict=false)
+      # Represent a sequence of pairs of strings as newline-terminated
+      # key:value pairs. The pairs are generated in the order given.
+      #
+      # @param seq: The pairs
+      #
+      # returns a string representation of the sequence
+      err = lambda { |msg|
+        msg = "seq_to_kv warning: #{msg}: #{seq.inspect}"
+        if strict
+          raise KVFormError, msg
+        else
+          Util.log(msg)
+        end
+      }
+
+      lines = []
+      seq.each { |k, v|
+        if !k.is_a?(String)
+          err.call("Converting key to string: #{k.inspect}")
+          k = k.to_s
+        end
+
+        if !k.index("\n").nil?
+          raise KVFormError, "Invalid input for seq_to_kv: key contains newline: #{k.inspect}"
+        end
+
+        if !k.index(":").nil?
+          raise KVFormError, "Invalid input for seq_to_kv: key contains colon: #{k.inspect}"
+        end
+
+        if k.strip() != k
+          err.call("Key has whitespace at beginning or end: #{k.inspect}")
+        end
+
+        if !v.is_a?(String)
+          err.call("Converting value to string: #{v.inspect}")
+          v = v.to_s
+        end
+
+        if !v.index("\n").nil?
+          raise KVFormError, "Invalid input for seq_to_kv: value contains newline: #{v.inspect}"
+        end
+
+        if v.strip() != v
+          err.call("Value has whitespace at beginning or end: #{v.inspect}")
+        end
+
+        lines << k + ":" + v + "\n"
+      }
+
+      return lines.join("")
+    end
+
+    def Util.kv_to_seq(data, strict=false)
+      # After one parse, seq_to_kv and kv_to_seq are inverses, with no
+      # warnings:
+      #
+      # seq = kv_to_seq(s)
+      # seq_to_kv(kv_to_seq(seq)) == seq
+      err = lambda { |msg|
+        msg = "kv_to_seq warning: #{msg}: #{data.inspect}"
+        if strict
+          raise KVFormError, msg
+        else
+          Util.log(msg)
+        end
+      }
+
+      lines = data.split("\n")
+      if data.length == 0
+        return []
+      end
+
+      if data[-1].chr != "\n"
+        err.call("Does not end in a newline")
+        # We don't expect the last element of lines to be an empty
+        # string because split() doesn't behave that way.
+      end
+
+      pairs = []
+      line_num = 0
+      lines.each { |line|
+        line_num += 1
+
+        # Ignore blank lines
+        if line.strip() == ""
+          next
+        end
+
+        pair = line.split(':', 2)
+        if pair.length == 2
+          k, v = pair
+          k_s = k.strip()
+          if k_s != k
+            msg = "In line #{line_num}, ignoring leading or trailing whitespace in key #{k.inspect}"
+            err.call(msg)
+          end
+
+          if k_s.length == 0
+            err.call("In line #{line_num}, got empty key")
+          end
+
+          v_s = v.strip()
+          if v_s != v
+            msg = "In line #{line_num}, ignoring leading or trailing whitespace in value #{v.inspect}"
+            err.call(msg)
+          end
+
+          pairs << [k_s, v_s]
+        else
+          err.call("Line #{line_num} does not contain a colon")
+        end
+      }
+
+      return pairs
+    end
+
+    def Util.dict_to_kv(d)
+      return seq_to_kv(d.entries.sort)
+    end
+
+    def Util.kv_to_dict(s)
+      seq = kv_to_seq(s)
+      return Hash[*seq.flatten]
+    end
+  end
+end

data/lib/openid/kvpost.rb

@@ -0,0 +1,58 @@
+require "openid/message"
+require "openid/fetchers"
+
+module OpenID
+  # Exception that is raised when the server returns a 400 response
+  # code to a direct request.
+  class ServerError < OpenIDError
+    attr_reader :error_text, :error_code, :message
+
+    def initialize(error_text, error_code, message)
+      super(error_text)
+      @error_text = error_text
+      @error_code = error_code
+      @message = message
+    end
+
+    def self.from_message(msg)
+      error_text = msg.get_arg(OPENID_NS, 'error',
+                               '<no error message supplied>')
+      error_code = msg.get_arg(OPENID_NS, 'error_code')
+      return self.new(error_text, error_code, msg)
+    end
+  end
+
+  class KVPostNetworkError < OpenIDError
+  end
+  class HTTPStatusError < OpenIDError
+  end
+
+  class Message
+    def self.from_http_response(response, server_url)
+      msg = self.from_kvform(response.body)
+      case response.code.to_i
+      when 200
+        return msg
+      when 206
+        return msg
+      when 400
+        raise ServerError.from_message(msg)
+      else
+        error_message = "bad status code from server #{server_url}: "\
+        "#{response.code}"
+        raise HTTPStatusError.new(error_message)
+      end
+    end
+  end
+
+  # Send the message to the server via HTTP POST and receive and parse
+  # a response in KV Form
+  def self.make_kv_post(request_message, server_url)
+    begin
+      http_response = self.fetch(server_url, request_message.to_url_encoded)
+    rescue Exception
+      raise KVPostNetworkError.new("Unable to contact OpenID server: #{$!.to_s}")
+    end
+    return Message.from_http_response(http_response, server_url)
+  end
+end