code: refactor util.c: factor out util/url.c

Signed-off-by: Hans Zandbelt <[email protected]>

Author: zandbelt

Makefile.am

@@ -51,6 +51,7 @@ libauth_openidc_la_SOURCES = \
 	src/util/jwt.c \
 	src/util/pcre_subst.c \
 	src/util/random.c \
+	src/util/url.c \
 	src/util/util.c \
 	src/metrics.c \
 	src/oauth.c \

src/handle/authz.c

@@ -553,7 +553,7 @@ static authz_status oidc_authz_24_unauthorized_user(request_rec *r) {
 		break;
 	}
 
-	oidc_request_authenticate_user(r, c, NULL, oidc_util_current_url(r, oidc_cfg_x_forwarded_headers_get(c)), NULL,
+	oidc_request_authenticate_user(r, c, NULL, oidc_util_url_cur(r, oidc_cfg_x_forwarded_headers_get(c)), NULL,
 				       NULL, NULL, oidc_cfg_dir_path_auth_request_params_get(r),
 				       oidc_cfg_dir_path_scope_get(r));
 
@@ -758,7 +758,7 @@ static int oidc_authz_22_unauthorized_user(request_rec *r) {
 		OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHZ_ACTION_AUTH);
 	}
 
-	return oidc_request_authenticate_user(r, c, NULL, oidc_util_current_url(r, oidc_cfg_x_forwarded_headers_get(c)),
+	return oidc_request_authenticate_user(r, c, NULL, oidc_util_url_cur(r, oidc_cfg_x_forwarded_headers_get(c)),
 					      NULL, NULL, NULL, oidc_cfg_dir_path_auth_request_params_get(r),
 					      oidc_cfg_dir_path_scope_get(r));
 }

src/handle/content.c

@@ -64,7 +64,7 @@ int oidc_content_handler(request_rec *r) {
 		return DECLINED;
 	}
 
-	if (oidc_util_request_matches_url(r, oidc_util_redirect_uri(r, c)) == TRUE) {
+	if (oidc_util_url_cur_matches(r, oidc_util_url_redirect_uri(r, c)) == TRUE) {
 
 		/* requests to the redirect URI are handled and finished here */
 		rc = OK;
@@ -81,7 +81,7 @@ int oidc_content_handler(request_rec *r) {
 			/* HTML body has been generated and stored in the request state */
 			rc = oidc_util_html_content_send(r);
 
-		} else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_INFO)) {
+		} else if (oidc_util_url_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_INFO)) {
 
 			OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_INFO);
 
@@ -104,14 +104,14 @@ int oidc_content_handler(request_rec *r) {
 			/* free resources allocated for the session */
 			oidc_session_free(r, session);
 
-		} else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_DPOP)) {
+		} else if (oidc_util_url_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_DPOP)) {
 
 			OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_DPOP);
 
 			/* handle request to create a DPoP proof */
 			rc = oidc_dpop_request(r, c);
 
-		} else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_JWKS)) {
+		} else if (oidc_util_url_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_JWKS)) {
 
 			OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_JWKS);
 

src/handle/discovery.c

@@ -70,8 +70,8 @@ apr_byte_t oidc_is_discovery_response(request_rec *r, oidc_cfg_t *cfg) {
 	 * prereq: this is a call to the configured redirect_uri, now see if:
 	 * the OIDC_DISC_OP_PARAM is present
 	 */
-	return oidc_util_request_has_parameter(r, OIDC_DISC_OP_PARAM) ||
-	       oidc_util_request_has_parameter(r, OIDC_DISC_USER_PARAM);
+	return oidc_util_url_has_parameter(r, OIDC_DISC_OP_PARAM) ||
+	       oidc_util_url_has_parameter(r, OIDC_DISC_USER_PARAM);
 }
 
 static const char *oidc_discovery_csrf_cookie_samesite(request_rec *r, oidc_cfg_t *c) {
@@ -105,7 +105,7 @@ int oidc_discovery_request(request_rec *r, oidc_cfg_t *cfg) {
 	oidc_debug(r, "enter");
 
 	/* obtain the URL we're currently accessing, to be stored in the state/session */
-	char *current_url = oidc_util_current_url(r, oidc_cfg_x_forwarded_headers_get(cfg));
+	char *current_url = oidc_util_url_cur(r, oidc_cfg_x_forwarded_headers_get(cfg));
 	const char *method = oidc_original_request_method(r, cfg, FALSE);
 
 	/* generate CSRF token */
@@ -125,7 +125,7 @@ int oidc_discovery_request(request_rec *r, oidc_cfg_t *cfg) {
 		    apr_psprintf(r->pool, "%s%s%s=%s&%s=%s&%s=%s&%s=%s", discover_url,
 				 strchr(discover_url, OIDC_CHAR_QUERY) != NULL ? OIDC_STR_AMP : OIDC_STR_QUERY,
 				 OIDC_DISC_RT_PARAM, oidc_http_url_encode(r, current_url), OIDC_DISC_RM_PARAM, method,
-				 OIDC_DISC_CB_PARAM, oidc_http_url_encode(r, oidc_util_redirect_uri(r, cfg)),
+				 OIDC_DISC_CB_PARAM, oidc_http_url_encode(r, oidc_util_url_redirect_uri(r, cfg)),
 				 OIDC_CSRF_NAME, oidc_http_url_encode(r, csrf));
 
 		if (path_scopes != NULL)
@@ -169,7 +169,7 @@ int oidc_discovery_request(request_rec *r, oidc_cfg_t *cfg) {
 		// TODO: html escape (especially & character)
 
 		char *href = apr_psprintf(
-		    r->pool, "%s?%s=%s&%s=%s&%s=%s&%s=%s", oidc_util_redirect_uri(r, cfg),
+		    r->pool, "%s?%s=%s&%s=%s&%s=%s&%s=%s", oidc_util_url_redirect_uri(r, cfg),
 		    OIDC_DISC_OP_PARAM, oidc_http_url_encode(r, issuer), OIDC_DISC_RT_PARAM,
 		    oidc_http_url_encode(r, current_url), OIDC_DISC_RM_PARAM, method, OIDC_CSRF_NAME, csrf);
 
@@ -193,7 +193,7 @@ int oidc_discovery_request(request_rec *r, oidc_cfg_t *cfg) {
 	}
 
 	/* add an option to enter an account or issuer name for dynamic OP discovery */
-	s = apr_psprintf(r->pool, "%s<form method=\"get\" action=\"%s\">\n", s, oidc_util_redirect_uri(r, cfg));
+	s = apr_psprintf(r->pool, "%s<form method=\"get\" action=\"%s\">\n", s, oidc_util_url_redirect_uri(r, cfg));
 	s = apr_psprintf(r->pool, "%s<p><input type=\"hidden\" name=\"%s\" value=\"%s\"><p>\n", s, OIDC_DISC_RT_PARAM,
 			 current_url);
 	s = apr_psprintf(r->pool, "%s<p><input type=\"hidden\" name=\"%s\" value=\"%s\"><p>\n", s, OIDC_DISC_RM_PARAM,
@@ -242,7 +242,7 @@ static int oidc_discovery_target_link_uri_match(request_rec *r, oidc_cfg_t *cfg,
 	}
 
 	apr_uri_t r_uri;
-	apr_uri_parse(r->pool, oidc_util_redirect_uri(r, cfg), &r_uri);
+	apr_uri_parse(r->pool, oidc_util_url_redirect_uri(r, cfg), &r_uri);
 
 	if (oidc_cfg_cookie_domain_get(cfg) == NULL) {
 		/* cookie_domain set: see if the target_link_uri matches the redirect_uri host (because the session
@@ -311,13 +311,13 @@ int oidc_discovery_response(request_rec *r, oidc_cfg_t *c) {
 	char *error_str = NULL;
 	char *error_description = NULL;
 
-	oidc_util_request_parameter_get(r, OIDC_DISC_OP_PARAM, &issuer);
-	oidc_util_request_parameter_get(r, OIDC_DISC_USER_PARAM, &user);
-	oidc_util_request_parameter_get(r, OIDC_DISC_RT_PARAM, &target_link_uri);
-	oidc_util_request_parameter_get(r, OIDC_DISC_LH_PARAM, &login_hint);
-	oidc_util_request_parameter_get(r, OIDC_DISC_SC_PARAM, &path_scopes);
-	oidc_util_request_parameter_get(r, OIDC_DISC_AR_PARAM, &auth_request_params);
-	oidc_util_request_parameter_get(r, OIDC_CSRF_NAME, &csrf_query);
+	oidc_util_url_parameter_get(r, OIDC_DISC_OP_PARAM, &issuer);
+	oidc_util_url_parameter_get(r, OIDC_DISC_USER_PARAM, &user);
+	oidc_util_url_parameter_get(r, OIDC_DISC_RT_PARAM, &target_link_uri);
+	oidc_util_url_parameter_get(r, OIDC_DISC_LH_PARAM, &login_hint);
+	oidc_util_url_parameter_get(r, OIDC_DISC_SC_PARAM, &path_scopes);
+	oidc_util_url_parameter_get(r, OIDC_DISC_AR_PARAM, &auth_request_params);
+	oidc_util_url_parameter_get(r, OIDC_CSRF_NAME, &csrf_query);
 	csrf_cookie = oidc_http_get_cookie(r, OIDC_CSRF_NAME);
 
 	/* do CSRF protection if not 3rd party initiated SSO */
@@ -347,7 +347,7 @@ int oidc_discovery_response(request_rec *r, oidc_cfg_t *c) {
 							 " is not set.",
 							 HTTP_INTERNAL_SERVER_ERROR);
 		}
-		target_link_uri = apr_pstrdup(r->pool, oidc_util_absolute_url(r, c, oidc_cfg_default_sso_url_get(c)));
+		target_link_uri = apr_pstrdup(r->pool, oidc_util_url_abs(r, c, oidc_cfg_default_sso_url_get(c)));
 	}
 
 	/* do open redirect prevention, step 1 */
@@ -428,7 +428,7 @@ int oidc_discovery_response(request_rec *r, oidc_cfg_t *c) {
 	if (issuer[n - 1] == OIDC_CHAR_FORWARD_SLASH)
 		issuer[n - 1] = '\0';
 
-	if (oidc_util_request_has_parameter(r, "test-config")) {
+	if (oidc_util_url_has_parameter(r, "test-config")) {
 		json_t *j_provider = NULL;
 		oidc_metadata_provider_get(r, c, issuer, &j_provider, csrf_cookie != NULL);
 		if (j_provider)
@@ -439,7 +439,7 @@ int oidc_discovery_response(request_rec *r, oidc_cfg_t *c) {
 	/* try and get metadata from the metadata directories for the selected OP */
 	if ((oidc_metadata_get(r, c, issuer, &provider, csrf_cookie != NULL) == TRUE) && (provider != NULL)) {
 
-		if (oidc_util_request_has_parameter(r, "test-jwks-uri")) {
+		if (oidc_util_url_has_parameter(r, "test-jwks-uri")) {
 			json_t *j_jwks = NULL;
 			apr_byte_t force_refresh = TRUE;
 			oidc_metadata_jwks_get(r, c, oidc_cfg_provider_jwks_uri_get(provider),

src/handle/dpop.c

@@ -87,25 +87,25 @@ int oidc_dpop_request(request_rec *r, oidc_cfg_t *c) {
 	}
 
 	/* retrieve the access token parameter */
-	oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_DPOP, &s_access_token);
+	oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_DPOP, &s_access_token);
 	if (s_access_token == NULL) {
 		oidc_error(r, "\"access_token\" value to the \"%s\" parameter is missing",
 			   OIDC_REDIRECT_URI_REQUEST_DPOP);
 		goto end;
 	}
 
 	/* retrieve the URL parameter */
-	oidc_util_request_parameter_get(r, OIDC_DPOP_PARAM_URL, &s_url);
+	oidc_util_url_parameter_get(r, OIDC_DPOP_PARAM_URL, &s_url);
 	if (s_url == NULL) {
 		oidc_error(r, "\"url\" parameter is missing");
 		goto end;
 	}
 
 	/* retrieve the optional nonce parameter */
-	oidc_util_request_parameter_get(r, OIDC_DPOP_PARAM_NONCE, &s_nonce);
+	oidc_util_url_parameter_get(r, OIDC_DPOP_PARAM_NONCE, &s_nonce);
 
 	/* parse the optional HTTP method parameter */
-	oidc_util_request_parameter_get(r, OIDC_DPOP_PARAM_METHOD, &s_method);
+	oidc_util_url_parameter_get(r, OIDC_DPOP_PARAM_METHOD, &s_method);
 	if (_oidc_strnatcasecmp(s_method, "post") == 0)
 		s_method = "POST";
 	else if ((_oidc_strnatcasecmp(s_method, "get") == 0) || (s_method == NULL))

src/handle/info.c

@@ -61,9 +61,9 @@ int oidc_info_request(request_rec *r, oidc_cfg_t *c, oidc_session_t *session, ap
 	apr_byte_t b_extend_session = TRUE;
 	apr_time_t t_interval = -1;
 
-	oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_INFO, &s_format);
-	oidc_util_request_parameter_get(r, OIDC_INFO_PARAM_ACCESS_TOKEN_REFRESH_INTERVAL, &s_interval);
-	oidc_util_request_parameter_get(r, OIDC_INFO_PARAM_EXTEND_SESSION, &s_extend_session);
+	oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_INFO, &s_format);
+	oidc_util_url_parameter_get(r, OIDC_INFO_PARAM_ACCESS_TOKEN_REFRESH_INTERVAL, &s_interval);
+	oidc_util_url_parameter_get(r, OIDC_INFO_PARAM_EXTEND_SESSION, &s_extend_session);
 	if ((s_extend_session) && (_oidc_strcmp(s_extend_session, "false") == 0))
 		b_extend_session = FALSE;
 

src/handle/logout.c

@@ -218,9 +218,9 @@ int oidc_logout_request(request_rec *r, oidc_cfg_t *c, oidc_session_t *session,
 			char *sid, *iss;
 			oidc_provider_t *provider = NULL;
 
-			if (oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_SID, &sid) != FALSE) {
+			if (oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_SID, &sid) != FALSE) {
 
-				if (oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_ISS, &iss) != FALSE) {
+				if (oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_ISS, &iss) != FALSE) {
 					provider = oidc_get_provider_for_issuer(r, c, iss, FALSE);
 				} else {
 					/*
@@ -454,7 +454,7 @@ int oidc_logout(request_rec *r, oidc_cfg_t *c, oidc_session_t *session) {
 	char *id_token_hint = NULL;
 	char *s_logout_request = NULL;
 
-	oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_LOGOUT, &url);
+	oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_LOGOUT, &url);
 
 	oidc_debug(r, "enter (url=%s)", url);
 
@@ -466,7 +466,7 @@ int oidc_logout(request_rec *r, oidc_cfg_t *c, oidc_session_t *session) {
 
 	if ((url == NULL) || (_oidc_strcmp(url, "") == 0)) {
 
-		url = apr_pstrdup(r->pool, oidc_util_absolute_url(r, c, oidc_cfg_default_slo_url_get(c)));
+		url = apr_pstrdup(r->pool, oidc_util_url_abs(r, c, oidc_cfg_default_slo_url_get(c)));
 
 	} else {
 

src/handle/refresh.c

@@ -319,8 +319,8 @@ int oidc_refresh_token_request(request_rec *r, oidc_cfg_t *c, oidc_session_t *se
 	oidc_provider_t *provider = NULL;
 
 	/* get the command passed to the session management handler */
-	oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_REFRESH, &return_to);
-	oidc_util_request_parameter_get(r, OIDC_PROTO_ACCESS_TOKEN, &r_access_token);
+	oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_REFRESH, &return_to);
+	oidc_util_url_parameter_get(r, OIDC_PROTO_ACCESS_TOKEN, &r_access_token);
 
 	/* check the input parameters */
 	if (return_to == NULL) {

src/handle/request.c

@@ -56,7 +56,7 @@ apr_byte_t oidc_request_check_cookie_domain(request_rec *r, oidc_cfg_t *c, const
 	apr_uri_t r_uri;
 	_oidc_memset(&r_uri, 0, sizeof(apr_uri_t));
 	apr_uri_parse(r->pool, original_url, &o_uri);
-	apr_uri_parse(r->pool, oidc_util_redirect_uri(r, c), &r_uri);
+	apr_uri_parse(r->pool, oidc_util_url_redirect_uri(r, c), &r_uri);
 	if ((_oidc_strnatcasecmp(o_uri.scheme, r_uri.scheme) != 0) &&
 	    (_oidc_strnatcasecmp(r_uri.scheme, "https") == 0)) {
 		oidc_error(r,
@@ -252,7 +252,7 @@ int oidc_request_authenticate_user(request_rec *r, oidc_cfg_t *c, oidc_provider_
 
 	/* send off to the OpenID Connect Provider */
 	// TODO: maybe show intermediate/progress screen "redirecting to"
-	rc = oidc_proto_request_auth(r, provider, login_hint, oidc_util_redirect_uri(r, c), state, proto_state,
+	rc = oidc_proto_request_auth(r, provider, login_hint, oidc_util_url_redirect_uri(r, c), state, proto_state,
 				     id_token_hint, code_challenge, auth_request_params, path_scope);
 
 	OIDC_METRICS_TIMING_ADD(r, c, OM_AUTHN_REQUEST);

src/handle/request_uri.c

@@ -52,7 +52,7 @@
 int oidc_request_uri(request_rec *r, oidc_cfg_t *c) {
 
 	char *request_ref = NULL;
-	oidc_util_request_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_REQUEST_URI, &request_ref);
+	oidc_util_url_parameter_get(r, OIDC_REDIRECT_URI_REQUEST_REQUEST_URI, &request_ref);
 	if (request_ref == NULL) {
 		oidc_error(r, "no \"%s\" parameter found", OIDC_REDIRECT_URI_REQUEST_REQUEST_URI);
 		return HTTP_BAD_REQUEST;