yap 6.2.2-2 / usr / share / Yap / http / http_openid.pl

/*  $Id$

    Part of SWI-Prolog

    Author:        Jan Wielemaker
    E-mail:        J.Wielemaker@cs.vu.nl
    WWW:           http://www.swi-prolog.org
    Copyright (C): 2007-2010, University of Amsterdam,
    			      VU University Amsterdam

    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License
    as published by the Free Software Foundation; either version 2
    of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

    As a special exception, if you link this library with other files,
    compiled with a Free Software compiler, to produce an executable, this
    library does not by itself cause the resulting executable to be covered
    by the GNU General Public License. This exception does not however
    invalidate any other reasons why the executable file might be covered by
    the GNU General Public License.
*/

:- module(http_openid,
	  [ openid_login/1,		% +OpenID
	    openid_logout/1,		% +OpenID
	    openid_logged_in/1,		% -OpenID

					% transparent login
	    openid_user/3,		% +Request, -User, +Options

					% low-level primitives
	    openid_verify/2,		% +Options, +Request
	    openid_authenticate/4,	% +Request, -Server, -User, -ReturnTo
	    openid_associate/3,		% +OpenIDServer, -Handle, -Association
	    openid_server/2,		% +Request
	    openid_grant/1,		% +Request
	    openid_server/3,		% ?OpenIDLogin, ?OpenID, ?Server

	    openid_login_form//2,	% +ReturnTo, +Options, //

	    openid_current_host/3	% +Request, -Host, -Port
	  ]).
:- use_module(library(http/http_open)).
:- use_module(library(http/http_client)).
:- use_module(library(http/html_write)).
:- use_module(library(http/http_parameters)).
:- use_module(library(http/http_wrapper)).
:- use_module(library(http/thread_httpd)).
:- use_module(library(http/http_dispatch)).
:- use_module(library(http/http_session)).
:- use_module(library(http/http_host)).
:- use_module(library(http/http_path)).
:- use_module(library(http/html_head)).
:- use_module(library(http/http_server_files)).
:- use_module(library(utf8)).
:- use_module(library(error)).
:- use_module(library(sgml)).
:- use_module(library(uri)).
:- use_module(library(occurs)).
:- use_module(library(base64)).
:- use_module(library(debug)).
:- use_module(library(record)).
:- use_module(library(option)).
:- use_module(library(sha)).
:- use_module(library(socket)).
:- use_module(library(lists)).


/** <module> OpenID consumer and server library

This library implements the OpenID protocol (http://openid.net/). OpenID
is a protocol to share identities on   the  network. The protocol itself
uses simple basic  HTTP,  adding   reliability  using  digitally  signed
messages.

Steps, as seen from the _consumer_ (or _|relying partner|_).

	1. Show login form, asking for =openid_identifier=
	2. Get HTML page from =openid_identifier= and lookup
	   =|<link rel="openid.server" href="server">|=
	3. Associate to _server_
	4. Redirect browser (302) to server using mode =checkid_setup=,
	   asking to validate the given OpenID.
	5. OpenID server redirects back, providing digitally signed
	   conformation of the claimed identity.
	6. Validate signature and redirect to the target location.

A *consumer* (an application that allows OpenID login) typically uses
this library through openid_user/3. In addition, it must implement the
hook http_openid:openid_hook(trusted(OpenId, Server)) to define accepted
OpenID servers. Typically, this hook is used to provide a white-list of
aceptable servers. Note that accepting any OpenID server is possible,
but anyone on the internet can setup a dummy OpenID server that simply
grants and signs every request. Here is an example:

    ==
    :- multifile http_openid:openid_hook/1.

    http_openid:openid_hook(trusted(_, OpenIdServer)) :-
	(   trusted_server(OpenIdServer)
	->  true
	;   throw(http_reply(moved_temporary('/openid/trustedservers')))
	).

    trusted_server('http://www.myopenid.com/server').
    ==

By default, information who is logged on  is maintained with the session
using http_session_assert/1 with the term   openid(Identity).  The hooks
login/logout/logged_in can be used to provide alternative administration
of logged-in users (e.g., based on client-IP, using cookies, etc.).

To create a *server*,  you  must  do   four  things:  bind  the handlers
openid_server/2  and  openid_grant/1  to  HTTP    locations,  provide  a
user-page for registered users and   define  the grant(Request, Options)
hook to verify  your  users.  An  example   server  is  provided  in  in
<plbase>/doc/packages/examples/demo_openid.pl
*/

		 /*******************************
		 *	  CONFIGURATION		*
		 *******************************/

http:location(openid, root(openid), [priority(-100)]).

%%	openid_hook(+Action)
%
%	Call hook on the OpenID management library.  Defined hooks are:
%
%		* login(+OpenID)
%		Consider OpenID logged in.
%
%		* logout(+OpenID)
%		Logout OpenID
%
%		* logged_in(?OpenID)
%		True if OpenID is logged in
%
%		* grant(+Request, +Options)
%		Server: Reply positive on OpenID
%
%		* trusted(+OpenID, +Server)
%		True if Server is a trusted OpenID server

:- multifile
	openid_hook/1.			% +Action

		 /*******************************
		 *	 DIRECT LOGIN/OUT	*
		 *******************************/

%%	openid_login(+OpenID) is det.
%
%	Associate the current  HTTP  session   with  OpenID.  If another
%	OpenID is already associated, this association is first removed.

openid_login(OpenID) :-
	openid_hook(login(OpenID)), !.
openid_login(OpenID) :-
	openid_logout(_),
	http_session_assert(openid(OpenID)).

%%	openid_logout(+OpenID) is det.
%
%	Remove the association of the current session with any OpenID

openid_logout(OpenID) :-
	openid_hook(logout(OpenID)), !.
openid_logout(OpenID) :-
	http_session_retractall(openid(OpenID)).

%%	openid_logged_in(-OpenID) is semidet.
%
%	True if session is associated with OpenID.

openid_logged_in(OpenID) :-
	openid_hook(logged_in(OpenID)), !.
openid_logged_in(OpenID) :-
	http_session_data(openid(OpenID)).


		 /*******************************
		 *	      TOPLEVEL		*
		 *******************************/

%%	openid_user(+Request:http_request, -OpenID:url, +Options) is det.
%
%	True if OpenID is a validated OpenID associated with the current
%	session. The scenario for which this predicate is designed is to
%	allow  an  HTTP  handler  that  requires    a   valid  login  to
%	use the transparent code below.
%
%	==
%	handler(Request) :-
%		openid_user(Request, OpenID, []),
%		...
%	==
%
%	If the user is not yet logged on a sequence of redirects will
%	follow:
%
%		1. Show a page for login (default: page /openid/login),
%		   predicate reply_openid_login/1)
%		2. Redirect to OpenID server to validate
%		3. Redirect to validation
%
%	Options:
%
%		* login_url(Login)
%		(Local) URL of page to enter OpenID information. Default
%		is =|/openid/login|=.
%
%	@see openid_authenticate/4 produces errors if login is invalid
%	or cancelled.

:- http_handler(openid(login),  openid_login_page, []).
:- http_handler(openid(verify), openid_verify([]), []).

openid_user(_Request, OpenID, _Options) :-
	openid_logged_in(OpenID), !.
openid_user(Request, User, _Options) :-
	openid_authenticate(Request, _OpenIdServer, OpenID, _ReturnTo), !,
	openid_server(User, OpenID, _),
	openid_login(User).
openid_user(Request, _OpenID, Options) :-
	http_location_by_id(openid_login_page, LoginURL),
	option(login_url(Login), Options, LoginURL),
	current_url(Request, Here),
	uri_normalized(Login, Here, AbsLogin),
	redirect_browser(AbsLogin,
			 [ 'openid.return_to' = Here
			 ]).


%%	openid_login_page(+Request) is det.
%
%	Present a login-form for OpenID. There  are two ways to redefine
%	this  default  login  page.  One  is    to  provide  the  option
%	=login_url= to openid_user/3 and the other   is  to define a new
%	handler for =|/openid/login|= using http_handler/3.

openid_login_page(Request) :-
	http_parameters(Request,
			[ 'openid.return_to'(ReturnTo, [])
			]),
	reply_html_page([ title('OpenID login')
			],
			[ \openid_login_form(ReturnTo, [])
			]).

%%	openid_login_form(+ReturnTo, +Options)// is det.
%
%	Create the OpenID  form.  This  exported   as  a  seperate  DCG,
%	allowing applications to redefine /openid/login   and reuse this
%	part of the page.

openid_login_form(ReturnTo, Options) -->
	{ option(action(Action), Options, verify)
	},
	html(div(class('openid-login'),
		 [ \openid_title,
		   form([ name(login),
			  action(Action),
			  method('GET')
			],
			[ \hidden('openid.return_to', ReturnTo),
			  div([ input([ class('openid-input'),
					name(openid_url),
					size(30)
				      ]),
				input([ type(submit),
					value('Verify!')
				      ])
			      ])
			])
		 ])).



		 /*******************************
		 *	    HTTP REPLIES	*
		 *******************************/

%%	openid_verify(+Options, +Request)
%
%	Handle the initial login  form  presented   to  the  user by the
%	relying party (consumer). This predicate   discovers  the OpenID
%	server, associates itself with  this   server  and redirects the
%	user's  browser  to  the  OpenID  server,  providing  the  extra
%	openid.X name-value pairs. Options is,  against the conventions,
%	placed in front of the Request   to allow for smooth cooperation
%	with http_dispatch.pl.
%
%	The OpenId server will redirect to the openid.return_to URL.
%
%	@throws	http_reply(moved_temporary(Redirect))

openid_verify(Options, Request) :-
	http_parameters(Request,
			[ openid_url(URL, [length>1]),
			  'openid.return_to'(ReturnTo0, [optional(true)])
			]),
	(   option(return_to(ReturnTo1), Options)		% Option
	->  current_url(Request, CurrentLocation),
	    global_url(ReturnTo1, CurrentLocation, ReturnTo)
	;   nonvar(ReturnTo0)
	->  ReturnTo = ReturnTo0				% Form-data
	;   current_url(Request, CurrentLocation),
	    ReturnTo = CurrentLocation				% Current location
	),
	current_root_url(Request, CurrentRoot),
	option(trust_root(TrustRoot), Options, CurrentRoot),
	openid_resolve(URL, OpenIDLogin, OpenID, Server),
	trusted(OpenID, Server),
	openid_associate(Server, Handle, _Assoc),
	assert_openid(OpenIDLogin, OpenID, Server),
	redirect_browser(Server, [ 'openid.mode'         = checkid_setup,
				   'openid.identity'     = OpenID,
				   'openid.assoc_handle' = Handle,
				   'openid.return_to'    = ReturnTo,
				   'openid.trust_root'   = TrustRoot
				 ]).


%%	assert_openid(+OpenIDLogin, +OpenID, +Server) is det.
%
%	Associate the OpenID  as  typed  by   the  user,  the  OpenID as
%	validated by the Server with the current HTTP session.
%
%	@param OpenIDLogin Canonized OpenID typed by user
%	@param OpenID OpenID verified by Server.

assert_openid(OpenIDLogin, OpenID, Server) :-
	http_session_assert(openid_login(OpenIDLogin, OpenID, Server)).

%%	openid_server(?OpenIDLogin, ?OpenID, ?Server) is nondet.
%
%	True if OpenIDLogin is the typed id for OpenID verified by
%	Server.
%
%	@param OpenIDLogin ID as typed by user (canonized)
%	@param OpenID ID as verified by server
%	@param Server URL of the OpenID server

openid_server(OpenIDLogin, OpenID, Server) :-
	http_session_data(openid_login(OpenIDLogin, OpenID, Server)), !.


%%	current_url(+Request, -Root) is det.
%%	current_root_url(+Request, -Root) is det.
%
%	Return URL of current request or current root.

current_root_url(Request, Root) :-
	openid_current_host(Request, Host, Port),
	uri_authority_data(host, AuthC, Host),
	uri_authority_data(port, AuthC, Port),
	uri_authority_components(Auth, AuthC),
	uri_data(scheme, Components, http),
	uri_data(authority, Components, Auth),
	uri_data(path, Components, /),
	uri_components(Root, Components).

current_url(Request, URL) :-
	openid_current_host(Request, Host, Port),
	option(request_uri(RequestURI), Request),
	(   Port == 80
	->  format(atom(URL), 'http://~w~w', [Host, RequestURI])
	;   format(atom(URL), 'http://~w:~w~w', [Host, Port, RequestURI])
	).


%%	openid_current_host(Request, Host, Port)
%
%	Find current location of the server.

openid_current_host(Request, Host, Port) :-
	http_current_host(Request, Host, Port,
			  [ global(true)
			  ]).


%%	redirect_browser(+URL, +FormExtra)
%
%	Generate a 302 temporary redirect to  URL, adding the extra form
%	information from FormExtra. The specs says   we  must retain the
%	search specification already attached to the URL.

redirect_browser(URL, FormExtra) :-
	uri_components(URL, C0),
	uri_data(search, C0, Search0),
	(   var(Search0)
	->  uri_query_components(Search, FormExtra)
	;   uri_query_components(Search0, Form0),
	    append(FormExtra, Form0, Form),
	    uri_query_components(Search, Form)
	),
	uri_data(search, C0, Search, C),
	uri_components(Redirect, C),
	throw(http_reply(moved_temporary(Redirect))).


		 /*******************************
		 *	       RESOLVE		*
		 *******************************/

%%	openid_resolve(+URL, -OpenIDOrig, -OpenID, -Server)
%
%	True if OpenID is the claimed  OpenID   that  belongs to URL and
%	Server is the URL of the  OpenID   server  that  can be asked to
%	verify this claim.
%
%	@param  URL The OpenID typed by the user
%	@param	OpenIDOrig Canonized OpenID typed by user
%	@param	OpenID Possibly delegated OpenID
%	@param  Server OpenID server that must validate OpenID
%
%	@tbd	Implement complete URL canonization as defined by the
%		OpenID 2.0 proposal.

openid_resolve(URL, OpenID0, OpenID, Server) :-
	debug(openid(resolve), 'Opening ~w ...', [URL]),
	http_open(URL, Stream,
		  [ final_url(OpenID0)
		  ]),
	dtd(html, DTD),
	call_cleanup(load_structure(Stream, Term,
				    [ dtd(DTD),
				      dialect(sgml),
				      shorttag(false),
				      syntax_errors(quiet)
				    ]),
		     close(Stream)),
	debug(openid(resolve), 'Scanning HTML document ...', [URL]),
	contains_term(element(head, _, Head), Term),
	(   link(Head, 'openid.server', Server)
	->  debug(openid(resolve), 'OpenID Server=~q', [Server])
	;   debug(openid(resolve), 'No server in ~q', [Head]),
	    fail
	),
	(   link(Head, 'openid.delegate', OpenID)
	->  debug(openid(resolve), 'OpenID = ~q (delegated)', [OpenID])
	;   OpenID = OpenID0,
	    debug(openid(resolve), 'OpenID = ~q', [OpenID])
	).


link(DOM, Type, Target) :-
	sub_term(element(link, Attrs, []), DOM),
	memberchk(rel=Type, Attrs),
	memberchk(href=Target, Attrs).


		 /*******************************
		 *	   AUTHENTICATE		*
		 *******************************/


%%	openid_authenticate(+Request, -Server:url, -OpenID:url,
%%			    -ReturnTo:url) is semidet.
%
%	Succeeds if Request comes from the   OpenID  server and confirms
%	that User is a verified OpenID   user. ReturnTo provides the URL
%	to return to.
%
%	After openid_verify/2 has redirected the   browser to the OpenID
%	server, and the OpenID server did   its  magic, it redirects the
%	browser back to this address.  The   work  is fairly trivial. If
%	=mode= is =cancel=, the OpenId server   denied. If =id_res=, the
%	OpenId server replied positive, but  we   must  verify  what the
%	server told us by checking the HMAC-SHA signature.
%
%	This call fails silently if their is no =|openid.mode|= field in
%	the request.
%
%	@throws	openid(cancel)
%		if request was cancelled by the OpenId server
%	@throws openid(signature_mismatch)
%		if the HMAC signature check failed

openid_authenticate(Request, OpenIdServer, Identity, ReturnTo) :-
	memberchk(method(get), Request),
	http_parameters(Request,
			[ 'openid.mode'(Mode, [optional(true)])
			]),
	(   var(Mode)
	->  fail
	;   Mode == cancel
	->  throw(openid(cancel))
	;   Mode == id_res
	->  http_parameters(Request,
			    [ 'openid.identity'(Identity, []),
			      'openid.assoc_handle'(Handle, []),
			      'openid.return_to'(ReturnTo, []),
			      'openid.signed'(AtomFields, []),
			      'openid.sig'(Base64Signature, []),
			      'openid.invalidate_handle'(Invalidate,
							 [optional(true)])
			    ],
			    [ form_data(Form)
			    ]),
	    atomic_list_concat(SignedFields, ',', AtomFields),
	    check_obligatory_fields(SignedFields),
	    signed_pairs(SignedFields,
			 [ mode-Mode,
			   identity-Identity,
			   assoc_handle-Handle,
			   return_to-ReturnTo,
			   invalidate_handle-Invalidate
			 ],
			 Form,
			 SignedPairs),
	    (	openid_associate(OpenIdServer, Handle, Assoc)
	    ->  signature(SignedPairs, Assoc, Sig)
	    ;	existence_error(assoc_handle, Handle)
	    ),

	    atom_codes(Base64Signature, Base64SigCodes),
	    phrase(base64(Signature), Base64SigCodes),
	    (	Sig == Signature
	    ->	true
	    ;	throw(openid(signature_mismatch))
	    )
	).

%%	signed_pairs(+FieldNames, +Pairs:list(Field-Value),
%%		     +Form, -SignedPairs) is det.
%
%	Extract the signed field in the order they appear in FieldNames.

signed_pairs([], _, _, []).
signed_pairs([Field|T0], Pairs, Form, [Field-Value|T]) :-
	memberchk(Field-Value, Pairs), !,
	signed_pairs(T0, Pairs, Form, T).
signed_pairs([Field|T0], Pairs, Form, [Field-Value|T]) :-
	atom_concat('openid.', Field, OpenIdField),
	memberchk(OpenIdField=Value, Form), !,
	signed_pairs(T0, Pairs, Form, T).
signed_pairs([Field|T0], Pairs, Form, T) :-
	format(user_error, 'Form = ~p~n', [Form]),
	throw(error(existence_error(field, Field),
		    context(_, 'OpenID Signed field is not present'))),
	signed_pairs(T0, Pairs, Form, T).


%%	check_obligatory_fields(+SignedFields:list) is det.
%
%	Verify fields from obligatory_field/1 are   in  the signed field
%	list.
%
%	@error	existence_error(field, Field)

check_obligatory_fields(Fields) :-
	(   obligatory_field(Field),
	    (	memberchk(Field, Fields)
	    ->	true
	    ;	throw(error(existence_error(field, Field),
			    context(_, 'OpenID field is not in signed fields')))
	    ),
	    fail
	;   true
	).

obligatory_field(identity).


		 /*******************************
		 *	   OPENID SERVER	*
		 *******************************/

:- dynamic
	server_association/3.		% URL, Handle, Term

%%	openid_server(+Options, +Request)
%
%	Realise the OpenID server. The protocol   demands a POST request
%	here.

openid_server(Options, Request) :-
	http_parameters(Request,
			[ 'openid.mode'(Mode)
			],
			[ attribute_declarations(openid_attribute),
			  form_data(Form)
			]),
	(   Mode == associate
	->  associate_server(Request, Form, Options)
	;   Mode == checkid_setup
	->  checkid_setup_server(Request, Form, Options)
	).

%%	associate_server(+Request, +Form, +Options)
%
%	Handle the association-request. If successful,   create a clause
%	for server_association/3 to record the current association.

associate_server(Request, Form, Options) :-
	memberchk('openid.assoc_type'	      =	AssocType,   Form),
	memberchk('openid.session_type'	      =	SessionType, Form),
	memberchk('openid.dh_modulus'	      =	P64, 	     Form),
	memberchk('openid.dh_gen'	      =	G64, 	     Form),
	memberchk('openid.dh_consumer_public' =	CPX64,       Form),
	base64_btwoc(P, P64),
	base64_btwoc(G, G64),
	base64_btwoc(CPX, CPX64),
	dh_x(P, Y),			% Our secret
	DiffieHellman is powm(CPX, Y, P),
	btwoc(DiffieHellman, DHBytes),
	sha_hash(DHBytes, SHA1, [algorithm(sha1)]),
	CPY is powm(G, Y, P),
	base64_btwoc(CPY, CPY64),
	new_assoc_handle(Handle),
	random_bytes(20, MacKey),
	xor_codes(MacKey, SHA1, EncKey),
	phrase(base64(EncKey), Base64EncKey),
	DefExpriresIn is 24*3600,
	option(expires_in(ExpriresIn), Options, DefExpriresIn),

	get_time(Now),
	ExpiresAt is integer(Now+ExpriresIn),
	make_association([ session_type(SessionType),
			   expires_at(ExpiresAt),
			   mac_key(MacKey)
			 ],
			 Record),
	memberchk(peer(Peer), Request),
	assert(server_association(Peer, Handle, Record)),

	key_values_data([ assoc_type-AssocType,
			  assoc_handle-Handle,
			  expires_in-ExpriresIn,
			  session_type-SessionType,
			  dh_server_public-CPY64,
			  enc_mac_key-Base64EncKey
			],
			Text),
	format('Content-type: text/plain~n~n~s', [Text]).


new_assoc_handle(Handle) :-
	random_bytes(20, Bytes),
	phrase(base64(Bytes), HandleCodes),
	atom_codes(Handle, HandleCodes).


%%	checkid_setup_server(+Request, +Form, +Options)
%
%	Validate an OpenID for a TrustRoot and redirect the browser back
%	to the ReturnTo argument.  There   are  many  possible scenarios
%	here:
%
%		1. Check some cookie and if present, grant immediately
%		2. Use a 401 challenge page
%		3. Present a normal grant/password page
%		4. As (3), but use HTTPS for the exchange
%		5. etc.
%
%	First thing to check is the immediate acknowledgement.

checkid_setup_server(_Request, Form, _Options) :-
	memberchk('openid.identity'	= Identity,  Form),
	memberchk('openid.assoc_handle'	= Handle,    Form),
	memberchk('openid.return_to'	= ReturnTo,  Form),
	memberchk('openid.trust_root'	= TrustRoot, Form),

	server_association(_, Handle, _Association), 		% check

	reply_html_page([ title('OpenID login')
			],
			[ \openid_title,
			  div(class('openid-message'),
			      ['Site ', a(href(TrustRoot), TrustRoot), ' requests permission \
			       to login with OpenID ', a(href(Identity), Identity), '.'
			      ]),
			  table(class('openid-form'),
				[ tr(td(form([ action(grant), method('GET') ],
					     [ \hidden('openid.grant', yes),
					       \hidden('openid.identity', Identity),
					       \hidden('openid.assoc_handle', Handle),
					       \hidden('openid.return_to', ReturnTo),
					       \hidden('openid.trust_root', TrustRoot),
					       div(['Password: ',
						    input([type(password), name('openid.password')]),
						    input([type(submit), value('Grant')])
						   ])
					     ]))),
				  tr(td(align(right),
					form([ action(grant), method('GET') ],
					     [ \hidden('openid.grant', no),
					       \hidden('openid.return_to', ReturnTo),
					       input([type(submit), value('Deny')])
					     ])))
				])
			]).

hidden(Name, Value) -->
	html(input([type(hidden), name(Name), value(Value)])).


openid_title -->
	{ http_absolute_location(icons('openid-logo-square.png'), SRC, []) },
	html_requires(css('openid.css')),
	html(div(class('openid-title'),
		 [ a(href('http://openid.net/'),
		     img([ src(SRC), alt('OpenID') ])),
		   span('Login')
		 ])).


%%	openid_grant(+Request)
%
%	Handle the reply from checkid_setup_server/3.   If  the reply is
%	=yes=, check the authority (typically the   password) and if all
%	looks good redirect the browser to   ReturnTo, adding the OpenID
%	properties needed by the Relying Party to verify the login.

openid_grant(Request) :-
	http_parameters(Request,
			[ 'openid.grant'(Grant),
			  'openid.return_to'(ReturnTo)
			],
			[ attribute_declarations(openid_attribute)
			]),
	(   Grant == yes
	->  http_parameters(Request,
			    [ 'openid.identity'(Identity),
			      'openid.assoc_handle'(Handle),
			      'openid.trust_root'(TrustRoot),
			      'openid.password'(Password)
			    ],
			    [ attribute_declarations(openid_attribute)
			    ]),
	    server_association(_, Handle, Association),
	    grant_login(Request,
			[ identity(Identity),
			  password(Password),
			  trustroot(TrustRoot)
			]),
	    SignedPairs = [ 'mode'-id_res,
			    'identity'-Identity,
			    'assoc_handle'-Handle,
			    'return_to'-ReturnTo
			  ],
	    signed_fields(SignedPairs, Signed),
	    signature(SignedPairs, Association, Signature),
	    phrase(base64(Signature), Bas64Sig),
	    redirect_browser(ReturnTo,
			     [ 'openid.mode' = id_res,
			       'openid.identity' = Identity,
			       'openid.assoc_handle' = Handle,
			       'openid.return_to' = ReturnTo,
			       'openid.signed' = Signed,
			       'openid.sig' = Bas64Sig
			     ])
	;   redirect_browser(ReturnTo,
			     [ 'openid.mode' = cancel
			     ])
	).


%%	grant_login(+Request, +Options) is det.
%
%	Validate login from Request (can  be   used  to get cookies) and
%	Options, which contains at least:
%
%		* identity(Identity)
%		* password(Password)
%		* trustroot(TrustRoot)

grant_login(Request, Options) :-
	openid_hook(grant(Request, Options)).

%%	trusted(+OpenID, +Server)
%
%	True if we  trust  the  given   OpenID  server.  Must  throw  an
%	exception, possibly redirecting to a   page with trusted servers
%	if the given server is not trusted.

trusted(OpenID, Server) :-
	openid_hook(trusted(OpenID, Server)).


%%	signed_fields(+Pairs, -Signed) is det.
%
%	Create a comma-separated  atom  from   the  field-names  without
%	'openid.' from Pairs.

signed_fields(Pairs, Signed) :-
	signed_field_names(Pairs, Names),
	atomic_list_concat(Names, ',', Signed).

signed_field_names([], []).
signed_field_names([H0-_|T0], [H|T]) :-
	(   atom_concat('openid.', H, H0)
	->  true
	;   H = H0
	),
	signed_field_names(T0, T).

%%	signature(+Pairs, +Association, -Signature)
%
%	Determine the signature for Pairs

signature(Pairs, Association, Signature) :-
	key_values_data(Pairs, TokenContents),
	association_mac_key(Association, MacKey),
	association_session_type(Association, SessionType),
	signature_algorithm(SessionType, SHA),
	hmac_sha(MacKey, TokenContents, Signature, [algorithm(SHA)]),
	debug(openid(crypt), 'Signed:~n~s~nSignature: ~w', [TokenContents, Signature]).

signature_algorithm('DH-SHA1', sha1).
signature_algorithm('DH-SHA256', sha256).


		 /*******************************
		 *	      ASSOCIATE		*
		 *******************************/

:- dynamic
	association/3.			% URL, Handle, Data

:- record
	association(session_type='DH-SHA1',
		    expires_at,		% time-stamp
		    mac_key).		% code-list

%%	openid_associate(+URL, -Handle, -Assoc) is det.
%%	openid_associate(?URL, +Handle, -Assoc) is semidet.
%
%	Associate with an open-id server.  We   first  check for a still
%	valid old association. If there is  none   or  it is expired, we
%	esstablish one and remember it.
%
%	@tbd	Should we store known associations permanently?  Where?

openid_associate(URL, Handle, Assoc) :-
	association(URL, Handle, Assoc),
	association_expires_at(Assoc, Expires),
	get_time(Now),
	(   Now < Expires
	->  debug(openid(associate), '~w: Reusing association', [URL])
	;   retractall(association(URL, Handle, _)),
	    fail
	).
openid_associate(URL, Handle, Assoc) :-
	ground(URL),
	associate_data(Data, P, _G, X),
	http_post(URL, form(Data), Reply, [to(codes)]),
	debug(openid(associate), 'Reply: ~n~s', [Reply]),
	key_values_data(Pairs, Reply),
	shared_secret(Pairs, P, X, MacKey),
	expires_at(Pairs, ExpiresAt),
	memberchk(assoc_handle-Handle, Pairs),
	memberchk(session_type-Type, Pairs),
	make_association([ session_type(Type),
			   expires_at(ExpiresAt),
			   mac_key(MacKey)
			 ], Assoc),
	assert(association(URL, Handle, Assoc)).


%%	shared_secret(+Pairs, +P, +X, -Secret:list(codes))
%
%	Find the shared secret from the peer's reply and our data. First
%	clause deals with the (deprecated) non-encoded version.

shared_secret(Pairs, _, _, Secret) :-
	memberchk(mac_key-Base64, Pairs), !,
	atom_codes(Base64, Base64Codes),
	phrase(base64(Base64Codes), Secret).
shared_secret(Pairs, P, X, Secret) :-
	memberchk(dh_server_public-Base64Public, Pairs),
	memberchk(enc_mac_key-Base64EncMacKey, Pairs),
	base64_btwoc(ServerPublic, Base64Public),
	DiffieHellman is powm(ServerPublic, X, P),
	atom_codes(Base64EncMacKey, Base64EncMacKeyCodes),
	phrase(base64(EncMacKey), Base64EncMacKeyCodes),
	btwoc(DiffieHellman, DiffieHellmanBytes),
	sha_hash(DiffieHellmanBytes, DHHash, [algorithm(sha1)]),
	xor_codes(DHHash, EncMacKey, Secret).


%%	expires_at(+Pairs, -Time) is det.
%
%	Unify Time with  a  time-stamp   stating  when  the  association
%	exires.

expires_at(Pairs, Time) :-
	memberchk(expires_in-ExpAtom, Pairs),
	atom_number(ExpAtom, Seconds),
	get_time(Now),
	Time is integer(Now)+Seconds.


%%	associate_data(-Data, -X) is det.
%
%	Generate the data to initiate an association using Diffie-Hellman
%	shared secret key negotiation.

associate_data(Data, P, G, X) :-
	openid_dh_p(P),
	openid_dh_g(G),
	dh_x(P, X),
	CP is powm(G, X, P),
	base64_btwoc(P, P64),
	base64_btwoc(G, G64),
	base64_btwoc(CP, CP64),
	Data = [ 'openid.mode'		     = associate,
		 'openid.assoc_type'	     = 'HMAC-SHA1',
		 'openid.session_type'	     = 'DH-SHA1',
		 'openid.dh_modulus'	     = P64,
		 'openid.dh_gen'	     = G64,
		 'openid.dh_consumer_public' = CP64
	       ].


		 /*******************************
		 *	      RANDOM		*
		 *******************************/

%%	random_bytes(+N, -Bytes) is det.
%
%	Bytes is a list of N random bytes (integers 0..255).

random_bytes(N, [H|T]) :-
	N > 0, !,
	H is random(256),
	N2 is N - 1,
	random_bytes(N2, T).
random_bytes(_, []).


%%	dh_x(+Max, -X)
%
%	Generate a random key X where 1<=X<P-1)
%
%	@tbd	If we have /dev/urandom, use that.

dh_x(P, X) :-
	X0 is random(65536),
	Max is P - 1,
	dh_x(Max, X0, X).

dh_x(Max, X0, X) :-
	X1 is X0<<16+random(65536),
	(   X1 >= Max
	->  X = X0
	;   dh_x(Max, X1, X)
	).


		 /*******************************
		 *	     CONSTANTS		*
		 *******************************/

openid_dh_p(155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443).

openid_dh_g(2).


		 /*******************************
		 *	       UTIL		*
		 *******************************/

%%	key_values_data(+KeyValues:list(Key-Value), -Data:list(code)) is det.
%%	key_values_data(-KeyValues:list(Key-Value), +Data:list(code)) is det.
%
%	Encoding  and  decoding  of  key-value  pairs  for  OpenID  POST
%	messages  according  to   Appendix   C    of   the   OpenID  1.1
%	specification.

key_values_data(Pairs, Data) :-
	nonvar(Data), !,
	phrase(data_form(Pairs), Data).
key_values_data(Pairs, Data) :-
	phrase(gen_data_form(Pairs), Data).

data_form([Key-Value|Pairs]) -->
	utf8_string(KeyCodes), ":", utf8_string(ValueCodes), "\n", !,
	{ atom_codes(Key, KeyCodes),
	  atom_codes(Value, ValueCodes)
	},
	data_form(Pairs).
data_form([]) -->
	ws.

%%	utf8_string(-Codes)// is nondet.
%
%	Take a short UTF-8 code-list from input. Extend on backtracking.

utf8_string([]) -->
	[].
utf8_string([H|T]) -->
	utf8_codes([H]),
	utf8_string(T).

ws -->
	[C],
	{ C =< 32 }, !,
	ws.
ws -->
	[].


gen_data_form([]) -->
	[].
gen_data_form([Key-Value|T]) -->
	field(Key), ":", field(Value), "\n",
	gen_data_form(T).

field(Field) -->
	{ to_codes(Field, Codes)
	},
	utf8_codes(Codes).

to_codes(Codes, Codes) :-
	is_list(Codes), !.
to_codes(Atomic, Codes) :-
	atom_codes(Atomic, Codes).

%%	base64_btwoc(+Int, -Base64:list(code)) is det.
%%	base64_btwoc(-Int, +Base64:list(code)) is det.
%%	base64_btwoc(-Int, +Base64:atom) is det.

base64_btwoc(Int, Base64) :-
	integer(Int), !,
	btwoc(Int, Bytes),
	phrase(base64(Bytes), Base64).
base64_btwoc(Int, Base64) :-
	atom(Base64), !,
	atom_codes(Base64, Codes),
	phrase(base64(Bytes), Codes),
	btwoc(Int, Bytes).
base64_btwoc(Int, Base64) :-
	phrase(base64(Bytes), Base64),
	btwoc(Int, Bytes).


%%	btwoc(+Integer, -Bytes) is det.
%%	btwoc(-Integer, +Bytes) is det.
%
%	Translate between a big integer and and its representation in
%	bytes.  The first bit is always 0, as Integer is nonneg.

btwoc(Int, Bytes) :-
	integer(Int), !,
	int_to_bytes(Int, Bytes).
btwoc(Int, Bytes) :-
	is_list(Bytes),
	bytes_to_int(Bytes, Int).

int_to_bytes(Int, Bytes) :-
	int_to_bytes(Int, [], Bytes).

int_to_bytes(Int, Bytes0, [Int|Bytes0]) :-
	Int < 128, !.
int_to_bytes(Int, Bytes0, Bytes) :-
	Last is Int /\ 0xff,
	Int1 is Int >> 8,
	int_to_bytes(Int1, [Last|Bytes0], Bytes).


bytes_to_int([B|T], Int) :-
	bytes_to_int(T, B, Int).

bytes_to_int([], Int, Int).
bytes_to_int([B|T], Int0, Int) :-
	Int1 is (Int0<<8)+B,
	bytes_to_int(T, Int1, Int).


%%	xor_codes(+C1:list(int), +C2:list(int), -XOR:list(int)) is det.
%
%	Compute xor of two strings.
%
%	@error	length_mismatch(L1, L2) if the two lists do not have equal
%		length.

xor_codes([], [], []).
xor_codes([H1|T1], [H2|T2], [H|T]) :-
	H is H1 xor H2, !,
	xor_codes(T1, T2, T).
xor_codes(L1, L2, _) :-
	throw(error(length_mismatch(L1, L2), _)).


		 /*******************************
		 *	  HTTP ATTRIBUTES	*
		 *******************************/

openid_attribute('openid.mode',
		 [ oneof([ associate,
			   checkid_setup,
			   cancel,
			   id_res
			 ])
		 ]).
openid_attribute('openid.assoc_type',
		 [ oneof(['HMAC-SHA1'])
		 ]).
openid_attribute('openid.session_type',
		 [ oneof([ 'DH-SHA1',
			   'DH-SHA256'
			 ])
		 ]).
openid_attribute('openid.dh_modulus',	      [length > 1]).
openid_attribute('openid.dh_gen', 	      [length > 1]).
openid_attribute('openid.dh_consumer_public', [length > 1]).
openid_attribute('openid.assoc_handle',	      [length > 1]).
openid_attribute('openid.return_to',	      [length > 1]).
openid_attribute('openid.trust_root',	      [length > 1]).
openid_attribute('openid.identity',	      [length > 1]).
openid_attribute('openid.password',	      [length > 1]).
openid_attribute('openid.grant',	      [oneof([yes,no])]).