Login example in GNU C++

This example is using libssl and libcurl please refer to the documentation for your development environment.

The example is tested on Ubuntu 12.04. The file NEXTAPI_TEST_public.pem should be available in the same directory as the executable.

On Ubuntu compile and run with


g++ test.cpp -o test -lssl -lcrypto -lcurl
./test <username> <password>

#include <string>
#include <iostream>
#include <sstream>
#include <ctime>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <curl/curl.h>

using namespace std;

string create_blob(const string &username, const string &password);
string encode_base64(const string &s);
string url_encode(CURL *curl, const string &s);
string encrypt(const string &s);
string timestamp_in_ms();
void login(const string &username, const string &password);

template <typename T>
string to_string(const T &v) 
{ 
  stringstream ss;
  ss << v;
  return ss.str();
};

int main(int argc, const char* argv[])
{
  if (argc != 3) {
    cerr << "Usage: " << argv[0] << "<username> <password>";
    exit(1);
  }
  string username = string(argv[1]);
  string password = string(argv[2]);
  login(username, password);
};

void login(const string &username, const string &password) 
{
  CURL *curl;
  CURLcode res;

  curl_global_init(CURL_GLOBAL_ALL);

  curl = curl_easy_init();
  if (!curl) {
    cerr << "Error starting curl" << endl;
    exit(1);
  }

  struct curl_slist *header = NULL;
  header = curl_slist_append(header, "Accept-Language: sv");
  header = curl_slist_append(header, "Accept: application/json");

  string blob = create_blob(username, password);
  string postdata = "auth=" + url_encode(curl, blob) + "&service=NEXTAPI";

  curl_easy_setopt(curl, CURLOPT_URL, 
    "https://api.test.nordnet.se/next/2/login");
  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postdata.c_str());
  curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, postdata.length());
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, header);

  res = curl_easy_perform(curl);

  curl_slist_free_all(header);
  curl_easy_cleanup(curl);

}

string create_blob(const string &username, const string &password) 
{
  string encoded =
    encode_base64(username) + ":" +
    encode_base64(password) + ":" +
    encode_base64(timestamp_in_ms());
  return encode_base64(encrypt(encoded));
}

string timestamp_in_ms() 
{
  return to_string(std::time(0)) + "000";
}

string url_encode(CURL *curl, const string &s)
{
  char *url_encoded = curl_easy_escape(curl, s.c_str(), s.length());
  string url_encoded_str(url_encoded);
  curl_free(url_encoded);

  return url_encoded_str;
}

string encode_base64(const string &s) {
  BIO *bmem, *b64;
  BUF_MEM *bptr;

  b64 = BIO_new(BIO_f_base64());
  bmem = BIO_new(BIO_s_mem());
  b64 = BIO_push(b64, bmem);
  BIO_write(b64, s.c_str(), s.length());
  BIO_flush(b64);
  BIO_get_mem_ptr(b64, &bptr);

  string base64 = string(bptr->data,bptr->length-1);

  BIO_free_all(b64);

  return base64;
}

string encrypt(const string &s) {
  RSA *public_key;  
  FILE *fp;

  OpenSSL_add_all_algorithms();

  fp = fopen("NEXTAPI_TEST_public.pem","r");
  public_key = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
  fclose(fp);

  if (!public_key) {
    cerr << "Can't read public key" << endl;
    exit(1);
  }

  unsigned char encrypted[2560] = {0};

  int len = 
    RSA_public_encrypt(s.length(), 
               reinterpret_cast<unsigned char*>(const_cast<char *>(s.c_str())), 
               encrypted, 
               public_key, 
               RSA_PKCS1_PADDING);

  string result(reinterpret_cast<const char *>(encrypted), len);

  RSA_free(public_key);

  return result;
}