diff options
| author | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-04-12 15:36:25 +0200 |
|---|---|---|
| committer | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-04-12 15:36:25 +0200 |
| commit | 04ced582aa324ade4b744bd94ac93657338f8272 (patch) | |
| tree | 97d7b5d581eb4c89db75a09eb603be58caa799b2 | |
| parent | 1fbd8fbcd92a62fdd5d41fba2362cfbb86bfcb0a (diff) | |
- filename extra / error
| -rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 51 | ||||
| -rw-r--r-- | src/reclaim/reclaim.conf | 1 |
2 files changed, 32 insertions, 20 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index a360176d8..94e4888d8 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -234,11 +234,6 @@ #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" /** - * - */ -#define OIDC_RSA_STORAGE_FILE "/home/tristan/rsa.json" - -/** * How long to wait for a consume in userinfo endpoint */ #define CONSUME_TIMEOUT GNUNET_TIME_relative_multiply ( \ @@ -2507,18 +2502,18 @@ valid_jwk(json_t * jwk) json_t * read_jwk_from_file(const char *filename) { - // TODO: GNUnet logging/error json_t *jwk; json_error_t error; jwk = json_load_file(filename, JSON_DECODE_ANY, &error); + + printf("%s\n", error.text); // if (!jwk){ // GNUNET_log(GNUNET_ERROR_TYPE_WARNING, // ("Could not read OIDC RSA key from config file; %s", // error.text)); // } - // TODO: Check if valid JWK return jwk; } @@ -2534,14 +2529,16 @@ static int write_jwk_to_file(const char *filename, json_t *jwk) { - if (json_dump_file(jwk, filename, JSON_INDENT(2))) + if (!json_dump_file(jwk, filename, JSON_INDENT(2))) { - GNUNET_log(GNUNET_ERROR_TYPE_WARNING, - ("Could not write OIDC RSA key to file %s", - filename)); + // GNUNET_log(GNUNET_ERROR_TYPE_WARNING, + // ("Could not write OIDC RSA key to file %s", + // filename)); + printf("Wrote file unsucessfully\n"); return GNUNET_ERROR_TYPE_WARNING; } else + printf("Wrote file sucessfully to %s\n", filename); return GNUNET_OK; } @@ -2573,27 +2570,41 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, void *cls) { // TODO: Set json application type header + // TODO: Check if valid JWK + // TODO: GNUNET error/logging json_t *jwk; + char *jwk_filename; char *jwk_str; struct MHD_Response *resp; struct RequestHandle *handle = cls; - // TODO: - // try reading json web key from file - // If sucessfull return public key of read key - // If not, generate new key and write to file - // return public key - jwk = read_jwk_from_file(OIDC_RSA_STORAGE_FILE); + // Read JWK RSA key filename + if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, + "reclaim-rest-plugin", + "oidc_jwk_rsa_key_path", + &jwk_filename)) + { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); + handle->edesc = GNUNET_strdup ("gnunet configuration failed"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + // Read JWK RSA key + jwk = read_jwk_from_file(jwk_filename); + printf("I read this:\n%s\n", json_dumps(jwk, JSON_INDENT(2))); if (!jwk){ + // If no key exists, generate and save a new key jwk = generate_jwk(); - // printf("%s", json_dumps(jwk, JSON_INDENT(2))); - write_jwk_to_file(OIDC_RSA_STORAGE_FILE, jwk); + write_jwk_to_file(jwk_filename, jwk); } + // Convert jwk to jwk public key jose_jwk_pub(NULL, jwk); - // Encode JSON Web Key as string and return to API endpoint + // Encode jwk as string and return to API endpoint jwk_str = json_dumps (jwk, JSON_INDENT (1)); resp = GNUNET_REST_create_response (jwk_str); handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); diff --git a/src/reclaim/reclaim.conf b/src/reclaim/reclaim.conf index 8655f2e0b..084f720b2 100644 --- a/src/reclaim/reclaim.conf +++ b/src/reclaim/reclaim.conf @@ -15,5 +15,6 @@ TICKET_REFRESH_INTERVAL = 6h #ADDRESS = https://identity.gnu:8000#/login ADDRESS = https://ui.reclaim/#/login OIDC_CLIENT_SECRET = secret +OIDC_JWK_RSA_KEY_PATH = $GNUNET_CONFIG_HOME/oidc/rsa-key.json JWT_SECRET = secret EXPIRATION_TIME = 1d |