summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTristan Schwieren <tristan.schwieren@tum.de>2022-04-12 13:59:26 +0200
committerTristan Schwieren <tristan.schwieren@tum.de>2022-04-12 13:59:26 +0200
commit1fbd8fbcd92a62fdd5d41fba2362cfbb86bfcb0a (patch)
tree8b1d5f9d38166affd9592773e8e1ef7359cdde77
parent4034e9e342c02665b768452948eef5e852f719ad (diff)
- working oids_rsa read/write without logging
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c108
1 files changed, 75 insertions, 33 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 1d8ae4681..a360176d8 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -234,6 +234,11 @@
#define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied"
/**
+ *
+ */
+#define OIDC_RSA_STORAGE_FILE "/home/tristan/rsa.json"
+
+/**
* How long to wait for a consume in userinfo endpoint
*/
#define CONSUME_TIMEOUT GNUNET_TIME_relative_multiply ( \
@@ -2485,40 +2490,74 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
GNUNET_free (authorization);
}
+int
+valid_jwk(json_t * jwk)
+{
+ return GNUNET_OK;
+}
+
/**
- * Read a jwk from file. Parses the file an created the
- * respective json_t key in memeory
- * TODO: change description
- * Return -1 if file does not exist or does not contain a valid JWK RSA key
- *
- * @param filename name of the file to parse
- * @param jwk parsed jwk
- * @return #GNUNET_OK to continue
+ * @brief Read the the JSON Web Key in the given file and return it.
+ * Return NULL and emit error if JSON can not be decoded or the key is
+ * invalid
+ *
+ * @param filename the file to read the JWK from
+ * @return json_t* the reed JWK
*/
-static int
-read_jwk_from_file(const char *filename,
- json_t *jwk)
+json_t *
+read_jwk_from_file(const char *filename)
{
- json_error_t *error;
+ // TODO: GNUnet logging/error
+ json_t *jwk;
+ json_error_t error;
- jwk = json_load_file(filename, JSON_DECODE_ANY, error);
-
- // Check if valid key
+ jwk = json_load_file(filename, JSON_DECODE_ANY, &error);
- if(NULL != error) {
- printf("%s", error);
- return GNUNET_ERROR_TYPE_ERROR;
- }
-
- return GNUNET_OK;
+ // if (!jwk){
+ // GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
+ // ("Could not read OIDC RSA key from config file; %s",
+ // error.text));
+ // }
+ // TODO: Check if valid JWK
+
+ return jwk;
}
+/**
+ * @brief Write the JWK to file
+ *
+ * @param filename the name of the file the JWK is writen to
+ * @param jwk the JWK that is going to be written
+ * @return int Return GNUNET_OK if write is sucessfull
+ */
static int
write_jwk_to_file(const char *filename,
json_t *jwk)
{
+ if (json_dump_file(jwk, filename, JSON_INDENT(2)))
+ {
+ GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
+ ("Could not write OIDC RSA key to file %s",
+ filename));
+ return GNUNET_ERROR_TYPE_WARNING;
+ }
+ else
+ return GNUNET_OK;
+}
- return GNUNET_OK;
+/**
+ * @brief Generate a new RSA JSON Web Key
+ *
+ * @return json_t* the generated JWK
+ */
+json_t *
+generate_jwk()
+{
+ json_t *jwk;
+ jwk = json_pack("{s:s,s:i}", "kty", "RSA", "bits", 2048);
+ jose_jwk_gen(NULL, jwk);
+ json_incref(jwk);
+ return jwk;
}
/**
@@ -2538,16 +2577,23 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
char *jwk_str;
struct MHD_Response *resp;
struct RequestHandle *handle = cls;
+ // TODO:
+ // try reading json web key from file
+ // If sucessfull return public key of read key
+ // If not, generate new key and write to file
+ // return public key
- // Generate RSA key
- // jwk = json_pack("{s:s,s:i}", "kty", "RSA", "bits", 2048);
- // jose_jwk_gen(NULL, jwk);
- // jose_jwk_pub(NULL, jwk);
+ jwk = read_jwk_from_file(OIDC_RSA_STORAGE_FILE);
- // Read from file
- const char *filename = "/home/tristan/rsa.json";
- read_jwk_from_file(filename, jwk);
+ if (!jwk){
+ jwk = generate_jwk();
+ // printf("%s", json_dumps(jwk, JSON_INDENT(2)));
+ write_jwk_to_file(OIDC_RSA_STORAGE_FILE, jwk);
+ }
+
+ jose_jwk_pub(NULL, jwk);
+ // Encode JSON Web Key as string and return to API endpoint
jwk_str = json_dumps (jwk, JSON_INDENT (1));
resp = GNUNET_REST_create_response (jwk_str);
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
@@ -2876,10 +2922,6 @@ libgnunet_plugin_rest_openid_connect_init (void *cls)
MHD_HTTP_METHOD_DELETE,
MHD_HTTP_METHOD_OPTIONS);
- // TODO: Check if config file with rss key exists
- // TODO: If not: generate new key and save in in file
- // TODO: READ config file and save key
-
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
_ ("OpenID Connect REST API initialized\n"));
return api;