aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTristan Schwieren <tristan.schwieren@tum.de>2022-06-15 16:30:23 +0200
committerTristan Schwieren <tristan.schwieren@tum.de>2022-06-15 16:30:23 +0200
commit3627e3099140350e5e48dff112b67a0796aa4d2a (patch)
tree0c09a76855f73106c68a1b6250eb06bcbb0880ca
parent1c910f64baa91df478dd0b4b4495aa3895efbf06 (diff)
downloadgnunet-3627e3099140350e5e48dff112b67a0796aa4d2a.tar.gz
gnunet-3627e3099140350e5e48dff112b67a0796aa4d2a.zip
- fix missing from oidc branch
-rw-r--r--src/reclaim/oidc_helper.h2
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c53
2 files changed, 47 insertions, 8 deletions
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h
index ea106b4f2..b134c71ad 100644
--- a/src/reclaim/oidc_helper.h
+++ b/src/reclaim/oidc_helper.h
@@ -34,7 +34,7 @@
34#define JWT_ALG_VALUE_HMAC "HS512" 34#define JWT_ALG_VALUE_HMAC "HS512"
35#define JWT_ALG_VALUE_RSA "RS256" 35#define JWT_ALG_VALUE_RSA "RS256"
36 36
37#define SERVER_ADDRESS "https://api.reclaim" 37#define SERVER_ADDRESS "http://localhost:7776"
38 38
39enum OIDC_VerificationOptions 39enum OIDC_VerificationOptions
40{ 40{
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index bb8e1cd1e..0ffe1b6c8 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -939,15 +939,14 @@ generate_jwk ()
939} 939}
940 940
941/** 941/**
942 * Return the path to the RSA JWK key file 942 * Return the path to the oidc directory path
943 * 943 *
944 * @param cls the RequestHandle 944 * @param cls the RequestHandle
945 */ 945 */
946char * 946char *
947get_oidc_jwk_path (void *cls) 947get_oidc_dir_path (void *cls)
948{ 948{
949 char *oidc_directory; 949 char *oidc_directory;
950 char *oidc_jwk_path;
951 struct RequestHandle *handle = cls; 950 struct RequestHandle *handle = cls;
952 951
953 // Read OIDC directory from config 952 // Read OIDC directory from config
@@ -964,6 +963,22 @@ get_oidc_jwk_path (void *cls)
964 return NULL; 963 return NULL;
965 } 964 }
966 965
966 return oidc_directory;
967}
968
969/**
970 * Return the path to the RSA JWK key file
971 *
972 * @param cls the RequestHandle
973 */
974char *
975get_oidc_jwk_path (void *cls)
976{
977 char *oidc_directory;
978 char *oidc_jwk_path;
979
980 oidc_directory = get_oidc_dir_path(cls);
981
967 // Create path to file 982 // Create path to file
968 GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory, 983 GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory,
969 OIDC_JWK_RSA_FILENAME); 984 OIDC_JWK_RSA_FILENAME);
@@ -2167,6 +2182,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2167 char *code_verifier; 2182 char *code_verifier;
2168 json_t *oidc_jwk; 2183 json_t *oidc_jwk;
2169 char *oidc_jwk_path; 2184 char *oidc_jwk_path;
2185 char *oidc_directory;
2170 2186
2171 /* 2187 /*
2172 * Check Authorization 2188 * Check Authorization
@@ -2285,11 +2301,33 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2285 jwa = JWT_ALG_VALUE_RSA; 2301 jwa = JWT_ALG_VALUE_RSA;
2286 } 2302 }
2287 2303
2288 if (strcmp(jwa, JWT_ALG_VALUE_RSA)) 2304 if ( ! strcmp (jwa, JWT_ALG_VALUE_RSA))
2289 { 2305 {
2290 // Replace for now 2306 // Replace for now
2291 oidc_jwk_path = get_oidc_jwk_path (cls); 2307 oidc_jwk_path = get_oidc_jwk_path (cls);
2292 oidc_jwk = read_jwk_from_file (oidc_jwk_path); 2308 oidc_jwk = read_jwk_from_file (oidc_jwk_path);
2309
2310 // Check if secret JWK exists
2311 if (! oidc_jwk)
2312 {
2313 // Generate and save a new key
2314 oidc_jwk = generate_jwk ();
2315 oidc_directory = get_oidc_dir_path(cls);
2316
2317 // Create new oidc directory
2318 if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory))
2319 {
2320 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2321 ("Failed to create directory `%s' for storing oidc data\n"),
2322 oidc_directory);
2323 }
2324 else
2325 {
2326 write_jwk_to_file (oidc_jwk_path, oidc_jwk);
2327 }
2328 }
2329
2330 // Generate oidc token
2293 id_token = OIDC_generate_id_token_rsa (&ticket.audience, 2331 id_token = OIDC_generate_id_token_rsa (&ticket.audience,
2294 &ticket.identity, 2332 &ticket.identity,
2295 cl, 2333 cl,
@@ -2298,7 +2336,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2298 (NULL != nonce) ? nonce : NULL, 2336 (NULL != nonce) ? nonce : NULL,
2299 oidc_jwk); 2337 oidc_jwk);
2300 } 2338 }
2301 else if (strcmp(jwa, JWT_ALG_VALUE_HMAC)) 2339 else if ( ! strcmp (jwa, JWT_ALG_VALUE_HMAC))
2302 { 2340 {
2303 // TODO OPTIONAL acr,amr,azp 2341 // TODO OPTIONAL acr,amr,azp
2304 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, 2342 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg,
@@ -2328,7 +2366,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2328 2366
2329 GNUNET_free (jwt_secret); 2367 GNUNET_free (jwt_secret);
2330 } 2368 }
2331 else 2369 else
2332 { 2370 {
2333 // TODO: OPTION NOT FOUND ERROR 2371 // TODO: OPTION NOT FOUND ERROR
2334 } 2372 }
@@ -2652,6 +2690,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2652 { 2690 {
2653 // Generate and save a new key 2691 // Generate and save a new key
2654 oidc_jwk = generate_jwk (); 2692 oidc_jwk = generate_jwk ();
2693 oidc_directory = get_oidc_dir_path(cls);
2655 2694
2656 // Create new oidc directory 2695 // Create new oidc directory
2657 if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) 2696 if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory))
@@ -2675,7 +2714,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2675 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2714 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2676 json_decref (oidc_jwk); 2715 json_decref (oidc_jwk);
2677 GNUNET_free (oidc_jwk_pub_str); 2716 GNUNET_free (oidc_jwk_pub_str);
2678 free (oidc_jwk_pub_str); 2717 GNUNET_free (oidc_jwk_pub_str);
2679 cleanup_handle (handle); 2718 cleanup_handle (handle);
2680} 2719}
2681 2720