diff options
author | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-06-15 16:30:23 +0200 |
---|---|---|
committer | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-06-15 16:30:23 +0200 |
commit | 3627e3099140350e5e48dff112b67a0796aa4d2a (patch) | |
tree | 0c09a76855f73106c68a1b6250eb06bcbb0880ca | |
parent | 1c910f64baa91df478dd0b4b4495aa3895efbf06 (diff) | |
download | gnunet-3627e3099140350e5e48dff112b67a0796aa4d2a.tar.gz gnunet-3627e3099140350e5e48dff112b67a0796aa4d2a.zip |
- fix missing from oidc branch
-rw-r--r-- | src/reclaim/oidc_helper.h | 2 | ||||
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 53 |
2 files changed, 47 insertions, 8 deletions
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h index ea106b4f2..b134c71ad 100644 --- a/src/reclaim/oidc_helper.h +++ b/src/reclaim/oidc_helper.h | |||
@@ -34,7 +34,7 @@ | |||
34 | #define JWT_ALG_VALUE_HMAC "HS512" | 34 | #define JWT_ALG_VALUE_HMAC "HS512" |
35 | #define JWT_ALG_VALUE_RSA "RS256" | 35 | #define JWT_ALG_VALUE_RSA "RS256" |
36 | 36 | ||
37 | #define SERVER_ADDRESS "https://api.reclaim" | 37 | #define SERVER_ADDRESS "http://localhost:7776" |
38 | 38 | ||
39 | enum OIDC_VerificationOptions | 39 | enum OIDC_VerificationOptions |
40 | { | 40 | { |
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index bb8e1cd1e..0ffe1b6c8 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -939,15 +939,14 @@ generate_jwk () | |||
939 | } | 939 | } |
940 | 940 | ||
941 | /** | 941 | /** |
942 | * Return the path to the RSA JWK key file | 942 | * Return the path to the oidc directory path |
943 | * | 943 | * |
944 | * @param cls the RequestHandle | 944 | * @param cls the RequestHandle |
945 | */ | 945 | */ |
946 | char * | 946 | char * |
947 | get_oidc_jwk_path (void *cls) | 947 | get_oidc_dir_path (void *cls) |
948 | { | 948 | { |
949 | char *oidc_directory; | 949 | char *oidc_directory; |
950 | char *oidc_jwk_path; | ||
951 | struct RequestHandle *handle = cls; | 950 | struct RequestHandle *handle = cls; |
952 | 951 | ||
953 | // Read OIDC directory from config | 952 | // Read OIDC directory from config |
@@ -964,6 +963,22 @@ get_oidc_jwk_path (void *cls) | |||
964 | return NULL; | 963 | return NULL; |
965 | } | 964 | } |
966 | 965 | ||
966 | return oidc_directory; | ||
967 | } | ||
968 | |||
969 | /** | ||
970 | * Return the path to the RSA JWK key file | ||
971 | * | ||
972 | * @param cls the RequestHandle | ||
973 | */ | ||
974 | char * | ||
975 | get_oidc_jwk_path (void *cls) | ||
976 | { | ||
977 | char *oidc_directory; | ||
978 | char *oidc_jwk_path; | ||
979 | |||
980 | oidc_directory = get_oidc_dir_path(cls); | ||
981 | |||
967 | // Create path to file | 982 | // Create path to file |
968 | GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory, | 983 | GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory, |
969 | OIDC_JWK_RSA_FILENAME); | 984 | OIDC_JWK_RSA_FILENAME); |
@@ -2167,6 +2182,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2167 | char *code_verifier; | 2182 | char *code_verifier; |
2168 | json_t *oidc_jwk; | 2183 | json_t *oidc_jwk; |
2169 | char *oidc_jwk_path; | 2184 | char *oidc_jwk_path; |
2185 | char *oidc_directory; | ||
2170 | 2186 | ||
2171 | /* | 2187 | /* |
2172 | * Check Authorization | 2188 | * Check Authorization |
@@ -2285,11 +2301,33 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2285 | jwa = JWT_ALG_VALUE_RSA; | 2301 | jwa = JWT_ALG_VALUE_RSA; |
2286 | } | 2302 | } |
2287 | 2303 | ||
2288 | if (strcmp(jwa, JWT_ALG_VALUE_RSA)) | 2304 | if ( ! strcmp (jwa, JWT_ALG_VALUE_RSA)) |
2289 | { | 2305 | { |
2290 | // Replace for now | 2306 | // Replace for now |
2291 | oidc_jwk_path = get_oidc_jwk_path (cls); | 2307 | oidc_jwk_path = get_oidc_jwk_path (cls); |
2292 | oidc_jwk = read_jwk_from_file (oidc_jwk_path); | 2308 | oidc_jwk = read_jwk_from_file (oidc_jwk_path); |
2309 | |||
2310 | // Check if secret JWK exists | ||
2311 | if (! oidc_jwk) | ||
2312 | { | ||
2313 | // Generate and save a new key | ||
2314 | oidc_jwk = generate_jwk (); | ||
2315 | oidc_directory = get_oidc_dir_path(cls); | ||
2316 | |||
2317 | // Create new oidc directory | ||
2318 | if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) | ||
2319 | { | ||
2320 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2321 | ("Failed to create directory `%s' for storing oidc data\n"), | ||
2322 | oidc_directory); | ||
2323 | } | ||
2324 | else | ||
2325 | { | ||
2326 | write_jwk_to_file (oidc_jwk_path, oidc_jwk); | ||
2327 | } | ||
2328 | } | ||
2329 | |||
2330 | // Generate oidc token | ||
2293 | id_token = OIDC_generate_id_token_rsa (&ticket.audience, | 2331 | id_token = OIDC_generate_id_token_rsa (&ticket.audience, |
2294 | &ticket.identity, | 2332 | &ticket.identity, |
2295 | cl, | 2333 | cl, |
@@ -2298,7 +2336,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2298 | (NULL != nonce) ? nonce : NULL, | 2336 | (NULL != nonce) ? nonce : NULL, |
2299 | oidc_jwk); | 2337 | oidc_jwk); |
2300 | } | 2338 | } |
2301 | else if (strcmp(jwa, JWT_ALG_VALUE_HMAC)) | 2339 | else if ( ! strcmp (jwa, JWT_ALG_VALUE_HMAC)) |
2302 | { | 2340 | { |
2303 | // TODO OPTIONAL acr,amr,azp | 2341 | // TODO OPTIONAL acr,amr,azp |
2304 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, | 2342 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, |
@@ -2328,7 +2366,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2328 | 2366 | ||
2329 | GNUNET_free (jwt_secret); | 2367 | GNUNET_free (jwt_secret); |
2330 | } | 2368 | } |
2331 | else | 2369 | else |
2332 | { | 2370 | { |
2333 | // TODO: OPTION NOT FOUND ERROR | 2371 | // TODO: OPTION NOT FOUND ERROR |
2334 | } | 2372 | } |
@@ -2652,6 +2690,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2652 | { | 2690 | { |
2653 | // Generate and save a new key | 2691 | // Generate and save a new key |
2654 | oidc_jwk = generate_jwk (); | 2692 | oidc_jwk = generate_jwk (); |
2693 | oidc_directory = get_oidc_dir_path(cls); | ||
2655 | 2694 | ||
2656 | // Create new oidc directory | 2695 | // Create new oidc directory |
2657 | if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) | 2696 | if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) |
@@ -2675,7 +2714,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2675 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2714 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
2676 | json_decref (oidc_jwk); | 2715 | json_decref (oidc_jwk); |
2677 | GNUNET_free (oidc_jwk_pub_str); | 2716 | GNUNET_free (oidc_jwk_pub_str); |
2678 | free (oidc_jwk_pub_str); | 2717 | GNUNET_free (oidc_jwk_pub_str); |
2679 | cleanup_handle (handle); | 2718 | cleanup_handle (handle); |
2680 | } | 2719 | } |
2681 | 2720 | ||