diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-04-27 08:37:36 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-04-27 08:37:36 +0200 |
commit | 9f4ff53b108ebb7048414d6b5ab966db4b772a09 (patch) | |
tree | adf6c93e3c6938387dd8b3d9a6287d16bc6b56e1 | |
parent | db0e200222b9cd51615e640c4293ddd584b38cc8 (diff) | |
download | gnunet-9f4ff53b108ebb7048414d6b5ab966db4b772a09.tar.gz gnunet-9f4ff53b108ebb7048414d6b5ab966db4b772a09.zip |
fixes
-rw-r--r-- | src/reclaim/oidc_helper.c | 70 |
1 files changed, 42 insertions, 28 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 82f01b755..11641e166 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -111,12 +111,14 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
111 | // auth_time only if max_age | 111 | // auth_time only if max_age |
112 | // nonce only if nonce | 112 | // nonce only if nonce |
113 | // OPTIONAL acr,amr,azp | 113 | // OPTIONAL acr,amr,azp |
114 | subject = GNUNET_STRINGS_data_to_string_alloc ( | 114 | subject = |
115 | sub_key, | 115 | GNUNET_STRINGS_data_to_string_alloc (sub_key, |
116 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 116 | sizeof (struct |
117 | audience = GNUNET_STRINGS_data_to_string_alloc ( | 117 | GNUNET_CRYPTO_EcdsaPublicKey)); |
118 | aud_key, | 118 | audience = |
119 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 119 | GNUNET_STRINGS_data_to_string_alloc (aud_key, |
120 | sizeof (struct | ||
121 | GNUNET_CRYPTO_EcdsaPublicKey)); | ||
120 | header = create_jwt_header (); | 122 | header = create_jwt_header (); |
121 | body = json_object (); | 123 | body = json_object (); |
122 | 124 | ||
@@ -315,7 +317,6 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
315 | size_t code_payload_len; | 317 | size_t code_payload_len; |
316 | unsigned int nonce; | 318 | unsigned int nonce; |
317 | unsigned int nonce_tmp; | 319 | unsigned int nonce_tmp; |
318 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
319 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 320 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
320 | 321 | ||
321 | attrs_ser = NULL; | 322 | attrs_ser = NULL; |
@@ -329,7 +330,8 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
329 | GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, attrs_ser); | 330 | GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, attrs_ser); |
330 | } | 331 | } |
331 | code_payload_len = sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 332 | code_payload_len = sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
332 | signature_payload_len + sizeof (signature); | 333 | signature_payload_len + |
334 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
333 | code_payload = GNUNET_malloc (code_payload_len); | 335 | code_payload = GNUNET_malloc (code_payload_len); |
334 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; | 336 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; |
335 | purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 337 | purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
@@ -346,8 +348,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
346 | if ((1 != SSCANF (nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX)) | 348 | if ((1 != SSCANF (nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX)) |
347 | { | 349 | { |
348 | GNUNET_break (0); | 350 | GNUNET_break (0); |
349 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 351 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid nonce %s\n", nonce_str); |
350 | "Invalid nonce %s\n", nonce_str); | ||
351 | GNUNET_free (code_payload); | 352 | GNUNET_free (code_payload); |
352 | GNUNET_free_non_null (attrs_ser); | 353 | GNUNET_free_non_null (attrs_ser); |
353 | return NULL; | 354 | return NULL; |
@@ -362,16 +363,18 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
362 | memcpy (buf_ptr, attrs_ser, attr_list_len); | 363 | memcpy (buf_ptr, attrs_ser, attr_list_len); |
363 | buf_ptr += attr_list_len; | 364 | buf_ptr += attr_list_len; |
364 | } | 365 | } |
365 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, purpose, &signature)) | 366 | if (GNUNET_SYSERR == |
367 | GNUNET_CRYPTO_ecdsa_sign (issuer, | ||
368 | purpose, | ||
369 | (struct GNUNET_CRYPTO_EcdsaSignature *) | ||
370 | buf_ptr)) | ||
366 | { | 371 | { |
367 | GNUNET_break (0); | 372 | GNUNET_break (0); |
368 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 373 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); |
369 | "Unable to sign code\n"); | ||
370 | GNUNET_free (code_payload); | 374 | GNUNET_free (code_payload); |
371 | GNUNET_free_non_null (attrs_ser); | 375 | GNUNET_free_non_null (attrs_ser); |
372 | return NULL; | 376 | return NULL; |
373 | } | 377 | } |
374 | memcpy (buf_ptr, &signature, sizeof (signature)); | ||
375 | code_str = base64_encode ((const char *) &code_payload, code_payload_len); | 378 | code_str = base64_encode ((const char *) &code_payload, code_payload_len); |
376 | GNUNET_free (code_payload); | 379 | GNUNET_free (code_payload); |
377 | GNUNET_free_non_null (attrs_ser); | 380 | GNUNET_free_non_null (attrs_ser); |
@@ -399,7 +402,6 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, | |||
399 | char **nonce_str) | 402 | char **nonce_str) |
400 | { | 403 | { |
401 | char *code_payload; | 404 | char *code_payload; |
402 | char *attrs_ser; | ||
403 | char *ptr; | 405 | char *ptr; |
404 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 406 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
405 | struct GNUNET_CRYPTO_EcdsaSignature *signature; | 407 | struct GNUNET_CRYPTO_EcdsaSignature *signature; |
@@ -408,25 +410,37 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, | |||
408 | size_t signature_offset; | 410 | size_t signature_offset; |
409 | unsigned int nonce; | 411 | unsigned int nonce; |
410 | 412 | ||
411 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 413 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Trying to decode `%s'", code); |
412 | "Trying to decode `%s'", code); | ||
413 | code_payload = NULL; | 414 | code_payload = NULL; |
414 | code_payload_len = | 415 | code_payload_len = |
415 | GNUNET_STRINGS_base64_decode (code, strlen (code), (void **) &code_payload); | 416 | GNUNET_STRINGS_base64_decode (code, strlen (code), (void **) &code_payload); |
417 | |||
418 | if (code_payload_len < sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
419 | sizeof (struct GNUNET_RECLAIM_Ticket) + | ||
420 | sizeof (unsigned int) + | ||
421 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)) | ||
422 | { | ||
423 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); | ||
424 | GNUNET_free_non_null (code_payload); | ||
425 | return GNUNET_SYSERR; | ||
426 | } | ||
427 | |||
416 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; | 428 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; |
417 | attrs_ser_len = code_payload_len; | 429 | attrs_ser_len = code_payload_len; |
418 | attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose); | 430 | attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose); |
419 | *ticket = *((struct GNUNET_RECLAIM_Ticket *) &purpose[1]); | 431 | ptr = (char *) &purpose[1]; |
432 | *ticket = *((struct GNUNET_RECLAIM_Ticket *) ptr); | ||
420 | attrs_ser_len -= sizeof (struct GNUNET_RECLAIM_Ticket); | 433 | attrs_ser_len -= sizeof (struct GNUNET_RECLAIM_Ticket); |
421 | nonce = ntohs (*((unsigned int *) &ticket[1])); | 434 | ptr += sizeof (struct GNUNET_RECLAIM_Ticket); |
435 | nonce = ntohs (*((unsigned int *) ptr)); | ||
422 | attrs_ser_len -= sizeof (unsigned int); | 436 | attrs_ser_len -= sizeof (unsigned int); |
423 | ptr = code_payload; | 437 | ptr += sizeof (unsigned int); |
438 | attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
439 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (ptr, attrs_ser_len); | ||
424 | signature_offset = | 440 | signature_offset = |
425 | code_payload_len - sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | 441 | code_payload_len - sizeof (struct GNUNET_CRYPTO_EcdsaSignature); |
426 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *) &ptr[signature_offset]; | 442 | signature = |
427 | attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | 443 | (struct GNUNET_CRYPTO_EcdsaSignature *) &code_payload[signature_offset]; |
428 | attrs_ser = ((char *) &ticket[1]) + sizeof (unsigned int); | ||
429 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, attrs_ser_len); | ||
430 | if (0 != GNUNET_memcmp (audience, &ticket->audience)) | 444 | if (0 != GNUNET_memcmp (audience, &ticket->audience)) |
431 | { | 445 | { |
432 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy (*attrs); | 446 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy (*attrs); |
@@ -477,10 +491,10 @@ OIDC_build_token_response (const char *access_token, | |||
477 | GNUNET_assert (NULL != expiration_time); | 491 | GNUNET_assert (NULL != expiration_time); |
478 | json_object_set_new (root_json, "access_token", json_string (access_token)); | 492 | json_object_set_new (root_json, "access_token", json_string (access_token)); |
479 | json_object_set_new (root_json, "token_type", json_string ("Bearer")); | 493 | json_object_set_new (root_json, "token_type", json_string ("Bearer")); |
480 | json_object_set_new ( | 494 | json_object_set_new (root_json, |
481 | root_json, | 495 | "expires_in", |
482 | "expires_in", | 496 | json_integer (expiration_time->rel_value_us / |
483 | json_integer (expiration_time->rel_value_us / (1000 * 1000))); | 497 | (1000 * 1000))); |
484 | json_object_set_new (root_json, "id_token", json_string (id_token)); | 498 | json_object_set_new (root_json, "id_token", json_string (id_token)); |
485 | *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT); | 499 | *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT); |
486 | json_decref (root_json); | 500 | json_decref (root_json); |