diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-09 17:09:37 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-09 17:09:37 +0000 |
commit | 3941d4252602eb9e6689897a8264380012fdf7e6 (patch) | |
tree | 1c080b9cefc132bb728a92b4ff02a72c511f9f4c /src/identity-provider | |
parent | 8feaa39e16ba33a192b32097e8087c9aca2d27d8 (diff) | |
download | gnunet-3941d4252602eb9e6689897a8264380012fdf7e6.tar.gz gnunet-3941d4252602eb9e6689897a8264380012fdf7e6.zip |
- fix build, fix bugs
Diffstat (limited to 'src/identity-provider')
-rw-r--r-- | src/identity-provider/Makefile.am | 13 | ||||
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 61 | ||||
-rw-r--r-- | src/identity-provider/identity_provider.h | 4 | ||||
-rw-r--r-- | src/identity-provider/identity_provider_api.c | 85 | ||||
-rw-r--r-- | src/identity-provider/identity_token.c | 62 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c (renamed from src/identity-provider/plugin_rest_identity_token.c) | 343 |
6 files changed, 293 insertions, 275 deletions
diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 75858947a..029744f6f 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am | |||
@@ -17,10 +17,10 @@ pkgcfgdir= $(pkgdatadir)/config.d/ | |||
17 | libexecdir= $(pkglibdir)/libexec/ | 17 | libexecdir= $(pkglibdir)/libexec/ |
18 | 18 | ||
19 | pkgcfg_DATA = \ | 19 | pkgcfg_DATA = \ |
20 | identity-token.conf | 20 | identity-provider.conf |
21 | 21 | ||
22 | plugin_LTLIBRARIES = \ | 22 | plugin_LTLIBRARIES = \ |
23 | libgnunet_plugin_rest_identity_token.la \ | 23 | libgnunet_plugin_rest_identity_provider.la \ |
24 | libgnunetidentityprovider.la | 24 | libgnunetidentityprovider.la |
25 | 25 | ||
26 | bin_PROGRAMS = \ | 26 | bin_PROGRAMS = \ |
@@ -51,15 +51,16 @@ libgnunetidentityprovider_la_LDFLAGS = \ | |||
51 | $(GN_LIB_LDFLAGS) $(WINFLAGS) \ | 51 | $(GN_LIB_LDFLAGS) $(WINFLAGS) \ |
52 | -version-info 0:0:0 | 52 | -version-info 0:0:0 |
53 | 53 | ||
54 | libgnunet_plugin_rest_identity_token_la_SOURCES = \ | 54 | libgnunet_plugin_rest_identity_provider_la_SOURCES = \ |
55 | plugin_rest_identity_token.c | 55 | plugin_rest_identity_provider.c |
56 | libgnunet_plugin_rest_identity_token_la_LIBADD = \ | 56 | libgnunet_plugin_rest_identity_provider_la_LIBADD = \ |
57 | $(top_builddir)/src/identity/libgnunetidentity.la \ | 57 | $(top_builddir)/src/identity/libgnunetidentity.la \ |
58 | libgnunetidentityprovider.la \ | ||
58 | $(top_builddir)/src/rest/libgnunetrest.la \ | 59 | $(top_builddir)/src/rest/libgnunetrest.la \ |
59 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ | 60 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ |
60 | $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ | 61 | $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ |
61 | $(LTLIBINTL) -ljansson -lmicrohttpd | 62 | $(LTLIBINTL) -ljansson -lmicrohttpd |
62 | libgnunet_plugin_rest_identity_token_la_LDFLAGS = \ | 63 | libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ |
63 | $(GN_PLUGIN_LDFLAGS) | 64 | $(GN_PLUGIN_LDFLAGS) |
64 | 65 | ||
65 | 66 | ||
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 85471e657..2e914428e 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -535,8 +535,9 @@ token_collect (void *cls, | |||
535 | &clear_ego_attrs, | 535 | &clear_ego_attrs, |
536 | ego_entry); | 536 | ego_entry); |
537 | GNUNET_CONTAINER_multihashmap_clear (ego_entry->attr_map); | 537 | GNUNET_CONTAINER_multihashmap_clear (ego_entry->attr_map); |
538 | GNUNET_SCHEDULER_add_now (&update_identities, ego_entry->next); | 538 | update_task = GNUNET_SCHEDULER_add_now (&update_identities, |
539 | return; | 539 | ego_entry->next); |
540 | return; | ||
540 | } | 541 | } |
541 | 542 | ||
542 | //There should be only a single record for a token under a label | 543 | //There should be only a single record for a token under a label |
@@ -554,8 +555,16 @@ token_collect (void *cls, | |||
554 | token_record = &rd[0]; | 555 | token_record = &rd[0]; |
555 | token_metadata_record = &rd[1]; | 556 | token_metadata_record = &rd[1]; |
556 | } | 557 | } |
557 | GNUNET_assert (token_metadata_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA); | 558 | if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) |
558 | GNUNET_assert (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN); | 559 | { |
560 | GNUNET_NAMESTORE_zone_iterator_next (ns_it); | ||
561 | return; | ||
562 | } | ||
563 | if (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN) | ||
564 | { | ||
565 | GNUNET_NAMESTORE_zone_iterator_next (ns_it); | ||
566 | return; | ||
567 | } | ||
559 | 568 | ||
560 | //Get metadata and decrypt token | 569 | //Get metadata and decrypt token |
561 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); | 570 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); |
@@ -607,7 +616,7 @@ attribute_collect (void *cls, | |||
607 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 616 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
608 | ">>> Updating Attributes finished\n"); | 617 | ">>> Updating Attributes finished\n"); |
609 | ego_entry->attributes_dirty = GNUNET_NO; | 618 | ego_entry->attributes_dirty = GNUNET_NO; |
610 | GNUNET_SCHEDULER_add_now (&update_identities, ego_entry); | 619 | update_task = GNUNET_SCHEDULER_add_now (&update_identities, ego_entry); |
611 | return; | 620 | return; |
612 | } | 621 | } |
613 | 622 | ||
@@ -674,6 +683,7 @@ update_identities(void *cls, | |||
674 | { | 683 | { |
675 | struct EgoEntry *next_ego = cls; | 684 | struct EgoEntry *next_ego = cls; |
676 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 685 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
686 | update_task = NULL; | ||
677 | if (NULL == next_ego) | 687 | if (NULL == next_ego) |
678 | { | 688 | { |
679 | if (min_rel_exp.rel_value_us < MIN_WAIT_TIME.rel_value_us) | 689 | if (min_rel_exp.rel_value_us < MIN_WAIT_TIME.rel_value_us) |
@@ -885,9 +895,14 @@ store_token_issue_cont (void *cls, | |||
885 | handle->client, | 895 | handle->client, |
886 | &irm->header, | 896 | &irm->header, |
887 | GNUNET_NO); | 897 | GNUNET_NO); |
898 | GNUNET_SERVER_client_set_user_context (handle->client, NULL); | ||
899 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | ||
900 | GNUNET_free (handle->scopes); | ||
901 | token_destroy (handle->token); | ||
902 | ticket_destroy (handle->ticket); | ||
903 | GNUNET_free (handle); | ||
888 | GNUNET_free (irm); | 904 | GNUNET_free (irm); |
889 | GNUNET_free (token_ticket_str); | 905 | GNUNET_free (token_ticket_str); |
890 | GNUNET_SERVER_receive_done (handle->client, GNUNET_OK); | ||
891 | } | 906 | } |
892 | 907 | ||
893 | /** | 908 | /** |
@@ -904,7 +919,6 @@ sign_and_return_token (void *cls, | |||
904 | const struct GNUNET_SCHEDULER_TaskContext *tc) | 919 | const struct GNUNET_SCHEDULER_TaskContext *tc) |
905 | { | 920 | { |
906 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 921 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
907 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_pkey; | ||
908 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | 922 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; |
909 | struct IssueHandle *handle = cls; | 923 | struct IssueHandle *handle = cls; |
910 | struct GNUNET_GNSRECORD_Data token_record[2]; | 924 | struct GNUNET_GNSRECORD_Data token_record[2]; |
@@ -925,16 +939,18 @@ sign_and_return_token (void *cls, | |||
925 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); | 939 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); |
926 | 940 | ||
927 | //Label | 941 | //Label |
928 | rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX); | 942 | rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, |
929 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, sizeof (uint64_t), &lbl_str); | 943 | UINT64_MAX); |
944 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
945 | sizeof (uint64_t), | ||
946 | &lbl_str); | ||
930 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, | 947 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, |
931 | &pub_key); | 948 | &pub_key); |
932 | 949 | ||
933 | handle->ticket = ticket_create (nonce_str, | 950 | handle->ticket = ticket_create (nonce_str, |
934 | &pub_key, | 951 | &pub_key, |
935 | lbl_str, | 952 | lbl_str, |
936 | &aud_pkey); | 953 | &handle->aud_key); |
937 | |||
938 | 954 | ||
939 | 955 | ||
940 | if (GNUNET_OK != | 956 | if (GNUNET_OK != |
@@ -994,10 +1010,12 @@ sign_and_return_token (void *cls, | |||
994 | lbl_str, | 1010 | lbl_str, |
995 | 2, | 1011 | 2, |
996 | token_record, | 1012 | token_record, |
997 | &store_token_issue_cont, | 1013 | &store_token_issue_cont, |
998 | handle); | 1014 | handle); |
999 | GNUNET_free (lbl_str); | 1015 | GNUNET_free (lbl_str); |
1016 | GNUNET_free (nonce_str); | ||
1000 | GNUNET_free (enc_token_str); | 1017 | GNUNET_free (enc_token_str); |
1018 | GNUNET_free (token_metadata); | ||
1001 | } | 1019 | } |
1002 | 1020 | ||
1003 | /** | 1021 | /** |
@@ -1123,8 +1141,13 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1123 | handle->client, | 1141 | handle->client, |
1124 | &erm->header, | 1142 | &erm->header, |
1125 | GNUNET_NO); | 1143 | GNUNET_NO); |
1144 | GNUNET_SERVER_client_set_user_context (handle->client, NULL); | ||
1145 | ticket_destroy (handle->ticket); | ||
1146 | token_destroy (handle->token); | ||
1147 | GNUNET_free (record_str); | ||
1148 | GNUNET_free (token_str); | ||
1149 | GNUNET_free (handle); | ||
1126 | GNUNET_free (erm); | 1150 | GNUNET_free (erm); |
1127 | GNUNET_SERVER_receive_done (handle->client, GNUNET_OK); | ||
1128 | 1151 | ||
1129 | } | 1152 | } |
1130 | 1153 | ||
@@ -1161,12 +1184,12 @@ handle_exchange_message (void *cls, | |||
1161 | ticket); | 1184 | ticket); |
1162 | xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); | 1185 | xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); |
1163 | xchange_handle->aud_privkey = em->aud_privkey; | 1186 | xchange_handle->aud_privkey = em->aud_privkey; |
1187 | |||
1164 | if (GNUNET_SYSERR == ticket_parse (ticket, | 1188 | if (GNUNET_SYSERR == ticket_parse (ticket, |
1165 | &xchange_handle->aud_privkey, | 1189 | &xchange_handle->aud_privkey, |
1166 | &xchange_handle->ticket)) | 1190 | &xchange_handle->ticket)) |
1167 | { | 1191 | { |
1168 | GNUNET_free (xchange_handle); | 1192 | GNUNET_free (xchange_handle); |
1169 | GNUNET_break (0); | ||
1170 | GNUNET_SERVER_receive_done (client, GNUNET_SYSERR); | 1193 | GNUNET_SERVER_receive_done (client, GNUNET_SYSERR); |
1171 | return; | 1194 | return; |
1172 | } | 1195 | } |
@@ -1175,6 +1198,10 @@ handle_exchange_message (void *cls, | |||
1175 | GNUNET_asprintf (&lookup_query, | 1198 | GNUNET_asprintf (&lookup_query, |
1176 | "%s.gnu", | 1199 | "%s.gnu", |
1177 | xchange_handle->ticket->payload->label); | 1200 | xchange_handle->ticket->payload->label); |
1201 | GNUNET_SERVER_receive_done (client, GNUNET_OK); | ||
1202 | GNUNET_SERVER_notification_context_add (nc, client); | ||
1203 | GNUNET_SERVER_client_set_user_context (client, xchange_handle); | ||
1204 | xchange_handle->client = client; | ||
1178 | xchange_handle->lookup_request = GNUNET_GNS_lookup (gns_handle, | 1205 | xchange_handle->lookup_request = GNUNET_GNS_lookup (gns_handle, |
1179 | lookup_query, | 1206 | lookup_query, |
1180 | &xchange_handle->ticket->payload->identity_key, | 1207 | &xchange_handle->ticket->payload->identity_key, |
@@ -1241,6 +1268,11 @@ handle_issue_message (void *cls, | |||
1241 | issue_handle->iss_key = im->iss_key; | 1268 | issue_handle->iss_key = im->iss_key; |
1242 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); | 1269 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); |
1243 | issue_handle->nonce = im->nonce; | 1270 | issue_handle->nonce = im->nonce; |
1271 | GNUNET_SERVER_receive_done (client, GNUNET_OK); | ||
1272 | GNUNET_SERVER_notification_context_add (nc, client); | ||
1273 | GNUNET_SERVER_client_set_user_context (client, issue_handle); | ||
1274 | issue_handle->client = client; | ||
1275 | issue_handle->scopes = GNUNET_strdup (scopes); | ||
1244 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, | 1276 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, |
1245 | &issue_handle->iss_pkey); | 1277 | &issue_handle->iss_pkey); |
1246 | issue_handle->token = token_create (&issue_handle->iss_pkey, | 1278 | issue_handle->token = token_create (&issue_handle->iss_pkey, |
@@ -1250,7 +1282,6 @@ handle_issue_message (void *cls, | |||
1250 | &im->iss_key, | 1282 | &im->iss_key, |
1251 | &attr_collect, | 1283 | &attr_collect, |
1252 | issue_handle); | 1284 | issue_handle); |
1253 | GNUNET_SERVER_receive_done (client, GNUNET_OK); //TODO here? | ||
1254 | 1285 | ||
1255 | 1286 | ||
1256 | } | 1287 | } |
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 12b96a51c..9fe444da4 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h | |||
@@ -41,7 +41,7 @@ struct GNUNET_IDENTITY_PROVIDER_Token | |||
41 | /** | 41 | /** |
42 | * The JWT representation of the identity token | 42 | * The JWT representation of the identity token |
43 | */ | 43 | */ |
44 | const char *data; | 44 | char *data; |
45 | }; | 45 | }; |
46 | 46 | ||
47 | /** | 47 | /** |
@@ -52,7 +52,7 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket | |||
52 | /** | 52 | /** |
53 | * The Base64 representation of the ticket | 53 | * The Base64 representation of the ticket |
54 | */ | 54 | */ |
55 | const char *data; | 55 | char *data; |
56 | }; | 56 | }; |
57 | 57 | ||
58 | /** | 58 | /** |
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index a1d95c2b8..f0e91a739 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c | |||
@@ -192,7 +192,7 @@ message_handler (void *cls, | |||
192 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; | 192 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; |
193 | const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *irm; | 193 | const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *irm; |
194 | const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm; | 194 | const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm; |
195 | const char *str; | 195 | char *str; |
196 | uint16_t size; | 196 | uint16_t size; |
197 | 197 | ||
198 | if (NULL == msg) | 198 | if (NULL == msg) |
@@ -214,7 +214,7 @@ message_handler (void *cls, | |||
214 | return; | 214 | return; |
215 | } | 215 | } |
216 | irm = (const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *) msg; | 216 | irm = (const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *) msg; |
217 | str = (const char *) &irm[1]; | 217 | str = (char *) &irm[1]; |
218 | if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage)) && | 218 | if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage)) && |
219 | ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage) - 1]) ) | 219 | ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage) - 1]) ) |
220 | { | 220 | { |
@@ -244,7 +244,7 @@ message_handler (void *cls, | |||
244 | return; | 244 | return; |
245 | } | 245 | } |
246 | erm = (const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *) msg; | 246 | erm = (const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *) msg; |
247 | str = (const char *) &erm[1]; | 247 | str = (char *) &erm[1]; |
248 | if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage)) && | 248 | if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage)) && |
249 | ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) - 1]) ) | 249 | ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) - 1]) ) |
250 | { | 250 | { |
@@ -494,6 +494,7 @@ GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle | |||
494 | slen); | 494 | slen); |
495 | em->aud_privkey = *aud_privkey; | 495 | em->aud_privkey = *aud_privkey; |
496 | memcpy (&em[1], ticket_str, slen); | 496 | memcpy (&em[1], ticket_str, slen); |
497 | GNUNET_free (ticket_str); | ||
497 | op->msg = &em->header; | 498 | op->msg = &em->header; |
498 | GNUNET_CONTAINER_DLL_insert_tail (id->op_head, | 499 | GNUNET_CONTAINER_DLL_insert_tail (id->op_head, |
499 | id->op_tail, | 500 | id->op_tail, |
@@ -587,4 +588,82 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) | |||
587 | GNUNET_free (h); | 588 | GNUNET_free (h); |
588 | } | 589 | } |
589 | 590 | ||
591 | /** | ||
592 | * Convenience API | ||
593 | */ | ||
594 | |||
595 | |||
596 | /** | ||
597 | * Destroy token | ||
598 | * | ||
599 | * @param token the token | ||
600 | */ | ||
601 | void | ||
602 | GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token) | ||
603 | { | ||
604 | GNUNET_assert (NULL != token); | ||
605 | if (NULL != token->data) | ||
606 | GNUNET_free (token->data); | ||
607 | GNUNET_free (token); | ||
608 | } | ||
609 | |||
610 | /** | ||
611 | * Returns string representation of token. A JSON-Web-Token. | ||
612 | * | ||
613 | * @param token the token | ||
614 | * @return The JWT (must be freed) | ||
615 | */ | ||
616 | char * | ||
617 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token) | ||
618 | { | ||
619 | return GNUNET_strdup (token->data); | ||
620 | } | ||
621 | |||
622 | /** | ||
623 | * Returns string representation of ticket. Base64-Encoded | ||
624 | * | ||
625 | * @param ticket the ticket | ||
626 | * @return the Base64-Encoded ticket | ||
627 | */ | ||
628 | char * | ||
629 | GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) | ||
630 | { | ||
631 | return GNUNET_strdup (ticket->data); | ||
632 | } | ||
633 | |||
634 | /** | ||
635 | * Created a ticket from a string (Base64 encoded ticket) | ||
636 | * | ||
637 | * @param input Base64 encoded ticket | ||
638 | * @param ticket pointer where the ticket is stored | ||
639 | * @return GNUNET_OK | ||
640 | */ | ||
641 | int | ||
642 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, | ||
643 | struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket) | ||
644 | { | ||
645 | *ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | ||
646 | (*ticket)->data = GNUNET_strdup (input); | ||
647 | return GNUNET_OK; | ||
648 | } | ||
649 | |||
650 | |||
651 | /** | ||
652 | * Destroys a ticket | ||
653 | * | ||
654 | * @param ticket the ticket to destroy | ||
655 | */ | ||
656 | void | ||
657 | GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) | ||
658 | { | ||
659 | GNUNET_assert (NULL != ticket); | ||
660 | if (NULL != ticket->data) | ||
661 | GNUNET_free (ticket->data); | ||
662 | GNUNET_free (ticket); | ||
663 | } | ||
664 | |||
665 | |||
666 | |||
667 | |||
668 | |||
590 | /* end of identity_provider_api.c */ | 669 | /* end of identity_provider_api.c */ |
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index 10e142ca0..6cf0d4222 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c | |||
@@ -167,7 +167,8 @@ encrypt_str_ecdhe (const char *plaintext, | |||
167 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)", | 167 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)", |
168 | plaintext, | 168 | plaintext, |
169 | strlen (plaintext)); | 169 | strlen (plaintext)); |
170 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, strlen (plaintext), | 170 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, |
171 | strlen (plaintext), | ||
171 | &skey, &iv, | 172 | &skey, &iv, |
172 | *cyphertext); | 173 | *cyphertext); |
173 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size); | 174 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size); |
@@ -494,14 +495,16 @@ ticket_payload_create (const char* nonce, | |||
494 | void | 495 | void |
495 | ticket_payload_destroy (struct TokenTicketPayload* payload) | 496 | ticket_payload_destroy (struct TokenTicketPayload* payload) |
496 | { | 497 | { |
497 | GNUNET_free (payload->nonce); | 498 | if (NULL != payload->nonce) |
498 | GNUNET_free (payload->label); | 499 | GNUNET_free (payload->nonce); |
500 | if (NULL != payload->label) | ||
501 | GNUNET_free (payload->label); | ||
499 | GNUNET_free (payload); | 502 | GNUNET_free (payload); |
500 | } | 503 | } |
501 | 504 | ||
502 | void | 505 | void |
503 | ticket_payload_serialize (struct TokenTicketPayload *payload, | 506 | ticket_payload_serialize (struct TokenTicketPayload *payload, |
504 | char **result) | 507 | char **result) |
505 | { | 508 | { |
506 | char* identity_key_str; | 509 | char* identity_key_str; |
507 | 510 | ||
@@ -525,17 +528,17 @@ ticket_payload_serialize (struct TokenTicketPayload *payload, | |||
525 | */ | 528 | */ |
526 | struct TokenTicket* | 529 | struct TokenTicket* |
527 | ticket_create (const char* nonce_str, | 530 | ticket_create (const char* nonce_str, |
528 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 531 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, |
529 | const char* lbl_str, | 532 | const char* lbl_str, |
530 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) | 533 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) |
531 | { | 534 | { |
532 | struct TokenTicket *ticket; | 535 | struct TokenTicket *ticket; |
533 | struct TokenTicketPayload *code_payload; | 536 | struct TokenTicketPayload *code_payload; |
534 | 537 | ||
535 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | 538 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); |
536 | code_payload = ticket_payload_create (nonce_str, | 539 | code_payload = ticket_payload_create (nonce_str, |
537 | identity_pkey, | 540 | identity_pkey, |
538 | lbl_str); | 541 | lbl_str); |
539 | ticket->aud_key = *aud_key; | 542 | ticket->aud_key = *aud_key; |
540 | ticket->payload = code_payload; | 543 | ticket->payload = code_payload; |
541 | 544 | ||
@@ -552,8 +555,8 @@ ticket_destroy (struct TokenTicket *ticket) | |||
552 | 555 | ||
553 | int | 556 | int |
554 | ticket_serialize (struct TokenTicket *ticket, | 557 | ticket_serialize (struct TokenTicket *ticket, |
555 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 558 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
556 | char **result) | 559 | char **result) |
557 | { | 560 | { |
558 | char *code_payload_str; | 561 | char *code_payload_str; |
559 | char *enc_ticket_payload; | 562 | char *enc_ticket_payload; |
@@ -567,7 +570,7 @@ ticket_serialize (struct TokenTicket *ticket, | |||
567 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 570 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
568 | 571 | ||
569 | ticket_payload_serialize (ticket->payload, | 572 | ticket_payload_serialize (ticket->payload, |
570 | &code_payload_str); | 573 | &code_payload_str); |
571 | 574 | ||
572 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, | 575 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, |
573 | &ticket->aud_key, | 576 | &ticket->aud_key, |
@@ -594,7 +597,7 @@ ticket_serialize (struct TokenTicket *ticket, | |||
594 | memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); | 597 | memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); |
595 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, | 598 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, |
596 | purpose, | 599 | purpose, |
597 | &ticket->signature)); | 600 | &ticket->signature)); |
598 | GNUNET_STRINGS_base64_encode (enc_ticket_payload, | 601 | GNUNET_STRINGS_base64_encode (enc_ticket_payload, |
599 | strlen (code_payload_str), | 602 | strlen (code_payload_str), |
600 | &ticket_payload_str); | 603 | &ticket_payload_str); |
@@ -619,10 +622,10 @@ ticket_serialize (struct TokenTicket *ticket, | |||
619 | 622 | ||
620 | int | 623 | int |
621 | ticket_payload_parse(const char *raw_data, | 624 | ticket_payload_parse(const char *raw_data, |
622 | ssize_t data_len, | 625 | ssize_t data_len, |
623 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 626 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
624 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, | 627 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, |
625 | struct TokenTicketPayload **result) | 628 | struct TokenTicketPayload **result) |
626 | { | 629 | { |
627 | const char* label_str; | 630 | const char* label_str; |
628 | const char* nonce_str; | 631 | const char* nonce_str; |
@@ -699,8 +702,8 @@ ticket_payload_parse(const char *raw_data, | |||
699 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); | 702 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); |
700 | 703 | ||
701 | *result = ticket_payload_create (nonce_str, | 704 | *result = ticket_payload_create (nonce_str, |
702 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | 705 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, |
703 | label_str); | 706 | label_str); |
704 | GNUNET_free (meta_str); | 707 | GNUNET_free (meta_str); |
705 | json_decref (root); | 708 | json_decref (root); |
706 | return GNUNET_OK; | 709 | return GNUNET_OK; |
@@ -709,8 +712,8 @@ ticket_payload_parse(const char *raw_data, | |||
709 | 712 | ||
710 | int | 713 | int |
711 | ticket_parse (const char *raw_data, | 714 | ticket_parse (const char *raw_data, |
712 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 715 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
713 | struct TokenTicket **result) | 716 | struct TokenTicket **result) |
714 | { | 717 | { |
715 | const char* enc_meta_str; | 718 | const char* enc_meta_str; |
716 | const char* ecdh_enc_str; | 719 | const char* ecdh_enc_str; |
@@ -778,11 +781,18 @@ ticket_parse (const char *raw_data, | |||
778 | &enc_meta); | 781 | &enc_meta); |
779 | 782 | ||
780 | 783 | ||
781 | ticket_payload_parse (enc_meta, | 784 | if (GNUNET_OK != ticket_payload_parse (enc_meta, |
782 | enc_meta_len, | 785 | enc_meta_len, |
783 | priv_key, | 786 | priv_key, |
784 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, | 787 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, |
785 | &ticket_payload); | 788 | &ticket_payload)) |
789 | { | ||
790 | json_decref (root); | ||
791 | GNUNET_free (enc_meta); | ||
792 | GNUNET_free (ticket_decoded); | ||
793 | GNUNET_free (ticket); | ||
794 | return GNUNET_SYSERR; | ||
795 | } | ||
786 | 796 | ||
787 | ticket->payload = ticket_payload; | 797 | ticket->payload = ticket_payload; |
788 | //TODO: check signature here | 798 | //TODO: check signature here |
diff --git a/src/identity-provider/plugin_rest_identity_token.c b/src/identity-provider/plugin_rest_identity_provider.c index 6ae15cdec..3250a9fbd 100644 --- a/src/identity-provider/plugin_rest_identity_token.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -39,34 +39,31 @@ | |||
39 | /** | 39 | /** |
40 | * REST root namespace | 40 | * REST root namespace |
41 | */ | 41 | */ |
42 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN "/gnuid" | 42 | #define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp" |
43 | 43 | ||
44 | /** | 44 | /** |
45 | * Issue namespace | 45 | * Issue namespace |
46 | */ | 46 | */ |
47 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/gnuid/issue" | 47 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/idp/issue" |
48 | 48 | ||
49 | /** | 49 | /** |
50 | * Check namespace | 50 | * Check namespace TODO |
51 | */ | 51 | */ |
52 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/gnuid/check" | 52 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/idp/check" |
53 | 53 | ||
54 | /** | 54 | /** |
55 | * Token namespace | 55 | * Token namespace |
56 | */ | 56 | */ |
57 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/gnuid/token" | 57 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/idp/token" |
58 | 58 | ||
59 | /** | 59 | /** |
60 | * Authorize namespace | 60 | * The URL parameter name in which the ticket must be provided |
61 | */ | 61 | */ |
62 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" | ||
63 | |||
64 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" | 62 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" |
65 | 63 | ||
66 | #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" | 64 | /** |
67 | 65 | * The URL parameter name in which the nonce must be provided | |
68 | #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE "grant_type" | 66 | */ |
69 | |||
70 | #define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce" | 67 | #define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce" |
71 | 68 | ||
72 | /** | 69 | /** |
@@ -105,11 +102,6 @@ | |||
105 | #define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration" | 102 | #define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration" |
106 | 103 | ||
107 | /** | 104 | /** |
108 | * Renew token w/ relative expirations | ||
109 | */ | ||
110 | #define GNUNET_IDENTITY_TOKEN_RENEW_TOKEN "renew_token" | ||
111 | |||
112 | /** | ||
113 | * Error messages | 105 | * Error messages |
114 | */ | 106 | */ |
115 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" | 107 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" |
@@ -258,31 +250,11 @@ struct RequestHandle | |||
258 | void *proc_cls; | 250 | void *proc_cls; |
259 | 251 | ||
260 | /** | 252 | /** |
261 | * The name to look up | ||
262 | */ | ||
263 | char *name; | ||
264 | |||
265 | /** | ||
266 | * The url | 253 | * The url |
267 | */ | 254 | */ |
268 | char *url; | 255 | char *url; |
269 | 256 | ||
270 | /** | 257 | /** |
271 | * The data from the REST request | ||
272 | */ | ||
273 | const char* data; | ||
274 | |||
275 | /** | ||
276 | * the length of the REST data | ||
277 | */ | ||
278 | size_t data_size; | ||
279 | |||
280 | /** | ||
281 | * HTTP method | ||
282 | */ | ||
283 | const char* method; | ||
284 | |||
285 | /** | ||
286 | * Error response message | 258 | * Error response message |
287 | */ | 259 | */ |
288 | char *emsg; | 260 | char *emsg; |
@@ -292,12 +264,6 @@ struct RequestHandle | |||
292 | */ | 264 | */ |
293 | struct JsonApiObject *resp_object; | 265 | struct JsonApiObject *resp_object; |
294 | 266 | ||
295 | /** | ||
296 | * ID Attribute list given | ||
297 | */ | ||
298 | struct GNUNET_CONTAINER_MultiHashMap *attr_map; | ||
299 | |||
300 | |||
301 | }; | 267 | }; |
302 | 268 | ||
303 | 269 | ||
@@ -314,20 +280,18 @@ cleanup_handle (struct RequestHandle *handle) | |||
314 | "Cleaning up\n"); | 280 | "Cleaning up\n"); |
315 | if (NULL != handle->resp_object) | 281 | if (NULL != handle->resp_object) |
316 | GNUNET_REST_jsonapi_object_delete (handle->resp_object); | 282 | GNUNET_REST_jsonapi_object_delete (handle->resp_object); |
317 | if (NULL != handle->name) | ||
318 | GNUNET_free (handle->name); | ||
319 | if (NULL != handle->timeout_task) | 283 | if (NULL != handle->timeout_task) |
320 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | 284 | GNUNET_SCHEDULER_cancel (handle->timeout_task); |
321 | if (NULL != handle->identity_handle) | 285 | if (NULL != handle->identity_handle) |
322 | GNUNET_IDENTITY_disconnect (handle->identity_handle); | 286 | GNUNET_IDENTITY_disconnect (handle->identity_handle); |
287 | if (NULL != handle->idp) | ||
288 | GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); | ||
323 | if (NULL != handle->ns_it) | 289 | if (NULL != handle->ns_it) |
324 | GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); | 290 | GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); |
325 | if (NULL != handle->ns_qe) | 291 | if (NULL != handle->ns_qe) |
326 | GNUNET_NAMESTORE_cancel (handle->ns_qe); | 292 | GNUNET_NAMESTORE_cancel (handle->ns_qe); |
327 | if (NULL != handle->ns_handle) | 293 | if (NULL != handle->ns_handle) |
328 | GNUNET_NAMESTORE_disconnect (handle->ns_handle); | 294 | GNUNET_NAMESTORE_disconnect (handle->ns_handle); |
329 | if (NULL != handle->attr_map) | ||
330 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | ||
331 | if (NULL != handle->url) | 295 | if (NULL != handle->url) |
332 | GNUNET_free (handle->url); | 296 | GNUNET_free (handle->url); |
333 | if (NULL != handle->emsg) | 297 | if (NULL != handle->emsg) |
@@ -362,7 +326,6 @@ do_error (void *cls, | |||
362 | GNUNET_asprintf (&json_error, | 326 | GNUNET_asprintf (&json_error, |
363 | "{Error while processing request: %s}", | 327 | "{Error while processing request: %s}", |
364 | handle->emsg); | 328 | handle->emsg); |
365 | |||
366 | resp = GNUNET_REST_create_json_response (json_error); | 329 | resp = GNUNET_REST_create_json_response (json_error); |
367 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 330 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
368 | cleanup_handle (handle); | 331 | cleanup_handle (handle); |
@@ -383,29 +346,11 @@ do_cleanup_handle_delayed (void *cls, | |||
383 | cleanup_handle(handle); | 346 | cleanup_handle(handle); |
384 | } | 347 | } |
385 | 348 | ||
386 | void | ||
387 | store_token_cont (void *cls, | ||
388 | int32_t success, | ||
389 | const char *emsg) | ||
390 | { | ||
391 | } | ||
392 | |||
393 | |||
394 | |||
395 | |||
396 | |||
397 | |||
398 | |||
399 | |||
400 | 349 | ||
401 | /** | 350 | /** |
402 | * Build a GNUid token for identity | 351 | * Get a ticket for identity |
403 | * @param handle the handle | 352 | * @param cls the handle |
404 | * @param ego_entry the ego to build the token for | 353 | * @param ticket the ticket returned from the idp |
405 | * @param name name of the ego | ||
406 | * @param token_aud token audience | ||
407 | * @param token the resulting gnuid token | ||
408 | * @return identifier string of token (label) | ||
409 | */ | 354 | */ |
410 | static void | 355 | static void |
411 | token_creat_cont (void *cls, | 356 | token_creat_cont (void *cls, |
@@ -413,10 +358,10 @@ token_creat_cont (void *cls, | |||
413 | { | 358 | { |
414 | struct JsonApiResource *json_resource; | 359 | struct JsonApiResource *json_resource; |
415 | struct RequestHandle *handle = cls; | 360 | struct RequestHandle *handle = cls; |
361 | struct MHD_Response *resp; | ||
416 | json_t *token_ticket_json; | 362 | json_t *token_ticket_json; |
417 | char *ticket_str; | 363 | char *ticket_str; |
418 | char *result_str; | 364 | char *result_str; |
419 | struct MHD_Response *resp; | ||
420 | 365 | ||
421 | if (NULL == ticket) | 366 | if (NULL == ticket) |
422 | { | 367 | { |
@@ -426,9 +371,8 @@ token_creat_cont (void *cls, | |||
426 | } | 371 | } |
427 | 372 | ||
428 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); | 373 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); |
429 | 374 | json_resource = GNUNET_REST_jsonapi_resource_new (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, | |
430 | json_resource = GNUNET_REST_jsonapi_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, | 375 | "tmpid"); //TODO |
431 | "tmpid"); | ||
432 | ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); | 376 | ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); |
433 | token_ticket_json = json_string (ticket_str); | 377 | token_ticket_json = json_string (ticket_str); |
434 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, | 378 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, |
@@ -448,7 +392,7 @@ token_creat_cont (void *cls, | |||
448 | } | 392 | } |
449 | 393 | ||
450 | /** | 394 | /** |
451 | * Create a response with requested ego(s) | 395 | * Continueationf for token issue request |
452 | * | 396 | * |
453 | * @param con the Rest handle | 397 | * @param con the Rest handle |
454 | * @param url the requested url | 398 | * @param url the requested url |
@@ -459,21 +403,22 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
459 | const char *url, | 403 | const char *url, |
460 | void *cls) | 404 | void *cls) |
461 | { | 405 | { |
406 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
462 | const char *egoname; | 407 | const char *egoname; |
463 | char *ego_val; | 408 | |
464 | char *audience; | ||
465 | char *exp_str; | ||
466 | char *nonce_str; | ||
467 | char *scopes; | ||
468 | struct RequestHandle *handle = cls; | 409 | struct RequestHandle *handle = cls; |
469 | struct EgoEntry *ego_entry; | 410 | struct EgoEntry *ego_entry; |
470 | struct GNUNET_HashCode key; | 411 | struct GNUNET_HashCode key; |
471 | struct MHD_Response *resp; | 412 | struct MHD_Response *resp; |
472 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
473 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 413 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
474 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | 414 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; |
475 | struct GNUNET_TIME_Relative etime_rel; | 415 | struct GNUNET_TIME_Relative etime_rel; |
476 | struct GNUNET_TIME_Absolute exp_time; | 416 | struct GNUNET_TIME_Absolute exp_time; |
417 | char *ego_val; | ||
418 | char *audience; | ||
419 | char *exp_str; | ||
420 | char *nonce_str; | ||
421 | char *scopes; | ||
477 | uint64_t time; | 422 | uint64_t time; |
478 | uint64_t nonce; | 423 | uint64_t nonce; |
479 | 424 | ||
@@ -486,7 +431,6 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
486 | cleanup_handle (handle); | 431 | cleanup_handle (handle); |
487 | return; | 432 | return; |
488 | } | 433 | } |
489 | |||
490 | egoname = NULL; | 434 | egoname = NULL; |
491 | ego_entry = NULL; | 435 | ego_entry = NULL; |
492 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, | 436 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, |
@@ -496,35 +440,35 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
496 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | 440 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, |
497 | &key) ) | 441 | &key) ) |
498 | { | 442 | { |
499 | ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | 443 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Issuer not found\n"); |
500 | &key); | 444 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
501 | if (NULL == ego_val) | 445 | return; |
502 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego invalid: %s\n", ego_val); | 446 | } |
503 | if (NULL != ego_val) | 447 | ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, |
504 | { | 448 | &key); |
505 | for (ego_entry = handle->ego_head; | 449 | if (NULL == ego_val) |
506 | NULL != ego_entry; | 450 | { |
507 | ego_entry = ego_entry->next) | 451 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
508 | { | 452 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego invalid: %s\n", ego_val); |
509 | if (0 != strcmp (ego_val, ego_entry->identifier)) | 453 | return; |
510 | continue; | 454 | } |
511 | egoname = ego_entry->identifier; | 455 | for (ego_entry = handle->ego_head; |
512 | break; | 456 | NULL != ego_entry; |
513 | } | 457 | ego_entry = ego_entry->next) |
514 | if (NULL == egoname || NULL == ego_entry) | 458 | { |
515 | { | 459 | if (0 != strcmp (ego_val, ego_entry->identifier)) |
516 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego not found: %s\n", ego_val); | 460 | continue; |
517 | resp = GNUNET_REST_create_json_response (NULL); | 461 | egoname = ego_entry->identifier; |
518 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 462 | break; |
519 | cleanup_handle (handle); | 463 | } |
520 | return; | 464 | if (NULL == egoname || NULL == ego_entry) |
521 | } | 465 | { |
522 | } | 466 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego not found: %s\n", ego_val); |
467 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
468 | return; | ||
523 | } | 469 | } |
524 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego to issue token for: %s\n", egoname); | 470 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego to issue token for: %s\n", egoname); |
525 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST, | 471 | |
526 | strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST), | ||
527 | &key); | ||
528 | 472 | ||
529 | //Meta info | 473 | //Meta info |
530 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST, | 474 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST, |
@@ -545,15 +489,16 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
545 | 489 | ||
546 | 490 | ||
547 | //Token audience | 491 | //Token audience |
492 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST, | ||
493 | strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST), | ||
494 | &key); | ||
548 | audience = NULL; | 495 | audience = NULL; |
549 | if ( GNUNET_YES != | 496 | if ( GNUNET_YES != |
550 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | 497 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, |
551 | &key) ) | 498 | &key) ) |
552 | { | 499 | { |
553 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Audience missing!\n"); | 500 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Audience missing!\n"); |
554 | resp = GNUNET_REST_create_json_response (NULL); | 501 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
555 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | ||
556 | cleanup_handle (handle); | ||
557 | return; | 502 | return; |
558 | } | 503 | } |
559 | audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | 504 | audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, |
@@ -615,42 +560,24 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
615 | time = GNUNET_TIME_absolute_get().abs_value_us; | 560 | time = GNUNET_TIME_absolute_get().abs_value_us; |
616 | exp_time.abs_value_us = time + etime_rel.rel_value_us; | 561 | exp_time.abs_value_us = time + etime_rel.rel_value_us; |
617 | 562 | ||
563 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | ||
618 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp, | 564 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp, |
619 | priv_key, | 565 | priv_key, |
620 | aud_key, | 566 | &aud_key, |
621 | scopes, | 567 | scopes, |
622 | exp_time, | 568 | exp_time, |
623 | nonce, | 569 | nonce, |
624 | &token_creat_cont, | 570 | &token_creat_cont, |
625 | handle); | 571 | handle); |
626 | /*handle->token_handle = GNUNET_IDENTITY_PROVIDER_token_issue (&pub_key, | 572 | |
627 | aud_key, | ||
628 | handle->attr_map, | ||
629 | &token_creat_cont, | ||
630 | handle); | ||
631 | handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key, | ||
632 | aud_key);*/ | ||
633 | GNUNET_free (aud_key); | ||
634 | |||
635 | |||
636 | //Get identity attributes | ||
637 | /*handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); | ||
638 | handle->ego_entry = ego_entry; | ||
639 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, | ||
640 | priv_key, | ||
641 | &attr_collect, | ||
642 | handle);*/ | ||
643 | } | 573 | } |
644 | 574 | ||
645 | 575 | ||
646 | /** | 576 | /** |
647 | * Build a GNUid token for identity | 577 | * Build a GNUid token for identity |
648 | * @param handle the handle | 578 | * |
649 | * @param ego_entry the ego to build the token for | 579 | * @param cls the request handle |
650 | * @param name name of the ego | 580 | * @param tc task context |
651 | * @param token_aud token audience | ||
652 | * @param token the resulting gnuid token | ||
653 | * @return identifier string of token (label) | ||
654 | */ | 581 | */ |
655 | static void | 582 | static void |
656 | return_token_list (void *cls, | 583 | return_token_list (void *cls, |
@@ -669,7 +596,10 @@ return_token_list (void *cls, | |||
669 | } | 596 | } |
670 | 597 | ||
671 | /** | 598 | /** |
672 | * Collect all tokens for ego | 599 | * Collect all tokens for an ego |
600 | * | ||
601 | * TODO move this into the identity-provider service | ||
602 | * | ||
673 | */ | 603 | */ |
674 | static void | 604 | static void |
675 | token_collect (void *cls, | 605 | token_collect (void *cls, |
@@ -769,27 +699,30 @@ list_token_cont (struct RestConnectionDataHandle *con_handle, | |||
769 | strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), | 699 | strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), |
770 | &key); | 700 | &key); |
771 | 701 | ||
772 | if ( GNUNET_YES == | 702 | if ( GNUNET_YES != |
773 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | 703 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, |
774 | &key) ) | 704 | &key) ) |
775 | { | 705 | { |
776 | ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | 706 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No issuer given.\n"); |
777 | &key); | 707 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
778 | //Remove non-matching egos | 708 | return; |
779 | for (ego_entry = handle->ego_head; | 709 | } |
780 | NULL != ego_entry;) | 710 | ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, |
711 | &key); | ||
712 | //Remove non-matching egos | ||
713 | for (ego_entry = handle->ego_head; | ||
714 | NULL != ego_entry;) | ||
715 | { | ||
716 | ego_tmp = ego_entry; | ||
717 | ego_entry = ego_entry->next; | ||
718 | if (0 != strcmp (ego_val, ego_tmp->identifier)) | ||
781 | { | 719 | { |
782 | ego_tmp = ego_entry; | 720 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, |
783 | ego_entry = ego_entry->next; | 721 | handle->ego_tail, |
784 | if (0 != strcmp (ego_val, ego_tmp->identifier)) | 722 | ego_tmp); |
785 | { | 723 | GNUNET_free (ego_tmp->identifier); |
786 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, | 724 | GNUNET_free (ego_tmp->keystring); |
787 | handle->ego_tail, | 725 | GNUNET_free (ego_tmp); |
788 | ego_tmp); | ||
789 | GNUNET_free (ego_tmp->identifier); | ||
790 | GNUNET_free (ego_tmp->keystring); | ||
791 | GNUNET_free (ego_tmp); | ||
792 | } | ||
793 | } | 726 | } |
794 | } | 727 | } |
795 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); | 728 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); |
@@ -809,20 +742,26 @@ list_token_cont (struct RestConnectionDataHandle *con_handle, | |||
809 | 742 | ||
810 | } | 743 | } |
811 | 744 | ||
745 | /** | ||
746 | * Return token to requestor | ||
747 | * | ||
748 | * @param cls request handle | ||
749 | * @param token the token | ||
750 | */ | ||
812 | static void | 751 | static void |
813 | exchange_cont (void *cls, | 752 | exchange_cont (void *cls, |
814 | const struct GNUNET_IDENTITY_PROVIDER_Token *token) | 753 | const struct GNUNET_IDENTITY_PROVIDER_Token *token) |
815 | { | 754 | { |
816 | json_t *root; | 755 | json_t *root; |
817 | struct RequestHandle *handle = cls; | 756 | struct RequestHandle *handle = cls; |
818 | struct MHD_Response *resp; | 757 | struct MHD_Response *resp; |
819 | char* result; | 758 | char* result; |
820 | char* token_str; | 759 | char* token_str; |
821 | 760 | ||
822 | root = json_object (); | 761 | root = json_object (); |
823 | token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); | 762 | token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); |
824 | json_object_set_new (root, "access_token", json_string (token_str)); | 763 | json_object_set_new (root, "identity_token", json_string (token_str)); |
825 | json_object_set_new (root, "token_type", json_string ("gnuid")); | 764 | json_object_set_new (root, "token_type", json_string ("jwt")); |
826 | GNUNET_free (token_str); | 765 | GNUNET_free (token_str); |
827 | 766 | ||
828 | result = json_dumps (root, JSON_INDENT(1)); | 767 | result = json_dumps (root, JSON_INDENT(1)); |
@@ -834,6 +773,17 @@ exchange_cont (void *cls, | |||
834 | json_decref (root); | 773 | json_decref (root); |
835 | } | 774 | } |
836 | 775 | ||
776 | |||
777 | /** | ||
778 | * | ||
779 | * Callback called when identity for token exchange has been found | ||
780 | * | ||
781 | * @param cls request handle | ||
782 | * @param ego the identity to use as issuer | ||
783 | * @param ctx user context | ||
784 | * @param name identity name | ||
785 | * | ||
786 | */ | ||
837 | static void | 787 | static void |
838 | exchange_token_ticket_cb (void *cls, | 788 | exchange_token_ticket_cb (void *cls, |
839 | struct GNUNET_IDENTITY_Ego *ego, | 789 | struct GNUNET_IDENTITY_Ego *ego, |
@@ -867,25 +817,26 @@ exchange_token_ticket_cb (void *cls, | |||
867 | return; | 817 | return; |
868 | } | 818 | } |
869 | ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | 819 | ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, |
870 | &key); | 820 | &key); |
871 | 821 | ||
872 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); | 822 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); |
873 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, | 823 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, |
874 | &ticket); | 824 | &ticket); |
875 | 825 | ||
826 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | ||
876 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp, | 827 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp, |
877 | ticket, | 828 | ticket, |
878 | handle->priv_key, | 829 | handle->priv_key, |
879 | &exchange_cont, | 830 | &exchange_cont, |
880 | handle); | 831 | handle); |
881 | GNUNET_free (ticket); | 832 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket); |
882 | 833 | ||
883 | } | 834 | } |
884 | 835 | ||
885 | 836 | ||
886 | 837 | ||
887 | /** | 838 | /** |
888 | * Respond to OAuth2 /token request | 839 | * Respond to issue request |
889 | * | 840 | * |
890 | * @param con_handle the connection handle | 841 | * @param con_handle the connection handle |
891 | * @param url the url | 842 | * @param url the url |
@@ -897,30 +848,12 @@ exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle, | |||
897 | void *cls) | 848 | void *cls) |
898 | { | 849 | { |
899 | struct RequestHandle *handle = cls; | 850 | struct RequestHandle *handle = cls; |
900 | char* grant_type; | ||
901 | struct GNUNET_HashCode key; | ||
902 | |||
903 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE, | ||
904 | strlen (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE), | ||
905 | &key); | ||
906 | |||
907 | if ( GNUNET_YES == | ||
908 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
909 | &key) ) | ||
910 | { | ||
911 | grant_type = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
912 | &key); | ||
913 | } | ||
914 | |||
915 | if (0 == strcmp ("authorization_code", grant_type)) { | ||
916 | //Get token from GNS | ||
917 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, | ||
918 | "gns-master", | ||
919 | &exchange_token_ticket_cb, | ||
920 | handle); | ||
921 | } | ||
922 | 851 | ||
923 | //TODO fail here | 852 | //Get token from GNS |
853 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, | ||
854 | "gns-master", | ||
855 | &exchange_token_ticket_cb, | ||
856 | handle); | ||
924 | } | 857 | } |
925 | 858 | ||
926 | /** | 859 | /** |
@@ -959,8 +892,8 @@ init_cont (struct RequestHandle *handle) | |||
959 | static const struct GNUNET_REST_RestConnectionHandler handlers[] = { | 892 | static const struct GNUNET_REST_RestConnectionHandler handlers[] = { |
960 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont}, | 893 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont}, |
961 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, | 894 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, |
962 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, | 895 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &list_token_cont}, |
963 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, | 896 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont}, |
964 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, | 897 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, |
965 | GNUNET_REST_HANDLER_END | 898 | GNUNET_REST_HANDLER_END |
966 | }; | 899 | }; |
@@ -1050,48 +983,12 @@ rest_identity_process_request(struct RestConnectionDataHandle *conndata_handle, | |||
1050 | void *proc_cls) | 983 | void *proc_cls) |
1051 | { | 984 | { |
1052 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | 985 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
1053 | struct GNUNET_HashCode key; | ||
1054 | char* attr_list; | ||
1055 | char* attr_list_tmp; | ||
1056 | char* attr; | ||
1057 | |||
1058 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST, | ||
1059 | strlen (GNUNET_IDENTITY_TOKEN_ATTR_LIST), | ||
1060 | &key); | ||
1061 | 986 | ||
1062 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 987 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
1063 | |||
1064 | handle->proc_cls = proc_cls; | 988 | handle->proc_cls = proc_cls; |
1065 | handle->proc = proc; | 989 | handle->proc = proc; |
1066 | handle->state = ID_REST_STATE_INIT; | 990 | handle->state = ID_REST_STATE_INIT; |
1067 | handle->conndata_handle = conndata_handle; | 991 | handle->conndata_handle = conndata_handle; |
1068 | handle->data = conndata_handle->data; | ||
1069 | handle->data_size = conndata_handle->data_size; | ||
1070 | handle->method = conndata_handle->method; | ||
1071 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
1072 | &key)) | ||
1073 | { | ||
1074 | handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5, | ||
1075 | GNUNET_NO); | ||
1076 | attr_list = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
1077 | &key); | ||
1078 | if (NULL != attr_list) | ||
1079 | { | ||
1080 | attr_list_tmp = GNUNET_strdup (attr_list); | ||
1081 | attr = strtok(attr_list_tmp, ","); | ||
1082 | for (; NULL != attr; attr = strtok (NULL, ",")) | ||
1083 | { | ||
1084 | GNUNET_CRYPTO_hash (attr, | ||
1085 | strlen (attr), | ||
1086 | &key); | ||
1087 | GNUNET_CONTAINER_multihashmap_put (handle->attr_map, | ||
1088 | &key, | ||
1089 | attr, | ||
1090 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
1091 | } | ||
1092 | GNUNET_free (attr_list_tmp); | ||
1093 | } | ||
1094 | } | ||
1095 | 992 | ||
1096 | 993 | ||
1097 | GNUNET_asprintf (&handle->url, "%s", conndata_handle->url); | 994 | GNUNET_asprintf (&handle->url, "%s", conndata_handle->url); |
@@ -1131,7 +1028,7 @@ libgnunet_plugin_rest_identity_token_init (void *cls) | |||
1131 | plugin.cfg = cfg; | 1028 | plugin.cfg = cfg; |
1132 | api = GNUNET_new (struct GNUNET_REST_Plugin); | 1029 | api = GNUNET_new (struct GNUNET_REST_Plugin); |
1133 | api->cls = &plugin; | 1030 | api->cls = &plugin; |
1134 | api->name = GNUNET_REST_API_NS_IDENTITY_TOKEN; | 1031 | api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER; |
1135 | api->process_request = &rest_identity_process_request; | 1032 | api->process_request = &rest_identity_process_request; |
1136 | GNUNET_asprintf (&allow_methods, | 1033 | GNUNET_asprintf (&allow_methods, |
1137 | "%s, %s, %s, %s, %s", | 1034 | "%s, %s, %s, %s, %s", |