aboutsummaryrefslogtreecommitdiff
path: root/src/identity-provider
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2016-01-09 17:09:37 +0000
committerMartin Schanzenbach <mschanzenbach@posteo.de>2016-01-09 17:09:37 +0000
commit3941d4252602eb9e6689897a8264380012fdf7e6 (patch)
tree1c080b9cefc132bb728a92b4ff02a72c511f9f4c /src/identity-provider
parent8feaa39e16ba33a192b32097e8087c9aca2d27d8 (diff)
downloadgnunet-3941d4252602eb9e6689897a8264380012fdf7e6.tar.gz
gnunet-3941d4252602eb9e6689897a8264380012fdf7e6.zip
- fix build, fix bugs
Diffstat (limited to 'src/identity-provider')
-rw-r--r--src/identity-provider/Makefile.am13
-rw-r--r--src/identity-provider/gnunet-service-identity-provider.c61
-rw-r--r--src/identity-provider/identity_provider.h4
-rw-r--r--src/identity-provider/identity_provider_api.c85
-rw-r--r--src/identity-provider/identity_token.c62
-rw-r--r--src/identity-provider/plugin_rest_identity_provider.c (renamed from src/identity-provider/plugin_rest_identity_token.c)343
6 files changed, 293 insertions, 275 deletions
diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am
index 75858947a..029744f6f 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/identity-provider/Makefile.am
@@ -17,10 +17,10 @@ pkgcfgdir= $(pkgdatadir)/config.d/
17libexecdir= $(pkglibdir)/libexec/ 17libexecdir= $(pkglibdir)/libexec/
18 18
19pkgcfg_DATA = \ 19pkgcfg_DATA = \
20 identity-token.conf 20 identity-provider.conf
21 21
22plugin_LTLIBRARIES = \ 22plugin_LTLIBRARIES = \
23 libgnunet_plugin_rest_identity_token.la \ 23 libgnunet_plugin_rest_identity_provider.la \
24 libgnunetidentityprovider.la 24 libgnunetidentityprovider.la
25 25
26bin_PROGRAMS = \ 26bin_PROGRAMS = \
@@ -51,15 +51,16 @@ libgnunetidentityprovider_la_LDFLAGS = \
51 $(GN_LIB_LDFLAGS) $(WINFLAGS) \ 51 $(GN_LIB_LDFLAGS) $(WINFLAGS) \
52 -version-info 0:0:0 52 -version-info 0:0:0
53 53
54libgnunet_plugin_rest_identity_token_la_SOURCES = \ 54libgnunet_plugin_rest_identity_provider_la_SOURCES = \
55 plugin_rest_identity_token.c 55 plugin_rest_identity_provider.c
56libgnunet_plugin_rest_identity_token_la_LIBADD = \ 56libgnunet_plugin_rest_identity_provider_la_LIBADD = \
57 $(top_builddir)/src/identity/libgnunetidentity.la \ 57 $(top_builddir)/src/identity/libgnunetidentity.la \
58 libgnunetidentityprovider.la \
58 $(top_builddir)/src/rest/libgnunetrest.la \ 59 $(top_builddir)/src/rest/libgnunetrest.la \
59 $(top_builddir)/src/namestore/libgnunetnamestore.la \ 60 $(top_builddir)/src/namestore/libgnunetnamestore.la \
60 $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ 61 $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
61 $(LTLIBINTL) -ljansson -lmicrohttpd 62 $(LTLIBINTL) -ljansson -lmicrohttpd
62libgnunet_plugin_rest_identity_token_la_LDFLAGS = \ 63libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \
63 $(GN_PLUGIN_LDFLAGS) 64 $(GN_PLUGIN_LDFLAGS)
64 65
65 66
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 85471e657..2e914428e 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -535,8 +535,9 @@ token_collect (void *cls,
535 &clear_ego_attrs, 535 &clear_ego_attrs,
536 ego_entry); 536 ego_entry);
537 GNUNET_CONTAINER_multihashmap_clear (ego_entry->attr_map); 537 GNUNET_CONTAINER_multihashmap_clear (ego_entry->attr_map);
538 GNUNET_SCHEDULER_add_now (&update_identities, ego_entry->next); 538 update_task = GNUNET_SCHEDULER_add_now (&update_identities,
539 return; 539 ego_entry->next);
540 return;
540 } 541 }
541 542
542 //There should be only a single record for a token under a label 543 //There should be only a single record for a token under a label
@@ -554,8 +555,16 @@ token_collect (void *cls,
554 token_record = &rd[0]; 555 token_record = &rd[0];
555 token_metadata_record = &rd[1]; 556 token_metadata_record = &rd[1];
556 } 557 }
557 GNUNET_assert (token_metadata_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA); 558 if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
558 GNUNET_assert (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN); 559 {
560 GNUNET_NAMESTORE_zone_iterator_next (ns_it);
561 return;
562 }
563 if (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN)
564 {
565 GNUNET_NAMESTORE_zone_iterator_next (ns_it);
566 return;
567 }
559 568
560 //Get metadata and decrypt token 569 //Get metadata and decrypt token
561 ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); 570 ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data);
@@ -607,7 +616,7 @@ attribute_collect (void *cls,
607 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 616 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
608 ">>> Updating Attributes finished\n"); 617 ">>> Updating Attributes finished\n");
609 ego_entry->attributes_dirty = GNUNET_NO; 618 ego_entry->attributes_dirty = GNUNET_NO;
610 GNUNET_SCHEDULER_add_now (&update_identities, ego_entry); 619 update_task = GNUNET_SCHEDULER_add_now (&update_identities, ego_entry);
611 return; 620 return;
612 } 621 }
613 622
@@ -674,6 +683,7 @@ update_identities(void *cls,
674{ 683{
675 struct EgoEntry *next_ego = cls; 684 struct EgoEntry *next_ego = cls;
676 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; 685 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
686 update_task = NULL;
677 if (NULL == next_ego) 687 if (NULL == next_ego)
678 { 688 {
679 if (min_rel_exp.rel_value_us < MIN_WAIT_TIME.rel_value_us) 689 if (min_rel_exp.rel_value_us < MIN_WAIT_TIME.rel_value_us)
@@ -885,9 +895,14 @@ store_token_issue_cont (void *cls,
885 handle->client, 895 handle->client,
886 &irm->header, 896 &irm->header,
887 GNUNET_NO); 897 GNUNET_NO);
898 GNUNET_SERVER_client_set_user_context (handle->client, NULL);
899 GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map);
900 GNUNET_free (handle->scopes);
901 token_destroy (handle->token);
902 ticket_destroy (handle->ticket);
903 GNUNET_free (handle);
888 GNUNET_free (irm); 904 GNUNET_free (irm);
889 GNUNET_free (token_ticket_str); 905 GNUNET_free (token_ticket_str);
890 GNUNET_SERVER_receive_done (handle->client, GNUNET_OK);
891} 906}
892 907
893/** 908/**
@@ -904,7 +919,6 @@ sign_and_return_token (void *cls,
904 const struct GNUNET_SCHEDULER_TaskContext *tc) 919 const struct GNUNET_SCHEDULER_TaskContext *tc)
905{ 920{
906 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; 921 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
907 struct GNUNET_CRYPTO_EcdsaPublicKey aud_pkey;
908 struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; 922 struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
909 struct IssueHandle *handle = cls; 923 struct IssueHandle *handle = cls;
910 struct GNUNET_GNSRECORD_Data token_record[2]; 924 struct GNUNET_GNSRECORD_Data token_record[2];
@@ -925,16 +939,18 @@ sign_and_return_token (void *cls,
925 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); 939 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
926 940
927 //Label 941 //Label
928 rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX); 942 rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
929 GNUNET_STRINGS_base64_encode ((char*)&rnd_key, sizeof (uint64_t), &lbl_str); 943 UINT64_MAX);
944 GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
945 sizeof (uint64_t),
946 &lbl_str);
930 GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, 947 GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
931 &pub_key); 948 &pub_key);
932 949
933 handle->ticket = ticket_create (nonce_str, 950 handle->ticket = ticket_create (nonce_str,
934 &pub_key, 951 &pub_key,
935 lbl_str, 952 lbl_str,
936 &aud_pkey); 953 &handle->aud_key);
937
938 954
939 955
940 if (GNUNET_OK != 956 if (GNUNET_OK !=
@@ -994,10 +1010,12 @@ sign_and_return_token (void *cls,
994 lbl_str, 1010 lbl_str,
995 2, 1011 2,
996 token_record, 1012 token_record,
997 &store_token_issue_cont, 1013 &store_token_issue_cont,
998 handle); 1014 handle);
999 GNUNET_free (lbl_str); 1015 GNUNET_free (lbl_str);
1016 GNUNET_free (nonce_str);
1000 GNUNET_free (enc_token_str); 1017 GNUNET_free (enc_token_str);
1018 GNUNET_free (token_metadata);
1001} 1019}
1002 1020
1003/** 1021/**
@@ -1123,8 +1141,13 @@ process_lookup_result (void *cls, uint32_t rd_count,
1123 handle->client, 1141 handle->client,
1124 &erm->header, 1142 &erm->header,
1125 GNUNET_NO); 1143 GNUNET_NO);
1144 GNUNET_SERVER_client_set_user_context (handle->client, NULL);
1145 ticket_destroy (handle->ticket);
1146 token_destroy (handle->token);
1147 GNUNET_free (record_str);
1148 GNUNET_free (token_str);
1149 GNUNET_free (handle);
1126 GNUNET_free (erm); 1150 GNUNET_free (erm);
1127 GNUNET_SERVER_receive_done (handle->client, GNUNET_OK);
1128 1151
1129} 1152}
1130 1153
@@ -1161,12 +1184,12 @@ handle_exchange_message (void *cls,
1161 ticket); 1184 ticket);
1162 xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); 1185 xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle));
1163 xchange_handle->aud_privkey = em->aud_privkey; 1186 xchange_handle->aud_privkey = em->aud_privkey;
1187
1164 if (GNUNET_SYSERR == ticket_parse (ticket, 1188 if (GNUNET_SYSERR == ticket_parse (ticket,
1165 &xchange_handle->aud_privkey, 1189 &xchange_handle->aud_privkey,
1166 &xchange_handle->ticket)) 1190 &xchange_handle->ticket))
1167 { 1191 {
1168 GNUNET_free (xchange_handle); 1192 GNUNET_free (xchange_handle);
1169 GNUNET_break (0);
1170 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR); 1193 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1171 return; 1194 return;
1172 } 1195 }
@@ -1175,6 +1198,10 @@ handle_exchange_message (void *cls,
1175 GNUNET_asprintf (&lookup_query, 1198 GNUNET_asprintf (&lookup_query,
1176 "%s.gnu", 1199 "%s.gnu",
1177 xchange_handle->ticket->payload->label); 1200 xchange_handle->ticket->payload->label);
1201 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1202 GNUNET_SERVER_notification_context_add (nc, client);
1203 GNUNET_SERVER_client_set_user_context (client, xchange_handle);
1204 xchange_handle->client = client;
1178 xchange_handle->lookup_request = GNUNET_GNS_lookup (gns_handle, 1205 xchange_handle->lookup_request = GNUNET_GNS_lookup (gns_handle,
1179 lookup_query, 1206 lookup_query,
1180 &xchange_handle->ticket->payload->identity_key, 1207 &xchange_handle->ticket->payload->identity_key,
@@ -1241,6 +1268,11 @@ handle_issue_message (void *cls,
1241 issue_handle->iss_key = im->iss_key; 1268 issue_handle->iss_key = im->iss_key;
1242 issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); 1269 issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration);
1243 issue_handle->nonce = im->nonce; 1270 issue_handle->nonce = im->nonce;
1271 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1272 GNUNET_SERVER_notification_context_add (nc, client);
1273 GNUNET_SERVER_client_set_user_context (client, issue_handle);
1274 issue_handle->client = client;
1275 issue_handle->scopes = GNUNET_strdup (scopes);
1244 GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, 1276 GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
1245 &issue_handle->iss_pkey); 1277 &issue_handle->iss_pkey);
1246 issue_handle->token = token_create (&issue_handle->iss_pkey, 1278 issue_handle->token = token_create (&issue_handle->iss_pkey,
@@ -1250,7 +1282,6 @@ handle_issue_message (void *cls,
1250 &im->iss_key, 1282 &im->iss_key,
1251 &attr_collect, 1283 &attr_collect,
1252 issue_handle); 1284 issue_handle);
1253 GNUNET_SERVER_receive_done (client, GNUNET_OK); //TODO here?
1254 1285
1255 1286
1256} 1287}
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h
index 12b96a51c..9fe444da4 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -41,7 +41,7 @@ struct GNUNET_IDENTITY_PROVIDER_Token
41 /** 41 /**
42 * The JWT representation of the identity token 42 * The JWT representation of the identity token
43 */ 43 */
44 const char *data; 44 char *data;
45}; 45};
46 46
47/** 47/**
@@ -52,7 +52,7 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket
52 /** 52 /**
53 * The Base64 representation of the ticket 53 * The Base64 representation of the ticket
54 */ 54 */
55 const char *data; 55 char *data;
56}; 56};
57 57
58/** 58/**
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index a1d95c2b8..f0e91a739 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -192,7 +192,7 @@ message_handler (void *cls,
192 struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; 192 struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
193 const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *irm; 193 const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *irm;
194 const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm; 194 const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm;
195 const char *str; 195 char *str;
196 uint16_t size; 196 uint16_t size;
197 197
198 if (NULL == msg) 198 if (NULL == msg)
@@ -214,7 +214,7 @@ message_handler (void *cls,
214 return; 214 return;
215 } 215 }
216 irm = (const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *) msg; 216 irm = (const struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage *) msg;
217 str = (const char *) &irm[1]; 217 str = (char *) &irm[1];
218 if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage)) && 218 if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage)) &&
219 ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage) - 1]) ) 219 ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_IssueResultMessage) - 1]) )
220 { 220 {
@@ -244,7 +244,7 @@ message_handler (void *cls,
244 return; 244 return;
245 } 245 }
246 erm = (const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *) msg; 246 erm = (const struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *) msg;
247 str = (const char *) &erm[1]; 247 str = (char *) &erm[1];
248 if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage)) && 248 if ( (size > sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage)) &&
249 ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) - 1]) ) 249 ('\0' != str[size - sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) - 1]) )
250 { 250 {
@@ -494,6 +494,7 @@ GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle
494 slen); 494 slen);
495 em->aud_privkey = *aud_privkey; 495 em->aud_privkey = *aud_privkey;
496 memcpy (&em[1], ticket_str, slen); 496 memcpy (&em[1], ticket_str, slen);
497 GNUNET_free (ticket_str);
497 op->msg = &em->header; 498 op->msg = &em->header;
498 GNUNET_CONTAINER_DLL_insert_tail (id->op_head, 499 GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
499 id->op_tail, 500 id->op_tail,
@@ -587,4 +588,82 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
587 GNUNET_free (h); 588 GNUNET_free (h);
588} 589}
589 590
591/**
592 * Convenience API
593 */
594
595
596/**
597 * Destroy token
598 *
599 * @param token the token
600 */
601void
602GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token)
603{
604 GNUNET_assert (NULL != token);
605 if (NULL != token->data)
606 GNUNET_free (token->data);
607 GNUNET_free (token);
608}
609
610/**
611 * Returns string representation of token. A JSON-Web-Token.
612 *
613 * @param token the token
614 * @return The JWT (must be freed)
615 */
616char *
617GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token)
618{
619 return GNUNET_strdup (token->data);
620}
621
622/**
623 * Returns string representation of ticket. Base64-Encoded
624 *
625 * @param ticket the ticket
626 * @return the Base64-Encoded ticket
627 */
628char *
629GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
630{
631 return GNUNET_strdup (ticket->data);
632}
633
634/**
635 * Created a ticket from a string (Base64 encoded ticket)
636 *
637 * @param input Base64 encoded ticket
638 * @param ticket pointer where the ticket is stored
639 * @return GNUNET_OK
640 */
641int
642GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input,
643 struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket)
644{
645 *ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
646 (*ticket)->data = GNUNET_strdup (input);
647 return GNUNET_OK;
648}
649
650
651/**
652 * Destroys a ticket
653 *
654 * @param ticket the ticket to destroy
655 */
656void
657GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
658{
659 GNUNET_assert (NULL != ticket);
660 if (NULL != ticket->data)
661 GNUNET_free (ticket->data);
662 GNUNET_free (ticket);
663}
664
665
666
667
668
590/* end of identity_provider_api.c */ 669/* end of identity_provider_api.c */
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c
index 10e142ca0..6cf0d4222 100644
--- a/src/identity-provider/identity_token.c
+++ b/src/identity-provider/identity_token.c
@@ -167,7 +167,8 @@ encrypt_str_ecdhe (const char *plaintext,
167 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)", 167 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)",
168 plaintext, 168 plaintext,
169 strlen (plaintext)); 169 strlen (plaintext));
170 enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, strlen (plaintext), 170 enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext,
171 strlen (plaintext),
171 &skey, &iv, 172 &skey, &iv,
172 *cyphertext); 173 *cyphertext);
173 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size); 174 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size);
@@ -494,14 +495,16 @@ ticket_payload_create (const char* nonce,
494void 495void
495ticket_payload_destroy (struct TokenTicketPayload* payload) 496ticket_payload_destroy (struct TokenTicketPayload* payload)
496{ 497{
497 GNUNET_free (payload->nonce); 498 if (NULL != payload->nonce)
498 GNUNET_free (payload->label); 499 GNUNET_free (payload->nonce);
500 if (NULL != payload->label)
501 GNUNET_free (payload->label);
499 GNUNET_free (payload); 502 GNUNET_free (payload);
500} 503}
501 504
502void 505void
503ticket_payload_serialize (struct TokenTicketPayload *payload, 506ticket_payload_serialize (struct TokenTicketPayload *payload,
504 char **result) 507 char **result)
505{ 508{
506 char* identity_key_str; 509 char* identity_key_str;
507 510
@@ -525,17 +528,17 @@ ticket_payload_serialize (struct TokenTicketPayload *payload,
525 */ 528 */
526struct TokenTicket* 529struct TokenTicket*
527ticket_create (const char* nonce_str, 530ticket_create (const char* nonce_str,
528 const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, 531 const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
529 const char* lbl_str, 532 const char* lbl_str,
530 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) 533 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
531{ 534{
532 struct TokenTicket *ticket; 535 struct TokenTicket *ticket;
533 struct TokenTicketPayload *code_payload; 536 struct TokenTicketPayload *code_payload;
534 537
535 ticket = GNUNET_malloc (sizeof (struct TokenTicket)); 538 ticket = GNUNET_malloc (sizeof (struct TokenTicket));
536 code_payload = ticket_payload_create (nonce_str, 539 code_payload = ticket_payload_create (nonce_str,
537 identity_pkey, 540 identity_pkey,
538 lbl_str); 541 lbl_str);
539 ticket->aud_key = *aud_key; 542 ticket->aud_key = *aud_key;
540 ticket->payload = code_payload; 543 ticket->payload = code_payload;
541 544
@@ -552,8 +555,8 @@ ticket_destroy (struct TokenTicket *ticket)
552 555
553int 556int
554ticket_serialize (struct TokenTicket *ticket, 557ticket_serialize (struct TokenTicket *ticket,
555 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, 558 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
556 char **result) 559 char **result)
557{ 560{
558 char *code_payload_str; 561 char *code_payload_str;
559 char *enc_ticket_payload; 562 char *enc_ticket_payload;
@@ -567,7 +570,7 @@ ticket_serialize (struct TokenTicket *ticket,
567 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; 570 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
568 571
569 ticket_payload_serialize (ticket->payload, 572 ticket_payload_serialize (ticket->payload,
570 &code_payload_str); 573 &code_payload_str);
571 574
572 GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, 575 GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str,
573 &ticket->aud_key, 576 &ticket->aud_key,
@@ -594,7 +597,7 @@ ticket_serialize (struct TokenTicket *ticket,
594 memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); 597 memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str));
595 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, 598 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key,
596 purpose, 599 purpose,
597 &ticket->signature)); 600 &ticket->signature));
598 GNUNET_STRINGS_base64_encode (enc_ticket_payload, 601 GNUNET_STRINGS_base64_encode (enc_ticket_payload,
599 strlen (code_payload_str), 602 strlen (code_payload_str),
600 &ticket_payload_str); 603 &ticket_payload_str);
@@ -619,10 +622,10 @@ ticket_serialize (struct TokenTicket *ticket,
619 622
620int 623int
621ticket_payload_parse(const char *raw_data, 624ticket_payload_parse(const char *raw_data,
622 ssize_t data_len, 625 ssize_t data_len,
623 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, 626 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
624 const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, 627 const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey,
625 struct TokenTicketPayload **result) 628 struct TokenTicketPayload **result)
626{ 629{
627 const char* label_str; 630 const char* label_str;
628 const char* nonce_str; 631 const char* nonce_str;
@@ -699,8 +702,8 @@ ticket_payload_parse(const char *raw_data,
699 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); 702 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str);
700 703
701 *result = ticket_payload_create (nonce_str, 704 *result = ticket_payload_create (nonce_str,
702 (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, 705 (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
703 label_str); 706 label_str);
704 GNUNET_free (meta_str); 707 GNUNET_free (meta_str);
705 json_decref (root); 708 json_decref (root);
706 return GNUNET_OK; 709 return GNUNET_OK;
@@ -709,8 +712,8 @@ ticket_payload_parse(const char *raw_data,
709 712
710int 713int
711ticket_parse (const char *raw_data, 714ticket_parse (const char *raw_data,
712 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, 715 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
713 struct TokenTicket **result) 716 struct TokenTicket **result)
714{ 717{
715 const char* enc_meta_str; 718 const char* enc_meta_str;
716 const char* ecdh_enc_str; 719 const char* ecdh_enc_str;
@@ -778,11 +781,18 @@ ticket_parse (const char *raw_data,
778 &enc_meta); 781 &enc_meta);
779 782
780 783
781 ticket_payload_parse (enc_meta, 784 if (GNUNET_OK != ticket_payload_parse (enc_meta,
782 enc_meta_len, 785 enc_meta_len,
783 priv_key, 786 priv_key,
784 (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, 787 (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey,
785 &ticket_payload); 788 &ticket_payload))
789 {
790 json_decref (root);
791 GNUNET_free (enc_meta);
792 GNUNET_free (ticket_decoded);
793 GNUNET_free (ticket);
794 return GNUNET_SYSERR;
795 }
786 796
787 ticket->payload = ticket_payload; 797 ticket->payload = ticket_payload;
788 //TODO: check signature here 798 //TODO: check signature here
diff --git a/src/identity-provider/plugin_rest_identity_token.c b/src/identity-provider/plugin_rest_identity_provider.c
index 6ae15cdec..3250a9fbd 100644
--- a/src/identity-provider/plugin_rest_identity_token.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -39,34 +39,31 @@
39/** 39/**
40 * REST root namespace 40 * REST root namespace
41 */ 41 */
42#define GNUNET_REST_API_NS_IDENTITY_TOKEN "/gnuid" 42#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp"
43 43
44/** 44/**
45 * Issue namespace 45 * Issue namespace
46 */ 46 */
47#define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/gnuid/issue" 47#define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/idp/issue"
48 48
49/** 49/**
50 * Check namespace 50 * Check namespace TODO
51 */ 51 */
52#define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/gnuid/check" 52#define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/idp/check"
53 53
54/** 54/**
55 * Token namespace 55 * Token namespace
56 */ 56 */
57#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/gnuid/token" 57#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/idp/token"
58 58
59/** 59/**
60 * Authorize namespace 60 * The URL parameter name in which the ticket must be provided
61 */ 61 */
62#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize"
63
64#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" 62#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket"
65 63
66#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" 64/**
67 65 * The URL parameter name in which the nonce must be provided
68#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE "grant_type" 66 */
69
70#define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce" 67#define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce"
71 68
72/** 69/**
@@ -105,11 +102,6 @@
105#define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration" 102#define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration"
106 103
107/** 104/**
108 * Renew token w/ relative expirations
109 */
110#define GNUNET_IDENTITY_TOKEN_RENEW_TOKEN "renew_token"
111
112/**
113 * Error messages 105 * Error messages
114 */ 106 */
115#define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" 107#define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid"
@@ -258,31 +250,11 @@ struct RequestHandle
258 void *proc_cls; 250 void *proc_cls;
259 251
260 /** 252 /**
261 * The name to look up
262 */
263 char *name;
264
265 /**
266 * The url 253 * The url
267 */ 254 */
268 char *url; 255 char *url;
269 256
270 /** 257 /**
271 * The data from the REST request
272 */
273 const char* data;
274
275 /**
276 * the length of the REST data
277 */
278 size_t data_size;
279
280 /**
281 * HTTP method
282 */
283 const char* method;
284
285 /**
286 * Error response message 258 * Error response message
287 */ 259 */
288 char *emsg; 260 char *emsg;
@@ -292,12 +264,6 @@ struct RequestHandle
292 */ 264 */
293 struct JsonApiObject *resp_object; 265 struct JsonApiObject *resp_object;
294 266
295 /**
296 * ID Attribute list given
297 */
298 struct GNUNET_CONTAINER_MultiHashMap *attr_map;
299
300
301}; 267};
302 268
303 269
@@ -314,20 +280,18 @@ cleanup_handle (struct RequestHandle *handle)
314 "Cleaning up\n"); 280 "Cleaning up\n");
315 if (NULL != handle->resp_object) 281 if (NULL != handle->resp_object)
316 GNUNET_REST_jsonapi_object_delete (handle->resp_object); 282 GNUNET_REST_jsonapi_object_delete (handle->resp_object);
317 if (NULL != handle->name)
318 GNUNET_free (handle->name);
319 if (NULL != handle->timeout_task) 283 if (NULL != handle->timeout_task)
320 GNUNET_SCHEDULER_cancel (handle->timeout_task); 284 GNUNET_SCHEDULER_cancel (handle->timeout_task);
321 if (NULL != handle->identity_handle) 285 if (NULL != handle->identity_handle)
322 GNUNET_IDENTITY_disconnect (handle->identity_handle); 286 GNUNET_IDENTITY_disconnect (handle->identity_handle);
287 if (NULL != handle->idp)
288 GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
323 if (NULL != handle->ns_it) 289 if (NULL != handle->ns_it)
324 GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); 290 GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
325 if (NULL != handle->ns_qe) 291 if (NULL != handle->ns_qe)
326 GNUNET_NAMESTORE_cancel (handle->ns_qe); 292 GNUNET_NAMESTORE_cancel (handle->ns_qe);
327 if (NULL != handle->ns_handle) 293 if (NULL != handle->ns_handle)
328 GNUNET_NAMESTORE_disconnect (handle->ns_handle); 294 GNUNET_NAMESTORE_disconnect (handle->ns_handle);
329 if (NULL != handle->attr_map)
330 GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map);
331 if (NULL != handle->url) 295 if (NULL != handle->url)
332 GNUNET_free (handle->url); 296 GNUNET_free (handle->url);
333 if (NULL != handle->emsg) 297 if (NULL != handle->emsg)
@@ -362,7 +326,6 @@ do_error (void *cls,
362 GNUNET_asprintf (&json_error, 326 GNUNET_asprintf (&json_error,
363 "{Error while processing request: %s}", 327 "{Error while processing request: %s}",
364 handle->emsg); 328 handle->emsg);
365
366 resp = GNUNET_REST_create_json_response (json_error); 329 resp = GNUNET_REST_create_json_response (json_error);
367 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); 330 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
368 cleanup_handle (handle); 331 cleanup_handle (handle);
@@ -383,29 +346,11 @@ do_cleanup_handle_delayed (void *cls,
383 cleanup_handle(handle); 346 cleanup_handle(handle);
384} 347}
385 348
386void
387store_token_cont (void *cls,
388 int32_t success,
389 const char *emsg)
390{
391 }
392
393
394
395
396
397
398
399
400 349
401/** 350/**
402 * Build a GNUid token for identity 351 * Get a ticket for identity
403 * @param handle the handle 352 * @param cls the handle
404 * @param ego_entry the ego to build the token for 353 * @param ticket the ticket returned from the idp
405 * @param name name of the ego
406 * @param token_aud token audience
407 * @param token the resulting gnuid token
408 * @return identifier string of token (label)
409 */ 354 */
410static void 355static void
411token_creat_cont (void *cls, 356token_creat_cont (void *cls,
@@ -413,10 +358,10 @@ token_creat_cont (void *cls,
413{ 358{
414 struct JsonApiResource *json_resource; 359 struct JsonApiResource *json_resource;
415 struct RequestHandle *handle = cls; 360 struct RequestHandle *handle = cls;
361 struct MHD_Response *resp;
416 json_t *token_ticket_json; 362 json_t *token_ticket_json;
417 char *ticket_str; 363 char *ticket_str;
418 char *result_str; 364 char *result_str;
419 struct MHD_Response *resp;
420 365
421 if (NULL == ticket) 366 if (NULL == ticket)
422 { 367 {
@@ -426,9 +371,8 @@ token_creat_cont (void *cls,
426 } 371 }
427 372
428 handle->resp_object = GNUNET_REST_jsonapi_object_new (); 373 handle->resp_object = GNUNET_REST_jsonapi_object_new ();
429 374 json_resource = GNUNET_REST_jsonapi_resource_new (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
430 json_resource = GNUNET_REST_jsonapi_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, 375 "tmpid"); //TODO
431 "tmpid");
432 ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); 376 ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket);
433 token_ticket_json = json_string (ticket_str); 377 token_ticket_json = json_string (ticket_str);
434 GNUNET_REST_jsonapi_resource_add_attr (json_resource, 378 GNUNET_REST_jsonapi_resource_add_attr (json_resource,
@@ -448,7 +392,7 @@ token_creat_cont (void *cls,
448} 392}
449 393
450/** 394/**
451 * Create a response with requested ego(s) 395 * Continueationf for token issue request
452 * 396 *
453 * @param con the Rest handle 397 * @param con the Rest handle
454 * @param url the requested url 398 * @param url the requested url
@@ -459,21 +403,22 @@ issue_token_cont (struct RestConnectionDataHandle *con,
459 const char *url, 403 const char *url,
460 void *cls) 404 void *cls)
461{ 405{
406 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
462 const char *egoname; 407 const char *egoname;
463 char *ego_val; 408
464 char *audience;
465 char *exp_str;
466 char *nonce_str;
467 char *scopes;
468 struct RequestHandle *handle = cls; 409 struct RequestHandle *handle = cls;
469 struct EgoEntry *ego_entry; 410 struct EgoEntry *ego_entry;
470 struct GNUNET_HashCode key; 411 struct GNUNET_HashCode key;
471 struct MHD_Response *resp; 412 struct MHD_Response *resp;
472 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
473 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; 413 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
474 struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; 414 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
475 struct GNUNET_TIME_Relative etime_rel; 415 struct GNUNET_TIME_Relative etime_rel;
476 struct GNUNET_TIME_Absolute exp_time; 416 struct GNUNET_TIME_Absolute exp_time;
417 char *ego_val;
418 char *audience;
419 char *exp_str;
420 char *nonce_str;
421 char *scopes;
477 uint64_t time; 422 uint64_t time;
478 uint64_t nonce; 423 uint64_t nonce;
479 424
@@ -486,7 +431,6 @@ issue_token_cont (struct RestConnectionDataHandle *con,
486 cleanup_handle (handle); 431 cleanup_handle (handle);
487 return; 432 return;
488 } 433 }
489
490 egoname = NULL; 434 egoname = NULL;
491 ego_entry = NULL; 435 ego_entry = NULL;
492 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, 436 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST,
@@ -496,35 +440,35 @@ issue_token_cont (struct RestConnectionDataHandle *con,
496 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, 440 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
497 &key) ) 441 &key) )
498 { 442 {
499 ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, 443 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Issuer not found\n");
500 &key); 444 GNUNET_SCHEDULER_add_now (&do_error, handle);
501 if (NULL == ego_val) 445 return;
502 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego invalid: %s\n", ego_val); 446 }
503 if (NULL != ego_val) 447 ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
504 { 448 &key);
505 for (ego_entry = handle->ego_head; 449 if (NULL == ego_val)
506 NULL != ego_entry; 450 {
507 ego_entry = ego_entry->next) 451 GNUNET_SCHEDULER_add_now (&do_error, handle);
508 { 452 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego invalid: %s\n", ego_val);
509 if (0 != strcmp (ego_val, ego_entry->identifier)) 453 return;
510 continue; 454 }
511 egoname = ego_entry->identifier; 455 for (ego_entry = handle->ego_head;
512 break; 456 NULL != ego_entry;
513 } 457 ego_entry = ego_entry->next)
514 if (NULL == egoname || NULL == ego_entry) 458 {
515 { 459 if (0 != strcmp (ego_val, ego_entry->identifier))
516 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego not found: %s\n", ego_val); 460 continue;
517 resp = GNUNET_REST_create_json_response (NULL); 461 egoname = ego_entry->identifier;
518 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); 462 break;
519 cleanup_handle (handle); 463 }
520 return; 464 if (NULL == egoname || NULL == ego_entry)
521 } 465 {
522 } 466 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Ego not found: %s\n", ego_val);
467 GNUNET_SCHEDULER_add_now (&do_error, handle);
468 return;
523 } 469 }
524 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego to issue token for: %s\n", egoname); 470 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego to issue token for: %s\n", egoname);
525 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST, 471
526 strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST),
527 &key);
528 472
529 //Meta info 473 //Meta info
530 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST, 474 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST,
@@ -545,15 +489,16 @@ issue_token_cont (struct RestConnectionDataHandle *con,
545 489
546 490
547 //Token audience 491 //Token audience
492 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST,
493 strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST),
494 &key);
548 audience = NULL; 495 audience = NULL;
549 if ( GNUNET_YES != 496 if ( GNUNET_YES !=
550 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, 497 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
551 &key) ) 498 &key) )
552 { 499 {
553 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Audience missing!\n"); 500 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Audience missing!\n");
554 resp = GNUNET_REST_create_json_response (NULL); 501 GNUNET_SCHEDULER_add_now (&do_error, handle);
555 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
556 cleanup_handle (handle);
557 return; 502 return;
558 } 503 }
559 audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, 504 audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
@@ -615,42 +560,24 @@ issue_token_cont (struct RestConnectionDataHandle *con,
615 time = GNUNET_TIME_absolute_get().abs_value_us; 560 time = GNUNET_TIME_absolute_get().abs_value_us;
616 exp_time.abs_value_us = time + etime_rel.rel_value_us; 561 exp_time.abs_value_us = time + etime_rel.rel_value_us;
617 562
563 handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
618 handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp, 564 handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp,
619 priv_key, 565 priv_key,
620 aud_key, 566 &aud_key,
621 scopes, 567 scopes,
622 exp_time, 568 exp_time,
623 nonce, 569 nonce,
624 &token_creat_cont, 570 &token_creat_cont,
625 handle); 571 handle);
626 /*handle->token_handle = GNUNET_IDENTITY_PROVIDER_token_issue (&pub_key, 572
627 aud_key,
628 handle->attr_map,
629 &token_creat_cont,
630 handle);
631 handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key,
632 aud_key);*/
633 GNUNET_free (aud_key);
634
635
636 //Get identity attributes
637 /*handle->ns_handle = GNUNET_NAMESTORE_connect (cfg);
638 handle->ego_entry = ego_entry;
639 handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle,
640 priv_key,
641 &attr_collect,
642 handle);*/
643} 573}
644 574
645 575
646/** 576/**
647 * Build a GNUid token for identity 577 * Build a GNUid token for identity
648 * @param handle the handle 578 *
649 * @param ego_entry the ego to build the token for 579 * @param cls the request handle
650 * @param name name of the ego 580 * @param tc task context
651 * @param token_aud token audience
652 * @param token the resulting gnuid token
653 * @return identifier string of token (label)
654 */ 581 */
655static void 582static void
656return_token_list (void *cls, 583return_token_list (void *cls,
@@ -669,7 +596,10 @@ return_token_list (void *cls,
669} 596}
670 597
671/** 598/**
672 * Collect all tokens for ego 599 * Collect all tokens for an ego
600 *
601 * TODO move this into the identity-provider service
602 *
673 */ 603 */
674static void 604static void
675token_collect (void *cls, 605token_collect (void *cls,
@@ -769,27 +699,30 @@ list_token_cont (struct RestConnectionDataHandle *con_handle,
769 strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), 699 strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST),
770 &key); 700 &key);
771 701
772 if ( GNUNET_YES == 702 if ( GNUNET_YES !=
773 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, 703 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
774 &key) ) 704 &key) )
775 { 705 {
776 ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, 706 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No issuer given.\n");
777 &key); 707 GNUNET_SCHEDULER_add_now (&do_error, handle);
778 //Remove non-matching egos 708 return;
779 for (ego_entry = handle->ego_head; 709 }
780 NULL != ego_entry;) 710 ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
711 &key);
712 //Remove non-matching egos
713 for (ego_entry = handle->ego_head;
714 NULL != ego_entry;)
715 {
716 ego_tmp = ego_entry;
717 ego_entry = ego_entry->next;
718 if (0 != strcmp (ego_val, ego_tmp->identifier))
781 { 719 {
782 ego_tmp = ego_entry; 720 GNUNET_CONTAINER_DLL_remove (handle->ego_head,
783 ego_entry = ego_entry->next; 721 handle->ego_tail,
784 if (0 != strcmp (ego_val, ego_tmp->identifier)) 722 ego_tmp);
785 { 723 GNUNET_free (ego_tmp->identifier);
786 GNUNET_CONTAINER_DLL_remove (handle->ego_head, 724 GNUNET_free (ego_tmp->keystring);
787 handle->ego_tail, 725 GNUNET_free (ego_tmp);
788 ego_tmp);
789 GNUNET_free (ego_tmp->identifier);
790 GNUNET_free (ego_tmp->keystring);
791 GNUNET_free (ego_tmp);
792 }
793 } 726 }
794 } 727 }
795 handle->resp_object = GNUNET_REST_jsonapi_object_new (); 728 handle->resp_object = GNUNET_REST_jsonapi_object_new ();
@@ -809,20 +742,26 @@ list_token_cont (struct RestConnectionDataHandle *con_handle,
809 742
810} 743}
811 744
745/**
746 * Return token to requestor
747 *
748 * @param cls request handle
749 * @param token the token
750 */
812static void 751static void
813exchange_cont (void *cls, 752exchange_cont (void *cls,
814 const struct GNUNET_IDENTITY_PROVIDER_Token *token) 753 const struct GNUNET_IDENTITY_PROVIDER_Token *token)
815{ 754{
816 json_t *root; 755 json_t *root;
817 struct RequestHandle *handle = cls; 756 struct RequestHandle *handle = cls;
818 struct MHD_Response *resp; 757 struct MHD_Response *resp;
819 char* result; 758 char* result;
820 char* token_str; 759 char* token_str;
821 760
822 root = json_object (); 761 root = json_object ();
823 token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); 762 token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token);
824 json_object_set_new (root, "access_token", json_string (token_str)); 763 json_object_set_new (root, "identity_token", json_string (token_str));
825 json_object_set_new (root, "token_type", json_string ("gnuid")); 764 json_object_set_new (root, "token_type", json_string ("jwt"));
826 GNUNET_free (token_str); 765 GNUNET_free (token_str);
827 766
828 result = json_dumps (root, JSON_INDENT(1)); 767 result = json_dumps (root, JSON_INDENT(1));
@@ -834,6 +773,17 @@ exchange_cont (void *cls,
834 json_decref (root); 773 json_decref (root);
835} 774}
836 775
776
777/**
778 *
779 * Callback called when identity for token exchange has been found
780 *
781 * @param cls request handle
782 * @param ego the identity to use as issuer
783 * @param ctx user context
784 * @param name identity name
785 *
786 */
837static void 787static void
838exchange_token_ticket_cb (void *cls, 788exchange_token_ticket_cb (void *cls,
839 struct GNUNET_IDENTITY_Ego *ego, 789 struct GNUNET_IDENTITY_Ego *ego,
@@ -867,25 +817,26 @@ exchange_token_ticket_cb (void *cls,
867 return; 817 return;
868 } 818 }
869 ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, 819 ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
870 &key); 820 &key);
871 821
872 handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); 822 handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
873 GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, 823 GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str,
874 &ticket); 824 &ticket);
875 825
826 handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
876 handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp, 827 handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp,
877 ticket, 828 ticket,
878 handle->priv_key, 829 handle->priv_key,
879 &exchange_cont, 830 &exchange_cont,
880 handle); 831 handle);
881 GNUNET_free (ticket); 832 GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket);
882 833
883} 834}
884 835
885 836
886 837
887/** 838/**
888 * Respond to OAuth2 /token request 839 * Respond to issue request
889 * 840 *
890 * @param con_handle the connection handle 841 * @param con_handle the connection handle
891 * @param url the url 842 * @param url the url
@@ -897,30 +848,12 @@ exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle,
897 void *cls) 848 void *cls)
898{ 849{
899 struct RequestHandle *handle = cls; 850 struct RequestHandle *handle = cls;
900 char* grant_type;
901 struct GNUNET_HashCode key;
902
903 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE,
904 strlen (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE),
905 &key);
906
907 if ( GNUNET_YES ==
908 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
909 &key) )
910 {
911 grant_type = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
912 &key);
913 }
914
915 if (0 == strcmp ("authorization_code", grant_type)) {
916 //Get token from GNS
917 handle->op = GNUNET_IDENTITY_get (handle->identity_handle,
918 "gns-master",
919 &exchange_token_ticket_cb,
920 handle);
921 }
922 851
923 //TODO fail here 852 //Get token from GNS
853 handle->op = GNUNET_IDENTITY_get (handle->identity_handle,
854 "gns-master",
855 &exchange_token_ticket_cb,
856 handle);
924} 857}
925 858
926/** 859/**
@@ -959,8 +892,8 @@ init_cont (struct RequestHandle *handle)
959 static const struct GNUNET_REST_RestConnectionHandler handlers[] = { 892 static const struct GNUNET_REST_RestConnectionHandler handlers[] = {
960 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont}, 893 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont},
961 //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, 894 //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont},
962 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, 895 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &list_token_cont},
963 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, 896 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont},
964 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, 897 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont},
965 GNUNET_REST_HANDLER_END 898 GNUNET_REST_HANDLER_END
966 }; 899 };
@@ -1050,48 +983,12 @@ rest_identity_process_request(struct RestConnectionDataHandle *conndata_handle,
1050 void *proc_cls) 983 void *proc_cls)
1051{ 984{
1052 struct RequestHandle *handle = GNUNET_new (struct RequestHandle); 985 struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
1053 struct GNUNET_HashCode key;
1054 char* attr_list;
1055 char* attr_list_tmp;
1056 char* attr;
1057
1058 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST,
1059 strlen (GNUNET_IDENTITY_TOKEN_ATTR_LIST),
1060 &key);
1061 986
1062 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; 987 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
1063
1064 handle->proc_cls = proc_cls; 988 handle->proc_cls = proc_cls;
1065 handle->proc = proc; 989 handle->proc = proc;
1066 handle->state = ID_REST_STATE_INIT; 990 handle->state = ID_REST_STATE_INIT;
1067 handle->conndata_handle = conndata_handle; 991 handle->conndata_handle = conndata_handle;
1068 handle->data = conndata_handle->data;
1069 handle->data_size = conndata_handle->data_size;
1070 handle->method = conndata_handle->method;
1071 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
1072 &key))
1073 {
1074 handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5,
1075 GNUNET_NO);
1076 attr_list = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
1077 &key);
1078 if (NULL != attr_list)
1079 {
1080 attr_list_tmp = GNUNET_strdup (attr_list);
1081 attr = strtok(attr_list_tmp, ",");
1082 for (; NULL != attr; attr = strtok (NULL, ","))
1083 {
1084 GNUNET_CRYPTO_hash (attr,
1085 strlen (attr),
1086 &key);
1087 GNUNET_CONTAINER_multihashmap_put (handle->attr_map,
1088 &key,
1089 attr,
1090 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1091 }
1092 GNUNET_free (attr_list_tmp);
1093 }
1094 }
1095 992
1096 993
1097 GNUNET_asprintf (&handle->url, "%s", conndata_handle->url); 994 GNUNET_asprintf (&handle->url, "%s", conndata_handle->url);
@@ -1131,7 +1028,7 @@ libgnunet_plugin_rest_identity_token_init (void *cls)
1131 plugin.cfg = cfg; 1028 plugin.cfg = cfg;
1132 api = GNUNET_new (struct GNUNET_REST_Plugin); 1029 api = GNUNET_new (struct GNUNET_REST_Plugin);
1133 api->cls = &plugin; 1030 api->cls = &plugin;
1134 api->name = GNUNET_REST_API_NS_IDENTITY_TOKEN; 1031 api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER;
1135 api->process_request = &rest_identity_process_request; 1032 api->process_request = &rest_identity_process_request;
1136 GNUNET_asprintf (&allow_methods, 1033 GNUNET_asprintf (&allow_methods,
1137 "%s, %s, %s, %s, %s", 1034 "%s, %s, %s, %s, %s",
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 08:40:57 +0000