diff options
author | Phil <phil.buschmann@tum.de> | 2017-12-11 13:03:24 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2017-12-11 13:03:24 +0100 |
commit | a89f95db74b5320e6fc14806579f4ad7ceb7ba9c (patch) | |
tree | a797d43fd75e77e379d488ed712637bad3649c16 /src/identity-provider | |
parent | 508784b4a98364d120448e132a046423ec78541f (diff) | |
download | gnunet-a89f95db74b5320e6fc14806579f4ad7ceb7ba9c.tar.gz gnunet-a89f95db74b5320e6fc14806579f4ad7ceb7ba9c.zip |
-commit header parse work in progress
Diffstat (limited to 'src/identity-provider')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 183 |
1 files changed, 143 insertions, 40 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 9e19b081e..be833faa9 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -147,6 +147,12 @@ char* OIDC_ignored_parameter_array [] = | |||
147 | }; | 147 | }; |
148 | 148 | ||
149 | /** | 149 | /** |
150 | * OIDC authorize clients and times hashmap | ||
151 | */ | ||
152 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_authorize_time = | ||
153 | GNUNET_CONTAINER_multihashmap_create( 0, GNUNET_NO ); | ||
154 | |||
155 | /** | ||
150 | * The configuration handle | 156 | * The configuration handle |
151 | */ | 157 | */ |
152 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 158 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
@@ -290,6 +296,11 @@ struct RequestHandle | |||
290 | char *emsg; | 296 | char *emsg; |
291 | 297 | ||
292 | /** | 298 | /** |
299 | * Error response description | ||
300 | */ | ||
301 | char *edesc; | ||
302 | |||
303 | /** | ||
293 | * Reponse code | 304 | * Reponse code |
294 | */ | 305 | */ |
295 | int response_code; | 306 | int response_code; |
@@ -371,6 +382,28 @@ do_error (void *cls) | |||
371 | } | 382 | } |
372 | 383 | ||
373 | /** | 384 | /** |
385 | * Task run on error, sends error message. Cleans up everything. | ||
386 | * | ||
387 | * @param cls the `struct RequestHandle` | ||
388 | */ | ||
389 | static void | ||
390 | do_redirect_error (void *cls) | ||
391 | { | ||
392 | struct RequestHandle *handle = cls; | ||
393 | struct MHD_Response *resp; | ||
394 | char* redirect; | ||
395 | //TODO handle->url is wrong | ||
396 | GNUNET_asprintf (&redirect, | ||
397 | "http://localhost:8000%s?error=%s&error_description=%s", | ||
398 | handle->rest_handle->url, handle->emsg, handle->edesc ); | ||
399 | resp = GNUNET_REST_create_response (""); | ||
400 | MHD_add_response_header (resp, "Location", redirect); | ||
401 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
402 | cleanup_handle (handle); | ||
403 | GNUNET_free (redirect); | ||
404 | } | ||
405 | |||
406 | /** | ||
374 | * Task run on timeout, sends error message. Cleans up everything. | 407 | * Task run on timeout, sends error message. Cleans up everything. |
375 | * | 408 | * |
376 | * @param cls the `struct RequestHandle` | 409 | * @param cls the `struct RequestHandle` |
@@ -1080,7 +1113,8 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1080 | { | 1113 | { |
1081 | struct MHD_Response *resp; | 1114 | struct MHD_Response *resp; |
1082 | struct RequestHandle *handle = cls; | 1115 | struct RequestHandle *handle = cls; |
1083 | char *response_type, *client_id, *scope, *redirect_uri, *state, *nonce; | 1116 | char *response_type, *client_id, *scope, *redirect_uri, *state = 0, |
1117 | *nonce = 0; | ||
1084 | 1118 | ||
1085 | //TODO clean up method | 1119 | //TODO clean up method |
1086 | 1120 | ||
@@ -1103,51 +1137,82 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1103 | * the implementation. | 1137 | * the implementation. |
1104 | */ | 1138 | */ |
1105 | 1139 | ||
1106 | |||
1107 | int size=sizeof(OIDC_ignored_parameter_array)/sizeof(char *); | ||
1108 | |||
1109 | struct GNUNET_HashCode cache_key; | 1140 | struct GNUNET_HashCode cache_key; |
1110 | 1141 | ||
1111 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1142 | // REQUIRED value: client_id |
1112 | &cache_key); | 1143 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), |
1144 | &cache_key); | ||
1113 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1145 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1114 | &cache_key)) | 1146 | &cache_key)) |
1115 | { | 1147 | { |
1116 | //TODO error | 1148 | handle->emsg=GNUNET_strdup("invalid_request"); |
1149 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | ||
1150 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1151 | return; | ||
1117 | } | 1152 | } |
1118 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1153 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1119 | &cache_key); | 1154 | &cache_key); |
1120 | 1155 | ||
1156 | // Checks if client_id is valid: | ||
1157 | // TODO change check (lookup trusted public_key?) | ||
1158 | if( strcmp( client_id, "localhost" ) != 0 ) | ||
1159 | { | ||
1160 | handle->emsg=GNUNET_strdup("unauthorized_client"); | ||
1161 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1162 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1163 | return; | ||
1164 | } | ||
1121 | 1165 | ||
1122 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | 1166 | // REQUIRED value: redirect_uri |
1167 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | ||
1123 | &cache_key); | 1168 | &cache_key); |
1124 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1169 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1125 | &cache_key)) | 1170 | &cache_key)) |
1126 | { | 1171 | { |
1127 | //TODO error | 1172 | handle->emsg=GNUNET_strdup("invalid_request"); |
1173 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); | ||
1174 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1175 | return; | ||
1128 | } | 1176 | } |
1129 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1177 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1130 | &cache_key); | 1178 | &cache_key); |
1131 | 1179 | ||
1180 | // Checks if redirect_uri is valid: | ||
1181 | // TODO change check (check public key == address) | ||
1182 | if( strcmp( redirect_uri, "https://localhost:8000" ) != 0 ) | ||
1183 | { | ||
1184 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
1185 | handle->edesc=GNUNET_strdup("Invalid or mismatching redirect_uri"); | ||
1186 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1187 | return; | ||
1188 | } | ||
1132 | 1189 | ||
1133 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); | 1190 | // REQUIRED value: response_type |
1191 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | ||
1192 | &cache_key); | ||
1134 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1193 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1135 | &cache_key)) | 1194 | &cache_key)) |
1136 | { | 1195 | { |
1137 | //TODO error | 1196 | handle->emsg=GNUNET_strdup("invalid_request"); |
1197 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); | ||
1198 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1199 | return; | ||
1138 | } | 1200 | } |
1139 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1201 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1140 | &cache_key); | 1202 | &cache_key); |
1141 | 1203 | ||
1142 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1204 | // REQUIRED value: scope |
1143 | &cache_key); | 1205 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); |
1144 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1206 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1145 | &cache_key)) | 1207 | &cache_key)) |
1146 | { | 1208 | { |
1147 | //TODO error | 1209 | handle->emsg=GNUNET_strdup("invalid_request"); |
1210 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); | ||
1211 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1212 | return; | ||
1148 | } | 1213 | } |
1149 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1214 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1150 | &cache_key); | 1215 | &cache_key); |
1151 | 1216 | ||
1152 | //RECOMMENDED value: state | 1217 | //RECOMMENDED value: state |
1153 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1218 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); |
@@ -1167,8 +1232,9 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1167 | &cache_key); | 1232 | &cache_key); |
1168 | } | 1233 | } |
1169 | 1234 | ||
1235 | int number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | ||
1170 | int iterator; | 1236 | int iterator; |
1171 | for( iterator = 0; iterator < size; iterator++ ) | 1237 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
1172 | { | 1238 | { |
1173 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1239 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1174 | strlen(OIDC_ignored_parameter_array[iterator]), | 1240 | strlen(OIDC_ignored_parameter_array[iterator]), |
@@ -1176,55 +1242,91 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1176 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | 1242 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, |
1177 | &cache_key)) | 1243 | &cache_key)) |
1178 | { | 1244 | { |
1179 | //TODO error | 1245 | handle->emsg=GNUNET_strdup("access_denied"); |
1246 | //TODO rewrite error description | ||
1247 | handle->edesc=GNUNET_strdup("Server will not handle parameter"); | ||
1248 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1249 | return; | ||
1180 | } | 1250 | } |
1181 | } | 1251 | } |
1182 | 1252 | ||
1183 | 1253 | // Checks if response_type is 'code' | |
1184 | //response_type = code | ||
1185 | if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 ) | 1254 | if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 ) |
1186 | { | 1255 | { |
1187 | //TODO error | 1256 | handle->emsg=GNUNET_strdup("unsupported_response_type"); |
1257 | handle->edesc=GNUNET_strdup("The authorization server does not support " | ||
1258 | "obtaining this authorization code."); | ||
1259 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1260 | return; | ||
1188 | } | 1261 | } |
1189 | //scope contains openid | 1262 | // Checks if scope contains 'openid' |
1190 | if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL ) | 1263 | if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL ) |
1191 | { | 1264 | { |
1192 | handle->emsg=GNUNET_strdup("invalid_scope"); | 1265 | handle->emsg=GNUNET_strdup("invalid_scope"); |
1193 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1266 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " |
1194 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1267 | "malformed."); |
1268 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1195 | return; | 1269 | return; |
1196 | } | 1270 | } |
1197 | 1271 | ||
1272 | |||
1198 | //TODO check other values and use them accordingly | 1273 | //TODO check other values and use them accordingly |
1199 | 1274 | ||
1200 | 1275 | ||
1201 | char* login_base_url; | 1276 | char* login_base_url; |
1277 | char* new_redirect; | ||
1278 | |||
1279 | //if header-authorization == ID | ||
1280 | //if ID is still logged | ||
1281 | // ego get Public Key of Identity | ||
1282 | // return token with public key? | ||
1283 | // else: | ||
1284 | char* id="reterte"; | ||
1285 | |||
1286 | |||
1287 | GNUNET_CRYPTO_hash (id, strlen (id), &cache_key); | ||
1288 | |||
1289 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorize_time, | ||
1290 | &cache_key)) | ||
1291 | { | ||
1292 | struct timeval login_time = GNUNET_CONTAINER_multihashmap_get(OIDC_authorize_time, &cache_key); | ||
1293 | struct timeval now; | ||
1294 | gettimeofday(&now); | ||
1295 | //After 30 minutes force login process | ||
1296 | if((login_time.tv_sec+30*60) <= now.tv_sec) | ||
1297 | { | ||
1298 | // login | ||
1299 | } | ||
1300 | else | ||
1301 | { | ||
1302 | // redirect | ||
1303 | } | ||
1304 | } | ||
1305 | else | ||
1306 | { | ||
1307 | // login | ||
1308 | } | ||
1202 | 1309 | ||
1203 | // if(){ | ||
1204 | // | ||
1205 | // }else{ | ||
1206 | // | ||
1207 | // } | ||
1208 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, | 1310 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, |
1209 | "identity-rest-plugin", | 1311 | "identity-rest-plugin", |
1210 | "address", | 1312 | "address", |
1211 | &login_base_url)) | 1313 | &login_base_url)) |
1212 | { | 1314 | { |
1213 | char* new_redirect; | 1315 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
1214 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s", | ||
1215 | login_base_url, | 1316 | login_base_url, |
1216 | OIDC_RESPONSE_TYPE_KEY, response_type, | 1317 | OIDC_RESPONSE_TYPE_KEY, response_type, |
1217 | OIDC_CLIENT_ID_KEY, client_id, | 1318 | OIDC_CLIENT_ID_KEY, client_id, |
1218 | OIDC_REDIRECT_URI_KEY, redirect_uri, | 1319 | OIDC_REDIRECT_URI_KEY, redirect_uri, |
1219 | OIDC_SCOPE_KEY, scope, | 1320 | OIDC_SCOPE_KEY, scope, |
1220 | OIDC_STATE_KEY, ( 0 == state )? "" : state, | 1321 | OIDC_STATE_KEY, ( state )? state : "", |
1221 | OIDC_NONCE_KEY, ( 0 == nonce )? "" : nonce | 1322 | OIDC_NONCE_KEY, ( nonce )? nonce : "" |
1222 | ); | 1323 | ); |
1223 | resp = GNUNET_REST_create_response (""); | 1324 | resp = GNUNET_REST_create_response (""); |
1224 | MHD_add_response_header (resp, "Location", new_redirect); | 1325 | MHD_add_response_header (resp, "Location", new_redirect); |
1225 | } else | 1326 | } |
1327 | else | ||
1226 | { | 1328 | { |
1227 | handle->emsg=GNUNET_strdup("No server on localhost:8000"); | 1329 | handle->emsg=GNUNET_strdup("No server configuration"); |
1228 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1330 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1229 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1331 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1230 | return; | 1332 | return; |
@@ -1232,6 +1334,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1232 | 1334 | ||
1233 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1335 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1234 | cleanup_handle (handle); | 1336 | cleanup_handle (handle); |
1337 | GNUNET_free(new_redirect); | ||
1235 | return; | 1338 | return; |
1236 | } | 1339 | } |
1237 | 1340 | ||