-commit header parse work in progress

author: Phil <phil.buschmann@tum.de> 2017-12-11 13:03:24 +0100
committer: Phil <phil.buschmann@tum.de> 2017-12-11 13:03:24 +0100
commit: a89f95db74b5320e6fc14806579f4ad7ceb7ba9c (patch)
tree: a797d43fd75e77e379d488ed712637bad3649c16 /src/identity-provider
parent: 508784b4a98364d120448e132a046423ec78541f (diff)
download: gnunet-a89f95db74b5320e6fc14806579f4ad7ceb7ba9c.tar.gz
gnunet-a89f95db74b5320e6fc14806579f4ad7ceb7ba9c.zip
1 files changed, 143 insertions, 40 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index 9e19b081e..be833faa9 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -147,6 +147,12 @@ char* OIDC_ignored_parameter_array [] =
 };
 /**
+ * OIDC authorize clients and times hashmap
+ */
+struct GNUNET_CONTAINER_MultiHashMap *OIDC_authorize_time =
+    GNUNET_CONTAINER_multihashmap_create( 0, GNUNET_NO );
+/**
 * The configuration handle
 */
 const struct GNUNET_CONFIGURATION_Handle *cfg;
@@ -290,6 +296,11 @@ struct RequestHandle
  char *emsg;
  /**
+   * Error response description
+   */
+  char *edesc;
+  /**
   * Reponse code
   */
  int response_code;
@@ -371,6 +382,28 @@ do_error (void *cls)
 }
 /**
+ * Task run on error, sends error message.  Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_redirect_error (void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+  char* redirect;
+  //TODO handle->url is wrong
+  GNUNET_asprintf (&redirect,
+                   "http://localhost:8000%s?error=%s&error_description=%s",
+                   handle->rest_handle->url, handle->emsg, handle->edesc );
+  resp = GNUNET_REST_create_response ("");
+  MHD_add_response_header (resp, "Location", redirect);
+  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+  cleanup_handle (handle);
+  GNUNET_free (redirect);
+}
+/**
 * Task run on timeout, sends error message.  Cleans up everything.
 *
 * @param cls the `struct RequestHandle`
@@ -1080,7 +1113,8 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
 {
  struct MHD_Response *resp;
  struct RequestHandle *handle = cls;
-  char *response_type, *client_id, *scope, *redirect_uri, *state, *nonce;
+  char *response_type, *client_id, *scope, *redirect_uri, *state = 0,
+      *nonce = 0;
  //TODO clean up method
@@ -1103,51 +1137,82 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
   *    the implementation.
   */
-  int size=sizeof(OIDC_ignored_parameter_array)/sizeof(char *);
  struct GNUNET_HashCode cache_key;
-  GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
+  // REQUIRED value: client_id
-                      &cache_key);
+  GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
+                      &cache_key);
  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
                                                           &cache_key))
  {
-    //TODO error
+    handle->emsg=GNUNET_strdup("invalid_request");
+    handle->edesc=GNUNET_strdup("Missing parameter: client_id");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
  }
-  response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+  client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
-                                                    &cache_key);
+                                                &cache_key);
+  // Checks if client_id is valid:
+  // TODO change check (lookup trusted public_key?)
+  if( strcmp( client_id, "localhost" ) != 0 )
+  {
+    handle->emsg=GNUNET_strdup("unauthorized_client");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
-  GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
+  // REQUIRED value: redirect_uri
+  GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                      &cache_key);
  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
                                                           &cache_key))
  {
-    //TODO error
+    handle->emsg=GNUNET_strdup("invalid_request");
+    handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
  }
-  client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+  redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
                                                &cache_key);
+  // Checks if redirect_uri is valid:
+  // TODO change check (check public key == address)
+  if( strcmp( redirect_uri, "https://localhost:8000" ) != 0 )
+  {
+    handle->emsg=GNUNET_strdup("invalid_request");
+    handle->edesc=GNUNET_strdup("Invalid or mismatching redirect_uri");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
-  GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
+  // REQUIRED value: response_type
+  GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
+                      &cache_key);
  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
                                                           &cache_key))
  {
-    //TODO error
+    handle->emsg=GNUNET_strdup("invalid_request");
+    handle->edesc=GNUNET_strdup("Missing parameter: response_type");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
  }
-  scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+  response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
-                                            &cache_key);
+                                                    &cache_key);
-  GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
+  // REQUIRED value: scope
-                      &cache_key);
+  GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
                                                           &cache_key))
  {
-    //TODO error
+    handle->emsg=GNUNET_strdup("invalid_request");
+    handle->edesc=GNUNET_strdup("Missing parameter: scope");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
  }
-  redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+  scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
-                                                &cache_key);
+                                            &cache_key);
  //RECOMMENDED value: state
  GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
@@ -1167,8 +1232,9 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
                                              &cache_key);
  }
+  int number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
  int iterator;
-  for( iterator = 0; iterator < size; iterator++ )
+  for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
  {
    GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
                        strlen(OIDC_ignored_parameter_array[iterator]),
@@ -1176,55 +1242,91 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
    if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
                                                            &cache_key))
    {
-      //TODO error
+      handle->emsg=GNUNET_strdup("access_denied");
+      //TODO rewrite error description
+      handle->edesc=GNUNET_strdup("Server will not handle parameter");
+      GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      return;
    }
  }
+  // Checks if response_type is 'code'
-  //response_type = code
  if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 )
  {
-    //TODO error
+    handle->emsg=GNUNET_strdup("unsupported_response_type");
+    handle->edesc=GNUNET_strdup("The authorization server does not support "
+                                "obtaining this authorization code.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
  }
-  //scope contains openid
+  // Checks if scope contains 'openid'
  if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL )
  {
    handle->emsg=GNUNET_strdup("invalid_scope");
-    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or "
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+                                "malformed.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
    return;
  }
  //TODO check other values and use them accordingly
  char* login_base_url;
+  char* new_redirect;
+  //if header-authorization == ID
+    //if ID is still logged
+      // ego get Public Key of Identity
+      // return token with public key?
+    // else:
+  char* id="reterte";
+  GNUNET_CRYPTO_hash (id, strlen (id), &cache_key);
+  if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorize_time,
+                                                         &cache_key))
+  {
+    struct timeval login_time = GNUNET_CONTAINER_multihashmap_get(OIDC_authorize_time, &cache_key);
+    struct timeval now;
+    gettimeofday(&now);
+    //After 30 minutes force login process
+    if((login_time.tv_sec+30*60) <= now.tv_sec)
+    {
+      // login
+    }
+    else
+    {
+      // redirect
+    }
+  }
+  else
+  {
+    // login
+  }
-  //    if(){
-  //
-  //    }else{
-  //
-  //    }
  if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
                                                          "identity-rest-plugin",
                                                          "address",
                                                          &login_base_url))
  {
-    char* new_redirect;
+    GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
-    GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s",
                     login_base_url,
                     OIDC_RESPONSE_TYPE_KEY, response_type,
                     OIDC_CLIENT_ID_KEY, client_id,
                     OIDC_REDIRECT_URI_KEY, redirect_uri,
                     OIDC_SCOPE_KEY, scope,
-                     OIDC_STATE_KEY, ( 0 == state )? "" : state,
+                     OIDC_STATE_KEY, ( state )? state : "",
-                     OIDC_NONCE_KEY, ( 0 == nonce )? "" : nonce
+                     OIDC_NONCE_KEY, ( nonce )? nonce : ""
                    );
    resp = GNUNET_REST_create_response ("");
    MHD_add_response_header (resp, "Location", new_redirect);
-  } else
+  }
+  else
  {
-    handle->emsg=GNUNET_strdup("No server on localhost:8000");
+    handle->emsg=GNUNET_strdup("No server configuration");
    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
@@ -1232,6 +1334,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
  cleanup_handle (handle);
+  GNUNET_free(new_redirect);
  return;
 }
author	Phil <phil.buschmann@tum.de>	2017-12-11 13:03:24 +0100
committer	Phil <phil.buschmann@tum.de>	2017-12-11 13:03:24 +0100
commit	a89f95db74b5320e6fc14806579f4ad7ceb7ba9c (patch)
tree	a797d43fd75e77e379d488ed712637bad3649c16 /src/identity-provider
parent	508784b4a98364d120448e132a046423ec78541f (diff)
download	gnunet-a89f95db74b5320e6fc14806579f4ad7ceb7ba9c.tar.gz gnunet-a89f95db74b5320e6fc14806579f4ad7ceb7ba9c.zip

diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 9e19b081e..be833faa9 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -147,6 +147,12 @@ char* OIDC_ignored_parameter_array [] =
147	};	147	};
148		148
149	/**	149	/**
		150	* OIDC authorize clients and times hashmap
		151	*/
		152	struct GNUNET_CONTAINER_MultiHashMap *OIDC_authorize_time =
		153	GNUNET_CONTAINER_multihashmap_create( 0, GNUNET_NO );
		154
		155	/**
150	* The configuration handle	156	* The configuration handle
151	*/	157	*/
152	const struct GNUNET_CONFIGURATION_Handle *cfg;	158	const struct GNUNET_CONFIGURATION_Handle *cfg;
@@ -290,6 +296,11 @@ struct RequestHandle
290	char *emsg;	296	char *emsg;
291		297
292	/**	298	/**
		299	* Error response description
		300	*/
		301	char *edesc;
		302
		303	/**
293	* Reponse code	304	* Reponse code
294	*/	305	*/
295	int response_code;	306	int response_code;
@@ -371,6 +382,28 @@ do_error (void *cls)
371	}	382	}
372		383
373	/**	384	/**
		385	* Task run on error, sends error message. Cleans up everything.
		386	*
		387	* @param cls the `struct RequestHandle`
		388	*/
		389	static void
		390	do_redirect_error (void *cls)
		391	{
		392	struct RequestHandle *handle = cls;
		393	struct MHD_Response *resp;
		394	char* redirect;
		395	//TODO handle->url is wrong
		396	GNUNET_asprintf (&redirect,
		397	"http://localhost:8000%s?error=%s&error_description=%s",
		398	handle->rest_handle->url, handle->emsg, handle->edesc );
		399	resp = GNUNET_REST_create_response ("");
		400	MHD_add_response_header (resp, "Location", redirect);
		401	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
		402	cleanup_handle (handle);
		403	GNUNET_free (redirect);
		404	}
		405
		406	/**
374	* Task run on timeout, sends error message. Cleans up everything.	407	* Task run on timeout, sends error message. Cleans up everything.
375	*	408	*
376	* @param cls the `struct RequestHandle`	409	* @param cls the `struct RequestHandle`
@@ -1080,7 +1113,8 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
1080	{	1113	{
1081	struct MHD_Response *resp;	1114	struct MHD_Response *resp;
1082	struct RequestHandle *handle = cls;	1115	struct RequestHandle *handle = cls;
1083	char response_type, client_id, scope, redirect_uri, state, nonce;	1116	char response_type, client_id, scope, redirect_uri, *state = 0,
		1117	*nonce = 0;
1084		1118
1085	//TODO clean up method	1119	//TODO clean up method
1086		1120
@@ -1103,51 +1137,82 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
1103	* the implementation.	1137	* the implementation.
1104	*/	1138	*/
1105		1139
1106
1107	int size=sizeof(OIDC_ignored_parameter_array)/sizeof(char *);
1108
1109	struct GNUNET_HashCode cache_key;	1140	struct GNUNET_HashCode cache_key;
1110		1141
1111	GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),	1142	// REQUIRED value: client_id
1112	&cache_key);	1143	GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
		1144	&cache_key);
1113	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,	1145	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1114	&cache_key))	1146	&cache_key))
1115	{	1147	{
1116	//TODO error	1148	handle->emsg=GNUNET_strdup("invalid_request");
		1149	handle->edesc=GNUNET_strdup("Missing parameter: client_id");
		1150	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1151	return;
1117	}	1152	}
1118	response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,	1153	client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
1119	&cache_key);	1154	&cache_key);
1120		1155
		1156	// Checks if client_id is valid:
		1157	// TODO change check (lookup trusted public_key?)
		1158	if( strcmp( client_id, "localhost" ) != 0 )
		1159	{
		1160	handle->emsg=GNUNET_strdup("unauthorized_client");
		1161	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
		1162	GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
		1163	return;
		1164	}
1121		1165
1122	GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),	1166	// REQUIRED value: redirect_uri
		1167	GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
1123	&cache_key);	1168	&cache_key);
1124	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,	1169	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1125	&cache_key))	1170	&cache_key))
1126	{	1171	{
1127	//TODO error	1172	handle->emsg=GNUNET_strdup("invalid_request");
		1173	handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri");
		1174	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1175	return;
1128	}	1176	}
1129	client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,	1177	redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
1130	&cache_key);	1178	&cache_key);
1131		1179
		1180	// Checks if redirect_uri is valid:
		1181	// TODO change check (check public key == address)
		1182	if( strcmp( redirect_uri, "https://localhost:8000" ) != 0 )
		1183	{
		1184	handle->emsg=GNUNET_strdup("invalid_request");
		1185	handle->edesc=GNUNET_strdup("Invalid or mismatching redirect_uri");
		1186	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1187	return;
		1188	}
1132		1189
1133	GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);	1190	// REQUIRED value: response_type
		1191	GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
		1192	&cache_key);
1134	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,	1193	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1135	&cache_key))	1194	&cache_key))
1136	{	1195	{
1137	//TODO error	1196	handle->emsg=GNUNET_strdup("invalid_request");
		1197	handle->edesc=GNUNET_strdup("Missing parameter: response_type");
		1198	GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
		1199	return;
1138	}	1200	}
1139	scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,	1201	response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
1140	&cache_key);	1202	&cache_key);
1141		1203
1142	GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),	1204	// REQUIRED value: scope
1143	&cache_key);	1205	GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
1144	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,	1206	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1145	&cache_key))	1207	&cache_key))
1146	{	1208	{
1147	//TODO error	1209	handle->emsg=GNUNET_strdup("invalid_request");
		1210	handle->edesc=GNUNET_strdup("Missing parameter: scope");
		1211	GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
		1212	return;
1148	}	1213	}
1149	redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,	1214	scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
1150	&cache_key);	1215	&cache_key);
1151		1216
1152	//RECOMMENDED value: state	1217	//RECOMMENDED value: state
1153	GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);	1218	GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
@@ -1167,8 +1232,9 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
1167	&cache_key);	1232	&cache_key);
1168	}	1233	}
1169		1234
		1235	int number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
1170	int iterator;	1236	int iterator;
1171	for( iterator = 0; iterator < size; iterator++ )	1237	for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
1172	{	1238	{
1173	GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],	1239	GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
1174	strlen(OIDC_ignored_parameter_array[iterator]),	1240	strlen(OIDC_ignored_parameter_array[iterator]),
@@ -1176,55 +1242,91 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
1176	if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,	1242	if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
1177	&cache_key))	1243	&cache_key))
1178	{	1244	{
1179	//TODO error	1245	handle->emsg=GNUNET_strdup("access_denied");
		1246	//TODO rewrite error description
		1247	handle->edesc=GNUNET_strdup("Server will not handle parameter");
		1248	GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
		1249	return;
1180	}	1250	}
1181	}	1251	}
1182		1252
1183		1253	// Checks if response_type is 'code'
1184	//response_type = code
1185	if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 )	1254	if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 )
1186	{	1255	{
1187	//TODO error	1256	handle->emsg=GNUNET_strdup("unsupported_response_type");
		1257	handle->edesc=GNUNET_strdup("The authorization server does not support "
		1258	"obtaining this authorization code.");
		1259	GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
		1260	return;
1188	}	1261	}
1189	//scope contains openid	1262	// Checks if scope contains 'openid'
1190	if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL )	1263	if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL )
1191	{	1264	{
1192	handle->emsg=GNUNET_strdup("invalid_scope");	1265	handle->emsg=GNUNET_strdup("invalid_scope");
1193	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1266	handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or "
1194	GNUNET_SCHEDULER_add_now (&do_error, handle);	1267	"malformed.");
		1268	GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1195	return;	1269	return;
1196	}	1270	}
1197		1271
		1272
1198	//TODO check other values and use them accordingly	1273	//TODO check other values and use them accordingly
1199		1274
1200		1275
1201	char* login_base_url;	1276	char* login_base_url;
		1277	char* new_redirect;
		1278
		1279	//if header-authorization == ID
		1280	//if ID is still logged
		1281	// ego get Public Key of Identity
		1282	// return token with public key?
		1283	// else:
		1284	char* id="reterte";
		1285
		1286
		1287	GNUNET_CRYPTO_hash (id, strlen (id), &cache_key);
		1288
		1289	if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorize_time,
		1290	&cache_key))
		1291	{
		1292	struct timeval login_time = GNUNET_CONTAINER_multihashmap_get(OIDC_authorize_time, &cache_key);
		1293	struct timeval now;
		1294	gettimeofday(&now);
		1295	//After 30 minutes force login process
		1296	if((login_time.tv_sec+30*60) <= now.tv_sec)
		1297	{
		1298	// login
		1299	}
		1300	else
		1301	{
		1302	// redirect
		1303	}
		1304	}
		1305	else
		1306	{
		1307	// login
		1308	}
1202		1309
1203	// if(){
1204	//
1205	// }else{
1206	//
1207	// }
1208	if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,	1310	if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
1209	"identity-rest-plugin",	1311	"identity-rest-plugin",
1210	"address",	1312	"address",
1211	&login_base_url))	1313	&login_base_url))
1212	{	1314	{
1213	char* new_redirect;	1315	GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
1214	GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s",
1215	login_base_url,	1316	login_base_url,
1216	OIDC_RESPONSE_TYPE_KEY, response_type,	1317	OIDC_RESPONSE_TYPE_KEY, response_type,
1217	OIDC_CLIENT_ID_KEY, client_id,	1318	OIDC_CLIENT_ID_KEY, client_id,
1218	OIDC_REDIRECT_URI_KEY, redirect_uri,	1319	OIDC_REDIRECT_URI_KEY, redirect_uri,
1219	OIDC_SCOPE_KEY, scope,	1320	OIDC_SCOPE_KEY, scope,
1220	OIDC_STATE_KEY, ( 0 == state )? "" : state,	1321	OIDC_STATE_KEY, ( state )? state : "",
1221	OIDC_NONCE_KEY, ( 0 == nonce )? "" : nonce	1322	OIDC_NONCE_KEY, ( nonce )? nonce : ""
1222	);	1323	);
1223	resp = GNUNET_REST_create_response ("");	1324	resp = GNUNET_REST_create_response ("");
1224	MHD_add_response_header (resp, "Location", new_redirect);	1325	MHD_add_response_header (resp, "Location", new_redirect);
1225	} else	1326	}
		1327	else
1226	{	1328	{
1227	handle->emsg=GNUNET_strdup("No server on localhost:8000");	1329	handle->emsg=GNUNET_strdup("No server configuration");
1228	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1330	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1229	GNUNET_SCHEDULER_add_now (&do_error, handle);	1331	GNUNET_SCHEDULER_add_now (&do_error, handle);
1230	return;	1332	return;
@@ -1232,6 +1334,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
1232		1334
1233	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);	1335	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1234	cleanup_handle (handle);	1336	cleanup_handle (handle);
		1337	GNUNET_free(new_redirect);
1235	return;	1338	return;
1236	}	1339	}
1237		1340