-commit broken

author: Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> 2017-12-07 11:13:32 +0100
committer: Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> 2017-12-07 11:13:32 +0100
commit: c68eae71c8474e27725acec4e6b2194e20626042 (patch)
tree: bdd8237318ed55926e5fbd8a2fa5cd8213983f63 /src/identity-provider
parent: e4a65af290c4fd85718b8497445ca16e0719bf5e (diff)
download: gnunet-c68eae71c8474e27725acec4e6b2194e20626042.tar.gz
gnunet-c68eae71c8474e27725acec4e6b2194e20626042.zip
1 files changed, 166 insertions, 150 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index d5e453a0e..1bef87ace 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -1027,156 +1027,172 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle,
 */
 static void
 authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
-              const char* url,
+                const char* url,
-              void *cls)
+                void *cls)
 {
-        //TODO clean up method
+  //TODO clean up method
-//    The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification.
+  //    The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification.
-//    The Authorization Server MUST verify that all the REQUIRED parameters are present and their usage conforms to this specification.
+  //    The Authorization Server MUST verify that all the REQUIRED parameters are present and their usage conforms to this specification.
-//    If the sub (subject) Claim is requested with a specific value for the ID Token, the Authorization Server MUST only send a positive response if the End-User identified by that sub value has an active session with the Authorization Server or has been Authenticated as a result of the request. The Authorization Server MUST NOT reply with an ID Token or Access Token for a different user, even if they have an active session with the Authorization Server. Such a request can be made either using an id_token_hint parameter or by requesting a specific Claim Value as described in Section 5.5.1, if the claims parameter is supported by the implementation.
+  //    If the sub (subject) Claim is requested with a specific value for the ID Token, the Authorization Server MUST only send a positive response if the End-User identified by that sub value has an active session with the Authorization Server or has been Authenticated as a result of the request. The Authorization Server MUST NOT reply with an ID Token or Access Token for a different user, even if they have an active session with the Authorization Server. Such a request can be made either using an id_token_hint parameter or by requesting a specific Claim Value as described in Section 5.5.1, if the claims parameter is supported by the implementation.
-        struct MHD_Response *resp;
+  struct MHD_Response *resp;
-        struct RequestHandle *handle = cls;
+  struct RequestHandle *handle = cls;
-        /*
+  /*
-         *      response_type   0
+   *    response_type   0
-         *      client_id               1
+   *    client_id               1
-         *      scope                   2
+   *    scope                   2
-         *      redirect_uri    3
+   *    redirect_uri    3
-         *      state                   4
+   *    state                   4
-         *      nonce                   5
+   *    nonce                   5
-         *      display                 6
+   *    display                 6
-         *      prompt                  7
+   *    prompt                  7
-         *      max_age                 8
+   *    max_age                 8
-         *      ui_locales              9
+   *    ui_locales              9
-         *      response_mode   10
+   *    response_mode   10
-         *      id_token_hint   11
+   *    id_token_hint   11
-         *      login_hint              12
+   *    login_hint              12
-         *      acr_values              13
+   *    acr_values              13
-         */
+   */
-        char* array[] = { "response_type", "client_id", "scope", "redirect_uri",
+  char* array[] = { "response_type", "client_id", "scope", "redirect_uri",
-                        "state", "nonce", "display", "prompt", "max_age", "ui_locales",
+    "state", "nonce", "display", "prompt", "max_age", "ui_locales",
-                        "response_mode", "id_token_hint","login_hint", "acr_values" };
+    "response_mode", "id_token_hint","login_hint", "acr_values" };
-        int array_size=14;
+  int array_size=14;
-        int bool_array[array_size];
+  int bool_array[array_size];
-        struct GNUNET_HashCode cache_key;
+  struct GNUNET_HashCode cache_key;
-        //iterates over each parameter and store used values in array array[]
+  //iterates over each parameter and store used values in array array[]
-        int iterator;
+  int iterator;
-        for( iterator = 0; iterator<array_size; iterator++){
+  for( iterator = 0; iterator<array_size; iterator++){
-                GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key);
+    GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key);
-                char* cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &cache_key);
+    char* cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &cache_key);
-                bool_array[iterator]=0;
+    bool_array[iterator]=0;
-                if(cache!=0){
+    if(cache!=0){
-                        size_t size=strlen(cache)+1;
+      size_t size=strlen(cache)+1;
-                        array[iterator]=(char*)malloc(size*sizeof(char));
+      array[iterator]=(char*)malloc(size*sizeof(char));
-                        strncpy(array[iterator],cache,size);
+      strncpy(array[iterator],cache,size);
-                        bool_array[iterator]=1;
+      bool_array[iterator]=1;
-                }
+    }
-        }
+  }
-        //MUST validate all the OAuth 2.0 parameters & that all the REQUIRED parameters are present and their usage conforms to this specification
+  /* MUST validate all the OAuth 2.0 parameters & that all the 
+   * REQUIRED parameters are present and their usage conforms to this specification
-        //required values: response_type, client_id, scope, redirect_uri
+   */
-        if(!bool_array[0] || !bool_array[1] || !bool_array[2] || !bool_array[3]){
+  GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (array[iterator]), &cache_key);
-                handle->emsg=GNUNET_strdup("invalid_request");
+  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
-                handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+                                                           &key))
-                GNUNET_SCHEDULER_add_now (&do_error, handle);
+  {
-                return;
+    handle->emsg=GNUNET_strdup("invalid_request");
-        }
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-        //response_type = code
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
-        if(strcmp(array[0],"code")!=0){
+    return;
-                handle->emsg=GNUNET_strdup("invalid_response_type");
+  }
-                handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+  response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
-                GNUNET_SCHEDULER_add_now (&do_error, handle);
+                                                    &key);
-                return;
-        }
+  //required values: response_type, client_id, scope, redirect_uri
-        //scope contains openid
+  if(!bool_array[0] || !bool_array[1] || !bool_array[2] || !bool_array[3]){
-        if(strstr(array[2],"openid")==NULL){
+    handle->emsg=GNUNET_strdup("invalid_request");
-                handle->emsg=GNUNET_strdup("invalid_scope");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-                handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
-                GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
-                return;
+  }
-        }
+  //response_type = code
+  if(strcmp(array[0],"code")!=0){
-        //TODO check other values and use them accordingly
+    handle->emsg=GNUNET_strdup("invalid_response_type");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
-        char* redirect_url_to_login;
+    return;
+  }
-//      if(){
+  //scope contains openid
-//
+  if(strstr(array[2],"openid")==NULL){
-//      }else{
+    handle->emsg=GNUNET_strdup("invalid_scope");
-//
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-//      }
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
-        if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
+    return;
-                                                     "identity-rest-plugin",
+  }
-                                                     "address",
-                                                     &redirect_url_to_login)){
+  //TODO check other values and use them accordingly
-                char* build_array[] = { "response_type", "client_id", "scope", "redirect_uri",
-                                        "state", "nonce", "display", "prompt", "max_age", "ui_locales",
+  char* redirect_url_to_login;
-                                        "response_mode", "id_token_hint","login_hint", "acr_values" };
+  //    if(){
-                size_t redirect_parameter_size= strlen("?");
+  //
-                for(iterator=0;iterator<array_size;iterator++){
+  //    }else{
-                        if(bool_array[iterator]){
+  //
-                                redirect_parameter_size += strlen(array[iterator]);
+  //    }
-                                redirect_parameter_size += strlen(build_array[iterator]);
+  if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
-                                if(iterator==array_size-1)
+                                                          "identity-rest-plugin",
-                                {
+                                                          "address",
-                                        redirect_parameter_size += strlen("=");
+                                                          &redirect_url_to_login)){
-                                }else{
-                                        redirect_parameter_size += strlen("=&");
+    char* build_array[] = { "response_type", "client_id", "scope", "redirect_uri",
-                                }
+      "state", "nonce", "display", "prompt", "max_age", "ui_locales",
-                        }
+      "response_mode", "id_token_hint","login_hint", "acr_values" };
-                }
+    GNUNET_asprintf (new_redirect, "%s=%s&...",
+                     OIDC_REDIRECT_URI_KEY, redirect_uri,
-                char redirect_parameter[redirect_parameter_size+1];
+                     OIDC_CLIENT_ID_KEY, client_id,
-                redirect_parameter_size = 0;
+                     ...);
-                redirect_parameter[redirect_parameter_size]='?';
+    size_t redirect_parameter_size= strlen("?");
-                for(iterator=0;iterator<array_size;iterator++){
+    for(iterator=0;iterator<array_size;iterator++){
-                        if(bool_array[iterator]){
+      if(bool_array[iterator]){
-                                //If not last parameter
+        redirect_parameter_size += strlen(array[iterator]);
-                                if(iterator!=array_size-1)
+        redirect_parameter_size += strlen(build_array[iterator]);
-                                {
+        if(iterator==array_size-1)
-                                        char cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];
+        {
-                                        snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator], array[iterator]);
+          redirect_parameter_size += strlen("=");
-                                        strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+2 );
+        }else{
-                                }else{
+          redirect_parameter_size += strlen("=&");
-                                        char cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];
+        }
-                                        snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator], array[iterator]);
+      }
-                                        strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+1 );
+    }
-                                }
-                        }
+    char redirect_parameter[redirect_parameter_size+1];
-                }
+    redirect_parameter_size = 0;
-                char redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];
+    redirect_parameter[redirect_parameter_size]='?';
-                snprintf(redirect_component, sizeof(redirect_component), "%s%s", redirect_url_to_login, redirect_parameter);
+    for(iterator=0;iterator<array_size;iterator++){
-                resp = GNUNET_REST_create_response ("");
+      if(bool_array[iterator]){
-                MHD_add_response_header (resp, "Location", redirect_component);
+        //If not last parameter
-         }else{
+        if(iterator!=array_size-1)
-                 handle->emsg=GNUNET_strdup("No server on localhost:8000");
+        {
-                 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+          char cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];
-                 GNUNET_SCHEDULER_add_now (&do_error, handle);
+          snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator], array[iterator]);
-                 return;
+          strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+2 );
-//               resp = GNUNET_REST_create_response ("");
+        }else{
-//               MHD_add_response_header (resp, "Location", array[3]);
+          char cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];
-         }
+          snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator], array[iterator]);
+          strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+1 );
-        handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+        }
-        cleanup_handle (handle);
+      }
-        for(iterator=0; iterator<array_size; iterator++){
+    }
-                if(bool_array[iterator]){
+    char redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];
-                        free(array[iterator]);
+    snprintf(redirect_component, sizeof(redirect_component), "%s%s", redirect_url_to_login, redirect_parameter);
-                }
+    resp = GNUNET_REST_create_response ("");
-        }
+    MHD_add_response_header (resp, "Location", redirect_component);
-        return;
+  }else{
+    handle->emsg=GNUNET_strdup("No server on localhost:8000");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+    //           resp = GNUNET_REST_create_response ("");
+    //           MHD_add_response_header (resp, "Location", array[3]);
+  }
+  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+  cleanup_handle (handle);
+  for(iterator=0; iterator<array_size; iterator++){
+    if(bool_array[iterator]){
+      free(array[iterator]);
+    }
+  }
+  return;
 }
 /**
@@ -1192,8 +1208,8 @@ init_cont (struct RequestHandle *handle)
    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},
    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},
    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
-        {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
-        {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
+    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,
author	Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>	2017-12-07 11:13:32 +0100
committer	Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>	2017-12-07 11:13:32 +0100
commit	c68eae71c8474e27725acec4e6b2194e20626042 (patch)
tree	bdd8237318ed55926e5fbd8a2fa5cd8213983f63 /src/identity-provider
parent	e4a65af290c4fd85718b8497445ca16e0719bf5e (diff)
download	gnunet-c68eae71c8474e27725acec4e6b2194e20626042.tar.gz gnunet-c68eae71c8474e27725acec4e6b2194e20626042.zip

diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index d5e453a0e..1bef87ace 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -1027,156 +1027,172 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle,
1027	*/	1027	*/
1028	static void	1028	static void
1029	authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,	1029	authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
1030	const char* url,	1030	const char* url,
1031	void *cls)	1031	void *cls)
1032	{	1032	{
1033		1033
1034	//TODO clean up method	1034	//TODO clean up method
1035		1035
1036		1036
1037	// The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification.	1037	// The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification.
1038	// The Authorization Server MUST verify that all the REQUIRED parameters are present and their usage conforms to this specification.	1038	// The Authorization Server MUST verify that all the REQUIRED parameters are present and their usage conforms to this specification.
1039	// If the sub (subject) Claim is requested with a specific value for the ID Token, the Authorization Server MUST only send a positive response if the End-User identified by that sub value has an active session with the Authorization Server or has been Authenticated as a result of the request. The Authorization Server MUST NOT reply with an ID Token or Access Token for a different user, even if they have an active session with the Authorization Server. Such a request can be made either using an id_token_hint parameter or by requesting a specific Claim Value as described in Section 5.5.1, if the claims parameter is supported by the implementation.	1039	// If the sub (subject) Claim is requested with a specific value for the ID Token, the Authorization Server MUST only send a positive response if the End-User identified by that sub value has an active session with the Authorization Server or has been Authenticated as a result of the request. The Authorization Server MUST NOT reply with an ID Token or Access Token for a different user, even if they have an active session with the Authorization Server. Such a request can be made either using an id_token_hint parameter or by requesting a specific Claim Value as described in Section 5.5.1, if the claims parameter is supported by the implementation.
1040		1040
1041		1041
1042		1042
1043	struct MHD_Response *resp;	1043	struct MHD_Response *resp;
1044	struct RequestHandle *handle = cls;	1044	struct RequestHandle *handle = cls;
1045		1045
1046	/*	1046	/*
1047	* response_type 0	1047	* response_type 0
1048	* client_id 1	1048	* client_id 1
1049	* scope 2	1049	* scope 2
1050	* redirect_uri 3	1050	* redirect_uri 3
1051	* state 4	1051	* state 4
1052	* nonce 5	1052	* nonce 5
1053	* display 6	1053	* display 6
1054	* prompt 7	1054	* prompt 7
1055	* max_age 8	1055	* max_age 8
1056	* ui_locales 9	1056	* ui_locales 9
1057	* response_mode 10	1057	* response_mode 10
1058	* id_token_hint 11	1058	* id_token_hint 11
1059	* login_hint 12	1059	* login_hint 12
1060	* acr_values 13	1060	* acr_values 13
1061	*/	1061	*/
1062	char* array[] = { "response_type", "client_id", "scope", "redirect_uri",	1062	char* array[] = { "response_type", "client_id", "scope", "redirect_uri",
1063	"state", "nonce", "display", "prompt", "max_age", "ui_locales",	1063	"state", "nonce", "display", "prompt", "max_age", "ui_locales",
1064	"response_mode", "id_token_hint","login_hint", "acr_values" };	1064	"response_mode", "id_token_hint","login_hint", "acr_values" };
1065	int array_size=14;	1065	int array_size=14;
1066	int bool_array[array_size];	1066	int bool_array[array_size];
1067		1067
1068	struct GNUNET_HashCode cache_key;	1068	struct GNUNET_HashCode cache_key;
1069		1069
1070	//iterates over each parameter and store used values in array array[]	1070	//iterates over each parameter and store used values in array array[]
1071	int iterator;	1071	int iterator;
1072	for( iterator = 0; iterator<array_size; iterator++){	1072	for( iterator = 0; iterator<array_size; iterator++){
1073	GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key);	1073	GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key);
1074	char* cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &cache_key);	1074	char* cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &cache_key);
1075	bool_array[iterator]=0;	1075	bool_array[iterator]=0;
1076	if(cache!=0){	1076	if(cache!=0){
1077	size_t size=strlen(cache)+1;	1077	size_t size=strlen(cache)+1;
1078	array[iterator]=(char)malloc(sizesizeof(char));	1078	array[iterator]=(char)malloc(sizesizeof(char));
1079	strncpy(array[iterator],cache,size);	1079	strncpy(array[iterator],cache,size);
1080	bool_array[iterator]=1;	1080	bool_array[iterator]=1;
1081	}	1081	}
1082	}	1082	}
1083		1083
1084	//MUST validate all the OAuth 2.0 parameters & that all the REQUIRED parameters are present and their usage conforms to this specification	1084	/* MUST validate all the OAuth 2.0 parameters & that all the
1085		1085	* REQUIRED parameters are present and their usage conforms to this specification
1086	//required values: response_type, client_id, scope, redirect_uri	1086	*/
1087	if(!bool_array[0] \|\| !bool_array[1] \|\| !bool_array[2] \|\| !bool_array[3]){	1087	GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (array[iterator]), &cache_key);
1088	handle->emsg=GNUNET_strdup("invalid_request");	1088	if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1089	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1089	&key))
1090	GNUNET_SCHEDULER_add_now (&do_error, handle);	1090	{
1091	return;	1091	handle->emsg=GNUNET_strdup("invalid_request");
1092	}	1092	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1093	//response_type = code	1093	GNUNET_SCHEDULER_add_now (&do_error, handle);
1094	if(strcmp(array[0],"code")!=0){	1094	return;
1095	handle->emsg=GNUNET_strdup("invalid_response_type");	1095	}
1096	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1096	response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
1097	GNUNET_SCHEDULER_add_now (&do_error, handle);	1097	&key);
1098	return;	1098
1099	}	1099	//required values: response_type, client_id, scope, redirect_uri
1100	//scope contains openid	1100	if(!bool_array[0] \|\| !bool_array[1] \|\| !bool_array[2] \|\| !bool_array[3]){
1101	if(strstr(array[2],"openid")==NULL){	1101	handle->emsg=GNUNET_strdup("invalid_request");
1102	handle->emsg=GNUNET_strdup("invalid_scope");	1102	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1103	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1103	GNUNET_SCHEDULER_add_now (&do_error, handle);
1104	GNUNET_SCHEDULER_add_now (&do_error, handle);	1104	return;
1105	return;	1105	}
1106	}	1106	//response_type = code
1107		1107	if(strcmp(array[0],"code")!=0){
1108	//TODO check other values and use them accordingly	1108	handle->emsg=GNUNET_strdup("invalid_response_type");
1109		1109	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1110		1110	GNUNET_SCHEDULER_add_now (&do_error, handle);
1111	char* redirect_url_to_login;	1111	return;
1112		1112	}
1113	// if(){	1113	//scope contains openid
1114	//	1114	if(strstr(array[2],"openid")==NULL){
1115	// }else{	1115	handle->emsg=GNUNET_strdup("invalid_scope");
1116	//	1116	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1117	// }	1117	GNUNET_SCHEDULER_add_now (&do_error, handle);
1118	if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,	1118	return;
1119	"identity-rest-plugin",	1119	}
1120	"address",	1120
1121	&redirect_url_to_login)){	1121	//TODO check other values and use them accordingly
1122		1122
1123	char* build_array[] = { "response_type", "client_id", "scope", "redirect_uri",	1123
1124	"state", "nonce", "display", "prompt", "max_age", "ui_locales",	1124	char* redirect_url_to_login;
1125	"response_mode", "id_token_hint","login_hint", "acr_values" };	1125
1126		1126	// if(){
1127	size_t redirect_parameter_size= strlen("?");	1127	//
1128	for(iterator=0;iterator<array_size;iterator++){	1128	// }else{
1129	if(bool_array[iterator]){	1129	//
1130	redirect_parameter_size += strlen(array[iterator]);	1130	// }
1131	redirect_parameter_size += strlen(build_array[iterator]);	1131	if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
1132	if(iterator==array_size-1)	1132	"identity-rest-plugin",
1133	{	1133	"address",
1134	redirect_parameter_size += strlen("=");	1134	&redirect_url_to_login)){
1135	}else{	1135
1136	redirect_parameter_size += strlen("=&");	1136	char* build_array[] = { "response_type", "client_id", "scope", "redirect_uri",
1137	}	1137	"state", "nonce", "display", "prompt", "max_age", "ui_locales",
1138	}	1138	"response_mode", "id_token_hint","login_hint", "acr_values" };
1139	}	1139	GNUNET_asprintf (new_redirect, "%s=%s&...",
1140		1140	OIDC_REDIRECT_URI_KEY, redirect_uri,
1141	char redirect_parameter[redirect_parameter_size+1];	1141	OIDC_CLIENT_ID_KEY, client_id,
1142	redirect_parameter_size = 0;	1142	...);
1143	redirect_parameter[redirect_parameter_size]='?';	1143	size_t redirect_parameter_size= strlen("?");
1144	for(iterator=0;iterator<array_size;iterator++){	1144	for(iterator=0;iterator<array_size;iterator++){
1145	if(bool_array[iterator]){	1145	if(bool_array[iterator]){
1146	//If not last parameter	1146	redirect_parameter_size += strlen(array[iterator]);
1147	if(iterator!=array_size-1)	1147	redirect_parameter_size += strlen(build_array[iterator]);
1148	{	1148	if(iterator==array_size-1)
1149	char cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];	1149	{
1150	snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator], array[iterator]);	1150	redirect_parameter_size += strlen("=");
1151	strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+2 );	1151	}else{
1152	}else{	1152	redirect_parameter_size += strlen("=&");
1153	char cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];	1153	}
1154	snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator], array[iterator]);	1154	}
1155	strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+1 );	1155	}
1156	}	1156
1157	}	1157	char redirect_parameter[redirect_parameter_size+1];
1158	}	1158	redirect_parameter_size = 0;
1159	char redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];	1159	redirect_parameter[redirect_parameter_size]='?';
1160	snprintf(redirect_component, sizeof(redirect_component), "%s%s", redirect_url_to_login, redirect_parameter);	1160	for(iterator=0;iterator<array_size;iterator++){
1161	resp = GNUNET_REST_create_response ("");	1161	if(bool_array[iterator]){
1162	MHD_add_response_header (resp, "Location", redirect_component);	1162	//If not last parameter
1163	}else{	1163	if(iterator!=array_size-1)
1164	handle->emsg=GNUNET_strdup("No server on localhost:8000");	1164	{
1165	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1165	char cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];
1166	GNUNET_SCHEDULER_add_now (&do_error, handle);	1166	snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator], array[iterator]);
1167	return;	1167	strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+2 );
1168	// resp = GNUNET_REST_create_response ("");	1168	}else{
1169	// MHD_add_response_header (resp, "Location", array[3]);	1169	char cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];
1170	}	1170	snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator], array[iterator]);
1171		1171	strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+1 );
1172	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);	1172	}
1173	cleanup_handle (handle);	1173	}
1174	for(iterator=0; iterator<array_size; iterator++){	1174	}
1175	if(bool_array[iterator]){	1175	char redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];
1176	free(array[iterator]);	1176	snprintf(redirect_component, sizeof(redirect_component), "%s%s", redirect_url_to_login, redirect_parameter);
1177	}	1177	resp = GNUNET_REST_create_response ("");
1178	}	1178	MHD_add_response_header (resp, "Location", redirect_component);
1179	return;	1179	}else{
		1180	handle->emsg=GNUNET_strdup("No server on localhost:8000");
		1181	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
		1182	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1183	return;
		1184	// resp = GNUNET_REST_create_response ("");
		1185	// MHD_add_response_header (resp, "Location", array[3]);
		1186	}
		1187
		1188	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
		1189	cleanup_handle (handle);
		1190	for(iterator=0; iterator<array_size; iterator++){
		1191	if(bool_array[iterator]){
		1192	free(array[iterator]);
		1193	}
		1194	}
		1195	return;
1180	}	1196	}
1181		1197
1182	/**	1198	/**
@@ -1192,8 +1208,8 @@ init_cont (struct RequestHandle *handle)
1192	{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},	1208	{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},
1193	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},	1209	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},
1194	{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},	1210	{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
1195	{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},	1211	{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
1196	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},	1212	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
1197	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},	1213	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
1198	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},	1214	{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
1199	{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,	1215	{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,