aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/oidc_helper.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-11-12 17:49:34 +0100
committerChristian Grothoff <christian@grothoff.org>2020-11-12 17:49:34 +0100
commit3522008dfd14f049a821dfba7ba89a27aa27d4aa (patch)
tree09cc48925133f736e48bb2be4f239fb7d6d01950 /src/reclaim/oidc_helper.c
parent23f8671e09a80bf722c3268e8d477b5ce5e3d76a (diff)
parente11d1e59e4ae5f7d89c33df3ae9ca8f1ece990cf (diff)
downloadgnunet-3522008dfd14f049a821dfba7ba89a27aa27d4aa.tar.gz
gnunet-3522008dfd14f049a821dfba7ba89a27aa27d4aa.zip
Merge branch 'master' of git+ssh://gnunet.org/gnunet
Diffstat (limited to 'src/reclaim/oidc_helper.c')
-rw-r--r--src/reclaim/oidc_helper.c57
1 files changed, 33 insertions, 24 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index c3ff07976..c6d56e02d 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -154,10 +154,12 @@ fix_base64 (char *str)
154 replace_char (str, '/', '_'); 154 replace_char (str, '/', '_');
155} 155}
156 156
157
157static json_t* 158static json_t*
158generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, 159generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
159 const struct GNUNET_RECLAIM_AttributeList *attrs, 160 const struct GNUNET_RECLAIM_AttributeList *attrs,
160 const struct GNUNET_RECLAIM_PresentationList *presentations) 161 const struct
162 GNUNET_RECLAIM_PresentationList *presentations)
161{ 163{
162 struct GNUNET_RECLAIM_AttributeListEntry *le; 164 struct GNUNET_RECLAIM_AttributeListEntry *le;
163 struct GNUNET_RECLAIM_PresentationListEntry *ple; 165 struct GNUNET_RECLAIM_PresentationListEntry *ple;
@@ -206,7 +208,8 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key,
206 ple->presentation->data, 208 ple->presentation->data,
207 ple->presentation->data_size); 209 ple->presentation->data_size);
208 json_object_set_new (aggr_sources_jwt, 210 json_object_set_new (aggr_sources_jwt,
209 GNUNET_RECLAIM_presentation_number_to_typename (ple->presentation->type), 211 GNUNET_RECLAIM_presentation_number_to_typename (
212 ple->presentation->type),
210 json_string (pres_val_str) ); 213 json_string (pres_val_str) );
211 json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); 214 json_object_set_new (aggr_sources, source_name, aggr_sources_jwt);
212 GNUNET_free (pres_val_str); 215 GNUNET_free (pres_val_str);
@@ -286,6 +289,7 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key,
286 return body; 289 return body;
287} 290}
288 291
292
289/** 293/**
290 * Generate userinfo JSON as string 294 * Generate userinfo JSON as string
291 * 295 *
@@ -297,12 +301,13 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key,
297char * 301char *
298OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, 302OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key,
299 const struct GNUNET_RECLAIM_AttributeList *attrs, 303 const struct GNUNET_RECLAIM_AttributeList *attrs,
300 const struct GNUNET_RECLAIM_PresentationList *presentations) 304 const struct
305 GNUNET_RECLAIM_PresentationList *presentations)
301{ 306{
302 char *body_str; 307 char *body_str;
303 json_t* body = generate_userinfo_json (sub_key, 308 json_t*body = generate_userinfo_json (sub_key,
304 attrs, 309 attrs,
305 presentations); 310 presentations);
306 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); 311 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
307 json_decref (body); 312 json_decref (body);
308 return body_str; 313 return body_str;
@@ -324,7 +329,8 @@ char *
324OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, 329OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key,
325 const struct GNUNET_IDENTITY_PublicKey *sub_key, 330 const struct GNUNET_IDENTITY_PublicKey *sub_key,
326 const struct GNUNET_RECLAIM_AttributeList *attrs, 331 const struct GNUNET_RECLAIM_AttributeList *attrs,
327 const struct GNUNET_RECLAIM_PresentationList *presentations, 332 const struct
333 GNUNET_RECLAIM_PresentationList *presentations,
328 const struct GNUNET_TIME_Relative *expiration_time, 334 const struct GNUNET_TIME_Relative *expiration_time,
329 const char *nonce, 335 const char *nonce,
330 const char *secret_key) 336 const char *secret_key)
@@ -441,7 +447,8 @@ char *
441OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, 447OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer,
442 const struct GNUNET_RECLAIM_Ticket *ticket, 448 const struct GNUNET_RECLAIM_Ticket *ticket,
443 const struct GNUNET_RECLAIM_AttributeList *attrs, 449 const struct GNUNET_RECLAIM_AttributeList *attrs,
444 const struct GNUNET_RECLAIM_PresentationList *presentations, 450 const struct
451 GNUNET_RECLAIM_PresentationList *presentations,
445 const char *nonce_str, 452 const char *nonce_str,
446 const char *code_challenge) 453 const char *code_challenge)
447{ 454{
@@ -525,7 +532,7 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer,
525 // Get length 532 // Get length
526 code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) 533 code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
527 + payload_len + sizeof(struct 534 + payload_len + sizeof(struct
528 GNUNET_CRYPTO_EcdsaSignature); 535 GNUNET_IDENTITY_Signature);
529 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 536 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
530 "Length of data to encode: %lu\n", 537 "Length of data to encode: %lu\n",
531 code_payload_len); 538 code_payload_len);
@@ -544,10 +551,10 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer,
544 buf_ptr += payload_len; 551 buf_ptr += payload_len;
545 // Sign and store signature 552 // Sign and store signature
546 if (GNUNET_SYSERR == 553 if (GNUNET_SYSERR ==
547 GNUNET_CRYPTO_ecdsa_sign_ (&issuer->ecdsa_key, 554 GNUNET_IDENTITY_sign_ (issuer,
548 purpose, 555 purpose,
549 (struct GNUNET_CRYPTO_EcdsaSignature *) 556 (struct GNUNET_IDENTITY_Signature *)
550 buf_ptr)) 557 buf_ptr))
551 { 558 {
552 GNUNET_break (0); 559 GNUNET_break (0);
553 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); 560 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
@@ -593,7 +600,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
593 char *code_challenge; 600 char *code_challenge;
594 char *code_verifier_hash; 601 char *code_verifier_hash;
595 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; 602 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
596 struct GNUNET_CRYPTO_EcdsaSignature *signature; 603 struct GNUNET_IDENTITY_Signature *signature;
597 uint32_t code_challenge_len; 604 uint32_t code_challenge_len;
598 uint32_t attrs_ser_len; 605 uint32_t attrs_ser_len;
599 uint32_t pres_ser_len; 606 uint32_t pres_ser_len;
@@ -609,7 +616,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
609 (void **) &code_payload); 616 (void **) &code_payload);
610 if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) 617 if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
611 + sizeof(struct OIDC_Parameters) 618 + sizeof(struct OIDC_Parameters)
612 + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)) 619 + sizeof(struct GNUNET_IDENTITY_Signature))
613 { 620 {
614 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); 621 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
615 GNUNET_free (code_payload); 622 GNUNET_free (code_payload);
@@ -620,10 +627,10 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
620 plaintext_len = code_payload_len; 627 plaintext_len = code_payload_len;
621 plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); 628 plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose);
622 ptr = (char *) &purpose[1]; 629 ptr = (char *) &purpose[1];
623 plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature); 630 plaintext_len -= sizeof(struct GNUNET_IDENTITY_Signature);
624 plaintext = ptr; 631 plaintext = ptr;
625 ptr += plaintext_len; 632 ptr += plaintext_len;
626 signature = (struct GNUNET_CRYPTO_EcdsaSignature *) ptr; 633 signature = (struct GNUNET_IDENTITY_Signature *) ptr;
627 params = (struct OIDC_Parameters *) plaintext; 634 params = (struct OIDC_Parameters *) plaintext;
628 635
629 // cmp code_challenge code_verifier 636 // cmp code_challenge code_verifier
@@ -684,10 +691,11 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
684 return GNUNET_SYSERR; 691 return GNUNET_SYSERR;
685 } 692 }
686 if (GNUNET_OK != 693 if (GNUNET_OK !=
687 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, 694 GNUNET_IDENTITY_signature_verify_ (
688 purpose, 695 GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
689 signature, 696 purpose,
690 &ticket->identity.ecdsa_key)) 697 signature,
698 &(ticket->identity)))
691 { 699 {
692 GNUNET_free (code_payload); 700 GNUNET_free (code_payload);
693 if (NULL != *nonce_str) 701 if (NULL != *nonce_str)
@@ -840,7 +848,8 @@ OIDC_check_scopes_for_claim_request (const char*scopes,
840 } 848 }
841 } 849 }
842 850
843 } else if (0 == strcmp (attr, scope_variable)) 851 }
852 else if (0 == strcmp (attr, scope_variable))
844 { 853 {
845 /** attribute matches requested scope **/ 854 /** attribute matches requested scope **/
846 GNUNET_free (scope_variables); 855 GNUNET_free (scope_variables);