diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-11-12 17:49:34 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-11-12 17:49:34 +0100 |
commit | 3522008dfd14f049a821dfba7ba89a27aa27d4aa (patch) | |
tree | 09cc48925133f736e48bb2be4f239fb7d6d01950 /src/reclaim/oidc_helper.c | |
parent | 23f8671e09a80bf722c3268e8d477b5ce5e3d76a (diff) | |
parent | e11d1e59e4ae5f7d89c33df3ae9ca8f1ece990cf (diff) | |
download | gnunet-3522008dfd14f049a821dfba7ba89a27aa27d4aa.tar.gz gnunet-3522008dfd14f049a821dfba7ba89a27aa27d4aa.zip |
Merge branch 'master' of git+ssh://gnunet.org/gnunet
Diffstat (limited to 'src/reclaim/oidc_helper.c')
-rw-r--r-- | src/reclaim/oidc_helper.c | 57 |
1 files changed, 33 insertions, 24 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index c3ff07976..c6d56e02d 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -154,10 +154,12 @@ fix_base64 (char *str) | |||
154 | replace_char (str, '/', '_'); | 154 | replace_char (str, '/', '_'); |
155 | } | 155 | } |
156 | 156 | ||
157 | |||
157 | static json_t* | 158 | static json_t* |
158 | generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, | 159 | generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, |
159 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 160 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
160 | const struct GNUNET_RECLAIM_PresentationList *presentations) | 161 | const struct |
162 | GNUNET_RECLAIM_PresentationList *presentations) | ||
161 | { | 163 | { |
162 | struct GNUNET_RECLAIM_AttributeListEntry *le; | 164 | struct GNUNET_RECLAIM_AttributeListEntry *le; |
163 | struct GNUNET_RECLAIM_PresentationListEntry *ple; | 165 | struct GNUNET_RECLAIM_PresentationListEntry *ple; |
@@ -206,7 +208,8 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, | |||
206 | ple->presentation->data, | 208 | ple->presentation->data, |
207 | ple->presentation->data_size); | 209 | ple->presentation->data_size); |
208 | json_object_set_new (aggr_sources_jwt, | 210 | json_object_set_new (aggr_sources_jwt, |
209 | GNUNET_RECLAIM_presentation_number_to_typename (ple->presentation->type), | 211 | GNUNET_RECLAIM_presentation_number_to_typename ( |
212 | ple->presentation->type), | ||
210 | json_string (pres_val_str) ); | 213 | json_string (pres_val_str) ); |
211 | json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); | 214 | json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); |
212 | GNUNET_free (pres_val_str); | 215 | GNUNET_free (pres_val_str); |
@@ -286,6 +289,7 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, | |||
286 | return body; | 289 | return body; |
287 | } | 290 | } |
288 | 291 | ||
292 | |||
289 | /** | 293 | /** |
290 | * Generate userinfo JSON as string | 294 | * Generate userinfo JSON as string |
291 | * | 295 | * |
@@ -297,12 +301,13 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, | |||
297 | char * | 301 | char * |
298 | OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, | 302 | OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, |
299 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 303 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
300 | const struct GNUNET_RECLAIM_PresentationList *presentations) | 304 | const struct |
305 | GNUNET_RECLAIM_PresentationList *presentations) | ||
301 | { | 306 | { |
302 | char *body_str; | 307 | char *body_str; |
303 | json_t* body = generate_userinfo_json (sub_key, | 308 | json_t*body = generate_userinfo_json (sub_key, |
304 | attrs, | 309 | attrs, |
305 | presentations); | 310 | presentations); |
306 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); | 311 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); |
307 | json_decref (body); | 312 | json_decref (body); |
308 | return body_str; | 313 | return body_str; |
@@ -324,7 +329,8 @@ char * | |||
324 | OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, | 329 | OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, |
325 | const struct GNUNET_IDENTITY_PublicKey *sub_key, | 330 | const struct GNUNET_IDENTITY_PublicKey *sub_key, |
326 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 331 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
327 | const struct GNUNET_RECLAIM_PresentationList *presentations, | 332 | const struct |
333 | GNUNET_RECLAIM_PresentationList *presentations, | ||
328 | const struct GNUNET_TIME_Relative *expiration_time, | 334 | const struct GNUNET_TIME_Relative *expiration_time, |
329 | const char *nonce, | 335 | const char *nonce, |
330 | const char *secret_key) | 336 | const char *secret_key) |
@@ -441,7 +447,8 @@ char * | |||
441 | OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | 447 | OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, |
442 | const struct GNUNET_RECLAIM_Ticket *ticket, | 448 | const struct GNUNET_RECLAIM_Ticket *ticket, |
443 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 449 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
444 | const struct GNUNET_RECLAIM_PresentationList *presentations, | 450 | const struct |
451 | GNUNET_RECLAIM_PresentationList *presentations, | ||
445 | const char *nonce_str, | 452 | const char *nonce_str, |
446 | const char *code_challenge) | 453 | const char *code_challenge) |
447 | { | 454 | { |
@@ -525,7 +532,7 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | |||
525 | // Get length | 532 | // Get length |
526 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 533 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
527 | + payload_len + sizeof(struct | 534 | + payload_len + sizeof(struct |
528 | GNUNET_CRYPTO_EcdsaSignature); | 535 | GNUNET_IDENTITY_Signature); |
529 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 536 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
530 | "Length of data to encode: %lu\n", | 537 | "Length of data to encode: %lu\n", |
531 | code_payload_len); | 538 | code_payload_len); |
@@ -544,10 +551,10 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | |||
544 | buf_ptr += payload_len; | 551 | buf_ptr += payload_len; |
545 | // Sign and store signature | 552 | // Sign and store signature |
546 | if (GNUNET_SYSERR == | 553 | if (GNUNET_SYSERR == |
547 | GNUNET_CRYPTO_ecdsa_sign_ (&issuer->ecdsa_key, | 554 | GNUNET_IDENTITY_sign_ (issuer, |
548 | purpose, | 555 | purpose, |
549 | (struct GNUNET_CRYPTO_EcdsaSignature *) | 556 | (struct GNUNET_IDENTITY_Signature *) |
550 | buf_ptr)) | 557 | buf_ptr)) |
551 | { | 558 | { |
552 | GNUNET_break (0); | 559 | GNUNET_break (0); |
553 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); | 560 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); |
@@ -593,7 +600,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
593 | char *code_challenge; | 600 | char *code_challenge; |
594 | char *code_verifier_hash; | 601 | char *code_verifier_hash; |
595 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 602 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
596 | struct GNUNET_CRYPTO_EcdsaSignature *signature; | 603 | struct GNUNET_IDENTITY_Signature *signature; |
597 | uint32_t code_challenge_len; | 604 | uint32_t code_challenge_len; |
598 | uint32_t attrs_ser_len; | 605 | uint32_t attrs_ser_len; |
599 | uint32_t pres_ser_len; | 606 | uint32_t pres_ser_len; |
@@ -609,7 +616,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
609 | (void **) &code_payload); | 616 | (void **) &code_payload); |
610 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 617 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
611 | + sizeof(struct OIDC_Parameters) | 618 | + sizeof(struct OIDC_Parameters) |
612 | + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)) | 619 | + sizeof(struct GNUNET_IDENTITY_Signature)) |
613 | { | 620 | { |
614 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); | 621 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); |
615 | GNUNET_free (code_payload); | 622 | GNUNET_free (code_payload); |
@@ -620,10 +627,10 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
620 | plaintext_len = code_payload_len; | 627 | plaintext_len = code_payload_len; |
621 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); | 628 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); |
622 | ptr = (char *) &purpose[1]; | 629 | ptr = (char *) &purpose[1]; |
623 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature); | 630 | plaintext_len -= sizeof(struct GNUNET_IDENTITY_Signature); |
624 | plaintext = ptr; | 631 | plaintext = ptr; |
625 | ptr += plaintext_len; | 632 | ptr += plaintext_len; |
626 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *) ptr; | 633 | signature = (struct GNUNET_IDENTITY_Signature *) ptr; |
627 | params = (struct OIDC_Parameters *) plaintext; | 634 | params = (struct OIDC_Parameters *) plaintext; |
628 | 635 | ||
629 | // cmp code_challenge code_verifier | 636 | // cmp code_challenge code_verifier |
@@ -684,10 +691,11 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
684 | return GNUNET_SYSERR; | 691 | return GNUNET_SYSERR; |
685 | } | 692 | } |
686 | if (GNUNET_OK != | 693 | if (GNUNET_OK != |
687 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, | 694 | GNUNET_IDENTITY_signature_verify_ ( |
688 | purpose, | 695 | GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, |
689 | signature, | 696 | purpose, |
690 | &ticket->identity.ecdsa_key)) | 697 | signature, |
698 | &(ticket->identity))) | ||
691 | { | 699 | { |
692 | GNUNET_free (code_payload); | 700 | GNUNET_free (code_payload); |
693 | if (NULL != *nonce_str) | 701 | if (NULL != *nonce_str) |
@@ -840,7 +848,8 @@ OIDC_check_scopes_for_claim_request (const char*scopes, | |||
840 | } | 848 | } |
841 | } | 849 | } |
842 | 850 | ||
843 | } else if (0 == strcmp (attr, scope_variable)) | 851 | } |
852 | else if (0 == strcmp (attr, scope_variable)) | ||
844 | { | 853 | { |
845 | /** attribute matches requested scope **/ | 854 | /** attribute matches requested scope **/ |
846 | GNUNET_free (scope_variables); | 855 | GNUNET_free (scope_variables); |