diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-04 18:42:04 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-09 20:38:10 +0100 |
commit | 55f6d26b7424d660c99bc89f3677b20294e87a27 (patch) | |
tree | a8080fdcf0d9688c154417e50c58055e364f8b6b /src/reclaim/oidc_helper.c | |
parent | 5b6bb2ce4d60635b2af950d72b45f12686fd5218 (diff) | |
download | gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.tar.gz gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.zip |
Refactoring reclaim attestations
Diffstat (limited to 'src/reclaim/oidc_helper.c')
-rw-r--r-- | src/reclaim/oidc_helper.c | 153 |
1 files changed, 80 insertions, 73 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 1d23003ab..487aa5695 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -60,6 +60,11 @@ struct OIDC_Parameters | |||
60 | * The length of the attributes list | 60 | * The length of the attributes list |
61 | */ | 61 | */ |
62 | uint32_t attr_list_len GNUNET_PACKED; | 62 | uint32_t attr_list_len GNUNET_PACKED; |
63 | |||
64 | /** | ||
65 | * The length of the attestation list | ||
66 | */ | ||
67 | uint32_t attest_list_len GNUNET_PACKED; | ||
63 | }; | 68 | }; |
64 | 69 | ||
65 | GNUNET_NETWORK_STRUCT_END | 70 | GNUNET_NETWORK_STRUCT_END |
@@ -118,12 +123,14 @@ fix_base64 (char *str) | |||
118 | char * | 123 | char * |
119 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 124 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
120 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 125 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
121 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 126 | struct GNUNET_RECLAIM_AttributeList *attrs, |
127 | struct GNUNET_RECLAIM_AttestationList *attests, | ||
122 | const struct GNUNET_TIME_Relative *expiration_time, | 128 | const struct GNUNET_TIME_Relative *expiration_time, |
123 | const char *nonce, | 129 | const char *nonce, |
124 | const char *secret_key) | 130 | const char *secret_key) |
125 | { | 131 | { |
126 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 132 | struct GNUNET_RECLAIM_AttributeListEntry *le; |
133 | struct GNUNET_RECLAIM_AttestationListEntry *ale; | ||
127 | struct GNUNET_HashCode signature; | 134 | struct GNUNET_HashCode signature; |
128 | struct GNUNET_TIME_Absolute exp_time; | 135 | struct GNUNET_TIME_Absolute exp_time; |
129 | struct GNUNET_TIME_Absolute time_now; | 136 | struct GNUNET_TIME_Absolute time_now; |
@@ -146,7 +153,12 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
146 | json_t *aggr_names; | 153 | json_t *aggr_names; |
147 | json_t *aggr_sources; | 154 | json_t *aggr_sources; |
148 | json_t *aggr_sources_jwt; | 155 | json_t *aggr_sources_jwt; |
149 | struct GNUNET_RECLAIM_Identifier attest_arr[GNUNET_RECLAIM_ATTRIBUTE_list_count_attest (attrs)]; | 156 | int num_attestations = 0; |
157 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
158 | { | ||
159 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) | ||
160 | num_attestations++; | ||
161 | } | ||
150 | 162 | ||
151 | // iat REQUIRED time now | 163 | // iat REQUIRED time now |
152 | time_now = GNUNET_TIME_absolute_get (); | 164 | time_now = GNUNET_TIME_absolute_get (); |
@@ -191,97 +203,73 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
191 | // nonce | 203 | // nonce |
192 | if (NULL != nonce) | 204 | if (NULL != nonce) |
193 | json_object_set_new (body, "nonce", json_string (nonce)); | 205 | json_object_set_new (body, "nonce", json_string (nonce)); |
194 | int i = 0; | ||
195 | attest_val_str = NULL; | 206 | attest_val_str = NULL; |
196 | aggr_names_str = NULL; | 207 | aggr_names_str = NULL; |
197 | aggr_sources_str = NULL; | 208 | aggr_sources_str = NULL; |
198 | aggr_sources_jwt_str = NULL; | 209 | aggr_sources_jwt_str = NULL; |
199 | source_name = NULL; | 210 | source_name = NULL; |
211 | int i = 0; | ||
212 | for (ale = attests->list_head; NULL != ale; ale = ale->next) | ||
213 | { | ||
214 | // New Attestation | ||
215 | GNUNET_asprintf (&source_name, | ||
216 | "src%d", | ||
217 | i); | ||
218 | aggr_sources_jwt = json_object (); | ||
219 | attest_val_str = | ||
220 | GNUNET_RECLAIM_attestation_value_to_string (ale->attestation->type, | ||
221 | ale->attestation->data, | ||
222 | ale->attestation->data_size); | ||
223 | json_object_set_new (aggr_sources_jwt, "JWT", | ||
224 | json_string (attest_val_str) ); | ||
225 | aggr_sources_jwt_str = json_dumps (aggr_sources_jwt, JSON_INDENT (0) | ||
226 | | JSON_COMPACT); | ||
227 | json_object_set_new (aggr_sources, source_name,json_string ( | ||
228 | aggr_sources_jwt_str)); | ||
229 | i++; | ||
230 | } | ||
231 | |||
200 | for (le = attrs->list_head; NULL != le; le = le->next) | 232 | for (le = attrs->list_head; NULL != le; le = le->next) |
201 | { | 233 | { |
202 | 234 | ||
203 | if (le->claim != NULL) | 235 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) |
204 | { | 236 | { |
205 | 237 | ||
206 | attr_val_str = | 238 | attr_val_str = |
207 | GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 239 | GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type, |
208 | le->claim->data, | 240 | le->attribute->data, |
209 | le->claim->data_size); | 241 | le->attribute->data_size); |
210 | json_object_set_new (body, le->claim->name, json_string (attr_val_str)); | 242 | json_object_set_new (body, le->attribute->name, |
243 | json_string (attr_val_str)); | ||
211 | GNUNET_free (attr_val_str); | 244 | GNUNET_free (attr_val_str); |
212 | } | 245 | } |
213 | else if (NULL != le->reference) | 246 | else |
214 | { | 247 | { |
215 | // Check if attest is there | 248 | // Check if attest is there |
216 | int j = 0; | 249 | int j = 0; |
217 | while (j<i) | 250 | for (ale = attests->list_head; NULL != ale; ale = ale->next) |
218 | { | 251 | { |
219 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&attest_arr[j], | 252 | if (GNUNET_YES == |
220 | &le->reference->id_attest)) | 253 | GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, |
254 | &le->attribute->attestation)) | ||
221 | break; | 255 | break; |
222 | j++; | 256 | j++; |
223 | } | 257 | } |
224 | if (j==i) | 258 | GNUNET_assert (NULL != ale); |
225 | { | 259 | // Attestation is existing, hence take the respective source str |
226 | // Attest not yet existent. Append to the end of the list | 260 | GNUNET_asprintf (&source_name, |
227 | GNUNET_CONTAINER_DLL_remove (attrs->list_head, attrs->list_tail, le); | 261 | "src%d", |
228 | GNUNET_CONTAINER_DLL_insert_tail (attrs->list_head, attrs->list_tail, | 262 | j); |
229 | le); | 263 | json_object_set_new (aggr_names, le->attribute->data, |
230 | continue; | 264 | json_string (source_name)); |
231 | } | ||
232 | else | ||
233 | { | ||
234 | // Attestation is existing, hence take the respective source str | ||
235 | GNUNET_asprintf (&source_name, | ||
236 | "src%d", | ||
237 | j); | ||
238 | json_object_set_new (aggr_names, le->reference->name, json_string ( | ||
239 | source_name)); | ||
240 | } | ||
241 | |||
242 | } | ||
243 | else if (NULL != le->attest) | ||
244 | { | ||
245 | // We assume that at max 99 different attestations | ||
246 | int j = 0; | ||
247 | while (j<i) | ||
248 | { | ||
249 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&attest_arr[j], | ||
250 | &le->attest->id)) | ||
251 | break; | ||
252 | j++; | ||
253 | } | ||
254 | if (j==i) | ||
255 | { | ||
256 | // New Attestation | ||
257 | attest_arr[i] = le->attest->id; | ||
258 | GNUNET_asprintf (&source_name, | ||
259 | "src%d", | ||
260 | i); | ||
261 | aggr_sources_jwt = json_object (); | ||
262 | attest_val_str = GNUNET_RECLAIM_ATTESTATION_value_to_string ( | ||
263 | le->attest->type, le->attest->data, le->attest->data_size); | ||
264 | json_object_set_new (aggr_sources_jwt, "JWT",json_string ( | ||
265 | attest_val_str) ); | ||
266 | aggr_sources_jwt_str = json_dumps (aggr_sources_jwt, JSON_INDENT (0) | ||
267 | | JSON_COMPACT); | ||
268 | json_object_set_new (aggr_sources, source_name,json_string ( | ||
269 | aggr_sources_jwt_str)); | ||
270 | i++; | ||
271 | } | ||
272 | else | ||
273 | { | ||
274 | // Attestation already existent. Ignore | ||
275 | continue; | ||
276 | } | ||
277 | |||
278 | } | 265 | } |
279 | } | 266 | } |
267 | |||
280 | if (NULL != attest_val_str) | 268 | if (NULL != attest_val_str) |
281 | GNUNET_free (attest_val_str); | 269 | GNUNET_free (attest_val_str); |
282 | if (NULL != source_name) | 270 | if (NULL != source_name) |
283 | GNUNET_free (source_name); | 271 | GNUNET_free (source_name); |
284 | if (0!=i) | 272 | if (0 != i) |
285 | { | 273 | { |
286 | aggr_names_str = json_dumps (aggr_names, JSON_INDENT (0) | JSON_COMPACT); | 274 | aggr_names_str = json_dumps (aggr_names, JSON_INDENT (0) | JSON_COMPACT); |
287 | aggr_sources_str = json_dumps (aggr_sources, JSON_INDENT (0) | 275 | aggr_sources_str = json_dumps (aggr_sources, JSON_INDENT (0) |
@@ -574,7 +562,8 @@ encrypt_payload (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, | |||
574 | char * | 562 | char * |
575 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | 563 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, |
576 | const struct GNUNET_RECLAIM_Ticket *ticket, | 564 | const struct GNUNET_RECLAIM_Ticket *ticket, |
577 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 565 | struct GNUNET_RECLAIM_AttributeList *attrs, |
566 | struct GNUNET_RECLAIM_AttestationList *attests, | ||
578 | const char *nonce_str, | 567 | const char *nonce_str, |
579 | const char *code_challenge) | 568 | const char *code_challenge) |
580 | { | 569 | { |
@@ -587,6 +576,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
587 | size_t payload_len; | 576 | size_t payload_len; |
588 | size_t code_payload_len; | 577 | size_t code_payload_len; |
589 | size_t attr_list_len = 0; | 578 | size_t attr_list_len = 0; |
579 | size_t attests_list_len = 0; | ||
590 | size_t code_challenge_len = 0; | 580 | size_t code_challenge_len = 0; |
591 | uint32_t nonce; | 581 | uint32_t nonce; |
592 | uint32_t nonce_tmp; | 582 | uint32_t nonce_tmp; |
@@ -625,7 +615,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
625 | if (NULL != attrs) | 615 | if (NULL != attrs) |
626 | { | 616 | { |
627 | // Get length | 617 | // Get length |
628 | attr_list_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs); | 618 | attr_list_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs); |
629 | params.attr_list_len = htonl (attr_list_len); | 619 | params.attr_list_len = htonl (attr_list_len); |
630 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 620 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
631 | "Length of serialized attributes: %lu\n", | 621 | "Length of serialized attributes: %lu\n", |
@@ -633,6 +623,19 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
633 | // Get serialized attributes | 623 | // Get serialized attributes |
634 | payload_len += attr_list_len; | 624 | payload_len += attr_list_len; |
635 | } | 625 | } |
626 | if (NULL != attests) | ||
627 | { | ||
628 | // Get length | ||
629 | attests_list_len = | ||
630 | GNUNET_RECLAIM_attestation_list_serialize_get_size (attests); | ||
631 | params.attest_list_len = htonl (attests_list_len); | ||
632 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
633 | "Length of serialized attestations: %lu\n", | ||
634 | attests_list_len); | ||
635 | // Get serialized attributes | ||
636 | payload_len += attests_list_len; | ||
637 | } | ||
638 | |||
636 | // Get plaintext length | 639 | // Get plaintext length |
637 | payload = GNUNET_malloc (payload_len); | 640 | payload = GNUNET_malloc (payload_len); |
638 | memcpy (payload, ¶ms, sizeof(params)); | 641 | memcpy (payload, ¶ms, sizeof(params)); |
@@ -643,7 +646,10 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
643 | tmp += code_challenge_len; | 646 | tmp += code_challenge_len; |
644 | } | 647 | } |
645 | if (0 < attr_list_len) | 648 | if (0 < attr_list_len) |
646 | GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, tmp); | 649 | GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); |
650 | if (0 < attests_list_len) | ||
651 | GNUNET_RECLAIM_attestation_list_serialize (attests, tmp); | ||
652 | |||
647 | /** END **/ | 653 | /** END **/ |
648 | 654 | ||
649 | /** ENCRYPT **/ | 655 | /** ENCRYPT **/ |
@@ -711,7 +717,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
711 | const char *code, | 717 | const char *code, |
712 | const char *code_verifier, | 718 | const char *code_verifier, |
713 | struct GNUNET_RECLAIM_Ticket *ticket, | 719 | struct GNUNET_RECLAIM_Ticket *ticket, |
714 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs, | 720 | struct GNUNET_RECLAIM_AttributeList **attrs, |
721 | struct GNUNET_RECLAIM_AttestationList **attests, | ||
715 | char **nonce_str) | 722 | char **nonce_str) |
716 | { | 723 | { |
717 | char *code_payload; | 724 | char *code_payload; |
@@ -829,7 +836,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
829 | // Attributes | 836 | // Attributes |
830 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; | 837 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; |
831 | attrs_ser_len = ntohl (params->attr_list_len); | 838 | attrs_ser_len = ntohl (params->attr_list_len); |
832 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, attrs_ser_len); | 839 | *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); |
833 | 840 | ||
834 | *nonce_str = NULL; | 841 | *nonce_str = NULL; |
835 | if (nonce != 0) | 842 | if (nonce != 0) |