diff options
| author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-04 18:42:04 +0100 |
|---|---|---|
| committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-09 20:38:10 +0100 |
| commit | 55f6d26b7424d660c99bc89f3677b20294e87a27 (patch) | |
| tree | a8080fdcf0d9688c154417e50c58055e364f8b6b /src/reclaim/oidc_helper.c | |
| parent | 5b6bb2ce4d60635b2af950d72b45f12686fd5218 (diff) | |
| download | gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.tar.gz gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.zip | |
Refactoring reclaim attestations
Diffstat (limited to 'src/reclaim/oidc_helper.c')
| -rw-r--r-- | src/reclaim/oidc_helper.c | 153 |
1 files changed, 80 insertions, 73 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 1d23003ab..487aa5695 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
| @@ -60,6 +60,11 @@ struct OIDC_Parameters | |||
| 60 | * The length of the attributes list | 60 | * The length of the attributes list |
| 61 | */ | 61 | */ |
| 62 | uint32_t attr_list_len GNUNET_PACKED; | 62 | uint32_t attr_list_len GNUNET_PACKED; |
| 63 | |||
| 64 | /** | ||
| 65 | * The length of the attestation list | ||
| 66 | */ | ||
| 67 | uint32_t attest_list_len GNUNET_PACKED; | ||
| 63 | }; | 68 | }; |
| 64 | 69 | ||
| 65 | GNUNET_NETWORK_STRUCT_END | 70 | GNUNET_NETWORK_STRUCT_END |
| @@ -118,12 +123,14 @@ fix_base64 (char *str) | |||
| 118 | char * | 123 | char * |
| 119 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 124 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
| 120 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 125 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
| 121 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 126 | struct GNUNET_RECLAIM_AttributeList *attrs, |
| 127 | struct GNUNET_RECLAIM_AttestationList *attests, | ||
| 122 | const struct GNUNET_TIME_Relative *expiration_time, | 128 | const struct GNUNET_TIME_Relative *expiration_time, |
| 123 | const char *nonce, | 129 | const char *nonce, |
| 124 | const char *secret_key) | 130 | const char *secret_key) |
| 125 | { | 131 | { |
| 126 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 132 | struct GNUNET_RECLAIM_AttributeListEntry *le; |
| 133 | struct GNUNET_RECLAIM_AttestationListEntry *ale; | ||
| 127 | struct GNUNET_HashCode signature; | 134 | struct GNUNET_HashCode signature; |
| 128 | struct GNUNET_TIME_Absolute exp_time; | 135 | struct GNUNET_TIME_Absolute exp_time; |
| 129 | struct GNUNET_TIME_Absolute time_now; | 136 | struct GNUNET_TIME_Absolute time_now; |
| @@ -146,7 +153,12 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
| 146 | json_t *aggr_names; | 153 | json_t *aggr_names; |
| 147 | json_t *aggr_sources; | 154 | json_t *aggr_sources; |
| 148 | json_t *aggr_sources_jwt; | 155 | json_t *aggr_sources_jwt; |
| 149 | struct GNUNET_RECLAIM_Identifier attest_arr[GNUNET_RECLAIM_ATTRIBUTE_list_count_attest (attrs)]; | 156 | int num_attestations = 0; |
| 157 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
| 158 | { | ||
| 159 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) | ||
| 160 | num_attestations++; | ||
| 161 | } | ||
| 150 | 162 | ||
| 151 | // iat REQUIRED time now | 163 | // iat REQUIRED time now |
| 152 | time_now = GNUNET_TIME_absolute_get (); | 164 | time_now = GNUNET_TIME_absolute_get (); |
| @@ -191,97 +203,73 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
| 191 | // nonce | 203 | // nonce |
| 192 | if (NULL != nonce) | 204 | if (NULL != nonce) |
| 193 | json_object_set_new (body, "nonce", json_string (nonce)); | 205 | json_object_set_new (body, "nonce", json_string (nonce)); |
| 194 | int i = 0; | ||
| 195 | attest_val_str = NULL; | 206 | attest_val_str = NULL; |
| 196 | aggr_names_str = NULL; | 207 | aggr_names_str = NULL; |
| 197 | aggr_sources_str = NULL; | 208 | aggr_sources_str = NULL; |
| 198 | aggr_sources_jwt_str = NULL; | 209 | aggr_sources_jwt_str = NULL; |
| 199 | source_name = NULL; | 210 | source_name = NULL; |
| 211 | int i = 0; | ||
| 212 | for (ale = attests->list_head; NULL != ale; ale = ale->next) | ||
| 213 | { | ||
| 214 | // New Attestation | ||
| 215 | GNUNET_asprintf (&source_name, | ||
| 216 | "src%d", | ||
| 217 | i); | ||
| 218 | aggr_sources_jwt = json_object (); | ||
| 219 | attest_val_str = | ||
| 220 | GNUNET_RECLAIM_attestation_value_to_string (ale->attestation->type, | ||
| 221 | ale->attestation->data, | ||
| 222 | ale->attestation->data_size); | ||
| 223 | json_object_set_new (aggr_sources_jwt, "JWT", | ||
| 224 | json_string (attest_val_str) ); | ||
| 225 | aggr_sources_jwt_str = json_dumps (aggr_sources_jwt, JSON_INDENT (0) | ||
| 226 | | JSON_COMPACT); | ||
| 227 | json_object_set_new (aggr_sources, source_name,json_string ( | ||
| 228 | aggr_sources_jwt_str)); | ||
| 229 | i++; | ||
| 230 | } | ||
| 231 | |||
| 200 | for (le = attrs->list_head; NULL != le; le = le->next) | 232 | for (le = attrs->list_head; NULL != le; le = le->next) |
| 201 | { | 233 | { |
| 202 | 234 | ||
| 203 | if (le->claim != NULL) | 235 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) |
| 204 | { | 236 | { |
| 205 | 237 | ||
| 206 | attr_val_str = | 238 | attr_val_str = |
| 207 | GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 239 | GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type, |
| 208 | le->claim->data, | 240 | le->attribute->data, |
| 209 | le->claim->data_size); | 241 | le->attribute->data_size); |
| 210 | json_object_set_new (body, le->claim->name, json_string (attr_val_str)); | 242 | json_object_set_new (body, le->attribute->name, |
| 243 | json_string (attr_val_str)); | ||
| 211 | GNUNET_free (attr_val_str); | 244 | GNUNET_free (attr_val_str); |
| 212 | } | 245 | } |
| 213 | else if (NULL != le->reference) | 246 | else |
| 214 | { | 247 | { |
| 215 | // Check if attest is there | 248 | // Check if attest is there |
| 216 | int j = 0; | 249 | int j = 0; |
| 217 | while (j<i) | 250 | for (ale = attests->list_head; NULL != ale; ale = ale->next) |
| 218 | { | 251 | { |
| 219 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&attest_arr[j], | 252 | if (GNUNET_YES == |
| 220 | &le->reference->id_attest)) | 253 | GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, |
| 254 | &le->attribute->attestation)) | ||
| 221 | break; | 255 | break; |
| 222 | j++; | 256 | j++; |
| 223 | } | 257 | } |
| 224 | if (j==i) | 258 | GNUNET_assert (NULL != ale); |
| 225 | { | 259 | // Attestation is existing, hence take the respective source str |
| 226 | // Attest not yet existent. Append to the end of the list | 260 | GNUNET_asprintf (&source_name, |
| 227 | GNUNET_CONTAINER_DLL_remove (attrs->list_head, attrs->list_tail, le); | 261 | "src%d", |
| 228 | GNUNET_CONTAINER_DLL_insert_tail (attrs->list_head, attrs->list_tail, | 262 | j); |
| 229 | le); | 263 | json_object_set_new (aggr_names, le->attribute->data, |
| 230 | continue; | 264 | json_string (source_name)); |
| 231 | } | ||
| 232 | else | ||
| 233 | { | ||
| 234 | // Attestation is existing, hence take the respective source str | ||
| 235 | GNUNET_asprintf (&source_name, | ||
| 236 | "src%d", | ||
| 237 | j); | ||
| 238 | json_object_set_new (aggr_names, le->reference->name, json_string ( | ||
| 239 | source_name)); | ||
| 240 | } | ||
| 241 | |||
| 242 | } | ||
| 243 | else if (NULL != le->attest) | ||
| 244 | { | ||
| 245 | // We assume that at max 99 different attestations | ||
| 246 | int j = 0; | ||
| 247 | while (j<i) | ||
| 248 | { | ||
| 249 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&attest_arr[j], | ||
| 250 | &le->attest->id)) | ||
| 251 | break; | ||
| 252 | j++; | ||
| 253 | } | ||
| 254 | if (j==i) | ||
| 255 | { | ||
| 256 | // New Attestation | ||
| 257 | attest_arr[i] = le->attest->id; | ||
| 258 | GNUNET_asprintf (&source_name, | ||
| 259 | "src%d", | ||
| 260 | i); | ||
| 261 | aggr_sources_jwt = json_object (); | ||
| 262 | attest_val_str = GNUNET_RECLAIM_ATTESTATION_value_to_string ( | ||
| 263 | le->attest->type, le->attest->data, le->attest->data_size); | ||
| 264 | json_object_set_new (aggr_sources_jwt, "JWT",json_string ( | ||
| 265 | attest_val_str) ); | ||
| 266 | aggr_sources_jwt_str = json_dumps (aggr_sources_jwt, JSON_INDENT (0) | ||
| 267 | | JSON_COMPACT); | ||
| 268 | json_object_set_new (aggr_sources, source_name,json_string ( | ||
| 269 | aggr_sources_jwt_str)); | ||
| 270 | i++; | ||
| 271 | } | ||
| 272 | else | ||
| 273 | { | ||
| 274 | // Attestation already existent. Ignore | ||
| 275 | continue; | ||
| 276 | } | ||
| 277 | |||
| 278 | } | 265 | } |
| 279 | } | 266 | } |
| 267 | |||
| 280 | if (NULL != attest_val_str) | 268 | if (NULL != attest_val_str) |
| 281 | GNUNET_free (attest_val_str); | 269 | GNUNET_free (attest_val_str); |
| 282 | if (NULL != source_name) | 270 | if (NULL != source_name) |
| 283 | GNUNET_free (source_name); | 271 | GNUNET_free (source_name); |
| 284 | if (0!=i) | 272 | if (0 != i) |
| 285 | { | 273 | { |
| 286 | aggr_names_str = json_dumps (aggr_names, JSON_INDENT (0) | JSON_COMPACT); | 274 | aggr_names_str = json_dumps (aggr_names, JSON_INDENT (0) | JSON_COMPACT); |
| 287 | aggr_sources_str = json_dumps (aggr_sources, JSON_INDENT (0) | 275 | aggr_sources_str = json_dumps (aggr_sources, JSON_INDENT (0) |
| @@ -574,7 +562,8 @@ encrypt_payload (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, | |||
| 574 | char * | 562 | char * |
| 575 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | 563 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, |
| 576 | const struct GNUNET_RECLAIM_Ticket *ticket, | 564 | const struct GNUNET_RECLAIM_Ticket *ticket, |
| 577 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 565 | struct GNUNET_RECLAIM_AttributeList *attrs, |
| 566 | struct GNUNET_RECLAIM_AttestationList *attests, | ||
| 578 | const char *nonce_str, | 567 | const char *nonce_str, |
| 579 | const char *code_challenge) | 568 | const char *code_challenge) |
| 580 | { | 569 | { |
| @@ -587,6 +576,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
| 587 | size_t payload_len; | 576 | size_t payload_len; |
| 588 | size_t code_payload_len; | 577 | size_t code_payload_len; |
| 589 | size_t attr_list_len = 0; | 578 | size_t attr_list_len = 0; |
| 579 | size_t attests_list_len = 0; | ||
| 590 | size_t code_challenge_len = 0; | 580 | size_t code_challenge_len = 0; |
| 591 | uint32_t nonce; | 581 | uint32_t nonce; |
| 592 | uint32_t nonce_tmp; | 582 | uint32_t nonce_tmp; |
| @@ -625,7 +615,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
| 625 | if (NULL != attrs) | 615 | if (NULL != attrs) |
| 626 | { | 616 | { |
| 627 | // Get length | 617 | // Get length |
| 628 | attr_list_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs); | 618 | attr_list_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs); |
| 629 | params.attr_list_len = htonl (attr_list_len); | 619 | params.attr_list_len = htonl (attr_list_len); |
| 630 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 620 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 631 | "Length of serialized attributes: %lu\n", | 621 | "Length of serialized attributes: %lu\n", |
| @@ -633,6 +623,19 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
| 633 | // Get serialized attributes | 623 | // Get serialized attributes |
| 634 | payload_len += attr_list_len; | 624 | payload_len += attr_list_len; |
| 635 | } | 625 | } |
| 626 | if (NULL != attests) | ||
| 627 | { | ||
| 628 | // Get length | ||
| 629 | attests_list_len = | ||
| 630 | GNUNET_RECLAIM_attestation_list_serialize_get_size (attests); | ||
| 631 | params.attest_list_len = htonl (attests_list_len); | ||
| 632 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 633 | "Length of serialized attestations: %lu\n", | ||
| 634 | attests_list_len); | ||
| 635 | // Get serialized attributes | ||
| 636 | payload_len += attests_list_len; | ||
| 637 | } | ||
| 638 | |||
| 636 | // Get plaintext length | 639 | // Get plaintext length |
| 637 | payload = GNUNET_malloc (payload_len); | 640 | payload = GNUNET_malloc (payload_len); |
| 638 | memcpy (payload, ¶ms, sizeof(params)); | 641 | memcpy (payload, ¶ms, sizeof(params)); |
| @@ -643,7 +646,10 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
| 643 | tmp += code_challenge_len; | 646 | tmp += code_challenge_len; |
| 644 | } | 647 | } |
| 645 | if (0 < attr_list_len) | 648 | if (0 < attr_list_len) |
| 646 | GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, tmp); | 649 | GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); |
| 650 | if (0 < attests_list_len) | ||
| 651 | GNUNET_RECLAIM_attestation_list_serialize (attests, tmp); | ||
| 652 | |||
| 647 | /** END **/ | 653 | /** END **/ |
| 648 | 654 | ||
| 649 | /** ENCRYPT **/ | 655 | /** ENCRYPT **/ |
| @@ -711,7 +717,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
| 711 | const char *code, | 717 | const char *code, |
| 712 | const char *code_verifier, | 718 | const char *code_verifier, |
| 713 | struct GNUNET_RECLAIM_Ticket *ticket, | 719 | struct GNUNET_RECLAIM_Ticket *ticket, |
| 714 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs, | 720 | struct GNUNET_RECLAIM_AttributeList **attrs, |
| 721 | struct GNUNET_RECLAIM_AttestationList **attests, | ||
| 715 | char **nonce_str) | 722 | char **nonce_str) |
| 716 | { | 723 | { |
| 717 | char *code_payload; | 724 | char *code_payload; |
| @@ -829,7 +836,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
| 829 | // Attributes | 836 | // Attributes |
| 830 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; | 837 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; |
| 831 | attrs_ser_len = ntohl (params->attr_list_len); | 838 | attrs_ser_len = ntohl (params->attr_list_len); |
| 832 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, attrs_ser_len); | 839 | *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); |
| 833 | 840 | ||
| 834 | *nonce_str = NULL; | 841 | *nonce_str = NULL; |
| 835 | if (nonce != 0) | 842 | if (nonce != 0) |