diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-07 21:15:59 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-09 20:38:11 +0100 |
commit | e8ea1f3e34e2a07cbe2fd4725e7362027d0c51c3 (patch) | |
tree | 5b11a525700872147d92d8195615e4352d6d18b1 /src/reclaim/plugin_reclaim_attestation_jwt.c | |
parent | 5f9f9cae1714eb33e0ee9c824f3d88e6aab8cf63 (diff) | |
download | gnunet-e8ea1f3e34e2a07cbe2fd4725e7362027d0c51c3.tar.gz gnunet-e8ea1f3e34e2a07cbe2fd4725e7362027d0c51c3.zip |
add expiration
Diffstat (limited to 'src/reclaim/plugin_reclaim_attestation_jwt.c')
-rw-r--r-- | src/reclaim/plugin_reclaim_attestation_jwt.c | 100 |
1 files changed, 94 insertions, 6 deletions
diff --git a/src/reclaim/plugin_reclaim_attestation_jwt.c b/src/reclaim/plugin_reclaim_attestation_jwt.c index 8a67b18cd..ec31584d5 100644 --- a/src/reclaim/plugin_reclaim_attestation_jwt.c +++ b/src/reclaim/plugin_reclaim_attestation_jwt.c | |||
@@ -142,12 +142,12 @@ jwt_number_to_typename (void *cls, uint32_t type) | |||
142 | return jwt_attest_name_map[i].name; | 142 | return jwt_attest_name_map[i].name; |
143 | } | 143 | } |
144 | 144 | ||
145 | |||
145 | /** | 146 | /** |
146 | * Parse a JWT and return the respective claim value as Attribute | 147 | * Parse a JWT and return the respective claim value as Attribute |
147 | * | 148 | * |
149 | * @param cls the plugin | ||
148 | * @param attest the jwt attestation | 150 | * @param attest the jwt attestation |
149 | * @param claim the name of the claim in the JWT | ||
150 | * | ||
151 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | 151 | * @return a GNUNET_RECLAIM_Attribute, containing the new value |
152 | */ | 152 | */ |
153 | struct GNUNET_RECLAIM_AttributeList * | 153 | struct GNUNET_RECLAIM_AttributeList * |
@@ -163,6 +163,7 @@ jwt_parse_attributes (void *cls, | |||
163 | json_t *json_val; | 163 | json_t *json_val; |
164 | json_error_t *json_err = NULL; | 164 | json_error_t *json_err = NULL; |
165 | 165 | ||
166 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "%s\n", attest->data); | ||
166 | if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) | 167 | if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) |
167 | return NULL; | 168 | return NULL; |
168 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | 169 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); |
@@ -170,27 +171,112 @@ jwt_parse_attributes (void *cls, | |||
170 | jwt_string = GNUNET_strdup (attest->data); | 171 | jwt_string = GNUNET_strdup (attest->data); |
171 | const char *jwt_body = strtok (jwt_string, delim); | 172 | const char *jwt_body = strtok (jwt_string, delim); |
172 | jwt_body = strtok (NULL, delim); | 173 | jwt_body = strtok (NULL, delim); |
173 | GNUNET_STRINGS_base64_decode (jwt_body, strlen (jwt_body), | 174 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
174 | (void **) &decoded_jwt); | 175 | (void **) &decoded_jwt); |
176 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", decoded_jwt); | ||
177 | GNUNET_assert (NULL != decoded_jwt); | ||
175 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 178 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
176 | const char *key; | 179 | const char *key; |
177 | json_t *value; | 180 | json_t *value; |
178 | json_object_foreach (json_val, key, value) { | 181 | json_object_foreach (json_val, key, value) { |
182 | if (0 == strcmp ("iss", key)) | ||
183 | continue; | ||
184 | if (0 == strcmp ("exp", key)) | ||
185 | continue; | ||
186 | if (0 == strcmp ("iat", key)) | ||
187 | continue; | ||
188 | if (0 == strcmp ("nbf", key)) | ||
189 | continue; | ||
190 | if (0 == strcmp ("aud", key)) | ||
191 | continue; | ||
179 | val_str = json_dumps (value, JSON_ENCODE_ANY); | 192 | val_str = json_dumps (value, JSON_ENCODE_ANY); |
180 | GNUNET_RECLAIM_attribute_list_add (attrs, | 193 | GNUNET_RECLAIM_attribute_list_add (attrs, |
181 | key, | 194 | key, |
182 | NULL, | 195 | NULL, |
183 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,//FIXME | 196 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME |
184 | val_str, | 197 | val_str, |
185 | strlen (val_str)); | 198 | strlen (val_str)); |
186 | GNUNET_free (val_str); | 199 | GNUNET_free (val_str); |
187 | } | 200 | } |
188 | GNUNET_free (jwt_string); | 201 | GNUNET_free (jwt_string); |
189 | //FIXME needed?? | ||
190 | return attrs; | 202 | return attrs; |
191 | } | 203 | } |
192 | 204 | ||
193 | 205 | ||
206 | /** | ||
207 | * Parse a JWT and return the issuer | ||
208 | * | ||
209 | * @param cls the plugin | ||
210 | * @param attest the jwt attestation | ||
211 | * @return a string, containing the isser | ||
212 | */ | ||
213 | char * | ||
214 | jwt_get_issuer (void *cls, | ||
215 | const struct GNUNET_RECLAIM_Attestation *attest) | ||
216 | { | ||
217 | const char *jwt_body; | ||
218 | char *jwt_string; | ||
219 | char delim[] = "."; | ||
220 | char *issuer = NULL; | ||
221 | char *decoded_jwt; | ||
222 | json_t *issuer_json; | ||
223 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
224 | json_t *json_val; | ||
225 | json_error_t *json_err = NULL; | ||
226 | |||
227 | if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) | ||
228 | return NULL; | ||
229 | jwt_string = GNUNET_strdup (attest->data); | ||
230 | jwt_body = strtok (jwt_string, delim); | ||
231 | jwt_body = strtok (NULL, delim); | ||
232 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
233 | (void **) &decoded_jwt); | ||
234 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
235 | issuer_json = json_object_get (json_val, "iss"); | ||
236 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | ||
237 | return NULL; | ||
238 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | ||
239 | GNUNET_free (jwt_string); | ||
240 | return issuer; | ||
241 | } | ||
242 | |||
243 | |||
244 | /** | ||
245 | * Parse a JWT and return the expiration | ||
246 | * | ||
247 | * @param cls the plugin | ||
248 | * @param attest the jwt attestation | ||
249 | * @return a string, containing the isser | ||
250 | */ | ||
251 | int | ||
252 | jwt_get_expiration (void *cls, | ||
253 | const struct GNUNET_RECLAIM_Attestation *attest, | ||
254 | struct GNUNET_TIME_Absolute *exp) | ||
255 | { | ||
256 | const char *jwt_body; | ||
257 | char *jwt_string; | ||
258 | char delim[] = "."; | ||
259 | char *decoded_jwt; | ||
260 | json_t *exp_json; | ||
261 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
262 | json_t *json_val; | ||
263 | json_error_t *json_err = NULL; | ||
264 | |||
265 | if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) | ||
266 | return GNUNET_NO; | ||
267 | jwt_string = GNUNET_strdup (attest->data); | ||
268 | jwt_body = strtok (jwt_string, delim); | ||
269 | jwt_body = strtok (NULL, delim); | ||
270 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
271 | (void **) &decoded_jwt); | ||
272 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
273 | exp_json = json_object_get (json_val, "exp"); | ||
274 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | ||
275 | return GNUNET_SYSERR; | ||
276 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | ||
277 | GNUNET_free (jwt_string); | ||
278 | return GNUNET_OK; | ||
279 | } | ||
194 | 280 | ||
195 | 281 | ||
196 | /** | 282 | /** |
@@ -210,6 +296,8 @@ libgnunet_plugin_reclaim_attestation_jwt_init (void *cls) | |||
210 | api->typename_to_number = &jwt_typename_to_number; | 296 | api->typename_to_number = &jwt_typename_to_number; |
211 | api->number_to_typename = &jwt_number_to_typename; | 297 | api->number_to_typename = &jwt_number_to_typename; |
212 | api->get_attributes = &jwt_parse_attributes; | 298 | api->get_attributes = &jwt_parse_attributes; |
299 | api->get_issuer = &jwt_get_issuer; | ||
300 | api->get_expiration = &jwt_get_expiration; | ||
213 | return api; | 301 | return api; |
214 | } | 302 | } |
215 | 303 | ||