diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-08-19 19:05:23 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-08-20 17:59:01 +0200 |
commit | e75869506cc08e08056168383bd4ab02e1f007de (patch) | |
tree | b4617425e38fbd7070f6a6d7cd41544a7f41df5d /src/reclaim/plugin_reclaim_credential_jwt.c | |
parent | 1ca1140d4602dcc5c66da0d1ab1b082db9258ead (diff) | |
download | gnunet-e75869506cc08e08056168383bd4ab02e1f007de.tar.gz gnunet-e75869506cc08e08056168383bd4ab02e1f007de.zip |
- towards separation between credentials and presentations thereof, wip, ftbfs
Diffstat (limited to 'src/reclaim/plugin_reclaim_credential_jwt.c')
-rw-r--r-- | src/reclaim/plugin_reclaim_credential_jwt.c | 320 |
1 files changed, 320 insertions, 0 deletions
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c new file mode 100644 index 000000000..38effcf78 --- /dev/null +++ b/src/reclaim/plugin_reclaim_credential_jwt.c | |||
@@ -0,0 +1,320 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_reclaim_credential_jwt.c | ||
23 | * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for | ||
24 | * JWT credentials. | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_reclaim_plugin.h" | ||
31 | #include <inttypes.h> | ||
32 | #include <jansson.h> | ||
33 | |||
34 | /** | ||
35 | * Convert the 'value' of an credential to a string. | ||
36 | * | ||
37 | * @param cls closure, unused | ||
38 | * @param type type of the credential | ||
39 | * @param data value in binary encoding | ||
40 | * @param data_size number of bytes in @a data | ||
41 | * @return NULL on error, otherwise human-readable representation of the value | ||
42 | */ | ||
43 | static char * | ||
44 | jwt_value_to_string (void *cls, | ||
45 | uint32_t type, | ||
46 | const void *data, | ||
47 | size_t data_size) | ||
48 | { | ||
49 | switch (type) | ||
50 | { | ||
51 | case GNUNET_RECLAIM_credential_TYPE_JWT: | ||
52 | return GNUNET_strndup (data, data_size); | ||
53 | |||
54 | default: | ||
55 | return NULL; | ||
56 | } | ||
57 | } | ||
58 | |||
59 | |||
60 | /** | ||
61 | * Convert human-readable version of a 'value' of an credential to the binary | ||
62 | * representation. | ||
63 | * | ||
64 | * @param cls closure, unused | ||
65 | * @param type type of the credential | ||
66 | * @param s human-readable string | ||
67 | * @param data set to value in binary encoding (will be allocated) | ||
68 | * @param data_size set to number of bytes in @a data | ||
69 | * @return #GNUNET_OK on success | ||
70 | */ | ||
71 | static int | ||
72 | jwt_string_to_value (void *cls, | ||
73 | uint32_t type, | ||
74 | const char *s, | ||
75 | void **data, | ||
76 | size_t *data_size) | ||
77 | { | ||
78 | if (NULL == s) | ||
79 | return GNUNET_SYSERR; | ||
80 | switch (type) | ||
81 | { | ||
82 | case GNUNET_RECLAIM_credential_TYPE_JWT: | ||
83 | *data = GNUNET_strdup (s); | ||
84 | *data_size = strlen (s); | ||
85 | return GNUNET_OK; | ||
86 | |||
87 | default: | ||
88 | return GNUNET_SYSERR; | ||
89 | } | ||
90 | } | ||
91 | |||
92 | |||
93 | /** | ||
94 | * Mapping of credential type numbers to human-readable | ||
95 | * credential type names. | ||
96 | */ | ||
97 | static struct | ||
98 | { | ||
99 | const char *name; | ||
100 | uint32_t number; | ||
101 | } jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_credential_TYPE_JWT }, | ||
102 | { NULL, UINT32_MAX } }; | ||
103 | |||
104 | /** | ||
105 | * Convert a type name to the corresponding number. | ||
106 | * | ||
107 | * @param cls closure, unused | ||
108 | * @param jwt_typename name to convert | ||
109 | * @return corresponding number, UINT32_MAX on error | ||
110 | */ | ||
111 | static uint32_t | ||
112 | jwt_typename_to_number (void *cls, const char *jwt_typename) | ||
113 | { | ||
114 | unsigned int i; | ||
115 | |||
116 | i = 0; | ||
117 | while ((NULL != jwt_cred_name_map[i].name) && | ||
118 | (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name))) | ||
119 | i++; | ||
120 | return jwt_cred_name_map[i].number; | ||
121 | } | ||
122 | |||
123 | |||
124 | /** | ||
125 | * Convert a type number (i.e. 1) to the corresponding type string | ||
126 | * | ||
127 | * @param cls closure, unused | ||
128 | * @param type number of a type to convert | ||
129 | * @return corresponding typestring, NULL on error | ||
130 | */ | ||
131 | static const char * | ||
132 | jwt_number_to_typename (void *cls, uint32_t type) | ||
133 | { | ||
134 | unsigned int i; | ||
135 | |||
136 | i = 0; | ||
137 | while ((NULL != jwt_cred_name_map[i].name) && (type != | ||
138 | jwt_cred_name_map[i]. | ||
139 | number)) | ||
140 | i++; | ||
141 | return jwt_cred_name_map[i].name; | ||
142 | } | ||
143 | |||
144 | |||
145 | /** | ||
146 | * Parse a JWT and return the respective claim value as Attribute | ||
147 | * | ||
148 | * @param cls the plugin | ||
149 | * @param cred the jwt credential | ||
150 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
151 | */ | ||
152 | struct GNUNET_RECLAIM_AttributeList * | ||
153 | jwt_parse_attributes (void *cls, | ||
154 | const struct GNUNET_RECLAIM_Credential *cred) | ||
155 | { | ||
156 | char *jwt_string; | ||
157 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
158 | char delim[] = "."; | ||
159 | char *val_str = NULL; | ||
160 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
161 | char *decoded_jwt; | ||
162 | json_t *json_val; | ||
163 | json_error_t *json_err = NULL; | ||
164 | |||
165 | /* GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "%s\n", cred->data); (not OK: 'data' is not defined as 0-terminated text, but binary) */ | ||
166 | if (GNUNET_RECLAIM_credential_TYPE_JWT != cred->type) | ||
167 | return NULL; | ||
168 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
169 | |||
170 | jwt_string = GNUNET_strdup (cred->data); | ||
171 | const char *jwt_body = strtok (jwt_string, delim); | ||
172 | jwt_body = strtok (NULL, delim); | ||
173 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
174 | (void **) &decoded_jwt); | ||
175 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", decoded_jwt); | ||
176 | GNUNET_assert (NULL != decoded_jwt); | ||
177 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
178 | const char *key; | ||
179 | json_t *value; | ||
180 | json_object_foreach (json_val, key, value) { | ||
181 | if (0 == strcmp ("iss", key)) | ||
182 | continue; | ||
183 | if (0 == strcmp ("exp", key)) | ||
184 | continue; | ||
185 | if (0 == strcmp ("iat", key)) | ||
186 | continue; | ||
187 | if (0 == strcmp ("nbf", key)) | ||
188 | continue; | ||
189 | if (0 == strcmp ("aud", key)) | ||
190 | continue; | ||
191 | val_str = json_dumps (value, JSON_ENCODE_ANY); | ||
192 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
193 | key, | ||
194 | NULL, | ||
195 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME | ||
196 | val_str, | ||
197 | strlen (val_str)); | ||
198 | GNUNET_free (val_str); | ||
199 | } | ||
200 | GNUNET_free (jwt_string); | ||
201 | return attrs; | ||
202 | } | ||
203 | |||
204 | |||
205 | /** | ||
206 | * Parse a JWT and return the issuer | ||
207 | * | ||
208 | * @param cls the plugin | ||
209 | * @param cred the jwt credential | ||
210 | * @return a string, containing the isser | ||
211 | */ | ||
212 | char * | ||
213 | jwt_get_issuer (void *cls, | ||
214 | const struct GNUNET_RECLAIM_Credential *cred) | ||
215 | { | ||
216 | const char *jwt_body; | ||
217 | char *jwt_string; | ||
218 | char delim[] = "."; | ||
219 | char *issuer = NULL; | ||
220 | char *decoded_jwt; | ||
221 | json_t *issuer_json; | ||
222 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
223 | json_t *json_val; | ||
224 | json_error_t *json_err = NULL; | ||
225 | |||
226 | if (GNUNET_RECLAIM_credential_TYPE_JWT != cred->type) | ||
227 | return NULL; | ||
228 | jwt_string = GNUNET_strdup (cred->data); | ||
229 | jwt_body = strtok (jwt_string, delim); | ||
230 | jwt_body = strtok (NULL, delim); | ||
231 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
232 | (void **) &decoded_jwt); | ||
233 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
234 | issuer_json = json_object_get (json_val, "iss"); | ||
235 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | ||
236 | return NULL; | ||
237 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | ||
238 | GNUNET_free (jwt_string); | ||
239 | return issuer; | ||
240 | } | ||
241 | |||
242 | |||
243 | /** | ||
244 | * Parse a JWT and return the expiration | ||
245 | * | ||
246 | * @param cls the plugin | ||
247 | * @param cred the jwt credential | ||
248 | * @return a string, containing the isser | ||
249 | */ | ||
250 | int | ||
251 | jwt_get_expiration (void *cls, | ||
252 | const struct GNUNET_RECLAIM_Credential *cred, | ||
253 | struct GNUNET_TIME_Absolute *exp) | ||
254 | { | ||
255 | const char *jwt_body; | ||
256 | char *jwt_string; | ||
257 | char delim[] = "."; | ||
258 | char *decoded_jwt; | ||
259 | json_t *exp_json; | ||
260 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
261 | json_t *json_val; | ||
262 | json_error_t *json_err = NULL; | ||
263 | |||
264 | if (GNUNET_RECLAIM_credential_TYPE_JWT != cred->type) | ||
265 | return GNUNET_NO; | ||
266 | jwt_string = GNUNET_strdup (cred->data); | ||
267 | jwt_body = strtok (jwt_string, delim); | ||
268 | jwt_body = strtok (NULL, delim); | ||
269 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
270 | (void **) &decoded_jwt); | ||
271 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
272 | exp_json = json_object_get (json_val, "exp"); | ||
273 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | ||
274 | return GNUNET_SYSERR; | ||
275 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | ||
276 | GNUNET_free (jwt_string); | ||
277 | return GNUNET_OK; | ||
278 | } | ||
279 | |||
280 | |||
281 | /** | ||
282 | * Entry point for the plugin. | ||
283 | * | ||
284 | * @param cls NULL | ||
285 | * @return the exported block API | ||
286 | */ | ||
287 | void * | ||
288 | libgnunet_plugin_reclaim_credential_jwt_init (void *cls) | ||
289 | { | ||
290 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
291 | |||
292 | api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); | ||
293 | api->value_to_string = &jwt_value_to_string; | ||
294 | api->string_to_value = &jwt_string_to_value; | ||
295 | api->typename_to_number = &jwt_typename_to_number; | ||
296 | api->number_to_typename = &jwt_number_to_typename; | ||
297 | api->get_attributes = &jwt_parse_attributes; | ||
298 | api->get_issuer = &jwt_get_issuer; | ||
299 | api->get_expiration = &jwt_get_expiration; | ||
300 | return api; | ||
301 | } | ||
302 | |||
303 | |||
304 | /** | ||
305 | * Exit point from the plugin. | ||
306 | * | ||
307 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
308 | * @return NULL | ||
309 | */ | ||
310 | void * | ||
311 | libgnunet_plugin_reclaim_credential_jwt_done (void *cls) | ||
312 | { | ||
313 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; | ||
314 | |||
315 | GNUNET_free (api); | ||
316 | return NULL; | ||
317 | } | ||
318 | |||
319 | |||
320 | /* end of plugin_reclaim_credential_type_jwt.c */ | ||