Refactoring reclaim attestations

author: Schanzenbach, Martin <mschanzenbach@posteo.de> 2020-02-04 18:42:04 +0100
committer: Schanzenbach, Martin <mschanzenbach@posteo.de> 2020-02-09 20:38:10 +0100
commit: 55f6d26b7424d660c99bc89f3677b20294e87a27 (patch)
tree: a8080fdcf0d9688c154417e50c58055e364f8b6b /src/reclaim/plugin_rest_openid_connect.c
parent: 5b6bb2ce4d60635b2af950d72b45f12686fd5218 (diff)
download: gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.tar.gz
gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.zip
1 files changed, 119 insertions, 176 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 741094f21..610f93dbe 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -428,7 +428,13 @@ struct RequestHandle
  /**
   * Attribute claim list
   */
-  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_AttributeList *attr_list;
+  /**
+   * Attestation list
+   */
+  struct GNUNET_RECLAIM_AttestationList *attests_list;
  /**
   * IDENTITY Operation
@@ -523,8 +529,7 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_AttributeListEntry *claim_entry;
-  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
  struct EgoEntry *ego_entry;
  struct EgoEntry *ego_tmp;
@@ -564,22 +569,9 @@ cleanup_handle (struct RequestHandle *handle)
    json_decref (handle->oidc->response);
    GNUNET_free (handle->oidc);
  }
-  if (NULL != handle->attr_list)
+  GNUNET_RECLAIM_attribute_list_destroy (handle->attr_list);
-  {
+  GNUNET_RECLAIM_attestation_list_destroy (handle->attests_list);
-    for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;)
-    {
-      claim_tmp = claim_entry;
-      claim_entry = claim_entry->next;
-      if (NULL != claim_tmp->claim)
-        GNUNET_free (claim_tmp->claim);
-      if (NULL != claim_tmp->attest)
-        GNUNET_free (claim_tmp->attest);
-      if (NULL != claim_tmp->reference)
-        GNUNET_free (claim_tmp->reference);
-      GNUNET_free (claim_tmp);
-    }
-    GNUNET_free (handle->attr_list);
-  }
  for (ego_entry = handle->ego_head; NULL != ego_entry;)
  {
    ego_tmp = ego_entry;
@@ -934,6 +926,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
  code_string = OIDC_build_authz_code (&handle->priv_key,
                                       &handle->ticket,
                                       handle->attr_list,
+                                       handle->attests_list,
                                       handle->oidc->nonce,
                                       handle->oidc->code_challenge);
  if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
@@ -991,107 +984,61 @@ oidc_collect_finished_cb (void *cls)
 /**
- * Collects all attributes/references for an ego if in scope parameter
+ * Collects all attributes for an ego if in scope parameter
 */
 static void
 oidc_attr_collect (void *cls,
                   const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
+                   const struct GNUNET_RECLAIM_Attribute *attr,
-                   const struct GNUNET_RECLAIM_ATTESTATION_Claim *attest,
+                   const struct GNUNET_RECLAIM_Attestation *attest)
-                   const struct GNUNET_RECLAIM_ATTESTATION_REFERENCE *reference)
 {
  struct RequestHandle *handle = cls;
-  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_AttributeListEntry *le;
  char *scope_variables;
  char *scope_variable;
  char delimiter[] = " ";
-  if ((NULL == attr) && (NULL == reference))
+  scope_variables = GNUNET_strdup (handle->oidc->scope);
+  scope_variable = strtok (scope_variables, delimiter);
+  while (NULL != scope_variable)
  {
-    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+    if (0 == strcmp (attr->name, scope_variable))
-    return;
+      break;
+    scope_variable = strtok (NULL, delimiter);
  }
-  if (NULL != reference)
+  if (NULL == scope_variable)
  {
-    if ((NULL == reference->name) || (NULL == reference->reference_value))
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
-    {
-      return;
-    }
-    scope_variables = GNUNET_strdup (handle->oidc->scope);
-    scope_variable = strtok (scope_variables, delimiter);
-    while (NULL != scope_variable)
-    {
-      if (0 == strcmp (reference->name, scope_variable))
-        break;
-      scope_variable = strtok (NULL, delimiter);
-    }
-    if (NULL == scope_variable)
-    {
-      GNUNET_free (scope_variables);
-      return;
-    }
    GNUNET_free (scope_variables);
-    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le2;
+    // We can ignore this
-    le2 = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+    return;
-    le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+  }
-    le->claim = NULL;
+  GNUNET_free (scope_variables);
-    le->reference = NULL;
+  le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
-    le->attest = GNUNET_RECLAIM_ATTESTATION_claim_new (attest->name,
+  le->attribute = GNUNET_RECLAIM_attribute_new (attr->name,
+                                                &attr->attestation,
+                                                attr->type,
+                                                attr->data,
+                                                attr->data_size);
+  le->attribute->id = attr->id;
+  le->attribute->flag = attr->flag;
+  le->attribute->attestation = attr->attestation;
+  GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
+                               handle->attr_list->list_tail,
+                               le);
+  if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&attr->attestation))
+  {
+    struct GNUNET_RECLAIM_AttestationListEntry *ale;
+    ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry);
+    ale->attestation = GNUNET_RECLAIM_attestation_new (attest->name,
                                                       attest->type,
                                                       attest->data,
                                                       attest->data_size);
-    le->attest->id = attest->id;
+    GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head,
-    le2->attest = NULL;
+                                 handle->attests_list->list_tail,
-    le2->claim = NULL;
+                                 ale);
-    le2->reference = GNUNET_RECLAIM_ATTESTATION_reference_new (reference->name,
-                                                               reference->
-                                                               reference_value);
-    le2->reference->id = reference->id;
-    le2->reference->id_attest = reference->id_attest;
-    GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
-                                 handle->attr_list->list_tail,
-                                 le);
-    GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
-                                 handle->attr_list->list_tail,
-                                 le2);
-  }
-  else if (NULL != attr)
-  {
-    if ((NULL == attr->name) || (NULL == attr->data))
-    {
-      GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
-      return;
-    }
-    scope_variables = GNUNET_strdup (handle->oidc->scope);
-    scope_variable = strtok (scope_variables, delimiter);
-    while (NULL != scope_variable)
-    {
-      if (0 == strcmp (attr->name, scope_variable))
-        break;
-      scope_variable = strtok (NULL, delimiter);
-    }
-    if (NULL == scope_variable)
-    {
-      GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
-      GNUNET_free (scope_variables);
-      return;
-    }
-    GNUNET_free (scope_variables);
-    le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-    le->reference = NULL;
-    le->attest = NULL;
-    le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
-                                                    attr->type,
-                                                    attr->data,
-                                                    attr->data_size);
-    le->claim->id = attr->id;
-    le->claim->flag = attr->flag;
-    GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
-                                 handle->attr_list->list_tail,
-                                 le);
-    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
  }
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
@@ -1149,7 +1096,7 @@ code_redirect (void *cls)
            *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
          handle->idp = GNUNET_RECLAIM_connect (cfg);
          handle->attr_list =
-            GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+            GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
          handle->attr_it =
            GNUNET_RECLAIM_get_attributes_start (handle->idp,
                                                 &handle->priv_key,
@@ -1784,7 +1731,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  struct RequestHandle *handle = cls;
  const struct EgoEntry *ego_entry;
  struct GNUNET_TIME_Relative expiration_time;
-  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl;
+  struct GNUNET_RECLAIM_AttributeList *cl;
+  struct GNUNET_RECLAIM_AttestationList *al;
  struct GNUNET_RECLAIM_Ticket ticket;
  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
@@ -1872,7 +1820,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  // decode code
  if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket,
-                                          &cl, &nonce))
+                                          &cl, &al, &nonce))
  {
    handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
    handle->edesc = GNUNET_strdup ("invalid code");
@@ -1912,6 +1860,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  id_token = OIDC_id_token_new (&ticket.audience,
                                &ticket.identity,
                                cl,
+                                al,
                                &expiration_time,
                                (NULL != nonce) ? nonce : NULL,
                                jwt_secret);
@@ -1927,7 +1876,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  MHD_add_response_header (resp, "Pragma", "no-cache");
  MHD_add_response_header (resp, "Content-Type", "application/json");
  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
-  GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl);
+  GNUNET_RECLAIM_attribute_list_destroy (cl);
+  GNUNET_RECLAIM_attestation_list_destroy (al);
  GNUNET_free (access_token);
  GNUNET_free (json_response);
  GNUNET_free (id_token);
@@ -1936,14 +1886,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 /**
-     * Collects claims and stores them in handle
+ * Collects claims and stores them in handle
-     */
+ */
 static void
 consume_ticket (void *cls,
                const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
+                const struct GNUNET_RECLAIM_Attribute *attr,
-                const struct GNUNET_RECLAIM_ATTESTATION_Claim *attest,
+                const struct GNUNET_RECLAIM_Attestation *attest)
-                const struct GNUNET_RECLAIM_ATTESTATION_REFERENCE *reference)
 {
  struct RequestHandle *handle = cls;
  if (NULL == identity)
@@ -1951,82 +1900,76 @@ consume_ticket (void *cls,
    GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
    return;
  }
-  if (NULL != attr)
+  if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attr->attestation))
  {
    char *tmp_value;
    json_t *value;
-    tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+    tmp_value = GNUNET_RECLAIM_attribute_value_to_string (attr->type,
                                                          attr->data,
                                                          attr->data_size);
    value = json_string (tmp_value);
    json_object_set_new (handle->oidc->response, attr->name, value);
    GNUNET_free (tmp_value);
+    return;
  }
-  else if ((NULL != attest) && (NULL != reference))
+  json_t *claim_sources;
-  {
+  json_t *claim_sources_jwt;
-    json_t *claim_sources;
+  json_t *claim_names;
-    json_t *claim_sources_jwt;
+  char *attest_val_str;
-    json_t *claim_names;
+  claim_sources = json_object_get (handle->oidc->response,"_claim_sources");
-    char *attest_val_str;
+  claim_names = json_object_get (handle->oidc->response,"_claim_names");
-    claim_sources=json_object_get(handle->oidc->response,"_claim_sources");
+  attest_val_str =
-    claim_names=json_object_get(handle->oidc->response,"_claim_names");
+    GNUNET_RECLAIM_attestation_value_to_string (attest->type,
-    attest_val_str = GNUNET_RECLAIM_ATTESTATION_value_to_string (attest->type,
+                                                attest->data,
-                                                                 attest->data,
+                                                attest->data_size);
-                                                                 attest->
+  if ((NULL == claim_sources) && (NULL == claim_names) )
-                                                                 data_size);
+  {
-    if ((NULL == claim_sources) && (NULL == claim_names) )
+    claim_sources = json_object ();
-    {
+    claim_names = json_object ();
-      claim_sources = json_object ();
+  }
-      claim_names = json_object ();
+  char *source_name;
-    }
+  int i = 0;
-    char *source_name;
+  GNUNET_asprintf (&source_name, "src%d", i);
-    int i = 0;
+  while (NULL != (claim_sources_jwt = json_object_get (claim_sources,
-    GNUNET_asprintf (&source_name,"src%d",i);
+                                                       source_name)))
-    while (NULL != (claim_sources_jwt = json_object_get (claim_sources,
+  {
-                                                         source_name)))
+    if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,
+                                                         "JWT")),
+                     attest_val_str))
    {
-      if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,
+      // Adapt only the claim names
-                                                           "JWT")),
+      json_object_set_new (claim_names, attr->data,
-                       attest_val_str))
+                           json_string (source_name));
-      {
+      json_object_set (handle->oidc->response,
-        // Adapt only the claim names
+                       "_claim_names", claim_names);
-        json_object_set_new (claim_names, reference->name, json_string (
+      break;
-                               source_name));
-        json_object_set (handle->oidc->response, "_claim_names",claim_names);
-        handle->oidc->response = json_deep_copy(handle->oidc->response);
-        break;
-      }
-      i++;
-      GNUNET_asprintf (&source_name,"src%d",i);
-    }
-    // Create new one
-    if (NULL == claim_sources_jwt)
-    {
-      claim_sources_jwt = json_object ();
-      // Set the JWT for names
-      json_object_set_new (claim_names, reference->name, json_string (
-                             source_name));
-      // Set the JWT for the inner source
-      json_object_set_new (claim_sources_jwt, "JWT", json_string (
-                             attest_val_str));
-      // Set the JWT for the source
-      json_object_set_new (claim_sources, source_name,claim_sources_jwt);
-      // Set as claims
-      json_object_set (handle->oidc->response, "_claim_names", claim_names);
-      json_object_set (handle->oidc->response, "_claim_sources",claim_sources);
-      handle->oidc->response = json_deep_copy(handle->oidc->response);
    }
+    i++;
-    json_decref (claim_sources);
+    GNUNET_free (source_name);
-    json_decref (claim_names);
+    GNUNET_asprintf (&source_name, "src%d", i);
-    json_decref (claim_sources_jwt);
+  }
-    GNUNET_free (attest_val_str);
-  }
+  // Create new one
-  else
+  if (NULL == claim_sources_jwt)
-  {
+  {
-    // REMARK: We should not find any claim, one of attest/ref is NULL
+    claim_sources_jwt = json_object ();
-  }
+    // Set the JWT for names
+    json_object_set_new (claim_names, attr->data,
+                         json_string (source_name));
+    // Set the JWT for the inner source
+    json_object_set_new (claim_sources_jwt, "JWT",
+                         json_string (attest_val_str));
+    // Set the JWT for the source
+    json_object_set_new (claim_sources, source_name, claim_sources_jwt);
+    // Set as claims
+    json_object_set (handle->oidc->response, "_claim_names", claim_names);
+    json_object_set (handle->oidc->response, "_claim_sources",claim_sources);
+  }
+  json_decref (claim_sources);
+  json_decref (claim_names);
+  json_decref (claim_sources_jwt);
+  GNUNET_free (attest_val_str);
 }
author	Schanzenbach, Martin <mschanzenbach@posteo.de>	2020-02-04 18:42:04 +0100
committer	Schanzenbach, Martin <mschanzenbach@posteo.de>	2020-02-09 20:38:10 +0100
commit	55f6d26b7424d660c99bc89f3677b20294e87a27 (patch)
tree	a8080fdcf0d9688c154417e50c58055e364f8b6b /src/reclaim/plugin_rest_openid_connect.c
parent	5b6bb2ce4d60635b2af950d72b45f12686fd5218 (diff)
download	gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.tar.gz gnunet-55f6d26b7424d660c99bc89f3677b20294e87a27.zip

diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 741094f21..610f93dbe 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -428,7 +428,13 @@ struct RequestHandle
428	/**	428	/**
429	* Attribute claim list	429	* Attribute claim list
430	*/	430	*/
431	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;	431	struct GNUNET_RECLAIM_AttributeList *attr_list;
		432
		433	/**
		434	* Attestation list
		435	*/
		436	struct GNUNET_RECLAIM_AttestationList *attests_list;
		437
432		438
433	/**	439	/**
434	* IDENTITY Operation	440	* IDENTITY Operation
@@ -523,8 +529,7 @@ struct RequestHandle
523	static void	529	static void
524	cleanup_handle (struct RequestHandle *handle)	530	cleanup_handle (struct RequestHandle *handle)
525	{	531	{
526	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;	532	struct GNUNET_RECLAIM_AttributeListEntry *claim_entry;
527	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
528	struct EgoEntry *ego_entry;	533	struct EgoEntry *ego_entry;
529	struct EgoEntry *ego_tmp;	534	struct EgoEntry *ego_tmp;
530		535
@@ -564,22 +569,9 @@ cleanup_handle (struct RequestHandle *handle)
564	json_decref (handle->oidc->response);	569	json_decref (handle->oidc->response);
565	GNUNET_free (handle->oidc);	570	GNUNET_free (handle->oidc);
566	}	571	}
567	if (NULL != handle->attr_list)	572	GNUNET_RECLAIM_attribute_list_destroy (handle->attr_list);
568	{	573	GNUNET_RECLAIM_attestation_list_destroy (handle->attests_list);
569	for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;)	574
570	{
571	claim_tmp = claim_entry;
572	claim_entry = claim_entry->next;
573	if (NULL != claim_tmp->claim)
574	GNUNET_free (claim_tmp->claim);
575	if (NULL != claim_tmp->attest)
576	GNUNET_free (claim_tmp->attest);
577	if (NULL != claim_tmp->reference)
578	GNUNET_free (claim_tmp->reference);
579	GNUNET_free (claim_tmp);
580	}
581	GNUNET_free (handle->attr_list);
582	}
583	for (ego_entry = handle->ego_head; NULL != ego_entry;)	575	for (ego_entry = handle->ego_head; NULL != ego_entry;)
584	{	576	{
585	ego_tmp = ego_entry;	577	ego_tmp = ego_entry;
@@ -934,6 +926,7 @@ oidc_ticket_issue_cb (void cls, const struct GNUNET_RECLAIM_Ticket ticket)
934	code_string = OIDC_build_authz_code (&handle->priv_key,	926	code_string = OIDC_build_authz_code (&handle->priv_key,
935	&handle->ticket,	927	&handle->ticket,
936	handle->attr_list,	928	handle->attr_list,
		929	handle->attests_list,
937	handle->oidc->nonce,	930	handle->oidc->nonce,
938	handle->oidc->code_challenge);	931	handle->oidc->code_challenge);
939	if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&	932	if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
@@ -991,107 +984,61 @@ oidc_collect_finished_cb (void *cls)
991		984
992		985
993	/**	986	/**
994	* Collects all attributes/references for an ego if in scope parameter	987	* Collects all attributes for an ego if in scope parameter
995	*/	988	*/
996	static void	989	static void
997	oidc_attr_collect (void *cls,	990	oidc_attr_collect (void *cls,
998	const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,	991	const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
999	const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,	992	const struct GNUNET_RECLAIM_Attribute *attr,
1000	const struct GNUNET_RECLAIM_ATTESTATION_Claim *attest,	993	const struct GNUNET_RECLAIM_Attestation *attest)
1001	const struct GNUNET_RECLAIM_ATTESTATION_REFERENCE *reference)
1002	{	994	{
1003	struct RequestHandle *handle = cls;	995	struct RequestHandle *handle = cls;
1004	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;	996	struct GNUNET_RECLAIM_AttributeListEntry *le;
1005	char *scope_variables;	997	char *scope_variables;
1006	char *scope_variable;	998	char *scope_variable;
1007	char delimiter[] = " ";	999	char delimiter[] = " ";
1008		1000
1009	if ((NULL == attr) && (NULL == reference))	1001	scope_variables = GNUNET_strdup (handle->oidc->scope);
		1002	scope_variable = strtok (scope_variables, delimiter);
		1003	while (NULL != scope_variable)
1010	{	1004	{
1011	GNUNET_RECLAIM_get_attributes_next (handle->attr_it);	1005	if (0 == strcmp (attr->name, scope_variable))
1012	return;	1006	break;
		1007	scope_variable = strtok (NULL, delimiter);
1013	}	1008	}
1014	if (NULL != reference)	1009	if (NULL == scope_variable)
1015	{	1010	{
1016	if ((NULL == reference->name) \|\| (NULL == reference->reference_value))	1011	GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1017	{
1018	return;
1019	}
1020	scope_variables = GNUNET_strdup (handle->oidc->scope);
1021	scope_variable = strtok (scope_variables, delimiter);
1022	while (NULL != scope_variable)
1023	{
1024	if (0 == strcmp (reference->name, scope_variable))
1025	break;
1026	scope_variable = strtok (NULL, delimiter);
1027	}
1028	if (NULL == scope_variable)
1029	{
1030	GNUNET_free (scope_variables);
1031	return;
1032	}
1033	GNUNET_free (scope_variables);	1012	GNUNET_free (scope_variables);
1034	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le2;	1013	// We can ignore this
1035	le2 = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);	1014	return;
1036	le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);	1015	}
1037	le->claim = NULL;	1016	GNUNET_free (scope_variables);
1038	le->reference = NULL;	1017	le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
1039	le->attest = GNUNET_RECLAIM_ATTESTATION_claim_new (attest->name,	1018	le->attribute = GNUNET_RECLAIM_attribute_new (attr->name,
		1019	&attr->attestation,
		1020	attr->type,
		1021	attr->data,
		1022	attr->data_size);
		1023	le->attribute->id = attr->id;
		1024	le->attribute->flag = attr->flag;
		1025	le->attribute->attestation = attr->attestation;
		1026	GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
		1027	handle->attr_list->list_tail,
		1028	le);
		1029	if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&attr->attestation))
		1030	{
		1031	struct GNUNET_RECLAIM_AttestationListEntry *ale;
		1032	ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry);
		1033	ale->attestation = GNUNET_RECLAIM_attestation_new (attest->name,
1040	attest->type,	1034	attest->type,
1041	attest->data,	1035	attest->data,
1042	attest->data_size);	1036	attest->data_size);
1043	le->attest->id = attest->id;	1037	GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head,
1044	le2->attest = NULL;	1038	handle->attests_list->list_tail,
1045	le2->claim = NULL;	1039	ale);
1046	le2->reference = GNUNET_RECLAIM_ATTESTATION_reference_new (reference->name,
1047	reference->
1048	reference_value);
1049	le2->reference->id = reference->id;
1050	le2->reference->id_attest = reference->id_attest;
1051	GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
1052	handle->attr_list->list_tail,
1053	le);
1054	GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
1055	handle->attr_list->list_tail,
1056	le2);
1057	}
1058	else if (NULL != attr)
1059	{
1060	if ((NULL == attr->name) \|\| (NULL == attr->data))
1061	{
1062	GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1063	return;
1064	}
1065	scope_variables = GNUNET_strdup (handle->oidc->scope);
1066	scope_variable = strtok (scope_variables, delimiter);
1067	while (NULL != scope_variable)
1068	{
1069	if (0 == strcmp (attr->name, scope_variable))
1070	break;
1071	scope_variable = strtok (NULL, delimiter);
1072	}
1073	if (NULL == scope_variable)
1074	{
1075	GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1076	GNUNET_free (scope_variables);
1077	return;
1078	}
1079	GNUNET_free (scope_variables);
1080	le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
1081	le->reference = NULL;
1082	le->attest = NULL;
1083	le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
1084	attr->type,
1085	attr->data,
1086	attr->data_size);
1087	le->claim->id = attr->id;
1088	le->claim->flag = attr->flag;
1089
1090	GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
1091	handle->attr_list->list_tail,
1092	le);
1093	GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1094	}	1040	}
		1041	GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1095	}	1042	}
1096		1043
1097		1044
@@ -1149,7 +1096,7 @@ code_redirect (void *cls)
1149	*GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);	1096	*GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
1150	handle->idp = GNUNET_RECLAIM_connect (cfg);	1097	handle->idp = GNUNET_RECLAIM_connect (cfg);
1151	handle->attr_list =	1098	handle->attr_list =
1152	GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);	1099	GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
1153	handle->attr_it =	1100	handle->attr_it =
1154	GNUNET_RECLAIM_get_attributes_start (handle->idp,	1101	GNUNET_RECLAIM_get_attributes_start (handle->idp,
1155	&handle->priv_key,	1102	&handle->priv_key,
@@ -1784,7 +1731,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1784	struct RequestHandle *handle = cls;	1731	struct RequestHandle *handle = cls;
1785	const struct EgoEntry *ego_entry;	1732	const struct EgoEntry *ego_entry;
1786	struct GNUNET_TIME_Relative expiration_time;	1733	struct GNUNET_TIME_Relative expiration_time;
1787	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl;	1734	struct GNUNET_RECLAIM_AttributeList *cl;
		1735	struct GNUNET_RECLAIM_AttestationList *al;
1788	struct GNUNET_RECLAIM_Ticket ticket;	1736	struct GNUNET_RECLAIM_Ticket ticket;
1789	struct GNUNET_CRYPTO_EcdsaPublicKey cid;	1737	struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1790	const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;	1738	const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
@@ -1872,7 +1820,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1872		1820
1873	// decode code	1821	// decode code
1874	if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket,	1822	if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket,
1875	&cl, &nonce))	1823	&cl, &al, &nonce))
1876	{	1824	{
1877	handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);	1825	handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1878	handle->edesc = GNUNET_strdup ("invalid code");	1826	handle->edesc = GNUNET_strdup ("invalid code");
@@ -1912,6 +1860,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1912	id_token = OIDC_id_token_new (&ticket.audience,	1860	id_token = OIDC_id_token_new (&ticket.audience,
1913	&ticket.identity,	1861	&ticket.identity,
1914	cl,	1862	cl,
		1863	al,
1915	&expiration_time,	1864	&expiration_time,
1916	(NULL != nonce) ? nonce : NULL,	1865	(NULL != nonce) ? nonce : NULL,
1917	jwt_secret);	1866	jwt_secret);
@@ -1927,7 +1876,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1927	MHD_add_response_header (resp, "Pragma", "no-cache");	1876	MHD_add_response_header (resp, "Pragma", "no-cache");
1928	MHD_add_response_header (resp, "Content-Type", "application/json");	1877	MHD_add_response_header (resp, "Content-Type", "application/json");
1929	handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);	1878	handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1930	GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl);	1879	GNUNET_RECLAIM_attribute_list_destroy (cl);
		1880	GNUNET_RECLAIM_attestation_list_destroy (al);
1931	GNUNET_free (access_token);	1881	GNUNET_free (access_token);
1932	GNUNET_free (json_response);	1882	GNUNET_free (json_response);
1933	GNUNET_free (id_token);	1883	GNUNET_free (id_token);
@@ -1936,14 +1886,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1936		1886
1937		1887
1938	/**	1888	/**
1939	* Collects claims and stores them in handle	1889	* Collects claims and stores them in handle
1940	*/	1890	*/
1941	static void	1891	static void
1942	consume_ticket (void *cls,	1892	consume_ticket (void *cls,
1943	const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,	1893	const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
1944	const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,	1894	const struct GNUNET_RECLAIM_Attribute *attr,
1945	const struct GNUNET_RECLAIM_ATTESTATION_Claim *attest,	1895	const struct GNUNET_RECLAIM_Attestation *attest)
1946	const struct GNUNET_RECLAIM_ATTESTATION_REFERENCE *reference)
1947	{	1896	{
1948	struct RequestHandle *handle = cls;	1897	struct RequestHandle *handle = cls;
1949	if (NULL == identity)	1898	if (NULL == identity)
@@ -1951,82 +1900,76 @@ consume_ticket (void *cls,
1951	GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);	1900	GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
1952	return;	1901	return;
1953	}	1902	}
1954	if (NULL != attr)	1903	if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attr->attestation))
1955	{	1904	{
1956	char *tmp_value;	1905	char *tmp_value;
1957	json_t *value;	1906	json_t *value;
1958	tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,	1907	tmp_value = GNUNET_RECLAIM_attribute_value_to_string (attr->type,
1959	attr->data,	1908	attr->data,
1960	attr->data_size);	1909	attr->data_size);
1961	value = json_string (tmp_value);	1910	value = json_string (tmp_value);
1962	json_object_set_new (handle->oidc->response, attr->name, value);	1911	json_object_set_new (handle->oidc->response, attr->name, value);
1963	GNUNET_free (tmp_value);	1912	GNUNET_free (tmp_value);
		1913	return;
1964	}	1914	}
1965	else if ((NULL != attest) && (NULL != reference))	1915	json_t *claim_sources;
1966	{	1916	json_t *claim_sources_jwt;
1967	json_t *claim_sources;	1917	json_t *claim_names;
1968	json_t *claim_sources_jwt;	1918	char *attest_val_str;
1969	json_t *claim_names;	1919	claim_sources = json_object_get (handle->oidc->response,"_claim_sources");
1970	char *attest_val_str;	1920	claim_names = json_object_get (handle->oidc->response,"_claim_names");
1971	claim_sources=json_object_get(handle->oidc->response,"_claim_sources");	1921	attest_val_str =
1972	claim_names=json_object_get(handle->oidc->response,"_claim_names");	1922	GNUNET_RECLAIM_attestation_value_to_string (attest->type,
1973	attest_val_str = GNUNET_RECLAIM_ATTESTATION_value_to_string (attest->type,	1923	attest->data,
1974	attest->data,	1924	attest->data_size);
1975	attest->	1925	if ((NULL == claim_sources) && (NULL == claim_names) )
1976	data_size);	1926	{
1977	if ((NULL == claim_sources) && (NULL == claim_names) )	1927	claim_sources = json_object ();
1978	{	1928	claim_names = json_object ();
1979	claim_sources = json_object ();	1929	}
1980	claim_names = json_object ();	1930	char *source_name;
1981	}	1931	int i = 0;
1982	char *source_name;	1932	GNUNET_asprintf (&source_name, "src%d", i);
1983	int i = 0;	1933	while (NULL != (claim_sources_jwt = json_object_get (claim_sources,
1984	GNUNET_asprintf (&source_name,"src%d",i);	1934	source_name)))
1985	while (NULL != (claim_sources_jwt = json_object_get (claim_sources,	1935	{
1986	source_name)))	1936	if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,
		1937	"JWT")),
		1938	attest_val_str))
1987	{	1939	{
1988	if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,	1940	// Adapt only the claim names
1989	"JWT")),	1941	json_object_set_new (claim_names, attr->data,
1990	attest_val_str))	1942	json_string (source_name));
1991	{	1943	json_object_set (handle->oidc->response,
1992	// Adapt only the claim names	1944	"_claim_names", claim_names);
1993	json_object_set_new (claim_names, reference->name, json_string (	1945	break;
1994	source_name));
1995	json_object_set (handle->oidc->response, "_claim_names",claim_names);
1996	handle->oidc->response = json_deep_copy(handle->oidc->response);
1997	break;
1998	}
1999	i++;
2000	GNUNET_asprintf (&source_name,"src%d",i);
2001	}
2002
2003	// Create new one
2004	if (NULL == claim_sources_jwt)
2005	{
2006	claim_sources_jwt = json_object ();
2007	// Set the JWT for names
2008	json_object_set_new (claim_names, reference->name, json_string (
2009	source_name));
2010	// Set the JWT for the inner source
2011	json_object_set_new (claim_sources_jwt, "JWT", json_string (
2012	attest_val_str));
2013	// Set the JWT for the source
2014	json_object_set_new (claim_sources, source_name,claim_sources_jwt);
2015	// Set as claims
2016	json_object_set (handle->oidc->response, "_claim_names", claim_names);
2017	json_object_set (handle->oidc->response, "_claim_sources",claim_sources);
2018	handle->oidc->response = json_deep_copy(handle->oidc->response);
2019	}	1946	}
2020		1947	i++;
2021	json_decref (claim_sources);	1948	GNUNET_free (source_name);
2022	json_decref (claim_names);	1949	GNUNET_asprintf (&source_name, "src%d", i);
2023	json_decref (claim_sources_jwt);	1950	}
2024	GNUNET_free (attest_val_str);	1951
2025	}	1952	// Create new one
2026	else	1953	if (NULL == claim_sources_jwt)
2027	{	1954	{
2028	// REMARK: We should not find any claim, one of attest/ref is NULL	1955	claim_sources_jwt = json_object ();
2029	}	1956	// Set the JWT for names
		1957	json_object_set_new (claim_names, attr->data,
		1958	json_string (source_name));
		1959	// Set the JWT for the inner source
		1960	json_object_set_new (claim_sources_jwt, "JWT",
		1961	json_string (attest_val_str));
		1962	// Set the JWT for the source
		1963	json_object_set_new (claim_sources, source_name, claim_sources_jwt);
		1964	// Set as claims
		1965	json_object_set (handle->oidc->response, "_claim_names", claim_names);
		1966	json_object_set (handle->oidc->response, "_claim_sources",claim_sources);
		1967	}
		1968
		1969	json_decref (claim_sources);
		1970	json_decref (claim_names);
		1971	json_decref (claim_sources_jwt);
		1972	GNUNET_free (attest_val_str);
2030	}	1973	}
2031		1974
2032		1975