aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2019-04-27 12:38:34 +0200
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2019-04-27 12:38:34 +0200
commit2daceb88a897e29f5c49a4e8888991f32d97e610 (patch)
tree3268968074058c9cc00960379aec3f43cafced87 /src/reclaim/plugin_rest_openid_connect.c
parentaa304a7441012252e6bf33e0944b7c5cac16baf9 (diff)
downloadgnunet-2daceb88a897e29f5c49a4e8888991f32d97e610.tar.gz
gnunet-2daceb88a897e29f5c49a4e8888991f32d97e610.zip
RECLAIM/OIDC: more code cleanup
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c86
1 files changed, 10 insertions, 76 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 053aa2f4f..11d6d743d 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -222,16 +222,6 @@ static char *OIDC_ignored_parameter_array[] = {"display",
222struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map; 222struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map;
223 223
224/** 224/**
225 * OIDC authorized identities and times hashmap
226 */
227struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants;
228
229/**
230 * OIDC Hash map that keeps track of used authorization code(s)
231 */
232struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map;
233
234/**
235 * Hash map that links the issued access token to the corresponding ticket and 225 * Hash map that links the issued access token to the corresponding ticket and
236 * ego 226 * ego
237 */ 227 */
@@ -1671,7 +1661,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1671 char *access_token; 1661 char *access_token;
1672 char *jwt_secret; 1662 char *jwt_secret;
1673 char *nonce; 1663 char *nonce;
1674 int i = 1;
1675 1664
1676 /* 1665 /*
1677 * Check Authorization 1666 * Check Authorization
@@ -1693,9 +1682,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1693 GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, 1682 GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY,
1694 strlen (OIDC_GRANT_TYPE_KEY), 1683 strlen (OIDC_GRANT_TYPE_KEY),
1695 &cache_key); 1684 &cache_key);
1696 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle 1685 grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY);
1697 ->url_param_map, 1686 if (NULL == grant_type)
1698 &cache_key))
1699 { 1687 {
1700 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1688 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1701 handle->edesc = GNUNET_strdup ("missing parameter grant_type"); 1689 handle->edesc = GNUNET_strdup ("missing parameter grant_type");
@@ -1703,39 +1691,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1703 GNUNET_SCHEDULER_add_now (&do_error, handle); 1691 GNUNET_SCHEDULER_add_now (&do_error, handle);
1704 return; 1692 return;
1705 } 1693 }
1706 grant_type =
1707 GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1708 &cache_key);
1709
1710 // REQUIRED code
1711 GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
1712 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1713 ->url_param_map,
1714 &cache_key))
1715 {
1716 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1717 handle->edesc = GNUNET_strdup ("missing parameter code");
1718 handle->response_code = MHD_HTTP_BAD_REQUEST;
1719 GNUNET_SCHEDULER_add_now (&do_error, handle);
1720 return;
1721 }
1722 code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1723 &cache_key);
1724
1725 // REQUIRED redirect_uri
1726 GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY,
1727 strlen (OIDC_REDIRECT_URI_KEY),
1728 &cache_key);
1729 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1730 ->url_param_map,
1731 &cache_key))
1732 {
1733 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1734 handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1735 handle->response_code = MHD_HTTP_BAD_REQUEST;
1736 GNUNET_SCHEDULER_add_now (&do_error, handle);
1737 return;
1738 }
1739 1694
1740 // Check parameter grant_type == "authorization_code" 1695 // Check parameter grant_type == "authorization_code"
1741 if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) 1696 if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
@@ -1745,15 +1700,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1745 GNUNET_SCHEDULER_add_now (&do_error, handle); 1700 GNUNET_SCHEDULER_add_now (&do_error, handle);
1746 return; 1701 return;
1747 } 1702 }
1748 GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); 1703
1749 if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_put ( 1704 // REQUIRED code
1750 OIDC_used_ticket_map, 1705 code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
1751 &cache_key, 1706 if (NULL == code)
1752 &i,
1753 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1754 { 1707 {
1755 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1708 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1756 handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); 1709 handle->edesc = GNUNET_strdup ("missing parameter code");
1757 handle->response_code = MHD_HTTP_BAD_REQUEST; 1710 handle->response_code = MHD_HTTP_BAD_REQUEST;
1758 GNUNET_SCHEDULER_add_now (&do_error, handle); 1711 GNUNET_SCHEDULER_add_now (&do_error, handle);
1759 return; 1712 return;
@@ -1802,7 +1755,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1802 GNUNET_SCHEDULER_add_now (&do_error, handle); 1755 GNUNET_SCHEDULER_add_now (&do_error, handle);
1803 return; 1756 return;
1804 } 1757 }
1805 // TODO We should collect the attributes here. cl always empty
1806 id_token = OIDC_id_token_new (&ticket.audience, 1758 id_token = OIDC_id_token_new (&ticket.audience,
1807 &ticket.identity, 1759 &ticket.identity,
1808 cl, 1760 cl,
@@ -2110,10 +2062,6 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2110 handle->oidc = GNUNET_new (struct OIDC_Variables); 2062 handle->oidc = GNUNET_new (struct OIDC_Variables);
2111 if (NULL == OIDC_cookie_jar_map) 2063 if (NULL == OIDC_cookie_jar_map)
2112 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2064 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2113 if (NULL == OIDC_identity_grants)
2114 OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2115 if (NULL == OIDC_used_ticket_map)
2116 OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2117 if (NULL == OIDC_access_token_map) 2065 if (NULL == OIDC_access_token_map)
2118 OIDC_access_token_map = 2066 OIDC_access_token_map =
2119 GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2067 GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
@@ -2166,7 +2114,7 @@ libgnunet_plugin_rest_openid_connect_init (void *cls)
2166 MHD_HTTP_METHOD_OPTIONS); 2114 MHD_HTTP_METHOD_OPTIONS);
2167 2115
2168 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2116 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2169 _ ("Identity Provider REST API initialized\n")); 2117 _ ("OpenID Connect REST API initialized\n"));
2170 return api; 2118 return api;
2171} 2119}
2172 2120
@@ -2194,20 +2142,6 @@ libgnunet_plugin_rest_openid_connect_done (void *cls)
2194 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); 2142 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2195 2143
2196 hashmap_it = 2144 hashmap_it =
2197 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants);
2198 while (GNUNET_YES ==
2199 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2200 GNUNET_free_non_null (value);
2201 GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants);
2202
2203 hashmap_it =
2204 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map);
2205 while (GNUNET_YES ==
2206 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2207 GNUNET_free_non_null (value);
2208 GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map);
2209
2210 hashmap_it =
2211 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); 2145 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map);
2212 while (GNUNET_YES == 2146 while (GNUNET_YES ==
2213 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2147 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
@@ -2217,8 +2151,8 @@ libgnunet_plugin_rest_openid_connect_done (void *cls)
2217 GNUNET_free_non_null (allow_methods); 2151 GNUNET_free_non_null (allow_methods);
2218 GNUNET_free (api); 2152 GNUNET_free (api);
2219 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2153 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2220 "Identity Provider REST plugin is finished\n"); 2154 "OpenID Connect REST plugin is finished\n");
2221 return NULL; 2155 return NULL;
2222} 2156}
2223 2157
2224/* end of plugin_rest_identity_provider.c */ 2158/* end of plugin_rest_openid_connect.c */