diff options
| author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-04-26 14:47:29 +0200 |
|---|---|---|
| committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-04-26 14:47:29 +0200 |
| commit | dba51d34726695de64bca656399ed8f82d225f53 (patch) | |
| tree | ad64981fb7189fe0c12b3e6c7f7f819bfe4d700a /src/reclaim/plugin_rest_openid_connect.c | |
| parent | b6d8d75ac3700abee64adb452b7e3652b75933c0 (diff) | |
| download | gnunet-dba51d34726695de64bca656399ed8f82d225f53.tar.gz gnunet-dba51d34726695de64bca656399ed8f82d225f53.zip | |
RECLAIM/REST: simplify auth code; include attrs
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
| -rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 49 |
1 files changed, 8 insertions, 41 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 6cf1ffdee..07cb55d79 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
| @@ -676,37 +676,6 @@ return_userinfo_response (void *cls) | |||
| 676 | cleanup_handle (handle); | 676 | cleanup_handle (handle); |
| 677 | } | 677 | } |
| 678 | 678 | ||
| 679 | /** | ||
| 680 | * Returns base64 encoded string urlencoded | ||
| 681 | * | ||
| 682 | * @param string the string to encode | ||
| 683 | * @return base64 encoded string | ||
| 684 | */ | ||
| 685 | static char * | ||
| 686 | base64_encode (const char *s) | ||
| 687 | { | ||
| 688 | char *enc; | ||
| 689 | char *enc_urlencode; | ||
| 690 | char *tmp; | ||
| 691 | int i; | ||
| 692 | int num_pads = 0; | ||
| 693 | |||
| 694 | GNUNET_STRINGS_base64_encode (s, strlen (s), &enc); | ||
| 695 | tmp = strchr (enc, '='); | ||
| 696 | num_pads = strlen (enc) - (tmp - enc); | ||
| 697 | GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); | ||
| 698 | if (0 == num_pads) | ||
| 699 | return enc; | ||
| 700 | enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads * 2); | ||
| 701 | strcpy (enc_urlencode, enc); | ||
| 702 | GNUNET_free (enc); | ||
| 703 | tmp = strchr (enc_urlencode, '='); | ||
| 704 | for (i = 0; i < num_pads; i++) { | ||
| 705 | strcpy (tmp, "%3D"); // replace '=' with '%3D' | ||
| 706 | tmp += 3; | ||
| 707 | } | ||
| 708 | return enc_urlencode; | ||
| 709 | } | ||
| 710 | 679 | ||
| 711 | /** | 680 | /** |
| 712 | * Respond to OPTIONS request | 681 | * Respond to OPTIONS request |
| @@ -870,8 +839,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
| 870 | struct MHD_Response *resp; | 839 | struct MHD_Response *resp; |
| 871 | char *ticket_str; | 840 | char *ticket_str; |
| 872 | char *redirect_uri; | 841 | char *redirect_uri; |
| 873 | char *code_json_string; | 842 | char *code_string; |
| 874 | char *code_base64_final_string; | ||
| 875 | 843 | ||
| 876 | handle->idp_op = NULL; | 844 | handle->idp_op = NULL; |
| 877 | handle->ticket = *ticket; | 845 | handle->ticket = *ticket; |
| @@ -884,20 +852,20 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
| 884 | ticket_str = GNUNET_STRINGS_data_to_string_alloc ( | 852 | ticket_str = GNUNET_STRINGS_data_to_string_alloc ( |
| 885 | &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); | 853 | &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); |
| 886 | // TODO change if more attributes are needed (see max_age) | 854 | // TODO change if more attributes are needed (see max_age) |
| 887 | code_json_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, | 855 | code_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, |
| 856 | handle->attr_list, | ||
| 888 | handle->oidc->nonce); | 857 | handle->oidc->nonce); |
| 889 | code_base64_final_string = base64_encode (code_json_string); | ||
| 890 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | 858 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
| 891 | (NULL != handle->tld)) { | 859 | (NULL != handle->tld)) { |
| 892 | 860 | ||
| 893 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | 861 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", |
| 894 | handle->redirect_prefix, handle->tld, | 862 | handle->redirect_prefix, handle->tld, |
| 895 | handle->redirect_suffix, handle->oidc->response_type, | 863 | handle->redirect_suffix, handle->oidc->response_type, |
| 896 | code_base64_final_string, handle->oidc->state); | 864 | code_string, handle->oidc->state); |
| 897 | } else { | 865 | } else { |
| 898 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | 866 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", |
| 899 | handle->oidc->redirect_uri, handle->oidc->response_type, | 867 | handle->oidc->redirect_uri, handle->oidc->response_type, |
| 900 | code_base64_final_string, handle->oidc->state); | 868 | code_string, handle->oidc->state); |
| 901 | } | 869 | } |
| 902 | resp = GNUNET_REST_create_response (""); | 870 | resp = GNUNET_REST_create_response (""); |
| 903 | MHD_add_response_header (resp, "Location", redirect_uri); | 871 | MHD_add_response_header (resp, "Location", redirect_uri); |
| @@ -905,8 +873,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
| 905 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 873 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
| 906 | GNUNET_free (redirect_uri); | 874 | GNUNET_free (redirect_uri); |
| 907 | GNUNET_free (ticket_str); | 875 | GNUNET_free (ticket_str); |
| 908 | GNUNET_free (code_json_string); | 876 | GNUNET_free (code_string); |
| 909 | GNUNET_free (code_base64_final_string); | ||
| 910 | } | 877 | } |
| 911 | 878 | ||
| 912 | static void | 879 | static void |
| @@ -1653,7 +1620,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, | |||
| 1653 | } | 1620 | } |
| 1654 | 1621 | ||
| 1655 | // decode code | 1622 | // decode code |
| 1656 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, &ticket, &nonce)) { | 1623 | ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); |
| 1624 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, ticket, &cl, &nonce)) { | ||
| 1657 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1625 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
| 1658 | handle->edesc = GNUNET_strdup ("invalid code"); | 1626 | handle->edesc = GNUNET_strdup ("invalid code"); |
| 1659 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1627 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -1692,7 +1660,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, | |||
| 1692 | return; | 1660 | return; |
| 1693 | } | 1661 | } |
| 1694 | // TODO We should collect the attributes here. cl always empty | 1662 | // TODO We should collect the attributes here. cl always empty |
| 1695 | cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | ||
| 1696 | id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl, | 1663 | id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl, |
| 1697 | &expiration_time, | 1664 | &expiration_time, |
| 1698 | (NULL != nonce) ? nonce : NULL, jwt_secret); | 1665 | (NULL != nonce) ? nonce : NULL, jwt_secret); |