diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-04-26 14:47:29 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-04-26 14:47:29 +0200 |
commit | dba51d34726695de64bca656399ed8f82d225f53 (patch) | |
tree | ad64981fb7189fe0c12b3e6c7f7f819bfe4d700a /src/reclaim/plugin_rest_openid_connect.c | |
parent | b6d8d75ac3700abee64adb452b7e3652b75933c0 (diff) | |
download | gnunet-dba51d34726695de64bca656399ed8f82d225f53.tar.gz gnunet-dba51d34726695de64bca656399ed8f82d225f53.zip |
RECLAIM/REST: simplify auth code; include attrs
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 49 |
1 files changed, 8 insertions, 41 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 6cf1ffdee..07cb55d79 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -676,37 +676,6 @@ return_userinfo_response (void *cls) | |||
676 | cleanup_handle (handle); | 676 | cleanup_handle (handle); |
677 | } | 677 | } |
678 | 678 | ||
679 | /** | ||
680 | * Returns base64 encoded string urlencoded | ||
681 | * | ||
682 | * @param string the string to encode | ||
683 | * @return base64 encoded string | ||
684 | */ | ||
685 | static char * | ||
686 | base64_encode (const char *s) | ||
687 | { | ||
688 | char *enc; | ||
689 | char *enc_urlencode; | ||
690 | char *tmp; | ||
691 | int i; | ||
692 | int num_pads = 0; | ||
693 | |||
694 | GNUNET_STRINGS_base64_encode (s, strlen (s), &enc); | ||
695 | tmp = strchr (enc, '='); | ||
696 | num_pads = strlen (enc) - (tmp - enc); | ||
697 | GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); | ||
698 | if (0 == num_pads) | ||
699 | return enc; | ||
700 | enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads * 2); | ||
701 | strcpy (enc_urlencode, enc); | ||
702 | GNUNET_free (enc); | ||
703 | tmp = strchr (enc_urlencode, '='); | ||
704 | for (i = 0; i < num_pads; i++) { | ||
705 | strcpy (tmp, "%3D"); // replace '=' with '%3D' | ||
706 | tmp += 3; | ||
707 | } | ||
708 | return enc_urlencode; | ||
709 | } | ||
710 | 679 | ||
711 | /** | 680 | /** |
712 | * Respond to OPTIONS request | 681 | * Respond to OPTIONS request |
@@ -870,8 +839,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
870 | struct MHD_Response *resp; | 839 | struct MHD_Response *resp; |
871 | char *ticket_str; | 840 | char *ticket_str; |
872 | char *redirect_uri; | 841 | char *redirect_uri; |
873 | char *code_json_string; | 842 | char *code_string; |
874 | char *code_base64_final_string; | ||
875 | 843 | ||
876 | handle->idp_op = NULL; | 844 | handle->idp_op = NULL; |
877 | handle->ticket = *ticket; | 845 | handle->ticket = *ticket; |
@@ -884,20 +852,20 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
884 | ticket_str = GNUNET_STRINGS_data_to_string_alloc ( | 852 | ticket_str = GNUNET_STRINGS_data_to_string_alloc ( |
885 | &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); | 853 | &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); |
886 | // TODO change if more attributes are needed (see max_age) | 854 | // TODO change if more attributes are needed (see max_age) |
887 | code_json_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, | 855 | code_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, |
856 | handle->attr_list, | ||
888 | handle->oidc->nonce); | 857 | handle->oidc->nonce); |
889 | code_base64_final_string = base64_encode (code_json_string); | ||
890 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | 858 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
891 | (NULL != handle->tld)) { | 859 | (NULL != handle->tld)) { |
892 | 860 | ||
893 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | 861 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", |
894 | handle->redirect_prefix, handle->tld, | 862 | handle->redirect_prefix, handle->tld, |
895 | handle->redirect_suffix, handle->oidc->response_type, | 863 | handle->redirect_suffix, handle->oidc->response_type, |
896 | code_base64_final_string, handle->oidc->state); | 864 | code_string, handle->oidc->state); |
897 | } else { | 865 | } else { |
898 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | 866 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", |
899 | handle->oidc->redirect_uri, handle->oidc->response_type, | 867 | handle->oidc->redirect_uri, handle->oidc->response_type, |
900 | code_base64_final_string, handle->oidc->state); | 868 | code_string, handle->oidc->state); |
901 | } | 869 | } |
902 | resp = GNUNET_REST_create_response (""); | 870 | resp = GNUNET_REST_create_response (""); |
903 | MHD_add_response_header (resp, "Location", redirect_uri); | 871 | MHD_add_response_header (resp, "Location", redirect_uri); |
@@ -905,8 +873,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
905 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 873 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
906 | GNUNET_free (redirect_uri); | 874 | GNUNET_free (redirect_uri); |
907 | GNUNET_free (ticket_str); | 875 | GNUNET_free (ticket_str); |
908 | GNUNET_free (code_json_string); | 876 | GNUNET_free (code_string); |
909 | GNUNET_free (code_base64_final_string); | ||
910 | } | 877 | } |
911 | 878 | ||
912 | static void | 879 | static void |
@@ -1653,7 +1620,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, | |||
1653 | } | 1620 | } |
1654 | 1621 | ||
1655 | // decode code | 1622 | // decode code |
1656 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, &ticket, &nonce)) { | 1623 | ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); |
1624 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, ticket, &cl, &nonce)) { | ||
1657 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1625 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1658 | handle->edesc = GNUNET_strdup ("invalid code"); | 1626 | handle->edesc = GNUNET_strdup ("invalid code"); |
1659 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1627 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -1692,7 +1660,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, | |||
1692 | return; | 1660 | return; |
1693 | } | 1661 | } |
1694 | // TODO We should collect the attributes here. cl always empty | 1662 | // TODO We should collect the attributes here. cl always empty |
1695 | cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | ||
1696 | id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl, | 1663 | id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl, |
1697 | &expiration_time, | 1664 | &expiration_time, |
1698 | (NULL != nonce) ? nonce : NULL, jwt_secret); | 1665 | (NULL != nonce) ? nonce : NULL, jwt_secret); |