aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2019-04-15 10:24:25 +0200
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2019-04-15 10:24:25 +0200
commit45a04d9f5558f666c01f7fd0844be964bf610c9a (patch)
treecb9c9a5a1828cc11600a262565e53f488e670b5b /src/reclaim/plugin_rest_openid_connect.c
parent9ebfab9e4d1aeda1dcc3e032025a1574e08808e4 (diff)
downloadgnunet-45a04d9f5558f666c01f7fd0844be964bf610c9a.tar.gz
gnunet-45a04d9f5558f666c01f7fd0844be964bf610c9a.zip
RECLAIM/OIDC: Formatting
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c1034
1 files changed, 405 insertions, 629 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index e755f079b..761c9e83d 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -11,7 +11,7 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
@@ -24,22 +24,21 @@
24 * @brief GNUnet Namestore REST plugin 24 * @brief GNUnet Namestore REST plugin
25 * 25 *
26 */ 26 */
27
28#include "platform.h" 27#include "platform.h"
29#include "gnunet_rest_plugin.h" 28#include <inttypes.h>
30#include "gnunet_identity_service.h" 29#include <jansson.h>
30
31#include "gnunet_gns_service.h" 31#include "gnunet_gns_service.h"
32#include "gnunet_gnsrecord_lib.h" 32#include "gnunet_gnsrecord_lib.h"
33#include "gnunet_identity_service.h"
33#include "gnunet_namestore_service.h" 34#include "gnunet_namestore_service.h"
34#include "gnunet_rest_lib.h"
35#include "microhttpd.h"
36#include <jansson.h>
37#include <inttypes.h>
38#include "gnunet_signatures.h"
39#include "gnunet_reclaim_attribute_lib.h" 35#include "gnunet_reclaim_attribute_lib.h"
40#include "gnunet_reclaim_service.h" 36#include "gnunet_reclaim_service.h"
37#include "gnunet_rest_lib.h"
38#include "gnunet_rest_plugin.h"
39#include "gnunet_signatures.h"
40#include "microhttpd.h"
41#include "oidc_helper.h" 41#include "oidc_helper.h"
42
43/** 42/**
44 * REST root namespace 43 * REST root namespace
45 */ 44 */
@@ -206,20 +205,12 @@
206#define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" 205#define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied"
207 206
208 207
209
210/** 208/**
211 * OIDC ignored parameter array 209 * OIDC ignored parameter array
212 */ 210 */
213static char* OIDC_ignored_parameter_array [] = 211static char *OIDC_ignored_parameter_array[] = {
214{ 212 "display", "prompt", "ui_locales", "response_mode",
215 "display", 213 "id_token_hint", "login_hint", "acr_values"};
216 "prompt",
217 "ui_locales",
218 "response_mode",
219 "id_token_hint",
220 "login_hint",
221 "acr_values"
222};
223 214
224/** 215/**
225 * OIDC Hash map that keeps track of issued cookies 216 * OIDC Hash map that keeps track of issued cookies
@@ -237,7 +228,8 @@ struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants;
237struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map; 228struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map;
238 229
239/** 230/**
240 * Hash map that links the issued access token to the corresponding ticket and ego 231 * Hash map that links the issued access token to the corresponding ticket and
232 * ego
241 */ 233 */
242struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map; 234struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map;
243 235
@@ -249,7 +241,7 @@ const struct GNUNET_CONFIGURATION_Handle *cfg;
249/** 241/**
250 * HTTP methods allows for this plugin 242 * HTTP methods allows for this plugin
251 */ 243 */
252static char* allow_methods; 244static char *allow_methods;
253 245
254/** 246/**
255 * @brief struct returned by the initialization function of the plugin 247 * @brief struct returned by the initialization function of the plugin
@@ -313,7 +305,6 @@ struct OIDC_Variables
313 * The response JSON 305 * The response JSON
314 */ 306 */
315 json_t *response; 307 json_t *response;
316
317}; 308};
318 309
319/** 310/**
@@ -499,7 +490,6 @@ struct RequestHandle
499 * Reponse code 490 * Reponse code
500 */ 491 */
501 int response_code; 492 int response_code;
502
503}; 493};
504 494
505/** 495/**
@@ -513,8 +503,7 @@ cleanup_handle (struct RequestHandle *handle)
513 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; 503 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
514 struct EgoEntry *ego_entry; 504 struct EgoEntry *ego_entry;
515 struct EgoEntry *ego_tmp; 505 struct EgoEntry *ego_tmp;
516 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 506 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
517 "Cleaning up\n");
518 if (NULL != handle->timeout_task) 507 if (NULL != handle->timeout_task)
519 GNUNET_SCHEDULER_cancel (handle->timeout_task); 508 GNUNET_SCHEDULER_cancel (handle->timeout_task);
520 if (NULL != handle->identity_handle) 509 if (NULL != handle->identity_handle)
@@ -538,8 +527,7 @@ cleanup_handle (struct RequestHandle *handle)
538 527
539 if (NULL != handle->namestore_handle) 528 if (NULL != handle->namestore_handle)
540 GNUNET_NAMESTORE_disconnect (handle->namestore_handle); 529 GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
541 if (NULL != handle->oidc) 530 if (NULL != handle->oidc) {
542 {
543 GNUNET_free_non_null (handle->oidc->client_id); 531 GNUNET_free_non_null (handle->oidc->client_id);
544 GNUNET_free_non_null (handle->oidc->login_identity); 532 GNUNET_free_non_null (handle->oidc->login_identity);
545 GNUNET_free_non_null (handle->oidc->nonce); 533 GNUNET_free_non_null (handle->oidc->nonce);
@@ -550,11 +538,8 @@ cleanup_handle (struct RequestHandle *handle)
550 json_decref (handle->oidc->response); 538 json_decref (handle->oidc->response);
551 GNUNET_free (handle->oidc); 539 GNUNET_free (handle->oidc);
552 } 540 }
553 if ( NULL != handle->attr_list ) 541 if (NULL != handle->attr_list) {
554 { 542 for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) {
555 for (claim_entry = handle->attr_list->list_head;
556 NULL != claim_entry;)
557 {
558 claim_tmp = claim_entry; 543 claim_tmp = claim_entry;
559 claim_entry = claim_entry->next; 544 claim_entry = claim_entry->next;
560 GNUNET_free (claim_tmp->claim); 545 GNUNET_free (claim_tmp->claim);
@@ -562,9 +547,7 @@ cleanup_handle (struct RequestHandle *handle)
562 } 547 }
563 GNUNET_free (handle->attr_list); 548 GNUNET_free (handle->attr_list);
564 } 549 }
565 for (ego_entry = handle->ego_head; 550 for (ego_entry = handle->ego_head; NULL != ego_entry;) {
566 NULL != ego_entry;)
567 {
568 ego_tmp = ego_entry; 551 ego_tmp = ego_entry;
569 ego_entry = ego_entry->next; 552 ego_entry = ego_entry->next;
570 GNUNET_free (ego_tmp->identifier); 553 GNUNET_free (ego_tmp->identifier);
@@ -594,21 +577,19 @@ do_error (void *cls)
594 struct MHD_Response *resp; 577 struct MHD_Response *resp;
595 char *json_error; 578 char *json_error;
596 579
597 GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", 580 GNUNET_asprintf (
598 handle->emsg, 581 &json_error,
599 (NULL != handle->edesc) ? handle->edesc : "", 582 "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
600 (NULL != handle->oidc->state) ? ", \"state\":\"" : "", 583 handle->emsg, (NULL != handle->edesc) ? handle->edesc : "",
601 (NULL != handle->oidc->state) ? handle->oidc->state : "", 584 (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
602 (NULL != handle->oidc->state) ? "\"" : ""); 585 (NULL != handle->oidc->state) ? handle->oidc->state : "",
603 if ( 0 == handle->response_code ) 586 (NULL != handle->oidc->state) ? "\"" : "");
587 if (0 == handle->response_code)
604 handle->response_code = MHD_HTTP_BAD_REQUEST; 588 handle->response_code = MHD_HTTP_BAD_REQUEST;
605 resp = GNUNET_REST_create_response (json_error); 589 resp = GNUNET_REST_create_response (json_error);
606 if (MHD_HTTP_UNAUTHORIZED == handle->response_code) 590 if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
607 MHD_add_response_header (resp, 591 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
608 MHD_HTTP_HEADER_WWW_AUTHENTICATE, 592 MHD_add_response_header (resp, MHD_HTTP_HEADER_CONTENT_TYPE,
609 "Basic");
610 MHD_add_response_header (resp,
611 MHD_HTTP_HEADER_CONTENT_TYPE,
612 "application/json"); 593 "application/json");
613 handle->proc (handle->proc_cls, resp, handle->response_code); 594 handle->proc (handle->proc_cls, resp, handle->response_code);
614 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 595 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
@@ -630,12 +611,9 @@ do_userinfo_error (void *cls)
630 char *error; 611 char *error;
631 612
632 GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"", 613 GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"",
633 handle->emsg, 614 handle->emsg, (NULL != handle->edesc) ? handle->edesc : "");
634 (NULL != handle->edesc) ? handle->edesc : "");
635 resp = GNUNET_REST_create_response (""); 615 resp = GNUNET_REST_create_response ("");
636 MHD_add_response_header (resp, 616 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
637 MHD_HTTP_HEADER_WWW_AUTHENTICATE,
638 "Bearer");
639 handle->proc (handle->proc_cls, resp, handle->response_code); 617 handle->proc (handle->proc_cls, resp, handle->response_code);
640 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 618 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
641 GNUNET_free (error); 619 GNUNET_free (error);
@@ -652,9 +630,8 @@ do_redirect_error (void *cls)
652{ 630{
653 struct RequestHandle *handle = cls; 631 struct RequestHandle *handle = cls;
654 struct MHD_Response *resp; 632 struct MHD_Response *resp;
655 char* redirect; 633 char *redirect;
656 GNUNET_asprintf (&redirect, 634 GNUNET_asprintf (&redirect, "%s?error=%s&error_description=%s%s%s",
657 "%s?error=%s&error_description=%s%s%s",
658 handle->oidc->redirect_uri, handle->emsg, handle->edesc, 635 handle->oidc->redirect_uri, handle->emsg, handle->edesc,
659 (NULL != handle->oidc->state) ? "&state=" : "", 636 (NULL != handle->oidc->state) ? "&state=" : "",
660 (NULL != handle->oidc->state) ? handle->oidc->state : ""); 637 (NULL != handle->oidc->state) ? handle->oidc->state : "");
@@ -687,7 +664,7 @@ do_timeout (void *cls)
687static void 664static void
688return_userinfo_response (void *cls) 665return_userinfo_response (void *cls)
689{ 666{
690 char* result_str; 667 char *result_str;
691 struct RequestHandle *handle = cls; 668 struct RequestHandle *handle = cls;
692 struct MHD_Response *resp; 669 struct MHD_Response *resp;
693 670
@@ -705,7 +682,7 @@ return_userinfo_response (void *cls)
705 * @param string the string to encode 682 * @param string the string to encode
706 * @return base64 encoded string 683 * @return base64 encoded string
707 */ 684 */
708static char* 685static char *
709base64_encode (const char *s) 686base64_encode (const char *s)
710{ 687{
711 char *enc; 688 char *enc;
@@ -720,13 +697,12 @@ base64_encode (const char *s)
720 GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); 697 GNUNET_assert ((3 > num_pads) && (0 <= num_pads));
721 if (0 == num_pads) 698 if (0 == num_pads)
722 return enc; 699 return enc;
723 enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads*2); 700 enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads * 2);
724 strcpy (enc_urlencode, enc); 701 strcpy (enc_urlencode, enc);
725 GNUNET_free (enc); 702 GNUNET_free (enc);
726 tmp = strchr (enc_urlencode, '='); 703 tmp = strchr (enc_urlencode, '=');
727 for (i = 0; i < num_pads; i++) 704 for (i = 0; i < num_pads; i++) {
728 { 705 strcpy (tmp, "%3D"); // replace '=' with '%3D'
729 strcpy (tmp, "%3D"); //replace '=' with '%3D'
730 tmp += 3; 706 tmp += 3;
731 } 707 }
732 return enc_urlencode; 708 return enc_urlencode;
@@ -740,18 +716,15 @@ base64_encode (const char *s)
740 * @param cls the RequestHandle 716 * @param cls the RequestHandle
741 */ 717 */
742static void 718static void
743options_cont (struct GNUNET_REST_RequestHandle *con_handle, 719options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url,
744 const char* url,
745 void *cls) 720 void *cls)
746{ 721{
747 struct MHD_Response *resp; 722 struct MHD_Response *resp;
748 struct RequestHandle *handle = cls; 723 struct RequestHandle *handle = cls;
749 724
750 //For now, independent of path return all options 725 // For now, independent of path return all options
751 resp = GNUNET_REST_create_response (NULL); 726 resp = GNUNET_REST_create_response (NULL);
752 MHD_add_response_header (resp, 727 MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
753 "Access-Control-Allow-Methods",
754 allow_methods);
755 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 728 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
756 cleanup_handle (handle); 729 cleanup_handle (handle);
757 return; 730 return;
@@ -772,36 +745,30 @@ cookie_identity_interpretation (struct RequestHandle *handle)
772 char *token; 745 char *token;
773 char *value; 746 char *value;
774 747
775 //gets identity of login try with cookie 748 // gets identity of login try with cookie
776 GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), 749 GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
777 &cache_key); 750 &cache_key);
778 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, 751 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
779 &cache_key) ) 752 handle->rest_handle->header_param_map, &cache_key)) {
780 { 753 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
781 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
782 "No cookie found\n");
783 return; 754 return;
784 } 755 }
785 //splits cookies and find 'Identity' cookie 756 // splits cookies and find 'Identity' cookie
786 tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); 757 tmp_cookies = GNUNET_CONTAINER_multihashmap_get (
758 handle->rest_handle->header_param_map, &cache_key);
787 cookies = GNUNET_strdup (tmp_cookies); 759 cookies = GNUNET_strdup (tmp_cookies);
788 token = strtok (cookies, delimiter); 760 token = strtok (cookies, delimiter);
789 handle->oidc->user_cancelled = GNUNET_NO; 761 handle->oidc->user_cancelled = GNUNET_NO;
790 handle->oidc->login_identity = NULL; 762 handle->oidc->login_identity = NULL;
791 if (NULL == token) 763 if (NULL == token) {
792 { 764 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to parse cookie: %s\n",
793 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
794 "Unable to parse cookie: %s\n",
795 cookies); 765 cookies);
796 GNUNET_free (cookies); 766 GNUNET_free (cookies);
797 return; 767 return;
798 } 768 }
799 769
800 while (NULL != token) 770 while (NULL != token) {
801 { 771 if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) {
802 if (0 == strcmp (token,
803 OIDC_COOKIE_HEADER_ACCESS_DENIED))
804 {
805 handle->oidc->user_cancelled = GNUNET_YES; 772 handle->oidc->user_cancelled = GNUNET_YES;
806 GNUNET_free (cookies); 773 GNUNET_free (cookies);
807 return; 774 return;
@@ -810,33 +777,29 @@ cookie_identity_interpretation (struct RequestHandle *handle)
810 break; 777 break;
811 token = strtok (NULL, delimiter); 778 token = strtok (NULL, delimiter);
812 } 779 }
813 if (NULL == token) 780 if (NULL == token) {
814 { 781 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No cookie value to process: %s\n",
815 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
816 "No cookie value to process: %s\n",
817 cookies); 782 cookies);
818 GNUNET_free (cookies); 783 GNUNET_free (cookies);
819 return; 784 return;
820 } 785 }
821 GNUNET_CRYPTO_hash (token, strlen (token), 786 GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
822 &cache_key); 787 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map,
823 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) 788 &cache_key)) {
824 { 789 GNUNET_log (
825 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 790 GNUNET_ERROR_TYPE_WARNING,
826 "Found cookie `%s', but no corresponding expiration entry present...\n", 791 "Found cookie `%s', but no corresponding expiration entry present...\n",
827 token); 792 token);
828 GNUNET_free (cookies); 793 GNUNET_free (cookies);
829 return; 794 return;
830 } 795 }
831 relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, 796 relog_time =
832 &cache_key); 797 GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
833 current_time = GNUNET_TIME_absolute_get (); 798 current_time = GNUNET_TIME_absolute_get ();
834 // 30 min after old login -> redirect to login 799 // 30 min after old login -> redirect to login
835 if ( current_time.abs_value_us > relog_time->abs_value_us ) 800 if (current_time.abs_value_us > relog_time->abs_value_us) {
836 {
837 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 801 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
838 "Found cookie `%s', but it is expired.\n", 802 "Found cookie `%s', but it is expired.\n", token);
839 token);
840 GNUNET_free (cookies); 803 GNUNET_free (cookies);
841 return; 804 return;
842 } 805 }
@@ -856,30 +819,22 @@ login_redirect (void *cls)
856 struct MHD_Response *resp; 819 struct MHD_Response *resp;
857 struct RequestHandle *handle = cls; 820 struct RequestHandle *handle = cls;
858 821
859 if ( GNUNET_OK 822 if (GNUNET_OK ==
860 == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", 823 GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
861 "address", &login_base_url) ) 824 "address", &login_base_url)) {
862 {
863 GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", 825 GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
864 login_base_url, 826 login_base_url, OIDC_RESPONSE_TYPE_KEY,
865 OIDC_RESPONSE_TYPE_KEY, 827 handle->oidc->response_type, OIDC_CLIENT_ID_KEY,
866 handle->oidc->response_type, 828 handle->oidc->client_id, OIDC_REDIRECT_URI_KEY,
867 OIDC_CLIENT_ID_KEY, 829 handle->oidc->redirect_uri, OIDC_SCOPE_KEY,
868 handle->oidc->client_id, 830 handle->oidc->scope, OIDC_STATE_KEY,
869 OIDC_REDIRECT_URI_KEY,
870 handle->oidc->redirect_uri,
871 OIDC_SCOPE_KEY,
872 handle->oidc->scope,
873 OIDC_STATE_KEY,
874 (NULL != handle->oidc->state) ? handle->oidc->state : "", 831 (NULL != handle->oidc->state) ? handle->oidc->state : "",
875 OIDC_NONCE_KEY, 832 OIDC_NONCE_KEY,
876 (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); 833 (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "");
877 resp = GNUNET_REST_create_response (""); 834 resp = GNUNET_REST_create_response ("");
878 MHD_add_response_header (resp, "Location", new_redirect); 835 MHD_add_response_header (resp, "Location", new_redirect);
879 GNUNET_free (login_base_url); 836 GNUNET_free (login_base_url);
880 } 837 } else {
881 else
882 {
883 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 838 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
884 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 839 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
885 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 840 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -909,8 +864,7 @@ oidc_iteration_error (void *cls)
909 * parameter. Otherwise redirects with error 864 * parameter. Otherwise redirects with error
910 */ 865 */
911static void 866static void
912oidc_ticket_issue_cb (void* cls, 867oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
913 const struct GNUNET_RECLAIM_Ticket *ticket)
914{ 868{
915 struct RequestHandle *handle = cls; 869 struct RequestHandle *handle = cls;
916 struct MHD_Response *resp; 870 struct MHD_Response *resp;
@@ -921,37 +875,29 @@ oidc_ticket_issue_cb (void* cls,
921 875
922 handle->idp_op = NULL; 876 handle->idp_op = NULL;
923 handle->ticket = *ticket; 877 handle->ticket = *ticket;
924 if (NULL == ticket) 878 if (NULL == ticket) {
925 {
926 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 879 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
927 handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); 880 handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
928 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 881 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
929 return; 882 return;
930 } 883 }
931 ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, 884 ticket_str = GNUNET_STRINGS_data_to_string_alloc (
932 sizeof (struct GNUNET_RECLAIM_Ticket)); 885 &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket));
933 //TODO change if more attributes are needed (see max_age) 886 // TODO change if more attributes are needed (see max_age)
934 code_json_string = OIDC_build_authz_code (&handle->priv_key, 887 code_json_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket,
935 &handle->ticket,
936 handle->oidc->nonce); 888 handle->oidc->nonce);
937 code_base64_final_string = base64_encode (code_json_string); 889 code_base64_final_string = base64_encode (code_json_string);
938 if ( (NULL != handle->redirect_prefix) && 890 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
939 (NULL != handle->redirect_suffix) && 891 (NULL != handle->tld)) {
940 (NULL != handle->tld) )
941 {
942 892
943 GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", 893 GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
944 handle->redirect_prefix, 894 handle->redirect_prefix, handle->tld,
945 handle->tld, 895 handle->redirect_suffix, handle->oidc->response_type,
946 handle->redirect_suffix,
947 handle->oidc->response_type,
948 code_base64_final_string, handle->oidc->state); 896 code_base64_final_string, handle->oidc->state);
949 } else { 897 } else {
950 GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", 898 GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s",
951 handle->oidc->redirect_uri, 899 handle->oidc->redirect_uri, handle->oidc->response_type,
952 handle->oidc->response_type,
953 code_base64_final_string, handle->oidc->state); 900 code_base64_final_string, handle->oidc->state);
954
955 } 901 }
956 resp = GNUNET_REST_create_response (""); 902 resp = GNUNET_REST_create_response ("");
957 MHD_add_response_header (resp, "Location", redirect_uri); 903 MHD_add_response_header (resp, "Location", redirect_uri);
@@ -969,19 +915,15 @@ oidc_collect_finished_cb (void *cls)
969 struct RequestHandle *handle = cls; 915 struct RequestHandle *handle = cls;
970 handle->attr_it = NULL; 916 handle->attr_it = NULL;
971 handle->ticket_it = NULL; 917 handle->ticket_it = NULL;
972 if (NULL == handle->attr_list->list_head) 918 if (NULL == handle->attr_list->list_head) {
973 {
974 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); 919 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
975 handle->edesc = GNUNET_strdup ("The requested scope is not available."); 920 handle->edesc = GNUNET_strdup ("The requested scope is not available.");
976 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 921 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
977 return; 922 return;
978 } 923 }
979 handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, 924 handle->idp_op = GNUNET_RECLAIM_ticket_issue (
980 &handle->priv_key, 925 handle->idp, &handle->priv_key, &handle->oidc->client_pkey,
981 &handle->oidc->client_pkey, 926 handle->attr_list, &oidc_ticket_issue_cb, handle);
982 handle->attr_list,
983 &oidc_ticket_issue_cb,
984 handle);
985} 927}
986 928
987 929
@@ -995,28 +937,24 @@ oidc_attr_collect (void *cls,
995{ 937{
996 struct RequestHandle *handle = cls; 938 struct RequestHandle *handle = cls;
997 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; 939 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
998 char* scope_variables; 940 char *scope_variables;
999 char* scope_variable; 941 char *scope_variable;
1000 char delimiter[]=" "; 942 char delimiter[] = " ";
1001 943
1002 if ( (NULL == attr->name) || (NULL == attr->data) ) 944 if ((NULL == attr->name) || (NULL == attr->data)) {
1003 {
1004 GNUNET_RECLAIM_get_attributes_next (handle->attr_it); 945 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1005 return; 946 return;
1006 } 947 }
1007 948
1008 scope_variables = GNUNET_strdup (handle->oidc->scope); 949 scope_variables = GNUNET_strdup (handle->oidc->scope);
1009 scope_variable = strtok (scope_variables, delimiter); 950 scope_variable = strtok (scope_variables, delimiter);
1010 while (NULL != scope_variable) 951 while (NULL != scope_variable) {
1011 { 952 if (0 == strcmp (attr->name, scope_variable)) {
1012 if ( 0 == strcmp (attr->name, scope_variable) )
1013 {
1014 break; 953 break;
1015 } 954 }
1016 scope_variable = strtok (NULL, delimiter); 955 scope_variable = strtok (NULL, delimiter);
1017 } 956 }
1018 if ( NULL == scope_variable ) 957 if (NULL == scope_variable) {
1019 {
1020 GNUNET_RECLAIM_get_attributes_next (handle->attr_it); 958 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1021 GNUNET_free (scope_variables); 959 GNUNET_free (scope_variables);
1022 return; 960 return;
@@ -1044,50 +982,41 @@ code_redirect (void *cls)
1044 struct GNUNET_HashCode cache_key; 982 struct GNUNET_HashCode cache_key;
1045 char *identity_cookie; 983 char *identity_cookie;
1046 984
1047 GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); 985 GNUNET_asprintf (&identity_cookie, "Identity=%s",
986 handle->oidc->login_identity);
1048 GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); 987 GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
1049 GNUNET_free (identity_cookie); 988 GNUNET_free (identity_cookie);
1050 //No login time for identity -> redirect to login 989 // No login time for identity -> redirect to login
1051 if ( GNUNET_YES 990 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map,
1052 == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, 991 &cache_key)) {
1053 &cache_key) ) 992 relog_time =
1054 { 993 GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
1055 relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map,
1056 &cache_key);
1057 current_time = GNUNET_TIME_absolute_get (); 994 current_time = GNUNET_TIME_absolute_get ();
1058 // 30 min after old login -> redirect to login 995 // 30 min after old login -> redirect to login
1059 if ( current_time.abs_value_us <= relog_time->abs_value_us ) 996 if (current_time.abs_value_us <= relog_time->abs_value_us) {
1060 { 997 if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (
1061 if ( GNUNET_OK 998 handle->oidc->login_identity,
1062 != GNUNET_CRYPTO_ecdsa_public_key_from_string ( 999 strlen (handle->oidc->login_identity), &pubkey)) {
1063 handle->oidc->login_identity,
1064 strlen (handle->oidc->login_identity), &pubkey) )
1065 {
1066 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); 1000 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE);
1067 handle->edesc = GNUNET_strdup ("The cookie of a login identity is not valid"); 1001 handle->edesc =
1002 GNUNET_strdup ("The cookie of a login identity is not valid");
1068 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1003 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1069 return; 1004 return;
1070 } 1005 }
1071 // iterate over egos and compare their public key 1006 // iterate over egos and compare their public key
1072 for (handle->ego_entry = handle->ego_head; 1007 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1073 NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) 1008 handle->ego_entry = handle->ego_entry->next) {
1074 {
1075 GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); 1009 GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
1076 if ( 0 == memcmp (&ego_pkey, 1010 if (0 == memcmp (&ego_pkey, &pubkey,
1077 &pubkey, 1011 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) {
1078 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) ) 1012 handle->priv_key =
1079 { 1013 *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
1080 handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
1081 handle->idp = GNUNET_RECLAIM_connect (cfg); 1014 handle->idp = GNUNET_RECLAIM_connect (cfg);
1082 handle->attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); 1015 handle->attr_list =
1083 handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, 1016 GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
1084 &handle->priv_key, 1017 handle->attr_it = GNUNET_RECLAIM_get_attributes_start (
1085 &oidc_iteration_error, 1018 handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
1086 handle, 1019 &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
1087 &oidc_attr_collect,
1088 handle,
1089 &oidc_collect_finished_cb,
1090 handle);
1091 return; 1020 return;
1092 } 1021 }
1093 } 1022 }
@@ -1103,28 +1032,20 @@ build_redirect (void *cls)
1103{ 1032{
1104 struct RequestHandle *handle = cls; 1033 struct RequestHandle *handle = cls;
1105 struct MHD_Response *resp; 1034 struct MHD_Response *resp;
1106 char* redirect_uri; 1035 char *redirect_uri;
1107
1108 if (GNUNET_YES == handle->oidc->user_cancelled)
1109 {
1110 if ( (NULL != handle->redirect_prefix) &&
1111 (NULL != handle->redirect_suffix) &&
1112 (NULL != handle->tld) )
1113 {
1114 GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s",
1115 handle->redirect_prefix,
1116 handle->tld,
1117 handle->redirect_suffix,
1118 "access_denied",
1119 "User denied access",
1120 handle->oidc->state);
1121 } else {
1122 GNUNET_asprintf (&redirect_uri, "%s?error=%s&error_description=%s&state=%s",
1123 handle->oidc->redirect_uri,
1124 "access_denied",
1125 "User denied access",
1126 handle->oidc->state);
1127 1036
1037 if (GNUNET_YES == handle->oidc->user_cancelled) {
1038 if ((NULL != handle->redirect_prefix) &&
1039 (NULL != handle->redirect_suffix) && (NULL != handle->tld)) {
1040 GNUNET_asprintf (
1041 &redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s",
1042 handle->redirect_prefix, handle->tld, handle->redirect_suffix,
1043 "access_denied", "User denied access", handle->oidc->state);
1044 } else {
1045 GNUNET_asprintf (&redirect_uri,
1046 "%s?error=%s&error_description=%s&state=%s",
1047 handle->oidc->redirect_uri, "access_denied",
1048 "User denied access", handle->oidc->state);
1128 } 1049 }
1129 resp = GNUNET_REST_create_response (""); 1050 resp = GNUNET_REST_create_response ("");
1130 MHD_add_response_header (resp, "Location", redirect_uri); 1051 MHD_add_response_header (resp, "Location", redirect_uri);
@@ -1138,8 +1059,7 @@ build_redirect (void *cls)
1138 1059
1139 1060
1140static void 1061static void
1141lookup_redirect_uri_result (void *cls, 1062lookup_redirect_uri_result (void *cls, uint32_t rd_count,
1142 uint32_t rd_count,
1143 const struct GNUNET_GNSRECORD_Data *rd) 1063 const struct GNUNET_GNSRECORD_Data *rd)
1144{ 1064{
1145 struct RequestHandle *handle = cls; 1065 struct RequestHandle *handle = cls;
@@ -1149,58 +1069,47 @@ lookup_redirect_uri_result (void *cls,
1149 struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; 1069 struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
1150 1070
1151 handle->gns_op = NULL; 1071 handle->gns_op = NULL;
1152 if (0 == rd_count) 1072 if (0 == rd_count) {
1153 {
1154 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 1073 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1155 handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); 1074 handle->edesc = GNUNET_strdup (
1075 "Server cannot generate ticket, redirect uri not found.");
1156 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1076 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1157 return; 1077 return;
1158 } 1078 }
1159 for (int i = 0; i < rd_count; i++) 1079 for (int i = 0; i < rd_count; i++) {
1160 {
1161 if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) 1080 if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
1162 continue; 1081 continue;
1163 if (0 != strncmp (rd[i].data, 1082 if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size))
1164 handle->oidc->redirect_uri,
1165 rd[i].data_size))
1166 continue; 1083 continue;
1167 tmp = GNUNET_strndup (rd[i].data, 1084 tmp = GNUNET_strndup (rd[i].data, rd[i].data_size);
1168 rd[i].data_size); 1085 if (NULL == strstr (tmp, handle->oidc->client_id)) {
1169 if (NULL == strstr (tmp,
1170 handle->oidc->client_id))
1171 {
1172 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1086 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1173 "Redirect uri %s does not contain client_id %s", 1087 "Redirect uri %s does not contain client_id %s", tmp,
1174 tmp,
1175 handle->oidc->client_id); 1088 handle->oidc->client_id);
1176 } else { 1089 } else {
1177 1090
1178 pos = strrchr (tmp, 1091 pos = strrchr (tmp, (unsigned char)'.');
1179 (unsigned char) '.');
1180 *pos = '\0'; 1092 *pos = '\0';
1181 handle->redirect_prefix = GNUNET_strdup (tmp); 1093 handle->redirect_prefix = GNUNET_strdup (tmp);
1182 tmp_key_str = pos + 1; 1094 tmp_key_str = pos + 1;
1183 pos = strchr (tmp_key_str, 1095 pos = strchr (tmp_key_str, (unsigned char)'/');
1184 (unsigned char) '/');
1185 *pos = '\0'; 1096 *pos = '\0';
1186 handle->redirect_suffix = GNUNET_strdup (pos + 1); 1097 handle->redirect_suffix = GNUNET_strdup (pos + 1);
1187 1098
1188 GNUNET_STRINGS_string_to_data (tmp_key_str, 1099 GNUNET_STRINGS_string_to_data (tmp_key_str, strlen (tmp_key_str),
1189 strlen (tmp_key_str), 1100 &redirect_zone, sizeof (redirect_zone));
1190 &redirect_zone,
1191 sizeof (redirect_zone));
1192 } 1101 }
1193 GNUNET_SCHEDULER_add_now (&build_redirect, handle); 1102 GNUNET_SCHEDULER_add_now (&build_redirect, handle);
1194 GNUNET_free (tmp); 1103 GNUNET_free (tmp);
1195 return; 1104 return;
1196 } 1105 }
1197 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 1106 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1198 handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); 1107 handle->edesc =
1108 GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1199 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1109 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1200} 1110}
1201 1111
1202 1112
1203
1204/** 1113/**
1205 * Initiate redirect back to client. 1114 * Initiate redirect back to client.
1206 */ 1115 */
@@ -1210,14 +1119,10 @@ client_redirect (void *cls)
1210 struct RequestHandle *handle = cls; 1119 struct RequestHandle *handle = cls;
1211 1120
1212 /* Lookup client redirect uri to verify request */ 1121 /* Lookup client redirect uri to verify request */
1213 handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, 1122 handle->gns_op = GNUNET_GNS_lookup (
1214 GNUNET_GNS_EMPTY_LABEL_AT, 1123 handle->gns_handle, GNUNET_GNS_EMPTY_LABEL_AT, &handle->oidc->client_pkey,
1215 &handle->oidc->client_pkey, 1124 GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_GNS_LO_DEFAULT,
1216 GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, 1125 &lookup_redirect_uri_result, handle);
1217 GNUNET_GNS_LO_DEFAULT,
1218 &lookup_redirect_uri_result,
1219 handle);
1220
1221} 1126}
1222 1127
1223 1128
@@ -1234,75 +1139,70 @@ build_authz_response (void *cls)
1234 struct GNUNET_HashCode cache_key; 1139 struct GNUNET_HashCode cache_key;
1235 1140
1236 char *expected_scope; 1141 char *expected_scope;
1237 char delimiter[]=" "; 1142 char delimiter[] = " ";
1238 int number_of_ignored_parameter, iterator; 1143 int number_of_ignored_parameter, iterator;
1239 1144
1240 1145
1241 // REQUIRED value: redirect_uri 1146 // REQUIRED value: redirect_uri
1242 GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), 1147 GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
1243 &cache_key); 1148 &cache_key);
1244 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1149 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1245 &cache_key)) 1150 handle->rest_handle->url_param_map, &cache_key)) {
1246 { 1151 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1247 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1152 handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1248 handle->edesc=GNUNET_strdup ("missing parameter redirect_uri");
1249 GNUNET_SCHEDULER_add_now (&do_error, handle); 1153 GNUNET_SCHEDULER_add_now (&do_error, handle);
1250 return; 1154 return;
1251 } 1155 }
1252 handle->oidc->redirect_uri = 1156 handle->oidc->redirect_uri =
1253 GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1157 GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (
1254 &cache_key)); 1158 handle->rest_handle->url_param_map, &cache_key));
1255 1159
1256 // REQUIRED value: response_type 1160 // REQUIRED value: response_type
1257 GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), 1161 GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
1258 &cache_key); 1162 &cache_key);
1259 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1163 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1260 &cache_key)) 1164 handle->rest_handle->url_param_map, &cache_key)) {
1261 { 1165 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1262 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1166 handle->edesc = GNUNET_strdup ("missing parameter response_type");
1263 handle->edesc=GNUNET_strdup ("missing parameter response_type");
1264 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1167 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1265 return; 1168 return;
1266 } 1169 }
1267 handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1170 handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get (
1268 &cache_key); 1171 handle->rest_handle->url_param_map, &cache_key);
1269 handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); 1172 handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type);
1270 1173
1271 // REQUIRED value: scope 1174 // REQUIRED value: scope
1272 GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); 1175 GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
1273 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1176 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1274 &cache_key)) 1177 handle->rest_handle->url_param_map, &cache_key)) {
1275 { 1178 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
1276 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); 1179 handle->edesc = GNUNET_strdup ("missing parameter scope");
1277 handle->edesc=GNUNET_strdup ("missing parameter scope");
1278 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1180 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1279 return; 1181 return;
1280 } 1182 }
1281 handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1183 handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get (
1282 &cache_key); 1184 handle->rest_handle->url_param_map, &cache_key);
1283 handle->oidc->scope = GNUNET_strdup (handle->oidc->scope); 1185 handle->oidc->scope = GNUNET_strdup (handle->oidc->scope);
1284 1186
1285 //OPTIONAL value: nonce 1187 // OPTIONAL value: nonce
1286 GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); 1188 GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key);
1287 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1189 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (
1288 &cache_key)) 1190 handle->rest_handle->url_param_map, &cache_key)) {
1289 { 1191 handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get (
1290 handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1192 handle->rest_handle->url_param_map, &cache_key);
1291 &cache_key);
1292 handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); 1193 handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
1293 } 1194 }
1294 1195
1295 //TODO check other values if needed 1196 // TODO check other values if needed
1296 number_of_ignored_parameter = sizeof (OIDC_ignored_parameter_array) / sizeof (char *); 1197 number_of_ignored_parameter =
1297 for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) 1198 sizeof (OIDC_ignored_parameter_array) / sizeof (char *);
1298 { 1199 for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) {
1299 GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], 1200 GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
1300 strlen (OIDC_ignored_parameter_array[iterator]), 1201 strlen (OIDC_ignored_parameter_array[iterator]),
1301 &cache_key); 1202 &cache_key);
1302 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1203 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (
1303 &cache_key)) 1204 handle->rest_handle->url_param_map, &cache_key)) {
1304 { 1205 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED);
1305 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED);
1306 GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", 1206 GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s",
1307 OIDC_ignored_parameter_array[iterator]); 1207 OIDC_ignored_parameter_array[iterator]);
1308 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1208 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
@@ -1311,38 +1211,37 @@ build_authz_response (void *cls)
1311 } 1211 }
1312 1212
1313 // Checks if response_type is 'code' 1213 // Checks if response_type is 'code'
1314 if (0 != strcmp (handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) 1214 if (0 != strcmp (handle->oidc->response_type,
1315 { 1215 OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) {
1316 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); 1216 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE);
1317 handle->edesc=GNUNET_strdup ("The authorization server does not support " 1217 handle->edesc = GNUNET_strdup ("The authorization server does not support "
1318 "obtaining this authorization code."); 1218 "obtaining this authorization code.");
1319 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1219 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1320 return; 1220 return;
1321 } 1221 }
1322 1222
1323 // Checks if scope contains 'openid' 1223 // Checks if scope contains 'openid'
1324 expected_scope = GNUNET_strdup (handle->oidc->scope); 1224 expected_scope = GNUNET_strdup (handle->oidc->scope);
1325 char* test; 1225 char *test;
1326 test = strtok (expected_scope, delimiter); 1226 test = strtok (expected_scope, delimiter);
1327 while (NULL != test) 1227 while (NULL != test) {
1328 { 1228 if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
1329 if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) )
1330 break; 1229 break;
1331 test = strtok (NULL, delimiter); 1230 test = strtok (NULL, delimiter);
1332 } 1231 }
1333 if (NULL == test) 1232 if (NULL == test) {
1334 {
1335 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); 1233 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
1336 handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " 1234 handle->edesc =
1337 "malformed."); 1235 GNUNET_strdup ("The requested scope is invalid, unknown, or "
1236 "malformed.");
1338 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1237 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1339 GNUNET_free (expected_scope); 1238 GNUNET_free (expected_scope);
1340 return; 1239 return;
1341 } 1240 }
1342 1241
1343 GNUNET_free (expected_scope); 1242 GNUNET_free (expected_scope);
1344 if ( (NULL == handle->oidc->login_identity) && 1243 if ((NULL == handle->oidc->login_identity) &&
1345 (GNUNET_NO == handle->oidc->user_cancelled)) 1244 (GNUNET_NO == handle->oidc->user_cancelled))
1346 GNUNET_SCHEDULER_add_now (&login_redirect, handle); 1245 GNUNET_SCHEDULER_add_now (&login_redirect, handle);
1347 else 1246 else
1348 GNUNET_SCHEDULER_add_now (&client_redirect, handle); 1247 GNUNET_SCHEDULER_add_now (&client_redirect, handle);
@@ -1352,27 +1251,19 @@ build_authz_response (void *cls)
1352 * Iterate over tlds in config 1251 * Iterate over tlds in config
1353 */ 1252 */
1354static void 1253static void
1355tld_iter (void *cls, 1254tld_iter (void *cls, const char *section, const char *option, const char *value)
1356 const char *section,
1357 const char *option,
1358 const char *value)
1359{ 1255{
1360 struct RequestHandle *handle = cls; 1256 struct RequestHandle *handle = cls;
1361 struct GNUNET_CRYPTO_EcdsaPublicKey pkey; 1257 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
1362 1258
1363 if (GNUNET_OK != 1259 if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (
1364 GNUNET_CRYPTO_ecdsa_public_key_from_string (value, 1260 value, strlen (value), &pkey)) {
1365 strlen (value), 1261 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
1366 &pkey))
1367 {
1368 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1369 "Skipping non key %s\n",
1370 value);
1371 return; 1262 return;
1372 } 1263 }
1373 if (0 == memcmp (&pkey, &handle->oidc->client_pkey, 1264 if (0 == memcmp (&pkey, &handle->oidc->client_pkey,
1374 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) 1265 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
1375 handle->tld = GNUNET_strdup (option+1); 1266 handle->tld = GNUNET_strdup (option + 1);
1376} 1267}
1377 1268
1378/** 1269/**
@@ -1384,8 +1275,7 @@ tld_iter (void *cls,
1384 */ 1275 */
1385static void 1276static void
1386authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, 1277authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1387 const char* url, 1278 const char *url, void *cls)
1388 void *cls)
1389{ 1279{
1390 struct RequestHandle *handle = cls; 1280 struct RequestHandle *handle = cls;
1391 struct GNUNET_HashCode cache_key; 1281 struct GNUNET_HashCode cache_key;
@@ -1395,36 +1285,33 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1395 1285
1396 cookie_identity_interpretation (handle); 1286 cookie_identity_interpretation (handle);
1397 1287
1398 //RECOMMENDED value: state - REQUIRED for answers 1288 // RECOMMENDED value: state - REQUIRED for answers
1399 GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); 1289 GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
1400 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1290 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (
1401 &cache_key)) 1291 handle->rest_handle->url_param_map, &cache_key)) {
1402 { 1292 handle->oidc->state = GNUNET_CONTAINER_multihashmap_get (
1403 handle->oidc->state = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1293 handle->rest_handle->url_param_map, &cache_key);
1404 &cache_key);
1405 handle->oidc->state = GNUNET_strdup (handle->oidc->state); 1294 handle->oidc->state = GNUNET_strdup (handle->oidc->state);
1406 } 1295 }
1407 1296
1408 // REQUIRED value: client_id 1297 // REQUIRED value: client_id
1409 GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), 1298 GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
1410 &cache_key); 1299 &cache_key);
1411 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1300 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1412 &cache_key)) 1301 handle->rest_handle->url_param_map, &cache_key)) {
1413 {
1414 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1302 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1415 handle->edesc = GNUNET_strdup ("missing parameter client_id"); 1303 handle->edesc = GNUNET_strdup ("missing parameter client_id");
1416 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1304 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1417 GNUNET_SCHEDULER_add_now (&do_error, handle); 1305 GNUNET_SCHEDULER_add_now (&do_error, handle);
1418 return; 1306 return;
1419 } 1307 }
1420 handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1308 handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (
1421 &cache_key)); 1309 handle->rest_handle->url_param_map, &cache_key));
1422 1310
1423 if ( GNUNET_OK 1311 if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (
1424 != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, 1312 handle->oidc->client_id,
1425 strlen (handle->oidc->client_id), 1313 strlen (handle->oidc->client_id),
1426 &handle->oidc->client_pkey) ) 1314 &handle->oidc->client_pkey)) {
1427 {
1428 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); 1315 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
1429 handle->edesc = GNUNET_strdup ("The client is not authorized to request an " 1316 handle->edesc = GNUNET_strdup ("The client is not authorized to request an "
1430 "authorization code using this method."); 1317 "authorization code using this method.");
@@ -1434,8 +1321,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1434 } 1321 }
1435 1322
1436 1323
1437 if ( NULL == handle->ego_head ) 1324 if (NULL == handle->ego_head) {
1438 {
1439 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 1325 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1440 handle->edesc = GNUNET_strdup ("Egos are missing"); 1326 handle->edesc = GNUNET_strdup ("Egos are missing");
1441 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1327 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1444,26 +1330,21 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1444 } 1330 }
1445 1331
1446 handle->ego_entry = handle->ego_head; 1332 handle->ego_entry = handle->ego_head;
1447 handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); 1333 handle->priv_key =
1448 //If we know this identity, translated the corresponding TLD 1334 *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
1449 //TODO: We might want to have a reverse lookup functionality for TLDs? 1335 // If we know this identity, translated the corresponding TLD
1450 for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) 1336 // TODO: We might want to have a reverse lookup functionality for TLDs?
1451 { 1337 for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) {
1452 priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); 1338 priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
1453 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, 1339 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey);
1454 &pkey);
1455 if (0 == memcmp (&pkey, &handle->oidc->client_pkey, 1340 if (0 == memcmp (&pkey, &handle->oidc->client_pkey,
1456 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) 1341 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) {
1457 {
1458 handle->tld = GNUNET_strdup (tmp_ego->identifier); 1342 handle->tld = GNUNET_strdup (tmp_ego->identifier);
1459 handle->ego_entry = handle->ego_tail; 1343 handle->ego_entry = handle->ego_tail;
1460 } 1344 }
1461 } 1345 }
1462 if (NULL == handle->tld) 1346 if (NULL == handle->tld)
1463 GNUNET_CONFIGURATION_iterate_section_values (cfg, 1347 GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle);
1464 "gns",
1465 tld_iter,
1466 handle);
1467 if (NULL == handle->tld) 1348 if (NULL == handle->tld)
1468 handle->tld = GNUNET_strdup (handle->oidc->client_id); 1349 handle->tld = GNUNET_strdup (handle->oidc->client_id);
1469 GNUNET_SCHEDULER_add_now (&build_authz_response, handle); 1350 GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
@@ -1477,8 +1358,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1477 * @param cls the RequestHandle 1358 * @param cls the RequestHandle
1478 */ 1359 */
1479static void 1360static void
1480login_cont (struct GNUNET_REST_RequestHandle *con_handle, 1361login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url,
1481 const char* url,
1482 void *cls) 1362 void *cls)
1483{ 1363{
1484 struct MHD_Response *resp = GNUNET_REST_create_response (""); 1364 struct MHD_Response *resp = GNUNET_REST_create_response ("");
@@ -1486,49 +1366,43 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1486 struct GNUNET_HashCode cache_key; 1366 struct GNUNET_HashCode cache_key;
1487 struct GNUNET_TIME_Absolute *current_time; 1367 struct GNUNET_TIME_Absolute *current_time;
1488 struct GNUNET_TIME_Absolute *last_time; 1368 struct GNUNET_TIME_Absolute *last_time;
1489 char* cookie; 1369 char *cookie;
1490 char* header_val; 1370 char *header_val;
1491 json_t *root; 1371 json_t *root;
1492 json_error_t error; 1372 json_error_t error;
1493 json_t *identity; 1373 json_t *identity;
1494 char term_data[handle->rest_handle->data_size+1]; 1374 char term_data[handle->rest_handle->data_size + 1];
1495 term_data[handle->rest_handle->data_size] = '\0'; 1375 term_data[handle->rest_handle->data_size] = '\0';
1496 GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); 1376 GNUNET_memcpy (term_data, handle->rest_handle->data,
1377 handle->rest_handle->data_size);
1497 root = json_loads (term_data, JSON_DECODE_ANY, &error); 1378 root = json_loads (term_data, JSON_DECODE_ANY, &error);
1498 identity = json_object_get (root, "identity"); 1379 identity = json_object_get (root, "identity");
1499 if (!json_is_string (identity)) 1380 if (!json_is_string (identity)) {
1500 { 1381 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error parsing json string from %s\n",
1501 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1502 "Error parsing json string from %s\n",
1503 term_data); 1382 term_data);
1504 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); 1383 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1505 json_decref (root); 1384 json_decref (root);
1506 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 1385 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1507 return; 1386 return;
1508 } 1387 }
1509 GNUNET_asprintf (&cookie, 1388 GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
1510 "Identity=%s", 1389 GNUNET_asprintf (&header_val, "%s;Max-Age=%d", cookie,
1511 json_string_value (identity));
1512 GNUNET_asprintf (&header_val,
1513 "%s;Max-Age=%d",
1514 cookie,
1515 OIDC_COOKIE_EXPIRATION); 1390 OIDC_COOKIE_EXPIRATION);
1516 MHD_add_response_header (resp, "Set-Cookie", header_val); 1391 MHD_add_response_header (resp, "Set-Cookie", header_val);
1517 MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); 1392 MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
1518 GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); 1393 GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
1519 1394
1520 if (0 != strcmp (json_string_value (identity), 1395 if (0 != strcmp (json_string_value (identity), "Denied")) {
1521 "Denied"))
1522 {
1523 current_time = GNUNET_new (struct GNUNET_TIME_Absolute); 1396 current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
1524 *current_time = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), 1397 *current_time =
1525 OIDC_COOKIE_EXPIRATION)); 1398 GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (
1526 last_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); 1399 GNUNET_TIME_relative_get_second_ (), OIDC_COOKIE_EXPIRATION));
1400 last_time =
1401 GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
1527 GNUNET_free_non_null (last_time); 1402 GNUNET_free_non_null (last_time);
1528 GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, 1403 GNUNET_CONTAINER_multihashmap_put (
1529 &cache_key, 1404 OIDC_cookie_jar_map, &cache_key, current_time,
1530 current_time, 1405 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1531 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1532 } 1406 }
1533 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 1407 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1534 GNUNET_free (cookie); 1408 GNUNET_free (cookie);
@@ -1551,80 +1425,65 @@ check_authorization (struct RequestHandle *handle,
1551 int client_exists = GNUNET_NO; 1425 int client_exists = GNUNET_NO;
1552 1426
1553 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, 1427 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
1554 strlen (OIDC_AUTHORIZATION_HEADER_KEY), 1428 strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key);
1555 &cache_key); 1429 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1556 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, 1430 handle->rest_handle->header_param_map, &cache_key)) {
1557 &cache_key) ) 1431 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1558 { 1432 handle->edesc = GNUNET_strdup ("missing authorization");
1559 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1560 handle->edesc=GNUNET_strdup ("missing authorization");
1561 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1433 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1562 return GNUNET_SYSERR; 1434 return GNUNET_SYSERR;
1563 } 1435 }
1564 authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, 1436 authorization = GNUNET_CONTAINER_multihashmap_get (
1565 &cache_key); 1437 handle->rest_handle->header_param_map, &cache_key);
1566 1438
1567 //split header in "Basic" and [content] 1439 // split header in "Basic" and [content]
1568 credentials = strtok (authorization, " "); 1440 credentials = strtok (authorization, " ");
1569 if (0 != strcmp ("Basic", credentials)) 1441 if (0 != strcmp ("Basic", credentials)) {
1570 { 1442 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1571 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1572 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1443 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1573 return GNUNET_SYSERR; 1444 return GNUNET_SYSERR;
1574 } 1445 }
1575 credentials = strtok (NULL, " "); 1446 credentials = strtok (NULL, " ");
1576 if (NULL == credentials) 1447 if (NULL == credentials) {
1577 { 1448 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1578 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1579 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1449 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1580 return GNUNET_SYSERR; 1450 return GNUNET_SYSERR;
1581 } 1451 }
1582 GNUNET_STRINGS_base64_decode (credentials, 1452 GNUNET_STRINGS_base64_decode (credentials, strlen (credentials),
1583 strlen (credentials), 1453 (void **)&basic_authorization);
1584 (void**)&basic_authorization);
1585 1454
1586 if ( NULL == basic_authorization ) 1455 if (NULL == basic_authorization) {
1587 { 1456 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1588 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1589 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1457 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1590 return GNUNET_SYSERR; 1458 return GNUNET_SYSERR;
1591 } 1459 }
1592 client_id = strtok (basic_authorization, ":"); 1460 client_id = strtok (basic_authorization, ":");
1593 if ( NULL == client_id ) 1461 if (NULL == client_id) {
1594 {
1595 GNUNET_free_non_null (basic_authorization); 1462 GNUNET_free_non_null (basic_authorization);
1596 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); 1463 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1597 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1464 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1598 return GNUNET_SYSERR; 1465 return GNUNET_SYSERR;
1599 } 1466 }
1600 pass = strtok (NULL, ":"); 1467 pass = strtok (NULL, ":");
1601 if (NULL == pass) 1468 if (NULL == pass) {
1602 {
1603 GNUNET_free_non_null (basic_authorization); 1469 GNUNET_free_non_null (basic_authorization);
1604 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); 1470 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1605 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1471 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1606 return GNUNET_SYSERR; 1472 return GNUNET_SYSERR;
1607 } 1473 }
1608 1474
1609 //check client password 1475 // check client password
1610 if ( GNUNET_OK 1476 if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (
1611 == GNUNET_CONFIGURATION_get_value_string (cfg, 1477 cfg, "reclaim-rest-plugin", "psw", &expected_pass)) {
1612 "reclaim-rest-plugin", 1478 if (0 != strcmp (expected_pass, pass)) {
1613 "psw",
1614 &expected_pass) )
1615 {
1616 if (0 != strcmp (expected_pass, pass))
1617 {
1618 GNUNET_free_non_null (basic_authorization); 1479 GNUNET_free_non_null (basic_authorization);
1619 GNUNET_free (expected_pass); 1480 GNUNET_free (expected_pass);
1620 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); 1481 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1621 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1482 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1622 return GNUNET_SYSERR; 1483 return GNUNET_SYSERR;
1623 } 1484 }
1624 GNUNET_free (expected_pass); 1485 GNUNET_free (expected_pass);
1625 } 1486 } else {
1626 else
1627 {
1628 GNUNET_free_non_null (basic_authorization); 1487 GNUNET_free_non_null (basic_authorization);
1629 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 1488 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1630 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 1489 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
@@ -1632,26 +1491,21 @@ check_authorization (struct RequestHandle *handle,
1632 return GNUNET_SYSERR; 1491 return GNUNET_SYSERR;
1633 } 1492 }
1634 1493
1635 //check client_id 1494 // check client_id
1636 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; ) 1495 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;) {
1637 { 1496 if (0 == strcmp (handle->ego_entry->keystring, client_id)) {
1638 if (0 == strcmp (handle->ego_entry->keystring, client_id))
1639 {
1640 client_exists = GNUNET_YES; 1497 client_exists = GNUNET_YES;
1641 break; 1498 break;
1642 } 1499 }
1643 handle->ego_entry = handle->ego_entry->next; 1500 handle->ego_entry = handle->ego_entry->next;
1644 } 1501 }
1645 if (GNUNET_NO == client_exists) 1502 if (GNUNET_NO == client_exists) {
1646 {
1647 GNUNET_free_non_null (basic_authorization); 1503 GNUNET_free_non_null (basic_authorization);
1648 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); 1504 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1649 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1505 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1650 return GNUNET_SYSERR; 1506 return GNUNET_SYSERR;
1651 } 1507 }
1652 GNUNET_STRINGS_string_to_data (client_id, 1508 GNUNET_STRINGS_string_to_data (client_id, strlen (client_id), cid,
1653 strlen (client_id),
1654 cid,
1655 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 1509 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1656 1510
1657 GNUNET_free (basic_authorization); 1511 GNUNET_free (basic_authorization);
@@ -1665,13 +1519,11 @@ ego_exists (struct RequestHandle *handle,
1665 struct EgoEntry *ego_entry; 1519 struct EgoEntry *ego_entry;
1666 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; 1520 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
1667 1521
1668 for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) 1522 for (ego_entry = handle->ego_head; NULL != ego_entry;
1669 { 1523 ego_entry = ego_entry->next) {
1670 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); 1524 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
1671 if (0 == memcmp (&pub_key, 1525 if (0 == memcmp (&pub_key, test_key,
1672 test_key, 1526 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) {
1673 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
1674 {
1675 break; 1527 break;
1676 } 1528 }
1677 } 1529 }
@@ -1682,7 +1534,7 @@ ego_exists (struct RequestHandle *handle,
1682 1534
1683static void 1535static void
1684store_ticket_reference (const struct RequestHandle *handle, 1536store_ticket_reference (const struct RequestHandle *handle,
1685 const char* access_token, 1537 const char *access_token,
1686 const struct GNUNET_RECLAIM_Ticket *ticket, 1538 const struct GNUNET_RECLAIM_Ticket *ticket,
1687 const struct GNUNET_CRYPTO_EcdsaPublicKey *cid) 1539 const struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
1688{ 1540{
@@ -1691,21 +1543,15 @@ store_ticket_reference (const struct RequestHandle *handle,
1691 char *ticket_string; 1543 char *ticket_string;
1692 char *client_id; 1544 char *client_id;
1693 1545
1694 GNUNET_CRYPTO_hash (access_token, 1546 GNUNET_CRYPTO_hash (access_token, strlen (access_token), &cache_key);
1695 strlen (access_token), 1547 client_id = GNUNET_STRINGS_data_to_string_alloc (
1696 &cache_key); 1548 cid, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1697 client_id = GNUNET_STRINGS_data_to_string_alloc (cid, 1549 ticket_string = GNUNET_STRINGS_data_to_string_alloc (
1698 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 1550 ticket, sizeof (struct GNUNET_RECLAIM_Ticket));
1699 ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, 1551 GNUNET_asprintf (&id_ticket_combination, "%s;%s", client_id, ticket_string);
1700 sizeof (struct GNUNET_RECLAIM_Ticket)); 1552 GNUNET_CONTAINER_multihashmap_put (
1701 GNUNET_asprintf (&id_ticket_combination, 1553 OIDC_access_token_map, &cache_key, id_ticket_combination,
1702 "%s;%s", 1554 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1703 client_id,
1704 ticket_string);
1705 GNUNET_CONTAINER_multihashmap_put (OIDC_access_token_map,
1706 &cache_key,
1707 id_ticket_combination,
1708 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1709 1555
1710 GNUNET_free (client_id); 1556 GNUNET_free (client_id);
1711 GNUNET_free (ticket_string); 1557 GNUNET_free (ticket_string);
@@ -1719,8 +1565,7 @@ store_ticket_reference (const struct RequestHandle *handle,
1719 * @param cls the RequestHandle 1565 * @param cls the RequestHandle
1720 */ 1566 */
1721static void 1567static void
1722token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, 1568token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url,
1723 const char* url,
1724 void *cls) 1569 void *cls)
1725{ 1570{
1726 struct RequestHandle *handle = cls; 1571 struct RequestHandle *handle = cls;
@@ -1742,9 +1587,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1742 /* 1587 /*
1743 * Check Authorization 1588 * Check Authorization
1744 */ 1589 */
1745 if (GNUNET_SYSERR == check_authorization (handle, 1590 if (GNUNET_SYSERR == check_authorization (handle, &cid)) {
1746 &cid))
1747 {
1748 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 1591 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1749 "OIDC authorization for token endpoint failed\n"); 1592 "OIDC authorization for token endpoint failed\n");
1750 GNUNET_SCHEDULER_add_now (&do_error, handle); 1593 GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -1755,28 +1598,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1755 * Check parameter 1598 * Check parameter
1756 */ 1599 */
1757 1600
1758 //TODO Do not allow multiple equal parameter names 1601 // TODO Do not allow multiple equal parameter names
1759 //REQUIRED grant_type 1602 // REQUIRED grant_type
1760 GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); 1603 GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY),
1761 if (GNUNET_NO == 1604 &cache_key);
1762 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1605 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1763 &cache_key)) 1606 handle->rest_handle->url_param_map, &cache_key)) {
1764 {
1765 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1607 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1766 handle->edesc = GNUNET_strdup ("missing parameter grant_type"); 1608 handle->edesc = GNUNET_strdup ("missing parameter grant_type");
1767 handle->response_code = MHD_HTTP_BAD_REQUEST; 1609 handle->response_code = MHD_HTTP_BAD_REQUEST;
1768 GNUNET_SCHEDULER_add_now (&do_error, handle); 1610 GNUNET_SCHEDULER_add_now (&do_error, handle);
1769 return; 1611 return;
1770 } 1612 }
1771 grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1613 grant_type = GNUNET_CONTAINER_multihashmap_get (
1772 &cache_key); 1614 handle->rest_handle->url_param_map, &cache_key);
1773 1615
1774 //REQUIRED code 1616 // REQUIRED code
1775 GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); 1617 GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
1776 if (GNUNET_NO == 1618 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1777 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1619 handle->rest_handle->url_param_map, &cache_key)) {
1778 &cache_key))
1779 {
1780 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1620 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1781 handle->edesc = GNUNET_strdup ("missing parameter code"); 1621 handle->edesc = GNUNET_strdup ("missing parameter code");
1782 handle->response_code = MHD_HTTP_BAD_REQUEST; 1622 handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1786,13 +1626,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1786 code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1626 code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1787 &cache_key); 1627 &cache_key);
1788 1628
1789 //REQUIRED redirect_uri 1629 // REQUIRED redirect_uri
1790 GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), 1630 GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
1791 &cache_key); 1631 &cache_key);
1792 if (GNUNET_NO == 1632 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1793 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1633 handle->rest_handle->url_param_map, &cache_key)) {
1794 &cache_key) )
1795 {
1796 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1634 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1797 handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); 1635 handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1798 handle->response_code = MHD_HTTP_BAD_REQUEST; 1636 handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1800,21 +1638,17 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1800 return; 1638 return;
1801 } 1639 }
1802 1640
1803 //Check parameter grant_type == "authorization_code" 1641 // Check parameter grant_type == "authorization_code"
1804 if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) 1642 if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) {
1805 { 1643 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
1806 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
1807 handle->response_code = MHD_HTTP_BAD_REQUEST; 1644 handle->response_code = MHD_HTTP_BAD_REQUEST;
1808 GNUNET_SCHEDULER_add_now (&do_error, handle); 1645 GNUNET_SCHEDULER_add_now (&do_error, handle);
1809 return; 1646 return;
1810 } 1647 }
1811 GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); 1648 GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
1812 if (GNUNET_SYSERR == 1649 if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_put (
1813 GNUNET_CONTAINER_multihashmap_put (OIDC_used_ticket_map, 1650 OIDC_used_ticket_map, &cache_key, &i,
1814 &cache_key, 1651 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) {
1815 &i,
1816 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
1817 {
1818 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1652 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1819 handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); 1653 handle->edesc = GNUNET_strdup ("Cannot use the same code more than once");
1820 handle->response_code = MHD_HTTP_BAD_REQUEST; 1654 handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1822,12 +1656,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1822 return; 1656 return;
1823 } 1657 }
1824 1658
1825 //decode code 1659 // decode code
1826 if (GNUNET_OK != OIDC_parse_authz_code (&cid, 1660 if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, &ticket, &nonce)) {
1827 code,
1828 &ticket,
1829 &nonce))
1830 {
1831 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1661 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1832 handle->edesc = GNUNET_strdup ("invalid code"); 1662 handle->edesc = GNUNET_strdup ("invalid code");
1833 handle->response_code = MHD_HTTP_BAD_REQUEST; 1663 handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1835,13 +1665,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1835 return; 1665 return;
1836 } 1666 }
1837 1667
1838 //create jwt 1668 // create jwt
1839 if (GNUNET_OK != 1669 if (GNUNET_OK !=
1840 GNUNET_CONFIGURATION_get_value_time (cfg, 1670 GNUNET_CONFIGURATION_get_value_time (
1841 "reclaim-rest-plugin", 1671 cfg, "reclaim-rest-plugin", "expiration_time", &expiration_time)) {
1842 "expiration_time",
1843 &expiration_time))
1844 {
1845 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 1672 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1846 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 1673 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1847 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1674 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1851,22 +1678,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1851 } 1678 }
1852 1679
1853 1680
1854 //TODO OPTIONAL acr,amr,azp 1681 // TODO OPTIONAL acr,amr,azp
1855 if (GNUNET_NO == ego_exists (handle, 1682 if (GNUNET_NO == ego_exists (handle, &ticket->audience)) {
1856 &ticket->audience))
1857 {
1858 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1683 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1859 handle->edesc = GNUNET_strdup ("invalid code..."); 1684 handle->edesc = GNUNET_strdup ("invalid code...");
1860 handle->response_code = MHD_HTTP_BAD_REQUEST; 1685 handle->response_code = MHD_HTTP_BAD_REQUEST;
1861 GNUNET_SCHEDULER_add_now (&do_error, handle); 1686 GNUNET_SCHEDULER_add_now (&do_error, handle);
1862 GNUNET_free (ticket); 1687 GNUNET_free (ticket);
1863 } 1688 }
1864 if ( GNUNET_OK 1689 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (
1865 != GNUNET_CONFIGURATION_get_value_string (cfg, 1690 cfg, "reclaim-rest-plugin", "jwt_secret", &jwt_secret)) {
1866 "reclaim-rest-plugin",
1867 "jwt_secret",
1868 &jwt_secret) )
1869 {
1870 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 1691 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1871 handle->edesc = GNUNET_strdup ("No signing secret configured!"); 1692 handle->edesc = GNUNET_strdup ("No signing secret configured!");
1872 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1693 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1874,24 +1695,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1874 GNUNET_free (ticket); 1695 GNUNET_free (ticket);
1875 return; 1696 return;
1876 } 1697 }
1877 //TODO We should collect the attributes here. cl always empty 1698 // TODO We should collect the attributes here. cl always empty
1878 cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); 1699 cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
1879 id_token = OIDC_id_token_new (&ticket->audience, 1700 id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl,
1880 &ticket->identity,
1881 cl,
1882 &expiration_time, 1701 &expiration_time,
1883 (NULL != nonce) ? nonce : NULL, 1702 (NULL != nonce) ? nonce : NULL, jwt_secret);
1884 jwt_secret);
1885 access_token = OIDC_access_token_new (); 1703 access_token = OIDC_access_token_new ();
1886 OIDC_build_token_response (access_token, 1704 OIDC_build_token_response (access_token, id_token, &expiration_time,
1887 id_token,
1888 &expiration_time,
1889 &json_response); 1705 &json_response);
1890 1706
1891 store_ticket_reference (handle, 1707 store_ticket_reference (handle, access_token, ticket, &cid);
1892 access_token,
1893 ticket,
1894 &cid);
1895 resp = GNUNET_REST_create_response (json_response); 1708 resp = GNUNET_REST_create_response (json_response);
1896 MHD_add_response_header (resp, "Cache-Control", "no-store"); 1709 MHD_add_response_header (resp, "Cache-Control", "no-store");
1897 MHD_add_response_header (resp, "Pragma", "no-cache"); 1710 MHD_add_response_header (resp, "Pragma", "no-cache");
@@ -1909,26 +1722,21 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1909 * Collects claims and stores them in handle 1722 * Collects claims and stores them in handle
1910 */ 1723 */
1911static void 1724static void
1912consume_ticket (void *cls, 1725consume_ticket (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
1913 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
1914 const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) 1726 const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
1915{ 1727{
1916 struct RequestHandle *handle = cls; 1728 struct RequestHandle *handle = cls;
1917 char *tmp_value; 1729 char *tmp_value;
1918 json_t *value; 1730 json_t *value;
1919 1731
1920 if (NULL == identity) 1732 if (NULL == identity) {
1921 {
1922 GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); 1733 GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
1923 return; 1734 return;
1924 } 1735 }
1925 tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, 1736 tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, attr->data,
1926 attr->data,
1927 attr->data_size); 1737 attr->data_size);
1928 value = json_string (tmp_value); 1738 value = json_string (tmp_value);
1929 json_object_set_new (handle->oidc->response, 1739 json_object_set_new (handle->oidc->response, attr->name, value);
1930 attr->name,
1931 value);
1932 GNUNET_free (tmp_value); 1740 GNUNET_free (tmp_value);
1933} 1741}
1934 1742
@@ -1941,9 +1749,9 @@ consume_ticket (void *cls,
1941 */ 1749 */
1942static void 1750static void
1943userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, 1751userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1944 const char* url, void *cls) 1752 const char *url, void *cls)
1945{ 1753{
1946 //TODO expiration time 1754 // TODO expiration time
1947 struct RequestHandle *handle = cls; 1755 struct RequestHandle *handle = cls;
1948 char delimiter[] = " "; 1756 char delimiter[] = " ";
1949 char delimiter_db[] = ";"; 1757 char delimiter_db[] = ";";
@@ -1953,12 +1761,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1953 struct GNUNET_RECLAIM_Ticket *ticket; 1761 struct GNUNET_RECLAIM_Ticket *ticket;
1954 1762
1955 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, 1763 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
1956 strlen (OIDC_AUTHORIZATION_HEADER_KEY), 1764 strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key);
1957 &cache_key); 1765 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1958 if ( GNUNET_NO 1766 handle->rest_handle->header_param_map, &cache_key)) {
1959 == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
1960 &cache_key) )
1961 {
1962 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1767 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1963 handle->edesc = GNUNET_strdup ("No Access Token"); 1768 handle->edesc = GNUNET_strdup ("No Access Token");
1964 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1769 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -1966,13 +1771,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1966 return; 1771 return;
1967 } 1772 }
1968 authorization = GNUNET_CONTAINER_multihashmap_get ( 1773 authorization = GNUNET_CONTAINER_multihashmap_get (
1969 handle->rest_handle->header_param_map, &cache_key); 1774 handle->rest_handle->header_param_map, &cache_key);
1970 1775
1971 //split header in "Bearer" and access_token 1776 // split header in "Bearer" and access_token
1972 authorization = GNUNET_strdup (authorization); 1777 authorization = GNUNET_strdup (authorization);
1973 authorization_type = strtok (authorization, delimiter); 1778 authorization_type = strtok (authorization, delimiter);
1974 if ( 0 != strcmp ("Bearer", authorization_type) ) 1779 if (0 != strcmp ("Bearer", authorization_type)) {
1975 {
1976 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1780 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1977 handle->edesc = GNUNET_strdup ("No Access Token"); 1781 handle->edesc = GNUNET_strdup ("No Access Token");
1978 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1782 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -1981,8 +1785,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1981 return; 1785 return;
1982 } 1786 }
1983 authorization_access_token = strtok (NULL, delimiter); 1787 authorization_access_token = strtok (NULL, delimiter);
1984 if ( NULL == authorization_access_token ) 1788 if (NULL == authorization_access_token) {
1985 {
1986 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1789 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1987 handle->edesc = GNUNET_strdup ("No Access Token"); 1790 handle->edesc = GNUNET_strdup ("No Access Token");
1988 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1791 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -1992,11 +1795,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1992 } 1795 }
1993 1796
1994 GNUNET_CRYPTO_hash (authorization_access_token, 1797 GNUNET_CRYPTO_hash (authorization_access_token,
1995 strlen (authorization_access_token), 1798 strlen (authorization_access_token), &cache_key);
1996 &cache_key); 1799 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
1997 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map, 1800 OIDC_access_token_map, &cache_key)) {
1998 &cache_key) )
1999 {
2000 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1801 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2001 handle->edesc = GNUNET_strdup ("The Access Token expired"); 1802 handle->edesc = GNUNET_strdup ("The Access Token expired");
2002 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1803 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -2005,12 +1806,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2005 return; 1806 return;
2006 } 1807 }
2007 1808
2008 client_ticket = GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, 1809 client_ticket =
2009 &cache_key); 1810 GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key);
2010 client_ticket = GNUNET_strdup (client_ticket); 1811 client_ticket = GNUNET_strdup (client_ticket);
2011 client = strtok (client_ticket,delimiter_db); 1812 client = strtok (client_ticket, delimiter_db);
2012 if (NULL == client) 1813 if (NULL == client) {
2013 {
2014 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1814 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2015 handle->edesc = GNUNET_strdup ("The Access Token expired"); 1815 handle->edesc = GNUNET_strdup ("The Access Token expired");
2016 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1816 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -2020,13 +1820,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2020 return; 1820 return;
2021 } 1821 }
2022 handle->ego_entry = handle->ego_head; 1822 handle->ego_entry = handle->ego_head;
2023 for (; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) 1823 for (; NULL != handle->ego_entry;
2024 { 1824 handle->ego_entry = handle->ego_entry->next) {
2025 if (0 == strcmp (handle->ego_entry->keystring,client)) 1825 if (0 == strcmp (handle->ego_entry->keystring, client))
2026 break; 1826 break;
2027 } 1827 }
2028 if (NULL == handle->ego_entry) 1828 if (NULL == handle->ego_entry) {
2029 {
2030 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1829 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2031 handle->edesc = GNUNET_strdup ("The Access Token expired"); 1830 handle->edesc = GNUNET_strdup ("The Access Token expired");
2032 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1831 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -2036,8 +1835,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2036 return; 1835 return;
2037 } 1836 }
2038 ticket_str = strtok (NULL, delimiter_db); 1837 ticket_str = strtok (NULL, delimiter_db);
2039 if (NULL == ticket_str) 1838 if (NULL == ticket_str) {
2040 {
2041 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1839 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2042 handle->edesc = GNUNET_strdup ("The Access Token expired"); 1840 handle->edesc = GNUNET_strdup ("The Access Token expired");
2043 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1841 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -2047,12 +1845,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2047 return; 1845 return;
2048 } 1846 }
2049 ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); 1847 ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
2050 if ( GNUNET_OK 1848 if (GNUNET_OK !=
2051 != GNUNET_STRINGS_string_to_data (ticket_str, 1849 GNUNET_STRINGS_string_to_data (ticket_str, strlen (ticket_str), ticket,
2052 strlen (ticket_str), 1850 sizeof (struct GNUNET_RECLAIM_Ticket))) {
2053 ticket,
2054 sizeof (struct GNUNET_RECLAIM_Ticket)))
2055 {
2056 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 1851 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2057 handle->edesc = GNUNET_strdup ("The Access Token expired"); 1852 handle->edesc = GNUNET_strdup ("The Access Token expired");
2058 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1853 handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -2065,18 +1860,14 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2065 1860
2066 handle->idp = GNUNET_RECLAIM_connect (cfg); 1861 handle->idp = GNUNET_RECLAIM_connect (cfg);
2067 handle->oidc->response = json_object (); 1862 handle->oidc->response = json_object ();
2068 json_object_set_new (handle->oidc->response, 1863 json_object_set_new (handle->oidc->response, "sub",
2069 "sub",
2070 json_string (handle->ego_entry->keystring)); 1864 json_string (handle->ego_entry->keystring));
2071 handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, 1865 handle->idp_op = GNUNET_RECLAIM_ticket_consume (
2072 GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), 1866 handle->idp, GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
2073 ticket, 1867 ticket, consume_ticket, handle);
2074 consume_ticket,
2075 handle);
2076 GNUNET_free (ticket); 1868 GNUNET_free (ticket);
2077 GNUNET_free (authorization); 1869 GNUNET_free (authorization);
2078 GNUNET_free (client_ticket); 1870 GNUNET_free (client_ticket);
2079
2080} 1871}
2081 1872
2082 1873
@@ -2090,22 +1881,18 @@ init_cont (struct RequestHandle *handle)
2090{ 1881{
2091 struct GNUNET_REST_RequestHandlerError err; 1882 struct GNUNET_REST_RequestHandlerError err;
2092 static const struct GNUNET_REST_RequestHandler handlers[] = { 1883 static const struct GNUNET_REST_RequestHandler handlers[] = {
2093 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, 1884 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint},
2094 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded 1885 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE,
2095 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, 1886 &authorize_endpoint}, // url-encoded
2096 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, 1887 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont},
2097 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, 1888 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint},
2098 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, 1889 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint},
2099 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, 1890 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint},
2100 &options_cont}, 1891 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont},
2101 GNUNET_REST_HANDLER_END 1892 GNUNET_REST_HANDLER_END};
2102 }; 1893
2103 1894 if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, handlers,
2104 if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, 1895 &err, handle)) {
2105 handlers,
2106 &err,
2107 handle))
2108 {
2109 handle->response_code = err.error_code; 1896 handle->response_code = err.error_code;
2110 GNUNET_SCHEDULER_add_now (&do_error, handle); 1897 GNUNET_SCHEDULER_add_now (&do_error, handle);
2111 } 1898 }
@@ -2145,17 +1932,14 @@ init_cont (struct RequestHandle *handle)
2145 * must thus no longer be used 1932 * must thus no longer be used
2146 */ 1933 */
2147static void 1934static void
2148list_ego (void *cls, 1935list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx,
2149 struct GNUNET_IDENTITY_Ego *ego,
2150 void **ctx,
2151 const char *identifier) 1936 const char *identifier)
2152{ 1937{
2153 struct RequestHandle *handle = cls; 1938 struct RequestHandle *handle = cls;
2154 struct EgoEntry *ego_entry; 1939 struct EgoEntry *ego_entry;
2155 struct GNUNET_CRYPTO_EcdsaPublicKey pk; 1940 struct GNUNET_CRYPTO_EcdsaPublicKey pk;
2156 1941
2157 if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) 1942 if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) {
2158 {
2159 handle->state = ID_REST_STATE_POST_INIT; 1943 handle->state = ID_REST_STATE_POST_INIT;
2160 init_cont (handle); 1944 init_cont (handle);
2161 return; 1945 return;
@@ -2163,18 +1947,17 @@ list_ego (void *cls,
2163 if (ID_REST_STATE_INIT == handle->state) { 1947 if (ID_REST_STATE_INIT == handle->state) {
2164 ego_entry = GNUNET_new (struct EgoEntry); 1948 ego_entry = GNUNET_new (struct EgoEntry);
2165 GNUNET_IDENTITY_ego_get_public_key (ego, &pk); 1949 GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
2166 ego_entry->keystring = 1950 ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2167 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2168 ego_entry->ego = ego; 1951 ego_entry->ego = ego;
2169 ego_entry->identifier = GNUNET_strdup (identifier); 1952 ego_entry->identifier = GNUNET_strdup (identifier);
2170 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, 1953 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, handle->ego_tail,
2171 handle->ego_tail,
2172 ego_entry); 1954 ego_entry);
2173 return; 1955 return;
2174 } 1956 }
2175 /* Ego renamed or added */ 1957 /* Ego renamed or added */
2176 if (identifier != NULL) { 1958 if (identifier != NULL) {
2177 for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { 1959 for (ego_entry = handle->ego_head; NULL != ego_entry;
1960 ego_entry = ego_entry->next) {
2178 if (ego_entry->ego == ego) { 1961 if (ego_entry->ego == ego) {
2179 /* Rename */ 1962 /* Rename */
2180 GNUNET_free (ego_entry->identifier); 1963 GNUNET_free (ego_entry->identifier);
@@ -2186,30 +1969,28 @@ list_ego (void *cls,
2186 /* Add */ 1969 /* Add */
2187 ego_entry = GNUNET_new (struct EgoEntry); 1970 ego_entry = GNUNET_new (struct EgoEntry);
2188 GNUNET_IDENTITY_ego_get_public_key (ego, &pk); 1971 GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
2189 ego_entry->keystring = 1972 ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2190 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2191 ego_entry->ego = ego; 1973 ego_entry->ego = ego;
2192 ego_entry->identifier = GNUNET_strdup (identifier); 1974 ego_entry->identifier = GNUNET_strdup (identifier);
2193 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, 1975 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, handle->ego_tail,
2194 handle->ego_tail,
2195 ego_entry); 1976 ego_entry);
2196 } 1977 }
2197 } else { 1978 } else {
2198 /* Delete */ 1979 /* Delete */
2199 for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { 1980 for (ego_entry = handle->ego_head; NULL != ego_entry;
1981 ego_entry = ego_entry->next) {
2200 if (ego_entry->ego == ego) 1982 if (ego_entry->ego == ego)
2201 break; 1983 break;
2202 } 1984 }
2203 if (NULL != ego_entry) 1985 if (NULL != ego_entry)
2204 GNUNET_CONTAINER_DLL_remove (handle->ego_head,handle->ego_tail, ego_entry); 1986 GNUNET_CONTAINER_DLL_remove (handle->ego_head, handle->ego_tail,
1987 ego_entry);
2205 } 1988 }
2206
2207} 1989}
2208 1990
2209static void 1991static void
2210rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, 1992rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2211 GNUNET_REST_ResultProcessor proc, 1993 GNUNET_REST_ResultProcessor proc, void *proc_cls)
2212 void *proc_cls)
2213{ 1994{
2214 struct RequestHandle *handle = GNUNET_new (struct RequestHandle); 1995 struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
2215 handle->oidc = GNUNET_new (struct OIDC_Variables); 1996 handle->oidc = GNUNET_new (struct OIDC_Variables);
@@ -2220,7 +2001,8 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2220 if (NULL == OIDC_used_ticket_map) 2001 if (NULL == OIDC_used_ticket_map)
2221 OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2002 OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2222 if (NULL == OIDC_access_token_map) 2003 if (NULL == OIDC_access_token_map)
2223 OIDC_access_token_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2004 OIDC_access_token_map =
2005 GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2224 handle->response_code = 0; 2006 handle->response_code = 0;
2225 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; 2007 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
2226 handle->proc_cls = proc_cls; 2008 handle->proc_cls = proc_cls;
@@ -2229,21 +2011,15 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2229 handle->rest_handle = rest_handle; 2011 handle->rest_handle = rest_handle;
2230 2012
2231 handle->url = GNUNET_strdup (rest_handle->url); 2013 handle->url = GNUNET_strdup (rest_handle->url);
2232 if (handle->url[strlen (handle->url)-1] == '/') 2014 if (handle->url[strlen (handle->url) - 1] == '/')
2233 handle->url[strlen (handle->url)-1] = '\0'; 2015 handle->url[strlen (handle->url) - 1] = '\0';
2234 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2016 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
2235 "Connecting...\n"); 2017 handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle);
2236 handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
2237 &list_ego,
2238 handle);
2239 handle->gns_handle = GNUNET_GNS_connect (cfg); 2018 handle->gns_handle = GNUNET_GNS_connect (cfg);
2240 handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); 2019 handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
2241 handle->timeout_task = 2020 handle->timeout_task =
2242 GNUNET_SCHEDULER_add_delayed (handle->timeout, 2021 GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
2243 &do_timeout, 2022 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
2244 handle);
2245 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2246 "Connected\n");
2247} 2023}
2248 2024
2249/** 2025/**
@@ -2260,23 +2036,19 @@ libgnunet_plugin_rest_openid_connect_init (void *cls)
2260 2036
2261 cfg = cls; 2037 cfg = cls;
2262 if (NULL != plugin.cfg) 2038 if (NULL != plugin.cfg)
2263 return NULL; /* can only initialize once! */ 2039 return NULL; /* can only initialize once! */
2264 memset (&plugin, 0, sizeof (struct Plugin)); 2040 memset (&plugin, 0, sizeof (struct Plugin));
2265 plugin.cfg = cfg; 2041 plugin.cfg = cfg;
2266 api = GNUNET_new (struct GNUNET_REST_Plugin); 2042 api = GNUNET_new (struct GNUNET_REST_Plugin);
2267 api->cls = &plugin; 2043 api->cls = &plugin;
2268 api->name = GNUNET_REST_API_NS_OIDC; 2044 api->name = GNUNET_REST_API_NS_OIDC;
2269 api->process_request = &rest_identity_process_request; 2045 api->process_request = &rest_identity_process_request;
2270 GNUNET_asprintf (&allow_methods, 2046 GNUNET_asprintf (&allow_methods, "%s, %s, %s, %s, %s", MHD_HTTP_METHOD_GET,
2271 "%s, %s, %s, %s, %s", 2047 MHD_HTTP_METHOD_POST, MHD_HTTP_METHOD_PUT,
2272 MHD_HTTP_METHOD_GET, 2048 MHD_HTTP_METHOD_DELETE, MHD_HTTP_METHOD_OPTIONS);
2273 MHD_HTTP_METHOD_POST,
2274 MHD_HTTP_METHOD_PUT,
2275 MHD_HTTP_METHOD_DELETE,
2276 MHD_HTTP_METHOD_OPTIONS);
2277 2049
2278 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2050 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2279 _("Identity Provider REST API initialized\n")); 2051 _ ("Identity Provider REST API initialized\n"));
2280 return api; 2052 return api;
2281} 2053}
2282 2054
@@ -2296,25 +2068,29 @@ libgnunet_plugin_rest_openid_connect_done (void *cls)
2296 2068
2297 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; 2069 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
2298 void *value = NULL; 2070 void *value = NULL;
2299 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); 2071 hashmap_it =
2072 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map);
2300 while (GNUNET_YES == 2073 while (GNUNET_YES ==
2301 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2074 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2302 GNUNET_free_non_null (value); 2075 GNUNET_free_non_null (value);
2303 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); 2076 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2304 2077
2305 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); 2078 hashmap_it =
2079 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants);
2306 while (GNUNET_YES == 2080 while (GNUNET_YES ==
2307 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2081 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2308 GNUNET_free_non_null (value); 2082 GNUNET_free_non_null (value);
2309 GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants); 2083 GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants);
2310 2084
2311 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); 2085 hashmap_it =
2086 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map);
2312 while (GNUNET_YES == 2087 while (GNUNET_YES ==
2313 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2088 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2314 GNUNET_free_non_null (value); 2089 GNUNET_free_non_null (value);
2315 GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map); 2090 GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map);
2316 2091
2317 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); 2092 hashmap_it =
2093 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map);
2318 while (GNUNET_YES == 2094 while (GNUNET_YES ==
2319 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2095 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2320 GNUNET_free_non_null (value); 2096 GNUNET_free_non_null (value);