aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2020-08-19 23:53:02 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2020-08-20 17:59:02 +0200
commita57d476abbe857365aff157f389cc1188b5dd090 (patch)
treee8f7163ef7e6f5426748fed8d2eaa5183038a5d6 /src/reclaim/plugin_rest_openid_connect.c
parente75869506cc08e08056168383bd4ab02e1f007de (diff)
downloadgnunet-a57d476abbe857365aff157f389cc1188b5dd090.tar.gz
gnunet-a57d476abbe857365aff157f389cc1188b5dd090.zip
reclaim: Attestations now called credentials. Credentials are presented to third parties as presentations.
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c68
1 files changed, 38 insertions, 30 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 5ae6565af..5b0bb2b6f 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -439,10 +439,14 @@ struct RequestHandle
439 struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; 439 struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list;
440 440
441 /** 441 /**
442 * Credential list 442 * Credentials
443 */ 443 */
444 struct GNUNET_RECLAIM_CredentialList *creds_list; 444 struct GNUNET_RECLAIM_CredentialList *credentials;
445 445
446 /**
447 * Presentations
448 */
449 struct GNUNET_RECLAIM_PresentationList *presentations;
446 450
447 /** 451 /**
448 * IDENTITY Operation 452 * IDENTITY Operation
@@ -590,8 +594,10 @@ cleanup_handle (struct RequestHandle *handle)
590 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); 594 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list);
591 if (NULL!=handle->attr_userinfo_list) 595 if (NULL!=handle->attr_userinfo_list)
592 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); 596 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list);
593 if (NULL!=handle->creds_list) 597 if (NULL!=handle->credentials)
594 GNUNET_RECLAIM_credential_list_destroy (handle->creds_list); 598 GNUNET_RECLAIM_credential_list_destroy (handle->credentials);
599 if (NULL!=handle->presentations)
600 GNUNET_RECLAIM_presentation_list_destroy (handle->presentations);
595 GNUNET_CONTAINER_DLL_remove (requests_head, 601 GNUNET_CONTAINER_DLL_remove (requests_head,
596 requests_tail, 602 requests_tail,
597 handle); 603 handle);
@@ -934,7 +940,9 @@ oidc_iteration_error (void *cls)
934 * parameter. Otherwise redirects with error 940 * parameter. Otherwise redirects with error
935 */ 941 */
936static void 942static void
937oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) 943oidc_ticket_issue_cb (void *cls,
944 const struct GNUNET_RECLAIM_Ticket *ticket,
945 const struct GNUNET_RECLAIM_PresentationList *pres)
938{ 946{
939 struct RequestHandle *handle = cls; 947 struct RequestHandle *handle = cls;
940 struct MHD_Response *resp; 948 struct MHD_Response *resp;
@@ -957,7 +965,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
957 code_string = OIDC_build_authz_code (&handle->priv_key, 965 code_string = OIDC_build_authz_code (&handle->priv_key,
958 &handle->ticket, 966 &handle->ticket,
959 handle->attr_idtoken_list, 967 handle->attr_idtoken_list,
960 handle->creds_list, 968 pres,
961 handle->oidc->nonce, 969 handle->oidc->nonce,
962 handle->oidc->code_challenge); 970 handle->oidc->code_challenge);
963 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && 971 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
@@ -1086,7 +1094,7 @@ oidc_cred_collect (void *cls,
1086 struct GNUNET_RECLAIM_AttributeListEntry *le; 1094 struct GNUNET_RECLAIM_AttributeListEntry *le;
1087 struct GNUNET_RECLAIM_CredentialListEntry *ale; 1095 struct GNUNET_RECLAIM_CredentialListEntry *ale;
1088 1096
1089 for (ale = handle->creds_list->list_head; NULL != ale; ale = ale->next) 1097 for (ale = handle->credentials->list_head; NULL != ale; ale = ale->next)
1090 { 1098 {
1091 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id, 1099 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id,
1092 &cred->id)) 1100 &cred->id))
@@ -1107,8 +1115,8 @@ oidc_cred_collect (void *cls,
1107 cred->type, 1115 cred->type,
1108 cred->data, 1116 cred->data,
1109 cred->data_size); 1117 cred->data_size);
1110 GNUNET_CONTAINER_DLL_insert (handle->creds_list->list_head, 1118 GNUNET_CONTAINER_DLL_insert (handle->credentials->list_head,
1111 handle->creds_list->list_tail, 1119 handle->credentials->list_tail,
1112 ale); 1120 ale);
1113 } 1121 }
1114 GNUNET_RECLAIM_get_credentials_next (handle->cred_it); 1122 GNUNET_RECLAIM_get_credentials_next (handle->cred_it);
@@ -1129,7 +1137,7 @@ oidc_attr_collect_finished_cb (void *cls)
1129 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1137 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1130 return; 1138 return;
1131 } 1139 }
1132 handle->creds_list = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); 1140 handle->credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList);
1133 handle->cred_it = 1141 handle->cred_it =
1134 GNUNET_RECLAIM_get_credentials_start (idp, 1142 GNUNET_RECLAIM_get_credentials_start (idp,
1135 &handle->priv_key, 1143 &handle->priv_key,
@@ -1982,7 +1990,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1982 const struct EgoEntry *ego_entry; 1990 const struct EgoEntry *ego_entry;
1983 struct GNUNET_TIME_Relative expiration_time; 1991 struct GNUNET_TIME_Relative expiration_time;
1984 struct GNUNET_RECLAIM_AttributeList *cl = NULL; 1992 struct GNUNET_RECLAIM_AttributeList *cl = NULL;
1985 struct GNUNET_RECLAIM_CredentialList *al = NULL; 1993 struct GNUNET_RECLAIM_PresentationList *pl = NULL;
1986 struct GNUNET_RECLAIM_Ticket ticket; 1994 struct GNUNET_RECLAIM_Ticket ticket;
1987 struct GNUNET_CRYPTO_EcdsaPublicKey cid; 1995 struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1988 struct GNUNET_HashCode cache_key; 1996 struct GNUNET_HashCode cache_key;
@@ -2068,7 +2076,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2068 2076
2069 // decode code 2077 // decode code
2070 if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, 2078 if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket,
2071 &cl, &al, &nonce)) 2079 &cl, &pl, &nonce))
2072 { 2080 {
2073 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 2081 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
2074 handle->edesc = GNUNET_strdup ("invalid code"); 2082 handle->edesc = GNUNET_strdup ("invalid code");
@@ -2108,7 +2116,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2108 id_token = OIDC_generate_id_token (&ticket.audience, 2116 id_token = OIDC_generate_id_token (&ticket.audience,
2109 &ticket.identity, 2117 &ticket.identity,
2110 cl, 2118 cl,
2111 al, 2119 pl,
2112 &expiration_time, 2120 &expiration_time,
2113 (NULL != nonce) ? nonce : NULL, 2121 (NULL != nonce) ? nonce : NULL,
2114 jwt_secret); 2122 jwt_secret);
@@ -2124,7 +2132,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2124 MHD_add_response_header (resp, "Content-Type", "application/json"); 2132 MHD_add_response_header (resp, "Content-Type", "application/json");
2125 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2133 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2126 GNUNET_RECLAIM_attribute_list_destroy (cl); 2134 GNUNET_RECLAIM_attribute_list_destroy (cl);
2127 GNUNET_RECLAIM_credential_list_destroy (al); 2135 GNUNET_RECLAIM_presentation_list_destroy (pl);
2128 GNUNET_free (access_token); 2136 GNUNET_free (access_token);
2129 GNUNET_free (json_response); 2137 GNUNET_free (json_response);
2130 GNUNET_free (id_token); 2138 GNUNET_free (id_token);
@@ -2139,11 +2147,11 @@ static void
2139consume_ticket (void *cls, 2147consume_ticket (void *cls,
2140 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, 2148 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
2141 const struct GNUNET_RECLAIM_Attribute *attr, 2149 const struct GNUNET_RECLAIM_Attribute *attr,
2142 const struct GNUNET_RECLAIM_Credential *cred) 2150 const struct GNUNET_RECLAIM_Presentation *pres)
2143{ 2151{
2144 struct RequestHandle *handle = cls; 2152 struct RequestHandle *handle = cls;
2145 struct GNUNET_RECLAIM_AttributeListEntry *ale; 2153 struct GNUNET_RECLAIM_AttributeListEntry *ale;
2146 struct GNUNET_RECLAIM_CredentialListEntry *atle; 2154 struct GNUNET_RECLAIM_PresentationListEntry *atle;
2147 struct MHD_Response *resp; 2155 struct MHD_Response *resp;
2148 char *result_str; 2156 char *result_str;
2149 handle->idp_op = NULL; 2157 handle->idp_op = NULL;
@@ -2152,7 +2160,7 @@ consume_ticket (void *cls,
2152 { 2160 {
2153 result_str = OIDC_generate_userinfo (&handle->ticket.identity, 2161 result_str = OIDC_generate_userinfo (&handle->ticket.identity,
2154 handle->attr_userinfo_list, 2162 handle->attr_userinfo_list,
2155 handle->creds_list); 2163 handle->presentations);
2156 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); 2164 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str);
2157 resp = GNUNET_REST_create_response (result_str); 2165 resp = GNUNET_REST_create_response (result_str);
2158 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2166 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
@@ -2172,25 +2180,25 @@ consume_ticket (void *cls,
2172 GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, 2180 GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head,
2173 handle->attr_userinfo_list->list_tail, 2181 handle->attr_userinfo_list->list_tail,
2174 ale); 2182 ale);
2175 if (NULL == cred) 2183 if (NULL == pres)
2176 return; 2184 return;
2177 for (atle = handle->creds_list->list_head; NULL != atle; atle = atle->next) 2185 for (atle = handle->presentations->list_head;
2186 NULL != atle; atle = atle->next)
2178 { 2187 {
2179 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->credential->id, 2188 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->presentation->credential_id,
2180 &cred->id)) 2189 &pres->credential_id))
2181 continue; 2190 continue;
2182 break; /** already in list **/ 2191 break; /** already in list **/
2183 } 2192 }
2184 if (NULL == atle) 2193 if (NULL == atle)
2185 { 2194 {
2186 /** Credential matches for attribute, add **/ 2195 /** Credential matches for attribute, add **/
2187 atle = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); 2196 atle = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry);
2188 atle->credential = GNUNET_RECLAIM_credential_new (cred->name, 2197 atle->presentation = GNUNET_RECLAIM_presentation_new (pres->type,
2189 cred->type, 2198 pres->data,
2190 cred->data, 2199 pres->data_size);
2191 cred->data_size); 2200 GNUNET_CONTAINER_DLL_insert (handle->presentations->list_head,
2192 GNUNET_CONTAINER_DLL_insert (handle->creds_list->list_head, 2201 handle->presentations->list_tail,
2193 handle->creds_list->list_tail,
2194 atle); 2202 atle);
2195 } 2203 }
2196} 2204}
@@ -2289,8 +2297,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2289 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); 2297 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego);
2290 handle->attr_userinfo_list = 2298 handle->attr_userinfo_list =
2291 GNUNET_new (struct GNUNET_RECLAIM_AttributeList); 2299 GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
2292 handle->creds_list = 2300 handle->presentations =
2293 GNUNET_new (struct GNUNET_RECLAIM_CredentialList); 2301 GNUNET_new (struct GNUNET_RECLAIM_PresentationList);
2294 2302
2295 handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, 2303 handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp,
2296 privkey, 2304 privkey,