diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-08-19 23:53:02 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-08-20 17:59:02 +0200 |
commit | a57d476abbe857365aff157f389cc1188b5dd090 (patch) | |
tree | e8f7163ef7e6f5426748fed8d2eaa5183038a5d6 /src/reclaim/plugin_rest_openid_connect.c | |
parent | e75869506cc08e08056168383bd4ab02e1f007de (diff) | |
download | gnunet-a57d476abbe857365aff157f389cc1188b5dd090.tar.gz gnunet-a57d476abbe857365aff157f389cc1188b5dd090.zip |
reclaim: Attestations now called credentials. Credentials are presented to third parties as presentations.
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 68 |
1 files changed, 38 insertions, 30 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 5ae6565af..5b0bb2b6f 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -439,10 +439,14 @@ struct RequestHandle | |||
439 | struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; | 439 | struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; |
440 | 440 | ||
441 | /** | 441 | /** |
442 | * Credential list | 442 | * Credentials |
443 | */ | 443 | */ |
444 | struct GNUNET_RECLAIM_CredentialList *creds_list; | 444 | struct GNUNET_RECLAIM_CredentialList *credentials; |
445 | 445 | ||
446 | /** | ||
447 | * Presentations | ||
448 | */ | ||
449 | struct GNUNET_RECLAIM_PresentationList *presentations; | ||
446 | 450 | ||
447 | /** | 451 | /** |
448 | * IDENTITY Operation | 452 | * IDENTITY Operation |
@@ -590,8 +594,10 @@ cleanup_handle (struct RequestHandle *handle) | |||
590 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); | 594 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); |
591 | if (NULL!=handle->attr_userinfo_list) | 595 | if (NULL!=handle->attr_userinfo_list) |
592 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); | 596 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); |
593 | if (NULL!=handle->creds_list) | 597 | if (NULL!=handle->credentials) |
594 | GNUNET_RECLAIM_credential_list_destroy (handle->creds_list); | 598 | GNUNET_RECLAIM_credential_list_destroy (handle->credentials); |
599 | if (NULL!=handle->presentations) | ||
600 | GNUNET_RECLAIM_presentation_list_destroy (handle->presentations); | ||
595 | GNUNET_CONTAINER_DLL_remove (requests_head, | 601 | GNUNET_CONTAINER_DLL_remove (requests_head, |
596 | requests_tail, | 602 | requests_tail, |
597 | handle); | 603 | handle); |
@@ -934,7 +940,9 @@ oidc_iteration_error (void *cls) | |||
934 | * parameter. Otherwise redirects with error | 940 | * parameter. Otherwise redirects with error |
935 | */ | 941 | */ |
936 | static void | 942 | static void |
937 | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | 943 | oidc_ticket_issue_cb (void *cls, |
944 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
945 | const struct GNUNET_RECLAIM_PresentationList *pres) | ||
938 | { | 946 | { |
939 | struct RequestHandle *handle = cls; | 947 | struct RequestHandle *handle = cls; |
940 | struct MHD_Response *resp; | 948 | struct MHD_Response *resp; |
@@ -957,7 +965,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
957 | code_string = OIDC_build_authz_code (&handle->priv_key, | 965 | code_string = OIDC_build_authz_code (&handle->priv_key, |
958 | &handle->ticket, | 966 | &handle->ticket, |
959 | handle->attr_idtoken_list, | 967 | handle->attr_idtoken_list, |
960 | handle->creds_list, | 968 | pres, |
961 | handle->oidc->nonce, | 969 | handle->oidc->nonce, |
962 | handle->oidc->code_challenge); | 970 | handle->oidc->code_challenge); |
963 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | 971 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
@@ -1086,7 +1094,7 @@ oidc_cred_collect (void *cls, | |||
1086 | struct GNUNET_RECLAIM_AttributeListEntry *le; | 1094 | struct GNUNET_RECLAIM_AttributeListEntry *le; |
1087 | struct GNUNET_RECLAIM_CredentialListEntry *ale; | 1095 | struct GNUNET_RECLAIM_CredentialListEntry *ale; |
1088 | 1096 | ||
1089 | for (ale = handle->creds_list->list_head; NULL != ale; ale = ale->next) | 1097 | for (ale = handle->credentials->list_head; NULL != ale; ale = ale->next) |
1090 | { | 1098 | { |
1091 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id, | 1099 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id, |
1092 | &cred->id)) | 1100 | &cred->id)) |
@@ -1107,8 +1115,8 @@ oidc_cred_collect (void *cls, | |||
1107 | cred->type, | 1115 | cred->type, |
1108 | cred->data, | 1116 | cred->data, |
1109 | cred->data_size); | 1117 | cred->data_size); |
1110 | GNUNET_CONTAINER_DLL_insert (handle->creds_list->list_head, | 1118 | GNUNET_CONTAINER_DLL_insert (handle->credentials->list_head, |
1111 | handle->creds_list->list_tail, | 1119 | handle->credentials->list_tail, |
1112 | ale); | 1120 | ale); |
1113 | } | 1121 | } |
1114 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); | 1122 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); |
@@ -1129,7 +1137,7 @@ oidc_attr_collect_finished_cb (void *cls) | |||
1129 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1137 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1130 | return; | 1138 | return; |
1131 | } | 1139 | } |
1132 | handle->creds_list = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); | 1140 | handle->credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); |
1133 | handle->cred_it = | 1141 | handle->cred_it = |
1134 | GNUNET_RECLAIM_get_credentials_start (idp, | 1142 | GNUNET_RECLAIM_get_credentials_start (idp, |
1135 | &handle->priv_key, | 1143 | &handle->priv_key, |
@@ -1982,7 +1990,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1982 | const struct EgoEntry *ego_entry; | 1990 | const struct EgoEntry *ego_entry; |
1983 | struct GNUNET_TIME_Relative expiration_time; | 1991 | struct GNUNET_TIME_Relative expiration_time; |
1984 | struct GNUNET_RECLAIM_AttributeList *cl = NULL; | 1992 | struct GNUNET_RECLAIM_AttributeList *cl = NULL; |
1985 | struct GNUNET_RECLAIM_CredentialList *al = NULL; | 1993 | struct GNUNET_RECLAIM_PresentationList *pl = NULL; |
1986 | struct GNUNET_RECLAIM_Ticket ticket; | 1994 | struct GNUNET_RECLAIM_Ticket ticket; |
1987 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; | 1995 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; |
1988 | struct GNUNET_HashCode cache_key; | 1996 | struct GNUNET_HashCode cache_key; |
@@ -2068,7 +2076,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2068 | 2076 | ||
2069 | // decode code | 2077 | // decode code |
2070 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, | 2078 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, |
2071 | &cl, &al, &nonce)) | 2079 | &cl, &pl, &nonce)) |
2072 | { | 2080 | { |
2073 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 2081 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
2074 | handle->edesc = GNUNET_strdup ("invalid code"); | 2082 | handle->edesc = GNUNET_strdup ("invalid code"); |
@@ -2108,7 +2116,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2108 | id_token = OIDC_generate_id_token (&ticket.audience, | 2116 | id_token = OIDC_generate_id_token (&ticket.audience, |
2109 | &ticket.identity, | 2117 | &ticket.identity, |
2110 | cl, | 2118 | cl, |
2111 | al, | 2119 | pl, |
2112 | &expiration_time, | 2120 | &expiration_time, |
2113 | (NULL != nonce) ? nonce : NULL, | 2121 | (NULL != nonce) ? nonce : NULL, |
2114 | jwt_secret); | 2122 | jwt_secret); |
@@ -2124,7 +2132,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2124 | MHD_add_response_header (resp, "Content-Type", "application/json"); | 2132 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
2125 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2133 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
2126 | GNUNET_RECLAIM_attribute_list_destroy (cl); | 2134 | GNUNET_RECLAIM_attribute_list_destroy (cl); |
2127 | GNUNET_RECLAIM_credential_list_destroy (al); | 2135 | GNUNET_RECLAIM_presentation_list_destroy (pl); |
2128 | GNUNET_free (access_token); | 2136 | GNUNET_free (access_token); |
2129 | GNUNET_free (json_response); | 2137 | GNUNET_free (json_response); |
2130 | GNUNET_free (id_token); | 2138 | GNUNET_free (id_token); |
@@ -2139,11 +2147,11 @@ static void | |||
2139 | consume_ticket (void *cls, | 2147 | consume_ticket (void *cls, |
2140 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 2148 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
2141 | const struct GNUNET_RECLAIM_Attribute *attr, | 2149 | const struct GNUNET_RECLAIM_Attribute *attr, |
2142 | const struct GNUNET_RECLAIM_Credential *cred) | 2150 | const struct GNUNET_RECLAIM_Presentation *pres) |
2143 | { | 2151 | { |
2144 | struct RequestHandle *handle = cls; | 2152 | struct RequestHandle *handle = cls; |
2145 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | 2153 | struct GNUNET_RECLAIM_AttributeListEntry *ale; |
2146 | struct GNUNET_RECLAIM_CredentialListEntry *atle; | 2154 | struct GNUNET_RECLAIM_PresentationListEntry *atle; |
2147 | struct MHD_Response *resp; | 2155 | struct MHD_Response *resp; |
2148 | char *result_str; | 2156 | char *result_str; |
2149 | handle->idp_op = NULL; | 2157 | handle->idp_op = NULL; |
@@ -2152,7 +2160,7 @@ consume_ticket (void *cls, | |||
2152 | { | 2160 | { |
2153 | result_str = OIDC_generate_userinfo (&handle->ticket.identity, | 2161 | result_str = OIDC_generate_userinfo (&handle->ticket.identity, |
2154 | handle->attr_userinfo_list, | 2162 | handle->attr_userinfo_list, |
2155 | handle->creds_list); | 2163 | handle->presentations); |
2156 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); | 2164 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); |
2157 | resp = GNUNET_REST_create_response (result_str); | 2165 | resp = GNUNET_REST_create_response (result_str); |
2158 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2166 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
@@ -2172,25 +2180,25 @@ consume_ticket (void *cls, | |||
2172 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, | 2180 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, |
2173 | handle->attr_userinfo_list->list_tail, | 2181 | handle->attr_userinfo_list->list_tail, |
2174 | ale); | 2182 | ale); |
2175 | if (NULL == cred) | 2183 | if (NULL == pres) |
2176 | return; | 2184 | return; |
2177 | for (atle = handle->creds_list->list_head; NULL != atle; atle = atle->next) | 2185 | for (atle = handle->presentations->list_head; |
2186 | NULL != atle; atle = atle->next) | ||
2178 | { | 2187 | { |
2179 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->credential->id, | 2188 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->presentation->credential_id, |
2180 | &cred->id)) | 2189 | &pres->credential_id)) |
2181 | continue; | 2190 | continue; |
2182 | break; /** already in list **/ | 2191 | break; /** already in list **/ |
2183 | } | 2192 | } |
2184 | if (NULL == atle) | 2193 | if (NULL == atle) |
2185 | { | 2194 | { |
2186 | /** Credential matches for attribute, add **/ | 2195 | /** Credential matches for attribute, add **/ |
2187 | atle = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); | 2196 | atle = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); |
2188 | atle->credential = GNUNET_RECLAIM_credential_new (cred->name, | 2197 | atle->presentation = GNUNET_RECLAIM_presentation_new (pres->type, |
2189 | cred->type, | 2198 | pres->data, |
2190 | cred->data, | 2199 | pres->data_size); |
2191 | cred->data_size); | 2200 | GNUNET_CONTAINER_DLL_insert (handle->presentations->list_head, |
2192 | GNUNET_CONTAINER_DLL_insert (handle->creds_list->list_head, | 2201 | handle->presentations->list_tail, |
2193 | handle->creds_list->list_tail, | ||
2194 | atle); | 2202 | atle); |
2195 | } | 2203 | } |
2196 | } | 2204 | } |
@@ -2289,8 +2297,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2289 | privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); | 2297 | privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); |
2290 | handle->attr_userinfo_list = | 2298 | handle->attr_userinfo_list = |
2291 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | 2299 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); |
2292 | handle->creds_list = | 2300 | handle->presentations = |
2293 | GNUNET_new (struct GNUNET_RECLAIM_CredentialList); | 2301 | GNUNET_new (struct GNUNET_RECLAIM_PresentationList); |
2294 | 2302 | ||
2295 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, | 2303 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, |
2296 | privkey, | 2304 | privkey, |