diff options
author | Markus Voggenreiter <Markus.Voggenreiter@tum.de> | 2019-11-27 12:30:49 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-01-13 13:31:05 +0100 |
commit | cb08bbcbefc98afe6b8c7600bb0dfb1241343cff (patch) | |
tree | ec801cb4e772bd245ca8d22f19bc751ca67d2737 /src/reclaim/plugin_rest_openid_connect.c | |
parent | c0fce9ca75973a646f80372fcc08c059818ba548 (diff) | |
download | gnunet-cb08bbcbefc98afe6b8c7600bb0dfb1241343cff.tar.gz gnunet-cb08bbcbefc98afe6b8c7600bb0dfb1241343cff.zip |
Basic Functionality Implemented
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 167 |
1 files changed, 126 insertions, 41 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 2c4b75c3f..741094f21 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -120,6 +120,11 @@ | |||
120 | #define OIDC_NONCE_KEY "nonce" | 120 | #define OIDC_NONCE_KEY "nonce" |
121 | 121 | ||
122 | /** | 122 | /** |
123 | * OIDC claims key | ||
124 | */ | ||
125 | #define OIDC_CLAIMS_KEY "claims" | ||
126 | |||
127 | /** | ||
123 | * OIDC PKCE code challenge | 128 | * OIDC PKCE code challenge |
124 | */ | 129 | */ |
125 | #define OIDC_CODE_CHALLENGE_KEY "code_challenge" | 130 | #define OIDC_CODE_CHALLENGE_KEY "code_challenge" |
@@ -291,6 +296,11 @@ struct OIDC_Variables | |||
291 | char *nonce; | 296 | char *nonce; |
292 | 297 | ||
293 | /** | 298 | /** |
299 | * The OIDC claims | ||
300 | */ | ||
301 | char *claims; | ||
302 | |||
303 | /** | ||
294 | * The OIDC response type | 304 | * The OIDC response type |
295 | */ | 305 | */ |
296 | char *response_type; | 306 | char *response_type; |
@@ -560,7 +570,12 @@ cleanup_handle (struct RequestHandle *handle) | |||
560 | { | 570 | { |
561 | claim_tmp = claim_entry; | 571 | claim_tmp = claim_entry; |
562 | claim_entry = claim_entry->next; | 572 | claim_entry = claim_entry->next; |
563 | GNUNET_free (claim_tmp->claim); | 573 | if (NULL != claim_tmp->claim) |
574 | GNUNET_free (claim_tmp->claim); | ||
575 | if (NULL != claim_tmp->attest) | ||
576 | GNUNET_free (claim_tmp->attest); | ||
577 | if (NULL != claim_tmp->reference) | ||
578 | GNUNET_free (claim_tmp->reference); | ||
564 | GNUNET_free (claim_tmp); | 579 | GNUNET_free (claim_tmp); |
565 | } | 580 | } |
566 | GNUNET_free (handle->attr_list); | 581 | GNUNET_free (handle->attr_list); |
@@ -697,7 +712,7 @@ return_userinfo_response (void *cls) | |||
697 | struct MHD_Response *resp; | 712 | struct MHD_Response *resp; |
698 | 713 | ||
699 | result_str = json_dumps (handle->oidc->response, 0); | 714 | result_str = json_dumps (handle->oidc->response, 0); |
700 | 715 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR,"ID-Token: %s\n",result_str); | |
701 | resp = GNUNET_REST_create_response (result_str); | 716 | resp = GNUNET_REST_create_response (result_str); |
702 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 717 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
703 | GNUNET_free (result_str); | 718 | GNUNET_free (result_str); |
@@ -838,7 +853,7 @@ login_redirect (void *cls) | |||
838 | &login_base_url)) | 853 | &login_base_url)) |
839 | { | 854 | { |
840 | GNUNET_asprintf (&new_redirect, | 855 | GNUNET_asprintf (&new_redirect, |
841 | "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 856 | "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
842 | login_base_url, | 857 | login_base_url, |
843 | OIDC_RESPONSE_TYPE_KEY, | 858 | OIDC_RESPONSE_TYPE_KEY, |
844 | handle->oidc->response_type, | 859 | handle->oidc->response_type, |
@@ -854,7 +869,10 @@ login_redirect (void *cls) | |||
854 | (NULL != handle->oidc->code_challenge) ? | 869 | (NULL != handle->oidc->code_challenge) ? |
855 | handle->oidc->code_challenge : "", | 870 | handle->oidc->code_challenge : "", |
856 | OIDC_NONCE_KEY, | 871 | OIDC_NONCE_KEY, |
857 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); | 872 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", |
873 | OIDC_CLAIMS_KEY, | ||
874 | (NULL != handle->oidc->claims) ? handle->oidc->claims : | ||
875 | ""); | ||
858 | resp = GNUNET_REST_create_response (""); | 876 | resp = GNUNET_REST_create_response (""); |
859 | MHD_add_response_header (resp, "Location", new_redirect); | 877 | MHD_add_response_header (resp, "Location", new_redirect); |
860 | GNUNET_free (login_base_url); | 878 | GNUNET_free (login_base_url); |
@@ -993,7 +1011,7 @@ oidc_attr_collect (void *cls, | |||
993 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | 1011 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
994 | return; | 1012 | return; |
995 | } | 1013 | } |
996 | if (NULL == attr) | 1014 | if (NULL != reference) |
997 | { | 1015 | { |
998 | if ((NULL == reference->name) || (NULL == reference->reference_value)) | 1016 | if ((NULL == reference->name) || (NULL == reference->reference_value)) |
999 | { | 1017 | { |
@@ -1013,35 +1031,31 @@ oidc_attr_collect (void *cls, | |||
1013 | return; | 1031 | return; |
1014 | } | 1032 | } |
1015 | GNUNET_free (scope_variables); | 1033 | GNUNET_free (scope_variables); |
1016 | // Store references as attributes as they only use the ID later | 1034 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le2; |
1017 | const char *type_str = NULL; | 1035 | le2 = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); |
1018 | char *data; | ||
1019 | size_t data_size; | ||
1020 | uint32_t type; | ||
1021 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); | 1036 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); |
1022 | type_str = "String"; | 1037 | le->claim = NULL; |
1023 | type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str); | 1038 | le->reference = NULL; |
1024 | if (GNUNET_SYSERR ==(GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type, | 1039 | le->attest = GNUNET_RECLAIM_ATTESTATION_claim_new (attest->name, |
1025 | reference-> | 1040 | attest->type, |
1026 | reference_value, | 1041 | attest->data, |
1027 | (void **) & | 1042 | attest->data_size); |
1028 | data, | 1043 | le->attest->id = attest->id; |
1029 | &data_size))) | 1044 | le2->attest = NULL; |
1030 | { | 1045 | le2->claim = NULL; |
1031 | return; | 1046 | le2->reference = GNUNET_RECLAIM_ATTESTATION_reference_new (reference->name, |
1032 | } | 1047 | reference-> |
1033 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (reference->name, | 1048 | reference_value); |
1034 | type, | 1049 | le2->reference->id = reference->id; |
1035 | data, | 1050 | le2->reference->id_attest = reference->id_attest; |
1036 | data_size); | ||
1037 | le->claim->id = reference->id; | ||
1038 | le->claim->flag = 1; | ||
1039 | |||
1040 | GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head, | 1051 | GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head, |
1041 | handle->attr_list->list_tail, | 1052 | handle->attr_list->list_tail, |
1042 | le); | 1053 | le); |
1054 | GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head, | ||
1055 | handle->attr_list->list_tail, | ||
1056 | le2); | ||
1043 | } | 1057 | } |
1044 | else | 1058 | else if (NULL != attr) |
1045 | { | 1059 | { |
1046 | if ((NULL == attr->name) || (NULL == attr->data)) | 1060 | if ((NULL == attr->name) || (NULL == attr->data)) |
1047 | { | 1061 | { |
@@ -1063,8 +1077,9 @@ oidc_attr_collect (void *cls, | |||
1063 | return; | 1077 | return; |
1064 | } | 1078 | } |
1065 | GNUNET_free (scope_variables); | 1079 | GNUNET_free (scope_variables); |
1066 | |||
1067 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); | 1080 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); |
1081 | le->reference = NULL; | ||
1082 | le->attest = NULL; | ||
1068 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, | 1083 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, |
1069 | attr->type, | 1084 | attr->type, |
1070 | attr->data, | 1085 | attr->data, |
@@ -1362,6 +1377,9 @@ build_authz_response (void *cls) | |||
1362 | // OPTIONAL value: nonce | 1377 | // OPTIONAL value: nonce |
1363 | handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY); | 1378 | handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY); |
1364 | 1379 | ||
1380 | // OPTIONAL value: claims | ||
1381 | handle->oidc->claims = get_url_parameter_copy (handle, OIDC_CLAIMS_KEY); | ||
1382 | |||
1365 | // TODO check other values if needed | 1383 | // TODO check other values if needed |
1366 | number_of_ignored_parameter = | 1384 | number_of_ignored_parameter = |
1367 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1385 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
@@ -1918,8 +1936,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1918 | 1936 | ||
1919 | 1937 | ||
1920 | /** | 1938 | /** |
1921 | * Collects claims and stores them in handle | 1939 | * Collects claims and stores them in handle |
1922 | */ | 1940 | */ |
1923 | static void | 1941 | static void |
1924 | consume_ticket (void *cls, | 1942 | consume_ticket (void *cls, |
1925 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 1943 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
@@ -1928,20 +1946,87 @@ consume_ticket (void *cls, | |||
1928 | const struct GNUNET_RECLAIM_ATTESTATION_REFERENCE *reference) | 1946 | const struct GNUNET_RECLAIM_ATTESTATION_REFERENCE *reference) |
1929 | { | 1947 | { |
1930 | struct RequestHandle *handle = cls; | 1948 | struct RequestHandle *handle = cls; |
1931 | char *tmp_value; | ||
1932 | json_t *value; | ||
1933 | |||
1934 | if (NULL == identity) | 1949 | if (NULL == identity) |
1935 | { | 1950 | { |
1936 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); | 1951 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); |
1937 | return; | 1952 | return; |
1938 | } | 1953 | } |
1939 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, | 1954 | if (NULL != attr) |
1940 | attr->data, | 1955 | { |
1941 | attr->data_size); | 1956 | char *tmp_value; |
1942 | value = json_string (tmp_value); | 1957 | json_t *value; |
1943 | json_object_set_new (handle->oidc->response, attr->name, value); | 1958 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, |
1944 | GNUNET_free (tmp_value); | 1959 | attr->data, |
1960 | attr->data_size); | ||
1961 | value = json_string (tmp_value); | ||
1962 | json_object_set_new (handle->oidc->response, attr->name, value); | ||
1963 | GNUNET_free (tmp_value); | ||
1964 | } | ||
1965 | else if ((NULL != attest) && (NULL != reference)) | ||
1966 | { | ||
1967 | json_t *claim_sources; | ||
1968 | json_t *claim_sources_jwt; | ||
1969 | json_t *claim_names; | ||
1970 | char *attest_val_str; | ||
1971 | claim_sources=json_object_get(handle->oidc->response,"_claim_sources"); | ||
1972 | claim_names=json_object_get(handle->oidc->response,"_claim_names"); | ||
1973 | attest_val_str = GNUNET_RECLAIM_ATTESTATION_value_to_string (attest->type, | ||
1974 | attest->data, | ||
1975 | attest-> | ||
1976 | data_size); | ||
1977 | if ((NULL == claim_sources) && (NULL == claim_names) ) | ||
1978 | { | ||
1979 | claim_sources = json_object (); | ||
1980 | claim_names = json_object (); | ||
1981 | } | ||
1982 | char *source_name; | ||
1983 | int i = 0; | ||
1984 | GNUNET_asprintf (&source_name,"src%d",i); | ||
1985 | while (NULL != (claim_sources_jwt = json_object_get (claim_sources, | ||
1986 | source_name))) | ||
1987 | { | ||
1988 | if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt, | ||
1989 | "JWT")), | ||
1990 | attest_val_str)) | ||
1991 | { | ||
1992 | // Adapt only the claim names | ||
1993 | json_object_set_new (claim_names, reference->name, json_string ( | ||
1994 | source_name)); | ||
1995 | json_object_set (handle->oidc->response, "_claim_names",claim_names); | ||
1996 | handle->oidc->response = json_deep_copy(handle->oidc->response); | ||
1997 | break; | ||
1998 | } | ||
1999 | i++; | ||
2000 | GNUNET_asprintf (&source_name,"src%d",i); | ||
2001 | } | ||
2002 | |||
2003 | // Create new one | ||
2004 | if (NULL == claim_sources_jwt) | ||
2005 | { | ||
2006 | claim_sources_jwt = json_object (); | ||
2007 | // Set the JWT for names | ||
2008 | json_object_set_new (claim_names, reference->name, json_string ( | ||
2009 | source_name)); | ||
2010 | // Set the JWT for the inner source | ||
2011 | json_object_set_new (claim_sources_jwt, "JWT", json_string ( | ||
2012 | attest_val_str)); | ||
2013 | // Set the JWT for the source | ||
2014 | json_object_set_new (claim_sources, source_name,claim_sources_jwt); | ||
2015 | // Set as claims | ||
2016 | json_object_set (handle->oidc->response, "_claim_names", claim_names); | ||
2017 | json_object_set (handle->oidc->response, "_claim_sources",claim_sources); | ||
2018 | handle->oidc->response = json_deep_copy(handle->oidc->response); | ||
2019 | } | ||
2020 | |||
2021 | json_decref (claim_sources); | ||
2022 | json_decref (claim_names); | ||
2023 | json_decref (claim_sources_jwt); | ||
2024 | GNUNET_free (attest_val_str); | ||
2025 | } | ||
2026 | else | ||
2027 | { | ||
2028 | // REMARK: We should not find any claim, one of attest/ref is NULL | ||
2029 | } | ||
1945 | } | 2030 | } |
1946 | 2031 | ||
1947 | 2032 | ||