aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim
diff options
context:
space:
mode:
authorSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-07-22 18:01:50 +0200
committerSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-07-22 18:01:50 +0200
commit8b67e9b5f905ff80ee73300bbb278c00e36b9bca (patch)
tree51440e34ea6807f35dc1987ce23c3e34659fbda0 /src/reclaim
parentb68e69365b355f3ef5104f3b682457b0844a70df (diff)
downloadgnunet-8b67e9b5f905ff80ee73300bbb278c00e36b9bca.tar.gz
gnunet-8b67e9b5f905ff80ee73300bbb278c00e36b9bca.zip
ensure ticket contains client id
Diffstat (limited to 'src/reclaim')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c24
1 files changed, 22 insertions, 2 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index a2d32e126..876e221b5 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -795,7 +795,8 @@ oidc_iteration_error (void *cls)
795} 795}
796 796
797static int 797static int
798parse_authz_code (const char* code, 798parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
799 const char* code,
799 struct GNUNET_RECLAIM_Ticket **ticket, 800 struct GNUNET_RECLAIM_Ticket **ticket,
800 char **nonce) 801 char **nonce)
801{ 802{
@@ -868,6 +869,19 @@ parse_authz_code (const char* code,
868 memcpy (*ticket, 869 memcpy (*ticket,
869 &purpose[1], 870 &purpose[1],
870 sizeof (struct GNUNET_RECLAIM_Ticket)); 871 sizeof (struct GNUNET_RECLAIM_Ticket));
872 if (0 != memcmp (audience,
873 &(*ticket)->audience,
874 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
875 {
876 GNUNET_free (purpose);
877 GNUNET_free (*ticket);
878 json_decref (code_json);
879 *ticket = NULL;
880 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
881 "Audience in ticket does not match client!\n");
882 return GNUNET_SYSERR;
883
884 }
871 if (NULL != nonce_str) 885 if (NULL != nonce_str)
872 memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), 886 memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket),
873 nonce_str, 887 nonce_str,
@@ -1669,8 +1683,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1669 } 1683 }
1670 1684
1671 //decode code 1685 //decode code
1686 struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1687 GNUNET_STRINGS_string_to_data (client_id,
1688 strlen(client_id),
1689 &cid,
1690 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1672 struct GNUNET_RECLAIM_Ticket *ticket; 1691 struct GNUNET_RECLAIM_Ticket *ticket;
1673 if(GNUNET_OK != parse_authz_code (code, 1692 if(GNUNET_OK != parse_authz_code (&cid,
1693 code,
1674 &ticket, 1694 &ticket,
1675 &nonce)) 1695 &nonce))
1676 { 1696 {