aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim
diff options
context:
space:
mode:
authorSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-07-21 08:00:49 +0200
committerSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-07-21 08:00:49 +0200
commitee4adf9768a740c3d79b854453eb8bc0f5c14d30 (patch)
tree3c7d321c31cbebd56a6fcb883a43b8f6136a3dd8 /src/reclaim
parent1914b435ce08b95c02d9c630acc292f4a7548a47 (diff)
downloadgnunet-ee4adf9768a740c3d79b854453eb8bc0f5c14d30.tar.gz
gnunet-ee4adf9768a740c3d79b854453eb8bc0f5c14d30.zip
add more general HMAC function for JWTs
Diffstat (limited to 'src/reclaim')
-rw-r--r--src/reclaim/jwt.c16
-rw-r--r--src/reclaim/jwt.h2
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c4
3 files changed, 10 insertions, 12 deletions
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c
index 45b5d73f6..ec1e6d098 100644
--- a/src/reclaim/jwt.c
+++ b/src/reclaim/jwt.c
@@ -65,8 +65,8 @@ create_jwt_header(void)
65char* 65char*
66jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, 66jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
67 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, 67 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
68 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, 68 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
69 const struct GNUNET_CRYPTO_AuthKey *priv_key) 69 const char *secret_key)
70{ 70{
71 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; 71 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
72 struct GNUNET_HashCode signature; 72 struct GNUNET_HashCode signature;
@@ -89,12 +89,12 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
89 //nonce only if nonce 89 //nonce only if nonce
90 // OPTIONAL acr,amr,azp 90 // OPTIONAL acr,amr,azp
91 subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, 91 subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key,
92 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 92 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
93 audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, 93 audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
94 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 94 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
95 header = create_jwt_header (); 95 header = create_jwt_header ();
96 body = json_object (); 96 body = json_object ();
97 97
98 //iss REQUIRED case sensitive server uri with https 98 //iss REQUIRED case sensitive server uri with https
99 //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) 99 //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid)
100 json_object_set_new (body, 100 json_object_set_new (body,
@@ -108,8 +108,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
108 for (le = attrs->list_head; NULL != le; le = le->next) 108 for (le = attrs->list_head; NULL != le; le = le->next)
109 { 109 {
110 attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, 110 attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
111 le->claim->data, 111 le->claim->data,
112 le->claim->data_size); 112 le->claim->data_size);
113 json_object_set_new (body, 113 json_object_set_new (body,
114 le->claim->name, 114 le->claim->name,
115 json_string (attr_val_str)); 115 json_string (attr_val_str));
@@ -142,8 +142,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
142 * Creating the JWT signature. This might not be 142 * Creating the JWT signature. This might not be
143 * standards compliant, check. 143 * standards compliant, check.
144 */ 144 */
145 GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); 145 GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
146 GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); 146 GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature);
147 GNUNET_STRINGS_base64_encode ((const char*)&signature, 147 GNUNET_STRINGS_base64_encode ((const char*)&signature,
148 sizeof (struct GNUNET_HashCode), 148 sizeof (struct GNUNET_HashCode),
149 &signature_base64); 149 &signature_base64);
diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h
index 4b0b01be3..39b4e2f3c 100644
--- a/src/reclaim/jwt.h
+++ b/src/reclaim/jwt.h
@@ -5,6 +5,6 @@ char*
5jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, 5jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
6 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, 6 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
7 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, 7 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
8 const struct GNUNET_CRYPTO_AuthKey *priv_key); 8 const char* secret_key);
9 9
10#endif 10#endif
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 6aa2cd907..5a34e5b72 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -1647,14 +1647,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1647 GNUNET_free(ticket); 1647 GNUNET_free(ticket);
1648 return; 1648 return;
1649 } 1649 }
1650 struct GNUNET_CRYPTO_AuthKey jwt_sign_key;
1651 struct GNUNET_CRYPTO_EcdsaPublicKey pk; 1650 struct GNUNET_CRYPTO_EcdsaPublicKey pk;
1652 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); 1651 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk);
1653 GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key);
1654 char *id_token = jwt_create_from_list(&ticket->audience, 1652 char *id_token = jwt_create_from_list(&ticket->audience,
1655 &pk, 1653 &pk,
1656 cl, 1654 cl,
1657 &jwt_sign_key); 1655 jwt_secret);
1658 1656
1659 //Create random access_token 1657 //Create random access_token
1660 char* access_token_number; 1658 char* access_token_number;
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 15:10:21 +0000