aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2020-12-30 20:58:55 +0900
committerMartin Schanzenbach <schanzen@gnunet.org>2020-12-30 20:58:55 +0900
commitc0465ff926f1b87a375ff320d367cbbabfddb38f (patch)
treecf32bb93a83235c8175aba682b4437d644bc4ec4 /src
parent3ea7b6e726d80050bc3541e56fc6f9d1a5dbb72a (diff)
downloadgnunet-c0465ff926f1b87a375ff320d367cbbabfddb38f.tar.gz
gnunet-c0465ff926f1b87a375ff320d367cbbabfddb38f.zip
RECLAIM: Fix quirky OIDC address handling
Diffstat (limited to 'src')
-rw-r--r--src/reclaim/json_reclaim.c2
-rw-r--r--src/reclaim/oidc_helper.c57
-rw-r--r--src/reclaim/plugin_reclaim_credential_jwt.c39
3 files changed, 86 insertions, 12 deletions
diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c
index 6c945036a..4eeb22bee 100644
--- a/src/reclaim/json_reclaim.c
+++ b/src/reclaim/json_reclaim.c
@@ -95,6 +95,7 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec)
95 } 95 }
96 attr = GNUNET_RECLAIM_attribute_new (name_str, NULL, 96 attr = GNUNET_RECLAIM_attribute_new (name_str, NULL,
97 type, data, data_size); 97 type, data, data_size);
98 GNUNET_free (data);
98 if ((NULL != cred_str) && (0 != strlen (cred_str))) 99 if ((NULL != cred_str) && (0 != strlen (cred_str)))
99 { 100 {
100 GNUNET_STRINGS_string_to_data (cred_str, 101 GNUNET_STRINGS_string_to_data (cred_str,
@@ -334,6 +335,7 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe
334 return GNUNET_SYSERR; 335 return GNUNET_SYSERR;
335 } 336 }
336 cred = GNUNET_RECLAIM_credential_new (name_str, type, data, data_size); 337 cred = GNUNET_RECLAIM_credential_new (name_str, type, data, data_size);
338 GNUNET_free (data);
337 if ((NULL == id_str) || (0 == strlen (id_str))) 339 if ((NULL == id_str) || (0 == strlen (id_str)))
338 memset (&cred->id, 0, sizeof (cred->id)); 340 memset (&cred->id, 0, sizeof (cred->id));
339 else 341 else
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 84a90833c..bd3a8ee05 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -223,6 +223,8 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
223 i++; 223 i++;
224 } 224 }
225 225
226 int addr_is_aggregated = GNUNET_NO;
227 int addr_is_normal = GNUNET_NO;
226 for (le = attrs->list_head; NULL != le; le = le->next) 228 for (le = attrs->list_head; NULL != le; le = le->next)
227 { 229 {
228 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 230 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -230,7 +232,6 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
230 le->attribute->name); 232 le->attribute->name);
231 if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) 233 if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential))
232 { 234 {
233
234 attr_val_str = 235 attr_val_str =
235 GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type, 236 GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type,
236 le->attribute->data, 237 le->attribute->data,
@@ -238,13 +239,22 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
238 /** 239 /**
239 * There is this wierd quirk that the individual address claim(s) must be 240 * There is this wierd quirk that the individual address claim(s) must be
240 * inside a JSON object of the "address" claim. 241 * inside a JSON object of the "address" claim.
241 * FIXME: Possibly include formatted claim here
242 */ 242 */
243 if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name)) 243 if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name))
244 { 244 {
245 if (GNUNET_YES == addr_is_aggregated)
246 {
247 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
248 "Address is set as aggregated claim. Skipping self-issued value...\n");
249 GNUNET_free (attr_val_str);
250 continue;
251 }
252 addr_is_normal = GNUNET_YES;
253
245 if (NULL == addr_claim) 254 if (NULL == addr_claim)
246 { 255 {
247 addr_claim = json_object (); 256 addr_claim = json_object ();
257 json_object_set_new (body, "address", addr_claim);
248 } 258 }
249 json_object_set_new (addr_claim, le->attribute->name, 259 json_object_set_new (addr_claim, le->attribute->name,
250 json_string (attr_val_str)); 260 json_string (attr_val_str));
@@ -276,17 +286,42 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key,
276 le->attribute->name); 286 le->attribute->name);
277 continue; 287 continue;
278 } 288 }
279 // Presentation exists, hence take the respective source str 289 /**
280 GNUNET_asprintf (&source_name, 290 * There is this wierd quirk that the individual address claim(s) must be
281 "src%d", 291 * inside a JSON object of the "address" claim.
282 j); 292 */
283 json_object_set_new (aggr_names, le->attribute->name, 293 if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name))
284 json_string (source_name)); 294 {
285 GNUNET_free (source_name); 295 if (GNUNET_YES == addr_is_normal)
296 {
297 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
298 "Address is already set as normal claim. Skipping attested value...\n");
299 continue;
300 }
301 addr_is_aggregated = GNUNET_YES;
302 /** This is/can only be set once! **/
303 if (NULL != addr_claim)
304 continue;
305 addr_claim = json_object ();
306 GNUNET_asprintf (&source_name,
307 "src%d",
308 j);
309 json_object_set_new (aggr_names, "address",
310 json_string (source_name));
311 GNUNET_free (source_name);
312 }
313 else
314 {
315 // Presentation exists, hence take the respective source str
316 GNUNET_asprintf (&source_name,
317 "src%d",
318 j);
319 json_object_set_new (aggr_names, le->attribute->name,
320 json_string (source_name));
321 GNUNET_free (source_name);
322 }
286 } 323 }
287 } 324 }
288 if (NULL != addr_claim)
289 json_object_set_new (body, "address", addr_claim);
290 if (0 != i) 325 if (0 != i)
291 { 326 {
292 json_object_set_new (body, "_claim_names", aggr_names); 327 json_object_set_new (body, "_claim_names", aggr_names);
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c
index c1e12f4a0..aac0a6ea5 100644
--- a/src/reclaim/plugin_reclaim_credential_jwt.c
+++ b/src/reclaim/plugin_reclaim_credential_jwt.c
@@ -160,6 +160,7 @@ jwt_parse_attributes (void *cls,
160 char *val_str = NULL; 160 char *val_str = NULL;
161 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); 161 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
162 char *decoded_jwt; 162 char *decoded_jwt;
163 char *tmp;
163 json_t *json_val; 164 json_t *json_val;
164 json_error_t *json_err = NULL; 165 json_error_t *json_err = NULL;
165 166
@@ -175,7 +176,10 @@ jwt_parse_attributes (void *cls,
175 json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); 176 json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
176 GNUNET_free (decoded_jwt); 177 GNUNET_free (decoded_jwt);
177 const char *key; 178 const char *key;
179 const char *addr_key;
178 json_t *value; 180 json_t *value;
181 json_t *addr_value;
182
179 json_object_foreach (json_val, key, value) { 183 json_object_foreach (json_val, key, value) {
180 if (0 == strcmp ("iss", key)) 184 if (0 == strcmp ("iss", key))
181 continue; 185 continue;
@@ -189,12 +193,45 @@ jwt_parse_attributes (void *cls,
189 continue; 193 continue;
190 if (0 == strcmp ("aud", key)) 194 if (0 == strcmp ("aud", key))
191 continue; 195 continue;
196 if (0 == strcmp ("address", key))
197 {
198 if (!json_is_object(value)) {
199 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
200 "address claim in wrong format!");
201 continue;
202 }
203 json_object_foreach (value, addr_key, addr_value) {
204 val_str = json_dumps (addr_value, JSON_ENCODE_ANY);
205 tmp = val_str;
206 //Remove leading " from jasson conversion
207 if (tmp[0] == '"')
208 tmp++;
209 //Remove trailing " from jansson conversion
210 if (tmp[strlen(tmp)-1] == '"')
211 tmp[strlen(tmp)-1] = '\0';
212 GNUNET_RECLAIM_attribute_list_add (attrs,
213 addr_key,
214 NULL,
215 GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
216 tmp,
217 strlen (val_str));
218 GNUNET_free (val_str);
219 }
220 continue;
221 }
192 val_str = json_dumps (value, JSON_ENCODE_ANY); 222 val_str = json_dumps (value, JSON_ENCODE_ANY);
223 tmp = val_str;
224 //Remove leading " from jasson conversion
225 if (tmp[0] == '"')
226 tmp++;
227 //Remove trailing " from jansson conversion
228 if (tmp[strlen(tmp)-1] == '"')
229 tmp[strlen(tmp)-1] = '\0';
193 GNUNET_RECLAIM_attribute_list_add (attrs, 230 GNUNET_RECLAIM_attribute_list_add (attrs,
194 key, 231 key,
195 NULL, 232 NULL,
196 GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME 233 GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME
197 val_str, 234 tmp,
198 strlen (val_str)); 235 strlen (val_str));
199 GNUNET_free (val_str); 236 GNUNET_free (val_str);
200 } 237 }