diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-11 15:58:38 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-11 15:58:38 +0100 |
commit | 762463674907eaec186cce3ba7c178c4aced2a2e (patch) | |
tree | be7cb0df80d34942da8812687dae9e55a75b92ba /src | |
parent | 60c963315271ce4314b708bef519eb4fb64f0979 (diff) | |
download | gnunet-762463674907eaec186cce3ba7c178c4aced2a2e.tar.gz gnunet-762463674907eaec186cce3ba7c178c4aced2a2e.zip |
-wip client_id check
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 98 |
1 files changed, 77 insertions, 21 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index ac9d2bd08..4daba29be 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -258,11 +258,21 @@ struct RequestHandle | |||
258 | struct GNUNET_REST_RequestHandle *rest_handle; | 258 | struct GNUNET_REST_RequestHandle *rest_handle; |
259 | 259 | ||
260 | /** | 260 | /** |
261 | * Zone connection | 261 | * Handle to NAMESTORE |
262 | */ | 262 | */ |
263 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | 263 | struct GNUNET_NAMESTORE_Handle *namestore_handle; |
264 | 264 | ||
265 | /** | 265 | /** |
266 | * Private key for the zone | ||
267 | */ | ||
268 | struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey; | ||
269 | |||
270 | /** | ||
271 | * OIDC_client public key | ||
272 | */ | ||
273 | struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey; | ||
274 | |||
275 | /** | ||
266 | * IDENTITY Operation | 276 | * IDENTITY Operation |
267 | */ | 277 | */ |
268 | struct GNUNET_IDENTITY_Operation *op; | 278 | struct GNUNET_IDENTITY_Operation *op; |
@@ -339,8 +349,6 @@ struct RequestHandle | |||
339 | 349 | ||
340 | }; | 350 | }; |
341 | 351 | ||
342 | |||
343 | |||
344 | /** | 352 | /** |
345 | * Cleanup lookup handle | 353 | * Cleanup lookup handle |
346 | * @param handle Handle to clean up | 354 | * @param handle Handle to clean up |
@@ -404,8 +412,8 @@ do_error (void *cls) | |||
404 | char *json_error; | 412 | char *json_error; |
405 | 413 | ||
406 | GNUNET_asprintf (&json_error, | 414 | GNUNET_asprintf (&json_error, |
407 | "{error : %s}", | 415 | "{error : %s, error_description : %s}", |
408 | handle->emsg); | 416 | handle->emsg, (NULL != handle->edesc) ? handle->edesc : ""); |
409 | resp = GNUNET_REST_create_response (json_error); | 417 | resp = GNUNET_REST_create_response (json_error); |
410 | handle->proc (handle->proc_cls, resp, handle->response_code); | 418 | handle->proc (handle->proc_cls, resp, handle->response_code); |
411 | cleanup_handle (handle); | 419 | cleanup_handle (handle); |
@@ -1157,21 +1165,47 @@ zone_to_name_error (void *cls) | |||
1157 | */ | 1165 | */ |
1158 | static void | 1166 | static void |
1159 | zone_to_name_get_cb (void *cls, | 1167 | zone_to_name_get_cb (void *cls, |
1160 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, | 1168 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, |
1161 | const char *name, | 1169 | const char *name, unsigned int rd_count, |
1162 | unsigned int rd_count, | 1170 | const struct GNUNET_GNSRECORD_Data *rd) |
1163 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1164 | { | 1171 | { |
1165 | struct RequestHandle *handle = cls; | 1172 | struct RequestHandle *handle = cls; |
1173 | struct EgoEntry *ego_entry = handle->ego_entry->next; | ||
1174 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s", handle->ego_entry->keystring); | ||
1175 | if ( NULL == name ) | ||
1176 | { | ||
1177 | if(NULL != ego_entry){ | ||
1178 | handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key ( | ||
1179 | handle->ego_head->ego); | ||
1166 | 1180 | ||
1167 | 1181 | ||
1168 | if (0 == rd_count) | 1182 | handle->ego_entry = ego_entry; |
1183 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey, | ||
1184 | &handle->client_pkey, &zone_to_name_error, handle, | ||
1185 | &zone_to_name_get_cb, handle); | ||
1186 | return; | ||
1187 | } | ||
1188 | else | ||
1189 | { | ||
1190 | handle->emsg = GNUNET_strdup("unauthorized_client"); | ||
1191 | //TODO change desc | ||
1192 | handle->edesc = GNUNET_strdup("Not in namestore"); | ||
1193 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1194 | // GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | ||
1195 | // handle->namestore_handle = NULL; | ||
1196 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1197 | return; | ||
1198 | } | ||
1199 | } | ||
1200 | else | ||
1169 | { | 1201 | { |
1170 | handle->emsg = GNUNET_strdup("unauthorized_client"); | ||
1171 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1172 | 1202 | ||
1173 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | 1203 | handle->emsg = GNUNET_strdup("works"); |
1174 | handle->namestore_handle = NULL; | 1204 | handle->edesc = GNUNET_strdup(""); |
1205 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1206 | // GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | ||
1207 | // handle->namestore_handle = NULL; | ||
1208 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test"); | ||
1175 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1209 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1176 | return; | 1210 | return; |
1177 | } | 1211 | } |
@@ -1229,6 +1263,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1229 | { | 1263 | { |
1230 | handle->emsg=GNUNET_strdup("invalid_request"); | 1264 | handle->emsg=GNUNET_strdup("invalid_request"); |
1231 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | 1265 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); |
1266 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1232 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1267 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1233 | return; | 1268 | return; |
1234 | } | 1269 | } |
@@ -1237,20 +1272,40 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1237 | if ( GNUNET_OK | 1272 | if ( GNUNET_OK |
1238 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, | 1273 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, |
1239 | strlen (client_id), | 1274 | strlen (client_id), |
1240 | &pubkey) ) | 1275 | &handle->client_pkey) ) |
1241 | { | 1276 | { |
1242 | handle->emsg=GNUNET_strdup("unauthorized_client"); | 1277 | handle->emsg=GNUNET_strdup("unauthorized_client"); |
1278 | handle->edesc = GNUNET_strdup( | ||
1279 | "The client is not authorized to request an authorization" | ||
1280 | " code using this method."); | ||
1243 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1281 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1244 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1282 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1283 | return; | ||
1245 | } | 1284 | } |
1246 | 1285 | ||
1247 | // Checks if client_id is valid: | 1286 | // Checks if client_id is valid: |
1248 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 1287 | if ( NULL == handle->namestore_handle ) |
1249 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1288 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); |
1250 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey, | 1289 | |
1251 | zone_to_name_error, handle, zone_to_name_get_cb, | 1290 | if ( NULL == handle->ego_head ) |
1252 | handle); | 1291 | { |
1292 | handle->emsg = GNUNET_strdup("Missing egos."); | ||
1293 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1294 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1295 | return; | ||
1296 | } | ||
1297 | //TODO fix this | ||
1298 | // for (ego_entry = handle->ego_head; | ||
1299 | // NULL != ego_entry; ego_entry = ego_entry->next) | ||
1300 | // { | ||
1301 | handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key ( | ||
1302 | handle->ego_head->ego); | ||
1303 | handle->ego_entry = handle->ego_head; | ||
1304 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey, | ||
1305 | &handle->client_pkey, &zone_to_name_error, handle, | ||
1306 | &zone_to_name_get_cb, handle); | ||
1253 | return; | 1307 | return; |
1308 | // zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->rest_handle); | ||
1254 | 1309 | ||
1255 | // REQUIRED value: redirect_uri | 1310 | // REQUIRED value: redirect_uri |
1256 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1311 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
@@ -1279,6 +1334,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1279 | } | 1334 | } |
1280 | handle->eredirect = GNUNET_strdup(redirect_uri); | 1335 | handle->eredirect = GNUNET_strdup(redirect_uri); |
1281 | 1336 | ||
1337 | GNUNET_free(expected_redirect_uri); | ||
1282 | // REQUIRED value: response_type | 1338 | // REQUIRED value: response_type |
1283 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1339 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), |
1284 | &cache_key); | 1340 | &cache_key); |
@@ -1324,6 +1380,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1324 | &cache_key); | 1380 | &cache_key); |
1325 | } | 1381 | } |
1326 | 1382 | ||
1383 | //TODO check other values and use them accordingly | ||
1327 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1384 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
1328 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) | 1385 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
1329 | { | 1386 | { |
@@ -1360,7 +1417,6 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1360 | return; | 1417 | return; |
1361 | } | 1418 | } |
1362 | 1419 | ||
1363 | //TODO check other values and use them accordingly | ||
1364 | 1420 | ||
1365 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 1421 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), |
1366 | &cache_key); | 1422 | &cache_key); |