diff options
author | Phil <phil.buschmann@tum.de> | 2018-02-05 14:57:22 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-02-05 14:57:22 +0100 |
commit | 0166171bb810849613164867bc3450bf5bf73a5a (patch) | |
tree | 727702a780e1a9bc5b953e71d8625b649c78f1e2 /src | |
parent | ddbd4e85b1128d2547d551b885eef01bfab5046d (diff) | |
download | gnunet-0166171bb810849613164867bc3450bf5bf73a5a.tar.gz gnunet-0166171bb810849613164867bc3450bf5bf73a5a.zip |
-wip token endpoint fix
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/jwt.c | 2 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 66 |
2 files changed, 57 insertions, 11 deletions
diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c index 02a920f14..ede5424c8 100644 --- a/src/identity-provider/jwt.c +++ b/src/identity-provider/jwt.c | |||
@@ -39,6 +39,7 @@ | |||
39 | 39 | ||
40 | #define JWT_TYP_VALUE "jwt" | 40 | #define JWT_TYP_VALUE "jwt" |
41 | 41 | ||
42 | //TODO change server address | ||
42 | #define SERVER_ADDRESS "https://localhost" | 43 | #define SERVER_ADDRESS "https://localhost" |
43 | 44 | ||
44 | static char* | 45 | static char* |
@@ -101,7 +102,6 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
101 | body = json_object (); | 102 | body = json_object (); |
102 | /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ | 103 | /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ |
103 | //iss REQUIRED case sensitive server uri with https | 104 | //iss REQUIRED case sensitive server uri with https |
104 | //TODO change server address | ||
105 | json_object_set_new (body, | 105 | json_object_set_new (body, |
106 | "iss", json_string (SERVER_ADDRESS)); | 106 | "iss", json_string (SERVER_ADDRESS)); |
107 | //sub REQUIRED public key identity, not exceed 255 ASCII length | 107 | //sub REQUIRED public key identity, not exceed 255 ASCII length |
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index a0adf1b38..8011d8da5 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -108,6 +108,21 @@ | |||
108 | #define ID_REST_STATE_POST_INIT 1 | 108 | #define ID_REST_STATE_POST_INIT 1 |
109 | 109 | ||
110 | /** | 110 | /** |
111 | * OIDC grant_type key | ||
112 | */ | ||
113 | #define OIDC_GRANT_TYPE_KEY "grant_type" | ||
114 | |||
115 | /** | ||
116 | * OIDC grant_type key | ||
117 | */ | ||
118 | #define OIDC_GRANT_TYPE_VALUE "authorization_code" | ||
119 | |||
120 | /** | ||
121 | * OIDC code key | ||
122 | */ | ||
123 | #define OIDC_CODE_KEY "code" | ||
124 | |||
125 | /** | ||
111 | * OIDC response_type key | 126 | * OIDC response_type key |
112 | */ | 127 | */ |
113 | #define OIDC_RESPONSE_TYPE_KEY "response_type" | 128 | #define OIDC_RESPONSE_TYPE_KEY "response_type" |
@@ -205,7 +220,9 @@ struct Plugin | |||
205 | { | 220 | { |
206 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 221 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
207 | }; | 222 | }; |
208 | 223 | /** | |
224 | * OIDC needed variables | ||
225 | */ | ||
209 | struct OIDC_Variables | 226 | struct OIDC_Variables |
210 | { | 227 | { |
211 | 228 | ||
@@ -1673,7 +1690,6 @@ static void namestore_iteration_finished (void *cls) | |||
1673 | { | 1690 | { |
1674 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1691 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1675 | &cache_key); | 1692 | &cache_key); |
1676 | //TODO: what do we do with the nonce? => token | ||
1677 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); | 1693 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); |
1678 | } | 1694 | } |
1679 | 1695 | ||
@@ -1868,6 +1884,34 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1868 | } | 1884 | } |
1869 | 1885 | ||
1870 | static void | 1886 | static void |
1887 | consume_ticket (void *cls, | ||
1888 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | ||
1889 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) | ||
1890 | { | ||
1891 | struct RequestHandle *handle = cls; | ||
1892 | struct GNUNET_JSONAPI_Resource *json_resource; | ||
1893 | json_t *value; | ||
1894 | |||
1895 | if (NULL == identity) | ||
1896 | { | ||
1897 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
1898 | return; | ||
1899 | } | ||
1900 | |||
1901 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute: %s\n", | ||
1902 | attr->name); | ||
1903 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, | ||
1904 | attr->name); | ||
1905 | GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); | ||
1906 | |||
1907 | value = json_string (attr->data); | ||
1908 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
1909 | "value", | ||
1910 | value); | ||
1911 | json_decref (value); | ||
1912 | } | ||
1913 | |||
1914 | static void | ||
1871 | token_cont(struct GNUNET_REST_RequestHandle *con_handle, | 1915 | token_cont(struct GNUNET_REST_RequestHandle *con_handle, |
1872 | const char* url, | 1916 | const char* url, |
1873 | void *cls) | 1917 | void *cls) |
@@ -1968,7 +2012,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
1968 | } | 2012 | } |
1969 | 2013 | ||
1970 | //REQUIRED grant_type | 2014 | //REQUIRED grant_type |
1971 | GNUNET_CRYPTO_hash ("grant_type", strlen ("grant_type"), &cache_key); | 2015 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); |
1972 | if ( GNUNET_NO | 2016 | if ( GNUNET_NO |
1973 | == GNUNET_CONTAINER_multihashmap_contains ( | 2017 | == GNUNET_CONTAINER_multihashmap_contains ( |
1974 | handle->rest_handle->url_param_map, &cache_key) ) | 2018 | handle->rest_handle->url_param_map, &cache_key) ) |
@@ -1982,7 +2026,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
1982 | handle->rest_handle->url_param_map, &cache_key); | 2026 | handle->rest_handle->url_param_map, &cache_key); |
1983 | 2027 | ||
1984 | //REQUIRED code | 2028 | //REQUIRED code |
1985 | GNUNET_CRYPTO_hash ("code", strlen ("code"), &cache_key); | 2029 | GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); |
1986 | if ( GNUNET_NO | 2030 | if ( GNUNET_NO |
1987 | == GNUNET_CONTAINER_multihashmap_contains ( | 2031 | == GNUNET_CONTAINER_multihashmap_contains ( |
1988 | handle->rest_handle->url_param_map, &cache_key) ) | 2032 | handle->rest_handle->url_param_map, &cache_key) ) |
@@ -2029,7 +2073,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2029 | } | 2073 | } |
2030 | 2074 | ||
2031 | //Check parameter grant_type == "authorization_code" | 2075 | //Check parameter grant_type == "authorization_code" |
2032 | if (0 != strcmp("authorization_code", grant_type)) | 2076 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) |
2033 | { | 2077 | { |
2034 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); | 2078 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); |
2035 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2079 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2081,7 +2125,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2081 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2125 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2082 | return; | 2126 | return; |
2083 | } | 2127 | } |
2084 | //TODO lookup if audience is the current client | 2128 | // this is the current client (relying party) |
2085 | //TODO change | 2129 | //TODO change |
2086 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 2130 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
2087 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); | 2131 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); |
@@ -2193,20 +2237,22 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2193 | MHD_add_response_header (resp, "Pragma", "no-cache"); | 2237 | MHD_add_response_header (resp, "Pragma", "no-cache"); |
2194 | MHD_add_response_header (resp, "Content-Type", "application/json"); | 2238 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
2195 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2239 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
2196 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
2197 | 2240 | ||
2198 | //necessary? should be | 2241 | //necessary? should be |
2199 | // handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego),ticket,consume_cont, handle); | 2242 | // handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego),ticket,consume_cont, handle); |
2200 | GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl); | 2243 | GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl); |
2201 | //TODO write method | 2244 | //TODO write method |
2202 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego),ticket,consume_cont,handle); | 2245 | handle->resp_object = GNUNET_JSONAPI_document_new (); |
2246 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | ||
2247 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego),ticket,consume_ticket,handle); | ||
2203 | GNUNET_free(access_token_number); | 2248 | GNUNET_free(access_token_number); |
2204 | GNUNET_free(credentials); | 2249 | // GNUNET_free(credentials); |
2205 | GNUNET_free(access_token); | 2250 | GNUNET_free(access_token); |
2206 | GNUNET_free(user_psw); | 2251 | GNUNET_free(user_psw); |
2207 | GNUNET_free(code); | 2252 | // GNUNET_free(code); |
2208 | GNUNET_free(id_token); | 2253 | GNUNET_free(id_token); |
2209 | json_decref(root); | 2254 | json_decref(root); |
2255 | // GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
2210 | } | 2256 | } |
2211 | 2257 | ||
2212 | /** | 2258 | /** |