diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-03-01 17:52:45 +0100 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-03-01 17:52:45 +0100 |
commit | 0f495e52f9d0011d95658f22e4f403653ba94230 (patch) | |
tree | b28c513ced7f911d454be6967ca4f986188d4d39 /src | |
parent | 5b57bdd1dd84d9d3ebdd0a123634b4fa575aaa76 (diff) | |
download | gnunet-0f495e52f9d0011d95658f22e4f403653ba94230.tar.gz gnunet-0f495e52f9d0011d95658f22e4f403653ba94230.zip |
-fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 2 | ||||
-rw-r--r-- | src/identity-provider/identity-provider.conf | 6 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 454 |
3 files changed, 257 insertions, 205 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 591dff04f..ba162c5e3 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -2246,6 +2246,8 @@ generate_gns_certificate (const char *name) | |||
2246 | sizeof (serial)); | 2246 | sizeof (serial)); |
2247 | etime = time (NULL); | 2247 | etime = time (NULL); |
2248 | tm_data = localtime (&etime); | 2248 | tm_data = localtime (&etime); |
2249 | tm_data->tm_hour--; | ||
2250 | etime = mktime(tm_data); | ||
2249 | gnutls_x509_crt_set_activation_time (request, | 2251 | gnutls_x509_crt_set_activation_time (request, |
2250 | etime); | 2252 | etime); |
2251 | tm_data->tm_year++; | 2253 | tm_data->tm_year++; |
diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf index 7ee5e50d8..b78af3553 100644 --- a/src/identity-provider/identity-provider.conf +++ b/src/identity-provider/identity-provider.conf | |||
@@ -12,5 +12,11 @@ UNIX_MATCH_GID = YES | |||
12 | TOKEN_EXPIRATION_INTERVAL = 30 m | 12 | TOKEN_EXPIRATION_INTERVAL = 30 m |
13 | DATABASE = sqlite | 13 | DATABASE = sqlite |
14 | 14 | ||
15 | [identity-rest-plugin] | ||
16 | #ADDRESS = https://identity.gnu:8000#/login | ||
17 | ADDRESS = https://identity.gnu/ui/#/login | ||
18 | PSW = secret | ||
19 | EXPIRATION_TIME = 3600 | ||
20 | |||
15 | [identity-provider-sqlite] | 21 | [identity-provider-sqlite] |
16 | FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db | 22 | FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db |
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index ef50077f5..3f9279d5c 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -379,6 +379,11 @@ struct RequestHandle | |||
379 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; | 379 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; |
380 | 380 | ||
381 | /** | 381 | /** |
382 | * A ticket | ||
383 | */ | ||
384 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; | ||
385 | |||
386 | /** | ||
382 | * Desired timeout for the lookup (default is no timeout). | 387 | * Desired timeout for the lookup (default is no timeout). |
383 | */ | 388 | */ |
384 | struct GNUNET_TIME_Relative timeout; | 389 | struct GNUNET_TIME_Relative timeout; |
@@ -1444,43 +1449,79 @@ oidc_iteration_error (void *cls) | |||
1444 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1449 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1445 | } | 1450 | } |
1446 | 1451 | ||
1452 | static void get_client_name_result (void *cls, | ||
1453 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1454 | const char *label, | ||
1455 | unsigned int rd_count, | ||
1456 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1457 | { | ||
1458 | struct RequestHandle *handle = cls; | ||
1459 | struct MHD_Response *resp; | ||
1460 | char *ticket_str; | ||
1461 | char *redirect_uri; | ||
1462 | char *code_json_string; | ||
1463 | char *code_base64_final_string; | ||
1464 | char *redirect_path; | ||
1465 | char *tmp; | ||
1466 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, | ||
1467 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | ||
1468 | //TODO change if more attributes are needed (see max_age) | ||
1469 | GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", | ||
1470 | ticket_str, | ||
1471 | (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", | ||
1472 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", | ||
1473 | (NULL != handle->oidc->nonce) ? "\"" : ""); | ||
1474 | code_base64_final_string = base_64_encode(code_json_string); | ||
1475 | tmp = GNUNET_strdup (handle->oidc->redirect_uri); | ||
1476 | redirect_path = strtok (tmp, "/"); | ||
1477 | redirect_path = strtok (NULL, "/"); | ||
1478 | redirect_path = strtok (NULL, "/"); | ||
1479 | GNUNET_asprintf (&redirect_uri, "https://%s.gnu/%s?%s=%s&state=%s", | ||
1480 | label, | ||
1481 | redirect_path, | ||
1482 | handle->oidc->response_type, | ||
1483 | code_base64_final_string, handle->oidc->state); | ||
1484 | resp = GNUNET_REST_create_response (""); | ||
1485 | MHD_add_response_header (resp, "Location", redirect_uri); | ||
1486 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1487 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
1488 | GNUNET_free (tmp); | ||
1489 | GNUNET_free (redirect_uri); | ||
1490 | GNUNET_free (ticket_str); | ||
1491 | GNUNET_free (code_json_string); | ||
1492 | GNUNET_free (code_base64_final_string); | ||
1493 | return; | ||
1494 | } | ||
1495 | |||
1496 | static void | ||
1497 | get_client_name_error (void *cls) | ||
1498 | { | ||
1499 | struct RequestHandle *handle = cls; | ||
1500 | |||
1501 | handle->emsg = GNUNET_strdup("server_error"); | ||
1502 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client."); | ||
1503 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1504 | } | ||
1505 | |||
1447 | /** | 1506 | /** |
1448 | * Issues ticket and redirects to relying party with the authorization code as | 1507 | * Issues ticket and redirects to relying party with the authorization code as |
1449 | * parameter. Otherwise redirects with error | 1508 | * parameter. Otherwise redirects with error |
1450 | */ | 1509 | */ |
1451 | static void | 1510 | static void |
1452 | oidc_ticket_issue_cb (void* cls, | 1511 | oidc_ticket_issue_cb (void* cls, |
1453 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) | 1512 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
1454 | { | 1513 | { |
1455 | struct RequestHandle *handle = cls; | 1514 | struct RequestHandle *handle = cls; |
1456 | struct MHD_Response *resp; | ||
1457 | char *ticket_str; | ||
1458 | char *redirect_uri; | ||
1459 | char *code_json_string; | ||
1460 | char *code_base64_final_string; | ||
1461 | handle->idp_op = NULL; | 1515 | handle->idp_op = NULL; |
1462 | resp = GNUNET_REST_create_response (""); | 1516 | handle->ticket = *ticket; |
1463 | if (NULL != ticket) { | 1517 | if (NULL != ticket) { |
1464 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, | 1518 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, |
1465 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | 1519 | &handle->priv_key, |
1466 | //TODO change if more attributes are needed (see max_age) | 1520 | &handle->oidc->client_pkey, |
1467 | GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", | 1521 | &get_client_name_error, |
1468 | ticket_str, | 1522 | handle, |
1469 | (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", | 1523 | &get_client_name_result, |
1470 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", | 1524 | handle); |
1471 | (NULL != handle->oidc->nonce) ? "\"" : ""); | ||
1472 | code_base64_final_string = base_64_encode(code_json_string); | ||
1473 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | ||
1474 | handle->oidc->redirect_uri, | ||
1475 | handle->oidc->response_type, | ||
1476 | code_base64_final_string, handle->oidc->state); | ||
1477 | MHD_add_response_header (resp, "Location", redirect_uri); | ||
1478 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1479 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
1480 | GNUNET_free (redirect_uri); | ||
1481 | GNUNET_free (ticket_str); | ||
1482 | GNUNET_free (code_json_string); | ||
1483 | GNUNET_free (code_base64_final_string); | ||
1484 | return; | 1525 | return; |
1485 | } | 1526 | } |
1486 | handle->emsg = GNUNET_strdup("server_error"); | 1527 | handle->emsg = GNUNET_strdup("server_error"); |
@@ -1502,11 +1543,11 @@ oidc_collect_finished_cb (void *cls) | |||
1502 | return; | 1543 | return; |
1503 | } | 1544 | } |
1504 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp, | 1545 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp, |
1505 | &handle->priv_key, | 1546 | &handle->priv_key, |
1506 | &handle->oidc->client_pkey, | 1547 | &handle->oidc->client_pkey, |
1507 | handle->attr_list, | 1548 | handle->attr_list, |
1508 | &oidc_ticket_issue_cb, | 1549 | &oidc_ticket_issue_cb, |
1509 | handle); | 1550 | handle); |
1510 | } | 1551 | } |
1511 | 1552 | ||
1512 | 1553 | ||
@@ -1515,8 +1556,8 @@ oidc_collect_finished_cb (void *cls) | |||
1515 | */ | 1556 | */ |
1516 | static void | 1557 | static void |
1517 | oidc_attr_collect (void *cls, | 1558 | oidc_attr_collect (void *cls, |
1518 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 1559 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
1519 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) | 1560 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) |
1520 | { | 1561 | { |
1521 | struct RequestHandle *handle = cls; | 1562 | struct RequestHandle *handle = cls; |
1522 | struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; | 1563 | struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; |
@@ -1550,9 +1591,9 @@ oidc_attr_collect (void *cls, | |||
1550 | 1591 | ||
1551 | le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); | 1592 | le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); |
1552 | le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type, | 1593 | le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type, |
1553 | attr->data, attr->data_size); | 1594 | attr->data, attr->data_size); |
1554 | GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, | 1595 | GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, |
1555 | handle->attr_list->list_tail, le); | 1596 | handle->attr_list->list_tail, le); |
1556 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); | 1597 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); |
1557 | } | 1598 | } |
1558 | 1599 | ||
@@ -1574,50 +1615,50 @@ login_check (void *cls) | |||
1574 | GNUNET_free(identity_cookie); | 1615 | GNUNET_free(identity_cookie); |
1575 | //No login time for identity -> redirect to login | 1616 | //No login time for identity -> redirect to login |
1576 | if ( GNUNET_YES | 1617 | if ( GNUNET_YES |
1577 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, | 1618 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, |
1578 | &cache_key) ) | 1619 | &cache_key) ) |
1579 | { | 1620 | { |
1580 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, | 1621 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, |
1581 | &cache_key); | 1622 | &cache_key); |
1582 | current_time = GNUNET_TIME_absolute_get (); | 1623 | current_time = GNUNET_TIME_absolute_get (); |
1583 | // 30 min after old login -> redirect to login | 1624 | // 30 min after old login -> redirect to login |
1584 | if ( current_time.abs_value_us <= relog_time->abs_value_us ) | 1625 | if ( current_time.abs_value_us <= relog_time->abs_value_us ) |
1585 | { | 1626 | { |
1586 | if ( GNUNET_OK | 1627 | if ( GNUNET_OK |
1587 | != GNUNET_CRYPTO_ecdsa_public_key_from_string ( | 1628 | != GNUNET_CRYPTO_ecdsa_public_key_from_string ( |
1588 | handle->oidc->login_identity, | 1629 | handle->oidc->login_identity, |
1589 | strlen (handle->oidc->login_identity), &pubkey) ) | 1630 | strlen (handle->oidc->login_identity), &pubkey) ) |
1590 | { | 1631 | { |
1591 | handle->emsg = GNUNET_strdup("invalid_cookie"); | 1632 | handle->emsg = GNUNET_strdup("invalid_cookie"); |
1592 | handle->edesc = GNUNET_strdup( | 1633 | handle->edesc = GNUNET_strdup( |
1593 | "The cookie of a login identity is not valid"); | 1634 | "The cookie of a login identity is not valid"); |
1594 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1635 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1595 | return; | 1636 | return; |
1596 | } | 1637 | } |
1597 | // iterate over egos and compare their public key | 1638 | // iterate over egos and compare their public key |
1598 | for (handle->ego_entry = handle->ego_head; | 1639 | for (handle->ego_entry = handle->ego_head; |
1599 | NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) | 1640 | NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) |
1600 | { | 1641 | { |
1601 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); | 1642 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); |
1602 | if ( 0 | 1643 | if ( 0 |
1603 | == memcmp (&ego_pkey, &pubkey, | 1644 | == memcmp (&ego_pkey, &pubkey, |
1604 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1645 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1605 | { | 1646 | { |
1606 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key ( | 1647 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key ( |
1607 | handle->ego_entry->ego); | 1648 | handle->ego_entry->ego); |
1608 | handle->resp_object = GNUNET_JSONAPI_document_new (); | 1649 | handle->resp_object = GNUNET_JSONAPI_document_new (); |
1609 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | 1650 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); |
1610 | handle->attr_list = GNUNET_new( | 1651 | handle->attr_list = GNUNET_new( |
1611 | struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); | 1652 | struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); |
1612 | handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start ( | 1653 | handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start ( |
1613 | handle->idp, &handle->priv_key, &oidc_iteration_error, handle, | 1654 | handle->idp, &handle->priv_key, &oidc_iteration_error, handle, |
1614 | &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); | 1655 | &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); |
1615 | return; | 1656 | return; |
1616 | } | 1657 | } |
1617 | } | 1658 | } |
1618 | handle->emsg = GNUNET_strdup("invalid_cookie"); | 1659 | handle->emsg = GNUNET_strdup("invalid_cookie"); |
1619 | handle->edesc = GNUNET_strdup( | 1660 | handle->edesc = GNUNET_strdup( |
1620 | "The cookie of the login identity is not valid"); | 1661 | "The cookie of the login identity is not valid"); |
1621 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1662 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1622 | return; | 1663 | return; |
1623 | } | 1664 | } |
@@ -1632,9 +1673,9 @@ login_check (void *cls) | |||
1632 | */ | 1673 | */ |
1633 | static void | 1674 | static void |
1634 | namestore_iteration_callback ( | 1675 | namestore_iteration_callback ( |
1635 | void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, | 1676 | void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, |
1636 | const char *rname, unsigned int rd_len, | 1677 | const char *rname, unsigned int rd_len, |
1637 | const struct GNUNET_GNSRECORD_Data *rd) | 1678 | const struct GNUNET_GNSRECORD_Data *rd) |
1638 | { | 1679 | { |
1639 | struct RequestHandle *handle = cls; | 1680 | struct RequestHandle *handle = cls; |
1640 | struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey; | 1681 | struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey; |
@@ -1649,28 +1690,28 @@ namestore_iteration_callback ( | |||
1649 | if ( NULL != handle->oidc->login_identity ) | 1690 | if ( NULL != handle->oidc->login_identity ) |
1650 | { | 1691 | { |
1651 | GNUNET_CRYPTO_ecdsa_public_key_from_string ( | 1692 | GNUNET_CRYPTO_ecdsa_public_key_from_string ( |
1652 | handle->oidc->login_identity, | 1693 | handle->oidc->login_identity, |
1653 | strlen (handle->oidc->login_identity), | 1694 | strlen (handle->oidc->login_identity), |
1654 | &login_identity_pkey); | 1695 | &login_identity_pkey); |
1655 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, | 1696 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, |
1656 | ¤t_zone_pkey); | 1697 | ¤t_zone_pkey); |
1657 | 1698 | ||
1658 | if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, | 1699 | if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, |
1659 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1700 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1660 | { | 1701 | { |
1661 | if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey, | 1702 | if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey, |
1662 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1703 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1663 | { | 1704 | { |
1664 | handle->oidc->is_client_trusted = GNUNET_YES; | 1705 | handle->oidc->is_client_trusted = GNUNET_YES; |
1665 | } | 1706 | } |
1666 | } | 1707 | } |
1667 | } | 1708 | } |
1668 | else | 1709 | else |
1669 | { | 1710 | { |
1670 | if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, | 1711 | if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, |
1671 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1712 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1672 | { | 1713 | { |
1673 | handle->oidc->is_client_trusted = GNUNET_YES; | 1714 | handle->oidc->is_client_trusted = GNUNET_YES; |
1674 | } | 1715 | } |
1675 | } | 1716 | } |
1676 | } | 1717 | } |
@@ -1701,24 +1742,24 @@ static void namestore_iteration_finished (void *cls) | |||
1701 | { | 1742 | { |
1702 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1743 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1703 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, | 1744 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, |
1704 | &oidc_iteration_error, handle, &namestore_iteration_callback, handle, | 1745 | &oidc_iteration_error, handle, &namestore_iteration_callback, handle, |
1705 | &namestore_iteration_finished, handle); | 1746 | &namestore_iteration_finished, handle); |
1706 | return; | 1747 | return; |
1707 | } | 1748 | } |
1708 | if (GNUNET_NO == handle->oidc->is_client_trusted) | 1749 | if (GNUNET_NO == handle->oidc->is_client_trusted) |
1709 | { | 1750 | { |
1710 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1751 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
1711 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 1752 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " |
1712 | "authorization code using this method."); | 1753 | "authorization code using this method."); |
1713 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1754 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1714 | return; | 1755 | return; |
1715 | } | 1756 | } |
1716 | 1757 | ||
1717 | // REQUIRED value: redirect_uri | 1758 | // REQUIRED value: redirect_uri |
1718 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1759 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
1719 | &cache_key); | 1760 | &cache_key); |
1720 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1761 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1721 | &cache_key)) | 1762 | &cache_key)) |
1722 | { | 1763 | { |
1723 | handle->emsg=GNUNET_strdup("invalid_request"); | 1764 | handle->emsg=GNUNET_strdup("invalid_request"); |
1724 | handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); | 1765 | handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); |
@@ -1726,7 +1767,7 @@ static void namestore_iteration_finished (void *cls) | |||
1726 | return; | 1767 | return; |
1727 | } | 1768 | } |
1728 | handle->oidc->redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1769 | handle->oidc->redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1729 | &cache_key); | 1770 | &cache_key); |
1730 | 1771 | ||
1731 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->oidc->client_id); | 1772 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->oidc->client_id); |
1732 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 1773 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
@@ -1744,9 +1785,9 @@ static void namestore_iteration_finished (void *cls) | |||
1744 | GNUNET_free(expected_redirect_uri); | 1785 | GNUNET_free(expected_redirect_uri); |
1745 | // REQUIRED value: response_type | 1786 | // REQUIRED value: response_type |
1746 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1787 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), |
1747 | &cache_key); | 1788 | &cache_key); |
1748 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1789 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1749 | &cache_key)) | 1790 | &cache_key)) |
1750 | { | 1791 | { |
1751 | handle->emsg=GNUNET_strdup("invalid_request"); | 1792 | handle->emsg=GNUNET_strdup("invalid_request"); |
1752 | handle->edesc=GNUNET_strdup("missing parameter response_type"); | 1793 | handle->edesc=GNUNET_strdup("missing parameter response_type"); |
@@ -1754,13 +1795,13 @@ static void namestore_iteration_finished (void *cls) | |||
1754 | return; | 1795 | return; |
1755 | } | 1796 | } |
1756 | handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1797 | handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1757 | &cache_key); | 1798 | &cache_key); |
1758 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); | 1799 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); |
1759 | 1800 | ||
1760 | // REQUIRED value: scope | 1801 | // REQUIRED value: scope |
1761 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); | 1802 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); |
1762 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1803 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1763 | &cache_key)) | 1804 | &cache_key)) |
1764 | { | 1805 | { |
1765 | handle->emsg=GNUNET_strdup("invalid_request"); | 1806 | handle->emsg=GNUNET_strdup("invalid_request"); |
1766 | handle->edesc=GNUNET_strdup("missing parameter scope"); | 1807 | handle->edesc=GNUNET_strdup("missing parameter scope"); |
@@ -1768,16 +1809,16 @@ static void namestore_iteration_finished (void *cls) | |||
1768 | return; | 1809 | return; |
1769 | } | 1810 | } |
1770 | handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1811 | handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1771 | &cache_key); | 1812 | &cache_key); |
1772 | handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); | 1813 | handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); |
1773 | 1814 | ||
1774 | //OPTIONAL value: nonce | 1815 | //OPTIONAL value: nonce |
1775 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | 1816 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); |
1776 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1817 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1777 | &cache_key)) | 1818 | &cache_key)) |
1778 | { | 1819 | { |
1779 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1820 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1780 | &cache_key); | 1821 | &cache_key); |
1781 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); | 1822 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); |
1782 | } | 1823 | } |
1783 | 1824 | ||
@@ -1786,14 +1827,14 @@ static void namestore_iteration_finished (void *cls) | |||
1786 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) | 1827 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
1787 | { | 1828 | { |
1788 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1829 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1789 | strlen(OIDC_ignored_parameter_array[iterator]), | 1830 | strlen(OIDC_ignored_parameter_array[iterator]), |
1790 | &cache_key); | 1831 | &cache_key); |
1791 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | 1832 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, |
1792 | &cache_key)) | 1833 | &cache_key)) |
1793 | { | 1834 | { |
1794 | handle->emsg=GNUNET_strdup("access_denied"); | 1835 | handle->emsg=GNUNET_strdup("access_denied"); |
1795 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", | 1836 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
1796 | OIDC_ignored_parameter_array[iterator]); | 1837 | OIDC_ignored_parameter_array[iterator]); |
1797 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1838 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1798 | return; | 1839 | return; |
1799 | } | 1840 | } |
@@ -1804,7 +1845,7 @@ static void namestore_iteration_finished (void *cls) | |||
1804 | { | 1845 | { |
1805 | handle->emsg=GNUNET_strdup("unsupported_response_type"); | 1846 | handle->emsg=GNUNET_strdup("unsupported_response_type"); |
1806 | handle->edesc=GNUNET_strdup("The authorization server does not support " | 1847 | handle->edesc=GNUNET_strdup("The authorization server does not support " |
1807 | "obtaining this authorization code."); | 1848 | "obtaining this authorization code."); |
1808 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1849 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1809 | return; | 1850 | return; |
1810 | } | 1851 | } |
@@ -1825,7 +1866,7 @@ static void namestore_iteration_finished (void *cls) | |||
1825 | { | 1866 | { |
1826 | handle->emsg = GNUNET_strdup("invalid_scope"); | 1867 | handle->emsg = GNUNET_strdup("invalid_scope"); |
1827 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " | 1868 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " |
1828 | "malformed."); | 1869 | "malformed."); |
1829 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1870 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1830 | GNUNET_free(expected_scope); | 1871 | GNUNET_free(expected_scope); |
1831 | return; | 1872 | return; |
@@ -1851,8 +1892,8 @@ static void namestore_iteration_finished (void *cls) | |||
1851 | */ | 1892 | */ |
1852 | static void | 1893 | static void |
1853 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 1894 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1854 | const char* url, | 1895 | const char* url, |
1855 | void *cls) | 1896 | void *cls) |
1856 | { | 1897 | { |
1857 | struct RequestHandle *handle = cls; | 1898 | struct RequestHandle *handle = cls; |
1858 | struct GNUNET_HashCode cache_key; | 1899 | struct GNUNET_HashCode cache_key; |
@@ -1862,18 +1903,18 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1862 | //RECOMMENDED value: state - REQUIRED for answers | 1903 | //RECOMMENDED value: state - REQUIRED for answers |
1863 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1904 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); |
1864 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1905 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1865 | &cache_key)) | 1906 | &cache_key)) |
1866 | { | 1907 | { |
1867 | handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1908 | handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1868 | &cache_key); | 1909 | &cache_key); |
1869 | handle->oidc->state = GNUNET_strdup (handle->oidc->state); | 1910 | handle->oidc->state = GNUNET_strdup (handle->oidc->state); |
1870 | } | 1911 | } |
1871 | 1912 | ||
1872 | // REQUIRED value: client_id | 1913 | // REQUIRED value: client_id |
1873 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | 1914 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), |
1874 | &cache_key); | 1915 | &cache_key); |
1875 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1916 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1876 | &cache_key)) | 1917 | &cache_key)) |
1877 | { | 1918 | { |
1878 | handle->emsg=GNUNET_strdup("invalid_request"); | 1919 | handle->emsg=GNUNET_strdup("invalid_request"); |
1879 | handle->edesc=GNUNET_strdup("missing parameter client_id"); | 1920 | handle->edesc=GNUNET_strdup("missing parameter client_id"); |
@@ -1882,17 +1923,17 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1882 | return; | 1923 | return; |
1883 | } | 1924 | } |
1884 | handle->oidc->client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1925 | handle->oidc->client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1885 | &cache_key); | 1926 | &cache_key); |
1886 | handle->oidc->client_id = GNUNET_strdup (handle->oidc->client_id); | 1927 | handle->oidc->client_id = GNUNET_strdup (handle->oidc->client_id); |
1887 | 1928 | ||
1888 | if ( GNUNET_OK | 1929 | if ( GNUNET_OK |
1889 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, | 1930 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, |
1890 | strlen (handle->oidc->client_id), | 1931 | strlen (handle->oidc->client_id), |
1891 | &handle->oidc->client_pkey) ) | 1932 | &handle->oidc->client_pkey) ) |
1892 | { | 1933 | { |
1893 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1934 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
1894 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 1935 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " |
1895 | "authorization code using this method."); | 1936 | "authorization code using this method."); |
1896 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1937 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1897 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1938 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1898 | return; | 1939 | return; |
@@ -1914,9 +1955,9 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1914 | 1955 | ||
1915 | // Checks if client_id is valid: | 1956 | // Checks if client_id is valid: |
1916 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( | 1957 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( |
1917 | handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, | 1958 | handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, |
1918 | handle, &namestore_iteration_callback, handle, | 1959 | handle, &namestore_iteration_callback, handle, |
1919 | &namestore_iteration_finished, handle); | 1960 | &namestore_iteration_finished, handle); |
1920 | } | 1961 | } |
1921 | 1962 | ||
1922 | /** | 1963 | /** |
@@ -1940,7 +1981,10 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1940 | json_t *root; | 1981 | json_t *root; |
1941 | json_error_t error; | 1982 | json_error_t error; |
1942 | json_t *identity; | 1983 | json_t *identity; |
1943 | root = json_loads (handle->rest_handle->data, 0, &error); | 1984 | char term_data[handle->rest_handle->data_size+1]; |
1985 | term_data[handle->rest_handle->data_size] = '\0'; | ||
1986 | GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); | ||
1987 | root = json_loads (term_data, JSON_DECODE_ANY, &error); | ||
1944 | identity = json_object_get (root, "identity"); | 1988 | identity = json_object_get (root, "identity"); |
1945 | if ( json_is_string(identity) ) | 1989 | if ( json_is_string(identity) ) |
1946 | { | 1990 | { |
@@ -1951,16 +1995,16 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1951 | 1995 | ||
1952 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1996 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); |
1953 | *current_time = GNUNET_TIME_relative_to_absolute ( | 1997 | *current_time = GNUNET_TIME_relative_to_absolute ( |
1954 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (), | 1998 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (), |
1955 | 30)); | 1999 | 30)); |
1956 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); | 2000 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); |
1957 | if (NULL != last_time) | 2001 | if (NULL != last_time) |
1958 | { | 2002 | { |
1959 | GNUNET_free(last_time); | 2003 | GNUNET_free(last_time); |
1960 | } | 2004 | } |
1961 | GNUNET_CONTAINER_multihashmap_put ( | 2005 | GNUNET_CONTAINER_multihashmap_put ( |
1962 | OIDC_identity_login_time, &cache_key, current_time, | 2006 | OIDC_identity_login_time, &cache_key, current_time, |
1963 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 2007 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1964 | 2008 | ||
1965 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2009 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1966 | GNUNET_free(cookie); | 2010 | GNUNET_free(cookie); |
@@ -2006,10 +2050,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2006 | * Check Authorization | 2050 | * Check Authorization |
2007 | */ | 2051 | */ |
2008 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | 2052 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
2009 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | 2053 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
2010 | &cache_key); | 2054 | &cache_key); |
2011 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | 2055 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, |
2012 | &cache_key) ) | 2056 | &cache_key) ) |
2013 | { | 2057 | { |
2014 | handle->emsg=GNUNET_strdup("invalid_client"); | 2058 | handle->emsg=GNUNET_strdup("invalid_client"); |
2015 | handle->edesc=GNUNET_strdup("missing authorization"); | 2059 | handle->edesc=GNUNET_strdup("missing authorization"); |
@@ -2066,8 +2110,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2066 | 2110 | ||
2067 | //check client password | 2111 | //check client password |
2068 | if ( GNUNET_OK | 2112 | if ( GNUNET_OK |
2069 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 2113 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
2070 | "psw", &expected_psw) ) | 2114 | "psw", &expected_psw) ) |
2071 | { | 2115 | { |
2072 | if (0 != strcmp (expected_psw, psw)) | 2116 | if (0 != strcmp (expected_psw, psw)) |
2073 | { | 2117 | { |
@@ -2117,8 +2161,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2117 | //REQUIRED grant_type | 2161 | //REQUIRED grant_type |
2118 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); | 2162 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); |
2119 | if ( GNUNET_NO | 2163 | if ( GNUNET_NO |
2120 | == GNUNET_CONTAINER_multihashmap_contains ( | 2164 | == GNUNET_CONTAINER_multihashmap_contains ( |
2121 | handle->rest_handle->url_param_map, &cache_key) ) | 2165 | handle->rest_handle->url_param_map, &cache_key) ) |
2122 | { | 2166 | { |
2123 | GNUNET_free_non_null(user_psw); | 2167 | GNUNET_free_non_null(user_psw); |
2124 | handle->emsg = GNUNET_strdup("invalid_request"); | 2168 | handle->emsg = GNUNET_strdup("invalid_request"); |
@@ -2128,13 +2172,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2128 | return; | 2172 | return; |
2129 | } | 2173 | } |
2130 | grant_type = GNUNET_CONTAINER_multihashmap_get ( | 2174 | grant_type = GNUNET_CONTAINER_multihashmap_get ( |
2131 | handle->rest_handle->url_param_map, &cache_key); | 2175 | handle->rest_handle->url_param_map, &cache_key); |
2132 | 2176 | ||
2133 | //REQUIRED code | 2177 | //REQUIRED code |
2134 | GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); | 2178 | GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); |
2135 | if ( GNUNET_NO | 2179 | if ( GNUNET_NO |
2136 | == GNUNET_CONTAINER_multihashmap_contains ( | 2180 | == GNUNET_CONTAINER_multihashmap_contains ( |
2137 | handle->rest_handle->url_param_map, &cache_key) ) | 2181 | handle->rest_handle->url_param_map, &cache_key) ) |
2138 | { | 2182 | { |
2139 | GNUNET_free_non_null(user_psw); | 2183 | GNUNET_free_non_null(user_psw); |
2140 | handle->emsg = GNUNET_strdup("invalid_request"); | 2184 | handle->emsg = GNUNET_strdup("invalid_request"); |
@@ -2144,14 +2188,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2144 | return; | 2188 | return; |
2145 | } | 2189 | } |
2146 | code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 2190 | code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
2147 | &cache_key); | 2191 | &cache_key); |
2148 | 2192 | ||
2149 | //REQUIRED redirect_uri | 2193 | //REQUIRED redirect_uri |
2150 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 2194 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
2151 | &cache_key); | 2195 | &cache_key); |
2152 | if ( GNUNET_NO | 2196 | if ( GNUNET_NO |
2153 | == GNUNET_CONTAINER_multihashmap_contains ( | 2197 | == GNUNET_CONTAINER_multihashmap_contains ( |
2154 | handle->rest_handle->url_param_map, &cache_key) ) | 2198 | handle->rest_handle->url_param_map, &cache_key) ) |
2155 | { | 2199 | { |
2156 | GNUNET_free_non_null(user_psw); | 2200 | GNUNET_free_non_null(user_psw); |
2157 | handle->emsg = GNUNET_strdup("invalid_request"); | 2201 | handle->emsg = GNUNET_strdup("invalid_request"); |
@@ -2161,7 +2205,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2161 | return; | 2205 | return; |
2162 | } | 2206 | } |
2163 | redirect_uri = GNUNET_CONTAINER_multihashmap_get ( | 2207 | redirect_uri = GNUNET_CONTAINER_multihashmap_get ( |
2164 | handle->rest_handle->url_param_map, &cache_key); | 2208 | handle->rest_handle->url_param_map, &cache_key); |
2165 | 2209 | ||
2166 | 2210 | ||
2167 | //Check parameter grant_type == "authorization_code" | 2211 | //Check parameter grant_type == "authorization_code" |
@@ -2190,10 +2234,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2190 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); | 2234 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); |
2191 | int i = 1; | 2235 | int i = 1; |
2192 | if ( GNUNET_SYSERR | 2236 | if ( GNUNET_SYSERR |
2193 | == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, | 2237 | == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, |
2194 | &cache_key, | 2238 | &cache_key, |
2195 | &i, | 2239 | &i, |
2196 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) | 2240 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) |
2197 | { | 2241 | { |
2198 | GNUNET_free_non_null(user_psw); | 2242 | GNUNET_free_non_null(user_psw); |
2199 | handle->emsg = GNUNET_strdup("invalid_request"); | 2243 | handle->emsg = GNUNET_strdup("invalid_request"); |
@@ -2223,10 +2267,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2223 | 2267 | ||
2224 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); | 2268 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); |
2225 | if ( GNUNET_OK | 2269 | if ( GNUNET_OK |
2226 | != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string), | 2270 | != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string), |
2227 | strlen (json_string_value(ticket_string)), | 2271 | strlen (json_string_value(ticket_string)), |
2228 | ticket, | 2272 | ticket, |
2229 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) | 2273 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) |
2230 | { | 2274 | { |
2231 | GNUNET_free_non_null(user_psw); | 2275 | GNUNET_free_non_null(user_psw); |
2232 | handle->emsg = GNUNET_strdup("invalid_request"); | 2276 | handle->emsg = GNUNET_strdup("invalid_request"); |
@@ -2253,8 +2297,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2253 | //create jwt | 2297 | //create jwt |
2254 | unsigned long long int expiration_time; | 2298 | unsigned long long int expiration_time; |
2255 | if ( GNUNET_OK | 2299 | if ( GNUNET_OK |
2256 | != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", | 2300 | != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", |
2257 | "expiration_time", &expiration_time) ) | 2301 | "expiration_time", &expiration_time) ) |
2258 | { | 2302 | { |
2259 | GNUNET_free_non_null(user_psw); | 2303 | GNUNET_free_non_null(user_psw); |
2260 | handle->emsg = GNUNET_strdup("server_error"); | 2304 | handle->emsg = GNUNET_strdup("server_error"); |
@@ -2268,45 +2312,45 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2268 | struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); | 2312 | struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); |
2269 | //aud REQUIRED public key client_id must be there | 2313 | //aud REQUIRED public key client_id must be there |
2270 | GNUNET_IDENTITY_ATTRIBUTE_list_add(cl, | 2314 | GNUNET_IDENTITY_ATTRIBUTE_list_add(cl, |
2271 | "aud", | 2315 | "aud", |
2272 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, | 2316 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, |
2273 | client_id, | 2317 | client_id, |
2274 | strlen(client_id)); | 2318 | strlen(client_id)); |
2275 | //exp REQUIRED time expired from config | 2319 | //exp REQUIRED time expired from config |
2276 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( | 2320 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( |
2277 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | 2321 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
2278 | expiration_time)); | 2322 | expiration_time)); |
2279 | const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time); | 2323 | const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time); |
2280 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, | 2324 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, |
2281 | "exp", | 2325 | "exp", |
2282 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, | 2326 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, |
2283 | exp_time_string, | 2327 | exp_time_string, |
2284 | strlen(exp_time_string)); | 2328 | strlen(exp_time_string)); |
2285 | //iat REQUIRED time now | 2329 | //iat REQUIRED time now |
2286 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); | 2330 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); |
2287 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); | 2331 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); |
2288 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, | 2332 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, |
2289 | "iat", | 2333 | "iat", |
2290 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, | 2334 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, |
2291 | time_now_string, | 2335 | time_now_string, |
2292 | strlen(time_now_string)); | 2336 | strlen(time_now_string)); |
2293 | //nonce only if nonce is provided | 2337 | //nonce only if nonce is provided |
2294 | if ( NULL != nonce && json_is_string(nonce) ) | 2338 | if ( NULL != nonce && json_is_string(nonce) ) |
2295 | { | 2339 | { |
2296 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, | 2340 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, |
2297 | "nonce", | 2341 | "nonce", |
2298 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, | 2342 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, |
2299 | json_string_value(nonce), | 2343 | json_string_value(nonce), |
2300 | strlen(json_string_value(nonce))); | 2344 | strlen(json_string_value(nonce))); |
2301 | } | 2345 | } |
2302 | //auth_time only if max_age is provided | 2346 | //auth_time only if max_age is provided |
2303 | if ( NULL != max_age && json_is_string(max_age) ) | 2347 | if ( NULL != max_age && json_is_string(max_age) ) |
2304 | { | 2348 | { |
2305 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, | 2349 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, |
2306 | "auth_time", | 2350 | "auth_time", |
2307 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, | 2351 | GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, |
2308 | json_string_value(max_age), | 2352 | json_string_value(max_age), |
2309 | strlen(json_string_value(max_age))); | 2353 | strlen(json_string_value(max_age))); |
2310 | } | 2354 | } |
2311 | //TODO OPTIONAL acr,amr,azp | 2355 | //TODO OPTIONAL acr,amr,azp |
2312 | 2356 | ||
@@ -2330,8 +2374,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2330 | return; | 2374 | return; |
2331 | } | 2375 | } |
2332 | char *id_token = jwt_create_from_list(&ticket->audience, | 2376 | char *id_token = jwt_create_from_list(&ticket->audience, |
2333 | cl, | 2377 | cl, |
2334 | GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego)); | 2378 | GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego)); |
2335 | 2379 | ||
2336 | //Create random access_token | 2380 | //Create random access_token |
2337 | char* access_token_number; | 2381 | char* access_token_number; |
@@ -2342,26 +2386,26 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2342 | GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); | 2386 | GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); |
2343 | 2387 | ||
2344 | 2388 | ||
2345 | 2389 | ||
2346 | //TODO OPTIONAL add refresh_token and scope | 2390 | //TODO OPTIONAL add refresh_token and scope |
2347 | GNUNET_asprintf (&json_response, | 2391 | GNUNET_asprintf (&json_response, |
2348 | "{ \"access_token\" : \"%s\", " | 2392 | "{ \"access_token\" : \"%s\", " |
2349 | "\"token_type\" : \"Bearer\", " | 2393 | "\"token_type\" : \"Bearer\", " |
2350 | "\"expires_in\" : %d, " | 2394 | "\"expires_in\" : %d, " |
2351 | "\"id_token\" : \"%s\"}", | 2395 | "\"id_token\" : \"%s\"}", |
2352 | access_token, | 2396 | access_token, |
2353 | expiration_time, | 2397 | expiration_time, |
2354 | id_token); | 2398 | id_token); |
2355 | GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); | 2399 | GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); |
2356 | char *id_ticket_combination; | 2400 | char *id_ticket_combination; |
2357 | GNUNET_asprintf(&id_ticket_combination, | 2401 | GNUNET_asprintf(&id_ticket_combination, |
2358 | "%s;%s", | 2402 | "%s;%s", |
2359 | client_id, | 2403 | client_id, |
2360 | json_string_value(ticket_string)); | 2404 | json_string_value(ticket_string)); |
2361 | GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, | 2405 | GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, |
2362 | &cache_key, | 2406 | &cache_key, |
2363 | id_ticket_combination, | 2407 | id_ticket_combination, |
2364 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 2408 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
2365 | 2409 | ||
2366 | resp = GNUNET_REST_create_response (json_response); | 2410 | resp = GNUNET_REST_create_response (json_response); |
2367 | MHD_add_response_header (resp, "Cache-Control", "no-store"); | 2411 | MHD_add_response_header (resp, "Cache-Control", "no-store"); |
@@ -2385,8 +2429,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2385 | */ | 2429 | */ |
2386 | static void | 2430 | static void |
2387 | consume_ticket (void *cls, | 2431 | consume_ticket (void *cls, |
2388 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 2432 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
2389 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) | 2433 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) |
2390 | { | 2434 | { |
2391 | struct RequestHandle *handle = cls; | 2435 | struct RequestHandle *handle = cls; |
2392 | 2436 | ||
@@ -2397,8 +2441,8 @@ consume_ticket (void *cls, | |||
2397 | } | 2441 | } |
2398 | 2442 | ||
2399 | json_object_set_new (handle->oidc->response, | 2443 | json_object_set_new (handle->oidc->response, |
2400 | attr->name, | 2444 | attr->name, |
2401 | json_string(attr->data)); | 2445 | json_string(attr->data)); |
2402 | } | 2446 | } |
2403 | 2447 | ||
2404 | /** | 2448 | /** |
@@ -2410,7 +2454,7 @@ consume_ticket (void *cls, | |||
2410 | */ | 2454 | */ |
2411 | static void | 2455 | static void |
2412 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 2456 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
2413 | const char* url, void *cls) | 2457 | const char* url, void *cls) |
2414 | { | 2458 | { |
2415 | //TODO expiration time | 2459 | //TODO expiration time |
2416 | struct RequestHandle *handle = cls; | 2460 | struct RequestHandle *handle = cls; |
@@ -2422,11 +2466,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2422 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; | 2466 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; |
2423 | 2467 | ||
2424 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | 2468 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
2425 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | 2469 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
2426 | &cache_key); | 2470 | &cache_key); |
2427 | if ( GNUNET_NO | 2471 | if ( GNUNET_NO |
2428 | == GNUNET_CONTAINER_multihashmap_contains ( | 2472 | == GNUNET_CONTAINER_multihashmap_contains ( |
2429 | handle->rest_handle->header_param_map, &cache_key) ) | 2473 | handle->rest_handle->header_param_map, &cache_key) ) |
2430 | { | 2474 | { |
2431 | handle->emsg = GNUNET_strdup("invalid_token"); | 2475 | handle->emsg = GNUNET_strdup("invalid_token"); |
2432 | handle->edesc = GNUNET_strdup("No Access Token"); | 2476 | handle->edesc = GNUNET_strdup("No Access Token"); |
@@ -2435,7 +2479,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2435 | return; | 2479 | return; |
2436 | } | 2480 | } |
2437 | authorization = GNUNET_CONTAINER_multihashmap_get ( | 2481 | authorization = GNUNET_CONTAINER_multihashmap_get ( |
2438 | handle->rest_handle->header_param_map, &cache_key); | 2482 | handle->rest_handle->header_param_map, &cache_key); |
2439 | 2483 | ||
2440 | //split header in "Bearer" and access_token | 2484 | //split header in "Bearer" and access_token |
2441 | authorization = GNUNET_strdup(authorization); | 2485 | authorization = GNUNET_strdup(authorization); |
@@ -2461,10 +2505,10 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2461 | } | 2505 | } |
2462 | 2506 | ||
2463 | GNUNET_CRYPTO_hash (authorization_access_token, | 2507 | GNUNET_CRYPTO_hash (authorization_access_token, |
2464 | strlen (authorization_access_token), | 2508 | strlen (authorization_access_token), |
2465 | &cache_key); | 2509 | &cache_key); |
2466 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token, | 2510 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token, |
2467 | &cache_key) ) | 2511 | &cache_key) ) |
2468 | { | 2512 | { |
2469 | handle->emsg = GNUNET_strdup("invalid_token"); | 2513 | handle->emsg = GNUNET_strdup("invalid_token"); |
2470 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 2514 | handle->edesc = GNUNET_strdup("The Access Token expired"); |
@@ -2475,7 +2519,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2475 | } | 2519 | } |
2476 | 2520 | ||
2477 | client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, | 2521 | client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, |
2478 | &cache_key); | 2522 | &cache_key); |
2479 | client_ticket = GNUNET_strdup(client_ticket); | 2523 | client_ticket = GNUNET_strdup(client_ticket); |
2480 | client = strtok(client_ticket,delimiter_db); | 2524 | client = strtok(client_ticket,delimiter_db); |
2481 | if (NULL == client) | 2525 | if (NULL == client) |
@@ -2519,10 +2563,10 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2519 | } | 2563 | } |
2520 | ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); | 2564 | ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); |
2521 | if ( GNUNET_OK | 2565 | if ( GNUNET_OK |
2522 | != GNUNET_STRINGS_string_to_data (ticket_str, | 2566 | != GNUNET_STRINGS_string_to_data (ticket_str, |
2523 | strlen (ticket_str), | 2567 | strlen (ticket_str), |
2524 | ticket, | 2568 | ticket, |
2525 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) | 2569 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) |
2526 | { | 2570 | { |
2527 | handle->emsg = GNUNET_strdup("invalid_token"); | 2571 | handle->emsg = GNUNET_strdup("invalid_token"); |
2528 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 2572 | handle->edesc = GNUNET_strdup("The Access Token expired"); |
@@ -2538,11 +2582,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2538 | handle->oidc->response = json_object(); | 2582 | handle->oidc->response = json_object(); |
2539 | json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); | 2583 | json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); |
2540 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume ( | 2584 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume ( |
2541 | handle->idp, | 2585 | handle->idp, |
2542 | GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), | 2586 | GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), |
2543 | ticket, | 2587 | ticket, |
2544 | consume_ticket, | 2588 | consume_ticket, |
2545 | handle); | 2589 | handle); |
2546 | GNUNET_free(ticket); | 2590 | GNUNET_free(ticket); |
2547 | GNUNET_free(authorization); | 2591 | GNUNET_free(authorization); |
2548 | GNUNET_free(client_ticket); | 2592 | GNUNET_free(client_ticket); |
@@ -2737,7 +2781,7 @@ libgnunet_plugin_rest_identity_provider_done (void *cls) | |||
2737 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | 2781 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; |
2738 | void *value = NULL; | 2782 | void *value = NULL; |
2739 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( | 2783 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( |
2740 | OIDC_identity_login_time); | 2784 | OIDC_identity_login_time); |
2741 | while (GNUNET_YES == | 2785 | while (GNUNET_YES == |
2742 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2786 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2743 | { | 2787 | { |