diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-25 15:31:15 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-25 15:31:15 +0100 |
commit | 3f5460f210d697748fef7623213ec4799d8917a5 (patch) | |
tree | b38906b7e38a275d4103d55c907780485cc113fb /src | |
parent | 99f500a206d1d24c05322891384e18c1644525f5 (diff) | |
download | gnunet-3f5460f210d697748fef7623213ec4799d8917a5.tar.gz gnunet-3f5460f210d697748fef7623213ec4799d8917a5.zip |
-wip token endpoint
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 600 |
1 files changed, 322 insertions, 278 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 230191a3f..119476bb9 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -1811,229 +1811,229 @@ authorize_GET_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1811 | &namestore_iteration_finished_GET, handle); | 1811 | &namestore_iteration_finished_GET, handle); |
1812 | } | 1812 | } |
1813 | 1813 | ||
1814 | /** | 1814 | ///** |
1815 | * Iteration over all results finished, build final | 1815 | // * Iteration over all results finished, build final |
1816 | * response. | 1816 | // * response. |
1817 | * | 1817 | // * |
1818 | * @param cls the `struct RequestHandle` | 1818 | // * @param cls the `struct RequestHandle` |
1819 | */ | 1819 | // */ |
1820 | static void namestore_iteration_finished_POST (void *cls) | 1820 | //static void namestore_iteration_finished_POST (void *cls) |
1821 | { | 1821 | //{ |
1822 | struct RequestHandle *handle = cls; | 1822 | // struct RequestHandle *handle = cls; |
1823 | json_t *cache_object; | 1823 | // json_t *cache_object; |
1824 | char *expected_redirect_uri; | 1824 | // char *expected_redirect_uri; |
1825 | char *expected_scope; | 1825 | // char *expected_scope; |
1826 | char delimiter[]=" "; | 1826 | // char delimiter[]=" "; |
1827 | int number_of_ignored_parameter, iterator; | 1827 | // int number_of_ignored_parameter, iterator; |
1828 | 1828 | // | |
1829 | 1829 | // | |
1830 | handle->ego_entry = handle->ego_entry->next; | 1830 | // handle->ego_entry = handle->ego_entry->next; |
1831 | 1831 | // | |
1832 | if(NULL != handle->ego_entry){ | 1832 | // if(NULL != handle->ego_entry){ |
1833 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1833 | // handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1834 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, | 1834 | // handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, |
1835 | &oidc_iteration_error, handle, &namestore_iteration_callback, handle, | 1835 | // &oidc_iteration_error, handle, &namestore_iteration_callback, handle, |
1836 | &namestore_iteration_finished_POST, handle); | 1836 | // &namestore_iteration_finished_POST, handle); |
1837 | return; | 1837 | // return; |
1838 | } | 1838 | // } |
1839 | if (GNUNET_YES != handle->oidc->is_client_trusted) | 1839 | // if (GNUNET_YES != handle->oidc->is_client_trusted) |
1840 | { | 1840 | // { |
1841 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1841 | // handle->emsg = GNUNET_strdup("unauthorized_client"); |
1842 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 1842 | // handle->edesc = GNUNET_strdup("The client is not authorized to request an " |
1843 | "authorization code using this method."); | 1843 | // "authorization code using this method."); |
1844 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1844 | // GNUNET_SCHEDULER_add_now (&do_error, handle); |
1845 | return; | 1845 | // return; |
1846 | } | 1846 | // } |
1847 | 1847 | // | |
1848 | // REQUIRED value: redirect_uri | 1848 | // // REQUIRED value: redirect_uri |
1849 | cache_object = json_object_get (handle->oidc->post_object, OIDC_REDIRECT_URI_KEY); | 1849 | // cache_object = json_object_get (handle->oidc->post_object, OIDC_REDIRECT_URI_KEY); |
1850 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1850 | // if ( NULL == cache_object || !json_is_string(cache_object) ) |
1851 | { | 1851 | // { |
1852 | handle->emsg=GNUNET_strdup("invalid_request"); | 1852 | // handle->emsg=GNUNET_strdup("invalid_request"); |
1853 | handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); | 1853 | // handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); |
1854 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1854 | // GNUNET_SCHEDULER_add_now (&do_error, handle); |
1855 | return; | 1855 | // return; |
1856 | } | 1856 | // } |
1857 | handle->oidc->redirect_uri = json_string_value (cache_object); | 1857 | // handle->oidc->redirect_uri = json_string_value (cache_object); |
1858 | 1858 | // | |
1859 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->oidc->client_id); | 1859 | // GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->oidc->client_id); |
1860 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 1860 | // // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
1861 | if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) | 1861 | // if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) |
1862 | { | 1862 | // { |
1863 | handle->emsg=GNUNET_strdup("invalid_request"); | 1863 | // handle->emsg=GNUNET_strdup("invalid_request"); |
1864 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 1864 | // handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
1865 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1865 | // GNUNET_SCHEDULER_add_now (&do_error, handle); |
1866 | GNUNET_free(expected_redirect_uri); | 1866 | // GNUNET_free(expected_redirect_uri); |
1867 | return; | 1867 | // return; |
1868 | } | 1868 | // } |
1869 | handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); | 1869 | // handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); |
1870 | GNUNET_free(expected_redirect_uri); | 1870 | // GNUNET_free(expected_redirect_uri); |
1871 | 1871 | // | |
1872 | // REQUIRED value: response_type | 1872 | // // REQUIRED value: response_type |
1873 | cache_object = json_object_get (handle->oidc->post_object, OIDC_RESPONSE_TYPE_KEY); | 1873 | // cache_object = json_object_get (handle->oidc->post_object, OIDC_RESPONSE_TYPE_KEY); |
1874 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1874 | // if ( NULL == cache_object || !json_is_string(cache_object) ) |
1875 | { | 1875 | // { |
1876 | handle->emsg=GNUNET_strdup("invalid_request"); | 1876 | // handle->emsg=GNUNET_strdup("invalid_request"); |
1877 | handle->edesc=GNUNET_strdup("missing parameter response_type"); | 1877 | // handle->edesc=GNUNET_strdup("missing parameter response_type"); |
1878 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1878 | // GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1879 | return; | 1879 | // return; |
1880 | } | 1880 | // } |
1881 | handle->oidc->response_type = json_string_value (cache_object); | 1881 | // handle->oidc->response_type = json_string_value (cache_object); |
1882 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); | 1882 | // handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); |
1883 | 1883 | // | |
1884 | // REQUIRED value: scope | 1884 | // // REQUIRED value: scope |
1885 | cache_object = json_object_get (handle->oidc->post_object, OIDC_SCOPE_KEY); | 1885 | // cache_object = json_object_get (handle->oidc->post_object, OIDC_SCOPE_KEY); |
1886 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1886 | // if ( NULL == cache_object || !json_is_string(cache_object) ) |
1887 | { | 1887 | // { |
1888 | handle->emsg=GNUNET_strdup("invalid_request"); | 1888 | // handle->emsg=GNUNET_strdup("invalid_request"); |
1889 | handle->edesc=GNUNET_strdup("missing parameter scope"); | 1889 | // handle->edesc=GNUNET_strdup("missing parameter scope"); |
1890 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1890 | // GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1891 | return; | 1891 | // return; |
1892 | } | 1892 | // } |
1893 | handle->oidc->scope = json_string_value (cache_object); | 1893 | // handle->oidc->scope = json_string_value (cache_object); |
1894 | handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); | 1894 | // handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); |
1895 | 1895 | // | |
1896 | //OPTIONAL value: nonce | 1896 | // //OPTIONAL value: nonce |
1897 | cache_object = json_object_get (handle->oidc->post_object, OIDC_NONCE_KEY); | 1897 | // cache_object = json_object_get (handle->oidc->post_object, OIDC_NONCE_KEY); |
1898 | if ( NULL != cache_object && json_is_string(cache_object) ) | 1898 | // if ( NULL != cache_object && json_is_string(cache_object) ) |
1899 | { | 1899 | // { |
1900 | handle->oidc->nonce = json_string_value (cache_object); | 1900 | // handle->oidc->nonce = json_string_value (cache_object); |
1901 | //TODO: what do we do with the nonce? | 1901 | // //TODO: what do we do with the nonce? |
1902 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); | 1902 | // handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); |
1903 | } | 1903 | // } |
1904 | 1904 | // | |
1905 | //TODO check other values and use them accordingly | 1905 | // //TODO check other values and use them accordingly |
1906 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1906 | // number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
1907 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) | 1907 | // for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
1908 | { | 1908 | // { |
1909 | cache_object = json_object_get (handle->oidc->post_object, OIDC_ignored_parameter_array[iterator]); | 1909 | // cache_object = json_object_get (handle->oidc->post_object, OIDC_ignored_parameter_array[iterator]); |
1910 | if( NULL != cache_object && json_is_string(cache_object) ) | 1910 | // if( NULL != cache_object && json_is_string(cache_object) ) |
1911 | { | 1911 | // { |
1912 | handle->emsg=GNUNET_strdup("access_denied"); | 1912 | // handle->emsg=GNUNET_strdup("access_denied"); |
1913 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", | 1913 | // GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
1914 | OIDC_ignored_parameter_array[iterator]); | 1914 | // OIDC_ignored_parameter_array[iterator]); |
1915 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1915 | // GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1916 | return; | 1916 | // return; |
1917 | } | 1917 | // } |
1918 | } | 1918 | // } |
1919 | 1919 | // | |
1920 | // Checks if response_type is 'code' | 1920 | // // Checks if response_type is 'code' |
1921 | if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) ) | 1921 | // if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) ) |
1922 | { | 1922 | // { |
1923 | handle->emsg=GNUNET_strdup("unsupported_response_type"); | 1923 | // handle->emsg=GNUNET_strdup("unsupported_response_type"); |
1924 | handle->edesc=GNUNET_strdup("The authorization server does not support " | 1924 | // handle->edesc=GNUNET_strdup("The authorization server does not support " |
1925 | "obtaining this authorization code."); | 1925 | // "obtaining this authorization code."); |
1926 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1926 | // GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1927 | return; | 1927 | // return; |
1928 | } | 1928 | // } |
1929 | 1929 | // | |
1930 | // Checks if scope contains 'openid' | 1930 | // // Checks if scope contains 'openid' |
1931 | expected_scope = GNUNET_strdup(handle->oidc->scope); | 1931 | // expected_scope = GNUNET_strdup(handle->oidc->scope); |
1932 | expected_scope = strtok (expected_scope, delimiter); | 1932 | // expected_scope = strtok (expected_scope, delimiter); |
1933 | while (NULL != expected_scope) | 1933 | // while (NULL != expected_scope) |
1934 | { | 1934 | // { |
1935 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) | 1935 | // if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) |
1936 | { | 1936 | // { |
1937 | break; | 1937 | // break; |
1938 | } | 1938 | // } |
1939 | expected_scope = strtok (NULL, delimiter); | 1939 | // expected_scope = strtok (NULL, delimiter); |
1940 | } | 1940 | // } |
1941 | if (NULL == expected_scope) | 1941 | // if (NULL == expected_scope) |
1942 | { | 1942 | // { |
1943 | handle->emsg = GNUNET_strdup("invalid_scope"); | 1943 | // handle->emsg = GNUNET_strdup("invalid_scope"); |
1944 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " | 1944 | // handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " |
1945 | "malformed."); | 1945 | // "malformed."); |
1946 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1946 | // GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1947 | return; | 1947 | // return; |
1948 | } | 1948 | // } |
1949 | 1949 | // | |
1950 | GNUNET_free(expected_scope); | 1950 | // GNUNET_free(expected_scope); |
1951 | 1951 | // | |
1952 | if( NULL != handle->oidc->login_identity ) | 1952 | // if( NULL != handle->oidc->login_identity ) |
1953 | { | 1953 | // { |
1954 | GNUNET_SCHEDULER_add_now(&login_check,handle); | 1954 | // GNUNET_SCHEDULER_add_now(&login_check,handle); |
1955 | return; | 1955 | // return; |
1956 | } | 1956 | // } |
1957 | 1957 | // | |
1958 | GNUNET_SCHEDULER_add_now(&login_redirection,handle); | 1958 | // GNUNET_SCHEDULER_add_now(&login_redirection,handle); |
1959 | } | 1959 | //} |
1960 | 1960 | // | |
1961 | 1961 | // | |
1962 | /** | 1962 | ///** |
1963 | * Responds to authorization POST request | 1963 | // * Responds to authorization POST request |
1964 | * | 1964 | // * |
1965 | * @param con_handle the connection handle | 1965 | // * @param con_handle the connection handle |
1966 | * @param url the url | 1966 | // * @param url the url |
1967 | * @param cls the RequestHandle | 1967 | // * @param cls the RequestHandle |
1968 | */ | 1968 | // */ |
1969 | static void | 1969 | //static void |
1970 | authorize_POST_cont (struct GNUNET_REST_RequestHandle *con_handle, | 1970 | //authorize_POST_cont (struct GNUNET_REST_RequestHandle *con_handle, |
1971 | const char* url, | 1971 | // const char* url, |
1972 | void *cls) | 1972 | // void *cls) |
1973 | { | 1973 | //{ |
1974 | struct RequestHandle *handle = cls; | 1974 | // struct RequestHandle *handle = cls; |
1975 | json_t *cache_object; | 1975 | // json_t *cache_object; |
1976 | json_error_t error; | 1976 | // json_error_t error; |
1977 | handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error); | 1977 | // handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error); |
1978 | 1978 | // | |
1979 | //gets identity of login try with cookie | 1979 | // //gets identity of login try with cookie |
1980 | cookie_identity_interpretation(handle); | 1980 | // cookie_identity_interpretation(handle); |
1981 | 1981 | // | |
1982 | //RECOMMENDED value: state - REQUIRED for answers | 1982 | // //RECOMMENDED value: state - REQUIRED for answers |
1983 | cache_object = json_object_get (handle->oidc->post_object, OIDC_STATE_KEY); | 1983 | // cache_object = json_object_get (handle->oidc->post_object, OIDC_STATE_KEY); |
1984 | if ( NULL != cache_object && json_is_string(cache_object) ) | 1984 | // if ( NULL != cache_object && json_is_string(cache_object) ) |
1985 | { | 1985 | // { |
1986 | handle->oidc->state = json_string_value (cache_object); | 1986 | // handle->oidc->state = json_string_value (cache_object); |
1987 | handle->oidc->state = GNUNET_strdup(handle->oidc->state); | 1987 | // handle->oidc->state = GNUNET_strdup(handle->oidc->state); |
1988 | } | 1988 | // } |
1989 | 1989 | // | |
1990 | // REQUIRED value: client_id | 1990 | // // REQUIRED value: client_id |
1991 | cache_object = json_object_get (handle->oidc->post_object, | 1991 | // cache_object = json_object_get (handle->oidc->post_object, |
1992 | OIDC_CLIENT_ID_KEY); | 1992 | // OIDC_CLIENT_ID_KEY); |
1993 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1993 | // if ( NULL == cache_object || !json_is_string(cache_object) ) |
1994 | { | 1994 | // { |
1995 | handle->emsg = GNUNET_strdup("invalid_request"); | 1995 | // handle->emsg = GNUNET_strdup("invalid_request"); |
1996 | handle->edesc = GNUNET_strdup("missing parameter client_id"); | 1996 | // handle->edesc = GNUNET_strdup("missing parameter client_id"); |
1997 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1997 | // handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1998 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1998 | // GNUNET_SCHEDULER_add_now (&do_error, handle); |
1999 | return; | 1999 | // return; |
2000 | } | 2000 | // } |
2001 | handle->oidc->client_id = json_string_value (cache_object); | 2001 | // handle->oidc->client_id = json_string_value (cache_object); |
2002 | handle->oidc->client_id = GNUNET_strdup(handle->oidc->client_id); | 2002 | // handle->oidc->client_id = GNUNET_strdup(handle->oidc->client_id); |
2003 | 2003 | // | |
2004 | if ( GNUNET_OK | 2004 | // if ( GNUNET_OK |
2005 | != GNUNET_CRYPTO_ecdsa_public_key_from_string ( | 2005 | // != GNUNET_CRYPTO_ecdsa_public_key_from_string ( |
2006 | handle->oidc->client_id, strlen (handle->oidc->client_id), | 2006 | // handle->oidc->client_id, strlen (handle->oidc->client_id), |
2007 | &handle->oidc->client_pkey) ) | 2007 | // &handle->oidc->client_pkey) ) |
2008 | { | 2008 | // { |
2009 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 2009 | // handle->emsg = GNUNET_strdup("unauthorized_client"); |
2010 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 2010 | // handle->edesc = GNUNET_strdup("The client is not authorized to request an " |
2011 | "authorization code using this method."); | 2011 | // "authorization code using this method."); |
2012 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 2012 | // handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
2013 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2013 | // GNUNET_SCHEDULER_add_now (&do_error, handle); |
2014 | return; | 2014 | // return; |
2015 | } | 2015 | // } |
2016 | 2016 | // | |
2017 | if ( NULL == handle->ego_head ) | 2017 | // if ( NULL == handle->ego_head ) |
2018 | { | 2018 | // { |
2019 | //TODO throw error or ignore if egos are missing? | 2019 | // //TODO throw error or ignore if egos are missing? |
2020 | handle->emsg = GNUNET_strdup("server_error"); | 2020 | // handle->emsg = GNUNET_strdup("server_error"); |
2021 | handle->edesc = GNUNET_strdup ("Egos are missing"); | 2021 | // handle->edesc = GNUNET_strdup ("Egos are missing"); |
2022 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 2022 | // handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
2023 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2023 | // GNUNET_SCHEDULER_add_now (&do_error, handle); |
2024 | return; | 2024 | // return; |
2025 | } | 2025 | // } |
2026 | 2026 | // | |
2027 | handle->ego_entry = handle->ego_head; | 2027 | // handle->ego_entry = handle->ego_head; |
2028 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); | 2028 | // handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); |
2029 | handle->oidc->is_client_trusted = GNUNET_NO; | 2029 | // handle->oidc->is_client_trusted = GNUNET_NO; |
2030 | 2030 | // | |
2031 | // Checks if client_id is valid: | 2031 | // // Checks if client_id is valid: |
2032 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( | 2032 | // handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( |
2033 | handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, | 2033 | // handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, |
2034 | handle, &namestore_iteration_callback, handle, | 2034 | // handle, &namestore_iteration_callback, handle, |
2035 | &namestore_iteration_finished_POST, handle); | 2035 | // &namestore_iteration_finished_POST, handle); |
2036 | } | 2036 | //} |
2037 | 2037 | ||
2038 | /** | 2038 | /** |
2039 | * Combines an identity with a login time and responds OK to login request | 2039 | * Combines an identity with a login time and responds OK to login request |
@@ -2095,66 +2095,85 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2095 | void *cls) | 2095 | void *cls) |
2096 | { | 2096 | { |
2097 | //TODO static strings | 2097 | //TODO static strings |
2098 | //TODO Unauthorized with Header Field | ||
2099 | //TODO Do not allow multiple equal parameter names | ||
2100 | |||
2098 | struct RequestHandle *handle = cls; | 2101 | struct RequestHandle *handle = cls; |
2099 | struct GNUNET_HashCode cache_key; | 2102 | struct GNUNET_HashCode cache_key; |
2100 | char *authorization, *cache_authorization, *credentials; | 2103 | char *authorization, *credentials; |
2101 | char delimiter[]=" "; | 2104 | char delimiter[]=" "; |
2102 | char delimiter_user_psw[]=":"; | 2105 | char delimiter_user_psw[]=":"; |
2103 | json_t *cache_object; | 2106 | char *grant_type, *code, *redirect_uri, *expected_redirect_uri; |
2104 | json_error_t error; | 2107 | char *user_psw = NULL, *client_id, *psw; |
2105 | char *grant_type, *code, *expected_jwt, *redirect_uri, *expected_redirect_uri; | ||
2106 | char *user_psw, *user, *psw; | ||
2107 | char *expected_psw; | 2108 | char *expected_psw; |
2108 | int client_exists = GNUNET_NO; | 2109 | int client_exists = GNUNET_NO; |
2109 | 2110 | ||
2110 | handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error); | ||
2111 | //Check Authorization Header | 2111 | //Check Authorization Header |
2112 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 2112 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
2113 | &cache_key); | 2113 | &cache_key); |
2114 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | 2114 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, |
2115 | &cache_key) ) | 2115 | &cache_key) ) |
2116 | { | 2116 | { |
2117 | //error | 2117 | handle->emsg=GNUNET_strdup("invalid_request"); |
2118 | handle->edesc=GNUNET_strdup("missing authorization"); | ||
2119 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2120 | return; | ||
2118 | } | 2121 | } |
2119 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 2122 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); |
2120 | //split JWT in "Basic" and [content] | 2123 | |
2121 | cache_authorization = GNUNET_strdup (authorization); | 2124 | //split header in "Basic" and [content] |
2122 | credentials = strtok(cache_authorization,delimiter); | 2125 | credentials = GNUNET_strdup(authorization); |
2126 | credentials = strtok (credentials, delimiter); | ||
2123 | if( NULL != credentials) | 2127 | if( NULL != credentials) |
2124 | { | 2128 | { |
2125 | credentials = strtok(credentials, delimiter); | 2129 | credentials = strtok(NULL, delimiter); |
2126 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", credentials); | ||
2127 | } | 2130 | } |
2128 | if (NULL == credentials) | 2131 | if (NULL == credentials) |
2129 | { | 2132 | { |
2130 | //error | 2133 | handle->emsg=GNUNET_strdup("invalid_client"); |
2134 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2135 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2136 | return; | ||
2131 | } | 2137 | } |
2132 | GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw); | 2138 | GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw); |
2133 | 2139 | ||
2134 | if ( NULL == user_psw ) | 2140 | if ( NULL == user_psw ) |
2135 | { | 2141 | { |
2136 | //error | 2142 | handle->emsg=GNUNET_strdup("invalid_client"); |
2143 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2144 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2145 | return; | ||
2137 | } | 2146 | } |
2138 | user = strtok (user_psw, delimiter_user_psw); | 2147 | client_id = strtok (user_psw, delimiter_user_psw); |
2139 | if ( NULL == user ) | 2148 | if ( NULL == client_id ) |
2140 | { | 2149 | { |
2141 | //error | 2150 | GNUNET_free_non_null(user_psw); |
2151 | handle->emsg=GNUNET_strdup("invalid_client"); | ||
2152 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2153 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2154 | return; | ||
2142 | } | 2155 | } |
2143 | 2156 | psw = strtok (NULL, delimiter_user_psw); | |
2144 | psw = strtok (user, delimiter_user_psw); | ||
2145 | if (NULL == psw) | 2157 | if (NULL == psw) |
2146 | { | 2158 | { |
2147 | //error | 2159 | GNUNET_free_non_null(user_psw); |
2160 | handle->emsg=GNUNET_strdup("invalid_client"); | ||
2161 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2162 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2163 | return; | ||
2148 | } | 2164 | } |
2149 | 2165 | ||
2150 | //check psw | 2166 | //check client password |
2151 | if ( GNUNET_OK | 2167 | if ( GNUNET_OK |
2152 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 2168 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
2153 | "psw", &expected_psw) ) | 2169 | "psw", &expected_psw) ) |
2154 | { | 2170 | { |
2155 | if (0 != strcmp (expected_psw, psw)) | 2171 | if (0 != strcmp (expected_psw, psw)) |
2156 | { | 2172 | { |
2157 | //error | 2173 | handle->emsg=GNUNET_strdup("invalid_client"); |
2174 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2175 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2176 | return; | ||
2158 | } | 2177 | } |
2159 | GNUNET_free(expected_psw); | 2178 | GNUNET_free(expected_psw); |
2160 | } | 2179 | } |
@@ -2167,10 +2186,54 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2167 | return; | 2186 | return; |
2168 | } | 2187 | } |
2169 | 2188 | ||
2189 | //REQUIRED grant_type | ||
2190 | GNUNET_CRYPTO_hash ("grant_type", strlen ("grant_type"), &cache_key); | ||
2191 | if ( GNUNET_NO | ||
2192 | == GNUNET_CONTAINER_multihashmap_contains ( | ||
2193 | handle->rest_handle->url_param_map, &cache_key) ) | ||
2194 | { | ||
2195 | handle->emsg = GNUNET_strdup("invalid_request"); | ||
2196 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); | ||
2197 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2198 | return; | ||
2199 | } | ||
2200 | grant_type = GNUNET_CONTAINER_multihashmap_get ( | ||
2201 | handle->rest_handle->url_param_map, &cache_key); | ||
2202 | |||
2203 | //REQUIRED code | ||
2204 | GNUNET_CRYPTO_hash ("code", strlen ("code"), &cache_key); | ||
2205 | if ( GNUNET_NO | ||
2206 | == GNUNET_CONTAINER_multihashmap_contains ( | ||
2207 | handle->rest_handle->url_param_map, &cache_key) ) | ||
2208 | { | ||
2209 | handle->emsg = GNUNET_strdup("invalid_request"); | ||
2210 | handle->edesc = GNUNET_strdup("missing parameter code"); | ||
2211 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2212 | return; | ||
2213 | } | ||
2214 | code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | ||
2215 | &cache_key); | ||
2216 | |||
2217 | //REQUIRED redirect_uri | ||
2218 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | ||
2219 | &cache_key); | ||
2220 | if ( GNUNET_NO | ||
2221 | == GNUNET_CONTAINER_multihashmap_contains ( | ||
2222 | handle->rest_handle->url_param_map, &cache_key) ) | ||
2223 | { | ||
2224 | handle->emsg = GNUNET_strdup("invalid_request"); | ||
2225 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); | ||
2226 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2227 | return; | ||
2228 | } | ||
2229 | redirect_uri = GNUNET_CONTAINER_multihashmap_get ( | ||
2230 | handle->rest_handle->url_param_map, &cache_key); | ||
2231 | |||
2232 | |||
2170 | //check client_id | 2233 | //check client_id |
2171 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) | 2234 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) |
2172 | { | 2235 | { |
2173 | if (handle->ego_entry->keystring == user) | 2236 | if ( 0 == strcmp(handle->ego_entry->keystring, client_id)) |
2174 | { | 2237 | { |
2175 | client_exists = GNUNET_YES; | 2238 | client_exists = GNUNET_YES; |
2176 | break; | 2239 | break; |
@@ -2179,49 +2242,31 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2179 | } | 2242 | } |
2180 | if (GNUNET_NO == client_exists) | 2243 | if (GNUNET_NO == client_exists) |
2181 | { | 2244 | { |
2182 | //error | 2245 | handle->emsg=GNUNET_strdup("unauthorized_client"); |
2183 | } | 2246 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
2184 | |||
2185 | cache_object = json_object_get (handle->oidc->post_object, "grant_type"); | ||
2186 | if ( NULL == cache_object || !json_is_string(cache_object) ) | ||
2187 | { | ||
2188 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
2189 | handle->edesc=GNUNET_strdup("missing parameter grant_type"); | ||
2190 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2247 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2191 | return; | 2248 | return; |
2192 | } | 2249 | } |
2193 | grant_type = json_string_value (cache_object); | 2250 | |
2251 | |||
2194 | 2252 | ||
2195 | //Check parameter grant_type == "authorization_code" | 2253 | //Check parameter grant_type == "authorization_code" |
2196 | if (0 != strcmp("authorization_code", grant_type)) | 2254 | if (0 != strcmp("authorization_code", grant_type)) |
2197 | { | 2255 | { |
2198 | //error | 2256 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); |
2199 | } | 2257 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
2200 | |||
2201 | cache_object = json_object_get (handle->oidc->post_object, "code"); | ||
2202 | if ( NULL == cache_object || !json_is_string(cache_object) ) | ||
2203 | { | ||
2204 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
2205 | handle->edesc=GNUNET_strdup("missing parameter code"); | ||
2206 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2258 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2207 | return; | 2259 | return; |
2208 | } | 2260 | } |
2209 | code = json_string_value (cache_object); | ||
2210 | 2261 | ||
2211 | // lookup code in grants_hashmap and check if [content] is same | ||
2212 | 2262 | ||
2213 | cache_object = json_object_get (handle->oidc->post_object, "redirect_uri"); | 2263 | |
2214 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 2264 | //TODO consume code |
2215 | { | 2265 | |
2216 | handle->emsg=GNUNET_strdup("invalid_request"); | 2266 | |
2217 | handle->edesc=GNUNET_strdup("missing parameter code"); | ||
2218 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2219 | return; | ||
2220 | } | ||
2221 | redirect_uri = json_string_value (cache_object); | ||
2222 | 2267 | ||
2223 | // check redirect_uri | 2268 | // check redirect_uri |
2224 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", user); | 2269 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); |
2225 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 2270 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
2226 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | 2271 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) |
2227 | { | 2272 | { |
@@ -2231,12 +2276,11 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2231 | GNUNET_free(expected_redirect_uri); | 2276 | GNUNET_free(expected_redirect_uri); |
2232 | return; | 2277 | return; |
2233 | } | 2278 | } |
2234 | handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); | ||
2235 | GNUNET_free(expected_redirect_uri); | 2279 | GNUNET_free(expected_redirect_uri); |
2236 | 2280 | ||
2237 | //return something | 2281 | //return something |
2238 | 2282 | ||
2239 | GNUNET_free(cache_authorization); | 2283 | GNUNET_free(user_psw); |
2240 | json_decref(handle->oidc->post_object); | 2284 | json_decref(handle->oidc->post_object); |
2241 | } | 2285 | } |
2242 | 2286 | ||