diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-12 14:53:03 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-12 14:53:03 +0100 |
commit | 595319b96647f03737ffd8a552c06fd1f8af4be7 (patch) | |
tree | 4a3b5d9d35f312f7ae198502e074a6ee38c9b6d2 /src | |
parent | 762463674907eaec186cce3ba7c178c4aced2a2e (diff) | |
download | gnunet-595319b96647f03737ffd8a552c06fd1f8af4be7.tar.gz gnunet-595319b96647f03737ffd8a552c06fd1f8af4be7.zip |
-wip attribute collection
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 315 |
1 files changed, 169 insertions, 146 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 4daba29be..de54ecf16 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -263,16 +263,31 @@ struct RequestHandle | |||
263 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | 263 | struct GNUNET_NAMESTORE_Handle *namestore_handle; |
264 | 264 | ||
265 | /** | 265 | /** |
266 | * Iterator for NAMESTORE | ||
267 | */ | ||
268 | struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it; | ||
269 | |||
270 | /** | ||
271 | * OIDC_client_id existence | ||
272 | */ | ||
273 | int client_exists; | ||
274 | |||
275 | /** | ||
266 | * Private key for the zone | 276 | * Private key for the zone |
267 | */ | 277 | */ |
268 | struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey; | 278 | struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey; |
269 | 279 | ||
270 | /** | 280 | /** |
271 | * OIDC_client public key | 281 | * Private key for the zone |
272 | */ | 282 | */ |
273 | struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey; | 283 | struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey; |
274 | 284 | ||
275 | /** | 285 | /** |
286 | * OIDC_client public key | ||
287 | */ | ||
288 | char *client_pkey_string; | ||
289 | |||
290 | /** | ||
276 | * IDENTITY Operation | 291 | * IDENTITY Operation |
277 | */ | 292 | */ |
278 | struct GNUNET_IDENTITY_Operation *op; | 293 | struct GNUNET_IDENTITY_Operation *op; |
@@ -380,6 +395,10 @@ cleanup_handle (struct RequestHandle *handle) | |||
380 | GNUNET_free (handle->edesc); | 395 | GNUNET_free (handle->edesc); |
381 | if (NULL != handle->eredirect) | 396 | if (NULL != handle->eredirect) |
382 | GNUNET_free (handle->eredirect); | 397 | GNUNET_free (handle->eredirect); |
398 | if (NULL != handle->namestore_handle) | ||
399 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | ||
400 | if (NULL != handle->client_pkey_string) | ||
401 | GNUNET_free (handle->client_pkey_string); | ||
383 | for (ego_entry = handle->ego_head; | 402 | for (ego_entry = handle->ego_head; |
384 | NULL != ego_entry;) | 403 | NULL != ego_entry;) |
385 | { | 404 | { |
@@ -411,9 +430,12 @@ do_error (void *cls) | |||
411 | struct MHD_Response *resp; | 430 | struct MHD_Response *resp; |
412 | char *json_error; | 431 | char *json_error; |
413 | 432 | ||
414 | GNUNET_asprintf (&json_error, | 433 | GNUNET_asprintf (&json_error, "{error : %s, error_description : %s}", |
415 | "{error : %s, error_description : %s}", | 434 | handle->emsg, (NULL != handle->edesc) ? handle->edesc : ""); |
416 | handle->emsg, (NULL != handle->edesc) ? handle->edesc : ""); | 435 | if ( 0 == handle->response_code ) |
436 | { | ||
437 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
438 | } | ||
417 | resp = GNUNET_REST_create_response (json_error); | 439 | resp = GNUNET_REST_create_response (json_error); |
418 | handle->proc (handle->proc_cls, resp, handle->response_code); | 440 | handle->proc (handle->proc_cls, resp, handle->response_code); |
419 | cleanup_handle (handle); | 441 | cleanup_handle (handle); |
@@ -1142,170 +1164,84 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1142 | * Function called if we had an error in zone-to-name mapping. | 1164 | * Function called if we had an error in zone-to-name mapping. |
1143 | */ | 1165 | */ |
1144 | static void | 1166 | static void |
1145 | zone_to_name_error (void *cls) | 1167 | namestore_iteration_error (void *cls) |
1146 | { | 1168 | { |
1147 | struct RequestHandle *handle = cls; | 1169 | struct RequestHandle *handle = cls; |
1148 | |||
1149 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1170 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
1150 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1171 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1151 | |||
1152 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | ||
1153 | handle->namestore_handle = NULL; | ||
1154 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1172 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1155 | } | 1173 | } |
1156 | 1174 | ||
1157 | /** | 1175 | /** |
1158 | * Test if a name mapping was found, if so, continue, else, throw error | 1176 | * Create a response with requested records |
1159 | * | 1177 | * |
1160 | * @param cls closure | 1178 | * @param handle the RequestHandle |
1161 | * @param zone_key public key of the zone | ||
1162 | * @param name name that is being mapped (at most 255 characters long) | ||
1163 | * @param rd_count number of entries in @a rd array | ||
1164 | * @param rd array of records with data to store | ||
1165 | */ | 1179 | */ |
1166 | static void | 1180 | static void |
1167 | zone_to_name_get_cb (void *cls, | 1181 | namestore_iteration_callback ( |
1168 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, | 1182 | void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, |
1169 | const char *name, unsigned int rd_count, | 1183 | const char *rname, unsigned int rd_len, |
1170 | const struct GNUNET_GNSRECORD_Data *rd) | 1184 | const struct GNUNET_GNSRECORD_Data *rd) |
1171 | { | 1185 | { |
1172 | struct RequestHandle *handle = cls; | 1186 | struct RequestHandle *handle = cls; |
1173 | struct EgoEntry *ego_entry = handle->ego_entry->next; | 1187 | int i; |
1174 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s", handle->ego_entry->keystring); | ||
1175 | if ( NULL == name ) | ||
1176 | { | ||
1177 | if(NULL != ego_entry){ | ||
1178 | handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key ( | ||
1179 | handle->ego_head->ego); | ||
1180 | 1188 | ||
1189 | for (i = 0; i < rd_len; i++) | ||
1190 | { | ||
1191 | if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type ) | ||
1192 | continue; | ||
1181 | 1193 | ||
1182 | handle->ego_entry = ego_entry; | 1194 | if ( 0 == memcmp (rd[i].data,&handle->client_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1183 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey, | ||
1184 | &handle->client_pkey, &zone_to_name_error, handle, | ||
1185 | &zone_to_name_get_cb, handle); | ||
1186 | return; | ||
1187 | } | ||
1188 | else | ||
1189 | { | 1195 | { |
1190 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1196 | handle->client_exists = GNUNET_YES; |
1191 | //TODO change desc | ||
1192 | handle->edesc = GNUNET_strdup("Not in namestore"); | ||
1193 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1194 | // GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | ||
1195 | // handle->namestore_handle = NULL; | ||
1196 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1197 | return; | ||
1198 | } | 1197 | } |
1199 | } | 1198 | } |
1200 | else | ||
1201 | { | ||
1202 | 1199 | ||
1203 | handle->emsg = GNUNET_strdup("works"); | 1200 | GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it); |
1204 | handle->edesc = GNUNET_strdup(""); | ||
1205 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1206 | // GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | ||
1207 | // handle->namestore_handle = NULL; | ||
1208 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test"); | ||
1209 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1210 | return; | ||
1211 | } | ||
1212 | } | 1201 | } |
1213 | 1202 | ||
1214 | /** | 1203 | /** |
1215 | * Respond to authorization GET request | 1204 | * Iteration over all results finished, build final |
1205 | * response. | ||
1216 | * | 1206 | * |
1217 | * @param con_handle the connection handle | 1207 | * @param cls the `struct RequestHandle` |
1218 | * @param url the url | ||
1219 | * @param cls the RequestHandle | ||
1220 | */ | 1208 | */ |
1221 | static void | 1209 | static void |
1222 | authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | 1210 | namestore_iteration_finished (void *cls) |
1223 | const char* url, | ||
1224 | void *cls) | ||
1225 | { | 1211 | { |
1226 | /** The Authorization Server MUST validate all the OAuth 2.0 parameters | ||
1227 | * according to the OAuth 2.0 specification. | ||
1228 | */ | ||
1229 | /** | ||
1230 | * If the sub (subject) Claim is requested with a specific value for the | ||
1231 | * ID Token, the Authorization Server MUST only send a positive response | ||
1232 | * if the End-User identified by that sub value has an active session with | ||
1233 | * the Authorization Server or has been Authenticated as a result of the | ||
1234 | * request. The Authorization Server MUST NOT reply with an ID Token or | ||
1235 | * Access Token for a different user, even if they have an active session | ||
1236 | * with the Authorization Server. Such a request can be made either using | ||
1237 | * an id_token_hint parameter or by requesting a specific Claim Value as | ||
1238 | * described in Section 5.5.1, if the claims parameter is supported by | ||
1239 | * the implementation. | ||
1240 | */ | ||
1241 | |||
1242 | struct MHD_Response *resp; | ||
1243 | struct RequestHandle *handle = cls; | 1212 | struct RequestHandle *handle = cls; |
1213 | struct MHD_Response *resp; | ||
1214 | |||
1244 | char *response_type; | 1215 | char *response_type; |
1245 | char *client_id; | ||
1246 | char *scope; | 1216 | char *scope; |
1247 | char *redirect_uri; | 1217 | char *redirect_uri; |
1248 | char *expected_redirect_uri; | 1218 | char *expected_redirect_uri; |
1249 | char *state = NULL; | 1219 | char *state; |
1250 | char *nonce = NULL; | 1220 | char *nonce; |
1251 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 1221 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
1252 | char *login_base_url, *new_redirect; | 1222 | char *login_base_url, *new_redirect; |
1253 | struct GNUNET_HashCode cache_key; | 1223 | struct GNUNET_HashCode cache_key; |
1254 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_pkey; | ||
1255 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; | 1224 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; |
1256 | int number_of_ignored_parameter, iterator; | 1225 | int number_of_ignored_parameter, iterator; |
1257 | 1226 | ||
1258 | // REQUIRED value: client_id | ||
1259 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | ||
1260 | &cache_key); | ||
1261 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1262 | &cache_key)) | ||
1263 | { | ||
1264 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
1265 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | ||
1266 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1267 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1268 | return; | ||
1269 | } | ||
1270 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1271 | &cache_key); | ||
1272 | if ( GNUNET_OK | ||
1273 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, | ||
1274 | strlen (client_id), | ||
1275 | &handle->client_pkey) ) | ||
1276 | { | ||
1277 | handle->emsg=GNUNET_strdup("unauthorized_client"); | ||
1278 | handle->edesc = GNUNET_strdup( | ||
1279 | "The client is not authorized to request an authorization" | ||
1280 | " code using this method."); | ||
1281 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1282 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1283 | return; | ||
1284 | } | ||
1285 | 1227 | ||
1286 | // Checks if client_id is valid: | 1228 | handle->ego_entry = handle->ego_entry->next; |
1287 | if ( NULL == handle->namestore_handle ) | ||
1288 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); | ||
1289 | 1229 | ||
1290 | if ( NULL == handle->ego_head ) | 1230 | if(NULL != handle->ego_entry){ |
1231 | handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key ( | ||
1232 | handle->ego_entry->ego); | ||
1233 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->zone_pkey, | ||
1234 | &namestore_iteration_error, handle, &namestore_iteration_callback, handle, | ||
1235 | &namestore_iteration_finished, handle); | ||
1236 | return; | ||
1237 | } | ||
1238 | if (GNUNET_YES != handle->client_exists) | ||
1291 | { | 1239 | { |
1292 | handle->emsg = GNUNET_strdup("Missing egos."); | 1240 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
1293 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1241 | handle->edesc = GNUNET_strdup("Client is not trusted."); |
1294 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1242 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1295 | return; | 1243 | return; |
1296 | } | 1244 | } |
1297 | //TODO fix this | ||
1298 | // for (ego_entry = handle->ego_head; | ||
1299 | // NULL != ego_entry; ego_entry = ego_entry->next) | ||
1300 | // { | ||
1301 | handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key ( | ||
1302 | handle->ego_head->ego); | ||
1303 | handle->ego_entry = handle->ego_head; | ||
1304 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey, | ||
1305 | &handle->client_pkey, &zone_to_name_error, handle, | ||
1306 | &zone_to_name_get_cb, handle); | ||
1307 | return; | ||
1308 | // zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->rest_handle); | ||
1309 | 1245 | ||
1310 | // REQUIRED value: redirect_uri | 1246 | // REQUIRED value: redirect_uri |
1311 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1247 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
@@ -1321,15 +1257,14 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1321 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1257 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1322 | &cache_key); | 1258 | &cache_key); |
1323 | 1259 | ||
1324 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); | 1260 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->client_pkey_string); |
1325 | |||
1326 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 1261 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
1327 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | 1262 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) |
1328 | { | 1263 | { |
1329 | handle->emsg=GNUNET_strdup("invalid_request"); | 1264 | handle->emsg=GNUNET_strdup("invalid_request"); |
1330 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 1265 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
1331 | GNUNET_free(expected_redirect_uri); | ||
1332 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1266 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1267 | // GNUNET_free(expected_redirect_uri); | ||
1333 | return; | 1268 | return; |
1334 | } | 1269 | } |
1335 | handle->eredirect = GNUNET_strdup(redirect_uri); | 1270 | handle->eredirect = GNUNET_strdup(redirect_uri); |
@@ -1422,12 +1357,12 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1422 | &cache_key); | 1357 | &cache_key); |
1423 | //No identity-cookie -> redirect to login | 1358 | //No identity-cookie -> redirect to login |
1424 | if ( GNUNET_YES | 1359 | if ( GNUNET_YES |
1425 | == GNUNET_CONTAINER_multihashmap_contains (con_handle->header_param_map, | 1360 | == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, |
1426 | &cache_key) ) | 1361 | &cache_key) ) |
1427 | { | 1362 | { |
1428 | //split cookies and find 'Identity' cookie | 1363 | //split cookies and find 'Identity' cookie |
1429 | char* cookies = GNUNET_CONTAINER_multihashmap_get ( | 1364 | char* cookies = GNUNET_CONTAINER_multihashmap_get ( |
1430 | con_handle->header_param_map, &cache_key); | 1365 | handle->rest_handle->header_param_map, &cache_key); |
1431 | char delimiter[] = "; "; | 1366 | char delimiter[] = "; "; |
1432 | char *identity_cookie; | 1367 | char *identity_cookie; |
1433 | identity_cookie = strtok(cookies, delimiter); | 1368 | identity_cookie = strtok(cookies, delimiter); |
@@ -1465,18 +1400,18 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1465 | // iterate over egos and compare their public key | 1400 | // iterate over egos and compare their public key |
1466 | // GNUNET_IDENTITY_PROVIDER_get_attributes_start | 1401 | // GNUNET_IDENTITY_PROVIDER_get_attributes_start |
1467 | // iterate over scope variables | 1402 | // iterate over scope variables |
1468 | char delimiter[] = " "; | 1403 | // char delimiter[] = " "; |
1469 | char *scope_attribute; | 1404 | // char *scope_attribute; |
1470 | scope_attribute = strtok(scope, delimiter); | 1405 | // scope_attribute = strtok(scope, delimiter); |
1471 | 1406 | // | |
1472 | while ( NULL != scope_attribute ) | 1407 | // while ( NULL != scope_attribute ) |
1473 | { | 1408 | // { |
1474 | if ( NULL == strstr (scope_attribute, OIDC_EXPECTED_AUTHORIZATION_SCOPE) ) | 1409 | // if ( NULL == strstr (scope_attribute, OIDC_EXPECTED_AUTHORIZATION_SCOPE) ) |
1475 | { | 1410 | // { |
1476 | // claim attribute from ego | 1411 | // // claim attribute from ego |
1477 | scope_attribute = strtok (NULL, delimiter); | 1412 | // scope_attribute = strtok (NULL, delimiter); |
1478 | } | 1413 | // } |
1479 | } | 1414 | // } |
1480 | // create an authorization code | 1415 | // create an authorization code |
1481 | 1416 | ||
1482 | // GNUNET_IDENTITY_PROVIDER_t | 1417 | // GNUNET_IDENTITY_PROVIDER_t |
@@ -1502,16 +1437,17 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1502 | OIDC_RESPONSE_TYPE_KEY, | 1437 | OIDC_RESPONSE_TYPE_KEY, |
1503 | response_type, | 1438 | response_type, |
1504 | OIDC_CLIENT_ID_KEY, | 1439 | OIDC_CLIENT_ID_KEY, |
1505 | client_id, | 1440 | handle->client_pkey_string, |
1506 | OIDC_REDIRECT_URI_KEY, | 1441 | OIDC_REDIRECT_URI_KEY, |
1507 | redirect_uri, | 1442 | redirect_uri, |
1508 | OIDC_SCOPE_KEY, | 1443 | OIDC_SCOPE_KEY, |
1509 | scope, | 1444 | scope, |
1510 | OIDC_STATE_KEY, | 1445 | OIDC_STATE_KEY, |
1511 | (NULL == state) ? state : "", | 1446 | (NULL != state) ? state : "", |
1512 | OIDC_NONCE_KEY, | 1447 | OIDC_NONCE_KEY, |
1513 | (NULL == nonce) ? nonce : ""); | 1448 | (NULL != nonce) ? nonce : ""); |
1514 | resp = GNUNET_REST_create_response (""); | 1449 | resp = GNUNET_REST_create_response (""); |
1450 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s\n", new_redirect); | ||
1515 | MHD_add_response_header (resp, "Location", new_redirect); | 1451 | MHD_add_response_header (resp, "Location", new_redirect); |
1516 | } | 1452 | } |
1517 | else | 1453 | else |
@@ -1522,8 +1458,95 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1522 | return; | 1458 | return; |
1523 | } | 1459 | } |
1524 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1460 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1525 | cleanup_handle (handle); | ||
1526 | GNUNET_free(new_redirect); | 1461 | GNUNET_free(new_redirect); |
1462 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
1463 | return; | ||
1464 | } | ||
1465 | |||
1466 | /** | ||
1467 | * Respond to authorization GET request | ||
1468 | * | ||
1469 | * @param con_handle the connection handle | ||
1470 | * @param url the url | ||
1471 | * @param cls the RequestHandle | ||
1472 | */ | ||
1473 | static void | ||
1474 | authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1475 | const char* url, | ||
1476 | void *cls) | ||
1477 | { | ||
1478 | /** The Authorization Server MUST validate all the OAuth 2.0 parameters | ||
1479 | * according to the OAuth 2.0 specification. | ||
1480 | */ | ||
1481 | /** | ||
1482 | * If the sub (subject) Claim is requested with a specific value for the | ||
1483 | * ID Token, the Authorization Server MUST only send a positive response | ||
1484 | * if the End-User identified by that sub value has an active session with | ||
1485 | * the Authorization Server or has been Authenticated as a result of the | ||
1486 | * request. The Authorization Server MUST NOT reply with an ID Token or | ||
1487 | * Access Token for a different user, even if they have an active session | ||
1488 | * with the Authorization Server. Such a request can be made either using | ||
1489 | * an id_token_hint parameter or by requesting a specific Claim Value as | ||
1490 | * described in Section 5.5.1, if the claims parameter is supported by | ||
1491 | * the implementation. | ||
1492 | */ | ||
1493 | |||
1494 | struct RequestHandle *handle = cls; | ||
1495 | struct GNUNET_HashCode cache_key; | ||
1496 | char *client_id; | ||
1497 | |||
1498 | handle->response_code = 0; | ||
1499 | |||
1500 | // REQUIRED value: client_id | ||
1501 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | ||
1502 | &cache_key); | ||
1503 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1504 | &cache_key)) | ||
1505 | { | ||
1506 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
1507 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | ||
1508 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1509 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1510 | return; | ||
1511 | } | ||
1512 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1513 | &cache_key); | ||
1514 | |||
1515 | if ( GNUNET_OK | ||
1516 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, | ||
1517 | strlen (client_id), | ||
1518 | &handle->client_pkey) ) | ||
1519 | { | ||
1520 | handle->emsg = GNUNET_strdup("unauthorized_client"); | ||
1521 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | ||
1522 | "authorization code using this method."); | ||
1523 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1524 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1525 | return; | ||
1526 | } | ||
1527 | |||
1528 | if ( NULL == handle->namestore_handle ) | ||
1529 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); | ||
1530 | |||
1531 | if ( NULL == handle->ego_head ) | ||
1532 | { | ||
1533 | handle->emsg = GNUNET_strdup("Missing egos."); | ||
1534 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1535 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1536 | return; | ||
1537 | } | ||
1538 | |||
1539 | handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key ( | ||
1540 | handle->ego_head->ego); | ||
1541 | handle->ego_entry = handle->ego_head; | ||
1542 | handle->client_exists = GNUNET_NO; | ||
1543 | handle->client_pkey_string = GNUNET_strdup(client_id); | ||
1544 | |||
1545 | // Checks if client_id is valid: | ||
1546 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( | ||
1547 | handle->namestore_handle, &handle->zone_pkey, &namestore_iteration_error, | ||
1548 | handle, &namestore_iteration_callback, handle, | ||
1549 | &namestore_iteration_finished, handle); | ||
1527 | return; | 1550 | return; |
1528 | } | 1551 | } |
1529 | 1552 | ||