diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-22 14:52:36 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-22 14:52:36 +0100 |
commit | 5cc1e5ae920bac7f22d8a684bbea210d60788d48 (patch) | |
tree | 9ffc0ecf51873c0c868140bfb13419894cf44a74 /src | |
parent | ca115cc3605b2ecc88ce21a4758aa38149dc2342 (diff) | |
download | gnunet-5cc1e5ae920bac7f22d8a684bbea210d60788d48.tar.gz gnunet-5cc1e5ae920bac7f22d8a684bbea210d60788d48.zip |
-wip token request
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 214 |
1 files changed, 191 insertions, 23 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 0498f5c23..ca42cc50c 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -66,11 +66,16 @@ | |||
66 | #define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume" | 66 | #define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume" |
67 | 67 | ||
68 | /** | 68 | /** |
69 | * Authorize namespace | 69 | * Authorize endpoint |
70 | */ | 70 | */ |
71 | #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize" | 71 | #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize" |
72 | 72 | ||
73 | /** | 73 | /** |
74 | * Token endpoint | ||
75 | */ | ||
76 | #define GNUNET_REST_API_NS_TOKEN "/idp/token" | ||
77 | |||
78 | /** | ||
74 | * Login namespace | 79 | * Login namespace |
75 | */ | 80 | */ |
76 | #define GNUNET_REST_API_NS_LOGIN "/idp/login" | 81 | #define GNUNET_REST_API_NS_LOGIN "/idp/login" |
@@ -139,6 +144,12 @@ | |||
139 | /** | 144 | /** |
140 | * OIDC cookie header information key | 145 | * OIDC cookie header information key |
141 | */ | 146 | */ |
147 | #define OIDC_AUTHORIZATION_HEADER_KEY "Authorization" | ||
148 | |||
149 | |||
150 | /** | ||
151 | * OIDC cookie header information key | ||
152 | */ | ||
142 | #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" | 153 | #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" |
143 | 154 | ||
144 | /** | 155 | /** |
@@ -169,7 +180,12 @@ char* OIDC_ignored_parameter_array [] = | |||
169 | /** | 180 | /** |
170 | * OIDC authorized identities and times hashmap | 181 | * OIDC authorized identities and times hashmap |
171 | */ | 182 | */ |
172 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_authorized_identities; | 183 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time; |
184 | |||
185 | /** | ||
186 | * OIDC authorized identities and times hashmap | ||
187 | */ | ||
188 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; | ||
173 | 189 | ||
174 | /** | 190 | /** |
175 | * The configuration handle | 191 | * The configuration handle |
@@ -482,7 +498,7 @@ do_error (void *cls) | |||
482 | (NULL != handle->oidc->state) ? "\"" : ""); | 498 | (NULL != handle->oidc->state) ? "\"" : ""); |
483 | if ( 0 == handle->response_code ) | 499 | if ( 0 == handle->response_code ) |
484 | { | 500 | { |
485 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 501 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
486 | } | 502 | } |
487 | resp = GNUNET_REST_create_response (json_error); | 503 | resp = GNUNET_REST_create_response (json_error); |
488 | handle->proc (handle->proc_cls, resp, handle->response_code); | 504 | handle->proc (handle->proc_cls, resp, handle->response_code); |
@@ -822,6 +838,7 @@ attr_collect (void *cls, | |||
822 | struct GNUNET_JSONAPI_Resource *json_resource; | 838 | struct GNUNET_JSONAPI_Resource *json_resource; |
823 | struct RequestHandle *handle = cls; | 839 | struct RequestHandle *handle = cls; |
824 | json_t *value; | 840 | json_t *value; |
841 | char* tmp_value; | ||
825 | 842 | ||
826 | if ((NULL == attr->name) || (NULL == attr->data)) | 843 | if ((NULL == attr->name) || (NULL == attr->data)) |
827 | { | 844 | { |
@@ -835,11 +852,17 @@ attr_collect (void *cls, | |||
835 | attr->name); | 852 | attr->name); |
836 | GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); | 853 | GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); |
837 | 854 | ||
838 | value = json_string (attr->data); | 855 | tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type, |
856 | attr->data, | ||
857 | attr->data_size); | ||
858 | |||
859 | value = json_string (tmp_value); | ||
860 | |||
839 | GNUNET_JSONAPI_resource_add_attr (json_resource, | 861 | GNUNET_JSONAPI_resource_add_attr (json_resource, |
840 | "value", | 862 | "value", |
841 | value); | 863 | value); |
842 | json_decref (value); | 864 | json_decref (value); |
865 | GNUNET_free(tmp_value); | ||
843 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); | 866 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); |
844 | } | 867 | } |
845 | 868 | ||
@@ -1217,6 +1240,7 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
1217 | { | 1240 | { |
1218 | struct GNUNET_HashCode cache_key; | 1241 | struct GNUNET_HashCode cache_key; |
1219 | char* cookies; | 1242 | char* cookies; |
1243 | struct GNUNET_TIME_Absolute current_time, *relog_time; | ||
1220 | char delimiter[] = "; "; | 1244 | char delimiter[] = "; "; |
1221 | 1245 | ||
1222 | //gets identity of login try with cookie | 1246 | //gets identity of login try with cookie |
@@ -1239,9 +1263,9 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
1239 | } | 1263 | } |
1240 | GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), | 1264 | GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), |
1241 | &cache_key); | 1265 | &cache_key); |
1242 | if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_authorized_identities, &cache_key) ) | 1266 | if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) |
1243 | { | 1267 | { |
1244 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_authorized_identities, | 1268 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, |
1245 | &cache_key); | 1269 | &cache_key); |
1246 | current_time = GNUNET_TIME_absolute_get (); | 1270 | current_time = GNUNET_TIME_absolute_get (); |
1247 | // 30 min after old login -> redirect to login | 1271 | // 30 min after old login -> redirect to login |
@@ -1322,12 +1346,28 @@ oidc_ticket_issue_cb (void* cls, | |||
1322 | { | 1346 | { |
1323 | struct RequestHandle *handle = cls; | 1347 | struct RequestHandle *handle = cls; |
1324 | struct MHD_Response *resp; | 1348 | struct MHD_Response *resp; |
1349 | struct GNUNET_HashCode cache_key; | ||
1325 | char* ticket_str; | 1350 | char* ticket_str; |
1326 | char* redirect_uri; | 1351 | char* redirect_uri; |
1352 | char* jwt; | ||
1353 | handle->idp_op = NULL; | ||
1327 | resp = GNUNET_REST_create_response (""); | 1354 | resp = GNUNET_REST_create_response (""); |
1328 | if (NULL != ticket) { | 1355 | if (NULL != ticket) { |
1329 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, | 1356 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, |
1330 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | 1357 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); |
1358 | |||
1359 | |||
1360 | //TODO Check if this is right: | ||
1361 | // GNUNET_CRYPTO_hash (ticket_str, strlen (ticket_str), &cache_key); | ||
1362 | // jwt = jwt_create_from_list (handle->oidc->client_pkey, | ||
1363 | // handle->attr_list, | ||
1364 | // handle->priv_key); | ||
1365 | // //TODO Check success of function | ||
1366 | // GNUNET_CONTAINER_multihashmap_put ( | ||
1367 | // OIDC_identity_grants, &cache_key, jwt, | ||
1368 | // GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE); | ||
1369 | |||
1370 | |||
1331 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | 1371 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", |
1332 | handle->oidc->redirect_uri, | 1372 | handle->oidc->redirect_uri, |
1333 | handle->oidc->response_type, | 1373 | handle->oidc->response_type, |
@@ -1429,10 +1469,10 @@ login_check (void *cls) | |||
1429 | GNUNET_free(identity_cookie); | 1469 | GNUNET_free(identity_cookie); |
1430 | //No login time for identity -> redirect to login | 1470 | //No login time for identity -> redirect to login |
1431 | if ( GNUNET_YES | 1471 | if ( GNUNET_YES |
1432 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_authorized_identities, | 1472 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, |
1433 | &cache_key) ) | 1473 | &cache_key) ) |
1434 | { | 1474 | { |
1435 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_authorized_identities, | 1475 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, |
1436 | &cache_key); | 1476 | &cache_key); |
1437 | current_time = GNUNET_TIME_absolute_get (); | 1477 | current_time = GNUNET_TIME_absolute_get (); |
1438 | // 30 min after old login -> redirect to login | 1478 | // 30 min after old login -> redirect to login |
@@ -1552,7 +1592,8 @@ static void namestore_iteration_finished_GET (void *cls) | |||
1552 | 1592 | ||
1553 | handle->ego_entry = handle->ego_entry->next; | 1593 | handle->ego_entry = handle->ego_entry->next; |
1554 | 1594 | ||
1555 | if(NULL != handle->ego_entry){ | 1595 | if(NULL != handle->ego_entry) |
1596 | { | ||
1556 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1597 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1557 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, | 1598 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, |
1558 | &oidc_iteration_error, handle, &namestore_iteration_callback, handle, | 1599 | &oidc_iteration_error, handle, &namestore_iteration_callback, handle, |
@@ -1575,7 +1616,7 @@ static void namestore_iteration_finished_GET (void *cls) | |||
1575 | &cache_key)) | 1616 | &cache_key)) |
1576 | { | 1617 | { |
1577 | handle->emsg=GNUNET_strdup("invalid_request"); | 1618 | handle->emsg=GNUNET_strdup("invalid_request"); |
1578 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); | 1619 | handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); |
1579 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1620 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1580 | return; | 1621 | return; |
1581 | } | 1622 | } |
@@ -1602,7 +1643,7 @@ static void namestore_iteration_finished_GET (void *cls) | |||
1602 | &cache_key)) | 1643 | &cache_key)) |
1603 | { | 1644 | { |
1604 | handle->emsg=GNUNET_strdup("invalid_request"); | 1645 | handle->emsg=GNUNET_strdup("invalid_request"); |
1605 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); | 1646 | handle->edesc=GNUNET_strdup("missing parameter response_type"); |
1606 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1647 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1607 | return; | 1648 | return; |
1608 | } | 1649 | } |
@@ -1616,7 +1657,7 @@ static void namestore_iteration_finished_GET (void *cls) | |||
1616 | &cache_key)) | 1657 | &cache_key)) |
1617 | { | 1658 | { |
1618 | handle->emsg=GNUNET_strdup("invalid_request"); | 1659 | handle->emsg=GNUNET_strdup("invalid_request"); |
1619 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); | 1660 | handle->edesc=GNUNET_strdup("missing parameter scope"); |
1620 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1661 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1621 | return; | 1662 | return; |
1622 | } | 1663 | } |
@@ -1728,7 +1769,7 @@ authorize_GET_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1728 | &cache_key)) | 1769 | &cache_key)) |
1729 | { | 1770 | { |
1730 | handle->emsg=GNUNET_strdup("invalid_request"); | 1771 | handle->emsg=GNUNET_strdup("invalid_request"); |
1731 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | 1772 | handle->edesc=GNUNET_strdup("missing parameter client_id"); |
1732 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1773 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1733 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1774 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1734 | return; | 1775 | return; |
@@ -1811,7 +1852,7 @@ static void namestore_iteration_finished_POST (void *cls) | |||
1811 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1852 | if ( NULL == cache_object || !json_is_string(cache_object) ) |
1812 | { | 1853 | { |
1813 | handle->emsg=GNUNET_strdup("invalid_request"); | 1854 | handle->emsg=GNUNET_strdup("invalid_request"); |
1814 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); | 1855 | handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); |
1815 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1856 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1816 | return; | 1857 | return; |
1817 | } | 1858 | } |
@@ -1835,7 +1876,7 @@ static void namestore_iteration_finished_POST (void *cls) | |||
1835 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1876 | if ( NULL == cache_object || !json_is_string(cache_object) ) |
1836 | { | 1877 | { |
1837 | handle->emsg=GNUNET_strdup("invalid_request"); | 1878 | handle->emsg=GNUNET_strdup("invalid_request"); |
1838 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); | 1879 | handle->edesc=GNUNET_strdup("missing parameter response_type"); |
1839 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1880 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1840 | return; | 1881 | return; |
1841 | } | 1882 | } |
@@ -1847,7 +1888,7 @@ static void namestore_iteration_finished_POST (void *cls) | |||
1847 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1888 | if ( NULL == cache_object || !json_is_string(cache_object) ) |
1848 | { | 1889 | { |
1849 | handle->emsg=GNUNET_strdup("invalid_request"); | 1890 | handle->emsg=GNUNET_strdup("invalid_request"); |
1850 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); | 1891 | handle->edesc=GNUNET_strdup("missing parameter scope"); |
1851 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1892 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1852 | return; | 1893 | return; |
1853 | } | 1894 | } |
@@ -1954,7 +1995,7 @@ authorize_POST_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1954 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 1995 | if ( NULL == cache_object || !json_is_string(cache_object) ) |
1955 | { | 1996 | { |
1956 | handle->emsg = GNUNET_strdup("invalid_request"); | 1997 | handle->emsg = GNUNET_strdup("invalid_request"); |
1957 | handle->edesc = GNUNET_strdup("Missing parameter: client_id"); | 1998 | handle->edesc = GNUNET_strdup("missing parameter client_id"); |
1958 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1999 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1959 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2000 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1960 | return; | 2001 | return; |
@@ -2029,13 +2070,13 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
2029 | *current_time = GNUNET_TIME_relative_to_absolute ( | 2070 | *current_time = GNUNET_TIME_relative_to_absolute ( |
2030 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (), | 2071 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (), |
2031 | 30)); | 2072 | 30)); |
2032 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_authorized_identities, &cache_key); | 2073 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); |
2033 | if (NULL != last_time) | 2074 | if (NULL != last_time) |
2034 | { | 2075 | { |
2035 | GNUNET_free(last_time); | 2076 | GNUNET_free(last_time); |
2036 | } | 2077 | } |
2037 | GNUNET_CONTAINER_multihashmap_put ( | 2078 | GNUNET_CONTAINER_multihashmap_put ( |
2038 | OIDC_authorized_identities, &cache_key, current_time, | 2079 | OIDC_identity_login_time, &cache_key, current_time, |
2039 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 2080 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
2040 | 2081 | ||
2041 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2082 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
@@ -2050,6 +2091,111 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
2050 | return; | 2091 | return; |
2051 | } | 2092 | } |
2052 | 2093 | ||
2094 | static void | ||
2095 | token_cont(struct GNUNET_REST_RequestHandle *con_handle, | ||
2096 | const char* url, | ||
2097 | void *cls) | ||
2098 | { | ||
2099 | //TODO static strings | ||
2100 | struct RequestHandle *handle = cls; | ||
2101 | struct GNUNET_HashCode cache_key; | ||
2102 | char *authorization, *cache_authorization, *jwt; | ||
2103 | char delimiter[]=" "; | ||
2104 | json_t *cache_object; | ||
2105 | json_error_t error; | ||
2106 | char *grant_type, *code, *expected_jwt, *redirect_uri, *expected_redirect_uri; | ||
2107 | |||
2108 | handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error); | ||
2109 | //Check Authorization Header | ||
2110 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | ||
2111 | &cache_key); | ||
2112 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | ||
2113 | &cache_key) ) | ||
2114 | { | ||
2115 | //error | ||
2116 | } | ||
2117 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | ||
2118 | //split JWT in "Base" and [content] | ||
2119 | cache_authorization = GNUNET_strdup (authorization); | ||
2120 | jwt = strtok(cache_authorization,delimiter); | ||
2121 | if( NULL != jwt) | ||
2122 | { | ||
2123 | jwt = strtok(jwt, delimiter); | ||
2124 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", jwt); | ||
2125 | } | ||
2126 | |||
2127 | cache_object = json_object_get (handle->oidc->post_object, "grant_type"); | ||
2128 | if ( NULL == cache_object || !json_is_string(cache_object) ) | ||
2129 | { | ||
2130 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
2131 | handle->edesc=GNUNET_strdup("missing parameter grant_type"); | ||
2132 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2133 | return; | ||
2134 | } | ||
2135 | grant_type = json_string_value (cache_object); | ||
2136 | |||
2137 | //Check parameter grant_type == "authorization_code" | ||
2138 | if (0 != strcmp("authorization_code", grant_type)) | ||
2139 | { | ||
2140 | //error | ||
2141 | } | ||
2142 | |||
2143 | cache_object = json_object_get (handle->oidc->post_object, "code"); | ||
2144 | if ( NULL == cache_object || !json_is_string(cache_object) ) | ||
2145 | { | ||
2146 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
2147 | handle->edesc=GNUNET_strdup("missing parameter code"); | ||
2148 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2149 | return; | ||
2150 | } | ||
2151 | code = json_string_value (cache_object); | ||
2152 | |||
2153 | // lookup code in grants_hashmap and check if [content] is same | ||
2154 | GNUNET_CRYPTO_hash(code, strlen(code), &cache_key); | ||
2155 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_grants, &cache_key) ) | ||
2156 | { | ||
2157 | //error | ||
2158 | } | ||
2159 | expected_jwt = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_grants, &cache_key); | ||
2160 | |||
2161 | if (0 != strcmp(expected_jwt,jwt)) | ||
2162 | { | ||
2163 | //error | ||
2164 | } | ||
2165 | |||
2166 | cache_object = json_object_get (handle->oidc->post_object, "redirect_uri"); | ||
2167 | if ( NULL == cache_object || !json_is_string(cache_object) ) | ||
2168 | { | ||
2169 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
2170 | handle->edesc=GNUNET_strdup("missing parameter code"); | ||
2171 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2172 | return; | ||
2173 | } | ||
2174 | redirect_uri = json_string_value (cache_object); | ||
2175 | |||
2176 | // check redirect_uri | ||
2177 | // jwt breakdown to iss or sub | ||
2178 | |||
2179 | // GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", iss); | ||
2180 | // // verify the redirect uri matches https://<client_id>.zkey[/xyz] | ||
2181 | // if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | ||
2182 | // { | ||
2183 | // handle->emsg=GNUNET_strdup("invalid_request"); | ||
2184 | // handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | ||
2185 | // GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2186 | // GNUNET_free(expected_redirect_uri); | ||
2187 | // return; | ||
2188 | // } | ||
2189 | // handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); | ||
2190 | // GNUNET_free(expected_redirect_uri); | ||
2191 | |||
2192 | |||
2193 | //do we need the client_id? | ||
2194 | |||
2195 | GNUNET_free(cache_authorization); | ||
2196 | decref(handle->oidc->post_object); | ||
2197 | } | ||
2198 | |||
2053 | /** | 2199 | /** |
2054 | * Handle rest request | 2200 | * Handle rest request |
2055 | * | 2201 | * |
@@ -2064,8 +2210,9 @@ init_cont (struct RequestHandle *handle) | |||
2064 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, | 2210 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, |
2065 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, | 2211 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, |
2066 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont}, | 2212 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont}, |
2067 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, | ||
2068 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_POST_cont}, | 2213 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_POST_cont}, |
2214 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, | ||
2215 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_cont}, | ||
2069 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, | 2216 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, |
2070 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, | 2217 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, |
2071 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, | 2218 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, |
@@ -2151,8 +2298,10 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | |||
2151 | { | 2298 | { |
2152 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | 2299 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
2153 | handle->oidc = GNUNET_new (struct OIDC_Variables); | 2300 | handle->oidc = GNUNET_new (struct OIDC_Variables); |
2154 | if ( NULL == OIDC_authorized_identities ) | 2301 | if ( NULL == OIDC_identity_login_time ) |
2155 | OIDC_authorized_identities = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2302 | OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2303 | if ( NULL == OIDC_identity_grants ) | ||
2304 | OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | ||
2156 | handle->response_code = 0; | 2305 | handle->response_code = 0; |
2157 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 2306 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
2158 | handle->proc_cls = proc_cls; | 2307 | handle->proc_cls = proc_cls; |
@@ -2223,8 +2372,27 @@ libgnunet_plugin_rest_identity_provider_done (void *cls) | |||
2223 | { | 2372 | { |
2224 | struct GNUNET_REST_Plugin *api = cls; | 2373 | struct GNUNET_REST_Plugin *api = cls; |
2225 | struct Plugin *plugin = api->cls; | 2374 | struct Plugin *plugin = api->cls; |
2226 | |||
2227 | plugin->cfg = NULL; | 2375 | plugin->cfg = NULL; |
2376 | |||
2377 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | ||
2378 | void *value = NULL; | ||
2379 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( | ||
2380 | OIDC_identity_login_time); | ||
2381 | while (GNUNET_YES == | ||
2382 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | ||
2383 | { | ||
2384 | if (NULL != value) | ||
2385 | GNUNET_free(value); | ||
2386 | } | ||
2387 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time); | ||
2388 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); | ||
2389 | while (GNUNET_YES == | ||
2390 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | ||
2391 | { | ||
2392 | if (NULL != value) | ||
2393 | GNUNET_free(value); | ||
2394 | } | ||
2395 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants); | ||
2228 | GNUNET_free_non_null (allow_methods); | 2396 | GNUNET_free_non_null (allow_methods); |
2229 | GNUNET_free (api); | 2397 | GNUNET_free (api); |
2230 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2398 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |