-wip client_id check

author: Phil <phil.buschmann@tum.de> 2018-01-11 15:58:38 +0100
committer: Phil <phil.buschmann@tum.de> 2018-01-11 15:58:38 +0100
commit: 762463674907eaec186cce3ba7c178c4aced2a2e (patch)
tree: be7cb0df80d34942da8812687dae9e55a75b92ba /src
parent: 60c963315271ce4314b708bef519eb4fb64f0979 (diff)
download: gnunet-762463674907eaec186cce3ba7c178c4aced2a2e.tar.gz
gnunet-762463674907eaec186cce3ba7c178c4aced2a2e.zip
1 files changed, 77 insertions, 21 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index ac9d2bd08..4daba29be 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -258,11 +258,21 @@ struct RequestHandle
  struct GNUNET_REST_RequestHandle *rest_handle;
  /**
-   * Zone connection
+   * Handle to NAMESTORE
   */
  struct GNUNET_NAMESTORE_Handle *namestore_handle;
  /**
+   * Private key for the zone
+   */
+  struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey;
+  /**
+   * OIDC_client public key
+   */
+  struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey;
+  /**
   * IDENTITY Operation
   */
  struct GNUNET_IDENTITY_Operation *op;
@@ -339,8 +349,6 @@ struct RequestHandle
 };
 /**
 * Cleanup lookup handle
 * @param handle Handle to clean up
@@ -404,8 +412,8 @@ do_error (void *cls)
  char *json_error;
  GNUNET_asprintf (&json_error,
-                   "{error : %s}",
+                   "{error : %s, error_description : %s}",
-                   handle->emsg);
+                   handle->emsg, (NULL != handle->edesc) ? handle->edesc : "");
  resp = GNUNET_REST_create_response (json_error);
  handle->proc (handle->proc_cls, resp, handle->response_code);
  cleanup_handle (handle);
@@ -1157,21 +1165,47 @@ zone_to_name_error (void *cls)
 */
 static void
 zone_to_name_get_cb (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
-                 const char *name,
+                     const char *name, unsigned int rd_count,
-                 unsigned int rd_count,
+                     const struct GNUNET_GNSRECORD_Data *rd)
-                 const struct GNUNET_GNSRECORD_Data *rd)
 {
  struct RequestHandle *handle = cls;
+  struct EgoEntry *ego_entry = handle->ego_entry->next;
+  GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s", handle->ego_entry->keystring);
+  if ( NULL == name )
+  {
+    if(NULL != ego_entry){
+      handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (
+        handle->ego_head->ego);
-  if (0 == rd_count)
+      handle->ego_entry = ego_entry;
+      GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey,
+                                   &handle->client_pkey, &zone_to_name_error, handle,
+                                   &zone_to_name_get_cb, handle);
+      return;
+    }
+    else
+    {
+      handle->emsg = GNUNET_strdup("unauthorized_client");
+      //TODO change desc
+      handle->edesc = GNUNET_strdup("Not in namestore");
+      handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+//      GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
+//      handle->namestore_handle = NULL;
+      GNUNET_SCHEDULER_add_now (&do_error, handle);
+      return;
+    }
+  }
+  else
  {
-    handle->emsg = GNUNET_strdup("unauthorized_client");
-    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
+    handle->emsg = GNUNET_strdup("works");
-    handle->namestore_handle = NULL;
+    handle->edesc = GNUNET_strdup("");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+//    GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
+//    handle->namestore_handle = NULL;
+    GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test");
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
@@ -1229,6 +1263,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
  {
    handle->emsg=GNUNET_strdup("invalid_request");
    handle->edesc=GNUNET_strdup("Missing parameter: client_id");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
@@ -1237,20 +1272,40 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
  if ( GNUNET_OK
      != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id,
                                                     strlen (client_id),
-                                                     &pubkey) )
+                                                     &handle->client_pkey) )
  {
    handle->emsg=GNUNET_strdup("unauthorized_client");
+    handle->edesc = GNUNET_strdup(
+        "The client is not authorized to request an authorization"
+        " code using this method.");
    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
  }
  // Checks if client_id is valid:
-  handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg);
+  if ( NULL == handle->namestore_handle )
-  zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
+    handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
-  GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey,
-                                 zone_to_name_error, handle, zone_to_name_get_cb,
+  if ( NULL == handle->ego_head )
-                                 handle);
+  {
+    handle->emsg = GNUNET_strdup("Missing egos.");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  //TODO fix this
+//  for (ego_entry = handle->ego_head;
+//  NULL != ego_entry; ego_entry = ego_entry->next)
+//  {
+  handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (
+      handle->ego_head->ego);
+  handle->ego_entry = handle->ego_head;
+  GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey,
+                                 &handle->client_pkey, &zone_to_name_error, handle,
+                                 &zone_to_name_get_cb, handle);
  return;
+  //  zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->rest_handle);
  // REQUIRED value: redirect_uri
  GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
@@ -1279,6 +1334,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
  }
  handle->eredirect = GNUNET_strdup(redirect_uri);
+  GNUNET_free(expected_redirect_uri);
  // REQUIRED value: response_type
  GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
                      &cache_key);
@@ -1324,6 +1380,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
                                              &cache_key);
  }
+  //TODO check other values and use them accordingly
  number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
  for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
  {
@@ -1360,7 +1417,6 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
-  //TODO check other values and use them accordingly
  GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
                      &cache_key);
author	Phil <phil.buschmann@tum.de>	2018-01-11 15:58:38 +0100
committer	Phil <phil.buschmann@tum.de>	2018-01-11 15:58:38 +0100
commit	762463674907eaec186cce3ba7c178c4aced2a2e (patch)
tree	be7cb0df80d34942da8812687dae9e55a75b92ba /src
parent	60c963315271ce4314b708bef519eb4fb64f0979 (diff)
download	gnunet-762463674907eaec186cce3ba7c178c4aced2a2e.tar.gz gnunet-762463674907eaec186cce3ba7c178c4aced2a2e.zip

diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index ac9d2bd08..4daba29be 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -258,11 +258,21 @@ struct RequestHandle
258	struct GNUNET_REST_RequestHandle *rest_handle;	258	struct GNUNET_REST_RequestHandle *rest_handle;
259		259
260	/**	260	/**
261	* Zone connection	261	* Handle to NAMESTORE
262	*/	262	*/
263	struct GNUNET_NAMESTORE_Handle *namestore_handle;	263	struct GNUNET_NAMESTORE_Handle *namestore_handle;
264		264
265	/**	265	/**
		266	* Private key for the zone
		267	*/
		268	struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey;
		269
		270	/**
		271	* OIDC_client public key
		272	*/
		273	struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey;
		274
		275	/**
266	* IDENTITY Operation	276	* IDENTITY Operation
267	*/	277	*/
268	struct GNUNET_IDENTITY_Operation *op;	278	struct GNUNET_IDENTITY_Operation *op;
@@ -339,8 +349,6 @@ struct RequestHandle
339		349
340	};	350	};
341		351
342
343
344	/**	352	/**
345	* Cleanup lookup handle	353	* Cleanup lookup handle
346	* @param handle Handle to clean up	354	* @param handle Handle to clean up
@@ -404,8 +412,8 @@ do_error (void *cls)
404	char *json_error;	412	char *json_error;
405		413
406	GNUNET_asprintf (&json_error,	414	GNUNET_asprintf (&json_error,
407	"{error : %s}",	415	"{error : %s, error_description : %s}",
408	handle->emsg);	416	handle->emsg, (NULL != handle->edesc) ? handle->edesc : "");
409	resp = GNUNET_REST_create_response (json_error);	417	resp = GNUNET_REST_create_response (json_error);
410	handle->proc (handle->proc_cls, resp, handle->response_code);	418	handle->proc (handle->proc_cls, resp, handle->response_code);
411	cleanup_handle (handle);	419	cleanup_handle (handle);
@@ -1157,21 +1165,47 @@ zone_to_name_error (void *cls)
1157	*/	1165	*/
1158	static void	1166	static void
1159	zone_to_name_get_cb (void *cls,	1167	zone_to_name_get_cb (void *cls,
1160	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,	1168	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
1161	const char *name,	1169	const char *name, unsigned int rd_count,
1162	unsigned int rd_count,	1170	const struct GNUNET_GNSRECORD_Data *rd)
1163	const struct GNUNET_GNSRECORD_Data *rd)
1164	{	1171	{
1165	struct RequestHandle *handle = cls;	1172	struct RequestHandle *handle = cls;
		1173	struct EgoEntry *ego_entry = handle->ego_entry->next;
		1174	GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s", handle->ego_entry->keystring);
		1175	if ( NULL == name )
		1176	{
		1177	if(NULL != ego_entry){
		1178	handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (
		1179	handle->ego_head->ego);
1166		1180
1167		1181
1168	if (0 == rd_count)	1182	handle->ego_entry = ego_entry;
		1183	GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey,
		1184	&handle->client_pkey, &zone_to_name_error, handle,
		1185	&zone_to_name_get_cb, handle);
		1186	return;
		1187	}
		1188	else
		1189	{
		1190	handle->emsg = GNUNET_strdup("unauthorized_client");
		1191	//TODO change desc
		1192	handle->edesc = GNUNET_strdup("Not in namestore");
		1193	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
		1194	// GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
		1195	// handle->namestore_handle = NULL;
		1196	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1197	return;
		1198	}
		1199	}
		1200	else
1169	{	1201	{
1170	handle->emsg = GNUNET_strdup("unauthorized_client");
1171	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1172		1202
1173	GNUNET_NAMESTORE_disconnect (handle->namestore_handle);	1203	handle->emsg = GNUNET_strdup("works");
1174	handle->namestore_handle = NULL;	1204	handle->edesc = GNUNET_strdup("");
		1205	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
		1206	// GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
		1207	// handle->namestore_handle = NULL;
		1208	GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test");
1175	GNUNET_SCHEDULER_add_now (&do_error, handle);	1209	GNUNET_SCHEDULER_add_now (&do_error, handle);
1176	return;	1210	return;
1177	}	1211	}
@@ -1229,6 +1263,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
1229	{	1263	{
1230	handle->emsg=GNUNET_strdup("invalid_request");	1264	handle->emsg=GNUNET_strdup("invalid_request");
1231	handle->edesc=GNUNET_strdup("Missing parameter: client_id");	1265	handle->edesc=GNUNET_strdup("Missing parameter: client_id");
		1266	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1232	GNUNET_SCHEDULER_add_now (&do_error, handle);	1267	GNUNET_SCHEDULER_add_now (&do_error, handle);
1233	return;	1268	return;
1234	}	1269	}
@@ -1237,20 +1272,40 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
1237	if ( GNUNET_OK	1272	if ( GNUNET_OK
1238	!= GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id,	1273	!= GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id,
1239	strlen (client_id),	1274	strlen (client_id),
1240	&pubkey) )	1275	&handle->client_pkey) )
1241	{	1276	{
1242	handle->emsg=GNUNET_strdup("unauthorized_client");	1277	handle->emsg=GNUNET_strdup("unauthorized_client");
		1278	handle->edesc = GNUNET_strdup(
		1279	"The client is not authorized to request an authorization"
		1280	" code using this method.");
1243	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;	1281	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1244	GNUNET_SCHEDULER_add_now (&do_error, handle);	1282	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1283	return;
1245	}	1284	}
1246		1285
1247	// Checks if client_id is valid:	1286	// Checks if client_id is valid:
1248	handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg);	1287	if ( NULL == handle->namestore_handle )
1249	zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);	1288	handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
1250	GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey,	1289
1251	zone_to_name_error, handle, zone_to_name_get_cb,	1290	if ( NULL == handle->ego_head )
1252	handle);	1291	{
		1292	handle->emsg = GNUNET_strdup("Missing egos.");
		1293	handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
		1294	GNUNET_SCHEDULER_add_now (&do_error, handle);
		1295	return;
		1296	}
		1297	//TODO fix this
		1298	// for (ego_entry = handle->ego_head;
		1299	// NULL != ego_entry; ego_entry = ego_entry->next)
		1300	// {
		1301	handle->zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (
		1302	handle->ego_head->ego);
		1303	handle->ego_entry = handle->ego_head;
		1304	GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, &handle->zone_pkey,
		1305	&handle->client_pkey, &zone_to_name_error, handle,
		1306	&zone_to_name_get_cb, handle);
1253	return;	1307	return;
		1308	// zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->rest_handle);
1254		1309
1255	// REQUIRED value: redirect_uri	1310	// REQUIRED value: redirect_uri
1256	GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),	1311	GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
@@ -1279,6 +1334,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
1279	}	1334	}
1280	handle->eredirect = GNUNET_strdup(redirect_uri);	1335	handle->eredirect = GNUNET_strdup(redirect_uri);
1281		1336
		1337	GNUNET_free(expected_redirect_uri);
1282	// REQUIRED value: response_type	1338	// REQUIRED value: response_type
1283	GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),	1339	GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
1284	&cache_key);	1340	&cache_key);
@@ -1324,6 +1380,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
1324	&cache_key);	1380	&cache_key);
1325	}	1381	}
1326		1382
		1383	//TODO check other values and use them accordingly
1327	number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);	1384	number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
1328	for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )	1385	for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
1329	{	1386	{
@@ -1360,7 +1417,6 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
1360	return;	1417	return;
1361	}	1418	}
1362		1419
1363	//TODO check other values and use them accordingly
1364		1420
1365	GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),	1421	GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
1366	&cache_key);	1422	&cache_key);