diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-22 17:35:58 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-22 17:35:58 +0100 |
commit | 963b0f5a783004823a14f65c697cd83dbfb60463 (patch) | |
tree | 7891429c08880d6da1aa4fd54b04e33900e6515a /src | |
parent | a67bd3630046d3a52195a13cbd4b4631c283d68d (diff) | |
download | gnunet-963b0f5a783004823a14f65c697cd83dbfb60463.tar.gz gnunet-963b0f5a783004823a14f65c697cd83dbfb60463.zip |
-wip token request
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 121 | ||||
-rw-r--r-- | src/identity-provider/test_idp.conf | 3 |
2 files changed, 85 insertions, 39 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index ca42cc50c..230191a3f 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -1516,7 +1516,6 @@ login_check (void *cls) | |||
1516 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1516 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1517 | return; | 1517 | return; |
1518 | } | 1518 | } |
1519 | //GNUNET_free(relog_time); | ||
1520 | } | 1519 | } |
1521 | } | 1520 | } |
1522 | 1521 | ||
@@ -1672,7 +1671,7 @@ static void namestore_iteration_finished_GET (void *cls) | |||
1672 | { | 1671 | { |
1673 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1672 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1674 | &cache_key); | 1673 | &cache_key); |
1675 | //TODO: what do we do with the nonce? | 1674 | //TODO: what do we do with the nonce? => token |
1676 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); | 1675 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); |
1677 | } | 1676 | } |
1678 | 1677 | ||
@@ -1794,7 +1793,6 @@ authorize_GET_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1794 | 1793 | ||
1795 | if ( NULL == handle->ego_head ) | 1794 | if ( NULL == handle->ego_head ) |
1796 | { | 1795 | { |
1797 | //TODO throw error or ignore if egos are missing? | ||
1798 | handle->emsg = GNUNET_strdup("server_error"); | 1796 | handle->emsg = GNUNET_strdup("server_error"); |
1799 | handle->edesc = GNUNET_strdup ("Egos are missing"); | 1797 | handle->edesc = GNUNET_strdup ("Egos are missing"); |
1800 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1798 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
@@ -2099,11 +2097,15 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2099 | //TODO static strings | 2097 | //TODO static strings |
2100 | struct RequestHandle *handle = cls; | 2098 | struct RequestHandle *handle = cls; |
2101 | struct GNUNET_HashCode cache_key; | 2099 | struct GNUNET_HashCode cache_key; |
2102 | char *authorization, *cache_authorization, *jwt; | 2100 | char *authorization, *cache_authorization, *credentials; |
2103 | char delimiter[]=" "; | 2101 | char delimiter[]=" "; |
2102 | char delimiter_user_psw[]=":"; | ||
2104 | json_t *cache_object; | 2103 | json_t *cache_object; |
2105 | json_error_t error; | 2104 | json_error_t error; |
2106 | char *grant_type, *code, *expected_jwt, *redirect_uri, *expected_redirect_uri; | 2105 | char *grant_type, *code, *expected_jwt, *redirect_uri, *expected_redirect_uri; |
2106 | char *user_psw, *user, *psw; | ||
2107 | char *expected_psw; | ||
2108 | int client_exists = GNUNET_NO; | ||
2107 | 2109 | ||
2108 | handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error); | 2110 | handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error); |
2109 | //Check Authorization Header | 2111 | //Check Authorization Header |
@@ -2115,13 +2117,69 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2115 | //error | 2117 | //error |
2116 | } | 2118 | } |
2117 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 2119 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); |
2118 | //split JWT in "Base" and [content] | 2120 | //split JWT in "Basic" and [content] |
2119 | cache_authorization = GNUNET_strdup (authorization); | 2121 | cache_authorization = GNUNET_strdup (authorization); |
2120 | jwt = strtok(cache_authorization,delimiter); | 2122 | credentials = strtok(cache_authorization,delimiter); |
2121 | if( NULL != jwt) | 2123 | if( NULL != credentials) |
2124 | { | ||
2125 | credentials = strtok(credentials, delimiter); | ||
2126 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", credentials); | ||
2127 | } | ||
2128 | if (NULL == credentials) | ||
2129 | { | ||
2130 | //error | ||
2131 | } | ||
2132 | GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw); | ||
2133 | |||
2134 | if ( NULL == user_psw ) | ||
2135 | { | ||
2136 | //error | ||
2137 | } | ||
2138 | user = strtok (user_psw, delimiter_user_psw); | ||
2139 | if ( NULL == user ) | ||
2140 | { | ||
2141 | //error | ||
2142 | } | ||
2143 | |||
2144 | psw = strtok (user, delimiter_user_psw); | ||
2145 | if (NULL == psw) | ||
2122 | { | 2146 | { |
2123 | jwt = strtok(jwt, delimiter); | 2147 | //error |
2124 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", jwt); | 2148 | } |
2149 | |||
2150 | //check psw | ||
2151 | if ( GNUNET_OK | ||
2152 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | ||
2153 | "psw", &expected_psw) ) | ||
2154 | { | ||
2155 | if (0 != strcmp (expected_psw, psw)) | ||
2156 | { | ||
2157 | //error | ||
2158 | } | ||
2159 | GNUNET_free(expected_psw); | ||
2160 | } | ||
2161 | else | ||
2162 | { | ||
2163 | handle->emsg = GNUNET_strdup("server_error"); | ||
2164 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
2165 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
2166 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2167 | return; | ||
2168 | } | ||
2169 | |||
2170 | //check client_id | ||
2171 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) | ||
2172 | { | ||
2173 | if (handle->ego_entry->keystring == user) | ||
2174 | { | ||
2175 | client_exists = GNUNET_YES; | ||
2176 | break; | ||
2177 | } | ||
2178 | handle->ego_entry = handle->ego_entry->next; | ||
2179 | } | ||
2180 | if (GNUNET_NO == client_exists) | ||
2181 | { | ||
2182 | //error | ||
2125 | } | 2183 | } |
2126 | 2184 | ||
2127 | cache_object = json_object_get (handle->oidc->post_object, "grant_type"); | 2185 | cache_object = json_object_get (handle->oidc->post_object, "grant_type"); |
@@ -2151,17 +2209,6 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2151 | code = json_string_value (cache_object); | 2209 | code = json_string_value (cache_object); |
2152 | 2210 | ||
2153 | // lookup code in grants_hashmap and check if [content] is same | 2211 | // lookup code in grants_hashmap and check if [content] is same |
2154 | GNUNET_CRYPTO_hash(code, strlen(code), &cache_key); | ||
2155 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_grants, &cache_key) ) | ||
2156 | { | ||
2157 | //error | ||
2158 | } | ||
2159 | expected_jwt = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_grants, &cache_key); | ||
2160 | |||
2161 | if (0 != strcmp(expected_jwt,jwt)) | ||
2162 | { | ||
2163 | //error | ||
2164 | } | ||
2165 | 2212 | ||
2166 | cache_object = json_object_get (handle->oidc->post_object, "redirect_uri"); | 2213 | cache_object = json_object_get (handle->oidc->post_object, "redirect_uri"); |
2167 | if ( NULL == cache_object || !json_is_string(cache_object) ) | 2214 | if ( NULL == cache_object || !json_is_string(cache_object) ) |
@@ -2174,26 +2221,23 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
2174 | redirect_uri = json_string_value (cache_object); | 2221 | redirect_uri = json_string_value (cache_object); |
2175 | 2222 | ||
2176 | // check redirect_uri | 2223 | // check redirect_uri |
2177 | // jwt breakdown to iss or sub | 2224 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", user); |
2178 | 2225 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | |
2179 | // GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", iss); | 2226 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) |
2180 | // // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 2227 | { |
2181 | // if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | 2228 | handle->emsg=GNUNET_strdup("invalid_request"); |
2182 | // { | 2229 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
2183 | // handle->emsg=GNUNET_strdup("invalid_request"); | 2230 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2184 | // handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 2231 | GNUNET_free(expected_redirect_uri); |
2185 | // GNUNET_SCHEDULER_add_now (&do_error, handle); | 2232 | return; |
2186 | // GNUNET_free(expected_redirect_uri); | 2233 | } |
2187 | // return; | 2234 | handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); |
2188 | // } | 2235 | GNUNET_free(expected_redirect_uri); |
2189 | // handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); | ||
2190 | // GNUNET_free(expected_redirect_uri); | ||
2191 | |||
2192 | 2236 | ||
2193 | //do we need the client_id? | 2237 | //return something |
2194 | 2238 | ||
2195 | GNUNET_free(cache_authorization); | 2239 | GNUNET_free(cache_authorization); |
2196 | decref(handle->oidc->post_object); | 2240 | json_decref(handle->oidc->post_object); |
2197 | } | 2241 | } |
2198 | 2242 | ||
2199 | /** | 2243 | /** |
@@ -2210,7 +2254,7 @@ init_cont (struct RequestHandle *handle) | |||
2210 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, | 2254 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, |
2211 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, | 2255 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, |
2212 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont}, | 2256 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont}, |
2213 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_POST_cont}, | 2257 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont}, |
2214 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, | 2258 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, |
2215 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_cont}, | 2259 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_cont}, |
2216 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, | 2260 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, |
@@ -2393,6 +2437,7 @@ libgnunet_plugin_rest_identity_provider_done (void *cls) | |||
2393 | GNUNET_free(value); | 2437 | GNUNET_free(value); |
2394 | } | 2438 | } |
2395 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants); | 2439 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants); |
2440 | GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); | ||
2396 | GNUNET_free_non_null (allow_methods); | 2441 | GNUNET_free_non_null (allow_methods); |
2397 | GNUNET_free (api); | 2442 | GNUNET_free (api); |
2398 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2443 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf index 95111df3e..b4bb448df 100644 --- a/src/identity-provider/test_idp.conf +++ b/src/identity-provider/test_idp.conf | |||
@@ -28,4 +28,5 @@ ZONE_PUBLISH_TIME_WINDOW = 1 h | |||
28 | DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 | 28 | DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 |
29 | 29 | ||
30 | [identity-rest-plugin] | 30 | [identity-rest-plugin] |
31 | address = http://localhost:8000/#/identities \ No newline at end of file | 31 | address = http://localhost:8000/#/identities |
32 | psw = mysupersecretpassword \ No newline at end of file | ||