aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2018-11-28 10:46:00 +0100
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2018-11-28 10:46:00 +0100
commita309a5adf0b1b2c02a664c3684ec216fb57d02b5 (patch)
tree9525e3cc180328083198c561805e987a499cad5d /src
parentf38b77438b16d13a8820b671d0e0a75da0fc1ead (diff)
downloadgnunet-a309a5adf0b1b2c02a664c3684ec216fb57d02b5.tar.gz
gnunet-a309a5adf0b1b2c02a664c3684ec216fb57d02b5.zip
REST: Code cleanup pass
Diffstat (limited to 'src')
-rw-r--r--src/rest-plugins/plugin_rest_openid_connect.c643
1 files changed, 322 insertions, 321 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c
index 3cf4d4360..cd74abcdb 100644
--- a/src/rest-plugins/plugin_rest_openid_connect.c
+++ b/src/rest-plugins/plugin_rest_openid_connect.c
@@ -156,23 +156,36 @@
156#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" 156#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid"
157 157
158/** 158/**
159 * OIDC error keys
160 */
161#define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client"
162#define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope"
163#define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request"
164#define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token"
165#define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie"
166#define OIDC_ERROR_KEY_SERVER_ERROR "server_error"
167#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type"
168#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type"
169#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client"
170#define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied"
171/**
159 * OIDC ignored parameter array 172 * OIDC ignored parameter array
160 */ 173 */
161static char* OIDC_ignored_parameter_array [] = 174static char* OIDC_ignored_parameter_array [] =
162{ 175{
163 "display", 176 "display",
164 "prompt", 177 "prompt",
165 "ui_locales", 178 "ui_locales",
166 "response_mode", 179 "response_mode",
167 "id_token_hint", 180 "id_token_hint",
168 "login_hint", 181 "login_hint",
169 "acr_values" 182 "acr_values"
170}; 183};
171 184
172/** 185/**
173 * OIDC authorized identities and times hashmap 186 * OIDC Hash map that keeps track of issued cookies
174 */ 187 */
175struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time; 188struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map;
176 189
177/** 190/**
178 * OIDC authorized identities and times hashmap 191 * OIDC authorized identities and times hashmap
@@ -180,14 +193,14 @@ struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time;
180struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; 193struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants;
181 194
182/** 195/**
183 * OIDC ticket/code use only once 196 * OIDC Hash map that keeps track of used authorization code(s)
184 */ 197 */
185struct GNUNET_CONTAINER_MultiHashMap *OIDC_ticket_once; 198struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map;
186 199
187/** 200/**
188 * OIDC access_token to ticket and ego 201 * Hash map that links the issued access token to the corresponding ticket and ego
189 */ 202 */
190struct GNUNET_CONTAINER_MultiHashMap *OIDC_interpret_access_token; 203struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map;
191 204
192/** 205/**
193 * The configuration handle 206 * The configuration handle
@@ -473,18 +486,12 @@ cleanup_handle (struct RequestHandle *handle)
473 GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); 486 GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
474 if (NULL != handle->idp) 487 if (NULL != handle->idp)
475 GNUNET_RECLAIM_disconnect (handle->idp); 488 GNUNET_RECLAIM_disconnect (handle->idp);
476 if (NULL != handle->url) 489 GNUNET_free_non_null (handle->url);
477 GNUNET_free (handle->url); 490 GNUNET_free_non_null (handle->tld);
478 if (NULL != handle->tld) 491 GNUNET_free_non_null (handle->redirect_prefix);
479 GNUNET_free (handle->tld); 492 GNUNET_free_non_null (handle->redirect_suffix);
480 if (NULL != handle->redirect_prefix) 493 GNUNET_free_non_null (handle->emsg);
481 GNUNET_free (handle->redirect_prefix); 494 GNUNET_free_non_null (handle->edesc);
482 if (NULL != handle->redirect_suffix)
483 GNUNET_free (handle->redirect_suffix);
484 if (NULL != handle->emsg)
485 GNUNET_free (handle->emsg);
486 if (NULL != handle->edesc)
487 GNUNET_free (handle->edesc);
488 if (NULL != handle->gns_op) 495 if (NULL != handle->gns_op)
489 GNUNET_GNS_lookup_cancel (handle->gns_op); 496 GNUNET_GNS_lookup_cancel (handle->gns_op);
490 if (NULL != handle->gns_handle) 497 if (NULL != handle->gns_handle)
@@ -494,23 +501,15 @@ cleanup_handle (struct RequestHandle *handle)
494 GNUNET_NAMESTORE_disconnect (handle->namestore_handle); 501 GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
495 if (NULL != handle->oidc) 502 if (NULL != handle->oidc)
496 { 503 {
497 if (NULL != handle->oidc->client_id) 504 GNUNET_free_non_null (handle->oidc->client_id);
498 GNUNET_free(handle->oidc->client_id); 505 GNUNET_free_non_null (handle->oidc->login_identity);
499 if (NULL != handle->oidc->login_identity) 506 GNUNET_free_non_null (handle->oidc->nonce);
500 GNUNET_free(handle->oidc->login_identity); 507 GNUNET_free_non_null (handle->oidc->redirect_uri);
501 if (NULL != handle->oidc->nonce) 508 GNUNET_free_non_null (handle->oidc->response_type);
502 GNUNET_free(handle->oidc->nonce); 509 GNUNET_free_non_null (handle->oidc->scope);
503 if (NULL != handle->oidc->redirect_uri) 510 GNUNET_free_non_null (handle->oidc->state);
504 GNUNET_free(handle->oidc->redirect_uri); 511 json_decref (handle->oidc->response);
505 if (NULL != handle->oidc->response_type) 512 GNUNET_free (handle->oidc);
506 GNUNET_free(handle->oidc->response_type);
507 if (NULL != handle->oidc->scope)
508 GNUNET_free(handle->oidc->scope);
509 if (NULL != handle->oidc->state)
510 GNUNET_free(handle->oidc->state);
511 if (NULL != handle->oidc->response)
512 json_decref(handle->oidc->response);
513 GNUNET_free(handle->oidc);
514 } 513 }
515 if ( NULL != handle->attr_list ) 514 if ( NULL != handle->attr_list )
516 { 515 {
@@ -519,8 +518,8 @@ cleanup_handle (struct RequestHandle *handle)
519 { 518 {
520 claim_tmp = claim_entry; 519 claim_tmp = claim_entry;
521 claim_entry = claim_entry->next; 520 claim_entry = claim_entry->next;
522 GNUNET_free(claim_tmp->claim); 521 GNUNET_free (claim_tmp->claim);
523 GNUNET_free(claim_tmp); 522 GNUNET_free (claim_tmp);
524 } 523 }
525 GNUNET_free (handle->attr_list); 524 GNUNET_free (handle->attr_list);
526 } 525 }
@@ -533,10 +532,7 @@ cleanup_handle (struct RequestHandle *handle)
533 GNUNET_free (ego_tmp->keystring); 532 GNUNET_free (ego_tmp->keystring);
534 GNUNET_free (ego_tmp); 533 GNUNET_free (ego_tmp);
535 } 534 }
536 if (NULL != handle->attr_it) 535 GNUNET_free_non_null (handle->attr_it);
537 {
538 GNUNET_free(handle->attr_it);
539 }
540 GNUNET_free (handle); 536 GNUNET_free (handle);
541} 537}
542 538
@@ -566,15 +562,15 @@ do_error (void *cls)
566 (NULL != handle->oidc->state) ? handle->oidc->state : "", 562 (NULL != handle->oidc->state) ? handle->oidc->state : "",
567 (NULL != handle->oidc->state) ? "\"" : ""); 563 (NULL != handle->oidc->state) ? "\"" : "");
568 if ( 0 == handle->response_code ) 564 if ( 0 == handle->response_code )
569 {
570 handle->response_code = MHD_HTTP_BAD_REQUEST; 565 handle->response_code = MHD_HTTP_BAD_REQUEST;
571 }
572 resp = GNUNET_REST_create_response (json_error); 566 resp = GNUNET_REST_create_response (json_error);
573 if (MHD_HTTP_UNAUTHORIZED == handle->response_code) 567 if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
574 { 568 MHD_add_response_header (resp,
575 MHD_add_response_header(resp, "WWW-Authenticate", "Basic"); 569 MHD_HTTP_HEADER_WWW_AUTHENTICATE,
576 } 570 "Basic");
577 MHD_add_response_header (resp, "Content-Type", "application/json"); 571 MHD_add_response_header (resp,
572 MHD_HTTP_HEADER_CONTENT_TYPE,
573 "application/json");
578 handle->proc (handle->proc_cls, resp, handle->response_code); 574 handle->proc (handle->proc_cls, resp, handle->response_code);
579 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 575 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
580 GNUNET_free (json_error); 576 GNUNET_free (json_error);
@@ -598,7 +594,9 @@ do_userinfo_error (void *cls)
598 handle->emsg, 594 handle->emsg,
599 (NULL != handle->edesc) ? handle->edesc : ""); 595 (NULL != handle->edesc) ? handle->edesc : "");
600 resp = GNUNET_REST_create_response (""); 596 resp = GNUNET_REST_create_response ("");
601 MHD_add_response_header(resp, "WWW-Authenticate", error); 597 MHD_add_response_header (resp,
598 MHD_HTTP_HEADER_WWW_AUTHENTICATE,
599 "Bearer");
602 handle->proc (handle->proc_cls, resp, handle->response_code); 600 handle->proc (handle->proc_cls, resp, handle->response_code);
603 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 601 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
604 GNUNET_free (error); 602 GNUNET_free (error);
@@ -669,7 +667,7 @@ return_userinfo_response (void *cls)
669 * @return base64 encoded string 667 * @return base64 encoded string
670 */ 668 */
671static char* 669static char*
672base_64_encode(const char *s) 670base64_encode (const char *s)
673{ 671{
674 char *enc; 672 char *enc;
675 char *enc_urlencode; 673 char *enc_urlencode;
@@ -677,7 +675,7 @@ base_64_encode(const char *s)
677 int i; 675 int i;
678 int num_pads = 0; 676 int num_pads = 0;
679 677
680 GNUNET_STRINGS_base64_encode(s, strlen(s), &enc); 678 GNUNET_STRINGS_base64_encode (s, strlen (s), &enc);
681 tmp = strchr (enc, '='); 679 tmp = strchr (enc, '=');
682 num_pads = strlen (enc) - (tmp - enc); 680 num_pads = strlen (enc) - (tmp - enc);
683 GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); 681 GNUNET_assert ((3 > num_pads) && (0 <= num_pads));
@@ -731,6 +729,9 @@ cookie_identity_interpretation (struct RequestHandle *handle)
731 char *cookies; 729 char *cookies;
732 struct GNUNET_TIME_Absolute current_time, *relog_time; 730 struct GNUNET_TIME_Absolute current_time, *relog_time;
733 char delimiter[] = "; "; 731 char delimiter[] = "; ";
732 char *tmp_cookies;
733 char *token;
734 char *value;
734 735
735 //gets identity of login try with cookie 736 //gets identity of login try with cookie
736 GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), 737 GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
@@ -743,42 +744,52 @@ cookie_identity_interpretation (struct RequestHandle *handle)
743 return; 744 return;
744 } 745 }
745 //splits cookies and find 'Identity' cookie 746 //splits cookies and find 'Identity' cookie
746 cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); 747 tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
747 handle->oidc->login_identity = strtok (cookies, delimiter); 748 cookies = GNUNET_strdup (tmp_cookies);
749 token = strtok (cookies, delimiter);
748 handle->oidc->user_cancelled = GNUNET_NO; 750 handle->oidc->user_cancelled = GNUNET_NO;
749 751 handle->oidc->login_identity = NULL;
750 if (NULL == handle->oidc->login_identity) 752 if (NULL == token)
751 { 753 {
752 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 754 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
753 "Unable to parse cookie: %s\n", 755 "Unable to parse cookie: %s\n",
754 cookies); 756 cookies);
757 GNUNET_free (cookies);
755 return; 758 return;
756 } 759 }
757 760
758 while ( NULL != handle->oidc->login_identity ) 761 while (NULL != token)
759 { 762 {
760 if ( 0 == strcmp (handle->oidc->login_identity, 763 if (0 == strcmp (token,
761 OIDC_COOKIE_HEADER_ACCESS_DENIED)) 764 OIDC_COOKIE_HEADER_ACCESS_DENIED))
762 { 765 {
763 handle->oidc->user_cancelled = GNUNET_YES; 766 handle->oidc->user_cancelled = GNUNET_YES;
764 handle->oidc->login_identity = NULL; 767 GNUNET_free (cookies);
765 return; 768 return;
766 } 769 }
767 if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) 770 if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
768 break; 771 break;
769 handle->oidc->login_identity = strtok (NULL, delimiter); 772 token = strtok (NULL, delimiter);
773 }
774 if (NULL == token)
775 {
776 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
777 "No cookie value to process: %s\n",
778 cookies);
779 GNUNET_free (cookies);
780 return;
770 } 781 }
771 GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), 782 GNUNET_CRYPTO_hash (token, strlen (token),
772 &cache_key); 783 &cache_key);
773 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) 784 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key))
774 { 785 {
775 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 786 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
776 "Found cookie `%s', but no corresponding expiration entry present...\n", 787 "Found cookie `%s', but no corresponding expiration entry present...\n",
777 handle->oidc->login_identity); 788 token);
778 handle->oidc->login_identity = NULL; 789 GNUNET_free (cookies);
779 return; 790 return;
780 } 791 }
781 relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, 792 relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map,
782 &cache_key); 793 &cache_key);
783 current_time = GNUNET_TIME_absolute_get (); 794 current_time = GNUNET_TIME_absolute_get ();
784 // 30 min after old login -> redirect to login 795 // 30 min after old login -> redirect to login
@@ -786,12 +797,13 @@ cookie_identity_interpretation (struct RequestHandle *handle)
786 { 797 {
787 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 798 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
788 "Found cookie `%s', but it is expired.\n", 799 "Found cookie `%s', but it is expired.\n",
789 handle->oidc->login_identity); 800 token);
790 handle->oidc->login_identity = NULL; 801 GNUNET_free (cookies);
791 return; 802 return;
792 } 803 }
793 handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); 804 value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
794 handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); 805 GNUNET_assert (NULL != value);
806 handle->oidc->login_identity = GNUNET_strdup (value);
795} 807}
796 808
797/** 809/**
@@ -825,18 +837,18 @@ login_redirect (void *cls)
825 (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); 837 (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "");
826 resp = GNUNET_REST_create_response (""); 838 resp = GNUNET_REST_create_response ("");
827 MHD_add_response_header (resp, "Location", new_redirect); 839 MHD_add_response_header (resp, "Location", new_redirect);
828 GNUNET_free(login_base_url); 840 GNUNET_free (login_base_url);
829 } 841 }
830 else 842 else
831 { 843 {
832 handle->emsg = GNUNET_strdup("server_error"); 844 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
833 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 845 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
834 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 846 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
835 GNUNET_SCHEDULER_add_now (&do_error, handle); 847 GNUNET_SCHEDULER_add_now (&do_error, handle);
836 return; 848 return;
837 } 849 }
838 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 850 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
839 GNUNET_free(new_redirect); 851 GNUNET_free (new_redirect);
840 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 852 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
841} 853}
842 854
@@ -847,7 +859,7 @@ static void
847oidc_iteration_error (void *cls) 859oidc_iteration_error (void *cls)
848{ 860{
849 struct RequestHandle *handle = cls; 861 struct RequestHandle *handle = cls;
850 handle->emsg = GNUNET_strdup("INTERNAL_SERVER_ERROR"); 862 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
851 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 863 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
852 GNUNET_SCHEDULER_add_now (&do_error, handle); 864 GNUNET_SCHEDULER_add_now (&do_error, handle);
853} 865}
@@ -872,8 +884,8 @@ oidc_ticket_issue_cb (void* cls,
872 handle->ticket = *ticket; 884 handle->ticket = *ticket;
873 if (NULL == ticket) 885 if (NULL == ticket)
874 { 886 {
875 handle->emsg = GNUNET_strdup("server_error"); 887 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
876 handle->edesc = GNUNET_strdup("Server cannot generate ticket."); 888 handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
877 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 889 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
878 return; 890 return;
879 } 891 }
@@ -883,7 +895,7 @@ oidc_ticket_issue_cb (void* cls,
883 code_json_string = OIDC_build_authz_code (&handle->priv_key, 895 code_json_string = OIDC_build_authz_code (&handle->priv_key,
884 &handle->ticket, 896 &handle->ticket,
885 handle->oidc->nonce); 897 handle->oidc->nonce);
886 code_base64_final_string = base_64_encode(code_json_string); 898 code_base64_final_string = base64_encode (code_json_string);
887 GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", 899 GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
888 handle->redirect_prefix, 900 handle->redirect_prefix,
889 handle->tld, 901 handle->tld,
@@ -908,8 +920,8 @@ oidc_collect_finished_cb (void *cls)
908 handle->ticket_it = NULL; 920 handle->ticket_it = NULL;
909 if (NULL == handle->attr_list->list_head) 921 if (NULL == handle->attr_list->list_head)
910 { 922 {
911 handle->emsg = GNUNET_strdup("invalid_scope"); 923 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
912 handle->edesc = GNUNET_strdup("The requested scope is not available."); 924 handle->edesc = GNUNET_strdup ("The requested scope is not available.");
913 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 925 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
914 return; 926 return;
915 } 927 }
@@ -942,7 +954,7 @@ oidc_attr_collect (void *cls,
942 return; 954 return;
943 } 955 }
944 956
945 scope_variables = GNUNET_strdup(handle->oidc->scope); 957 scope_variables = GNUNET_strdup (handle->oidc->scope);
946 scope_variable = strtok (scope_variables, delimiter); 958 scope_variable = strtok (scope_variables, delimiter);
947 while (NULL != scope_variable) 959 while (NULL != scope_variable)
948 { 960 {
@@ -955,16 +967,16 @@ oidc_attr_collect (void *cls,
955 if ( NULL == scope_variable ) 967 if ( NULL == scope_variable )
956 { 968 {
957 GNUNET_RECLAIM_get_attributes_next (handle->attr_it); 969 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
958 GNUNET_free(scope_variables); 970 GNUNET_free (scope_variables);
959 return; 971 return;
960 } 972 }
961 GNUNET_free(scope_variables); 973 GNUNET_free (scope_variables);
962 974
963 le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); 975 le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
964 le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type, 976 le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type,
965 attr->data, attr->data_size); 977 attr->data, attr->data_size);
966 GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, 978 GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
967 handle->attr_list->list_tail, le); 979 handle->attr_list->list_tail, le);
968 GNUNET_RECLAIM_get_attributes_next (handle->attr_it); 980 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
969} 981}
970 982
@@ -983,13 +995,13 @@ code_redirect (void *cls)
983 995
984 GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); 996 GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity);
985 GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); 997 GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
986 GNUNET_free(identity_cookie); 998 GNUNET_free (identity_cookie);
987 //No login time for identity -> redirect to login 999 //No login time for identity -> redirect to login
988 if ( GNUNET_YES 1000 if ( GNUNET_YES
989 == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, 1001 == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map,
990 &cache_key) ) 1002 &cache_key) )
991 { 1003 {
992 relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, 1004 relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map,
993 &cache_key); 1005 &cache_key);
994 current_time = GNUNET_TIME_absolute_get (); 1006 current_time = GNUNET_TIME_absolute_get ();
995 // 30 min after old login -> redirect to login 1007 // 30 min after old login -> redirect to login
@@ -1000,9 +1012,8 @@ code_redirect (void *cls)
1000 handle->oidc->login_identity, 1012 handle->oidc->login_identity,
1001 strlen (handle->oidc->login_identity), &pubkey) ) 1013 strlen (handle->oidc->login_identity), &pubkey) )
1002 { 1014 {
1003 handle->emsg = GNUNET_strdup("invalid_cookie"); 1015 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE);
1004 handle->edesc = GNUNET_strdup( 1016 handle->edesc = GNUNET_strdup ("The cookie of a login identity is not valid");
1005 "The cookie of a login identity is not valid");
1006 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1017 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1007 return; 1018 return;
1008 } 1019 }
@@ -1011,13 +1022,13 @@ code_redirect (void *cls)
1011 NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) 1022 NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
1012 { 1023 {
1013 GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); 1024 GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
1014 if ( 0 1025 if ( 0 == memcmp (&ego_pkey,
1015 == memcmp (&ego_pkey, &pubkey, 1026 &pubkey,
1016 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) 1027 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) )
1017 { 1028 {
1018 handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); 1029 handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
1019 handle->idp = GNUNET_RECLAIM_connect (cfg); 1030 handle->idp = GNUNET_RECLAIM_connect (cfg);
1020 handle->attr_list = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); 1031 handle->attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
1021 handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, 1032 handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp,
1022 &handle->priv_key, 1033 &handle->priv_key,
1023 &oidc_iteration_error, 1034 &oidc_iteration_error,
@@ -1077,8 +1088,8 @@ lookup_redirect_uri_result (void *cls,
1077 handle->gns_op = NULL; 1088 handle->gns_op = NULL;
1078 if (0 == rd_count) 1089 if (0 == rd_count)
1079 { 1090 {
1080 handle->emsg = GNUNET_strdup("server_error"); 1091 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1081 handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); 1092 handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1082 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1093 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1083 return; 1094 return;
1084 } 1095 }
@@ -1108,8 +1119,8 @@ lookup_redirect_uri_result (void *cls,
1108 GNUNET_free (tmp); 1119 GNUNET_free (tmp);
1109 return; 1120 return;
1110 } 1121 }
1111 handle->emsg = GNUNET_strdup("server_error"); 1122 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1112 handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); 1123 handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1113 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1124 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1114} 1125}
1115 1126
@@ -1158,13 +1169,14 @@ build_authz_response (void *cls)
1158 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1169 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1159 &cache_key)) 1170 &cache_key))
1160 { 1171 {
1161 handle->emsg=GNUNET_strdup("invalid_request"); 1172 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1162 handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); 1173 handle->edesc=GNUNET_strdup ("missing parameter redirect_uri");
1163 GNUNET_SCHEDULER_add_now (&do_error, handle); 1174 GNUNET_SCHEDULER_add_now (&do_error, handle);
1164 return; 1175 return;
1165 } 1176 }
1166 handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, 1177 handle->oidc->redirect_uri =
1167 &cache_key)); 1178 GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1179 &cache_key));
1168 1180
1169 // REQUIRED value: response_type 1181 // REQUIRED value: response_type
1170 GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), 1182 GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
@@ -1172,13 +1184,13 @@ build_authz_response (void *cls)
1172 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1184 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1173 &cache_key)) 1185 &cache_key))
1174 { 1186 {
1175 handle->emsg=GNUNET_strdup("invalid_request"); 1187 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1176 handle->edesc=GNUNET_strdup("missing parameter response_type"); 1188 handle->edesc=GNUNET_strdup ("missing parameter response_type");
1177 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1189 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1178 return; 1190 return;
1179 } 1191 }
1180 handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, 1192 handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1181 &cache_key); 1193 &cache_key);
1182 handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); 1194 handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type);
1183 1195
1184 // REQUIRED value: scope 1196 // REQUIRED value: scope
@@ -1186,36 +1198,36 @@ build_authz_response (void *cls)
1186 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1198 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1187 &cache_key)) 1199 &cache_key))
1188 { 1200 {
1189 handle->emsg=GNUNET_strdup("invalid_request"); 1201 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
1190 handle->edesc=GNUNET_strdup("missing parameter scope"); 1202 handle->edesc=GNUNET_strdup ("missing parameter scope");
1191 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1203 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1192 return; 1204 return;
1193 } 1205 }
1194 handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, 1206 handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1195 &cache_key); 1207 &cache_key);
1196 handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); 1208 handle->oidc->scope = GNUNET_strdup (handle->oidc->scope);
1197 1209
1198 //OPTIONAL value: nonce 1210 //OPTIONAL value: nonce
1199 GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); 1211 GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key);
1200 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1212 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1201 &cache_key)) 1213 &cache_key))
1202 { 1214 {
1203 handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, 1215 handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1204 &cache_key); 1216 &cache_key);
1205 handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); 1217 handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
1206 } 1218 }
1207 1219
1208 //TODO check other values if needed 1220 //TODO check other values if needed
1209 number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); 1221 number_of_ignored_parameter = sizeof (OIDC_ignored_parameter_array) / sizeof (char *);
1210 for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) 1222 for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
1211 { 1223 {
1212 GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], 1224 GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
1213 strlen(OIDC_ignored_parameter_array[iterator]), 1225 strlen (OIDC_ignored_parameter_array[iterator]),
1214 &cache_key); 1226 &cache_key);
1215 if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, 1227 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1216 &cache_key)) 1228 &cache_key))
1217 { 1229 {
1218 handle->emsg=GNUNET_strdup("access_denied"); 1230 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED);
1219 GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", 1231 GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s",
1220 OIDC_ignored_parameter_array[iterator]); 1232 OIDC_ignored_parameter_array[iterator]);
1221 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1233 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
@@ -1224,39 +1236,36 @@ build_authz_response (void *cls)
1224 } 1236 }
1225 1237
1226 // Checks if response_type is 'code' 1238 // Checks if response_type is 'code'
1227 if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) ) 1239 if (0 != strcmp (handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE))
1228 { 1240 {
1229 handle->emsg=GNUNET_strdup("unsupported_response_type"); 1241 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE);
1230 handle->edesc=GNUNET_strdup("The authorization server does not support " 1242 handle->edesc=GNUNET_strdup ("The authorization server does not support "
1231 "obtaining this authorization code."); 1243 "obtaining this authorization code.");
1232 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1244 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1233 return; 1245 return;
1234 } 1246 }
1235 1247
1236 // Checks if scope contains 'openid' 1248 // Checks if scope contains 'openid'
1237 expected_scope = GNUNET_strdup(handle->oidc->scope); 1249 expected_scope = GNUNET_strdup (handle->oidc->scope);
1238 char* test; 1250 char* test;
1239 test = strtok (expected_scope, delimiter); 1251 test = strtok (expected_scope, delimiter);
1240 while (NULL != test) 1252 while (NULL != test)
1241 { 1253 {
1242 if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) 1254 if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) )
1243 {
1244 break; 1255 break;
1245 }
1246 test = strtok (NULL, delimiter); 1256 test = strtok (NULL, delimiter);
1247 } 1257 }
1248 if (NULL == test) 1258 if (NULL == test)
1249 { 1259 {
1250 handle->emsg = GNUNET_strdup("invalid_scope"); 1260 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
1251 handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " 1261 handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or "
1252 "malformed."); 1262 "malformed.");
1253 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1263 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1254 GNUNET_free(expected_scope); 1264 GNUNET_free (expected_scope);
1255 return; 1265 return;
1256 } 1266 }
1257 1267
1258 GNUNET_free(expected_scope); 1268 GNUNET_free (expected_scope);
1259
1260 if ( (NULL == handle->oidc->login_identity) && 1269 if ( (NULL == handle->oidc->login_identity) &&
1261 (GNUNET_NO == handle->oidc->user_cancelled)) 1270 (GNUNET_NO == handle->oidc->user_cancelled))
1262 GNUNET_SCHEDULER_add_now (&login_redirect, handle); 1271 GNUNET_SCHEDULER_add_now (&login_redirect, handle);
@@ -1286,8 +1295,8 @@ tld_iter (void *cls,
1286 value); 1295 value);
1287 return; 1296 return;
1288 } 1297 }
1289 if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, 1298 if (0 == memcmp (&pkey, &handle->oidc->client_pkey,
1290 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) 1299 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
1291 handle->tld = GNUNET_strdup (option+1); 1300 handle->tld = GNUNET_strdup (option+1);
1292} 1301}
1293 1302
@@ -1316,8 +1325,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1316 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1325 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1317 &cache_key)) 1326 &cache_key))
1318 { 1327 {
1319 handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, 1328 handle->oidc->state = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1320 &cache_key); 1329 &cache_key);
1321 handle->oidc->state = GNUNET_strdup (handle->oidc->state); 1330 handle->oidc->state = GNUNET_strdup (handle->oidc->state);
1322 } 1331 }
1323 1332
@@ -1327,23 +1336,23 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1327 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1336 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1328 &cache_key)) 1337 &cache_key))
1329 { 1338 {
1330 handle->emsg=GNUNET_strdup("invalid_request"); 1339 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1331 handle->edesc=GNUNET_strdup("missing parameter client_id"); 1340 handle->edesc = GNUNET_strdup ("missing parameter client_id");
1332 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1341 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1333 GNUNET_SCHEDULER_add_now (&do_error, handle); 1342 GNUNET_SCHEDULER_add_now (&do_error, handle);
1334 return; 1343 return;
1335 } 1344 }
1336 handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, 1345 handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1337 &cache_key)); 1346 &cache_key));
1338 1347
1339 if ( GNUNET_OK 1348 if ( GNUNET_OK
1340 != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, 1349 != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
1341 strlen (handle->oidc->client_id), 1350 strlen (handle->oidc->client_id),
1342 &handle->oidc->client_pkey) ) 1351 &handle->oidc->client_pkey) )
1343 { 1352 {
1344 handle->emsg = GNUNET_strdup("unauthorized_client"); 1353 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
1345 handle->edesc = GNUNET_strdup("The client is not authorized to request an " 1354 handle->edesc = GNUNET_strdup ("The client is not authorized to request an "
1346 "authorization code using this method."); 1355 "authorization code using this method.");
1347 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1356 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1348 GNUNET_SCHEDULER_add_now (&do_error, handle); 1357 GNUNET_SCHEDULER_add_now (&do_error, handle);
1349 return; 1358 return;
@@ -1352,7 +1361,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1352 1361
1353 if ( NULL == handle->ego_head ) 1362 if ( NULL == handle->ego_head )
1354 { 1363 {
1355 handle->emsg = GNUNET_strdup("server_error"); 1364 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1356 handle->edesc = GNUNET_strdup ("Egos are missing"); 1365 handle->edesc = GNUNET_strdup ("Egos are missing");
1357 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1366 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1358 GNUNET_SCHEDULER_add_now (&do_error, handle); 1367 GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -1368,8 +1377,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1368 priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); 1377 priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
1369 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, 1378 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key,
1370 &pkey); 1379 &pkey);
1371 if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, 1380 if (0 == memcmp (&pkey, &handle->oidc->client_pkey,
1372 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) 1381 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
1373 { 1382 {
1374 handle->tld = GNUNET_strdup (tmp_ego->identifier); 1383 handle->tld = GNUNET_strdup (tmp_ego->identifier);
1375 handle->ego_entry = handle->ego_tail; 1384 handle->ego_entry = handle->ego_tail;
@@ -1412,7 +1421,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1412 GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); 1421 GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size);
1413 root = json_loads (term_data, JSON_DECODE_ANY, &error); 1422 root = json_loads (term_data, JSON_DECODE_ANY, &error);
1414 identity = json_object_get (root, "identity"); 1423 identity = json_object_get (root, "identity");
1415 if ( !json_is_string(identity) ) 1424 if (!json_is_string (identity))
1416 { 1425 {
1417 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 1426 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1418 "Error parsing json string from %s\n", 1427 "Error parsing json string from %s\n",
@@ -1436,17 +1445,14 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1436 if (0 != strcmp (json_string_value (identity), 1445 if (0 != strcmp (json_string_value (identity),
1437 "Denied")) 1446 "Denied"))
1438 { 1447 {
1439 current_time = GNUNET_new(struct GNUNET_TIME_Absolute); 1448 current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
1440 *current_time = GNUNET_TIME_relative_to_absolute ( 1449 *current_time = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
1441 GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
1442 OIDC_COOKIE_EXPIRATION)); 1450 OIDC_COOKIE_EXPIRATION));
1443 last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); 1451 last_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
1444 if (NULL != last_time) 1452 GNUNET_free_non_null (last_time);
1445 { 1453 GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map,
1446 GNUNET_free(last_time); 1454 &cache_key,
1447 } 1455 current_time,
1448 GNUNET_CONTAINER_multihashmap_put (
1449 OIDC_identity_login_time, &cache_key, current_time,
1450 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); 1456 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1451 } 1457 }
1452 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 1458 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
@@ -1475,8 +1481,8 @@ check_authorization (struct RequestHandle *handle,
1475 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, 1481 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
1476 &cache_key) ) 1482 &cache_key) )
1477 { 1483 {
1478 handle->emsg=GNUNET_strdup("invalid_client"); 1484 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1479 handle->edesc=GNUNET_strdup("missing authorization"); 1485 handle->edesc=GNUNET_strdup ("missing authorization");
1480 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1486 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1481 return GNUNET_SYSERR; 1487 return GNUNET_SYSERR;
1482 } 1488 }
@@ -1487,14 +1493,14 @@ check_authorization (struct RequestHandle *handle,
1487 credentials = strtok (authorization, " "); 1493 credentials = strtok (authorization, " ");
1488 if (0 != strcmp ("Basic", credentials)) 1494 if (0 != strcmp ("Basic", credentials))
1489 { 1495 {
1490 handle->emsg=GNUNET_strdup("invalid_client"); 1496 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1491 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1497 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1492 return GNUNET_SYSERR; 1498 return GNUNET_SYSERR;
1493 } 1499 }
1494 credentials = strtok(NULL, " "); 1500 credentials = strtok (NULL, " ");
1495 if (NULL == credentials) 1501 if (NULL == credentials)
1496 { 1502 {
1497 handle->emsg=GNUNET_strdup("invalid_client"); 1503 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1498 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1504 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1499 return GNUNET_SYSERR; 1505 return GNUNET_SYSERR;
1500 } 1506 }
@@ -1504,46 +1510,48 @@ check_authorization (struct RequestHandle *handle,
1504 1510
1505 if ( NULL == basic_authorization ) 1511 if ( NULL == basic_authorization )
1506 { 1512 {
1507 handle->emsg=GNUNET_strdup("invalid_client"); 1513 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1508 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1514 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1509 return GNUNET_SYSERR; 1515 return GNUNET_SYSERR;
1510 } 1516 }
1511 client_id = strtok (basic_authorization, ":"); 1517 client_id = strtok (basic_authorization, ":");
1512 if ( NULL == client_id ) 1518 if ( NULL == client_id )
1513 { 1519 {
1514 GNUNET_free_non_null(basic_authorization); 1520 GNUNET_free_non_null (basic_authorization);
1515 handle->emsg=GNUNET_strdup("invalid_client"); 1521 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1516 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1522 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1517 return GNUNET_SYSERR; 1523 return GNUNET_SYSERR;
1518 } 1524 }
1519 pass = strtok (NULL, ":"); 1525 pass = strtok (NULL, ":");
1520 if (NULL == pass) 1526 if (NULL == pass)
1521 { 1527 {
1522 GNUNET_free_non_null(basic_authorization); 1528 GNUNET_free_non_null (basic_authorization);
1523 handle->emsg=GNUNET_strdup("invalid_client"); 1529 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1524 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1530 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1525 return GNUNET_SYSERR; 1531 return GNUNET_SYSERR;
1526 } 1532 }
1527 1533
1528 //check client password 1534 //check client password
1529 if ( GNUNET_OK 1535 if ( GNUNET_OK
1530 == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", 1536 == GNUNET_CONFIGURATION_get_value_string (cfg,
1531 "psw", &expected_pass) ) 1537 "reclaim-rest-plugin",
1538 "psw",
1539 &expected_pass) )
1532 { 1540 {
1533 if (0 != strcmp (expected_pass, pass)) 1541 if (0 != strcmp (expected_pass, pass))
1534 { 1542 {
1535 GNUNET_free_non_null(basic_authorization); 1543 GNUNET_free_non_null (basic_authorization);
1536 GNUNET_free(expected_pass); 1544 GNUNET_free (expected_pass);
1537 handle->emsg=GNUNET_strdup("invalid_client"); 1545 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1538 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1546 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1539 return GNUNET_SYSERR; 1547 return GNUNET_SYSERR;
1540 } 1548 }
1541 GNUNET_free(expected_pass); 1549 GNUNET_free (expected_pass);
1542 } 1550 }
1543 else 1551 else
1544 { 1552 {
1545 GNUNET_free_non_null(basic_authorization); 1553 GNUNET_free_non_null (basic_authorization);
1546 handle->emsg = GNUNET_strdup("server_error"); 1554 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1547 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 1555 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1548 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1556 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1549 return GNUNET_SYSERR; 1557 return GNUNET_SYSERR;
@@ -1552,7 +1560,7 @@ check_authorization (struct RequestHandle *handle,
1552 //check client_id 1560 //check client_id
1553 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; ) 1561 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; )
1554 { 1562 {
1555 if ( 0 == strcmp(handle->ego_entry->keystring, client_id)) 1563 if (0 == strcmp (handle->ego_entry->keystring, client_id))
1556 { 1564 {
1557 client_exists = GNUNET_YES; 1565 client_exists = GNUNET_YES;
1558 break; 1566 break;
@@ -1561,13 +1569,13 @@ check_authorization (struct RequestHandle *handle,
1561 } 1569 }
1562 if (GNUNET_NO == client_exists) 1570 if (GNUNET_NO == client_exists)
1563 { 1571 {
1564 GNUNET_free_non_null(basic_authorization); 1572 GNUNET_free_non_null (basic_authorization);
1565 handle->emsg=GNUNET_strdup("invalid_client"); 1573 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1566 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1574 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1567 return GNUNET_SYSERR; 1575 return GNUNET_SYSERR;
1568 } 1576 }
1569 GNUNET_STRINGS_string_to_data (client_id, 1577 GNUNET_STRINGS_string_to_data (client_id,
1570 strlen(client_id), 1578 strlen (client_id),
1571 cid, 1579 cid,
1572 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 1580 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1573 1581
@@ -1587,7 +1595,7 @@ ego_exists (struct RequestHandle *handle,
1587 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); 1595 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
1588 if (0 == memcmp (&pub_key, 1596 if (0 == memcmp (&pub_key,
1589 test_key, 1597 test_key,
1590 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) 1598 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
1591 { 1599 {
1592 break; 1600 break;
1593 } 1601 }
@@ -1608,19 +1616,21 @@ store_ticket_reference (const struct RequestHandle *handle,
1608 char *ticket_string; 1616 char *ticket_string;
1609 char *client_id; 1617 char *client_id;
1610 1618
1611 GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); 1619 GNUNET_CRYPTO_hash (access_token,
1620 strlen (access_token),
1621 &cache_key);
1612 client_id = GNUNET_STRINGS_data_to_string_alloc (cid, 1622 client_id = GNUNET_STRINGS_data_to_string_alloc (cid,
1613 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 1623 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1614 ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, 1624 ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket,
1615 sizeof (struct GNUNET_RECLAIM_Ticket)); 1625 sizeof (struct GNUNET_RECLAIM_Ticket));
1616 GNUNET_asprintf(&id_ticket_combination, 1626 GNUNET_asprintf (&id_ticket_combination,
1617 "%s;%s", 1627 "%s;%s",
1618 client_id, 1628 client_id,
1619 ticket_string); 1629 ticket_string);
1620 GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, 1630 GNUNET_CONTAINER_multihashmap_put (OIDC_access_token_map,
1621 &cache_key, 1631 &cache_key,
1622 id_ticket_combination, 1632 id_ticket_combination,
1623 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); 1633 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1624 1634
1625 GNUNET_free (client_id); 1635 GNUNET_free (client_id);
1626 GNUNET_free (ticket_string); 1636 GNUNET_free (ticket_string);
@@ -1640,7 +1650,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1640{ 1650{
1641 struct RequestHandle *handle = cls; 1651 struct RequestHandle *handle = cls;
1642 struct GNUNET_TIME_Relative expiration_time; 1652 struct GNUNET_TIME_Relative expiration_time;
1643 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; 1653 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl;
1644 struct GNUNET_RECLAIM_Ticket *ticket; 1654 struct GNUNET_RECLAIM_Ticket *ticket;
1645 struct GNUNET_CRYPTO_EcdsaPublicKey cid; 1655 struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1646 struct GNUNET_HashCode cache_key; 1656 struct GNUNET_HashCode cache_key;
@@ -1677,8 +1687,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1677 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1687 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1678 &cache_key)) 1688 &cache_key))
1679 { 1689 {
1680 handle->emsg = GNUNET_strdup("invalid_request"); 1690 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1681 handle->edesc = GNUNET_strdup("missing parameter grant_type"); 1691 handle->edesc = GNUNET_strdup ("missing parameter grant_type");
1682 handle->response_code = MHD_HTTP_BAD_REQUEST; 1692 handle->response_code = MHD_HTTP_BAD_REQUEST;
1683 GNUNET_SCHEDULER_add_now (&do_error, handle); 1693 GNUNET_SCHEDULER_add_now (&do_error, handle);
1684 return; 1694 return;
@@ -1692,8 +1702,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1692 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1702 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1693 &cache_key)) 1703 &cache_key))
1694 { 1704 {
1695 handle->emsg = GNUNET_strdup("invalid_request"); 1705 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1696 handle->edesc = GNUNET_strdup("missing parameter code"); 1706 handle->edesc = GNUNET_strdup ("missing parameter code");
1697 handle->response_code = MHD_HTTP_BAD_REQUEST; 1707 handle->response_code = MHD_HTTP_BAD_REQUEST;
1698 GNUNET_SCHEDULER_add_now (&do_error, handle); 1708 GNUNET_SCHEDULER_add_now (&do_error, handle);
1699 return; 1709 return;
@@ -1708,43 +1718,43 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1708 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, 1718 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
1709 &cache_key) ) 1719 &cache_key) )
1710 { 1720 {
1711 handle->emsg = GNUNET_strdup("invalid_request"); 1721 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1712 handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); 1722 handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1713 handle->response_code = MHD_HTTP_BAD_REQUEST; 1723 handle->response_code = MHD_HTTP_BAD_REQUEST;
1714 GNUNET_SCHEDULER_add_now (&do_error, handle); 1724 GNUNET_SCHEDULER_add_now (&do_error, handle);
1715 return; 1725 return;
1716 } 1726 }
1717 1727
1718 //Check parameter grant_type == "authorization_code" 1728 //Check parameter grant_type == "authorization_code"
1719 if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) 1729 if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
1720 { 1730 {
1721 handle->emsg=GNUNET_strdup("unsupported_grant_type"); 1731 handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
1722 handle->response_code = MHD_HTTP_BAD_REQUEST; 1732 handle->response_code = MHD_HTTP_BAD_REQUEST;
1723 GNUNET_SCHEDULER_add_now (&do_error, handle); 1733 GNUNET_SCHEDULER_add_now (&do_error, handle);
1724 return; 1734 return;
1725 } 1735 }
1726 GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); 1736 GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
1727 if (GNUNET_SYSERR == 1737 if (GNUNET_SYSERR ==
1728 GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, 1738 GNUNET_CONTAINER_multihashmap_put (OIDC_used_ticket_map,
1729 &cache_key, 1739 &cache_key,
1730 &i, 1740 &i,
1731 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) 1741 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
1732 { 1742 {
1733 handle->emsg = GNUNET_strdup("invalid_request"); 1743 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1734 handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); 1744 handle->edesc = GNUNET_strdup ("Cannot use the same code more than once");
1735 handle->response_code = MHD_HTTP_BAD_REQUEST; 1745 handle->response_code = MHD_HTTP_BAD_REQUEST;
1736 GNUNET_SCHEDULER_add_now (&do_error, handle); 1746 GNUNET_SCHEDULER_add_now (&do_error, handle);
1737 return; 1747 return;
1738 } 1748 }
1739 1749
1740 //decode code 1750 //decode code
1741 if(GNUNET_OK != OIDC_parse_authz_code (&cid, 1751 if (GNUNET_OK != OIDC_parse_authz_code (&cid,
1742 code, 1752 code,
1743 &ticket, 1753 &ticket,
1744 &nonce)) 1754 &nonce))
1745 { 1755 {
1746 handle->emsg = GNUNET_strdup("invalid_request"); 1756 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1747 handle->edesc = GNUNET_strdup("invalid code"); 1757 handle->edesc = GNUNET_strdup ("invalid code");
1748 handle->response_code = MHD_HTTP_BAD_REQUEST; 1758 handle->response_code = MHD_HTTP_BAD_REQUEST;
1749 GNUNET_SCHEDULER_add_now (&do_error, handle); 1759 GNUNET_SCHEDULER_add_now (&do_error, handle);
1750 return; 1760 return;
@@ -1752,16 +1762,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1752 1762
1753 //create jwt 1763 //create jwt
1754 if (GNUNET_OK != 1764 if (GNUNET_OK !=
1755 GNUNET_CONFIGURATION_get_value_time(cfg, 1765 GNUNET_CONFIGURATION_get_value_time (cfg,
1756 "reclaim-rest-plugin", 1766 "reclaim-rest-plugin",
1757 "expiration_time", 1767 "expiration_time",
1758 &expiration_time)) 1768 &expiration_time))
1759 { 1769 {
1760 handle->emsg = GNUNET_strdup("server_error"); 1770 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1761 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 1771 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1762 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1772 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1763 GNUNET_SCHEDULER_add_now (&do_error, handle); 1773 GNUNET_SCHEDULER_add_now (&do_error, handle);
1764 GNUNET_free(ticket); 1774 GNUNET_free (ticket);
1765 return; 1775 return;
1766 } 1776 }
1767 1777
@@ -1770,21 +1780,23 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1770 if (GNUNET_NO == ego_exists (handle, 1780 if (GNUNET_NO == ego_exists (handle,
1771 &ticket->audience)) 1781 &ticket->audience))
1772 { 1782 {
1773 handle->emsg = GNUNET_strdup("invalid_request"); 1783 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1774 handle->edesc = GNUNET_strdup("invalid code..."); 1784 handle->edesc = GNUNET_strdup ("invalid code...");
1775 handle->response_code = MHD_HTTP_BAD_REQUEST; 1785 handle->response_code = MHD_HTTP_BAD_REQUEST;
1776 GNUNET_SCHEDULER_add_now (&do_error, handle); 1786 GNUNET_SCHEDULER_add_now (&do_error, handle);
1777 GNUNET_free(ticket); 1787 GNUNET_free (ticket);
1778 } 1788 }
1779 if ( GNUNET_OK 1789 if ( GNUNET_OK
1780 != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", 1790 != GNUNET_CONFIGURATION_get_value_string (cfg,
1781 "jwt_secret", &jwt_secret) ) 1791 "reclaim-rest-plugin",
1792 "jwt_secret",
1793 &jwt_secret) )
1782 { 1794 {
1783 handle->emsg = GNUNET_strdup("invalid_request"); 1795 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1784 handle->edesc = GNUNET_strdup("No signing secret configured!"); 1796 handle->edesc = GNUNET_strdup ("No signing secret configured!");
1785 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1797 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1786 GNUNET_SCHEDULER_add_now (&do_error, handle); 1798 GNUNET_SCHEDULER_add_now (&do_error, handle);
1787 GNUNET_free(ticket); 1799 GNUNET_free (ticket);
1788 return; 1800 return;
1789 } 1801 }
1790 //TODO We should collect the attributes here. cl always empty 1802 //TODO We should collect the attributes here. cl always empty
@@ -1795,7 +1807,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1795 &expiration_time, 1807 &expiration_time,
1796 (NULL != nonce) ? nonce : NULL, 1808 (NULL != nonce) ? nonce : NULL,
1797 jwt_secret); 1809 jwt_secret);
1798 access_token = OIDC_access_token_new (); 1810 access_token = OIDC_access_token_new ();
1799 OIDC_build_token_response (access_token, 1811 OIDC_build_token_response (access_token,
1800 id_token, 1812 id_token,
1801 &expiration_time, 1813 &expiration_time,
@@ -1810,12 +1822,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1810 MHD_add_response_header (resp, "Pragma", "no-cache"); 1822 MHD_add_response_header (resp, "Pragma", "no-cache");
1811 MHD_add_response_header (resp, "Content-Type", "application/json"); 1823 MHD_add_response_header (resp, "Content-Type", "application/json");
1812 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 1824 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1813 GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); 1825 GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl);
1814 GNUNET_free(access_token); 1826 GNUNET_free (access_token);
1815 GNUNET_free(json_response); 1827 GNUNET_free (json_response);
1816 GNUNET_free(ticket); 1828 GNUNET_free (ticket);
1817 GNUNET_free(id_token); 1829 GNUNET_free (id_token);
1818 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 1830 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1819} 1831}
1820 1832
1821/** 1833/**
@@ -1835,14 +1847,10 @@ consume_ticket (void *cls,
1835 GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); 1847 GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
1836 return; 1848 return;
1837 } 1849 }
1838
1839 tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, 1850 tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
1840 attr->data, 1851 attr->data,
1841 attr->data_size); 1852 attr->data_size);
1842
1843 value = json_string (tmp_value); 1853 value = json_string (tmp_value);
1844
1845
1846 json_object_set_new (handle->oidc->response, 1854 json_object_set_new (handle->oidc->response,
1847 attr->name, 1855 attr->name,
1848 value); 1856 value);
@@ -1873,11 +1881,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1873 strlen (OIDC_AUTHORIZATION_HEADER_KEY), 1881 strlen (OIDC_AUTHORIZATION_HEADER_KEY),
1874 &cache_key); 1882 &cache_key);
1875 if ( GNUNET_NO 1883 if ( GNUNET_NO
1876 == GNUNET_CONTAINER_multihashmap_contains ( 1884 == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
1877 handle->rest_handle->header_param_map, &cache_key) ) 1885 &cache_key) )
1878 { 1886 {
1879 handle->emsg = GNUNET_strdup("invalid_token"); 1887 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1880 handle->edesc = GNUNET_strdup("No Access Token"); 1888 handle->edesc = GNUNET_strdup ("No Access Token");
1881 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1889 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1882 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1890 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1883 return; 1891 return;
@@ -1886,114 +1894,113 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1886 handle->rest_handle->header_param_map, &cache_key); 1894 handle->rest_handle->header_param_map, &cache_key);
1887 1895
1888 //split header in "Bearer" and access_token 1896 //split header in "Bearer" and access_token
1889 authorization = GNUNET_strdup(authorization); 1897 authorization = GNUNET_strdup (authorization);
1890 authorization_type = strtok (authorization, delimiter); 1898 authorization_type = strtok (authorization, delimiter);
1891 if ( 0 != strcmp ("Bearer", authorization_type) ) 1899 if ( 0 != strcmp ("Bearer", authorization_type) )
1892 { 1900 {
1893 handle->emsg = GNUNET_strdup("invalid_token"); 1901 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1894 handle->edesc = GNUNET_strdup("No Access Token"); 1902 handle->edesc = GNUNET_strdup ("No Access Token");
1895 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1903 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1896 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1904 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1897 GNUNET_free(authorization); 1905 GNUNET_free (authorization);
1898 return; 1906 return;
1899 } 1907 }
1900 authorization_access_token = strtok (NULL, delimiter); 1908 authorization_access_token = strtok (NULL, delimiter);
1901 if ( NULL == authorization_access_token ) 1909 if ( NULL == authorization_access_token )
1902 { 1910 {
1903 handle->emsg = GNUNET_strdup("invalid_token"); 1911 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1904 handle->edesc = GNUNET_strdup("No Access Token"); 1912 handle->edesc = GNUNET_strdup ("No Access Token");
1905 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1913 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1906 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1914 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1907 GNUNET_free(authorization); 1915 GNUNET_free (authorization);
1908 return; 1916 return;
1909 } 1917 }
1910 1918
1911 GNUNET_CRYPTO_hash (authorization_access_token, 1919 GNUNET_CRYPTO_hash (authorization_access_token,
1912 strlen (authorization_access_token), 1920 strlen (authorization_access_token),
1913 &cache_key); 1921 &cache_key);
1914 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token, 1922 if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map,
1915 &cache_key) ) 1923 &cache_key) )
1916 { 1924 {
1917 handle->emsg = GNUNET_strdup("invalid_token"); 1925 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1918 handle->edesc = GNUNET_strdup("The Access Token expired"); 1926 handle->edesc = GNUNET_strdup ("The Access Token expired");
1919 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1927 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1920 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1928 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1921 GNUNET_free(authorization); 1929 GNUNET_free (authorization);
1922 return; 1930 return;
1923 } 1931 }
1924 1932
1925 client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, 1933 client_ticket = GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map,
1926 &cache_key); 1934 &cache_key);
1927 client_ticket = GNUNET_strdup(client_ticket); 1935 client_ticket = GNUNET_strdup (client_ticket);
1928 client = strtok(client_ticket,delimiter_db); 1936 client = strtok (client_ticket,delimiter_db);
1929 if (NULL == client) 1937 if (NULL == client)
1930 { 1938 {
1931 handle->emsg = GNUNET_strdup("invalid_token"); 1939 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1932 handle->edesc = GNUNET_strdup("The Access Token expired"); 1940 handle->edesc = GNUNET_strdup ("The Access Token expired");
1933 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1941 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1934 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1942 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1935 GNUNET_free(authorization); 1943 GNUNET_free (authorization);
1936 GNUNET_free(client_ticket); 1944 GNUNET_free (client_ticket);
1937 return; 1945 return;
1938 } 1946 }
1939 handle->ego_entry = handle->ego_head; 1947 handle->ego_entry = handle->ego_head;
1940 for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) 1948 for (; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
1941 { 1949 {
1942 if (0 == strcmp(handle->ego_entry->keystring,client)) 1950 if (0 == strcmp (handle->ego_entry->keystring,client))
1943 {
1944 break; 1951 break;
1945 }
1946 } 1952 }
1947 if (NULL == handle->ego_entry) 1953 if (NULL == handle->ego_entry)
1948 { 1954 {
1949 handle->emsg = GNUNET_strdup("invalid_token"); 1955 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1950 handle->edesc = GNUNET_strdup("The Access Token expired"); 1956 handle->edesc = GNUNET_strdup ("The Access Token expired");
1951 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1957 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1952 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1958 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1953 GNUNET_free(authorization); 1959 GNUNET_free (authorization);
1954 GNUNET_free(client_ticket); 1960 GNUNET_free (client_ticket);
1955 return; 1961 return;
1956 } 1962 }
1957 ticket_str = strtok(NULL, delimiter_db); 1963 ticket_str = strtok (NULL, delimiter_db);
1958 if (NULL == ticket_str) 1964 if (NULL == ticket_str)
1959 { 1965 {
1960 handle->emsg = GNUNET_strdup("invalid_token"); 1966 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1961 handle->edesc = GNUNET_strdup("The Access Token expired"); 1967 handle->edesc = GNUNET_strdup ("The Access Token expired");
1962 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1968 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1963 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1969 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1964 GNUNET_free(authorization); 1970 GNUNET_free (authorization);
1965 GNUNET_free(client_ticket); 1971 GNUNET_free (client_ticket);
1966 return; 1972 return;
1967 } 1973 }
1968 ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket); 1974 ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
1969 if ( GNUNET_OK 1975 if ( GNUNET_OK
1970 != GNUNET_STRINGS_string_to_data (ticket_str, 1976 != GNUNET_STRINGS_string_to_data (ticket_str,
1971 strlen (ticket_str), 1977 strlen (ticket_str),
1972 ticket, 1978 ticket,
1973 sizeof(struct GNUNET_RECLAIM_Ticket))) 1979 sizeof (struct GNUNET_RECLAIM_Ticket)))
1974 { 1980 {
1975 handle->emsg = GNUNET_strdup("invalid_token"); 1981 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1976 handle->edesc = GNUNET_strdup("The Access Token expired"); 1982 handle->edesc = GNUNET_strdup ("The Access Token expired");
1977 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1983 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1978 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 1984 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1979 GNUNET_free(ticket); 1985 GNUNET_free (ticket);
1980 GNUNET_free(authorization); 1986 GNUNET_free (authorization);
1981 GNUNET_free(client_ticket); 1987 GNUNET_free (client_ticket);
1982 return; 1988 return;
1983 } 1989 }
1984 1990
1985 handle->idp = GNUNET_RECLAIM_connect (cfg); 1991 handle->idp = GNUNET_RECLAIM_connect (cfg);
1986 handle->oidc->response = json_object(); 1992 handle->oidc->response = json_object ();
1987 json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); 1993 json_object_set_new (handle->oidc->response,
1988 handle->idp_op = GNUNET_RECLAIM_ticket_consume ( 1994 "sub",
1989 handle->idp, 1995 json_string (handle->ego_entry->keystring));
1996 handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
1990 GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), 1997 GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
1991 ticket, 1998 ticket,
1992 consume_ticket, 1999 consume_ticket,
1993 handle); 2000 handle);
1994 GNUNET_free(ticket); 2001 GNUNET_free (ticket);
1995 GNUNET_free(authorization); 2002 GNUNET_free (authorization);
1996 GNUNET_free(client_ticket); 2003 GNUNET_free (client_ticket);
1997 2004
1998} 2005}
1999 2006
@@ -2085,7 +2092,9 @@ list_ego (void *cls,
2085 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); 2092 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2086 ego_entry->ego = ego; 2093 ego_entry->ego = ego;
2087 ego_entry->identifier = GNUNET_strdup (identifier); 2094 ego_entry->identifier = GNUNET_strdup (identifier);
2088 GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); 2095 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head,
2096 handle->ego_tail,
2097 ego_entry);
2089 return; 2098 return;
2090 } 2099 }
2091 /* Ego renamed or added */ 2100 /* Ego renamed or added */
@@ -2106,7 +2115,9 @@ list_ego (void *cls,
2106 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); 2115 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2107 ego_entry->ego = ego; 2116 ego_entry->ego = ego;
2108 ego_entry->identifier = GNUNET_strdup (identifier); 2117 ego_entry->identifier = GNUNET_strdup (identifier);
2109 GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); 2118 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head,
2119 handle->ego_tail,
2120 ego_entry);
2110 } 2121 }
2111 } else { 2122 } else {
2112 /* Delete */ 2123 /* Delete */
@@ -2115,26 +2126,26 @@ list_ego (void *cls,
2115 break; 2126 break;
2116 } 2127 }
2117 if (NULL != ego_entry) 2128 if (NULL != ego_entry)
2118 GNUNET_CONTAINER_DLL_remove(handle->ego_head,handle->ego_tail, ego_entry); 2129 GNUNET_CONTAINER_DLL_remove (handle->ego_head,handle->ego_tail, ego_entry);
2119 } 2130 }
2120 2131
2121} 2132}
2122 2133
2123static void 2134static void
2124rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, 2135rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2125 GNUNET_REST_ResultProcessor proc, 2136 GNUNET_REST_ResultProcessor proc,
2126 void *proc_cls) 2137 void *proc_cls)
2127{ 2138{
2128 struct RequestHandle *handle = GNUNET_new (struct RequestHandle); 2139 struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
2129 handle->oidc = GNUNET_new (struct OIDC_Variables); 2140 handle->oidc = GNUNET_new (struct OIDC_Variables);
2130 if ( NULL == OIDC_identity_login_time ) 2141 if (NULL == OIDC_cookie_jar_map)
2131 OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2142 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2132 if ( NULL == OIDC_identity_grants ) 2143 if (NULL == OIDC_identity_grants)
2133 OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2144 OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2134 if ( NULL == OIDC_ticket_once ) 2145 if (NULL == OIDC_used_ticket_map)
2135 OIDC_ticket_once = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2146 OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2136 if ( NULL == OIDC_interpret_access_token ) 2147 if (NULL == OIDC_access_token_map)
2137 OIDC_interpret_access_token = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); 2148 OIDC_access_token_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2138 handle->response_code = 0; 2149 handle->response_code = 0;
2139 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; 2150 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
2140 handle->proc_cls = proc_cls; 2151 handle->proc_cls = proc_cls;
@@ -2210,40 +2221,30 @@ libgnunet_plugin_rest_openid_connect_done (void *cls)
2210 2221
2211 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; 2222 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
2212 void *value = NULL; 2223 void *value = NULL;
2213 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( 2224 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map);
2214 OIDC_identity_login_time);
2215 while (GNUNET_YES == 2225 while (GNUNET_YES ==
2216 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2226 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2217 { 2227 GNUNET_free_non_null (value);
2218 if (NULL != value) 2228 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2219 GNUNET_free(value); 2229
2220 }
2221 GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time);
2222 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); 2230 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants);
2223 while (GNUNET_YES == 2231 while (GNUNET_YES ==
2224 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2232 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2225 { 2233 GNUNET_free_non_null (value);
2226 if (NULL != value) 2234 GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants);
2227 GNUNET_free(value); 2235
2228 } 2236 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map);
2229 GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants);
2230 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_ticket_once);
2231 while (GNUNET_YES == 2237 while (GNUNET_YES ==
2232 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2238 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2233 { 2239 GNUNET_free_non_null (value);
2234 if (NULL != value) 2240 GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map);
2235 GNUNET_free(value); 2241
2236 } 2242 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map);
2237 GNUNET_CONTAINER_multihashmap_destroy(OIDC_ticket_once);
2238 hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_interpret_access_token);
2239 while (GNUNET_YES == 2243 while (GNUNET_YES ==
2240 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) 2244 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2241 { 2245 GNUNET_free_non_null (value);
2242 if (NULL != value) 2246 GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map);
2243 GNUNET_free(value); 2247 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2244 }
2245 GNUNET_CONTAINER_multihashmap_destroy(OIDC_interpret_access_token);
2246 GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it);
2247 GNUNET_free_non_null (allow_methods); 2248 GNUNET_free_non_null (allow_methods);
2248 GNUNET_free (api); 2249 GNUNET_free (api);
2249 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2250 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-28 13:35:39 +0000