diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2018-11-28 10:46:00 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2018-11-28 10:46:00 +0100 |
commit | a309a5adf0b1b2c02a664c3684ec216fb57d02b5 (patch) | |
tree | 9525e3cc180328083198c561805e987a499cad5d /src | |
parent | f38b77438b16d13a8820b671d0e0a75da0fc1ead (diff) | |
download | gnunet-a309a5adf0b1b2c02a664c3684ec216fb57d02b5.tar.gz gnunet-a309a5adf0b1b2c02a664c3684ec216fb57d02b5.zip |
REST: Code cleanup pass
Diffstat (limited to 'src')
-rw-r--r-- | src/rest-plugins/plugin_rest_openid_connect.c | 643 |
1 files changed, 322 insertions, 321 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c index 3cf4d4360..cd74abcdb 100644 --- a/src/rest-plugins/plugin_rest_openid_connect.c +++ b/src/rest-plugins/plugin_rest_openid_connect.c | |||
@@ -156,23 +156,36 @@ | |||
156 | #define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" | 156 | #define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" |
157 | 157 | ||
158 | /** | 158 | /** |
159 | * OIDC error keys | ||
160 | */ | ||
161 | #define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" | ||
162 | #define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" | ||
163 | #define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" | ||
164 | #define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" | ||
165 | #define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" | ||
166 | #define OIDC_ERROR_KEY_SERVER_ERROR "server_error" | ||
167 | #define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" | ||
168 | #define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" | ||
169 | #define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" | ||
170 | #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" | ||
171 | /** | ||
159 | * OIDC ignored parameter array | 172 | * OIDC ignored parameter array |
160 | */ | 173 | */ |
161 | static char* OIDC_ignored_parameter_array [] = | 174 | static char* OIDC_ignored_parameter_array [] = |
162 | { | 175 | { |
163 | "display", | 176 | "display", |
164 | "prompt", | 177 | "prompt", |
165 | "ui_locales", | 178 | "ui_locales", |
166 | "response_mode", | 179 | "response_mode", |
167 | "id_token_hint", | 180 | "id_token_hint", |
168 | "login_hint", | 181 | "login_hint", |
169 | "acr_values" | 182 | "acr_values" |
170 | }; | 183 | }; |
171 | 184 | ||
172 | /** | 185 | /** |
173 | * OIDC authorized identities and times hashmap | 186 | * OIDC Hash map that keeps track of issued cookies |
174 | */ | 187 | */ |
175 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time; | 188 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map; |
176 | 189 | ||
177 | /** | 190 | /** |
178 | * OIDC authorized identities and times hashmap | 191 | * OIDC authorized identities and times hashmap |
@@ -180,14 +193,14 @@ struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time; | |||
180 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; | 193 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; |
181 | 194 | ||
182 | /** | 195 | /** |
183 | * OIDC ticket/code use only once | 196 | * OIDC Hash map that keeps track of used authorization code(s) |
184 | */ | 197 | */ |
185 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_ticket_once; | 198 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map; |
186 | 199 | ||
187 | /** | 200 | /** |
188 | * OIDC access_token to ticket and ego | 201 | * Hash map that links the issued access token to the corresponding ticket and ego |
189 | */ | 202 | */ |
190 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_interpret_access_token; | 203 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map; |
191 | 204 | ||
192 | /** | 205 | /** |
193 | * The configuration handle | 206 | * The configuration handle |
@@ -473,18 +486,12 @@ cleanup_handle (struct RequestHandle *handle) | |||
473 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); | 486 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); |
474 | if (NULL != handle->idp) | 487 | if (NULL != handle->idp) |
475 | GNUNET_RECLAIM_disconnect (handle->idp); | 488 | GNUNET_RECLAIM_disconnect (handle->idp); |
476 | if (NULL != handle->url) | 489 | GNUNET_free_non_null (handle->url); |
477 | GNUNET_free (handle->url); | 490 | GNUNET_free_non_null (handle->tld); |
478 | if (NULL != handle->tld) | 491 | GNUNET_free_non_null (handle->redirect_prefix); |
479 | GNUNET_free (handle->tld); | 492 | GNUNET_free_non_null (handle->redirect_suffix); |
480 | if (NULL != handle->redirect_prefix) | 493 | GNUNET_free_non_null (handle->emsg); |
481 | GNUNET_free (handle->redirect_prefix); | 494 | GNUNET_free_non_null (handle->edesc); |
482 | if (NULL != handle->redirect_suffix) | ||
483 | GNUNET_free (handle->redirect_suffix); | ||
484 | if (NULL != handle->emsg) | ||
485 | GNUNET_free (handle->emsg); | ||
486 | if (NULL != handle->edesc) | ||
487 | GNUNET_free (handle->edesc); | ||
488 | if (NULL != handle->gns_op) | 495 | if (NULL != handle->gns_op) |
489 | GNUNET_GNS_lookup_cancel (handle->gns_op); | 496 | GNUNET_GNS_lookup_cancel (handle->gns_op); |
490 | if (NULL != handle->gns_handle) | 497 | if (NULL != handle->gns_handle) |
@@ -494,23 +501,15 @@ cleanup_handle (struct RequestHandle *handle) | |||
494 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | 501 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
495 | if (NULL != handle->oidc) | 502 | if (NULL != handle->oidc) |
496 | { | 503 | { |
497 | if (NULL != handle->oidc->client_id) | 504 | GNUNET_free_non_null (handle->oidc->client_id); |
498 | GNUNET_free(handle->oidc->client_id); | 505 | GNUNET_free_non_null (handle->oidc->login_identity); |
499 | if (NULL != handle->oidc->login_identity) | 506 | GNUNET_free_non_null (handle->oidc->nonce); |
500 | GNUNET_free(handle->oidc->login_identity); | 507 | GNUNET_free_non_null (handle->oidc->redirect_uri); |
501 | if (NULL != handle->oidc->nonce) | 508 | GNUNET_free_non_null (handle->oidc->response_type); |
502 | GNUNET_free(handle->oidc->nonce); | 509 | GNUNET_free_non_null (handle->oidc->scope); |
503 | if (NULL != handle->oidc->redirect_uri) | 510 | GNUNET_free_non_null (handle->oidc->state); |
504 | GNUNET_free(handle->oidc->redirect_uri); | 511 | json_decref (handle->oidc->response); |
505 | if (NULL != handle->oidc->response_type) | 512 | GNUNET_free (handle->oidc); |
506 | GNUNET_free(handle->oidc->response_type); | ||
507 | if (NULL != handle->oidc->scope) | ||
508 | GNUNET_free(handle->oidc->scope); | ||
509 | if (NULL != handle->oidc->state) | ||
510 | GNUNET_free(handle->oidc->state); | ||
511 | if (NULL != handle->oidc->response) | ||
512 | json_decref(handle->oidc->response); | ||
513 | GNUNET_free(handle->oidc); | ||
514 | } | 513 | } |
515 | if ( NULL != handle->attr_list ) | 514 | if ( NULL != handle->attr_list ) |
516 | { | 515 | { |
@@ -519,8 +518,8 @@ cleanup_handle (struct RequestHandle *handle) | |||
519 | { | 518 | { |
520 | claim_tmp = claim_entry; | 519 | claim_tmp = claim_entry; |
521 | claim_entry = claim_entry->next; | 520 | claim_entry = claim_entry->next; |
522 | GNUNET_free(claim_tmp->claim); | 521 | GNUNET_free (claim_tmp->claim); |
523 | GNUNET_free(claim_tmp); | 522 | GNUNET_free (claim_tmp); |
524 | } | 523 | } |
525 | GNUNET_free (handle->attr_list); | 524 | GNUNET_free (handle->attr_list); |
526 | } | 525 | } |
@@ -533,10 +532,7 @@ cleanup_handle (struct RequestHandle *handle) | |||
533 | GNUNET_free (ego_tmp->keystring); | 532 | GNUNET_free (ego_tmp->keystring); |
534 | GNUNET_free (ego_tmp); | 533 | GNUNET_free (ego_tmp); |
535 | } | 534 | } |
536 | if (NULL != handle->attr_it) | 535 | GNUNET_free_non_null (handle->attr_it); |
537 | { | ||
538 | GNUNET_free(handle->attr_it); | ||
539 | } | ||
540 | GNUNET_free (handle); | 536 | GNUNET_free (handle); |
541 | } | 537 | } |
542 | 538 | ||
@@ -566,15 +562,15 @@ do_error (void *cls) | |||
566 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 562 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
567 | (NULL != handle->oidc->state) ? "\"" : ""); | 563 | (NULL != handle->oidc->state) ? "\"" : ""); |
568 | if ( 0 == handle->response_code ) | 564 | if ( 0 == handle->response_code ) |
569 | { | ||
570 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 565 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
571 | } | ||
572 | resp = GNUNET_REST_create_response (json_error); | 566 | resp = GNUNET_REST_create_response (json_error); |
573 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) | 567 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) |
574 | { | 568 | MHD_add_response_header (resp, |
575 | MHD_add_response_header(resp, "WWW-Authenticate", "Basic"); | 569 | MHD_HTTP_HEADER_WWW_AUTHENTICATE, |
576 | } | 570 | "Basic"); |
577 | MHD_add_response_header (resp, "Content-Type", "application/json"); | 571 | MHD_add_response_header (resp, |
572 | MHD_HTTP_HEADER_CONTENT_TYPE, | ||
573 | "application/json"); | ||
578 | handle->proc (handle->proc_cls, resp, handle->response_code); | 574 | handle->proc (handle->proc_cls, resp, handle->response_code); |
579 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 575 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
580 | GNUNET_free (json_error); | 576 | GNUNET_free (json_error); |
@@ -598,7 +594,9 @@ do_userinfo_error (void *cls) | |||
598 | handle->emsg, | 594 | handle->emsg, |
599 | (NULL != handle->edesc) ? handle->edesc : ""); | 595 | (NULL != handle->edesc) ? handle->edesc : ""); |
600 | resp = GNUNET_REST_create_response (""); | 596 | resp = GNUNET_REST_create_response (""); |
601 | MHD_add_response_header(resp, "WWW-Authenticate", error); | 597 | MHD_add_response_header (resp, |
598 | MHD_HTTP_HEADER_WWW_AUTHENTICATE, | ||
599 | "Bearer"); | ||
602 | handle->proc (handle->proc_cls, resp, handle->response_code); | 600 | handle->proc (handle->proc_cls, resp, handle->response_code); |
603 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 601 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
604 | GNUNET_free (error); | 602 | GNUNET_free (error); |
@@ -669,7 +667,7 @@ return_userinfo_response (void *cls) | |||
669 | * @return base64 encoded string | 667 | * @return base64 encoded string |
670 | */ | 668 | */ |
671 | static char* | 669 | static char* |
672 | base_64_encode(const char *s) | 670 | base64_encode (const char *s) |
673 | { | 671 | { |
674 | char *enc; | 672 | char *enc; |
675 | char *enc_urlencode; | 673 | char *enc_urlencode; |
@@ -677,7 +675,7 @@ base_64_encode(const char *s) | |||
677 | int i; | 675 | int i; |
678 | int num_pads = 0; | 676 | int num_pads = 0; |
679 | 677 | ||
680 | GNUNET_STRINGS_base64_encode(s, strlen(s), &enc); | 678 | GNUNET_STRINGS_base64_encode (s, strlen (s), &enc); |
681 | tmp = strchr (enc, '='); | 679 | tmp = strchr (enc, '='); |
682 | num_pads = strlen (enc) - (tmp - enc); | 680 | num_pads = strlen (enc) - (tmp - enc); |
683 | GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); | 681 | GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); |
@@ -731,6 +729,9 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
731 | char *cookies; | 729 | char *cookies; |
732 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 730 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
733 | char delimiter[] = "; "; | 731 | char delimiter[] = "; "; |
732 | char *tmp_cookies; | ||
733 | char *token; | ||
734 | char *value; | ||
734 | 735 | ||
735 | //gets identity of login try with cookie | 736 | //gets identity of login try with cookie |
736 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 737 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), |
@@ -743,42 +744,52 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
743 | return; | 744 | return; |
744 | } | 745 | } |
745 | //splits cookies and find 'Identity' cookie | 746 | //splits cookies and find 'Identity' cookie |
746 | cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 747 | tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); |
747 | handle->oidc->login_identity = strtok (cookies, delimiter); | 748 | cookies = GNUNET_strdup (tmp_cookies); |
749 | token = strtok (cookies, delimiter); | ||
748 | handle->oidc->user_cancelled = GNUNET_NO; | 750 | handle->oidc->user_cancelled = GNUNET_NO; |
749 | 751 | handle->oidc->login_identity = NULL; | |
750 | if (NULL == handle->oidc->login_identity) | 752 | if (NULL == token) |
751 | { | 753 | { |
752 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 754 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
753 | "Unable to parse cookie: %s\n", | 755 | "Unable to parse cookie: %s\n", |
754 | cookies); | 756 | cookies); |
757 | GNUNET_free (cookies); | ||
755 | return; | 758 | return; |
756 | } | 759 | } |
757 | 760 | ||
758 | while ( NULL != handle->oidc->login_identity ) | 761 | while (NULL != token) |
759 | { | 762 | { |
760 | if ( 0 == strcmp (handle->oidc->login_identity, | 763 | if (0 == strcmp (token, |
761 | OIDC_COOKIE_HEADER_ACCESS_DENIED)) | 764 | OIDC_COOKIE_HEADER_ACCESS_DENIED)) |
762 | { | 765 | { |
763 | handle->oidc->user_cancelled = GNUNET_YES; | 766 | handle->oidc->user_cancelled = GNUNET_YES; |
764 | handle->oidc->login_identity = NULL; | 767 | GNUNET_free (cookies); |
765 | return; | 768 | return; |
766 | } | 769 | } |
767 | if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) | 770 | if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY)) |
768 | break; | 771 | break; |
769 | handle->oidc->login_identity = strtok (NULL, delimiter); | 772 | token = strtok (NULL, delimiter); |
773 | } | ||
774 | if (NULL == token) | ||
775 | { | ||
776 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
777 | "No cookie value to process: %s\n", | ||
778 | cookies); | ||
779 | GNUNET_free (cookies); | ||
780 | return; | ||
770 | } | 781 | } |
771 | GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), | 782 | GNUNET_CRYPTO_hash (token, strlen (token), |
772 | &cache_key); | 783 | &cache_key); |
773 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) | 784 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) |
774 | { | 785 | { |
775 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 786 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
776 | "Found cookie `%s', but no corresponding expiration entry present...\n", | 787 | "Found cookie `%s', but no corresponding expiration entry present...\n", |
777 | handle->oidc->login_identity); | 788 | token); |
778 | handle->oidc->login_identity = NULL; | 789 | GNUNET_free (cookies); |
779 | return; | 790 | return; |
780 | } | 791 | } |
781 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, | 792 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, |
782 | &cache_key); | 793 | &cache_key); |
783 | current_time = GNUNET_TIME_absolute_get (); | 794 | current_time = GNUNET_TIME_absolute_get (); |
784 | // 30 min after old login -> redirect to login | 795 | // 30 min after old login -> redirect to login |
@@ -786,12 +797,13 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
786 | { | 797 | { |
787 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 798 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
788 | "Found cookie `%s', but it is expired.\n", | 799 | "Found cookie `%s', but it is expired.\n", |
789 | handle->oidc->login_identity); | 800 | token); |
790 | handle->oidc->login_identity = NULL; | 801 | GNUNET_free (cookies); |
791 | return; | 802 | return; |
792 | } | 803 | } |
793 | handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); | 804 | value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY); |
794 | handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); | 805 | GNUNET_assert (NULL != value); |
806 | handle->oidc->login_identity = GNUNET_strdup (value); | ||
795 | } | 807 | } |
796 | 808 | ||
797 | /** | 809 | /** |
@@ -825,18 +837,18 @@ login_redirect (void *cls) | |||
825 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); | 837 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); |
826 | resp = GNUNET_REST_create_response (""); | 838 | resp = GNUNET_REST_create_response (""); |
827 | MHD_add_response_header (resp, "Location", new_redirect); | 839 | MHD_add_response_header (resp, "Location", new_redirect); |
828 | GNUNET_free(login_base_url); | 840 | GNUNET_free (login_base_url); |
829 | } | 841 | } |
830 | else | 842 | else |
831 | { | 843 | { |
832 | handle->emsg = GNUNET_strdup("server_error"); | 844 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
833 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 845 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
834 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 846 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
835 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 847 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
836 | return; | 848 | return; |
837 | } | 849 | } |
838 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 850 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
839 | GNUNET_free(new_redirect); | 851 | GNUNET_free (new_redirect); |
840 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 852 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
841 | } | 853 | } |
842 | 854 | ||
@@ -847,7 +859,7 @@ static void | |||
847 | oidc_iteration_error (void *cls) | 859 | oidc_iteration_error (void *cls) |
848 | { | 860 | { |
849 | struct RequestHandle *handle = cls; | 861 | struct RequestHandle *handle = cls; |
850 | handle->emsg = GNUNET_strdup("INTERNAL_SERVER_ERROR"); | 862 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
851 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 863 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
852 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 864 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
853 | } | 865 | } |
@@ -872,8 +884,8 @@ oidc_ticket_issue_cb (void* cls, | |||
872 | handle->ticket = *ticket; | 884 | handle->ticket = *ticket; |
873 | if (NULL == ticket) | 885 | if (NULL == ticket) |
874 | { | 886 | { |
875 | handle->emsg = GNUNET_strdup("server_error"); | 887 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
876 | handle->edesc = GNUNET_strdup("Server cannot generate ticket."); | 888 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); |
877 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 889 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
878 | return; | 890 | return; |
879 | } | 891 | } |
@@ -883,7 +895,7 @@ oidc_ticket_issue_cb (void* cls, | |||
883 | code_json_string = OIDC_build_authz_code (&handle->priv_key, | 895 | code_json_string = OIDC_build_authz_code (&handle->priv_key, |
884 | &handle->ticket, | 896 | &handle->ticket, |
885 | handle->oidc->nonce); | 897 | handle->oidc->nonce); |
886 | code_base64_final_string = base_64_encode(code_json_string); | 898 | code_base64_final_string = base64_encode (code_json_string); |
887 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | 899 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", |
888 | handle->redirect_prefix, | 900 | handle->redirect_prefix, |
889 | handle->tld, | 901 | handle->tld, |
@@ -908,8 +920,8 @@ oidc_collect_finished_cb (void *cls) | |||
908 | handle->ticket_it = NULL; | 920 | handle->ticket_it = NULL; |
909 | if (NULL == handle->attr_list->list_head) | 921 | if (NULL == handle->attr_list->list_head) |
910 | { | 922 | { |
911 | handle->emsg = GNUNET_strdup("invalid_scope"); | 923 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
912 | handle->edesc = GNUNET_strdup("The requested scope is not available."); | 924 | handle->edesc = GNUNET_strdup ("The requested scope is not available."); |
913 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 925 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
914 | return; | 926 | return; |
915 | } | 927 | } |
@@ -942,7 +954,7 @@ oidc_attr_collect (void *cls, | |||
942 | return; | 954 | return; |
943 | } | 955 | } |
944 | 956 | ||
945 | scope_variables = GNUNET_strdup(handle->oidc->scope); | 957 | scope_variables = GNUNET_strdup (handle->oidc->scope); |
946 | scope_variable = strtok (scope_variables, delimiter); | 958 | scope_variable = strtok (scope_variables, delimiter); |
947 | while (NULL != scope_variable) | 959 | while (NULL != scope_variable) |
948 | { | 960 | { |
@@ -955,16 +967,16 @@ oidc_attr_collect (void *cls, | |||
955 | if ( NULL == scope_variable ) | 967 | if ( NULL == scope_variable ) |
956 | { | 968 | { |
957 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | 969 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
958 | GNUNET_free(scope_variables); | 970 | GNUNET_free (scope_variables); |
959 | return; | 971 | return; |
960 | } | 972 | } |
961 | GNUNET_free(scope_variables); | 973 | GNUNET_free (scope_variables); |
962 | 974 | ||
963 | le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); | 975 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); |
964 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type, | 976 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type, |
965 | attr->data, attr->data_size); | 977 | attr->data, attr->data_size); |
966 | GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, | 978 | GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head, |
967 | handle->attr_list->list_tail, le); | 979 | handle->attr_list->list_tail, le); |
968 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | 980 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
969 | } | 981 | } |
970 | 982 | ||
@@ -983,13 +995,13 @@ code_redirect (void *cls) | |||
983 | 995 | ||
984 | GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); | 996 | GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); |
985 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); | 997 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); |
986 | GNUNET_free(identity_cookie); | 998 | GNUNET_free (identity_cookie); |
987 | //No login time for identity -> redirect to login | 999 | //No login time for identity -> redirect to login |
988 | if ( GNUNET_YES | 1000 | if ( GNUNET_YES |
989 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, | 1001 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, |
990 | &cache_key) ) | 1002 | &cache_key) ) |
991 | { | 1003 | { |
992 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, | 1004 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, |
993 | &cache_key); | 1005 | &cache_key); |
994 | current_time = GNUNET_TIME_absolute_get (); | 1006 | current_time = GNUNET_TIME_absolute_get (); |
995 | // 30 min after old login -> redirect to login | 1007 | // 30 min after old login -> redirect to login |
@@ -1000,9 +1012,8 @@ code_redirect (void *cls) | |||
1000 | handle->oidc->login_identity, | 1012 | handle->oidc->login_identity, |
1001 | strlen (handle->oidc->login_identity), &pubkey) ) | 1013 | strlen (handle->oidc->login_identity), &pubkey) ) |
1002 | { | 1014 | { |
1003 | handle->emsg = GNUNET_strdup("invalid_cookie"); | 1015 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); |
1004 | handle->edesc = GNUNET_strdup( | 1016 | handle->edesc = GNUNET_strdup ("The cookie of a login identity is not valid"); |
1005 | "The cookie of a login identity is not valid"); | ||
1006 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1017 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1007 | return; | 1018 | return; |
1008 | } | 1019 | } |
@@ -1011,13 +1022,13 @@ code_redirect (void *cls) | |||
1011 | NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) | 1022 | NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) |
1012 | { | 1023 | { |
1013 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); | 1024 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); |
1014 | if ( 0 | 1025 | if ( 0 == memcmp (&ego_pkey, |
1015 | == memcmp (&ego_pkey, &pubkey, | 1026 | &pubkey, |
1016 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1027 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1017 | { | 1028 | { |
1018 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1029 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1019 | handle->idp = GNUNET_RECLAIM_connect (cfg); | 1030 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1020 | handle->attr_list = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | 1031 | handle->attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1021 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, | 1032 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, |
1022 | &handle->priv_key, | 1033 | &handle->priv_key, |
1023 | &oidc_iteration_error, | 1034 | &oidc_iteration_error, |
@@ -1077,8 +1088,8 @@ lookup_redirect_uri_result (void *cls, | |||
1077 | handle->gns_op = NULL; | 1088 | handle->gns_op = NULL; |
1078 | if (0 == rd_count) | 1089 | if (0 == rd_count) |
1079 | { | 1090 | { |
1080 | handle->emsg = GNUNET_strdup("server_error"); | 1091 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1081 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | 1092 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); |
1082 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1093 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1083 | return; | 1094 | return; |
1084 | } | 1095 | } |
@@ -1108,8 +1119,8 @@ lookup_redirect_uri_result (void *cls, | |||
1108 | GNUNET_free (tmp); | 1119 | GNUNET_free (tmp); |
1109 | return; | 1120 | return; |
1110 | } | 1121 | } |
1111 | handle->emsg = GNUNET_strdup("server_error"); | 1122 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1112 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | 1123 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); |
1113 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1124 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1114 | } | 1125 | } |
1115 | 1126 | ||
@@ -1158,13 +1169,14 @@ build_authz_response (void *cls) | |||
1158 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1169 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1159 | &cache_key)) | 1170 | &cache_key)) |
1160 | { | 1171 | { |
1161 | handle->emsg=GNUNET_strdup("invalid_request"); | 1172 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1162 | handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); | 1173 | handle->edesc=GNUNET_strdup ("missing parameter redirect_uri"); |
1163 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1174 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1164 | return; | 1175 | return; |
1165 | } | 1176 | } |
1166 | handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1177 | handle->oidc->redirect_uri = |
1167 | &cache_key)); | 1178 | GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1179 | &cache_key)); | ||
1168 | 1180 | ||
1169 | // REQUIRED value: response_type | 1181 | // REQUIRED value: response_type |
1170 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1182 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), |
@@ -1172,13 +1184,13 @@ build_authz_response (void *cls) | |||
1172 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1184 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1173 | &cache_key)) | 1185 | &cache_key)) |
1174 | { | 1186 | { |
1175 | handle->emsg=GNUNET_strdup("invalid_request"); | 1187 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1176 | handle->edesc=GNUNET_strdup("missing parameter response_type"); | 1188 | handle->edesc=GNUNET_strdup ("missing parameter response_type"); |
1177 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1189 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1178 | return; | 1190 | return; |
1179 | } | 1191 | } |
1180 | handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1192 | handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1181 | &cache_key); | 1193 | &cache_key); |
1182 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); | 1194 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); |
1183 | 1195 | ||
1184 | // REQUIRED value: scope | 1196 | // REQUIRED value: scope |
@@ -1186,36 +1198,36 @@ build_authz_response (void *cls) | |||
1186 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1198 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1187 | &cache_key)) | 1199 | &cache_key)) |
1188 | { | 1200 | { |
1189 | handle->emsg=GNUNET_strdup("invalid_request"); | 1201 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1190 | handle->edesc=GNUNET_strdup("missing parameter scope"); | 1202 | handle->edesc=GNUNET_strdup ("missing parameter scope"); |
1191 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1203 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1192 | return; | 1204 | return; |
1193 | } | 1205 | } |
1194 | handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1206 | handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1195 | &cache_key); | 1207 | &cache_key); |
1196 | handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); | 1208 | handle->oidc->scope = GNUNET_strdup (handle->oidc->scope); |
1197 | 1209 | ||
1198 | //OPTIONAL value: nonce | 1210 | //OPTIONAL value: nonce |
1199 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | 1211 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); |
1200 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1212 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1201 | &cache_key)) | 1213 | &cache_key)) |
1202 | { | 1214 | { |
1203 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1215 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1204 | &cache_key); | 1216 | &cache_key); |
1205 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); | 1217 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); |
1206 | } | 1218 | } |
1207 | 1219 | ||
1208 | //TODO check other values if needed | 1220 | //TODO check other values if needed |
1209 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1221 | number_of_ignored_parameter = sizeof (OIDC_ignored_parameter_array) / sizeof (char *); |
1210 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) | 1222 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) |
1211 | { | 1223 | { |
1212 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1224 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1213 | strlen(OIDC_ignored_parameter_array[iterator]), | 1225 | strlen (OIDC_ignored_parameter_array[iterator]), |
1214 | &cache_key); | 1226 | &cache_key); |
1215 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | 1227 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1216 | &cache_key)) | 1228 | &cache_key)) |
1217 | { | 1229 | { |
1218 | handle->emsg=GNUNET_strdup("access_denied"); | 1230 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); |
1219 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", | 1231 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
1220 | OIDC_ignored_parameter_array[iterator]); | 1232 | OIDC_ignored_parameter_array[iterator]); |
1221 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1233 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
@@ -1224,39 +1236,36 @@ build_authz_response (void *cls) | |||
1224 | } | 1236 | } |
1225 | 1237 | ||
1226 | // Checks if response_type is 'code' | 1238 | // Checks if response_type is 'code' |
1227 | if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) ) | 1239 | if (0 != strcmp (handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) |
1228 | { | 1240 | { |
1229 | handle->emsg=GNUNET_strdup("unsupported_response_type"); | 1241 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); |
1230 | handle->edesc=GNUNET_strdup("The authorization server does not support " | 1242 | handle->edesc=GNUNET_strdup ("The authorization server does not support " |
1231 | "obtaining this authorization code."); | 1243 | "obtaining this authorization code."); |
1232 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1244 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1233 | return; | 1245 | return; |
1234 | } | 1246 | } |
1235 | 1247 | ||
1236 | // Checks if scope contains 'openid' | 1248 | // Checks if scope contains 'openid' |
1237 | expected_scope = GNUNET_strdup(handle->oidc->scope); | 1249 | expected_scope = GNUNET_strdup (handle->oidc->scope); |
1238 | char* test; | 1250 | char* test; |
1239 | test = strtok (expected_scope, delimiter); | 1251 | test = strtok (expected_scope, delimiter); |
1240 | while (NULL != test) | 1252 | while (NULL != test) |
1241 | { | 1253 | { |
1242 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) | 1254 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) |
1243 | { | ||
1244 | break; | 1255 | break; |
1245 | } | ||
1246 | test = strtok (NULL, delimiter); | 1256 | test = strtok (NULL, delimiter); |
1247 | } | 1257 | } |
1248 | if (NULL == test) | 1258 | if (NULL == test) |
1249 | { | 1259 | { |
1250 | handle->emsg = GNUNET_strdup("invalid_scope"); | 1260 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1251 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " | 1261 | handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " |
1252 | "malformed."); | 1262 | "malformed."); |
1253 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1263 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1254 | GNUNET_free(expected_scope); | 1264 | GNUNET_free (expected_scope); |
1255 | return; | 1265 | return; |
1256 | } | 1266 | } |
1257 | 1267 | ||
1258 | GNUNET_free(expected_scope); | 1268 | GNUNET_free (expected_scope); |
1259 | |||
1260 | if ( (NULL == handle->oidc->login_identity) && | 1269 | if ( (NULL == handle->oidc->login_identity) && |
1261 | (GNUNET_NO == handle->oidc->user_cancelled)) | 1270 | (GNUNET_NO == handle->oidc->user_cancelled)) |
1262 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); | 1271 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); |
@@ -1286,8 +1295,8 @@ tld_iter (void *cls, | |||
1286 | value); | 1295 | value); |
1287 | return; | 1296 | return; |
1288 | } | 1297 | } |
1289 | if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, | 1298 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, |
1290 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1299 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
1291 | handle->tld = GNUNET_strdup (option+1); | 1300 | handle->tld = GNUNET_strdup (option+1); |
1292 | } | 1301 | } |
1293 | 1302 | ||
@@ -1316,8 +1325,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1316 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1325 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1317 | &cache_key)) | 1326 | &cache_key)) |
1318 | { | 1327 | { |
1319 | handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1328 | handle->oidc->state = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1320 | &cache_key); | 1329 | &cache_key); |
1321 | handle->oidc->state = GNUNET_strdup (handle->oidc->state); | 1330 | handle->oidc->state = GNUNET_strdup (handle->oidc->state); |
1322 | } | 1331 | } |
1323 | 1332 | ||
@@ -1327,23 +1336,23 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1327 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1336 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1328 | &cache_key)) | 1337 | &cache_key)) |
1329 | { | 1338 | { |
1330 | handle->emsg=GNUNET_strdup("invalid_request"); | 1339 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1331 | handle->edesc=GNUNET_strdup("missing parameter client_id"); | 1340 | handle->edesc = GNUNET_strdup ("missing parameter client_id"); |
1332 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1341 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1333 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1342 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1334 | return; | 1343 | return; |
1335 | } | 1344 | } |
1336 | handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1345 | handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1337 | &cache_key)); | 1346 | &cache_key)); |
1338 | 1347 | ||
1339 | if ( GNUNET_OK | 1348 | if ( GNUNET_OK |
1340 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, | 1349 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, |
1341 | strlen (handle->oidc->client_id), | 1350 | strlen (handle->oidc->client_id), |
1342 | &handle->oidc->client_pkey) ) | 1351 | &handle->oidc->client_pkey) ) |
1343 | { | 1352 | { |
1344 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1353 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); |
1345 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 1354 | handle->edesc = GNUNET_strdup ("The client is not authorized to request an " |
1346 | "authorization code using this method."); | 1355 | "authorization code using this method."); |
1347 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1356 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1348 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1357 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1349 | return; | 1358 | return; |
@@ -1352,7 +1361,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1352 | 1361 | ||
1353 | if ( NULL == handle->ego_head ) | 1362 | if ( NULL == handle->ego_head ) |
1354 | { | 1363 | { |
1355 | handle->emsg = GNUNET_strdup("server_error"); | 1364 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1356 | handle->edesc = GNUNET_strdup ("Egos are missing"); | 1365 | handle->edesc = GNUNET_strdup ("Egos are missing"); |
1357 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1366 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1358 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1367 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -1368,8 +1377,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1368 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); | 1377 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); |
1369 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, | 1378 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, |
1370 | &pkey); | 1379 | &pkey); |
1371 | if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, | 1380 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, |
1372 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1381 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
1373 | { | 1382 | { |
1374 | handle->tld = GNUNET_strdup (tmp_ego->identifier); | 1383 | handle->tld = GNUNET_strdup (tmp_ego->identifier); |
1375 | handle->ego_entry = handle->ego_tail; | 1384 | handle->ego_entry = handle->ego_tail; |
@@ -1412,7 +1421,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1412 | GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); | 1421 | GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); |
1413 | root = json_loads (term_data, JSON_DECODE_ANY, &error); | 1422 | root = json_loads (term_data, JSON_DECODE_ANY, &error); |
1414 | identity = json_object_get (root, "identity"); | 1423 | identity = json_object_get (root, "identity"); |
1415 | if ( !json_is_string(identity) ) | 1424 | if (!json_is_string (identity)) |
1416 | { | 1425 | { |
1417 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1426 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1418 | "Error parsing json string from %s\n", | 1427 | "Error parsing json string from %s\n", |
@@ -1436,17 +1445,14 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1436 | if (0 != strcmp (json_string_value (identity), | 1445 | if (0 != strcmp (json_string_value (identity), |
1437 | "Denied")) | 1446 | "Denied")) |
1438 | { | 1447 | { |
1439 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1448 | current_time = GNUNET_new (struct GNUNET_TIME_Absolute); |
1440 | *current_time = GNUNET_TIME_relative_to_absolute ( | 1449 | *current_time = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
1441 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | ||
1442 | OIDC_COOKIE_EXPIRATION)); | 1450 | OIDC_COOKIE_EXPIRATION)); |
1443 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); | 1451 | last_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
1444 | if (NULL != last_time) | 1452 | GNUNET_free_non_null (last_time); |
1445 | { | 1453 | GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, |
1446 | GNUNET_free(last_time); | 1454 | &cache_key, |
1447 | } | 1455 | current_time, |
1448 | GNUNET_CONTAINER_multihashmap_put ( | ||
1449 | OIDC_identity_login_time, &cache_key, current_time, | ||
1450 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1456 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1451 | } | 1457 | } |
1452 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 1458 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
@@ -1475,8 +1481,8 @@ check_authorization (struct RequestHandle *handle, | |||
1475 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | 1481 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, |
1476 | &cache_key) ) | 1482 | &cache_key) ) |
1477 | { | 1483 | { |
1478 | handle->emsg=GNUNET_strdup("invalid_client"); | 1484 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1479 | handle->edesc=GNUNET_strdup("missing authorization"); | 1485 | handle->edesc=GNUNET_strdup ("missing authorization"); |
1480 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1486 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1481 | return GNUNET_SYSERR; | 1487 | return GNUNET_SYSERR; |
1482 | } | 1488 | } |
@@ -1487,14 +1493,14 @@ check_authorization (struct RequestHandle *handle, | |||
1487 | credentials = strtok (authorization, " "); | 1493 | credentials = strtok (authorization, " "); |
1488 | if (0 != strcmp ("Basic", credentials)) | 1494 | if (0 != strcmp ("Basic", credentials)) |
1489 | { | 1495 | { |
1490 | handle->emsg=GNUNET_strdup("invalid_client"); | 1496 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1491 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1497 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1492 | return GNUNET_SYSERR; | 1498 | return GNUNET_SYSERR; |
1493 | } | 1499 | } |
1494 | credentials = strtok(NULL, " "); | 1500 | credentials = strtok (NULL, " "); |
1495 | if (NULL == credentials) | 1501 | if (NULL == credentials) |
1496 | { | 1502 | { |
1497 | handle->emsg=GNUNET_strdup("invalid_client"); | 1503 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1498 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1504 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1499 | return GNUNET_SYSERR; | 1505 | return GNUNET_SYSERR; |
1500 | } | 1506 | } |
@@ -1504,46 +1510,48 @@ check_authorization (struct RequestHandle *handle, | |||
1504 | 1510 | ||
1505 | if ( NULL == basic_authorization ) | 1511 | if ( NULL == basic_authorization ) |
1506 | { | 1512 | { |
1507 | handle->emsg=GNUNET_strdup("invalid_client"); | 1513 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1508 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1514 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1509 | return GNUNET_SYSERR; | 1515 | return GNUNET_SYSERR; |
1510 | } | 1516 | } |
1511 | client_id = strtok (basic_authorization, ":"); | 1517 | client_id = strtok (basic_authorization, ":"); |
1512 | if ( NULL == client_id ) | 1518 | if ( NULL == client_id ) |
1513 | { | 1519 | { |
1514 | GNUNET_free_non_null(basic_authorization); | 1520 | GNUNET_free_non_null (basic_authorization); |
1515 | handle->emsg=GNUNET_strdup("invalid_client"); | 1521 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1516 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1522 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1517 | return GNUNET_SYSERR; | 1523 | return GNUNET_SYSERR; |
1518 | } | 1524 | } |
1519 | pass = strtok (NULL, ":"); | 1525 | pass = strtok (NULL, ":"); |
1520 | if (NULL == pass) | 1526 | if (NULL == pass) |
1521 | { | 1527 | { |
1522 | GNUNET_free_non_null(basic_authorization); | 1528 | GNUNET_free_non_null (basic_authorization); |
1523 | handle->emsg=GNUNET_strdup("invalid_client"); | 1529 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1524 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1530 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1525 | return GNUNET_SYSERR; | 1531 | return GNUNET_SYSERR; |
1526 | } | 1532 | } |
1527 | 1533 | ||
1528 | //check client password | 1534 | //check client password |
1529 | if ( GNUNET_OK | 1535 | if ( GNUNET_OK |
1530 | == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", | 1536 | == GNUNET_CONFIGURATION_get_value_string (cfg, |
1531 | "psw", &expected_pass) ) | 1537 | "reclaim-rest-plugin", |
1538 | "psw", | ||
1539 | &expected_pass) ) | ||
1532 | { | 1540 | { |
1533 | if (0 != strcmp (expected_pass, pass)) | 1541 | if (0 != strcmp (expected_pass, pass)) |
1534 | { | 1542 | { |
1535 | GNUNET_free_non_null(basic_authorization); | 1543 | GNUNET_free_non_null (basic_authorization); |
1536 | GNUNET_free(expected_pass); | 1544 | GNUNET_free (expected_pass); |
1537 | handle->emsg=GNUNET_strdup("invalid_client"); | 1545 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1538 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1546 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1539 | return GNUNET_SYSERR; | 1547 | return GNUNET_SYSERR; |
1540 | } | 1548 | } |
1541 | GNUNET_free(expected_pass); | 1549 | GNUNET_free (expected_pass); |
1542 | } | 1550 | } |
1543 | else | 1551 | else |
1544 | { | 1552 | { |
1545 | GNUNET_free_non_null(basic_authorization); | 1553 | GNUNET_free_non_null (basic_authorization); |
1546 | handle->emsg = GNUNET_strdup("server_error"); | 1554 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1547 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 1555 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
1548 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1556 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1549 | return GNUNET_SYSERR; | 1557 | return GNUNET_SYSERR; |
@@ -1552,7 +1560,7 @@ check_authorization (struct RequestHandle *handle, | |||
1552 | //check client_id | 1560 | //check client_id |
1553 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; ) | 1561 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; ) |
1554 | { | 1562 | { |
1555 | if ( 0 == strcmp(handle->ego_entry->keystring, client_id)) | 1563 | if (0 == strcmp (handle->ego_entry->keystring, client_id)) |
1556 | { | 1564 | { |
1557 | client_exists = GNUNET_YES; | 1565 | client_exists = GNUNET_YES; |
1558 | break; | 1566 | break; |
@@ -1561,13 +1569,13 @@ check_authorization (struct RequestHandle *handle, | |||
1561 | } | 1569 | } |
1562 | if (GNUNET_NO == client_exists) | 1570 | if (GNUNET_NO == client_exists) |
1563 | { | 1571 | { |
1564 | GNUNET_free_non_null(basic_authorization); | 1572 | GNUNET_free_non_null (basic_authorization); |
1565 | handle->emsg=GNUNET_strdup("invalid_client"); | 1573 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1566 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1574 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1567 | return GNUNET_SYSERR; | 1575 | return GNUNET_SYSERR; |
1568 | } | 1576 | } |
1569 | GNUNET_STRINGS_string_to_data (client_id, | 1577 | GNUNET_STRINGS_string_to_data (client_id, |
1570 | strlen(client_id), | 1578 | strlen (client_id), |
1571 | cid, | 1579 | cid, |
1572 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 1580 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
1573 | 1581 | ||
@@ -1587,7 +1595,7 @@ ego_exists (struct RequestHandle *handle, | |||
1587 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); | 1595 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); |
1588 | if (0 == memcmp (&pub_key, | 1596 | if (0 == memcmp (&pub_key, |
1589 | test_key, | 1597 | test_key, |
1590 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) | 1598 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
1591 | { | 1599 | { |
1592 | break; | 1600 | break; |
1593 | } | 1601 | } |
@@ -1608,19 +1616,21 @@ store_ticket_reference (const struct RequestHandle *handle, | |||
1608 | char *ticket_string; | 1616 | char *ticket_string; |
1609 | char *client_id; | 1617 | char *client_id; |
1610 | 1618 | ||
1611 | GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); | 1619 | GNUNET_CRYPTO_hash (access_token, |
1620 | strlen (access_token), | ||
1621 | &cache_key); | ||
1612 | client_id = GNUNET_STRINGS_data_to_string_alloc (cid, | 1622 | client_id = GNUNET_STRINGS_data_to_string_alloc (cid, |
1613 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 1623 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
1614 | ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, | 1624 | ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, |
1615 | sizeof (struct GNUNET_RECLAIM_Ticket)); | 1625 | sizeof (struct GNUNET_RECLAIM_Ticket)); |
1616 | GNUNET_asprintf(&id_ticket_combination, | 1626 | GNUNET_asprintf (&id_ticket_combination, |
1617 | "%s;%s", | 1627 | "%s;%s", |
1618 | client_id, | 1628 | client_id, |
1619 | ticket_string); | 1629 | ticket_string); |
1620 | GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, | 1630 | GNUNET_CONTAINER_multihashmap_put (OIDC_access_token_map, |
1621 | &cache_key, | 1631 | &cache_key, |
1622 | id_ticket_combination, | 1632 | id_ticket_combination, |
1623 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1633 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1624 | 1634 | ||
1625 | GNUNET_free (client_id); | 1635 | GNUNET_free (client_id); |
1626 | GNUNET_free (ticket_string); | 1636 | GNUNET_free (ticket_string); |
@@ -1640,7 +1650,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1640 | { | 1650 | { |
1641 | struct RequestHandle *handle = cls; | 1651 | struct RequestHandle *handle = cls; |
1642 | struct GNUNET_TIME_Relative expiration_time; | 1652 | struct GNUNET_TIME_Relative expiration_time; |
1643 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; | 1653 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; |
1644 | struct GNUNET_RECLAIM_Ticket *ticket; | 1654 | struct GNUNET_RECLAIM_Ticket *ticket; |
1645 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; | 1655 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; |
1646 | struct GNUNET_HashCode cache_key; | 1656 | struct GNUNET_HashCode cache_key; |
@@ -1677,8 +1687,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1677 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1687 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1678 | &cache_key)) | 1688 | &cache_key)) |
1679 | { | 1689 | { |
1680 | handle->emsg = GNUNET_strdup("invalid_request"); | 1690 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1681 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); | 1691 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); |
1682 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1692 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1683 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1693 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1684 | return; | 1694 | return; |
@@ -1692,8 +1702,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1692 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1702 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1693 | &cache_key)) | 1703 | &cache_key)) |
1694 | { | 1704 | { |
1695 | handle->emsg = GNUNET_strdup("invalid_request"); | 1705 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1696 | handle->edesc = GNUNET_strdup("missing parameter code"); | 1706 | handle->edesc = GNUNET_strdup ("missing parameter code"); |
1697 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1707 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1698 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1708 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1699 | return; | 1709 | return; |
@@ -1708,43 +1718,43 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1708 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1718 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1709 | &cache_key) ) | 1719 | &cache_key) ) |
1710 | { | 1720 | { |
1711 | handle->emsg = GNUNET_strdup("invalid_request"); | 1721 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1712 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); | 1722 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); |
1713 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1723 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1714 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1724 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1715 | return; | 1725 | return; |
1716 | } | 1726 | } |
1717 | 1727 | ||
1718 | //Check parameter grant_type == "authorization_code" | 1728 | //Check parameter grant_type == "authorization_code" |
1719 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) | 1729 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) |
1720 | { | 1730 | { |
1721 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); | 1731 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); |
1722 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1732 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1723 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1733 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1724 | return; | 1734 | return; |
1725 | } | 1735 | } |
1726 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); | 1736 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); |
1727 | if (GNUNET_SYSERR == | 1737 | if (GNUNET_SYSERR == |
1728 | GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, | 1738 | GNUNET_CONTAINER_multihashmap_put (OIDC_used_ticket_map, |
1729 | &cache_key, | 1739 | &cache_key, |
1730 | &i, | 1740 | &i, |
1731 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) | 1741 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) |
1732 | { | 1742 | { |
1733 | handle->emsg = GNUNET_strdup("invalid_request"); | 1743 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1734 | handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); | 1744 | handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); |
1735 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1745 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1736 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1746 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1737 | return; | 1747 | return; |
1738 | } | 1748 | } |
1739 | 1749 | ||
1740 | //decode code | 1750 | //decode code |
1741 | if(GNUNET_OK != OIDC_parse_authz_code (&cid, | 1751 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, |
1742 | code, | 1752 | code, |
1743 | &ticket, | 1753 | &ticket, |
1744 | &nonce)) | 1754 | &nonce)) |
1745 | { | 1755 | { |
1746 | handle->emsg = GNUNET_strdup("invalid_request"); | 1756 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1747 | handle->edesc = GNUNET_strdup("invalid code"); | 1757 | handle->edesc = GNUNET_strdup ("invalid code"); |
1748 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1758 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1749 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1759 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1750 | return; | 1760 | return; |
@@ -1752,16 +1762,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1752 | 1762 | ||
1753 | //create jwt | 1763 | //create jwt |
1754 | if (GNUNET_OK != | 1764 | if (GNUNET_OK != |
1755 | GNUNET_CONFIGURATION_get_value_time(cfg, | 1765 | GNUNET_CONFIGURATION_get_value_time (cfg, |
1756 | "reclaim-rest-plugin", | 1766 | "reclaim-rest-plugin", |
1757 | "expiration_time", | 1767 | "expiration_time", |
1758 | &expiration_time)) | 1768 | &expiration_time)) |
1759 | { | 1769 | { |
1760 | handle->emsg = GNUNET_strdup("server_error"); | 1770 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1761 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 1771 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
1762 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1772 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1763 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1773 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1764 | GNUNET_free(ticket); | 1774 | GNUNET_free (ticket); |
1765 | return; | 1775 | return; |
1766 | } | 1776 | } |
1767 | 1777 | ||
@@ -1770,21 +1780,23 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1770 | if (GNUNET_NO == ego_exists (handle, | 1780 | if (GNUNET_NO == ego_exists (handle, |
1771 | &ticket->audience)) | 1781 | &ticket->audience)) |
1772 | { | 1782 | { |
1773 | handle->emsg = GNUNET_strdup("invalid_request"); | 1783 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1774 | handle->edesc = GNUNET_strdup("invalid code..."); | 1784 | handle->edesc = GNUNET_strdup ("invalid code..."); |
1775 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1785 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1776 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1786 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1777 | GNUNET_free(ticket); | 1787 | GNUNET_free (ticket); |
1778 | } | 1788 | } |
1779 | if ( GNUNET_OK | 1789 | if ( GNUNET_OK |
1780 | != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", | 1790 | != GNUNET_CONFIGURATION_get_value_string (cfg, |
1781 | "jwt_secret", &jwt_secret) ) | 1791 | "reclaim-rest-plugin", |
1792 | "jwt_secret", | ||
1793 | &jwt_secret) ) | ||
1782 | { | 1794 | { |
1783 | handle->emsg = GNUNET_strdup("invalid_request"); | 1795 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1784 | handle->edesc = GNUNET_strdup("No signing secret configured!"); | 1796 | handle->edesc = GNUNET_strdup ("No signing secret configured!"); |
1785 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1797 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1786 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1798 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1787 | GNUNET_free(ticket); | 1799 | GNUNET_free (ticket); |
1788 | return; | 1800 | return; |
1789 | } | 1801 | } |
1790 | //TODO We should collect the attributes here. cl always empty | 1802 | //TODO We should collect the attributes here. cl always empty |
@@ -1795,7 +1807,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1795 | &expiration_time, | 1807 | &expiration_time, |
1796 | (NULL != nonce) ? nonce : NULL, | 1808 | (NULL != nonce) ? nonce : NULL, |
1797 | jwt_secret); | 1809 | jwt_secret); |
1798 | access_token = OIDC_access_token_new (); | 1810 | access_token = OIDC_access_token_new (); |
1799 | OIDC_build_token_response (access_token, | 1811 | OIDC_build_token_response (access_token, |
1800 | id_token, | 1812 | id_token, |
1801 | &expiration_time, | 1813 | &expiration_time, |
@@ -1810,12 +1822,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1810 | MHD_add_response_header (resp, "Pragma", "no-cache"); | 1822 | MHD_add_response_header (resp, "Pragma", "no-cache"); |
1811 | MHD_add_response_header (resp, "Content-Type", "application/json"); | 1823 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
1812 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 1824 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1813 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); | 1825 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl); |
1814 | GNUNET_free(access_token); | 1826 | GNUNET_free (access_token); |
1815 | GNUNET_free(json_response); | 1827 | GNUNET_free (json_response); |
1816 | GNUNET_free(ticket); | 1828 | GNUNET_free (ticket); |
1817 | GNUNET_free(id_token); | 1829 | GNUNET_free (id_token); |
1818 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1830 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1819 | } | 1831 | } |
1820 | 1832 | ||
1821 | /** | 1833 | /** |
@@ -1835,14 +1847,10 @@ consume_ticket (void *cls, | |||
1835 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); | 1847 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); |
1836 | return; | 1848 | return; |
1837 | } | 1849 | } |
1838 | |||
1839 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, | 1850 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, |
1840 | attr->data, | 1851 | attr->data, |
1841 | attr->data_size); | 1852 | attr->data_size); |
1842 | |||
1843 | value = json_string (tmp_value); | 1853 | value = json_string (tmp_value); |
1844 | |||
1845 | |||
1846 | json_object_set_new (handle->oidc->response, | 1854 | json_object_set_new (handle->oidc->response, |
1847 | attr->name, | 1855 | attr->name, |
1848 | value); | 1856 | value); |
@@ -1873,11 +1881,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1873 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | 1881 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
1874 | &cache_key); | 1882 | &cache_key); |
1875 | if ( GNUNET_NO | 1883 | if ( GNUNET_NO |
1876 | == GNUNET_CONTAINER_multihashmap_contains ( | 1884 | == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, |
1877 | handle->rest_handle->header_param_map, &cache_key) ) | 1885 | &cache_key) ) |
1878 | { | 1886 | { |
1879 | handle->emsg = GNUNET_strdup("invalid_token"); | 1887 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1880 | handle->edesc = GNUNET_strdup("No Access Token"); | 1888 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1881 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1889 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1882 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1890 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1883 | return; | 1891 | return; |
@@ -1886,114 +1894,113 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1886 | handle->rest_handle->header_param_map, &cache_key); | 1894 | handle->rest_handle->header_param_map, &cache_key); |
1887 | 1895 | ||
1888 | //split header in "Bearer" and access_token | 1896 | //split header in "Bearer" and access_token |
1889 | authorization = GNUNET_strdup(authorization); | 1897 | authorization = GNUNET_strdup (authorization); |
1890 | authorization_type = strtok (authorization, delimiter); | 1898 | authorization_type = strtok (authorization, delimiter); |
1891 | if ( 0 != strcmp ("Bearer", authorization_type) ) | 1899 | if ( 0 != strcmp ("Bearer", authorization_type) ) |
1892 | { | 1900 | { |
1893 | handle->emsg = GNUNET_strdup("invalid_token"); | 1901 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1894 | handle->edesc = GNUNET_strdup("No Access Token"); | 1902 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1895 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1903 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1896 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1904 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1897 | GNUNET_free(authorization); | 1905 | GNUNET_free (authorization); |
1898 | return; | 1906 | return; |
1899 | } | 1907 | } |
1900 | authorization_access_token = strtok (NULL, delimiter); | 1908 | authorization_access_token = strtok (NULL, delimiter); |
1901 | if ( NULL == authorization_access_token ) | 1909 | if ( NULL == authorization_access_token ) |
1902 | { | 1910 | { |
1903 | handle->emsg = GNUNET_strdup("invalid_token"); | 1911 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1904 | handle->edesc = GNUNET_strdup("No Access Token"); | 1912 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1905 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1913 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1906 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1914 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1907 | GNUNET_free(authorization); | 1915 | GNUNET_free (authorization); |
1908 | return; | 1916 | return; |
1909 | } | 1917 | } |
1910 | 1918 | ||
1911 | GNUNET_CRYPTO_hash (authorization_access_token, | 1919 | GNUNET_CRYPTO_hash (authorization_access_token, |
1912 | strlen (authorization_access_token), | 1920 | strlen (authorization_access_token), |
1913 | &cache_key); | 1921 | &cache_key); |
1914 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token, | 1922 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map, |
1915 | &cache_key) ) | 1923 | &cache_key) ) |
1916 | { | 1924 | { |
1917 | handle->emsg = GNUNET_strdup("invalid_token"); | 1925 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1918 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 1926 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
1919 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1927 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1920 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1928 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1921 | GNUNET_free(authorization); | 1929 | GNUNET_free (authorization); |
1922 | return; | 1930 | return; |
1923 | } | 1931 | } |
1924 | 1932 | ||
1925 | client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, | 1933 | client_ticket = GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, |
1926 | &cache_key); | 1934 | &cache_key); |
1927 | client_ticket = GNUNET_strdup(client_ticket); | 1935 | client_ticket = GNUNET_strdup (client_ticket); |
1928 | client = strtok(client_ticket,delimiter_db); | 1936 | client = strtok (client_ticket,delimiter_db); |
1929 | if (NULL == client) | 1937 | if (NULL == client) |
1930 | { | 1938 | { |
1931 | handle->emsg = GNUNET_strdup("invalid_token"); | 1939 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1932 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 1940 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
1933 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1941 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1934 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1942 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1935 | GNUNET_free(authorization); | 1943 | GNUNET_free (authorization); |
1936 | GNUNET_free(client_ticket); | 1944 | GNUNET_free (client_ticket); |
1937 | return; | 1945 | return; |
1938 | } | 1946 | } |
1939 | handle->ego_entry = handle->ego_head; | 1947 | handle->ego_entry = handle->ego_head; |
1940 | for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) | 1948 | for (; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) |
1941 | { | 1949 | { |
1942 | if (0 == strcmp(handle->ego_entry->keystring,client)) | 1950 | if (0 == strcmp (handle->ego_entry->keystring,client)) |
1943 | { | ||
1944 | break; | 1951 | break; |
1945 | } | ||
1946 | } | 1952 | } |
1947 | if (NULL == handle->ego_entry) | 1953 | if (NULL == handle->ego_entry) |
1948 | { | 1954 | { |
1949 | handle->emsg = GNUNET_strdup("invalid_token"); | 1955 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1950 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 1956 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
1951 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1957 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1952 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1958 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1953 | GNUNET_free(authorization); | 1959 | GNUNET_free (authorization); |
1954 | GNUNET_free(client_ticket); | 1960 | GNUNET_free (client_ticket); |
1955 | return; | 1961 | return; |
1956 | } | 1962 | } |
1957 | ticket_str = strtok(NULL, delimiter_db); | 1963 | ticket_str = strtok (NULL, delimiter_db); |
1958 | if (NULL == ticket_str) | 1964 | if (NULL == ticket_str) |
1959 | { | 1965 | { |
1960 | handle->emsg = GNUNET_strdup("invalid_token"); | 1966 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1961 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 1967 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
1962 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1968 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1963 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1969 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1964 | GNUNET_free(authorization); | 1970 | GNUNET_free (authorization); |
1965 | GNUNET_free(client_ticket); | 1971 | GNUNET_free (client_ticket); |
1966 | return; | 1972 | return; |
1967 | } | 1973 | } |
1968 | ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket); | 1974 | ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); |
1969 | if ( GNUNET_OK | 1975 | if ( GNUNET_OK |
1970 | != GNUNET_STRINGS_string_to_data (ticket_str, | 1976 | != GNUNET_STRINGS_string_to_data (ticket_str, |
1971 | strlen (ticket_str), | 1977 | strlen (ticket_str), |
1972 | ticket, | 1978 | ticket, |
1973 | sizeof(struct GNUNET_RECLAIM_Ticket))) | 1979 | sizeof (struct GNUNET_RECLAIM_Ticket))) |
1974 | { | 1980 | { |
1975 | handle->emsg = GNUNET_strdup("invalid_token"); | 1981 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1976 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 1982 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
1977 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1983 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1978 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 1984 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1979 | GNUNET_free(ticket); | 1985 | GNUNET_free (ticket); |
1980 | GNUNET_free(authorization); | 1986 | GNUNET_free (authorization); |
1981 | GNUNET_free(client_ticket); | 1987 | GNUNET_free (client_ticket); |
1982 | return; | 1988 | return; |
1983 | } | 1989 | } |
1984 | 1990 | ||
1985 | handle->idp = GNUNET_RECLAIM_connect (cfg); | 1991 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1986 | handle->oidc->response = json_object(); | 1992 | handle->oidc->response = json_object (); |
1987 | json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); | 1993 | json_object_set_new (handle->oidc->response, |
1988 | handle->idp_op = GNUNET_RECLAIM_ticket_consume ( | 1994 | "sub", |
1989 | handle->idp, | 1995 | json_string (handle->ego_entry->keystring)); |
1996 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, | ||
1990 | GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), | 1997 | GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), |
1991 | ticket, | 1998 | ticket, |
1992 | consume_ticket, | 1999 | consume_ticket, |
1993 | handle); | 2000 | handle); |
1994 | GNUNET_free(ticket); | 2001 | GNUNET_free (ticket); |
1995 | GNUNET_free(authorization); | 2002 | GNUNET_free (authorization); |
1996 | GNUNET_free(client_ticket); | 2003 | GNUNET_free (client_ticket); |
1997 | 2004 | ||
1998 | } | 2005 | } |
1999 | 2006 | ||
@@ -2085,7 +2092,9 @@ list_ego (void *cls, | |||
2085 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); | 2092 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2086 | ego_entry->ego = ego; | 2093 | ego_entry->ego = ego; |
2087 | ego_entry->identifier = GNUNET_strdup (identifier); | 2094 | ego_entry->identifier = GNUNET_strdup (identifier); |
2088 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); | 2095 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, |
2096 | handle->ego_tail, | ||
2097 | ego_entry); | ||
2089 | return; | 2098 | return; |
2090 | } | 2099 | } |
2091 | /* Ego renamed or added */ | 2100 | /* Ego renamed or added */ |
@@ -2106,7 +2115,9 @@ list_ego (void *cls, | |||
2106 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); | 2115 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2107 | ego_entry->ego = ego; | 2116 | ego_entry->ego = ego; |
2108 | ego_entry->identifier = GNUNET_strdup (identifier); | 2117 | ego_entry->identifier = GNUNET_strdup (identifier); |
2109 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); | 2118 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, |
2119 | handle->ego_tail, | ||
2120 | ego_entry); | ||
2110 | } | 2121 | } |
2111 | } else { | 2122 | } else { |
2112 | /* Delete */ | 2123 | /* Delete */ |
@@ -2115,26 +2126,26 @@ list_ego (void *cls, | |||
2115 | break; | 2126 | break; |
2116 | } | 2127 | } |
2117 | if (NULL != ego_entry) | 2128 | if (NULL != ego_entry) |
2118 | GNUNET_CONTAINER_DLL_remove(handle->ego_head,handle->ego_tail, ego_entry); | 2129 | GNUNET_CONTAINER_DLL_remove (handle->ego_head,handle->ego_tail, ego_entry); |
2119 | } | 2130 | } |
2120 | 2131 | ||
2121 | } | 2132 | } |
2122 | 2133 | ||
2123 | static void | 2134 | static void |
2124 | rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | 2135 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, |
2125 | GNUNET_REST_ResultProcessor proc, | 2136 | GNUNET_REST_ResultProcessor proc, |
2126 | void *proc_cls) | 2137 | void *proc_cls) |
2127 | { | 2138 | { |
2128 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | 2139 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
2129 | handle->oidc = GNUNET_new (struct OIDC_Variables); | 2140 | handle->oidc = GNUNET_new (struct OIDC_Variables); |
2130 | if ( NULL == OIDC_identity_login_time ) | 2141 | if (NULL == OIDC_cookie_jar_map) |
2131 | OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2142 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2132 | if ( NULL == OIDC_identity_grants ) | 2143 | if (NULL == OIDC_identity_grants) |
2133 | OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2144 | OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2134 | if ( NULL == OIDC_ticket_once ) | 2145 | if (NULL == OIDC_used_ticket_map) |
2135 | OIDC_ticket_once = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2146 | OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2136 | if ( NULL == OIDC_interpret_access_token ) | 2147 | if (NULL == OIDC_access_token_map) |
2137 | OIDC_interpret_access_token = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2148 | OIDC_access_token_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2138 | handle->response_code = 0; | 2149 | handle->response_code = 0; |
2139 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 2150 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
2140 | handle->proc_cls = proc_cls; | 2151 | handle->proc_cls = proc_cls; |
@@ -2210,40 +2221,30 @@ libgnunet_plugin_rest_openid_connect_done (void *cls) | |||
2210 | 2221 | ||
2211 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | 2222 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; |
2212 | void *value = NULL; | 2223 | void *value = NULL; |
2213 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( | 2224 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); |
2214 | OIDC_identity_login_time); | ||
2215 | while (GNUNET_YES == | 2225 | while (GNUNET_YES == |
2216 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2226 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2217 | { | 2227 | GNUNET_free_non_null (value); |
2218 | if (NULL != value) | 2228 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); |
2219 | GNUNET_free(value); | 2229 | |
2220 | } | ||
2221 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time); | ||
2222 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); | 2230 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); |
2223 | while (GNUNET_YES == | 2231 | while (GNUNET_YES == |
2224 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2232 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2225 | { | 2233 | GNUNET_free_non_null (value); |
2226 | if (NULL != value) | 2234 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants); |
2227 | GNUNET_free(value); | 2235 | |
2228 | } | 2236 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); |
2229 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants); | ||
2230 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_ticket_once); | ||
2231 | while (GNUNET_YES == | 2237 | while (GNUNET_YES == |
2232 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2238 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2233 | { | 2239 | GNUNET_free_non_null (value); |
2234 | if (NULL != value) | 2240 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map); |
2235 | GNUNET_free(value); | 2241 | |
2236 | } | 2242 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); |
2237 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_ticket_once); | ||
2238 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_interpret_access_token); | ||
2239 | while (GNUNET_YES == | 2243 | while (GNUNET_YES == |
2240 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2244 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2241 | { | 2245 | GNUNET_free_non_null (value); |
2242 | if (NULL != value) | 2246 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map); |
2243 | GNUNET_free(value); | 2247 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); |
2244 | } | ||
2245 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_interpret_access_token); | ||
2246 | GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); | ||
2247 | GNUNET_free_non_null (allow_methods); | 2248 | GNUNET_free_non_null (allow_methods); |
2248 | GNUNET_free (api); | 2249 | GNUNET_free (api); |
2249 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2250 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |