aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2019-04-15 09:55:48 +0200
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2019-04-15 09:55:48 +0200
commitae5e3e047c357de816f54ba53722b7444a7cae82 (patch)
treee1133bcc3064e1d002db9f2f71aea5c66bc33ba0 /src
parent77494b746ad3baa510ddf751c046b0fa802bfd5f (diff)
downloadgnunet-ae5e3e047c357de816f54ba53722b7444a7cae82.tar.gz
gnunet-ae5e3e047c357de816f54ba53722b7444a7cae82.zip
RECLAIM/REST: update style
Diffstat (limited to 'src')
-rw-r--r--src/reclaim/oidc_helper.c317
1 files changed, 136 insertions, 181 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 646e58551..750b276a4 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -11,7 +11,7 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
@@ -24,16 +24,17 @@
24 * @author Martin Schanzenbach 24 * @author Martin Schanzenbach
25 */ 25 */
26#include "platform.h" 26#include "platform.h"
27#include <inttypes.h>
28#include <jansson.h>
29
27#include "gnunet_util_lib.h" 30#include "gnunet_util_lib.h"
28#include "gnunet_signatures.h" 31
29#include "gnunet_reclaim_service.h"
30#include "gnunet_reclaim_attribute_lib.h" 32#include "gnunet_reclaim_attribute_lib.h"
31#include <jansson.h> 33#include "gnunet_reclaim_service.h"
32#include <inttypes.h> 34#include "gnunet_signatures.h"
33#include "oidc_helper.h" 35#include "oidc_helper.h"
34 36static char *
35static char* 37create_jwt_header (void)
36create_jwt_header(void)
37{ 38{
38 json_t *root; 39 json_t *root;
39 char *json_str; 40 char *json_str;
@@ -42,29 +43,30 @@ create_jwt_header(void)
42 json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); 43 json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
43 json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); 44 json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
44 45
45 json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT); 46 json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT);
46 json_decref (root); 47 json_decref (root);
47 return json_str; 48 return json_str;
48} 49}
49 50
50static void 51static void
51replace_char(char* str, char find, char replace){ 52replace_char (char *str, char find, char replace)
52 char *current_pos = strchr(str,find); 53{
53 while (current_pos){ 54 char *current_pos = strchr (str, find);
55 while (current_pos) {
54 *current_pos = replace; 56 *current_pos = replace;
55 current_pos = strchr(current_pos,find); 57 current_pos = strchr (current_pos, find);
56 } 58 }
57} 59}
58 60
59//RFC4648 61// RFC4648
60static void 62static void
61fix_base64(char* str) { 63fix_base64 (char *str)
62 //Replace + with - 64{
65 // Replace + with -
63 replace_char (str, '+', '-'); 66 replace_char (str, '+', '-');
64 67
65 //Replace / with _ 68 // Replace / with _
66 replace_char (str, '/', '_'); 69 replace_char (str, '/', '_');
67
68} 70}
69 71
70/** 72/**
@@ -77,90 +79,78 @@ fix_base64(char* str) {
77 * @param secret_key the key used to sign the JWT 79 * @param secret_key the key used to sign the JWT
78 * @return a new base64-encoded JWT string. 80 * @return a new base64-encoded JWT string.
79 */ 81 */
80char* 82char *
81OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, 83OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
82 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, 84 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
83 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, 85 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
84 const struct GNUNET_TIME_Relative *expiration_time, 86 const struct GNUNET_TIME_Relative *expiration_time,
85 const char *nonce, 87 const char *nonce, const char *secret_key)
86 const char *secret_key)
87{ 88{
88 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; 89 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
89 struct GNUNET_HashCode signature; 90 struct GNUNET_HashCode signature;
90 struct GNUNET_TIME_Absolute exp_time; 91 struct GNUNET_TIME_Absolute exp_time;
91 struct GNUNET_TIME_Absolute time_now; 92 struct GNUNET_TIME_Absolute time_now;
92 char* audience; 93 char *audience;
93 char* subject; 94 char *subject;
94 char* header; 95 char *header;
95 char* body_str; 96 char *body_str;
96 char* result; 97 char *result;
97 char* header_base64; 98 char *header_base64;
98 char* body_base64; 99 char *body_base64;
99 char* signature_target; 100 char *signature_target;
100 char* signature_base64; 101 char *signature_base64;
101 char* attr_val_str; 102 char *attr_val_str;
102 json_t* body; 103 json_t *body;
103 104
104 //iat REQUIRED time now 105 // iat REQUIRED time now
105 time_now = GNUNET_TIME_absolute_get(); 106 time_now = GNUNET_TIME_absolute_get ();
106 //exp REQUIRED time expired from config 107 // exp REQUIRED time expired from config
107 exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); 108 exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
108 //auth_time only if max_age 109 // auth_time only if max_age
109 //nonce only if nonce 110 // nonce only if nonce
110 // OPTIONAL acr,amr,azp 111 // OPTIONAL acr,amr,azp
111 subject = GNUNET_STRINGS_data_to_string_alloc (sub_key, 112 subject = GNUNET_STRINGS_data_to_string_alloc (
112 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 113 sub_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
113 audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, 114 audience = GNUNET_STRINGS_data_to_string_alloc (
114 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); 115 aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
115 header = create_jwt_header (); 116 header = create_jwt_header ();
116 body = json_object (); 117 body = json_object ();
117 118
118 //iss REQUIRED case sensitive server uri with https 119 // iss REQUIRED case sensitive server uri with https
119 //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) 120 // The issuer is the local reclaim instance (e.g.
120 json_object_set_new (body, 121 // https://reclaim.id/api/openid)
121 "iss", json_string (SERVER_ADDRESS)); 122 json_object_set_new (body, "iss", json_string (SERVER_ADDRESS));
122 //sub REQUIRED public key identity, not exceed 255 ASCII length 123 // sub REQUIRED public key identity, not exceed 255 ASCII length
123 json_object_set_new (body, 124 json_object_set_new (body, "sub", json_string (subject));
124 "sub", json_string (subject)); 125 // aud REQUIRED public key client_id must be there
125 //aud REQUIRED public key client_id must be there 126 json_object_set_new (body, "aud", json_string (audience));
126 json_object_set_new (body, 127 // iat
127 "aud", json_string (audience)); 128 json_object_set_new (body, "iat",
128 //iat 129 json_integer (time_now.abs_value_us / (1000 * 1000)));
129 json_object_set_new (body, 130 // exp
130 "iat", json_integer (time_now.abs_value_us / (1000*1000))); 131 json_object_set_new (body, "exp",
131 //exp 132 json_integer (exp_time.abs_value_us / (1000 * 1000)));
132 json_object_set_new (body, 133 // nbf
133 "exp", json_integer (exp_time.abs_value_us / (1000*1000))); 134 json_object_set_new (body, "nbf",
134 //nbf 135 json_integer (time_now.abs_value_us / (1000 * 1000)));
135 json_object_set_new (body, 136 // nonce
136 "nbf", json_integer (time_now.abs_value_us / (1000*1000)));
137 //nonce
138 if (NULL != nonce) 137 if (NULL != nonce)
139 json_object_set_new (body, 138 json_object_set_new (body, "nonce", json_string (nonce));
140 "nonce", json_string (nonce)); 139
141 140 for (le = attrs->list_head; NULL != le; le = le->next) {
142 for (le = attrs->list_head; NULL != le; le = le->next) 141 attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (
143 { 142 le->claim->type, le->claim->data, le->claim->data_size);
144 attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, 143 json_object_set_new (body, le->claim->name, json_string (attr_val_str));
145 le->claim->data,
146 le->claim->data_size);
147 json_object_set_new (body,
148 le->claim->name,
149 json_string (attr_val_str));
150 GNUNET_free (attr_val_str); 144 GNUNET_free (attr_val_str);
151 } 145 }
152 body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT); 146 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
153 json_decref (body); 147 json_decref (body);
154 148
155 GNUNET_STRINGS_base64_encode (header, 149 GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64);
156 strlen (header), 150 fix_base64 (header_base64);
157 &header_base64);
158 fix_base64(header_base64);
159 151
160 GNUNET_STRINGS_base64_encode (body_str, 152 GNUNET_STRINGS_base64_encode (body_str, strlen (body_str), &body_base64);
161 strlen (body_str), 153 fix_base64 (body_base64);
162 &body_base64);
163 fix_base64(body_base64);
164 154
165 GNUNET_free (subject); 155 GNUNET_free (subject);
166 GNUNET_free (audience); 156 GNUNET_free (audience);
@@ -170,14 +160,15 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
170 * standards compliant, check. 160 * standards compliant, check.
171 */ 161 */
172 GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); 162 GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
173 GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature); 163 GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target,
174 GNUNET_STRINGS_base64_encode ((const char*)&signature, 164 strlen (signature_target), &signature);
165 GNUNET_STRINGS_base64_encode ((const char *)&signature,
175 sizeof (struct GNUNET_HashCode), 166 sizeof (struct GNUNET_HashCode),
176 &signature_base64); 167 &signature_base64);
177 fix_base64(signature_base64); 168 fix_base64 (signature_base64);
178 169
179 GNUNET_asprintf (&result, "%s.%s.%s", 170 GNUNET_asprintf (&result, "%s.%s.%s", header_base64, body_base64,
180 header_base64, body_base64, signature_base64); 171 signature_base64);
181 172
182 GNUNET_free (signature_target); 173 GNUNET_free (signature_target);
183 GNUNET_free (header); 174 GNUNET_free (header);
@@ -196,10 +187,10 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
196 * @param nonce the nonce to include in the code 187 * @param nonce the nonce to include in the code
197 * @return a new authorization code (caller must free) 188 * @return a new authorization code (caller must free)
198 */ 189 */
199char* 190char *
200OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, 191OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
201 const struct GNUNET_RECLAIM_Ticket *ticket, 192 const struct GNUNET_RECLAIM_Ticket *ticket,
202 const char* nonce) 193 const char *nonce)
203{ 194{
204 char *ticket_str; 195 char *ticket_str;
205 json_t *code_json; 196 json_t *code_json;
@@ -214,42 +205,32 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
214 if (NULL != nonce) 205 if (NULL != nonce)
215 signature_payload_len += strlen (nonce); 206 signature_payload_len += strlen (nonce);
216 207
217 signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); 208 signature_payload =
209 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
210 signature_payload_len);
218 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload; 211 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload;
219 purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); 212 purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
213 signature_payload_len);
220 purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); 214 purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
221 memcpy (&purpose[1], 215 memcpy (&purpose[1], ticket, sizeof (struct GNUNET_RECLAIM_Ticket));
222 ticket,
223 sizeof (struct GNUNET_RECLAIM_Ticket));
224 if (NULL != nonce) 216 if (NULL != nonce)
225 memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket), 217 memcpy (((char *)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
226 nonce, 218 nonce, strlen (nonce));
227 strlen (nonce)); 219 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, purpose, &signature)) {
228 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer,
229 purpose,
230 &signature))
231 {
232 GNUNET_free (signature_payload); 220 GNUNET_free (signature_payload);
233 return NULL; 221 return NULL;
234 } 222 }
235 signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature, 223 signature_str =
236 sizeof (signature)); 224 GNUNET_STRINGS_data_to_string_alloc (&signature, sizeof (signature));
237 ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, 225 ticket_str = GNUNET_STRINGS_data_to_string_alloc (
238 sizeof (struct GNUNET_RECLAIM_Ticket)); 226 ticket, sizeof (struct GNUNET_RECLAIM_Ticket));
239 227
240 code_json = json_object (); 228 code_json = json_object ();
241 json_object_set_new (code_json, 229 json_object_set_new (code_json, "ticket", json_string (ticket_str));
242 "ticket",
243 json_string (ticket_str));
244 if (NULL != nonce) 230 if (NULL != nonce)
245 json_object_set_new (code_json, 231 json_object_set_new (code_json, "nonce", json_string (nonce));
246 "nonce", 232 json_object_set_new (code_json, "signature", json_string (signature_str));
247 json_string (nonce)); 233 authz_code = json_dumps (code_json, JSON_INDENT (0) | JSON_COMPACT);
248 json_object_set_new (code_json,
249 "signature",
250 json_string (signature_str));
251 authz_code = json_dumps (code_json,
252 JSON_INDENT(0) | JSON_COMPACT);
253 GNUNET_free (signature_payload); 234 GNUNET_free (signature_payload);
254 GNUNET_free (signature_str); 235 GNUNET_free (signature_str);
255 GNUNET_free (ticket_str); 236 GNUNET_free (ticket_str);
@@ -258,8 +239,6 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
258} 239}
259 240
260 241
261
262
263/** 242/**
264 * Parse reclaim ticket and nonce from 243 * Parse reclaim ticket and nonce from
265 * authorization code. 244 * authorization code.
@@ -273,8 +252,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
273 */ 252 */
274int 253int
275OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, 254OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
276 const char* code, 255 const char *code, struct GNUNET_RECLAIM_Ticket **ticket,
277 struct GNUNET_RECLAIM_Ticket **ticket,
278 char **nonce) 256 char **nonce)
279{ 257{
280 json_error_t error; 258 json_error_t error;
@@ -290,11 +268,9 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
290 struct GNUNET_CRYPTO_EcdsaSignature signature; 268 struct GNUNET_CRYPTO_EcdsaSignature signature;
291 size_t signature_payload_len; 269 size_t signature_payload_len;
292 270
293 code_output = NULL; 271 code_output = NULL;
294 GNUNET_STRINGS_base64_decode (code, 272 GNUNET_STRINGS_base64_decode (code, strlen (code), (void **)&code_output);
295 strlen(code), 273 code_json = json_loads (code_output, 0, &error);
296 (void**)&code_output);
297 code_json = json_loads (code_output, 0 , &error);
298 GNUNET_free (code_output); 274 GNUNET_free (code_output);
299 ticket_json = json_object_get (code_json, "ticket"); 275 ticket_json = json_object_get (code_json, "ticket");
300 nonce_json = json_object_get (code_json, "nonce"); 276 nonce_json = json_object_get (code_json, "nonce");
@@ -303,8 +279,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
303 *nonce = NULL; 279 *nonce = NULL;
304 280
305 if ((NULL == ticket_json || !json_is_string (ticket_json)) || 281 if ((NULL == ticket_json || !json_is_string (ticket_json)) ||
306 (NULL == signature_json || !json_is_string (signature_json))) 282 (NULL == signature_json || !json_is_string (signature_json))) {
307 {
308 json_decref (code_json); 283 json_decref (code_json);
309 return GNUNET_SYSERR; 284 return GNUNET_SYSERR;
310 } 285 }
@@ -318,38 +293,29 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
318 signature_payload_len += strlen (nonce_str); 293 signature_payload_len += strlen (nonce_str);
319 purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + 294 purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
320 signature_payload_len); 295 signature_payload_len);
321 purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); 296 purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
297 signature_payload_len);
322 purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); 298 purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
323 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str, 299 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (
324 strlen (ticket_str), 300 ticket_str, strlen (ticket_str), &purpose[1],
325 &purpose[1], 301 sizeof (struct GNUNET_RECLAIM_Ticket))) {
326 sizeof (struct GNUNET_RECLAIM_Ticket)))
327 {
328 GNUNET_free (purpose); 302 GNUNET_free (purpose);
329 json_decref (code_json); 303 json_decref (code_json);
330 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 304 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Cannot parse ticket!\n");
331 "Cannot parse ticket!\n");
332 return GNUNET_SYSERR; 305 return GNUNET_SYSERR;
333 } 306 }
334 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str, 307 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (
335 strlen (signature_str), 308 signature_str, strlen (signature_str), &signature,
336 &signature, 309 sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) {
337 sizeof (struct GNUNET_CRYPTO_EcdsaSignature)))
338 {
339 GNUNET_free (purpose); 310 GNUNET_free (purpose);
340 json_decref (code_json); 311 json_decref (code_json);
341 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 312 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Cannot parse signature!\n");
342 "Cannot parse signature!\n");
343 return GNUNET_SYSERR; 313 return GNUNET_SYSERR;
344 } 314 }
345 *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); 315 *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
346 memcpy (*ticket, 316 memcpy (*ticket, &purpose[1], sizeof (struct GNUNET_RECLAIM_Ticket));
347 &purpose[1], 317 if (0 != memcmp (audience, &(*ticket)->audience,
348 sizeof (struct GNUNET_RECLAIM_Ticket)); 318 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) {
349 if (0 != memcmp (audience,
350 &(*ticket)->audience,
351 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
352 {
353 GNUNET_free (purpose); 319 GNUNET_free (purpose);
354 GNUNET_free (*ticket); 320 GNUNET_free (*ticket);
355 json_decref (code_json); 321 json_decref (code_json);
@@ -357,23 +323,18 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
357 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 323 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
358 "Audience in ticket does not match client!\n"); 324 "Audience in ticket does not match client!\n");
359 return GNUNET_SYSERR; 325 return GNUNET_SYSERR;
360
361 } 326 }
362 if (NULL != nonce_str) 327 if (NULL != nonce_str)
363 memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket), 328 memcpy (((char *)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
364 nonce_str, 329 nonce_str, strlen (nonce_str));
365 strlen (nonce_str)); 330 if (GNUNET_OK !=
366 if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, 331 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
367 purpose, 332 purpose, &signature, &(*ticket)->identity)) {
368 &signature,
369 &(*ticket)->identity))
370 {
371 GNUNET_free (purpose); 333 GNUNET_free (purpose);
372 GNUNET_free (*ticket); 334 GNUNET_free (*ticket);
373 json_decref (code_json); 335 json_decref (code_json);
374 *ticket = NULL; 336 *ticket = NULL;
375 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 337 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of authZ code invalid!\n");
376 "Signature of authZ code invalid!\n");
377 return GNUNET_SYSERR; 338 return GNUNET_SYSERR;
378 } 339 }
379 *nonce = GNUNET_strdup (nonce_str); 340 *nonce = GNUNET_strdup (nonce_str);
@@ -390,8 +351,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
390 * @param token_response where to store the response 351 * @param token_response where to store the response
391 */ 352 */
392void 353void
393OIDC_build_token_response (const char *access_token, 354OIDC_build_token_response (const char *access_token, const char *id_token,
394 const char *id_token,
395 const struct GNUNET_TIME_Relative *expiration_time, 355 const struct GNUNET_TIME_Relative *expiration_time,
396 char **token_response) 356 char **token_response)
397{ 357{
@@ -402,35 +362,30 @@ OIDC_build_token_response (const char *access_token,
402 GNUNET_assert (NULL != access_token); 362 GNUNET_assert (NULL != access_token);
403 GNUNET_assert (NULL != id_token); 363 GNUNET_assert (NULL != id_token);
404 GNUNET_assert (NULL != expiration_time); 364 GNUNET_assert (NULL != expiration_time);
405 json_object_set_new (root_json, 365 json_object_set_new (root_json, "access_token", json_string (access_token));
406 "access_token", 366 json_object_set_new (root_json, "token_type", json_string ("Bearer"));
407 json_string (access_token)); 367 json_object_set_new (
408 json_object_set_new (root_json, 368 root_json, "expires_in",
409 "token_type", 369 json_integer (expiration_time->rel_value_us / (1000 * 1000)));
410 json_string ("Bearer")); 370 json_object_set_new (root_json, "id_token", json_string (id_token));
411 json_object_set_new (root_json, 371 *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
412 "expires_in",
413 json_integer (expiration_time->rel_value_us / (1000 * 1000)));
414 json_object_set_new (root_json,
415 "id_token",
416 json_string (id_token));
417 *token_response = json_dumps (root_json,
418 JSON_INDENT(0) | JSON_COMPACT);
419 json_decref (root_json); 372 json_decref (root_json);
420} 373}
421 374
422/** 375/**
423 * Generate a new access token 376 * Generate a new access token
424 */ 377 */
425char* 378char *
426OIDC_access_token_new () 379OIDC_access_token_new ()
427{ 380{
428 char* access_token_number; 381 char *access_token_number;
429 char* access_token; 382 char *access_token;
430 uint64_t random_number; 383 uint64_t random_number;
431 384
432 random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); 385 random_number =
386 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
433 GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number); 387 GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number);
434 GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); 388 GNUNET_STRINGS_base64_encode (access_token_number,
389 strlen (access_token_number), &access_token);
435 return access_token; 390 return access_token;
436} 391}