diff options
| author | Phil <phil.buschmann@tum.de> | 2018-01-09 15:41:15 +0100 |
|---|---|---|
| committer | Phil <phil.buschmann@tum.de> | 2018-01-09 15:41:15 +0100 |
| commit | afb2171eb752d82918048b393fda6f01f863b49a (patch) | |
| tree | 6e811fa5d4175a9bbb8cb76f5ebcd60c36e8cd30 /src | |
| parent | f0a84723fae7454cdefbc1c0125da71732c5242d (diff) | |
| download | gnunet-afb2171eb752d82918048b393fda6f01f863b49a.tar.gz gnunet-afb2171eb752d82918048b393fda6f01f863b49a.zip | |
-wip post request testing required and namestore handle fix required
Diffstat (limited to 'src')
| -rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 120 |
1 files changed, 53 insertions, 67 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 9d61ac92b..ac9d2bd08 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
| @@ -165,8 +165,6 @@ char* OIDC_ignored_parameter_array [] = | |||
| 165 | "acr_values" | 165 | "acr_values" |
| 166 | }; | 166 | }; |
| 167 | 167 | ||
| 168 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | ||
| 169 | |||
| 170 | /** | 168 | /** |
| 171 | * OIDC authorized identities and times hashmap | 169 | * OIDC authorized identities and times hashmap |
| 172 | */ | 170 | */ |
| @@ -259,6 +257,10 @@ struct RequestHandle | |||
| 259 | */ | 257 | */ |
| 260 | struct GNUNET_REST_RequestHandle *rest_handle; | 258 | struct GNUNET_REST_RequestHandle *rest_handle; |
| 261 | 259 | ||
| 260 | /** | ||
| 261 | * Zone connection | ||
| 262 | */ | ||
| 263 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | ||
| 262 | 264 | ||
| 263 | /** | 265 | /** |
| 264 | * IDENTITY Operation | 266 | * IDENTITY Operation |
| @@ -1139,8 +1141,8 @@ zone_to_name_error (void *cls) | |||
| 1139 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1141 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
| 1140 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1142 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
| 1141 | 1143 | ||
| 1142 | GNUNET_NAMESTORE_disconnect (namestore_handle); | 1144 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
| 1143 | namestore_handle = NULL; | 1145 | handle->namestore_handle = NULL; |
| 1144 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1146 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 1145 | } | 1147 | } |
| 1146 | 1148 | ||
| @@ -1154,7 +1156,7 @@ zone_to_name_error (void *cls) | |||
| 1154 | * @param rd array of records with data to store | 1156 | * @param rd array of records with data to store |
| 1155 | */ | 1157 | */ |
| 1156 | static void | 1158 | static void |
| 1157 | zone_to_name_cb (void *cls, | 1159 | zone_to_name_get_cb (void *cls, |
| 1158 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, | 1160 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, |
| 1159 | const char *name, | 1161 | const char *name, |
| 1160 | unsigned int rd_count, | 1162 | unsigned int rd_count, |
| @@ -1168,15 +1170,15 @@ zone_to_name_cb (void *cls, | |||
| 1168 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1170 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
| 1169 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1171 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
| 1170 | 1172 | ||
| 1171 | GNUNET_NAMESTORE_disconnect (namestore_handle); | 1173 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
| 1172 | namestore_handle = NULL; | 1174 | handle->namestore_handle = NULL; |
| 1173 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1175 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 1174 | return; | 1176 | return; |
| 1175 | } | 1177 | } |
| 1176 | } | 1178 | } |
| 1177 | 1179 | ||
| 1178 | /** | 1180 | /** |
| 1179 | * Respond to authorization request | 1181 | * Respond to authorization GET request |
| 1180 | * | 1182 | * |
| 1181 | * @param con_handle the connection handle | 1183 | * @param con_handle the connection handle |
| 1182 | * @param url the url | 1184 | * @param url the url |
| @@ -1243,11 +1245,12 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1243 | } | 1245 | } |
| 1244 | 1246 | ||
| 1245 | // Checks if client_id is valid: | 1247 | // Checks if client_id is valid: |
| 1246 | namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 1248 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); |
| 1247 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1249 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
| 1248 | GNUNET_NAMESTORE_zone_to_name (namestore_handle, zone_pkey, &pubkey, | 1250 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey, |
| 1249 | zone_to_name_error, handle, zone_to_name_cb, | 1251 | zone_to_name_error, handle, zone_to_name_get_cb, |
| 1250 | handle); | 1252 | handle); |
| 1253 | return; | ||
| 1251 | 1254 | ||
| 1252 | // REQUIRED value: redirect_uri | 1255 | // REQUIRED value: redirect_uri |
| 1253 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1256 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
| @@ -1331,7 +1334,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1331 | &cache_key)) | 1334 | &cache_key)) |
| 1332 | { | 1335 | { |
| 1333 | handle->emsg=GNUNET_strdup("access_denied"); | 1336 | handle->emsg=GNUNET_strdup("access_denied"); |
| 1334 | GNUNET_asprintf (*handle->edesc, "Server will not handle parameter: %s", | 1337 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
| 1335 | OIDC_ignored_parameter_array[iterator]); | 1338 | OIDC_ignored_parameter_array[iterator]); |
| 1336 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1339 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
| 1337 | return; | 1340 | return; |
| @@ -1469,7 +1472,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1469 | } | 1472 | } |
| 1470 | 1473 | ||
| 1471 | /** | 1474 | /** |
| 1472 | * Respond to authorization request | 1475 | * Respond to authorization POST request |
| 1473 | * | 1476 | * |
| 1474 | * @param con_handle the connection handle | 1477 | * @param con_handle the connection handle |
| 1475 | * @param url the url | 1478 | * @param url the url |
| @@ -1498,39 +1501,36 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1498 | 1501 | ||
| 1499 | struct MHD_Response *resp; | 1502 | struct MHD_Response *resp; |
| 1500 | struct RequestHandle *handle = cls; | 1503 | struct RequestHandle *handle = cls; |
| 1501 | char *response_type; | 1504 | const char *response_type; |
| 1502 | char *client_id; | 1505 | const char *client_id; |
| 1503 | char *scope; | 1506 | char *scope; |
| 1504 | char *redirect_uri; | 1507 | const char *redirect_uri; |
| 1505 | char *expected_redirect_uri; | 1508 | const char *state = NULL; |
| 1506 | char *state = NULL; | 1509 | const char *nonce = NULL; |
| 1507 | char *nonce = NULL; | ||
| 1508 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 1510 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
| 1509 | char *login_base_url, *new_redirect; | 1511 | char *login_base_url; |
| 1510 | struct GNUNET_HashCode cache_key; | 1512 | char *new_redirect; |
| 1513 | char *expected_redirect_uri; | ||
| 1514 | json_t *cache_object; | ||
| 1511 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_pkey; | 1515 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_pkey; |
| 1512 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; | 1516 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; |
| 1517 | struct GNUNET_HashCode cache_key; | ||
| 1513 | int number_of_ignored_parameter, iterator; | 1518 | int number_of_ignored_parameter, iterator; |
| 1514 | 1519 | ||
| 1515 | json_t *root; | 1520 | json_t *root; |
| 1516 | json_error_t error; | 1521 | json_error_t error; |
| 1517 | json_t *identity; | ||
| 1518 | root = json_loads (handle->rest_handle->data, 0, &error); | 1522 | root = json_loads (handle->rest_handle->data, 0, &error); |
| 1519 | client_id = json_object_get (root, OIDC_CLIENT_ID_KEY); | ||
| 1520 | 1523 | ||
| 1521 | // REQUIRED value: client_id | 1524 | // REQUIRED value: client_id |
| 1522 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | 1525 | cache_object = json_object_get (root, OIDC_CLIENT_ID_KEY); |
| 1523 | &cache_key); | 1526 | if( NULL==cache_object || !json_is_string(cache_object)) |
| 1524 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
| 1525 | &cache_key)) | ||
| 1526 | { | 1527 | { |
| 1527 | handle->emsg=GNUNET_strdup("invalid_request"); | 1528 | handle->emsg=GNUNET_strdup("invalid_request"); |
| 1528 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | 1529 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); |
| 1529 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1530 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 1530 | return; | 1531 | return; |
| 1531 | } | 1532 | } |
| 1532 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1533 | client_id = json_string_value(cache_object); |
| 1533 | &cache_key); | ||
| 1534 | if ( GNUNET_OK | 1534 | if ( GNUNET_OK |
| 1535 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, | 1535 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, |
| 1536 | strlen (client_id), | 1536 | strlen (client_id), |
| @@ -1542,25 +1542,23 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1542 | } | 1542 | } |
| 1543 | 1543 | ||
| 1544 | // Checks if client_id is valid: | 1544 | // Checks if client_id is valid: |
| 1545 | namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 1545 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); |
| 1546 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1546 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
| 1547 | GNUNET_NAMESTORE_zone_to_name (namestore_handle, zone_pkey, &pubkey, | 1547 | //TODO: fix |
| 1548 | zone_to_name_error, handle, zone_to_name_cb, | 1548 | // GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey, |
| 1549 | handle); | 1549 | // zone_to_name_error, handle, zone_to_name_cb, |
| 1550 | // handle); | ||
| 1550 | 1551 | ||
| 1551 | // REQUIRED value: redirect_uri | 1552 | // REQUIRED value: redirect_uri |
| 1552 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1553 | cache_object = json_object_get (root, OIDC_REDIRECT_URI_KEY); |
| 1553 | &cache_key); | 1554 | if( NULL==cache_object || !json_is_string(cache_object)) |
| 1554 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
| 1555 | &cache_key)) | ||
| 1556 | { | 1555 | { |
| 1557 | handle->emsg=GNUNET_strdup("invalid_request"); | 1556 | handle->emsg=GNUNET_strdup("invalid_request"); |
| 1558 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); | 1557 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); |
| 1559 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1558 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 1560 | return; | 1559 | return; |
| 1561 | } | 1560 | } |
| 1562 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1561 | redirect_uri = json_string_value(cache_object); |
| 1563 | &cache_key); | ||
| 1564 | 1562 | ||
| 1565 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); | 1563 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); |
| 1566 | 1564 | ||
| @@ -1576,61 +1574,50 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1576 | handle->eredirect = GNUNET_strdup(redirect_uri); | 1574 | handle->eredirect = GNUNET_strdup(redirect_uri); |
| 1577 | 1575 | ||
| 1578 | // REQUIRED value: response_type | 1576 | // REQUIRED value: response_type |
| 1579 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1577 | cache_object = json_object_get (root, OIDC_RESPONSE_TYPE_KEY); |
| 1580 | &cache_key); | 1578 | if( NULL==cache_object || !json_is_string(cache_object)) |
| 1581 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
| 1582 | &cache_key)) | ||
| 1583 | { | 1579 | { |
| 1584 | handle->emsg=GNUNET_strdup("invalid_request"); | 1580 | handle->emsg=GNUNET_strdup("invalid_request"); |
| 1585 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); | 1581 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); |
| 1586 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1582 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
| 1587 | return; | 1583 | return; |
| 1588 | } | 1584 | } |
| 1589 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1585 | response_type = json_string_value(cache_object); |
| 1590 | &cache_key); | ||
| 1591 | 1586 | ||
| 1592 | // REQUIRED value: scope | 1587 | // REQUIRED value: scope |
| 1593 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); | 1588 | cache_object = json_object_get (root, OIDC_SCOPE_KEY); |
| 1594 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1589 | if( NULL==cache_object || !json_is_string(cache_object)) |
| 1595 | &cache_key)) | ||
| 1596 | { | 1590 | { |
| 1597 | handle->emsg=GNUNET_strdup("invalid_request"); | 1591 | handle->emsg=GNUNET_strdup("invalid_request"); |
| 1598 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); | 1592 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); |
| 1599 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1593 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
| 1600 | return; | 1594 | return; |
| 1601 | } | 1595 | } |
| 1602 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1596 | scope = json_string_value(cache_object); |
| 1603 | &cache_key); | ||
| 1604 | 1597 | ||
| 1605 | //RECOMMENDED value: state | 1598 | //RECOMMENDED value: state |
| 1606 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1599 | cache_object = json_object_get (root, OIDC_STATE_KEY); |
| 1607 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1600 | if( NULL!=cache_object || json_is_string(cache_object)) |
| 1608 | &cache_key)) | ||
| 1609 | { | 1601 | { |
| 1610 | state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1602 | state = json_string_value(cache_object); |
| 1611 | &cache_key); | ||
| 1612 | } | 1603 | } |
| 1613 | 1604 | ||
| 1614 | //OPTIONAL value: nonce | 1605 | //OPTIONAL value: nonce |
| 1615 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | 1606 | cache_object = json_object_get (root, OIDC_NONCE_KEY); |
| 1616 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1607 | if( NULL!=cache_object || json_is_string(cache_object)) |
| 1617 | &cache_key)) | ||
| 1618 | { | 1608 | { |
| 1619 | nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1609 | nonce = json_string_value(cache_object); |
| 1620 | &cache_key); | ||
| 1621 | } | 1610 | } |
| 1622 | 1611 | ||
| 1612 | //TODO check other values and use them accordingly | ||
| 1623 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1613 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
| 1624 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) | 1614 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
| 1625 | { | 1615 | { |
| 1626 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1616 | cache_object = json_object_get (root, OIDC_ignored_parameter_array[iterator]); |
| 1627 | strlen(OIDC_ignored_parameter_array[iterator]), | 1617 | if(json_is_string(cache_object)) |
| 1628 | &cache_key); | ||
| 1629 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | ||
| 1630 | &cache_key)) | ||
| 1631 | { | 1618 | { |
| 1632 | handle->emsg=GNUNET_strdup("access_denied"); | 1619 | handle->emsg=GNUNET_strdup("access_denied"); |
| 1633 | GNUNET_asprintf (*handle->edesc, "Server will not handle parameter: %s", | 1620 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
| 1634 | OIDC_ignored_parameter_array[iterator]); | 1621 | OIDC_ignored_parameter_array[iterator]); |
| 1635 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1622 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
| 1636 | return; | 1623 | return; |
| @@ -1656,7 +1643,6 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1656 | return; | 1643 | return; |
| 1657 | } | 1644 | } |
| 1658 | 1645 | ||
| 1659 | //TODO check other values and use them accordingly | ||
| 1660 | 1646 | ||
| 1661 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 1647 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), |
| 1662 | &cache_key); | 1648 | &cache_key); |