diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-09 15:41:15 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-09 15:41:15 +0100 |
commit | afb2171eb752d82918048b393fda6f01f863b49a (patch) | |
tree | 6e811fa5d4175a9bbb8cb76f5ebcd60c36e8cd30 /src | |
parent | f0a84723fae7454cdefbc1c0125da71732c5242d (diff) | |
download | gnunet-afb2171eb752d82918048b393fda6f01f863b49a.tar.gz gnunet-afb2171eb752d82918048b393fda6f01f863b49a.zip |
-wip post request testing required and namestore handle fix required
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 120 |
1 files changed, 53 insertions, 67 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 9d61ac92b..ac9d2bd08 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -165,8 +165,6 @@ char* OIDC_ignored_parameter_array [] = | |||
165 | "acr_values" | 165 | "acr_values" |
166 | }; | 166 | }; |
167 | 167 | ||
168 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | ||
169 | |||
170 | /** | 168 | /** |
171 | * OIDC authorized identities and times hashmap | 169 | * OIDC authorized identities and times hashmap |
172 | */ | 170 | */ |
@@ -259,6 +257,10 @@ struct RequestHandle | |||
259 | */ | 257 | */ |
260 | struct GNUNET_REST_RequestHandle *rest_handle; | 258 | struct GNUNET_REST_RequestHandle *rest_handle; |
261 | 259 | ||
260 | /** | ||
261 | * Zone connection | ||
262 | */ | ||
263 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | ||
262 | 264 | ||
263 | /** | 265 | /** |
264 | * IDENTITY Operation | 266 | * IDENTITY Operation |
@@ -1139,8 +1141,8 @@ zone_to_name_error (void *cls) | |||
1139 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1141 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
1140 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1142 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1141 | 1143 | ||
1142 | GNUNET_NAMESTORE_disconnect (namestore_handle); | 1144 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
1143 | namestore_handle = NULL; | 1145 | handle->namestore_handle = NULL; |
1144 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1146 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1145 | } | 1147 | } |
1146 | 1148 | ||
@@ -1154,7 +1156,7 @@ zone_to_name_error (void *cls) | |||
1154 | * @param rd array of records with data to store | 1156 | * @param rd array of records with data to store |
1155 | */ | 1157 | */ |
1156 | static void | 1158 | static void |
1157 | zone_to_name_cb (void *cls, | 1159 | zone_to_name_get_cb (void *cls, |
1158 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, | 1160 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, |
1159 | const char *name, | 1161 | const char *name, |
1160 | unsigned int rd_count, | 1162 | unsigned int rd_count, |
@@ -1168,15 +1170,15 @@ zone_to_name_cb (void *cls, | |||
1168 | handle->emsg = GNUNET_strdup("unauthorized_client"); | 1170 | handle->emsg = GNUNET_strdup("unauthorized_client"); |
1169 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1171 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1170 | 1172 | ||
1171 | GNUNET_NAMESTORE_disconnect (namestore_handle); | 1173 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
1172 | namestore_handle = NULL; | 1174 | handle->namestore_handle = NULL; |
1173 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1175 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1174 | return; | 1176 | return; |
1175 | } | 1177 | } |
1176 | } | 1178 | } |
1177 | 1179 | ||
1178 | /** | 1180 | /** |
1179 | * Respond to authorization request | 1181 | * Respond to authorization GET request |
1180 | * | 1182 | * |
1181 | * @param con_handle the connection handle | 1183 | * @param con_handle the connection handle |
1182 | * @param url the url | 1184 | * @param url the url |
@@ -1243,11 +1245,12 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1243 | } | 1245 | } |
1244 | 1246 | ||
1245 | // Checks if client_id is valid: | 1247 | // Checks if client_id is valid: |
1246 | namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 1248 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); |
1247 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1249 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1248 | GNUNET_NAMESTORE_zone_to_name (namestore_handle, zone_pkey, &pubkey, | 1250 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey, |
1249 | zone_to_name_error, handle, zone_to_name_cb, | 1251 | zone_to_name_error, handle, zone_to_name_get_cb, |
1250 | handle); | 1252 | handle); |
1253 | return; | ||
1251 | 1254 | ||
1252 | // REQUIRED value: redirect_uri | 1255 | // REQUIRED value: redirect_uri |
1253 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1256 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
@@ -1331,7 +1334,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1331 | &cache_key)) | 1334 | &cache_key)) |
1332 | { | 1335 | { |
1333 | handle->emsg=GNUNET_strdup("access_denied"); | 1336 | handle->emsg=GNUNET_strdup("access_denied"); |
1334 | GNUNET_asprintf (*handle->edesc, "Server will not handle parameter: %s", | 1337 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
1335 | OIDC_ignored_parameter_array[iterator]); | 1338 | OIDC_ignored_parameter_array[iterator]); |
1336 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1339 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1337 | return; | 1340 | return; |
@@ -1469,7 +1472,7 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1469 | } | 1472 | } |
1470 | 1473 | ||
1471 | /** | 1474 | /** |
1472 | * Respond to authorization request | 1475 | * Respond to authorization POST request |
1473 | * | 1476 | * |
1474 | * @param con_handle the connection handle | 1477 | * @param con_handle the connection handle |
1475 | * @param url the url | 1478 | * @param url the url |
@@ -1498,39 +1501,36 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1498 | 1501 | ||
1499 | struct MHD_Response *resp; | 1502 | struct MHD_Response *resp; |
1500 | struct RequestHandle *handle = cls; | 1503 | struct RequestHandle *handle = cls; |
1501 | char *response_type; | 1504 | const char *response_type; |
1502 | char *client_id; | 1505 | const char *client_id; |
1503 | char *scope; | 1506 | char *scope; |
1504 | char *redirect_uri; | 1507 | const char *redirect_uri; |
1505 | char *expected_redirect_uri; | 1508 | const char *state = NULL; |
1506 | char *state = NULL; | 1509 | const char *nonce = NULL; |
1507 | char *nonce = NULL; | ||
1508 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 1510 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
1509 | char *login_base_url, *new_redirect; | 1511 | char *login_base_url; |
1510 | struct GNUNET_HashCode cache_key; | 1512 | char *new_redirect; |
1513 | char *expected_redirect_uri; | ||
1514 | json_t *cache_object; | ||
1511 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_pkey; | 1515 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_pkey; |
1512 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; | 1516 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; |
1517 | struct GNUNET_HashCode cache_key; | ||
1513 | int number_of_ignored_parameter, iterator; | 1518 | int number_of_ignored_parameter, iterator; |
1514 | 1519 | ||
1515 | json_t *root; | 1520 | json_t *root; |
1516 | json_error_t error; | 1521 | json_error_t error; |
1517 | json_t *identity; | ||
1518 | root = json_loads (handle->rest_handle->data, 0, &error); | 1522 | root = json_loads (handle->rest_handle->data, 0, &error); |
1519 | client_id = json_object_get (root, OIDC_CLIENT_ID_KEY); | ||
1520 | 1523 | ||
1521 | // REQUIRED value: client_id | 1524 | // REQUIRED value: client_id |
1522 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | 1525 | cache_object = json_object_get (root, OIDC_CLIENT_ID_KEY); |
1523 | &cache_key); | 1526 | if( NULL==cache_object || !json_is_string(cache_object)) |
1524 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1525 | &cache_key)) | ||
1526 | { | 1527 | { |
1527 | handle->emsg=GNUNET_strdup("invalid_request"); | 1528 | handle->emsg=GNUNET_strdup("invalid_request"); |
1528 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | 1529 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); |
1529 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1530 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1530 | return; | 1531 | return; |
1531 | } | 1532 | } |
1532 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1533 | client_id = json_string_value(cache_object); |
1533 | &cache_key); | ||
1534 | if ( GNUNET_OK | 1534 | if ( GNUNET_OK |
1535 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, | 1535 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (client_id, |
1536 | strlen (client_id), | 1536 | strlen (client_id), |
@@ -1542,25 +1542,23 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1542 | } | 1542 | } |
1543 | 1543 | ||
1544 | // Checks if client_id is valid: | 1544 | // Checks if client_id is valid: |
1545 | namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 1545 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); |
1546 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | 1546 | zone_pkey = GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1547 | GNUNET_NAMESTORE_zone_to_name (namestore_handle, zone_pkey, &pubkey, | 1547 | //TODO: fix |
1548 | zone_to_name_error, handle, zone_to_name_cb, | 1548 | // GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, zone_pkey, &pubkey, |
1549 | handle); | 1549 | // zone_to_name_error, handle, zone_to_name_cb, |
1550 | // handle); | ||
1550 | 1551 | ||
1551 | // REQUIRED value: redirect_uri | 1552 | // REQUIRED value: redirect_uri |
1552 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1553 | cache_object = json_object_get (root, OIDC_REDIRECT_URI_KEY); |
1553 | &cache_key); | 1554 | if( NULL==cache_object || !json_is_string(cache_object)) |
1554 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1555 | &cache_key)) | ||
1556 | { | 1555 | { |
1557 | handle->emsg=GNUNET_strdup("invalid_request"); | 1556 | handle->emsg=GNUNET_strdup("invalid_request"); |
1558 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); | 1557 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); |
1559 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1558 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1560 | return; | 1559 | return; |
1561 | } | 1560 | } |
1562 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1561 | redirect_uri = json_string_value(cache_object); |
1563 | &cache_key); | ||
1564 | 1562 | ||
1565 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); | 1563 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); |
1566 | 1564 | ||
@@ -1576,61 +1574,50 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1576 | handle->eredirect = GNUNET_strdup(redirect_uri); | 1574 | handle->eredirect = GNUNET_strdup(redirect_uri); |
1577 | 1575 | ||
1578 | // REQUIRED value: response_type | 1576 | // REQUIRED value: response_type |
1579 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1577 | cache_object = json_object_get (root, OIDC_RESPONSE_TYPE_KEY); |
1580 | &cache_key); | 1578 | if( NULL==cache_object || !json_is_string(cache_object)) |
1581 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1582 | &cache_key)) | ||
1583 | { | 1579 | { |
1584 | handle->emsg=GNUNET_strdup("invalid_request"); | 1580 | handle->emsg=GNUNET_strdup("invalid_request"); |
1585 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); | 1581 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); |
1586 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1582 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1587 | return; | 1583 | return; |
1588 | } | 1584 | } |
1589 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1585 | response_type = json_string_value(cache_object); |
1590 | &cache_key); | ||
1591 | 1586 | ||
1592 | // REQUIRED value: scope | 1587 | // REQUIRED value: scope |
1593 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); | 1588 | cache_object = json_object_get (root, OIDC_SCOPE_KEY); |
1594 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1589 | if( NULL==cache_object || !json_is_string(cache_object)) |
1595 | &cache_key)) | ||
1596 | { | 1590 | { |
1597 | handle->emsg=GNUNET_strdup("invalid_request"); | 1591 | handle->emsg=GNUNET_strdup("invalid_request"); |
1598 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); | 1592 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); |
1599 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1593 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1600 | return; | 1594 | return; |
1601 | } | 1595 | } |
1602 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1596 | scope = json_string_value(cache_object); |
1603 | &cache_key); | ||
1604 | 1597 | ||
1605 | //RECOMMENDED value: state | 1598 | //RECOMMENDED value: state |
1606 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1599 | cache_object = json_object_get (root, OIDC_STATE_KEY); |
1607 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1600 | if( NULL!=cache_object || json_is_string(cache_object)) |
1608 | &cache_key)) | ||
1609 | { | 1601 | { |
1610 | state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1602 | state = json_string_value(cache_object); |
1611 | &cache_key); | ||
1612 | } | 1603 | } |
1613 | 1604 | ||
1614 | //OPTIONAL value: nonce | 1605 | //OPTIONAL value: nonce |
1615 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | 1606 | cache_object = json_object_get (root, OIDC_NONCE_KEY); |
1616 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1607 | if( NULL!=cache_object || json_is_string(cache_object)) |
1617 | &cache_key)) | ||
1618 | { | 1608 | { |
1619 | nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1609 | nonce = json_string_value(cache_object); |
1620 | &cache_key); | ||
1621 | } | 1610 | } |
1622 | 1611 | ||
1612 | //TODO check other values and use them accordingly | ||
1623 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1613 | number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
1624 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) | 1614 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
1625 | { | 1615 | { |
1626 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1616 | cache_object = json_object_get (root, OIDC_ignored_parameter_array[iterator]); |
1627 | strlen(OIDC_ignored_parameter_array[iterator]), | 1617 | if(json_is_string(cache_object)) |
1628 | &cache_key); | ||
1629 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | ||
1630 | &cache_key)) | ||
1631 | { | 1618 | { |
1632 | handle->emsg=GNUNET_strdup("access_denied"); | 1619 | handle->emsg=GNUNET_strdup("access_denied"); |
1633 | GNUNET_asprintf (*handle->edesc, "Server will not handle parameter: %s", | 1620 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
1634 | OIDC_ignored_parameter_array[iterator]); | 1621 | OIDC_ignored_parameter_array[iterator]); |
1635 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1622 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1636 | return; | 1623 | return; |
@@ -1656,7 +1643,6 @@ authorize_post_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1656 | return; | 1643 | return; |
1657 | } | 1644 | } |
1658 | 1645 | ||
1659 | //TODO check other values and use them accordingly | ||
1660 | 1646 | ||
1661 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 1647 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), |
1662 | &cache_key); | 1648 | &cache_key); |