aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/reclaim/oidc_helper.c65
1 files changed, 46 insertions, 19 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 9878506e8..bcea64b56 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -303,7 +303,6 @@ url_decode (const char *str)
303 return buf; 303 return buf;
304} 304}
305 305
306
307/** 306/**
308 * Returns base64 encoded string urlencoded 307 * Returns base64 encoded string urlencoded
309 * 308 *
@@ -311,15 +310,48 @@ url_decode (const char *str)
311 * @return base64 encoded string 310 * @return base64 encoded string
312 */ 311 */
313static char * 312static char *
314base64_encode (const char *data, size_t data_size) 313base64_and_urlencode (const char *data, size_t data_size)
315{ 314{
316 char *enc; 315 char *enc;
317 char *enc_urlencode; 316 char *urlenc;
318 317
319 GNUNET_STRINGS_base64_encode (data, data_size, &enc); 318 GNUNET_STRINGS_base64_encode (data, data_size, &enc);
320 enc_urlencode = url_encode (enc); 319 urlenc = url_encode (enc);
321 GNUNET_free (enc); 320 GNUNET_free (enc);
322 return enc_urlencode; 321 return enc;
322}
323
324
325
326
327/**
328 * Returns base64 encoded string urlencoded
329 *
330 * @param string the string to encode
331 * @return base64 encoded string
332 */
333static char *
334base64url_encode (const char *data, size_t data_size)
335{
336 char *enc;
337 size_t pos;
338
339 GNUNET_STRINGS_base64_encode (data, data_size, &enc);
340 //Replace with correct characters for base64url
341 pos = 0;
342 while ('\0' != enc[pos])
343 {
344 if ('+' == enc[pos])
345 enc[pos] = '-';
346 if ('/' == enc[pos])
347 enc[pos] = '_';
348 if ('=' == enc[pos])
349 {
350 enc[pos] = '\0';
351 break;
352 }
353 }
354 return enc;
323} 355}
324 356
325 357
@@ -512,11 +544,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
512 memcpy (buf_ptr, &ecdh_pub, sizeof (ecdh_pub)); 544 memcpy (buf_ptr, &ecdh_pub, sizeof (ecdh_pub));
513 buf_ptr += sizeof (ecdh_pub); 545 buf_ptr += sizeof (ecdh_pub);
514 // Encrypt plaintext and store 546 // Encrypt plaintext and store
515 encrypt_payload (&ticket->audience, 547 encrypt_payload (&ticket->audience, ecdh_priv, payload, payload_len, buf_ptr);
516 ecdh_priv,
517 payload,
518 payload_len,
519 buf_ptr);
520 GNUNET_free (ecdh_priv); 548 GNUNET_free (ecdh_priv);
521 GNUNET_free (payload); 549 GNUNET_free (payload);
522 buf_ptr += payload_len; 550 buf_ptr += payload_len;
@@ -532,7 +560,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
532 GNUNET_free (code_payload); 560 GNUNET_free (code_payload);
533 return NULL; 561 return NULL;
534 } 562 }
535 code_str = base64_encode (code_payload, code_payload_len); 563 code_str = base64_and_urlencode (code_payload, code_payload_len);
536 GNUNET_free (code_payload); 564 GNUNET_free (code_payload);
537 return code_str; 565 return code_str;
538} 566}
@@ -615,9 +643,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
615 code_verifier, 643 code_verifier,
616 strlen (code_verifier)); 644 strlen (code_verifier));
617 // encode code verifier 645 // encode code verifier
618 expected_code_challenge = 646 expected_code_challenge = base64url_encode (code_verifier_hash, 256 / 8);
619 base64_encode (code_verifier_hash, 256 / 8); 647 code_challenge = (char *) &params[1];
620 code_challenge = (char*)&params[1];
621 code_challenge_len = ntohl (params->code_challenge_len); 648 code_challenge_len = ntohl (params->code_challenge_len);
622 GNUNET_free (code_verifier_hash); 649 GNUNET_free (code_verifier_hash);
623 if ((strlen (expected_code_challenge) != code_challenge_len) || 650 if ((strlen (expected_code_challenge) != code_challenge_len) ||
@@ -625,8 +652,10 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
625 strncmp (expected_code_challenge, code_challenge, code_challenge_len))) 652 strncmp (expected_code_challenge, code_challenge, code_challenge_len)))
626 { 653 {
627 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 654 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
628 "Invalid code verifier! Expected: %s, Got: %.*s\n", 655 "Invalid code verifier! Expected: %s, Got: %.*s\n",
629 expected_code_challenge, code_challenge_len, code_challenge); 656 expected_code_challenge,
657 code_challenge_len,
658 code_challenge);
630 GNUNET_free_non_null (code_payload); 659 GNUNET_free_non_null (code_payload);
631 GNUNET_free (expected_code_challenge); 660 GNUNET_free (expected_code_challenge);
632 return GNUNET_SYSERR; 661 return GNUNET_SYSERR;
@@ -640,9 +669,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
640 // Attributes 669 // Attributes
641 attrs_ser = ((char *) &params[1]) + code_challenge_len; 670 attrs_ser = ((char *) &params[1]) + code_challenge_len;
642 attrs_ser_len = ntohl (params->attr_list_len); 671 attrs_ser_len = ntohl (params->attr_list_len);
643 *attrs = 672 *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, attrs_ser_len);
644 GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser,
645 attrs_ser_len);
646 // Signature 673 // Signature
647 signature = (struct GNUNET_CRYPTO_EcdsaSignature *) attrs_ser + attrs_ser_len; 674 signature = (struct GNUNET_CRYPTO_EcdsaSignature *) attrs_ser + attrs_ser_len;
648 GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub); 675 GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub);