diff options
-rw-r--r-- | src/reclaim/oidc_helper.c | 65 |
1 files changed, 46 insertions, 19 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 9878506e8..bcea64b56 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -303,7 +303,6 @@ url_decode (const char *str) | |||
303 | return buf; | 303 | return buf; |
304 | } | 304 | } |
305 | 305 | ||
306 | |||
307 | /** | 306 | /** |
308 | * Returns base64 encoded string urlencoded | 307 | * Returns base64 encoded string urlencoded |
309 | * | 308 | * |
@@ -311,15 +310,48 @@ url_decode (const char *str) | |||
311 | * @return base64 encoded string | 310 | * @return base64 encoded string |
312 | */ | 311 | */ |
313 | static char * | 312 | static char * |
314 | base64_encode (const char *data, size_t data_size) | 313 | base64_and_urlencode (const char *data, size_t data_size) |
315 | { | 314 | { |
316 | char *enc; | 315 | char *enc; |
317 | char *enc_urlencode; | 316 | char *urlenc; |
318 | 317 | ||
319 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); | 318 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); |
320 | enc_urlencode = url_encode (enc); | 319 | urlenc = url_encode (enc); |
321 | GNUNET_free (enc); | 320 | GNUNET_free (enc); |
322 | return enc_urlencode; | 321 | return enc; |
322 | } | ||
323 | |||
324 | |||
325 | |||
326 | |||
327 | /** | ||
328 | * Returns base64 encoded string urlencoded | ||
329 | * | ||
330 | * @param string the string to encode | ||
331 | * @return base64 encoded string | ||
332 | */ | ||
333 | static char * | ||
334 | base64url_encode (const char *data, size_t data_size) | ||
335 | { | ||
336 | char *enc; | ||
337 | size_t pos; | ||
338 | |||
339 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); | ||
340 | //Replace with correct characters for base64url | ||
341 | pos = 0; | ||
342 | while ('\0' != enc[pos]) | ||
343 | { | ||
344 | if ('+' == enc[pos]) | ||
345 | enc[pos] = '-'; | ||
346 | if ('/' == enc[pos]) | ||
347 | enc[pos] = '_'; | ||
348 | if ('=' == enc[pos]) | ||
349 | { | ||
350 | enc[pos] = '\0'; | ||
351 | break; | ||
352 | } | ||
353 | } | ||
354 | return enc; | ||
323 | } | 355 | } |
324 | 356 | ||
325 | 357 | ||
@@ -512,11 +544,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
512 | memcpy (buf_ptr, &ecdh_pub, sizeof (ecdh_pub)); | 544 | memcpy (buf_ptr, &ecdh_pub, sizeof (ecdh_pub)); |
513 | buf_ptr += sizeof (ecdh_pub); | 545 | buf_ptr += sizeof (ecdh_pub); |
514 | // Encrypt plaintext and store | 546 | // Encrypt plaintext and store |
515 | encrypt_payload (&ticket->audience, | 547 | encrypt_payload (&ticket->audience, ecdh_priv, payload, payload_len, buf_ptr); |
516 | ecdh_priv, | ||
517 | payload, | ||
518 | payload_len, | ||
519 | buf_ptr); | ||
520 | GNUNET_free (ecdh_priv); | 548 | GNUNET_free (ecdh_priv); |
521 | GNUNET_free (payload); | 549 | GNUNET_free (payload); |
522 | buf_ptr += payload_len; | 550 | buf_ptr += payload_len; |
@@ -532,7 +560,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
532 | GNUNET_free (code_payload); | 560 | GNUNET_free (code_payload); |
533 | return NULL; | 561 | return NULL; |
534 | } | 562 | } |
535 | code_str = base64_encode (code_payload, code_payload_len); | 563 | code_str = base64_and_urlencode (code_payload, code_payload_len); |
536 | GNUNET_free (code_payload); | 564 | GNUNET_free (code_payload); |
537 | return code_str; | 565 | return code_str; |
538 | } | 566 | } |
@@ -615,9 +643,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
615 | code_verifier, | 643 | code_verifier, |
616 | strlen (code_verifier)); | 644 | strlen (code_verifier)); |
617 | // encode code verifier | 645 | // encode code verifier |
618 | expected_code_challenge = | 646 | expected_code_challenge = base64url_encode (code_verifier_hash, 256 / 8); |
619 | base64_encode (code_verifier_hash, 256 / 8); | 647 | code_challenge = (char *) ¶ms[1]; |
620 | code_challenge = (char*)¶ms[1]; | ||
621 | code_challenge_len = ntohl (params->code_challenge_len); | 648 | code_challenge_len = ntohl (params->code_challenge_len); |
622 | GNUNET_free (code_verifier_hash); | 649 | GNUNET_free (code_verifier_hash); |
623 | if ((strlen (expected_code_challenge) != code_challenge_len) || | 650 | if ((strlen (expected_code_challenge) != code_challenge_len) || |
@@ -625,8 +652,10 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
625 | strncmp (expected_code_challenge, code_challenge, code_challenge_len))) | 652 | strncmp (expected_code_challenge, code_challenge, code_challenge_len))) |
626 | { | 653 | { |
627 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 654 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
628 | "Invalid code verifier! Expected: %s, Got: %.*s\n", | 655 | "Invalid code verifier! Expected: %s, Got: %.*s\n", |
629 | expected_code_challenge, code_challenge_len, code_challenge); | 656 | expected_code_challenge, |
657 | code_challenge_len, | ||
658 | code_challenge); | ||
630 | GNUNET_free_non_null (code_payload); | 659 | GNUNET_free_non_null (code_payload); |
631 | GNUNET_free (expected_code_challenge); | 660 | GNUNET_free (expected_code_challenge); |
632 | return GNUNET_SYSERR; | 661 | return GNUNET_SYSERR; |
@@ -640,9 +669,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
640 | // Attributes | 669 | // Attributes |
641 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; | 670 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; |
642 | attrs_ser_len = ntohl (params->attr_list_len); | 671 | attrs_ser_len = ntohl (params->attr_list_len); |
643 | *attrs = | 672 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, attrs_ser_len); |
644 | GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, | ||
645 | attrs_ser_len); | ||
646 | // Signature | 673 | // Signature |
647 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *) attrs_ser + attrs_ser_len; | 674 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *) attrs_ser + attrs_ser_len; |
648 | GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub); | 675 | GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub); |