diff options
-rw-r--r-- | src/reclaim/oidc_helper.c | 725 | ||||
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 2041 |
2 files changed, 1390 insertions, 1376 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 83b8e8cb3..6bcae21d4 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -31,7 +31,7 @@ | |||
31 | #include "gnunet_reclaim_service.h" | 31 | #include "gnunet_reclaim_service.h" |
32 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
33 | #include "oidc_helper.h" | 33 | #include "oidc_helper.h" |
34 | //#include "benchmark.h" | 34 | // #include "benchmark.h" |
35 | #include <gcrypt.h> | 35 | #include <gcrypt.h> |
36 | 36 | ||
37 | GNUNET_NETWORK_STRUCT_BEGIN | 37 | GNUNET_NETWORK_STRUCT_BEGIN |
@@ -39,7 +39,8 @@ GNUNET_NETWORK_STRUCT_BEGIN | |||
39 | /** | 39 | /** |
40 | * The signature used to generate the authorization code | 40 | * The signature used to generate the authorization code |
41 | */ | 41 | */ |
42 | struct OIDC_Parameters { | 42 | struct OIDC_Parameters |
43 | { | ||
43 | /** | 44 | /** |
44 | * The reclaim ticket | 45 | * The reclaim ticket |
45 | */ | 46 | */ |
@@ -64,41 +65,41 @@ struct OIDC_Parameters { | |||
64 | GNUNET_NETWORK_STRUCT_END | 65 | GNUNET_NETWORK_STRUCT_END |
65 | 66 | ||
66 | static char * | 67 | static char * |
67 | create_jwt_header(void) | 68 | create_jwt_header (void) |
68 | { | 69 | { |
69 | json_t *root; | 70 | json_t *root; |
70 | char *json_str; | 71 | char *json_str; |
71 | 72 | ||
72 | root = json_object(); | 73 | root = json_object (); |
73 | json_object_set_new(root, JWT_ALG, json_string(JWT_ALG_VALUE)); | 74 | json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); |
74 | json_object_set_new(root, JWT_TYP, json_string(JWT_TYP_VALUE)); | 75 | json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); |
75 | 76 | ||
76 | json_str = json_dumps(root, JSON_INDENT(0) | JSON_COMPACT); | 77 | json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT); |
77 | json_decref(root); | 78 | json_decref (root); |
78 | return json_str; | 79 | return json_str; |
79 | } | 80 | } |
80 | 81 | ||
81 | static void | 82 | static void |
82 | replace_char(char *str, char find, char replace) | 83 | replace_char (char *str, char find, char replace) |
83 | { | 84 | { |
84 | char *current_pos = strchr(str, find); | 85 | char *current_pos = strchr (str, find); |
85 | 86 | ||
86 | while (current_pos) | 87 | while (current_pos) |
87 | { | 88 | { |
88 | *current_pos = replace; | 89 | *current_pos = replace; |
89 | current_pos = strchr(current_pos, find); | 90 | current_pos = strchr (current_pos, find); |
90 | } | 91 | } |
91 | } | 92 | } |
92 | 93 | ||
93 | // RFC4648 | 94 | // RFC4648 |
94 | static void | 95 | static void |
95 | fix_base64(char *str) | 96 | fix_base64 (char *str) |
96 | { | 97 | { |
97 | // Replace + with - | 98 | // Replace + with - |
98 | replace_char(str, '+', '-'); | 99 | replace_char (str, '+', '-'); |
99 | 100 | ||
100 | // Replace / with _ | 101 | // Replace / with _ |
101 | replace_char(str, '/', '_'); | 102 | replace_char (str, '/', '_'); |
102 | } | 103 | } |
103 | 104 | ||
104 | /** | 105 | /** |
@@ -112,12 +113,12 @@ fix_base64(char *str) | |||
112 | * @return a new base64-encoded JWT string. | 113 | * @return a new base64-encoded JWT string. |
113 | */ | 114 | */ |
114 | char * | 115 | char * |
115 | OIDC_id_token_new(const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 116 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
116 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 117 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
117 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 118 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
118 | const struct GNUNET_TIME_Relative *expiration_time, | 119 | const struct GNUNET_TIME_Relative *expiration_time, |
119 | const char *nonce, | 120 | const char *nonce, |
120 | const char *secret_key) | 121 | const char *secret_key) |
121 | { | 122 | { |
122 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 123 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
123 | struct GNUNET_HashCode signature; | 124 | struct GNUNET_HashCode signature; |
@@ -136,108 +137,108 @@ OIDC_id_token_new(const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
136 | json_t *body; | 137 | json_t *body; |
137 | 138 | ||
138 | // iat REQUIRED time now | 139 | // iat REQUIRED time now |
139 | time_now = GNUNET_TIME_absolute_get(); | 140 | time_now = GNUNET_TIME_absolute_get (); |
140 | // exp REQUIRED time expired from config | 141 | // exp REQUIRED time expired from config |
141 | exp_time = GNUNET_TIME_absolute_add(time_now, *expiration_time); | 142 | exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); |
142 | // auth_time only if max_age | 143 | // auth_time only if max_age |
143 | // nonce only if nonce | 144 | // nonce only if nonce |
144 | // OPTIONAL acr,amr,azp | 145 | // OPTIONAL acr,amr,azp |
145 | subject = | 146 | subject = |
146 | GNUNET_STRINGS_data_to_string_alloc(sub_key, | 147 | GNUNET_STRINGS_data_to_string_alloc (sub_key, |
147 | sizeof(struct | 148 | sizeof(struct |
148 | GNUNET_CRYPTO_EcdsaPublicKey)); | 149 | GNUNET_CRYPTO_EcdsaPublicKey)); |
149 | audience = | 150 | audience = |
150 | GNUNET_STRINGS_data_to_string_alloc(aud_key, | 151 | GNUNET_STRINGS_data_to_string_alloc (aud_key, |
151 | sizeof(struct | 152 | sizeof(struct |
152 | GNUNET_CRYPTO_EcdsaPublicKey)); | 153 | GNUNET_CRYPTO_EcdsaPublicKey)); |
153 | header = create_jwt_header(); | 154 | header = create_jwt_header (); |
154 | body = json_object(); | 155 | body = json_object (); |
155 | 156 | ||
156 | // iss REQUIRED case sensitive server uri with https | 157 | // iss REQUIRED case sensitive server uri with https |
157 | // The issuer is the local reclaim instance (e.g. | 158 | // The issuer is the local reclaim instance (e.g. |
158 | // https://reclaim.id/api/openid) | 159 | // https://reclaim.id/api/openid) |
159 | json_object_set_new(body, "iss", json_string(SERVER_ADDRESS)); | 160 | json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); |
160 | // sub REQUIRED public key identity, not exceed 255 ASCII length | 161 | // sub REQUIRED public key identity, not exceed 255 ASCII length |
161 | json_object_set_new(body, "sub", json_string(subject)); | 162 | json_object_set_new (body, "sub", json_string (subject)); |
162 | // aud REQUIRED public key client_id must be there | 163 | // aud REQUIRED public key client_id must be there |
163 | json_object_set_new(body, "aud", json_string(audience)); | 164 | json_object_set_new (body, "aud", json_string (audience)); |
164 | // iat | 165 | // iat |
165 | json_object_set_new(body, | 166 | json_object_set_new (body, |
166 | "iat", | 167 | "iat", |
167 | json_integer(time_now.abs_value_us / (1000 * 1000))); | 168 | json_integer (time_now.abs_value_us / (1000 * 1000))); |
168 | // exp | 169 | // exp |
169 | json_object_set_new(body, | 170 | json_object_set_new (body, |
170 | "exp", | 171 | "exp", |
171 | json_integer(exp_time.abs_value_us / (1000 * 1000))); | 172 | json_integer (exp_time.abs_value_us / (1000 * 1000))); |
172 | // nbf | 173 | // nbf |
173 | json_object_set_new(body, | 174 | json_object_set_new (body, |
174 | "nbf", | 175 | "nbf", |
175 | json_integer(time_now.abs_value_us / (1000 * 1000))); | 176 | json_integer (time_now.abs_value_us / (1000 * 1000))); |
176 | // nonce | 177 | // nonce |
177 | if (NULL != nonce) | 178 | if (NULL != nonce) |
178 | json_object_set_new(body, "nonce", json_string(nonce)); | 179 | json_object_set_new (body, "nonce", json_string (nonce)); |
179 | 180 | ||
180 | for (le = attrs->list_head; NULL != le; le = le->next) | 181 | for (le = attrs->list_head; NULL != le; le = le->next) |
181 | { | 182 | { |
182 | attr_val_str = | 183 | attr_val_str = |
183 | GNUNET_RECLAIM_ATTRIBUTE_value_to_string(le->claim->type, | 184 | GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, |
184 | le->claim->data, | 185 | le->claim->data, |
185 | le->claim->data_size); | 186 | le->claim->data_size); |
186 | json_object_set_new(body, le->claim->name, json_string(attr_val_str)); | 187 | json_object_set_new (body, le->claim->name, json_string (attr_val_str)); |
187 | GNUNET_free(attr_val_str); | 188 | GNUNET_free (attr_val_str); |
188 | } | 189 | } |
189 | body_str = json_dumps(body, JSON_INDENT(0) | JSON_COMPACT); | 190 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); |
190 | json_decref(body); | 191 | json_decref (body); |
191 | 192 | ||
192 | GNUNET_STRINGS_base64_encode(header, strlen(header), &header_base64); | 193 | GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64); |
193 | fix_base64(header_base64); | 194 | fix_base64 (header_base64); |
194 | 195 | ||
195 | GNUNET_STRINGS_base64_encode(body_str, strlen(body_str), &body_base64); | 196 | GNUNET_STRINGS_base64_encode (body_str, strlen (body_str), &body_base64); |
196 | fix_base64(body_base64); | 197 | fix_base64 (body_base64); |
197 | 198 | ||
198 | GNUNET_free(subject); | 199 | GNUNET_free (subject); |
199 | GNUNET_free(audience); | 200 | GNUNET_free (audience); |
200 | 201 | ||
201 | /** | 202 | /** |
202 | * Creating the JWT signature. This might not be | 203 | * Creating the JWT signature. This might not be |
203 | * standards compliant, check. | 204 | * standards compliant, check. |
204 | */ | 205 | */ |
205 | GNUNET_asprintf(&signature_target, "%s.%s", header_base64, body_base64); | 206 | GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); |
206 | GNUNET_CRYPTO_hmac_raw(secret_key, | 207 | GNUNET_CRYPTO_hmac_raw (secret_key, |
207 | strlen(secret_key), | 208 | strlen (secret_key), |
208 | signature_target, | 209 | signature_target, |
209 | strlen(signature_target), | 210 | strlen (signature_target), |
210 | &signature); | 211 | &signature); |
211 | GNUNET_STRINGS_base64_encode((const char *)&signature, | 212 | GNUNET_STRINGS_base64_encode ((const char *) &signature, |
212 | sizeof(struct GNUNET_HashCode), | 213 | sizeof(struct GNUNET_HashCode), |
213 | &signature_base64); | 214 | &signature_base64); |
214 | fix_base64(signature_base64); | 215 | fix_base64 (signature_base64); |
215 | 216 | ||
216 | GNUNET_asprintf(&result, | 217 | GNUNET_asprintf (&result, |
217 | "%s.%s.%s", | 218 | "%s.%s.%s", |
218 | header_base64, | 219 | header_base64, |
219 | body_base64, | 220 | body_base64, |
220 | signature_base64); | 221 | signature_base64); |
221 | 222 | ||
222 | GNUNET_free(signature_target); | 223 | GNUNET_free (signature_target); |
223 | GNUNET_free(header); | 224 | GNUNET_free (header); |
224 | GNUNET_free(body_str); | 225 | GNUNET_free (body_str); |
225 | GNUNET_free(signature_base64); | 226 | GNUNET_free (signature_base64); |
226 | GNUNET_free(body_base64); | 227 | GNUNET_free (body_base64); |
227 | GNUNET_free(header_base64); | 228 | GNUNET_free (header_base64); |
228 | return result; | 229 | return result; |
229 | } | 230 | } |
230 | 231 | ||
231 | /* Converts a hex character to its integer value */ | 232 | /* Converts a hex character to its integer value */ |
232 | static char | 233 | static char |
233 | from_hex(char ch) | 234 | from_hex (char ch) |
234 | { | 235 | { |
235 | return isdigit(ch) ? ch - '0' : tolower(ch) - 'a' + 10; | 236 | return isdigit (ch) ? ch - '0' : tolower (ch) - 'a' + 10; |
236 | } | 237 | } |
237 | 238 | ||
238 | /* Converts an integer value to its hex character*/ | 239 | /* Converts an integer value to its hex character*/ |
239 | static char | 240 | static char |
240 | to_hex(char code) | 241 | to_hex (char code) |
241 | { | 242 | { |
242 | static char hex[] = "0123456789abcdef"; | 243 | static char hex[] = "0123456789abcdef"; |
243 | 244 | ||
@@ -247,27 +248,27 @@ to_hex(char code) | |||
247 | /* Returns a url-encoded version of str */ | 248 | /* Returns a url-encoded version of str */ |
248 | /* IMPORTANT: be sure to free() the returned string after use */ | 249 | /* IMPORTANT: be sure to free() the returned string after use */ |
249 | static char * | 250 | static char * |
250 | url_encode(const char *str) | 251 | url_encode (const char *str) |
251 | { | 252 | { |
252 | char *pstr = (char *)str; | 253 | char *pstr = (char *) str; |
253 | char *buf = GNUNET_malloc(strlen(str) * 3 + 1); | 254 | char *buf = GNUNET_malloc (strlen (str) * 3 + 1); |
254 | char *pbuf = buf; | 255 | char *pbuf = buf; |
255 | 256 | ||
256 | while (*pstr) | 257 | while (*pstr) |
258 | { | ||
259 | if (isalnum (*pstr) || (*pstr == '-') || (*pstr == '_') || (*pstr == '.') || | ||
260 | (*pstr == '~') ) | ||
261 | *pbuf++ = *pstr; | ||
262 | else if (*pstr == ' ') | ||
263 | *pbuf++ = '+'; | ||
264 | else | ||
257 | { | 265 | { |
258 | if (isalnum(*pstr) || *pstr == '-' || *pstr == '_' || *pstr == '.' || | 266 | *pbuf++ = '%'; |
259 | *pstr == '~') | 267 | *pbuf++ = to_hex (*pstr >> 4); |
260 | *pbuf++ = *pstr; | 268 | *pbuf++ = to_hex (*pstr & 15); |
261 | else if (*pstr == ' ') | ||
262 | *pbuf++ = '+'; | ||
263 | else | ||
264 | { | ||
265 | *pbuf++ = '%'; | ||
266 | *pbuf++ = to_hex(*pstr >> 4); | ||
267 | *pbuf++ = to_hex(*pstr & 15); | ||
268 | } | ||
269 | pstr++; | ||
270 | } | 269 | } |
270 | pstr++; | ||
271 | } | ||
271 | *pbuf = '\0'; | 272 | *pbuf = '\0'; |
272 | return buf; | 273 | return buf; |
273 | } | 274 | } |
@@ -276,32 +277,32 @@ url_encode(const char *str) | |||
276 | /* Returns a url-decoded version of str */ | 277 | /* Returns a url-decoded version of str */ |
277 | /* IMPORTANT: be sure to free() the returned string after use */ | 278 | /* IMPORTANT: be sure to free() the returned string after use */ |
278 | static char * | 279 | static char * |
279 | url_decode(const char *str) | 280 | url_decode (const char *str) |
280 | { | 281 | { |
281 | char *pstr = (char *)str; | 282 | char *pstr = (char *) str; |
282 | char *buf = GNUNET_malloc(strlen(str) + 1); | 283 | char *buf = GNUNET_malloc (strlen (str) + 1); |
283 | char *pbuf = buf; | 284 | char *pbuf = buf; |
284 | 285 | ||
285 | while (*pstr) | 286 | while (*pstr) |
287 | { | ||
288 | if (*pstr == '%') | ||
289 | { | ||
290 | if (pstr[1] && pstr[2]) | ||
291 | { | ||
292 | *pbuf++ = from_hex (pstr[1]) << 4 | from_hex (pstr[2]); | ||
293 | pstr += 2; | ||
294 | } | ||
295 | } | ||
296 | else if (*pstr == '+') | ||
297 | { | ||
298 | *pbuf++ = ' '; | ||
299 | } | ||
300 | else | ||
286 | { | 301 | { |
287 | if (*pstr == '%') | 302 | *pbuf++ = *pstr; |
288 | { | ||
289 | if (pstr[1] && pstr[2]) | ||
290 | { | ||
291 | *pbuf++ = from_hex(pstr[1]) << 4 | from_hex(pstr[2]); | ||
292 | pstr += 2; | ||
293 | } | ||
294 | } | ||
295 | else if (*pstr == '+') | ||
296 | { | ||
297 | *pbuf++ = ' '; | ||
298 | } | ||
299 | else | ||
300 | { | ||
301 | *pbuf++ = *pstr; | ||
302 | } | ||
303 | pstr++; | ||
304 | } | 303 | } |
304 | pstr++; | ||
305 | } | ||
305 | *pbuf = '\0'; | 306 | *pbuf = '\0'; |
306 | return buf; | 307 | return buf; |
307 | } | 308 | } |
@@ -313,14 +314,14 @@ url_decode(const char *str) | |||
313 | * @return base64 encoded string | 314 | * @return base64 encoded string |
314 | */ | 315 | */ |
315 | static char * | 316 | static char * |
316 | base64_and_urlencode(const char *data, size_t data_size) | 317 | base64_and_urlencode (const char *data, size_t data_size) |
317 | { | 318 | { |
318 | char *enc; | 319 | char *enc; |
319 | char *urlenc; | 320 | char *urlenc; |
320 | 321 | ||
321 | GNUNET_STRINGS_base64_encode(data, data_size, &enc); | 322 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); |
322 | urlenc = url_encode(enc); | 323 | urlenc = url_encode (enc); |
323 | GNUNET_free(enc); | 324 | GNUNET_free (enc); |
324 | return urlenc; | 325 | return urlenc; |
325 | } | 326 | } |
326 | 327 | ||
@@ -332,111 +333,111 @@ base64_and_urlencode(const char *data, size_t data_size) | |||
332 | * @return base64 encoded string | 333 | * @return base64 encoded string |
333 | */ | 334 | */ |
334 | static char * | 335 | static char * |
335 | base64url_encode(const char *data, size_t data_size) | 336 | base64url_encode (const char *data, size_t data_size) |
336 | { | 337 | { |
337 | char *enc; | 338 | char *enc; |
338 | size_t pos; | 339 | size_t pos; |
339 | 340 | ||
340 | GNUNET_STRINGS_base64_encode(data, data_size, &enc); | 341 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); |
341 | //Replace with correct characters for base64url | 342 | // Replace with correct characters for base64url |
342 | pos = 0; | 343 | pos = 0; |
343 | while ('\0' != enc[pos]) | 344 | while ('\0' != enc[pos]) |
345 | { | ||
346 | if ('+' == enc[pos]) | ||
347 | enc[pos] = '-'; | ||
348 | if ('/' == enc[pos]) | ||
349 | enc[pos] = '_'; | ||
350 | if ('=' == enc[pos]) | ||
344 | { | 351 | { |
345 | if ('+' == enc[pos]) | 352 | enc[pos] = '\0'; |
346 | enc[pos] = '-'; | 353 | break; |
347 | if ('/' == enc[pos]) | ||
348 | enc[pos] = '_'; | ||
349 | if ('=' == enc[pos]) | ||
350 | { | ||
351 | enc[pos] = '\0'; | ||
352 | break; | ||
353 | } | ||
354 | pos++; | ||
355 | } | 354 | } |
355 | pos++; | ||
356 | } | ||
356 | return enc; | 357 | return enc; |
357 | } | 358 | } |
358 | 359 | ||
359 | 360 | ||
360 | static void | 361 | static void |
361 | derive_aes_key(struct GNUNET_CRYPTO_SymmetricSessionKey *key, | 362 | derive_aes_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key, |
362 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 363 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
363 | struct GNUNET_HashCode *key_material) | 364 | struct GNUNET_HashCode *key_material) |
364 | { | 365 | { |
365 | static const char ctx_key[] = "reclaim-aes-ctx-key"; | 366 | static const char ctx_key[] = "reclaim-aes-ctx-key"; |
366 | static const char ctx_iv[] = "reclaim-aes-ctx-iv"; | 367 | static const char ctx_iv[] = "reclaim-aes-ctx-iv"; |
367 | 368 | ||
368 | GNUNET_CRYPTO_kdf(key, | 369 | GNUNET_CRYPTO_kdf (key, |
369 | sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), | 370 | sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), |
370 | ctx_key, | 371 | ctx_key, |
371 | strlen(ctx_key), | 372 | strlen (ctx_key), |
372 | key_material, | 373 | key_material, |
373 | sizeof(struct GNUNET_HashCode), | 374 | sizeof(struct GNUNET_HashCode), |
374 | NULL); | 375 | NULL); |
375 | GNUNET_CRYPTO_kdf(iv, | 376 | GNUNET_CRYPTO_kdf (iv, |
376 | sizeof( | 377 | sizeof( |
377 | struct GNUNET_CRYPTO_SymmetricInitializationVector), | 378 | struct GNUNET_CRYPTO_SymmetricInitializationVector), |
378 | ctx_iv, | 379 | ctx_iv, |
379 | strlen(ctx_iv), | 380 | strlen (ctx_iv), |
380 | key_material, | 381 | key_material, |
381 | sizeof(struct GNUNET_HashCode), | 382 | sizeof(struct GNUNET_HashCode), |
382 | NULL); | 383 | NULL); |
383 | } | 384 | } |
384 | 385 | ||
385 | 386 | ||
386 | static void | 387 | static void |
387 | calculate_key_priv(struct GNUNET_CRYPTO_SymmetricSessionKey *key, | 388 | calculate_key_priv (struct GNUNET_CRYPTO_SymmetricSessionKey *key, |
388 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 389 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
389 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | 390 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, |
390 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub) | 391 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub) |
391 | { | 392 | { |
392 | struct GNUNET_HashCode key_material; | 393 | struct GNUNET_HashCode key_material; |
393 | 394 | ||
394 | GNUNET_CRYPTO_ecdsa_ecdh(ecdsa_priv, ecdh_pub, &key_material); | 395 | GNUNET_CRYPTO_ecdsa_ecdh (ecdsa_priv, ecdh_pub, &key_material); |
395 | derive_aes_key(key, iv, &key_material); | 396 | derive_aes_key (key, iv, &key_material); |
396 | } | 397 | } |
397 | 398 | ||
398 | 399 | ||
399 | static void | 400 | static void |
400 | calculate_key_pub(struct GNUNET_CRYPTO_SymmetricSessionKey *key, | 401 | calculate_key_pub (struct GNUNET_CRYPTO_SymmetricSessionKey *key, |
401 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 402 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
402 | const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, | 403 | const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, |
403 | const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv) | 404 | const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv) |
404 | { | 405 | { |
405 | struct GNUNET_HashCode key_material; | 406 | struct GNUNET_HashCode key_material; |
406 | 407 | ||
407 | GNUNET_CRYPTO_ecdh_ecdsa(ecdh_priv, ecdsa_pub, &key_material); | 408 | GNUNET_CRYPTO_ecdh_ecdsa (ecdh_priv, ecdsa_pub, &key_material); |
408 | derive_aes_key(key, iv, &key_material); | 409 | derive_aes_key (key, iv, &key_material); |
409 | } | 410 | } |
410 | 411 | ||
411 | 412 | ||
412 | static void | 413 | static void |
413 | decrypt_payload(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | 414 | decrypt_payload (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, |
414 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub, | 415 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub, |
415 | const char *ct, | 416 | const char *ct, |
416 | size_t ct_len, | 417 | size_t ct_len, |
417 | char *buf) | 418 | char *buf) |
418 | { | 419 | { |
419 | struct GNUNET_CRYPTO_SymmetricSessionKey key; | 420 | struct GNUNET_CRYPTO_SymmetricSessionKey key; |
420 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 421 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
421 | 422 | ||
422 | calculate_key_priv(&key, &iv, ecdsa_priv, ecdh_pub); | 423 | calculate_key_priv (&key, &iv, ecdsa_priv, ecdh_pub); |
423 | GNUNET_break(GNUNET_CRYPTO_symmetric_decrypt(ct, ct_len, &key, &iv, buf)); | 424 | GNUNET_break (GNUNET_CRYPTO_symmetric_decrypt (ct, ct_len, &key, &iv, buf)); |
424 | } | 425 | } |
425 | 426 | ||
426 | 427 | ||
427 | static void | 428 | static void |
428 | encrypt_payload(const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, | 429 | encrypt_payload (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, |
429 | const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv, | 430 | const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv, |
430 | const char *payload, | 431 | const char *payload, |
431 | size_t payload_len, | 432 | size_t payload_len, |
432 | char *buf) | 433 | char *buf) |
433 | { | 434 | { |
434 | struct GNUNET_CRYPTO_SymmetricSessionKey key; | 435 | struct GNUNET_CRYPTO_SymmetricSessionKey key; |
435 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 436 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
436 | 437 | ||
437 | calculate_key_pub(&key, &iv, ecdsa_pub, ecdh_priv); | 438 | calculate_key_pub (&key, &iv, ecdsa_pub, ecdh_priv); |
438 | GNUNET_break( | 439 | GNUNET_break ( |
439 | GNUNET_CRYPTO_symmetric_encrypt(payload, payload_len, &key, &iv, buf)); | 440 | GNUNET_CRYPTO_symmetric_encrypt (payload, payload_len, &key, &iv, buf)); |
440 | } | 441 | } |
441 | 442 | ||
442 | /** | 443 | /** |
@@ -451,11 +452,11 @@ encrypt_payload(const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, | |||
451 | * @return a new authorization code (caller must free) | 452 | * @return a new authorization code (caller must free) |
452 | */ | 453 | */ |
453 | char * | 454 | char * |
454 | OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | 455 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, |
455 | const struct GNUNET_RECLAIM_Ticket *ticket, | 456 | const struct GNUNET_RECLAIM_Ticket *ticket, |
456 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 457 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
457 | const char *nonce_str, | 458 | const char *nonce_str, |
458 | const char *code_challenge) | 459 | const char *code_challenge) |
459 | { | 460 | { |
460 | struct OIDC_Parameters params; | 461 | struct OIDC_Parameters params; |
461 | char *code_payload; | 462 | char *code_payload; |
@@ -475,98 +476,99 @@ OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
475 | 476 | ||
476 | /** PLAINTEXT **/ | 477 | /** PLAINTEXT **/ |
477 | // Assign ticket | 478 | // Assign ticket |
478 | memset(¶ms, 0, sizeof(params)); | 479 | memset (¶ms, 0, sizeof(params)); |
479 | params.ticket = *ticket; | 480 | params.ticket = *ticket; |
480 | // Assign nonce | 481 | // Assign nonce |
481 | nonce = 0; | 482 | nonce = 0; |
482 | payload_len = sizeof(struct OIDC_Parameters); | 483 | payload_len = sizeof(struct OIDC_Parameters); |
483 | if (NULL != nonce_str && strcmp("", nonce_str) != 0) | 484 | if ((NULL != nonce_str)&& (strcmp ("", nonce_str) != 0)) |
485 | { | ||
486 | if ((1 != sscanf (nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX)) | ||
484 | { | 487 | { |
485 | if ((1 != sscanf(nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX)) | 488 | GNUNET_break (0); |
486 | { | 489 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid nonce %s\n", nonce_str); |
487 | GNUNET_break(0); | 490 | return NULL; |
488 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Invalid nonce %s\n", nonce_str); | ||
489 | return NULL; | ||
490 | } | ||
491 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | ||
492 | "Got nonce: %u from %s\n", | ||
493 | nonce, | ||
494 | nonce_str); | ||
495 | } | 491 | } |
496 | nonce_tmp = htonl(nonce); | 492 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
493 | "Got nonce: %u from %s\n", | ||
494 | nonce, | ||
495 | nonce_str); | ||
496 | } | ||
497 | nonce_tmp = htonl (nonce); | ||
497 | params.nonce = nonce_tmp; | 498 | params.nonce = nonce_tmp; |
498 | // Assign code challenge | 499 | // Assign code challenge |
499 | if (NULL != code_challenge) | 500 | if (NULL != code_challenge) |
500 | code_challenge_len = strlen(code_challenge); | 501 | code_challenge_len = strlen (code_challenge); |
501 | payload_len += code_challenge_len; | 502 | payload_len += code_challenge_len; |
502 | params.code_challenge_len = htonl(code_challenge_len); | 503 | params.code_challenge_len = htonl (code_challenge_len); |
503 | // Assign attributes | 504 | // Assign attributes |
504 | if (NULL != attrs) | 505 | if (NULL != attrs) |
505 | { | 506 | { |
506 | // Get length | 507 | // Get length |
507 | attr_list_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size(attrs); | 508 | attr_list_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs); |
508 | params.attr_list_len = htonl(attr_list_len); | 509 | params.attr_list_len = htonl (attr_list_len); |
509 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 510 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
510 | "Length of serialized attributes: %lu\n", | 511 | "Length of serialized attributes: %lu\n", |
511 | attr_list_len); | 512 | attr_list_len); |
512 | // Get serialized attributes | 513 | // Get serialized attributes |
513 | payload_len += attr_list_len; | 514 | payload_len += attr_list_len; |
514 | } | 515 | } |
515 | // Get plaintext length | 516 | // Get plaintext length |
516 | payload = GNUNET_malloc(payload_len); | 517 | payload = GNUNET_malloc (payload_len); |
517 | memcpy(payload, ¶ms, sizeof(params)); | 518 | memcpy (payload, ¶ms, sizeof(params)); |
518 | tmp = payload + sizeof(params); | 519 | tmp = payload + sizeof(params); |
519 | if (0 < code_challenge_len) | 520 | if (0 < code_challenge_len) |
520 | { | 521 | { |
521 | memcpy(tmp, code_challenge, code_challenge_len); | 522 | memcpy (tmp, code_challenge, code_challenge_len); |
522 | tmp += code_challenge_len; | 523 | tmp += code_challenge_len; |
523 | } | 524 | } |
524 | if (0 < attr_list_len) | 525 | if (0 < attr_list_len) |
525 | GNUNET_RECLAIM_ATTRIBUTE_list_serialize(attrs, tmp); | 526 | GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, tmp); |
526 | /** END **/ | 527 | /** END **/ |
527 | 528 | ||
528 | /** ENCRYPT **/ | 529 | /** ENCRYPT **/ |
529 | // Get length | 530 | // Get length |
530 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + | 531 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
531 | sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) + | 532 | + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) |
532 | payload_len + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); | 533 | + payload_len + sizeof(struct |
533 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 534 | GNUNET_CRYPTO_EcdsaSignature); |
534 | "Length of data to encode: %lu\n", | 535 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
535 | code_payload_len); | 536 | "Length of data to encode: %lu\n", |
537 | code_payload_len); | ||
536 | 538 | ||
537 | // Generate ECDH key | 539 | // Generate ECDH key |
538 | ecdh_priv = GNUNET_CRYPTO_ecdhe_key_create(); | 540 | ecdh_priv = GNUNET_CRYPTO_ecdhe_key_create (); |
539 | GNUNET_CRYPTO_ecdhe_key_get_public(ecdh_priv, &ecdh_pub); | 541 | GNUNET_CRYPTO_ecdhe_key_get_public (ecdh_priv, &ecdh_pub); |
540 | // Initialize code payload | 542 | // Initialize code payload |
541 | code_payload = GNUNET_malloc(code_payload_len); | 543 | code_payload = GNUNET_malloc (code_payload_len); |
542 | GNUNET_assert(NULL != code_payload); | 544 | GNUNET_assert (NULL != code_payload); |
543 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)code_payload; | 545 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; |
544 | purpose->size = htonl(sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + | 546 | purpose->size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
545 | sizeof(ecdh_pub) + payload_len); | 547 | + sizeof(ecdh_pub) + payload_len); |
546 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); | 548 | purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); |
547 | // Store pubkey | 549 | // Store pubkey |
548 | buf_ptr = (char *)&purpose[1]; | 550 | buf_ptr = (char *) &purpose[1]; |
549 | memcpy(buf_ptr, &ecdh_pub, sizeof(ecdh_pub)); | 551 | memcpy (buf_ptr, &ecdh_pub, sizeof(ecdh_pub)); |
550 | buf_ptr += sizeof(ecdh_pub); | 552 | buf_ptr += sizeof(ecdh_pub); |
551 | // Encrypt plaintext and store | 553 | // Encrypt plaintext and store |
552 | encrypt_payload(&ticket->audience, ecdh_priv, payload, payload_len, buf_ptr); | 554 | encrypt_payload (&ticket->audience, ecdh_priv, payload, payload_len, buf_ptr); |
553 | GNUNET_free(ecdh_priv); | 555 | GNUNET_free (ecdh_priv); |
554 | GNUNET_free(payload); | 556 | GNUNET_free (payload); |
555 | buf_ptr += payload_len; | 557 | buf_ptr += payload_len; |
556 | // Sign and store signature | 558 | // Sign and store signature |
557 | if (GNUNET_SYSERR == | 559 | if (GNUNET_SYSERR == |
558 | GNUNET_CRYPTO_ecdsa_sign(issuer, | 560 | GNUNET_CRYPTO_ecdsa_sign (issuer, |
559 | purpose, | 561 | purpose, |
560 | (struct GNUNET_CRYPTO_EcdsaSignature *) | 562 | (struct GNUNET_CRYPTO_EcdsaSignature *) |
561 | buf_ptr)) | 563 | buf_ptr)) |
562 | { | 564 | { |
563 | GNUNET_break(0); | 565 | GNUNET_break (0); |
564 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); | 566 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); |
565 | GNUNET_free(code_payload); | 567 | GNUNET_free (code_payload); |
566 | return NULL; | 568 | return NULL; |
567 | } | 569 | } |
568 | code_str = base64_and_urlencode(code_payload, code_payload_len); | 570 | code_str = base64_and_urlencode (code_payload, code_payload_len); |
569 | GNUNET_free(code_payload); | 571 | GNUNET_free (code_payload); |
570 | return code_str; | 572 | return code_str; |
571 | } | 573 | } |
572 | 574 | ||
@@ -585,12 +587,12 @@ OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
585 | * @return GNUNET_OK if successful, else GNUNET_SYSERR | 587 | * @return GNUNET_OK if successful, else GNUNET_SYSERR |
586 | */ | 588 | */ |
587 | int | 589 | int |
588 | OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | 590 | OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, |
589 | const char *code, | 591 | const char *code, |
590 | const char *code_verifier, | 592 | const char *code_verifier, |
591 | struct GNUNET_RECLAIM_Ticket *ticket, | 593 | struct GNUNET_RECLAIM_Ticket *ticket, |
592 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs, | 594 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs, |
593 | char **nonce_str) | 595 | char **nonce_str) |
594 | { | 596 | { |
595 | char *code_payload; | 597 | char *code_payload; |
596 | char *ptr; | 598 | char *ptr; |
@@ -610,103 +612,110 @@ OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
610 | uint32_t nonce = 0; | 612 | uint32_t nonce = 0; |
611 | struct OIDC_Parameters *params; | 613 | struct OIDC_Parameters *params; |
612 | 614 | ||
613 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code); | 615 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code); |
614 | code_payload = NULL; | 616 | code_payload = NULL; |
615 | code_payload_len = | 617 | code_payload_len = |
616 | GNUNET_STRINGS_base64_decode(code, strlen(code), (void **)&code_payload); | 618 | GNUNET_STRINGS_base64_decode (code, strlen (code), (void **) &code_payload); |
617 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + | 619 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
618 | sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) + | 620 | + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) |
619 | sizeof(struct OIDC_Parameters) + | 621 | + sizeof(struct OIDC_Parameters) |
620 | sizeof(struct GNUNET_CRYPTO_EcdsaSignature)) | 622 | + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)) |
621 | { | 623 | { |
622 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); | 624 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); |
623 | GNUNET_free_non_null(code_payload); | 625 | GNUNET_free_non_null (code_payload); |
624 | return GNUNET_SYSERR; | 626 | return GNUNET_SYSERR; |
625 | } | 627 | } |
626 | 628 | ||
627 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)code_payload; | 629 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; |
628 | plaintext_len = code_payload_len; | 630 | plaintext_len = code_payload_len; |
629 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); | 631 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); |
630 | ptr = (char *)&purpose[1]; | 632 | ptr = (char *) &purpose[1]; |
631 | // Public ECDH key | 633 | // Public ECDH key |
632 | ecdh_pub = (struct GNUNET_CRYPTO_EcdhePublicKey *)ptr; | 634 | ecdh_pub = (struct GNUNET_CRYPTO_EcdhePublicKey *) ptr; |
633 | ptr += sizeof(struct GNUNET_CRYPTO_EcdhePublicKey); | 635 | ptr += sizeof(struct GNUNET_CRYPTO_EcdhePublicKey); |
634 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdhePublicKey); | 636 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdhePublicKey); |
635 | 637 | ||
636 | // Decrypt ciphertext | 638 | // Decrypt ciphertext |
637 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature); | 639 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature); |
638 | plaintext = GNUNET_malloc(plaintext_len); | 640 | plaintext = GNUNET_malloc (plaintext_len); |
639 | decrypt_payload(ecdsa_priv, ecdh_pub, ptr, plaintext_len, plaintext); | 641 | decrypt_payload (ecdsa_priv, ecdh_pub, ptr, plaintext_len, plaintext); |
640 | //ptr = plaintext; | 642 | // ptr = plaintext; |
641 | ptr += plaintext_len; | 643 | ptr += plaintext_len; |
642 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *)ptr; | 644 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *) ptr; |
643 | params = (struct OIDC_Parameters *)plaintext; | 645 | params = (struct OIDC_Parameters *) plaintext; |
644 | 646 | ||
645 | // cmp code_challenge code_verifier | 647 | // cmp code_challenge code_verifier |
646 | code_challenge_len = ntohl(params->code_challenge_len); | 648 | code_challenge_len = ntohl (params->code_challenge_len); |
647 | if (0 != code_challenge_len) /* Only check if this code requires a CV */ | 649 | if (0 != code_challenge_len) /* Only check if this code requires a CV */ |
650 | { | ||
651 | if (NULL == code_verifier) | ||
648 | { | 652 | { |
649 | code_verifier_hash = GNUNET_malloc(256 / 8); | 653 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
650 | // hash code verifier | 654 | "Expected code verifier!\n"); |
651 | gcry_md_hash_buffer(GCRY_MD_SHA256, | 655 | GNUNET_free_non_null (code_payload); |
652 | code_verifier_hash, | ||
653 | code_verifier, | ||
654 | strlen(code_verifier)); | ||
655 | // encode code verifier | ||
656 | expected_code_challenge = base64url_encode(code_verifier_hash, 256 / 8); | ||
657 | code_challenge = (char *)¶ms[1]; | ||
658 | GNUNET_free(code_verifier_hash); | ||
659 | if ((strlen(expected_code_challenge) != code_challenge_len) || | ||
660 | (0 != | ||
661 | strncmp(expected_code_challenge, code_challenge, code_challenge_len))) | ||
662 | { | ||
663 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | ||
664 | "Invalid code verifier! Expected: %s, Got: %.*s\n", | ||
665 | expected_code_challenge, | ||
666 | code_challenge_len, | ||
667 | code_challenge); | ||
668 | GNUNET_free_non_null(code_payload); | ||
669 | GNUNET_free(expected_code_challenge); | ||
670 | return GNUNET_SYSERR; | ||
671 | } | ||
672 | GNUNET_free(expected_code_challenge); | ||
673 | } | ||
674 | // Ticket | ||
675 | memcpy(ticket, ¶ms->ticket, sizeof(params->ticket)); | ||
676 | // Nonce | ||
677 | nonce = ntohl(params->nonce); //ntohl (*((uint32_t *) ptr)); | ||
678 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %u\n", nonce); | ||
679 | // Signature | ||
680 | GNUNET_CRYPTO_ecdsa_key_get_public(ecdsa_priv, &ecdsa_pub); | ||
681 | if (0 != GNUNET_memcmp(&ecdsa_pub, &ticket->audience)) | ||
682 | { | ||
683 | GNUNET_free(code_payload); | ||
684 | GNUNET_free(plaintext); | ||
685 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | ||
686 | "Audience in ticket does not match client!\n"); | ||
687 | return GNUNET_SYSERR; | 656 | return GNUNET_SYSERR; |
688 | } | 657 | } |
689 | if (GNUNET_OK != | 658 | code_verifier_hash = GNUNET_malloc (256 / 8); |
690 | GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, | 659 | // hash code verifier |
691 | purpose, | 660 | gcry_md_hash_buffer (GCRY_MD_SHA256, |
692 | signature, | 661 | code_verifier_hash, |
693 | &ticket->identity)) | 662 | code_verifier, |
663 | strlen (code_verifier)); | ||
664 | // encode code verifier | ||
665 | expected_code_challenge = base64url_encode (code_verifier_hash, 256 / 8); | ||
666 | code_challenge = (char *) ¶ms[1]; | ||
667 | GNUNET_free (code_verifier_hash); | ||
668 | if ((strlen (expected_code_challenge) != code_challenge_len) || | ||
669 | (0 != | ||
670 | strncmp (expected_code_challenge, code_challenge, code_challenge_len))) | ||
694 | { | 671 | { |
695 | GNUNET_free(code_payload); | 672 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
696 | GNUNET_free(plaintext); | 673 | "Invalid code verifier! Expected: %s, Got: %.*s\n", |
697 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n"); | 674 | expected_code_challenge, |
675 | code_challenge_len, | ||
676 | code_challenge); | ||
677 | GNUNET_free_non_null (code_payload); | ||
678 | GNUNET_free (expected_code_challenge); | ||
698 | return GNUNET_SYSERR; | 679 | return GNUNET_SYSERR; |
699 | } | 680 | } |
681 | GNUNET_free (expected_code_challenge); | ||
682 | } | ||
683 | // Ticket | ||
684 | memcpy (ticket, ¶ms->ticket, sizeof(params->ticket)); | ||
685 | // Nonce | ||
686 | nonce = ntohl (params->nonce); // ntohl (*((uint32_t *) ptr)); | ||
687 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %u\n", nonce); | ||
688 | // Signature | ||
689 | GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub); | ||
690 | if (0 != GNUNET_memcmp (&ecdsa_pub, &ticket->audience)) | ||
691 | { | ||
692 | GNUNET_free (code_payload); | ||
693 | GNUNET_free (plaintext); | ||
694 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
695 | "Audience in ticket does not match client!\n"); | ||
696 | return GNUNET_SYSERR; | ||
697 | } | ||
698 | if (GNUNET_OK != | ||
699 | GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, | ||
700 | purpose, | ||
701 | signature, | ||
702 | &ticket->identity)) | ||
703 | { | ||
704 | GNUNET_free (code_payload); | ||
705 | GNUNET_free (plaintext); | ||
706 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n"); | ||
707 | return GNUNET_SYSERR; | ||
708 | } | ||
700 | // Attributes | 709 | // Attributes |
701 | attrs_ser = ((char *)¶ms[1]) + code_challenge_len; | 710 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len; |
702 | attrs_ser_len = ntohl(params->attr_list_len); | 711 | attrs_ser_len = ntohl (params->attr_list_len); |
703 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize(attrs_ser, attrs_ser_len); | 712 | *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, attrs_ser_len); |
704 | 713 | ||
705 | *nonce_str = NULL; | 714 | *nonce_str = NULL; |
706 | if (nonce != 0) | 715 | if (nonce != 0) |
707 | GNUNET_asprintf(nonce_str, "%u", nonce); | 716 | GNUNET_asprintf (nonce_str, "%u", nonce); |
708 | GNUNET_free(code_payload); | 717 | GNUNET_free (code_payload); |
709 | GNUNET_free(plaintext); | 718 | GNUNET_free (plaintext); |
710 | return GNUNET_OK; | 719 | return GNUNET_OK; |
711 | } | 720 | } |
712 | 721 | ||
@@ -721,42 +730,42 @@ OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
721 | * @param token_response where to store the response | 730 | * @param token_response where to store the response |
722 | */ | 731 | */ |
723 | void | 732 | void |
724 | OIDC_build_token_response(const char *access_token, | 733 | OIDC_build_token_response (const char *access_token, |
725 | const char *id_token, | 734 | const char *id_token, |
726 | const struct GNUNET_TIME_Relative *expiration_time, | 735 | const struct GNUNET_TIME_Relative *expiration_time, |
727 | char **token_response) | 736 | char **token_response) |
728 | { | 737 | { |
729 | json_t *root_json; | 738 | json_t *root_json; |
730 | 739 | ||
731 | root_json = json_object(); | 740 | root_json = json_object (); |
732 | 741 | ||
733 | GNUNET_assert(NULL != access_token); | 742 | GNUNET_assert (NULL != access_token); |
734 | GNUNET_assert(NULL != id_token); | 743 | GNUNET_assert (NULL != id_token); |
735 | GNUNET_assert(NULL != expiration_time); | 744 | GNUNET_assert (NULL != expiration_time); |
736 | json_object_set_new(root_json, "access_token", json_string(access_token)); | 745 | json_object_set_new (root_json, "access_token", json_string (access_token)); |
737 | json_object_set_new(root_json, "token_type", json_string("Bearer")); | 746 | json_object_set_new (root_json, "token_type", json_string ("Bearer")); |
738 | json_object_set_new(root_json, | 747 | json_object_set_new (root_json, |
739 | "expires_in", | 748 | "expires_in", |
740 | json_integer(expiration_time->rel_value_us / | 749 | json_integer (expiration_time->rel_value_us |
741 | (1000 * 1000))); | 750 | / (1000 * 1000))); |
742 | json_object_set_new(root_json, "id_token", json_string(id_token)); | 751 | json_object_set_new (root_json, "id_token", json_string (id_token)); |
743 | *token_response = json_dumps(root_json, JSON_INDENT(0) | JSON_COMPACT); | 752 | *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT); |
744 | json_decref(root_json); | 753 | json_decref (root_json); |
745 | } | 754 | } |
746 | 755 | ||
747 | /** | 756 | /** |
748 | * Generate a new access token | 757 | * Generate a new access token |
749 | */ | 758 | */ |
750 | char * | 759 | char * |
751 | OIDC_access_token_new() | 760 | OIDC_access_token_new () |
752 | { | 761 | { |
753 | char *access_token; | 762 | char *access_token; |
754 | uint64_t random_number; | 763 | uint64_t random_number; |
755 | 764 | ||
756 | random_number = | 765 | random_number = |
757 | GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); | 766 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); |
758 | GNUNET_STRINGS_base64_encode(&random_number, | 767 | GNUNET_STRINGS_base64_encode (&random_number, |
759 | sizeof(uint64_t), | 768 | sizeof(uint64_t), |
760 | &access_token); | 769 | &access_token); |
761 | return access_token; | 770 | return access_token; |
762 | } | 771 | } |
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 3f1dba254..a4a368ab5 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -250,14 +250,16 @@ static char *allow_methods; | |||
250 | /** | 250 | /** |
251 | * @brief struct returned by the initialization function of the plugin | 251 | * @brief struct returned by the initialization function of the plugin |
252 | */ | 252 | */ |
253 | struct Plugin { | 253 | struct Plugin |
254 | { | ||
254 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 255 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
255 | }; | 256 | }; |
256 | 257 | ||
257 | /** | 258 | /** |
258 | * OIDC needed variables | 259 | * OIDC needed variables |
259 | */ | 260 | */ |
260 | struct OIDC_Variables { | 261 | struct OIDC_Variables |
262 | { | ||
261 | /** | 263 | /** |
262 | * The RP client public key | 264 | * The RP client public key |
263 | */ | 265 | */ |
@@ -322,7 +324,8 @@ struct OIDC_Variables { | |||
322 | /** | 324 | /** |
323 | * The ego list | 325 | * The ego list |
324 | */ | 326 | */ |
325 | struct EgoEntry { | 327 | struct EgoEntry |
328 | { | ||
326 | /** | 329 | /** |
327 | * DLL | 330 | * DLL |
328 | */ | 331 | */ |
@@ -350,7 +353,8 @@ struct EgoEntry { | |||
350 | }; | 353 | }; |
351 | 354 | ||
352 | 355 | ||
353 | struct RequestHandle { | 356 | struct RequestHandle |
357 | { | ||
354 | /** | 358 | /** |
355 | * Ego list | 359 | * Ego list |
356 | */ | 360 | */ |
@@ -507,75 +511,75 @@ struct RequestHandle { | |||
507 | * @param handle Handle to clean up | 511 | * @param handle Handle to clean up |
508 | */ | 512 | */ |
509 | static void | 513 | static void |
510 | cleanup_handle(struct RequestHandle *handle) | 514 | cleanup_handle (struct RequestHandle *handle) |
511 | { | 515 | { |
512 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; | 516 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; |
513 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; | 517 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; |
514 | struct EgoEntry *ego_entry; | 518 | struct EgoEntry *ego_entry; |
515 | struct EgoEntry *ego_tmp; | 519 | struct EgoEntry *ego_tmp; |
516 | 520 | ||
517 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); | 521 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); |
518 | if (NULL != handle->timeout_task) | 522 | if (NULL != handle->timeout_task) |
519 | GNUNET_SCHEDULER_cancel(handle->timeout_task); | 523 | GNUNET_SCHEDULER_cancel (handle->timeout_task); |
520 | if (NULL != handle->identity_handle) | 524 | if (NULL != handle->identity_handle) |
521 | GNUNET_IDENTITY_disconnect(handle->identity_handle); | 525 | GNUNET_IDENTITY_disconnect (handle->identity_handle); |
522 | if (NULL != handle->attr_it) | 526 | if (NULL != handle->attr_it) |
523 | GNUNET_RECLAIM_get_attributes_stop(handle->attr_it); | 527 | GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); |
524 | if (NULL != handle->ticket_it) | 528 | if (NULL != handle->ticket_it) |
525 | GNUNET_RECLAIM_ticket_iteration_stop(handle->ticket_it); | 529 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); |
526 | if (NULL != handle->idp) | 530 | if (NULL != handle->idp) |
527 | GNUNET_RECLAIM_disconnect(handle->idp); | 531 | GNUNET_RECLAIM_disconnect (handle->idp); |
528 | GNUNET_free_non_null(handle->url); | 532 | GNUNET_free_non_null (handle->url); |
529 | GNUNET_free_non_null(handle->tld); | 533 | GNUNET_free_non_null (handle->tld); |
530 | GNUNET_free_non_null(handle->redirect_prefix); | 534 | GNUNET_free_non_null (handle->redirect_prefix); |
531 | GNUNET_free_non_null(handle->redirect_suffix); | 535 | GNUNET_free_non_null (handle->redirect_suffix); |
532 | GNUNET_free_non_null(handle->emsg); | 536 | GNUNET_free_non_null (handle->emsg); |
533 | GNUNET_free_non_null(handle->edesc); | 537 | GNUNET_free_non_null (handle->edesc); |
534 | if (NULL != handle->gns_op) | 538 | if (NULL != handle->gns_op) |
535 | GNUNET_GNS_lookup_cancel(handle->gns_op); | 539 | GNUNET_GNS_lookup_cancel (handle->gns_op); |
536 | if (NULL != handle->gns_handle) | 540 | if (NULL != handle->gns_handle) |
537 | GNUNET_GNS_disconnect(handle->gns_handle); | 541 | GNUNET_GNS_disconnect (handle->gns_handle); |
538 | 542 | ||
539 | if (NULL != handle->namestore_handle) | 543 | if (NULL != handle->namestore_handle) |
540 | GNUNET_NAMESTORE_disconnect(handle->namestore_handle); | 544 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
541 | if (NULL != handle->oidc) | 545 | if (NULL != handle->oidc) |
542 | { | 546 | { |
543 | GNUNET_free_non_null(handle->oidc->client_id); | 547 | GNUNET_free_non_null (handle->oidc->client_id); |
544 | GNUNET_free_non_null(handle->oidc->login_identity); | 548 | GNUNET_free_non_null (handle->oidc->login_identity); |
545 | GNUNET_free_non_null(handle->oidc->nonce); | 549 | GNUNET_free_non_null (handle->oidc->nonce); |
546 | GNUNET_free_non_null(handle->oidc->redirect_uri); | 550 | GNUNET_free_non_null (handle->oidc->redirect_uri); |
547 | GNUNET_free_non_null(handle->oidc->response_type); | 551 | GNUNET_free_non_null (handle->oidc->response_type); |
548 | GNUNET_free_non_null(handle->oidc->scope); | 552 | GNUNET_free_non_null (handle->oidc->scope); |
549 | GNUNET_free_non_null(handle->oidc->state); | 553 | GNUNET_free_non_null (handle->oidc->state); |
550 | json_decref(handle->oidc->response); | 554 | json_decref (handle->oidc->response); |
551 | GNUNET_free(handle->oidc); | 555 | GNUNET_free (handle->oidc); |
552 | } | 556 | } |
553 | if (NULL != handle->attr_list) | 557 | if (NULL != handle->attr_list) |
558 | { | ||
559 | for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) | ||
554 | { | 560 | { |
555 | for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) | 561 | claim_tmp = claim_entry; |
556 | { | 562 | claim_entry = claim_entry->next; |
557 | claim_tmp = claim_entry; | 563 | GNUNET_free (claim_tmp->claim); |
558 | claim_entry = claim_entry->next; | 564 | GNUNET_free (claim_tmp); |
559 | GNUNET_free(claim_tmp->claim); | ||
560 | GNUNET_free(claim_tmp); | ||
561 | } | ||
562 | GNUNET_free(handle->attr_list); | ||
563 | } | 565 | } |
566 | GNUNET_free (handle->attr_list); | ||
567 | } | ||
564 | for (ego_entry = handle->ego_head; NULL != ego_entry;) | 568 | for (ego_entry = handle->ego_head; NULL != ego_entry;) |
565 | { | 569 | { |
566 | ego_tmp = ego_entry; | 570 | ego_tmp = ego_entry; |
567 | ego_entry = ego_entry->next; | 571 | ego_entry = ego_entry->next; |
568 | GNUNET_free(ego_tmp->identifier); | 572 | GNUNET_free (ego_tmp->identifier); |
569 | GNUNET_free(ego_tmp->keystring); | 573 | GNUNET_free (ego_tmp->keystring); |
570 | GNUNET_free(ego_tmp); | 574 | GNUNET_free (ego_tmp); |
571 | } | 575 | } |
572 | GNUNET_free(handle); | 576 | GNUNET_free (handle); |
573 | } | 577 | } |
574 | 578 | ||
575 | static void | 579 | static void |
576 | cleanup_handle_delayed(void *cls) | 580 | cleanup_handle_delayed (void *cls) |
577 | { | 581 | { |
578 | cleanup_handle(cls); | 582 | cleanup_handle (cls); |
579 | } | 583 | } |
580 | 584 | ||
581 | 585 | ||
@@ -585,30 +589,30 @@ cleanup_handle_delayed(void *cls) | |||
585 | * @param cls the `struct RequestHandle` | 589 | * @param cls the `struct RequestHandle` |
586 | */ | 590 | */ |
587 | static void | 591 | static void |
588 | do_error(void *cls) | 592 | do_error (void *cls) |
589 | { | 593 | { |
590 | struct RequestHandle *handle = cls; | 594 | struct RequestHandle *handle = cls; |
591 | struct MHD_Response *resp; | 595 | struct MHD_Response *resp; |
592 | char *json_error; | 596 | char *json_error; |
593 | 597 | ||
594 | GNUNET_asprintf(&json_error, | 598 | GNUNET_asprintf (&json_error, |
595 | "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", | 599 | "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", |
596 | handle->emsg, | 600 | handle->emsg, |
597 | (NULL != handle->edesc) ? handle->edesc : "", | 601 | (NULL != handle->edesc) ? handle->edesc : "", |
598 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", | 602 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", |
599 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 603 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
600 | (NULL != handle->oidc->state) ? "\"" : ""); | 604 | (NULL != handle->oidc->state) ? "\"" : ""); |
601 | if (0 == handle->response_code) | 605 | if (0 == handle->response_code) |
602 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 606 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
603 | resp = GNUNET_REST_create_response(json_error); | 607 | resp = GNUNET_REST_create_response (json_error); |
604 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) | 608 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) |
605 | MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); | 609 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); |
606 | MHD_add_response_header(resp, | 610 | MHD_add_response_header (resp, |
607 | MHD_HTTP_HEADER_CONTENT_TYPE, | 611 | MHD_HTTP_HEADER_CONTENT_TYPE, |
608 | "application/json"); | 612 | "application/json"); |
609 | handle->proc(handle->proc_cls, resp, handle->response_code); | 613 | handle->proc (handle->proc_cls, resp, handle->response_code); |
610 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 614 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
611 | GNUNET_free(json_error); | 615 | GNUNET_free (json_error); |
612 | } | 616 | } |
613 | 617 | ||
614 | 618 | ||
@@ -619,21 +623,21 @@ do_error(void *cls) | |||
619 | * @param cls the `struct RequestHandle` | 623 | * @param cls the `struct RequestHandle` |
620 | */ | 624 | */ |
621 | static void | 625 | static void |
622 | do_userinfo_error(void *cls) | 626 | do_userinfo_error (void *cls) |
623 | { | 627 | { |
624 | struct RequestHandle *handle = cls; | 628 | struct RequestHandle *handle = cls; |
625 | struct MHD_Response *resp; | 629 | struct MHD_Response *resp; |
626 | char *error; | 630 | char *error; |
627 | 631 | ||
628 | GNUNET_asprintf(&error, | 632 | GNUNET_asprintf (&error, |
629 | "error=\"%s\", error_description=\"%s\"", | 633 | "error=\"%s\", error_description=\"%s\"", |
630 | handle->emsg, | 634 | handle->emsg, |
631 | (NULL != handle->edesc) ? handle->edesc : ""); | 635 | (NULL != handle->edesc) ? handle->edesc : ""); |
632 | resp = GNUNET_REST_create_response(""); | 636 | resp = GNUNET_REST_create_response (""); |
633 | MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); | 637 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); |
634 | handle->proc(handle->proc_cls, resp, handle->response_code); | 638 | handle->proc (handle->proc_cls, resp, handle->response_code); |
635 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 639 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
636 | GNUNET_free(error); | 640 | GNUNET_free (error); |
637 | } | 641 | } |
638 | 642 | ||
639 | 643 | ||
@@ -643,24 +647,24 @@ do_userinfo_error(void *cls) | |||
643 | * @param cls the `struct RequestHandle` | 647 | * @param cls the `struct RequestHandle` |
644 | */ | 648 | */ |
645 | static void | 649 | static void |
646 | do_redirect_error(void *cls) | 650 | do_redirect_error (void *cls) |
647 | { | 651 | { |
648 | struct RequestHandle *handle = cls; | 652 | struct RequestHandle *handle = cls; |
649 | struct MHD_Response *resp; | 653 | struct MHD_Response *resp; |
650 | char *redirect; | 654 | char *redirect; |
651 | 655 | ||
652 | GNUNET_asprintf(&redirect, | 656 | GNUNET_asprintf (&redirect, |
653 | "%s?error=%s&error_description=%s%s%s", | 657 | "%s?error=%s&error_description=%s%s%s", |
654 | handle->oidc->redirect_uri, | 658 | handle->oidc->redirect_uri, |
655 | handle->emsg, | 659 | handle->emsg, |
656 | handle->edesc, | 660 | handle->edesc, |
657 | (NULL != handle->oidc->state) ? "&state=" : "", | 661 | (NULL != handle->oidc->state) ? "&state=" : "", |
658 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); | 662 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); |
659 | resp = GNUNET_REST_create_response(""); | 663 | resp = GNUNET_REST_create_response (""); |
660 | MHD_add_response_header(resp, "Location", redirect); | 664 | MHD_add_response_header (resp, "Location", redirect); |
661 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 665 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
662 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 666 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
663 | GNUNET_free(redirect); | 667 | GNUNET_free (redirect); |
664 | } | 668 | } |
665 | 669 | ||
666 | /** | 670 | /** |
@@ -669,12 +673,12 @@ do_redirect_error(void *cls) | |||
669 | * @param cls the `struct RequestHandle` | 673 | * @param cls the `struct RequestHandle` |
670 | */ | 674 | */ |
671 | static void | 675 | static void |
672 | do_timeout(void *cls) | 676 | do_timeout (void *cls) |
673 | { | 677 | { |
674 | struct RequestHandle *handle = cls; | 678 | struct RequestHandle *handle = cls; |
675 | 679 | ||
676 | handle->timeout_task = NULL; | 680 | handle->timeout_task = NULL; |
677 | do_error(handle); | 681 | do_error (handle); |
678 | } | 682 | } |
679 | 683 | ||
680 | /** | 684 | /** |
@@ -683,18 +687,18 @@ do_timeout(void *cls) | |||
683 | * @param cls the request handle | 687 | * @param cls the request handle |
684 | */ | 688 | */ |
685 | static void | 689 | static void |
686 | return_userinfo_response(void *cls) | 690 | return_userinfo_response (void *cls) |
687 | { | 691 | { |
688 | char *result_str; | 692 | char *result_str; |
689 | struct RequestHandle *handle = cls; | 693 | struct RequestHandle *handle = cls; |
690 | struct MHD_Response *resp; | 694 | struct MHD_Response *resp; |
691 | 695 | ||
692 | result_str = json_dumps(handle->oidc->response, 0); | 696 | result_str = json_dumps (handle->oidc->response, 0); |
693 | 697 | ||
694 | resp = GNUNET_REST_create_response(result_str); | 698 | resp = GNUNET_REST_create_response (result_str); |
695 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 699 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
696 | GNUNET_free(result_str); | 700 | GNUNET_free (result_str); |
697 | cleanup_handle(handle); | 701 | cleanup_handle (handle); |
698 | } | 702 | } |
699 | 703 | ||
700 | 704 | ||
@@ -706,18 +710,18 @@ return_userinfo_response(void *cls) | |||
706 | * @param cls the RequestHandle | 710 | * @param cls the RequestHandle |
707 | */ | 711 | */ |
708 | static void | 712 | static void |
709 | options_cont(struct GNUNET_REST_RequestHandle *con_handle, | 713 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, |
710 | const char *url, | 714 | const char *url, |
711 | void *cls) | 715 | void *cls) |
712 | { | 716 | { |
713 | struct MHD_Response *resp; | 717 | struct MHD_Response *resp; |
714 | struct RequestHandle *handle = cls; | 718 | struct RequestHandle *handle = cls; |
715 | 719 | ||
716 | // For now, independent of path return all options | 720 | // For now, independent of path return all options |
717 | resp = GNUNET_REST_create_response(NULL); | 721 | resp = GNUNET_REST_create_response (NULL); |
718 | MHD_add_response_header(resp, "Access-Control-Allow-Methods", allow_methods); | 722 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); |
719 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 723 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
720 | cleanup_handle(handle); | 724 | cleanup_handle (handle); |
721 | return; | 725 | return; |
722 | } | 726 | } |
723 | 727 | ||
@@ -726,7 +730,7 @@ options_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
726 | * Interprets cookie header and pass its identity keystring to handle | 730 | * Interprets cookie header and pass its identity keystring to handle |
727 | */ | 731 | */ |
728 | static void | 732 | static void |
729 | cookie_identity_interpretation(struct RequestHandle *handle) | 733 | cookie_identity_interpretation (struct RequestHandle *handle) |
730 | { | 734 | { |
731 | struct GNUNET_HashCode cache_key; | 735 | struct GNUNET_HashCode cache_key; |
732 | char *cookies; | 736 | char *cookies; |
@@ -737,143 +741,144 @@ cookie_identity_interpretation(struct RequestHandle *handle) | |||
737 | char *value; | 741 | char *value; |
738 | 742 | ||
739 | // gets identity of login try with cookie | 743 | // gets identity of login try with cookie |
740 | GNUNET_CRYPTO_hash(OIDC_COOKIE_HEADER_KEY, | 744 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, |
741 | strlen(OIDC_COOKIE_HEADER_KEY), | 745 | strlen (OIDC_COOKIE_HEADER_KEY), |
742 | &cache_key); | 746 | &cache_key); |
743 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 747 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
744 | ->header_param_map, | 748 | ->header_param_map, |
745 | &cache_key)) | 749 | &cache_key)) |
746 | { | 750 | { |
747 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); | 751 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); |
748 | return; | 752 | return; |
749 | } | 753 | } |
750 | // splits cookies and find 'Identity' cookie | 754 | // splits cookies and find 'Identity' cookie |
751 | tmp_cookies = | 755 | tmp_cookies = |
752 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, | 756 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, |
753 | &cache_key); | 757 | &cache_key); |
754 | cookies = GNUNET_strdup(tmp_cookies); | 758 | cookies = GNUNET_strdup (tmp_cookies); |
755 | token = strtok(cookies, delimiter); | 759 | token = strtok (cookies, delimiter); |
756 | handle->oidc->user_cancelled = GNUNET_NO; | 760 | handle->oidc->user_cancelled = GNUNET_NO; |
757 | handle->oidc->login_identity = NULL; | 761 | handle->oidc->login_identity = NULL; |
758 | if (NULL == token) | 762 | if (NULL == token) |
759 | { | 763 | { |
760 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 764 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
761 | "Unable to parse cookie: %s\n", | 765 | "Unable to parse cookie: %s\n", |
762 | cookies); | 766 | cookies); |
763 | GNUNET_free(cookies); | 767 | GNUNET_free (cookies); |
764 | return; | 768 | return; |
765 | } | 769 | } |
766 | 770 | ||
767 | while (NULL != token) | 771 | while (NULL != token) |
772 | { | ||
773 | if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) | ||
768 | { | 774 | { |
769 | if (0 == strcmp(token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) | 775 | handle->oidc->user_cancelled = GNUNET_YES; |
770 | { | 776 | GNUNET_free (cookies); |
771 | handle->oidc->user_cancelled = GNUNET_YES; | ||
772 | GNUNET_free(cookies); | ||
773 | return; | ||
774 | } | ||
775 | if (NULL != strstr(token, OIDC_COOKIE_HEADER_INFORMATION_KEY)) | ||
776 | break; | ||
777 | token = strtok(NULL, delimiter); | ||
778 | } | ||
779 | if (NULL == token) | ||
780 | { | ||
781 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | ||
782 | "No cookie value to process: %s\n", | ||
783 | cookies); | ||
784 | GNUNET_free(cookies); | ||
785 | return; | 777 | return; |
786 | } | 778 | } |
787 | GNUNET_CRYPTO_hash(token, strlen(token), &cache_key); | 779 | if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY)) |
780 | break; | ||
781 | token = strtok (NULL, delimiter); | ||
782 | } | ||
783 | if (NULL == token) | ||
784 | { | ||
785 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
786 | "No cookie value to process: %s\n", | ||
787 | cookies); | ||
788 | GNUNET_free (cookies); | ||
789 | return; | ||
790 | } | ||
791 | GNUNET_CRYPTO_hash (token, strlen (token), &cache_key); | ||
788 | if (GNUNET_NO == | 792 | if (GNUNET_NO == |
789 | GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key)) | 793 | GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) |
790 | { | 794 | { |
791 | GNUNET_log( | 795 | GNUNET_log ( |
792 | GNUNET_ERROR_TYPE_WARNING, | 796 | GNUNET_ERROR_TYPE_WARNING, |
793 | "Found cookie `%s', but no corresponding expiration entry present...\n", | 797 | "Found cookie `%s', but no corresponding expiration entry present...\n", |
794 | token); | 798 | token); |
795 | GNUNET_free(cookies); | 799 | GNUNET_free (cookies); |
796 | return; | 800 | return; |
797 | } | 801 | } |
798 | relog_time = | 802 | relog_time = |
799 | GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); | 803 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
800 | current_time = GNUNET_TIME_absolute_get(); | 804 | current_time = GNUNET_TIME_absolute_get (); |
801 | // 30 min after old login -> redirect to login | 805 | // 30 min after old login -> redirect to login |
802 | if (current_time.abs_value_us > relog_time->abs_value_us) | 806 | if (current_time.abs_value_us > relog_time->abs_value_us) |
803 | { | 807 | { |
804 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 808 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
805 | "Found cookie `%s', but it is expired.\n", | 809 | "Found cookie `%s', but it is expired.\n", |
806 | token); | 810 | token); |
807 | GNUNET_free(cookies); | 811 | GNUNET_free (cookies); |
808 | return; | 812 | return; |
809 | } | 813 | } |
810 | value = strtok(token, OIDC_COOKIE_HEADER_INFORMATION_KEY); | 814 | value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY); |
811 | GNUNET_assert(NULL != value); | 815 | GNUNET_assert (NULL != value); |
812 | handle->oidc->login_identity = GNUNET_strdup(value); | 816 | handle->oidc->login_identity = GNUNET_strdup (value); |
813 | GNUNET_free(cookies); | 817 | GNUNET_free (cookies); |
814 | } | 818 | } |
815 | 819 | ||
816 | /** | 820 | /** |
817 | * Redirects to login page stored in configuration file | 821 | * Redirects to login page stored in configuration file |
818 | */ | 822 | */ |
819 | static void | 823 | static void |
820 | login_redirect(void *cls) | 824 | login_redirect (void *cls) |
821 | { | 825 | { |
822 | char *login_base_url; | 826 | char *login_base_url; |
823 | char *new_redirect; | 827 | char *new_redirect; |
824 | struct MHD_Response *resp; | 828 | struct MHD_Response *resp; |
825 | struct RequestHandle *handle = cls; | 829 | struct RequestHandle *handle = cls; |
826 | 830 | ||
827 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg, | 831 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, |
828 | "reclaim-rest-plugin", | 832 | "reclaim-rest-plugin", |
829 | "address", | 833 | "address", |
830 | &login_base_url)) | 834 | &login_base_url)) |
831 | { | 835 | { |
832 | GNUNET_asprintf(&new_redirect, | 836 | GNUNET_asprintf (&new_redirect, |
833 | "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 837 | "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
834 | login_base_url, | 838 | login_base_url, |
835 | OIDC_RESPONSE_TYPE_KEY, | 839 | OIDC_RESPONSE_TYPE_KEY, |
836 | handle->oidc->response_type, | 840 | handle->oidc->response_type, |
837 | OIDC_CLIENT_ID_KEY, | 841 | OIDC_CLIENT_ID_KEY, |
838 | handle->oidc->client_id, | 842 | handle->oidc->client_id, |
839 | OIDC_REDIRECT_URI_KEY, | 843 | OIDC_REDIRECT_URI_KEY, |
840 | handle->oidc->redirect_uri, | 844 | handle->oidc->redirect_uri, |
841 | OIDC_SCOPE_KEY, | 845 | OIDC_SCOPE_KEY, |
842 | handle->oidc->scope, | 846 | handle->oidc->scope, |
843 | OIDC_STATE_KEY, | 847 | OIDC_STATE_KEY, |
844 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 848 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
845 | OIDC_CODE_CHALLENGE_KEY, | 849 | OIDC_CODE_CHALLENGE_KEY, |
846 | (NULL != handle->oidc->code_challenge) ? handle->oidc->code_challenge : "", | 850 | (NULL != handle->oidc->code_challenge) ? |
847 | OIDC_NONCE_KEY, | 851 | handle->oidc->code_challenge : "", |
848 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); | 852 | OIDC_NONCE_KEY, |
849 | resp = GNUNET_REST_create_response(""); | 853 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); |
850 | MHD_add_response_header(resp, "Location", new_redirect); | 854 | resp = GNUNET_REST_create_response (""); |
851 | GNUNET_free(login_base_url); | 855 | MHD_add_response_header (resp, "Location", new_redirect); |
852 | } | 856 | GNUNET_free (login_base_url); |
857 | } | ||
853 | else | 858 | else |
854 | { | 859 | { |
855 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 860 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
856 | handle->edesc = GNUNET_strdup("gnunet configuration failed"); | 861 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
857 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 862 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
858 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 863 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
859 | return; | 864 | return; |
860 | } | 865 | } |
861 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 866 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
862 | GNUNET_free(new_redirect); | 867 | GNUNET_free (new_redirect); |
863 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 868 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
864 | } | 869 | } |
865 | 870 | ||
866 | /** | 871 | /** |
867 | * Does internal server error when iteration failed. | 872 | * Does internal server error when iteration failed. |
868 | */ | 873 | */ |
869 | static void | 874 | static void |
870 | oidc_iteration_error(void *cls) | 875 | oidc_iteration_error (void *cls) |
871 | { | 876 | { |
872 | struct RequestHandle *handle = cls; | 877 | struct RequestHandle *handle = cls; |
873 | 878 | ||
874 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 879 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
875 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 880 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
876 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 881 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
877 | } | 882 | } |
878 | 883 | ||
879 | 884 | ||
@@ -882,7 +887,7 @@ oidc_iteration_error(void *cls) | |||
882 | * parameter. Otherwise redirects with error | 887 | * parameter. Otherwise redirects with error |
883 | */ | 888 | */ |
884 | static void | 889 | static void |
885 | oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | 890 | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) |
886 | { | 891 | { |
887 | struct RequestHandle *handle = cls; | 892 | struct RequestHandle *handle = cls; |
888 | struct MHD_Response *resp; | 893 | struct MHD_Response *resp; |
@@ -892,72 +897,72 @@ oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
892 | 897 | ||
893 | handle->idp_op = NULL; | 898 | handle->idp_op = NULL; |
894 | if (NULL == ticket) | 899 | if (NULL == ticket) |
895 | { | 900 | { |
896 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 901 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
897 | handle->edesc = GNUNET_strdup("Server cannot generate ticket."); | 902 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); |
898 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 903 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
899 | return; | 904 | return; |
900 | } | 905 | } |
901 | handle->ticket = *ticket; | 906 | handle->ticket = *ticket; |
902 | ticket_str = | 907 | ticket_str = |
903 | GNUNET_STRINGS_data_to_string_alloc(&handle->ticket, | 908 | GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, |
904 | sizeof(struct GNUNET_RECLAIM_Ticket)); | 909 | sizeof(struct GNUNET_RECLAIM_Ticket)); |
905 | // TODO change if more attributes are needed (see max_age) | 910 | // TODO change if more attributes are needed (see max_age) |
906 | code_string = OIDC_build_authz_code(&handle->priv_key, | 911 | code_string = OIDC_build_authz_code (&handle->priv_key, |
907 | &handle->ticket, | 912 | &handle->ticket, |
908 | handle->attr_list, | 913 | handle->attr_list, |
909 | handle->oidc->nonce, | 914 | handle->oidc->nonce, |
910 | handle->oidc->code_challenge); | 915 | handle->oidc->code_challenge); |
911 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | 916 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
912 | (NULL != handle->tld)) | 917 | (NULL != handle->tld)) |
913 | { | 918 | { |
914 | GNUNET_asprintf(&redirect_uri, | 919 | GNUNET_asprintf (&redirect_uri, |
915 | "%s.%s/%s?%s=%s&state=%s", | 920 | "%s.%s/%s?%s=%s&state=%s", |
916 | handle->redirect_prefix, | 921 | handle->redirect_prefix, |
917 | handle->tld, | 922 | handle->tld, |
918 | handle->redirect_suffix, | 923 | handle->redirect_suffix, |
919 | handle->oidc->response_type, | 924 | handle->oidc->response_type, |
920 | code_string, | 925 | code_string, |
921 | handle->oidc->state); | 926 | handle->oidc->state); |
922 | } | 927 | } |
923 | else | 928 | else |
924 | { | 929 | { |
925 | GNUNET_asprintf(&redirect_uri, | 930 | GNUNET_asprintf (&redirect_uri, |
926 | "%s?%s=%s&state=%s", | 931 | "%s?%s=%s&state=%s", |
927 | handle->oidc->redirect_uri, | 932 | handle->oidc->redirect_uri, |
928 | handle->oidc->response_type, | 933 | handle->oidc->response_type, |
929 | code_string, | 934 | code_string, |
930 | handle->oidc->state); | 935 | handle->oidc->state); |
931 | } | 936 | } |
932 | resp = GNUNET_REST_create_response(""); | 937 | resp = GNUNET_REST_create_response (""); |
933 | MHD_add_response_header(resp, "Location", redirect_uri); | 938 | MHD_add_response_header (resp, "Location", redirect_uri); |
934 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 939 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
935 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 940 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
936 | GNUNET_free(redirect_uri); | 941 | GNUNET_free (redirect_uri); |
937 | GNUNET_free(ticket_str); | 942 | GNUNET_free (ticket_str); |
938 | GNUNET_free(code_string); | 943 | GNUNET_free (code_string); |
939 | } | 944 | } |
940 | 945 | ||
941 | static void | 946 | static void |
942 | oidc_collect_finished_cb(void *cls) | 947 | oidc_collect_finished_cb (void *cls) |
943 | { | 948 | { |
944 | struct RequestHandle *handle = cls; | 949 | struct RequestHandle *handle = cls; |
945 | 950 | ||
946 | handle->attr_it = NULL; | 951 | handle->attr_it = NULL; |
947 | handle->ticket_it = NULL; | 952 | handle->ticket_it = NULL; |
948 | if (NULL == handle->attr_list->list_head) | 953 | if (NULL == handle->attr_list->list_head) |
949 | { | 954 | { |
950 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); | 955 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
951 | handle->edesc = GNUNET_strdup("The requested scope is not available."); | 956 | handle->edesc = GNUNET_strdup ("The requested scope is not available."); |
952 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 957 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
953 | return; | 958 | return; |
954 | } | 959 | } |
955 | handle->idp_op = GNUNET_RECLAIM_ticket_issue(handle->idp, | 960 | handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, |
956 | &handle->priv_key, | 961 | &handle->priv_key, |
957 | &handle->oidc->client_pkey, | 962 | &handle->oidc->client_pkey, |
958 | handle->attr_list, | 963 | handle->attr_list, |
959 | &oidc_ticket_issue_cb, | 964 | &oidc_ticket_issue_cb, |
960 | handle); | 965 | handle); |
961 | } | 966 | } |
962 | 967 | ||
963 | 968 | ||
@@ -965,9 +970,9 @@ oidc_collect_finished_cb(void *cls) | |||
965 | * Collects all attributes for an ego if in scope parameter | 970 | * Collects all attributes for an ego if in scope parameter |
966 | */ | 971 | */ |
967 | static void | 972 | static void |
968 | oidc_attr_collect(void *cls, | 973 | oidc_attr_collect (void *cls, |
969 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 974 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
970 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) | 975 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) |
971 | { | 976 | { |
972 | struct RequestHandle *handle = cls; | 977 | struct RequestHandle *handle = cls; |
973 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 978 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
@@ -976,38 +981,38 @@ oidc_attr_collect(void *cls, | |||
976 | char delimiter[] = " "; | 981 | char delimiter[] = " "; |
977 | 982 | ||
978 | if ((NULL == attr->name) || (NULL == attr->data)) | 983 | if ((NULL == attr->name) || (NULL == attr->data)) |
979 | { | 984 | { |
980 | GNUNET_RECLAIM_get_attributes_next(handle->attr_it); | 985 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
981 | return; | 986 | return; |
982 | } | 987 | } |
983 | 988 | ||
984 | scope_variables = GNUNET_strdup(handle->oidc->scope); | 989 | scope_variables = GNUNET_strdup (handle->oidc->scope); |
985 | scope_variable = strtok(scope_variables, delimiter); | 990 | scope_variable = strtok (scope_variables, delimiter); |
986 | while (NULL != scope_variable) | 991 | while (NULL != scope_variable) |
987 | { | 992 | { |
988 | if (0 == strcmp(attr->name, scope_variable)) | 993 | if (0 == strcmp (attr->name, scope_variable)) |
989 | break; | 994 | break; |
990 | scope_variable = strtok(NULL, delimiter); | 995 | scope_variable = strtok (NULL, delimiter); |
991 | } | 996 | } |
992 | if (NULL == scope_variable) | 997 | if (NULL == scope_variable) |
993 | { | 998 | { |
994 | GNUNET_RECLAIM_get_attributes_next(handle->attr_it); | 999 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
995 | GNUNET_free(scope_variables); | 1000 | GNUNET_free (scope_variables); |
996 | return; | 1001 | return; |
997 | } | 1002 | } |
998 | GNUNET_free(scope_variables); | 1003 | GNUNET_free (scope_variables); |
999 | 1004 | ||
1000 | le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); | 1005 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); |
1001 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new(attr->name, | 1006 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, |
1002 | attr->type, | 1007 | attr->type, |
1003 | attr->data, | 1008 | attr->data, |
1004 | attr->data_size); | 1009 | attr->data_size); |
1005 | le->claim->id = attr->id; | 1010 | le->claim->id = attr->id; |
1006 | le->claim->version = attr->version; | 1011 | le->claim->version = attr->version; |
1007 | GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, | 1012 | GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head, |
1008 | handle->attr_list->list_tail, | 1013 | handle->attr_list->list_tail, |
1009 | le); | 1014 | le); |
1010 | GNUNET_RECLAIM_get_attributes_next(handle->attr_it); | 1015 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
1011 | } | 1016 | } |
1012 | 1017 | ||
1013 | 1018 | ||
@@ -1015,7 +1020,7 @@ oidc_attr_collect(void *cls, | |||
1015 | * Checks time and cookie and redirects accordingly | 1020 | * Checks time and cookie and redirects accordingly |
1016 | */ | 1021 | */ |
1017 | static void | 1022 | static void |
1018 | code_redirect(void *cls) | 1023 | code_redirect (void *cls) |
1019 | { | 1024 | { |
1020 | struct RequestHandle *handle = cls; | 1025 | struct RequestHandle *handle = cls; |
1021 | struct GNUNET_TIME_Absolute current_time; | 1026 | struct GNUNET_TIME_Absolute current_time; |
@@ -1025,111 +1030,111 @@ code_redirect(void *cls) | |||
1025 | struct GNUNET_HashCode cache_key; | 1030 | struct GNUNET_HashCode cache_key; |
1026 | char *identity_cookie; | 1031 | char *identity_cookie; |
1027 | 1032 | ||
1028 | GNUNET_asprintf(&identity_cookie, | 1033 | GNUNET_asprintf (&identity_cookie, |
1029 | "Identity=%s", | 1034 | "Identity=%s", |
1030 | handle->oidc->login_identity); | 1035 | handle->oidc->login_identity); |
1031 | GNUNET_CRYPTO_hash(identity_cookie, strlen(identity_cookie), &cache_key); | 1036 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); |
1032 | GNUNET_free(identity_cookie); | 1037 | GNUNET_free (identity_cookie); |
1033 | // No login time for identity -> redirect to login | 1038 | // No login time for identity -> redirect to login |
1034 | if (GNUNET_YES == | 1039 | if (GNUNET_YES == |
1035 | GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key)) | 1040 | GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) |
1036 | { | 1041 | { |
1037 | relog_time = | 1042 | relog_time = |
1038 | GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); | 1043 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
1039 | current_time = GNUNET_TIME_absolute_get(); | 1044 | current_time = GNUNET_TIME_absolute_get (); |
1040 | // 30 min after old login -> redirect to login | 1045 | // 30 min after old login -> redirect to login |
1041 | if (current_time.abs_value_us <= relog_time->abs_value_us) | 1046 | if (current_time.abs_value_us <= relog_time->abs_value_us) |
1047 | { | ||
1048 | if (GNUNET_OK != | ||
1049 | GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc | ||
1050 | ->login_identity, | ||
1051 | strlen ( | ||
1052 | handle->oidc | ||
1053 | ->login_identity), | ||
1054 | &pubkey)) | ||
1055 | { | ||
1056 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); | ||
1057 | handle->edesc = | ||
1058 | GNUNET_strdup ("The cookie of a login identity is not valid"); | ||
1059 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1060 | return; | ||
1061 | } | ||
1062 | // iterate over egos and compare their public key | ||
1063 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; | ||
1064 | handle->ego_entry = handle->ego_entry->next) | ||
1065 | { | ||
1066 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); | ||
1067 | if (0 == GNUNET_memcmp (&ego_pkey, &pubkey)) | ||
1042 | { | 1068 | { |
1043 | if (GNUNET_OK != | 1069 | handle->priv_key = |
1044 | GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc | 1070 | *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1045 | ->login_identity, | 1071 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1046 | strlen( | 1072 | handle->attr_list = |
1047 | handle->oidc | 1073 | GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1048 | ->login_identity), | 1074 | handle->attr_it = |
1049 | &pubkey)) | 1075 | GNUNET_RECLAIM_get_attributes_start (handle->idp, |
1050 | { | 1076 | &handle->priv_key, |
1051 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_COOKIE); | 1077 | &oidc_iteration_error, |
1052 | handle->edesc = | 1078 | handle, |
1053 | GNUNET_strdup("The cookie of a login identity is not valid"); | 1079 | &oidc_attr_collect, |
1054 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1080 | handle, |
1055 | return; | 1081 | &oidc_collect_finished_cb, |
1056 | } | 1082 | handle); |
1057 | // iterate over egos and compare their public key | ||
1058 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; | ||
1059 | handle->ego_entry = handle->ego_entry->next) | ||
1060 | { | ||
1061 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego, &ego_pkey); | ||
1062 | if (0 == GNUNET_memcmp(&ego_pkey, &pubkey)) | ||
1063 | { | ||
1064 | handle->priv_key = | ||
1065 | *GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego); | ||
1066 | handle->idp = GNUNET_RECLAIM_connect(cfg); | ||
1067 | handle->attr_list = | ||
1068 | GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | ||
1069 | handle->attr_it = | ||
1070 | GNUNET_RECLAIM_get_attributes_start(handle->idp, | ||
1071 | &handle->priv_key, | ||
1072 | &oidc_iteration_error, | ||
1073 | handle, | ||
1074 | &oidc_attr_collect, | ||
1075 | handle, | ||
1076 | &oidc_collect_finished_cb, | ||
1077 | handle); | ||
1078 | return; | ||
1079 | } | ||
1080 | } | ||
1081 | GNUNET_SCHEDULER_add_now(&login_redirect, handle); | ||
1082 | return; | 1083 | return; |
1083 | } | 1084 | } |
1085 | } | ||
1086 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); | ||
1087 | return; | ||
1084 | } | 1088 | } |
1089 | } | ||
1085 | } | 1090 | } |
1086 | 1091 | ||
1087 | 1092 | ||
1088 | static void | 1093 | static void |
1089 | build_redirect(void *cls) | 1094 | build_redirect (void *cls) |
1090 | { | 1095 | { |
1091 | struct RequestHandle *handle = cls; | 1096 | struct RequestHandle *handle = cls; |
1092 | struct MHD_Response *resp; | 1097 | struct MHD_Response *resp; |
1093 | char *redirect_uri; | 1098 | char *redirect_uri; |
1094 | 1099 | ||
1095 | if (GNUNET_YES == handle->oidc->user_cancelled) | 1100 | if (GNUNET_YES == handle->oidc->user_cancelled) |
1096 | { | 1101 | { |
1097 | if ((NULL != handle->redirect_prefix) && | 1102 | if ((NULL != handle->redirect_prefix) && |
1098 | (NULL != handle->redirect_suffix) && (NULL != handle->tld)) | 1103 | (NULL != handle->redirect_suffix) && (NULL != handle->tld)) |
1099 | { | 1104 | { |
1100 | GNUNET_asprintf(&redirect_uri, | 1105 | GNUNET_asprintf (&redirect_uri, |
1101 | "%s.%s/%s?error=%s&error_description=%s&state=%s", | 1106 | "%s.%s/%s?error=%s&error_description=%s&state=%s", |
1102 | handle->redirect_prefix, | 1107 | handle->redirect_prefix, |
1103 | handle->tld, | 1108 | handle->tld, |
1104 | handle->redirect_suffix, | 1109 | handle->redirect_suffix, |
1105 | "access_denied", | 1110 | "access_denied", |
1106 | "User denied access", | 1111 | "User denied access", |
1107 | handle->oidc->state); | 1112 | handle->oidc->state); |
1108 | } | 1113 | } |
1109 | else | 1114 | else |
1110 | { | 1115 | { |
1111 | GNUNET_asprintf(&redirect_uri, | 1116 | GNUNET_asprintf (&redirect_uri, |
1112 | "%s?error=%s&error_description=%s&state=%s", | 1117 | "%s?error=%s&error_description=%s&state=%s", |
1113 | handle->oidc->redirect_uri, | 1118 | handle->oidc->redirect_uri, |
1114 | "access_denied", | 1119 | "access_denied", |
1115 | "User denied access", | 1120 | "User denied access", |
1116 | handle->oidc->state); | 1121 | handle->oidc->state); |
1117 | } | 1122 | } |
1118 | resp = GNUNET_REST_create_response(""); | 1123 | resp = GNUNET_REST_create_response (""); |
1119 | MHD_add_response_header(resp, "Location", redirect_uri); | 1124 | MHD_add_response_header (resp, "Location", redirect_uri); |
1120 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 1125 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1121 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1126 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1122 | GNUNET_free(redirect_uri); | 1127 | GNUNET_free (redirect_uri); |
1123 | return; | 1128 | return; |
1124 | } | 1129 | } |
1125 | GNUNET_SCHEDULER_add_now(&code_redirect, handle); | 1130 | GNUNET_SCHEDULER_add_now (&code_redirect, handle); |
1126 | } | 1131 | } |
1127 | 1132 | ||
1128 | 1133 | ||
1129 | static void | 1134 | static void |
1130 | lookup_redirect_uri_result(void *cls, | 1135 | lookup_redirect_uri_result (void *cls, |
1131 | uint32_t rd_count, | 1136 | uint32_t rd_count, |
1132 | const struct GNUNET_GNSRECORD_Data *rd) | 1137 | const struct GNUNET_GNSRECORD_Data *rd) |
1133 | { | 1138 | { |
1134 | struct RequestHandle *handle = cls; | 1139 | struct RequestHandle *handle = cls; |
1135 | char *tmp; | 1140 | char *tmp; |
@@ -1139,66 +1144,66 @@ lookup_redirect_uri_result(void *cls, | |||
1139 | 1144 | ||
1140 | handle->gns_op = NULL; | 1145 | handle->gns_op = NULL; |
1141 | if (0 == rd_count) | 1146 | if (0 == rd_count) |
1142 | { | 1147 | { |
1143 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 1148 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1144 | handle->edesc = | 1149 | handle->edesc = |
1145 | GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | 1150 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); |
1146 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1151 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1147 | return; | 1152 | return; |
1148 | } | 1153 | } |
1149 | for (int i = 0; i < rd_count; i++) | 1154 | for (int i = 0; i < rd_count; i++) |
1150 | { | 1155 | { |
1151 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | 1156 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) |
1157 | continue; | ||
1158 | if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) | ||
1159 | continue; | ||
1160 | tmp = GNUNET_strndup (rd[i].data, rd[i].data_size); | ||
1161 | if (NULL == strstr (tmp, handle->oidc->client_id)) | ||
1162 | { | ||
1163 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1164 | "Redirect uri %s does not contain client_id %s\n", | ||
1165 | tmp, | ||
1166 | handle->oidc->client_id); | ||
1167 | } | ||
1168 | else | ||
1169 | { | ||
1170 | pos = strrchr (tmp, (unsigned char) '.'); | ||
1171 | if (NULL == pos) | ||
1172 | { | ||
1173 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1174 | "Redirect uri %s contains client_id but is malformed\n", | ||
1175 | tmp); | ||
1176 | GNUNET_free (tmp); | ||
1152 | continue; | 1177 | continue; |
1153 | if (0 != strncmp(rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) | 1178 | } |
1179 | *pos = '\0'; | ||
1180 | handle->redirect_prefix = GNUNET_strdup (tmp); | ||
1181 | tmp_key_str = pos + 1; | ||
1182 | pos = strchr (tmp_key_str, (unsigned char) '/'); | ||
1183 | if (NULL == pos) | ||
1184 | { | ||
1185 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1186 | "Redirect uri %s contains client_id but is malformed\n", | ||
1187 | tmp); | ||
1188 | GNUNET_free (tmp); | ||
1154 | continue; | 1189 | continue; |
1155 | tmp = GNUNET_strndup(rd[i].data, rd[i].data_size); | 1190 | } |
1156 | if (NULL == strstr(tmp, handle->oidc->client_id)) | 1191 | *pos = '\0'; |
1157 | { | 1192 | handle->redirect_suffix = GNUNET_strdup (pos + 1); |
1158 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1193 | |
1159 | "Redirect uri %s does not contain client_id %s\n", | 1194 | GNUNET_STRINGS_string_to_data (tmp_key_str, |
1160 | tmp, | 1195 | strlen (tmp_key_str), |
1161 | handle->oidc->client_id); | 1196 | &redirect_zone, |
1162 | } | 1197 | sizeof(redirect_zone)); |
1163 | else | 1198 | } |
1164 | { | 1199 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); |
1165 | pos = strrchr(tmp, (unsigned char)'.'); | 1200 | GNUNET_free (tmp); |
1166 | if (NULL == pos) | 1201 | return; |
1167 | { | 1202 | } |
1168 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1203 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1169 | "Redirect uri %s contains client_id but is malformed\n", | ||
1170 | tmp); | ||
1171 | GNUNET_free(tmp); | ||
1172 | continue; | ||
1173 | } | ||
1174 | *pos = '\0'; | ||
1175 | handle->redirect_prefix = GNUNET_strdup(tmp); | ||
1176 | tmp_key_str = pos + 1; | ||
1177 | pos = strchr(tmp_key_str, (unsigned char)'/'); | ||
1178 | if (NULL == pos) | ||
1179 | { | ||
1180 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | ||
1181 | "Redirect uri %s contains client_id but is malformed\n", | ||
1182 | tmp); | ||
1183 | GNUNET_free(tmp); | ||
1184 | continue; | ||
1185 | } | ||
1186 | *pos = '\0'; | ||
1187 | handle->redirect_suffix = GNUNET_strdup(pos + 1); | ||
1188 | |||
1189 | GNUNET_STRINGS_string_to_data(tmp_key_str, | ||
1190 | strlen(tmp_key_str), | ||
1191 | &redirect_zone, | ||
1192 | sizeof(redirect_zone)); | ||
1193 | } | ||
1194 | GNUNET_SCHEDULER_add_now(&build_redirect, handle); | ||
1195 | GNUNET_free(tmp); | ||
1196 | return; | ||
1197 | } | ||
1198 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | ||
1199 | handle->edesc = | 1204 | handle->edesc = |
1200 | GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | 1205 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); |
1201 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1206 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1202 | } | 1207 | } |
1203 | 1208 | ||
1204 | 1209 | ||
@@ -1206,37 +1211,37 @@ lookup_redirect_uri_result(void *cls, | |||
1206 | * Initiate redirect back to client. | 1211 | * Initiate redirect back to client. |
1207 | */ | 1212 | */ |
1208 | static void | 1213 | static void |
1209 | client_redirect(void *cls) | 1214 | client_redirect (void *cls) |
1210 | { | 1215 | { |
1211 | struct RequestHandle *handle = cls; | 1216 | struct RequestHandle *handle = cls; |
1212 | 1217 | ||
1213 | /* Lookup client redirect uri to verify request */ | 1218 | /* Lookup client redirect uri to verify request */ |
1214 | handle->gns_op = | 1219 | handle->gns_op = |
1215 | GNUNET_GNS_lookup(handle->gns_handle, | 1220 | GNUNET_GNS_lookup (handle->gns_handle, |
1216 | GNUNET_GNS_EMPTY_LABEL_AT, | 1221 | GNUNET_GNS_EMPTY_LABEL_AT, |
1217 | &handle->oidc->client_pkey, | 1222 | &handle->oidc->client_pkey, |
1218 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, | 1223 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, |
1219 | GNUNET_GNS_LO_DEFAULT, | 1224 | GNUNET_GNS_LO_DEFAULT, |
1220 | &lookup_redirect_uri_result, | 1225 | &lookup_redirect_uri_result, |
1221 | handle); | 1226 | handle); |
1222 | } | 1227 | } |
1223 | 1228 | ||
1224 | static char * | 1229 | static char * |
1225 | get_url_parameter_copy(const struct RequestHandle *handle, const char *key) | 1230 | get_url_parameter_copy (const struct RequestHandle *handle, const char *key) |
1226 | { | 1231 | { |
1227 | struct GNUNET_HashCode hc; | 1232 | struct GNUNET_HashCode hc; |
1228 | char *value; | 1233 | char *value; |
1229 | 1234 | ||
1230 | GNUNET_CRYPTO_hash(key, strlen(key), &hc); | 1235 | GNUNET_CRYPTO_hash (key, strlen (key), &hc); |
1231 | if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1236 | if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1232 | ->url_param_map, | 1237 | ->url_param_map, |
1233 | &hc)) | 1238 | &hc)) |
1234 | return NULL; | 1239 | return NULL; |
1235 | value = | 1240 | value = |
1236 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &hc); | 1241 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, &hc); |
1237 | if (NULL == value) | 1242 | if (NULL == value) |
1238 | return NULL; | 1243 | return NULL; |
1239 | return GNUNET_strdup(value); | 1244 | return GNUNET_strdup (value); |
1240 | } | 1245 | } |
1241 | 1246 | ||
1242 | 1247 | ||
@@ -1247,7 +1252,7 @@ get_url_parameter_copy(const struct RequestHandle *handle, const char *key) | |||
1247 | * @param cls the `struct RequestHandle` | 1252 | * @param cls the `struct RequestHandle` |
1248 | */ | 1253 | */ |
1249 | static void | 1254 | static void |
1250 | build_authz_response(void *cls) | 1255 | build_authz_response (void *cls) |
1251 | { | 1256 | { |
1252 | struct RequestHandle *handle = cls; | 1257 | struct RequestHandle *handle = cls; |
1253 | struct GNUNET_HashCode cache_key; | 1258 | struct GNUNET_HashCode cache_key; |
@@ -1259,117 +1264,117 @@ build_authz_response(void *cls) | |||
1259 | 1264 | ||
1260 | // REQUIRED value: redirect_uri | 1265 | // REQUIRED value: redirect_uri |
1261 | handle->oidc->redirect_uri = | 1266 | handle->oidc->redirect_uri = |
1262 | get_url_parameter_copy(handle, OIDC_REDIRECT_URI_KEY); | 1267 | get_url_parameter_copy (handle, OIDC_REDIRECT_URI_KEY); |
1263 | if (NULL == handle->oidc->redirect_uri) | 1268 | if (NULL == handle->oidc->redirect_uri) |
1264 | { | 1269 | { |
1265 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1270 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1266 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); | 1271 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); |
1267 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1272 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1268 | return; | 1273 | return; |
1269 | } | 1274 | } |
1270 | 1275 | ||
1271 | // REQUIRED value: response_type | 1276 | // REQUIRED value: response_type |
1272 | handle->oidc->response_type = | 1277 | handle->oidc->response_type = |
1273 | get_url_parameter_copy(handle, OIDC_RESPONSE_TYPE_KEY); | 1278 | get_url_parameter_copy (handle, OIDC_RESPONSE_TYPE_KEY); |
1274 | if (NULL == handle->oidc->response_type) | 1279 | if (NULL == handle->oidc->response_type) |
1275 | { | 1280 | { |
1276 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1281 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1277 | handle->edesc = GNUNET_strdup("missing parameter response_type"); | 1282 | handle->edesc = GNUNET_strdup ("missing parameter response_type"); |
1278 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1283 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1279 | return; | 1284 | return; |
1280 | } | 1285 | } |
1281 | 1286 | ||
1282 | // REQUIRED value: scope | 1287 | // REQUIRED value: scope |
1283 | handle->oidc->scope = get_url_parameter_copy(handle, OIDC_SCOPE_KEY); | 1288 | handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY); |
1284 | if (NULL == handle->oidc->scope) | 1289 | if (NULL == handle->oidc->scope) |
1285 | { | 1290 | { |
1286 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); | 1291 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1287 | handle->edesc = GNUNET_strdup("missing parameter scope"); | 1292 | handle->edesc = GNUNET_strdup ("missing parameter scope"); |
1288 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1293 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1289 | return; | 1294 | return; |
1290 | } | 1295 | } |
1291 | 1296 | ||
1292 | // OPTIONAL value: nonce | 1297 | // OPTIONAL value: nonce |
1293 | handle->oidc->nonce = get_url_parameter_copy(handle, OIDC_NONCE_KEY); | 1298 | handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY); |
1294 | 1299 | ||
1295 | // TODO check other values if needed | 1300 | // TODO check other values if needed |
1296 | number_of_ignored_parameter = | 1301 | number_of_ignored_parameter = |
1297 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1302 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
1298 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) | 1303 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) |
1299 | { | 1304 | { |
1300 | GNUNET_CRYPTO_hash(OIDC_ignored_parameter_array[iterator], | 1305 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1301 | strlen(OIDC_ignored_parameter_array[iterator]), | 1306 | strlen (OIDC_ignored_parameter_array[iterator]), |
1302 | &cache_key); | 1307 | &cache_key); |
1303 | if (GNUNET_YES == | 1308 | if (GNUNET_YES == |
1304 | GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1309 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1305 | ->url_param_map, | 1310 | ->url_param_map, |
1306 | &cache_key)) | 1311 | &cache_key)) |
1307 | { | 1312 | { |
1308 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_ACCESS_DENIED); | 1313 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); |
1309 | GNUNET_asprintf(&handle->edesc, | 1314 | GNUNET_asprintf (&handle->edesc, |
1310 | "Server will not handle parameter: %s", | 1315 | "Server will not handle parameter: %s", |
1311 | OIDC_ignored_parameter_array[iterator]); | 1316 | OIDC_ignored_parameter_array[iterator]); |
1312 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1317 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1313 | return; | 1318 | return; |
1314 | } | ||
1315 | } | 1319 | } |
1320 | } | ||
1316 | 1321 | ||
1317 | // We only support authorization code flows. | 1322 | // We only support authorization code flows. |
1318 | if (0 != strcmp(handle->oidc->response_type, | 1323 | if (0 != strcmp (handle->oidc->response_type, |
1319 | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) | 1324 | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) |
1320 | { | 1325 | { |
1321 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); | 1326 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); |
1322 | handle->edesc = GNUNET_strdup("The authorization server does not support " | 1327 | handle->edesc = GNUNET_strdup ("The authorization server does not support " |
1323 | "obtaining this authorization code."); | 1328 | "obtaining this authorization code."); |
1324 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1329 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1325 | return; | 1330 | return; |
1326 | } | 1331 | } |
1327 | 1332 | ||
1328 | // Checks if scope contains 'openid' | 1333 | // Checks if scope contains 'openid' |
1329 | expected_scope = GNUNET_strdup(handle->oidc->scope); | 1334 | expected_scope = GNUNET_strdup (handle->oidc->scope); |
1330 | char *test; | 1335 | char *test; |
1331 | test = strtok(expected_scope, delimiter); | 1336 | test = strtok (expected_scope, delimiter); |
1332 | while (NULL != test) | 1337 | while (NULL != test) |
1333 | { | 1338 | { |
1334 | if (0 == strcmp(OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) | 1339 | if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) |
1335 | break; | 1340 | break; |
1336 | test = strtok(NULL, delimiter); | 1341 | test = strtok (NULL, delimiter); |
1337 | } | 1342 | } |
1338 | if (NULL == test) | 1343 | if (NULL == test) |
1339 | { | 1344 | { |
1340 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); | 1345 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1341 | handle->edesc = | 1346 | handle->edesc = |
1342 | GNUNET_strdup("The requested scope is invalid, unknown, or malformed."); | 1347 | GNUNET_strdup ("The requested scope is invalid, unknown, or malformed."); |
1343 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1348 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1344 | GNUNET_free(expected_scope); | 1349 | GNUNET_free (expected_scope); |
1345 | return; | 1350 | return; |
1346 | } | 1351 | } |
1347 | 1352 | ||
1348 | GNUNET_free(expected_scope); | 1353 | GNUNET_free (expected_scope); |
1349 | if ((NULL == handle->oidc->login_identity) && | 1354 | if ((NULL == handle->oidc->login_identity) && |
1350 | (GNUNET_NO == handle->oidc->user_cancelled)) | 1355 | (GNUNET_NO == handle->oidc->user_cancelled)) |
1351 | GNUNET_SCHEDULER_add_now(&login_redirect, handle); | 1356 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); |
1352 | else | 1357 | else |
1353 | GNUNET_SCHEDULER_add_now(&client_redirect, handle); | 1358 | GNUNET_SCHEDULER_add_now (&client_redirect, handle); |
1354 | } | 1359 | } |
1355 | 1360 | ||
1356 | /** | 1361 | /** |
1357 | * Iterate over tlds in config | 1362 | * Iterate over tlds in config |
1358 | */ | 1363 | */ |
1359 | static void | 1364 | static void |
1360 | tld_iter(void *cls, const char *section, const char *option, const char *value) | 1365 | tld_iter (void *cls, const char *section, const char *option, const char *value) |
1361 | { | 1366 | { |
1362 | struct RequestHandle *handle = cls; | 1367 | struct RequestHandle *handle = cls; |
1363 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 1368 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
1364 | 1369 | ||
1365 | if (GNUNET_OK != | 1370 | if (GNUNET_OK != |
1366 | GNUNET_CRYPTO_ecdsa_public_key_from_string(value, strlen(value), &pkey)) | 1371 | GNUNET_CRYPTO_ecdsa_public_key_from_string (value, strlen (value), &pkey)) |
1367 | { | 1372 | { |
1368 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); | 1373 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); |
1369 | return; | 1374 | return; |
1370 | } | 1375 | } |
1371 | if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey)) | 1376 | if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey)) |
1372 | handle->tld = GNUNET_strdup(option + 1); | 1377 | handle->tld = GNUNET_strdup (option + 1); |
1373 | } | 1378 | } |
1374 | 1379 | ||
1375 | /** | 1380 | /** |
@@ -1380,70 +1385,71 @@ tld_iter(void *cls, const char *section, const char *option, const char *value) | |||
1380 | * @param cls the RequestHandle | 1385 | * @param cls the RequestHandle |
1381 | */ | 1386 | */ |
1382 | static void | 1387 | static void |
1383 | authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | 1388 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1384 | const char *url, | 1389 | const char *url, |
1385 | void *cls) | 1390 | void *cls) |
1386 | { | 1391 | { |
1387 | struct RequestHandle *handle = cls; | 1392 | struct RequestHandle *handle = cls; |
1388 | struct EgoEntry *tmp_ego; | 1393 | struct EgoEntry *tmp_ego; |
1389 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 1394 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
1390 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 1395 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
1391 | 1396 | ||
1392 | cookie_identity_interpretation(handle); | 1397 | cookie_identity_interpretation (handle); |
1393 | 1398 | ||
1394 | // RECOMMENDED value: state - REQUIRED for answers | 1399 | // RECOMMENDED value: state - REQUIRED for answers |
1395 | handle->oidc->state = get_url_parameter_copy(handle, OIDC_STATE_KEY); | 1400 | handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY); |
1396 | 1401 | ||
1397 | // REQUIRED value: client_id | 1402 | // REQUIRED value: client_id |
1398 | handle->oidc->client_id = get_url_parameter_copy(handle, OIDC_CLIENT_ID_KEY); | 1403 | handle->oidc->client_id = get_url_parameter_copy (handle, OIDC_CLIENT_ID_KEY); |
1399 | if (NULL == handle->oidc->client_id) | 1404 | if (NULL == handle->oidc->client_id) |
1400 | { | 1405 | { |
1401 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1406 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1402 | handle->edesc = GNUNET_strdup("missing parameter client_id"); | 1407 | handle->edesc = GNUNET_strdup ("missing parameter client_id"); |
1403 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1408 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1404 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1409 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1405 | return; | 1410 | return; |
1406 | } | 1411 | } |
1407 | 1412 | ||
1408 | // OPTIONAL value: code_challenge | 1413 | // OPTIONAL value: code_challenge |
1409 | handle->oidc->code_challenge = get_url_parameter_copy(handle, OIDC_CODE_CHALLENGE_KEY); | 1414 | handle->oidc->code_challenge = get_url_parameter_copy (handle, |
1415 | OIDC_CODE_CHALLENGE_KEY); | ||
1410 | if (NULL == handle->oidc->code_challenge) | 1416 | if (NULL == handle->oidc->code_challenge) |
1411 | { | 1417 | { |
1412 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1418 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1413 | "OAuth authorization request does not contain PKCE parameters!\n"); | 1419 | "OAuth authorization request does not contain PKCE parameters!\n"); |
1414 | } | 1420 | } |
1415 | 1421 | ||
1416 | if (GNUNET_OK != | 1422 | if (GNUNET_OK != |
1417 | GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc->client_id, | 1423 | GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, |
1418 | strlen( | 1424 | strlen ( |
1419 | handle->oidc->client_id), | 1425 | handle->oidc->client_id), |
1420 | &handle->oidc->client_pkey)) | 1426 | &handle->oidc->client_pkey)) |
1421 | { | 1427 | { |
1422 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); | 1428 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); |
1423 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 1429 | handle->edesc = GNUNET_strdup ("The client is not authorized to request an " |
1424 | "authorization code using this method."); | 1430 | "authorization code using this method."); |
1425 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1431 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1426 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1432 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1427 | return; | 1433 | return; |
1428 | } | 1434 | } |
1429 | 1435 | ||
1430 | // If we know this identity, translated the corresponding TLD | 1436 | // If we know this identity, translated the corresponding TLD |
1431 | // TODO: We might want to have a reverse lookup functionality for TLDs? | 1437 | // TODO: We might want to have a reverse lookup functionality for TLDs? |
1432 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) | 1438 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) |
1439 | { | ||
1440 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); | ||
1441 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey); | ||
1442 | if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey)) | ||
1433 | { | 1443 | { |
1434 | priv_key = GNUNET_IDENTITY_ego_get_private_key(tmp_ego->ego); | 1444 | handle->tld = GNUNET_strdup (tmp_ego->identifier); |
1435 | GNUNET_CRYPTO_ecdsa_key_get_public(priv_key, &pkey); | 1445 | handle->ego_entry = handle->ego_tail; |
1436 | if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey)) | ||
1437 | { | ||
1438 | handle->tld = GNUNET_strdup(tmp_ego->identifier); | ||
1439 | handle->ego_entry = handle->ego_tail; | ||
1440 | } | ||
1441 | } | 1446 | } |
1447 | } | ||
1442 | if (NULL == handle->tld) | 1448 | if (NULL == handle->tld) |
1443 | GNUNET_CONFIGURATION_iterate_section_values(cfg, "gns", tld_iter, handle); | 1449 | GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle); |
1444 | if (NULL == handle->tld) | 1450 | if (NULL == handle->tld) |
1445 | handle->tld = GNUNET_strdup(handle->oidc->client_id); | 1451 | handle->tld = GNUNET_strdup (handle->oidc->client_id); |
1446 | GNUNET_SCHEDULER_add_now(&build_authz_response, handle); | 1452 | GNUNET_SCHEDULER_add_now (&build_authz_response, handle); |
1447 | } | 1453 | } |
1448 | 1454 | ||
1449 | /** | 1455 | /** |
@@ -1454,11 +1460,11 @@ authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1454 | * @param cls the RequestHandle | 1460 | * @param cls the RequestHandle |
1455 | */ | 1461 | */ |
1456 | static void | 1462 | static void |
1457 | login_cont(struct GNUNET_REST_RequestHandle *con_handle, | 1463 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, |
1458 | const char *url, | 1464 | const char *url, |
1459 | void *cls) | 1465 | void *cls) |
1460 | { | 1466 | { |
1461 | struct MHD_Response *resp = GNUNET_REST_create_response(""); | 1467 | struct MHD_Response *resp = GNUNET_REST_create_response (""); |
1462 | struct RequestHandle *handle = cls; | 1468 | struct RequestHandle *handle = cls; |
1463 | struct GNUNET_HashCode cache_key; | 1469 | struct GNUNET_HashCode cache_key; |
1464 | struct GNUNET_TIME_Absolute *current_time; | 1470 | struct GNUNET_TIME_Absolute *current_time; |
@@ -1471,54 +1477,54 @@ login_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
1471 | char term_data[handle->rest_handle->data_size + 1]; | 1477 | char term_data[handle->rest_handle->data_size + 1]; |
1472 | 1478 | ||
1473 | term_data[handle->rest_handle->data_size] = '\0'; | 1479 | term_data[handle->rest_handle->data_size] = '\0'; |
1474 | GNUNET_memcpy(term_data, | 1480 | GNUNET_memcpy (term_data, |
1475 | handle->rest_handle->data, | 1481 | handle->rest_handle->data, |
1476 | handle->rest_handle->data_size); | 1482 | handle->rest_handle->data_size); |
1477 | root = json_loads(term_data, JSON_DECODE_ANY, &error); | 1483 | root = json_loads (term_data, JSON_DECODE_ANY, &error); |
1478 | identity = json_object_get(root, "identity"); | 1484 | identity = json_object_get (root, "identity"); |
1479 | if (!json_is_string(identity)) | 1485 | if (! json_is_string (identity)) |
1480 | { | 1486 | { |
1481 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 1487 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1482 | "Error parsing json string from %s\n", | 1488 | "Error parsing json string from %s\n", |
1483 | term_data); | 1489 | term_data); |
1484 | handle->proc(handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 1490 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
1485 | json_decref(root); | 1491 | json_decref (root); |
1486 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1492 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1487 | return; | 1493 | return; |
1488 | } | 1494 | } |
1489 | GNUNET_asprintf(&cookie, "Identity=%s", json_string_value(identity)); | 1495 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); |
1490 | GNUNET_asprintf(&header_val, | 1496 | GNUNET_asprintf (&header_val, |
1491 | "%s;Max-Age=%d", | 1497 | "%s;Max-Age=%d", |
1492 | cookie, | 1498 | cookie, |
1493 | OIDC_COOKIE_EXPIRATION); | 1499 | OIDC_COOKIE_EXPIRATION); |
1494 | MHD_add_response_header(resp, "Set-Cookie", header_val); | 1500 | MHD_add_response_header (resp, "Set-Cookie", header_val); |
1495 | MHD_add_response_header(resp, "Access-Control-Allow-Methods", "POST"); | 1501 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); |
1496 | GNUNET_CRYPTO_hash(cookie, strlen(cookie), &cache_key); | 1502 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); |
1497 | 1503 | ||
1498 | if (0 != strcmp(json_string_value(identity), "Denied")) | 1504 | if (0 != strcmp (json_string_value (identity), "Denied")) |
1499 | { | 1505 | { |
1500 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1506 | current_time = GNUNET_new (struct GNUNET_TIME_Absolute); |
1501 | *current_time = GNUNET_TIME_relative_to_absolute( | 1507 | *current_time = GNUNET_TIME_relative_to_absolute ( |
1502 | GNUNET_TIME_relative_multiply(GNUNET_TIME_relative_get_second_(), | 1508 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
1503 | OIDC_COOKIE_EXPIRATION)); | 1509 | OIDC_COOKIE_EXPIRATION)); |
1504 | last_time = | 1510 | last_time = |
1505 | GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); | 1511 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
1506 | GNUNET_free_non_null(last_time); | 1512 | GNUNET_free_non_null (last_time); |
1507 | GNUNET_CONTAINER_multihashmap_put(OIDC_cookie_jar_map, | 1513 | GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, |
1508 | &cache_key, | 1514 | &cache_key, |
1509 | current_time, | 1515 | current_time, |
1510 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1516 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1511 | } | 1517 | } |
1512 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 1518 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1513 | GNUNET_free(cookie); | 1519 | GNUNET_free (cookie); |
1514 | GNUNET_free(header_val); | 1520 | GNUNET_free (header_val); |
1515 | json_decref(root); | 1521 | json_decref (root); |
1516 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1522 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1517 | } | 1523 | } |
1518 | 1524 | ||
1519 | static int | 1525 | static int |
1520 | check_authorization(struct RequestHandle *handle, | 1526 | check_authorization (struct RequestHandle *handle, |
1521 | struct GNUNET_CRYPTO_EcdsaPublicKey *cid) | 1527 | struct GNUNET_CRYPTO_EcdsaPublicKey *cid) |
1522 | { | 1528 | { |
1523 | struct GNUNET_HashCode cache_key; | 1529 | struct GNUNET_HashCode cache_key; |
1524 | char *authorization; | 1530 | char *authorization; |
@@ -1528,146 +1534,146 @@ check_authorization(struct RequestHandle *handle, | |||
1528 | char *pass; | 1534 | char *pass; |
1529 | char *expected_pass; | 1535 | char *expected_pass; |
1530 | 1536 | ||
1531 | GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY, | 1537 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1532 | strlen(OIDC_AUTHORIZATION_HEADER_KEY), | 1538 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
1533 | &cache_key); | 1539 | &cache_key); |
1534 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1540 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1535 | ->header_param_map, | 1541 | ->header_param_map, |
1536 | &cache_key)) | 1542 | &cache_key)) |
1537 | { | 1543 | { |
1538 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1544 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1539 | handle->edesc = GNUNET_strdup("missing authorization"); | 1545 | handle->edesc = GNUNET_strdup ("missing authorization"); |
1540 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1546 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1541 | return GNUNET_SYSERR; | 1547 | return GNUNET_SYSERR; |
1542 | } | 1548 | } |
1543 | authorization = | 1549 | authorization = |
1544 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, | 1550 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, |
1545 | &cache_key); | 1551 | &cache_key); |
1546 | 1552 | ||
1547 | // split header in "Basic" and [content] | 1553 | // split header in "Basic" and [content] |
1548 | credentials = strtok(authorization, " "); | 1554 | credentials = strtok (authorization, " "); |
1549 | if ((NULL == credentials) || (0 != strcmp("Basic", credentials))) | 1555 | if ((NULL == credentials) || (0 != strcmp ("Basic", credentials))) |
1550 | { | 1556 | { |
1551 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1557 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1552 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1558 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1553 | return GNUNET_SYSERR; | 1559 | return GNUNET_SYSERR; |
1554 | } | 1560 | } |
1555 | credentials = strtok(NULL, " "); | 1561 | credentials = strtok (NULL, " "); |
1556 | if (NULL == credentials) | 1562 | if (NULL == credentials) |
1557 | { | 1563 | { |
1558 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1564 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1559 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1565 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1560 | return GNUNET_SYSERR; | 1566 | return GNUNET_SYSERR; |
1561 | } | 1567 | } |
1562 | GNUNET_STRINGS_base64_decode(credentials, | 1568 | GNUNET_STRINGS_base64_decode (credentials, |
1563 | strlen(credentials), | 1569 | strlen (credentials), |
1564 | (void **)&basic_authorization); | 1570 | (void **) &basic_authorization); |
1565 | 1571 | ||
1566 | if (NULL == basic_authorization) | 1572 | if (NULL == basic_authorization) |
1567 | { | 1573 | { |
1568 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1574 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1569 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1575 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1570 | return GNUNET_SYSERR; | 1576 | return GNUNET_SYSERR; |
1571 | } | 1577 | } |
1572 | client_id = strtok(basic_authorization, ":"); | 1578 | client_id = strtok (basic_authorization, ":"); |
1573 | if (NULL == client_id) | 1579 | if (NULL == client_id) |
1574 | { | 1580 | { |
1575 | GNUNET_free_non_null(basic_authorization); | 1581 | GNUNET_free_non_null (basic_authorization); |
1576 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1582 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1577 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1583 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1578 | return GNUNET_SYSERR; | 1584 | return GNUNET_SYSERR; |
1579 | } | 1585 | } |
1580 | pass = strtok(NULL, ":"); | 1586 | pass = strtok (NULL, ":"); |
1581 | if (NULL == pass) | 1587 | if (NULL == pass) |
1582 | { | 1588 | { |
1583 | GNUNET_free_non_null(basic_authorization); | 1589 | GNUNET_free_non_null (basic_authorization); |
1584 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1590 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1585 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1591 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1586 | return GNUNET_SYSERR; | 1592 | return GNUNET_SYSERR; |
1587 | } | 1593 | } |
1588 | 1594 | ||
1589 | // check client password | 1595 | // check client password |
1590 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg, | 1596 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, |
1591 | "reclaim-rest-plugin", | 1597 | "reclaim-rest-plugin", |
1592 | "OIDC_CLIENT_SECRET", | 1598 | "OIDC_CLIENT_SECRET", |
1593 | &expected_pass)) | 1599 | &expected_pass)) |
1594 | { | 1600 | { |
1595 | if (0 != strcmp(expected_pass, pass)) | 1601 | if (0 != strcmp (expected_pass, pass)) |
1596 | { | 1602 | { |
1597 | GNUNET_free_non_null(basic_authorization); | 1603 | GNUNET_free_non_null (basic_authorization); |
1598 | GNUNET_free(expected_pass); | 1604 | GNUNET_free (expected_pass); |
1599 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1605 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1600 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1606 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1601 | return GNUNET_SYSERR; | ||
1602 | } | ||
1603 | GNUNET_free(expected_pass); | ||
1604 | } | ||
1605 | else | ||
1606 | { | ||
1607 | GNUNET_free_non_null(basic_authorization); | ||
1608 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | ||
1609 | handle->edesc = GNUNET_strdup("gnunet configuration failed"); | ||
1610 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1611 | return GNUNET_SYSERR; | 1607 | return GNUNET_SYSERR; |
1612 | } | 1608 | } |
1609 | GNUNET_free (expected_pass); | ||
1610 | } | ||
1611 | else | ||
1612 | { | ||
1613 | GNUNET_free_non_null (basic_authorization); | ||
1614 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1615 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
1616 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1617 | return GNUNET_SYSERR; | ||
1618 | } | ||
1613 | 1619 | ||
1614 | // check client_id | 1620 | // check client_id |
1615 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; | 1621 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; |
1616 | handle->ego_entry = handle->ego_entry->next) | 1622 | handle->ego_entry = handle->ego_entry->next) |
1617 | { | 1623 | { |
1618 | if (0 == strcmp(handle->ego_entry->keystring, client_id)) | 1624 | if (0 == strcmp (handle->ego_entry->keystring, client_id)) |
1619 | break; | 1625 | break; |
1620 | } | 1626 | } |
1621 | if (NULL == handle->ego_entry) | 1627 | if (NULL == handle->ego_entry) |
1622 | { | 1628 | { |
1623 | GNUNET_free_non_null(basic_authorization); | 1629 | GNUNET_free_non_null (basic_authorization); |
1624 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1630 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1625 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1631 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1626 | return GNUNET_SYSERR; | 1632 | return GNUNET_SYSERR; |
1627 | } | 1633 | } |
1628 | GNUNET_STRINGS_string_to_data(client_id, | 1634 | GNUNET_STRINGS_string_to_data (client_id, |
1629 | strlen(client_id), | 1635 | strlen (client_id), |
1630 | cid, | 1636 | cid, |
1631 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 1637 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); |
1632 | 1638 | ||
1633 | GNUNET_free(basic_authorization); | 1639 | GNUNET_free (basic_authorization); |
1634 | return GNUNET_OK; | 1640 | return GNUNET_OK; |
1635 | } | 1641 | } |
1636 | 1642 | ||
1637 | const struct EgoEntry * | 1643 | const struct EgoEntry * |
1638 | find_ego(struct RequestHandle *handle, | 1644 | find_ego (struct RequestHandle *handle, |
1639 | struct GNUNET_CRYPTO_EcdsaPublicKey *test_key) | 1645 | struct GNUNET_CRYPTO_EcdsaPublicKey *test_key) |
1640 | { | 1646 | { |
1641 | struct EgoEntry *ego_entry; | 1647 | struct EgoEntry *ego_entry; |
1642 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 1648 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
1643 | 1649 | ||
1644 | for (ego_entry = handle->ego_head; NULL != ego_entry; | 1650 | for (ego_entry = handle->ego_head; NULL != ego_entry; |
1645 | ego_entry = ego_entry->next) | 1651 | ego_entry = ego_entry->next) |
1646 | { | 1652 | { |
1647 | GNUNET_IDENTITY_ego_get_public_key(ego_entry->ego, &pub_key); | 1653 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); |
1648 | if (0 == GNUNET_memcmp(&pub_key, test_key)) | 1654 | if (0 == GNUNET_memcmp (&pub_key, test_key)) |
1649 | return ego_entry; | 1655 | return ego_entry; |
1650 | } | 1656 | } |
1651 | return NULL; | 1657 | return NULL; |
1652 | } | 1658 | } |
1653 | 1659 | ||
1654 | static void | 1660 | static void |
1655 | persist_access_token(const struct RequestHandle *handle, | 1661 | persist_access_token (const struct RequestHandle *handle, |
1656 | const char *access_token, | 1662 | const char *access_token, |
1657 | const struct GNUNET_RECLAIM_Ticket *ticket) | 1663 | const struct GNUNET_RECLAIM_Ticket *ticket) |
1658 | { | 1664 | { |
1659 | struct GNUNET_HashCode hc; | 1665 | struct GNUNET_HashCode hc; |
1660 | struct GNUNET_RECLAIM_Ticket *ticketbuf; | 1666 | struct GNUNET_RECLAIM_Ticket *ticketbuf; |
1661 | 1667 | ||
1662 | GNUNET_CRYPTO_hash(access_token, strlen(access_token), &hc); | 1668 | GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc); |
1663 | ticketbuf = GNUNET_new(struct GNUNET_RECLAIM_Ticket); | 1669 | ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket); |
1664 | *ticketbuf = *ticket; | 1670 | *ticketbuf = *ticket; |
1665 | GNUNET_assert(GNUNET_SYSERR != | 1671 | GNUNET_assert (GNUNET_SYSERR != |
1666 | GNUNET_CONTAINER_multihashmap_put( | 1672 | GNUNET_CONTAINER_multihashmap_put ( |
1667 | OIDC_access_token_map, | 1673 | OIDC_access_token_map, |
1668 | &hc, | 1674 | &hc, |
1669 | ticketbuf, | 1675 | ticketbuf, |
1670 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | 1676 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); |
1671 | } | 1677 | } |
1672 | 1678 | ||
1673 | /** | 1679 | /** |
@@ -1678,9 +1684,9 @@ persist_access_token(const struct RequestHandle *handle, | |||
1678 | * @param cls the RequestHandle | 1684 | * @param cls the RequestHandle |
1679 | */ | 1685 | */ |
1680 | static void | 1686 | static void |
1681 | token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | 1687 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1682 | const char *url, | 1688 | const char *url, |
1683 | void *cls) | 1689 | void *cls) |
1684 | { | 1690 | { |
1685 | struct RequestHandle *handle = cls; | 1691 | struct RequestHandle *handle = cls; |
1686 | const struct EgoEntry *ego_entry; | 1692 | const struct EgoEntry *ego_entry; |
@@ -1703,13 +1709,13 @@ token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1703 | /* | 1709 | /* |
1704 | * Check Authorization | 1710 | * Check Authorization |
1705 | */ | 1711 | */ |
1706 | if (GNUNET_SYSERR == check_authorization(handle, &cid)) | 1712 | if (GNUNET_SYSERR == check_authorization (handle, &cid)) |
1707 | { | 1713 | { |
1708 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 1714 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1709 | "OIDC authorization for token endpoint failed\n"); | 1715 | "OIDC authorization for token endpoint failed\n"); |
1710 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1716 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1711 | return; | 1717 | return; |
1712 | } | 1718 | } |
1713 | 1719 | ||
1714 | /* | 1720 | /* |
1715 | * Check parameter | 1721 | * Check parameter |
@@ -1717,148 +1723,147 @@ token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1717 | 1723 | ||
1718 | // TODO Do not allow multiple equal parameter names | 1724 | // TODO Do not allow multiple equal parameter names |
1719 | // REQUIRED grant_type | 1725 | // REQUIRED grant_type |
1720 | GNUNET_CRYPTO_hash(OIDC_GRANT_TYPE_KEY, | 1726 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, |
1721 | strlen(OIDC_GRANT_TYPE_KEY), | 1727 | strlen (OIDC_GRANT_TYPE_KEY), |
1722 | &cache_key); | 1728 | &cache_key); |
1723 | grant_type = get_url_parameter_copy(handle, OIDC_GRANT_TYPE_KEY); | 1729 | grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY); |
1724 | if (NULL == grant_type) | 1730 | if (NULL == grant_type) |
1725 | { | 1731 | { |
1726 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1732 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1727 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); | 1733 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); |
1728 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1734 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1729 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1735 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1730 | return; | 1736 | return; |
1731 | } | 1737 | } |
1732 | 1738 | ||
1733 | // Check parameter grant_type == "authorization_code" | 1739 | // Check parameter grant_type == "authorization_code" |
1734 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) | 1740 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) |
1735 | { | 1741 | { |
1736 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); | 1742 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); |
1737 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1743 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1738 | GNUNET_free(grant_type); | 1744 | GNUNET_free (grant_type); |
1739 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1745 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1740 | return; | 1746 | return; |
1741 | } | 1747 | } |
1742 | GNUNET_free(grant_type); | 1748 | GNUNET_free (grant_type); |
1743 | // REQUIRED code | 1749 | // REQUIRED code |
1744 | code = get_url_parameter_copy(handle, OIDC_CODE_KEY); | 1750 | code = get_url_parameter_copy (handle, OIDC_CODE_KEY); |
1745 | if (NULL == code) | 1751 | if (NULL == code) |
1746 | { | 1752 | { |
1747 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1753 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1748 | handle->edesc = GNUNET_strdup("missing parameter code"); | 1754 | handle->edesc = GNUNET_strdup ("missing parameter code"); |
1749 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1755 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1750 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1756 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1751 | return; | 1757 | return; |
1752 | } | 1758 | } |
1753 | ego_entry = find_ego(handle, &cid); | 1759 | ego_entry = find_ego (handle, &cid); |
1754 | if (NULL == ego_entry) | 1760 | if (NULL == ego_entry) |
1755 | { | 1761 | { |
1756 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1762 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1757 | handle->edesc = GNUNET_strdup("Unknown client"); | 1763 | handle->edesc = GNUNET_strdup ("Unknown client"); |
1758 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1764 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1759 | GNUNET_free(code); | 1765 | GNUNET_free (code); |
1760 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1766 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1761 | return; | 1767 | return; |
1762 | } | 1768 | } |
1763 | privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego); | 1769 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
1764 | 1770 | ||
1765 | // REQUIRED code verifier | 1771 | // REQUIRED code verifier |
1766 | code_verifier = get_url_parameter_copy(handle, OIDC_CODE_VERIFIER_KEY); | 1772 | code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); |
1767 | if (NULL == code_verifier) | 1773 | if (NULL == code_verifier) |
1768 | { | 1774 | { |
1769 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1775 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1770 | handle->edesc = GNUNET_strdup("missing parameter code_verifier"); | 1776 | "OAuth authorization request does not contain PKCE parameters!\n"); |
1771 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1777 | |
1772 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1778 | } |
1773 | return; | ||
1774 | } | ||
1775 | 1779 | ||
1776 | // decode code | 1780 | // decode code |
1777 | if (GNUNET_OK != OIDC_parse_authz_code(privkey, code, code_verifier, &ticket, &cl, &nonce)) | 1781 | if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket, |
1778 | { | 1782 | &cl, &nonce)) |
1779 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1783 | { |
1780 | handle->edesc = GNUNET_strdup("invalid code"); | 1784 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1781 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1785 | handle->edesc = GNUNET_strdup ("invalid code"); |
1782 | GNUNET_free(code); | 1786 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1783 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1787 | GNUNET_free (code); |
1784 | return; | 1788 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1785 | } | 1789 | return; |
1786 | GNUNET_free(code); | 1790 | } |
1791 | GNUNET_free (code); | ||
1787 | 1792 | ||
1788 | // create jwt | 1793 | // create jwt |
1789 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time(cfg, | 1794 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, |
1790 | "reclaim-rest-plugin", | 1795 | "reclaim-rest-plugin", |
1791 | "expiration_time", | 1796 | "expiration_time", |
1792 | &expiration_time)) | 1797 | &expiration_time)) |
1793 | { | 1798 | { |
1794 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 1799 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1795 | handle->edesc = GNUNET_strdup("gnunet configuration failed"); | 1800 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
1796 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1801 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1797 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1802 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1798 | return; | 1803 | return; |
1799 | } | 1804 | } |
1800 | 1805 | ||
1801 | 1806 | ||
1802 | // TODO OPTIONAL acr,amr,azp | 1807 | // TODO OPTIONAL acr,amr,azp |
1803 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string(cfg, | 1808 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, |
1804 | "reclaim-rest-plugin", | 1809 | "reclaim-rest-plugin", |
1805 | "jwt_secret", | 1810 | "jwt_secret", |
1806 | &jwt_secret)) | 1811 | &jwt_secret)) |
1807 | { | 1812 | { |
1808 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1813 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1809 | handle->edesc = GNUNET_strdup("No signing secret configured!"); | 1814 | handle->edesc = GNUNET_strdup ("No signing secret configured!"); |
1810 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1815 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1811 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1816 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1812 | return; | 1817 | return; |
1813 | } | 1818 | } |
1814 | id_token = OIDC_id_token_new(&ticket.audience, | 1819 | id_token = OIDC_id_token_new (&ticket.audience, |
1815 | &ticket.identity, | 1820 | &ticket.identity, |
1816 | cl, | 1821 | cl, |
1817 | &expiration_time, | 1822 | &expiration_time, |
1818 | (NULL != nonce) ? nonce : NULL, | 1823 | (NULL != nonce) ? nonce : NULL, |
1819 | jwt_secret); | 1824 | jwt_secret); |
1820 | access_token = OIDC_access_token_new(); | 1825 | access_token = OIDC_access_token_new (); |
1821 | OIDC_build_token_response(access_token, | 1826 | OIDC_build_token_response (access_token, |
1822 | id_token, | 1827 | id_token, |
1823 | &expiration_time, | 1828 | &expiration_time, |
1824 | &json_response); | 1829 | &json_response); |
1825 | 1830 | ||
1826 | persist_access_token(handle, access_token, &ticket); | 1831 | persist_access_token (handle, access_token, &ticket); |
1827 | resp = GNUNET_REST_create_response(json_response); | 1832 | resp = GNUNET_REST_create_response (json_response); |
1828 | MHD_add_response_header(resp, "Cache-Control", "no-store"); | 1833 | MHD_add_response_header (resp, "Cache-Control", "no-store"); |
1829 | MHD_add_response_header(resp, "Pragma", "no-cache"); | 1834 | MHD_add_response_header (resp, "Pragma", "no-cache"); |
1830 | MHD_add_response_header(resp, "Content-Type", "application/json"); | 1835 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
1831 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 1836 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1832 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); | 1837 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl); |
1833 | GNUNET_free(access_token); | 1838 | GNUNET_free (access_token); |
1834 | GNUNET_free(json_response); | 1839 | GNUNET_free (json_response); |
1835 | GNUNET_free(id_token); | 1840 | GNUNET_free (id_token); |
1836 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1841 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1837 | } | 1842 | } |
1838 | 1843 | ||
1839 | /** | 1844 | /** |
1840 | * Collects claims and stores them in handle | 1845 | * Collects claims and stores them in handle |
1841 | */ | 1846 | */ |
1842 | static void | 1847 | static void |
1843 | consume_ticket(void *cls, | 1848 | consume_ticket (void *cls, |
1844 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 1849 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
1845 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) | 1850 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) |
1846 | { | 1851 | { |
1847 | struct RequestHandle *handle = cls; | 1852 | struct RequestHandle *handle = cls; |
1848 | char *tmp_value; | 1853 | char *tmp_value; |
1849 | json_t *value; | 1854 | json_t *value; |
1850 | 1855 | ||
1851 | if (NULL == identity) | 1856 | if (NULL == identity) |
1852 | { | 1857 | { |
1853 | GNUNET_SCHEDULER_add_now(&return_userinfo_response, handle); | 1858 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); |
1854 | return; | 1859 | return; |
1855 | } | 1860 | } |
1856 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string(attr->type, | 1861 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, |
1857 | attr->data, | 1862 | attr->data, |
1858 | attr->data_size); | 1863 | attr->data_size); |
1859 | value = json_string(tmp_value); | 1864 | value = json_string (tmp_value); |
1860 | json_object_set_new(handle->oidc->response, attr->name, value); | 1865 | json_object_set_new (handle->oidc->response, attr->name, value); |
1861 | GNUNET_free(tmp_value); | 1866 | GNUNET_free (tmp_value); |
1862 | } | 1867 | } |
1863 | 1868 | ||
1864 | /** | 1869 | /** |
@@ -1869,9 +1874,9 @@ consume_ticket(void *cls, | |||
1869 | * @param cls the RequestHandle | 1874 | * @param cls the RequestHandle |
1870 | */ | 1875 | */ |
1871 | static void | 1876 | static void |
1872 | userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | 1877 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1873 | const char *url, | 1878 | const char *url, |
1874 | void *cls) | 1879 | void *cls) |
1875 | { | 1880 | { |
1876 | // TODO expiration time | 1881 | // TODO expiration time |
1877 | struct RequestHandle *handle = cls; | 1882 | struct RequestHandle *handle = cls; |
@@ -1884,87 +1889,87 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1884 | const struct EgoEntry *ego_entry; | 1889 | const struct EgoEntry *ego_entry; |
1885 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 1890 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
1886 | 1891 | ||
1887 | GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY, | 1892 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1888 | strlen(OIDC_AUTHORIZATION_HEADER_KEY), | 1893 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
1889 | &cache_key); | 1894 | &cache_key); |
1890 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1895 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1891 | ->header_param_map, | 1896 | ->header_param_map, |
1892 | &cache_key)) | 1897 | &cache_key)) |
1893 | { | 1898 | { |
1894 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1899 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1895 | handle->edesc = GNUNET_strdup("No Access Token"); | 1900 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1896 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1901 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1897 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1902 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1898 | return; | 1903 | return; |
1899 | } | 1904 | } |
1900 | authorization = | 1905 | authorization = |
1901 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, | 1906 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, |
1902 | &cache_key); | 1907 | &cache_key); |
1903 | 1908 | ||
1904 | // split header in "Bearer" and access_token | 1909 | // split header in "Bearer" and access_token |
1905 | authorization = GNUNET_strdup(authorization); | 1910 | authorization = GNUNET_strdup (authorization); |
1906 | authorization_type = strtok(authorization, delimiter); | 1911 | authorization_type = strtok (authorization, delimiter); |
1907 | if ((NULL == authorization_type) || | 1912 | if ((NULL == authorization_type) || |
1908 | (0 != strcmp("Bearer", authorization_type))) | 1913 | (0 != strcmp ("Bearer", authorization_type))) |
1909 | { | 1914 | { |
1910 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1915 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1911 | handle->edesc = GNUNET_strdup("No Access Token"); | 1916 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1912 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1917 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1913 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1918 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1914 | GNUNET_free(authorization); | 1919 | GNUNET_free (authorization); |
1915 | return; | 1920 | return; |
1916 | } | 1921 | } |
1917 | authorization_access_token = strtok(NULL, delimiter); | 1922 | authorization_access_token = strtok (NULL, delimiter); |
1918 | if (NULL == authorization_access_token) | 1923 | if (NULL == authorization_access_token) |
1919 | { | 1924 | { |
1920 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1925 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1921 | handle->edesc = GNUNET_strdup("Access token missing"); | 1926 | handle->edesc = GNUNET_strdup ("Access token missing"); |
1922 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1927 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1923 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1928 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1924 | GNUNET_free(authorization); | 1929 | GNUNET_free (authorization); |
1925 | return; | 1930 | return; |
1926 | } | 1931 | } |
1927 | 1932 | ||
1928 | GNUNET_CRYPTO_hash(authorization_access_token, | 1933 | GNUNET_CRYPTO_hash (authorization_access_token, |
1929 | strlen(authorization_access_token), | 1934 | strlen (authorization_access_token), |
1930 | &cache_key); | 1935 | &cache_key); |
1931 | if (GNUNET_NO == | 1936 | if (GNUNET_NO == |
1932 | GNUNET_CONTAINER_multihashmap_contains(OIDC_access_token_map, | 1937 | GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map, |
1933 | &cache_key)) | 1938 | &cache_key)) |
1934 | { | 1939 | { |
1935 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1940 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1936 | handle->edesc = GNUNET_strdup("The access token expired"); | 1941 | handle->edesc = GNUNET_strdup ("The access token expired"); |
1937 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1942 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1938 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1943 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1939 | GNUNET_free(authorization); | 1944 | GNUNET_free (authorization); |
1940 | return; | 1945 | return; |
1941 | } | 1946 | } |
1942 | ticket = | 1947 | ticket = |
1943 | GNUNET_CONTAINER_multihashmap_get(OIDC_access_token_map, &cache_key); | 1948 | GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key); |
1944 | GNUNET_assert(NULL != ticket); | 1949 | GNUNET_assert (NULL != ticket); |
1945 | ego_entry = find_ego(handle, &ticket->audience); | 1950 | ego_entry = find_ego (handle, &ticket->audience); |
1946 | if (NULL == ego_entry) | 1951 | if (NULL == ego_entry) |
1947 | { | 1952 | { |
1948 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1953 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1949 | handle->edesc = GNUNET_strdup("The access token expired"); | 1954 | handle->edesc = GNUNET_strdup ("The access token expired"); |
1950 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1955 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1951 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1956 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1952 | GNUNET_free(authorization); | 1957 | GNUNET_free (authorization); |
1953 | return; | 1958 | return; |
1954 | } | 1959 | } |
1955 | 1960 | ||
1956 | handle->idp = GNUNET_RECLAIM_connect(cfg); | 1961 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1957 | handle->oidc->response = json_object(); | 1962 | handle->oidc->response = json_object (); |
1958 | json_object_set_new(handle->oidc->response, | 1963 | json_object_set_new (handle->oidc->response, |
1959 | "sub", | 1964 | "sub", |
1960 | json_string(ego_entry->keystring)); | 1965 | json_string (ego_entry->keystring)); |
1961 | privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego); | 1966 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
1962 | handle->idp_op = GNUNET_RECLAIM_ticket_consume(handle->idp, | 1967 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, |
1963 | privkey, | 1968 | privkey, |
1964 | ticket, | 1969 | ticket, |
1965 | consume_ticket, | 1970 | consume_ticket, |
1966 | handle); | 1971 | handle); |
1967 | GNUNET_free(authorization); | 1972 | GNUNET_free (authorization); |
1968 | } | 1973 | } |
1969 | 1974 | ||
1970 | 1975 | ||
@@ -1974,14 +1979,14 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1974 | * @param handle the request handle | 1979 | * @param handle the request handle |
1975 | */ | 1980 | */ |
1976 | static void | 1981 | static void |
1977 | init_cont(struct RequestHandle *handle) | 1982 | init_cont (struct RequestHandle *handle) |
1978 | { | 1983 | { |
1979 | struct GNUNET_REST_RequestHandlerError err; | 1984 | struct GNUNET_REST_RequestHandlerError err; |
1980 | static const struct GNUNET_REST_RequestHandler handlers[] = | 1985 | static const struct GNUNET_REST_RequestHandler handlers[] = |
1981 | { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, | 1986 | { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, |
1982 | { MHD_HTTP_METHOD_POST, | 1987 | { MHD_HTTP_METHOD_POST, |
1983 | GNUNET_REST_API_NS_AUTHORIZE, | 1988 | GNUNET_REST_API_NS_AUTHORIZE, |
1984 | &authorize_endpoint }, // url-encoded | 1989 | &authorize_endpoint }, // url-encoded |
1985 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont }, | 1990 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont }, |
1986 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, | 1991 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, |
1987 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | 1992 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, |
@@ -1990,11 +1995,11 @@ init_cont(struct RequestHandle *handle) | |||
1990 | GNUNET_REST_HANDLER_END }; | 1995 | GNUNET_REST_HANDLER_END }; |
1991 | 1996 | ||
1992 | if (GNUNET_NO == | 1997 | if (GNUNET_NO == |
1993 | GNUNET_REST_handle_request(handle->rest_handle, handlers, &err, handle)) | 1998 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) |
1994 | { | 1999 | { |
1995 | handle->response_code = err.error_code; | 2000 | handle->response_code = err.error_code; |
1996 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 2001 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1997 | } | 2002 | } |
1998 | } | 2003 | } |
1999 | 2004 | ||
2000 | /** | 2005 | /** |
@@ -2031,91 +2036,91 @@ init_cont(struct RequestHandle *handle) | |||
2031 | * must thus no longer be used | 2036 | * must thus no longer be used |
2032 | */ | 2037 | */ |
2033 | static void | 2038 | static void |
2034 | list_ego(void *cls, | 2039 | list_ego (void *cls, |
2035 | struct GNUNET_IDENTITY_Ego *ego, | 2040 | struct GNUNET_IDENTITY_Ego *ego, |
2036 | void **ctx, | 2041 | void **ctx, |
2037 | const char *identifier) | 2042 | const char *identifier) |
2038 | { | 2043 | { |
2039 | struct RequestHandle *handle = cls; | 2044 | struct RequestHandle *handle = cls; |
2040 | struct EgoEntry *ego_entry; | 2045 | struct EgoEntry *ego_entry; |
2041 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | 2046 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; |
2042 | 2047 | ||
2043 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) | 2048 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) |
2044 | { | 2049 | { |
2045 | handle->state = ID_REST_STATE_POST_INIT; | 2050 | handle->state = ID_REST_STATE_POST_INIT; |
2046 | init_cont(handle); | 2051 | init_cont (handle); |
2047 | return; | 2052 | return; |
2048 | } | 2053 | } |
2049 | GNUNET_assert(NULL != ego); | 2054 | GNUNET_assert (NULL != ego); |
2050 | if (ID_REST_STATE_INIT == handle->state) | 2055 | if (ID_REST_STATE_INIT == handle->state) |
2051 | 2056 | ||
2052 | { | 2057 | { |
2053 | ego_entry = GNUNET_new(struct EgoEntry); | 2058 | ego_entry = GNUNET_new (struct EgoEntry); |
2054 | GNUNET_IDENTITY_ego_get_public_key(ego, &pk); | 2059 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); |
2055 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk); | 2060 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2056 | ego_entry->ego = ego; | 2061 | ego_entry->ego = ego; |
2057 | ego_entry->identifier = GNUNET_strdup(identifier); | 2062 | ego_entry->identifier = GNUNET_strdup (identifier); |
2058 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head, | 2063 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, |
2059 | handle->ego_tail, | 2064 | handle->ego_tail, |
2060 | ego_entry); | 2065 | ego_entry); |
2061 | return; | 2066 | return; |
2062 | } | 2067 | } |
2063 | /* Ego renamed or added */ | 2068 | /* Ego renamed or added */ |
2064 | if (identifier != NULL) | 2069 | if (identifier != NULL) |
2070 | { | ||
2071 | for (ego_entry = handle->ego_head; NULL != ego_entry; | ||
2072 | ego_entry = ego_entry->next) | ||
2073 | { | ||
2074 | if (ego_entry->ego == ego) | ||
2075 | { | ||
2076 | /* Rename */ | ||
2077 | GNUNET_free (ego_entry->identifier); | ||
2078 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
2079 | break; | ||
2080 | } | ||
2081 | } | ||
2082 | if (NULL == ego_entry) | ||
2065 | { | 2083 | { |
2066 | for (ego_entry = handle->ego_head; NULL != ego_entry; | 2084 | /* Add */ |
2067 | ego_entry = ego_entry->next) | 2085 | ego_entry = GNUNET_new (struct EgoEntry); |
2068 | { | 2086 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); |
2069 | if (ego_entry->ego == ego) | 2087 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2070 | { | 2088 | ego_entry->ego = ego; |
2071 | /* Rename */ | 2089 | ego_entry->identifier = GNUNET_strdup (identifier); |
2072 | GNUNET_free(ego_entry->identifier); | 2090 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, |
2073 | ego_entry->identifier = GNUNET_strdup(identifier); | 2091 | handle->ego_tail, |
2074 | break; | 2092 | ego_entry); |
2075 | } | ||
2076 | } | ||
2077 | if (NULL == ego_entry) | ||
2078 | { | ||
2079 | /* Add */ | ||
2080 | ego_entry = GNUNET_new(struct EgoEntry); | ||
2081 | GNUNET_IDENTITY_ego_get_public_key(ego, &pk); | ||
2082 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk); | ||
2083 | ego_entry->ego = ego; | ||
2084 | ego_entry->identifier = GNUNET_strdup(identifier); | ||
2085 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head, | ||
2086 | handle->ego_tail, | ||
2087 | ego_entry); | ||
2088 | } | ||
2089 | } | 2093 | } |
2094 | } | ||
2090 | else | 2095 | else |
2096 | { | ||
2097 | /* Delete */ | ||
2098 | for (ego_entry = handle->ego_head; NULL != ego_entry; | ||
2099 | ego_entry = ego_entry->next) | ||
2091 | { | 2100 | { |
2092 | /* Delete */ | 2101 | if (ego_entry->ego == ego) |
2093 | for (ego_entry = handle->ego_head; NULL != ego_entry; | 2102 | break; |
2094 | ego_entry = ego_entry->next) | ||
2095 | { | ||
2096 | if (ego_entry->ego == ego) | ||
2097 | break; | ||
2098 | } | ||
2099 | if (NULL != ego_entry) | ||
2100 | GNUNET_CONTAINER_DLL_remove(handle->ego_head, | ||
2101 | handle->ego_tail, | ||
2102 | ego_entry); | ||
2103 | } | 2103 | } |
2104 | if (NULL != ego_entry) | ||
2105 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, | ||
2106 | handle->ego_tail, | ||
2107 | ego_entry); | ||
2108 | } | ||
2104 | } | 2109 | } |
2105 | 2110 | ||
2106 | static void | 2111 | static void |
2107 | rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | 2112 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, |
2108 | GNUNET_REST_ResultProcessor proc, | 2113 | GNUNET_REST_ResultProcessor proc, |
2109 | void *proc_cls) | 2114 | void *proc_cls) |
2110 | { | 2115 | { |
2111 | struct RequestHandle *handle = GNUNET_new(struct RequestHandle); | 2116 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
2112 | 2117 | ||
2113 | handle->oidc = GNUNET_new(struct OIDC_Variables); | 2118 | handle->oidc = GNUNET_new (struct OIDC_Variables); |
2114 | if (NULL == OIDC_cookie_jar_map) | 2119 | if (NULL == OIDC_cookie_jar_map) |
2115 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO); | 2120 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2116 | if (NULL == OIDC_access_token_map) | 2121 | if (NULL == OIDC_access_token_map) |
2117 | OIDC_access_token_map = | 2122 | OIDC_access_token_map = |
2118 | GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO); | 2123 | GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2119 | handle->response_code = 0; | 2124 | handle->response_code = 0; |
2120 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 2125 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
2121 | handle->proc_cls = proc_cls; | 2126 | handle->proc_cls = proc_cls; |
@@ -2123,16 +2128,16 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | |||
2123 | handle->state = ID_REST_STATE_INIT; | 2128 | handle->state = ID_REST_STATE_INIT; |
2124 | handle->rest_handle = rest_handle; | 2129 | handle->rest_handle = rest_handle; |
2125 | 2130 | ||
2126 | handle->url = GNUNET_strdup(rest_handle->url); | 2131 | handle->url = GNUNET_strdup (rest_handle->url); |
2127 | if (handle->url[strlen(handle->url) - 1] == '/') | 2132 | if (handle->url[strlen (handle->url) - 1] == '/') |
2128 | handle->url[strlen(handle->url) - 1] = '\0'; | 2133 | handle->url[strlen (handle->url) - 1] = '\0'; |
2129 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); | 2134 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); |
2130 | handle->identity_handle = GNUNET_IDENTITY_connect(cfg, &list_ego, handle); | 2135 | handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle); |
2131 | handle->gns_handle = GNUNET_GNS_connect(cfg); | 2136 | handle->gns_handle = GNUNET_GNS_connect (cfg); |
2132 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 2137 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); |
2133 | handle->timeout_task = | 2138 | handle->timeout_task = |
2134 | GNUNET_SCHEDULER_add_delayed(handle->timeout, &do_timeout, handle); | 2139 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); |
2135 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); | 2140 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); |
2136 | } | 2141 | } |
2137 | 2142 | ||
2138 | /** | 2143 | /** |
@@ -2142,7 +2147,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | |||
2142 | * @return NULL on error, otherwise the plugin context | 2147 | * @return NULL on error, otherwise the plugin context |
2143 | */ | 2148 | */ |
2144 | void * | 2149 | void * |
2145 | libgnunet_plugin_rest_openid_connect_init(void *cls) | 2150 | libgnunet_plugin_rest_openid_connect_init (void *cls) |
2146 | { | 2151 | { |
2147 | static struct Plugin plugin; | 2152 | static struct Plugin plugin; |
2148 | struct GNUNET_REST_Plugin *api; | 2153 | struct GNUNET_REST_Plugin *api; |
@@ -2150,22 +2155,22 @@ libgnunet_plugin_rest_openid_connect_init(void *cls) | |||
2150 | cfg = cls; | 2155 | cfg = cls; |
2151 | if (NULL != plugin.cfg) | 2156 | if (NULL != plugin.cfg) |
2152 | return NULL; /* can only initialize once! */ | 2157 | return NULL; /* can only initialize once! */ |
2153 | memset(&plugin, 0, sizeof(struct Plugin)); | 2158 | memset (&plugin, 0, sizeof(struct Plugin)); |
2154 | plugin.cfg = cfg; | 2159 | plugin.cfg = cfg; |
2155 | api = GNUNET_new(struct GNUNET_REST_Plugin); | 2160 | api = GNUNET_new (struct GNUNET_REST_Plugin); |
2156 | api->cls = &plugin; | 2161 | api->cls = &plugin; |
2157 | api->name = GNUNET_REST_API_NS_OIDC; | 2162 | api->name = GNUNET_REST_API_NS_OIDC; |
2158 | api->process_request = &rest_identity_process_request; | 2163 | api->process_request = &rest_identity_process_request; |
2159 | GNUNET_asprintf(&allow_methods, | 2164 | GNUNET_asprintf (&allow_methods, |
2160 | "%s, %s, %s, %s, %s", | 2165 | "%s, %s, %s, %s, %s", |
2161 | MHD_HTTP_METHOD_GET, | 2166 | MHD_HTTP_METHOD_GET, |
2162 | MHD_HTTP_METHOD_POST, | 2167 | MHD_HTTP_METHOD_POST, |
2163 | MHD_HTTP_METHOD_PUT, | 2168 | MHD_HTTP_METHOD_PUT, |
2164 | MHD_HTTP_METHOD_DELETE, | 2169 | MHD_HTTP_METHOD_DELETE, |
2165 | MHD_HTTP_METHOD_OPTIONS); | 2170 | MHD_HTTP_METHOD_OPTIONS); |
2166 | 2171 | ||
2167 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2168 | _("OpenID Connect REST API initialized\n")); | 2173 | _ ("OpenID Connect REST API initialized\n")); |
2169 | return api; | 2174 | return api; |
2170 | } | 2175 | } |
2171 | 2176 | ||
@@ -2177,7 +2182,7 @@ libgnunet_plugin_rest_openid_connect_init(void *cls) | |||
2177 | * @return always NULL | 2182 | * @return always NULL |
2178 | */ | 2183 | */ |
2179 | void * | 2184 | void * |
2180 | libgnunet_plugin_rest_openid_connect_done(void *cls) | 2185 | libgnunet_plugin_rest_openid_connect_done (void *cls) |
2181 | { | 2186 | { |
2182 | struct GNUNET_REST_Plugin *api = cls; | 2187 | struct GNUNET_REST_Plugin *api = cls; |
2183 | struct Plugin *plugin = api->cls; | 2188 | struct Plugin *plugin = api->cls; |
@@ -2187,24 +2192,24 @@ libgnunet_plugin_rest_openid_connect_done(void *cls) | |||
2187 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | 2192 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; |
2188 | void *value = NULL; | 2193 | void *value = NULL; |
2189 | hashmap_it = | 2194 | hashmap_it = |
2190 | GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_cookie_jar_map); | 2195 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); |
2191 | while (GNUNET_YES == | 2196 | while (GNUNET_YES == |
2192 | GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value)) | 2197 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2193 | GNUNET_free_non_null(value); | 2198 | GNUNET_free_non_null (value); |
2194 | GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); | 2199 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); |
2195 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_cookie_jar_map); | 2200 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); |
2196 | 2201 | ||
2197 | hashmap_it = | 2202 | hashmap_it = |
2198 | GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_access_token_map); | 2203 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); |
2199 | while (GNUNET_YES == | 2204 | while (GNUNET_YES == |
2200 | GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value)) | 2205 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2201 | GNUNET_free_non_null(value); | 2206 | GNUNET_free_non_null (value); |
2202 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_access_token_map); | 2207 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map); |
2203 | GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); | 2208 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); |
2204 | GNUNET_free_non_null(allow_methods); | 2209 | GNUNET_free_non_null (allow_methods); |
2205 | GNUNET_free(api); | 2210 | GNUNET_free (api); |
2206 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2211 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2207 | "OpenID Connect REST plugin is finished\n"); | 2212 | "OpenID Connect REST plugin is finished\n"); |
2208 | return NULL; | 2213 | return NULL; |
2209 | } | 2214 | } |
2210 | 2215 | ||