1 files changed, 180 insertions, 0 deletions
diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c
new file mode 100644
index 000000000..2f1e3240b
--- /dev/null
+++ b/src/identity-provider/jwt.c
@@ -0,0 +1,180 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+      GNUnet is free software; you can redistribute it and/or modify
+      it under the terms of the GNU General Public License as published
+      by the Free Software Foundation; either version 3, or (at your
+      option) any later version.
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      General Public License for more details.
+      You should have received a copy of the GNU General Public License
+      along with GNUnet; see the file COPYING.  If not, write to the
+      Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+      Boston, MA 02110-1301, USA.
+ */
+/**
+ * @file identity-provider/jwt.c
+ * @brief helper library for JSON-Web-Tokens
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
+#include "gnunet_identity_attribute_lib.h"
+#include <jansson.h>
+#define JWT_ALG "alg"
+/*TODO is this the correct way to define new algs? */
+#define JWT_ALG_VALUE "ED512"
+#define JWT_TYP "typ"
+#define JWT_TYP_VALUE "jwt"
+static char*
+create_jwt_header(void)
+{
+  json_t *root;
+  char *json_str;
+  root = json_object ();
+  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
+  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
+  json_str = json_dumps (root, JSON_INDENT(1));
+  json_decref (root);
+  return json_str;
+}
+/**
+ * Create a JWT from attributes
+ *
+ * @param sub_key the public of the subject
+ * @param attrs the attribute list
+ * @param priv_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key)
+{
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_CRYPTO_EcdsaPublicKey iss_key;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+  char* audience;
+  char* issuer;
+  char* header;
+  char* padding;
+  char* body_str;
+  char* result;
+  char* header_base64;
+  char* body_base64;
+  char* signature_target;
+  char* signature_base64;
+  char* attr_val_str;
+  json_t* body;
+  GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &iss_key);
+  /* TODO maybe we should use a local identity here */
+  issuer = GNUNET_STRINGS_data_to_string_alloc (&iss_key,
+                                                sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  audience = GNUNET_STRINGS_data_to_string_alloc (sub_key,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  header = create_jwt_header ();
+  body = json_object ();
+  /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
+  json_object_set_new (body,
+                       "iss", json_string (issuer));
+  json_object_set_new (body,
+                       "sub", json_string (issuer));
+  /* TODO what should be in here exactly? */
+  json_object_set_new (body,
+                       "aud", json_string (audience));
+  for (le = attrs->list_head; NULL != le; le = le->next)
+  {
+    /**
+     * TODO here we should have a function that
+     * calls the Attribute plugins to create a
+     * json representation for its value
+     */
+    attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type,
+                                                              le->claim->data,
+                                                              le->claim->data_size);
+    json_object_set_new (body,
+                         le->claim->name,
+                         json_string (attr_val_str));
+    GNUNET_free (attr_val_str);
+  }
+  body_str = json_dumps (body, JSON_INDENT(0));
+  json_decref (body);
+  GNUNET_STRINGS_base64_encode (header,
+                                strlen (header),
+                                &header_base64);
+  //Remove GNUNET padding of base64
+  padding = strtok(header_base64, "=");
+  while (NULL != padding)
+    padding = strtok(NULL, "=");
+  GNUNET_STRINGS_base64_encode (body_str,
+                                strlen (body_str),
+                                &body_base64);
+  //Remove GNUNET padding of base64
+  padding = strtok(body_base64, "=");
+  while (NULL != padding)
+    padding = strtok(NULL, "=");
+  GNUNET_free (issuer);
+  GNUNET_free (audience);
+  /**
+   * TODO
+   * Creating the JWT signature. This might not be
+   * standards compliant, check.
+   */
+  GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
+  purpose =
+    GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                   strlen (signature_target));
+  purpose->size =
+    htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
+  purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
+  GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
+  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
+                                             purpose,
+                                             (struct GNUNET_CRYPTO_EcdsaSignature *)&signature))
+  {
+    GNUNET_free (signature_target);
+    GNUNET_free (body_str);
+    GNUNET_free (body_base64);
+    GNUNET_free (header_base64);
+    GNUNET_free (purpose);
+    return NULL;
+  }
+  GNUNET_STRINGS_base64_encode ((const char*)&signature,
+                                sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
+                                &signature_base64);
+  GNUNET_asprintf (&result, "%s.%s.%s",
+                   header_base64, body_base64, signature_base64);
+  GNUNET_free (signature_target);
+  GNUNET_free (header);
+  GNUNET_free (body_str);
+  GNUNET_free (signature_base64);
+  GNUNET_free (body_base64);
+  GNUNET_free (header_base64);
+  GNUNET_free (purpose);
+  return result;
+}

diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c new file mode 100644 index 000000000..2f1e3240b --- /dev/null +++ b/src/identity-provider/jwt.c
@@ -0,0 +1,180 @@
	1	/*
	2	This file is part of GNUnet
	3	Copyright (C) 2010-2015 GNUnet e.V.
	4
	5	GNUnet is free software; you can redistribute it and/or modify
	6	it under the terms of the GNU General Public License as published
	7	by the Free Software Foundation; either version 3, or (at your
	8	option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	General Public License for more details.
	14
	15	You should have received a copy of the GNU General Public License
	16	along with GNUnet; see the file COPYING. If not, write to the
	17	Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
	18	Boston, MA 02110-1301, USA.
	19	*/
	20
	21	/**
	22	* @file identity-provider/jwt.c
	23	* @brief helper library for JSON-Web-Tokens
	24	* @author Martin Schanzenbach
	25	*/
	26	#include "platform.h"
	27	#include "gnunet_util_lib.h"
	28	#include "gnunet_signatures.h"
	29	#include "gnunet_identity_attribute_lib.h"
	30	#include <jansson.h>
	31
	32
	33	#define JWT_ALG "alg"
	34
	35	/TODO is this the correct way to define new algs? /
	36	#define JWT_ALG_VALUE "ED512"
	37
	38	#define JWT_TYP "typ"
	39
	40	#define JWT_TYP_VALUE "jwt"
	41
	42	static char*
	43	create_jwt_header(void)
	44	{
	45	json_t *root;
	46	char *json_str;
	47
	48	root = json_object ();
	49	json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
	50	json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
	51
	52	json_str = json_dumps (root, JSON_INDENT(1));
	53	json_decref (root);
	54	return json_str;
	55	}
	56
	57	/**
	58	* Create a JWT from attributes
	59	*
	60	* @param sub_key the public of the subject
	61	* @param attrs the attribute list
	62	* @param priv_key the key used to sign the JWT
	63	* @return a new base64-encoded JWT string.
	64	*/
	65	char*
	66	jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
	67	const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
	68	const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key)
	69	{
	70	struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
	71	struct GNUNET_CRYPTO_EcdsaPublicKey iss_key;
	72	struct GNUNET_CRYPTO_EcdsaSignature signature;
	73	struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
	74	char* audience;
	75	char* issuer;
	76	char* header;
	77	char* padding;
	78	char* body_str;
	79	char* result;
	80	char* header_base64;
	81	char* body_base64;
	82	char* signature_target;
	83	char* signature_base64;
	84	char* attr_val_str;
	85	json_t* body;
	86
	87	GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &iss_key);
	88	/* TODO maybe we should use a local identity here */
	89	issuer = GNUNET_STRINGS_data_to_string_alloc (&iss_key,
	90	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
	91	audience = GNUNET_STRINGS_data_to_string_alloc (sub_key,
	92	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
	93	header = create_jwt_header ();
	94	body = json_object ();
	95	/* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
	96	json_object_set_new (body,
	97	"iss", json_string (issuer));
	98	json_object_set_new (body,
	99	"sub", json_string (issuer));
	100	/* TODO what should be in here exactly? */
	101	json_object_set_new (body,
	102	"aud", json_string (audience));
	103	for (le = attrs->list_head; NULL != le; le = le->next)
	104	{
	105	/**
	106	* TODO here we should have a function that
	107	* calls the Attribute plugins to create a
	108	* json representation for its value
	109	*/
	110	attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type,
	111	le->claim->data,
	112	le->claim->data_size);
	113	json_object_set_new (body,
	114	le->claim->name,
	115	json_string (attr_val_str));
	116	GNUNET_free (attr_val_str);
	117	}
	118	body_str = json_dumps (body, JSON_INDENT(0));
	119	json_decref (body);
	120
	121	GNUNET_STRINGS_base64_encode (header,
	122	strlen (header),
	123	&header_base64);
	124	//Remove GNUNET padding of base64
	125	padding = strtok(header_base64, "=");
	126	while (NULL != padding)
	127	padding = strtok(NULL, "=");
	128
	129	GNUNET_STRINGS_base64_encode (body_str,
	130	strlen (body_str),
	131	&body_base64);
	132
	133	//Remove GNUNET padding of base64
	134	padding = strtok(body_base64, "=");
	135	while (NULL != padding)
	136	padding = strtok(NULL, "=");
	137
	138	GNUNET_free (issuer);
	139	GNUNET_free (audience);
	140
	141	/**
	142	* TODO
	143	* Creating the JWT signature. This might not be
	144	* standards compliant, check.
	145	*/
	146	GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
	147
	148	purpose =
	149	GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
	150	strlen (signature_target));
	151	purpose->size =
	152	htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
	153	purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
	154	GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
	155	if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
	156	purpose,
	157	(struct GNUNET_CRYPTO_EcdsaSignature *)&signature))
	158	{
	159	GNUNET_free (signature_target);
	160	GNUNET_free (body_str);
	161	GNUNET_free (body_base64);
	162	GNUNET_free (header_base64);
	163	GNUNET_free (purpose);
	164	return NULL;
	165	}
	166	GNUNET_STRINGS_base64_encode ((const char*)&signature,
	167	sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
	168	&signature_base64);
	169	GNUNET_asprintf (&result, "%s.%s.%s",
	170	header_base64, body_base64, signature_base64);
	171
	172	GNUNET_free (signature_target);
	173	GNUNET_free (header);
	174	GNUNET_free (body_str);
	175	GNUNET_free (signature_base64);
	176	GNUNET_free (body_base64);
	177	GNUNET_free (header_base64);
	178	GNUNET_free (purpose);
	179	return result;
	180	}