diff options
Diffstat (limited to 'src/identity-provider/plugin_rest_openid_connect.c')
-rw-r--r-- | src/identity-provider/plugin_rest_openid_connect.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/identity-provider/plugin_rest_openid_connect.c index 9c2f7fb3d..cc4b83dae 100644 --- a/src/identity-provider/plugin_rest_openid_connect.c +++ b/src/identity-provider/plugin_rest_openid_connect.c | |||
@@ -1412,6 +1412,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1412 | json_t *root, *ticket_string, *nonce, *max_age; | 1412 | json_t *root, *ticket_string, *nonce, *max_age; |
1413 | json_error_t error; | 1413 | json_error_t error; |
1414 | char *json_response; | 1414 | char *json_response; |
1415 | char *jwt_secret; | ||
1415 | 1416 | ||
1416 | /* | 1417 | /* |
1417 | * Check Authorization | 1418 | * Check Authorization |
@@ -1447,7 +1448,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1447 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1448 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1448 | return; | 1449 | return; |
1449 | } | 1450 | } |
1450 | GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw); | 1451 | GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), (void**)&user_psw); |
1451 | 1452 | ||
1452 | if ( NULL == user_psw ) | 1453 | if ( NULL == user_psw ) |
1453 | { | 1454 | { |
@@ -1598,7 +1599,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1598 | } | 1599 | } |
1599 | 1600 | ||
1600 | //decode code | 1601 | //decode code |
1601 | GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); | 1602 | GNUNET_STRINGS_base64_decode(code,strlen(code), (void**)&code_output); |
1602 | root = json_loads (code_output, 0, &error); | 1603 | root = json_loads (code_output, 0, &error); |
1603 | GNUNET_free(code_output); | 1604 | GNUNET_free(code_output); |
1604 | ticket_string = json_object_get (root, "ticket"); | 1605 | ticket_string = json_object_get (root, "ticket"); |
@@ -1717,15 +1718,32 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1717 | { | 1718 | { |
1718 | GNUNET_free_non_null(user_psw); | 1719 | GNUNET_free_non_null(user_psw); |
1719 | handle->emsg = GNUNET_strdup("invalid_request"); | 1720 | handle->emsg = GNUNET_strdup("invalid_request"); |
1720 | handle->edesc = GNUNET_strdup("invalid code...."); | 1721 | handle->edesc = GNUNET_strdup("invalid code..."); |
1721 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1722 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1722 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1723 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1723 | GNUNET_free(ticket); | 1724 | GNUNET_free(ticket); |
1724 | return; | 1725 | return; |
1725 | } | 1726 | } |
1727 | if ( GNUNET_OK | ||
1728 | != GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | ||
1729 | "jwt_secret", &jwt_secret) ) | ||
1730 | { | ||
1731 | GNUNET_free_non_null(user_psw); | ||
1732 | handle->emsg = GNUNET_strdup("invalid_request"); | ||
1733 | handle->edesc = GNUNET_strdup("No signing secret configured!"); | ||
1734 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1735 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1736 | GNUNET_free(ticket); | ||
1737 | return; | ||
1738 | } | ||
1739 | struct GNUNET_CRYPTO_AuthKey jwt_sign_key; | ||
1740 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | ||
1741 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); | ||
1742 | GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key); | ||
1726 | char *id_token = jwt_create_from_list(&ticket->audience, | 1743 | char *id_token = jwt_create_from_list(&ticket->audience, |
1744 | &pk, | ||
1727 | cl, | 1745 | cl, |
1728 | GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego)); | 1746 | &jwt_sign_key); |
1729 | 1747 | ||
1730 | //Create random access_token | 1748 | //Create random access_token |
1731 | char* access_token_number; | 1749 | char* access_token_number; |