diff options
Diffstat (limited to 'src/identity-token/plugin_rest_identity_token.c')
-rw-r--r-- | src/identity-token/plugin_rest_identity_token.c | 107 |
1 files changed, 58 insertions, 49 deletions
diff --git a/src/identity-token/plugin_rest_identity_token.c b/src/identity-token/plugin_rest_identity_token.c index 580d34ed0..d2c1b6c5d 100644 --- a/src/identity-token/plugin_rest_identity_token.c +++ b/src/identity-token/plugin_rest_identity_token.c | |||
@@ -34,7 +34,7 @@ | |||
34 | #include "microhttpd.h" | 34 | #include "microhttpd.h" |
35 | #include <jansson.h> | 35 | #include <jansson.h> |
36 | #include "gnunet_signatures.h" | 36 | #include "gnunet_signatures.h" |
37 | #include "identity-token.h" | 37 | #include "gnunet_identity_provider_lib.h" |
38 | 38 | ||
39 | /** | 39 | /** |
40 | * REST root namespace | 40 | * REST root namespace |
@@ -61,7 +61,7 @@ | |||
61 | */ | 61 | */ |
62 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" | 62 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" |
63 | 63 | ||
64 | #define GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE "code" | 64 | #define GNUNET_REST_JSONAPI_IDENTITY_token_ticket "code" |
65 | 65 | ||
66 | #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" | 66 | #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" |
67 | 67 | ||
@@ -290,12 +290,12 @@ struct RequestHandle | |||
290 | /** | 290 | /** |
291 | * Identity Token | 291 | * Identity Token |
292 | */ | 292 | */ |
293 | struct IdentityToken *token; | 293 | struct GNUNET_IDENTITY_PROVIDER_Token *token; |
294 | 294 | ||
295 | /** | 295 | /** |
296 | * Identity Token Code | 296 | * Identity Token Code |
297 | */ | 297 | */ |
298 | struct IdentityTokenCode *token_code; | 298 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket *token_ticket; |
299 | 299 | ||
300 | /** | 300 | /** |
301 | * Response object | 301 | * Response object |
@@ -341,9 +341,9 @@ cleanup_handle (struct RequestHandle *handle) | |||
341 | if (NULL != handle->attr_map) | 341 | if (NULL != handle->attr_map) |
342 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | 342 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); |
343 | if (NULL != handle->token) | 343 | if (NULL != handle->token) |
344 | identity_token_destroy (handle->token); | 344 | GNUNET_IDENTITY_PROVIDER_token_destroy (handle->token); |
345 | if (NULL != handle->token_code) | 345 | if (NULL != handle->token_ticket) |
346 | identity_token_code_destroy (handle->token_code); | 346 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (handle->token_ticket); |
347 | if (NULL != handle->url) | 347 | if (NULL != handle->url) |
348 | GNUNET_free (handle->url); | 348 | GNUNET_free (handle->url); |
349 | if (NULL != handle->emsg) | 349 | if (NULL != handle->emsg) |
@@ -455,10 +455,10 @@ sign_and_return_token (void *cls, | |||
455 | struct GNUNET_TIME_Relative etime_rel; | 455 | struct GNUNET_TIME_Relative etime_rel; |
456 | json_t *token_str; | 456 | json_t *token_str; |
457 | json_t *name_str; | 457 | json_t *name_str; |
458 | json_t *token_code_json; | 458 | json_t *token_ticket_json; |
459 | char *lbl_str; | 459 | char *lbl_str; |
460 | char *exp_str; | 460 | char *exp_str; |
461 | char *token_code_str; | 461 | char *token_ticket_str; |
462 | char *audience; | 462 | char *audience; |
463 | char *nonce_str; | 463 | char *nonce_str; |
464 | char *enc_token_str; | 464 | char *enc_token_str; |
@@ -520,14 +520,14 @@ sign_and_return_token (void *cls, | |||
520 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, | 520 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, |
521 | &pub_key); | 521 | &pub_key); |
522 | 522 | ||
523 | handle->token_code = identity_token_code_create (nonce_str, | 523 | handle->token_ticket = GNUNET_IDENTITY_PROVIDER_ticket_create (nonce_str, |
524 | &pub_key, | 524 | &pub_key, |
525 | lbl_str, | 525 | lbl_str, |
526 | &aud_pkey); | 526 | &aud_pkey); |
527 | 527 | ||
528 | if (GNUNET_OK != identity_token_code_serialize (handle->token_code, | 528 | if (GNUNET_OK != GNUNET_IDENTITY_PROVIDER_ticket_serialize (handle->token_ticket, |
529 | priv_key, | 529 | priv_key, |
530 | &token_code_str)) | 530 | &token_ticket_str)) |
531 | { | 531 | { |
532 | handle->emsg = GNUNET_strdup ("Unable to create ref token!\n"); | 532 | handle->emsg = GNUNET_strdup ("Unable to create ref token!\n"); |
533 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 533 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -563,11 +563,11 @@ sign_and_return_token (void *cls, | |||
563 | exp_time = time + etime_rel.rel_value_us; | 563 | exp_time = time + etime_rel.rel_value_us; |
564 | 564 | ||
565 | //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); | 565 | //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); |
566 | identity_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); | 566 | GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); |
567 | identity_token_add_json (handle->token, "nbf", json_integer (time)); | 567 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "nbf", json_integer (time)); |
568 | identity_token_add_json (handle->token, "iat", json_integer (time)); | 568 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "iat", json_integer (time)); |
569 | identity_token_add_json (handle->token, "exp", json_integer (exp_time)); | 569 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "exp", json_integer (exp_time)); |
570 | identity_token_add_attr (handle->token, "nonce", nonce_str); | 570 | GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "nonce", nonce_str); |
571 | 571 | ||
572 | 572 | ||
573 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); | 573 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); |
@@ -583,18 +583,18 @@ sign_and_return_token (void *cls, | |||
583 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, | 583 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, |
584 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN, | 584 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN, |
585 | token_str); | 585 | token_str); |
586 | token_code_json = json_string (token_code_str); | 586 | token_ticket_json = json_string (token_ticket_str); |
587 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, | 587 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, |
588 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, | 588 | GNUNET_REST_JSONAPI_IDENTITY_token_ticket, |
589 | token_code_json); | 589 | token_ticket_json); |
590 | GNUNET_free (token_code_str); | 590 | GNUNET_free (token_ticket_str); |
591 | json_decref (token_code_json); | 591 | json_decref (token_ticket_json); |
592 | GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); | 592 | GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); |
593 | //Token in a serialized encrypted format | 593 | //Token in a serialized encrypted format |
594 | GNUNET_assert (identity_token_serialize (handle->token, | 594 | GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (handle->token, |
595 | priv_key, | 595 | priv_key, |
596 | &ecdhe_privkey, | 596 | &ecdhe_privkey, |
597 | &enc_token_str)); | 597 | &enc_token_str)); |
598 | 598 | ||
599 | //Token record E,E_K (Token) | 599 | //Token record E,E_K (Token) |
600 | token_record[0].data = enc_token_str; | 600 | token_record[0].data = enc_token_str; |
@@ -703,7 +703,7 @@ attr_collect (void *cls, | |||
703 | rd->data, | 703 | rd->data, |
704 | rd->data_size); | 704 | rd->data_size); |
705 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); | 705 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); |
706 | identity_token_add_attr (handle->token, label, data); | 706 | GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, label, data); |
707 | GNUNET_free (data); | 707 | GNUNET_free (data); |
708 | } | 708 | } |
709 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | 709 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); |
@@ -727,7 +727,7 @@ attr_collect (void *cls, | |||
727 | 727 | ||
728 | if (0 < json_array_size (attr_arr)) | 728 | if (0 < json_array_size (attr_arr)) |
729 | { | 729 | { |
730 | identity_token_add_json (handle->token, label, attr_arr); | 730 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, label, attr_arr); |
731 | } | 731 | } |
732 | json_decref (attr_arr); | 732 | json_decref (attr_arr); |
733 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | 733 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); |
@@ -754,6 +754,8 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
754 | struct GNUNET_HashCode key; | 754 | struct GNUNET_HashCode key; |
755 | struct MHD_Response *resp; | 755 | struct MHD_Response *resp; |
756 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 756 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
757 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | ||
758 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | ||
757 | 759 | ||
758 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, | 760 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, |
759 | GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) | 761 | GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) |
@@ -820,13 +822,20 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
820 | &key); | 822 | &key); |
821 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience); | 823 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience); |
822 | 824 | ||
823 | handle->token = identity_token_create (ego_entry->keystring, | 825 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
824 | audience); | 826 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, |
827 | &pub_key); | ||
828 | GNUNET_STRINGS_string_to_data (audience, | ||
829 | strlen (audience), | ||
830 | &aud_key, | ||
831 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
832 | handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key, | ||
833 | aud_key); | ||
834 | GNUNET_free (aud_key); | ||
825 | 835 | ||
826 | 836 | ||
827 | //Get identity attributes | 837 | //Get identity attributes |
828 | handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); | 838 | handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); |
829 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
830 | handle->ego_entry = ego_entry; | 839 | handle->ego_entry = ego_entry; |
831 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, | 840 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, |
832 | priv_key, | 841 | priv_key, |
@@ -1033,14 +1042,14 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1033 | rd->data_size); | 1042 | rd->data_size); |
1034 | 1043 | ||
1035 | //Decrypt and parse | 1044 | //Decrypt and parse |
1036 | GNUNET_assert (GNUNET_OK == identity_token_parse (record_str, | 1045 | GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_parse (record_str, |
1037 | handle->priv_key, | 1046 | handle->priv_key, |
1038 | &handle->token)); | 1047 | &handle->token)); |
1039 | 1048 | ||
1040 | //Readable | 1049 | //Readable |
1041 | GNUNET_assert (GNUNET_OK == identity_token_to_string (handle->token, | 1050 | GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (handle->token, |
1042 | handle->priv_key, | 1051 | handle->priv_key, |
1043 | &token_str)); | 1052 | &token_str)); |
1044 | 1053 | ||
1045 | json_object_set_new (root, "access_token", json_string (token_str)); | 1054 | json_object_set_new (root, "access_token", json_string (token_str)); |
1046 | json_object_set_new (root, "token_type", json_string ("gnuid")); | 1055 | json_object_set_new (root, "token_type", json_string ("gnuid")); |
@@ -1058,7 +1067,7 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1058 | 1067 | ||
1059 | 1068 | ||
1060 | static void | 1069 | static void |
1061 | exchange_token_code_cb (void *cls, | 1070 | exchange_token_ticket_cb (void *cls, |
1062 | struct GNUNET_IDENTITY_Ego *ego, | 1071 | struct GNUNET_IDENTITY_Ego *ego, |
1063 | void **ctx, | 1072 | void **ctx, |
1064 | const char *name) | 1073 | const char *name) |
@@ -1077,8 +1086,8 @@ exchange_token_code_cb (void *cls, | |||
1077 | return; | 1086 | return; |
1078 | } | 1087 | } |
1079 | 1088 | ||
1080 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, | 1089 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_token_ticket, |
1081 | strlen (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE), | 1090 | strlen (GNUNET_REST_JSONAPI_IDENTITY_token_ticket), |
1082 | &key); | 1091 | &key); |
1083 | 1092 | ||
1084 | if ( GNUNET_NO == | 1093 | if ( GNUNET_NO == |
@@ -1094,21 +1103,21 @@ exchange_token_code_cb (void *cls, | |||
1094 | 1103 | ||
1095 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); | 1104 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); |
1096 | 1105 | ||
1097 | if (GNUNET_SYSERR == identity_token_code_parse (code, | 1106 | if (GNUNET_SYSERR == GNUNET_IDENTITY_PROVIDER_ticket_parse (code, |
1098 | handle->priv_key, | 1107 | handle->priv_key, |
1099 | &handle->token_code)) | 1108 | &handle->token_ticket)) |
1100 | { | 1109 | { |
1101 | handle->emsg = GNUNET_strdup ("Error extracting values from token code."); | 1110 | handle->emsg = GNUNET_strdup ("Error extracting values from token code."); |
1102 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1111 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1103 | return; | 1112 | return; |
1104 | } | 1113 | } |
1105 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n", | 1114 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n", |
1106 | handle->token_code->payload->label); | 1115 | handle->token_ticket->payload->label); |
1107 | handle->gns_handle = GNUNET_GNS_connect (cfg); | 1116 | handle->gns_handle = GNUNET_GNS_connect (cfg); |
1108 | GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_code->payload->label); | 1117 | GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_ticket->payload->label); |
1109 | handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle, | 1118 | handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle, |
1110 | lookup_query, | 1119 | lookup_query, |
1111 | &handle->token_code->payload->identity_key, | 1120 | &handle->token_ticket->payload->identity_key, |
1112 | GNUNET_GNSRECORD_TYPE_ID_TOKEN, | 1121 | GNUNET_GNSRECORD_TYPE_ID_TOKEN, |
1113 | GNUNET_GNS_LO_LOCAL_MASTER, | 1122 | GNUNET_GNS_LO_LOCAL_MASTER, |
1114 | NULL, | 1123 | NULL, |
@@ -1125,7 +1134,7 @@ exchange_token_code_cb (void *cls, | |||
1125 | * @param cls the RequestHandle | 1134 | * @param cls the RequestHandle |
1126 | */ | 1135 | */ |
1127 | static void | 1136 | static void |
1128 | exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, | 1137 | exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle, |
1129 | const char* url, | 1138 | const char* url, |
1130 | void *cls) | 1139 | void *cls) |
1131 | { | 1140 | { |
@@ -1149,7 +1158,7 @@ exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, | |||
1149 | //Get token from GNS | 1158 | //Get token from GNS |
1150 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, | 1159 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, |
1151 | "gns-master", | 1160 | "gns-master", |
1152 | &exchange_token_code_cb, | 1161 | &exchange_token_ticket_cb, |
1153 | handle); | 1162 | handle); |
1154 | } | 1163 | } |
1155 | 1164 | ||
@@ -1194,7 +1203,7 @@ init_cont (struct RequestHandle *handle) | |||
1194 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, | 1203 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, |
1195 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, | 1204 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, |
1196 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, | 1205 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, |
1197 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_code_cont}, | 1206 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, |
1198 | GNUNET_REST_HANDLER_END | 1207 | GNUNET_REST_HANDLER_END |
1199 | }; | 1208 | }; |
1200 | 1209 | ||