aboutsummaryrefslogtreecommitdiff
path: root/src/identity-token/plugin_rest_identity_token.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/identity-token/plugin_rest_identity_token.c')
-rw-r--r--src/identity-token/plugin_rest_identity_token.c107
1 files changed, 58 insertions, 49 deletions
diff --git a/src/identity-token/plugin_rest_identity_token.c b/src/identity-token/plugin_rest_identity_token.c
index 580d34ed0..d2c1b6c5d 100644
--- a/src/identity-token/plugin_rest_identity_token.c
+++ b/src/identity-token/plugin_rest_identity_token.c
@@ -34,7 +34,7 @@
34#include "microhttpd.h" 34#include "microhttpd.h"
35#include <jansson.h> 35#include <jansson.h>
36#include "gnunet_signatures.h" 36#include "gnunet_signatures.h"
37#include "identity-token.h" 37#include "gnunet_identity_provider_lib.h"
38 38
39/** 39/**
40 * REST root namespace 40 * REST root namespace
@@ -61,7 +61,7 @@
61 */ 61 */
62#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" 62#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize"
63 63
64#define GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE "code" 64#define GNUNET_REST_JSONAPI_IDENTITY_token_ticket "code"
65 65
66#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" 66#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code"
67 67
@@ -290,12 +290,12 @@ struct RequestHandle
290 /** 290 /**
291 * Identity Token 291 * Identity Token
292 */ 292 */
293 struct IdentityToken *token; 293 struct GNUNET_IDENTITY_PROVIDER_Token *token;
294 294
295 /** 295 /**
296 * Identity Token Code 296 * Identity Token Code
297 */ 297 */
298 struct IdentityTokenCode *token_code; 298 struct GNUNET_IDENTITY_PROVIDER_TokenTicket *token_ticket;
299 299
300 /** 300 /**
301 * Response object 301 * Response object
@@ -341,9 +341,9 @@ cleanup_handle (struct RequestHandle *handle)
341 if (NULL != handle->attr_map) 341 if (NULL != handle->attr_map)
342 GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); 342 GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map);
343 if (NULL != handle->token) 343 if (NULL != handle->token)
344 identity_token_destroy (handle->token); 344 GNUNET_IDENTITY_PROVIDER_token_destroy (handle->token);
345 if (NULL != handle->token_code) 345 if (NULL != handle->token_ticket)
346 identity_token_code_destroy (handle->token_code); 346 GNUNET_IDENTITY_PROVIDER_ticket_destroy (handle->token_ticket);
347 if (NULL != handle->url) 347 if (NULL != handle->url)
348 GNUNET_free (handle->url); 348 GNUNET_free (handle->url);
349 if (NULL != handle->emsg) 349 if (NULL != handle->emsg)
@@ -455,10 +455,10 @@ sign_and_return_token (void *cls,
455 struct GNUNET_TIME_Relative etime_rel; 455 struct GNUNET_TIME_Relative etime_rel;
456 json_t *token_str; 456 json_t *token_str;
457 json_t *name_str; 457 json_t *name_str;
458 json_t *token_code_json; 458 json_t *token_ticket_json;
459 char *lbl_str; 459 char *lbl_str;
460 char *exp_str; 460 char *exp_str;
461 char *token_code_str; 461 char *token_ticket_str;
462 char *audience; 462 char *audience;
463 char *nonce_str; 463 char *nonce_str;
464 char *enc_token_str; 464 char *enc_token_str;
@@ -520,14 +520,14 @@ sign_and_return_token (void *cls,
520 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, 520 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key,
521 &pub_key); 521 &pub_key);
522 522
523 handle->token_code = identity_token_code_create (nonce_str, 523 handle->token_ticket = GNUNET_IDENTITY_PROVIDER_ticket_create (nonce_str,
524 &pub_key, 524 &pub_key,
525 lbl_str, 525 lbl_str,
526 &aud_pkey); 526 &aud_pkey);
527 527
528 if (GNUNET_OK != identity_token_code_serialize (handle->token_code, 528 if (GNUNET_OK != GNUNET_IDENTITY_PROVIDER_ticket_serialize (handle->token_ticket,
529 priv_key, 529 priv_key,
530 &token_code_str)) 530 &token_ticket_str))
531 { 531 {
532 handle->emsg = GNUNET_strdup ("Unable to create ref token!\n"); 532 handle->emsg = GNUNET_strdup ("Unable to create ref token!\n");
533 GNUNET_SCHEDULER_add_now (&do_error, handle); 533 GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -563,11 +563,11 @@ sign_and_return_token (void *cls,
563 exp_time = time + etime_rel.rel_value_us; 563 exp_time = time + etime_rel.rel_value_us;
564 564
565 //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); 565 //json_object_set_new (handle->payload, "lbl", json_string (lbl_str));
566 identity_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); 566 GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "sub", handle->ego_entry->identifier);
567 identity_token_add_json (handle->token, "nbf", json_integer (time)); 567 GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "nbf", json_integer (time));
568 identity_token_add_json (handle->token, "iat", json_integer (time)); 568 GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "iat", json_integer (time));
569 identity_token_add_json (handle->token, "exp", json_integer (exp_time)); 569 GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "exp", json_integer (exp_time));
570 identity_token_add_attr (handle->token, "nonce", nonce_str); 570 GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "nonce", nonce_str);
571 571
572 572
573 handle->resp_object = GNUNET_REST_jsonapi_object_new (); 573 handle->resp_object = GNUNET_REST_jsonapi_object_new ();
@@ -583,18 +583,18 @@ sign_and_return_token (void *cls,
583 GNUNET_REST_jsonapi_resource_add_attr (json_resource, 583 GNUNET_REST_jsonapi_resource_add_attr (json_resource,
584 GNUNET_REST_JSONAPI_IDENTITY_TOKEN, 584 GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
585 token_str); 585 token_str);
586 token_code_json = json_string (token_code_str); 586 token_ticket_json = json_string (token_ticket_str);
587 GNUNET_REST_jsonapi_resource_add_attr (json_resource, 587 GNUNET_REST_jsonapi_resource_add_attr (json_resource,
588 GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, 588 GNUNET_REST_JSONAPI_IDENTITY_token_ticket,
589 token_code_json); 589 token_ticket_json);
590 GNUNET_free (token_code_str); 590 GNUNET_free (token_ticket_str);
591 json_decref (token_code_json); 591 json_decref (token_ticket_json);
592 GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); 592 GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource);
593 //Token in a serialized encrypted format 593 //Token in a serialized encrypted format
594 GNUNET_assert (identity_token_serialize (handle->token, 594 GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (handle->token,
595 priv_key, 595 priv_key,
596 &ecdhe_privkey, 596 &ecdhe_privkey,
597 &enc_token_str)); 597 &enc_token_str));
598 598
599 //Token record E,E_K (Token) 599 //Token record E,E_K (Token)
600 token_record[0].data = enc_token_str; 600 token_record[0].data = enc_token_str;
@@ -703,7 +703,7 @@ attr_collect (void *cls,
703 rd->data, 703 rd->data,
704 rd->data_size); 704 rd->data_size);
705 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); 705 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data);
706 identity_token_add_attr (handle->token, label, data); 706 GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, label, data);
707 GNUNET_free (data); 707 GNUNET_free (data);
708 } 708 }
709 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); 709 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
@@ -727,7 +727,7 @@ attr_collect (void *cls,
727 727
728 if (0 < json_array_size (attr_arr)) 728 if (0 < json_array_size (attr_arr))
729 { 729 {
730 identity_token_add_json (handle->token, label, attr_arr); 730 GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, label, attr_arr);
731 } 731 }
732 json_decref (attr_arr); 732 json_decref (attr_arr);
733 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); 733 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
@@ -754,6 +754,8 @@ issue_token_cont (struct RestConnectionDataHandle *con,
754 struct GNUNET_HashCode key; 754 struct GNUNET_HashCode key;
755 struct MHD_Response *resp; 755 struct MHD_Response *resp;
756 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; 756 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
757 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
758 struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
757 759
758 if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, 760 if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url,
759 GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) 761 GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE))
@@ -820,13 +822,20 @@ issue_token_cont (struct RestConnectionDataHandle *con,
820 &key); 822 &key);
821 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience); 823 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience);
822 824
823 handle->token = identity_token_create (ego_entry->keystring, 825 priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
824 audience); 826 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
827 &pub_key);
828 GNUNET_STRINGS_string_to_data (audience,
829 strlen (audience),
830 &aud_key,
831 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
832 handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key,
833 aud_key);
834 GNUNET_free (aud_key);
825 835
826 836
827 //Get identity attributes 837 //Get identity attributes
828 handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); 838 handle->ns_handle = GNUNET_NAMESTORE_connect (cfg);
829 priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
830 handle->ego_entry = ego_entry; 839 handle->ego_entry = ego_entry;
831 handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, 840 handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle,
832 priv_key, 841 priv_key,
@@ -1033,14 +1042,14 @@ process_lookup_result (void *cls, uint32_t rd_count,
1033 rd->data_size); 1042 rd->data_size);
1034 1043
1035 //Decrypt and parse 1044 //Decrypt and parse
1036 GNUNET_assert (GNUNET_OK == identity_token_parse (record_str, 1045 GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_parse (record_str,
1037 handle->priv_key, 1046 handle->priv_key,
1038 &handle->token)); 1047 &handle->token));
1039 1048
1040 //Readable 1049 //Readable
1041 GNUNET_assert (GNUNET_OK == identity_token_to_string (handle->token, 1050 GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (handle->token,
1042 handle->priv_key, 1051 handle->priv_key,
1043 &token_str)); 1052 &token_str));
1044 1053
1045 json_object_set_new (root, "access_token", json_string (token_str)); 1054 json_object_set_new (root, "access_token", json_string (token_str));
1046 json_object_set_new (root, "token_type", json_string ("gnuid")); 1055 json_object_set_new (root, "token_type", json_string ("gnuid"));
@@ -1058,7 +1067,7 @@ process_lookup_result (void *cls, uint32_t rd_count,
1058 1067
1059 1068
1060static void 1069static void
1061exchange_token_code_cb (void *cls, 1070exchange_token_ticket_cb (void *cls,
1062 struct GNUNET_IDENTITY_Ego *ego, 1071 struct GNUNET_IDENTITY_Ego *ego,
1063 void **ctx, 1072 void **ctx,
1064 const char *name) 1073 const char *name)
@@ -1077,8 +1086,8 @@ exchange_token_code_cb (void *cls,
1077 return; 1086 return;
1078 } 1087 }
1079 1088
1080 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, 1089 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_token_ticket,
1081 strlen (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE), 1090 strlen (GNUNET_REST_JSONAPI_IDENTITY_token_ticket),
1082 &key); 1091 &key);
1083 1092
1084 if ( GNUNET_NO == 1093 if ( GNUNET_NO ==
@@ -1094,21 +1103,21 @@ exchange_token_code_cb (void *cls,
1094 1103
1095 handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); 1104 handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
1096 1105
1097 if (GNUNET_SYSERR == identity_token_code_parse (code, 1106 if (GNUNET_SYSERR == GNUNET_IDENTITY_PROVIDER_ticket_parse (code,
1098 handle->priv_key, 1107 handle->priv_key,
1099 &handle->token_code)) 1108 &handle->token_ticket))
1100 { 1109 {
1101 handle->emsg = GNUNET_strdup ("Error extracting values from token code."); 1110 handle->emsg = GNUNET_strdup ("Error extracting values from token code.");
1102 GNUNET_SCHEDULER_add_now (&do_error, handle); 1111 GNUNET_SCHEDULER_add_now (&do_error, handle);
1103 return; 1112 return;
1104 } 1113 }
1105 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n", 1114 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n",
1106 handle->token_code->payload->label); 1115 handle->token_ticket->payload->label);
1107 handle->gns_handle = GNUNET_GNS_connect (cfg); 1116 handle->gns_handle = GNUNET_GNS_connect (cfg);
1108 GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_code->payload->label); 1117 GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_ticket->payload->label);
1109 handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle, 1118 handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle,
1110 lookup_query, 1119 lookup_query,
1111 &handle->token_code->payload->identity_key, 1120 &handle->token_ticket->payload->identity_key,
1112 GNUNET_GNSRECORD_TYPE_ID_TOKEN, 1121 GNUNET_GNSRECORD_TYPE_ID_TOKEN,
1113 GNUNET_GNS_LO_LOCAL_MASTER, 1122 GNUNET_GNS_LO_LOCAL_MASTER,
1114 NULL, 1123 NULL,
@@ -1125,7 +1134,7 @@ exchange_token_code_cb (void *cls,
1125 * @param cls the RequestHandle 1134 * @param cls the RequestHandle
1126 */ 1135 */
1127static void 1136static void
1128exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, 1137exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle,
1129 const char* url, 1138 const char* url,
1130 void *cls) 1139 void *cls)
1131{ 1140{
@@ -1149,7 +1158,7 @@ exchange_token_code_cont (struct RestConnectionDataHandle *con_handle,
1149 //Get token from GNS 1158 //Get token from GNS
1150 handle->op = GNUNET_IDENTITY_get (handle->identity_handle, 1159 handle->op = GNUNET_IDENTITY_get (handle->identity_handle,
1151 "gns-master", 1160 "gns-master",
1152 &exchange_token_code_cb, 1161 &exchange_token_ticket_cb,
1153 handle); 1162 handle);
1154 } 1163 }
1155 1164
@@ -1194,7 +1203,7 @@ init_cont (struct RequestHandle *handle)
1194 //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, 1203 //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont},
1195 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, 1204 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont},
1196 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, 1205 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont},
1197 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_code_cont}, 1206 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont},
1198 GNUNET_REST_HANDLER_END 1207 GNUNET_REST_HANDLER_END
1199 }; 1208 };
1200 1209
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-31 12:13:33 +0000