diff options
Diffstat (limited to 'src/plugin/reclaim/plugin_reclaim_credential_jwt.c')
-rw-r--r-- | src/plugin/reclaim/plugin_reclaim_credential_jwt.c | 512 |
1 files changed, 512 insertions, 0 deletions
diff --git a/src/plugin/reclaim/plugin_reclaim_credential_jwt.c b/src/plugin/reclaim/plugin_reclaim_credential_jwt.c new file mode 100644 index 000000000..3eb4bfebf --- /dev/null +++ b/src/plugin/reclaim/plugin_reclaim_credential_jwt.c | |||
@@ -0,0 +1,512 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_reclaim_credential_jwt.c | ||
23 | * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for | ||
24 | * JWT credentials. | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_reclaim_plugin.h" | ||
31 | #include <inttypes.h> | ||
32 | #include <jansson.h> | ||
33 | |||
34 | /** | ||
35 | * Convert the 'value' of an credential to a string. | ||
36 | * | ||
37 | * @param cls closure, unused | ||
38 | * @param type type of the credential | ||
39 | * @param data value in binary encoding | ||
40 | * @param data_size number of bytes in @a data | ||
41 | * @return NULL on error, otherwise human-readable representation of the value | ||
42 | */ | ||
43 | static char * | ||
44 | jwt_value_to_string (void *cls, | ||
45 | uint32_t type, | ||
46 | const void *data, | ||
47 | size_t data_size) | ||
48 | { | ||
49 | switch (type) | ||
50 | { | ||
51 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
52 | return GNUNET_strndup (data, data_size); | ||
53 | |||
54 | default: | ||
55 | return NULL; | ||
56 | } | ||
57 | } | ||
58 | |||
59 | |||
60 | /** | ||
61 | * Convert human-readable version of a 'value' of an credential to the binary | ||
62 | * representation. | ||
63 | * | ||
64 | * @param cls closure, unused | ||
65 | * @param type type of the credential | ||
66 | * @param s human-readable string | ||
67 | * @param data set to value in binary encoding (will be allocated) | ||
68 | * @param data_size set to number of bytes in @a data | ||
69 | * @return #GNUNET_OK on success | ||
70 | */ | ||
71 | static int | ||
72 | jwt_string_to_value (void *cls, | ||
73 | uint32_t type, | ||
74 | const char *s, | ||
75 | void **data, | ||
76 | size_t *data_size) | ||
77 | { | ||
78 | if (NULL == s) | ||
79 | return GNUNET_SYSERR; | ||
80 | switch (type) | ||
81 | { | ||
82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
83 | *data = GNUNET_strdup (s); | ||
84 | *data_size = strlen (s) + 1; | ||
85 | return GNUNET_OK; | ||
86 | |||
87 | default: | ||
88 | return GNUNET_SYSERR; | ||
89 | } | ||
90 | } | ||
91 | |||
92 | |||
93 | /** | ||
94 | * Mapping of credential type numbers to human-readable | ||
95 | * credential type names. | ||
96 | */ | ||
97 | static struct | ||
98 | { | ||
99 | const char *name; | ||
100 | uint32_t number; | ||
101 | } jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT }, | ||
102 | { NULL, UINT32_MAX } }; | ||
103 | |||
104 | /** | ||
105 | * Convert a type name to the corresponding number. | ||
106 | * | ||
107 | * @param cls closure, unused | ||
108 | * @param jwt_typename name to convert | ||
109 | * @return corresponding number, UINT32_MAX on error | ||
110 | */ | ||
111 | static uint32_t | ||
112 | jwt_typename_to_number (void *cls, const char *jwt_typename) | ||
113 | { | ||
114 | unsigned int i; | ||
115 | |||
116 | i = 0; | ||
117 | while ((NULL != jwt_cred_name_map[i].name) && | ||
118 | (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name))) | ||
119 | i++; | ||
120 | return jwt_cred_name_map[i].number; | ||
121 | } | ||
122 | |||
123 | |||
124 | /** | ||
125 | * Convert a type number to the corresponding type string (e.g. 1 to "A") | ||
126 | * | ||
127 | * @param cls closure, unused | ||
128 | * @param type number of a type to convert | ||
129 | * @return corresponding typestring, NULL on error | ||
130 | */ | ||
131 | static const char * | ||
132 | jwt_number_to_typename (void *cls, uint32_t type) | ||
133 | { | ||
134 | unsigned int i; | ||
135 | |||
136 | i = 0; | ||
137 | while ((NULL != jwt_cred_name_map[i].name) && (type != | ||
138 | jwt_cred_name_map[i]. | ||
139 | number)) | ||
140 | i++; | ||
141 | return jwt_cred_name_map[i].name; | ||
142 | } | ||
143 | |||
144 | |||
145 | /** | ||
146 | * Parse a JWT and return the respective claim value as Attribute | ||
147 | * | ||
148 | * @param cls the plugin | ||
149 | * @param cred the jwt credential | ||
150 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
151 | */ | ||
152 | struct GNUNET_RECLAIM_AttributeList * | ||
153 | jwt_parse_attributes (void *cls, | ||
154 | const char *data, | ||
155 | size_t data_size) | ||
156 | { | ||
157 | char *jwt_string; | ||
158 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
159 | char delim[] = "."; | ||
160 | char *val_str = NULL; | ||
161 | char *decoded_jwt; | ||
162 | char *tmp; | ||
163 | json_t *json_val; | ||
164 | json_error_t json_err; | ||
165 | |||
166 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
167 | |||
168 | jwt_string = GNUNET_strndup (data, data_size); | ||
169 | const char *jwt_body = strtok (jwt_string, delim); | ||
170 | if (NULL == jwt_body) | ||
171 | { | ||
172 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
173 | "Failed to parse JSON %s\n", jwt_string); | ||
174 | return attrs; | ||
175 | } | ||
176 | jwt_body = strtok (NULL, delim); | ||
177 | if (NULL == jwt_body) | ||
178 | { | ||
179 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
180 | "Failed to parse JSON %s\n", jwt_string); | ||
181 | GNUNET_free (jwt_string); | ||
182 | return attrs; | ||
183 | } | ||
184 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
185 | (void **) &decoded_jwt); | ||
186 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); | ||
187 | GNUNET_assert (NULL != decoded_jwt); | ||
188 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
189 | GNUNET_free (decoded_jwt); | ||
190 | const char *key; | ||
191 | const char *addr_key; | ||
192 | json_t *value; | ||
193 | json_t *addr_value; | ||
194 | |||
195 | json_object_foreach (json_val, key, value) { | ||
196 | if (0 == strcmp ("iss", key)) | ||
197 | continue; | ||
198 | if (0 == strcmp ("jti", key)) | ||
199 | continue; | ||
200 | if (0 == strcmp ("exp", key)) | ||
201 | continue; | ||
202 | if (0 == strcmp ("iat", key)) | ||
203 | continue; | ||
204 | if (0 == strcmp ("nbf", key)) | ||
205 | continue; | ||
206 | if (0 == strcmp ("aud", key)) | ||
207 | continue; | ||
208 | if (0 == strcmp ("address", key)) | ||
209 | { | ||
210 | if (! json_is_object (value)) | ||
211 | { | ||
212 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
213 | "address claim in wrong format!"); | ||
214 | continue; | ||
215 | } | ||
216 | json_object_foreach (value, addr_key, addr_value) { | ||
217 | val_str = json_dumps (addr_value, JSON_ENCODE_ANY); | ||
218 | tmp = val_str; | ||
219 | // Remove leading " from jasson conversion | ||
220 | if (tmp[0] == '"') | ||
221 | tmp++; | ||
222 | // Remove trailing " from jansson conversion | ||
223 | if (tmp[strlen (tmp) - 1] == '"') | ||
224 | tmp[strlen (tmp) - 1] = '\0'; | ||
225 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
226 | addr_key, | ||
227 | NULL, | ||
228 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
229 | tmp, | ||
230 | strlen (val_str)); | ||
231 | GNUNET_free (val_str); | ||
232 | } | ||
233 | continue; | ||
234 | } | ||
235 | val_str = json_dumps (value, JSON_ENCODE_ANY); | ||
236 | tmp = val_str; | ||
237 | // Remove leading " from jasson conversion | ||
238 | if (tmp[0] == '"') | ||
239 | tmp++; | ||
240 | // Remove trailing " from jansson conversion | ||
241 | if (tmp[strlen (tmp) - 1] == '"') | ||
242 | tmp[strlen (tmp) - 1] = '\0'; | ||
243 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
244 | key, | ||
245 | NULL, | ||
246 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME | ||
247 | tmp, | ||
248 | strlen (val_str)); | ||
249 | GNUNET_free (val_str); | ||
250 | } | ||
251 | json_decref (json_val); | ||
252 | GNUNET_free (jwt_string); | ||
253 | return attrs; | ||
254 | } | ||
255 | |||
256 | |||
257 | /** | ||
258 | * Parse a JWT and return the respective claim value as Attribute | ||
259 | * | ||
260 | * @param cls the plugin | ||
261 | * @param cred the jwt credential | ||
262 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
263 | */ | ||
264 | struct GNUNET_RECLAIM_AttributeList * | ||
265 | jwt_parse_attributes_c (void *cls, | ||
266 | const struct GNUNET_RECLAIM_Credential *cred) | ||
267 | { | ||
268 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) | ||
269 | return NULL; | ||
270 | return jwt_parse_attributes (cls, cred->data, cred->data_size); | ||
271 | } | ||
272 | |||
273 | |||
274 | /** | ||
275 | * Parse a JWT and return the respective claim value as Attribute | ||
276 | * | ||
277 | * @param cls the plugin | ||
278 | * @param cred the jwt credential | ||
279 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
280 | */ | ||
281 | struct GNUNET_RECLAIM_AttributeList * | ||
282 | jwt_parse_attributes_p (void *cls, | ||
283 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
284 | { | ||
285 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) | ||
286 | return NULL; | ||
287 | return jwt_parse_attributes (cls, cred->data, cred->data_size); | ||
288 | } | ||
289 | |||
290 | |||
291 | /** | ||
292 | * Parse a JWT and return the issuer | ||
293 | * | ||
294 | * @param cls the plugin | ||
295 | * @param cred the jwt credential | ||
296 | * @return a string, containing the isser | ||
297 | */ | ||
298 | char * | ||
299 | jwt_get_issuer (void *cls, | ||
300 | const char *data, | ||
301 | size_t data_size) | ||
302 | { | ||
303 | const char *jwt_body; | ||
304 | char *jwt_string; | ||
305 | char delim[] = "."; | ||
306 | char *issuer = NULL; | ||
307 | char *decoded_jwt; | ||
308 | json_t *issuer_json; | ||
309 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
310 | json_t *json_val; | ||
311 | json_error_t json_err; | ||
312 | |||
313 | jwt_string = GNUNET_strndup (data, data_size); | ||
314 | jwt_body = strtok (jwt_string, delim); | ||
315 | jwt_body = strtok (NULL, delim); | ||
316 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
317 | (void **) &decoded_jwt); | ||
318 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
319 | GNUNET_free (decoded_jwt); | ||
320 | GNUNET_free (jwt_string); | ||
321 | if (NULL == json_val) | ||
322 | return NULL; | ||
323 | issuer_json = json_object_get (json_val, "iss"); | ||
324 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | ||
325 | { | ||
326 | json_decref (json_val); | ||
327 | return NULL; | ||
328 | } | ||
329 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | ||
330 | json_decref (json_val); | ||
331 | return issuer; | ||
332 | } | ||
333 | |||
334 | |||
335 | /** | ||
336 | * Parse a JWT and return the issuer | ||
337 | * | ||
338 | * @param cls the plugin | ||
339 | * @param cred the jwt credential | ||
340 | * @return a string, containing the isser | ||
341 | */ | ||
342 | char * | ||
343 | jwt_get_issuer_c (void *cls, | ||
344 | const struct GNUNET_RECLAIM_Credential *cred) | ||
345 | { | ||
346 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
347 | return NULL; | ||
348 | return jwt_get_issuer (cls, cred->data, cred->data_size); | ||
349 | } | ||
350 | |||
351 | |||
352 | /** | ||
353 | * Parse a JWT and return the issuer | ||
354 | * | ||
355 | * @param cls the plugin | ||
356 | * @param cred the jwt credential | ||
357 | * @return a string, containing the isser | ||
358 | */ | ||
359 | char * | ||
360 | jwt_get_issuer_p (void *cls, | ||
361 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
362 | { | ||
363 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
364 | return NULL; | ||
365 | return jwt_get_issuer (cls, cred->data, cred->data_size); | ||
366 | } | ||
367 | |||
368 | |||
369 | /** | ||
370 | * Parse a JWT and return the expiration | ||
371 | * | ||
372 | * @param cls the plugin | ||
373 | * @param cred the jwt credential | ||
374 | * @return a string, containing the isser | ||
375 | */ | ||
376 | enum GNUNET_GenericReturnValue | ||
377 | jwt_get_expiration (void *cls, | ||
378 | const char *data, | ||
379 | size_t data_size, | ||
380 | struct GNUNET_TIME_Absolute *exp) | ||
381 | { | ||
382 | const char *jwt_body; | ||
383 | char *jwt_string; | ||
384 | char delim[] = "."; | ||
385 | char *decoded_jwt; | ||
386 | json_t *exp_json; | ||
387 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
388 | json_t *json_val; | ||
389 | json_error_t json_err; | ||
390 | |||
391 | jwt_string = GNUNET_strndup (data, data_size); | ||
392 | jwt_body = strtok (jwt_string, delim); | ||
393 | jwt_body = strtok (NULL, delim); | ||
394 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
395 | (void **) &decoded_jwt); | ||
396 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
397 | GNUNET_free (decoded_jwt); | ||
398 | GNUNET_free (jwt_string); | ||
399 | if (NULL == json_val) | ||
400 | return GNUNET_SYSERR; | ||
401 | exp_json = json_object_get (json_val, "exp"); | ||
402 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | ||
403 | { | ||
404 | json_decref (json_val); | ||
405 | return GNUNET_SYSERR; | ||
406 | } | ||
407 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | ||
408 | json_decref (json_val); | ||
409 | return GNUNET_OK; | ||
410 | } | ||
411 | |||
412 | |||
413 | /** | ||
414 | * Parse a JWT and return the expiration | ||
415 | * | ||
416 | * @param cls the plugin | ||
417 | * @param cred the jwt credential | ||
418 | * @return the expirati | ||
419 | */ | ||
420 | enum GNUNET_GenericReturnValue | ||
421 | jwt_get_expiration_c (void *cls, | ||
422 | const struct GNUNET_RECLAIM_Credential *cred, | ||
423 | struct GNUNET_TIME_Absolute *exp) | ||
424 | { | ||
425 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
426 | return GNUNET_NO; | ||
427 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); | ||
428 | } | ||
429 | |||
430 | |||
431 | /** | ||
432 | * Parse a JWT and return the expiration | ||
433 | * | ||
434 | * @param cls the plugin | ||
435 | * @param cred the jwt credential | ||
436 | * @return a string, containing the isser | ||
437 | */ | ||
438 | enum GNUNET_GenericReturnValue | ||
439 | jwt_get_expiration_p (void *cls, | ||
440 | const struct GNUNET_RECLAIM_Presentation *cred, | ||
441 | struct GNUNET_TIME_Absolute *exp) | ||
442 | { | ||
443 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
444 | return GNUNET_NO; | ||
445 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); | ||
446 | } | ||
447 | |||
448 | |||
449 | enum GNUNET_GenericReturnValue | ||
450 | jwt_create_presentation (void *cls, | ||
451 | const struct GNUNET_RECLAIM_Credential *cred, | ||
452 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
453 | struct GNUNET_RECLAIM_Presentation **presentation) | ||
454 | { | ||
455 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
456 | return GNUNET_NO; | ||
457 | *presentation = GNUNET_RECLAIM_presentation_new ( | ||
458 | GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT, | ||
459 | cred->data, | ||
460 | cred->data_size); | ||
461 | return GNUNET_OK; | ||
462 | } | ||
463 | |||
464 | |||
465 | /** | ||
466 | * Entry point for the plugin. | ||
467 | * | ||
468 | * @param cls NULL | ||
469 | * @return the exported block API | ||
470 | */ | ||
471 | void * | ||
472 | libgnunet_plugin_reclaim_credential_jwt_init (void *cls) | ||
473 | { | ||
474 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
475 | |||
476 | api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); | ||
477 | api->value_to_string = &jwt_value_to_string; | ||
478 | api->string_to_value = &jwt_string_to_value; | ||
479 | api->typename_to_number = &jwt_typename_to_number; | ||
480 | api->number_to_typename = &jwt_number_to_typename; | ||
481 | api->get_attributes = &jwt_parse_attributes_c; | ||
482 | api->get_issuer = &jwt_get_issuer_c; | ||
483 | api->get_expiration = &jwt_get_expiration_c; | ||
484 | api->value_to_string_p = &jwt_value_to_string; | ||
485 | api->string_to_value_p = &jwt_string_to_value; | ||
486 | api->typename_to_number_p = &jwt_typename_to_number; | ||
487 | api->number_to_typename_p = &jwt_number_to_typename; | ||
488 | api->get_attributes_p = &jwt_parse_attributes_p; | ||
489 | api->get_issuer_p = &jwt_get_issuer_p; | ||
490 | api->get_expiration_p = &jwt_get_expiration_p; | ||
491 | api->create_presentation = &jwt_create_presentation; | ||
492 | return api; | ||
493 | } | ||
494 | |||
495 | |||
496 | /** | ||
497 | * Exit point from the plugin. | ||
498 | * | ||
499 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
500 | * @return NULL | ||
501 | */ | ||
502 | void * | ||
503 | libgnunet_plugin_reclaim_credential_jwt_done (void *cls) | ||
504 | { | ||
505 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; | ||
506 | |||
507 | GNUNET_free (api); | ||
508 | return NULL; | ||
509 | } | ||
510 | |||
511 | |||
512 | /* end of plugin_reclaim_credential_type_jwt.c */ | ||