1 files changed, 512 insertions, 0 deletions
diff --git a/src/plugin/reclaim/plugin_reclaim_credential_jwt.c b/src/plugin/reclaim/plugin_reclaim_credential_jwt.c
new file mode 100644
index 000000000..3eb4bfebf
--- /dev/null
+++ b/src/plugin/reclaim/plugin_reclaim_credential_jwt.c
@@ -0,0 +1,512 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file reclaim/plugin_reclaim_credential_jwt.c
+ * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for
+ *                                      JWT credentials.
+ *
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_plugin.h"
+#include <inttypes.h>
+#include <jansson.h>
+/**
+   * Convert the 'value' of an credential to a string.
+   *
+   * @param cls closure, unused
+   * @param type type of the credential
+   * @param data value in binary encoding
+   * @param data_size number of bytes in @a data
+   * @return NULL on error, otherwise human-readable representation of the value
+   */
+static char *
+jwt_value_to_string (void *cls,
+                     uint32_t type,
+                     const void *data,
+                     size_t data_size)
+{
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
+    return GNUNET_strndup (data, data_size);
+  default:
+    return NULL;
+  }
+}
+/**
+ * Convert human-readable version of a 'value' of an credential to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the credential
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+jwt_string_to_value (void *cls,
+                     uint32_t type,
+                     const char *s,
+                     void **data,
+                     size_t *data_size)
+{
+  if (NULL == s)
+    return GNUNET_SYSERR;
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
+    *data = GNUNET_strdup (s);
+    *data_size = strlen (s) + 1;
+    return GNUNET_OK;
+  default:
+    return GNUNET_SYSERR;
+  }
+}
+/**
+ * Mapping of credential type numbers to human-readable
+ * credential type names.
+ */
+static struct
+{
+  const char *name;
+  uint32_t number;
+} jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT },
+                          { NULL, UINT32_MAX } };
+/**
+   * Convert a type name to the corresponding number.
+   *
+   * @param cls closure, unused
+   * @param jwt_typename name to convert
+   * @return corresponding number, UINT32_MAX on error
+   */
+static uint32_t
+jwt_typename_to_number (void *cls, const char *jwt_typename)
+{
+  unsigned int i;
+  i = 0;
+  while ((NULL != jwt_cred_name_map[i].name) &&
+         (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name)))
+    i++;
+  return jwt_cred_name_map[i].number;
+}
+/**
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+jwt_number_to_typename (void *cls, uint32_t type)
+{
+  unsigned int i;
+  i = 0;
+  while ((NULL != jwt_cred_name_map[i].name) && (type !=
+                                                 jwt_cred_name_map[i].
+                                                 number))
+    i++;
+  return jwt_cred_name_map[i].name;
+}
+/**
+ * Parse a JWT and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+jwt_parse_attributes (void *cls,
+                      const char *data,
+                      size_t data_size)
+{
+  char *jwt_string;
+  struct GNUNET_RECLAIM_AttributeList *attrs;
+  char delim[] = ".";
+  char *val_str = NULL;
+  char *decoded_jwt;
+  char *tmp;
+  json_t *json_val;
+  json_error_t json_err;
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
+  jwt_string = GNUNET_strndup (data, data_size);
+  const char *jwt_body = strtok (jwt_string, delim);
+  if (NULL == jwt_body)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to parse JSON %s\n", jwt_string);
+    return attrs;
+  }
+  jwt_body = strtok (NULL, delim);
+  if (NULL == jwt_body)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to parse JSON %s\n", jwt_string);
+    GNUNET_free (jwt_string);
+    return attrs;
+  }
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt);
+  GNUNET_assert (NULL != decoded_jwt);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
+  GNUNET_free (decoded_jwt);
+  const char *key;
+  const char *addr_key;
+  json_t *value;
+  json_t *addr_value;
+  json_object_foreach (json_val, key, value) {
+    if (0 == strcmp ("iss", key))
+      continue;
+    if (0 == strcmp ("jti", key))
+      continue;
+    if (0 == strcmp ("exp", key))
+      continue;
+    if (0 == strcmp ("iat", key))
+      continue;
+    if (0 == strcmp ("nbf", key))
+      continue;
+    if (0 == strcmp ("aud", key))
+      continue;
+    if (0 == strcmp ("address", key))
+    {
+      if (! json_is_object (value))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                    "address claim in wrong format!");
+        continue;
+      }
+      json_object_foreach (value, addr_key, addr_value) {
+        val_str = json_dumps (addr_value, JSON_ENCODE_ANY);
+        tmp = val_str;
+        // Remove leading " from jasson conversion
+        if (tmp[0] == '"')
+          tmp++;
+        // Remove trailing " from jansson conversion
+        if (tmp[strlen (tmp) - 1] == '"')
+          tmp[strlen (tmp) - 1] = '\0';
+        GNUNET_RECLAIM_attribute_list_add (attrs,
+                                           addr_key,
+                                           NULL,
+                                           GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
+                                           tmp,
+                                           strlen (val_str));
+        GNUNET_free (val_str);
+      }
+      continue;
+    }
+    val_str = json_dumps (value, JSON_ENCODE_ANY);
+    tmp = val_str;
+    // Remove leading " from jasson conversion
+    if (tmp[0] == '"')
+      tmp++;
+    // Remove trailing " from jansson conversion
+    if (tmp[strlen (tmp) - 1] == '"')
+      tmp[strlen (tmp) - 1] = '\0';
+    GNUNET_RECLAIM_attribute_list_add (attrs,
+                                       key,
+                                       NULL,
+                                       GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME
+                                       tmp,
+                                       strlen (val_str));
+    GNUNET_free (val_str);
+  }
+  json_decref (json_val);
+  GNUNET_free (jwt_string);
+  return attrs;
+}
+/**
+ * Parse a JWT and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+jwt_parse_attributes_c (void *cls,
+                        const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT)
+    return NULL;
+  return jwt_parse_attributes (cls, cred->data, cred->data_size);
+}
+/**
+ * Parse a JWT and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+jwt_parse_attributes_p (void *cls,
+                        const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT)
+    return NULL;
+  return jwt_parse_attributes (cls, cred->data, cred->data_size);
+}
+/**
+ * Parse a JWT and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+char *
+jwt_get_issuer (void *cls,
+                const char *data,
+                size_t data_size)
+{
+  const char *jwt_body;
+  char *jwt_string;
+  char delim[] = ".";
+  char *issuer = NULL;
+  char *decoded_jwt;
+  json_t *issuer_json;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
+  json_t *json_val;
+  json_error_t json_err;
+  jwt_string = GNUNET_strndup (data, data_size);
+  jwt_body = strtok (jwt_string, delim);
+  jwt_body = strtok (NULL, delim);
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
+  GNUNET_free (decoded_jwt);
+  GNUNET_free (jwt_string);
+  if (NULL == json_val)
+    return NULL;
+  issuer_json = json_object_get (json_val, "iss");
+  if ((NULL == issuer_json) || (! json_is_string (issuer_json)))
+  {
+    json_decref (json_val);
+    return NULL;
+  }
+  issuer = GNUNET_strdup (json_string_value (issuer_json));
+  json_decref (json_val);
+  return issuer;
+}
+/**
+ * Parse a JWT and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+char *
+jwt_get_issuer_c (void *cls,
+                  const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return NULL;
+  return jwt_get_issuer (cls, cred->data, cred->data_size);
+}
+/**
+ * Parse a JWT and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+char *
+jwt_get_issuer_p (void *cls,
+                  const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return NULL;
+  return jwt_get_issuer (cls, cred->data, cred->data_size);
+}
+/**
+ * Parse a JWT and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+enum GNUNET_GenericReturnValue
+jwt_get_expiration (void *cls,
+                    const char *data,
+                    size_t data_size,
+                    struct GNUNET_TIME_Absolute *exp)
+{
+  const char *jwt_body;
+  char *jwt_string;
+  char delim[] = ".";
+  char *decoded_jwt;
+  json_t *exp_json;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
+  json_t *json_val;
+  json_error_t json_err;
+  jwt_string = GNUNET_strndup (data, data_size);
+  jwt_body = strtok (jwt_string, delim);
+  jwt_body = strtok (NULL, delim);
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
+  GNUNET_free (decoded_jwt);
+  GNUNET_free (jwt_string);
+  if (NULL == json_val)
+    return GNUNET_SYSERR;
+  exp_json = json_object_get (json_val, "exp");
+  if ((NULL == exp_json) || (! json_is_integer (exp_json)))
+  {
+    json_decref (json_val);
+    return GNUNET_SYSERR;
+  }
+  exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000;
+  json_decref (json_val);
+  return GNUNET_OK;
+}
+/**
+ * Parse a JWT and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return the expirati
+ */
+enum GNUNET_GenericReturnValue
+jwt_get_expiration_c (void *cls,
+                      const struct GNUNET_RECLAIM_Credential *cred,
+                      struct GNUNET_TIME_Absolute *exp)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return GNUNET_NO;
+  return jwt_get_expiration (cls, cred->data, cred->data_size, exp);
+}
+/**
+ * Parse a JWT and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+enum GNUNET_GenericReturnValue
+jwt_get_expiration_p (void *cls,
+                      const struct GNUNET_RECLAIM_Presentation *cred,
+                      struct GNUNET_TIME_Absolute *exp)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return GNUNET_NO;
+  return jwt_get_expiration (cls, cred->data, cred->data_size, exp);
+}
+enum GNUNET_GenericReturnValue
+jwt_create_presentation (void *cls,
+                         const struct GNUNET_RECLAIM_Credential *cred,
+                         const struct GNUNET_RECLAIM_AttributeList *attrs,
+                         struct GNUNET_RECLAIM_Presentation **presentation)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return GNUNET_NO;
+  *presentation = GNUNET_RECLAIM_presentation_new (
+    GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT,
+    cred->data,
+    cred->data_size);
+  return GNUNET_OK;
+}
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_reclaim_credential_jwt_init (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
+  api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
+  api->value_to_string = &jwt_value_to_string;
+  api->string_to_value = &jwt_string_to_value;
+  api->typename_to_number = &jwt_typename_to_number;
+  api->number_to_typename = &jwt_number_to_typename;
+  api->get_attributes = &jwt_parse_attributes_c;
+  api->get_issuer = &jwt_get_issuer_c;
+  api->get_expiration = &jwt_get_expiration_c;
+  api->value_to_string_p = &jwt_value_to_string;
+  api->string_to_value_p = &jwt_string_to_value;
+  api->typename_to_number_p = &jwt_typename_to_number;
+  api->number_to_typename_p = &jwt_number_to_typename;
+  api->get_attributes_p = &jwt_parse_attributes_p;
+  api->get_issuer_p = &jwt_get_issuer_p;
+  api->get_expiration_p = &jwt_get_expiration_p;
+  api->create_presentation = &jwt_create_presentation;
+  return api;
+}
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init()
+ * @return NULL
+ */
+void *
+libgnunet_plugin_reclaim_credential_jwt_done (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
+  GNUNET_free (api);
+  return NULL;
+}
+/* end of plugin_reclaim_credential_type_jwt.c */

diff --git a/src/plugin/reclaim/plugin_reclaim_credential_jwt.c b/src/plugin/reclaim/plugin_reclaim_credential_jwt.c new file mode 100644 index 000000000..3eb4bfebf --- /dev/null +++ b/src/plugin/reclaim/plugin_reclaim_credential_jwt.c
@@ -0,0 +1,512 @@
	1	/*
	2	This file is part of GNUnet
	3	Copyright (C) 2013, 2014, 2016 GNUnet e.V.
	4
	5	GNUnet is free software: you can redistribute it and/or modify it
	6	under the terms of the GNU Affero General Public License as published
	7	by the Free Software Foundation, either version 3 of the License,
	8	or (at your option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	Affero General Public License for more details.
	14
	15	You should have received a copy of the GNU Affero General Public License
	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
	17
	18	SPDX-License-Identifier: AGPL3.0-or-later
	19	*/
	20
	21	/**
	22	* @file reclaim/plugin_reclaim_credential_jwt.c
	23	* @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for
	24	* JWT credentials.
	25	*
	26	* @author Martin Schanzenbach
	27	*/
	28	#include "platform.h"
	29	#include "gnunet_util_lib.h"
	30	#include "gnunet_reclaim_plugin.h"
	31	#include <inttypes.h>
	32	#include <jansson.h>
	33
	34	/**
	35	* Convert the 'value' of an credential to a string.
	36	*
	37	* @param cls closure, unused
	38	* @param type type of the credential
	39	* @param data value in binary encoding
	40	* @param data_size number of bytes in @a data
	41	* @return NULL on error, otherwise human-readable representation of the value
	42	*/
	43	static char *
	44	jwt_value_to_string (void *cls,
	45	uint32_t type,
	46	const void *data,
	47	size_t data_size)
	48	{
	49	switch (type)
	50	{
	51	case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
	52	return GNUNET_strndup (data, data_size);
	53
	54	default:
	55	return NULL;
	56	}
	57	}
	58
	59
	60	/**
	61	* Convert human-readable version of a 'value' of an credential to the binary
	62	* representation.
	63	*
	64	* @param cls closure, unused
	65	* @param type type of the credential
	66	* @param s human-readable string
	67	* @param data set to value in binary encoding (will be allocated)
	68	* @param data_size set to number of bytes in @a data
	69	* @return #GNUNET_OK on success
	70	*/
	71	static int
	72	jwt_string_to_value (void *cls,
	73	uint32_t type,
	74	const char *s,
	75	void **data,
	76	size_t *data_size)
	77	{
	78	if (NULL == s)
	79	return GNUNET_SYSERR;
	80	switch (type)
	81	{
	82	case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
	83	*data = GNUNET_strdup (s);
	84	*data_size = strlen (s) + 1;
	85	return GNUNET_OK;
	86
	87	default:
	88	return GNUNET_SYSERR;
	89	}
	90	}
	91
	92
	93	/**
	94	* Mapping of credential type numbers to human-readable
	95	* credential type names.
	96	*/
	97	static struct
	98	{
	99	const char *name;
	100	uint32_t number;
	101	} jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT },
	102	{ NULL, UINT32_MAX } };
	103
	104	/**
	105	* Convert a type name to the corresponding number.
	106	*
	107	* @param cls closure, unused
	108	* @param jwt_typename name to convert
	109	* @return corresponding number, UINT32_MAX on error
	110	*/
	111	static uint32_t
	112	jwt_typename_to_number (void cls, const char jwt_typename)
	113	{
	114	unsigned int i;
	115
	116	i = 0;
	117	while ((NULL != jwt_cred_name_map[i].name) &&
	118	(0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name)))
	119	i++;
	120	return jwt_cred_name_map[i].number;
	121	}
	122
	123
	124	/**
	125	* Convert a type number to the corresponding type string (e.g. 1 to "A")
	126	*
	127	* @param cls closure, unused
	128	* @param type number of a type to convert
	129	* @return corresponding typestring, NULL on error
	130	*/
	131	static const char *
	132	jwt_number_to_typename (void *cls, uint32_t type)
	133	{
	134	unsigned int i;
	135
	136	i = 0;
	137	while ((NULL != jwt_cred_name_map[i].name) && (type !=
	138	jwt_cred_name_map[i].
	139	number))
	140	i++;
	141	return jwt_cred_name_map[i].name;
	142	}
	143
	144
	145	/**
	146	* Parse a JWT and return the respective claim value as Attribute
	147	*
	148	* @param cls the plugin
	149	* @param cred the jwt credential
	150	* @return a GNUNET_RECLAIM_Attribute, containing the new value
	151	*/
	152	struct GNUNET_RECLAIM_AttributeList *
	153	jwt_parse_attributes (void *cls,
	154	const char *data,
	155	size_t data_size)
	156	{
	157	char *jwt_string;
	158	struct GNUNET_RECLAIM_AttributeList *attrs;
	159	char delim[] = ".";
	160	char *val_str = NULL;
	161	char *decoded_jwt;
	162	char *tmp;
	163	json_t *json_val;
	164	json_error_t json_err;
	165
	166	attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
	167
	168	jwt_string = GNUNET_strndup (data, data_size);
	169	const char *jwt_body = strtok (jwt_string, delim);
	170	if (NULL == jwt_body)
	171	{
	172	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
	173	"Failed to parse JSON %s\n", jwt_string);
	174	return attrs;
	175	}
	176	jwt_body = strtok (NULL, delim);
	177	if (NULL == jwt_body)
	178	{
	179	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
	180	"Failed to parse JSON %s\n", jwt_string);
	181	GNUNET_free (jwt_string);
	182	return attrs;
	183	}
	184	GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
	185	(void **) &decoded_jwt);
	186	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt);
	187	GNUNET_assert (NULL != decoded_jwt);
	188	json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
	189	GNUNET_free (decoded_jwt);
	190	const char *key;
	191	const char *addr_key;
	192	json_t *value;
	193	json_t *addr_value;
	194
	195	json_object_foreach (json_val, key, value) {
	196	if (0 == strcmp ("iss", key))
	197	continue;
	198	if (0 == strcmp ("jti", key))
	199	continue;
	200	if (0 == strcmp ("exp", key))
	201	continue;
	202	if (0 == strcmp ("iat", key))
	203	continue;
	204	if (0 == strcmp ("nbf", key))
	205	continue;
	206	if (0 == strcmp ("aud", key))
	207	continue;
	208	if (0 == strcmp ("address", key))
	209	{
	210	if (! json_is_object (value))
	211	{
	212	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
	213	"address claim in wrong format!");
	214	continue;
	215	}
	216	json_object_foreach (value, addr_key, addr_value) {
	217	val_str = json_dumps (addr_value, JSON_ENCODE_ANY);
	218	tmp = val_str;
	219	// Remove leading " from jasson conversion
	220	if (tmp[0] == '"')
	221	tmp++;
	222	// Remove trailing " from jansson conversion
	223	if (tmp[strlen (tmp) - 1] == '"')
	224	tmp[strlen (tmp) - 1] = '\0';
	225	GNUNET_RECLAIM_attribute_list_add (attrs,
	226	addr_key,
	227	NULL,
	228	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
	229	tmp,
	230	strlen (val_str));
	231	GNUNET_free (val_str);
	232	}
	233	continue;
	234	}
	235	val_str = json_dumps (value, JSON_ENCODE_ANY);
	236	tmp = val_str;
	237	// Remove leading " from jasson conversion
	238	if (tmp[0] == '"')
	239	tmp++;
	240	// Remove trailing " from jansson conversion
	241	if (tmp[strlen (tmp) - 1] == '"')
	242	tmp[strlen (tmp) - 1] = '\0';
	243	GNUNET_RECLAIM_attribute_list_add (attrs,
	244	key,
	245	NULL,
	246	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME
	247	tmp,
	248	strlen (val_str));
	249	GNUNET_free (val_str);
	250	}
	251	json_decref (json_val);
	252	GNUNET_free (jwt_string);
	253	return attrs;
	254	}
	255
	256
	257	/**
	258	* Parse a JWT and return the respective claim value as Attribute
	259	*
	260	* @param cls the plugin
	261	* @param cred the jwt credential
	262	* @return a GNUNET_RECLAIM_Attribute, containing the new value
	263	*/
	264	struct GNUNET_RECLAIM_AttributeList *
	265	jwt_parse_attributes_c (void *cls,
	266	const struct GNUNET_RECLAIM_Credential *cred)
	267	{
	268	if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT)
	269	return NULL;
	270	return jwt_parse_attributes (cls, cred->data, cred->data_size);
	271	}
	272
	273
	274	/**
	275	* Parse a JWT and return the respective claim value as Attribute
	276	*
	277	* @param cls the plugin
	278	* @param cred the jwt credential
	279	* @return a GNUNET_RECLAIM_Attribute, containing the new value
	280	*/
	281	struct GNUNET_RECLAIM_AttributeList *
	282	jwt_parse_attributes_p (void *cls,
	283	const struct GNUNET_RECLAIM_Presentation *cred)
	284	{
	285	if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT)
	286	return NULL;
	287	return jwt_parse_attributes (cls, cred->data, cred->data_size);
	288	}
	289
	290
	291	/**
	292	* Parse a JWT and return the issuer
	293	*
	294	* @param cls the plugin
	295	* @param cred the jwt credential
	296	* @return a string, containing the isser
	297	*/
	298	char *
	299	jwt_get_issuer (void *cls,
	300	const char *data,
	301	size_t data_size)
	302	{
	303	const char *jwt_body;
	304	char *jwt_string;
	305	char delim[] = ".";
	306	char *issuer = NULL;
	307	char *decoded_jwt;
	308	json_t *issuer_json;
	309	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
	310	json_t *json_val;
	311	json_error_t json_err;
	312
	313	jwt_string = GNUNET_strndup (data, data_size);
	314	jwt_body = strtok (jwt_string, delim);
	315	jwt_body = strtok (NULL, delim);
	316	GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
	317	(void **) &decoded_jwt);
	318	json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
	319	GNUNET_free (decoded_jwt);
	320	GNUNET_free (jwt_string);
	321	if (NULL == json_val)
	322	return NULL;
	323	issuer_json = json_object_get (json_val, "iss");
	324	if ((NULL == issuer_json) \|\| (! json_is_string (issuer_json)))
	325	{
	326	json_decref (json_val);
	327	return NULL;
	328	}
	329	issuer = GNUNET_strdup (json_string_value (issuer_json));
	330	json_decref (json_val);
	331	return issuer;
	332	}
	333
	334
	335	/**
	336	* Parse a JWT and return the issuer
	337	*
	338	* @param cls the plugin
	339	* @param cred the jwt credential
	340	* @return a string, containing the isser
	341	*/
	342	char *
	343	jwt_get_issuer_c (void *cls,
	344	const struct GNUNET_RECLAIM_Credential *cred)
	345	{
	346	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	347	return NULL;
	348	return jwt_get_issuer (cls, cred->data, cred->data_size);
	349	}
	350
	351
	352	/**
	353	* Parse a JWT and return the issuer
	354	*
	355	* @param cls the plugin
	356	* @param cred the jwt credential
	357	* @return a string, containing the isser
	358	*/
	359	char *
	360	jwt_get_issuer_p (void *cls,
	361	const struct GNUNET_RECLAIM_Presentation *cred)
	362	{
	363	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	364	return NULL;
	365	return jwt_get_issuer (cls, cred->data, cred->data_size);
	366	}
	367
	368
	369	/**
	370	* Parse a JWT and return the expiration
	371	*
	372	* @param cls the plugin
	373	* @param cred the jwt credential
	374	* @return a string, containing the isser
	375	*/
	376	enum GNUNET_GenericReturnValue
	377	jwt_get_expiration (void *cls,
	378	const char *data,
	379	size_t data_size,
	380	struct GNUNET_TIME_Absolute *exp)
	381	{
	382	const char *jwt_body;
	383	char *jwt_string;
	384	char delim[] = ".";
	385	char *decoded_jwt;
	386	json_t *exp_json;
	387	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
	388	json_t *json_val;
	389	json_error_t json_err;
	390
	391	jwt_string = GNUNET_strndup (data, data_size);
	392	jwt_body = strtok (jwt_string, delim);
	393	jwt_body = strtok (NULL, delim);
	394	GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
	395	(void **) &decoded_jwt);
	396	json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
	397	GNUNET_free (decoded_jwt);
	398	GNUNET_free (jwt_string);
	399	if (NULL == json_val)
	400	return GNUNET_SYSERR;
	401	exp_json = json_object_get (json_val, "exp");
	402	if ((NULL == exp_json) \|\| (! json_is_integer (exp_json)))
	403	{
	404	json_decref (json_val);
	405	return GNUNET_SYSERR;
	406	}
	407	exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000;
	408	json_decref (json_val);
	409	return GNUNET_OK;
	410	}
	411
	412
	413	/**
	414	* Parse a JWT and return the expiration
	415	*
	416	* @param cls the plugin
	417	* @param cred the jwt credential
	418	* @return the expirati
	419	*/
	420	enum GNUNET_GenericReturnValue
	421	jwt_get_expiration_c (void *cls,
	422	const struct GNUNET_RECLAIM_Credential *cred,
	423	struct GNUNET_TIME_Absolute *exp)
	424	{
	425	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	426	return GNUNET_NO;
	427	return jwt_get_expiration (cls, cred->data, cred->data_size, exp);
	428	}
	429
	430
	431	/**
	432	* Parse a JWT and return the expiration
	433	*
	434	* @param cls the plugin
	435	* @param cred the jwt credential
	436	* @return a string, containing the isser
	437	*/
	438	enum GNUNET_GenericReturnValue
	439	jwt_get_expiration_p (void *cls,
	440	const struct GNUNET_RECLAIM_Presentation *cred,
	441	struct GNUNET_TIME_Absolute *exp)
	442	{
	443	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	444	return GNUNET_NO;
	445	return jwt_get_expiration (cls, cred->data, cred->data_size, exp);
	446	}
	447
	448
	449	enum GNUNET_GenericReturnValue
	450	jwt_create_presentation (void *cls,
	451	const struct GNUNET_RECLAIM_Credential *cred,
	452	const struct GNUNET_RECLAIM_AttributeList *attrs,
	453	struct GNUNET_RECLAIM_Presentation **presentation)
	454	{
	455	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	456	return GNUNET_NO;
	457	*presentation = GNUNET_RECLAIM_presentation_new (
	458	GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT,
	459	cred->data,
	460	cred->data_size);
	461	return GNUNET_OK;
	462	}
	463
	464
	465	/**
	466	* Entry point for the plugin.
	467	*
	468	* @param cls NULL
	469	* @return the exported block API
	470	*/
	471	void *
	472	libgnunet_plugin_reclaim_credential_jwt_init (void *cls)
	473	{
	474	struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
	475
	476	api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
	477	api->value_to_string = &jwt_value_to_string;
	478	api->string_to_value = &jwt_string_to_value;
	479	api->typename_to_number = &jwt_typename_to_number;
	480	api->number_to_typename = &jwt_number_to_typename;
	481	api->get_attributes = &jwt_parse_attributes_c;
	482	api->get_issuer = &jwt_get_issuer_c;
	483	api->get_expiration = &jwt_get_expiration_c;
	484	api->value_to_string_p = &jwt_value_to_string;
	485	api->string_to_value_p = &jwt_string_to_value;
	486	api->typename_to_number_p = &jwt_typename_to_number;
	487	api->number_to_typename_p = &jwt_number_to_typename;
	488	api->get_attributes_p = &jwt_parse_attributes_p;
	489	api->get_issuer_p = &jwt_get_issuer_p;
	490	api->get_expiration_p = &jwt_get_expiration_p;
	491	api->create_presentation = &jwt_create_presentation;
	492	return api;
	493	}
	494
	495
	496	/**
	497	* Exit point from the plugin.
	498	*
	499	* @param cls the return value from #libgnunet_plugin_block_test_init()
	500	* @return NULL
	501	*/
	502	void *
	503	libgnunet_plugin_reclaim_credential_jwt_done (void *cls)
	504	{
	505	struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
	506
	507	GNUNET_free (api);
	508	return NULL;
	509	}
	510
	511
	512	/* end of plugin_reclaim_credential_type_jwt.c */