diff options
Diffstat (limited to 'src/reclaim/jwt.c')
| -rw-r--r-- | src/reclaim/jwt.c | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 9885bf467..41a3747ed 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c | |||
| @@ -83,19 +83,25 @@ fix_base64(char* str) { | |||
| 83 | /** | 83 | /** |
| 84 | * Create a JWT from attributes | 84 | * Create a JWT from attributes |
| 85 | * | 85 | * |
| 86 | * @param aud_key the public of the subject | 86 | * @param aud_key the public of the audience |
| 87 | * @param sub_key the public key of the subject | ||
| 87 | * @param attrs the attribute list | 88 | * @param attrs the attribute list |
| 88 | * @param priv_key the key used to sign the JWT | 89 | * @param expiration_time the validity of the token |
| 90 | * @param secret_key the key used to sign the JWT | ||
| 89 | * @return a new base64-encoded JWT string. | 91 | * @return a new base64-encoded JWT string. |
| 90 | */ | 92 | */ |
| 91 | char* | 93 | char* |
| 92 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 94 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
| 93 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 95 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
| 94 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 96 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
| 97 | const struct GNUNET_TIME_Relative *expiration_time, | ||
| 98 | const char *nonce, | ||
| 95 | const char *secret_key) | 99 | const char *secret_key) |
| 96 | { | 100 | { |
| 97 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 101 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
| 98 | struct GNUNET_HashCode signature; | 102 | struct GNUNET_HashCode signature; |
| 103 | struct GNUNET_TIME_Absolute exp_time; | ||
| 104 | struct GNUNET_TIME_Absolute time_now; | ||
| 99 | char* audience; | 105 | char* audience; |
| 100 | char* subject; | 106 | char* subject; |
| 101 | char* header; | 107 | char* header; |
| @@ -107,9 +113,11 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
| 107 | char* signature_base64; | 113 | char* signature_base64; |
| 108 | char* attr_val_str; | 114 | char* attr_val_str; |
| 109 | json_t* body; | 115 | json_t* body; |
| 110 | 116 | ||
| 111 | //exp REQUIRED time expired from config | ||
| 112 | //iat REQUIRED time now | 117 | //iat REQUIRED time now |
| 118 | time_now = GNUNET_TIME_absolute_get(); | ||
| 119 | //exp REQUIRED time expired from config | ||
| 120 | exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); | ||
| 113 | //auth_time only if max_age | 121 | //auth_time only if max_age |
| 114 | //nonce only if nonce | 122 | //nonce only if nonce |
| 115 | // OPTIONAL acr,amr,azp | 123 | // OPTIONAL acr,amr,azp |
| @@ -130,6 +138,20 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
| 130 | //aud REQUIRED public key client_id must be there | 138 | //aud REQUIRED public key client_id must be there |
| 131 | json_object_set_new (body, | 139 | json_object_set_new (body, |
| 132 | "aud", json_string (audience)); | 140 | "aud", json_string (audience)); |
| 141 | //iat | ||
| 142 | json_object_set_new (body, | ||
| 143 | "iat", json_integer (time_now.abs_value_us)); | ||
| 144 | //exp | ||
| 145 | json_object_set_new (body, | ||
| 146 | "exp", json_integer (exp_time.abs_value_us)); | ||
| 147 | //nbf | ||
| 148 | json_object_set_new (body, | ||
| 149 | "nbf", json_integer (time_now.abs_value_us)); | ||
| 150 | //nonce | ||
| 151 | if (NULL != nonce) | ||
| 152 | json_object_set_new (body, | ||
| 153 | "nonce", json_string (nonce)); | ||
| 154 | |||
| 133 | for (le = attrs->list_head; NULL != le; le = le->next) | 155 | for (le = attrs->list_head; NULL != le; le = le->next) |
| 134 | { | 156 | { |
| 135 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 157 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, |