diff options
Diffstat (limited to 'src/reclaim/jwt.c')
-rw-r--r-- | src/reclaim/jwt.c | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 9885bf467..41a3747ed 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c | |||
@@ -83,19 +83,25 @@ fix_base64(char* str) { | |||
83 | /** | 83 | /** |
84 | * Create a JWT from attributes | 84 | * Create a JWT from attributes |
85 | * | 85 | * |
86 | * @param aud_key the public of the subject | 86 | * @param aud_key the public of the audience |
87 | * @param sub_key the public key of the subject | ||
87 | * @param attrs the attribute list | 88 | * @param attrs the attribute list |
88 | * @param priv_key the key used to sign the JWT | 89 | * @param expiration_time the validity of the token |
90 | * @param secret_key the key used to sign the JWT | ||
89 | * @return a new base64-encoded JWT string. | 91 | * @return a new base64-encoded JWT string. |
90 | */ | 92 | */ |
91 | char* | 93 | char* |
92 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 94 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
93 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 95 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
94 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 96 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
97 | const struct GNUNET_TIME_Relative *expiration_time, | ||
98 | const char *nonce, | ||
95 | const char *secret_key) | 99 | const char *secret_key) |
96 | { | 100 | { |
97 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 101 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
98 | struct GNUNET_HashCode signature; | 102 | struct GNUNET_HashCode signature; |
103 | struct GNUNET_TIME_Absolute exp_time; | ||
104 | struct GNUNET_TIME_Absolute time_now; | ||
99 | char* audience; | 105 | char* audience; |
100 | char* subject; | 106 | char* subject; |
101 | char* header; | 107 | char* header; |
@@ -107,9 +113,11 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
107 | char* signature_base64; | 113 | char* signature_base64; |
108 | char* attr_val_str; | 114 | char* attr_val_str; |
109 | json_t* body; | 115 | json_t* body; |
110 | 116 | ||
111 | //exp REQUIRED time expired from config | ||
112 | //iat REQUIRED time now | 117 | //iat REQUIRED time now |
118 | time_now = GNUNET_TIME_absolute_get(); | ||
119 | //exp REQUIRED time expired from config | ||
120 | exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); | ||
113 | //auth_time only if max_age | 121 | //auth_time only if max_age |
114 | //nonce only if nonce | 122 | //nonce only if nonce |
115 | // OPTIONAL acr,amr,azp | 123 | // OPTIONAL acr,amr,azp |
@@ -130,6 +138,20 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
130 | //aud REQUIRED public key client_id must be there | 138 | //aud REQUIRED public key client_id must be there |
131 | json_object_set_new (body, | 139 | json_object_set_new (body, |
132 | "aud", json_string (audience)); | 140 | "aud", json_string (audience)); |
141 | //iat | ||
142 | json_object_set_new (body, | ||
143 | "iat", json_integer (time_now.abs_value_us)); | ||
144 | //exp | ||
145 | json_object_set_new (body, | ||
146 | "exp", json_integer (exp_time.abs_value_us)); | ||
147 | //nbf | ||
148 | json_object_set_new (body, | ||
149 | "nbf", json_integer (time_now.abs_value_us)); | ||
150 | //nonce | ||
151 | if (NULL != nonce) | ||
152 | json_object_set_new (body, | ||
153 | "nonce", json_string (nonce)); | ||
154 | |||
133 | for (le = attrs->list_head; NULL != le; le = le->next) | 155 | for (le = attrs->list_head; NULL != le; le = le->next) |
134 | { | 156 | { |
135 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 157 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, |