aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/oidc_helper.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/reclaim/oidc_helper.c')
-rw-r--r--src/reclaim/oidc_helper.c110
1 files changed, 59 insertions, 51 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index eab12db33..9c7e79c41 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -62,9 +62,9 @@ struct OIDC_Parameters
62 uint32_t attr_list_len GNUNET_PACKED; 62 uint32_t attr_list_len GNUNET_PACKED;
63 63
64 /** 64 /**
65 * The length of the attestation list 65 * The length of the presentation list
66 */ 66 */
67 uint32_t attest_list_len GNUNET_PACKED; 67 uint32_t pres_list_len GNUNET_PACKED;
68}; 68};
69 69
70GNUNET_NETWORK_STRUCT_END 70GNUNET_NETWORK_STRUCT_END
@@ -157,24 +157,24 @@ fix_base64 (char *str)
157static json_t* 157static json_t*
158generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, 158generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
159 struct GNUNET_RECLAIM_AttributeList *attrs, 159 struct GNUNET_RECLAIM_AttributeList *attrs,
160 struct GNUNET_RECLAIM_AttestationList *attests) 160 struct GNUNET_RECLAIM_PresentationList *presentations)
161{ 161{
162 struct GNUNET_RECLAIM_AttributeListEntry *le; 162 struct GNUNET_RECLAIM_AttributeListEntry *le;
163 struct GNUNET_RECLAIM_AttestationListEntry *ale; 163 struct GNUNET_RECLAIM_PresentationListEntry *ple;
164 char *subject; 164 char *subject;
165 char *source_name; 165 char *source_name;
166 char *attr_val_str; 166 char *attr_val_str;
167 char *attest_val_str; 167 char *pres_val_str;
168 json_t *body; 168 json_t *body;
169 json_t *aggr_names; 169 json_t *aggr_names;
170 json_t *aggr_sources; 170 json_t *aggr_sources;
171 json_t *aggr_sources_jwt; 171 json_t *aggr_sources_jwt;
172 json_t *addr_claim = NULL; 172 json_t *addr_claim = NULL;
173 int num_attestations = 0; 173 int num_presentations = 0;
174 for (le = attrs->list_head; NULL != le; le = le->next) 174 for (le = attrs->list_head; NULL != le; le = le->next)
175 { 175 {
176 if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) 176 if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential))
177 num_attestations++; 177 num_presentations++;
178 } 178 }
179 179
180 subject = 180 subject =
@@ -191,23 +191,25 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
191 json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); 191 json_object_set_new (body, "iss", json_string (SERVER_ADDRESS));
192 // sub REQUIRED public key identity, not exceed 255 ASCII length 192 // sub REQUIRED public key identity, not exceed 255 ASCII length
193 json_object_set_new (body, "sub", json_string (subject)); 193 json_object_set_new (body, "sub", json_string (subject));
194 attest_val_str = NULL; 194 pres_val_str = NULL;
195 source_name = NULL; 195 source_name = NULL;
196 int i = 0; 196 int i = 0;
197 for (ale = attests->list_head; NULL != ale; ale = ale->next) 197 for (ple = presentations->list_head; NULL != ple; ple = ple->next)
198 { 198 {
199 // New Attestation 199 // New presentation
200 GNUNET_asprintf (&source_name, 200 GNUNET_asprintf (&source_name,
201 "src%d", 201 "src%d",
202 i); 202 i);
203 aggr_sources_jwt = json_object (); 203 aggr_sources_jwt = json_object ();
204 attest_val_str = 204 pres_val_str =
205 GNUNET_RECLAIM_attestation_value_to_string (ale->attestation->type, 205 GNUNET_RECLAIM_presentation_value_to_string (ple->presentation->type,
206 ale->attestation->data, 206 ple->presentation->data,
207 ale->attestation->data_size); 207 ple->presentation->data_size);
208 json_object_set_new (aggr_sources_jwt, "JWT", 208 json_object_set_new (aggr_sources_jwt,
209 json_string (attest_val_str) ); 209 GNUNET_RECLAIM_presentation_number_to_typename (ple->presentation->type),
210 json_string (pres_val_str) );
210 json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); 211 json_object_set_new (aggr_sources, source_name, aggr_sources_jwt);
212 GNUNET_free (pres_val_str);
211 GNUNET_free (source_name); 213 GNUNET_free (source_name);
212 source_name = NULL; 214 source_name = NULL;
213 i++; 215 i++;
@@ -216,7 +218,7 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
216 for (le = attrs->list_head; NULL != le; le = le->next) 218 for (le = attrs->list_head; NULL != le; le = le->next)
217 { 219 {
218 220
219 if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) 221 if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential))
220 { 222 {
221 223
222 attr_val_str = 224 attr_val_str =
@@ -247,18 +249,24 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
247 } 249 }
248 else 250 else
249 { 251 {
250 // Check if attest is there 252 // Check if presentation is there
251 int j = 0; 253 int j = 0;
252 for (ale = attests->list_head; NULL != ale; ale = ale->next) 254 for (ple = presentations->list_head; NULL != ple; ple = ple->next)
253 { 255 {
254 if (GNUNET_YES == 256 if (GNUNET_YES ==
255 GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, 257 GNUNET_RECLAIM_id_is_equal (&ple->presentation->credential_id,
256 &le->attribute->attestation)) 258 &le->attribute->credential))
257 break; 259 break;
258 j++; 260 j++;
259 } 261 }
260 GNUNET_assert (NULL != ale); 262 if (NULL == ple)
261 // Attestation is existing, hence take the respective source str 263 {
264 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
265 "Presentation for `%s' missing...\n",
266 le->attribute->name);
267 continue;
268 }
269 // Presentation exists, hence take the respective source str
262 GNUNET_asprintf (&source_name, 270 GNUNET_asprintf (&source_name,
263 "src%d", 271 "src%d",
264 j); 272 j);
@@ -269,9 +277,6 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
269 } 277 }
270 if (NULL != addr_claim) 278 if (NULL != addr_claim)
271 json_object_set_new (body, "address", addr_claim); 279 json_object_set_new (body, "address", addr_claim);
272
273 if (NULL != attest_val_str)
274 GNUNET_free (attest_val_str);
275 if (0 != i) 280 if (0 != i)
276 { 281 {
277 json_object_set_new (body, "_claim_names", aggr_names); 282 json_object_set_new (body, "_claim_names", aggr_names);
@@ -286,18 +291,18 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
286 * 291 *
287 * @param sub_key the subject (user) 292 * @param sub_key the subject (user)
288 * @param attrs user attribute list 293 * @param attrs user attribute list
289 * @param attests user attribute attestation list (may be empty) 294 * @param presentations credential presentation list (may be empty)
290 * @return Userinfo JSON 295 * @return Userinfo JSON
291 */ 296 */
292char * 297char *
293OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, 298OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
294 struct GNUNET_RECLAIM_AttributeList *attrs, 299 struct GNUNET_RECLAIM_AttributeList *attrs,
295 struct GNUNET_RECLAIM_AttestationList *attests) 300 struct GNUNET_RECLAIM_PresentationList *presentations)
296{ 301{
297 char *body_str; 302 char *body_str;
298 json_t* body = generate_userinfo_json (sub_key, 303 json_t* body = generate_userinfo_json (sub_key,
299 attrs, 304 attrs,
300 attests); 305 presentations);
301 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); 306 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
302 json_decref (body); 307 json_decref (body);
303 return body_str; 308 return body_str;
@@ -310,6 +315,7 @@ OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
310 * @param aud_key the public of the audience 315 * @param aud_key the public of the audience
311 * @param sub_key the public key of the subject 316 * @param sub_key the public key of the subject
312 * @param attrs the attribute list 317 * @param attrs the attribute list
318 * @param presentations credential presentation list (may be empty)
313 * @param expiration_time the validity of the token 319 * @param expiration_time the validity of the token
314 * @param secret_key the key used to sign the JWT 320 * @param secret_key the key used to sign the JWT
315 * @return a new base64-encoded JWT string. 321 * @return a new base64-encoded JWT string.
@@ -318,7 +324,7 @@ char *
318OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, 324OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
319 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, 325 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
320 struct GNUNET_RECLAIM_AttributeList *attrs, 326 struct GNUNET_RECLAIM_AttributeList *attrs,
321 struct GNUNET_RECLAIM_AttestationList *attests, 327 struct GNUNET_RECLAIM_PresentationList *presentations,
322 const struct GNUNET_TIME_Relative *expiration_time, 328 const struct GNUNET_TIME_Relative *expiration_time,
323 const char *nonce, 329 const char *nonce,
324 const char *secret_key) 330 const char *secret_key)
@@ -339,7 +345,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
339 345
340 body = generate_userinfo_json (sub_key, 346 body = generate_userinfo_json (sub_key,
341 attrs, 347 attrs,
342 attests); 348 presentations);
343 // iat REQUIRED time now 349 // iat REQUIRED time now
344 time_now = GNUNET_TIME_absolute_get (); 350 time_now = GNUNET_TIME_absolute_get ();
345 // exp REQUIRED time expired from config 351 // exp REQUIRED time expired from config
@@ -426,6 +432,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
426 * @param issuer the issuer of the ticket, used to sign the ticket and nonce 432 * @param issuer the issuer of the ticket, used to sign the ticket and nonce
427 * @param ticket the ticket to include in the code 433 * @param ticket the ticket to include in the code
428 * @param attrs list of attributes which are shared 434 * @param attrs list of attributes which are shared
435 * @param presentations credential presentation list (may be empty)
429 * @param nonce the nonce to include in the code 436 * @param nonce the nonce to include in the code
430 * @param code_challenge PKCE code challenge 437 * @param code_challenge PKCE code challenge
431 * @return a new authorization code (caller must free) 438 * @return a new authorization code (caller must free)
@@ -434,7 +441,7 @@ char *
434OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, 441OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
435 const struct GNUNET_RECLAIM_Ticket *ticket, 442 const struct GNUNET_RECLAIM_Ticket *ticket,
436 struct GNUNET_RECLAIM_AttributeList *attrs, 443 struct GNUNET_RECLAIM_AttributeList *attrs,
437 struct GNUNET_RECLAIM_AttestationList *attests, 444 struct GNUNET_RECLAIM_PresentationList *presentations,
438 const char *nonce_str, 445 const char *nonce_str,
439 const char *code_challenge) 446 const char *code_challenge)
440{ 447{
@@ -447,7 +454,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
447 size_t payload_len; 454 size_t payload_len;
448 size_t code_payload_len; 455 size_t code_payload_len;
449 size_t attr_list_len = 0; 456 size_t attr_list_len = 0;
450 size_t attests_list_len = 0; 457 size_t pres_list_len = 0;
451 size_t code_challenge_len = 0; 458 size_t code_challenge_len = 0;
452 uint32_t nonce_len = 0; 459 uint32_t nonce_len = 0;
453 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; 460 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
@@ -481,17 +488,17 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
481 // Get serialized attributes 488 // Get serialized attributes
482 payload_len += attr_list_len; 489 payload_len += attr_list_len;
483 } 490 }
484 if (NULL != attests) 491 if (NULL != presentations)
485 { 492 {
486 // Get length 493 // Get length
487 attests_list_len = 494 pres_list_len =
488 GNUNET_RECLAIM_attestation_list_serialize_get_size (attests); 495 GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations);
489 params.attest_list_len = htonl (attests_list_len); 496 params.pres_list_len = htonl (pres_list_len);
490 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 497 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
491 "Length of serialized attestations: %lu\n", 498 "Length of serialized presentations: %lu\n",
492 attests_list_len); 499 pres_list_len);
493 // Get serialized attributes 500 // Get serialized attributes
494 payload_len += attests_list_len; 501 payload_len += pres_list_len;
495 } 502 }
496 503
497 // Get plaintext length 504 // Get plaintext length
@@ -510,8 +517,8 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
510 } 517 }
511 if (0 < attr_list_len) 518 if (0 < attr_list_len)
512 GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); 519 GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp);
513 if (0 < attests_list_len) 520 if (0 < pres_list_len)
514 GNUNET_RECLAIM_attestation_list_serialize (attests, tmp); 521 GNUNET_RECLAIM_presentation_list_serialize (presentations, tmp);
515 522
516 /** END **/ 523 /** END **/
517 524
@@ -564,7 +571,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
564 * if used in request. 571 * if used in request.
565 * @param ticket where to store the ticket 572 * @param ticket where to store the ticket
566 * @param attrs the attributes in the code 573 * @param attrs the attributes in the code
567 * @param attests the attestations in the code (if any) 574 * @param presentations credential presentation list
568 * @param nonce_str where to store the nonce (if contained) 575 * @param nonce_str where to store the nonce (if contained)
569 * @return GNUNET_OK if successful, else GNUNET_SYSERR 576 * @return GNUNET_OK if successful, else GNUNET_SYSERR
570 */ 577 */
@@ -574,14 +581,14 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
574 const char *code_verifier, 581 const char *code_verifier,
575 struct GNUNET_RECLAIM_Ticket *ticket, 582 struct GNUNET_RECLAIM_Ticket *ticket,
576 struct GNUNET_RECLAIM_AttributeList **attrs, 583 struct GNUNET_RECLAIM_AttributeList **attrs,
577 struct GNUNET_RECLAIM_AttestationList **attests, 584 struct GNUNET_RECLAIM_PresentationList **presentations,
578 char **nonce_str) 585 char **nonce_str)
579{ 586{
580 char *code_payload; 587 char *code_payload;
581 char *ptr; 588 char *ptr;
582 char *plaintext; 589 char *plaintext;
583 char *attrs_ser; 590 char *attrs_ser;
584 char *attests_ser; 591 char *presentations_ser;
585 char *expected_code_challenge; 592 char *expected_code_challenge;
586 char *code_challenge; 593 char *code_challenge;
587 char *code_verifier_hash; 594 char *code_verifier_hash;
@@ -589,7 +596,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
589 struct GNUNET_CRYPTO_EcdsaSignature *signature; 596 struct GNUNET_CRYPTO_EcdsaSignature *signature;
590 uint32_t code_challenge_len; 597 uint32_t code_challenge_len;
591 uint32_t attrs_ser_len; 598 uint32_t attrs_ser_len;
592 uint32_t attests_ser_len; 599 uint32_t presentations_ser_len;
593 size_t plaintext_len; 600 size_t plaintext_len;
594 size_t code_payload_len; 601 size_t code_payload_len;
595 uint32_t nonce_len = 0; 602 uint32_t nonce_len = 0;
@@ -692,10 +699,11 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
692 attrs_ser = ((char *) &params[1]) + code_challenge_len + nonce_len; 699 attrs_ser = ((char *) &params[1]) + code_challenge_len + nonce_len;
693 attrs_ser_len = ntohl (params->attr_list_len); 700 attrs_ser_len = ntohl (params->attr_list_len);
694 *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); 701 *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len);
695 attests_ser = ((char*) attrs_ser) + attrs_ser_len; 702 presentations_ser = ((char*) attrs_ser) + attrs_ser_len;
696 attests_ser_len = ntohl (params->attest_list_len); 703 pres_ser_len = ntohl (params->pres_list_len);
697 *attests = GNUNET_RECLAIM_attestation_list_deserialize (attests_ser, 704 *presentations =
698 attests_ser_len); 705 GNUNET_RECLAIM_presentations_list_deserialize (presentations_ser,
706 pres_ser_len);
699 707
700 GNUNET_free (code_payload); 708 GNUNET_free (code_payload);
701 return GNUNET_OK; 709 return GNUNET_OK;