diff options
Diffstat (limited to 'src/reclaim/oidc_helper.c')
-rw-r--r-- | src/reclaim/oidc_helper.c | 110 |
1 files changed, 59 insertions, 51 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index eab12db33..9c7e79c41 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -62,9 +62,9 @@ struct OIDC_Parameters | |||
62 | uint32_t attr_list_len GNUNET_PACKED; | 62 | uint32_t attr_list_len GNUNET_PACKED; |
63 | 63 | ||
64 | /** | 64 | /** |
65 | * The length of the attestation list | 65 | * The length of the presentation list |
66 | */ | 66 | */ |
67 | uint32_t attest_list_len GNUNET_PACKED; | 67 | uint32_t pres_list_len GNUNET_PACKED; |
68 | }; | 68 | }; |
69 | 69 | ||
70 | GNUNET_NETWORK_STRUCT_END | 70 | GNUNET_NETWORK_STRUCT_END |
@@ -157,24 +157,24 @@ fix_base64 (char *str) | |||
157 | static json_t* | 157 | static json_t* |
158 | generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 158 | generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
159 | struct GNUNET_RECLAIM_AttributeList *attrs, | 159 | struct GNUNET_RECLAIM_AttributeList *attrs, |
160 | struct GNUNET_RECLAIM_AttestationList *attests) | 160 | struct GNUNET_RECLAIM_PresentationList *presentations) |
161 | { | 161 | { |
162 | struct GNUNET_RECLAIM_AttributeListEntry *le; | 162 | struct GNUNET_RECLAIM_AttributeListEntry *le; |
163 | struct GNUNET_RECLAIM_AttestationListEntry *ale; | 163 | struct GNUNET_RECLAIM_PresentationListEntry *ple; |
164 | char *subject; | 164 | char *subject; |
165 | char *source_name; | 165 | char *source_name; |
166 | char *attr_val_str; | 166 | char *attr_val_str; |
167 | char *attest_val_str; | 167 | char *pres_val_str; |
168 | json_t *body; | 168 | json_t *body; |
169 | json_t *aggr_names; | 169 | json_t *aggr_names; |
170 | json_t *aggr_sources; | 170 | json_t *aggr_sources; |
171 | json_t *aggr_sources_jwt; | 171 | json_t *aggr_sources_jwt; |
172 | json_t *addr_claim = NULL; | 172 | json_t *addr_claim = NULL; |
173 | int num_attestations = 0; | 173 | int num_presentations = 0; |
174 | for (le = attrs->list_head; NULL != le; le = le->next) | 174 | for (le = attrs->list_head; NULL != le; le = le->next) |
175 | { | 175 | { |
176 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) | 176 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) |
177 | num_attestations++; | 177 | num_presentations++; |
178 | } | 178 | } |
179 | 179 | ||
180 | subject = | 180 | subject = |
@@ -191,23 +191,25 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | |||
191 | json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); | 191 | json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); |
192 | // sub REQUIRED public key identity, not exceed 255 ASCII length | 192 | // sub REQUIRED public key identity, not exceed 255 ASCII length |
193 | json_object_set_new (body, "sub", json_string (subject)); | 193 | json_object_set_new (body, "sub", json_string (subject)); |
194 | attest_val_str = NULL; | 194 | pres_val_str = NULL; |
195 | source_name = NULL; | 195 | source_name = NULL; |
196 | int i = 0; | 196 | int i = 0; |
197 | for (ale = attests->list_head; NULL != ale; ale = ale->next) | 197 | for (ple = presentations->list_head; NULL != ple; ple = ple->next) |
198 | { | 198 | { |
199 | // New Attestation | 199 | // New presentation |
200 | GNUNET_asprintf (&source_name, | 200 | GNUNET_asprintf (&source_name, |
201 | "src%d", | 201 | "src%d", |
202 | i); | 202 | i); |
203 | aggr_sources_jwt = json_object (); | 203 | aggr_sources_jwt = json_object (); |
204 | attest_val_str = | 204 | pres_val_str = |
205 | GNUNET_RECLAIM_attestation_value_to_string (ale->attestation->type, | 205 | GNUNET_RECLAIM_presentation_value_to_string (ple->presentation->type, |
206 | ale->attestation->data, | 206 | ple->presentation->data, |
207 | ale->attestation->data_size); | 207 | ple->presentation->data_size); |
208 | json_object_set_new (aggr_sources_jwt, "JWT", | 208 | json_object_set_new (aggr_sources_jwt, |
209 | json_string (attest_val_str) ); | 209 | GNUNET_RECLAIM_presentation_number_to_typename (ple->presentation->type), |
210 | json_string (pres_val_str) ); | ||
210 | json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); | 211 | json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); |
212 | GNUNET_free (pres_val_str); | ||
211 | GNUNET_free (source_name); | 213 | GNUNET_free (source_name); |
212 | source_name = NULL; | 214 | source_name = NULL; |
213 | i++; | 215 | i++; |
@@ -216,7 +218,7 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | |||
216 | for (le = attrs->list_head; NULL != le; le = le->next) | 218 | for (le = attrs->list_head; NULL != le; le = le->next) |
217 | { | 219 | { |
218 | 220 | ||
219 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) | 221 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) |
220 | { | 222 | { |
221 | 223 | ||
222 | attr_val_str = | 224 | attr_val_str = |
@@ -247,18 +249,24 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | |||
247 | } | 249 | } |
248 | else | 250 | else |
249 | { | 251 | { |
250 | // Check if attest is there | 252 | // Check if presentation is there |
251 | int j = 0; | 253 | int j = 0; |
252 | for (ale = attests->list_head; NULL != ale; ale = ale->next) | 254 | for (ple = presentations->list_head; NULL != ple; ple = ple->next) |
253 | { | 255 | { |
254 | if (GNUNET_YES == | 256 | if (GNUNET_YES == |
255 | GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, | 257 | GNUNET_RECLAIM_id_is_equal (&ple->presentation->credential_id, |
256 | &le->attribute->attestation)) | 258 | &le->attribute->credential)) |
257 | break; | 259 | break; |
258 | j++; | 260 | j++; |
259 | } | 261 | } |
260 | GNUNET_assert (NULL != ale); | 262 | if (NULL == ple) |
261 | // Attestation is existing, hence take the respective source str | 263 | { |
264 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
265 | "Presentation for `%s' missing...\n", | ||
266 | le->attribute->name); | ||
267 | continue; | ||
268 | } | ||
269 | // Presentation exists, hence take the respective source str | ||
262 | GNUNET_asprintf (&source_name, | 270 | GNUNET_asprintf (&source_name, |
263 | "src%d", | 271 | "src%d", |
264 | j); | 272 | j); |
@@ -269,9 +277,6 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | |||
269 | } | 277 | } |
270 | if (NULL != addr_claim) | 278 | if (NULL != addr_claim) |
271 | json_object_set_new (body, "address", addr_claim); | 279 | json_object_set_new (body, "address", addr_claim); |
272 | |||
273 | if (NULL != attest_val_str) | ||
274 | GNUNET_free (attest_val_str); | ||
275 | if (0 != i) | 280 | if (0 != i) |
276 | { | 281 | { |
277 | json_object_set_new (body, "_claim_names", aggr_names); | 282 | json_object_set_new (body, "_claim_names", aggr_names); |
@@ -286,18 +291,18 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | |||
286 | * | 291 | * |
287 | * @param sub_key the subject (user) | 292 | * @param sub_key the subject (user) |
288 | * @param attrs user attribute list | 293 | * @param attrs user attribute list |
289 | * @param attests user attribute attestation list (may be empty) | 294 | * @param presentations credential presentation list (may be empty) |
290 | * @return Userinfo JSON | 295 | * @return Userinfo JSON |
291 | */ | 296 | */ |
292 | char * | 297 | char * |
293 | OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 298 | OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
294 | struct GNUNET_RECLAIM_AttributeList *attrs, | 299 | struct GNUNET_RECLAIM_AttributeList *attrs, |
295 | struct GNUNET_RECLAIM_AttestationList *attests) | 300 | struct GNUNET_RECLAIM_PresentationList *presentations) |
296 | { | 301 | { |
297 | char *body_str; | 302 | char *body_str; |
298 | json_t* body = generate_userinfo_json (sub_key, | 303 | json_t* body = generate_userinfo_json (sub_key, |
299 | attrs, | 304 | attrs, |
300 | attests); | 305 | presentations); |
301 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); | 306 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); |
302 | json_decref (body); | 307 | json_decref (body); |
303 | return body_str; | 308 | return body_str; |
@@ -310,6 +315,7 @@ OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | |||
310 | * @param aud_key the public of the audience | 315 | * @param aud_key the public of the audience |
311 | * @param sub_key the public key of the subject | 316 | * @param sub_key the public key of the subject |
312 | * @param attrs the attribute list | 317 | * @param attrs the attribute list |
318 | * @param presentations credential presentation list (may be empty) | ||
313 | * @param expiration_time the validity of the token | 319 | * @param expiration_time the validity of the token |
314 | * @param secret_key the key used to sign the JWT | 320 | * @param secret_key the key used to sign the JWT |
315 | * @return a new base64-encoded JWT string. | 321 | * @return a new base64-encoded JWT string. |
@@ -318,7 +324,7 @@ char * | |||
318 | OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 324 | OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
319 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 325 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
320 | struct GNUNET_RECLAIM_AttributeList *attrs, | 326 | struct GNUNET_RECLAIM_AttributeList *attrs, |
321 | struct GNUNET_RECLAIM_AttestationList *attests, | 327 | struct GNUNET_RECLAIM_PresentationList *presentations, |
322 | const struct GNUNET_TIME_Relative *expiration_time, | 328 | const struct GNUNET_TIME_Relative *expiration_time, |
323 | const char *nonce, | 329 | const char *nonce, |
324 | const char *secret_key) | 330 | const char *secret_key) |
@@ -339,7 +345,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
339 | 345 | ||
340 | body = generate_userinfo_json (sub_key, | 346 | body = generate_userinfo_json (sub_key, |
341 | attrs, | 347 | attrs, |
342 | attests); | 348 | presentations); |
343 | // iat REQUIRED time now | 349 | // iat REQUIRED time now |
344 | time_now = GNUNET_TIME_absolute_get (); | 350 | time_now = GNUNET_TIME_absolute_get (); |
345 | // exp REQUIRED time expired from config | 351 | // exp REQUIRED time expired from config |
@@ -426,6 +432,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
426 | * @param issuer the issuer of the ticket, used to sign the ticket and nonce | 432 | * @param issuer the issuer of the ticket, used to sign the ticket and nonce |
427 | * @param ticket the ticket to include in the code | 433 | * @param ticket the ticket to include in the code |
428 | * @param attrs list of attributes which are shared | 434 | * @param attrs list of attributes which are shared |
435 | * @param presentations credential presentation list (may be empty) | ||
429 | * @param nonce the nonce to include in the code | 436 | * @param nonce the nonce to include in the code |
430 | * @param code_challenge PKCE code challenge | 437 | * @param code_challenge PKCE code challenge |
431 | * @return a new authorization code (caller must free) | 438 | * @return a new authorization code (caller must free) |
@@ -434,7 +441,7 @@ char * | |||
434 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | 441 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, |
435 | const struct GNUNET_RECLAIM_Ticket *ticket, | 442 | const struct GNUNET_RECLAIM_Ticket *ticket, |
436 | struct GNUNET_RECLAIM_AttributeList *attrs, | 443 | struct GNUNET_RECLAIM_AttributeList *attrs, |
437 | struct GNUNET_RECLAIM_AttestationList *attests, | 444 | struct GNUNET_RECLAIM_PresentationList *presentations, |
438 | const char *nonce_str, | 445 | const char *nonce_str, |
439 | const char *code_challenge) | 446 | const char *code_challenge) |
440 | { | 447 | { |
@@ -447,7 +454,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
447 | size_t payload_len; | 454 | size_t payload_len; |
448 | size_t code_payload_len; | 455 | size_t code_payload_len; |
449 | size_t attr_list_len = 0; | 456 | size_t attr_list_len = 0; |
450 | size_t attests_list_len = 0; | 457 | size_t pres_list_len = 0; |
451 | size_t code_challenge_len = 0; | 458 | size_t code_challenge_len = 0; |
452 | uint32_t nonce_len = 0; | 459 | uint32_t nonce_len = 0; |
453 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 460 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
@@ -481,17 +488,17 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
481 | // Get serialized attributes | 488 | // Get serialized attributes |
482 | payload_len += attr_list_len; | 489 | payload_len += attr_list_len; |
483 | } | 490 | } |
484 | if (NULL != attests) | 491 | if (NULL != presentations) |
485 | { | 492 | { |
486 | // Get length | 493 | // Get length |
487 | attests_list_len = | 494 | pres_list_len = |
488 | GNUNET_RECLAIM_attestation_list_serialize_get_size (attests); | 495 | GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations); |
489 | params.attest_list_len = htonl (attests_list_len); | 496 | params.pres_list_len = htonl (pres_list_len); |
490 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 497 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
491 | "Length of serialized attestations: %lu\n", | 498 | "Length of serialized presentations: %lu\n", |
492 | attests_list_len); | 499 | pres_list_len); |
493 | // Get serialized attributes | 500 | // Get serialized attributes |
494 | payload_len += attests_list_len; | 501 | payload_len += pres_list_len; |
495 | } | 502 | } |
496 | 503 | ||
497 | // Get plaintext length | 504 | // Get plaintext length |
@@ -510,8 +517,8 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
510 | } | 517 | } |
511 | if (0 < attr_list_len) | 518 | if (0 < attr_list_len) |
512 | GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); | 519 | GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); |
513 | if (0 < attests_list_len) | 520 | if (0 < pres_list_len) |
514 | GNUNET_RECLAIM_attestation_list_serialize (attests, tmp); | 521 | GNUNET_RECLAIM_presentation_list_serialize (presentations, tmp); |
515 | 522 | ||
516 | /** END **/ | 523 | /** END **/ |
517 | 524 | ||
@@ -564,7 +571,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
564 | * if used in request. | 571 | * if used in request. |
565 | * @param ticket where to store the ticket | 572 | * @param ticket where to store the ticket |
566 | * @param attrs the attributes in the code | 573 | * @param attrs the attributes in the code |
567 | * @param attests the attestations in the code (if any) | 574 | * @param presentations credential presentation list |
568 | * @param nonce_str where to store the nonce (if contained) | 575 | * @param nonce_str where to store the nonce (if contained) |
569 | * @return GNUNET_OK if successful, else GNUNET_SYSERR | 576 | * @return GNUNET_OK if successful, else GNUNET_SYSERR |
570 | */ | 577 | */ |
@@ -574,14 +581,14 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, | |||
574 | const char *code_verifier, | 581 | const char *code_verifier, |
575 | struct GNUNET_RECLAIM_Ticket *ticket, | 582 | struct GNUNET_RECLAIM_Ticket *ticket, |
576 | struct GNUNET_RECLAIM_AttributeList **attrs, | 583 | struct GNUNET_RECLAIM_AttributeList **attrs, |
577 | struct GNUNET_RECLAIM_AttestationList **attests, | 584 | struct GNUNET_RECLAIM_PresentationList **presentations, |
578 | char **nonce_str) | 585 | char **nonce_str) |
579 | { | 586 | { |
580 | char *code_payload; | 587 | char *code_payload; |
581 | char *ptr; | 588 | char *ptr; |
582 | char *plaintext; | 589 | char *plaintext; |
583 | char *attrs_ser; | 590 | char *attrs_ser; |
584 | char *attests_ser; | 591 | char *presentations_ser; |
585 | char *expected_code_challenge; | 592 | char *expected_code_challenge; |
586 | char *code_challenge; | 593 | char *code_challenge; |
587 | char *code_verifier_hash; | 594 | char *code_verifier_hash; |
@@ -589,7 +596,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, | |||
589 | struct GNUNET_CRYPTO_EcdsaSignature *signature; | 596 | struct GNUNET_CRYPTO_EcdsaSignature *signature; |
590 | uint32_t code_challenge_len; | 597 | uint32_t code_challenge_len; |
591 | uint32_t attrs_ser_len; | 598 | uint32_t attrs_ser_len; |
592 | uint32_t attests_ser_len; | 599 | uint32_t presentations_ser_len; |
593 | size_t plaintext_len; | 600 | size_t plaintext_len; |
594 | size_t code_payload_len; | 601 | size_t code_payload_len; |
595 | uint32_t nonce_len = 0; | 602 | uint32_t nonce_len = 0; |
@@ -692,10 +699,11 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, | |||
692 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len + nonce_len; | 699 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len + nonce_len; |
693 | attrs_ser_len = ntohl (params->attr_list_len); | 700 | attrs_ser_len = ntohl (params->attr_list_len); |
694 | *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); | 701 | *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); |
695 | attests_ser = ((char*) attrs_ser) + attrs_ser_len; | 702 | presentations_ser = ((char*) attrs_ser) + attrs_ser_len; |
696 | attests_ser_len = ntohl (params->attest_list_len); | 703 | pres_ser_len = ntohl (params->pres_list_len); |
697 | *attests = GNUNET_RECLAIM_attestation_list_deserialize (attests_ser, | 704 | *presentations = |
698 | attests_ser_len); | 705 | GNUNET_RECLAIM_presentations_list_deserialize (presentations_ser, |
706 | pres_ser_len); | ||
699 | 707 | ||
700 | GNUNET_free (code_payload); | 708 | GNUNET_free (code_payload); |
701 | return GNUNET_OK; | 709 | return GNUNET_OK; |