diff options
Diffstat (limited to 'src/reclaim/oidc_helper.c')
-rw-r--r-- | src/reclaim/oidc_helper.c | 126 |
1 files changed, 118 insertions, 8 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 1c3d65f35..2ce462854 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -118,7 +118,7 @@ fix_base64 (char *str) | |||
118 | char * | 118 | char * |
119 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 119 | OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
120 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 120 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
121 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 121 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
122 | const struct GNUNET_TIME_Relative *expiration_time, | 122 | const struct GNUNET_TIME_Relative *expiration_time, |
123 | const char *nonce, | 123 | const char *nonce, |
124 | const char *secret_key) | 124 | const char *secret_key) |
@@ -131,13 +131,22 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
131 | char *subject; | 131 | char *subject; |
132 | char *header; | 132 | char *header; |
133 | char *body_str; | 133 | char *body_str; |
134 | char *aggr_names_str; | ||
135 | char *aggr_sources_str; | ||
136 | char *aggr_sources_jwt_str; | ||
137 | char *source_name; | ||
134 | char *result; | 138 | char *result; |
135 | char *header_base64; | 139 | char *header_base64; |
136 | char *body_base64; | 140 | char *body_base64; |
137 | char *signature_target; | 141 | char *signature_target; |
138 | char *signature_base64; | 142 | char *signature_base64; |
139 | char *attr_val_str; | 143 | char *attr_val_str; |
144 | char *attest_val_str; | ||
140 | json_t *body; | 145 | json_t *body; |
146 | json_t *aggr_names; | ||
147 | json_t *aggr_sources; | ||
148 | json_t *aggr_sources_jwt; | ||
149 | uint64_t attest_arr[GNUNET_RECLAIM_ATTRIBUTE_list_count_attest (attrs)]; | ||
141 | 150 | ||
142 | // iat REQUIRED time now | 151 | // iat REQUIRED time now |
143 | time_now = GNUNET_TIME_absolute_get (); | 152 | time_now = GNUNET_TIME_absolute_get (); |
@@ -156,6 +165,8 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
156 | GNUNET_CRYPTO_EcdsaPublicKey)); | 165 | GNUNET_CRYPTO_EcdsaPublicKey)); |
157 | header = create_jwt_header (); | 166 | header = create_jwt_header (); |
158 | body = json_object (); | 167 | body = json_object (); |
168 | aggr_names = json_object (); | ||
169 | aggr_sources = json_object (); | ||
159 | 170 | ||
160 | // iss REQUIRED case sensitive server uri with https | 171 | // iss REQUIRED case sensitive server uri with https |
161 | // The issuer is the local reclaim instance (e.g. | 172 | // The issuer is the local reclaim instance (e.g. |
@@ -180,18 +191,111 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
180 | // nonce | 191 | // nonce |
181 | if (NULL != nonce) | 192 | if (NULL != nonce) |
182 | json_object_set_new (body, "nonce", json_string (nonce)); | 193 | json_object_set_new (body, "nonce", json_string (nonce)); |
183 | 194 | int i = 0; | |
195 | attest_val_str = NULL; | ||
196 | aggr_names_str = NULL; | ||
197 | aggr_sources_str = NULL; | ||
198 | aggr_sources_jwt_str = NULL; | ||
199 | source_name = NULL; | ||
184 | for (le = attrs->list_head; NULL != le; le = le->next) | 200 | for (le = attrs->list_head; NULL != le; le = le->next) |
185 | { | 201 | { |
186 | attr_val_str = | 202 | |
187 | GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 203 | if (le->claim != NULL) |
188 | le->claim->data, | 204 | { |
189 | le->claim->data_size); | 205 | |
190 | json_object_set_new (body, le->claim->name, json_string (attr_val_str)); | 206 | attr_val_str = |
191 | GNUNET_free (attr_val_str); | 207 | GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, |
208 | le->claim->data, | ||
209 | le->claim->data_size); | ||
210 | json_object_set_new (body, le->claim->name, json_string (attr_val_str)); | ||
211 | GNUNET_free (attr_val_str); | ||
212 | } | ||
213 | else if (NULL != le->reference) | ||
214 | { | ||
215 | // Check if attest is there | ||
216 | int j = 0; | ||
217 | while (j<i) | ||
218 | { | ||
219 | if (attest_arr[j] == le->reference->id_attest) | ||
220 | break; | ||
221 | j++; | ||
222 | } | ||
223 | if (j==i) | ||
224 | { | ||
225 | // Attest not yet existent. Append to the end of the list | ||
226 | GNUNET_CONTAINER_DLL_remove (attrs->list_head, attrs->list_tail, le); | ||
227 | GNUNET_CONTAINER_DLL_insert_tail (attrs->list_head, attrs->list_tail, | ||
228 | le); | ||
229 | continue; | ||
230 | } | ||
231 | else | ||
232 | { | ||
233 | // Attestation is existing, hence take the respective source str | ||
234 | GNUNET_asprintf (&source_name, | ||
235 | "src%d", | ||
236 | j); | ||
237 | json_object_set_new (aggr_names, le->reference->name, json_string ( | ||
238 | source_name)); | ||
239 | } | ||
240 | |||
241 | } | ||
242 | else if (NULL != le->attest) | ||
243 | { | ||
244 | // We assume that at max 99 different attestations | ||
245 | int j = 0; | ||
246 | while (j<i) | ||
247 | { | ||
248 | if (attest_arr[j] == le->attest->id) | ||
249 | break; | ||
250 | j++; | ||
251 | } | ||
252 | if (j==i) | ||
253 | { | ||
254 | // New Attestation | ||
255 | attest_arr[i] = le->attest->id; | ||
256 | GNUNET_asprintf (&source_name, | ||
257 | "src%d", | ||
258 | i); | ||
259 | aggr_sources_jwt = json_object (); | ||
260 | attest_val_str = GNUNET_RECLAIM_ATTESTATION_value_to_string ( | ||
261 | le->attest->type, le->attest->data, le->attest->data_size); | ||
262 | json_object_set_new (aggr_sources_jwt, "JWT",json_string ( | ||
263 | attest_val_str) ); | ||
264 | aggr_sources_jwt_str = json_dumps (aggr_sources_jwt, JSON_INDENT (0) | ||
265 | | JSON_COMPACT); | ||
266 | json_object_set_new (aggr_sources, source_name,json_string ( | ||
267 | aggr_sources_jwt_str)); | ||
268 | i++; | ||
269 | } | ||
270 | else | ||
271 | { | ||
272 | // Attestation already existent. Ignore | ||
273 | continue; | ||
274 | } | ||
275 | |||
276 | } | ||
277 | } | ||
278 | if (NULL != attest_val_str) | ||
279 | GNUNET_free (attest_val_str); | ||
280 | if (NULL != source_name) | ||
281 | GNUNET_free (source_name); | ||
282 | if (0!=i) | ||
283 | { | ||
284 | aggr_names_str = json_dumps (aggr_names, JSON_INDENT (0) | JSON_COMPACT); | ||
285 | aggr_sources_str = json_dumps (aggr_sources, JSON_INDENT (0) | ||
286 | | JSON_COMPACT); | ||
287 | json_object_set_new (body, "_claim_names", json_string (aggr_names_str)); | ||
288 | json_object_set_new (body, "_claim_sources", json_string ( | ||
289 | aggr_sources_str)); | ||
192 | } | 290 | } |
291 | |||
292 | json_decref (aggr_names); | ||
293 | json_decref (aggr_sources); | ||
294 | json_decref (aggr_sources_jwt); | ||
295 | |||
193 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); | 296 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); |
194 | json_decref (body); | 297 | json_decref (body); |
298 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"ID-Token: %s\n", body_str); | ||
195 | 299 | ||
196 | GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64); | 300 | GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64); |
197 | fix_base64 (header_base64); | 301 | fix_base64 (header_base64); |
@@ -226,6 +330,12 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
226 | GNUNET_free (signature_target); | 330 | GNUNET_free (signature_target); |
227 | GNUNET_free (header); | 331 | GNUNET_free (header); |
228 | GNUNET_free (body_str); | 332 | GNUNET_free (body_str); |
333 | if (NULL != aggr_sources_str) | ||
334 | GNUNET_free (aggr_sources_str); | ||
335 | if (NULL != aggr_names_str) | ||
336 | GNUNET_free (aggr_names_str); | ||
337 | if (NULL != aggr_sources_jwt_str) | ||
338 | GNUNET_free (aggr_sources_jwt_str); | ||
229 | GNUNET_free (signature_base64); | 339 | GNUNET_free (signature_base64); |
230 | GNUNET_free (body_base64); | 340 | GNUNET_free (body_base64); |
231 | GNUNET_free (header_base64); | 341 | GNUNET_free (header_base64); |