diff options
Diffstat (limited to 'src/reclaim/oidc_helper.h')
-rw-r--r-- | src/reclaim/oidc_helper.h | 177 |
1 files changed, 0 insertions, 177 deletions
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h deleted file mode 100644 index 2a8b7bbae..000000000 --- a/src/reclaim/oidc_helper.h +++ /dev/null | |||
@@ -1,177 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/oidc_helper.h | ||
23 | * @brief helper library for OIDC related functions | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | |||
27 | #ifndef JWT_H | ||
28 | #define JWT_H | ||
29 | |||
30 | #define JWT_ALG "alg" | ||
31 | |||
32 | /* Use 512bit HMAC */ | ||
33 | #define JWT_ALG_VALUE "HS512" | ||
34 | |||
35 | #define JWT_TYP "typ" | ||
36 | |||
37 | #define JWT_TYP_VALUE "jwt" | ||
38 | |||
39 | #define SERVER_ADDRESS "https://api.reclaim" | ||
40 | |||
41 | enum OIDC_VerificationOptions | ||
42 | { | ||
43 | /** | ||
44 | * Strict verification | ||
45 | */ | ||
46 | OIDC_VERIFICATION_DEFAULT = 0, | ||
47 | |||
48 | /** | ||
49 | * Do not check code verifier even if expected | ||
50 | */ | ||
51 | OIDC_VERIFICATION_NO_CODE_VERIFIER = 1 | ||
52 | }; | ||
53 | |||
54 | /** | ||
55 | * Create a JWT from attributes | ||
56 | * | ||
57 | * @param aud_key the public of the audience | ||
58 | * @param sub_key the public key of the subject | ||
59 | * @param attrs the attribute list | ||
60 | * @param presentations credential presentation list (may be empty) | ||
61 | * @param expiration_time the validity of the token | ||
62 | * @param secret_key the key used to sign the JWT | ||
63 | * @return a new base64-encoded JWT string. | ||
64 | */ | ||
65 | char* | ||
66 | OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, | ||
67 | const struct GNUNET_IDENTITY_PublicKey *sub_key, | ||
68 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
69 | const struct | ||
70 | GNUNET_RECLAIM_PresentationList *presentations, | ||
71 | const struct GNUNET_TIME_Relative *expiration_time, | ||
72 | const char *nonce, | ||
73 | const char *secret_key); | ||
74 | |||
75 | /** | ||
76 | * Builds an OIDC authorization code including | ||
77 | * a reclaim ticket and nonce | ||
78 | * | ||
79 | * @param issuer the issuer of the ticket, used to sign the ticket and nonce | ||
80 | * @param ticket the ticket to include in the code | ||
81 | * @param attrs list of attributes to share | ||
82 | * @param presentations credential presentation list | ||
83 | * @param nonce the nonce to include in the code | ||
84 | * @param code_challenge PKCE code challenge | ||
85 | * @param opts verification options | ||
86 | * @return a new authorization code (caller must free) | ||
87 | */ | ||
88 | char* | ||
89 | OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | ||
90 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
91 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
92 | const struct | ||
93 | GNUNET_RECLAIM_PresentationList *presentations, | ||
94 | const char *nonce, | ||
95 | const char *code_challenge); | ||
96 | |||
97 | /** | ||
98 | * Parse reclaim ticket and nonce from | ||
99 | * authorization code. | ||
100 | * This also verifies the signature in the code. | ||
101 | * | ||
102 | * @param ecdsa_priv the audience of the ticket | ||
103 | * @param code the string representation of the code | ||
104 | * @param code_verfier PKCE code verifier | ||
105 | * @param ticket where to store the ticket | ||
106 | * @param attrs the attributes found in the code | ||
107 | * @param presentations credential presentation list | ||
108 | * @param nonce where to store the nonce | ||
109 | * @return GNUNET_OK if successful, else GNUNET_SYSERR | ||
110 | */ | ||
111 | int | ||
112 | OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *ecdsa_pub, | ||
113 | const char *code, | ||
114 | const char *code_verifier, | ||
115 | struct GNUNET_RECLAIM_Ticket *ticket, | ||
116 | struct GNUNET_RECLAIM_AttributeList **attrs, | ||
117 | struct GNUNET_RECLAIM_PresentationList **presentations, | ||
118 | char **nonce, | ||
119 | enum OIDC_VerificationOptions opts); | ||
120 | |||
121 | /** | ||
122 | * Build a token response for a token request | ||
123 | * TODO: Maybe we should add the scope here? | ||
124 | * | ||
125 | * @param access_token the access token to include | ||
126 | * @param id_token the id_token to include | ||
127 | * @param expiration_time the expiration time of the token(s) | ||
128 | * @param token_response where to store the response | ||
129 | */ | ||
130 | void | ||
131 | OIDC_build_token_response (const char *access_token, | ||
132 | const char *id_token, | ||
133 | const struct GNUNET_TIME_Relative *expiration_time, | ||
134 | char **token_response); | ||
135 | |||
136 | /** | ||
137 | * Generate a new access token | ||
138 | */ | ||
139 | char* | ||
140 | OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket); | ||
141 | |||
142 | /** | ||
143 | * Parse an access token | ||
144 | */ | ||
145 | int | ||
146 | OIDC_access_token_parse (const char*token, | ||
147 | struct GNUNET_RECLAIM_Ticket **ticket); | ||
148 | |||
149 | |||
150 | /** | ||
151 | * Checks if a claim is implicitly requested through standard | ||
152 | * scope(s) | ||
153 | * | ||
154 | * @param scopes the scopes which have been requested | ||
155 | * @param attr the attribute name to check | ||
156 | * @return GNUNET_YES if attribute is implcitly requested | ||
157 | */ | ||
158 | enum GNUNET_GenericReturnValue | ||
159 | OIDC_check_scopes_for_claim_request (const char *scopes, | ||
160 | const char *attr); | ||
161 | |||
162 | |||
163 | /** | ||
164 | * Generate userinfo JSON as string | ||
165 | * | ||
166 | * @param sub_key the subject (user) | ||
167 | * @param attrs user attribute list | ||
168 | * @param presentations credential presentation list | ||
169 | * @return Userinfo JSON | ||
170 | */ | ||
171 | char * | ||
172 | OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, | ||
173 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
174 | const struct | ||
175 | GNUNET_RECLAIM_PresentationList *presentations); | ||
176 | |||
177 | #endif | ||