diff options
Diffstat (limited to 'src/reclaim/oidc_helper.h')
-rw-r--r-- | src/reclaim/oidc_helper.h | 196 |
1 files changed, 0 insertions, 196 deletions
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h deleted file mode 100644 index b134c71ad..000000000 --- a/src/reclaim/oidc_helper.h +++ /dev/null | |||
@@ -1,196 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/oidc_helper.h | ||
23 | * @brief helper library for OIDC related functions | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | |||
27 | #ifndef JWT_H | ||
28 | #define JWT_H | ||
29 | |||
30 | #define JWT_ALG "alg" | ||
31 | #define JWT_TYP "typ" | ||
32 | #define JWT_TYP_VALUE "jwt" | ||
33 | |||
34 | #define JWT_ALG_VALUE_HMAC "HS512" | ||
35 | #define JWT_ALG_VALUE_RSA "RS256" | ||
36 | |||
37 | #define SERVER_ADDRESS "http://localhost:7776" | ||
38 | |||
39 | enum OIDC_VerificationOptions | ||
40 | { | ||
41 | /** | ||
42 | * Strict verification | ||
43 | */ | ||
44 | OIDC_VERIFICATION_DEFAULT = 0, | ||
45 | |||
46 | /** | ||
47 | * Do not check code verifier even if expected | ||
48 | */ | ||
49 | OIDC_VERIFICATION_NO_CODE_VERIFIER = 1 | ||
50 | }; | ||
51 | |||
52 | /** | ||
53 | * Create a JWT using RSA256 from attributes | ||
54 | * | ||
55 | * @param aud_key the public of the audience | ||
56 | * @param sub_key the public key of the subject | ||
57 | * @param attrs the attribute list | ||
58 | * @param presentations credential presentation list (may be empty) | ||
59 | * @param expiration_time the validity of the token | ||
60 | * @param secret_key the key used to sign the JWT | ||
61 | * @return a new base64-encoded JWT string. | ||
62 | */ | ||
63 | char * | ||
64 | OIDC_generate_id_token_rsa (const struct GNUNET_IDENTITY_PublicKey *aud_key, | ||
65 | const struct GNUNET_IDENTITY_PublicKey *sub_key, | ||
66 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
67 | const struct | ||
68 | GNUNET_RECLAIM_PresentationList *presentations, | ||
69 | const struct GNUNET_TIME_Relative *expiration_time, | ||
70 | const char *nonce, | ||
71 | const json_t *secret_rsa_key); | ||
72 | |||
73 | /** | ||
74 | * Create a JWT using HMAC (HS256) from attributes | ||
75 | * | ||
76 | * @param aud_key the public of the audience | ||
77 | * @param sub_key the public key of the subject | ||
78 | * @param attrs the attribute list | ||
79 | * @param presentations credential presentation list (may be empty) | ||
80 | * @param expiration_time the validity of the token | ||
81 | * @param secret_key the key used to sign the JWT | ||
82 | * @return a new base64-encoded JWT string. | ||
83 | */ | ||
84 | char* | ||
85 | OIDC_generate_id_token_hmac (const struct GNUNET_IDENTITY_PublicKey *aud_key, | ||
86 | const struct GNUNET_IDENTITY_PublicKey *sub_key, | ||
87 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
88 | const struct | ||
89 | GNUNET_RECLAIM_PresentationList *presentations, | ||
90 | const struct GNUNET_TIME_Relative *expiration_time, | ||
91 | const char *nonce, | ||
92 | const char *secret_key); | ||
93 | |||
94 | /** | ||
95 | * Builds an OIDC authorization code including | ||
96 | * a reclaim ticket and nonce | ||
97 | * | ||
98 | * @param issuer the issuer of the ticket, used to sign the ticket and nonce | ||
99 | * @param ticket the ticket to include in the code | ||
100 | * @param attrs list of attributes to share | ||
101 | * @param presentations credential presentation list | ||
102 | * @param nonce the nonce to include in the code | ||
103 | * @param code_challenge PKCE code challenge | ||
104 | * @param opts verification options | ||
105 | * @return a new authorization code (caller must free) | ||
106 | */ | ||
107 | char* | ||
108 | OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | ||
109 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
110 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
111 | const struct | ||
112 | GNUNET_RECLAIM_PresentationList *presentations, | ||
113 | const char *nonce, | ||
114 | const char *code_challenge); | ||
115 | |||
116 | /** | ||
117 | * Parse reclaim ticket and nonce from | ||
118 | * authorization code. | ||
119 | * This also verifies the signature in the code. | ||
120 | * | ||
121 | * @param ecdsa_priv the audience of the ticket | ||
122 | * @param code the string representation of the code | ||
123 | * @param code_verfier PKCE code verifier | ||
124 | * @param ticket where to store the ticket | ||
125 | * @param attrs the attributes found in the code | ||
126 | * @param presentations credential presentation list | ||
127 | * @param nonce where to store the nonce | ||
128 | * @return GNUNET_OK if successful, else GNUNET_SYSERR | ||
129 | */ | ||
130 | int | ||
131 | OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *ecdsa_pub, | ||
132 | const char *code, | ||
133 | const char *code_verifier, | ||
134 | struct GNUNET_RECLAIM_Ticket *ticket, | ||
135 | struct GNUNET_RECLAIM_AttributeList **attrs, | ||
136 | struct GNUNET_RECLAIM_PresentationList **presentations, | ||
137 | char **nonce, | ||
138 | enum OIDC_VerificationOptions opts); | ||
139 | |||
140 | /** | ||
141 | * Build a token response for a token request | ||
142 | * TODO: Maybe we should add the scope here? | ||
143 | * | ||
144 | * @param access_token the access token to include | ||
145 | * @param id_token the id_token to include | ||
146 | * @param expiration_time the expiration time of the token(s) | ||
147 | * @param token_response where to store the response | ||
148 | */ | ||
149 | void | ||
150 | OIDC_build_token_response (const char *access_token, | ||
151 | const char *id_token, | ||
152 | const struct GNUNET_TIME_Relative *expiration_time, | ||
153 | char **token_response); | ||
154 | |||
155 | /** | ||
156 | * Generate a new access token | ||
157 | */ | ||
158 | char* | ||
159 | OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket); | ||
160 | |||
161 | /** | ||
162 | * Parse an access token | ||
163 | */ | ||
164 | int | ||
165 | OIDC_access_token_parse (const char*token, | ||
166 | struct GNUNET_RECLAIM_Ticket **ticket); | ||
167 | |||
168 | |||
169 | /** | ||
170 | * Checks if a claim is implicitly requested through standard | ||
171 | * scope(s) | ||
172 | * | ||
173 | * @param scopes the scopes which have been requested | ||
174 | * @param attr the attribute name to check | ||
175 | * @return GNUNET_YES if attribute is implcitly requested | ||
176 | */ | ||
177 | enum GNUNET_GenericReturnValue | ||
178 | OIDC_check_scopes_for_claim_request (const char *scopes, | ||
179 | const char *attr); | ||
180 | |||
181 | |||
182 | /** | ||
183 | * Generate userinfo JSON as string | ||
184 | * | ||
185 | * @param sub_key the subject (user) | ||
186 | * @param attrs user attribute list | ||
187 | * @param presentations credential presentation list | ||
188 | * @return Userinfo JSON | ||
189 | */ | ||
190 | char * | ||
191 | OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, | ||
192 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
193 | const struct | ||
194 | GNUNET_RECLAIM_PresentationList *presentations); | ||
195 | |||
196 | #endif | ||