1 files changed, 433 insertions, 0 deletions
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c
new file mode 100644
index 000000000..148865223
--- /dev/null
+++ b/src/reclaim/plugin_reclaim_credential_jwt.c
@@ -0,0 +1,433 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file reclaim/plugin_reclaim_credential_jwt.c
+ * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for
+ *                                      JWT credentials.
+ *
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_plugin.h"
+#include <inttypes.h>
+#include <jansson.h>
+/**
+   * Convert the 'value' of an credential to a string.
+   *
+   * @param cls closure, unused
+   * @param type type of the credential
+   * @param data value in binary encoding
+   * @param data_size number of bytes in @a data
+   * @return NULL on error, otherwise human-readable representation of the value
+   */
+static char *
+jwt_value_to_string (void *cls,
+                     uint32_t type,
+                     const void *data,
+                     size_t data_size)
+{
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
+    return GNUNET_strndup (data, data_size);
+  default:
+    return NULL;
+  }
+}
+/**
+ * Convert human-readable version of a 'value' of an credential to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the credential
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+jwt_string_to_value (void *cls,
+                     uint32_t type,
+                     const char *s,
+                     void **data,
+                     size_t *data_size)
+{
+  if (NULL == s)
+    return GNUNET_SYSERR;
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
+    *data = GNUNET_strdup (s);
+    *data_size = strlen (s);
+    return GNUNET_OK;
+  default:
+    return GNUNET_SYSERR;
+  }
+}
+/**
+ * Mapping of credential type numbers to human-readable
+ * credential type names.
+ */
+static struct
+{
+  const char *name;
+  uint32_t number;
+} jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT },
+                          { NULL, UINT32_MAX } };
+/**
+   * Convert a type name to the corresponding number.
+   *
+   * @param cls closure, unused
+   * @param jwt_typename name to convert
+   * @return corresponding number, UINT32_MAX on error
+   */
+static uint32_t
+jwt_typename_to_number (void *cls, const char *jwt_typename)
+{
+  unsigned int i;
+  i = 0;
+  while ((NULL != jwt_cred_name_map[i].name) &&
+         (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name)))
+    i++;
+  return jwt_cred_name_map[i].number;
+}
+/**
+ * Convert a type number (i.e. 1) to the corresponding type string
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+jwt_number_to_typename (void *cls, uint32_t type)
+{
+  unsigned int i;
+  i = 0;
+  while ((NULL != jwt_cred_name_map[i].name) && (type !=
+                                                 jwt_cred_name_map[i].
+                                                 number))
+    i++;
+  return jwt_cred_name_map[i].name;
+}
+/**
+ * Parse a JWT and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+jwt_parse_attributes (void *cls,
+                      const char *data)
+{
+  char *jwt_string;
+  struct GNUNET_RECLAIM_AttributeList *attrs;
+  char delim[] = ".";
+  char *val_str = NULL;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
+  char *decoded_jwt;
+  json_t *json_val;
+  json_error_t *json_err = NULL;
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
+  jwt_string = GNUNET_strdup (data);
+  const char *jwt_body = strtok (jwt_string, delim);
+  jwt_body = strtok (NULL, delim);
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt);
+  GNUNET_assert (NULL != decoded_jwt);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+  const char *key;
+  json_t *value;
+  json_object_foreach (json_val, key, value) {
+    if (0 == strcmp ("iss", key))
+      continue;
+    if (0 == strcmp ("exp", key))
+      continue;
+    if (0 == strcmp ("iat", key))
+      continue;
+    if (0 == strcmp ("nbf", key))
+      continue;
+    if (0 == strcmp ("aud", key))
+      continue;
+    val_str = json_dumps (value, JSON_ENCODE_ANY);
+    GNUNET_RECLAIM_attribute_list_add (attrs,
+                                       key,
+                                       NULL,
+                                       GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME
+                                       val_str,
+                                       strlen (val_str));
+    GNUNET_free (val_str);
+  }
+  GNUNET_free (jwt_string);
+  return attrs;
+}
+/**
+ * Parse a JWT and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+jwt_parse_attributes_c (void *cls,
+                        const struct GNUNET_RECLAIM_Credential *cred)
+{
+  return jwt_parse_attributes (cls, cred->data);
+}
+/**
+ * Parse a JWT and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+jwt_parse_attributes_p (void *cls,
+                        const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  return jwt_parse_attributes (cls, cred->data);
+}
+/**
+ * Parse a JWT and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+char *
+jwt_get_issuer (void *cls,
+                const char *data)
+{
+  const char *jwt_body;
+  char *jwt_string;
+  char delim[] = ".";
+  char *issuer = NULL;
+  char *decoded_jwt;
+  json_t *issuer_json;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
+  json_t *json_val;
+  json_error_t *json_err = NULL;
+  jwt_string = GNUNET_strdup (data);
+  jwt_body = strtok (jwt_string, delim);
+  jwt_body = strtok (NULL, delim);
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+  issuer_json = json_object_get (json_val, "iss");
+  if ((NULL == issuer_json) || (! json_is_string (issuer_json)))
+    return NULL;
+  issuer = GNUNET_strdup (json_string_value (issuer_json));
+  GNUNET_free (jwt_string);
+  return issuer;
+}
+/**
+ * Parse a JWT and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+char *
+jwt_get_issuer_c (void *cls,
+                  const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return NULL;
+  return jwt_get_issuer (cls, cred->data);
+}
+/**
+ * Parse a JWT and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+char *
+jwt_get_issuer_p (void *cls,
+                  const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return NULL;
+  return jwt_get_issuer (cls, cred->data);
+}
+/**
+ * Parse a JWT and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+int
+jwt_get_expiration (void *cls,
+                    const char *data,
+                    struct GNUNET_TIME_Absolute *exp)
+{
+  const char *jwt_body;
+  char *jwt_string;
+  char delim[] = ".";
+  char *decoded_jwt;
+  json_t *exp_json;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
+  json_t *json_val;
+  json_error_t *json_err = NULL;
+  jwt_string = GNUNET_strdup (data);
+  jwt_body = strtok (jwt_string, delim);
+  jwt_body = strtok (NULL, delim);
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+  exp_json = json_object_get (json_val, "exp");
+  if ((NULL == exp_json) || (! json_is_integer (exp_json)))
+    return GNUNET_SYSERR;
+  exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000;
+  GNUNET_free (jwt_string);
+  return GNUNET_OK;
+}
+/**
+ * Parse a JWT and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+int
+jwt_get_expiration_c (void *cls,
+                      const struct GNUNET_RECLAIM_Credential *cred,
+                      struct GNUNET_TIME_Absolute *exp)
+{
+  return jwt_get_expiration (cls, cred->data, exp);
+}
+/**
+ * Parse a JWT and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the jwt credential
+ * @return a string, containing the isser
+ */
+int
+jwt_get_expiration_p (void *cls,
+                      const struct GNUNET_RECLAIM_Presentation *cred,
+                      struct GNUNET_TIME_Absolute *exp)
+{
+  return jwt_get_expiration (cls, cred->data, exp);
+}
+int
+jwt_create_presentation (void *cls,
+                         const struct GNUNET_RECLAIM_Credential *cred,
+                         const struct GNUNET_RECLAIM_AttributeList *attrs,
+                         struct GNUNET_RECLAIM_Presentation **pres)
+{
+  // FIXME sanity checks??
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return GNUNET_NO;
+  *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT,
+                                           cred->data,
+                                           cred->data_size);
+  return GNUNET_OK;
+}
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_reclaim_credential_jwt_init (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
+  api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
+  api->value_to_string = &jwt_value_to_string;
+  api->string_to_value = &jwt_string_to_value;
+  api->typename_to_number = &jwt_typename_to_number;
+  api->number_to_typename = &jwt_number_to_typename;
+  api->get_attributes = &jwt_parse_attributes_c;
+  api->get_issuer = &jwt_get_issuer_c;
+  api->get_expiration = &jwt_get_expiration_c;
+  api->value_to_string_p = &jwt_value_to_string;
+  api->string_to_value_p = &jwt_string_to_value;
+  api->typename_to_number_p = &jwt_typename_to_number;
+  api->number_to_typename_p = &jwt_number_to_typename;
+  api->get_attributes_p = &jwt_parse_attributes_p;
+  api->get_issuer_p = &jwt_get_issuer_p;
+  api->get_expiration_p = &jwt_get_expiration_p;
+  api->create_presentation = &jwt_create_presentation;
+  return api;
+}
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init()
+ * @return NULL
+ */
+void *
+libgnunet_plugin_reclaim_credential_jwt_done (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
+  GNUNET_free (api);
+  return NULL;
+}
+/* end of plugin_reclaim_credential_type_jwt.c */

diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c new file mode 100644 index 000000000..148865223 --- /dev/null +++ b/src/reclaim/plugin_reclaim_credential_jwt.c
@@ -0,0 +1,433 @@
	1	/*
	2	This file is part of GNUnet
	3	Copyright (C) 2013, 2014, 2016 GNUnet e.V.
	4
	5	GNUnet is free software: you can redistribute it and/or modify it
	6	under the terms of the GNU Affero General Public License as published
	7	by the Free Software Foundation, either version 3 of the License,
	8	or (at your option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	Affero General Public License for more details.
	14
	15	You should have received a copy of the GNU Affero General Public License
	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
	17
	18	SPDX-License-Identifier: AGPL3.0-or-later
	19	*/
	20
	21	/**
	22	* @file reclaim/plugin_reclaim_credential_jwt.c
	23	* @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for
	24	* JWT credentials.
	25	*
	26	* @author Martin Schanzenbach
	27	*/
	28	#include "platform.h"
	29	#include "gnunet_util_lib.h"
	30	#include "gnunet_reclaim_plugin.h"
	31	#include <inttypes.h>
	32	#include <jansson.h>
	33
	34	/**
	35	* Convert the 'value' of an credential to a string.
	36	*
	37	* @param cls closure, unused
	38	* @param type type of the credential
	39	* @param data value in binary encoding
	40	* @param data_size number of bytes in @a data
	41	* @return NULL on error, otherwise human-readable representation of the value
	42	*/
	43	static char *
	44	jwt_value_to_string (void *cls,
	45	uint32_t type,
	46	const void *data,
	47	size_t data_size)
	48	{
	49	switch (type)
	50	{
	51	case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
	52	return GNUNET_strndup (data, data_size);
	53
	54	default:
	55	return NULL;
	56	}
	57	}
	58
	59
	60	/**
	61	* Convert human-readable version of a 'value' of an credential to the binary
	62	* representation.
	63	*
	64	* @param cls closure, unused
	65	* @param type type of the credential
	66	* @param s human-readable string
	67	* @param data set to value in binary encoding (will be allocated)
	68	* @param data_size set to number of bytes in @a data
	69	* @return #GNUNET_OK on success
	70	*/
	71	static int
	72	jwt_string_to_value (void *cls,
	73	uint32_t type,
	74	const char *s,
	75	void **data,
	76	size_t *data_size)
	77	{
	78	if (NULL == s)
	79	return GNUNET_SYSERR;
	80	switch (type)
	81	{
	82	case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT:
	83	*data = GNUNET_strdup (s);
	84	*data_size = strlen (s);
	85	return GNUNET_OK;
	86
	87	default:
	88	return GNUNET_SYSERR;
	89	}
	90	}
	91
	92
	93	/**
	94	* Mapping of credential type numbers to human-readable
	95	* credential type names.
	96	*/
	97	static struct
	98	{
	99	const char *name;
	100	uint32_t number;
	101	} jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT },
	102	{ NULL, UINT32_MAX } };
	103
	104	/**
	105	* Convert a type name to the corresponding number.
	106	*
	107	* @param cls closure, unused
	108	* @param jwt_typename name to convert
	109	* @return corresponding number, UINT32_MAX on error
	110	*/
	111	static uint32_t
	112	jwt_typename_to_number (void cls, const char jwt_typename)
	113	{
	114	unsigned int i;
	115
	116	i = 0;
	117	while ((NULL != jwt_cred_name_map[i].name) &&
	118	(0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name)))
	119	i++;
	120	return jwt_cred_name_map[i].number;
	121	}
	122
	123
	124	/**
	125	* Convert a type number (i.e. 1) to the corresponding type string
	126	*
	127	* @param cls closure, unused
	128	* @param type number of a type to convert
	129	* @return corresponding typestring, NULL on error
	130	*/
	131	static const char *
	132	jwt_number_to_typename (void *cls, uint32_t type)
	133	{
	134	unsigned int i;
	135
	136	i = 0;
	137	while ((NULL != jwt_cred_name_map[i].name) && (type !=
	138	jwt_cred_name_map[i].
	139	number))
	140	i++;
	141	return jwt_cred_name_map[i].name;
	142	}
	143
	144
	145	/**
	146	* Parse a JWT and return the respective claim value as Attribute
	147	*
	148	* @param cls the plugin
	149	* @param cred the jwt credential
	150	* @return a GNUNET_RECLAIM_Attribute, containing the new value
	151	*/
	152	struct GNUNET_RECLAIM_AttributeList *
	153	jwt_parse_attributes (void *cls,
	154	const char *data)
	155	{
	156	char *jwt_string;
	157	struct GNUNET_RECLAIM_AttributeList *attrs;
	158	char delim[] = ".";
	159	char *val_str = NULL;
	160	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
	161	char *decoded_jwt;
	162	json_t *json_val;
	163	json_error_t *json_err = NULL;
	164
	165	attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
	166
	167	jwt_string = GNUNET_strdup (data);
	168	const char *jwt_body = strtok (jwt_string, delim);
	169	jwt_body = strtok (NULL, delim);
	170	GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
	171	(void **) &decoded_jwt);
	172	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt);
	173	GNUNET_assert (NULL != decoded_jwt);
	174	json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
	175	const char *key;
	176	json_t *value;
	177	json_object_foreach (json_val, key, value) {
	178	if (0 == strcmp ("iss", key))
	179	continue;
	180	if (0 == strcmp ("exp", key))
	181	continue;
	182	if (0 == strcmp ("iat", key))
	183	continue;
	184	if (0 == strcmp ("nbf", key))
	185	continue;
	186	if (0 == strcmp ("aud", key))
	187	continue;
	188	val_str = json_dumps (value, JSON_ENCODE_ANY);
	189	GNUNET_RECLAIM_attribute_list_add (attrs,
	190	key,
	191	NULL,
	192	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME
	193	val_str,
	194	strlen (val_str));
	195	GNUNET_free (val_str);
	196	}
	197	GNUNET_free (jwt_string);
	198	return attrs;
	199	}
	200
	201
	202	/**
	203	* Parse a JWT and return the respective claim value as Attribute
	204	*
	205	* @param cls the plugin
	206	* @param cred the jwt credential
	207	* @return a GNUNET_RECLAIM_Attribute, containing the new value
	208	*/
	209	struct GNUNET_RECLAIM_AttributeList *
	210	jwt_parse_attributes_c (void *cls,
	211	const struct GNUNET_RECLAIM_Credential *cred)
	212	{
	213	return jwt_parse_attributes (cls, cred->data);
	214	}
	215
	216
	217	/**
	218	* Parse a JWT and return the respective claim value as Attribute
	219	*
	220	* @param cls the plugin
	221	* @param cred the jwt credential
	222	* @return a GNUNET_RECLAIM_Attribute, containing the new value
	223	*/
	224	struct GNUNET_RECLAIM_AttributeList *
	225	jwt_parse_attributes_p (void *cls,
	226	const struct GNUNET_RECLAIM_Presentation *cred)
	227	{
	228	return jwt_parse_attributes (cls, cred->data);
	229	}
	230
	231
	232	/**
	233	* Parse a JWT and return the issuer
	234	*
	235	* @param cls the plugin
	236	* @param cred the jwt credential
	237	* @return a string, containing the isser
	238	*/
	239	char *
	240	jwt_get_issuer (void *cls,
	241	const char *data)
	242	{
	243	const char *jwt_body;
	244	char *jwt_string;
	245	char delim[] = ".";
	246	char *issuer = NULL;
	247	char *decoded_jwt;
	248	json_t *issuer_json;
	249	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
	250	json_t *json_val;
	251	json_error_t *json_err = NULL;
	252
	253	jwt_string = GNUNET_strdup (data);
	254	jwt_body = strtok (jwt_string, delim);
	255	jwt_body = strtok (NULL, delim);
	256	GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
	257	(void **) &decoded_jwt);
	258	json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
	259	issuer_json = json_object_get (json_val, "iss");
	260	if ((NULL == issuer_json) \|\| (! json_is_string (issuer_json)))
	261	return NULL;
	262	issuer = GNUNET_strdup (json_string_value (issuer_json));
	263	GNUNET_free (jwt_string);
	264	return issuer;
	265	}
	266
	267
	268	/**
	269	* Parse a JWT and return the issuer
	270	*
	271	* @param cls the plugin
	272	* @param cred the jwt credential
	273	* @return a string, containing the isser
	274	*/
	275	char *
	276	jwt_get_issuer_c (void *cls,
	277	const struct GNUNET_RECLAIM_Credential *cred)
	278	{
	279	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	280	return NULL;
	281	return jwt_get_issuer (cls, cred->data);
	282	}
	283
	284
	285	/**
	286	* Parse a JWT and return the issuer
	287	*
	288	* @param cls the plugin
	289	* @param cred the jwt credential
	290	* @return a string, containing the isser
	291	*/
	292	char *
	293	jwt_get_issuer_p (void *cls,
	294	const struct GNUNET_RECLAIM_Presentation *cred)
	295	{
	296	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	297	return NULL;
	298	return jwt_get_issuer (cls, cred->data);
	299	}
	300
	301
	302	/**
	303	* Parse a JWT and return the expiration
	304	*
	305	* @param cls the plugin
	306	* @param cred the jwt credential
	307	* @return a string, containing the isser
	308	*/
	309	int
	310	jwt_get_expiration (void *cls,
	311	const char *data,
	312	struct GNUNET_TIME_Absolute *exp)
	313	{
	314	const char *jwt_body;
	315	char *jwt_string;
	316	char delim[] = ".";
	317	char *decoded_jwt;
	318	json_t *exp_json;
	319	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
	320	json_t *json_val;
	321	json_error_t *json_err = NULL;
	322
	323	jwt_string = GNUNET_strdup (data);
	324	jwt_body = strtok (jwt_string, delim);
	325	jwt_body = strtok (NULL, delim);
	326	GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
	327	(void **) &decoded_jwt);
	328	json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
	329	exp_json = json_object_get (json_val, "exp");
	330	if ((NULL == exp_json) \|\| (! json_is_integer (exp_json)))
	331	return GNUNET_SYSERR;
	332	exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000;
	333	GNUNET_free (jwt_string);
	334	return GNUNET_OK;
	335	}
	336
	337
	338	/**
	339	* Parse a JWT and return the expiration
	340	*
	341	* @param cls the plugin
	342	* @param cred the jwt credential
	343	* @return a string, containing the isser
	344	*/
	345	int
	346	jwt_get_expiration_c (void *cls,
	347	const struct GNUNET_RECLAIM_Credential *cred,
	348	struct GNUNET_TIME_Absolute *exp)
	349	{
	350	return jwt_get_expiration (cls, cred->data, exp);
	351	}
	352
	353
	354	/**
	355	* Parse a JWT and return the expiration
	356	*
	357	* @param cls the plugin
	358	* @param cred the jwt credential
	359	* @return a string, containing the isser
	360	*/
	361	int
	362	jwt_get_expiration_p (void *cls,
	363	const struct GNUNET_RECLAIM_Presentation *cred,
	364	struct GNUNET_TIME_Absolute *exp)
	365	{
	366	return jwt_get_expiration (cls, cred->data, exp);
	367	}
	368
	369
	370	int
	371	jwt_create_presentation (void *cls,
	372	const struct GNUNET_RECLAIM_Credential *cred,
	373	const struct GNUNET_RECLAIM_AttributeList *attrs,
	374	struct GNUNET_RECLAIM_Presentation **pres)
	375	{
	376	// FIXME sanity checks??
	377	if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
	378	return GNUNET_NO;
	379	*pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT,
	380	cred->data,
	381	cred->data_size);
	382	return GNUNET_OK;
	383	}
	384
	385
	386	/**
	387	* Entry point for the plugin.
	388	*
	389	* @param cls NULL
	390	* @return the exported block API
	391	*/
	392	void *
	393	libgnunet_plugin_reclaim_credential_jwt_init (void *cls)
	394	{
	395	struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
	396
	397	api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
	398	api->value_to_string = &jwt_value_to_string;
	399	api->string_to_value = &jwt_string_to_value;
	400	api->typename_to_number = &jwt_typename_to_number;
	401	api->number_to_typename = &jwt_number_to_typename;
	402	api->get_attributes = &jwt_parse_attributes_c;
	403	api->get_issuer = &jwt_get_issuer_c;
	404	api->get_expiration = &jwt_get_expiration_c;
	405	api->value_to_string_p = &jwt_value_to_string;
	406	api->string_to_value_p = &jwt_string_to_value;
	407	api->typename_to_number_p = &jwt_typename_to_number;
	408	api->number_to_typename_p = &jwt_number_to_typename;
	409	api->get_attributes_p = &jwt_parse_attributes_p;
	410	api->get_issuer_p = &jwt_get_issuer_p;
	411	api->get_expiration_p = &jwt_get_expiration_p;
	412	api->create_presentation = &jwt_create_presentation;
	413	return api;
	414	}
	415
	416
	417	/**
	418	* Exit point from the plugin.
	419	*
	420	* @param cls the return value from #libgnunet_plugin_block_test_init()
	421	* @return NULL
	422	*/
	423	void *
	424	libgnunet_plugin_reclaim_credential_jwt_done (void *cls)
	425	{
	426	struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
	427
	428	GNUNET_free (api);
	429	return NULL;
	430	}
	431
	432
	433	/* end of plugin_reclaim_credential_type_jwt.c */