diff options
Diffstat (limited to 'src/reclaim/plugin_reclaim_credential_jwt.c')
-rw-r--r-- | src/reclaim/plugin_reclaim_credential_jwt.c | 433 |
1 files changed, 433 insertions, 0 deletions
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c new file mode 100644 index 000000000..148865223 --- /dev/null +++ b/src/reclaim/plugin_reclaim_credential_jwt.c | |||
@@ -0,0 +1,433 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_reclaim_credential_jwt.c | ||
23 | * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for | ||
24 | * JWT credentials. | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_reclaim_plugin.h" | ||
31 | #include <inttypes.h> | ||
32 | #include <jansson.h> | ||
33 | |||
34 | /** | ||
35 | * Convert the 'value' of an credential to a string. | ||
36 | * | ||
37 | * @param cls closure, unused | ||
38 | * @param type type of the credential | ||
39 | * @param data value in binary encoding | ||
40 | * @param data_size number of bytes in @a data | ||
41 | * @return NULL on error, otherwise human-readable representation of the value | ||
42 | */ | ||
43 | static char * | ||
44 | jwt_value_to_string (void *cls, | ||
45 | uint32_t type, | ||
46 | const void *data, | ||
47 | size_t data_size) | ||
48 | { | ||
49 | switch (type) | ||
50 | { | ||
51 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
52 | return GNUNET_strndup (data, data_size); | ||
53 | |||
54 | default: | ||
55 | return NULL; | ||
56 | } | ||
57 | } | ||
58 | |||
59 | |||
60 | /** | ||
61 | * Convert human-readable version of a 'value' of an credential to the binary | ||
62 | * representation. | ||
63 | * | ||
64 | * @param cls closure, unused | ||
65 | * @param type type of the credential | ||
66 | * @param s human-readable string | ||
67 | * @param data set to value in binary encoding (will be allocated) | ||
68 | * @param data_size set to number of bytes in @a data | ||
69 | * @return #GNUNET_OK on success | ||
70 | */ | ||
71 | static int | ||
72 | jwt_string_to_value (void *cls, | ||
73 | uint32_t type, | ||
74 | const char *s, | ||
75 | void **data, | ||
76 | size_t *data_size) | ||
77 | { | ||
78 | if (NULL == s) | ||
79 | return GNUNET_SYSERR; | ||
80 | switch (type) | ||
81 | { | ||
82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
83 | *data = GNUNET_strdup (s); | ||
84 | *data_size = strlen (s); | ||
85 | return GNUNET_OK; | ||
86 | |||
87 | default: | ||
88 | return GNUNET_SYSERR; | ||
89 | } | ||
90 | } | ||
91 | |||
92 | |||
93 | /** | ||
94 | * Mapping of credential type numbers to human-readable | ||
95 | * credential type names. | ||
96 | */ | ||
97 | static struct | ||
98 | { | ||
99 | const char *name; | ||
100 | uint32_t number; | ||
101 | } jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT }, | ||
102 | { NULL, UINT32_MAX } }; | ||
103 | |||
104 | /** | ||
105 | * Convert a type name to the corresponding number. | ||
106 | * | ||
107 | * @param cls closure, unused | ||
108 | * @param jwt_typename name to convert | ||
109 | * @return corresponding number, UINT32_MAX on error | ||
110 | */ | ||
111 | static uint32_t | ||
112 | jwt_typename_to_number (void *cls, const char *jwt_typename) | ||
113 | { | ||
114 | unsigned int i; | ||
115 | |||
116 | i = 0; | ||
117 | while ((NULL != jwt_cred_name_map[i].name) && | ||
118 | (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name))) | ||
119 | i++; | ||
120 | return jwt_cred_name_map[i].number; | ||
121 | } | ||
122 | |||
123 | |||
124 | /** | ||
125 | * Convert a type number (i.e. 1) to the corresponding type string | ||
126 | * | ||
127 | * @param cls closure, unused | ||
128 | * @param type number of a type to convert | ||
129 | * @return corresponding typestring, NULL on error | ||
130 | */ | ||
131 | static const char * | ||
132 | jwt_number_to_typename (void *cls, uint32_t type) | ||
133 | { | ||
134 | unsigned int i; | ||
135 | |||
136 | i = 0; | ||
137 | while ((NULL != jwt_cred_name_map[i].name) && (type != | ||
138 | jwt_cred_name_map[i]. | ||
139 | number)) | ||
140 | i++; | ||
141 | return jwt_cred_name_map[i].name; | ||
142 | } | ||
143 | |||
144 | |||
145 | /** | ||
146 | * Parse a JWT and return the respective claim value as Attribute | ||
147 | * | ||
148 | * @param cls the plugin | ||
149 | * @param cred the jwt credential | ||
150 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
151 | */ | ||
152 | struct GNUNET_RECLAIM_AttributeList * | ||
153 | jwt_parse_attributes (void *cls, | ||
154 | const char *data) | ||
155 | { | ||
156 | char *jwt_string; | ||
157 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
158 | char delim[] = "."; | ||
159 | char *val_str = NULL; | ||
160 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
161 | char *decoded_jwt; | ||
162 | json_t *json_val; | ||
163 | json_error_t *json_err = NULL; | ||
164 | |||
165 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
166 | |||
167 | jwt_string = GNUNET_strdup (data); | ||
168 | const char *jwt_body = strtok (jwt_string, delim); | ||
169 | jwt_body = strtok (NULL, delim); | ||
170 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
171 | (void **) &decoded_jwt); | ||
172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); | ||
173 | GNUNET_assert (NULL != decoded_jwt); | ||
174 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
175 | const char *key; | ||
176 | json_t *value; | ||
177 | json_object_foreach (json_val, key, value) { | ||
178 | if (0 == strcmp ("iss", key)) | ||
179 | continue; | ||
180 | if (0 == strcmp ("exp", key)) | ||
181 | continue; | ||
182 | if (0 == strcmp ("iat", key)) | ||
183 | continue; | ||
184 | if (0 == strcmp ("nbf", key)) | ||
185 | continue; | ||
186 | if (0 == strcmp ("aud", key)) | ||
187 | continue; | ||
188 | val_str = json_dumps (value, JSON_ENCODE_ANY); | ||
189 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
190 | key, | ||
191 | NULL, | ||
192 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME | ||
193 | val_str, | ||
194 | strlen (val_str)); | ||
195 | GNUNET_free (val_str); | ||
196 | } | ||
197 | GNUNET_free (jwt_string); | ||
198 | return attrs; | ||
199 | } | ||
200 | |||
201 | |||
202 | /** | ||
203 | * Parse a JWT and return the respective claim value as Attribute | ||
204 | * | ||
205 | * @param cls the plugin | ||
206 | * @param cred the jwt credential | ||
207 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
208 | */ | ||
209 | struct GNUNET_RECLAIM_AttributeList * | ||
210 | jwt_parse_attributes_c (void *cls, | ||
211 | const struct GNUNET_RECLAIM_Credential *cred) | ||
212 | { | ||
213 | return jwt_parse_attributes (cls, cred->data); | ||
214 | } | ||
215 | |||
216 | |||
217 | /** | ||
218 | * Parse a JWT and return the respective claim value as Attribute | ||
219 | * | ||
220 | * @param cls the plugin | ||
221 | * @param cred the jwt credential | ||
222 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
223 | */ | ||
224 | struct GNUNET_RECLAIM_AttributeList * | ||
225 | jwt_parse_attributes_p (void *cls, | ||
226 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
227 | { | ||
228 | return jwt_parse_attributes (cls, cred->data); | ||
229 | } | ||
230 | |||
231 | |||
232 | /** | ||
233 | * Parse a JWT and return the issuer | ||
234 | * | ||
235 | * @param cls the plugin | ||
236 | * @param cred the jwt credential | ||
237 | * @return a string, containing the isser | ||
238 | */ | ||
239 | char * | ||
240 | jwt_get_issuer (void *cls, | ||
241 | const char *data) | ||
242 | { | ||
243 | const char *jwt_body; | ||
244 | char *jwt_string; | ||
245 | char delim[] = "."; | ||
246 | char *issuer = NULL; | ||
247 | char *decoded_jwt; | ||
248 | json_t *issuer_json; | ||
249 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
250 | json_t *json_val; | ||
251 | json_error_t *json_err = NULL; | ||
252 | |||
253 | jwt_string = GNUNET_strdup (data); | ||
254 | jwt_body = strtok (jwt_string, delim); | ||
255 | jwt_body = strtok (NULL, delim); | ||
256 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
257 | (void **) &decoded_jwt); | ||
258 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
259 | issuer_json = json_object_get (json_val, "iss"); | ||
260 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | ||
261 | return NULL; | ||
262 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | ||
263 | GNUNET_free (jwt_string); | ||
264 | return issuer; | ||
265 | } | ||
266 | |||
267 | |||
268 | /** | ||
269 | * Parse a JWT and return the issuer | ||
270 | * | ||
271 | * @param cls the plugin | ||
272 | * @param cred the jwt credential | ||
273 | * @return a string, containing the isser | ||
274 | */ | ||
275 | char * | ||
276 | jwt_get_issuer_c (void *cls, | ||
277 | const struct GNUNET_RECLAIM_Credential *cred) | ||
278 | { | ||
279 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
280 | return NULL; | ||
281 | return jwt_get_issuer (cls, cred->data); | ||
282 | } | ||
283 | |||
284 | |||
285 | /** | ||
286 | * Parse a JWT and return the issuer | ||
287 | * | ||
288 | * @param cls the plugin | ||
289 | * @param cred the jwt credential | ||
290 | * @return a string, containing the isser | ||
291 | */ | ||
292 | char * | ||
293 | jwt_get_issuer_p (void *cls, | ||
294 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
295 | { | ||
296 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
297 | return NULL; | ||
298 | return jwt_get_issuer (cls, cred->data); | ||
299 | } | ||
300 | |||
301 | |||
302 | /** | ||
303 | * Parse a JWT and return the expiration | ||
304 | * | ||
305 | * @param cls the plugin | ||
306 | * @param cred the jwt credential | ||
307 | * @return a string, containing the isser | ||
308 | */ | ||
309 | int | ||
310 | jwt_get_expiration (void *cls, | ||
311 | const char *data, | ||
312 | struct GNUNET_TIME_Absolute *exp) | ||
313 | { | ||
314 | const char *jwt_body; | ||
315 | char *jwt_string; | ||
316 | char delim[] = "."; | ||
317 | char *decoded_jwt; | ||
318 | json_t *exp_json; | ||
319 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
320 | json_t *json_val; | ||
321 | json_error_t *json_err = NULL; | ||
322 | |||
323 | jwt_string = GNUNET_strdup (data); | ||
324 | jwt_body = strtok (jwt_string, delim); | ||
325 | jwt_body = strtok (NULL, delim); | ||
326 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
327 | (void **) &decoded_jwt); | ||
328 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
329 | exp_json = json_object_get (json_val, "exp"); | ||
330 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | ||
331 | return GNUNET_SYSERR; | ||
332 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | ||
333 | GNUNET_free (jwt_string); | ||
334 | return GNUNET_OK; | ||
335 | } | ||
336 | |||
337 | |||
338 | /** | ||
339 | * Parse a JWT and return the expiration | ||
340 | * | ||
341 | * @param cls the plugin | ||
342 | * @param cred the jwt credential | ||
343 | * @return a string, containing the isser | ||
344 | */ | ||
345 | int | ||
346 | jwt_get_expiration_c (void *cls, | ||
347 | const struct GNUNET_RECLAIM_Credential *cred, | ||
348 | struct GNUNET_TIME_Absolute *exp) | ||
349 | { | ||
350 | return jwt_get_expiration (cls, cred->data, exp); | ||
351 | } | ||
352 | |||
353 | |||
354 | /** | ||
355 | * Parse a JWT and return the expiration | ||
356 | * | ||
357 | * @param cls the plugin | ||
358 | * @param cred the jwt credential | ||
359 | * @return a string, containing the isser | ||
360 | */ | ||
361 | int | ||
362 | jwt_get_expiration_p (void *cls, | ||
363 | const struct GNUNET_RECLAIM_Presentation *cred, | ||
364 | struct GNUNET_TIME_Absolute *exp) | ||
365 | { | ||
366 | return jwt_get_expiration (cls, cred->data, exp); | ||
367 | } | ||
368 | |||
369 | |||
370 | int | ||
371 | jwt_create_presentation (void *cls, | ||
372 | const struct GNUNET_RECLAIM_Credential *cred, | ||
373 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
374 | struct GNUNET_RECLAIM_Presentation **pres) | ||
375 | { | ||
376 | // FIXME sanity checks?? | ||
377 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
378 | return GNUNET_NO; | ||
379 | *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT, | ||
380 | cred->data, | ||
381 | cred->data_size); | ||
382 | return GNUNET_OK; | ||
383 | } | ||
384 | |||
385 | |||
386 | /** | ||
387 | * Entry point for the plugin. | ||
388 | * | ||
389 | * @param cls NULL | ||
390 | * @return the exported block API | ||
391 | */ | ||
392 | void * | ||
393 | libgnunet_plugin_reclaim_credential_jwt_init (void *cls) | ||
394 | { | ||
395 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
396 | |||
397 | api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); | ||
398 | api->value_to_string = &jwt_value_to_string; | ||
399 | api->string_to_value = &jwt_string_to_value; | ||
400 | api->typename_to_number = &jwt_typename_to_number; | ||
401 | api->number_to_typename = &jwt_number_to_typename; | ||
402 | api->get_attributes = &jwt_parse_attributes_c; | ||
403 | api->get_issuer = &jwt_get_issuer_c; | ||
404 | api->get_expiration = &jwt_get_expiration_c; | ||
405 | api->value_to_string_p = &jwt_value_to_string; | ||
406 | api->string_to_value_p = &jwt_string_to_value; | ||
407 | api->typename_to_number_p = &jwt_typename_to_number; | ||
408 | api->number_to_typename_p = &jwt_number_to_typename; | ||
409 | api->get_attributes_p = &jwt_parse_attributes_p; | ||
410 | api->get_issuer_p = &jwt_get_issuer_p; | ||
411 | api->get_expiration_p = &jwt_get_expiration_p; | ||
412 | api->create_presentation = &jwt_create_presentation; | ||
413 | return api; | ||
414 | } | ||
415 | |||
416 | |||
417 | /** | ||
418 | * Exit point from the plugin. | ||
419 | * | ||
420 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
421 | * @return NULL | ||
422 | */ | ||
423 | void * | ||
424 | libgnunet_plugin_reclaim_credential_jwt_done (void *cls) | ||
425 | { | ||
426 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; | ||
427 | |||
428 | GNUNET_free (api); | ||
429 | return NULL; | ||
430 | } | ||
431 | |||
432 | |||
433 | /* end of plugin_reclaim_credential_type_jwt.c */ | ||