diff options
Diffstat (limited to 'src/reclaim/plugin_reclaim_credential_jwt.c')
-rw-r--r-- | src/reclaim/plugin_reclaim_credential_jwt.c | 499 |
1 files changed, 0 insertions, 499 deletions
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c deleted file mode 100644 index 5d5e221f9..000000000 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ /dev/null | |||
@@ -1,499 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_reclaim_credential_jwt.c | ||
23 | * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for | ||
24 | * JWT credentials. | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_reclaim_plugin.h" | ||
31 | #include <inttypes.h> | ||
32 | #include <jansson.h> | ||
33 | |||
34 | /** | ||
35 | * Convert the 'value' of an credential to a string. | ||
36 | * | ||
37 | * @param cls closure, unused | ||
38 | * @param type type of the credential | ||
39 | * @param data value in binary encoding | ||
40 | * @param data_size number of bytes in @a data | ||
41 | * @return NULL on error, otherwise human-readable representation of the value | ||
42 | */ | ||
43 | static char * | ||
44 | jwt_value_to_string (void *cls, | ||
45 | uint32_t type, | ||
46 | const void *data, | ||
47 | size_t data_size) | ||
48 | { | ||
49 | switch (type) | ||
50 | { | ||
51 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
52 | return GNUNET_strndup (data, data_size); | ||
53 | |||
54 | default: | ||
55 | return NULL; | ||
56 | } | ||
57 | } | ||
58 | |||
59 | |||
60 | /** | ||
61 | * Convert human-readable version of a 'value' of an credential to the binary | ||
62 | * representation. | ||
63 | * | ||
64 | * @param cls closure, unused | ||
65 | * @param type type of the credential | ||
66 | * @param s human-readable string | ||
67 | * @param data set to value in binary encoding (will be allocated) | ||
68 | * @param data_size set to number of bytes in @a data | ||
69 | * @return #GNUNET_OK on success | ||
70 | */ | ||
71 | static int | ||
72 | jwt_string_to_value (void *cls, | ||
73 | uint32_t type, | ||
74 | const char *s, | ||
75 | void **data, | ||
76 | size_t *data_size) | ||
77 | { | ||
78 | if (NULL == s) | ||
79 | return GNUNET_SYSERR; | ||
80 | switch (type) | ||
81 | { | ||
82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
83 | *data = GNUNET_strdup (s); | ||
84 | *data_size = strlen (s) + 1; | ||
85 | return GNUNET_OK; | ||
86 | |||
87 | default: | ||
88 | return GNUNET_SYSERR; | ||
89 | } | ||
90 | } | ||
91 | |||
92 | |||
93 | /** | ||
94 | * Mapping of credential type numbers to human-readable | ||
95 | * credential type names. | ||
96 | */ | ||
97 | static struct | ||
98 | { | ||
99 | const char *name; | ||
100 | uint32_t number; | ||
101 | } jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT }, | ||
102 | { NULL, UINT32_MAX } }; | ||
103 | |||
104 | /** | ||
105 | * Convert a type name to the corresponding number. | ||
106 | * | ||
107 | * @param cls closure, unused | ||
108 | * @param jwt_typename name to convert | ||
109 | * @return corresponding number, UINT32_MAX on error | ||
110 | */ | ||
111 | static uint32_t | ||
112 | jwt_typename_to_number (void *cls, const char *jwt_typename) | ||
113 | { | ||
114 | unsigned int i; | ||
115 | |||
116 | i = 0; | ||
117 | while ((NULL != jwt_cred_name_map[i].name) && | ||
118 | (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name))) | ||
119 | i++; | ||
120 | return jwt_cred_name_map[i].number; | ||
121 | } | ||
122 | |||
123 | |||
124 | /** | ||
125 | * Convert a type number to the corresponding type string (e.g. 1 to "A") | ||
126 | * | ||
127 | * @param cls closure, unused | ||
128 | * @param type number of a type to convert | ||
129 | * @return corresponding typestring, NULL on error | ||
130 | */ | ||
131 | static const char * | ||
132 | jwt_number_to_typename (void *cls, uint32_t type) | ||
133 | { | ||
134 | unsigned int i; | ||
135 | |||
136 | i = 0; | ||
137 | while ((NULL != jwt_cred_name_map[i].name) && (type != | ||
138 | jwt_cred_name_map[i]. | ||
139 | number)) | ||
140 | i++; | ||
141 | return jwt_cred_name_map[i].name; | ||
142 | } | ||
143 | |||
144 | |||
145 | /** | ||
146 | * Parse a JWT and return the respective claim value as Attribute | ||
147 | * | ||
148 | * @param cls the plugin | ||
149 | * @param cred the jwt credential | ||
150 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
151 | */ | ||
152 | struct GNUNET_RECLAIM_AttributeList * | ||
153 | jwt_parse_attributes (void *cls, | ||
154 | const char *data, | ||
155 | size_t data_size) | ||
156 | { | ||
157 | char *jwt_string; | ||
158 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
159 | char delim[] = "."; | ||
160 | char *val_str = NULL; | ||
161 | char *decoded_jwt; | ||
162 | char *tmp; | ||
163 | json_t *json_val; | ||
164 | json_error_t json_err; | ||
165 | |||
166 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
167 | |||
168 | jwt_string = GNUNET_strndup (data, data_size); | ||
169 | const char *jwt_body = strtok (jwt_string, delim); | ||
170 | jwt_body = strtok (NULL, delim); | ||
171 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
172 | (void **) &decoded_jwt); | ||
173 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); | ||
174 | GNUNET_assert (NULL != decoded_jwt); | ||
175 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
176 | GNUNET_free (decoded_jwt); | ||
177 | const char *key; | ||
178 | const char *addr_key; | ||
179 | json_t *value; | ||
180 | json_t *addr_value; | ||
181 | |||
182 | json_object_foreach (json_val, key, value) { | ||
183 | if (0 == strcmp ("iss", key)) | ||
184 | continue; | ||
185 | if (0 == strcmp ("jti", key)) | ||
186 | continue; | ||
187 | if (0 == strcmp ("exp", key)) | ||
188 | continue; | ||
189 | if (0 == strcmp ("iat", key)) | ||
190 | continue; | ||
191 | if (0 == strcmp ("nbf", key)) | ||
192 | continue; | ||
193 | if (0 == strcmp ("aud", key)) | ||
194 | continue; | ||
195 | if (0 == strcmp ("address", key)) | ||
196 | { | ||
197 | if (! json_is_object (value)) | ||
198 | { | ||
199 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
200 | "address claim in wrong format!"); | ||
201 | continue; | ||
202 | } | ||
203 | json_object_foreach (value, addr_key, addr_value) { | ||
204 | val_str = json_dumps (addr_value, JSON_ENCODE_ANY); | ||
205 | tmp = val_str; | ||
206 | // Remove leading " from jasson conversion | ||
207 | if (tmp[0] == '"') | ||
208 | tmp++; | ||
209 | // Remove trailing " from jansson conversion | ||
210 | if (tmp[strlen (tmp) - 1] == '"') | ||
211 | tmp[strlen (tmp) - 1] = '\0'; | ||
212 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
213 | addr_key, | ||
214 | NULL, | ||
215 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
216 | tmp, | ||
217 | strlen (val_str)); | ||
218 | GNUNET_free (val_str); | ||
219 | } | ||
220 | continue; | ||
221 | } | ||
222 | val_str = json_dumps (value, JSON_ENCODE_ANY); | ||
223 | tmp = val_str; | ||
224 | // Remove leading " from jasson conversion | ||
225 | if (tmp[0] == '"') | ||
226 | tmp++; | ||
227 | // Remove trailing " from jansson conversion | ||
228 | if (tmp[strlen (tmp) - 1] == '"') | ||
229 | tmp[strlen (tmp) - 1] = '\0'; | ||
230 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
231 | key, | ||
232 | NULL, | ||
233 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME | ||
234 | tmp, | ||
235 | strlen (val_str)); | ||
236 | GNUNET_free (val_str); | ||
237 | } | ||
238 | json_decref (json_val); | ||
239 | GNUNET_free (jwt_string); | ||
240 | return attrs; | ||
241 | } | ||
242 | |||
243 | |||
244 | /** | ||
245 | * Parse a JWT and return the respective claim value as Attribute | ||
246 | * | ||
247 | * @param cls the plugin | ||
248 | * @param cred the jwt credential | ||
249 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
250 | */ | ||
251 | struct GNUNET_RECLAIM_AttributeList * | ||
252 | jwt_parse_attributes_c (void *cls, | ||
253 | const struct GNUNET_RECLAIM_Credential *cred) | ||
254 | { | ||
255 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) | ||
256 | return NULL; | ||
257 | return jwt_parse_attributes (cls, cred->data, cred->data_size); | ||
258 | } | ||
259 | |||
260 | |||
261 | /** | ||
262 | * Parse a JWT and return the respective claim value as Attribute | ||
263 | * | ||
264 | * @param cls the plugin | ||
265 | * @param cred the jwt credential | ||
266 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
267 | */ | ||
268 | struct GNUNET_RECLAIM_AttributeList * | ||
269 | jwt_parse_attributes_p (void *cls, | ||
270 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
271 | { | ||
272 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) | ||
273 | return NULL; | ||
274 | return jwt_parse_attributes (cls, cred->data, cred->data_size); | ||
275 | } | ||
276 | |||
277 | |||
278 | /** | ||
279 | * Parse a JWT and return the issuer | ||
280 | * | ||
281 | * @param cls the plugin | ||
282 | * @param cred the jwt credential | ||
283 | * @return a string, containing the isser | ||
284 | */ | ||
285 | char * | ||
286 | jwt_get_issuer (void *cls, | ||
287 | const char *data, | ||
288 | size_t data_size) | ||
289 | { | ||
290 | const char *jwt_body; | ||
291 | char *jwt_string; | ||
292 | char delim[] = "."; | ||
293 | char *issuer = NULL; | ||
294 | char *decoded_jwt; | ||
295 | json_t *issuer_json; | ||
296 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
297 | json_t *json_val; | ||
298 | json_error_t json_err; | ||
299 | |||
300 | jwt_string = GNUNET_strndup (data, data_size); | ||
301 | jwt_body = strtok (jwt_string, delim); | ||
302 | jwt_body = strtok (NULL, delim); | ||
303 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
304 | (void **) &decoded_jwt); | ||
305 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
306 | GNUNET_free (decoded_jwt); | ||
307 | GNUNET_free (jwt_string); | ||
308 | if (NULL == json_val) | ||
309 | return NULL; | ||
310 | issuer_json = json_object_get (json_val, "iss"); | ||
311 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | ||
312 | { | ||
313 | json_decref (json_val); | ||
314 | return NULL; | ||
315 | } | ||
316 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | ||
317 | json_decref (json_val); | ||
318 | return issuer; | ||
319 | } | ||
320 | |||
321 | |||
322 | /** | ||
323 | * Parse a JWT and return the issuer | ||
324 | * | ||
325 | * @param cls the plugin | ||
326 | * @param cred the jwt credential | ||
327 | * @return a string, containing the isser | ||
328 | */ | ||
329 | char * | ||
330 | jwt_get_issuer_c (void *cls, | ||
331 | const struct GNUNET_RECLAIM_Credential *cred) | ||
332 | { | ||
333 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
334 | return NULL; | ||
335 | return jwt_get_issuer (cls, cred->data, cred->data_size); | ||
336 | } | ||
337 | |||
338 | |||
339 | /** | ||
340 | * Parse a JWT and return the issuer | ||
341 | * | ||
342 | * @param cls the plugin | ||
343 | * @param cred the jwt credential | ||
344 | * @return a string, containing the isser | ||
345 | */ | ||
346 | char * | ||
347 | jwt_get_issuer_p (void *cls, | ||
348 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
349 | { | ||
350 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
351 | return NULL; | ||
352 | return jwt_get_issuer (cls, cred->data, cred->data_size); | ||
353 | } | ||
354 | |||
355 | |||
356 | /** | ||
357 | * Parse a JWT and return the expiration | ||
358 | * | ||
359 | * @param cls the plugin | ||
360 | * @param cred the jwt credential | ||
361 | * @return a string, containing the isser | ||
362 | */ | ||
363 | enum GNUNET_GenericReturnValue | ||
364 | jwt_get_expiration (void *cls, | ||
365 | const char *data, | ||
366 | size_t data_size, | ||
367 | struct GNUNET_TIME_Absolute *exp) | ||
368 | { | ||
369 | const char *jwt_body; | ||
370 | char *jwt_string; | ||
371 | char delim[] = "."; | ||
372 | char *decoded_jwt; | ||
373 | json_t *exp_json; | ||
374 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
375 | json_t *json_val; | ||
376 | json_error_t json_err; | ||
377 | |||
378 | jwt_string = GNUNET_strndup (data, data_size); | ||
379 | jwt_body = strtok (jwt_string, delim); | ||
380 | jwt_body = strtok (NULL, delim); | ||
381 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
382 | (void **) &decoded_jwt); | ||
383 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
384 | GNUNET_free (decoded_jwt); | ||
385 | GNUNET_free (jwt_string); | ||
386 | if (NULL == json_val) | ||
387 | return GNUNET_SYSERR; | ||
388 | exp_json = json_object_get (json_val, "exp"); | ||
389 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | ||
390 | { | ||
391 | json_decref (json_val); | ||
392 | return GNUNET_SYSERR; | ||
393 | } | ||
394 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | ||
395 | json_decref (json_val); | ||
396 | return GNUNET_OK; | ||
397 | } | ||
398 | |||
399 | |||
400 | /** | ||
401 | * Parse a JWT and return the expiration | ||
402 | * | ||
403 | * @param cls the plugin | ||
404 | * @param cred the jwt credential | ||
405 | * @return the expirati | ||
406 | */ | ||
407 | enum GNUNET_GenericReturnValue | ||
408 | jwt_get_expiration_c (void *cls, | ||
409 | const struct GNUNET_RECLAIM_Credential *cred, | ||
410 | struct GNUNET_TIME_Absolute *exp) | ||
411 | { | ||
412 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
413 | return GNUNET_NO; | ||
414 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); | ||
415 | } | ||
416 | |||
417 | |||
418 | /** | ||
419 | * Parse a JWT and return the expiration | ||
420 | * | ||
421 | * @param cls the plugin | ||
422 | * @param cred the jwt credential | ||
423 | * @return a string, containing the isser | ||
424 | */ | ||
425 | enum GNUNET_GenericReturnValue | ||
426 | jwt_get_expiration_p (void *cls, | ||
427 | const struct GNUNET_RECLAIM_Presentation *cred, | ||
428 | struct GNUNET_TIME_Absolute *exp) | ||
429 | { | ||
430 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
431 | return GNUNET_NO; | ||
432 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); | ||
433 | } | ||
434 | |||
435 | |||
436 | enum GNUNET_GenericReturnValue | ||
437 | jwt_create_presentation (void *cls, | ||
438 | const struct GNUNET_RECLAIM_Credential *cred, | ||
439 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
440 | struct GNUNET_RECLAIM_Presentation **presentation) | ||
441 | { | ||
442 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
443 | return GNUNET_NO; | ||
444 | *presentation = GNUNET_RECLAIM_presentation_new ( | ||
445 | GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT, | ||
446 | cred->data, | ||
447 | cred->data_size); | ||
448 | return GNUNET_OK; | ||
449 | } | ||
450 | |||
451 | |||
452 | /** | ||
453 | * Entry point for the plugin. | ||
454 | * | ||
455 | * @param cls NULL | ||
456 | * @return the exported block API | ||
457 | */ | ||
458 | void * | ||
459 | libgnunet_plugin_reclaim_credential_jwt_init (void *cls) | ||
460 | { | ||
461 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
462 | |||
463 | api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); | ||
464 | api->value_to_string = &jwt_value_to_string; | ||
465 | api->string_to_value = &jwt_string_to_value; | ||
466 | api->typename_to_number = &jwt_typename_to_number; | ||
467 | api->number_to_typename = &jwt_number_to_typename; | ||
468 | api->get_attributes = &jwt_parse_attributes_c; | ||
469 | api->get_issuer = &jwt_get_issuer_c; | ||
470 | api->get_expiration = &jwt_get_expiration_c; | ||
471 | api->value_to_string_p = &jwt_value_to_string; | ||
472 | api->string_to_value_p = &jwt_string_to_value; | ||
473 | api->typename_to_number_p = &jwt_typename_to_number; | ||
474 | api->number_to_typename_p = &jwt_number_to_typename; | ||
475 | api->get_attributes_p = &jwt_parse_attributes_p; | ||
476 | api->get_issuer_p = &jwt_get_issuer_p; | ||
477 | api->get_expiration_p = &jwt_get_expiration_p; | ||
478 | api->create_presentation = &jwt_create_presentation; | ||
479 | return api; | ||
480 | } | ||
481 | |||
482 | |||
483 | /** | ||
484 | * Exit point from the plugin. | ||
485 | * | ||
486 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
487 | * @return NULL | ||
488 | */ | ||
489 | void * | ||
490 | libgnunet_plugin_reclaim_credential_jwt_done (void *cls) | ||
491 | { | ||
492 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; | ||
493 | |||
494 | GNUNET_free (api); | ||
495 | return NULL; | ||
496 | } | ||
497 | |||
498 | |||
499 | /* end of plugin_reclaim_credential_type_jwt.c */ | ||