diff options
Diffstat (limited to 'src/reclaim/plugin_reclaim_credential_jwt.c')
-rw-r--r-- | src/reclaim/plugin_reclaim_credential_jwt.c | 49 |
1 files changed, 33 insertions, 16 deletions
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c index 6f52f3a4e..c1e12f4a0 100644 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ b/src/reclaim/plugin_reclaim_credential_jwt.c | |||
@@ -81,7 +81,7 @@ jwt_string_to_value (void *cls, | |||
81 | { | 81 | { |
82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | 82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: |
83 | *data = GNUNET_strdup (s); | 83 | *data = GNUNET_strdup (s); |
84 | *data_size = strlen (s); | 84 | *data_size = strlen (s) + 1; |
85 | return GNUNET_OK; | 85 | return GNUNET_OK; |
86 | 86 | ||
87 | default: | 87 | default: |
@@ -151,7 +151,8 @@ jwt_number_to_typename (void *cls, uint32_t type) | |||
151 | */ | 151 | */ |
152 | struct GNUNET_RECLAIM_AttributeList * | 152 | struct GNUNET_RECLAIM_AttributeList * |
153 | jwt_parse_attributes (void *cls, | 153 | jwt_parse_attributes (void *cls, |
154 | const char *data) | 154 | const char *data, |
155 | size_t data_size) | ||
155 | { | 156 | { |
156 | char *jwt_string; | 157 | char *jwt_string; |
157 | struct GNUNET_RECLAIM_AttributeList *attrs; | 158 | struct GNUNET_RECLAIM_AttributeList *attrs; |
@@ -164,7 +165,7 @@ jwt_parse_attributes (void *cls, | |||
164 | 165 | ||
165 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | 166 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); |
166 | 167 | ||
167 | jwt_string = GNUNET_strdup (data); | 168 | jwt_string = GNUNET_strndup (data, data_size); |
168 | const char *jwt_body = strtok (jwt_string, delim); | 169 | const char *jwt_body = strtok (jwt_string, delim); |
169 | jwt_body = strtok (NULL, delim); | 170 | jwt_body = strtok (NULL, delim); |
170 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | 171 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
@@ -172,6 +173,7 @@ jwt_parse_attributes (void *cls, | |||
172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); | 173 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); |
173 | GNUNET_assert (NULL != decoded_jwt); | 174 | GNUNET_assert (NULL != decoded_jwt); |
174 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 175 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
176 | GNUNET_free (decoded_jwt); | ||
175 | const char *key; | 177 | const char *key; |
176 | json_t *value; | 178 | json_t *value; |
177 | json_object_foreach (json_val, key, value) { | 179 | json_object_foreach (json_val, key, value) { |
@@ -196,6 +198,7 @@ jwt_parse_attributes (void *cls, | |||
196 | strlen (val_str)); | 198 | strlen (val_str)); |
197 | GNUNET_free (val_str); | 199 | GNUNET_free (val_str); |
198 | } | 200 | } |
201 | json_decref (json_val); | ||
199 | GNUNET_free (jwt_string); | 202 | GNUNET_free (jwt_string); |
200 | return attrs; | 203 | return attrs; |
201 | } | 204 | } |
@@ -212,7 +215,7 @@ struct GNUNET_RECLAIM_AttributeList * | |||
212 | jwt_parse_attributes_c (void *cls, | 215 | jwt_parse_attributes_c (void *cls, |
213 | const struct GNUNET_RECLAIM_Credential *cred) | 216 | const struct GNUNET_RECLAIM_Credential *cred) |
214 | { | 217 | { |
215 | return jwt_parse_attributes (cls, cred->data); | 218 | return jwt_parse_attributes (cls, cred->data, cred->data_size); |
216 | } | 219 | } |
217 | 220 | ||
218 | 221 | ||
@@ -227,7 +230,7 @@ struct GNUNET_RECLAIM_AttributeList * | |||
227 | jwt_parse_attributes_p (void *cls, | 230 | jwt_parse_attributes_p (void *cls, |
228 | const struct GNUNET_RECLAIM_Presentation *cred) | 231 | const struct GNUNET_RECLAIM_Presentation *cred) |
229 | { | 232 | { |
230 | return jwt_parse_attributes (cls, cred->data); | 233 | return jwt_parse_attributes (cls, cred->data, cred->data_size); |
231 | } | 234 | } |
232 | 235 | ||
233 | 236 | ||
@@ -240,7 +243,8 @@ jwt_parse_attributes_p (void *cls, | |||
240 | */ | 243 | */ |
241 | char * | 244 | char * |
242 | jwt_get_issuer (void *cls, | 245 | jwt_get_issuer (void *cls, |
243 | const char *data) | 246 | const char *data, |
247 | size_t data_size) | ||
244 | { | 248 | { |
245 | const char *jwt_body; | 249 | const char *jwt_body; |
246 | char *jwt_string; | 250 | char *jwt_string; |
@@ -252,17 +256,23 @@ jwt_get_issuer (void *cls, | |||
252 | json_t *json_val; | 256 | json_t *json_val; |
253 | json_error_t *json_err = NULL; | 257 | json_error_t *json_err = NULL; |
254 | 258 | ||
255 | jwt_string = GNUNET_strdup (data); | 259 | jwt_string = GNUNET_strndup (data, data_size); |
256 | jwt_body = strtok (jwt_string, delim); | 260 | jwt_body = strtok (jwt_string, delim); |
257 | jwt_body = strtok (NULL, delim); | 261 | jwt_body = strtok (NULL, delim); |
258 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | 262 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
259 | (void **) &decoded_jwt); | 263 | (void **) &decoded_jwt); |
260 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 264 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
265 | GNUNET_free (decoded_jwt); | ||
266 | GNUNET_free (jwt_string); | ||
267 | if (NULL == json_val) | ||
268 | return NULL; | ||
261 | issuer_json = json_object_get (json_val, "iss"); | 269 | issuer_json = json_object_get (json_val, "iss"); |
262 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | 270 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) { |
271 | json_decref (json_val); | ||
263 | return NULL; | 272 | return NULL; |
273 | } | ||
264 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | 274 | issuer = GNUNET_strdup (json_string_value (issuer_json)); |
265 | GNUNET_free (jwt_string); | 275 | json_decref (json_val); |
266 | return issuer; | 276 | return issuer; |
267 | } | 277 | } |
268 | 278 | ||
@@ -280,7 +290,7 @@ jwt_get_issuer_c (void *cls, | |||
280 | { | 290 | { |
281 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | 291 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) |
282 | return NULL; | 292 | return NULL; |
283 | return jwt_get_issuer (cls, cred->data); | 293 | return jwt_get_issuer (cls, cred->data, cred->data_size); |
284 | } | 294 | } |
285 | 295 | ||
286 | 296 | ||
@@ -297,7 +307,7 @@ jwt_get_issuer_p (void *cls, | |||
297 | { | 307 | { |
298 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | 308 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) |
299 | return NULL; | 309 | return NULL; |
300 | return jwt_get_issuer (cls, cred->data); | 310 | return jwt_get_issuer (cls, cred->data, cred->data_size); |
301 | } | 311 | } |
302 | 312 | ||
303 | 313 | ||
@@ -311,6 +321,7 @@ jwt_get_issuer_p (void *cls, | |||
311 | int | 321 | int |
312 | jwt_get_expiration (void *cls, | 322 | jwt_get_expiration (void *cls, |
313 | const char *data, | 323 | const char *data, |
324 | size_t data_size, | ||
314 | struct GNUNET_TIME_Absolute *exp) | 325 | struct GNUNET_TIME_Absolute *exp) |
315 | { | 326 | { |
316 | const char *jwt_body; | 327 | const char *jwt_body; |
@@ -322,17 +333,23 @@ jwt_get_expiration (void *cls, | |||
322 | json_t *json_val; | 333 | json_t *json_val; |
323 | json_error_t *json_err = NULL; | 334 | json_error_t *json_err = NULL; |
324 | 335 | ||
325 | jwt_string = GNUNET_strdup (data); | 336 | jwt_string = GNUNET_strndup (data, data_size); |
326 | jwt_body = strtok (jwt_string, delim); | 337 | jwt_body = strtok (jwt_string, delim); |
327 | jwt_body = strtok (NULL, delim); | 338 | jwt_body = strtok (NULL, delim); |
328 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | 339 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
329 | (void **) &decoded_jwt); | 340 | (void **) &decoded_jwt); |
330 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 341 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
342 | GNUNET_free (decoded_jwt); | ||
343 | GNUNET_free (jwt_string); | ||
344 | if (NULL == json_val) | ||
345 | return GNUNET_SYSERR; | ||
331 | exp_json = json_object_get (json_val, "exp"); | 346 | exp_json = json_object_get (json_val, "exp"); |
332 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | 347 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) { |
348 | json_decref (json_val); | ||
333 | return GNUNET_SYSERR; | 349 | return GNUNET_SYSERR; |
350 | } | ||
334 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | 351 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; |
335 | GNUNET_free (jwt_string); | 352 | json_decref (json_val); |
336 | return GNUNET_OK; | 353 | return GNUNET_OK; |
337 | } | 354 | } |
338 | 355 | ||
@@ -349,7 +366,7 @@ jwt_get_expiration_c (void *cls, | |||
349 | const struct GNUNET_RECLAIM_Credential *cred, | 366 | const struct GNUNET_RECLAIM_Credential *cred, |
350 | struct GNUNET_TIME_Absolute *exp) | 367 | struct GNUNET_TIME_Absolute *exp) |
351 | { | 368 | { |
352 | return jwt_get_expiration (cls, cred->data, exp); | 369 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); |
353 | } | 370 | } |
354 | 371 | ||
355 | 372 | ||
@@ -365,7 +382,7 @@ jwt_get_expiration_p (void *cls, | |||
365 | const struct GNUNET_RECLAIM_Presentation *cred, | 382 | const struct GNUNET_RECLAIM_Presentation *cred, |
366 | struct GNUNET_TIME_Absolute *exp) | 383 | struct GNUNET_TIME_Absolute *exp) |
367 | { | 384 | { |
368 | return jwt_get_expiration (cls, cred->data, exp); | 385 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); |
369 | } | 386 | } |
370 | 387 | ||
371 | 388 | ||