diff options
Diffstat (limited to 'src/reclaim/plugin_reclaim_credential_jwt.c')
| -rw-r--r-- | src/reclaim/plugin_reclaim_credential_jwt.c | 49 |
1 files changed, 33 insertions, 16 deletions
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c index 6f52f3a4e..c1e12f4a0 100644 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ b/src/reclaim/plugin_reclaim_credential_jwt.c | |||
| @@ -81,7 +81,7 @@ jwt_string_to_value (void *cls, | |||
| 81 | { | 81 | { |
| 82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | 82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: |
| 83 | *data = GNUNET_strdup (s); | 83 | *data = GNUNET_strdup (s); |
| 84 | *data_size = strlen (s); | 84 | *data_size = strlen (s) + 1; |
| 85 | return GNUNET_OK; | 85 | return GNUNET_OK; |
| 86 | 86 | ||
| 87 | default: | 87 | default: |
| @@ -151,7 +151,8 @@ jwt_number_to_typename (void *cls, uint32_t type) | |||
| 151 | */ | 151 | */ |
| 152 | struct GNUNET_RECLAIM_AttributeList * | 152 | struct GNUNET_RECLAIM_AttributeList * |
| 153 | jwt_parse_attributes (void *cls, | 153 | jwt_parse_attributes (void *cls, |
| 154 | const char *data) | 154 | const char *data, |
| 155 | size_t data_size) | ||
| 155 | { | 156 | { |
| 156 | char *jwt_string; | 157 | char *jwt_string; |
| 157 | struct GNUNET_RECLAIM_AttributeList *attrs; | 158 | struct GNUNET_RECLAIM_AttributeList *attrs; |
| @@ -164,7 +165,7 @@ jwt_parse_attributes (void *cls, | |||
| 164 | 165 | ||
| 165 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | 166 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); |
| 166 | 167 | ||
| 167 | jwt_string = GNUNET_strdup (data); | 168 | jwt_string = GNUNET_strndup (data, data_size); |
| 168 | const char *jwt_body = strtok (jwt_string, delim); | 169 | const char *jwt_body = strtok (jwt_string, delim); |
| 169 | jwt_body = strtok (NULL, delim); | 170 | jwt_body = strtok (NULL, delim); |
| 170 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | 171 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
| @@ -172,6 +173,7 @@ jwt_parse_attributes (void *cls, | |||
| 172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); | 173 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); |
| 173 | GNUNET_assert (NULL != decoded_jwt); | 174 | GNUNET_assert (NULL != decoded_jwt); |
| 174 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 175 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
| 176 | GNUNET_free (decoded_jwt); | ||
| 175 | const char *key; | 177 | const char *key; |
| 176 | json_t *value; | 178 | json_t *value; |
| 177 | json_object_foreach (json_val, key, value) { | 179 | json_object_foreach (json_val, key, value) { |
| @@ -196,6 +198,7 @@ jwt_parse_attributes (void *cls, | |||
| 196 | strlen (val_str)); | 198 | strlen (val_str)); |
| 197 | GNUNET_free (val_str); | 199 | GNUNET_free (val_str); |
| 198 | } | 200 | } |
| 201 | json_decref (json_val); | ||
| 199 | GNUNET_free (jwt_string); | 202 | GNUNET_free (jwt_string); |
| 200 | return attrs; | 203 | return attrs; |
| 201 | } | 204 | } |
| @@ -212,7 +215,7 @@ struct GNUNET_RECLAIM_AttributeList * | |||
| 212 | jwt_parse_attributes_c (void *cls, | 215 | jwt_parse_attributes_c (void *cls, |
| 213 | const struct GNUNET_RECLAIM_Credential *cred) | 216 | const struct GNUNET_RECLAIM_Credential *cred) |
| 214 | { | 217 | { |
| 215 | return jwt_parse_attributes (cls, cred->data); | 218 | return jwt_parse_attributes (cls, cred->data, cred->data_size); |
| 216 | } | 219 | } |
| 217 | 220 | ||
| 218 | 221 | ||
| @@ -227,7 +230,7 @@ struct GNUNET_RECLAIM_AttributeList * | |||
| 227 | jwt_parse_attributes_p (void *cls, | 230 | jwt_parse_attributes_p (void *cls, |
| 228 | const struct GNUNET_RECLAIM_Presentation *cred) | 231 | const struct GNUNET_RECLAIM_Presentation *cred) |
| 229 | { | 232 | { |
| 230 | return jwt_parse_attributes (cls, cred->data); | 233 | return jwt_parse_attributes (cls, cred->data, cred->data_size); |
| 231 | } | 234 | } |
| 232 | 235 | ||
| 233 | 236 | ||
| @@ -240,7 +243,8 @@ jwt_parse_attributes_p (void *cls, | |||
| 240 | */ | 243 | */ |
| 241 | char * | 244 | char * |
| 242 | jwt_get_issuer (void *cls, | 245 | jwt_get_issuer (void *cls, |
| 243 | const char *data) | 246 | const char *data, |
| 247 | size_t data_size) | ||
| 244 | { | 248 | { |
| 245 | const char *jwt_body; | 249 | const char *jwt_body; |
| 246 | char *jwt_string; | 250 | char *jwt_string; |
| @@ -252,17 +256,23 @@ jwt_get_issuer (void *cls, | |||
| 252 | json_t *json_val; | 256 | json_t *json_val; |
| 253 | json_error_t *json_err = NULL; | 257 | json_error_t *json_err = NULL; |
| 254 | 258 | ||
| 255 | jwt_string = GNUNET_strdup (data); | 259 | jwt_string = GNUNET_strndup (data, data_size); |
| 256 | jwt_body = strtok (jwt_string, delim); | 260 | jwt_body = strtok (jwt_string, delim); |
| 257 | jwt_body = strtok (NULL, delim); | 261 | jwt_body = strtok (NULL, delim); |
| 258 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | 262 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
| 259 | (void **) &decoded_jwt); | 263 | (void **) &decoded_jwt); |
| 260 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 264 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
| 265 | GNUNET_free (decoded_jwt); | ||
| 266 | GNUNET_free (jwt_string); | ||
| 267 | if (NULL == json_val) | ||
| 268 | return NULL; | ||
| 261 | issuer_json = json_object_get (json_val, "iss"); | 269 | issuer_json = json_object_get (json_val, "iss"); |
| 262 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | 270 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) { |
| 271 | json_decref (json_val); | ||
| 263 | return NULL; | 272 | return NULL; |
| 273 | } | ||
| 264 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | 274 | issuer = GNUNET_strdup (json_string_value (issuer_json)); |
| 265 | GNUNET_free (jwt_string); | 275 | json_decref (json_val); |
| 266 | return issuer; | 276 | return issuer; |
| 267 | } | 277 | } |
| 268 | 278 | ||
| @@ -280,7 +290,7 @@ jwt_get_issuer_c (void *cls, | |||
| 280 | { | 290 | { |
| 281 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | 291 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) |
| 282 | return NULL; | 292 | return NULL; |
| 283 | return jwt_get_issuer (cls, cred->data); | 293 | return jwt_get_issuer (cls, cred->data, cred->data_size); |
| 284 | } | 294 | } |
| 285 | 295 | ||
| 286 | 296 | ||
| @@ -297,7 +307,7 @@ jwt_get_issuer_p (void *cls, | |||
| 297 | { | 307 | { |
| 298 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | 308 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) |
| 299 | return NULL; | 309 | return NULL; |
| 300 | return jwt_get_issuer (cls, cred->data); | 310 | return jwt_get_issuer (cls, cred->data, cred->data_size); |
| 301 | } | 311 | } |
| 302 | 312 | ||
| 303 | 313 | ||
| @@ -311,6 +321,7 @@ jwt_get_issuer_p (void *cls, | |||
| 311 | int | 321 | int |
| 312 | jwt_get_expiration (void *cls, | 322 | jwt_get_expiration (void *cls, |
| 313 | const char *data, | 323 | const char *data, |
| 324 | size_t data_size, | ||
| 314 | struct GNUNET_TIME_Absolute *exp) | 325 | struct GNUNET_TIME_Absolute *exp) |
| 315 | { | 326 | { |
| 316 | const char *jwt_body; | 327 | const char *jwt_body; |
| @@ -322,17 +333,23 @@ jwt_get_expiration (void *cls, | |||
| 322 | json_t *json_val; | 333 | json_t *json_val; |
| 323 | json_error_t *json_err = NULL; | 334 | json_error_t *json_err = NULL; |
| 324 | 335 | ||
| 325 | jwt_string = GNUNET_strdup (data); | 336 | jwt_string = GNUNET_strndup (data, data_size); |
| 326 | jwt_body = strtok (jwt_string, delim); | 337 | jwt_body = strtok (jwt_string, delim); |
| 327 | jwt_body = strtok (NULL, delim); | 338 | jwt_body = strtok (NULL, delim); |
| 328 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | 339 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), |
| 329 | (void **) &decoded_jwt); | 340 | (void **) &decoded_jwt); |
| 330 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | 341 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); |
| 342 | GNUNET_free (decoded_jwt); | ||
| 343 | GNUNET_free (jwt_string); | ||
| 344 | if (NULL == json_val) | ||
| 345 | return GNUNET_SYSERR; | ||
| 331 | exp_json = json_object_get (json_val, "exp"); | 346 | exp_json = json_object_get (json_val, "exp"); |
| 332 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | 347 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) { |
| 348 | json_decref (json_val); | ||
| 333 | return GNUNET_SYSERR; | 349 | return GNUNET_SYSERR; |
| 350 | } | ||
| 334 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | 351 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; |
| 335 | GNUNET_free (jwt_string); | 352 | json_decref (json_val); |
| 336 | return GNUNET_OK; | 353 | return GNUNET_OK; |
| 337 | } | 354 | } |
| 338 | 355 | ||
| @@ -349,7 +366,7 @@ jwt_get_expiration_c (void *cls, | |||
| 349 | const struct GNUNET_RECLAIM_Credential *cred, | 366 | const struct GNUNET_RECLAIM_Credential *cred, |
| 350 | struct GNUNET_TIME_Absolute *exp) | 367 | struct GNUNET_TIME_Absolute *exp) |
| 351 | { | 368 | { |
| 352 | return jwt_get_expiration (cls, cred->data, exp); | 369 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); |
| 353 | } | 370 | } |
| 354 | 371 | ||
| 355 | 372 | ||
| @@ -365,7 +382,7 @@ jwt_get_expiration_p (void *cls, | |||
| 365 | const struct GNUNET_RECLAIM_Presentation *cred, | 382 | const struct GNUNET_RECLAIM_Presentation *cred, |
| 366 | struct GNUNET_TIME_Absolute *exp) | 383 | struct GNUNET_TIME_Absolute *exp) |
| 367 | { | 384 | { |
| 368 | return jwt_get_expiration (cls, cred->data, exp); | 385 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); |
| 369 | } | 386 | } |
| 370 | 387 | ||
| 371 | 388 | ||