diff options
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 257 |
1 files changed, 148 insertions, 109 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 06e1b0061..5b0bb2b6f 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -393,6 +393,15 @@ struct EgoEntry | |||
393 | 393 | ||
394 | struct RequestHandle | 394 | struct RequestHandle |
395 | { | 395 | { |
396 | /** | ||
397 | * DLL | ||
398 | */ | ||
399 | struct RequestHandle *next; | ||
400 | |||
401 | /** | ||
402 | * DLL | ||
403 | */ | ||
404 | struct RequestHandle *prev; | ||
396 | 405 | ||
397 | /** | 406 | /** |
398 | * Selected ego | 407 | * Selected ego |
@@ -430,10 +439,14 @@ struct RequestHandle | |||
430 | struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; | 439 | struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; |
431 | 440 | ||
432 | /** | 441 | /** |
433 | * Attestation list | 442 | * Credentials |
434 | */ | 443 | */ |
435 | struct GNUNET_RECLAIM_AttestationList *attests_list; | 444 | struct GNUNET_RECLAIM_CredentialList *credentials; |
436 | 445 | ||
446 | /** | ||
447 | * Presentations | ||
448 | */ | ||
449 | struct GNUNET_RECLAIM_PresentationList *presentations; | ||
437 | 450 | ||
438 | /** | 451 | /** |
439 | * IDENTITY Operation | 452 | * IDENTITY Operation |
@@ -452,9 +465,9 @@ struct RequestHandle | |||
452 | struct GNUNET_RECLAIM_AttributeIterator *attr_it; | 465 | struct GNUNET_RECLAIM_AttributeIterator *attr_it; |
453 | 466 | ||
454 | /** | 467 | /** |
455 | * Attestation iterator | 468 | * Credential iterator |
456 | */ | 469 | */ |
457 | struct GNUNET_RECLAIM_AttestationIterator *attest_it; | 470 | struct GNUNET_RECLAIM_CredentialIterator *cred_it; |
458 | 471 | ||
459 | 472 | ||
460 | /** | 473 | /** |
@@ -528,6 +541,16 @@ struct RequestHandle | |||
528 | int public_client; | 541 | int public_client; |
529 | }; | 542 | }; |
530 | 543 | ||
544 | /** | ||
545 | * DLL | ||
546 | */ | ||
547 | static struct RequestHandle *requests_head; | ||
548 | |||
549 | /** | ||
550 | * DLL | ||
551 | */ | ||
552 | static struct RequestHandle *requests_tail; | ||
553 | |||
531 | 554 | ||
532 | /** | 555 | /** |
533 | * Cleanup lookup handle | 556 | * Cleanup lookup handle |
@@ -542,8 +565,8 @@ cleanup_handle (struct RequestHandle *handle) | |||
542 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | 565 | GNUNET_SCHEDULER_cancel (handle->timeout_task); |
543 | if (NULL != handle->attr_it) | 566 | if (NULL != handle->attr_it) |
544 | GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); | 567 | GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); |
545 | if (NULL != handle->attest_it) | 568 | if (NULL != handle->cred_it) |
546 | GNUNET_RECLAIM_get_attestations_stop (handle->attest_it); | 569 | GNUNET_RECLAIM_get_credentials_stop (handle->cred_it); |
547 | if (NULL != handle->ticket_it) | 570 | if (NULL != handle->ticket_it) |
548 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); | 571 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); |
549 | if (NULL != handle->idp_op) | 572 | if (NULL != handle->idp_op) |
@@ -571,20 +594,17 @@ cleanup_handle (struct RequestHandle *handle) | |||
571 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); | 594 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); |
572 | if (NULL!=handle->attr_userinfo_list) | 595 | if (NULL!=handle->attr_userinfo_list) |
573 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); | 596 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); |
574 | if (NULL!=handle->attests_list) | 597 | if (NULL!=handle->credentials) |
575 | GNUNET_RECLAIM_attestation_list_destroy (handle->attests_list); | 598 | GNUNET_RECLAIM_credential_list_destroy (handle->credentials); |
576 | 599 | if (NULL!=handle->presentations) | |
600 | GNUNET_RECLAIM_presentation_list_destroy (handle->presentations); | ||
601 | GNUNET_CONTAINER_DLL_remove (requests_head, | ||
602 | requests_tail, | ||
603 | handle); | ||
577 | GNUNET_free (handle); | 604 | GNUNET_free (handle); |
578 | } | 605 | } |
579 | 606 | ||
580 | 607 | ||
581 | static void | ||
582 | cleanup_handle_delayed (void *cls) | ||
583 | { | ||
584 | cleanup_handle (cls); | ||
585 | } | ||
586 | |||
587 | |||
588 | /** | 608 | /** |
589 | * Task run on error, sends error message. Cleans up everything. | 609 | * Task run on error, sends error message. Cleans up everything. |
590 | * | 610 | * |
@@ -613,7 +633,7 @@ do_error (void *cls) | |||
613 | MHD_HTTP_HEADER_CONTENT_TYPE, | 633 | MHD_HTTP_HEADER_CONTENT_TYPE, |
614 | "application/json"); | 634 | "application/json"); |
615 | handle->proc (handle->proc_cls, resp, handle->response_code); | 635 | handle->proc (handle->proc_cls, resp, handle->response_code); |
616 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 636 | cleanup_handle (handle); |
617 | GNUNET_free (json_error); | 637 | GNUNET_free (json_error); |
618 | } | 638 | } |
619 | 639 | ||
@@ -640,7 +660,7 @@ do_userinfo_error (void *cls) | |||
640 | resp = GNUNET_REST_create_response (""); | 660 | resp = GNUNET_REST_create_response (""); |
641 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); | 661 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); |
642 | handle->proc (handle->proc_cls, resp, handle->response_code); | 662 | handle->proc (handle->proc_cls, resp, handle->response_code); |
643 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 663 | cleanup_handle (handle); |
644 | GNUNET_free (error); | 664 | GNUNET_free (error); |
645 | } | 665 | } |
646 | 666 | ||
@@ -667,7 +687,7 @@ do_redirect_error (void *cls) | |||
667 | resp = GNUNET_REST_create_response (""); | 687 | resp = GNUNET_REST_create_response (""); |
668 | MHD_add_response_header (resp, "Location", redirect); | 688 | MHD_add_response_header (resp, "Location", redirect); |
669 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 689 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
670 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 690 | cleanup_handle (handle); |
671 | GNUNET_free (redirect); | 691 | GNUNET_free (redirect); |
672 | } | 692 | } |
673 | 693 | ||
@@ -897,7 +917,7 @@ login_redirect (void *cls) | |||
897 | } | 917 | } |
898 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 918 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
899 | GNUNET_free (new_redirect); | 919 | GNUNET_free (new_redirect); |
900 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 920 | cleanup_handle (handle); |
901 | } | 921 | } |
902 | 922 | ||
903 | 923 | ||
@@ -920,7 +940,9 @@ oidc_iteration_error (void *cls) | |||
920 | * parameter. Otherwise redirects with error | 940 | * parameter. Otherwise redirects with error |
921 | */ | 941 | */ |
922 | static void | 942 | static void |
923 | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | 943 | oidc_ticket_issue_cb (void *cls, |
944 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
945 | const struct GNUNET_RECLAIM_PresentationList *pres) | ||
924 | { | 946 | { |
925 | struct RequestHandle *handle = cls; | 947 | struct RequestHandle *handle = cls; |
926 | struct MHD_Response *resp; | 948 | struct MHD_Response *resp; |
@@ -943,7 +965,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
943 | code_string = OIDC_build_authz_code (&handle->priv_key, | 965 | code_string = OIDC_build_authz_code (&handle->priv_key, |
944 | &handle->ticket, | 966 | &handle->ticket, |
945 | handle->attr_idtoken_list, | 967 | handle->attr_idtoken_list, |
946 | handle->attests_list, | 968 | pres, |
947 | handle->oidc->nonce, | 969 | handle->oidc->nonce, |
948 | handle->oidc->code_challenge); | 970 | handle->oidc->code_challenge); |
949 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | 971 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
@@ -974,7 +996,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
974 | resp = GNUNET_REST_create_response (""); | 996 | resp = GNUNET_REST_create_response (""); |
975 | MHD_add_response_header (resp, "Location", redirect_uri); | 997 | MHD_add_response_header (resp, "Location", redirect_uri); |
976 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 998 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
977 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 999 | cleanup_handle (handle); |
978 | GNUNET_free (redirect_uri); | 1000 | GNUNET_free (redirect_uri); |
979 | GNUNET_free (ticket_str); | 1001 | GNUNET_free (ticket_str); |
980 | GNUNET_free (code_string); | 1002 | GNUNET_free (code_string); |
@@ -996,13 +1018,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, | |||
996 | le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | 1018 | le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); |
997 | le_m->attribute = GNUNET_RECLAIM_attribute_new (le_a->attribute->name, | 1019 | le_m->attribute = GNUNET_RECLAIM_attribute_new (le_a->attribute->name, |
998 | &le_a->attribute-> | 1020 | &le_a->attribute-> |
999 | attestation, | 1021 | credential, |
1000 | le_a->attribute->type, | 1022 | le_a->attribute->type, |
1001 | le_a->attribute->data, | 1023 | le_a->attribute->data, |
1002 | le_a->attribute->data_size); | 1024 | le_a->attribute->data_size); |
1003 | le_m->attribute->id = le_a->attribute->id; | 1025 | le_m->attribute->id = le_a->attribute->id; |
1004 | le_m->attribute->flag = le_a->attribute->flag; | 1026 | le_m->attribute->flag = le_a->attribute->flag; |
1005 | le_m->attribute->attestation = le_a->attribute->attestation; | 1027 | le_m->attribute->credential = le_a->attribute->credential; |
1006 | GNUNET_CONTAINER_DLL_insert (merged_list->list_head, | 1028 | GNUNET_CONTAINER_DLL_insert (merged_list->list_head, |
1007 | merged_list->list_tail, | 1029 | merged_list->list_tail, |
1008 | le_m); | 1030 | le_m); |
@@ -1021,13 +1043,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, | |||
1021 | le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | 1043 | le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); |
1022 | le_m->attribute = GNUNET_RECLAIM_attribute_new (le_b->attribute->name, | 1044 | le_m->attribute = GNUNET_RECLAIM_attribute_new (le_b->attribute->name, |
1023 | &le_b->attribute-> | 1045 | &le_b->attribute-> |
1024 | attestation, | 1046 | credential, |
1025 | le_b->attribute->type, | 1047 | le_b->attribute->type, |
1026 | le_b->attribute->data, | 1048 | le_b->attribute->data, |
1027 | le_b->attribute->data_size); | 1049 | le_b->attribute->data_size); |
1028 | le_m->attribute->id = le_b->attribute->id; | 1050 | le_m->attribute->id = le_b->attribute->id; |
1029 | le_m->attribute->flag = le_b->attribute->flag; | 1051 | le_m->attribute->flag = le_b->attribute->flag; |
1030 | le_m->attribute->attestation = le_b->attribute->attestation; | 1052 | le_m->attribute->credential = le_b->attribute->credential; |
1031 | GNUNET_CONTAINER_DLL_insert (merged_list->list_head, | 1053 | GNUNET_CONTAINER_DLL_insert (merged_list->list_head, |
1032 | merged_list->list_tail, | 1054 | merged_list->list_tail, |
1033 | le_m); | 1055 | le_m); |
@@ -1037,14 +1059,19 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, | |||
1037 | 1059 | ||
1038 | 1060 | ||
1039 | static void | 1061 | static void |
1040 | oidc_attest_collect_finished_cb (void *cls) | 1062 | oidc_cred_collect_finished_cb (void *cls) |
1041 | { | 1063 | { |
1042 | struct RequestHandle *handle = cls; | 1064 | struct RequestHandle *handle = cls; |
1043 | struct GNUNET_RECLAIM_AttributeList *merged_list; | 1065 | struct GNUNET_RECLAIM_AttributeList *merged_list; |
1066 | struct GNUNET_RECLAIM_AttributeListEntry *le_m; | ||
1044 | 1067 | ||
1045 | handle->attest_it = NULL; | 1068 | handle->cred_it = NULL; |
1046 | merged_list = attribute_list_merge (handle->attr_idtoken_list, | 1069 | merged_list = attribute_list_merge (handle->attr_idtoken_list, |
1047 | handle->attr_userinfo_list); | 1070 | handle->attr_userinfo_list); |
1071 | for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next) | ||
1072 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1073 | "List Attibute in ticket to issue: %s\n", | ||
1074 | le_m->attribute->name); | ||
1048 | handle->idp_op = GNUNET_RECLAIM_ticket_issue (idp, | 1075 | handle->idp_op = GNUNET_RECLAIM_ticket_issue (idp, |
1049 | &handle->priv_key, | 1076 | &handle->priv_key, |
1050 | &handle->oidc->client_pkey, | 1077 | &handle->oidc->client_pkey, |
@@ -1059,40 +1086,40 @@ oidc_attest_collect_finished_cb (void *cls) | |||
1059 | * Collects all attributes for an ego if in scope parameter | 1086 | * Collects all attributes for an ego if in scope parameter |
1060 | */ | 1087 | */ |
1061 | static void | 1088 | static void |
1062 | oidc_attest_collect (void *cls, | 1089 | oidc_cred_collect (void *cls, |
1063 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 1090 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
1064 | const struct GNUNET_RECLAIM_Attestation *attest) | 1091 | const struct GNUNET_RECLAIM_Credential *cred) |
1065 | { | 1092 | { |
1066 | struct RequestHandle *handle = cls; | 1093 | struct RequestHandle *handle = cls; |
1067 | struct GNUNET_RECLAIM_AttributeListEntry *le; | 1094 | struct GNUNET_RECLAIM_AttributeListEntry *le; |
1068 | struct GNUNET_RECLAIM_AttestationListEntry *ale; | 1095 | struct GNUNET_RECLAIM_CredentialListEntry *ale; |
1069 | 1096 | ||
1070 | for (ale = handle->attests_list->list_head; NULL != ale; ale = ale->next) | 1097 | for (ale = handle->credentials->list_head; NULL != ale; ale = ale->next) |
1071 | { | 1098 | { |
1072 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, | 1099 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id, |
1073 | &attest->id)) | 1100 | &cred->id)) |
1074 | continue; | 1101 | continue; |
1075 | /** Attestation already in list **/ | 1102 | /** Credential already in list **/ |
1076 | GNUNET_RECLAIM_get_attestations_next (handle->attest_it); | 1103 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); |
1077 | return; | 1104 | return; |
1078 | } | 1105 | } |
1079 | 1106 | ||
1080 | for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next) | 1107 | for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next) |
1081 | { | 1108 | { |
1082 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->attestation, | 1109 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->credential, |
1083 | &attest->id)) | 1110 | &cred->id)) |
1084 | continue; | 1111 | continue; |
1085 | /** Attestation matches for attribute, add **/ | 1112 | /** Credential matches for attribute, add **/ |
1086 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); | 1113 | ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); |
1087 | ale->attestation = GNUNET_RECLAIM_attestation_new (attest->name, | 1114 | ale->credential = GNUNET_RECLAIM_credential_new (cred->name, |
1088 | attest->type, | 1115 | cred->type, |
1089 | attest->data, | 1116 | cred->data, |
1090 | attest->data_size); | 1117 | cred->data_size); |
1091 | GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head, | 1118 | GNUNET_CONTAINER_DLL_insert (handle->credentials->list_head, |
1092 | handle->attests_list->list_tail, | 1119 | handle->credentials->list_tail, |
1093 | ale); | 1120 | ale); |
1094 | } | 1121 | } |
1095 | GNUNET_RECLAIM_get_attestations_next (handle->attest_it); | 1122 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); |
1096 | } | 1123 | } |
1097 | 1124 | ||
1098 | 1125 | ||
@@ -1110,16 +1137,16 @@ oidc_attr_collect_finished_cb (void *cls) | |||
1110 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1137 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1111 | return; | 1138 | return; |
1112 | } | 1139 | } |
1113 | handle->attests_list = GNUNET_new (struct GNUNET_RECLAIM_AttestationList); | 1140 | handle->credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); |
1114 | handle->attest_it = | 1141 | handle->cred_it = |
1115 | GNUNET_RECLAIM_get_attestations_start (idp, | 1142 | GNUNET_RECLAIM_get_credentials_start (idp, |
1116 | &handle->priv_key, | 1143 | &handle->priv_key, |
1117 | &oidc_iteration_error, | 1144 | &oidc_iteration_error, |
1118 | handle, | 1145 | handle, |
1119 | &oidc_attest_collect, | 1146 | &oidc_cred_collect, |
1120 | handle, | 1147 | handle, |
1121 | &oidc_attest_collect_finished_cb, | 1148 | &oidc_cred_collect_finished_cb, |
1122 | handle); | 1149 | handle); |
1123 | 1150 | ||
1124 | } | 1151 | } |
1125 | 1152 | ||
@@ -1136,7 +1163,7 @@ attr_in_claims_request (struct RequestHandle *handle, | |||
1136 | const char *key; | 1163 | const char *key; |
1137 | json_t *value; | 1164 | json_t *value; |
1138 | 1165 | ||
1139 | /** Check if attribute is requested through standard scope **/ | 1166 | /** Check if attribute is requested through a scope **/ |
1140 | if (GNUNET_YES == OIDC_check_scopes_for_claim_request (handle->oidc->scope, | 1167 | if (GNUNET_YES == OIDC_check_scopes_for_claim_request (handle->oidc->scope, |
1141 | attr_name)) | 1168 | attr_name)) |
1142 | return GNUNET_YES; | 1169 | return GNUNET_YES; |
@@ -1193,13 +1220,13 @@ oidc_attr_collect (void *cls, | |||
1193 | { | 1220 | { |
1194 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | 1221 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); |
1195 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | 1222 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, |
1196 | &attr->attestation, | 1223 | &attr->credential, |
1197 | attr->type, | 1224 | attr->type, |
1198 | attr->data, | 1225 | attr->data, |
1199 | attr->data_size); | 1226 | attr->data_size); |
1200 | le->attribute->id = attr->id; | 1227 | le->attribute->id = attr->id; |
1201 | le->attribute->flag = attr->flag; | 1228 | le->attribute->flag = attr->flag; |
1202 | le->attribute->attestation = attr->attestation; | 1229 | le->attribute->credential = attr->credential; |
1203 | GNUNET_CONTAINER_DLL_insert (handle->attr_idtoken_list->list_head, | 1230 | GNUNET_CONTAINER_DLL_insert (handle->attr_idtoken_list->list_head, |
1204 | handle->attr_idtoken_list->list_tail, | 1231 | handle->attr_idtoken_list->list_tail, |
1205 | le); | 1232 | le); |
@@ -1208,13 +1235,13 @@ oidc_attr_collect (void *cls, | |||
1208 | { | 1235 | { |
1209 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | 1236 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); |
1210 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | 1237 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, |
1211 | &attr->attestation, | 1238 | &attr->credential, |
1212 | attr->type, | 1239 | attr->type, |
1213 | attr->data, | 1240 | attr->data, |
1214 | attr->data_size); | 1241 | attr->data_size); |
1215 | le->attribute->id = attr->id; | 1242 | le->attribute->id = attr->id; |
1216 | le->attribute->flag = attr->flag; | 1243 | le->attribute->flag = attr->flag; |
1217 | le->attribute->attestation = attr->attestation; | 1244 | le->attribute->credential = attr->credential; |
1218 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, | 1245 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, |
1219 | handle->attr_userinfo_list->list_tail, | 1246 | handle->attr_userinfo_list->list_tail, |
1220 | le); | 1247 | le); |
@@ -1332,7 +1359,7 @@ build_redirect (void *cls) | |||
1332 | resp = GNUNET_REST_create_response (""); | 1359 | resp = GNUNET_REST_create_response (""); |
1333 | MHD_add_response_header (resp, "Location", redirect_uri); | 1360 | MHD_add_response_header (resp, "Location", redirect_uri); |
1334 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1361 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1335 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1362 | cleanup_handle (handle); |
1336 | GNUNET_free (redirect_uri); | 1363 | GNUNET_free (redirect_uri); |
1337 | return; | 1364 | return; |
1338 | } | 1365 | } |
@@ -1709,7 +1736,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1709 | term_data); | 1736 | term_data); |
1710 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 1737 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
1711 | json_decref (root); | 1738 | json_decref (root); |
1712 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1739 | cleanup_handle (handle); |
1713 | return; | 1740 | return; |
1714 | } | 1741 | } |
1715 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | 1742 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); |
@@ -1739,7 +1766,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1739 | GNUNET_free (cookie); | 1766 | GNUNET_free (cookie); |
1740 | GNUNET_free (header_val); | 1767 | GNUNET_free (header_val); |
1741 | json_decref (root); | 1768 | json_decref (root); |
1742 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1769 | cleanup_handle (handle); |
1743 | } | 1770 | } |
1744 | 1771 | ||
1745 | 1772 | ||
@@ -1963,10 +1990,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1963 | const struct EgoEntry *ego_entry; | 1990 | const struct EgoEntry *ego_entry; |
1964 | struct GNUNET_TIME_Relative expiration_time; | 1991 | struct GNUNET_TIME_Relative expiration_time; |
1965 | struct GNUNET_RECLAIM_AttributeList *cl = NULL; | 1992 | struct GNUNET_RECLAIM_AttributeList *cl = NULL; |
1966 | struct GNUNET_RECLAIM_AttestationList *al = NULL; | 1993 | struct GNUNET_RECLAIM_PresentationList *pl = NULL; |
1967 | struct GNUNET_RECLAIM_Ticket ticket; | 1994 | struct GNUNET_RECLAIM_Ticket ticket; |
1968 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; | 1995 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; |
1969 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | ||
1970 | struct GNUNET_HashCode cache_key; | 1996 | struct GNUNET_HashCode cache_key; |
1971 | struct MHD_Response *resp; | 1997 | struct MHD_Response *resp; |
1972 | char *grant_type; | 1998 | char *grant_type; |
@@ -2038,7 +2064,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2038 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2064 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2039 | return; | 2065 | return; |
2040 | } | 2066 | } |
2041 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
2042 | 2067 | ||
2043 | // REQUIRED code verifier | 2068 | // REQUIRED code verifier |
2044 | code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); | 2069 | code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); |
@@ -2051,7 +2076,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2051 | 2076 | ||
2052 | // decode code | 2077 | // decode code |
2053 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, | 2078 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, |
2054 | &cl, &al, &nonce)) | 2079 | &cl, &pl, &nonce)) |
2055 | { | 2080 | { |
2056 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 2081 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
2057 | handle->edesc = GNUNET_strdup ("invalid code"); | 2082 | handle->edesc = GNUNET_strdup ("invalid code"); |
@@ -2091,7 +2116,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2091 | id_token = OIDC_generate_id_token (&ticket.audience, | 2116 | id_token = OIDC_generate_id_token (&ticket.audience, |
2092 | &ticket.identity, | 2117 | &ticket.identity, |
2093 | cl, | 2118 | cl, |
2094 | al, | 2119 | pl, |
2095 | &expiration_time, | 2120 | &expiration_time, |
2096 | (NULL != nonce) ? nonce : NULL, | 2121 | (NULL != nonce) ? nonce : NULL, |
2097 | jwt_secret); | 2122 | jwt_secret); |
@@ -2107,11 +2132,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2107 | MHD_add_response_header (resp, "Content-Type", "application/json"); | 2132 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
2108 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2133 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
2109 | GNUNET_RECLAIM_attribute_list_destroy (cl); | 2134 | GNUNET_RECLAIM_attribute_list_destroy (cl); |
2110 | GNUNET_RECLAIM_attestation_list_destroy (al); | 2135 | GNUNET_RECLAIM_presentation_list_destroy (pl); |
2111 | GNUNET_free (access_token); | 2136 | GNUNET_free (access_token); |
2112 | GNUNET_free (json_response); | 2137 | GNUNET_free (json_response); |
2113 | GNUNET_free (id_token); | 2138 | GNUNET_free (id_token); |
2114 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 2139 | cleanup_handle (handle); |
2115 | } | 2140 | } |
2116 | 2141 | ||
2117 | 2142 | ||
@@ -2122,22 +2147,21 @@ static void | |||
2122 | consume_ticket (void *cls, | 2147 | consume_ticket (void *cls, |
2123 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 2148 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
2124 | const struct GNUNET_RECLAIM_Attribute *attr, | 2149 | const struct GNUNET_RECLAIM_Attribute *attr, |
2125 | const struct GNUNET_RECLAIM_Attestation *attest) | 2150 | const struct GNUNET_RECLAIM_Presentation *pres) |
2126 | { | 2151 | { |
2127 | struct RequestHandle *handle = cls; | 2152 | struct RequestHandle *handle = cls; |
2128 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | 2153 | struct GNUNET_RECLAIM_AttributeListEntry *ale; |
2129 | struct GNUNET_RECLAIM_AttestationListEntry *atle; | 2154 | struct GNUNET_RECLAIM_PresentationListEntry *atle; |
2130 | struct MHD_Response *resp; | 2155 | struct MHD_Response *resp; |
2131 | char *result_str; | 2156 | char *result_str; |
2132 | handle->idp_op = NULL; | 2157 | handle->idp_op = NULL; |
2133 | 2158 | ||
2134 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Attr: %s\n", attr->name); | ||
2135 | if (NULL == identity) | 2159 | if (NULL == identity) |
2136 | { | 2160 | { |
2137 | result_str = OIDC_generate_userinfo (&handle->ticket.identity, | 2161 | result_str = OIDC_generate_userinfo (&handle->ticket.identity, |
2138 | handle->attr_userinfo_list, | 2162 | handle->attr_userinfo_list, |
2139 | handle->attests_list); | 2163 | handle->presentations); |
2140 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Userinfo: %s\n", result_str); | 2164 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); |
2141 | resp = GNUNET_REST_create_response (result_str); | 2165 | resp = GNUNET_REST_create_response (result_str); |
2142 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2166 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
2143 | GNUNET_free (result_str); | 2167 | GNUNET_free (result_str); |
@@ -2146,33 +2170,35 @@ consume_ticket (void *cls, | |||
2146 | } | 2170 | } |
2147 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | 2171 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); |
2148 | ale->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | 2172 | ale->attribute = GNUNET_RECLAIM_attribute_new (attr->name, |
2149 | &attr->attestation, | 2173 | &attr->credential, |
2150 | attr->type, | 2174 | attr->type, |
2151 | attr->data, | 2175 | attr->data, |
2152 | attr->data_size); | 2176 | attr->data_size); |
2153 | ale->attribute->id = attr->id; | 2177 | ale->attribute->id = attr->id; |
2154 | ale->attribute->flag = attr->flag; | 2178 | ale->attribute->flag = attr->flag; |
2155 | ale->attribute->attestation = attr->attestation; | 2179 | ale->attribute->credential = attr->credential; |
2156 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, | 2180 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, |
2157 | handle->attr_userinfo_list->list_tail, | 2181 | handle->attr_userinfo_list->list_tail, |
2158 | ale); | 2182 | ale); |
2159 | for (atle = handle->attests_list->list_head; NULL != atle; atle = atle->next) | 2183 | if (NULL == pres) |
2184 | return; | ||
2185 | for (atle = handle->presentations->list_head; | ||
2186 | NULL != atle; atle = atle->next) | ||
2160 | { | 2187 | { |
2161 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->attestation->id, | 2188 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->presentation->credential_id, |
2162 | &attest->id)) | 2189 | &pres->credential_id)) |
2163 | continue; | 2190 | continue; |
2164 | break; /** already in list **/ | 2191 | break; /** already in list **/ |
2165 | } | 2192 | } |
2166 | if (NULL == atle) | 2193 | if (NULL == atle) |
2167 | { | 2194 | { |
2168 | /** Attestation matches for attribute, add **/ | 2195 | /** Credential matches for attribute, add **/ |
2169 | atle = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); | 2196 | atle = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); |
2170 | atle->attestation = GNUNET_RECLAIM_attestation_new (attest->name, | 2197 | atle->presentation = GNUNET_RECLAIM_presentation_new (pres->type, |
2171 | attest->type, | 2198 | pres->data, |
2172 | attest->data, | 2199 | pres->data_size); |
2173 | attest->data_size); | 2200 | GNUNET_CONTAINER_DLL_insert (handle->presentations->list_head, |
2174 | GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head, | 2201 | handle->presentations->list_tail, |
2175 | handle->attests_list->list_tail, | ||
2176 | atle); | 2202 | atle); |
2177 | } | 2203 | } |
2178 | } | 2204 | } |
@@ -2271,8 +2297,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2271 | privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); | 2297 | privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); |
2272 | handle->attr_userinfo_list = | 2298 | handle->attr_userinfo_list = |
2273 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | 2299 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); |
2274 | handle->attests_list = | 2300 | handle->presentations = |
2275 | GNUNET_new (struct GNUNET_RECLAIM_AttestationList); | 2301 | GNUNET_new (struct GNUNET_RECLAIM_PresentationList); |
2276 | 2302 | ||
2277 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, | 2303 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, |
2278 | privkey, | 2304 | privkey, |
@@ -2442,6 +2468,12 @@ oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2442 | json_string ("openid")); | 2468 | json_string ("openid")); |
2443 | json_array_append_new (scopes, | 2469 | json_array_append_new (scopes, |
2444 | json_string ("profile")); | 2470 | json_string ("profile")); |
2471 | json_array_append_new (scopes, | ||
2472 | json_string ("email")); | ||
2473 | json_array_append_new (scopes, | ||
2474 | json_string ("address")); | ||
2475 | json_array_append_new (scopes, | ||
2476 | json_string ("phone")); | ||
2445 | json_object_set_new (oidc_config, | 2477 | json_object_set_new (oidc_config, |
2446 | "scopes_supported", | 2478 | "scopes_supported", |
2447 | scopes); | 2479 | scopes); |
@@ -2533,14 +2565,17 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | |||
2533 | handle->proc = proc; | 2565 | handle->proc = proc; |
2534 | handle->rest_handle = rest_handle; | 2566 | handle->rest_handle = rest_handle; |
2535 | handle->url = GNUNET_strdup (rest_handle->url); | 2567 | handle->url = GNUNET_strdup (rest_handle->url); |
2568 | handle->timeout_task = | ||
2569 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); | ||
2570 | GNUNET_CONTAINER_DLL_insert (requests_head, | ||
2571 | requests_tail, | ||
2572 | handle); | ||
2536 | if (handle->url[strlen (handle->url) - 1] == '/') | 2573 | if (handle->url[strlen (handle->url) - 1] == '/') |
2537 | handle->url[strlen (handle->url) - 1] = '\0'; | 2574 | handle->url[strlen (handle->url) - 1] = '\0'; |
2538 | if (GNUNET_NO == | 2575 | if (GNUNET_NO == |
2539 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) | 2576 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) |
2540 | return GNUNET_NO; | 2577 | return GNUNET_NO; |
2541 | 2578 | ||
2542 | handle->timeout_task = | ||
2543 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); | ||
2544 | return GNUNET_YES; | 2579 | return GNUNET_YES; |
2545 | } | 2580 | } |
2546 | 2581 | ||
@@ -2585,6 +2620,14 @@ libgnunet_plugin_rest_openid_connect_init (void *cls) | |||
2585 | } | 2620 | } |
2586 | 2621 | ||
2587 | 2622 | ||
2623 | static int | ||
2624 | cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value) | ||
2625 | { | ||
2626 | GNUNET_free (value); | ||
2627 | return GNUNET_YES; | ||
2628 | } | ||
2629 | |||
2630 | |||
2588 | /** | 2631 | /** |
2589 | * Exit point from the plugin. | 2632 | * Exit point from the plugin. |
2590 | * | 2633 | * |
@@ -2599,19 +2642,15 @@ libgnunet_plugin_rest_openid_connect_done (void *cls) | |||
2599 | struct EgoEntry *ego_entry; | 2642 | struct EgoEntry *ego_entry; |
2600 | 2643 | ||
2601 | plugin->cfg = NULL; | 2644 | plugin->cfg = NULL; |
2602 | 2645 | while (NULL != requests_head) | |
2603 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | 2646 | cleanup_handle (requests_head); |
2604 | void *value = NULL; | 2647 | if (NULL != OIDC_cookie_jar_map) |
2605 | hashmap_it = | 2648 | { |
2606 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); | 2649 | GNUNET_CONTAINER_multihashmap_iterate (OIDC_cookie_jar_map, |
2607 | while (GNUNET_YES == | 2650 | &cleanup_hashmap, |
2608 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, | 2651 | NULL); |
2609 | value)) | 2652 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); |
2610 | GNUNET_free (value); | 2653 | } |
2611 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); | ||
2612 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); | ||
2613 | |||
2614 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); | ||
2615 | GNUNET_free (allow_methods); | 2654 | GNUNET_free (allow_methods); |
2616 | if (NULL != gns_handle) | 2655 | if (NULL != gns_handle) |
2617 | GNUNET_GNS_disconnect (gns_handle); | 2656 | GNUNET_GNS_disconnect (gns_handle); |