aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c257
1 files changed, 148 insertions, 109 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 06e1b0061..5b0bb2b6f 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -393,6 +393,15 @@ struct EgoEntry
393 393
394struct RequestHandle 394struct RequestHandle
395{ 395{
396 /**
397 * DLL
398 */
399 struct RequestHandle *next;
400
401 /**
402 * DLL
403 */
404 struct RequestHandle *prev;
396 405
397 /** 406 /**
398 * Selected ego 407 * Selected ego
@@ -430,10 +439,14 @@ struct RequestHandle
430 struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; 439 struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list;
431 440
432 /** 441 /**
433 * Attestation list 442 * Credentials
434 */ 443 */
435 struct GNUNET_RECLAIM_AttestationList *attests_list; 444 struct GNUNET_RECLAIM_CredentialList *credentials;
436 445
446 /**
447 * Presentations
448 */
449 struct GNUNET_RECLAIM_PresentationList *presentations;
437 450
438 /** 451 /**
439 * IDENTITY Operation 452 * IDENTITY Operation
@@ -452,9 +465,9 @@ struct RequestHandle
452 struct GNUNET_RECLAIM_AttributeIterator *attr_it; 465 struct GNUNET_RECLAIM_AttributeIterator *attr_it;
453 466
454 /** 467 /**
455 * Attestation iterator 468 * Credential iterator
456 */ 469 */
457 struct GNUNET_RECLAIM_AttestationIterator *attest_it; 470 struct GNUNET_RECLAIM_CredentialIterator *cred_it;
458 471
459 472
460 /** 473 /**
@@ -528,6 +541,16 @@ struct RequestHandle
528 int public_client; 541 int public_client;
529}; 542};
530 543
544/**
545 * DLL
546 */
547static struct RequestHandle *requests_head;
548
549/**
550 * DLL
551 */
552static struct RequestHandle *requests_tail;
553
531 554
532/** 555/**
533 * Cleanup lookup handle 556 * Cleanup lookup handle
@@ -542,8 +565,8 @@ cleanup_handle (struct RequestHandle *handle)
542 GNUNET_SCHEDULER_cancel (handle->timeout_task); 565 GNUNET_SCHEDULER_cancel (handle->timeout_task);
543 if (NULL != handle->attr_it) 566 if (NULL != handle->attr_it)
544 GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); 567 GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
545 if (NULL != handle->attest_it) 568 if (NULL != handle->cred_it)
546 GNUNET_RECLAIM_get_attestations_stop (handle->attest_it); 569 GNUNET_RECLAIM_get_credentials_stop (handle->cred_it);
547 if (NULL != handle->ticket_it) 570 if (NULL != handle->ticket_it)
548 GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); 571 GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
549 if (NULL != handle->idp_op) 572 if (NULL != handle->idp_op)
@@ -571,20 +594,17 @@ cleanup_handle (struct RequestHandle *handle)
571 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); 594 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list);
572 if (NULL!=handle->attr_userinfo_list) 595 if (NULL!=handle->attr_userinfo_list)
573 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); 596 GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list);
574 if (NULL!=handle->attests_list) 597 if (NULL!=handle->credentials)
575 GNUNET_RECLAIM_attestation_list_destroy (handle->attests_list); 598 GNUNET_RECLAIM_credential_list_destroy (handle->credentials);
576 599 if (NULL!=handle->presentations)
600 GNUNET_RECLAIM_presentation_list_destroy (handle->presentations);
601 GNUNET_CONTAINER_DLL_remove (requests_head,
602 requests_tail,
603 handle);
577 GNUNET_free (handle); 604 GNUNET_free (handle);
578} 605}
579 606
580 607
581static void
582cleanup_handle_delayed (void *cls)
583{
584 cleanup_handle (cls);
585}
586
587
588/** 608/**
589 * Task run on error, sends error message. Cleans up everything. 609 * Task run on error, sends error message. Cleans up everything.
590 * 610 *
@@ -613,7 +633,7 @@ do_error (void *cls)
613 MHD_HTTP_HEADER_CONTENT_TYPE, 633 MHD_HTTP_HEADER_CONTENT_TYPE,
614 "application/json"); 634 "application/json");
615 handle->proc (handle->proc_cls, resp, handle->response_code); 635 handle->proc (handle->proc_cls, resp, handle->response_code);
616 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 636 cleanup_handle (handle);
617 GNUNET_free (json_error); 637 GNUNET_free (json_error);
618} 638}
619 639
@@ -640,7 +660,7 @@ do_userinfo_error (void *cls)
640 resp = GNUNET_REST_create_response (""); 660 resp = GNUNET_REST_create_response ("");
641 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); 661 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
642 handle->proc (handle->proc_cls, resp, handle->response_code); 662 handle->proc (handle->proc_cls, resp, handle->response_code);
643 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 663 cleanup_handle (handle);
644 GNUNET_free (error); 664 GNUNET_free (error);
645} 665}
646 666
@@ -667,7 +687,7 @@ do_redirect_error (void *cls)
667 resp = GNUNET_REST_create_response (""); 687 resp = GNUNET_REST_create_response ("");
668 MHD_add_response_header (resp, "Location", redirect); 688 MHD_add_response_header (resp, "Location", redirect);
669 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 689 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
670 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 690 cleanup_handle (handle);
671 GNUNET_free (redirect); 691 GNUNET_free (redirect);
672} 692}
673 693
@@ -897,7 +917,7 @@ login_redirect (void *cls)
897 } 917 }
898 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 918 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
899 GNUNET_free (new_redirect); 919 GNUNET_free (new_redirect);
900 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 920 cleanup_handle (handle);
901} 921}
902 922
903 923
@@ -920,7 +940,9 @@ oidc_iteration_error (void *cls)
920 * parameter. Otherwise redirects with error 940 * parameter. Otherwise redirects with error
921 */ 941 */
922static void 942static void
923oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) 943oidc_ticket_issue_cb (void *cls,
944 const struct GNUNET_RECLAIM_Ticket *ticket,
945 const struct GNUNET_RECLAIM_PresentationList *pres)
924{ 946{
925 struct RequestHandle *handle = cls; 947 struct RequestHandle *handle = cls;
926 struct MHD_Response *resp; 948 struct MHD_Response *resp;
@@ -943,7 +965,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
943 code_string = OIDC_build_authz_code (&handle->priv_key, 965 code_string = OIDC_build_authz_code (&handle->priv_key,
944 &handle->ticket, 966 &handle->ticket,
945 handle->attr_idtoken_list, 967 handle->attr_idtoken_list,
946 handle->attests_list, 968 pres,
947 handle->oidc->nonce, 969 handle->oidc->nonce,
948 handle->oidc->code_challenge); 970 handle->oidc->code_challenge);
949 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && 971 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
@@ -974,7 +996,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
974 resp = GNUNET_REST_create_response (""); 996 resp = GNUNET_REST_create_response ("");
975 MHD_add_response_header (resp, "Location", redirect_uri); 997 MHD_add_response_header (resp, "Location", redirect_uri);
976 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 998 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
977 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 999 cleanup_handle (handle);
978 GNUNET_free (redirect_uri); 1000 GNUNET_free (redirect_uri);
979 GNUNET_free (ticket_str); 1001 GNUNET_free (ticket_str);
980 GNUNET_free (code_string); 1002 GNUNET_free (code_string);
@@ -996,13 +1018,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a,
996 le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); 1018 le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
997 le_m->attribute = GNUNET_RECLAIM_attribute_new (le_a->attribute->name, 1019 le_m->attribute = GNUNET_RECLAIM_attribute_new (le_a->attribute->name,
998 &le_a->attribute-> 1020 &le_a->attribute->
999 attestation, 1021 credential,
1000 le_a->attribute->type, 1022 le_a->attribute->type,
1001 le_a->attribute->data, 1023 le_a->attribute->data,
1002 le_a->attribute->data_size); 1024 le_a->attribute->data_size);
1003 le_m->attribute->id = le_a->attribute->id; 1025 le_m->attribute->id = le_a->attribute->id;
1004 le_m->attribute->flag = le_a->attribute->flag; 1026 le_m->attribute->flag = le_a->attribute->flag;
1005 le_m->attribute->attestation = le_a->attribute->attestation; 1027 le_m->attribute->credential = le_a->attribute->credential;
1006 GNUNET_CONTAINER_DLL_insert (merged_list->list_head, 1028 GNUNET_CONTAINER_DLL_insert (merged_list->list_head,
1007 merged_list->list_tail, 1029 merged_list->list_tail,
1008 le_m); 1030 le_m);
@@ -1021,13 +1043,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a,
1021 le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); 1043 le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
1022 le_m->attribute = GNUNET_RECLAIM_attribute_new (le_b->attribute->name, 1044 le_m->attribute = GNUNET_RECLAIM_attribute_new (le_b->attribute->name,
1023 &le_b->attribute-> 1045 &le_b->attribute->
1024 attestation, 1046 credential,
1025 le_b->attribute->type, 1047 le_b->attribute->type,
1026 le_b->attribute->data, 1048 le_b->attribute->data,
1027 le_b->attribute->data_size); 1049 le_b->attribute->data_size);
1028 le_m->attribute->id = le_b->attribute->id; 1050 le_m->attribute->id = le_b->attribute->id;
1029 le_m->attribute->flag = le_b->attribute->flag; 1051 le_m->attribute->flag = le_b->attribute->flag;
1030 le_m->attribute->attestation = le_b->attribute->attestation; 1052 le_m->attribute->credential = le_b->attribute->credential;
1031 GNUNET_CONTAINER_DLL_insert (merged_list->list_head, 1053 GNUNET_CONTAINER_DLL_insert (merged_list->list_head,
1032 merged_list->list_tail, 1054 merged_list->list_tail,
1033 le_m); 1055 le_m);
@@ -1037,14 +1059,19 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a,
1037 1059
1038 1060
1039static void 1061static void
1040oidc_attest_collect_finished_cb (void *cls) 1062oidc_cred_collect_finished_cb (void *cls)
1041{ 1063{
1042 struct RequestHandle *handle = cls; 1064 struct RequestHandle *handle = cls;
1043 struct GNUNET_RECLAIM_AttributeList *merged_list; 1065 struct GNUNET_RECLAIM_AttributeList *merged_list;
1066 struct GNUNET_RECLAIM_AttributeListEntry *le_m;
1044 1067
1045 handle->attest_it = NULL; 1068 handle->cred_it = NULL;
1046 merged_list = attribute_list_merge (handle->attr_idtoken_list, 1069 merged_list = attribute_list_merge (handle->attr_idtoken_list,
1047 handle->attr_userinfo_list); 1070 handle->attr_userinfo_list);
1071 for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next)
1072 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1073 "List Attibute in ticket to issue: %s\n",
1074 le_m->attribute->name);
1048 handle->idp_op = GNUNET_RECLAIM_ticket_issue (idp, 1075 handle->idp_op = GNUNET_RECLAIM_ticket_issue (idp,
1049 &handle->priv_key, 1076 &handle->priv_key,
1050 &handle->oidc->client_pkey, 1077 &handle->oidc->client_pkey,
@@ -1059,40 +1086,40 @@ oidc_attest_collect_finished_cb (void *cls)
1059 * Collects all attributes for an ego if in scope parameter 1086 * Collects all attributes for an ego if in scope parameter
1060 */ 1087 */
1061static void 1088static void
1062oidc_attest_collect (void *cls, 1089oidc_cred_collect (void *cls,
1063 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, 1090 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
1064 const struct GNUNET_RECLAIM_Attestation *attest) 1091 const struct GNUNET_RECLAIM_Credential *cred)
1065{ 1092{
1066 struct RequestHandle *handle = cls; 1093 struct RequestHandle *handle = cls;
1067 struct GNUNET_RECLAIM_AttributeListEntry *le; 1094 struct GNUNET_RECLAIM_AttributeListEntry *le;
1068 struct GNUNET_RECLAIM_AttestationListEntry *ale; 1095 struct GNUNET_RECLAIM_CredentialListEntry *ale;
1069 1096
1070 for (ale = handle->attests_list->list_head; NULL != ale; ale = ale->next) 1097 for (ale = handle->credentials->list_head; NULL != ale; ale = ale->next)
1071 { 1098 {
1072 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, 1099 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id,
1073 &attest->id)) 1100 &cred->id))
1074 continue; 1101 continue;
1075 /** Attestation already in list **/ 1102 /** Credential already in list **/
1076 GNUNET_RECLAIM_get_attestations_next (handle->attest_it); 1103 GNUNET_RECLAIM_get_credentials_next (handle->cred_it);
1077 return; 1104 return;
1078 } 1105 }
1079 1106
1080 for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next) 1107 for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next)
1081 { 1108 {
1082 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->attestation, 1109 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->credential,
1083 &attest->id)) 1110 &cred->id))
1084 continue; 1111 continue;
1085 /** Attestation matches for attribute, add **/ 1112 /** Credential matches for attribute, add **/
1086 ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); 1113 ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry);
1087 ale->attestation = GNUNET_RECLAIM_attestation_new (attest->name, 1114 ale->credential = GNUNET_RECLAIM_credential_new (cred->name,
1088 attest->type, 1115 cred->type,
1089 attest->data, 1116 cred->data,
1090 attest->data_size); 1117 cred->data_size);
1091 GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head, 1118 GNUNET_CONTAINER_DLL_insert (handle->credentials->list_head,
1092 handle->attests_list->list_tail, 1119 handle->credentials->list_tail,
1093 ale); 1120 ale);
1094 } 1121 }
1095 GNUNET_RECLAIM_get_attestations_next (handle->attest_it); 1122 GNUNET_RECLAIM_get_credentials_next (handle->cred_it);
1096} 1123}
1097 1124
1098 1125
@@ -1110,16 +1137,16 @@ oidc_attr_collect_finished_cb (void *cls)
1110 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); 1137 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1111 return; 1138 return;
1112 } 1139 }
1113 handle->attests_list = GNUNET_new (struct GNUNET_RECLAIM_AttestationList); 1140 handle->credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList);
1114 handle->attest_it = 1141 handle->cred_it =
1115 GNUNET_RECLAIM_get_attestations_start (idp, 1142 GNUNET_RECLAIM_get_credentials_start (idp,
1116 &handle->priv_key, 1143 &handle->priv_key,
1117 &oidc_iteration_error, 1144 &oidc_iteration_error,
1118 handle, 1145 handle,
1119 &oidc_attest_collect, 1146 &oidc_cred_collect,
1120 handle, 1147 handle,
1121 &oidc_attest_collect_finished_cb, 1148 &oidc_cred_collect_finished_cb,
1122 handle); 1149 handle);
1123 1150
1124} 1151}
1125 1152
@@ -1136,7 +1163,7 @@ attr_in_claims_request (struct RequestHandle *handle,
1136 const char *key; 1163 const char *key;
1137 json_t *value; 1164 json_t *value;
1138 1165
1139 /** Check if attribute is requested through standard scope **/ 1166 /** Check if attribute is requested through a scope **/
1140 if (GNUNET_YES == OIDC_check_scopes_for_claim_request (handle->oidc->scope, 1167 if (GNUNET_YES == OIDC_check_scopes_for_claim_request (handle->oidc->scope,
1141 attr_name)) 1168 attr_name))
1142 return GNUNET_YES; 1169 return GNUNET_YES;
@@ -1193,13 +1220,13 @@ oidc_attr_collect (void *cls,
1193 { 1220 {
1194 le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); 1221 le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
1195 le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, 1222 le->attribute = GNUNET_RECLAIM_attribute_new (attr->name,
1196 &attr->attestation, 1223 &attr->credential,
1197 attr->type, 1224 attr->type,
1198 attr->data, 1225 attr->data,
1199 attr->data_size); 1226 attr->data_size);
1200 le->attribute->id = attr->id; 1227 le->attribute->id = attr->id;
1201 le->attribute->flag = attr->flag; 1228 le->attribute->flag = attr->flag;
1202 le->attribute->attestation = attr->attestation; 1229 le->attribute->credential = attr->credential;
1203 GNUNET_CONTAINER_DLL_insert (handle->attr_idtoken_list->list_head, 1230 GNUNET_CONTAINER_DLL_insert (handle->attr_idtoken_list->list_head,
1204 handle->attr_idtoken_list->list_tail, 1231 handle->attr_idtoken_list->list_tail,
1205 le); 1232 le);
@@ -1208,13 +1235,13 @@ oidc_attr_collect (void *cls,
1208 { 1235 {
1209 le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); 1236 le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
1210 le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, 1237 le->attribute = GNUNET_RECLAIM_attribute_new (attr->name,
1211 &attr->attestation, 1238 &attr->credential,
1212 attr->type, 1239 attr->type,
1213 attr->data, 1240 attr->data,
1214 attr->data_size); 1241 attr->data_size);
1215 le->attribute->id = attr->id; 1242 le->attribute->id = attr->id;
1216 le->attribute->flag = attr->flag; 1243 le->attribute->flag = attr->flag;
1217 le->attribute->attestation = attr->attestation; 1244 le->attribute->credential = attr->credential;
1218 GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, 1245 GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head,
1219 handle->attr_userinfo_list->list_tail, 1246 handle->attr_userinfo_list->list_tail,
1220 le); 1247 le);
@@ -1332,7 +1359,7 @@ build_redirect (void *cls)
1332 resp = GNUNET_REST_create_response (""); 1359 resp = GNUNET_REST_create_response ("");
1333 MHD_add_response_header (resp, "Location", redirect_uri); 1360 MHD_add_response_header (resp, "Location", redirect_uri);
1334 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 1361 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1335 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 1362 cleanup_handle (handle);
1336 GNUNET_free (redirect_uri); 1363 GNUNET_free (redirect_uri);
1337 return; 1364 return;
1338 } 1365 }
@@ -1709,7 +1736,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1709 term_data); 1736 term_data);
1710 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); 1737 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1711 json_decref (root); 1738 json_decref (root);
1712 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 1739 cleanup_handle (handle);
1713 return; 1740 return;
1714 } 1741 }
1715 GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); 1742 GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
@@ -1739,7 +1766,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1739 GNUNET_free (cookie); 1766 GNUNET_free (cookie);
1740 GNUNET_free (header_val); 1767 GNUNET_free (header_val);
1741 json_decref (root); 1768 json_decref (root);
1742 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 1769 cleanup_handle (handle);
1743} 1770}
1744 1771
1745 1772
@@ -1963,10 +1990,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1963 const struct EgoEntry *ego_entry; 1990 const struct EgoEntry *ego_entry;
1964 struct GNUNET_TIME_Relative expiration_time; 1991 struct GNUNET_TIME_Relative expiration_time;
1965 struct GNUNET_RECLAIM_AttributeList *cl = NULL; 1992 struct GNUNET_RECLAIM_AttributeList *cl = NULL;
1966 struct GNUNET_RECLAIM_AttestationList *al = NULL; 1993 struct GNUNET_RECLAIM_PresentationList *pl = NULL;
1967 struct GNUNET_RECLAIM_Ticket ticket; 1994 struct GNUNET_RECLAIM_Ticket ticket;
1968 struct GNUNET_CRYPTO_EcdsaPublicKey cid; 1995 struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1969 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
1970 struct GNUNET_HashCode cache_key; 1996 struct GNUNET_HashCode cache_key;
1971 struct MHD_Response *resp; 1997 struct MHD_Response *resp;
1972 char *grant_type; 1998 char *grant_type;
@@ -2038,7 +2064,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2038 GNUNET_SCHEDULER_add_now (&do_error, handle); 2064 GNUNET_SCHEDULER_add_now (&do_error, handle);
2039 return; 2065 return;
2040 } 2066 }
2041 privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
2042 2067
2043 // REQUIRED code verifier 2068 // REQUIRED code verifier
2044 code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); 2069 code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
@@ -2051,7 +2076,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2051 2076
2052 // decode code 2077 // decode code
2053 if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, 2078 if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket,
2054 &cl, &al, &nonce)) 2079 &cl, &pl, &nonce))
2055 { 2080 {
2056 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); 2081 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
2057 handle->edesc = GNUNET_strdup ("invalid code"); 2082 handle->edesc = GNUNET_strdup ("invalid code");
@@ -2091,7 +2116,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2091 id_token = OIDC_generate_id_token (&ticket.audience, 2116 id_token = OIDC_generate_id_token (&ticket.audience,
2092 &ticket.identity, 2117 &ticket.identity,
2093 cl, 2118 cl,
2094 al, 2119 pl,
2095 &expiration_time, 2120 &expiration_time,
2096 (NULL != nonce) ? nonce : NULL, 2121 (NULL != nonce) ? nonce : NULL,
2097 jwt_secret); 2122 jwt_secret);
@@ -2107,11 +2132,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2107 MHD_add_response_header (resp, "Content-Type", "application/json"); 2132 MHD_add_response_header (resp, "Content-Type", "application/json");
2108 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2133 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2109 GNUNET_RECLAIM_attribute_list_destroy (cl); 2134 GNUNET_RECLAIM_attribute_list_destroy (cl);
2110 GNUNET_RECLAIM_attestation_list_destroy (al); 2135 GNUNET_RECLAIM_presentation_list_destroy (pl);
2111 GNUNET_free (access_token); 2136 GNUNET_free (access_token);
2112 GNUNET_free (json_response); 2137 GNUNET_free (json_response);
2113 GNUNET_free (id_token); 2138 GNUNET_free (id_token);
2114 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); 2139 cleanup_handle (handle);
2115} 2140}
2116 2141
2117 2142
@@ -2122,22 +2147,21 @@ static void
2122consume_ticket (void *cls, 2147consume_ticket (void *cls,
2123 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, 2148 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
2124 const struct GNUNET_RECLAIM_Attribute *attr, 2149 const struct GNUNET_RECLAIM_Attribute *attr,
2125 const struct GNUNET_RECLAIM_Attestation *attest) 2150 const struct GNUNET_RECLAIM_Presentation *pres)
2126{ 2151{
2127 struct RequestHandle *handle = cls; 2152 struct RequestHandle *handle = cls;
2128 struct GNUNET_RECLAIM_AttributeListEntry *ale; 2153 struct GNUNET_RECLAIM_AttributeListEntry *ale;
2129 struct GNUNET_RECLAIM_AttestationListEntry *atle; 2154 struct GNUNET_RECLAIM_PresentationListEntry *atle;
2130 struct MHD_Response *resp; 2155 struct MHD_Response *resp;
2131 char *result_str; 2156 char *result_str;
2132 handle->idp_op = NULL; 2157 handle->idp_op = NULL;
2133 2158
2134 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Attr: %s\n", attr->name);
2135 if (NULL == identity) 2159 if (NULL == identity)
2136 { 2160 {
2137 result_str = OIDC_generate_userinfo (&handle->ticket.identity, 2161 result_str = OIDC_generate_userinfo (&handle->ticket.identity,
2138 handle->attr_userinfo_list, 2162 handle->attr_userinfo_list,
2139 handle->attests_list); 2163 handle->presentations);
2140 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Userinfo: %s\n", result_str); 2164 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str);
2141 resp = GNUNET_REST_create_response (result_str); 2165 resp = GNUNET_REST_create_response (result_str);
2142 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2166 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2143 GNUNET_free (result_str); 2167 GNUNET_free (result_str);
@@ -2146,33 +2170,35 @@ consume_ticket (void *cls,
2146 } 2170 }
2147 ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); 2171 ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry);
2148 ale->attribute = GNUNET_RECLAIM_attribute_new (attr->name, 2172 ale->attribute = GNUNET_RECLAIM_attribute_new (attr->name,
2149 &attr->attestation, 2173 &attr->credential,
2150 attr->type, 2174 attr->type,
2151 attr->data, 2175 attr->data,
2152 attr->data_size); 2176 attr->data_size);
2153 ale->attribute->id = attr->id; 2177 ale->attribute->id = attr->id;
2154 ale->attribute->flag = attr->flag; 2178 ale->attribute->flag = attr->flag;
2155 ale->attribute->attestation = attr->attestation; 2179 ale->attribute->credential = attr->credential;
2156 GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, 2180 GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head,
2157 handle->attr_userinfo_list->list_tail, 2181 handle->attr_userinfo_list->list_tail,
2158 ale); 2182 ale);
2159 for (atle = handle->attests_list->list_head; NULL != atle; atle = atle->next) 2183 if (NULL == pres)
2184 return;
2185 for (atle = handle->presentations->list_head;
2186 NULL != atle; atle = atle->next)
2160 { 2187 {
2161 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->attestation->id, 2188 if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->presentation->credential_id,
2162 &attest->id)) 2189 &pres->credential_id))
2163 continue; 2190 continue;
2164 break; /** already in list **/ 2191 break; /** already in list **/
2165 } 2192 }
2166 if (NULL == atle) 2193 if (NULL == atle)
2167 { 2194 {
2168 /** Attestation matches for attribute, add **/ 2195 /** Credential matches for attribute, add **/
2169 atle = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); 2196 atle = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry);
2170 atle->attestation = GNUNET_RECLAIM_attestation_new (attest->name, 2197 atle->presentation = GNUNET_RECLAIM_presentation_new (pres->type,
2171 attest->type, 2198 pres->data,
2172 attest->data, 2199 pres->data_size);
2173 attest->data_size); 2200 GNUNET_CONTAINER_DLL_insert (handle->presentations->list_head,
2174 GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head, 2201 handle->presentations->list_tail,
2175 handle->attests_list->list_tail,
2176 atle); 2202 atle);
2177 } 2203 }
2178} 2204}
@@ -2271,8 +2297,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2271 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); 2297 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego);
2272 handle->attr_userinfo_list = 2298 handle->attr_userinfo_list =
2273 GNUNET_new (struct GNUNET_RECLAIM_AttributeList); 2299 GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
2274 handle->attests_list = 2300 handle->presentations =
2275 GNUNET_new (struct GNUNET_RECLAIM_AttestationList); 2301 GNUNET_new (struct GNUNET_RECLAIM_PresentationList);
2276 2302
2277 handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, 2303 handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp,
2278 privkey, 2304 privkey,
@@ -2442,6 +2468,12 @@ oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2442 json_string ("openid")); 2468 json_string ("openid"));
2443 json_array_append_new (scopes, 2469 json_array_append_new (scopes,
2444 json_string ("profile")); 2470 json_string ("profile"));
2471 json_array_append_new (scopes,
2472 json_string ("email"));
2473 json_array_append_new (scopes,
2474 json_string ("address"));
2475 json_array_append_new (scopes,
2476 json_string ("phone"));
2445 json_object_set_new (oidc_config, 2477 json_object_set_new (oidc_config,
2446 "scopes_supported", 2478 "scopes_supported",
2447 scopes); 2479 scopes);
@@ -2533,14 +2565,17 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2533 handle->proc = proc; 2565 handle->proc = proc;
2534 handle->rest_handle = rest_handle; 2566 handle->rest_handle = rest_handle;
2535 handle->url = GNUNET_strdup (rest_handle->url); 2567 handle->url = GNUNET_strdup (rest_handle->url);
2568 handle->timeout_task =
2569 GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
2570 GNUNET_CONTAINER_DLL_insert (requests_head,
2571 requests_tail,
2572 handle);
2536 if (handle->url[strlen (handle->url) - 1] == '/') 2573 if (handle->url[strlen (handle->url) - 1] == '/')
2537 handle->url[strlen (handle->url) - 1] = '\0'; 2574 handle->url[strlen (handle->url) - 1] = '\0';
2538 if (GNUNET_NO == 2575 if (GNUNET_NO ==
2539 GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) 2576 GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
2540 return GNUNET_NO; 2577 return GNUNET_NO;
2541 2578
2542 handle->timeout_task =
2543 GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
2544 return GNUNET_YES; 2579 return GNUNET_YES;
2545} 2580}
2546 2581
@@ -2585,6 +2620,14 @@ libgnunet_plugin_rest_openid_connect_init (void *cls)
2585} 2620}
2586 2621
2587 2622
2623static int
2624cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value)
2625{
2626 GNUNET_free (value);
2627 return GNUNET_YES;
2628}
2629
2630
2588/** 2631/**
2589 * Exit point from the plugin. 2632 * Exit point from the plugin.
2590 * 2633 *
@@ -2599,19 +2642,15 @@ libgnunet_plugin_rest_openid_connect_done (void *cls)
2599 struct EgoEntry *ego_entry; 2642 struct EgoEntry *ego_entry;
2600 2643
2601 plugin->cfg = NULL; 2644 plugin->cfg = NULL;
2602 2645 while (NULL != requests_head)
2603 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; 2646 cleanup_handle (requests_head);
2604 void *value = NULL; 2647 if (NULL != OIDC_cookie_jar_map)
2605 hashmap_it = 2648 {
2606 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); 2649 GNUNET_CONTAINER_multihashmap_iterate (OIDC_cookie_jar_map,
2607 while (GNUNET_YES == 2650 &cleanup_hashmap,
2608 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, 2651 NULL);
2609 value)) 2652 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2610 GNUNET_free (value); 2653 }
2611 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2612 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2613
2614 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2615 GNUNET_free (allow_methods); 2654 GNUNET_free (allow_methods);
2616 if (NULL != gns_handle) 2655 if (NULL != gns_handle)
2617 GNUNET_GNS_disconnect (gns_handle); 2656 GNUNET_GNS_disconnect (gns_handle);
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 02:16:13 +0000