aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c52
1 files changed, 5 insertions, 47 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 3db881244..eb602a08f 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -239,12 +239,6 @@ static char *OIDC_ignored_parameter_array[] = { "display",
239struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map; 239struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map;
240 240
241/** 241/**
242 * Hash map that links the issued access token to the corresponding ticket and
243 * ego
244 */
245struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map;
246
247/**
248 * The configuration handle 242 * The configuration handle
249 */ 243 */
250const struct GNUNET_CONFIGURATION_Handle *cfg; 244const struct GNUNET_CONFIGURATION_Handle *cfg;
@@ -1980,26 +1974,6 @@ find_ego (struct RequestHandle *handle,
1980} 1974}
1981 1975
1982 1976
1983static void
1984persist_access_token (const struct RequestHandle *handle,
1985 const char *access_token,
1986 const struct GNUNET_RECLAIM_Ticket *ticket)
1987{
1988 struct GNUNET_HashCode hc;
1989 struct GNUNET_RECLAIM_Ticket *ticketbuf;
1990
1991 GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
1992 ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
1993 *ticketbuf = *ticket;
1994 GNUNET_assert (GNUNET_SYSERR !=
1995 GNUNET_CONTAINER_multihashmap_put (
1996 OIDC_access_token_map,
1997 &hc,
1998 ticketbuf,
1999 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
2000}
2001
2002
2003/** 1977/**
2004 * Responds to token url-encoded POST request 1978 * Responds to token url-encoded POST request
2005 * 1979 *
@@ -2148,13 +2122,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2148 &expiration_time, 2122 &expiration_time,
2149 (NULL != nonce) ? nonce : NULL, 2123 (NULL != nonce) ? nonce : NULL,
2150 jwt_secret); 2124 jwt_secret);
2151 access_token = OIDC_access_token_new (); 2125 access_token = OIDC_access_token_new (&ticket);
2152 OIDC_build_token_response (access_token, 2126 OIDC_build_token_response (access_token,
2153 id_token, 2127 id_token,
2154 &expiration_time, 2128 &expiration_time,
2155 &json_response); 2129 &json_response);
2156 2130
2157 persist_access_token (handle, access_token, &ticket);
2158 resp = GNUNET_REST_create_response (json_response); 2131 resp = GNUNET_REST_create_response (json_response);
2159 MHD_add_response_header (resp, "Cache-Control", "no-store"); 2132 MHD_add_response_header (resp, "Cache-Control", "no-store");
2160 MHD_add_response_header (resp, "Pragma", "no-cache"); 2133 MHD_add_response_header (resp, "Pragma", "no-cache");
@@ -2324,22 +2297,17 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2324 return; 2297 return;
2325 } 2298 }
2326 2299
2327 GNUNET_CRYPTO_hash (authorization_access_token, 2300 if (GNUNET_OK != OIDC_access_token_parse (authorization_access_token,
2328 strlen (authorization_access_token), 2301 &ticket))
2329 &cache_key);
2330 if (GNUNET_NO ==
2331 GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map,
2332 &cache_key))
2333 { 2302 {
2334 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 2303 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2335 handle->edesc = GNUNET_strdup ("The access token expired"); 2304 handle->edesc = GNUNET_strdup ("The access token is invalid");
2336 handle->response_code = MHD_HTTP_UNAUTHORIZED; 2305 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2337 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); 2306 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
2338 GNUNET_free (authorization); 2307 GNUNET_free (authorization);
2339 return; 2308 return;
2309
2340 } 2310 }
2341 ticket =
2342 GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key);
2343 GNUNET_assert (NULL != ticket); 2311 GNUNET_assert (NULL != ticket);
2344 aud_ego = find_ego (handle, &ticket->audience); 2312 aud_ego = find_ego (handle, &ticket->audience);
2345 iss_ego = find_ego (handle, &ticket->identity); 2313 iss_ego = find_ego (handle, &ticket->identity);
@@ -2523,9 +2491,6 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2523 if (NULL == OIDC_cookie_jar_map) 2491 if (NULL == OIDC_cookie_jar_map)
2524 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, 2492 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10,
2525 GNUNET_NO); 2493 GNUNET_NO);
2526 if (NULL == OIDC_access_token_map)
2527 OIDC_access_token_map =
2528 GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2529 handle->response_code = 0; 2494 handle->response_code = 0;
2530 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; 2495 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
2531 handle->proc_cls = proc_cls; 2496 handle->proc_cls = proc_cls;
@@ -2606,13 +2571,6 @@ libgnunet_plugin_rest_openid_connect_done (void *cls)
2606 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); 2571 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2607 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); 2572 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2608 2573
2609 hashmap_it =
2610 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map);
2611 while (GNUNET_YES ==
2612 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL,
2613 value))
2614 GNUNET_free (value);
2615 GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map);
2616 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); 2574 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2617 GNUNET_free (allow_methods); 2575 GNUNET_free (allow_methods);
2618 GNUNET_free (api); 2576 GNUNET_free (api);
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 13:17:10 +0000