diff options
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 86 |
1 files changed, 10 insertions, 76 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 053aa2f4f..11d6d743d 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -222,16 +222,6 @@ static char *OIDC_ignored_parameter_array[] = {"display", | |||
222 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map; | 222 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map; |
223 | 223 | ||
224 | /** | 224 | /** |
225 | * OIDC authorized identities and times hashmap | ||
226 | */ | ||
227 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; | ||
228 | |||
229 | /** | ||
230 | * OIDC Hash map that keeps track of used authorization code(s) | ||
231 | */ | ||
232 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map; | ||
233 | |||
234 | /** | ||
235 | * Hash map that links the issued access token to the corresponding ticket and | 225 | * Hash map that links the issued access token to the corresponding ticket and |
236 | * ego | 226 | * ego |
237 | */ | 227 | */ |
@@ -1671,7 +1661,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1671 | char *access_token; | 1661 | char *access_token; |
1672 | char *jwt_secret; | 1662 | char *jwt_secret; |
1673 | char *nonce; | 1663 | char *nonce; |
1674 | int i = 1; | ||
1675 | 1664 | ||
1676 | /* | 1665 | /* |
1677 | * Check Authorization | 1666 | * Check Authorization |
@@ -1693,9 +1682,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1693 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, | 1682 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, |
1694 | strlen (OIDC_GRANT_TYPE_KEY), | 1683 | strlen (OIDC_GRANT_TYPE_KEY), |
1695 | &cache_key); | 1684 | &cache_key); |
1696 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | 1685 | grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY); |
1697 | ->url_param_map, | 1686 | if (NULL == grant_type) |
1698 | &cache_key)) | ||
1699 | { | 1687 | { |
1700 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1688 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1701 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); | 1689 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); |
@@ -1703,39 +1691,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1703 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1691 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1704 | return; | 1692 | return; |
1705 | } | 1693 | } |
1706 | grant_type = | ||
1707 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | ||
1708 | &cache_key); | ||
1709 | |||
1710 | // REQUIRED code | ||
1711 | GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); | ||
1712 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
1713 | ->url_param_map, | ||
1714 | &cache_key)) | ||
1715 | { | ||
1716 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
1717 | handle->edesc = GNUNET_strdup ("missing parameter code"); | ||
1718 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
1719 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1720 | return; | ||
1721 | } | ||
1722 | code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | ||
1723 | &cache_key); | ||
1724 | |||
1725 | // REQUIRED redirect_uri | ||
1726 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, | ||
1727 | strlen (OIDC_REDIRECT_URI_KEY), | ||
1728 | &cache_key); | ||
1729 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
1730 | ->url_param_map, | ||
1731 | &cache_key)) | ||
1732 | { | ||
1733 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
1734 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); | ||
1735 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
1736 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1737 | return; | ||
1738 | } | ||
1739 | 1694 | ||
1740 | // Check parameter grant_type == "authorization_code" | 1695 | // Check parameter grant_type == "authorization_code" |
1741 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) | 1696 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) |
@@ -1745,15 +1700,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1745 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1700 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1746 | return; | 1701 | return; |
1747 | } | 1702 | } |
1748 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); | 1703 | |
1749 | if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_put ( | 1704 | // REQUIRED code |
1750 | OIDC_used_ticket_map, | 1705 | code = get_url_parameter_copy (handle, OIDC_CODE_KEY); |
1751 | &cache_key, | 1706 | if (NULL == code) |
1752 | &i, | ||
1753 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) | ||
1754 | { | 1707 | { |
1755 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1708 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1756 | handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); | 1709 | handle->edesc = GNUNET_strdup ("missing parameter code"); |
1757 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1710 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1758 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1711 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1759 | return; | 1712 | return; |
@@ -1802,7 +1755,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1802 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1755 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1803 | return; | 1756 | return; |
1804 | } | 1757 | } |
1805 | // TODO We should collect the attributes here. cl always empty | ||
1806 | id_token = OIDC_id_token_new (&ticket.audience, | 1758 | id_token = OIDC_id_token_new (&ticket.audience, |
1807 | &ticket.identity, | 1759 | &ticket.identity, |
1808 | cl, | 1760 | cl, |
@@ -2110,10 +2062,6 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | |||
2110 | handle->oidc = GNUNET_new (struct OIDC_Variables); | 2062 | handle->oidc = GNUNET_new (struct OIDC_Variables); |
2111 | if (NULL == OIDC_cookie_jar_map) | 2063 | if (NULL == OIDC_cookie_jar_map) |
2112 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2064 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2113 | if (NULL == OIDC_identity_grants) | ||
2114 | OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | ||
2115 | if (NULL == OIDC_used_ticket_map) | ||
2116 | OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | ||
2117 | if (NULL == OIDC_access_token_map) | 2065 | if (NULL == OIDC_access_token_map) |
2118 | OIDC_access_token_map = | 2066 | OIDC_access_token_map = |
2119 | GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2067 | GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
@@ -2166,7 +2114,7 @@ libgnunet_plugin_rest_openid_connect_init (void *cls) | |||
2166 | MHD_HTTP_METHOD_OPTIONS); | 2114 | MHD_HTTP_METHOD_OPTIONS); |
2167 | 2115 | ||
2168 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2116 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2169 | _ ("Identity Provider REST API initialized\n")); | 2117 | _ ("OpenID Connect REST API initialized\n")); |
2170 | return api; | 2118 | return api; |
2171 | } | 2119 | } |
2172 | 2120 | ||
@@ -2194,20 +2142,6 @@ libgnunet_plugin_rest_openid_connect_done (void *cls) | |||
2194 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); | 2142 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); |
2195 | 2143 | ||
2196 | hashmap_it = | 2144 | hashmap_it = |
2197 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); | ||
2198 | while (GNUNET_YES == | ||
2199 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | ||
2200 | GNUNET_free_non_null (value); | ||
2201 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants); | ||
2202 | |||
2203 | hashmap_it = | ||
2204 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); | ||
2205 | while (GNUNET_YES == | ||
2206 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | ||
2207 | GNUNET_free_non_null (value); | ||
2208 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map); | ||
2209 | |||
2210 | hashmap_it = | ||
2211 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); | 2145 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); |
2212 | while (GNUNET_YES == | 2146 | while (GNUNET_YES == |
2213 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2147 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
@@ -2217,8 +2151,8 @@ libgnunet_plugin_rest_openid_connect_done (void *cls) | |||
2217 | GNUNET_free_non_null (allow_methods); | 2151 | GNUNET_free_non_null (allow_methods); |
2218 | GNUNET_free (api); | 2152 | GNUNET_free (api); |
2219 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2153 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2220 | "Identity Provider REST plugin is finished\n"); | 2154 | "OpenID Connect REST plugin is finished\n"); |
2221 | return NULL; | 2155 | return NULL; |
2222 | } | 2156 | } |
2223 | 2157 | ||
2224 | /* end of plugin_rest_identity_provider.c */ | 2158 | /* end of plugin_rest_openid_connect.c */ |