aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c2041
1 files changed, 1023 insertions, 1018 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 3f1dba254..a4a368ab5 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -250,14 +250,16 @@ static char *allow_methods;
250/** 250/**
251 * @brief struct returned by the initialization function of the plugin 251 * @brief struct returned by the initialization function of the plugin
252 */ 252 */
253struct Plugin { 253struct Plugin
254{
254 const struct GNUNET_CONFIGURATION_Handle *cfg; 255 const struct GNUNET_CONFIGURATION_Handle *cfg;
255}; 256};
256 257
257/** 258/**
258 * OIDC needed variables 259 * OIDC needed variables
259 */ 260 */
260struct OIDC_Variables { 261struct OIDC_Variables
262{
261 /** 263 /**
262 * The RP client public key 264 * The RP client public key
263 */ 265 */
@@ -322,7 +324,8 @@ struct OIDC_Variables {
322/** 324/**
323 * The ego list 325 * The ego list
324 */ 326 */
325struct EgoEntry { 327struct EgoEntry
328{
326 /** 329 /**
327 * DLL 330 * DLL
328 */ 331 */
@@ -350,7 +353,8 @@ struct EgoEntry {
350}; 353};
351 354
352 355
353struct RequestHandle { 356struct RequestHandle
357{
354 /** 358 /**
355 * Ego list 359 * Ego list
356 */ 360 */
@@ -507,75 +511,75 @@ struct RequestHandle {
507 * @param handle Handle to clean up 511 * @param handle Handle to clean up
508 */ 512 */
509static void 513static void
510cleanup_handle(struct RequestHandle *handle) 514cleanup_handle (struct RequestHandle *handle)
511{ 515{
512 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; 516 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
513 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; 517 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
514 struct EgoEntry *ego_entry; 518 struct EgoEntry *ego_entry;
515 struct EgoEntry *ego_tmp; 519 struct EgoEntry *ego_tmp;
516 520
517 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); 521 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
518 if (NULL != handle->timeout_task) 522 if (NULL != handle->timeout_task)
519 GNUNET_SCHEDULER_cancel(handle->timeout_task); 523 GNUNET_SCHEDULER_cancel (handle->timeout_task);
520 if (NULL != handle->identity_handle) 524 if (NULL != handle->identity_handle)
521 GNUNET_IDENTITY_disconnect(handle->identity_handle); 525 GNUNET_IDENTITY_disconnect (handle->identity_handle);
522 if (NULL != handle->attr_it) 526 if (NULL != handle->attr_it)
523 GNUNET_RECLAIM_get_attributes_stop(handle->attr_it); 527 GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
524 if (NULL != handle->ticket_it) 528 if (NULL != handle->ticket_it)
525 GNUNET_RECLAIM_ticket_iteration_stop(handle->ticket_it); 529 GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
526 if (NULL != handle->idp) 530 if (NULL != handle->idp)
527 GNUNET_RECLAIM_disconnect(handle->idp); 531 GNUNET_RECLAIM_disconnect (handle->idp);
528 GNUNET_free_non_null(handle->url); 532 GNUNET_free_non_null (handle->url);
529 GNUNET_free_non_null(handle->tld); 533 GNUNET_free_non_null (handle->tld);
530 GNUNET_free_non_null(handle->redirect_prefix); 534 GNUNET_free_non_null (handle->redirect_prefix);
531 GNUNET_free_non_null(handle->redirect_suffix); 535 GNUNET_free_non_null (handle->redirect_suffix);
532 GNUNET_free_non_null(handle->emsg); 536 GNUNET_free_non_null (handle->emsg);
533 GNUNET_free_non_null(handle->edesc); 537 GNUNET_free_non_null (handle->edesc);
534 if (NULL != handle->gns_op) 538 if (NULL != handle->gns_op)
535 GNUNET_GNS_lookup_cancel(handle->gns_op); 539 GNUNET_GNS_lookup_cancel (handle->gns_op);
536 if (NULL != handle->gns_handle) 540 if (NULL != handle->gns_handle)
537 GNUNET_GNS_disconnect(handle->gns_handle); 541 GNUNET_GNS_disconnect (handle->gns_handle);
538 542
539 if (NULL != handle->namestore_handle) 543 if (NULL != handle->namestore_handle)
540 GNUNET_NAMESTORE_disconnect(handle->namestore_handle); 544 GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
541 if (NULL != handle->oidc) 545 if (NULL != handle->oidc)
542 { 546 {
543 GNUNET_free_non_null(handle->oidc->client_id); 547 GNUNET_free_non_null (handle->oidc->client_id);
544 GNUNET_free_non_null(handle->oidc->login_identity); 548 GNUNET_free_non_null (handle->oidc->login_identity);
545 GNUNET_free_non_null(handle->oidc->nonce); 549 GNUNET_free_non_null (handle->oidc->nonce);
546 GNUNET_free_non_null(handle->oidc->redirect_uri); 550 GNUNET_free_non_null (handle->oidc->redirect_uri);
547 GNUNET_free_non_null(handle->oidc->response_type); 551 GNUNET_free_non_null (handle->oidc->response_type);
548 GNUNET_free_non_null(handle->oidc->scope); 552 GNUNET_free_non_null (handle->oidc->scope);
549 GNUNET_free_non_null(handle->oidc->state); 553 GNUNET_free_non_null (handle->oidc->state);
550 json_decref(handle->oidc->response); 554 json_decref (handle->oidc->response);
551 GNUNET_free(handle->oidc); 555 GNUNET_free (handle->oidc);
552 } 556 }
553 if (NULL != handle->attr_list) 557 if (NULL != handle->attr_list)
558 {
559 for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;)
554 { 560 {
555 for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) 561 claim_tmp = claim_entry;
556 { 562 claim_entry = claim_entry->next;
557 claim_tmp = claim_entry; 563 GNUNET_free (claim_tmp->claim);
558 claim_entry = claim_entry->next; 564 GNUNET_free (claim_tmp);
559 GNUNET_free(claim_tmp->claim);
560 GNUNET_free(claim_tmp);
561 }
562 GNUNET_free(handle->attr_list);
563 } 565 }
566 GNUNET_free (handle->attr_list);
567 }
564 for (ego_entry = handle->ego_head; NULL != ego_entry;) 568 for (ego_entry = handle->ego_head; NULL != ego_entry;)
565 { 569 {
566 ego_tmp = ego_entry; 570 ego_tmp = ego_entry;
567 ego_entry = ego_entry->next; 571 ego_entry = ego_entry->next;
568 GNUNET_free(ego_tmp->identifier); 572 GNUNET_free (ego_tmp->identifier);
569 GNUNET_free(ego_tmp->keystring); 573 GNUNET_free (ego_tmp->keystring);
570 GNUNET_free(ego_tmp); 574 GNUNET_free (ego_tmp);
571 } 575 }
572 GNUNET_free(handle); 576 GNUNET_free (handle);
573} 577}
574 578
575static void 579static void
576cleanup_handle_delayed(void *cls) 580cleanup_handle_delayed (void *cls)
577{ 581{
578 cleanup_handle(cls); 582 cleanup_handle (cls);
579} 583}
580 584
581 585
@@ -585,30 +589,30 @@ cleanup_handle_delayed(void *cls)
585 * @param cls the `struct RequestHandle` 589 * @param cls the `struct RequestHandle`
586 */ 590 */
587static void 591static void
588do_error(void *cls) 592do_error (void *cls)
589{ 593{
590 struct RequestHandle *handle = cls; 594 struct RequestHandle *handle = cls;
591 struct MHD_Response *resp; 595 struct MHD_Response *resp;
592 char *json_error; 596 char *json_error;
593 597
594 GNUNET_asprintf(&json_error, 598 GNUNET_asprintf (&json_error,
595 "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", 599 "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
596 handle->emsg, 600 handle->emsg,
597 (NULL != handle->edesc) ? handle->edesc : "", 601 (NULL != handle->edesc) ? handle->edesc : "",
598 (NULL != handle->oidc->state) ? ", \"state\":\"" : "", 602 (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
599 (NULL != handle->oidc->state) ? handle->oidc->state : "", 603 (NULL != handle->oidc->state) ? handle->oidc->state : "",
600 (NULL != handle->oidc->state) ? "\"" : ""); 604 (NULL != handle->oidc->state) ? "\"" : "");
601 if (0 == handle->response_code) 605 if (0 == handle->response_code)
602 handle->response_code = MHD_HTTP_BAD_REQUEST; 606 handle->response_code = MHD_HTTP_BAD_REQUEST;
603 resp = GNUNET_REST_create_response(json_error); 607 resp = GNUNET_REST_create_response (json_error);
604 if (MHD_HTTP_UNAUTHORIZED == handle->response_code) 608 if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
605 MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); 609 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
606 MHD_add_response_header(resp, 610 MHD_add_response_header (resp,
607 MHD_HTTP_HEADER_CONTENT_TYPE, 611 MHD_HTTP_HEADER_CONTENT_TYPE,
608 "application/json"); 612 "application/json");
609 handle->proc(handle->proc_cls, resp, handle->response_code); 613 handle->proc (handle->proc_cls, resp, handle->response_code);
610 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 614 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
611 GNUNET_free(json_error); 615 GNUNET_free (json_error);
612} 616}
613 617
614 618
@@ -619,21 +623,21 @@ do_error(void *cls)
619 * @param cls the `struct RequestHandle` 623 * @param cls the `struct RequestHandle`
620 */ 624 */
621static void 625static void
622do_userinfo_error(void *cls) 626do_userinfo_error (void *cls)
623{ 627{
624 struct RequestHandle *handle = cls; 628 struct RequestHandle *handle = cls;
625 struct MHD_Response *resp; 629 struct MHD_Response *resp;
626 char *error; 630 char *error;
627 631
628 GNUNET_asprintf(&error, 632 GNUNET_asprintf (&error,
629 "error=\"%s\", error_description=\"%s\"", 633 "error=\"%s\", error_description=\"%s\"",
630 handle->emsg, 634 handle->emsg,
631 (NULL != handle->edesc) ? handle->edesc : ""); 635 (NULL != handle->edesc) ? handle->edesc : "");
632 resp = GNUNET_REST_create_response(""); 636 resp = GNUNET_REST_create_response ("");
633 MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); 637 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
634 handle->proc(handle->proc_cls, resp, handle->response_code); 638 handle->proc (handle->proc_cls, resp, handle->response_code);
635 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 639 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
636 GNUNET_free(error); 640 GNUNET_free (error);
637} 641}
638 642
639 643
@@ -643,24 +647,24 @@ do_userinfo_error(void *cls)
643 * @param cls the `struct RequestHandle` 647 * @param cls the `struct RequestHandle`
644 */ 648 */
645static void 649static void
646do_redirect_error(void *cls) 650do_redirect_error (void *cls)
647{ 651{
648 struct RequestHandle *handle = cls; 652 struct RequestHandle *handle = cls;
649 struct MHD_Response *resp; 653 struct MHD_Response *resp;
650 char *redirect; 654 char *redirect;
651 655
652 GNUNET_asprintf(&redirect, 656 GNUNET_asprintf (&redirect,
653 "%s?error=%s&error_description=%s%s%s", 657 "%s?error=%s&error_description=%s%s%s",
654 handle->oidc->redirect_uri, 658 handle->oidc->redirect_uri,
655 handle->emsg, 659 handle->emsg,
656 handle->edesc, 660 handle->edesc,
657 (NULL != handle->oidc->state) ? "&state=" : "", 661 (NULL != handle->oidc->state) ? "&state=" : "",
658 (NULL != handle->oidc->state) ? handle->oidc->state : ""); 662 (NULL != handle->oidc->state) ? handle->oidc->state : "");
659 resp = GNUNET_REST_create_response(""); 663 resp = GNUNET_REST_create_response ("");
660 MHD_add_response_header(resp, "Location", redirect); 664 MHD_add_response_header (resp, "Location", redirect);
661 handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); 665 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
662 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 666 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
663 GNUNET_free(redirect); 667 GNUNET_free (redirect);
664} 668}
665 669
666/** 670/**
@@ -669,12 +673,12 @@ do_redirect_error(void *cls)
669 * @param cls the `struct RequestHandle` 673 * @param cls the `struct RequestHandle`
670 */ 674 */
671static void 675static void
672do_timeout(void *cls) 676do_timeout (void *cls)
673{ 677{
674 struct RequestHandle *handle = cls; 678 struct RequestHandle *handle = cls;
675 679
676 handle->timeout_task = NULL; 680 handle->timeout_task = NULL;
677 do_error(handle); 681 do_error (handle);
678} 682}
679 683
680/** 684/**
@@ -683,18 +687,18 @@ do_timeout(void *cls)
683 * @param cls the request handle 687 * @param cls the request handle
684 */ 688 */
685static void 689static void
686return_userinfo_response(void *cls) 690return_userinfo_response (void *cls)
687{ 691{
688 char *result_str; 692 char *result_str;
689 struct RequestHandle *handle = cls; 693 struct RequestHandle *handle = cls;
690 struct MHD_Response *resp; 694 struct MHD_Response *resp;
691 695
692 result_str = json_dumps(handle->oidc->response, 0); 696 result_str = json_dumps (handle->oidc->response, 0);
693 697
694 resp = GNUNET_REST_create_response(result_str); 698 resp = GNUNET_REST_create_response (result_str);
695 handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); 699 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
696 GNUNET_free(result_str); 700 GNUNET_free (result_str);
697 cleanup_handle(handle); 701 cleanup_handle (handle);
698} 702}
699 703
700 704
@@ -706,18 +710,18 @@ return_userinfo_response(void *cls)
706 * @param cls the RequestHandle 710 * @param cls the RequestHandle
707 */ 711 */
708static void 712static void
709options_cont(struct GNUNET_REST_RequestHandle *con_handle, 713options_cont (struct GNUNET_REST_RequestHandle *con_handle,
710 const char *url, 714 const char *url,
711 void *cls) 715 void *cls)
712{ 716{
713 struct MHD_Response *resp; 717 struct MHD_Response *resp;
714 struct RequestHandle *handle = cls; 718 struct RequestHandle *handle = cls;
715 719
716 // For now, independent of path return all options 720 // For now, independent of path return all options
717 resp = GNUNET_REST_create_response(NULL); 721 resp = GNUNET_REST_create_response (NULL);
718 MHD_add_response_header(resp, "Access-Control-Allow-Methods", allow_methods); 722 MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
719 handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); 723 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
720 cleanup_handle(handle); 724 cleanup_handle (handle);
721 return; 725 return;
722} 726}
723 727
@@ -726,7 +730,7 @@ options_cont(struct GNUNET_REST_RequestHandle *con_handle,
726 * Interprets cookie header and pass its identity keystring to handle 730 * Interprets cookie header and pass its identity keystring to handle
727 */ 731 */
728static void 732static void
729cookie_identity_interpretation(struct RequestHandle *handle) 733cookie_identity_interpretation (struct RequestHandle *handle)
730{ 734{
731 struct GNUNET_HashCode cache_key; 735 struct GNUNET_HashCode cache_key;
732 char *cookies; 736 char *cookies;
@@ -737,143 +741,144 @@ cookie_identity_interpretation(struct RequestHandle *handle)
737 char *value; 741 char *value;
738 742
739 // gets identity of login try with cookie 743 // gets identity of login try with cookie
740 GNUNET_CRYPTO_hash(OIDC_COOKIE_HEADER_KEY, 744 GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY,
741 strlen(OIDC_COOKIE_HEADER_KEY), 745 strlen (OIDC_COOKIE_HEADER_KEY),
742 &cache_key); 746 &cache_key);
743 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle 747 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
744 ->header_param_map, 748 ->header_param_map,
745 &cache_key)) 749 &cache_key))
746 { 750 {
747 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); 751 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
748 return; 752 return;
749 } 753 }
750 // splits cookies and find 'Identity' cookie 754 // splits cookies and find 'Identity' cookie
751 tmp_cookies = 755 tmp_cookies =
752 GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, 756 GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
753 &cache_key); 757 &cache_key);
754 cookies = GNUNET_strdup(tmp_cookies); 758 cookies = GNUNET_strdup (tmp_cookies);
755 token = strtok(cookies, delimiter); 759 token = strtok (cookies, delimiter);
756 handle->oidc->user_cancelled = GNUNET_NO; 760 handle->oidc->user_cancelled = GNUNET_NO;
757 handle->oidc->login_identity = NULL; 761 handle->oidc->login_identity = NULL;
758 if (NULL == token) 762 if (NULL == token)
759 { 763 {
760 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, 764 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
761 "Unable to parse cookie: %s\n", 765 "Unable to parse cookie: %s\n",
762 cookies); 766 cookies);
763 GNUNET_free(cookies); 767 GNUNET_free (cookies);
764 return; 768 return;
765 } 769 }
766 770
767 while (NULL != token) 771 while (NULL != token)
772 {
773 if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED))
768 { 774 {
769 if (0 == strcmp(token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) 775 handle->oidc->user_cancelled = GNUNET_YES;
770 { 776 GNUNET_free (cookies);
771 handle->oidc->user_cancelled = GNUNET_YES;
772 GNUNET_free(cookies);
773 return;
774 }
775 if (NULL != strstr(token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
776 break;
777 token = strtok(NULL, delimiter);
778 }
779 if (NULL == token)
780 {
781 GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
782 "No cookie value to process: %s\n",
783 cookies);
784 GNUNET_free(cookies);
785 return; 777 return;
786 } 778 }
787 GNUNET_CRYPTO_hash(token, strlen(token), &cache_key); 779 if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
780 break;
781 token = strtok (NULL, delimiter);
782 }
783 if (NULL == token)
784 {
785 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
786 "No cookie value to process: %s\n",
787 cookies);
788 GNUNET_free (cookies);
789 return;
790 }
791 GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
788 if (GNUNET_NO == 792 if (GNUNET_NO ==
789 GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key)) 793 GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key))
790 { 794 {
791 GNUNET_log( 795 GNUNET_log (
792 GNUNET_ERROR_TYPE_WARNING, 796 GNUNET_ERROR_TYPE_WARNING,
793 "Found cookie `%s', but no corresponding expiration entry present...\n", 797 "Found cookie `%s', but no corresponding expiration entry present...\n",
794 token); 798 token);
795 GNUNET_free(cookies); 799 GNUNET_free (cookies);
796 return; 800 return;
797 } 801 }
798 relog_time = 802 relog_time =
799 GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); 803 GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
800 current_time = GNUNET_TIME_absolute_get(); 804 current_time = GNUNET_TIME_absolute_get ();
801 // 30 min after old login -> redirect to login 805 // 30 min after old login -> redirect to login
802 if (current_time.abs_value_us > relog_time->abs_value_us) 806 if (current_time.abs_value_us > relog_time->abs_value_us)
803 { 807 {
804 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 808 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
805 "Found cookie `%s', but it is expired.\n", 809 "Found cookie `%s', but it is expired.\n",
806 token); 810 token);
807 GNUNET_free(cookies); 811 GNUNET_free (cookies);
808 return; 812 return;
809 } 813 }
810 value = strtok(token, OIDC_COOKIE_HEADER_INFORMATION_KEY); 814 value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
811 GNUNET_assert(NULL != value); 815 GNUNET_assert (NULL != value);
812 handle->oidc->login_identity = GNUNET_strdup(value); 816 handle->oidc->login_identity = GNUNET_strdup (value);
813 GNUNET_free(cookies); 817 GNUNET_free (cookies);
814} 818}
815 819
816/** 820/**
817 * Redirects to login page stored in configuration file 821 * Redirects to login page stored in configuration file
818 */ 822 */
819static void 823static void
820login_redirect(void *cls) 824login_redirect (void *cls)
821{ 825{
822 char *login_base_url; 826 char *login_base_url;
823 char *new_redirect; 827 char *new_redirect;
824 struct MHD_Response *resp; 828 struct MHD_Response *resp;
825 struct RequestHandle *handle = cls; 829 struct RequestHandle *handle = cls;
826 830
827 if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg, 831 if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
828 "reclaim-rest-plugin", 832 "reclaim-rest-plugin",
829 "address", 833 "address",
830 &login_base_url)) 834 &login_base_url))
831 { 835 {
832 GNUNET_asprintf(&new_redirect, 836 GNUNET_asprintf (&new_redirect,
833 "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", 837 "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
834 login_base_url, 838 login_base_url,
835 OIDC_RESPONSE_TYPE_KEY, 839 OIDC_RESPONSE_TYPE_KEY,
836 handle->oidc->response_type, 840 handle->oidc->response_type,
837 OIDC_CLIENT_ID_KEY, 841 OIDC_CLIENT_ID_KEY,
838 handle->oidc->client_id, 842 handle->oidc->client_id,
839 OIDC_REDIRECT_URI_KEY, 843 OIDC_REDIRECT_URI_KEY,
840 handle->oidc->redirect_uri, 844 handle->oidc->redirect_uri,
841 OIDC_SCOPE_KEY, 845 OIDC_SCOPE_KEY,
842 handle->oidc->scope, 846 handle->oidc->scope,
843 OIDC_STATE_KEY, 847 OIDC_STATE_KEY,
844 (NULL != handle->oidc->state) ? handle->oidc->state : "", 848 (NULL != handle->oidc->state) ? handle->oidc->state : "",
845 OIDC_CODE_CHALLENGE_KEY, 849 OIDC_CODE_CHALLENGE_KEY,
846 (NULL != handle->oidc->code_challenge) ? handle->oidc->code_challenge : "", 850 (NULL != handle->oidc->code_challenge) ?
847 OIDC_NONCE_KEY, 851 handle->oidc->code_challenge : "",
848 (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); 852 OIDC_NONCE_KEY,
849 resp = GNUNET_REST_create_response(""); 853 (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "");
850 MHD_add_response_header(resp, "Location", new_redirect); 854 resp = GNUNET_REST_create_response ("");
851 GNUNET_free(login_base_url); 855 MHD_add_response_header (resp, "Location", new_redirect);
852 } 856 GNUNET_free (login_base_url);
857 }
853 else 858 else
854 { 859 {
855 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); 860 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
856 handle->edesc = GNUNET_strdup("gnunet configuration failed"); 861 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
857 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 862 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
858 GNUNET_SCHEDULER_add_now(&do_error, handle); 863 GNUNET_SCHEDULER_add_now (&do_error, handle);
859 return; 864 return;
860 } 865 }
861 handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); 866 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
862 GNUNET_free(new_redirect); 867 GNUNET_free (new_redirect);
863 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 868 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
864} 869}
865 870
866/** 871/**
867 * Does internal server error when iteration failed. 872 * Does internal server error when iteration failed.
868 */ 873 */
869static void 874static void
870oidc_iteration_error(void *cls) 875oidc_iteration_error (void *cls)
871{ 876{
872 struct RequestHandle *handle = cls; 877 struct RequestHandle *handle = cls;
873 878
874 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); 879 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
875 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 880 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
876 GNUNET_SCHEDULER_add_now(&do_error, handle); 881 GNUNET_SCHEDULER_add_now (&do_error, handle);
877} 882}
878 883
879 884
@@ -882,7 +887,7 @@ oidc_iteration_error(void *cls)
882 * parameter. Otherwise redirects with error 887 * parameter. Otherwise redirects with error
883 */ 888 */
884static void 889static void
885oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) 890oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
886{ 891{
887 struct RequestHandle *handle = cls; 892 struct RequestHandle *handle = cls;
888 struct MHD_Response *resp; 893 struct MHD_Response *resp;
@@ -892,72 +897,72 @@ oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
892 897
893 handle->idp_op = NULL; 898 handle->idp_op = NULL;
894 if (NULL == ticket) 899 if (NULL == ticket)
895 { 900 {
896 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); 901 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
897 handle->edesc = GNUNET_strdup("Server cannot generate ticket."); 902 handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
898 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 903 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
899 return; 904 return;
900 } 905 }
901 handle->ticket = *ticket; 906 handle->ticket = *ticket;
902 ticket_str = 907 ticket_str =
903 GNUNET_STRINGS_data_to_string_alloc(&handle->ticket, 908 GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
904 sizeof(struct GNUNET_RECLAIM_Ticket)); 909 sizeof(struct GNUNET_RECLAIM_Ticket));
905 // TODO change if more attributes are needed (see max_age) 910 // TODO change if more attributes are needed (see max_age)
906 code_string = OIDC_build_authz_code(&handle->priv_key, 911 code_string = OIDC_build_authz_code (&handle->priv_key,
907 &handle->ticket, 912 &handle->ticket,
908 handle->attr_list, 913 handle->attr_list,
909 handle->oidc->nonce, 914 handle->oidc->nonce,
910 handle->oidc->code_challenge); 915 handle->oidc->code_challenge);
911 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && 916 if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
912 (NULL != handle->tld)) 917 (NULL != handle->tld))
913 { 918 {
914 GNUNET_asprintf(&redirect_uri, 919 GNUNET_asprintf (&redirect_uri,
915 "%s.%s/%s?%s=%s&state=%s", 920 "%s.%s/%s?%s=%s&state=%s",
916 handle->redirect_prefix, 921 handle->redirect_prefix,
917 handle->tld, 922 handle->tld,
918 handle->redirect_suffix, 923 handle->redirect_suffix,
919 handle->oidc->response_type, 924 handle->oidc->response_type,
920 code_string, 925 code_string,
921 handle->oidc->state); 926 handle->oidc->state);
922 } 927 }
923 else 928 else
924 { 929 {
925 GNUNET_asprintf(&redirect_uri, 930 GNUNET_asprintf (&redirect_uri,
926 "%s?%s=%s&state=%s", 931 "%s?%s=%s&state=%s",
927 handle->oidc->redirect_uri, 932 handle->oidc->redirect_uri,
928 handle->oidc->response_type, 933 handle->oidc->response_type,
929 code_string, 934 code_string,
930 handle->oidc->state); 935 handle->oidc->state);
931 } 936 }
932 resp = GNUNET_REST_create_response(""); 937 resp = GNUNET_REST_create_response ("");
933 MHD_add_response_header(resp, "Location", redirect_uri); 938 MHD_add_response_header (resp, "Location", redirect_uri);
934 handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); 939 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
935 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 940 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
936 GNUNET_free(redirect_uri); 941 GNUNET_free (redirect_uri);
937 GNUNET_free(ticket_str); 942 GNUNET_free (ticket_str);
938 GNUNET_free(code_string); 943 GNUNET_free (code_string);
939} 944}
940 945
941static void 946static void
942oidc_collect_finished_cb(void *cls) 947oidc_collect_finished_cb (void *cls)
943{ 948{
944 struct RequestHandle *handle = cls; 949 struct RequestHandle *handle = cls;
945 950
946 handle->attr_it = NULL; 951 handle->attr_it = NULL;
947 handle->ticket_it = NULL; 952 handle->ticket_it = NULL;
948 if (NULL == handle->attr_list->list_head) 953 if (NULL == handle->attr_list->list_head)
949 { 954 {
950 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); 955 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
951 handle->edesc = GNUNET_strdup("The requested scope is not available."); 956 handle->edesc = GNUNET_strdup ("The requested scope is not available.");
952 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 957 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
953 return; 958 return;
954 } 959 }
955 handle->idp_op = GNUNET_RECLAIM_ticket_issue(handle->idp, 960 handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
956 &handle->priv_key, 961 &handle->priv_key,
957 &handle->oidc->client_pkey, 962 &handle->oidc->client_pkey,
958 handle->attr_list, 963 handle->attr_list,
959 &oidc_ticket_issue_cb, 964 &oidc_ticket_issue_cb,
960 handle); 965 handle);
961} 966}
962 967
963 968
@@ -965,9 +970,9 @@ oidc_collect_finished_cb(void *cls)
965 * Collects all attributes for an ego if in scope parameter 970 * Collects all attributes for an ego if in scope parameter
966 */ 971 */
967static void 972static void
968oidc_attr_collect(void *cls, 973oidc_attr_collect (void *cls,
969 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, 974 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
970 const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) 975 const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
971{ 976{
972 struct RequestHandle *handle = cls; 977 struct RequestHandle *handle = cls;
973 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; 978 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
@@ -976,38 +981,38 @@ oidc_attr_collect(void *cls,
976 char delimiter[] = " "; 981 char delimiter[] = " ";
977 982
978 if ((NULL == attr->name) || (NULL == attr->data)) 983 if ((NULL == attr->name) || (NULL == attr->data))
979 { 984 {
980 GNUNET_RECLAIM_get_attributes_next(handle->attr_it); 985 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
981 return; 986 return;
982 } 987 }
983 988
984 scope_variables = GNUNET_strdup(handle->oidc->scope); 989 scope_variables = GNUNET_strdup (handle->oidc->scope);
985 scope_variable = strtok(scope_variables, delimiter); 990 scope_variable = strtok (scope_variables, delimiter);
986 while (NULL != scope_variable) 991 while (NULL != scope_variable)
987 { 992 {
988 if (0 == strcmp(attr->name, scope_variable)) 993 if (0 == strcmp (attr->name, scope_variable))
989 break; 994 break;
990 scope_variable = strtok(NULL, delimiter); 995 scope_variable = strtok (NULL, delimiter);
991 } 996 }
992 if (NULL == scope_variable) 997 if (NULL == scope_variable)
993 { 998 {
994 GNUNET_RECLAIM_get_attributes_next(handle->attr_it); 999 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
995 GNUNET_free(scope_variables); 1000 GNUNET_free (scope_variables);
996 return; 1001 return;
997 } 1002 }
998 GNUNET_free(scope_variables); 1003 GNUNET_free (scope_variables);
999 1004
1000 le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); 1005 le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
1001 le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new(attr->name, 1006 le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
1002 attr->type, 1007 attr->type,
1003 attr->data, 1008 attr->data,
1004 attr->data_size); 1009 attr->data_size);
1005 le->claim->id = attr->id; 1010 le->claim->id = attr->id;
1006 le->claim->version = attr->version; 1011 le->claim->version = attr->version;
1007 GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, 1012 GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
1008 handle->attr_list->list_tail, 1013 handle->attr_list->list_tail,
1009 le); 1014 le);
1010 GNUNET_RECLAIM_get_attributes_next(handle->attr_it); 1015 GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
1011} 1016}
1012 1017
1013 1018
@@ -1015,7 +1020,7 @@ oidc_attr_collect(void *cls,
1015 * Checks time and cookie and redirects accordingly 1020 * Checks time and cookie and redirects accordingly
1016 */ 1021 */
1017static void 1022static void
1018code_redirect(void *cls) 1023code_redirect (void *cls)
1019{ 1024{
1020 struct RequestHandle *handle = cls; 1025 struct RequestHandle *handle = cls;
1021 struct GNUNET_TIME_Absolute current_time; 1026 struct GNUNET_TIME_Absolute current_time;
@@ -1025,111 +1030,111 @@ code_redirect(void *cls)
1025 struct GNUNET_HashCode cache_key; 1030 struct GNUNET_HashCode cache_key;
1026 char *identity_cookie; 1031 char *identity_cookie;
1027 1032
1028 GNUNET_asprintf(&identity_cookie, 1033 GNUNET_asprintf (&identity_cookie,
1029 "Identity=%s", 1034 "Identity=%s",
1030 handle->oidc->login_identity); 1035 handle->oidc->login_identity);
1031 GNUNET_CRYPTO_hash(identity_cookie, strlen(identity_cookie), &cache_key); 1036 GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
1032 GNUNET_free(identity_cookie); 1037 GNUNET_free (identity_cookie);
1033 // No login time for identity -> redirect to login 1038 // No login time for identity -> redirect to login
1034 if (GNUNET_YES == 1039 if (GNUNET_YES ==
1035 GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key)) 1040 GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key))
1036 { 1041 {
1037 relog_time = 1042 relog_time =
1038 GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); 1043 GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
1039 current_time = GNUNET_TIME_absolute_get(); 1044 current_time = GNUNET_TIME_absolute_get ();
1040 // 30 min after old login -> redirect to login 1045 // 30 min after old login -> redirect to login
1041 if (current_time.abs_value_us <= relog_time->abs_value_us) 1046 if (current_time.abs_value_us <= relog_time->abs_value_us)
1047 {
1048 if (GNUNET_OK !=
1049 GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc
1050 ->login_identity,
1051 strlen (
1052 handle->oidc
1053 ->login_identity),
1054 &pubkey))
1055 {
1056 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE);
1057 handle->edesc =
1058 GNUNET_strdup ("The cookie of a login identity is not valid");
1059 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1060 return;
1061 }
1062 // iterate over egos and compare their public key
1063 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1064 handle->ego_entry = handle->ego_entry->next)
1065 {
1066 GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
1067 if (0 == GNUNET_memcmp (&ego_pkey, &pubkey))
1042 { 1068 {
1043 if (GNUNET_OK != 1069 handle->priv_key =
1044 GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc 1070 *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
1045 ->login_identity, 1071 handle->idp = GNUNET_RECLAIM_connect (cfg);
1046 strlen( 1072 handle->attr_list =
1047 handle->oidc 1073 GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
1048 ->login_identity), 1074 handle->attr_it =
1049 &pubkey)) 1075 GNUNET_RECLAIM_get_attributes_start (handle->idp,
1050 { 1076 &handle->priv_key,
1051 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_COOKIE); 1077 &oidc_iteration_error,
1052 handle->edesc = 1078 handle,
1053 GNUNET_strdup("The cookie of a login identity is not valid"); 1079 &oidc_attr_collect,
1054 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1080 handle,
1055 return; 1081 &oidc_collect_finished_cb,
1056 } 1082 handle);
1057 // iterate over egos and compare their public key
1058 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1059 handle->ego_entry = handle->ego_entry->next)
1060 {
1061 GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego, &ego_pkey);
1062 if (0 == GNUNET_memcmp(&ego_pkey, &pubkey))
1063 {
1064 handle->priv_key =
1065 *GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego);
1066 handle->idp = GNUNET_RECLAIM_connect(cfg);
1067 handle->attr_list =
1068 GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
1069 handle->attr_it =
1070 GNUNET_RECLAIM_get_attributes_start(handle->idp,
1071 &handle->priv_key,
1072 &oidc_iteration_error,
1073 handle,
1074 &oidc_attr_collect,
1075 handle,
1076 &oidc_collect_finished_cb,
1077 handle);
1078 return;
1079 }
1080 }
1081 GNUNET_SCHEDULER_add_now(&login_redirect, handle);
1082 return; 1083 return;
1083 } 1084 }
1085 }
1086 GNUNET_SCHEDULER_add_now (&login_redirect, handle);
1087 return;
1084 } 1088 }
1089 }
1085} 1090}
1086 1091
1087 1092
1088static void 1093static void
1089build_redirect(void *cls) 1094build_redirect (void *cls)
1090{ 1095{
1091 struct RequestHandle *handle = cls; 1096 struct RequestHandle *handle = cls;
1092 struct MHD_Response *resp; 1097 struct MHD_Response *resp;
1093 char *redirect_uri; 1098 char *redirect_uri;
1094 1099
1095 if (GNUNET_YES == handle->oidc->user_cancelled) 1100 if (GNUNET_YES == handle->oidc->user_cancelled)
1096 { 1101 {
1097 if ((NULL != handle->redirect_prefix) && 1102 if ((NULL != handle->redirect_prefix) &&
1098 (NULL != handle->redirect_suffix) && (NULL != handle->tld)) 1103 (NULL != handle->redirect_suffix) && (NULL != handle->tld))
1099 { 1104 {
1100 GNUNET_asprintf(&redirect_uri, 1105 GNUNET_asprintf (&redirect_uri,
1101 "%s.%s/%s?error=%s&error_description=%s&state=%s", 1106 "%s.%s/%s?error=%s&error_description=%s&state=%s",
1102 handle->redirect_prefix, 1107 handle->redirect_prefix,
1103 handle->tld, 1108 handle->tld,
1104 handle->redirect_suffix, 1109 handle->redirect_suffix,
1105 "access_denied", 1110 "access_denied",
1106 "User denied access", 1111 "User denied access",
1107 handle->oidc->state); 1112 handle->oidc->state);
1108 } 1113 }
1109 else 1114 else
1110 { 1115 {
1111 GNUNET_asprintf(&redirect_uri, 1116 GNUNET_asprintf (&redirect_uri,
1112 "%s?error=%s&error_description=%s&state=%s", 1117 "%s?error=%s&error_description=%s&state=%s",
1113 handle->oidc->redirect_uri, 1118 handle->oidc->redirect_uri,
1114 "access_denied", 1119 "access_denied",
1115 "User denied access", 1120 "User denied access",
1116 handle->oidc->state); 1121 handle->oidc->state);
1117 } 1122 }
1118 resp = GNUNET_REST_create_response(""); 1123 resp = GNUNET_REST_create_response ("");
1119 MHD_add_response_header(resp, "Location", redirect_uri); 1124 MHD_add_response_header (resp, "Location", redirect_uri);
1120 handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); 1125 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1121 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 1126 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1122 GNUNET_free(redirect_uri); 1127 GNUNET_free (redirect_uri);
1123 return; 1128 return;
1124 } 1129 }
1125 GNUNET_SCHEDULER_add_now(&code_redirect, handle); 1130 GNUNET_SCHEDULER_add_now (&code_redirect, handle);
1126} 1131}
1127 1132
1128 1133
1129static void 1134static void
1130lookup_redirect_uri_result(void *cls, 1135lookup_redirect_uri_result (void *cls,
1131 uint32_t rd_count, 1136 uint32_t rd_count,
1132 const struct GNUNET_GNSRECORD_Data *rd) 1137 const struct GNUNET_GNSRECORD_Data *rd)
1133{ 1138{
1134 struct RequestHandle *handle = cls; 1139 struct RequestHandle *handle = cls;
1135 char *tmp; 1140 char *tmp;
@@ -1139,66 +1144,66 @@ lookup_redirect_uri_result(void *cls,
1139 1144
1140 handle->gns_op = NULL; 1145 handle->gns_op = NULL;
1141 if (0 == rd_count) 1146 if (0 == rd_count)
1142 { 1147 {
1143 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); 1148 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1144 handle->edesc = 1149 handle->edesc =
1145 GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); 1150 GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1146 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1151 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1147 return; 1152 return;
1148 } 1153 }
1149 for (int i = 0; i < rd_count; i++) 1154 for (int i = 0; i < rd_count; i++)
1150 { 1155 {
1151 if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) 1156 if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
1157 continue;
1158 if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size))
1159 continue;
1160 tmp = GNUNET_strndup (rd[i].data, rd[i].data_size);
1161 if (NULL == strstr (tmp, handle->oidc->client_id))
1162 {
1163 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1164 "Redirect uri %s does not contain client_id %s\n",
1165 tmp,
1166 handle->oidc->client_id);
1167 }
1168 else
1169 {
1170 pos = strrchr (tmp, (unsigned char) '.');
1171 if (NULL == pos)
1172 {
1173 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1174 "Redirect uri %s contains client_id but is malformed\n",
1175 tmp);
1176 GNUNET_free (tmp);
1152 continue; 1177 continue;
1153 if (0 != strncmp(rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) 1178 }
1179 *pos = '\0';
1180 handle->redirect_prefix = GNUNET_strdup (tmp);
1181 tmp_key_str = pos + 1;
1182 pos = strchr (tmp_key_str, (unsigned char) '/');
1183 if (NULL == pos)
1184 {
1185 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1186 "Redirect uri %s contains client_id but is malformed\n",
1187 tmp);
1188 GNUNET_free (tmp);
1154 continue; 1189 continue;
1155 tmp = GNUNET_strndup(rd[i].data, rd[i].data_size); 1190 }
1156 if (NULL == strstr(tmp, handle->oidc->client_id)) 1191 *pos = '\0';
1157 { 1192 handle->redirect_suffix = GNUNET_strdup (pos + 1);
1158 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 1193
1159 "Redirect uri %s does not contain client_id %s\n", 1194 GNUNET_STRINGS_string_to_data (tmp_key_str,
1160 tmp, 1195 strlen (tmp_key_str),
1161 handle->oidc->client_id); 1196 &redirect_zone,
1162 } 1197 sizeof(redirect_zone));
1163 else 1198 }
1164 { 1199 GNUNET_SCHEDULER_add_now (&build_redirect, handle);
1165 pos = strrchr(tmp, (unsigned char)'.'); 1200 GNUNET_free (tmp);
1166 if (NULL == pos) 1201 return;
1167 { 1202 }
1168 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 1203 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1169 "Redirect uri %s contains client_id but is malformed\n",
1170 tmp);
1171 GNUNET_free(tmp);
1172 continue;
1173 }
1174 *pos = '\0';
1175 handle->redirect_prefix = GNUNET_strdup(tmp);
1176 tmp_key_str = pos + 1;
1177 pos = strchr(tmp_key_str, (unsigned char)'/');
1178 if (NULL == pos)
1179 {
1180 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
1181 "Redirect uri %s contains client_id but is malformed\n",
1182 tmp);
1183 GNUNET_free(tmp);
1184 continue;
1185 }
1186 *pos = '\0';
1187 handle->redirect_suffix = GNUNET_strdup(pos + 1);
1188
1189 GNUNET_STRINGS_string_to_data(tmp_key_str,
1190 strlen(tmp_key_str),
1191 &redirect_zone,
1192 sizeof(redirect_zone));
1193 }
1194 GNUNET_SCHEDULER_add_now(&build_redirect, handle);
1195 GNUNET_free(tmp);
1196 return;
1197 }
1198 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
1199 handle->edesc = 1204 handle->edesc =
1200 GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); 1205 GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1201 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1206 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1202} 1207}
1203 1208
1204 1209
@@ -1206,37 +1211,37 @@ lookup_redirect_uri_result(void *cls,
1206 * Initiate redirect back to client. 1211 * Initiate redirect back to client.
1207 */ 1212 */
1208static void 1213static void
1209client_redirect(void *cls) 1214client_redirect (void *cls)
1210{ 1215{
1211 struct RequestHandle *handle = cls; 1216 struct RequestHandle *handle = cls;
1212 1217
1213 /* Lookup client redirect uri to verify request */ 1218 /* Lookup client redirect uri to verify request */
1214 handle->gns_op = 1219 handle->gns_op =
1215 GNUNET_GNS_lookup(handle->gns_handle, 1220 GNUNET_GNS_lookup (handle->gns_handle,
1216 GNUNET_GNS_EMPTY_LABEL_AT, 1221 GNUNET_GNS_EMPTY_LABEL_AT,
1217 &handle->oidc->client_pkey, 1222 &handle->oidc->client_pkey,
1218 GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, 1223 GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
1219 GNUNET_GNS_LO_DEFAULT, 1224 GNUNET_GNS_LO_DEFAULT,
1220 &lookup_redirect_uri_result, 1225 &lookup_redirect_uri_result,
1221 handle); 1226 handle);
1222} 1227}
1223 1228
1224static char * 1229static char *
1225get_url_parameter_copy(const struct RequestHandle *handle, const char *key) 1230get_url_parameter_copy (const struct RequestHandle *handle, const char *key)
1226{ 1231{
1227 struct GNUNET_HashCode hc; 1232 struct GNUNET_HashCode hc;
1228 char *value; 1233 char *value;
1229 1234
1230 GNUNET_CRYPTO_hash(key, strlen(key), &hc); 1235 GNUNET_CRYPTO_hash (key, strlen (key), &hc);
1231 if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle 1236 if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1232 ->url_param_map, 1237 ->url_param_map,
1233 &hc)) 1238 &hc))
1234 return NULL; 1239 return NULL;
1235 value = 1240 value =
1236 GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &hc); 1241 GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, &hc);
1237 if (NULL == value) 1242 if (NULL == value)
1238 return NULL; 1243 return NULL;
1239 return GNUNET_strdup(value); 1244 return GNUNET_strdup (value);
1240} 1245}
1241 1246
1242 1247
@@ -1247,7 +1252,7 @@ get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
1247 * @param cls the `struct RequestHandle` 1252 * @param cls the `struct RequestHandle`
1248 */ 1253 */
1249static void 1254static void
1250build_authz_response(void *cls) 1255build_authz_response (void *cls)
1251{ 1256{
1252 struct RequestHandle *handle = cls; 1257 struct RequestHandle *handle = cls;
1253 struct GNUNET_HashCode cache_key; 1258 struct GNUNET_HashCode cache_key;
@@ -1259,117 +1264,117 @@ build_authz_response(void *cls)
1259 1264
1260 // REQUIRED value: redirect_uri 1265 // REQUIRED value: redirect_uri
1261 handle->oidc->redirect_uri = 1266 handle->oidc->redirect_uri =
1262 get_url_parameter_copy(handle, OIDC_REDIRECT_URI_KEY); 1267 get_url_parameter_copy (handle, OIDC_REDIRECT_URI_KEY);
1263 if (NULL == handle->oidc->redirect_uri) 1268 if (NULL == handle->oidc->redirect_uri)
1264 { 1269 {
1265 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1270 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1266 handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); 1271 handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1267 GNUNET_SCHEDULER_add_now(&do_error, handle); 1272 GNUNET_SCHEDULER_add_now (&do_error, handle);
1268 return; 1273 return;
1269 } 1274 }
1270 1275
1271 // REQUIRED value: response_type 1276 // REQUIRED value: response_type
1272 handle->oidc->response_type = 1277 handle->oidc->response_type =
1273 get_url_parameter_copy(handle, OIDC_RESPONSE_TYPE_KEY); 1278 get_url_parameter_copy (handle, OIDC_RESPONSE_TYPE_KEY);
1274 if (NULL == handle->oidc->response_type) 1279 if (NULL == handle->oidc->response_type)
1275 { 1280 {
1276 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1281 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1277 handle->edesc = GNUNET_strdup("missing parameter response_type"); 1282 handle->edesc = GNUNET_strdup ("missing parameter response_type");
1278 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1283 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1279 return; 1284 return;
1280 } 1285 }
1281 1286
1282 // REQUIRED value: scope 1287 // REQUIRED value: scope
1283 handle->oidc->scope = get_url_parameter_copy(handle, OIDC_SCOPE_KEY); 1288 handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1284 if (NULL == handle->oidc->scope) 1289 if (NULL == handle->oidc->scope)
1285 { 1290 {
1286 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); 1291 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
1287 handle->edesc = GNUNET_strdup("missing parameter scope"); 1292 handle->edesc = GNUNET_strdup ("missing parameter scope");
1288 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1293 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1289 return; 1294 return;
1290 } 1295 }
1291 1296
1292 // OPTIONAL value: nonce 1297 // OPTIONAL value: nonce
1293 handle->oidc->nonce = get_url_parameter_copy(handle, OIDC_NONCE_KEY); 1298 handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY);
1294 1299
1295 // TODO check other values if needed 1300 // TODO check other values if needed
1296 number_of_ignored_parameter = 1301 number_of_ignored_parameter =
1297 sizeof(OIDC_ignored_parameter_array) / sizeof(char *); 1302 sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
1298 for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) 1303 for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
1299 { 1304 {
1300 GNUNET_CRYPTO_hash(OIDC_ignored_parameter_array[iterator], 1305 GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
1301 strlen(OIDC_ignored_parameter_array[iterator]), 1306 strlen (OIDC_ignored_parameter_array[iterator]),
1302 &cache_key); 1307 &cache_key);
1303 if (GNUNET_YES == 1308 if (GNUNET_YES ==
1304 GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle 1309 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1305 ->url_param_map, 1310 ->url_param_map,
1306 &cache_key)) 1311 &cache_key))
1307 { 1312 {
1308 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_ACCESS_DENIED); 1313 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED);
1309 GNUNET_asprintf(&handle->edesc, 1314 GNUNET_asprintf (&handle->edesc,
1310 "Server will not handle parameter: %s", 1315 "Server will not handle parameter: %s",
1311 OIDC_ignored_parameter_array[iterator]); 1316 OIDC_ignored_parameter_array[iterator]);
1312 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1317 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1313 return; 1318 return;
1314 }
1315 } 1319 }
1320 }
1316 1321
1317 // We only support authorization code flows. 1322 // We only support authorization code flows.
1318 if (0 != strcmp(handle->oidc->response_type, 1323 if (0 != strcmp (handle->oidc->response_type,
1319 OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) 1324 OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE))
1320 { 1325 {
1321 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); 1326 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE);
1322 handle->edesc = GNUNET_strdup("The authorization server does not support " 1327 handle->edesc = GNUNET_strdup ("The authorization server does not support "
1323 "obtaining this authorization code."); 1328 "obtaining this authorization code.");
1324 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1329 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1325 return; 1330 return;
1326 } 1331 }
1327 1332
1328 // Checks if scope contains 'openid' 1333 // Checks if scope contains 'openid'
1329 expected_scope = GNUNET_strdup(handle->oidc->scope); 1334 expected_scope = GNUNET_strdup (handle->oidc->scope);
1330 char *test; 1335 char *test;
1331 test = strtok(expected_scope, delimiter); 1336 test = strtok (expected_scope, delimiter);
1332 while (NULL != test) 1337 while (NULL != test)
1333 { 1338 {
1334 if (0 == strcmp(OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) 1339 if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
1335 break; 1340 break;
1336 test = strtok(NULL, delimiter); 1341 test = strtok (NULL, delimiter);
1337 } 1342 }
1338 if (NULL == test) 1343 if (NULL == test)
1339 { 1344 {
1340 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); 1345 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
1341 handle->edesc = 1346 handle->edesc =
1342 GNUNET_strdup("The requested scope is invalid, unknown, or malformed."); 1347 GNUNET_strdup ("The requested scope is invalid, unknown, or malformed.");
1343 GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); 1348 GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
1344 GNUNET_free(expected_scope); 1349 GNUNET_free (expected_scope);
1345 return; 1350 return;
1346 } 1351 }
1347 1352
1348 GNUNET_free(expected_scope); 1353 GNUNET_free (expected_scope);
1349 if ((NULL == handle->oidc->login_identity) && 1354 if ((NULL == handle->oidc->login_identity) &&
1350 (GNUNET_NO == handle->oidc->user_cancelled)) 1355 (GNUNET_NO == handle->oidc->user_cancelled))
1351 GNUNET_SCHEDULER_add_now(&login_redirect, handle); 1356 GNUNET_SCHEDULER_add_now (&login_redirect, handle);
1352 else 1357 else
1353 GNUNET_SCHEDULER_add_now(&client_redirect, handle); 1358 GNUNET_SCHEDULER_add_now (&client_redirect, handle);
1354} 1359}
1355 1360
1356/** 1361/**
1357 * Iterate over tlds in config 1362 * Iterate over tlds in config
1358 */ 1363 */
1359static void 1364static void
1360tld_iter(void *cls, const char *section, const char *option, const char *value) 1365tld_iter (void *cls, const char *section, const char *option, const char *value)
1361{ 1366{
1362 struct RequestHandle *handle = cls; 1367 struct RequestHandle *handle = cls;
1363 struct GNUNET_CRYPTO_EcdsaPublicKey pkey; 1368 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
1364 1369
1365 if (GNUNET_OK != 1370 if (GNUNET_OK !=
1366 GNUNET_CRYPTO_ecdsa_public_key_from_string(value, strlen(value), &pkey)) 1371 GNUNET_CRYPTO_ecdsa_public_key_from_string (value, strlen (value), &pkey))
1367 { 1372 {
1368 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); 1373 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
1369 return; 1374 return;
1370 } 1375 }
1371 if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey)) 1376 if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1372 handle->tld = GNUNET_strdup(option + 1); 1377 handle->tld = GNUNET_strdup (option + 1);
1373} 1378}
1374 1379
1375/** 1380/**
@@ -1380,70 +1385,71 @@ tld_iter(void *cls, const char *section, const char *option, const char *value)
1380 * @param cls the RequestHandle 1385 * @param cls the RequestHandle
1381 */ 1386 */
1382static void 1387static void
1383authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, 1388authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1384 const char *url, 1389 const char *url,
1385 void *cls) 1390 void *cls)
1386{ 1391{
1387 struct RequestHandle *handle = cls; 1392 struct RequestHandle *handle = cls;
1388 struct EgoEntry *tmp_ego; 1393 struct EgoEntry *tmp_ego;
1389 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; 1394 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
1390 struct GNUNET_CRYPTO_EcdsaPublicKey pkey; 1395 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
1391 1396
1392 cookie_identity_interpretation(handle); 1397 cookie_identity_interpretation (handle);
1393 1398
1394 // RECOMMENDED value: state - REQUIRED for answers 1399 // RECOMMENDED value: state - REQUIRED for answers
1395 handle->oidc->state = get_url_parameter_copy(handle, OIDC_STATE_KEY); 1400 handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY);
1396 1401
1397 // REQUIRED value: client_id 1402 // REQUIRED value: client_id
1398 handle->oidc->client_id = get_url_parameter_copy(handle, OIDC_CLIENT_ID_KEY); 1403 handle->oidc->client_id = get_url_parameter_copy (handle, OIDC_CLIENT_ID_KEY);
1399 if (NULL == handle->oidc->client_id) 1404 if (NULL == handle->oidc->client_id)
1400 { 1405 {
1401 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1406 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1402 handle->edesc = GNUNET_strdup("missing parameter client_id"); 1407 handle->edesc = GNUNET_strdup ("missing parameter client_id");
1403 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1408 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1404 GNUNET_SCHEDULER_add_now(&do_error, handle); 1409 GNUNET_SCHEDULER_add_now (&do_error, handle);
1405 return; 1410 return;
1406 } 1411 }
1407 1412
1408 // OPTIONAL value: code_challenge 1413 // OPTIONAL value: code_challenge
1409 handle->oidc->code_challenge = get_url_parameter_copy(handle, OIDC_CODE_CHALLENGE_KEY); 1414 handle->oidc->code_challenge = get_url_parameter_copy (handle,
1415 OIDC_CODE_CHALLENGE_KEY);
1410 if (NULL == handle->oidc->code_challenge) 1416 if (NULL == handle->oidc->code_challenge)
1411 { 1417 {
1412 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 1418 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1413 "OAuth authorization request does not contain PKCE parameters!\n"); 1419 "OAuth authorization request does not contain PKCE parameters!\n");
1414 } 1420 }
1415 1421
1416 if (GNUNET_OK != 1422 if (GNUNET_OK !=
1417 GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc->client_id, 1423 GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
1418 strlen( 1424 strlen (
1419 handle->oidc->client_id), 1425 handle->oidc->client_id),
1420 &handle->oidc->client_pkey)) 1426 &handle->oidc->client_pkey))
1421 { 1427 {
1422 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); 1428 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
1423 handle->edesc = GNUNET_strdup("The client is not authorized to request an " 1429 handle->edesc = GNUNET_strdup ("The client is not authorized to request an "
1424 "authorization code using this method."); 1430 "authorization code using this method.");
1425 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1431 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1426 GNUNET_SCHEDULER_add_now(&do_error, handle); 1432 GNUNET_SCHEDULER_add_now (&do_error, handle);
1427 return; 1433 return;
1428 } 1434 }
1429 1435
1430 // If we know this identity, translated the corresponding TLD 1436 // If we know this identity, translated the corresponding TLD
1431 // TODO: We might want to have a reverse lookup functionality for TLDs? 1437 // TODO: We might want to have a reverse lookup functionality for TLDs?
1432 for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) 1438 for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
1439 {
1440 priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
1441 GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey);
1442 if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1433 { 1443 {
1434 priv_key = GNUNET_IDENTITY_ego_get_private_key(tmp_ego->ego); 1444 handle->tld = GNUNET_strdup (tmp_ego->identifier);
1435 GNUNET_CRYPTO_ecdsa_key_get_public(priv_key, &pkey); 1445 handle->ego_entry = handle->ego_tail;
1436 if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey))
1437 {
1438 handle->tld = GNUNET_strdup(tmp_ego->identifier);
1439 handle->ego_entry = handle->ego_tail;
1440 }
1441 } 1446 }
1447 }
1442 if (NULL == handle->tld) 1448 if (NULL == handle->tld)
1443 GNUNET_CONFIGURATION_iterate_section_values(cfg, "gns", tld_iter, handle); 1449 GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle);
1444 if (NULL == handle->tld) 1450 if (NULL == handle->tld)
1445 handle->tld = GNUNET_strdup(handle->oidc->client_id); 1451 handle->tld = GNUNET_strdup (handle->oidc->client_id);
1446 GNUNET_SCHEDULER_add_now(&build_authz_response, handle); 1452 GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
1447} 1453}
1448 1454
1449/** 1455/**
@@ -1454,11 +1460,11 @@ authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
1454 * @param cls the RequestHandle 1460 * @param cls the RequestHandle
1455 */ 1461 */
1456static void 1462static void
1457login_cont(struct GNUNET_REST_RequestHandle *con_handle, 1463login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1458 const char *url, 1464 const char *url,
1459 void *cls) 1465 void *cls)
1460{ 1466{
1461 struct MHD_Response *resp = GNUNET_REST_create_response(""); 1467 struct MHD_Response *resp = GNUNET_REST_create_response ("");
1462 struct RequestHandle *handle = cls; 1468 struct RequestHandle *handle = cls;
1463 struct GNUNET_HashCode cache_key; 1469 struct GNUNET_HashCode cache_key;
1464 struct GNUNET_TIME_Absolute *current_time; 1470 struct GNUNET_TIME_Absolute *current_time;
@@ -1471,54 +1477,54 @@ login_cont(struct GNUNET_REST_RequestHandle *con_handle,
1471 char term_data[handle->rest_handle->data_size + 1]; 1477 char term_data[handle->rest_handle->data_size + 1];
1472 1478
1473 term_data[handle->rest_handle->data_size] = '\0'; 1479 term_data[handle->rest_handle->data_size] = '\0';
1474 GNUNET_memcpy(term_data, 1480 GNUNET_memcpy (term_data,
1475 handle->rest_handle->data, 1481 handle->rest_handle->data,
1476 handle->rest_handle->data_size); 1482 handle->rest_handle->data_size);
1477 root = json_loads(term_data, JSON_DECODE_ANY, &error); 1483 root = json_loads (term_data, JSON_DECODE_ANY, &error);
1478 identity = json_object_get(root, "identity"); 1484 identity = json_object_get (root, "identity");
1479 if (!json_is_string(identity)) 1485 if (! json_is_string (identity))
1480 { 1486 {
1481 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, 1487 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1482 "Error parsing json string from %s\n", 1488 "Error parsing json string from %s\n",
1483 term_data); 1489 term_data);
1484 handle->proc(handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); 1490 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1485 json_decref(root); 1491 json_decref (root);
1486 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 1492 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1487 return; 1493 return;
1488 } 1494 }
1489 GNUNET_asprintf(&cookie, "Identity=%s", json_string_value(identity)); 1495 GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
1490 GNUNET_asprintf(&header_val, 1496 GNUNET_asprintf (&header_val,
1491 "%s;Max-Age=%d", 1497 "%s;Max-Age=%d",
1492 cookie, 1498 cookie,
1493 OIDC_COOKIE_EXPIRATION); 1499 OIDC_COOKIE_EXPIRATION);
1494 MHD_add_response_header(resp, "Set-Cookie", header_val); 1500 MHD_add_response_header (resp, "Set-Cookie", header_val);
1495 MHD_add_response_header(resp, "Access-Control-Allow-Methods", "POST"); 1501 MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
1496 GNUNET_CRYPTO_hash(cookie, strlen(cookie), &cache_key); 1502 GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
1497 1503
1498 if (0 != strcmp(json_string_value(identity), "Denied")) 1504 if (0 != strcmp (json_string_value (identity), "Denied"))
1499 { 1505 {
1500 current_time = GNUNET_new(struct GNUNET_TIME_Absolute); 1506 current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
1501 *current_time = GNUNET_TIME_relative_to_absolute( 1507 *current_time = GNUNET_TIME_relative_to_absolute (
1502 GNUNET_TIME_relative_multiply(GNUNET_TIME_relative_get_second_(), 1508 GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
1503 OIDC_COOKIE_EXPIRATION)); 1509 OIDC_COOKIE_EXPIRATION));
1504 last_time = 1510 last_time =
1505 GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); 1511 GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
1506 GNUNET_free_non_null(last_time); 1512 GNUNET_free_non_null (last_time);
1507 GNUNET_CONTAINER_multihashmap_put(OIDC_cookie_jar_map, 1513 GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map,
1508 &cache_key, 1514 &cache_key,
1509 current_time, 1515 current_time,
1510 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); 1516 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1511 } 1517 }
1512 handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); 1518 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1513 GNUNET_free(cookie); 1519 GNUNET_free (cookie);
1514 GNUNET_free(header_val); 1520 GNUNET_free (header_val);
1515 json_decref(root); 1521 json_decref (root);
1516 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 1522 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1517} 1523}
1518 1524
1519static int 1525static int
1520check_authorization(struct RequestHandle *handle, 1526check_authorization (struct RequestHandle *handle,
1521 struct GNUNET_CRYPTO_EcdsaPublicKey *cid) 1527 struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
1522{ 1528{
1523 struct GNUNET_HashCode cache_key; 1529 struct GNUNET_HashCode cache_key;
1524 char *authorization; 1530 char *authorization;
@@ -1528,146 +1534,146 @@ check_authorization(struct RequestHandle *handle,
1528 char *pass; 1534 char *pass;
1529 char *expected_pass; 1535 char *expected_pass;
1530 1536
1531 GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY, 1537 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
1532 strlen(OIDC_AUTHORIZATION_HEADER_KEY), 1538 strlen (OIDC_AUTHORIZATION_HEADER_KEY),
1533 &cache_key); 1539 &cache_key);
1534 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle 1540 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1535 ->header_param_map, 1541 ->header_param_map,
1536 &cache_key)) 1542 &cache_key))
1537 { 1543 {
1538 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1544 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1539 handle->edesc = GNUNET_strdup("missing authorization"); 1545 handle->edesc = GNUNET_strdup ("missing authorization");
1540 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1546 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1541 return GNUNET_SYSERR; 1547 return GNUNET_SYSERR;
1542 } 1548 }
1543 authorization = 1549 authorization =
1544 GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, 1550 GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
1545 &cache_key); 1551 &cache_key);
1546 1552
1547 // split header in "Basic" and [content] 1553 // split header in "Basic" and [content]
1548 credentials = strtok(authorization, " "); 1554 credentials = strtok (authorization, " ");
1549 if ((NULL == credentials) || (0 != strcmp("Basic", credentials))) 1555 if ((NULL == credentials) || (0 != strcmp ("Basic", credentials)))
1550 { 1556 {
1551 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1557 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1552 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1558 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1553 return GNUNET_SYSERR; 1559 return GNUNET_SYSERR;
1554 } 1560 }
1555 credentials = strtok(NULL, " "); 1561 credentials = strtok (NULL, " ");
1556 if (NULL == credentials) 1562 if (NULL == credentials)
1557 { 1563 {
1558 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1564 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1559 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1565 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1560 return GNUNET_SYSERR; 1566 return GNUNET_SYSERR;
1561 } 1567 }
1562 GNUNET_STRINGS_base64_decode(credentials, 1568 GNUNET_STRINGS_base64_decode (credentials,
1563 strlen(credentials), 1569 strlen (credentials),
1564 (void **)&basic_authorization); 1570 (void **) &basic_authorization);
1565 1571
1566 if (NULL == basic_authorization) 1572 if (NULL == basic_authorization)
1567 { 1573 {
1568 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1574 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1569 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1575 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1570 return GNUNET_SYSERR; 1576 return GNUNET_SYSERR;
1571 } 1577 }
1572 client_id = strtok(basic_authorization, ":"); 1578 client_id = strtok (basic_authorization, ":");
1573 if (NULL == client_id) 1579 if (NULL == client_id)
1574 { 1580 {
1575 GNUNET_free_non_null(basic_authorization); 1581 GNUNET_free_non_null (basic_authorization);
1576 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1582 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1577 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1583 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1578 return GNUNET_SYSERR; 1584 return GNUNET_SYSERR;
1579 } 1585 }
1580 pass = strtok(NULL, ":"); 1586 pass = strtok (NULL, ":");
1581 if (NULL == pass) 1587 if (NULL == pass)
1582 { 1588 {
1583 GNUNET_free_non_null(basic_authorization); 1589 GNUNET_free_non_null (basic_authorization);
1584 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1590 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1585 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1591 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1586 return GNUNET_SYSERR; 1592 return GNUNET_SYSERR;
1587 } 1593 }
1588 1594
1589 // check client password 1595 // check client password
1590 if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg, 1596 if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
1591 "reclaim-rest-plugin", 1597 "reclaim-rest-plugin",
1592 "OIDC_CLIENT_SECRET", 1598 "OIDC_CLIENT_SECRET",
1593 &expected_pass)) 1599 &expected_pass))
1594 { 1600 {
1595 if (0 != strcmp(expected_pass, pass)) 1601 if (0 != strcmp (expected_pass, pass))
1596 { 1602 {
1597 GNUNET_free_non_null(basic_authorization); 1603 GNUNET_free_non_null (basic_authorization);
1598 GNUNET_free(expected_pass); 1604 GNUNET_free (expected_pass);
1599 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1605 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1600 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1606 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1601 return GNUNET_SYSERR;
1602 }
1603 GNUNET_free(expected_pass);
1604 }
1605 else
1606 {
1607 GNUNET_free_non_null(basic_authorization);
1608 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
1609 handle->edesc = GNUNET_strdup("gnunet configuration failed");
1610 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1611 return GNUNET_SYSERR; 1607 return GNUNET_SYSERR;
1612 } 1608 }
1609 GNUNET_free (expected_pass);
1610 }
1611 else
1612 {
1613 GNUNET_free_non_null (basic_authorization);
1614 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1615 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1616 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1617 return GNUNET_SYSERR;
1618 }
1613 1619
1614 // check client_id 1620 // check client_id
1615 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; 1621 for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1616 handle->ego_entry = handle->ego_entry->next) 1622 handle->ego_entry = handle->ego_entry->next)
1617 { 1623 {
1618 if (0 == strcmp(handle->ego_entry->keystring, client_id)) 1624 if (0 == strcmp (handle->ego_entry->keystring, client_id))
1619 break; 1625 break;
1620 } 1626 }
1621 if (NULL == handle->ego_entry) 1627 if (NULL == handle->ego_entry)
1622 { 1628 {
1623 GNUNET_free_non_null(basic_authorization); 1629 GNUNET_free_non_null (basic_authorization);
1624 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); 1630 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1625 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1631 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1626 return GNUNET_SYSERR; 1632 return GNUNET_SYSERR;
1627 } 1633 }
1628 GNUNET_STRINGS_string_to_data(client_id, 1634 GNUNET_STRINGS_string_to_data (client_id,
1629 strlen(client_id), 1635 strlen (client_id),
1630 cid, 1636 cid,
1631 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); 1637 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
1632 1638
1633 GNUNET_free(basic_authorization); 1639 GNUNET_free (basic_authorization);
1634 return GNUNET_OK; 1640 return GNUNET_OK;
1635} 1641}
1636 1642
1637const struct EgoEntry * 1643const struct EgoEntry *
1638find_ego(struct RequestHandle *handle, 1644find_ego (struct RequestHandle *handle,
1639 struct GNUNET_CRYPTO_EcdsaPublicKey *test_key) 1645 struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
1640{ 1646{
1641 struct EgoEntry *ego_entry; 1647 struct EgoEntry *ego_entry;
1642 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; 1648 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
1643 1649
1644 for (ego_entry = handle->ego_head; NULL != ego_entry; 1650 for (ego_entry = handle->ego_head; NULL != ego_entry;
1645 ego_entry = ego_entry->next) 1651 ego_entry = ego_entry->next)
1646 { 1652 {
1647 GNUNET_IDENTITY_ego_get_public_key(ego_entry->ego, &pub_key); 1653 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
1648 if (0 == GNUNET_memcmp(&pub_key, test_key)) 1654 if (0 == GNUNET_memcmp (&pub_key, test_key))
1649 return ego_entry; 1655 return ego_entry;
1650 } 1656 }
1651 return NULL; 1657 return NULL;
1652} 1658}
1653 1659
1654static void 1660static void
1655persist_access_token(const struct RequestHandle *handle, 1661persist_access_token (const struct RequestHandle *handle,
1656 const char *access_token, 1662 const char *access_token,
1657 const struct GNUNET_RECLAIM_Ticket *ticket) 1663 const struct GNUNET_RECLAIM_Ticket *ticket)
1658{ 1664{
1659 struct GNUNET_HashCode hc; 1665 struct GNUNET_HashCode hc;
1660 struct GNUNET_RECLAIM_Ticket *ticketbuf; 1666 struct GNUNET_RECLAIM_Ticket *ticketbuf;
1661 1667
1662 GNUNET_CRYPTO_hash(access_token, strlen(access_token), &hc); 1668 GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
1663 ticketbuf = GNUNET_new(struct GNUNET_RECLAIM_Ticket); 1669 ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
1664 *ticketbuf = *ticket; 1670 *ticketbuf = *ticket;
1665 GNUNET_assert(GNUNET_SYSERR != 1671 GNUNET_assert (GNUNET_SYSERR !=
1666 GNUNET_CONTAINER_multihashmap_put( 1672 GNUNET_CONTAINER_multihashmap_put (
1667 OIDC_access_token_map, 1673 OIDC_access_token_map,
1668 &hc, 1674 &hc,
1669 ticketbuf, 1675 ticketbuf,
1670 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); 1676 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1671} 1677}
1672 1678
1673/** 1679/**
@@ -1678,9 +1684,9 @@ persist_access_token(const struct RequestHandle *handle,
1678 * @param cls the RequestHandle 1684 * @param cls the RequestHandle
1679 */ 1685 */
1680static void 1686static void
1681token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, 1687token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1682 const char *url, 1688 const char *url,
1683 void *cls) 1689 void *cls)
1684{ 1690{
1685 struct RequestHandle *handle = cls; 1691 struct RequestHandle *handle = cls;
1686 const struct EgoEntry *ego_entry; 1692 const struct EgoEntry *ego_entry;
@@ -1703,13 +1709,13 @@ token_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
1703 /* 1709 /*
1704 * Check Authorization 1710 * Check Authorization
1705 */ 1711 */
1706 if (GNUNET_SYSERR == check_authorization(handle, &cid)) 1712 if (GNUNET_SYSERR == check_authorization (handle, &cid))
1707 { 1713 {
1708 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, 1714 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1709 "OIDC authorization for token endpoint failed\n"); 1715 "OIDC authorization for token endpoint failed\n");
1710 GNUNET_SCHEDULER_add_now(&do_error, handle); 1716 GNUNET_SCHEDULER_add_now (&do_error, handle);
1711 return; 1717 return;
1712 } 1718 }
1713 1719
1714 /* 1720 /*
1715 * Check parameter 1721 * Check parameter
@@ -1717,148 +1723,147 @@ token_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
1717 1723
1718 // TODO Do not allow multiple equal parameter names 1724 // TODO Do not allow multiple equal parameter names
1719 // REQUIRED grant_type 1725 // REQUIRED grant_type
1720 GNUNET_CRYPTO_hash(OIDC_GRANT_TYPE_KEY, 1726 GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY,
1721 strlen(OIDC_GRANT_TYPE_KEY), 1727 strlen (OIDC_GRANT_TYPE_KEY),
1722 &cache_key); 1728 &cache_key);
1723 grant_type = get_url_parameter_copy(handle, OIDC_GRANT_TYPE_KEY); 1729 grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY);
1724 if (NULL == grant_type) 1730 if (NULL == grant_type)
1725 { 1731 {
1726 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1732 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1727 handle->edesc = GNUNET_strdup("missing parameter grant_type"); 1733 handle->edesc = GNUNET_strdup ("missing parameter grant_type");
1728 handle->response_code = MHD_HTTP_BAD_REQUEST; 1734 handle->response_code = MHD_HTTP_BAD_REQUEST;
1729 GNUNET_SCHEDULER_add_now(&do_error, handle); 1735 GNUNET_SCHEDULER_add_now (&do_error, handle);
1730 return; 1736 return;
1731 } 1737 }
1732 1738
1733 // Check parameter grant_type == "authorization_code" 1739 // Check parameter grant_type == "authorization_code"
1734 if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) 1740 if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
1735 { 1741 {
1736 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); 1742 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
1737 handle->response_code = MHD_HTTP_BAD_REQUEST; 1743 handle->response_code = MHD_HTTP_BAD_REQUEST;
1738 GNUNET_free(grant_type); 1744 GNUNET_free (grant_type);
1739 GNUNET_SCHEDULER_add_now(&do_error, handle); 1745 GNUNET_SCHEDULER_add_now (&do_error, handle);
1740 return; 1746 return;
1741 } 1747 }
1742 GNUNET_free(grant_type); 1748 GNUNET_free (grant_type);
1743 // REQUIRED code 1749 // REQUIRED code
1744 code = get_url_parameter_copy(handle, OIDC_CODE_KEY); 1750 code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
1745 if (NULL == code) 1751 if (NULL == code)
1746 { 1752 {
1747 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1753 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1748 handle->edesc = GNUNET_strdup("missing parameter code"); 1754 handle->edesc = GNUNET_strdup ("missing parameter code");
1749 handle->response_code = MHD_HTTP_BAD_REQUEST; 1755 handle->response_code = MHD_HTTP_BAD_REQUEST;
1750 GNUNET_SCHEDULER_add_now(&do_error, handle); 1756 GNUNET_SCHEDULER_add_now (&do_error, handle);
1751 return; 1757 return;
1752 } 1758 }
1753 ego_entry = find_ego(handle, &cid); 1759 ego_entry = find_ego (handle, &cid);
1754 if (NULL == ego_entry) 1760 if (NULL == ego_entry)
1755 { 1761 {
1756 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1762 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1757 handle->edesc = GNUNET_strdup("Unknown client"); 1763 handle->edesc = GNUNET_strdup ("Unknown client");
1758 handle->response_code = MHD_HTTP_BAD_REQUEST; 1764 handle->response_code = MHD_HTTP_BAD_REQUEST;
1759 GNUNET_free(code); 1765 GNUNET_free (code);
1760 GNUNET_SCHEDULER_add_now(&do_error, handle); 1766 GNUNET_SCHEDULER_add_now (&do_error, handle);
1761 return; 1767 return;
1762 } 1768 }
1763 privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego); 1769 privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
1764 1770
1765 // REQUIRED code verifier 1771 // REQUIRED code verifier
1766 code_verifier = get_url_parameter_copy(handle, OIDC_CODE_VERIFIER_KEY); 1772 code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
1767 if (NULL == code_verifier) 1773 if (NULL == code_verifier)
1768 { 1774 {
1769 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1775 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1770 handle->edesc = GNUNET_strdup("missing parameter code_verifier"); 1776 "OAuth authorization request does not contain PKCE parameters!\n");
1771 handle->response_code = MHD_HTTP_BAD_REQUEST; 1777
1772 GNUNET_SCHEDULER_add_now(&do_error, handle); 1778 }
1773 return;
1774 }
1775 1779
1776 // decode code 1780 // decode code
1777 if (GNUNET_OK != OIDC_parse_authz_code(privkey, code, code_verifier, &ticket, &cl, &nonce)) 1781 if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket,
1778 { 1782 &cl, &nonce))
1779 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1783 {
1780 handle->edesc = GNUNET_strdup("invalid code"); 1784 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1781 handle->response_code = MHD_HTTP_BAD_REQUEST; 1785 handle->edesc = GNUNET_strdup ("invalid code");
1782 GNUNET_free(code); 1786 handle->response_code = MHD_HTTP_BAD_REQUEST;
1783 GNUNET_SCHEDULER_add_now(&do_error, handle); 1787 GNUNET_free (code);
1784 return; 1788 GNUNET_SCHEDULER_add_now (&do_error, handle);
1785 } 1789 return;
1786 GNUNET_free(code); 1790 }
1791 GNUNET_free (code);
1787 1792
1788 // create jwt 1793 // create jwt
1789 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time(cfg, 1794 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg,
1790 "reclaim-rest-plugin", 1795 "reclaim-rest-plugin",
1791 "expiration_time", 1796 "expiration_time",
1792 &expiration_time)) 1797 &expiration_time))
1793 { 1798 {
1794 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); 1799 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1795 handle->edesc = GNUNET_strdup("gnunet configuration failed"); 1800 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1796 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1801 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1797 GNUNET_SCHEDULER_add_now(&do_error, handle); 1802 GNUNET_SCHEDULER_add_now (&do_error, handle);
1798 return; 1803 return;
1799 } 1804 }
1800 1805
1801 1806
1802 // TODO OPTIONAL acr,amr,azp 1807 // TODO OPTIONAL acr,amr,azp
1803 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string(cfg, 1808 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg,
1804 "reclaim-rest-plugin", 1809 "reclaim-rest-plugin",
1805 "jwt_secret", 1810 "jwt_secret",
1806 &jwt_secret)) 1811 &jwt_secret))
1807 { 1812 {
1808 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); 1813 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
1809 handle->edesc = GNUNET_strdup("No signing secret configured!"); 1814 handle->edesc = GNUNET_strdup ("No signing secret configured!");
1810 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1815 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1811 GNUNET_SCHEDULER_add_now(&do_error, handle); 1816 GNUNET_SCHEDULER_add_now (&do_error, handle);
1812 return; 1817 return;
1813 } 1818 }
1814 id_token = OIDC_id_token_new(&ticket.audience, 1819 id_token = OIDC_id_token_new (&ticket.audience,
1815 &ticket.identity, 1820 &ticket.identity,
1816 cl, 1821 cl,
1817 &expiration_time, 1822 &expiration_time,
1818 (NULL != nonce) ? nonce : NULL, 1823 (NULL != nonce) ? nonce : NULL,
1819 jwt_secret); 1824 jwt_secret);
1820 access_token = OIDC_access_token_new(); 1825 access_token = OIDC_access_token_new ();
1821 OIDC_build_token_response(access_token, 1826 OIDC_build_token_response (access_token,
1822 id_token, 1827 id_token,
1823 &expiration_time, 1828 &expiration_time,
1824 &json_response); 1829 &json_response);
1825 1830
1826 persist_access_token(handle, access_token, &ticket); 1831 persist_access_token (handle, access_token, &ticket);
1827 resp = GNUNET_REST_create_response(json_response); 1832 resp = GNUNET_REST_create_response (json_response);
1828 MHD_add_response_header(resp, "Cache-Control", "no-store"); 1833 MHD_add_response_header (resp, "Cache-Control", "no-store");
1829 MHD_add_response_header(resp, "Pragma", "no-cache"); 1834 MHD_add_response_header (resp, "Pragma", "no-cache");
1830 MHD_add_response_header(resp, "Content-Type", "application/json"); 1835 MHD_add_response_header (resp, "Content-Type", "application/json");
1831 handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); 1836 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1832 GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); 1837 GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl);
1833 GNUNET_free(access_token); 1838 GNUNET_free (access_token);
1834 GNUNET_free(json_response); 1839 GNUNET_free (json_response);
1835 GNUNET_free(id_token); 1840 GNUNET_free (id_token);
1836 GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); 1841 GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1837} 1842}
1838 1843
1839/** 1844/**
1840 * Collects claims and stores them in handle 1845 * Collects claims and stores them in handle
1841 */ 1846 */
1842static void 1847static void
1843consume_ticket(void *cls, 1848consume_ticket (void *cls,
1844 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, 1849 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
1845 const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) 1850 const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
1846{ 1851{
1847 struct RequestHandle *handle = cls; 1852 struct RequestHandle *handle = cls;
1848 char *tmp_value; 1853 char *tmp_value;
1849 json_t *value; 1854 json_t *value;
1850 1855
1851 if (NULL == identity) 1856 if (NULL == identity)
1852 { 1857 {
1853 GNUNET_SCHEDULER_add_now(&return_userinfo_response, handle); 1858 GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
1854 return; 1859 return;
1855 } 1860 }
1856 tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string(attr->type, 1861 tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
1857 attr->data, 1862 attr->data,
1858 attr->data_size); 1863 attr->data_size);
1859 value = json_string(tmp_value); 1864 value = json_string (tmp_value);
1860 json_object_set_new(handle->oidc->response, attr->name, value); 1865 json_object_set_new (handle->oidc->response, attr->name, value);
1861 GNUNET_free(tmp_value); 1866 GNUNET_free (tmp_value);
1862} 1867}
1863 1868
1864/** 1869/**
@@ -1869,9 +1874,9 @@ consume_ticket(void *cls,
1869 * @param cls the RequestHandle 1874 * @param cls the RequestHandle
1870 */ 1875 */
1871static void 1876static void
1872userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, 1877userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1873 const char *url, 1878 const char *url,
1874 void *cls) 1879 void *cls)
1875{ 1880{
1876 // TODO expiration time 1881 // TODO expiration time
1877 struct RequestHandle *handle = cls; 1882 struct RequestHandle *handle = cls;
@@ -1884,87 +1889,87 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
1884 const struct EgoEntry *ego_entry; 1889 const struct EgoEntry *ego_entry;
1885 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; 1890 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
1886 1891
1887 GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY, 1892 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
1888 strlen(OIDC_AUTHORIZATION_HEADER_KEY), 1893 strlen (OIDC_AUTHORIZATION_HEADER_KEY),
1889 &cache_key); 1894 &cache_key);
1890 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle 1895 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1891 ->header_param_map, 1896 ->header_param_map,
1892 &cache_key)) 1897 &cache_key))
1893 { 1898 {
1894 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); 1899 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1895 handle->edesc = GNUNET_strdup("No Access Token"); 1900 handle->edesc = GNUNET_strdup ("No Access Token");
1896 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1901 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1897 GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); 1902 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1898 return; 1903 return;
1899 } 1904 }
1900 authorization = 1905 authorization =
1901 GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, 1906 GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
1902 &cache_key); 1907 &cache_key);
1903 1908
1904 // split header in "Bearer" and access_token 1909 // split header in "Bearer" and access_token
1905 authorization = GNUNET_strdup(authorization); 1910 authorization = GNUNET_strdup (authorization);
1906 authorization_type = strtok(authorization, delimiter); 1911 authorization_type = strtok (authorization, delimiter);
1907 if ((NULL == authorization_type) || 1912 if ((NULL == authorization_type) ||
1908 (0 != strcmp("Bearer", authorization_type))) 1913 (0 != strcmp ("Bearer", authorization_type)))
1909 { 1914 {
1910 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); 1915 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1911 handle->edesc = GNUNET_strdup("No Access Token"); 1916 handle->edesc = GNUNET_strdup ("No Access Token");
1912 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1917 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1913 GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); 1918 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1914 GNUNET_free(authorization); 1919 GNUNET_free (authorization);
1915 return; 1920 return;
1916 } 1921 }
1917 authorization_access_token = strtok(NULL, delimiter); 1922 authorization_access_token = strtok (NULL, delimiter);
1918 if (NULL == authorization_access_token) 1923 if (NULL == authorization_access_token)
1919 { 1924 {
1920 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); 1925 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1921 handle->edesc = GNUNET_strdup("Access token missing"); 1926 handle->edesc = GNUNET_strdup ("Access token missing");
1922 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1927 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1923 GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); 1928 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1924 GNUNET_free(authorization); 1929 GNUNET_free (authorization);
1925 return; 1930 return;
1926 } 1931 }
1927 1932
1928 GNUNET_CRYPTO_hash(authorization_access_token, 1933 GNUNET_CRYPTO_hash (authorization_access_token,
1929 strlen(authorization_access_token), 1934 strlen (authorization_access_token),
1930 &cache_key); 1935 &cache_key);
1931 if (GNUNET_NO == 1936 if (GNUNET_NO ==
1932 GNUNET_CONTAINER_multihashmap_contains(OIDC_access_token_map, 1937 GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map,
1933 &cache_key)) 1938 &cache_key))
1934 { 1939 {
1935 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); 1940 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1936 handle->edesc = GNUNET_strdup("The access token expired"); 1941 handle->edesc = GNUNET_strdup ("The access token expired");
1937 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1942 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1938 GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); 1943 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1939 GNUNET_free(authorization); 1944 GNUNET_free (authorization);
1940 return; 1945 return;
1941 } 1946 }
1942 ticket = 1947 ticket =
1943 GNUNET_CONTAINER_multihashmap_get(OIDC_access_token_map, &cache_key); 1948 GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key);
1944 GNUNET_assert(NULL != ticket); 1949 GNUNET_assert (NULL != ticket);
1945 ego_entry = find_ego(handle, &ticket->audience); 1950 ego_entry = find_ego (handle, &ticket->audience);
1946 if (NULL == ego_entry) 1951 if (NULL == ego_entry)
1947 { 1952 {
1948 handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); 1953 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
1949 handle->edesc = GNUNET_strdup("The access token expired"); 1954 handle->edesc = GNUNET_strdup ("The access token expired");
1950 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1955 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1951 GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); 1956 GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
1952 GNUNET_free(authorization); 1957 GNUNET_free (authorization);
1953 return; 1958 return;
1954 } 1959 }
1955 1960
1956 handle->idp = GNUNET_RECLAIM_connect(cfg); 1961 handle->idp = GNUNET_RECLAIM_connect (cfg);
1957 handle->oidc->response = json_object(); 1962 handle->oidc->response = json_object ();
1958 json_object_set_new(handle->oidc->response, 1963 json_object_set_new (handle->oidc->response,
1959 "sub", 1964 "sub",
1960 json_string(ego_entry->keystring)); 1965 json_string (ego_entry->keystring));
1961 privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego); 1966 privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
1962 handle->idp_op = GNUNET_RECLAIM_ticket_consume(handle->idp, 1967 handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
1963 privkey, 1968 privkey,
1964 ticket, 1969 ticket,
1965 consume_ticket, 1970 consume_ticket,
1966 handle); 1971 handle);
1967 GNUNET_free(authorization); 1972 GNUNET_free (authorization);
1968} 1973}
1969 1974
1970 1975
@@ -1974,14 +1979,14 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
1974 * @param handle the request handle 1979 * @param handle the request handle
1975 */ 1980 */
1976static void 1981static void
1977init_cont(struct RequestHandle *handle) 1982init_cont (struct RequestHandle *handle)
1978{ 1983{
1979 struct GNUNET_REST_RequestHandlerError err; 1984 struct GNUNET_REST_RequestHandlerError err;
1980 static const struct GNUNET_REST_RequestHandler handlers[] = 1985 static const struct GNUNET_REST_RequestHandler handlers[] =
1981 { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, 1986 { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint },
1982 { MHD_HTTP_METHOD_POST, 1987 { MHD_HTTP_METHOD_POST,
1983 GNUNET_REST_API_NS_AUTHORIZE, 1988 GNUNET_REST_API_NS_AUTHORIZE,
1984 &authorize_endpoint }, // url-encoded 1989 &authorize_endpoint }, // url-encoded
1985 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont }, 1990 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont },
1986 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, 1991 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
1987 { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, 1992 { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
@@ -1990,11 +1995,11 @@ init_cont(struct RequestHandle *handle)
1990 GNUNET_REST_HANDLER_END }; 1995 GNUNET_REST_HANDLER_END };
1991 1996
1992 if (GNUNET_NO == 1997 if (GNUNET_NO ==
1993 GNUNET_REST_handle_request(handle->rest_handle, handlers, &err, handle)) 1998 GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
1994 { 1999 {
1995 handle->response_code = err.error_code; 2000 handle->response_code = err.error_code;
1996 GNUNET_SCHEDULER_add_now(&do_error, handle); 2001 GNUNET_SCHEDULER_add_now (&do_error, handle);
1997 } 2002 }
1998} 2003}
1999 2004
2000/** 2005/**
@@ -2031,91 +2036,91 @@ init_cont(struct RequestHandle *handle)
2031 * must thus no longer be used 2036 * must thus no longer be used
2032 */ 2037 */
2033static void 2038static void
2034list_ego(void *cls, 2039list_ego (void *cls,
2035 struct GNUNET_IDENTITY_Ego *ego, 2040 struct GNUNET_IDENTITY_Ego *ego,
2036 void **ctx, 2041 void **ctx,
2037 const char *identifier) 2042 const char *identifier)
2038{ 2043{
2039 struct RequestHandle *handle = cls; 2044 struct RequestHandle *handle = cls;
2040 struct EgoEntry *ego_entry; 2045 struct EgoEntry *ego_entry;
2041 struct GNUNET_CRYPTO_EcdsaPublicKey pk; 2046 struct GNUNET_CRYPTO_EcdsaPublicKey pk;
2042 2047
2043 if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) 2048 if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
2044 { 2049 {
2045 handle->state = ID_REST_STATE_POST_INIT; 2050 handle->state = ID_REST_STATE_POST_INIT;
2046 init_cont(handle); 2051 init_cont (handle);
2047 return; 2052 return;
2048 } 2053 }
2049 GNUNET_assert(NULL != ego); 2054 GNUNET_assert (NULL != ego);
2050 if (ID_REST_STATE_INIT == handle->state) 2055 if (ID_REST_STATE_INIT == handle->state)
2051 2056
2052 { 2057 {
2053 ego_entry = GNUNET_new(struct EgoEntry); 2058 ego_entry = GNUNET_new (struct EgoEntry);
2054 GNUNET_IDENTITY_ego_get_public_key(ego, &pk); 2059 GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
2055 ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk); 2060 ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2056 ego_entry->ego = ego; 2061 ego_entry->ego = ego;
2057 ego_entry->identifier = GNUNET_strdup(identifier); 2062 ego_entry->identifier = GNUNET_strdup (identifier);
2058 GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head, 2063 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head,
2059 handle->ego_tail, 2064 handle->ego_tail,
2060 ego_entry); 2065 ego_entry);
2061 return; 2066 return;
2062 } 2067 }
2063 /* Ego renamed or added */ 2068 /* Ego renamed or added */
2064 if (identifier != NULL) 2069 if (identifier != NULL)
2070 {
2071 for (ego_entry = handle->ego_head; NULL != ego_entry;
2072 ego_entry = ego_entry->next)
2073 {
2074 if (ego_entry->ego == ego)
2075 {
2076 /* Rename */
2077 GNUNET_free (ego_entry->identifier);
2078 ego_entry->identifier = GNUNET_strdup (identifier);
2079 break;
2080 }
2081 }
2082 if (NULL == ego_entry)
2065 { 2083 {
2066 for (ego_entry = handle->ego_head; NULL != ego_entry; 2084 /* Add */
2067 ego_entry = ego_entry->next) 2085 ego_entry = GNUNET_new (struct EgoEntry);
2068 { 2086 GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
2069 if (ego_entry->ego == ego) 2087 ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
2070 { 2088 ego_entry->ego = ego;
2071 /* Rename */ 2089 ego_entry->identifier = GNUNET_strdup (identifier);
2072 GNUNET_free(ego_entry->identifier); 2090 GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head,
2073 ego_entry->identifier = GNUNET_strdup(identifier); 2091 handle->ego_tail,
2074 break; 2092 ego_entry);
2075 }
2076 }
2077 if (NULL == ego_entry)
2078 {
2079 /* Add */
2080 ego_entry = GNUNET_new(struct EgoEntry);
2081 GNUNET_IDENTITY_ego_get_public_key(ego, &pk);
2082 ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk);
2083 ego_entry->ego = ego;
2084 ego_entry->identifier = GNUNET_strdup(identifier);
2085 GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,
2086 handle->ego_tail,
2087 ego_entry);
2088 }
2089 } 2093 }
2094 }
2090 else 2095 else
2096 {
2097 /* Delete */
2098 for (ego_entry = handle->ego_head; NULL != ego_entry;
2099 ego_entry = ego_entry->next)
2091 { 2100 {
2092 /* Delete */ 2101 if (ego_entry->ego == ego)
2093 for (ego_entry = handle->ego_head; NULL != ego_entry; 2102 break;
2094 ego_entry = ego_entry->next)
2095 {
2096 if (ego_entry->ego == ego)
2097 break;
2098 }
2099 if (NULL != ego_entry)
2100 GNUNET_CONTAINER_DLL_remove(handle->ego_head,
2101 handle->ego_tail,
2102 ego_entry);
2103 } 2103 }
2104 if (NULL != ego_entry)
2105 GNUNET_CONTAINER_DLL_remove (handle->ego_head,
2106 handle->ego_tail,
2107 ego_entry);
2108 }
2104} 2109}
2105 2110
2106static void 2111static void
2107rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, 2112rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2108 GNUNET_REST_ResultProcessor proc, 2113 GNUNET_REST_ResultProcessor proc,
2109 void *proc_cls) 2114 void *proc_cls)
2110{ 2115{
2111 struct RequestHandle *handle = GNUNET_new(struct RequestHandle); 2116 struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
2112 2117
2113 handle->oidc = GNUNET_new(struct OIDC_Variables); 2118 handle->oidc = GNUNET_new (struct OIDC_Variables);
2114 if (NULL == OIDC_cookie_jar_map) 2119 if (NULL == OIDC_cookie_jar_map)
2115 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO); 2120 OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2116 if (NULL == OIDC_access_token_map) 2121 if (NULL == OIDC_access_token_map)
2117 OIDC_access_token_map = 2122 OIDC_access_token_map =
2118 GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO); 2123 GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
2119 handle->response_code = 0; 2124 handle->response_code = 0;
2120 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; 2125 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
2121 handle->proc_cls = proc_cls; 2126 handle->proc_cls = proc_cls;
@@ -2123,16 +2128,16 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
2123 handle->state = ID_REST_STATE_INIT; 2128 handle->state = ID_REST_STATE_INIT;
2124 handle->rest_handle = rest_handle; 2129 handle->rest_handle = rest_handle;
2125 2130
2126 handle->url = GNUNET_strdup(rest_handle->url); 2131 handle->url = GNUNET_strdup (rest_handle->url);
2127 if (handle->url[strlen(handle->url) - 1] == '/') 2132 if (handle->url[strlen (handle->url) - 1] == '/')
2128 handle->url[strlen(handle->url) - 1] = '\0'; 2133 handle->url[strlen (handle->url) - 1] = '\0';
2129 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); 2134 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
2130 handle->identity_handle = GNUNET_IDENTITY_connect(cfg, &list_ego, handle); 2135 handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle);
2131 handle->gns_handle = GNUNET_GNS_connect(cfg); 2136 handle->gns_handle = GNUNET_GNS_connect (cfg);
2132 handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); 2137 handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
2133 handle->timeout_task = 2138 handle->timeout_task =
2134 GNUNET_SCHEDULER_add_delayed(handle->timeout, &do_timeout, handle); 2139 GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
2135 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); 2140 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
2136} 2141}
2137 2142
2138/** 2143/**
@@ -2142,7 +2147,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
2142 * @return NULL on error, otherwise the plugin context 2147 * @return NULL on error, otherwise the plugin context
2143 */ 2148 */
2144void * 2149void *
2145libgnunet_plugin_rest_openid_connect_init(void *cls) 2150libgnunet_plugin_rest_openid_connect_init (void *cls)
2146{ 2151{
2147 static struct Plugin plugin; 2152 static struct Plugin plugin;
2148 struct GNUNET_REST_Plugin *api; 2153 struct GNUNET_REST_Plugin *api;
@@ -2150,22 +2155,22 @@ libgnunet_plugin_rest_openid_connect_init(void *cls)
2150 cfg = cls; 2155 cfg = cls;
2151 if (NULL != plugin.cfg) 2156 if (NULL != plugin.cfg)
2152 return NULL; /* can only initialize once! */ 2157 return NULL; /* can only initialize once! */
2153 memset(&plugin, 0, sizeof(struct Plugin)); 2158 memset (&plugin, 0, sizeof(struct Plugin));
2154 plugin.cfg = cfg; 2159 plugin.cfg = cfg;
2155 api = GNUNET_new(struct GNUNET_REST_Plugin); 2160 api = GNUNET_new (struct GNUNET_REST_Plugin);
2156 api->cls = &plugin; 2161 api->cls = &plugin;
2157 api->name = GNUNET_REST_API_NS_OIDC; 2162 api->name = GNUNET_REST_API_NS_OIDC;
2158 api->process_request = &rest_identity_process_request; 2163 api->process_request = &rest_identity_process_request;
2159 GNUNET_asprintf(&allow_methods, 2164 GNUNET_asprintf (&allow_methods,
2160 "%s, %s, %s, %s, %s", 2165 "%s, %s, %s, %s, %s",
2161 MHD_HTTP_METHOD_GET, 2166 MHD_HTTP_METHOD_GET,
2162 MHD_HTTP_METHOD_POST, 2167 MHD_HTTP_METHOD_POST,
2163 MHD_HTTP_METHOD_PUT, 2168 MHD_HTTP_METHOD_PUT,
2164 MHD_HTTP_METHOD_DELETE, 2169 MHD_HTTP_METHOD_DELETE,
2165 MHD_HTTP_METHOD_OPTIONS); 2170 MHD_HTTP_METHOD_OPTIONS);
2166 2171
2167 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 2172 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2168 _("OpenID Connect REST API initialized\n")); 2173 _ ("OpenID Connect REST API initialized\n"));
2169 return api; 2174 return api;
2170} 2175}
2171 2176
@@ -2177,7 +2182,7 @@ libgnunet_plugin_rest_openid_connect_init(void *cls)
2177 * @return always NULL 2182 * @return always NULL
2178 */ 2183 */
2179void * 2184void *
2180libgnunet_plugin_rest_openid_connect_done(void *cls) 2185libgnunet_plugin_rest_openid_connect_done (void *cls)
2181{ 2186{
2182 struct GNUNET_REST_Plugin *api = cls; 2187 struct GNUNET_REST_Plugin *api = cls;
2183 struct Plugin *plugin = api->cls; 2188 struct Plugin *plugin = api->cls;
@@ -2187,24 +2192,24 @@ libgnunet_plugin_rest_openid_connect_done(void *cls)
2187 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; 2192 struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
2188 void *value = NULL; 2193 void *value = NULL;
2189 hashmap_it = 2194 hashmap_it =
2190 GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_cookie_jar_map); 2195 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map);
2191 while (GNUNET_YES == 2196 while (GNUNET_YES ==
2192 GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value)) 2197 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2193 GNUNET_free_non_null(value); 2198 GNUNET_free_non_null (value);
2194 GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); 2199 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2195 GNUNET_CONTAINER_multihashmap_destroy(OIDC_cookie_jar_map); 2200 GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
2196 2201
2197 hashmap_it = 2202 hashmap_it =
2198 GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_access_token_map); 2203 GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map);
2199 while (GNUNET_YES == 2204 while (GNUNET_YES ==
2200 GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value)) 2205 GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2201 GNUNET_free_non_null(value); 2206 GNUNET_free_non_null (value);
2202 GNUNET_CONTAINER_multihashmap_destroy(OIDC_access_token_map); 2207 GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map);
2203 GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); 2208 GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
2204 GNUNET_free_non_null(allow_methods); 2209 GNUNET_free_non_null (allow_methods);
2205 GNUNET_free(api); 2210 GNUNET_free (api);
2206 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 2211 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2207 "OpenID Connect REST plugin is finished\n"); 2212 "OpenID Connect REST plugin is finished\n");
2208 return NULL; 2213 return NULL;
2209} 2214}
2210 2215