diff options
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 2041 |
1 files changed, 1023 insertions, 1018 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 3f1dba254..a4a368ab5 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -250,14 +250,16 @@ static char *allow_methods; | |||
250 | /** | 250 | /** |
251 | * @brief struct returned by the initialization function of the plugin | 251 | * @brief struct returned by the initialization function of the plugin |
252 | */ | 252 | */ |
253 | struct Plugin { | 253 | struct Plugin |
254 | { | ||
254 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 255 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
255 | }; | 256 | }; |
256 | 257 | ||
257 | /** | 258 | /** |
258 | * OIDC needed variables | 259 | * OIDC needed variables |
259 | */ | 260 | */ |
260 | struct OIDC_Variables { | 261 | struct OIDC_Variables |
262 | { | ||
261 | /** | 263 | /** |
262 | * The RP client public key | 264 | * The RP client public key |
263 | */ | 265 | */ |
@@ -322,7 +324,8 @@ struct OIDC_Variables { | |||
322 | /** | 324 | /** |
323 | * The ego list | 325 | * The ego list |
324 | */ | 326 | */ |
325 | struct EgoEntry { | 327 | struct EgoEntry |
328 | { | ||
326 | /** | 329 | /** |
327 | * DLL | 330 | * DLL |
328 | */ | 331 | */ |
@@ -350,7 +353,8 @@ struct EgoEntry { | |||
350 | }; | 353 | }; |
351 | 354 | ||
352 | 355 | ||
353 | struct RequestHandle { | 356 | struct RequestHandle |
357 | { | ||
354 | /** | 358 | /** |
355 | * Ego list | 359 | * Ego list |
356 | */ | 360 | */ |
@@ -507,75 +511,75 @@ struct RequestHandle { | |||
507 | * @param handle Handle to clean up | 511 | * @param handle Handle to clean up |
508 | */ | 512 | */ |
509 | static void | 513 | static void |
510 | cleanup_handle(struct RequestHandle *handle) | 514 | cleanup_handle (struct RequestHandle *handle) |
511 | { | 515 | { |
512 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; | 516 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; |
513 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; | 517 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; |
514 | struct EgoEntry *ego_entry; | 518 | struct EgoEntry *ego_entry; |
515 | struct EgoEntry *ego_tmp; | 519 | struct EgoEntry *ego_tmp; |
516 | 520 | ||
517 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); | 521 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); |
518 | if (NULL != handle->timeout_task) | 522 | if (NULL != handle->timeout_task) |
519 | GNUNET_SCHEDULER_cancel(handle->timeout_task); | 523 | GNUNET_SCHEDULER_cancel (handle->timeout_task); |
520 | if (NULL != handle->identity_handle) | 524 | if (NULL != handle->identity_handle) |
521 | GNUNET_IDENTITY_disconnect(handle->identity_handle); | 525 | GNUNET_IDENTITY_disconnect (handle->identity_handle); |
522 | if (NULL != handle->attr_it) | 526 | if (NULL != handle->attr_it) |
523 | GNUNET_RECLAIM_get_attributes_stop(handle->attr_it); | 527 | GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); |
524 | if (NULL != handle->ticket_it) | 528 | if (NULL != handle->ticket_it) |
525 | GNUNET_RECLAIM_ticket_iteration_stop(handle->ticket_it); | 529 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); |
526 | if (NULL != handle->idp) | 530 | if (NULL != handle->idp) |
527 | GNUNET_RECLAIM_disconnect(handle->idp); | 531 | GNUNET_RECLAIM_disconnect (handle->idp); |
528 | GNUNET_free_non_null(handle->url); | 532 | GNUNET_free_non_null (handle->url); |
529 | GNUNET_free_non_null(handle->tld); | 533 | GNUNET_free_non_null (handle->tld); |
530 | GNUNET_free_non_null(handle->redirect_prefix); | 534 | GNUNET_free_non_null (handle->redirect_prefix); |
531 | GNUNET_free_non_null(handle->redirect_suffix); | 535 | GNUNET_free_non_null (handle->redirect_suffix); |
532 | GNUNET_free_non_null(handle->emsg); | 536 | GNUNET_free_non_null (handle->emsg); |
533 | GNUNET_free_non_null(handle->edesc); | 537 | GNUNET_free_non_null (handle->edesc); |
534 | if (NULL != handle->gns_op) | 538 | if (NULL != handle->gns_op) |
535 | GNUNET_GNS_lookup_cancel(handle->gns_op); | 539 | GNUNET_GNS_lookup_cancel (handle->gns_op); |
536 | if (NULL != handle->gns_handle) | 540 | if (NULL != handle->gns_handle) |
537 | GNUNET_GNS_disconnect(handle->gns_handle); | 541 | GNUNET_GNS_disconnect (handle->gns_handle); |
538 | 542 | ||
539 | if (NULL != handle->namestore_handle) | 543 | if (NULL != handle->namestore_handle) |
540 | GNUNET_NAMESTORE_disconnect(handle->namestore_handle); | 544 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
541 | if (NULL != handle->oidc) | 545 | if (NULL != handle->oidc) |
542 | { | 546 | { |
543 | GNUNET_free_non_null(handle->oidc->client_id); | 547 | GNUNET_free_non_null (handle->oidc->client_id); |
544 | GNUNET_free_non_null(handle->oidc->login_identity); | 548 | GNUNET_free_non_null (handle->oidc->login_identity); |
545 | GNUNET_free_non_null(handle->oidc->nonce); | 549 | GNUNET_free_non_null (handle->oidc->nonce); |
546 | GNUNET_free_non_null(handle->oidc->redirect_uri); | 550 | GNUNET_free_non_null (handle->oidc->redirect_uri); |
547 | GNUNET_free_non_null(handle->oidc->response_type); | 551 | GNUNET_free_non_null (handle->oidc->response_type); |
548 | GNUNET_free_non_null(handle->oidc->scope); | 552 | GNUNET_free_non_null (handle->oidc->scope); |
549 | GNUNET_free_non_null(handle->oidc->state); | 553 | GNUNET_free_non_null (handle->oidc->state); |
550 | json_decref(handle->oidc->response); | 554 | json_decref (handle->oidc->response); |
551 | GNUNET_free(handle->oidc); | 555 | GNUNET_free (handle->oidc); |
552 | } | 556 | } |
553 | if (NULL != handle->attr_list) | 557 | if (NULL != handle->attr_list) |
558 | { | ||
559 | for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) | ||
554 | { | 560 | { |
555 | for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) | 561 | claim_tmp = claim_entry; |
556 | { | 562 | claim_entry = claim_entry->next; |
557 | claim_tmp = claim_entry; | 563 | GNUNET_free (claim_tmp->claim); |
558 | claim_entry = claim_entry->next; | 564 | GNUNET_free (claim_tmp); |
559 | GNUNET_free(claim_tmp->claim); | ||
560 | GNUNET_free(claim_tmp); | ||
561 | } | ||
562 | GNUNET_free(handle->attr_list); | ||
563 | } | 565 | } |
566 | GNUNET_free (handle->attr_list); | ||
567 | } | ||
564 | for (ego_entry = handle->ego_head; NULL != ego_entry;) | 568 | for (ego_entry = handle->ego_head; NULL != ego_entry;) |
565 | { | 569 | { |
566 | ego_tmp = ego_entry; | 570 | ego_tmp = ego_entry; |
567 | ego_entry = ego_entry->next; | 571 | ego_entry = ego_entry->next; |
568 | GNUNET_free(ego_tmp->identifier); | 572 | GNUNET_free (ego_tmp->identifier); |
569 | GNUNET_free(ego_tmp->keystring); | 573 | GNUNET_free (ego_tmp->keystring); |
570 | GNUNET_free(ego_tmp); | 574 | GNUNET_free (ego_tmp); |
571 | } | 575 | } |
572 | GNUNET_free(handle); | 576 | GNUNET_free (handle); |
573 | } | 577 | } |
574 | 578 | ||
575 | static void | 579 | static void |
576 | cleanup_handle_delayed(void *cls) | 580 | cleanup_handle_delayed (void *cls) |
577 | { | 581 | { |
578 | cleanup_handle(cls); | 582 | cleanup_handle (cls); |
579 | } | 583 | } |
580 | 584 | ||
581 | 585 | ||
@@ -585,30 +589,30 @@ cleanup_handle_delayed(void *cls) | |||
585 | * @param cls the `struct RequestHandle` | 589 | * @param cls the `struct RequestHandle` |
586 | */ | 590 | */ |
587 | static void | 591 | static void |
588 | do_error(void *cls) | 592 | do_error (void *cls) |
589 | { | 593 | { |
590 | struct RequestHandle *handle = cls; | 594 | struct RequestHandle *handle = cls; |
591 | struct MHD_Response *resp; | 595 | struct MHD_Response *resp; |
592 | char *json_error; | 596 | char *json_error; |
593 | 597 | ||
594 | GNUNET_asprintf(&json_error, | 598 | GNUNET_asprintf (&json_error, |
595 | "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", | 599 | "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", |
596 | handle->emsg, | 600 | handle->emsg, |
597 | (NULL != handle->edesc) ? handle->edesc : "", | 601 | (NULL != handle->edesc) ? handle->edesc : "", |
598 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", | 602 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", |
599 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 603 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
600 | (NULL != handle->oidc->state) ? "\"" : ""); | 604 | (NULL != handle->oidc->state) ? "\"" : ""); |
601 | if (0 == handle->response_code) | 605 | if (0 == handle->response_code) |
602 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 606 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
603 | resp = GNUNET_REST_create_response(json_error); | 607 | resp = GNUNET_REST_create_response (json_error); |
604 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) | 608 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) |
605 | MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); | 609 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); |
606 | MHD_add_response_header(resp, | 610 | MHD_add_response_header (resp, |
607 | MHD_HTTP_HEADER_CONTENT_TYPE, | 611 | MHD_HTTP_HEADER_CONTENT_TYPE, |
608 | "application/json"); | 612 | "application/json"); |
609 | handle->proc(handle->proc_cls, resp, handle->response_code); | 613 | handle->proc (handle->proc_cls, resp, handle->response_code); |
610 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 614 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
611 | GNUNET_free(json_error); | 615 | GNUNET_free (json_error); |
612 | } | 616 | } |
613 | 617 | ||
614 | 618 | ||
@@ -619,21 +623,21 @@ do_error(void *cls) | |||
619 | * @param cls the `struct RequestHandle` | 623 | * @param cls the `struct RequestHandle` |
620 | */ | 624 | */ |
621 | static void | 625 | static void |
622 | do_userinfo_error(void *cls) | 626 | do_userinfo_error (void *cls) |
623 | { | 627 | { |
624 | struct RequestHandle *handle = cls; | 628 | struct RequestHandle *handle = cls; |
625 | struct MHD_Response *resp; | 629 | struct MHD_Response *resp; |
626 | char *error; | 630 | char *error; |
627 | 631 | ||
628 | GNUNET_asprintf(&error, | 632 | GNUNET_asprintf (&error, |
629 | "error=\"%s\", error_description=\"%s\"", | 633 | "error=\"%s\", error_description=\"%s\"", |
630 | handle->emsg, | 634 | handle->emsg, |
631 | (NULL != handle->edesc) ? handle->edesc : ""); | 635 | (NULL != handle->edesc) ? handle->edesc : ""); |
632 | resp = GNUNET_REST_create_response(""); | 636 | resp = GNUNET_REST_create_response (""); |
633 | MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); | 637 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); |
634 | handle->proc(handle->proc_cls, resp, handle->response_code); | 638 | handle->proc (handle->proc_cls, resp, handle->response_code); |
635 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 639 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
636 | GNUNET_free(error); | 640 | GNUNET_free (error); |
637 | } | 641 | } |
638 | 642 | ||
639 | 643 | ||
@@ -643,24 +647,24 @@ do_userinfo_error(void *cls) | |||
643 | * @param cls the `struct RequestHandle` | 647 | * @param cls the `struct RequestHandle` |
644 | */ | 648 | */ |
645 | static void | 649 | static void |
646 | do_redirect_error(void *cls) | 650 | do_redirect_error (void *cls) |
647 | { | 651 | { |
648 | struct RequestHandle *handle = cls; | 652 | struct RequestHandle *handle = cls; |
649 | struct MHD_Response *resp; | 653 | struct MHD_Response *resp; |
650 | char *redirect; | 654 | char *redirect; |
651 | 655 | ||
652 | GNUNET_asprintf(&redirect, | 656 | GNUNET_asprintf (&redirect, |
653 | "%s?error=%s&error_description=%s%s%s", | 657 | "%s?error=%s&error_description=%s%s%s", |
654 | handle->oidc->redirect_uri, | 658 | handle->oidc->redirect_uri, |
655 | handle->emsg, | 659 | handle->emsg, |
656 | handle->edesc, | 660 | handle->edesc, |
657 | (NULL != handle->oidc->state) ? "&state=" : "", | 661 | (NULL != handle->oidc->state) ? "&state=" : "", |
658 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); | 662 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); |
659 | resp = GNUNET_REST_create_response(""); | 663 | resp = GNUNET_REST_create_response (""); |
660 | MHD_add_response_header(resp, "Location", redirect); | 664 | MHD_add_response_header (resp, "Location", redirect); |
661 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 665 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
662 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 666 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
663 | GNUNET_free(redirect); | 667 | GNUNET_free (redirect); |
664 | } | 668 | } |
665 | 669 | ||
666 | /** | 670 | /** |
@@ -669,12 +673,12 @@ do_redirect_error(void *cls) | |||
669 | * @param cls the `struct RequestHandle` | 673 | * @param cls the `struct RequestHandle` |
670 | */ | 674 | */ |
671 | static void | 675 | static void |
672 | do_timeout(void *cls) | 676 | do_timeout (void *cls) |
673 | { | 677 | { |
674 | struct RequestHandle *handle = cls; | 678 | struct RequestHandle *handle = cls; |
675 | 679 | ||
676 | handle->timeout_task = NULL; | 680 | handle->timeout_task = NULL; |
677 | do_error(handle); | 681 | do_error (handle); |
678 | } | 682 | } |
679 | 683 | ||
680 | /** | 684 | /** |
@@ -683,18 +687,18 @@ do_timeout(void *cls) | |||
683 | * @param cls the request handle | 687 | * @param cls the request handle |
684 | */ | 688 | */ |
685 | static void | 689 | static void |
686 | return_userinfo_response(void *cls) | 690 | return_userinfo_response (void *cls) |
687 | { | 691 | { |
688 | char *result_str; | 692 | char *result_str; |
689 | struct RequestHandle *handle = cls; | 693 | struct RequestHandle *handle = cls; |
690 | struct MHD_Response *resp; | 694 | struct MHD_Response *resp; |
691 | 695 | ||
692 | result_str = json_dumps(handle->oidc->response, 0); | 696 | result_str = json_dumps (handle->oidc->response, 0); |
693 | 697 | ||
694 | resp = GNUNET_REST_create_response(result_str); | 698 | resp = GNUNET_REST_create_response (result_str); |
695 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 699 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
696 | GNUNET_free(result_str); | 700 | GNUNET_free (result_str); |
697 | cleanup_handle(handle); | 701 | cleanup_handle (handle); |
698 | } | 702 | } |
699 | 703 | ||
700 | 704 | ||
@@ -706,18 +710,18 @@ return_userinfo_response(void *cls) | |||
706 | * @param cls the RequestHandle | 710 | * @param cls the RequestHandle |
707 | */ | 711 | */ |
708 | static void | 712 | static void |
709 | options_cont(struct GNUNET_REST_RequestHandle *con_handle, | 713 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, |
710 | const char *url, | 714 | const char *url, |
711 | void *cls) | 715 | void *cls) |
712 | { | 716 | { |
713 | struct MHD_Response *resp; | 717 | struct MHD_Response *resp; |
714 | struct RequestHandle *handle = cls; | 718 | struct RequestHandle *handle = cls; |
715 | 719 | ||
716 | // For now, independent of path return all options | 720 | // For now, independent of path return all options |
717 | resp = GNUNET_REST_create_response(NULL); | 721 | resp = GNUNET_REST_create_response (NULL); |
718 | MHD_add_response_header(resp, "Access-Control-Allow-Methods", allow_methods); | 722 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); |
719 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 723 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
720 | cleanup_handle(handle); | 724 | cleanup_handle (handle); |
721 | return; | 725 | return; |
722 | } | 726 | } |
723 | 727 | ||
@@ -726,7 +730,7 @@ options_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
726 | * Interprets cookie header and pass its identity keystring to handle | 730 | * Interprets cookie header and pass its identity keystring to handle |
727 | */ | 731 | */ |
728 | static void | 732 | static void |
729 | cookie_identity_interpretation(struct RequestHandle *handle) | 733 | cookie_identity_interpretation (struct RequestHandle *handle) |
730 | { | 734 | { |
731 | struct GNUNET_HashCode cache_key; | 735 | struct GNUNET_HashCode cache_key; |
732 | char *cookies; | 736 | char *cookies; |
@@ -737,143 +741,144 @@ cookie_identity_interpretation(struct RequestHandle *handle) | |||
737 | char *value; | 741 | char *value; |
738 | 742 | ||
739 | // gets identity of login try with cookie | 743 | // gets identity of login try with cookie |
740 | GNUNET_CRYPTO_hash(OIDC_COOKIE_HEADER_KEY, | 744 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, |
741 | strlen(OIDC_COOKIE_HEADER_KEY), | 745 | strlen (OIDC_COOKIE_HEADER_KEY), |
742 | &cache_key); | 746 | &cache_key); |
743 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 747 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
744 | ->header_param_map, | 748 | ->header_param_map, |
745 | &cache_key)) | 749 | &cache_key)) |
746 | { | 750 | { |
747 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); | 751 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); |
748 | return; | 752 | return; |
749 | } | 753 | } |
750 | // splits cookies and find 'Identity' cookie | 754 | // splits cookies and find 'Identity' cookie |
751 | tmp_cookies = | 755 | tmp_cookies = |
752 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, | 756 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, |
753 | &cache_key); | 757 | &cache_key); |
754 | cookies = GNUNET_strdup(tmp_cookies); | 758 | cookies = GNUNET_strdup (tmp_cookies); |
755 | token = strtok(cookies, delimiter); | 759 | token = strtok (cookies, delimiter); |
756 | handle->oidc->user_cancelled = GNUNET_NO; | 760 | handle->oidc->user_cancelled = GNUNET_NO; |
757 | handle->oidc->login_identity = NULL; | 761 | handle->oidc->login_identity = NULL; |
758 | if (NULL == token) | 762 | if (NULL == token) |
759 | { | 763 | { |
760 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 764 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
761 | "Unable to parse cookie: %s\n", | 765 | "Unable to parse cookie: %s\n", |
762 | cookies); | 766 | cookies); |
763 | GNUNET_free(cookies); | 767 | GNUNET_free (cookies); |
764 | return; | 768 | return; |
765 | } | 769 | } |
766 | 770 | ||
767 | while (NULL != token) | 771 | while (NULL != token) |
772 | { | ||
773 | if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) | ||
768 | { | 774 | { |
769 | if (0 == strcmp(token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) | 775 | handle->oidc->user_cancelled = GNUNET_YES; |
770 | { | 776 | GNUNET_free (cookies); |
771 | handle->oidc->user_cancelled = GNUNET_YES; | ||
772 | GNUNET_free(cookies); | ||
773 | return; | ||
774 | } | ||
775 | if (NULL != strstr(token, OIDC_COOKIE_HEADER_INFORMATION_KEY)) | ||
776 | break; | ||
777 | token = strtok(NULL, delimiter); | ||
778 | } | ||
779 | if (NULL == token) | ||
780 | { | ||
781 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | ||
782 | "No cookie value to process: %s\n", | ||
783 | cookies); | ||
784 | GNUNET_free(cookies); | ||
785 | return; | 777 | return; |
786 | } | 778 | } |
787 | GNUNET_CRYPTO_hash(token, strlen(token), &cache_key); | 779 | if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY)) |
780 | break; | ||
781 | token = strtok (NULL, delimiter); | ||
782 | } | ||
783 | if (NULL == token) | ||
784 | { | ||
785 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
786 | "No cookie value to process: %s\n", | ||
787 | cookies); | ||
788 | GNUNET_free (cookies); | ||
789 | return; | ||
790 | } | ||
791 | GNUNET_CRYPTO_hash (token, strlen (token), &cache_key); | ||
788 | if (GNUNET_NO == | 792 | if (GNUNET_NO == |
789 | GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key)) | 793 | GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) |
790 | { | 794 | { |
791 | GNUNET_log( | 795 | GNUNET_log ( |
792 | GNUNET_ERROR_TYPE_WARNING, | 796 | GNUNET_ERROR_TYPE_WARNING, |
793 | "Found cookie `%s', but no corresponding expiration entry present...\n", | 797 | "Found cookie `%s', but no corresponding expiration entry present...\n", |
794 | token); | 798 | token); |
795 | GNUNET_free(cookies); | 799 | GNUNET_free (cookies); |
796 | return; | 800 | return; |
797 | } | 801 | } |
798 | relog_time = | 802 | relog_time = |
799 | GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); | 803 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
800 | current_time = GNUNET_TIME_absolute_get(); | 804 | current_time = GNUNET_TIME_absolute_get (); |
801 | // 30 min after old login -> redirect to login | 805 | // 30 min after old login -> redirect to login |
802 | if (current_time.abs_value_us > relog_time->abs_value_us) | 806 | if (current_time.abs_value_us > relog_time->abs_value_us) |
803 | { | 807 | { |
804 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 808 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
805 | "Found cookie `%s', but it is expired.\n", | 809 | "Found cookie `%s', but it is expired.\n", |
806 | token); | 810 | token); |
807 | GNUNET_free(cookies); | 811 | GNUNET_free (cookies); |
808 | return; | 812 | return; |
809 | } | 813 | } |
810 | value = strtok(token, OIDC_COOKIE_HEADER_INFORMATION_KEY); | 814 | value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY); |
811 | GNUNET_assert(NULL != value); | 815 | GNUNET_assert (NULL != value); |
812 | handle->oidc->login_identity = GNUNET_strdup(value); | 816 | handle->oidc->login_identity = GNUNET_strdup (value); |
813 | GNUNET_free(cookies); | 817 | GNUNET_free (cookies); |
814 | } | 818 | } |
815 | 819 | ||
816 | /** | 820 | /** |
817 | * Redirects to login page stored in configuration file | 821 | * Redirects to login page stored in configuration file |
818 | */ | 822 | */ |
819 | static void | 823 | static void |
820 | login_redirect(void *cls) | 824 | login_redirect (void *cls) |
821 | { | 825 | { |
822 | char *login_base_url; | 826 | char *login_base_url; |
823 | char *new_redirect; | 827 | char *new_redirect; |
824 | struct MHD_Response *resp; | 828 | struct MHD_Response *resp; |
825 | struct RequestHandle *handle = cls; | 829 | struct RequestHandle *handle = cls; |
826 | 830 | ||
827 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg, | 831 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, |
828 | "reclaim-rest-plugin", | 832 | "reclaim-rest-plugin", |
829 | "address", | 833 | "address", |
830 | &login_base_url)) | 834 | &login_base_url)) |
831 | { | 835 | { |
832 | GNUNET_asprintf(&new_redirect, | 836 | GNUNET_asprintf (&new_redirect, |
833 | "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 837 | "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
834 | login_base_url, | 838 | login_base_url, |
835 | OIDC_RESPONSE_TYPE_KEY, | 839 | OIDC_RESPONSE_TYPE_KEY, |
836 | handle->oidc->response_type, | 840 | handle->oidc->response_type, |
837 | OIDC_CLIENT_ID_KEY, | 841 | OIDC_CLIENT_ID_KEY, |
838 | handle->oidc->client_id, | 842 | handle->oidc->client_id, |
839 | OIDC_REDIRECT_URI_KEY, | 843 | OIDC_REDIRECT_URI_KEY, |
840 | handle->oidc->redirect_uri, | 844 | handle->oidc->redirect_uri, |
841 | OIDC_SCOPE_KEY, | 845 | OIDC_SCOPE_KEY, |
842 | handle->oidc->scope, | 846 | handle->oidc->scope, |
843 | OIDC_STATE_KEY, | 847 | OIDC_STATE_KEY, |
844 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 848 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
845 | OIDC_CODE_CHALLENGE_KEY, | 849 | OIDC_CODE_CHALLENGE_KEY, |
846 | (NULL != handle->oidc->code_challenge) ? handle->oidc->code_challenge : "", | 850 | (NULL != handle->oidc->code_challenge) ? |
847 | OIDC_NONCE_KEY, | 851 | handle->oidc->code_challenge : "", |
848 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); | 852 | OIDC_NONCE_KEY, |
849 | resp = GNUNET_REST_create_response(""); | 853 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); |
850 | MHD_add_response_header(resp, "Location", new_redirect); | 854 | resp = GNUNET_REST_create_response (""); |
851 | GNUNET_free(login_base_url); | 855 | MHD_add_response_header (resp, "Location", new_redirect); |
852 | } | 856 | GNUNET_free (login_base_url); |
857 | } | ||
853 | else | 858 | else |
854 | { | 859 | { |
855 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 860 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
856 | handle->edesc = GNUNET_strdup("gnunet configuration failed"); | 861 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
857 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 862 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
858 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 863 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
859 | return; | 864 | return; |
860 | } | 865 | } |
861 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 866 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
862 | GNUNET_free(new_redirect); | 867 | GNUNET_free (new_redirect); |
863 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 868 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
864 | } | 869 | } |
865 | 870 | ||
866 | /** | 871 | /** |
867 | * Does internal server error when iteration failed. | 872 | * Does internal server error when iteration failed. |
868 | */ | 873 | */ |
869 | static void | 874 | static void |
870 | oidc_iteration_error(void *cls) | 875 | oidc_iteration_error (void *cls) |
871 | { | 876 | { |
872 | struct RequestHandle *handle = cls; | 877 | struct RequestHandle *handle = cls; |
873 | 878 | ||
874 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 879 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
875 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 880 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
876 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 881 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
877 | } | 882 | } |
878 | 883 | ||
879 | 884 | ||
@@ -882,7 +887,7 @@ oidc_iteration_error(void *cls) | |||
882 | * parameter. Otherwise redirects with error | 887 | * parameter. Otherwise redirects with error |
883 | */ | 888 | */ |
884 | static void | 889 | static void |
885 | oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | 890 | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) |
886 | { | 891 | { |
887 | struct RequestHandle *handle = cls; | 892 | struct RequestHandle *handle = cls; |
888 | struct MHD_Response *resp; | 893 | struct MHD_Response *resp; |
@@ -892,72 +897,72 @@ oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | |||
892 | 897 | ||
893 | handle->idp_op = NULL; | 898 | handle->idp_op = NULL; |
894 | if (NULL == ticket) | 899 | if (NULL == ticket) |
895 | { | 900 | { |
896 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 901 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
897 | handle->edesc = GNUNET_strdup("Server cannot generate ticket."); | 902 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); |
898 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 903 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
899 | return; | 904 | return; |
900 | } | 905 | } |
901 | handle->ticket = *ticket; | 906 | handle->ticket = *ticket; |
902 | ticket_str = | 907 | ticket_str = |
903 | GNUNET_STRINGS_data_to_string_alloc(&handle->ticket, | 908 | GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, |
904 | sizeof(struct GNUNET_RECLAIM_Ticket)); | 909 | sizeof(struct GNUNET_RECLAIM_Ticket)); |
905 | // TODO change if more attributes are needed (see max_age) | 910 | // TODO change if more attributes are needed (see max_age) |
906 | code_string = OIDC_build_authz_code(&handle->priv_key, | 911 | code_string = OIDC_build_authz_code (&handle->priv_key, |
907 | &handle->ticket, | 912 | &handle->ticket, |
908 | handle->attr_list, | 913 | handle->attr_list, |
909 | handle->oidc->nonce, | 914 | handle->oidc->nonce, |
910 | handle->oidc->code_challenge); | 915 | handle->oidc->code_challenge); |
911 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | 916 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
912 | (NULL != handle->tld)) | 917 | (NULL != handle->tld)) |
913 | { | 918 | { |
914 | GNUNET_asprintf(&redirect_uri, | 919 | GNUNET_asprintf (&redirect_uri, |
915 | "%s.%s/%s?%s=%s&state=%s", | 920 | "%s.%s/%s?%s=%s&state=%s", |
916 | handle->redirect_prefix, | 921 | handle->redirect_prefix, |
917 | handle->tld, | 922 | handle->tld, |
918 | handle->redirect_suffix, | 923 | handle->redirect_suffix, |
919 | handle->oidc->response_type, | 924 | handle->oidc->response_type, |
920 | code_string, | 925 | code_string, |
921 | handle->oidc->state); | 926 | handle->oidc->state); |
922 | } | 927 | } |
923 | else | 928 | else |
924 | { | 929 | { |
925 | GNUNET_asprintf(&redirect_uri, | 930 | GNUNET_asprintf (&redirect_uri, |
926 | "%s?%s=%s&state=%s", | 931 | "%s?%s=%s&state=%s", |
927 | handle->oidc->redirect_uri, | 932 | handle->oidc->redirect_uri, |
928 | handle->oidc->response_type, | 933 | handle->oidc->response_type, |
929 | code_string, | 934 | code_string, |
930 | handle->oidc->state); | 935 | handle->oidc->state); |
931 | } | 936 | } |
932 | resp = GNUNET_REST_create_response(""); | 937 | resp = GNUNET_REST_create_response (""); |
933 | MHD_add_response_header(resp, "Location", redirect_uri); | 938 | MHD_add_response_header (resp, "Location", redirect_uri); |
934 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 939 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
935 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 940 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
936 | GNUNET_free(redirect_uri); | 941 | GNUNET_free (redirect_uri); |
937 | GNUNET_free(ticket_str); | 942 | GNUNET_free (ticket_str); |
938 | GNUNET_free(code_string); | 943 | GNUNET_free (code_string); |
939 | } | 944 | } |
940 | 945 | ||
941 | static void | 946 | static void |
942 | oidc_collect_finished_cb(void *cls) | 947 | oidc_collect_finished_cb (void *cls) |
943 | { | 948 | { |
944 | struct RequestHandle *handle = cls; | 949 | struct RequestHandle *handle = cls; |
945 | 950 | ||
946 | handle->attr_it = NULL; | 951 | handle->attr_it = NULL; |
947 | handle->ticket_it = NULL; | 952 | handle->ticket_it = NULL; |
948 | if (NULL == handle->attr_list->list_head) | 953 | if (NULL == handle->attr_list->list_head) |
949 | { | 954 | { |
950 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); | 955 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
951 | handle->edesc = GNUNET_strdup("The requested scope is not available."); | 956 | handle->edesc = GNUNET_strdup ("The requested scope is not available."); |
952 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 957 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
953 | return; | 958 | return; |
954 | } | 959 | } |
955 | handle->idp_op = GNUNET_RECLAIM_ticket_issue(handle->idp, | 960 | handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, |
956 | &handle->priv_key, | 961 | &handle->priv_key, |
957 | &handle->oidc->client_pkey, | 962 | &handle->oidc->client_pkey, |
958 | handle->attr_list, | 963 | handle->attr_list, |
959 | &oidc_ticket_issue_cb, | 964 | &oidc_ticket_issue_cb, |
960 | handle); | 965 | handle); |
961 | } | 966 | } |
962 | 967 | ||
963 | 968 | ||
@@ -965,9 +970,9 @@ oidc_collect_finished_cb(void *cls) | |||
965 | * Collects all attributes for an ego if in scope parameter | 970 | * Collects all attributes for an ego if in scope parameter |
966 | */ | 971 | */ |
967 | static void | 972 | static void |
968 | oidc_attr_collect(void *cls, | 973 | oidc_attr_collect (void *cls, |
969 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 974 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
970 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) | 975 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) |
971 | { | 976 | { |
972 | struct RequestHandle *handle = cls; | 977 | struct RequestHandle *handle = cls; |
973 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 978 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
@@ -976,38 +981,38 @@ oidc_attr_collect(void *cls, | |||
976 | char delimiter[] = " "; | 981 | char delimiter[] = " "; |
977 | 982 | ||
978 | if ((NULL == attr->name) || (NULL == attr->data)) | 983 | if ((NULL == attr->name) || (NULL == attr->data)) |
979 | { | 984 | { |
980 | GNUNET_RECLAIM_get_attributes_next(handle->attr_it); | 985 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
981 | return; | 986 | return; |
982 | } | 987 | } |
983 | 988 | ||
984 | scope_variables = GNUNET_strdup(handle->oidc->scope); | 989 | scope_variables = GNUNET_strdup (handle->oidc->scope); |
985 | scope_variable = strtok(scope_variables, delimiter); | 990 | scope_variable = strtok (scope_variables, delimiter); |
986 | while (NULL != scope_variable) | 991 | while (NULL != scope_variable) |
987 | { | 992 | { |
988 | if (0 == strcmp(attr->name, scope_variable)) | 993 | if (0 == strcmp (attr->name, scope_variable)) |
989 | break; | 994 | break; |
990 | scope_variable = strtok(NULL, delimiter); | 995 | scope_variable = strtok (NULL, delimiter); |
991 | } | 996 | } |
992 | if (NULL == scope_variable) | 997 | if (NULL == scope_variable) |
993 | { | 998 | { |
994 | GNUNET_RECLAIM_get_attributes_next(handle->attr_it); | 999 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
995 | GNUNET_free(scope_variables); | 1000 | GNUNET_free (scope_variables); |
996 | return; | 1001 | return; |
997 | } | 1002 | } |
998 | GNUNET_free(scope_variables); | 1003 | GNUNET_free (scope_variables); |
999 | 1004 | ||
1000 | le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); | 1005 | le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); |
1001 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new(attr->name, | 1006 | le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, |
1002 | attr->type, | 1007 | attr->type, |
1003 | attr->data, | 1008 | attr->data, |
1004 | attr->data_size); | 1009 | attr->data_size); |
1005 | le->claim->id = attr->id; | 1010 | le->claim->id = attr->id; |
1006 | le->claim->version = attr->version; | 1011 | le->claim->version = attr->version; |
1007 | GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, | 1012 | GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head, |
1008 | handle->attr_list->list_tail, | 1013 | handle->attr_list->list_tail, |
1009 | le); | 1014 | le); |
1010 | GNUNET_RECLAIM_get_attributes_next(handle->attr_it); | 1015 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
1011 | } | 1016 | } |
1012 | 1017 | ||
1013 | 1018 | ||
@@ -1015,7 +1020,7 @@ oidc_attr_collect(void *cls, | |||
1015 | * Checks time and cookie and redirects accordingly | 1020 | * Checks time and cookie and redirects accordingly |
1016 | */ | 1021 | */ |
1017 | static void | 1022 | static void |
1018 | code_redirect(void *cls) | 1023 | code_redirect (void *cls) |
1019 | { | 1024 | { |
1020 | struct RequestHandle *handle = cls; | 1025 | struct RequestHandle *handle = cls; |
1021 | struct GNUNET_TIME_Absolute current_time; | 1026 | struct GNUNET_TIME_Absolute current_time; |
@@ -1025,111 +1030,111 @@ code_redirect(void *cls) | |||
1025 | struct GNUNET_HashCode cache_key; | 1030 | struct GNUNET_HashCode cache_key; |
1026 | char *identity_cookie; | 1031 | char *identity_cookie; |
1027 | 1032 | ||
1028 | GNUNET_asprintf(&identity_cookie, | 1033 | GNUNET_asprintf (&identity_cookie, |
1029 | "Identity=%s", | 1034 | "Identity=%s", |
1030 | handle->oidc->login_identity); | 1035 | handle->oidc->login_identity); |
1031 | GNUNET_CRYPTO_hash(identity_cookie, strlen(identity_cookie), &cache_key); | 1036 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); |
1032 | GNUNET_free(identity_cookie); | 1037 | GNUNET_free (identity_cookie); |
1033 | // No login time for identity -> redirect to login | 1038 | // No login time for identity -> redirect to login |
1034 | if (GNUNET_YES == | 1039 | if (GNUNET_YES == |
1035 | GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key)) | 1040 | GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) |
1036 | { | 1041 | { |
1037 | relog_time = | 1042 | relog_time = |
1038 | GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); | 1043 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
1039 | current_time = GNUNET_TIME_absolute_get(); | 1044 | current_time = GNUNET_TIME_absolute_get (); |
1040 | // 30 min after old login -> redirect to login | 1045 | // 30 min after old login -> redirect to login |
1041 | if (current_time.abs_value_us <= relog_time->abs_value_us) | 1046 | if (current_time.abs_value_us <= relog_time->abs_value_us) |
1047 | { | ||
1048 | if (GNUNET_OK != | ||
1049 | GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc | ||
1050 | ->login_identity, | ||
1051 | strlen ( | ||
1052 | handle->oidc | ||
1053 | ->login_identity), | ||
1054 | &pubkey)) | ||
1055 | { | ||
1056 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); | ||
1057 | handle->edesc = | ||
1058 | GNUNET_strdup ("The cookie of a login identity is not valid"); | ||
1059 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1060 | return; | ||
1061 | } | ||
1062 | // iterate over egos and compare their public key | ||
1063 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; | ||
1064 | handle->ego_entry = handle->ego_entry->next) | ||
1065 | { | ||
1066 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); | ||
1067 | if (0 == GNUNET_memcmp (&ego_pkey, &pubkey)) | ||
1042 | { | 1068 | { |
1043 | if (GNUNET_OK != | 1069 | handle->priv_key = |
1044 | GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc | 1070 | *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1045 | ->login_identity, | 1071 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1046 | strlen( | 1072 | handle->attr_list = |
1047 | handle->oidc | 1073 | GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1048 | ->login_identity), | 1074 | handle->attr_it = |
1049 | &pubkey)) | 1075 | GNUNET_RECLAIM_get_attributes_start (handle->idp, |
1050 | { | 1076 | &handle->priv_key, |
1051 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_COOKIE); | 1077 | &oidc_iteration_error, |
1052 | handle->edesc = | 1078 | handle, |
1053 | GNUNET_strdup("The cookie of a login identity is not valid"); | 1079 | &oidc_attr_collect, |
1054 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1080 | handle, |
1055 | return; | 1081 | &oidc_collect_finished_cb, |
1056 | } | 1082 | handle); |
1057 | // iterate over egos and compare their public key | ||
1058 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; | ||
1059 | handle->ego_entry = handle->ego_entry->next) | ||
1060 | { | ||
1061 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego, &ego_pkey); | ||
1062 | if (0 == GNUNET_memcmp(&ego_pkey, &pubkey)) | ||
1063 | { | ||
1064 | handle->priv_key = | ||
1065 | *GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego); | ||
1066 | handle->idp = GNUNET_RECLAIM_connect(cfg); | ||
1067 | handle->attr_list = | ||
1068 | GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | ||
1069 | handle->attr_it = | ||
1070 | GNUNET_RECLAIM_get_attributes_start(handle->idp, | ||
1071 | &handle->priv_key, | ||
1072 | &oidc_iteration_error, | ||
1073 | handle, | ||
1074 | &oidc_attr_collect, | ||
1075 | handle, | ||
1076 | &oidc_collect_finished_cb, | ||
1077 | handle); | ||
1078 | return; | ||
1079 | } | ||
1080 | } | ||
1081 | GNUNET_SCHEDULER_add_now(&login_redirect, handle); | ||
1082 | return; | 1083 | return; |
1083 | } | 1084 | } |
1085 | } | ||
1086 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); | ||
1087 | return; | ||
1084 | } | 1088 | } |
1089 | } | ||
1085 | } | 1090 | } |
1086 | 1091 | ||
1087 | 1092 | ||
1088 | static void | 1093 | static void |
1089 | build_redirect(void *cls) | 1094 | build_redirect (void *cls) |
1090 | { | 1095 | { |
1091 | struct RequestHandle *handle = cls; | 1096 | struct RequestHandle *handle = cls; |
1092 | struct MHD_Response *resp; | 1097 | struct MHD_Response *resp; |
1093 | char *redirect_uri; | 1098 | char *redirect_uri; |
1094 | 1099 | ||
1095 | if (GNUNET_YES == handle->oidc->user_cancelled) | 1100 | if (GNUNET_YES == handle->oidc->user_cancelled) |
1096 | { | 1101 | { |
1097 | if ((NULL != handle->redirect_prefix) && | 1102 | if ((NULL != handle->redirect_prefix) && |
1098 | (NULL != handle->redirect_suffix) && (NULL != handle->tld)) | 1103 | (NULL != handle->redirect_suffix) && (NULL != handle->tld)) |
1099 | { | 1104 | { |
1100 | GNUNET_asprintf(&redirect_uri, | 1105 | GNUNET_asprintf (&redirect_uri, |
1101 | "%s.%s/%s?error=%s&error_description=%s&state=%s", | 1106 | "%s.%s/%s?error=%s&error_description=%s&state=%s", |
1102 | handle->redirect_prefix, | 1107 | handle->redirect_prefix, |
1103 | handle->tld, | 1108 | handle->tld, |
1104 | handle->redirect_suffix, | 1109 | handle->redirect_suffix, |
1105 | "access_denied", | 1110 | "access_denied", |
1106 | "User denied access", | 1111 | "User denied access", |
1107 | handle->oidc->state); | 1112 | handle->oidc->state); |
1108 | } | 1113 | } |
1109 | else | 1114 | else |
1110 | { | 1115 | { |
1111 | GNUNET_asprintf(&redirect_uri, | 1116 | GNUNET_asprintf (&redirect_uri, |
1112 | "%s?error=%s&error_description=%s&state=%s", | 1117 | "%s?error=%s&error_description=%s&state=%s", |
1113 | handle->oidc->redirect_uri, | 1118 | handle->oidc->redirect_uri, |
1114 | "access_denied", | 1119 | "access_denied", |
1115 | "User denied access", | 1120 | "User denied access", |
1116 | handle->oidc->state); | 1121 | handle->oidc->state); |
1117 | } | 1122 | } |
1118 | resp = GNUNET_REST_create_response(""); | 1123 | resp = GNUNET_REST_create_response (""); |
1119 | MHD_add_response_header(resp, "Location", redirect_uri); | 1124 | MHD_add_response_header (resp, "Location", redirect_uri); |
1120 | handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND); | 1125 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1121 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1126 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1122 | GNUNET_free(redirect_uri); | 1127 | GNUNET_free (redirect_uri); |
1123 | return; | 1128 | return; |
1124 | } | 1129 | } |
1125 | GNUNET_SCHEDULER_add_now(&code_redirect, handle); | 1130 | GNUNET_SCHEDULER_add_now (&code_redirect, handle); |
1126 | } | 1131 | } |
1127 | 1132 | ||
1128 | 1133 | ||
1129 | static void | 1134 | static void |
1130 | lookup_redirect_uri_result(void *cls, | 1135 | lookup_redirect_uri_result (void *cls, |
1131 | uint32_t rd_count, | 1136 | uint32_t rd_count, |
1132 | const struct GNUNET_GNSRECORD_Data *rd) | 1137 | const struct GNUNET_GNSRECORD_Data *rd) |
1133 | { | 1138 | { |
1134 | struct RequestHandle *handle = cls; | 1139 | struct RequestHandle *handle = cls; |
1135 | char *tmp; | 1140 | char *tmp; |
@@ -1139,66 +1144,66 @@ lookup_redirect_uri_result(void *cls, | |||
1139 | 1144 | ||
1140 | handle->gns_op = NULL; | 1145 | handle->gns_op = NULL; |
1141 | if (0 == rd_count) | 1146 | if (0 == rd_count) |
1142 | { | 1147 | { |
1143 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 1148 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1144 | handle->edesc = | 1149 | handle->edesc = |
1145 | GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | 1150 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); |
1146 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1151 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1147 | return; | 1152 | return; |
1148 | } | 1153 | } |
1149 | for (int i = 0; i < rd_count; i++) | 1154 | for (int i = 0; i < rd_count; i++) |
1150 | { | 1155 | { |
1151 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | 1156 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) |
1157 | continue; | ||
1158 | if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) | ||
1159 | continue; | ||
1160 | tmp = GNUNET_strndup (rd[i].data, rd[i].data_size); | ||
1161 | if (NULL == strstr (tmp, handle->oidc->client_id)) | ||
1162 | { | ||
1163 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1164 | "Redirect uri %s does not contain client_id %s\n", | ||
1165 | tmp, | ||
1166 | handle->oidc->client_id); | ||
1167 | } | ||
1168 | else | ||
1169 | { | ||
1170 | pos = strrchr (tmp, (unsigned char) '.'); | ||
1171 | if (NULL == pos) | ||
1172 | { | ||
1173 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1174 | "Redirect uri %s contains client_id but is malformed\n", | ||
1175 | tmp); | ||
1176 | GNUNET_free (tmp); | ||
1152 | continue; | 1177 | continue; |
1153 | if (0 != strncmp(rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) | 1178 | } |
1179 | *pos = '\0'; | ||
1180 | handle->redirect_prefix = GNUNET_strdup (tmp); | ||
1181 | tmp_key_str = pos + 1; | ||
1182 | pos = strchr (tmp_key_str, (unsigned char) '/'); | ||
1183 | if (NULL == pos) | ||
1184 | { | ||
1185 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1186 | "Redirect uri %s contains client_id but is malformed\n", | ||
1187 | tmp); | ||
1188 | GNUNET_free (tmp); | ||
1154 | continue; | 1189 | continue; |
1155 | tmp = GNUNET_strndup(rd[i].data, rd[i].data_size); | 1190 | } |
1156 | if (NULL == strstr(tmp, handle->oidc->client_id)) | 1191 | *pos = '\0'; |
1157 | { | 1192 | handle->redirect_suffix = GNUNET_strdup (pos + 1); |
1158 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1193 | |
1159 | "Redirect uri %s does not contain client_id %s\n", | 1194 | GNUNET_STRINGS_string_to_data (tmp_key_str, |
1160 | tmp, | 1195 | strlen (tmp_key_str), |
1161 | handle->oidc->client_id); | 1196 | &redirect_zone, |
1162 | } | 1197 | sizeof(redirect_zone)); |
1163 | else | 1198 | } |
1164 | { | 1199 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); |
1165 | pos = strrchr(tmp, (unsigned char)'.'); | 1200 | GNUNET_free (tmp); |
1166 | if (NULL == pos) | 1201 | return; |
1167 | { | 1202 | } |
1168 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1203 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1169 | "Redirect uri %s contains client_id but is malformed\n", | ||
1170 | tmp); | ||
1171 | GNUNET_free(tmp); | ||
1172 | continue; | ||
1173 | } | ||
1174 | *pos = '\0'; | ||
1175 | handle->redirect_prefix = GNUNET_strdup(tmp); | ||
1176 | tmp_key_str = pos + 1; | ||
1177 | pos = strchr(tmp_key_str, (unsigned char)'/'); | ||
1178 | if (NULL == pos) | ||
1179 | { | ||
1180 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | ||
1181 | "Redirect uri %s contains client_id but is malformed\n", | ||
1182 | tmp); | ||
1183 | GNUNET_free(tmp); | ||
1184 | continue; | ||
1185 | } | ||
1186 | *pos = '\0'; | ||
1187 | handle->redirect_suffix = GNUNET_strdup(pos + 1); | ||
1188 | |||
1189 | GNUNET_STRINGS_string_to_data(tmp_key_str, | ||
1190 | strlen(tmp_key_str), | ||
1191 | &redirect_zone, | ||
1192 | sizeof(redirect_zone)); | ||
1193 | } | ||
1194 | GNUNET_SCHEDULER_add_now(&build_redirect, handle); | ||
1195 | GNUNET_free(tmp); | ||
1196 | return; | ||
1197 | } | ||
1198 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | ||
1199 | handle->edesc = | 1204 | handle->edesc = |
1200 | GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | 1205 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); |
1201 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1206 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1202 | } | 1207 | } |
1203 | 1208 | ||
1204 | 1209 | ||
@@ -1206,37 +1211,37 @@ lookup_redirect_uri_result(void *cls, | |||
1206 | * Initiate redirect back to client. | 1211 | * Initiate redirect back to client. |
1207 | */ | 1212 | */ |
1208 | static void | 1213 | static void |
1209 | client_redirect(void *cls) | 1214 | client_redirect (void *cls) |
1210 | { | 1215 | { |
1211 | struct RequestHandle *handle = cls; | 1216 | struct RequestHandle *handle = cls; |
1212 | 1217 | ||
1213 | /* Lookup client redirect uri to verify request */ | 1218 | /* Lookup client redirect uri to verify request */ |
1214 | handle->gns_op = | 1219 | handle->gns_op = |
1215 | GNUNET_GNS_lookup(handle->gns_handle, | 1220 | GNUNET_GNS_lookup (handle->gns_handle, |
1216 | GNUNET_GNS_EMPTY_LABEL_AT, | 1221 | GNUNET_GNS_EMPTY_LABEL_AT, |
1217 | &handle->oidc->client_pkey, | 1222 | &handle->oidc->client_pkey, |
1218 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, | 1223 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, |
1219 | GNUNET_GNS_LO_DEFAULT, | 1224 | GNUNET_GNS_LO_DEFAULT, |
1220 | &lookup_redirect_uri_result, | 1225 | &lookup_redirect_uri_result, |
1221 | handle); | 1226 | handle); |
1222 | } | 1227 | } |
1223 | 1228 | ||
1224 | static char * | 1229 | static char * |
1225 | get_url_parameter_copy(const struct RequestHandle *handle, const char *key) | 1230 | get_url_parameter_copy (const struct RequestHandle *handle, const char *key) |
1226 | { | 1231 | { |
1227 | struct GNUNET_HashCode hc; | 1232 | struct GNUNET_HashCode hc; |
1228 | char *value; | 1233 | char *value; |
1229 | 1234 | ||
1230 | GNUNET_CRYPTO_hash(key, strlen(key), &hc); | 1235 | GNUNET_CRYPTO_hash (key, strlen (key), &hc); |
1231 | if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1236 | if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1232 | ->url_param_map, | 1237 | ->url_param_map, |
1233 | &hc)) | 1238 | &hc)) |
1234 | return NULL; | 1239 | return NULL; |
1235 | value = | 1240 | value = |
1236 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &hc); | 1241 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, &hc); |
1237 | if (NULL == value) | 1242 | if (NULL == value) |
1238 | return NULL; | 1243 | return NULL; |
1239 | return GNUNET_strdup(value); | 1244 | return GNUNET_strdup (value); |
1240 | } | 1245 | } |
1241 | 1246 | ||
1242 | 1247 | ||
@@ -1247,7 +1252,7 @@ get_url_parameter_copy(const struct RequestHandle *handle, const char *key) | |||
1247 | * @param cls the `struct RequestHandle` | 1252 | * @param cls the `struct RequestHandle` |
1248 | */ | 1253 | */ |
1249 | static void | 1254 | static void |
1250 | build_authz_response(void *cls) | 1255 | build_authz_response (void *cls) |
1251 | { | 1256 | { |
1252 | struct RequestHandle *handle = cls; | 1257 | struct RequestHandle *handle = cls; |
1253 | struct GNUNET_HashCode cache_key; | 1258 | struct GNUNET_HashCode cache_key; |
@@ -1259,117 +1264,117 @@ build_authz_response(void *cls) | |||
1259 | 1264 | ||
1260 | // REQUIRED value: redirect_uri | 1265 | // REQUIRED value: redirect_uri |
1261 | handle->oidc->redirect_uri = | 1266 | handle->oidc->redirect_uri = |
1262 | get_url_parameter_copy(handle, OIDC_REDIRECT_URI_KEY); | 1267 | get_url_parameter_copy (handle, OIDC_REDIRECT_URI_KEY); |
1263 | if (NULL == handle->oidc->redirect_uri) | 1268 | if (NULL == handle->oidc->redirect_uri) |
1264 | { | 1269 | { |
1265 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1270 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1266 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); | 1271 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); |
1267 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1272 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1268 | return; | 1273 | return; |
1269 | } | 1274 | } |
1270 | 1275 | ||
1271 | // REQUIRED value: response_type | 1276 | // REQUIRED value: response_type |
1272 | handle->oidc->response_type = | 1277 | handle->oidc->response_type = |
1273 | get_url_parameter_copy(handle, OIDC_RESPONSE_TYPE_KEY); | 1278 | get_url_parameter_copy (handle, OIDC_RESPONSE_TYPE_KEY); |
1274 | if (NULL == handle->oidc->response_type) | 1279 | if (NULL == handle->oidc->response_type) |
1275 | { | 1280 | { |
1276 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1281 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1277 | handle->edesc = GNUNET_strdup("missing parameter response_type"); | 1282 | handle->edesc = GNUNET_strdup ("missing parameter response_type"); |
1278 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1283 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1279 | return; | 1284 | return; |
1280 | } | 1285 | } |
1281 | 1286 | ||
1282 | // REQUIRED value: scope | 1287 | // REQUIRED value: scope |
1283 | handle->oidc->scope = get_url_parameter_copy(handle, OIDC_SCOPE_KEY); | 1288 | handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY); |
1284 | if (NULL == handle->oidc->scope) | 1289 | if (NULL == handle->oidc->scope) |
1285 | { | 1290 | { |
1286 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); | 1291 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1287 | handle->edesc = GNUNET_strdup("missing parameter scope"); | 1292 | handle->edesc = GNUNET_strdup ("missing parameter scope"); |
1288 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1293 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1289 | return; | 1294 | return; |
1290 | } | 1295 | } |
1291 | 1296 | ||
1292 | // OPTIONAL value: nonce | 1297 | // OPTIONAL value: nonce |
1293 | handle->oidc->nonce = get_url_parameter_copy(handle, OIDC_NONCE_KEY); | 1298 | handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY); |
1294 | 1299 | ||
1295 | // TODO check other values if needed | 1300 | // TODO check other values if needed |
1296 | number_of_ignored_parameter = | 1301 | number_of_ignored_parameter = |
1297 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | 1302 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); |
1298 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) | 1303 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) |
1299 | { | 1304 | { |
1300 | GNUNET_CRYPTO_hash(OIDC_ignored_parameter_array[iterator], | 1305 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1301 | strlen(OIDC_ignored_parameter_array[iterator]), | 1306 | strlen (OIDC_ignored_parameter_array[iterator]), |
1302 | &cache_key); | 1307 | &cache_key); |
1303 | if (GNUNET_YES == | 1308 | if (GNUNET_YES == |
1304 | GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1309 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1305 | ->url_param_map, | 1310 | ->url_param_map, |
1306 | &cache_key)) | 1311 | &cache_key)) |
1307 | { | 1312 | { |
1308 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_ACCESS_DENIED); | 1313 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); |
1309 | GNUNET_asprintf(&handle->edesc, | 1314 | GNUNET_asprintf (&handle->edesc, |
1310 | "Server will not handle parameter: %s", | 1315 | "Server will not handle parameter: %s", |
1311 | OIDC_ignored_parameter_array[iterator]); | 1316 | OIDC_ignored_parameter_array[iterator]); |
1312 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1317 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1313 | return; | 1318 | return; |
1314 | } | ||
1315 | } | 1319 | } |
1320 | } | ||
1316 | 1321 | ||
1317 | // We only support authorization code flows. | 1322 | // We only support authorization code flows. |
1318 | if (0 != strcmp(handle->oidc->response_type, | 1323 | if (0 != strcmp (handle->oidc->response_type, |
1319 | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) | 1324 | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) |
1320 | { | 1325 | { |
1321 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); | 1326 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); |
1322 | handle->edesc = GNUNET_strdup("The authorization server does not support " | 1327 | handle->edesc = GNUNET_strdup ("The authorization server does not support " |
1323 | "obtaining this authorization code."); | 1328 | "obtaining this authorization code."); |
1324 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1329 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1325 | return; | 1330 | return; |
1326 | } | 1331 | } |
1327 | 1332 | ||
1328 | // Checks if scope contains 'openid' | 1333 | // Checks if scope contains 'openid' |
1329 | expected_scope = GNUNET_strdup(handle->oidc->scope); | 1334 | expected_scope = GNUNET_strdup (handle->oidc->scope); |
1330 | char *test; | 1335 | char *test; |
1331 | test = strtok(expected_scope, delimiter); | 1336 | test = strtok (expected_scope, delimiter); |
1332 | while (NULL != test) | 1337 | while (NULL != test) |
1333 | { | 1338 | { |
1334 | if (0 == strcmp(OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) | 1339 | if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) |
1335 | break; | 1340 | break; |
1336 | test = strtok(NULL, delimiter); | 1341 | test = strtok (NULL, delimiter); |
1337 | } | 1342 | } |
1338 | if (NULL == test) | 1343 | if (NULL == test) |
1339 | { | 1344 | { |
1340 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE); | 1345 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1341 | handle->edesc = | 1346 | handle->edesc = |
1342 | GNUNET_strdup("The requested scope is invalid, unknown, or malformed."); | 1347 | GNUNET_strdup ("The requested scope is invalid, unknown, or malformed."); |
1343 | GNUNET_SCHEDULER_add_now(&do_redirect_error, handle); | 1348 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1344 | GNUNET_free(expected_scope); | 1349 | GNUNET_free (expected_scope); |
1345 | return; | 1350 | return; |
1346 | } | 1351 | } |
1347 | 1352 | ||
1348 | GNUNET_free(expected_scope); | 1353 | GNUNET_free (expected_scope); |
1349 | if ((NULL == handle->oidc->login_identity) && | 1354 | if ((NULL == handle->oidc->login_identity) && |
1350 | (GNUNET_NO == handle->oidc->user_cancelled)) | 1355 | (GNUNET_NO == handle->oidc->user_cancelled)) |
1351 | GNUNET_SCHEDULER_add_now(&login_redirect, handle); | 1356 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); |
1352 | else | 1357 | else |
1353 | GNUNET_SCHEDULER_add_now(&client_redirect, handle); | 1358 | GNUNET_SCHEDULER_add_now (&client_redirect, handle); |
1354 | } | 1359 | } |
1355 | 1360 | ||
1356 | /** | 1361 | /** |
1357 | * Iterate over tlds in config | 1362 | * Iterate over tlds in config |
1358 | */ | 1363 | */ |
1359 | static void | 1364 | static void |
1360 | tld_iter(void *cls, const char *section, const char *option, const char *value) | 1365 | tld_iter (void *cls, const char *section, const char *option, const char *value) |
1361 | { | 1366 | { |
1362 | struct RequestHandle *handle = cls; | 1367 | struct RequestHandle *handle = cls; |
1363 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 1368 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
1364 | 1369 | ||
1365 | if (GNUNET_OK != | 1370 | if (GNUNET_OK != |
1366 | GNUNET_CRYPTO_ecdsa_public_key_from_string(value, strlen(value), &pkey)) | 1371 | GNUNET_CRYPTO_ecdsa_public_key_from_string (value, strlen (value), &pkey)) |
1367 | { | 1372 | { |
1368 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); | 1373 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); |
1369 | return; | 1374 | return; |
1370 | } | 1375 | } |
1371 | if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey)) | 1376 | if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey)) |
1372 | handle->tld = GNUNET_strdup(option + 1); | 1377 | handle->tld = GNUNET_strdup (option + 1); |
1373 | } | 1378 | } |
1374 | 1379 | ||
1375 | /** | 1380 | /** |
@@ -1380,70 +1385,71 @@ tld_iter(void *cls, const char *section, const char *option, const char *value) | |||
1380 | * @param cls the RequestHandle | 1385 | * @param cls the RequestHandle |
1381 | */ | 1386 | */ |
1382 | static void | 1387 | static void |
1383 | authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | 1388 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1384 | const char *url, | 1389 | const char *url, |
1385 | void *cls) | 1390 | void *cls) |
1386 | { | 1391 | { |
1387 | struct RequestHandle *handle = cls; | 1392 | struct RequestHandle *handle = cls; |
1388 | struct EgoEntry *tmp_ego; | 1393 | struct EgoEntry *tmp_ego; |
1389 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 1394 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
1390 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 1395 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
1391 | 1396 | ||
1392 | cookie_identity_interpretation(handle); | 1397 | cookie_identity_interpretation (handle); |
1393 | 1398 | ||
1394 | // RECOMMENDED value: state - REQUIRED for answers | 1399 | // RECOMMENDED value: state - REQUIRED for answers |
1395 | handle->oidc->state = get_url_parameter_copy(handle, OIDC_STATE_KEY); | 1400 | handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY); |
1396 | 1401 | ||
1397 | // REQUIRED value: client_id | 1402 | // REQUIRED value: client_id |
1398 | handle->oidc->client_id = get_url_parameter_copy(handle, OIDC_CLIENT_ID_KEY); | 1403 | handle->oidc->client_id = get_url_parameter_copy (handle, OIDC_CLIENT_ID_KEY); |
1399 | if (NULL == handle->oidc->client_id) | 1404 | if (NULL == handle->oidc->client_id) |
1400 | { | 1405 | { |
1401 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1406 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1402 | handle->edesc = GNUNET_strdup("missing parameter client_id"); | 1407 | handle->edesc = GNUNET_strdup ("missing parameter client_id"); |
1403 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1408 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1404 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1409 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1405 | return; | 1410 | return; |
1406 | } | 1411 | } |
1407 | 1412 | ||
1408 | // OPTIONAL value: code_challenge | 1413 | // OPTIONAL value: code_challenge |
1409 | handle->oidc->code_challenge = get_url_parameter_copy(handle, OIDC_CODE_CHALLENGE_KEY); | 1414 | handle->oidc->code_challenge = get_url_parameter_copy (handle, |
1415 | OIDC_CODE_CHALLENGE_KEY); | ||
1410 | if (NULL == handle->oidc->code_challenge) | 1416 | if (NULL == handle->oidc->code_challenge) |
1411 | { | 1417 | { |
1412 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1418 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1413 | "OAuth authorization request does not contain PKCE parameters!\n"); | 1419 | "OAuth authorization request does not contain PKCE parameters!\n"); |
1414 | } | 1420 | } |
1415 | 1421 | ||
1416 | if (GNUNET_OK != | 1422 | if (GNUNET_OK != |
1417 | GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc->client_id, | 1423 | GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, |
1418 | strlen( | 1424 | strlen ( |
1419 | handle->oidc->client_id), | 1425 | handle->oidc->client_id), |
1420 | &handle->oidc->client_pkey)) | 1426 | &handle->oidc->client_pkey)) |
1421 | { | 1427 | { |
1422 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); | 1428 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); |
1423 | handle->edesc = GNUNET_strdup("The client is not authorized to request an " | 1429 | handle->edesc = GNUNET_strdup ("The client is not authorized to request an " |
1424 | "authorization code using this method."); | 1430 | "authorization code using this method."); |
1425 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1431 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1426 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1432 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1427 | return; | 1433 | return; |
1428 | } | 1434 | } |
1429 | 1435 | ||
1430 | // If we know this identity, translated the corresponding TLD | 1436 | // If we know this identity, translated the corresponding TLD |
1431 | // TODO: We might want to have a reverse lookup functionality for TLDs? | 1437 | // TODO: We might want to have a reverse lookup functionality for TLDs? |
1432 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) | 1438 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) |
1439 | { | ||
1440 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); | ||
1441 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey); | ||
1442 | if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey)) | ||
1433 | { | 1443 | { |
1434 | priv_key = GNUNET_IDENTITY_ego_get_private_key(tmp_ego->ego); | 1444 | handle->tld = GNUNET_strdup (tmp_ego->identifier); |
1435 | GNUNET_CRYPTO_ecdsa_key_get_public(priv_key, &pkey); | 1445 | handle->ego_entry = handle->ego_tail; |
1436 | if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey)) | ||
1437 | { | ||
1438 | handle->tld = GNUNET_strdup(tmp_ego->identifier); | ||
1439 | handle->ego_entry = handle->ego_tail; | ||
1440 | } | ||
1441 | } | 1446 | } |
1447 | } | ||
1442 | if (NULL == handle->tld) | 1448 | if (NULL == handle->tld) |
1443 | GNUNET_CONFIGURATION_iterate_section_values(cfg, "gns", tld_iter, handle); | 1449 | GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle); |
1444 | if (NULL == handle->tld) | 1450 | if (NULL == handle->tld) |
1445 | handle->tld = GNUNET_strdup(handle->oidc->client_id); | 1451 | handle->tld = GNUNET_strdup (handle->oidc->client_id); |
1446 | GNUNET_SCHEDULER_add_now(&build_authz_response, handle); | 1452 | GNUNET_SCHEDULER_add_now (&build_authz_response, handle); |
1447 | } | 1453 | } |
1448 | 1454 | ||
1449 | /** | 1455 | /** |
@@ -1454,11 +1460,11 @@ authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1454 | * @param cls the RequestHandle | 1460 | * @param cls the RequestHandle |
1455 | */ | 1461 | */ |
1456 | static void | 1462 | static void |
1457 | login_cont(struct GNUNET_REST_RequestHandle *con_handle, | 1463 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, |
1458 | const char *url, | 1464 | const char *url, |
1459 | void *cls) | 1465 | void *cls) |
1460 | { | 1466 | { |
1461 | struct MHD_Response *resp = GNUNET_REST_create_response(""); | 1467 | struct MHD_Response *resp = GNUNET_REST_create_response (""); |
1462 | struct RequestHandle *handle = cls; | 1468 | struct RequestHandle *handle = cls; |
1463 | struct GNUNET_HashCode cache_key; | 1469 | struct GNUNET_HashCode cache_key; |
1464 | struct GNUNET_TIME_Absolute *current_time; | 1470 | struct GNUNET_TIME_Absolute *current_time; |
@@ -1471,54 +1477,54 @@ login_cont(struct GNUNET_REST_RequestHandle *con_handle, | |||
1471 | char term_data[handle->rest_handle->data_size + 1]; | 1477 | char term_data[handle->rest_handle->data_size + 1]; |
1472 | 1478 | ||
1473 | term_data[handle->rest_handle->data_size] = '\0'; | 1479 | term_data[handle->rest_handle->data_size] = '\0'; |
1474 | GNUNET_memcpy(term_data, | 1480 | GNUNET_memcpy (term_data, |
1475 | handle->rest_handle->data, | 1481 | handle->rest_handle->data, |
1476 | handle->rest_handle->data_size); | 1482 | handle->rest_handle->data_size); |
1477 | root = json_loads(term_data, JSON_DECODE_ANY, &error); | 1483 | root = json_loads (term_data, JSON_DECODE_ANY, &error); |
1478 | identity = json_object_get(root, "identity"); | 1484 | identity = json_object_get (root, "identity"); |
1479 | if (!json_is_string(identity)) | 1485 | if (! json_is_string (identity)) |
1480 | { | 1486 | { |
1481 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 1487 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1482 | "Error parsing json string from %s\n", | 1488 | "Error parsing json string from %s\n", |
1483 | term_data); | 1489 | term_data); |
1484 | handle->proc(handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 1490 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
1485 | json_decref(root); | 1491 | json_decref (root); |
1486 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1492 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1487 | return; | 1493 | return; |
1488 | } | 1494 | } |
1489 | GNUNET_asprintf(&cookie, "Identity=%s", json_string_value(identity)); | 1495 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); |
1490 | GNUNET_asprintf(&header_val, | 1496 | GNUNET_asprintf (&header_val, |
1491 | "%s;Max-Age=%d", | 1497 | "%s;Max-Age=%d", |
1492 | cookie, | 1498 | cookie, |
1493 | OIDC_COOKIE_EXPIRATION); | 1499 | OIDC_COOKIE_EXPIRATION); |
1494 | MHD_add_response_header(resp, "Set-Cookie", header_val); | 1500 | MHD_add_response_header (resp, "Set-Cookie", header_val); |
1495 | MHD_add_response_header(resp, "Access-Control-Allow-Methods", "POST"); | 1501 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); |
1496 | GNUNET_CRYPTO_hash(cookie, strlen(cookie), &cache_key); | 1502 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); |
1497 | 1503 | ||
1498 | if (0 != strcmp(json_string_value(identity), "Denied")) | 1504 | if (0 != strcmp (json_string_value (identity), "Denied")) |
1499 | { | 1505 | { |
1500 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1506 | current_time = GNUNET_new (struct GNUNET_TIME_Absolute); |
1501 | *current_time = GNUNET_TIME_relative_to_absolute( | 1507 | *current_time = GNUNET_TIME_relative_to_absolute ( |
1502 | GNUNET_TIME_relative_multiply(GNUNET_TIME_relative_get_second_(), | 1508 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
1503 | OIDC_COOKIE_EXPIRATION)); | 1509 | OIDC_COOKIE_EXPIRATION)); |
1504 | last_time = | 1510 | last_time = |
1505 | GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key); | 1511 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
1506 | GNUNET_free_non_null(last_time); | 1512 | GNUNET_free_non_null (last_time); |
1507 | GNUNET_CONTAINER_multihashmap_put(OIDC_cookie_jar_map, | 1513 | GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, |
1508 | &cache_key, | 1514 | &cache_key, |
1509 | current_time, | 1515 | current_time, |
1510 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1516 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1511 | } | 1517 | } |
1512 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 1518 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1513 | GNUNET_free(cookie); | 1519 | GNUNET_free (cookie); |
1514 | GNUNET_free(header_val); | 1520 | GNUNET_free (header_val); |
1515 | json_decref(root); | 1521 | json_decref (root); |
1516 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1522 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1517 | } | 1523 | } |
1518 | 1524 | ||
1519 | static int | 1525 | static int |
1520 | check_authorization(struct RequestHandle *handle, | 1526 | check_authorization (struct RequestHandle *handle, |
1521 | struct GNUNET_CRYPTO_EcdsaPublicKey *cid) | 1527 | struct GNUNET_CRYPTO_EcdsaPublicKey *cid) |
1522 | { | 1528 | { |
1523 | struct GNUNET_HashCode cache_key; | 1529 | struct GNUNET_HashCode cache_key; |
1524 | char *authorization; | 1530 | char *authorization; |
@@ -1528,146 +1534,146 @@ check_authorization(struct RequestHandle *handle, | |||
1528 | char *pass; | 1534 | char *pass; |
1529 | char *expected_pass; | 1535 | char *expected_pass; |
1530 | 1536 | ||
1531 | GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY, | 1537 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1532 | strlen(OIDC_AUTHORIZATION_HEADER_KEY), | 1538 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
1533 | &cache_key); | 1539 | &cache_key); |
1534 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1540 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1535 | ->header_param_map, | 1541 | ->header_param_map, |
1536 | &cache_key)) | 1542 | &cache_key)) |
1537 | { | 1543 | { |
1538 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1544 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1539 | handle->edesc = GNUNET_strdup("missing authorization"); | 1545 | handle->edesc = GNUNET_strdup ("missing authorization"); |
1540 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1546 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1541 | return GNUNET_SYSERR; | 1547 | return GNUNET_SYSERR; |
1542 | } | 1548 | } |
1543 | authorization = | 1549 | authorization = |
1544 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, | 1550 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, |
1545 | &cache_key); | 1551 | &cache_key); |
1546 | 1552 | ||
1547 | // split header in "Basic" and [content] | 1553 | // split header in "Basic" and [content] |
1548 | credentials = strtok(authorization, " "); | 1554 | credentials = strtok (authorization, " "); |
1549 | if ((NULL == credentials) || (0 != strcmp("Basic", credentials))) | 1555 | if ((NULL == credentials) || (0 != strcmp ("Basic", credentials))) |
1550 | { | 1556 | { |
1551 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1557 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1552 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1558 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1553 | return GNUNET_SYSERR; | 1559 | return GNUNET_SYSERR; |
1554 | } | 1560 | } |
1555 | credentials = strtok(NULL, " "); | 1561 | credentials = strtok (NULL, " "); |
1556 | if (NULL == credentials) | 1562 | if (NULL == credentials) |
1557 | { | 1563 | { |
1558 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1564 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1559 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1565 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1560 | return GNUNET_SYSERR; | 1566 | return GNUNET_SYSERR; |
1561 | } | 1567 | } |
1562 | GNUNET_STRINGS_base64_decode(credentials, | 1568 | GNUNET_STRINGS_base64_decode (credentials, |
1563 | strlen(credentials), | 1569 | strlen (credentials), |
1564 | (void **)&basic_authorization); | 1570 | (void **) &basic_authorization); |
1565 | 1571 | ||
1566 | if (NULL == basic_authorization) | 1572 | if (NULL == basic_authorization) |
1567 | { | 1573 | { |
1568 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1574 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1569 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1575 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1570 | return GNUNET_SYSERR; | 1576 | return GNUNET_SYSERR; |
1571 | } | 1577 | } |
1572 | client_id = strtok(basic_authorization, ":"); | 1578 | client_id = strtok (basic_authorization, ":"); |
1573 | if (NULL == client_id) | 1579 | if (NULL == client_id) |
1574 | { | 1580 | { |
1575 | GNUNET_free_non_null(basic_authorization); | 1581 | GNUNET_free_non_null (basic_authorization); |
1576 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1582 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1577 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1583 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1578 | return GNUNET_SYSERR; | 1584 | return GNUNET_SYSERR; |
1579 | } | 1585 | } |
1580 | pass = strtok(NULL, ":"); | 1586 | pass = strtok (NULL, ":"); |
1581 | if (NULL == pass) | 1587 | if (NULL == pass) |
1582 | { | 1588 | { |
1583 | GNUNET_free_non_null(basic_authorization); | 1589 | GNUNET_free_non_null (basic_authorization); |
1584 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1590 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1585 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1591 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1586 | return GNUNET_SYSERR; | 1592 | return GNUNET_SYSERR; |
1587 | } | 1593 | } |
1588 | 1594 | ||
1589 | // check client password | 1595 | // check client password |
1590 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg, | 1596 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, |
1591 | "reclaim-rest-plugin", | 1597 | "reclaim-rest-plugin", |
1592 | "OIDC_CLIENT_SECRET", | 1598 | "OIDC_CLIENT_SECRET", |
1593 | &expected_pass)) | 1599 | &expected_pass)) |
1594 | { | 1600 | { |
1595 | if (0 != strcmp(expected_pass, pass)) | 1601 | if (0 != strcmp (expected_pass, pass)) |
1596 | { | 1602 | { |
1597 | GNUNET_free_non_null(basic_authorization); | 1603 | GNUNET_free_non_null (basic_authorization); |
1598 | GNUNET_free(expected_pass); | 1604 | GNUNET_free (expected_pass); |
1599 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1605 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1600 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1606 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1601 | return GNUNET_SYSERR; | ||
1602 | } | ||
1603 | GNUNET_free(expected_pass); | ||
1604 | } | ||
1605 | else | ||
1606 | { | ||
1607 | GNUNET_free_non_null(basic_authorization); | ||
1608 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | ||
1609 | handle->edesc = GNUNET_strdup("gnunet configuration failed"); | ||
1610 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1611 | return GNUNET_SYSERR; | 1607 | return GNUNET_SYSERR; |
1612 | } | 1608 | } |
1609 | GNUNET_free (expected_pass); | ||
1610 | } | ||
1611 | else | ||
1612 | { | ||
1613 | GNUNET_free_non_null (basic_authorization); | ||
1614 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1615 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
1616 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1617 | return GNUNET_SYSERR; | ||
1618 | } | ||
1613 | 1619 | ||
1614 | // check client_id | 1620 | // check client_id |
1615 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; | 1621 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; |
1616 | handle->ego_entry = handle->ego_entry->next) | 1622 | handle->ego_entry = handle->ego_entry->next) |
1617 | { | 1623 | { |
1618 | if (0 == strcmp(handle->ego_entry->keystring, client_id)) | 1624 | if (0 == strcmp (handle->ego_entry->keystring, client_id)) |
1619 | break; | 1625 | break; |
1620 | } | 1626 | } |
1621 | if (NULL == handle->ego_entry) | 1627 | if (NULL == handle->ego_entry) |
1622 | { | 1628 | { |
1623 | GNUNET_free_non_null(basic_authorization); | 1629 | GNUNET_free_non_null (basic_authorization); |
1624 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT); | 1630 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1625 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1631 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1626 | return GNUNET_SYSERR; | 1632 | return GNUNET_SYSERR; |
1627 | } | 1633 | } |
1628 | GNUNET_STRINGS_string_to_data(client_id, | 1634 | GNUNET_STRINGS_string_to_data (client_id, |
1629 | strlen(client_id), | 1635 | strlen (client_id), |
1630 | cid, | 1636 | cid, |
1631 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 1637 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); |
1632 | 1638 | ||
1633 | GNUNET_free(basic_authorization); | 1639 | GNUNET_free (basic_authorization); |
1634 | return GNUNET_OK; | 1640 | return GNUNET_OK; |
1635 | } | 1641 | } |
1636 | 1642 | ||
1637 | const struct EgoEntry * | 1643 | const struct EgoEntry * |
1638 | find_ego(struct RequestHandle *handle, | 1644 | find_ego (struct RequestHandle *handle, |
1639 | struct GNUNET_CRYPTO_EcdsaPublicKey *test_key) | 1645 | struct GNUNET_CRYPTO_EcdsaPublicKey *test_key) |
1640 | { | 1646 | { |
1641 | struct EgoEntry *ego_entry; | 1647 | struct EgoEntry *ego_entry; |
1642 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 1648 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
1643 | 1649 | ||
1644 | for (ego_entry = handle->ego_head; NULL != ego_entry; | 1650 | for (ego_entry = handle->ego_head; NULL != ego_entry; |
1645 | ego_entry = ego_entry->next) | 1651 | ego_entry = ego_entry->next) |
1646 | { | 1652 | { |
1647 | GNUNET_IDENTITY_ego_get_public_key(ego_entry->ego, &pub_key); | 1653 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); |
1648 | if (0 == GNUNET_memcmp(&pub_key, test_key)) | 1654 | if (0 == GNUNET_memcmp (&pub_key, test_key)) |
1649 | return ego_entry; | 1655 | return ego_entry; |
1650 | } | 1656 | } |
1651 | return NULL; | 1657 | return NULL; |
1652 | } | 1658 | } |
1653 | 1659 | ||
1654 | static void | 1660 | static void |
1655 | persist_access_token(const struct RequestHandle *handle, | 1661 | persist_access_token (const struct RequestHandle *handle, |
1656 | const char *access_token, | 1662 | const char *access_token, |
1657 | const struct GNUNET_RECLAIM_Ticket *ticket) | 1663 | const struct GNUNET_RECLAIM_Ticket *ticket) |
1658 | { | 1664 | { |
1659 | struct GNUNET_HashCode hc; | 1665 | struct GNUNET_HashCode hc; |
1660 | struct GNUNET_RECLAIM_Ticket *ticketbuf; | 1666 | struct GNUNET_RECLAIM_Ticket *ticketbuf; |
1661 | 1667 | ||
1662 | GNUNET_CRYPTO_hash(access_token, strlen(access_token), &hc); | 1668 | GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc); |
1663 | ticketbuf = GNUNET_new(struct GNUNET_RECLAIM_Ticket); | 1669 | ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket); |
1664 | *ticketbuf = *ticket; | 1670 | *ticketbuf = *ticket; |
1665 | GNUNET_assert(GNUNET_SYSERR != | 1671 | GNUNET_assert (GNUNET_SYSERR != |
1666 | GNUNET_CONTAINER_multihashmap_put( | 1672 | GNUNET_CONTAINER_multihashmap_put ( |
1667 | OIDC_access_token_map, | 1673 | OIDC_access_token_map, |
1668 | &hc, | 1674 | &hc, |
1669 | ticketbuf, | 1675 | ticketbuf, |
1670 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | 1676 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); |
1671 | } | 1677 | } |
1672 | 1678 | ||
1673 | /** | 1679 | /** |
@@ -1678,9 +1684,9 @@ persist_access_token(const struct RequestHandle *handle, | |||
1678 | * @param cls the RequestHandle | 1684 | * @param cls the RequestHandle |
1679 | */ | 1685 | */ |
1680 | static void | 1686 | static void |
1681 | token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | 1687 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1682 | const char *url, | 1688 | const char *url, |
1683 | void *cls) | 1689 | void *cls) |
1684 | { | 1690 | { |
1685 | struct RequestHandle *handle = cls; | 1691 | struct RequestHandle *handle = cls; |
1686 | const struct EgoEntry *ego_entry; | 1692 | const struct EgoEntry *ego_entry; |
@@ -1703,13 +1709,13 @@ token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1703 | /* | 1709 | /* |
1704 | * Check Authorization | 1710 | * Check Authorization |
1705 | */ | 1711 | */ |
1706 | if (GNUNET_SYSERR == check_authorization(handle, &cid)) | 1712 | if (GNUNET_SYSERR == check_authorization (handle, &cid)) |
1707 | { | 1713 | { |
1708 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 1714 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1709 | "OIDC authorization for token endpoint failed\n"); | 1715 | "OIDC authorization for token endpoint failed\n"); |
1710 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1716 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1711 | return; | 1717 | return; |
1712 | } | 1718 | } |
1713 | 1719 | ||
1714 | /* | 1720 | /* |
1715 | * Check parameter | 1721 | * Check parameter |
@@ -1717,148 +1723,147 @@ token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1717 | 1723 | ||
1718 | // TODO Do not allow multiple equal parameter names | 1724 | // TODO Do not allow multiple equal parameter names |
1719 | // REQUIRED grant_type | 1725 | // REQUIRED grant_type |
1720 | GNUNET_CRYPTO_hash(OIDC_GRANT_TYPE_KEY, | 1726 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, |
1721 | strlen(OIDC_GRANT_TYPE_KEY), | 1727 | strlen (OIDC_GRANT_TYPE_KEY), |
1722 | &cache_key); | 1728 | &cache_key); |
1723 | grant_type = get_url_parameter_copy(handle, OIDC_GRANT_TYPE_KEY); | 1729 | grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY); |
1724 | if (NULL == grant_type) | 1730 | if (NULL == grant_type) |
1725 | { | 1731 | { |
1726 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1732 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1727 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); | 1733 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); |
1728 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1734 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1729 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1735 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1730 | return; | 1736 | return; |
1731 | } | 1737 | } |
1732 | 1738 | ||
1733 | // Check parameter grant_type == "authorization_code" | 1739 | // Check parameter grant_type == "authorization_code" |
1734 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) | 1740 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) |
1735 | { | 1741 | { |
1736 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); | 1742 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); |
1737 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1743 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1738 | GNUNET_free(grant_type); | 1744 | GNUNET_free (grant_type); |
1739 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1745 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1740 | return; | 1746 | return; |
1741 | } | 1747 | } |
1742 | GNUNET_free(grant_type); | 1748 | GNUNET_free (grant_type); |
1743 | // REQUIRED code | 1749 | // REQUIRED code |
1744 | code = get_url_parameter_copy(handle, OIDC_CODE_KEY); | 1750 | code = get_url_parameter_copy (handle, OIDC_CODE_KEY); |
1745 | if (NULL == code) | 1751 | if (NULL == code) |
1746 | { | 1752 | { |
1747 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1753 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1748 | handle->edesc = GNUNET_strdup("missing parameter code"); | 1754 | handle->edesc = GNUNET_strdup ("missing parameter code"); |
1749 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1755 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1750 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1756 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1751 | return; | 1757 | return; |
1752 | } | 1758 | } |
1753 | ego_entry = find_ego(handle, &cid); | 1759 | ego_entry = find_ego (handle, &cid); |
1754 | if (NULL == ego_entry) | 1760 | if (NULL == ego_entry) |
1755 | { | 1761 | { |
1756 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1762 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1757 | handle->edesc = GNUNET_strdup("Unknown client"); | 1763 | handle->edesc = GNUNET_strdup ("Unknown client"); |
1758 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1764 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1759 | GNUNET_free(code); | 1765 | GNUNET_free (code); |
1760 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1766 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1761 | return; | 1767 | return; |
1762 | } | 1768 | } |
1763 | privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego); | 1769 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
1764 | 1770 | ||
1765 | // REQUIRED code verifier | 1771 | // REQUIRED code verifier |
1766 | code_verifier = get_url_parameter_copy(handle, OIDC_CODE_VERIFIER_KEY); | 1772 | code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); |
1767 | if (NULL == code_verifier) | 1773 | if (NULL == code_verifier) |
1768 | { | 1774 | { |
1769 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1775 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1770 | handle->edesc = GNUNET_strdup("missing parameter code_verifier"); | 1776 | "OAuth authorization request does not contain PKCE parameters!\n"); |
1771 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1777 | |
1772 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1778 | } |
1773 | return; | ||
1774 | } | ||
1775 | 1779 | ||
1776 | // decode code | 1780 | // decode code |
1777 | if (GNUNET_OK != OIDC_parse_authz_code(privkey, code, code_verifier, &ticket, &cl, &nonce)) | 1781 | if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket, |
1778 | { | 1782 | &cl, &nonce)) |
1779 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1783 | { |
1780 | handle->edesc = GNUNET_strdup("invalid code"); | 1784 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1781 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1785 | handle->edesc = GNUNET_strdup ("invalid code"); |
1782 | GNUNET_free(code); | 1786 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1783 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1787 | GNUNET_free (code); |
1784 | return; | 1788 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1785 | } | 1789 | return; |
1786 | GNUNET_free(code); | 1790 | } |
1791 | GNUNET_free (code); | ||
1787 | 1792 | ||
1788 | // create jwt | 1793 | // create jwt |
1789 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time(cfg, | 1794 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, |
1790 | "reclaim-rest-plugin", | 1795 | "reclaim-rest-plugin", |
1791 | "expiration_time", | 1796 | "expiration_time", |
1792 | &expiration_time)) | 1797 | &expiration_time)) |
1793 | { | 1798 | { |
1794 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR); | 1799 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1795 | handle->edesc = GNUNET_strdup("gnunet configuration failed"); | 1800 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
1796 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1801 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1797 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1802 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1798 | return; | 1803 | return; |
1799 | } | 1804 | } |
1800 | 1805 | ||
1801 | 1806 | ||
1802 | // TODO OPTIONAL acr,amr,azp | 1807 | // TODO OPTIONAL acr,amr,azp |
1803 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string(cfg, | 1808 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, |
1804 | "reclaim-rest-plugin", | 1809 | "reclaim-rest-plugin", |
1805 | "jwt_secret", | 1810 | "jwt_secret", |
1806 | &jwt_secret)) | 1811 | &jwt_secret)) |
1807 | { | 1812 | { |
1808 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST); | 1813 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1809 | handle->edesc = GNUNET_strdup("No signing secret configured!"); | 1814 | handle->edesc = GNUNET_strdup ("No signing secret configured!"); |
1810 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1815 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1811 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 1816 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1812 | return; | 1817 | return; |
1813 | } | 1818 | } |
1814 | id_token = OIDC_id_token_new(&ticket.audience, | 1819 | id_token = OIDC_id_token_new (&ticket.audience, |
1815 | &ticket.identity, | 1820 | &ticket.identity, |
1816 | cl, | 1821 | cl, |
1817 | &expiration_time, | 1822 | &expiration_time, |
1818 | (NULL != nonce) ? nonce : NULL, | 1823 | (NULL != nonce) ? nonce : NULL, |
1819 | jwt_secret); | 1824 | jwt_secret); |
1820 | access_token = OIDC_access_token_new(); | 1825 | access_token = OIDC_access_token_new (); |
1821 | OIDC_build_token_response(access_token, | 1826 | OIDC_build_token_response (access_token, |
1822 | id_token, | 1827 | id_token, |
1823 | &expiration_time, | 1828 | &expiration_time, |
1824 | &json_response); | 1829 | &json_response); |
1825 | 1830 | ||
1826 | persist_access_token(handle, access_token, &ticket); | 1831 | persist_access_token (handle, access_token, &ticket); |
1827 | resp = GNUNET_REST_create_response(json_response); | 1832 | resp = GNUNET_REST_create_response (json_response); |
1828 | MHD_add_response_header(resp, "Cache-Control", "no-store"); | 1833 | MHD_add_response_header (resp, "Cache-Control", "no-store"); |
1829 | MHD_add_response_header(resp, "Pragma", "no-cache"); | 1834 | MHD_add_response_header (resp, "Pragma", "no-cache"); |
1830 | MHD_add_response_header(resp, "Content-Type", "application/json"); | 1835 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
1831 | handle->proc(handle->proc_cls, resp, MHD_HTTP_OK); | 1836 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1832 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); | 1837 | GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl); |
1833 | GNUNET_free(access_token); | 1838 | GNUNET_free (access_token); |
1834 | GNUNET_free(json_response); | 1839 | GNUNET_free (json_response); |
1835 | GNUNET_free(id_token); | 1840 | GNUNET_free (id_token); |
1836 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 1841 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1837 | } | 1842 | } |
1838 | 1843 | ||
1839 | /** | 1844 | /** |
1840 | * Collects claims and stores them in handle | 1845 | * Collects claims and stores them in handle |
1841 | */ | 1846 | */ |
1842 | static void | 1847 | static void |
1843 | consume_ticket(void *cls, | 1848 | consume_ticket (void *cls, |
1844 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 1849 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
1845 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) | 1850 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) |
1846 | { | 1851 | { |
1847 | struct RequestHandle *handle = cls; | 1852 | struct RequestHandle *handle = cls; |
1848 | char *tmp_value; | 1853 | char *tmp_value; |
1849 | json_t *value; | 1854 | json_t *value; |
1850 | 1855 | ||
1851 | if (NULL == identity) | 1856 | if (NULL == identity) |
1852 | { | 1857 | { |
1853 | GNUNET_SCHEDULER_add_now(&return_userinfo_response, handle); | 1858 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); |
1854 | return; | 1859 | return; |
1855 | } | 1860 | } |
1856 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string(attr->type, | 1861 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, |
1857 | attr->data, | 1862 | attr->data, |
1858 | attr->data_size); | 1863 | attr->data_size); |
1859 | value = json_string(tmp_value); | 1864 | value = json_string (tmp_value); |
1860 | json_object_set_new(handle->oidc->response, attr->name, value); | 1865 | json_object_set_new (handle->oidc->response, attr->name, value); |
1861 | GNUNET_free(tmp_value); | 1866 | GNUNET_free (tmp_value); |
1862 | } | 1867 | } |
1863 | 1868 | ||
1864 | /** | 1869 | /** |
@@ -1869,9 +1874,9 @@ consume_ticket(void *cls, | |||
1869 | * @param cls the RequestHandle | 1874 | * @param cls the RequestHandle |
1870 | */ | 1875 | */ |
1871 | static void | 1876 | static void |
1872 | userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | 1877 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1873 | const char *url, | 1878 | const char *url, |
1874 | void *cls) | 1879 | void *cls) |
1875 | { | 1880 | { |
1876 | // TODO expiration time | 1881 | // TODO expiration time |
1877 | struct RequestHandle *handle = cls; | 1882 | struct RequestHandle *handle = cls; |
@@ -1884,87 +1889,87 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1884 | const struct EgoEntry *ego_entry; | 1889 | const struct EgoEntry *ego_entry; |
1885 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 1890 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
1886 | 1891 | ||
1887 | GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY, | 1892 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1888 | strlen(OIDC_AUTHORIZATION_HEADER_KEY), | 1893 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
1889 | &cache_key); | 1894 | &cache_key); |
1890 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle | 1895 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle |
1891 | ->header_param_map, | 1896 | ->header_param_map, |
1892 | &cache_key)) | 1897 | &cache_key)) |
1893 | { | 1898 | { |
1894 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1899 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1895 | handle->edesc = GNUNET_strdup("No Access Token"); | 1900 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1896 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1901 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1897 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1902 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1898 | return; | 1903 | return; |
1899 | } | 1904 | } |
1900 | authorization = | 1905 | authorization = |
1901 | GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map, | 1906 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, |
1902 | &cache_key); | 1907 | &cache_key); |
1903 | 1908 | ||
1904 | // split header in "Bearer" and access_token | 1909 | // split header in "Bearer" and access_token |
1905 | authorization = GNUNET_strdup(authorization); | 1910 | authorization = GNUNET_strdup (authorization); |
1906 | authorization_type = strtok(authorization, delimiter); | 1911 | authorization_type = strtok (authorization, delimiter); |
1907 | if ((NULL == authorization_type) || | 1912 | if ((NULL == authorization_type) || |
1908 | (0 != strcmp("Bearer", authorization_type))) | 1913 | (0 != strcmp ("Bearer", authorization_type))) |
1909 | { | 1914 | { |
1910 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1915 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1911 | handle->edesc = GNUNET_strdup("No Access Token"); | 1916 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1912 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1917 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1913 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1918 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1914 | GNUNET_free(authorization); | 1919 | GNUNET_free (authorization); |
1915 | return; | 1920 | return; |
1916 | } | 1921 | } |
1917 | authorization_access_token = strtok(NULL, delimiter); | 1922 | authorization_access_token = strtok (NULL, delimiter); |
1918 | if (NULL == authorization_access_token) | 1923 | if (NULL == authorization_access_token) |
1919 | { | 1924 | { |
1920 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1925 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1921 | handle->edesc = GNUNET_strdup("Access token missing"); | 1926 | handle->edesc = GNUNET_strdup ("Access token missing"); |
1922 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1927 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1923 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1928 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1924 | GNUNET_free(authorization); | 1929 | GNUNET_free (authorization); |
1925 | return; | 1930 | return; |
1926 | } | 1931 | } |
1927 | 1932 | ||
1928 | GNUNET_CRYPTO_hash(authorization_access_token, | 1933 | GNUNET_CRYPTO_hash (authorization_access_token, |
1929 | strlen(authorization_access_token), | 1934 | strlen (authorization_access_token), |
1930 | &cache_key); | 1935 | &cache_key); |
1931 | if (GNUNET_NO == | 1936 | if (GNUNET_NO == |
1932 | GNUNET_CONTAINER_multihashmap_contains(OIDC_access_token_map, | 1937 | GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map, |
1933 | &cache_key)) | 1938 | &cache_key)) |
1934 | { | 1939 | { |
1935 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1940 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1936 | handle->edesc = GNUNET_strdup("The access token expired"); | 1941 | handle->edesc = GNUNET_strdup ("The access token expired"); |
1937 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1942 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1938 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1943 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1939 | GNUNET_free(authorization); | 1944 | GNUNET_free (authorization); |
1940 | return; | 1945 | return; |
1941 | } | 1946 | } |
1942 | ticket = | 1947 | ticket = |
1943 | GNUNET_CONTAINER_multihashmap_get(OIDC_access_token_map, &cache_key); | 1948 | GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key); |
1944 | GNUNET_assert(NULL != ticket); | 1949 | GNUNET_assert (NULL != ticket); |
1945 | ego_entry = find_ego(handle, &ticket->audience); | 1950 | ego_entry = find_ego (handle, &ticket->audience); |
1946 | if (NULL == ego_entry) | 1951 | if (NULL == ego_entry) |
1947 | { | 1952 | { |
1948 | handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN); | 1953 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1949 | handle->edesc = GNUNET_strdup("The access token expired"); | 1954 | handle->edesc = GNUNET_strdup ("The access token expired"); |
1950 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1955 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1951 | GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle); | 1956 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
1952 | GNUNET_free(authorization); | 1957 | GNUNET_free (authorization); |
1953 | return; | 1958 | return; |
1954 | } | 1959 | } |
1955 | 1960 | ||
1956 | handle->idp = GNUNET_RECLAIM_connect(cfg); | 1961 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1957 | handle->oidc->response = json_object(); | 1962 | handle->oidc->response = json_object (); |
1958 | json_object_set_new(handle->oidc->response, | 1963 | json_object_set_new (handle->oidc->response, |
1959 | "sub", | 1964 | "sub", |
1960 | json_string(ego_entry->keystring)); | 1965 | json_string (ego_entry->keystring)); |
1961 | privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego); | 1966 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
1962 | handle->idp_op = GNUNET_RECLAIM_ticket_consume(handle->idp, | 1967 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, |
1963 | privkey, | 1968 | privkey, |
1964 | ticket, | 1969 | ticket, |
1965 | consume_ticket, | 1970 | consume_ticket, |
1966 | handle); | 1971 | handle); |
1967 | GNUNET_free(authorization); | 1972 | GNUNET_free (authorization); |
1968 | } | 1973 | } |
1969 | 1974 | ||
1970 | 1975 | ||
@@ -1974,14 +1979,14 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, | |||
1974 | * @param handle the request handle | 1979 | * @param handle the request handle |
1975 | */ | 1980 | */ |
1976 | static void | 1981 | static void |
1977 | init_cont(struct RequestHandle *handle) | 1982 | init_cont (struct RequestHandle *handle) |
1978 | { | 1983 | { |
1979 | struct GNUNET_REST_RequestHandlerError err; | 1984 | struct GNUNET_REST_RequestHandlerError err; |
1980 | static const struct GNUNET_REST_RequestHandler handlers[] = | 1985 | static const struct GNUNET_REST_RequestHandler handlers[] = |
1981 | { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, | 1986 | { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, |
1982 | { MHD_HTTP_METHOD_POST, | 1987 | { MHD_HTTP_METHOD_POST, |
1983 | GNUNET_REST_API_NS_AUTHORIZE, | 1988 | GNUNET_REST_API_NS_AUTHORIZE, |
1984 | &authorize_endpoint }, // url-encoded | 1989 | &authorize_endpoint }, // url-encoded |
1985 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont }, | 1990 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont }, |
1986 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, | 1991 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, |
1987 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | 1992 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, |
@@ -1990,11 +1995,11 @@ init_cont(struct RequestHandle *handle) | |||
1990 | GNUNET_REST_HANDLER_END }; | 1995 | GNUNET_REST_HANDLER_END }; |
1991 | 1996 | ||
1992 | if (GNUNET_NO == | 1997 | if (GNUNET_NO == |
1993 | GNUNET_REST_handle_request(handle->rest_handle, handlers, &err, handle)) | 1998 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) |
1994 | { | 1999 | { |
1995 | handle->response_code = err.error_code; | 2000 | handle->response_code = err.error_code; |
1996 | GNUNET_SCHEDULER_add_now(&do_error, handle); | 2001 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1997 | } | 2002 | } |
1998 | } | 2003 | } |
1999 | 2004 | ||
2000 | /** | 2005 | /** |
@@ -2031,91 +2036,91 @@ init_cont(struct RequestHandle *handle) | |||
2031 | * must thus no longer be used | 2036 | * must thus no longer be used |
2032 | */ | 2037 | */ |
2033 | static void | 2038 | static void |
2034 | list_ego(void *cls, | 2039 | list_ego (void *cls, |
2035 | struct GNUNET_IDENTITY_Ego *ego, | 2040 | struct GNUNET_IDENTITY_Ego *ego, |
2036 | void **ctx, | 2041 | void **ctx, |
2037 | const char *identifier) | 2042 | const char *identifier) |
2038 | { | 2043 | { |
2039 | struct RequestHandle *handle = cls; | 2044 | struct RequestHandle *handle = cls; |
2040 | struct EgoEntry *ego_entry; | 2045 | struct EgoEntry *ego_entry; |
2041 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | 2046 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; |
2042 | 2047 | ||
2043 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) | 2048 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) |
2044 | { | 2049 | { |
2045 | handle->state = ID_REST_STATE_POST_INIT; | 2050 | handle->state = ID_REST_STATE_POST_INIT; |
2046 | init_cont(handle); | 2051 | init_cont (handle); |
2047 | return; | 2052 | return; |
2048 | } | 2053 | } |
2049 | GNUNET_assert(NULL != ego); | 2054 | GNUNET_assert (NULL != ego); |
2050 | if (ID_REST_STATE_INIT == handle->state) | 2055 | if (ID_REST_STATE_INIT == handle->state) |
2051 | 2056 | ||
2052 | { | 2057 | { |
2053 | ego_entry = GNUNET_new(struct EgoEntry); | 2058 | ego_entry = GNUNET_new (struct EgoEntry); |
2054 | GNUNET_IDENTITY_ego_get_public_key(ego, &pk); | 2059 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); |
2055 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk); | 2060 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2056 | ego_entry->ego = ego; | 2061 | ego_entry->ego = ego; |
2057 | ego_entry->identifier = GNUNET_strdup(identifier); | 2062 | ego_entry->identifier = GNUNET_strdup (identifier); |
2058 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head, | 2063 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, |
2059 | handle->ego_tail, | 2064 | handle->ego_tail, |
2060 | ego_entry); | 2065 | ego_entry); |
2061 | return; | 2066 | return; |
2062 | } | 2067 | } |
2063 | /* Ego renamed or added */ | 2068 | /* Ego renamed or added */ |
2064 | if (identifier != NULL) | 2069 | if (identifier != NULL) |
2070 | { | ||
2071 | for (ego_entry = handle->ego_head; NULL != ego_entry; | ||
2072 | ego_entry = ego_entry->next) | ||
2073 | { | ||
2074 | if (ego_entry->ego == ego) | ||
2075 | { | ||
2076 | /* Rename */ | ||
2077 | GNUNET_free (ego_entry->identifier); | ||
2078 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
2079 | break; | ||
2080 | } | ||
2081 | } | ||
2082 | if (NULL == ego_entry) | ||
2065 | { | 2083 | { |
2066 | for (ego_entry = handle->ego_head; NULL != ego_entry; | 2084 | /* Add */ |
2067 | ego_entry = ego_entry->next) | 2085 | ego_entry = GNUNET_new (struct EgoEntry); |
2068 | { | 2086 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); |
2069 | if (ego_entry->ego == ego) | 2087 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2070 | { | 2088 | ego_entry->ego = ego; |
2071 | /* Rename */ | 2089 | ego_entry->identifier = GNUNET_strdup (identifier); |
2072 | GNUNET_free(ego_entry->identifier); | 2090 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, |
2073 | ego_entry->identifier = GNUNET_strdup(identifier); | 2091 | handle->ego_tail, |
2074 | break; | 2092 | ego_entry); |
2075 | } | ||
2076 | } | ||
2077 | if (NULL == ego_entry) | ||
2078 | { | ||
2079 | /* Add */ | ||
2080 | ego_entry = GNUNET_new(struct EgoEntry); | ||
2081 | GNUNET_IDENTITY_ego_get_public_key(ego, &pk); | ||
2082 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk); | ||
2083 | ego_entry->ego = ego; | ||
2084 | ego_entry->identifier = GNUNET_strdup(identifier); | ||
2085 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head, | ||
2086 | handle->ego_tail, | ||
2087 | ego_entry); | ||
2088 | } | ||
2089 | } | 2093 | } |
2094 | } | ||
2090 | else | 2095 | else |
2096 | { | ||
2097 | /* Delete */ | ||
2098 | for (ego_entry = handle->ego_head; NULL != ego_entry; | ||
2099 | ego_entry = ego_entry->next) | ||
2091 | { | 2100 | { |
2092 | /* Delete */ | 2101 | if (ego_entry->ego == ego) |
2093 | for (ego_entry = handle->ego_head; NULL != ego_entry; | 2102 | break; |
2094 | ego_entry = ego_entry->next) | ||
2095 | { | ||
2096 | if (ego_entry->ego == ego) | ||
2097 | break; | ||
2098 | } | ||
2099 | if (NULL != ego_entry) | ||
2100 | GNUNET_CONTAINER_DLL_remove(handle->ego_head, | ||
2101 | handle->ego_tail, | ||
2102 | ego_entry); | ||
2103 | } | 2103 | } |
2104 | if (NULL != ego_entry) | ||
2105 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, | ||
2106 | handle->ego_tail, | ||
2107 | ego_entry); | ||
2108 | } | ||
2104 | } | 2109 | } |
2105 | 2110 | ||
2106 | static void | 2111 | static void |
2107 | rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | 2112 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, |
2108 | GNUNET_REST_ResultProcessor proc, | 2113 | GNUNET_REST_ResultProcessor proc, |
2109 | void *proc_cls) | 2114 | void *proc_cls) |
2110 | { | 2115 | { |
2111 | struct RequestHandle *handle = GNUNET_new(struct RequestHandle); | 2116 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
2112 | 2117 | ||
2113 | handle->oidc = GNUNET_new(struct OIDC_Variables); | 2118 | handle->oidc = GNUNET_new (struct OIDC_Variables); |
2114 | if (NULL == OIDC_cookie_jar_map) | 2119 | if (NULL == OIDC_cookie_jar_map) |
2115 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO); | 2120 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2116 | if (NULL == OIDC_access_token_map) | 2121 | if (NULL == OIDC_access_token_map) |
2117 | OIDC_access_token_map = | 2122 | OIDC_access_token_map = |
2118 | GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO); | 2123 | GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2119 | handle->response_code = 0; | 2124 | handle->response_code = 0; |
2120 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 2125 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
2121 | handle->proc_cls = proc_cls; | 2126 | handle->proc_cls = proc_cls; |
@@ -2123,16 +2128,16 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | |||
2123 | handle->state = ID_REST_STATE_INIT; | 2128 | handle->state = ID_REST_STATE_INIT; |
2124 | handle->rest_handle = rest_handle; | 2129 | handle->rest_handle = rest_handle; |
2125 | 2130 | ||
2126 | handle->url = GNUNET_strdup(rest_handle->url); | 2131 | handle->url = GNUNET_strdup (rest_handle->url); |
2127 | if (handle->url[strlen(handle->url) - 1] == '/') | 2132 | if (handle->url[strlen (handle->url) - 1] == '/') |
2128 | handle->url[strlen(handle->url) - 1] = '\0'; | 2133 | handle->url[strlen (handle->url) - 1] = '\0'; |
2129 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); | 2134 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); |
2130 | handle->identity_handle = GNUNET_IDENTITY_connect(cfg, &list_ego, handle); | 2135 | handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle); |
2131 | handle->gns_handle = GNUNET_GNS_connect(cfg); | 2136 | handle->gns_handle = GNUNET_GNS_connect (cfg); |
2132 | handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg); | 2137 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); |
2133 | handle->timeout_task = | 2138 | handle->timeout_task = |
2134 | GNUNET_SCHEDULER_add_delayed(handle->timeout, &do_timeout, handle); | 2139 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); |
2135 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); | 2140 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); |
2136 | } | 2141 | } |
2137 | 2142 | ||
2138 | /** | 2143 | /** |
@@ -2142,7 +2147,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, | |||
2142 | * @return NULL on error, otherwise the plugin context | 2147 | * @return NULL on error, otherwise the plugin context |
2143 | */ | 2148 | */ |
2144 | void * | 2149 | void * |
2145 | libgnunet_plugin_rest_openid_connect_init(void *cls) | 2150 | libgnunet_plugin_rest_openid_connect_init (void *cls) |
2146 | { | 2151 | { |
2147 | static struct Plugin plugin; | 2152 | static struct Plugin plugin; |
2148 | struct GNUNET_REST_Plugin *api; | 2153 | struct GNUNET_REST_Plugin *api; |
@@ -2150,22 +2155,22 @@ libgnunet_plugin_rest_openid_connect_init(void *cls) | |||
2150 | cfg = cls; | 2155 | cfg = cls; |
2151 | if (NULL != plugin.cfg) | 2156 | if (NULL != plugin.cfg) |
2152 | return NULL; /* can only initialize once! */ | 2157 | return NULL; /* can only initialize once! */ |
2153 | memset(&plugin, 0, sizeof(struct Plugin)); | 2158 | memset (&plugin, 0, sizeof(struct Plugin)); |
2154 | plugin.cfg = cfg; | 2159 | plugin.cfg = cfg; |
2155 | api = GNUNET_new(struct GNUNET_REST_Plugin); | 2160 | api = GNUNET_new (struct GNUNET_REST_Plugin); |
2156 | api->cls = &plugin; | 2161 | api->cls = &plugin; |
2157 | api->name = GNUNET_REST_API_NS_OIDC; | 2162 | api->name = GNUNET_REST_API_NS_OIDC; |
2158 | api->process_request = &rest_identity_process_request; | 2163 | api->process_request = &rest_identity_process_request; |
2159 | GNUNET_asprintf(&allow_methods, | 2164 | GNUNET_asprintf (&allow_methods, |
2160 | "%s, %s, %s, %s, %s", | 2165 | "%s, %s, %s, %s, %s", |
2161 | MHD_HTTP_METHOD_GET, | 2166 | MHD_HTTP_METHOD_GET, |
2162 | MHD_HTTP_METHOD_POST, | 2167 | MHD_HTTP_METHOD_POST, |
2163 | MHD_HTTP_METHOD_PUT, | 2168 | MHD_HTTP_METHOD_PUT, |
2164 | MHD_HTTP_METHOD_DELETE, | 2169 | MHD_HTTP_METHOD_DELETE, |
2165 | MHD_HTTP_METHOD_OPTIONS); | 2170 | MHD_HTTP_METHOD_OPTIONS); |
2166 | 2171 | ||
2167 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2168 | _("OpenID Connect REST API initialized\n")); | 2173 | _ ("OpenID Connect REST API initialized\n")); |
2169 | return api; | 2174 | return api; |
2170 | } | 2175 | } |
2171 | 2176 | ||
@@ -2177,7 +2182,7 @@ libgnunet_plugin_rest_openid_connect_init(void *cls) | |||
2177 | * @return always NULL | 2182 | * @return always NULL |
2178 | */ | 2183 | */ |
2179 | void * | 2184 | void * |
2180 | libgnunet_plugin_rest_openid_connect_done(void *cls) | 2185 | libgnunet_plugin_rest_openid_connect_done (void *cls) |
2181 | { | 2186 | { |
2182 | struct GNUNET_REST_Plugin *api = cls; | 2187 | struct GNUNET_REST_Plugin *api = cls; |
2183 | struct Plugin *plugin = api->cls; | 2188 | struct Plugin *plugin = api->cls; |
@@ -2187,24 +2192,24 @@ libgnunet_plugin_rest_openid_connect_done(void *cls) | |||
2187 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | 2192 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; |
2188 | void *value = NULL; | 2193 | void *value = NULL; |
2189 | hashmap_it = | 2194 | hashmap_it = |
2190 | GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_cookie_jar_map); | 2195 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); |
2191 | while (GNUNET_YES == | 2196 | while (GNUNET_YES == |
2192 | GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value)) | 2197 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2193 | GNUNET_free_non_null(value); | 2198 | GNUNET_free_non_null (value); |
2194 | GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); | 2199 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); |
2195 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_cookie_jar_map); | 2200 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); |
2196 | 2201 | ||
2197 | hashmap_it = | 2202 | hashmap_it = |
2198 | GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_access_token_map); | 2203 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); |
2199 | while (GNUNET_YES == | 2204 | while (GNUNET_YES == |
2200 | GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value)) | 2205 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2201 | GNUNET_free_non_null(value); | 2206 | GNUNET_free_non_null (value); |
2202 | GNUNET_CONTAINER_multihashmap_destroy(OIDC_access_token_map); | 2207 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map); |
2203 | GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); | 2208 | GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it); |
2204 | GNUNET_free_non_null(allow_methods); | 2209 | GNUNET_free_non_null (allow_methods); |
2205 | GNUNET_free(api); | 2210 | GNUNET_free (api); |
2206 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2211 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2207 | "OpenID Connect REST plugin is finished\n"); | 2212 | "OpenID Connect REST plugin is finished\n"); |
2208 | return NULL; | 2213 | return NULL; |
2209 | } | 2214 | } |
2210 | 2215 | ||