diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 1034 |
1 files changed, 405 insertions, 629 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index e755f079b..761c9e83d 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -11,7 +11,7 @@ | |||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | 11 | WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | Affero General Public License for more details. | 13 | Affero General Public License for more details. |
14 | 14 | ||
15 | You should have received a copy of the GNU Affero General Public License | 15 | You should have received a copy of the GNU Affero General Public License |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
17 | 17 | ||
@@ -24,22 +24,21 @@ | |||
24 | * @brief GNUnet Namestore REST plugin | 24 | * @brief GNUnet Namestore REST plugin |
25 | * | 25 | * |
26 | */ | 26 | */ |
27 | |||
28 | #include "platform.h" | 27 | #include "platform.h" |
29 | #include "gnunet_rest_plugin.h" | 28 | #include <inttypes.h> |
30 | #include "gnunet_identity_service.h" | 29 | #include <jansson.h> |
30 | |||
31 | #include "gnunet_gns_service.h" | 31 | #include "gnunet_gns_service.h" |
32 | #include "gnunet_gnsrecord_lib.h" | 32 | #include "gnunet_gnsrecord_lib.h" |
33 | #include "gnunet_identity_service.h" | ||
33 | #include "gnunet_namestore_service.h" | 34 | #include "gnunet_namestore_service.h" |
34 | #include "gnunet_rest_lib.h" | ||
35 | #include "microhttpd.h" | ||
36 | #include <jansson.h> | ||
37 | #include <inttypes.h> | ||
38 | #include "gnunet_signatures.h" | ||
39 | #include "gnunet_reclaim_attribute_lib.h" | 35 | #include "gnunet_reclaim_attribute_lib.h" |
40 | #include "gnunet_reclaim_service.h" | 36 | #include "gnunet_reclaim_service.h" |
37 | #include "gnunet_rest_lib.h" | ||
38 | #include "gnunet_rest_plugin.h" | ||
39 | #include "gnunet_signatures.h" | ||
40 | #include "microhttpd.h" | ||
41 | #include "oidc_helper.h" | 41 | #include "oidc_helper.h" |
42 | |||
43 | /** | 42 | /** |
44 | * REST root namespace | 43 | * REST root namespace |
45 | */ | 44 | */ |
@@ -206,20 +205,12 @@ | |||
206 | #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" | 205 | #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" |
207 | 206 | ||
208 | 207 | ||
209 | |||
210 | /** | 208 | /** |
211 | * OIDC ignored parameter array | 209 | * OIDC ignored parameter array |
212 | */ | 210 | */ |
213 | static char* OIDC_ignored_parameter_array [] = | 211 | static char *OIDC_ignored_parameter_array[] = { |
214 | { | 212 | "display", "prompt", "ui_locales", "response_mode", |
215 | "display", | 213 | "id_token_hint", "login_hint", "acr_values"}; |
216 | "prompt", | ||
217 | "ui_locales", | ||
218 | "response_mode", | ||
219 | "id_token_hint", | ||
220 | "login_hint", | ||
221 | "acr_values" | ||
222 | }; | ||
223 | 214 | ||
224 | /** | 215 | /** |
225 | * OIDC Hash map that keeps track of issued cookies | 216 | * OIDC Hash map that keeps track of issued cookies |
@@ -237,7 +228,8 @@ struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; | |||
237 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map; | 228 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map; |
238 | 229 | ||
239 | /** | 230 | /** |
240 | * Hash map that links the issued access token to the corresponding ticket and ego | 231 | * Hash map that links the issued access token to the corresponding ticket and |
232 | * ego | ||
241 | */ | 233 | */ |
242 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map; | 234 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map; |
243 | 235 | ||
@@ -249,7 +241,7 @@ const struct GNUNET_CONFIGURATION_Handle *cfg; | |||
249 | /** | 241 | /** |
250 | * HTTP methods allows for this plugin | 242 | * HTTP methods allows for this plugin |
251 | */ | 243 | */ |
252 | static char* allow_methods; | 244 | static char *allow_methods; |
253 | 245 | ||
254 | /** | 246 | /** |
255 | * @brief struct returned by the initialization function of the plugin | 247 | * @brief struct returned by the initialization function of the plugin |
@@ -313,7 +305,6 @@ struct OIDC_Variables | |||
313 | * The response JSON | 305 | * The response JSON |
314 | */ | 306 | */ |
315 | json_t *response; | 307 | json_t *response; |
316 | |||
317 | }; | 308 | }; |
318 | 309 | ||
319 | /** | 310 | /** |
@@ -499,7 +490,6 @@ struct RequestHandle | |||
499 | * Reponse code | 490 | * Reponse code |
500 | */ | 491 | */ |
501 | int response_code; | 492 | int response_code; |
502 | |||
503 | }; | 493 | }; |
504 | 494 | ||
505 | /** | 495 | /** |
@@ -513,8 +503,7 @@ cleanup_handle (struct RequestHandle *handle) | |||
513 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; | 503 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; |
514 | struct EgoEntry *ego_entry; | 504 | struct EgoEntry *ego_entry; |
515 | struct EgoEntry *ego_tmp; | 505 | struct EgoEntry *ego_tmp; |
516 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 506 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); |
517 | "Cleaning up\n"); | ||
518 | if (NULL != handle->timeout_task) | 507 | if (NULL != handle->timeout_task) |
519 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | 508 | GNUNET_SCHEDULER_cancel (handle->timeout_task); |
520 | if (NULL != handle->identity_handle) | 509 | if (NULL != handle->identity_handle) |
@@ -538,8 +527,7 @@ cleanup_handle (struct RequestHandle *handle) | |||
538 | 527 | ||
539 | if (NULL != handle->namestore_handle) | 528 | if (NULL != handle->namestore_handle) |
540 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); | 529 | GNUNET_NAMESTORE_disconnect (handle->namestore_handle); |
541 | if (NULL != handle->oidc) | 530 | if (NULL != handle->oidc) { |
542 | { | ||
543 | GNUNET_free_non_null (handle->oidc->client_id); | 531 | GNUNET_free_non_null (handle->oidc->client_id); |
544 | GNUNET_free_non_null (handle->oidc->login_identity); | 532 | GNUNET_free_non_null (handle->oidc->login_identity); |
545 | GNUNET_free_non_null (handle->oidc->nonce); | 533 | GNUNET_free_non_null (handle->oidc->nonce); |
@@ -550,11 +538,8 @@ cleanup_handle (struct RequestHandle *handle) | |||
550 | json_decref (handle->oidc->response); | 538 | json_decref (handle->oidc->response); |
551 | GNUNET_free (handle->oidc); | 539 | GNUNET_free (handle->oidc); |
552 | } | 540 | } |
553 | if ( NULL != handle->attr_list ) | 541 | if (NULL != handle->attr_list) { |
554 | { | 542 | for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) { |
555 | for (claim_entry = handle->attr_list->list_head; | ||
556 | NULL != claim_entry;) | ||
557 | { | ||
558 | claim_tmp = claim_entry; | 543 | claim_tmp = claim_entry; |
559 | claim_entry = claim_entry->next; | 544 | claim_entry = claim_entry->next; |
560 | GNUNET_free (claim_tmp->claim); | 545 | GNUNET_free (claim_tmp->claim); |
@@ -562,9 +547,7 @@ cleanup_handle (struct RequestHandle *handle) | |||
562 | } | 547 | } |
563 | GNUNET_free (handle->attr_list); | 548 | GNUNET_free (handle->attr_list); |
564 | } | 549 | } |
565 | for (ego_entry = handle->ego_head; | 550 | for (ego_entry = handle->ego_head; NULL != ego_entry;) { |
566 | NULL != ego_entry;) | ||
567 | { | ||
568 | ego_tmp = ego_entry; | 551 | ego_tmp = ego_entry; |
569 | ego_entry = ego_entry->next; | 552 | ego_entry = ego_entry->next; |
570 | GNUNET_free (ego_tmp->identifier); | 553 | GNUNET_free (ego_tmp->identifier); |
@@ -594,21 +577,19 @@ do_error (void *cls) | |||
594 | struct MHD_Response *resp; | 577 | struct MHD_Response *resp; |
595 | char *json_error; | 578 | char *json_error; |
596 | 579 | ||
597 | GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", | 580 | GNUNET_asprintf ( |
598 | handle->emsg, | 581 | &json_error, |
599 | (NULL != handle->edesc) ? handle->edesc : "", | 582 | "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", |
600 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", | 583 | handle->emsg, (NULL != handle->edesc) ? handle->edesc : "", |
601 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 584 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", |
602 | (NULL != handle->oidc->state) ? "\"" : ""); | 585 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
603 | if ( 0 == handle->response_code ) | 586 | (NULL != handle->oidc->state) ? "\"" : ""); |
587 | if (0 == handle->response_code) | ||
604 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 588 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
605 | resp = GNUNET_REST_create_response (json_error); | 589 | resp = GNUNET_REST_create_response (json_error); |
606 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) | 590 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) |
607 | MHD_add_response_header (resp, | 591 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); |
608 | MHD_HTTP_HEADER_WWW_AUTHENTICATE, | 592 | MHD_add_response_header (resp, MHD_HTTP_HEADER_CONTENT_TYPE, |
609 | "Basic"); | ||
610 | MHD_add_response_header (resp, | ||
611 | MHD_HTTP_HEADER_CONTENT_TYPE, | ||
612 | "application/json"); | 593 | "application/json"); |
613 | handle->proc (handle->proc_cls, resp, handle->response_code); | 594 | handle->proc (handle->proc_cls, resp, handle->response_code); |
614 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 595 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
@@ -630,12 +611,9 @@ do_userinfo_error (void *cls) | |||
630 | char *error; | 611 | char *error; |
631 | 612 | ||
632 | GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"", | 613 | GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"", |
633 | handle->emsg, | 614 | handle->emsg, (NULL != handle->edesc) ? handle->edesc : ""); |
634 | (NULL != handle->edesc) ? handle->edesc : ""); | ||
635 | resp = GNUNET_REST_create_response (""); | 615 | resp = GNUNET_REST_create_response (""); |
636 | MHD_add_response_header (resp, | 616 | MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); |
637 | MHD_HTTP_HEADER_WWW_AUTHENTICATE, | ||
638 | "Bearer"); | ||
639 | handle->proc (handle->proc_cls, resp, handle->response_code); | 617 | handle->proc (handle->proc_cls, resp, handle->response_code); |
640 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 618 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
641 | GNUNET_free (error); | 619 | GNUNET_free (error); |
@@ -652,9 +630,8 @@ do_redirect_error (void *cls) | |||
652 | { | 630 | { |
653 | struct RequestHandle *handle = cls; | 631 | struct RequestHandle *handle = cls; |
654 | struct MHD_Response *resp; | 632 | struct MHD_Response *resp; |
655 | char* redirect; | 633 | char *redirect; |
656 | GNUNET_asprintf (&redirect, | 634 | GNUNET_asprintf (&redirect, "%s?error=%s&error_description=%s%s%s", |
657 | "%s?error=%s&error_description=%s%s%s", | ||
658 | handle->oidc->redirect_uri, handle->emsg, handle->edesc, | 635 | handle->oidc->redirect_uri, handle->emsg, handle->edesc, |
659 | (NULL != handle->oidc->state) ? "&state=" : "", | 636 | (NULL != handle->oidc->state) ? "&state=" : "", |
660 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); | 637 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); |
@@ -687,7 +664,7 @@ do_timeout (void *cls) | |||
687 | static void | 664 | static void |
688 | return_userinfo_response (void *cls) | 665 | return_userinfo_response (void *cls) |
689 | { | 666 | { |
690 | char* result_str; | 667 | char *result_str; |
691 | struct RequestHandle *handle = cls; | 668 | struct RequestHandle *handle = cls; |
692 | struct MHD_Response *resp; | 669 | struct MHD_Response *resp; |
693 | 670 | ||
@@ -705,7 +682,7 @@ return_userinfo_response (void *cls) | |||
705 | * @param string the string to encode | 682 | * @param string the string to encode |
706 | * @return base64 encoded string | 683 | * @return base64 encoded string |
707 | */ | 684 | */ |
708 | static char* | 685 | static char * |
709 | base64_encode (const char *s) | 686 | base64_encode (const char *s) |
710 | { | 687 | { |
711 | char *enc; | 688 | char *enc; |
@@ -720,13 +697,12 @@ base64_encode (const char *s) | |||
720 | GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); | 697 | GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); |
721 | if (0 == num_pads) | 698 | if (0 == num_pads) |
722 | return enc; | 699 | return enc; |
723 | enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads*2); | 700 | enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads * 2); |
724 | strcpy (enc_urlencode, enc); | 701 | strcpy (enc_urlencode, enc); |
725 | GNUNET_free (enc); | 702 | GNUNET_free (enc); |
726 | tmp = strchr (enc_urlencode, '='); | 703 | tmp = strchr (enc_urlencode, '='); |
727 | for (i = 0; i < num_pads; i++) | 704 | for (i = 0; i < num_pads; i++) { |
728 | { | 705 | strcpy (tmp, "%3D"); // replace '=' with '%3D' |
729 | strcpy (tmp, "%3D"); //replace '=' with '%3D' | ||
730 | tmp += 3; | 706 | tmp += 3; |
731 | } | 707 | } |
732 | return enc_urlencode; | 708 | return enc_urlencode; |
@@ -740,18 +716,15 @@ base64_encode (const char *s) | |||
740 | * @param cls the RequestHandle | 716 | * @param cls the RequestHandle |
741 | */ | 717 | */ |
742 | static void | 718 | static void |
743 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, | 719 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, |
744 | const char* url, | ||
745 | void *cls) | 720 | void *cls) |
746 | { | 721 | { |
747 | struct MHD_Response *resp; | 722 | struct MHD_Response *resp; |
748 | struct RequestHandle *handle = cls; | 723 | struct RequestHandle *handle = cls; |
749 | 724 | ||
750 | //For now, independent of path return all options | 725 | // For now, independent of path return all options |
751 | resp = GNUNET_REST_create_response (NULL); | 726 | resp = GNUNET_REST_create_response (NULL); |
752 | MHD_add_response_header (resp, | 727 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); |
753 | "Access-Control-Allow-Methods", | ||
754 | allow_methods); | ||
755 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 728 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
756 | cleanup_handle (handle); | 729 | cleanup_handle (handle); |
757 | return; | 730 | return; |
@@ -772,36 +745,30 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
772 | char *token; | 745 | char *token; |
773 | char *value; | 746 | char *value; |
774 | 747 | ||
775 | //gets identity of login try with cookie | 748 | // gets identity of login try with cookie |
776 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 749 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), |
777 | &cache_key); | 750 | &cache_key); |
778 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | 751 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
779 | &cache_key) ) | 752 | handle->rest_handle->header_param_map, &cache_key)) { |
780 | { | 753 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); |
781 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
782 | "No cookie found\n"); | ||
783 | return; | 754 | return; |
784 | } | 755 | } |
785 | //splits cookies and find 'Identity' cookie | 756 | // splits cookies and find 'Identity' cookie |
786 | tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 757 | tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( |
758 | handle->rest_handle->header_param_map, &cache_key); | ||
787 | cookies = GNUNET_strdup (tmp_cookies); | 759 | cookies = GNUNET_strdup (tmp_cookies); |
788 | token = strtok (cookies, delimiter); | 760 | token = strtok (cookies, delimiter); |
789 | handle->oidc->user_cancelled = GNUNET_NO; | 761 | handle->oidc->user_cancelled = GNUNET_NO; |
790 | handle->oidc->login_identity = NULL; | 762 | handle->oidc->login_identity = NULL; |
791 | if (NULL == token) | 763 | if (NULL == token) { |
792 | { | 764 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to parse cookie: %s\n", |
793 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
794 | "Unable to parse cookie: %s\n", | ||
795 | cookies); | 765 | cookies); |
796 | GNUNET_free (cookies); | 766 | GNUNET_free (cookies); |
797 | return; | 767 | return; |
798 | } | 768 | } |
799 | 769 | ||
800 | while (NULL != token) | 770 | while (NULL != token) { |
801 | { | 771 | if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) { |
802 | if (0 == strcmp (token, | ||
803 | OIDC_COOKIE_HEADER_ACCESS_DENIED)) | ||
804 | { | ||
805 | handle->oidc->user_cancelled = GNUNET_YES; | 772 | handle->oidc->user_cancelled = GNUNET_YES; |
806 | GNUNET_free (cookies); | 773 | GNUNET_free (cookies); |
807 | return; | 774 | return; |
@@ -810,33 +777,29 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
810 | break; | 777 | break; |
811 | token = strtok (NULL, delimiter); | 778 | token = strtok (NULL, delimiter); |
812 | } | 779 | } |
813 | if (NULL == token) | 780 | if (NULL == token) { |
814 | { | 781 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No cookie value to process: %s\n", |
815 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
816 | "No cookie value to process: %s\n", | ||
817 | cookies); | 782 | cookies); |
818 | GNUNET_free (cookies); | 783 | GNUNET_free (cookies); |
819 | return; | 784 | return; |
820 | } | 785 | } |
821 | GNUNET_CRYPTO_hash (token, strlen (token), | 786 | GNUNET_CRYPTO_hash (token, strlen (token), &cache_key); |
822 | &cache_key); | 787 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, |
823 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) | 788 | &cache_key)) { |
824 | { | 789 | GNUNET_log ( |
825 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 790 | GNUNET_ERROR_TYPE_WARNING, |
826 | "Found cookie `%s', but no corresponding expiration entry present...\n", | 791 | "Found cookie `%s', but no corresponding expiration entry present...\n", |
827 | token); | 792 | token); |
828 | GNUNET_free (cookies); | 793 | GNUNET_free (cookies); |
829 | return; | 794 | return; |
830 | } | 795 | } |
831 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, | 796 | relog_time = |
832 | &cache_key); | 797 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
833 | current_time = GNUNET_TIME_absolute_get (); | 798 | current_time = GNUNET_TIME_absolute_get (); |
834 | // 30 min after old login -> redirect to login | 799 | // 30 min after old login -> redirect to login |
835 | if ( current_time.abs_value_us > relog_time->abs_value_us ) | 800 | if (current_time.abs_value_us > relog_time->abs_value_us) { |
836 | { | ||
837 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 801 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
838 | "Found cookie `%s', but it is expired.\n", | 802 | "Found cookie `%s', but it is expired.\n", token); |
839 | token); | ||
840 | GNUNET_free (cookies); | 803 | GNUNET_free (cookies); |
841 | return; | 804 | return; |
842 | } | 805 | } |
@@ -856,30 +819,22 @@ login_redirect (void *cls) | |||
856 | struct MHD_Response *resp; | 819 | struct MHD_Response *resp; |
857 | struct RequestHandle *handle = cls; | 820 | struct RequestHandle *handle = cls; |
858 | 821 | ||
859 | if ( GNUNET_OK | 822 | if (GNUNET_OK == |
860 | == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", | 823 | GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", |
861 | "address", &login_base_url) ) | 824 | "address", &login_base_url)) { |
862 | { | ||
863 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 825 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
864 | login_base_url, | 826 | login_base_url, OIDC_RESPONSE_TYPE_KEY, |
865 | OIDC_RESPONSE_TYPE_KEY, | 827 | handle->oidc->response_type, OIDC_CLIENT_ID_KEY, |
866 | handle->oidc->response_type, | 828 | handle->oidc->client_id, OIDC_REDIRECT_URI_KEY, |
867 | OIDC_CLIENT_ID_KEY, | 829 | handle->oidc->redirect_uri, OIDC_SCOPE_KEY, |
868 | handle->oidc->client_id, | 830 | handle->oidc->scope, OIDC_STATE_KEY, |
869 | OIDC_REDIRECT_URI_KEY, | ||
870 | handle->oidc->redirect_uri, | ||
871 | OIDC_SCOPE_KEY, | ||
872 | handle->oidc->scope, | ||
873 | OIDC_STATE_KEY, | ||
874 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | 831 | (NULL != handle->oidc->state) ? handle->oidc->state : "", |
875 | OIDC_NONCE_KEY, | 832 | OIDC_NONCE_KEY, |
876 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); | 833 | (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); |
877 | resp = GNUNET_REST_create_response (""); | 834 | resp = GNUNET_REST_create_response (""); |
878 | MHD_add_response_header (resp, "Location", new_redirect); | 835 | MHD_add_response_header (resp, "Location", new_redirect); |
879 | GNUNET_free (login_base_url); | 836 | GNUNET_free (login_base_url); |
880 | } | 837 | } else { |
881 | else | ||
882 | { | ||
883 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 838 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
884 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 839 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
885 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 840 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
@@ -909,8 +864,7 @@ oidc_iteration_error (void *cls) | |||
909 | * parameter. Otherwise redirects with error | 864 | * parameter. Otherwise redirects with error |
910 | */ | 865 | */ |
911 | static void | 866 | static void |
912 | oidc_ticket_issue_cb (void* cls, | 867 | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) |
913 | const struct GNUNET_RECLAIM_Ticket *ticket) | ||
914 | { | 868 | { |
915 | struct RequestHandle *handle = cls; | 869 | struct RequestHandle *handle = cls; |
916 | struct MHD_Response *resp; | 870 | struct MHD_Response *resp; |
@@ -921,37 +875,29 @@ oidc_ticket_issue_cb (void* cls, | |||
921 | 875 | ||
922 | handle->idp_op = NULL; | 876 | handle->idp_op = NULL; |
923 | handle->ticket = *ticket; | 877 | handle->ticket = *ticket; |
924 | if (NULL == ticket) | 878 | if (NULL == ticket) { |
925 | { | ||
926 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 879 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
927 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); | 880 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); |
928 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 881 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
929 | return; | 882 | return; |
930 | } | 883 | } |
931 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, | 884 | ticket_str = GNUNET_STRINGS_data_to_string_alloc ( |
932 | sizeof (struct GNUNET_RECLAIM_Ticket)); | 885 | &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); |
933 | //TODO change if more attributes are needed (see max_age) | 886 | // TODO change if more attributes are needed (see max_age) |
934 | code_json_string = OIDC_build_authz_code (&handle->priv_key, | 887 | code_json_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, |
935 | &handle->ticket, | ||
936 | handle->oidc->nonce); | 888 | handle->oidc->nonce); |
937 | code_base64_final_string = base64_encode (code_json_string); | 889 | code_base64_final_string = base64_encode (code_json_string); |
938 | if ( (NULL != handle->redirect_prefix) && | 890 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && |
939 | (NULL != handle->redirect_suffix) && | 891 | (NULL != handle->tld)) { |
940 | (NULL != handle->tld) ) | ||
941 | { | ||
942 | 892 | ||
943 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | 893 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", |
944 | handle->redirect_prefix, | 894 | handle->redirect_prefix, handle->tld, |
945 | handle->tld, | 895 | handle->redirect_suffix, handle->oidc->response_type, |
946 | handle->redirect_suffix, | ||
947 | handle->oidc->response_type, | ||
948 | code_base64_final_string, handle->oidc->state); | 896 | code_base64_final_string, handle->oidc->state); |
949 | } else { | 897 | } else { |
950 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | 898 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", |
951 | handle->oidc->redirect_uri, | 899 | handle->oidc->redirect_uri, handle->oidc->response_type, |
952 | handle->oidc->response_type, | ||
953 | code_base64_final_string, handle->oidc->state); | 900 | code_base64_final_string, handle->oidc->state); |
954 | |||
955 | } | 901 | } |
956 | resp = GNUNET_REST_create_response (""); | 902 | resp = GNUNET_REST_create_response (""); |
957 | MHD_add_response_header (resp, "Location", redirect_uri); | 903 | MHD_add_response_header (resp, "Location", redirect_uri); |
@@ -969,19 +915,15 @@ oidc_collect_finished_cb (void *cls) | |||
969 | struct RequestHandle *handle = cls; | 915 | struct RequestHandle *handle = cls; |
970 | handle->attr_it = NULL; | 916 | handle->attr_it = NULL; |
971 | handle->ticket_it = NULL; | 917 | handle->ticket_it = NULL; |
972 | if (NULL == handle->attr_list->list_head) | 918 | if (NULL == handle->attr_list->list_head) { |
973 | { | ||
974 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | 919 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
975 | handle->edesc = GNUNET_strdup ("The requested scope is not available."); | 920 | handle->edesc = GNUNET_strdup ("The requested scope is not available."); |
976 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 921 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
977 | return; | 922 | return; |
978 | } | 923 | } |
979 | handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, | 924 | handle->idp_op = GNUNET_RECLAIM_ticket_issue ( |
980 | &handle->priv_key, | 925 | handle->idp, &handle->priv_key, &handle->oidc->client_pkey, |
981 | &handle->oidc->client_pkey, | 926 | handle->attr_list, &oidc_ticket_issue_cb, handle); |
982 | handle->attr_list, | ||
983 | &oidc_ticket_issue_cb, | ||
984 | handle); | ||
985 | } | 927 | } |
986 | 928 | ||
987 | 929 | ||
@@ -995,28 +937,24 @@ oidc_attr_collect (void *cls, | |||
995 | { | 937 | { |
996 | struct RequestHandle *handle = cls; | 938 | struct RequestHandle *handle = cls; |
997 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 939 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
998 | char* scope_variables; | 940 | char *scope_variables; |
999 | char* scope_variable; | 941 | char *scope_variable; |
1000 | char delimiter[]=" "; | 942 | char delimiter[] = " "; |
1001 | 943 | ||
1002 | if ( (NULL == attr->name) || (NULL == attr->data) ) | 944 | if ((NULL == attr->name) || (NULL == attr->data)) { |
1003 | { | ||
1004 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | 945 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
1005 | return; | 946 | return; |
1006 | } | 947 | } |
1007 | 948 | ||
1008 | scope_variables = GNUNET_strdup (handle->oidc->scope); | 949 | scope_variables = GNUNET_strdup (handle->oidc->scope); |
1009 | scope_variable = strtok (scope_variables, delimiter); | 950 | scope_variable = strtok (scope_variables, delimiter); |
1010 | while (NULL != scope_variable) | 951 | while (NULL != scope_variable) { |
1011 | { | 952 | if (0 == strcmp (attr->name, scope_variable)) { |
1012 | if ( 0 == strcmp (attr->name, scope_variable) ) | ||
1013 | { | ||
1014 | break; | 953 | break; |
1015 | } | 954 | } |
1016 | scope_variable = strtok (NULL, delimiter); | 955 | scope_variable = strtok (NULL, delimiter); |
1017 | } | 956 | } |
1018 | if ( NULL == scope_variable ) | 957 | if (NULL == scope_variable) { |
1019 | { | ||
1020 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | 958 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); |
1021 | GNUNET_free (scope_variables); | 959 | GNUNET_free (scope_variables); |
1022 | return; | 960 | return; |
@@ -1044,50 +982,41 @@ code_redirect (void *cls) | |||
1044 | struct GNUNET_HashCode cache_key; | 982 | struct GNUNET_HashCode cache_key; |
1045 | char *identity_cookie; | 983 | char *identity_cookie; |
1046 | 984 | ||
1047 | GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); | 985 | GNUNET_asprintf (&identity_cookie, "Identity=%s", |
986 | handle->oidc->login_identity); | ||
1048 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); | 987 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); |
1049 | GNUNET_free (identity_cookie); | 988 | GNUNET_free (identity_cookie); |
1050 | //No login time for identity -> redirect to login | 989 | // No login time for identity -> redirect to login |
1051 | if ( GNUNET_YES | 990 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, |
1052 | == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, | 991 | &cache_key)) { |
1053 | &cache_key) ) | 992 | relog_time = |
1054 | { | 993 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); |
1055 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, | ||
1056 | &cache_key); | ||
1057 | current_time = GNUNET_TIME_absolute_get (); | 994 | current_time = GNUNET_TIME_absolute_get (); |
1058 | // 30 min after old login -> redirect to login | 995 | // 30 min after old login -> redirect to login |
1059 | if ( current_time.abs_value_us <= relog_time->abs_value_us ) | 996 | if (current_time.abs_value_us <= relog_time->abs_value_us) { |
1060 | { | 997 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string ( |
1061 | if ( GNUNET_OK | 998 | handle->oidc->login_identity, |
1062 | != GNUNET_CRYPTO_ecdsa_public_key_from_string ( | 999 | strlen (handle->oidc->login_identity), &pubkey)) { |
1063 | handle->oidc->login_identity, | ||
1064 | strlen (handle->oidc->login_identity), &pubkey) ) | ||
1065 | { | ||
1066 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); | 1000 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); |
1067 | handle->edesc = GNUNET_strdup ("The cookie of a login identity is not valid"); | 1001 | handle->edesc = |
1002 | GNUNET_strdup ("The cookie of a login identity is not valid"); | ||
1068 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1003 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1069 | return; | 1004 | return; |
1070 | } | 1005 | } |
1071 | // iterate over egos and compare their public key | 1006 | // iterate over egos and compare their public key |
1072 | for (handle->ego_entry = handle->ego_head; | 1007 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; |
1073 | NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) | 1008 | handle->ego_entry = handle->ego_entry->next) { |
1074 | { | ||
1075 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); | 1009 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); |
1076 | if ( 0 == memcmp (&ego_pkey, | 1010 | if (0 == memcmp (&ego_pkey, &pubkey, |
1077 | &pubkey, | 1011 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { |
1078 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1012 | handle->priv_key = |
1079 | { | 1013 | *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1080 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | ||
1081 | handle->idp = GNUNET_RECLAIM_connect (cfg); | 1014 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1082 | handle->attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | 1015 | handle->attr_list = |
1083 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, | 1016 | GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1084 | &handle->priv_key, | 1017 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start ( |
1085 | &oidc_iteration_error, | 1018 | handle->idp, &handle->priv_key, &oidc_iteration_error, handle, |
1086 | handle, | 1019 | &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); |
1087 | &oidc_attr_collect, | ||
1088 | handle, | ||
1089 | &oidc_collect_finished_cb, | ||
1090 | handle); | ||
1091 | return; | 1020 | return; |
1092 | } | 1021 | } |
1093 | } | 1022 | } |
@@ -1103,28 +1032,20 @@ build_redirect (void *cls) | |||
1103 | { | 1032 | { |
1104 | struct RequestHandle *handle = cls; | 1033 | struct RequestHandle *handle = cls; |
1105 | struct MHD_Response *resp; | 1034 | struct MHD_Response *resp; |
1106 | char* redirect_uri; | 1035 | char *redirect_uri; |
1107 | |||
1108 | if (GNUNET_YES == handle->oidc->user_cancelled) | ||
1109 | { | ||
1110 | if ( (NULL != handle->redirect_prefix) && | ||
1111 | (NULL != handle->redirect_suffix) && | ||
1112 | (NULL != handle->tld) ) | ||
1113 | { | ||
1114 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", | ||
1115 | handle->redirect_prefix, | ||
1116 | handle->tld, | ||
1117 | handle->redirect_suffix, | ||
1118 | "access_denied", | ||
1119 | "User denied access", | ||
1120 | handle->oidc->state); | ||
1121 | } else { | ||
1122 | GNUNET_asprintf (&redirect_uri, "%s?error=%s&error_description=%s&state=%s", | ||
1123 | handle->oidc->redirect_uri, | ||
1124 | "access_denied", | ||
1125 | "User denied access", | ||
1126 | handle->oidc->state); | ||
1127 | 1036 | ||
1037 | if (GNUNET_YES == handle->oidc->user_cancelled) { | ||
1038 | if ((NULL != handle->redirect_prefix) && | ||
1039 | (NULL != handle->redirect_suffix) && (NULL != handle->tld)) { | ||
1040 | GNUNET_asprintf ( | ||
1041 | &redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", | ||
1042 | handle->redirect_prefix, handle->tld, handle->redirect_suffix, | ||
1043 | "access_denied", "User denied access", handle->oidc->state); | ||
1044 | } else { | ||
1045 | GNUNET_asprintf (&redirect_uri, | ||
1046 | "%s?error=%s&error_description=%s&state=%s", | ||
1047 | handle->oidc->redirect_uri, "access_denied", | ||
1048 | "User denied access", handle->oidc->state); | ||
1128 | } | 1049 | } |
1129 | resp = GNUNET_REST_create_response (""); | 1050 | resp = GNUNET_REST_create_response (""); |
1130 | MHD_add_response_header (resp, "Location", redirect_uri); | 1051 | MHD_add_response_header (resp, "Location", redirect_uri); |
@@ -1138,8 +1059,7 @@ build_redirect (void *cls) | |||
1138 | 1059 | ||
1139 | 1060 | ||
1140 | static void | 1061 | static void |
1141 | lookup_redirect_uri_result (void *cls, | 1062 | lookup_redirect_uri_result (void *cls, uint32_t rd_count, |
1142 | uint32_t rd_count, | ||
1143 | const struct GNUNET_GNSRECORD_Data *rd) | 1063 | const struct GNUNET_GNSRECORD_Data *rd) |
1144 | { | 1064 | { |
1145 | struct RequestHandle *handle = cls; | 1065 | struct RequestHandle *handle = cls; |
@@ -1149,58 +1069,47 @@ lookup_redirect_uri_result (void *cls, | |||
1149 | struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; | 1069 | struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; |
1150 | 1070 | ||
1151 | handle->gns_op = NULL; | 1071 | handle->gns_op = NULL; |
1152 | if (0 == rd_count) | 1072 | if (0 == rd_count) { |
1153 | { | ||
1154 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 1073 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1155 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); | 1074 | handle->edesc = GNUNET_strdup ( |
1075 | "Server cannot generate ticket, redirect uri not found."); | ||
1156 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1076 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1157 | return; | 1077 | return; |
1158 | } | 1078 | } |
1159 | for (int i = 0; i < rd_count; i++) | 1079 | for (int i = 0; i < rd_count; i++) { |
1160 | { | ||
1161 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | 1080 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) |
1162 | continue; | 1081 | continue; |
1163 | if (0 != strncmp (rd[i].data, | 1082 | if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) |
1164 | handle->oidc->redirect_uri, | ||
1165 | rd[i].data_size)) | ||
1166 | continue; | 1083 | continue; |
1167 | tmp = GNUNET_strndup (rd[i].data, | 1084 | tmp = GNUNET_strndup (rd[i].data, rd[i].data_size); |
1168 | rd[i].data_size); | 1085 | if (NULL == strstr (tmp, handle->oidc->client_id)) { |
1169 | if (NULL == strstr (tmp, | ||
1170 | handle->oidc->client_id)) | ||
1171 | { | ||
1172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1086 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1173 | "Redirect uri %s does not contain client_id %s", | 1087 | "Redirect uri %s does not contain client_id %s", tmp, |
1174 | tmp, | ||
1175 | handle->oidc->client_id); | 1088 | handle->oidc->client_id); |
1176 | } else { | 1089 | } else { |
1177 | 1090 | ||
1178 | pos = strrchr (tmp, | 1091 | pos = strrchr (tmp, (unsigned char)'.'); |
1179 | (unsigned char) '.'); | ||
1180 | *pos = '\0'; | 1092 | *pos = '\0'; |
1181 | handle->redirect_prefix = GNUNET_strdup (tmp); | 1093 | handle->redirect_prefix = GNUNET_strdup (tmp); |
1182 | tmp_key_str = pos + 1; | 1094 | tmp_key_str = pos + 1; |
1183 | pos = strchr (tmp_key_str, | 1095 | pos = strchr (tmp_key_str, (unsigned char)'/'); |
1184 | (unsigned char) '/'); | ||
1185 | *pos = '\0'; | 1096 | *pos = '\0'; |
1186 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | 1097 | handle->redirect_suffix = GNUNET_strdup (pos + 1); |
1187 | 1098 | ||
1188 | GNUNET_STRINGS_string_to_data (tmp_key_str, | 1099 | GNUNET_STRINGS_string_to_data (tmp_key_str, strlen (tmp_key_str), |
1189 | strlen (tmp_key_str), | 1100 | &redirect_zone, sizeof (redirect_zone)); |
1190 | &redirect_zone, | ||
1191 | sizeof (redirect_zone)); | ||
1192 | } | 1101 | } |
1193 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); | 1102 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); |
1194 | GNUNET_free (tmp); | 1103 | GNUNET_free (tmp); |
1195 | return; | 1104 | return; |
1196 | } | 1105 | } |
1197 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 1106 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1198 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); | 1107 | handle->edesc = |
1108 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); | ||
1199 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1109 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1200 | } | 1110 | } |
1201 | 1111 | ||
1202 | 1112 | ||
1203 | |||
1204 | /** | 1113 | /** |
1205 | * Initiate redirect back to client. | 1114 | * Initiate redirect back to client. |
1206 | */ | 1115 | */ |
@@ -1210,14 +1119,10 @@ client_redirect (void *cls) | |||
1210 | struct RequestHandle *handle = cls; | 1119 | struct RequestHandle *handle = cls; |
1211 | 1120 | ||
1212 | /* Lookup client redirect uri to verify request */ | 1121 | /* Lookup client redirect uri to verify request */ |
1213 | handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, | 1122 | handle->gns_op = GNUNET_GNS_lookup ( |
1214 | GNUNET_GNS_EMPTY_LABEL_AT, | 1123 | handle->gns_handle, GNUNET_GNS_EMPTY_LABEL_AT, &handle->oidc->client_pkey, |
1215 | &handle->oidc->client_pkey, | 1124 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_GNS_LO_DEFAULT, |
1216 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, | 1125 | &lookup_redirect_uri_result, handle); |
1217 | GNUNET_GNS_LO_DEFAULT, | ||
1218 | &lookup_redirect_uri_result, | ||
1219 | handle); | ||
1220 | |||
1221 | } | 1126 | } |
1222 | 1127 | ||
1223 | 1128 | ||
@@ -1234,75 +1139,70 @@ build_authz_response (void *cls) | |||
1234 | struct GNUNET_HashCode cache_key; | 1139 | struct GNUNET_HashCode cache_key; |
1235 | 1140 | ||
1236 | char *expected_scope; | 1141 | char *expected_scope; |
1237 | char delimiter[]=" "; | 1142 | char delimiter[] = " "; |
1238 | int number_of_ignored_parameter, iterator; | 1143 | int number_of_ignored_parameter, iterator; |
1239 | 1144 | ||
1240 | 1145 | ||
1241 | // REQUIRED value: redirect_uri | 1146 | // REQUIRED value: redirect_uri |
1242 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1147 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
1243 | &cache_key); | 1148 | &cache_key); |
1244 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1149 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1245 | &cache_key)) | 1150 | handle->rest_handle->url_param_map, &cache_key)) { |
1246 | { | 1151 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1247 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1152 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); |
1248 | handle->edesc=GNUNET_strdup ("missing parameter redirect_uri"); | ||
1249 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1153 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1250 | return; | 1154 | return; |
1251 | } | 1155 | } |
1252 | handle->oidc->redirect_uri = | 1156 | handle->oidc->redirect_uri = |
1253 | GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1157 | GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get ( |
1254 | &cache_key)); | 1158 | handle->rest_handle->url_param_map, &cache_key)); |
1255 | 1159 | ||
1256 | // REQUIRED value: response_type | 1160 | // REQUIRED value: response_type |
1257 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1161 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), |
1258 | &cache_key); | 1162 | &cache_key); |
1259 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1163 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1260 | &cache_key)) | 1164 | handle->rest_handle->url_param_map, &cache_key)) { |
1261 | { | 1165 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1262 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1166 | handle->edesc = GNUNET_strdup ("missing parameter response_type"); |
1263 | handle->edesc=GNUNET_strdup ("missing parameter response_type"); | ||
1264 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1167 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1265 | return; | 1168 | return; |
1266 | } | 1169 | } |
1267 | handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1170 | handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get ( |
1268 | &cache_key); | 1171 | handle->rest_handle->url_param_map, &cache_key); |
1269 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); | 1172 | handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); |
1270 | 1173 | ||
1271 | // REQUIRED value: scope | 1174 | // REQUIRED value: scope |
1272 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); | 1175 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); |
1273 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1176 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1274 | &cache_key)) | 1177 | handle->rest_handle->url_param_map, &cache_key)) { |
1275 | { | 1178 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1276 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | 1179 | handle->edesc = GNUNET_strdup ("missing parameter scope"); |
1277 | handle->edesc=GNUNET_strdup ("missing parameter scope"); | ||
1278 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1180 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1279 | return; | 1181 | return; |
1280 | } | 1182 | } |
1281 | handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1183 | handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get ( |
1282 | &cache_key); | 1184 | handle->rest_handle->url_param_map, &cache_key); |
1283 | handle->oidc->scope = GNUNET_strdup (handle->oidc->scope); | 1185 | handle->oidc->scope = GNUNET_strdup (handle->oidc->scope); |
1284 | 1186 | ||
1285 | //OPTIONAL value: nonce | 1187 | // OPTIONAL value: nonce |
1286 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | 1188 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); |
1287 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1189 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( |
1288 | &cache_key)) | 1190 | handle->rest_handle->url_param_map, &cache_key)) { |
1289 | { | 1191 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get ( |
1290 | handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1192 | handle->rest_handle->url_param_map, &cache_key); |
1291 | &cache_key); | ||
1292 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); | 1193 | handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); |
1293 | } | 1194 | } |
1294 | 1195 | ||
1295 | //TODO check other values if needed | 1196 | // TODO check other values if needed |
1296 | number_of_ignored_parameter = sizeof (OIDC_ignored_parameter_array) / sizeof (char *); | 1197 | number_of_ignored_parameter = |
1297 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) | 1198 | sizeof (OIDC_ignored_parameter_array) / sizeof (char *); |
1298 | { | 1199 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) { |
1299 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1200 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1300 | strlen (OIDC_ignored_parameter_array[iterator]), | 1201 | strlen (OIDC_ignored_parameter_array[iterator]), |
1301 | &cache_key); | 1202 | &cache_key); |
1302 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1203 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( |
1303 | &cache_key)) | 1204 | handle->rest_handle->url_param_map, &cache_key)) { |
1304 | { | 1205 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); |
1305 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); | ||
1306 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", | 1206 | GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", |
1307 | OIDC_ignored_parameter_array[iterator]); | 1207 | OIDC_ignored_parameter_array[iterator]); |
1308 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1208 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
@@ -1311,38 +1211,37 @@ build_authz_response (void *cls) | |||
1311 | } | 1211 | } |
1312 | 1212 | ||
1313 | // Checks if response_type is 'code' | 1213 | // Checks if response_type is 'code' |
1314 | if (0 != strcmp (handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) | 1214 | if (0 != strcmp (handle->oidc->response_type, |
1315 | { | 1215 | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) { |
1316 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); | 1216 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); |
1317 | handle->edesc=GNUNET_strdup ("The authorization server does not support " | 1217 | handle->edesc = GNUNET_strdup ("The authorization server does not support " |
1318 | "obtaining this authorization code."); | 1218 | "obtaining this authorization code."); |
1319 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1219 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1320 | return; | 1220 | return; |
1321 | } | 1221 | } |
1322 | 1222 | ||
1323 | // Checks if scope contains 'openid' | 1223 | // Checks if scope contains 'openid' |
1324 | expected_scope = GNUNET_strdup (handle->oidc->scope); | 1224 | expected_scope = GNUNET_strdup (handle->oidc->scope); |
1325 | char* test; | 1225 | char *test; |
1326 | test = strtok (expected_scope, delimiter); | 1226 | test = strtok (expected_scope, delimiter); |
1327 | while (NULL != test) | 1227 | while (NULL != test) { |
1328 | { | 1228 | if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) |
1329 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) | ||
1330 | break; | 1229 | break; |
1331 | test = strtok (NULL, delimiter); | 1230 | test = strtok (NULL, delimiter); |
1332 | } | 1231 | } |
1333 | if (NULL == test) | 1232 | if (NULL == test) { |
1334 | { | ||
1335 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | 1233 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1336 | handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " | 1234 | handle->edesc = |
1337 | "malformed."); | 1235 | GNUNET_strdup ("The requested scope is invalid, unknown, or " |
1236 | "malformed."); | ||
1338 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1237 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1339 | GNUNET_free (expected_scope); | 1238 | GNUNET_free (expected_scope); |
1340 | return; | 1239 | return; |
1341 | } | 1240 | } |
1342 | 1241 | ||
1343 | GNUNET_free (expected_scope); | 1242 | GNUNET_free (expected_scope); |
1344 | if ( (NULL == handle->oidc->login_identity) && | 1243 | if ((NULL == handle->oidc->login_identity) && |
1345 | (GNUNET_NO == handle->oidc->user_cancelled)) | 1244 | (GNUNET_NO == handle->oidc->user_cancelled)) |
1346 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); | 1245 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); |
1347 | else | 1246 | else |
1348 | GNUNET_SCHEDULER_add_now (&client_redirect, handle); | 1247 | GNUNET_SCHEDULER_add_now (&client_redirect, handle); |
@@ -1352,27 +1251,19 @@ build_authz_response (void *cls) | |||
1352 | * Iterate over tlds in config | 1251 | * Iterate over tlds in config |
1353 | */ | 1252 | */ |
1354 | static void | 1253 | static void |
1355 | tld_iter (void *cls, | 1254 | tld_iter (void *cls, const char *section, const char *option, const char *value) |
1356 | const char *section, | ||
1357 | const char *option, | ||
1358 | const char *value) | ||
1359 | { | 1255 | { |
1360 | struct RequestHandle *handle = cls; | 1256 | struct RequestHandle *handle = cls; |
1361 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 1257 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
1362 | 1258 | ||
1363 | if (GNUNET_OK != | 1259 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string ( |
1364 | GNUNET_CRYPTO_ecdsa_public_key_from_string (value, | 1260 | value, strlen (value), &pkey)) { |
1365 | strlen (value), | 1261 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); |
1366 | &pkey)) | ||
1367 | { | ||
1368 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1369 | "Skipping non key %s\n", | ||
1370 | value); | ||
1371 | return; | 1262 | return; |
1372 | } | 1263 | } |
1373 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, | 1264 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, |
1374 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | 1265 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
1375 | handle->tld = GNUNET_strdup (option+1); | 1266 | handle->tld = GNUNET_strdup (option + 1); |
1376 | } | 1267 | } |
1377 | 1268 | ||
1378 | /** | 1269 | /** |
@@ -1384,8 +1275,7 @@ tld_iter (void *cls, | |||
1384 | */ | 1275 | */ |
1385 | static void | 1276 | static void |
1386 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 1277 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1387 | const char* url, | 1278 | const char *url, void *cls) |
1388 | void *cls) | ||
1389 | { | 1279 | { |
1390 | struct RequestHandle *handle = cls; | 1280 | struct RequestHandle *handle = cls; |
1391 | struct GNUNET_HashCode cache_key; | 1281 | struct GNUNET_HashCode cache_key; |
@@ -1395,36 +1285,33 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1395 | 1285 | ||
1396 | cookie_identity_interpretation (handle); | 1286 | cookie_identity_interpretation (handle); |
1397 | 1287 | ||
1398 | //RECOMMENDED value: state - REQUIRED for answers | 1288 | // RECOMMENDED value: state - REQUIRED for answers |
1399 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1289 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); |
1400 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1290 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( |
1401 | &cache_key)) | 1291 | handle->rest_handle->url_param_map, &cache_key)) { |
1402 | { | 1292 | handle->oidc->state = GNUNET_CONTAINER_multihashmap_get ( |
1403 | handle->oidc->state = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1293 | handle->rest_handle->url_param_map, &cache_key); |
1404 | &cache_key); | ||
1405 | handle->oidc->state = GNUNET_strdup (handle->oidc->state); | 1294 | handle->oidc->state = GNUNET_strdup (handle->oidc->state); |
1406 | } | 1295 | } |
1407 | 1296 | ||
1408 | // REQUIRED value: client_id | 1297 | // REQUIRED value: client_id |
1409 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | 1298 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), |
1410 | &cache_key); | 1299 | &cache_key); |
1411 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1300 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1412 | &cache_key)) | 1301 | handle->rest_handle->url_param_map, &cache_key)) { |
1413 | { | ||
1414 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1302 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1415 | handle->edesc = GNUNET_strdup ("missing parameter client_id"); | 1303 | handle->edesc = GNUNET_strdup ("missing parameter client_id"); |
1416 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1304 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1417 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1305 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1418 | return; | 1306 | return; |
1419 | } | 1307 | } |
1420 | handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1308 | handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get ( |
1421 | &cache_key)); | 1309 | handle->rest_handle->url_param_map, &cache_key)); |
1422 | 1310 | ||
1423 | if ( GNUNET_OK | 1311 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string ( |
1424 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, | 1312 | handle->oidc->client_id, |
1425 | strlen (handle->oidc->client_id), | 1313 | strlen (handle->oidc->client_id), |
1426 | &handle->oidc->client_pkey) ) | 1314 | &handle->oidc->client_pkey)) { |
1427 | { | ||
1428 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); | 1315 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); |
1429 | handle->edesc = GNUNET_strdup ("The client is not authorized to request an " | 1316 | handle->edesc = GNUNET_strdup ("The client is not authorized to request an " |
1430 | "authorization code using this method."); | 1317 | "authorization code using this method."); |
@@ -1434,8 +1321,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1434 | } | 1321 | } |
1435 | 1322 | ||
1436 | 1323 | ||
1437 | if ( NULL == handle->ego_head ) | 1324 | if (NULL == handle->ego_head) { |
1438 | { | ||
1439 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 1325 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1440 | handle->edesc = GNUNET_strdup ("Egos are missing"); | 1326 | handle->edesc = GNUNET_strdup ("Egos are missing"); |
1441 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1327 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
@@ -1444,26 +1330,21 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1444 | } | 1330 | } |
1445 | 1331 | ||
1446 | handle->ego_entry = handle->ego_head; | 1332 | handle->ego_entry = handle->ego_head; |
1447 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); | 1333 | handle->priv_key = |
1448 | //If we know this identity, translated the corresponding TLD | 1334 | *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); |
1449 | //TODO: We might want to have a reverse lookup functionality for TLDs? | 1335 | // If we know this identity, translated the corresponding TLD |
1450 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) | 1336 | // TODO: We might want to have a reverse lookup functionality for TLDs? |
1451 | { | 1337 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) { |
1452 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); | 1338 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); |
1453 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, | 1339 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey); |
1454 | &pkey); | ||
1455 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, | 1340 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, |
1456 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | 1341 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { |
1457 | { | ||
1458 | handle->tld = GNUNET_strdup (tmp_ego->identifier); | 1342 | handle->tld = GNUNET_strdup (tmp_ego->identifier); |
1459 | handle->ego_entry = handle->ego_tail; | 1343 | handle->ego_entry = handle->ego_tail; |
1460 | } | 1344 | } |
1461 | } | 1345 | } |
1462 | if (NULL == handle->tld) | 1346 | if (NULL == handle->tld) |
1463 | GNUNET_CONFIGURATION_iterate_section_values (cfg, | 1347 | GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle); |
1464 | "gns", | ||
1465 | tld_iter, | ||
1466 | handle); | ||
1467 | if (NULL == handle->tld) | 1348 | if (NULL == handle->tld) |
1468 | handle->tld = GNUNET_strdup (handle->oidc->client_id); | 1349 | handle->tld = GNUNET_strdup (handle->oidc->client_id); |
1469 | GNUNET_SCHEDULER_add_now (&build_authz_response, handle); | 1350 | GNUNET_SCHEDULER_add_now (&build_authz_response, handle); |
@@ -1477,8 +1358,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1477 | * @param cls the RequestHandle | 1358 | * @param cls the RequestHandle |
1478 | */ | 1359 | */ |
1479 | static void | 1360 | static void |
1480 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, | 1361 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, |
1481 | const char* url, | ||
1482 | void *cls) | 1362 | void *cls) |
1483 | { | 1363 | { |
1484 | struct MHD_Response *resp = GNUNET_REST_create_response (""); | 1364 | struct MHD_Response *resp = GNUNET_REST_create_response (""); |
@@ -1486,49 +1366,43 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1486 | struct GNUNET_HashCode cache_key; | 1366 | struct GNUNET_HashCode cache_key; |
1487 | struct GNUNET_TIME_Absolute *current_time; | 1367 | struct GNUNET_TIME_Absolute *current_time; |
1488 | struct GNUNET_TIME_Absolute *last_time; | 1368 | struct GNUNET_TIME_Absolute *last_time; |
1489 | char* cookie; | 1369 | char *cookie; |
1490 | char* header_val; | 1370 | char *header_val; |
1491 | json_t *root; | 1371 | json_t *root; |
1492 | json_error_t error; | 1372 | json_error_t error; |
1493 | json_t *identity; | 1373 | json_t *identity; |
1494 | char term_data[handle->rest_handle->data_size+1]; | 1374 | char term_data[handle->rest_handle->data_size + 1]; |
1495 | term_data[handle->rest_handle->data_size] = '\0'; | 1375 | term_data[handle->rest_handle->data_size] = '\0'; |
1496 | GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); | 1376 | GNUNET_memcpy (term_data, handle->rest_handle->data, |
1377 | handle->rest_handle->data_size); | ||
1497 | root = json_loads (term_data, JSON_DECODE_ANY, &error); | 1378 | root = json_loads (term_data, JSON_DECODE_ANY, &error); |
1498 | identity = json_object_get (root, "identity"); | 1379 | identity = json_object_get (root, "identity"); |
1499 | if (!json_is_string (identity)) | 1380 | if (!json_is_string (identity)) { |
1500 | { | 1381 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error parsing json string from %s\n", |
1501 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1502 | "Error parsing json string from %s\n", | ||
1503 | term_data); | 1382 | term_data); |
1504 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 1383 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
1505 | json_decref (root); | 1384 | json_decref (root); |
1506 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1385 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1507 | return; | 1386 | return; |
1508 | } | 1387 | } |
1509 | GNUNET_asprintf (&cookie, | 1388 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); |
1510 | "Identity=%s", | 1389 | GNUNET_asprintf (&header_val, "%s;Max-Age=%d", cookie, |
1511 | json_string_value (identity)); | ||
1512 | GNUNET_asprintf (&header_val, | ||
1513 | "%s;Max-Age=%d", | ||
1514 | cookie, | ||
1515 | OIDC_COOKIE_EXPIRATION); | 1390 | OIDC_COOKIE_EXPIRATION); |
1516 | MHD_add_response_header (resp, "Set-Cookie", header_val); | 1391 | MHD_add_response_header (resp, "Set-Cookie", header_val); |
1517 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); | 1392 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); |
1518 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | 1393 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); |
1519 | 1394 | ||
1520 | if (0 != strcmp (json_string_value (identity), | 1395 | if (0 != strcmp (json_string_value (identity), "Denied")) { |
1521 | "Denied")) | ||
1522 | { | ||
1523 | current_time = GNUNET_new (struct GNUNET_TIME_Absolute); | 1396 | current_time = GNUNET_new (struct GNUNET_TIME_Absolute); |
1524 | *current_time = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | 1397 | *current_time = |
1525 | OIDC_COOKIE_EXPIRATION)); | 1398 | GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply ( |
1526 | last_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); | 1399 | GNUNET_TIME_relative_get_second_ (), OIDC_COOKIE_EXPIRATION)); |
1400 | last_time = | ||
1401 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); | ||
1527 | GNUNET_free_non_null (last_time); | 1402 | GNUNET_free_non_null (last_time); |
1528 | GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, | 1403 | GNUNET_CONTAINER_multihashmap_put ( |
1529 | &cache_key, | 1404 | OIDC_cookie_jar_map, &cache_key, current_time, |
1530 | current_time, | 1405 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1531 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
1532 | } | 1406 | } |
1533 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 1407 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1534 | GNUNET_free (cookie); | 1408 | GNUNET_free (cookie); |
@@ -1551,80 +1425,65 @@ check_authorization (struct RequestHandle *handle, | |||
1551 | int client_exists = GNUNET_NO; | 1425 | int client_exists = GNUNET_NO; |
1552 | 1426 | ||
1553 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | 1427 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1554 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | 1428 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); |
1555 | &cache_key); | 1429 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1556 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | 1430 | handle->rest_handle->header_param_map, &cache_key)) { |
1557 | &cache_key) ) | 1431 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1558 | { | 1432 | handle->edesc = GNUNET_strdup ("missing authorization"); |
1559 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
1560 | handle->edesc=GNUNET_strdup ("missing authorization"); | ||
1561 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1433 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1562 | return GNUNET_SYSERR; | 1434 | return GNUNET_SYSERR; |
1563 | } | 1435 | } |
1564 | authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, | 1436 | authorization = GNUNET_CONTAINER_multihashmap_get ( |
1565 | &cache_key); | 1437 | handle->rest_handle->header_param_map, &cache_key); |
1566 | 1438 | ||
1567 | //split header in "Basic" and [content] | 1439 | // split header in "Basic" and [content] |
1568 | credentials = strtok (authorization, " "); | 1440 | credentials = strtok (authorization, " "); |
1569 | if (0 != strcmp ("Basic", credentials)) | 1441 | if (0 != strcmp ("Basic", credentials)) { |
1570 | { | 1442 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1571 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
1572 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1443 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1573 | return GNUNET_SYSERR; | 1444 | return GNUNET_SYSERR; |
1574 | } | 1445 | } |
1575 | credentials = strtok (NULL, " "); | 1446 | credentials = strtok (NULL, " "); |
1576 | if (NULL == credentials) | 1447 | if (NULL == credentials) { |
1577 | { | 1448 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1578 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
1579 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1449 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1580 | return GNUNET_SYSERR; | 1450 | return GNUNET_SYSERR; |
1581 | } | 1451 | } |
1582 | GNUNET_STRINGS_base64_decode (credentials, | 1452 | GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), |
1583 | strlen (credentials), | 1453 | (void **)&basic_authorization); |
1584 | (void**)&basic_authorization); | ||
1585 | 1454 | ||
1586 | if ( NULL == basic_authorization ) | 1455 | if (NULL == basic_authorization) { |
1587 | { | 1456 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1588 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
1589 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1457 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1590 | return GNUNET_SYSERR; | 1458 | return GNUNET_SYSERR; |
1591 | } | 1459 | } |
1592 | client_id = strtok (basic_authorization, ":"); | 1460 | client_id = strtok (basic_authorization, ":"); |
1593 | if ( NULL == client_id ) | 1461 | if (NULL == client_id) { |
1594 | { | ||
1595 | GNUNET_free_non_null (basic_authorization); | 1462 | GNUNET_free_non_null (basic_authorization); |
1596 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | 1463 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1597 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1464 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1598 | return GNUNET_SYSERR; | 1465 | return GNUNET_SYSERR; |
1599 | } | 1466 | } |
1600 | pass = strtok (NULL, ":"); | 1467 | pass = strtok (NULL, ":"); |
1601 | if (NULL == pass) | 1468 | if (NULL == pass) { |
1602 | { | ||
1603 | GNUNET_free_non_null (basic_authorization); | 1469 | GNUNET_free_non_null (basic_authorization); |
1604 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | 1470 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1605 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1471 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1606 | return GNUNET_SYSERR; | 1472 | return GNUNET_SYSERR; |
1607 | } | 1473 | } |
1608 | 1474 | ||
1609 | //check client password | 1475 | // check client password |
1610 | if ( GNUNET_OK | 1476 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string ( |
1611 | == GNUNET_CONFIGURATION_get_value_string (cfg, | 1477 | cfg, "reclaim-rest-plugin", "psw", &expected_pass)) { |
1612 | "reclaim-rest-plugin", | 1478 | if (0 != strcmp (expected_pass, pass)) { |
1613 | "psw", | ||
1614 | &expected_pass) ) | ||
1615 | { | ||
1616 | if (0 != strcmp (expected_pass, pass)) | ||
1617 | { | ||
1618 | GNUNET_free_non_null (basic_authorization); | 1479 | GNUNET_free_non_null (basic_authorization); |
1619 | GNUNET_free (expected_pass); | 1480 | GNUNET_free (expected_pass); |
1620 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | 1481 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1621 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1482 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1622 | return GNUNET_SYSERR; | 1483 | return GNUNET_SYSERR; |
1623 | } | 1484 | } |
1624 | GNUNET_free (expected_pass); | 1485 | GNUNET_free (expected_pass); |
1625 | } | 1486 | } else { |
1626 | else | ||
1627 | { | ||
1628 | GNUNET_free_non_null (basic_authorization); | 1487 | GNUNET_free_non_null (basic_authorization); |
1629 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 1488 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1630 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 1489 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
@@ -1632,26 +1491,21 @@ check_authorization (struct RequestHandle *handle, | |||
1632 | return GNUNET_SYSERR; | 1491 | return GNUNET_SYSERR; |
1633 | } | 1492 | } |
1634 | 1493 | ||
1635 | //check client_id | 1494 | // check client_id |
1636 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; ) | 1495 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;) { |
1637 | { | 1496 | if (0 == strcmp (handle->ego_entry->keystring, client_id)) { |
1638 | if (0 == strcmp (handle->ego_entry->keystring, client_id)) | ||
1639 | { | ||
1640 | client_exists = GNUNET_YES; | 1497 | client_exists = GNUNET_YES; |
1641 | break; | 1498 | break; |
1642 | } | 1499 | } |
1643 | handle->ego_entry = handle->ego_entry->next; | 1500 | handle->ego_entry = handle->ego_entry->next; |
1644 | } | 1501 | } |
1645 | if (GNUNET_NO == client_exists) | 1502 | if (GNUNET_NO == client_exists) { |
1646 | { | ||
1647 | GNUNET_free_non_null (basic_authorization); | 1503 | GNUNET_free_non_null (basic_authorization); |
1648 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | 1504 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); |
1649 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1505 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
1650 | return GNUNET_SYSERR; | 1506 | return GNUNET_SYSERR; |
1651 | } | 1507 | } |
1652 | GNUNET_STRINGS_string_to_data (client_id, | 1508 | GNUNET_STRINGS_string_to_data (client_id, strlen (client_id), cid, |
1653 | strlen (client_id), | ||
1654 | cid, | ||
1655 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 1509 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
1656 | 1510 | ||
1657 | GNUNET_free (basic_authorization); | 1511 | GNUNET_free (basic_authorization); |
@@ -1665,13 +1519,11 @@ ego_exists (struct RequestHandle *handle, | |||
1665 | struct EgoEntry *ego_entry; | 1519 | struct EgoEntry *ego_entry; |
1666 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 1520 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
1667 | 1521 | ||
1668 | for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) | 1522 | for (ego_entry = handle->ego_head; NULL != ego_entry; |
1669 | { | 1523 | ego_entry = ego_entry->next) { |
1670 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); | 1524 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); |
1671 | if (0 == memcmp (&pub_key, | 1525 | if (0 == memcmp (&pub_key, test_key, |
1672 | test_key, | 1526 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { |
1673 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
1674 | { | ||
1675 | break; | 1527 | break; |
1676 | } | 1528 | } |
1677 | } | 1529 | } |
@@ -1682,7 +1534,7 @@ ego_exists (struct RequestHandle *handle, | |||
1682 | 1534 | ||
1683 | static void | 1535 | static void |
1684 | store_ticket_reference (const struct RequestHandle *handle, | 1536 | store_ticket_reference (const struct RequestHandle *handle, |
1685 | const char* access_token, | 1537 | const char *access_token, |
1686 | const struct GNUNET_RECLAIM_Ticket *ticket, | 1538 | const struct GNUNET_RECLAIM_Ticket *ticket, |
1687 | const struct GNUNET_CRYPTO_EcdsaPublicKey *cid) | 1539 | const struct GNUNET_CRYPTO_EcdsaPublicKey *cid) |
1688 | { | 1540 | { |
@@ -1691,21 +1543,15 @@ store_ticket_reference (const struct RequestHandle *handle, | |||
1691 | char *ticket_string; | 1543 | char *ticket_string; |
1692 | char *client_id; | 1544 | char *client_id; |
1693 | 1545 | ||
1694 | GNUNET_CRYPTO_hash (access_token, | 1546 | GNUNET_CRYPTO_hash (access_token, strlen (access_token), &cache_key); |
1695 | strlen (access_token), | 1547 | client_id = GNUNET_STRINGS_data_to_string_alloc ( |
1696 | &cache_key); | 1548 | cid, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
1697 | client_id = GNUNET_STRINGS_data_to_string_alloc (cid, | 1549 | ticket_string = GNUNET_STRINGS_data_to_string_alloc ( |
1698 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 1550 | ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); |
1699 | ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, | 1551 | GNUNET_asprintf (&id_ticket_combination, "%s;%s", client_id, ticket_string); |
1700 | sizeof (struct GNUNET_RECLAIM_Ticket)); | 1552 | GNUNET_CONTAINER_multihashmap_put ( |
1701 | GNUNET_asprintf (&id_ticket_combination, | 1553 | OIDC_access_token_map, &cache_key, id_ticket_combination, |
1702 | "%s;%s", | 1554 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1703 | client_id, | ||
1704 | ticket_string); | ||
1705 | GNUNET_CONTAINER_multihashmap_put (OIDC_access_token_map, | ||
1706 | &cache_key, | ||
1707 | id_ticket_combination, | ||
1708 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
1709 | 1555 | ||
1710 | GNUNET_free (client_id); | 1556 | GNUNET_free (client_id); |
1711 | GNUNET_free (ticket_string); | 1557 | GNUNET_free (ticket_string); |
@@ -1719,8 +1565,7 @@ store_ticket_reference (const struct RequestHandle *handle, | |||
1719 | * @param cls the RequestHandle | 1565 | * @param cls the RequestHandle |
1720 | */ | 1566 | */ |
1721 | static void | 1567 | static void |
1722 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 1568 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, |
1723 | const char* url, | ||
1724 | void *cls) | 1569 | void *cls) |
1725 | { | 1570 | { |
1726 | struct RequestHandle *handle = cls; | 1571 | struct RequestHandle *handle = cls; |
@@ -1742,9 +1587,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1742 | /* | 1587 | /* |
1743 | * Check Authorization | 1588 | * Check Authorization |
1744 | */ | 1589 | */ |
1745 | if (GNUNET_SYSERR == check_authorization (handle, | 1590 | if (GNUNET_SYSERR == check_authorization (handle, &cid)) { |
1746 | &cid)) | ||
1747 | { | ||
1748 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1591 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1749 | "OIDC authorization for token endpoint failed\n"); | 1592 | "OIDC authorization for token endpoint failed\n"); |
1750 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1593 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -1755,28 +1598,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1755 | * Check parameter | 1598 | * Check parameter |
1756 | */ | 1599 | */ |
1757 | 1600 | ||
1758 | //TODO Do not allow multiple equal parameter names | 1601 | // TODO Do not allow multiple equal parameter names |
1759 | //REQUIRED grant_type | 1602 | // REQUIRED grant_type |
1760 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); | 1603 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), |
1761 | if (GNUNET_NO == | 1604 | &cache_key); |
1762 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1605 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1763 | &cache_key)) | 1606 | handle->rest_handle->url_param_map, &cache_key)) { |
1764 | { | ||
1765 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1607 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1766 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); | 1608 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); |
1767 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1609 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1768 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1610 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1769 | return; | 1611 | return; |
1770 | } | 1612 | } |
1771 | grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1613 | grant_type = GNUNET_CONTAINER_multihashmap_get ( |
1772 | &cache_key); | 1614 | handle->rest_handle->url_param_map, &cache_key); |
1773 | 1615 | ||
1774 | //REQUIRED code | 1616 | // REQUIRED code |
1775 | GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); | 1617 | GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); |
1776 | if (GNUNET_NO == | 1618 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1777 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1619 | handle->rest_handle->url_param_map, &cache_key)) { |
1778 | &cache_key)) | ||
1779 | { | ||
1780 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1620 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1781 | handle->edesc = GNUNET_strdup ("missing parameter code"); | 1621 | handle->edesc = GNUNET_strdup ("missing parameter code"); |
1782 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1622 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -1786,13 +1626,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1786 | code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | 1626 | code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, |
1787 | &cache_key); | 1627 | &cache_key); |
1788 | 1628 | ||
1789 | //REQUIRED redirect_uri | 1629 | // REQUIRED redirect_uri |
1790 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1630 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
1791 | &cache_key); | 1631 | &cache_key); |
1792 | if (GNUNET_NO == | 1632 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1793 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1633 | handle->rest_handle->url_param_map, &cache_key)) { |
1794 | &cache_key) ) | ||
1795 | { | ||
1796 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1634 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1797 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); | 1635 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); |
1798 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1636 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -1800,21 +1638,17 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1800 | return; | 1638 | return; |
1801 | } | 1639 | } |
1802 | 1640 | ||
1803 | //Check parameter grant_type == "authorization_code" | 1641 | // Check parameter grant_type == "authorization_code" |
1804 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) | 1642 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) { |
1805 | { | 1643 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); |
1806 | handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); | ||
1807 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1644 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1808 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1645 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1809 | return; | 1646 | return; |
1810 | } | 1647 | } |
1811 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); | 1648 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); |
1812 | if (GNUNET_SYSERR == | 1649 | if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_put ( |
1813 | GNUNET_CONTAINER_multihashmap_put (OIDC_used_ticket_map, | 1650 | OIDC_used_ticket_map, &cache_key, &i, |
1814 | &cache_key, | 1651 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) { |
1815 | &i, | ||
1816 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) | ||
1817 | { | ||
1818 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1652 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1819 | handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); | 1653 | handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); |
1820 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1654 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -1822,12 +1656,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1822 | return; | 1656 | return; |
1823 | } | 1657 | } |
1824 | 1658 | ||
1825 | //decode code | 1659 | // decode code |
1826 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, | 1660 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, &ticket, &nonce)) { |
1827 | code, | ||
1828 | &ticket, | ||
1829 | &nonce)) | ||
1830 | { | ||
1831 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1661 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1832 | handle->edesc = GNUNET_strdup ("invalid code"); | 1662 | handle->edesc = GNUNET_strdup ("invalid code"); |
1833 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1663 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -1835,13 +1665,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1835 | return; | 1665 | return; |
1836 | } | 1666 | } |
1837 | 1667 | ||
1838 | //create jwt | 1668 | // create jwt |
1839 | if (GNUNET_OK != | 1669 | if (GNUNET_OK != |
1840 | GNUNET_CONFIGURATION_get_value_time (cfg, | 1670 | GNUNET_CONFIGURATION_get_value_time ( |
1841 | "reclaim-rest-plugin", | 1671 | cfg, "reclaim-rest-plugin", "expiration_time", &expiration_time)) { |
1842 | "expiration_time", | ||
1843 | &expiration_time)) | ||
1844 | { | ||
1845 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | 1672 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); |
1846 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 1673 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
1847 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1674 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
@@ -1851,22 +1678,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1851 | } | 1678 | } |
1852 | 1679 | ||
1853 | 1680 | ||
1854 | //TODO OPTIONAL acr,amr,azp | 1681 | // TODO OPTIONAL acr,amr,azp |
1855 | if (GNUNET_NO == ego_exists (handle, | 1682 | if (GNUNET_NO == ego_exists (handle, &ticket->audience)) { |
1856 | &ticket->audience)) | ||
1857 | { | ||
1858 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1683 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1859 | handle->edesc = GNUNET_strdup ("invalid code..."); | 1684 | handle->edesc = GNUNET_strdup ("invalid code..."); |
1860 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 1685 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
1861 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1686 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1862 | GNUNET_free (ticket); | 1687 | GNUNET_free (ticket); |
1863 | } | 1688 | } |
1864 | if ( GNUNET_OK | 1689 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string ( |
1865 | != GNUNET_CONFIGURATION_get_value_string (cfg, | 1690 | cfg, "reclaim-rest-plugin", "jwt_secret", &jwt_secret)) { |
1866 | "reclaim-rest-plugin", | ||
1867 | "jwt_secret", | ||
1868 | &jwt_secret) ) | ||
1869 | { | ||
1870 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | 1691 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); |
1871 | handle->edesc = GNUNET_strdup ("No signing secret configured!"); | 1692 | handle->edesc = GNUNET_strdup ("No signing secret configured!"); |
1872 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1693 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
@@ -1874,24 +1695,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1874 | GNUNET_free (ticket); | 1695 | GNUNET_free (ticket); |
1875 | return; | 1696 | return; |
1876 | } | 1697 | } |
1877 | //TODO We should collect the attributes here. cl always empty | 1698 | // TODO We should collect the attributes here. cl always empty |
1878 | cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | 1699 | cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1879 | id_token = OIDC_id_token_new (&ticket->audience, | 1700 | id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl, |
1880 | &ticket->identity, | ||
1881 | cl, | ||
1882 | &expiration_time, | 1701 | &expiration_time, |
1883 | (NULL != nonce) ? nonce : NULL, | 1702 | (NULL != nonce) ? nonce : NULL, jwt_secret); |
1884 | jwt_secret); | ||
1885 | access_token = OIDC_access_token_new (); | 1703 | access_token = OIDC_access_token_new (); |
1886 | OIDC_build_token_response (access_token, | 1704 | OIDC_build_token_response (access_token, id_token, &expiration_time, |
1887 | id_token, | ||
1888 | &expiration_time, | ||
1889 | &json_response); | 1705 | &json_response); |
1890 | 1706 | ||
1891 | store_ticket_reference (handle, | 1707 | store_ticket_reference (handle, access_token, ticket, &cid); |
1892 | access_token, | ||
1893 | ticket, | ||
1894 | &cid); | ||
1895 | resp = GNUNET_REST_create_response (json_response); | 1708 | resp = GNUNET_REST_create_response (json_response); |
1896 | MHD_add_response_header (resp, "Cache-Control", "no-store"); | 1709 | MHD_add_response_header (resp, "Cache-Control", "no-store"); |
1897 | MHD_add_response_header (resp, "Pragma", "no-cache"); | 1710 | MHD_add_response_header (resp, "Pragma", "no-cache"); |
@@ -1909,26 +1722,21 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1909 | * Collects claims and stores them in handle | 1722 | * Collects claims and stores them in handle |
1910 | */ | 1723 | */ |
1911 | static void | 1724 | static void |
1912 | consume_ticket (void *cls, | 1725 | consume_ticket (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
1913 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | ||
1914 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) | 1726 | const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) |
1915 | { | 1727 | { |
1916 | struct RequestHandle *handle = cls; | 1728 | struct RequestHandle *handle = cls; |
1917 | char *tmp_value; | 1729 | char *tmp_value; |
1918 | json_t *value; | 1730 | json_t *value; |
1919 | 1731 | ||
1920 | if (NULL == identity) | 1732 | if (NULL == identity) { |
1921 | { | ||
1922 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); | 1733 | GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); |
1923 | return; | 1734 | return; |
1924 | } | 1735 | } |
1925 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, | 1736 | tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, attr->data, |
1926 | attr->data, | ||
1927 | attr->data_size); | 1737 | attr->data_size); |
1928 | value = json_string (tmp_value); | 1738 | value = json_string (tmp_value); |
1929 | json_object_set_new (handle->oidc->response, | 1739 | json_object_set_new (handle->oidc->response, attr->name, value); |
1930 | attr->name, | ||
1931 | value); | ||
1932 | GNUNET_free (tmp_value); | 1740 | GNUNET_free (tmp_value); |
1933 | } | 1741 | } |
1934 | 1742 | ||
@@ -1941,9 +1749,9 @@ consume_ticket (void *cls, | |||
1941 | */ | 1749 | */ |
1942 | static void | 1750 | static void |
1943 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 1751 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1944 | const char* url, void *cls) | 1752 | const char *url, void *cls) |
1945 | { | 1753 | { |
1946 | //TODO expiration time | 1754 | // TODO expiration time |
1947 | struct RequestHandle *handle = cls; | 1755 | struct RequestHandle *handle = cls; |
1948 | char delimiter[] = " "; | 1756 | char delimiter[] = " "; |
1949 | char delimiter_db[] = ";"; | 1757 | char delimiter_db[] = ";"; |
@@ -1953,12 +1761,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1953 | struct GNUNET_RECLAIM_Ticket *ticket; | 1761 | struct GNUNET_RECLAIM_Ticket *ticket; |
1954 | 1762 | ||
1955 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | 1763 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1956 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | 1764 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); |
1957 | &cache_key); | 1765 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1958 | if ( GNUNET_NO | 1766 | handle->rest_handle->header_param_map, &cache_key)) { |
1959 | == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | ||
1960 | &cache_key) ) | ||
1961 | { | ||
1962 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1767 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1963 | handle->edesc = GNUNET_strdup ("No Access Token"); | 1768 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1964 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1769 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -1966,13 +1771,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1966 | return; | 1771 | return; |
1967 | } | 1772 | } |
1968 | authorization = GNUNET_CONTAINER_multihashmap_get ( | 1773 | authorization = GNUNET_CONTAINER_multihashmap_get ( |
1969 | handle->rest_handle->header_param_map, &cache_key); | 1774 | handle->rest_handle->header_param_map, &cache_key); |
1970 | 1775 | ||
1971 | //split header in "Bearer" and access_token | 1776 | // split header in "Bearer" and access_token |
1972 | authorization = GNUNET_strdup (authorization); | 1777 | authorization = GNUNET_strdup (authorization); |
1973 | authorization_type = strtok (authorization, delimiter); | 1778 | authorization_type = strtok (authorization, delimiter); |
1974 | if ( 0 != strcmp ("Bearer", authorization_type) ) | 1779 | if (0 != strcmp ("Bearer", authorization_type)) { |
1975 | { | ||
1976 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1780 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1977 | handle->edesc = GNUNET_strdup ("No Access Token"); | 1781 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1978 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1782 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -1981,8 +1785,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1981 | return; | 1785 | return; |
1982 | } | 1786 | } |
1983 | authorization_access_token = strtok (NULL, delimiter); | 1787 | authorization_access_token = strtok (NULL, delimiter); |
1984 | if ( NULL == authorization_access_token ) | 1788 | if (NULL == authorization_access_token) { |
1985 | { | ||
1986 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1789 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
1987 | handle->edesc = GNUNET_strdup ("No Access Token"); | 1790 | handle->edesc = GNUNET_strdup ("No Access Token"); |
1988 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1791 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -1992,11 +1795,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1992 | } | 1795 | } |
1993 | 1796 | ||
1994 | GNUNET_CRYPTO_hash (authorization_access_token, | 1797 | GNUNET_CRYPTO_hash (authorization_access_token, |
1995 | strlen (authorization_access_token), | 1798 | strlen (authorization_access_token), &cache_key); |
1996 | &cache_key); | 1799 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( |
1997 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map, | 1800 | OIDC_access_token_map, &cache_key)) { |
1998 | &cache_key) ) | ||
1999 | { | ||
2000 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1801 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
2001 | handle->edesc = GNUNET_strdup ("The Access Token expired"); | 1802 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
2002 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1803 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -2005,12 +1806,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2005 | return; | 1806 | return; |
2006 | } | 1807 | } |
2007 | 1808 | ||
2008 | client_ticket = GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, | 1809 | client_ticket = |
2009 | &cache_key); | 1810 | GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key); |
2010 | client_ticket = GNUNET_strdup (client_ticket); | 1811 | client_ticket = GNUNET_strdup (client_ticket); |
2011 | client = strtok (client_ticket,delimiter_db); | 1812 | client = strtok (client_ticket, delimiter_db); |
2012 | if (NULL == client) | 1813 | if (NULL == client) { |
2013 | { | ||
2014 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1814 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
2015 | handle->edesc = GNUNET_strdup ("The Access Token expired"); | 1815 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
2016 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1816 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -2020,13 +1820,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2020 | return; | 1820 | return; |
2021 | } | 1821 | } |
2022 | handle->ego_entry = handle->ego_head; | 1822 | handle->ego_entry = handle->ego_head; |
2023 | for (; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) | 1823 | for (; NULL != handle->ego_entry; |
2024 | { | 1824 | handle->ego_entry = handle->ego_entry->next) { |
2025 | if (0 == strcmp (handle->ego_entry->keystring,client)) | 1825 | if (0 == strcmp (handle->ego_entry->keystring, client)) |
2026 | break; | 1826 | break; |
2027 | } | 1827 | } |
2028 | if (NULL == handle->ego_entry) | 1828 | if (NULL == handle->ego_entry) { |
2029 | { | ||
2030 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1829 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
2031 | handle->edesc = GNUNET_strdup ("The Access Token expired"); | 1830 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
2032 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1831 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -2036,8 +1835,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2036 | return; | 1835 | return; |
2037 | } | 1836 | } |
2038 | ticket_str = strtok (NULL, delimiter_db); | 1837 | ticket_str = strtok (NULL, delimiter_db); |
2039 | if (NULL == ticket_str) | 1838 | if (NULL == ticket_str) { |
2040 | { | ||
2041 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1839 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
2042 | handle->edesc = GNUNET_strdup ("The Access Token expired"); | 1840 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
2043 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1841 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -2047,12 +1845,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2047 | return; | 1845 | return; |
2048 | } | 1846 | } |
2049 | ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); | 1847 | ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); |
2050 | if ( GNUNET_OK | 1848 | if (GNUNET_OK != |
2051 | != GNUNET_STRINGS_string_to_data (ticket_str, | 1849 | GNUNET_STRINGS_string_to_data (ticket_str, strlen (ticket_str), ticket, |
2052 | strlen (ticket_str), | 1850 | sizeof (struct GNUNET_RECLAIM_Ticket))) { |
2053 | ticket, | ||
2054 | sizeof (struct GNUNET_RECLAIM_Ticket))) | ||
2055 | { | ||
2056 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | 1851 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); |
2057 | handle->edesc = GNUNET_strdup ("The Access Token expired"); | 1852 | handle->edesc = GNUNET_strdup ("The Access Token expired"); |
2058 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 1853 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
@@ -2065,18 +1860,14 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2065 | 1860 | ||
2066 | handle->idp = GNUNET_RECLAIM_connect (cfg); | 1861 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
2067 | handle->oidc->response = json_object (); | 1862 | handle->oidc->response = json_object (); |
2068 | json_object_set_new (handle->oidc->response, | 1863 | json_object_set_new (handle->oidc->response, "sub", |
2069 | "sub", | ||
2070 | json_string (handle->ego_entry->keystring)); | 1864 | json_string (handle->ego_entry->keystring)); |
2071 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, | 1865 | handle->idp_op = GNUNET_RECLAIM_ticket_consume ( |
2072 | GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), | 1866 | handle->idp, GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), |
2073 | ticket, | 1867 | ticket, consume_ticket, handle); |
2074 | consume_ticket, | ||
2075 | handle); | ||
2076 | GNUNET_free (ticket); | 1868 | GNUNET_free (ticket); |
2077 | GNUNET_free (authorization); | 1869 | GNUNET_free (authorization); |
2078 | GNUNET_free (client_ticket); | 1870 | GNUNET_free (client_ticket); |
2079 | |||
2080 | } | 1871 | } |
2081 | 1872 | ||
2082 | 1873 | ||
@@ -2090,22 +1881,18 @@ init_cont (struct RequestHandle *handle) | |||
2090 | { | 1881 | { |
2091 | struct GNUNET_REST_RequestHandlerError err; | 1882 | struct GNUNET_REST_RequestHandlerError err; |
2092 | static const struct GNUNET_REST_RequestHandler handlers[] = { | 1883 | static const struct GNUNET_REST_RequestHandler handlers[] = { |
2093 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, | 1884 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, |
2094 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded | 1885 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, |
2095 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, | 1886 | &authorize_endpoint}, // url-encoded |
2096 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, | 1887 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, |
2097 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | 1888 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint}, |
2098 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | 1889 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, |
2099 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, | 1890 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, |
2100 | &options_cont}, | 1891 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont}, |
2101 | GNUNET_REST_HANDLER_END | 1892 | GNUNET_REST_HANDLER_END}; |
2102 | }; | 1893 | |
2103 | 1894 | if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, handlers, | |
2104 | if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, | 1895 | &err, handle)) { |
2105 | handlers, | ||
2106 | &err, | ||
2107 | handle)) | ||
2108 | { | ||
2109 | handle->response_code = err.error_code; | 1896 | handle->response_code = err.error_code; |
2110 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1897 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2111 | } | 1898 | } |
@@ -2145,17 +1932,14 @@ init_cont (struct RequestHandle *handle) | |||
2145 | * must thus no longer be used | 1932 | * must thus no longer be used |
2146 | */ | 1933 | */ |
2147 | static void | 1934 | static void |
2148 | list_ego (void *cls, | 1935 | list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, |
2149 | struct GNUNET_IDENTITY_Ego *ego, | ||
2150 | void **ctx, | ||
2151 | const char *identifier) | 1936 | const char *identifier) |
2152 | { | 1937 | { |
2153 | struct RequestHandle *handle = cls; | 1938 | struct RequestHandle *handle = cls; |
2154 | struct EgoEntry *ego_entry; | 1939 | struct EgoEntry *ego_entry; |
2155 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | 1940 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; |
2156 | 1941 | ||
2157 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) | 1942 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) { |
2158 | { | ||
2159 | handle->state = ID_REST_STATE_POST_INIT; | 1943 | handle->state = ID_REST_STATE_POST_INIT; |
2160 | init_cont (handle); | 1944 | init_cont (handle); |
2161 | return; | 1945 | return; |
@@ -2163,18 +1947,17 @@ list_ego (void *cls, | |||
2163 | if (ID_REST_STATE_INIT == handle->state) { | 1947 | if (ID_REST_STATE_INIT == handle->state) { |
2164 | ego_entry = GNUNET_new (struct EgoEntry); | 1948 | ego_entry = GNUNET_new (struct EgoEntry); |
2165 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | 1949 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); |
2166 | ego_entry->keystring = | 1950 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2167 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); | ||
2168 | ego_entry->ego = ego; | 1951 | ego_entry->ego = ego; |
2169 | ego_entry->identifier = GNUNET_strdup (identifier); | 1952 | ego_entry->identifier = GNUNET_strdup (identifier); |
2170 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, | 1953 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, handle->ego_tail, |
2171 | handle->ego_tail, | ||
2172 | ego_entry); | 1954 | ego_entry); |
2173 | return; | 1955 | return; |
2174 | } | 1956 | } |
2175 | /* Ego renamed or added */ | 1957 | /* Ego renamed or added */ |
2176 | if (identifier != NULL) { | 1958 | if (identifier != NULL) { |
2177 | for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { | 1959 | for (ego_entry = handle->ego_head; NULL != ego_entry; |
1960 | ego_entry = ego_entry->next) { | ||
2178 | if (ego_entry->ego == ego) { | 1961 | if (ego_entry->ego == ego) { |
2179 | /* Rename */ | 1962 | /* Rename */ |
2180 | GNUNET_free (ego_entry->identifier); | 1963 | GNUNET_free (ego_entry->identifier); |
@@ -2186,30 +1969,28 @@ list_ego (void *cls, | |||
2186 | /* Add */ | 1969 | /* Add */ |
2187 | ego_entry = GNUNET_new (struct EgoEntry); | 1970 | ego_entry = GNUNET_new (struct EgoEntry); |
2188 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | 1971 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); |
2189 | ego_entry->keystring = | 1972 | ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); |
2190 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); | ||
2191 | ego_entry->ego = ego; | 1973 | ego_entry->ego = ego; |
2192 | ego_entry->identifier = GNUNET_strdup (identifier); | 1974 | ego_entry->identifier = GNUNET_strdup (identifier); |
2193 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, | 1975 | GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, handle->ego_tail, |
2194 | handle->ego_tail, | ||
2195 | ego_entry); | 1976 | ego_entry); |
2196 | } | 1977 | } |
2197 | } else { | 1978 | } else { |
2198 | /* Delete */ | 1979 | /* Delete */ |
2199 | for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { | 1980 | for (ego_entry = handle->ego_head; NULL != ego_entry; |
1981 | ego_entry = ego_entry->next) { | ||
2200 | if (ego_entry->ego == ego) | 1982 | if (ego_entry->ego == ego) |
2201 | break; | 1983 | break; |
2202 | } | 1984 | } |
2203 | if (NULL != ego_entry) | 1985 | if (NULL != ego_entry) |
2204 | GNUNET_CONTAINER_DLL_remove (handle->ego_head,handle->ego_tail, ego_entry); | 1986 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, handle->ego_tail, |
1987 | ego_entry); | ||
2205 | } | 1988 | } |
2206 | |||
2207 | } | 1989 | } |
2208 | 1990 | ||
2209 | static void | 1991 | static void |
2210 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | 1992 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, |
2211 | GNUNET_REST_ResultProcessor proc, | 1993 | GNUNET_REST_ResultProcessor proc, void *proc_cls) |
2212 | void *proc_cls) | ||
2213 | { | 1994 | { |
2214 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | 1995 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
2215 | handle->oidc = GNUNET_new (struct OIDC_Variables); | 1996 | handle->oidc = GNUNET_new (struct OIDC_Variables); |
@@ -2220,7 +2001,8 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | |||
2220 | if (NULL == OIDC_used_ticket_map) | 2001 | if (NULL == OIDC_used_ticket_map) |
2221 | OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2002 | OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); |
2222 | if (NULL == OIDC_access_token_map) | 2003 | if (NULL == OIDC_access_token_map) |
2223 | OIDC_access_token_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | 2004 | OIDC_access_token_map = |
2005 | GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | ||
2224 | handle->response_code = 0; | 2006 | handle->response_code = 0; |
2225 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 2007 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
2226 | handle->proc_cls = proc_cls; | 2008 | handle->proc_cls = proc_cls; |
@@ -2229,21 +2011,15 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | |||
2229 | handle->rest_handle = rest_handle; | 2011 | handle->rest_handle = rest_handle; |
2230 | 2012 | ||
2231 | handle->url = GNUNET_strdup (rest_handle->url); | 2013 | handle->url = GNUNET_strdup (rest_handle->url); |
2232 | if (handle->url[strlen (handle->url)-1] == '/') | 2014 | if (handle->url[strlen (handle->url) - 1] == '/') |
2233 | handle->url[strlen (handle->url)-1] = '\0'; | 2015 | handle->url[strlen (handle->url) - 1] = '\0'; |
2234 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2016 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); |
2235 | "Connecting...\n"); | 2017 | handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle); |
2236 | handle->identity_handle = GNUNET_IDENTITY_connect (cfg, | ||
2237 | &list_ego, | ||
2238 | handle); | ||
2239 | handle->gns_handle = GNUNET_GNS_connect (cfg); | 2018 | handle->gns_handle = GNUNET_GNS_connect (cfg); |
2240 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); | 2019 | handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); |
2241 | handle->timeout_task = | 2020 | handle->timeout_task = |
2242 | GNUNET_SCHEDULER_add_delayed (handle->timeout, | 2021 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); |
2243 | &do_timeout, | 2022 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); |
2244 | handle); | ||
2245 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2246 | "Connected\n"); | ||
2247 | } | 2023 | } |
2248 | 2024 | ||
2249 | /** | 2025 | /** |
@@ -2260,23 +2036,19 @@ libgnunet_plugin_rest_openid_connect_init (void *cls) | |||
2260 | 2036 | ||
2261 | cfg = cls; | 2037 | cfg = cls; |
2262 | if (NULL != plugin.cfg) | 2038 | if (NULL != plugin.cfg) |
2263 | return NULL; /* can only initialize once! */ | 2039 | return NULL; /* can only initialize once! */ |
2264 | memset (&plugin, 0, sizeof (struct Plugin)); | 2040 | memset (&plugin, 0, sizeof (struct Plugin)); |
2265 | plugin.cfg = cfg; | 2041 | plugin.cfg = cfg; |
2266 | api = GNUNET_new (struct GNUNET_REST_Plugin); | 2042 | api = GNUNET_new (struct GNUNET_REST_Plugin); |
2267 | api->cls = &plugin; | 2043 | api->cls = &plugin; |
2268 | api->name = GNUNET_REST_API_NS_OIDC; | 2044 | api->name = GNUNET_REST_API_NS_OIDC; |
2269 | api->process_request = &rest_identity_process_request; | 2045 | api->process_request = &rest_identity_process_request; |
2270 | GNUNET_asprintf (&allow_methods, | 2046 | GNUNET_asprintf (&allow_methods, "%s, %s, %s, %s, %s", MHD_HTTP_METHOD_GET, |
2271 | "%s, %s, %s, %s, %s", | 2047 | MHD_HTTP_METHOD_POST, MHD_HTTP_METHOD_PUT, |
2272 | MHD_HTTP_METHOD_GET, | 2048 | MHD_HTTP_METHOD_DELETE, MHD_HTTP_METHOD_OPTIONS); |
2273 | MHD_HTTP_METHOD_POST, | ||
2274 | MHD_HTTP_METHOD_PUT, | ||
2275 | MHD_HTTP_METHOD_DELETE, | ||
2276 | MHD_HTTP_METHOD_OPTIONS); | ||
2277 | 2049 | ||
2278 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2050 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2279 | _("Identity Provider REST API initialized\n")); | 2051 | _ ("Identity Provider REST API initialized\n")); |
2280 | return api; | 2052 | return api; |
2281 | } | 2053 | } |
2282 | 2054 | ||
@@ -2296,25 +2068,29 @@ libgnunet_plugin_rest_openid_connect_done (void *cls) | |||
2296 | 2068 | ||
2297 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; | 2069 | struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; |
2298 | void *value = NULL; | 2070 | void *value = NULL; |
2299 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); | 2071 | hashmap_it = |
2072 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); | ||
2300 | while (GNUNET_YES == | 2073 | while (GNUNET_YES == |
2301 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2074 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2302 | GNUNET_free_non_null (value); | 2075 | GNUNET_free_non_null (value); |
2303 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); | 2076 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); |
2304 | 2077 | ||
2305 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); | 2078 | hashmap_it = |
2079 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); | ||
2306 | while (GNUNET_YES == | 2080 | while (GNUNET_YES == |
2307 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2081 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2308 | GNUNET_free_non_null (value); | 2082 | GNUNET_free_non_null (value); |
2309 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants); | 2083 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants); |
2310 | 2084 | ||
2311 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); | 2085 | hashmap_it = |
2086 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); | ||
2312 | while (GNUNET_YES == | 2087 | while (GNUNET_YES == |
2313 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2088 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2314 | GNUNET_free_non_null (value); | 2089 | GNUNET_free_non_null (value); |
2315 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map); | 2090 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map); |
2316 | 2091 | ||
2317 | hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); | 2092 | hashmap_it = |
2093 | GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); | ||
2318 | while (GNUNET_YES == | 2094 | while (GNUNET_YES == |
2319 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) | 2095 | GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) |
2320 | GNUNET_free_non_null (value); | 2096 | GNUNET_free_non_null (value); |