From 3627e3099140350e5e48dff112b67a0796aa4d2a Mon Sep 17 00:00:00 2001 From: Tristan Schwieren Date: Wed, 15 Jun 2022 16:30:23 +0200 Subject: - fix missing from oidc branch --- src/reclaim/oidc_helper.h | 2 +- src/reclaim/plugin_rest_openid_connect.c | 53 +++++++++++++++++++++++++++----- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h index ea106b4f2..b134c71ad 100644 --- a/src/reclaim/oidc_helper.h +++ b/src/reclaim/oidc_helper.h @@ -34,7 +34,7 @@ #define JWT_ALG_VALUE_HMAC "HS512" #define JWT_ALG_VALUE_RSA "RS256" -#define SERVER_ADDRESS "https://api.reclaim" +#define SERVER_ADDRESS "http://localhost:7776" enum OIDC_VerificationOptions { diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index bb8e1cd1e..0ffe1b6c8 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -939,15 +939,14 @@ generate_jwk () } /** - * Return the path to the RSA JWK key file + * Return the path to the oidc directory path * * @param cls the RequestHandle */ char * -get_oidc_jwk_path (void *cls) +get_oidc_dir_path (void *cls) { char *oidc_directory; - char *oidc_jwk_path; struct RequestHandle *handle = cls; // Read OIDC directory from config @@ -964,6 +963,22 @@ get_oidc_jwk_path (void *cls) return NULL; } + return oidc_directory; +} + +/** + * Return the path to the RSA JWK key file + * + * @param cls the RequestHandle + */ +char * +get_oidc_jwk_path (void *cls) +{ + char *oidc_directory; + char *oidc_jwk_path; + + oidc_directory = get_oidc_dir_path(cls); + // Create path to file GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory, OIDC_JWK_RSA_FILENAME); @@ -2167,6 +2182,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, char *code_verifier; json_t *oidc_jwk; char *oidc_jwk_path; + char *oidc_directory; /* * Check Authorization @@ -2285,11 +2301,33 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, jwa = JWT_ALG_VALUE_RSA; } - if (strcmp(jwa, JWT_ALG_VALUE_RSA)) + if ( ! strcmp (jwa, JWT_ALG_VALUE_RSA)) { // Replace for now oidc_jwk_path = get_oidc_jwk_path (cls); oidc_jwk = read_jwk_from_file (oidc_jwk_path); + + // Check if secret JWK exists + if (! oidc_jwk) + { + // Generate and save a new key + oidc_jwk = generate_jwk (); + oidc_directory = get_oidc_dir_path(cls); + + // Create new oidc directory + if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + ("Failed to create directory `%s' for storing oidc data\n"), + oidc_directory); + } + else + { + write_jwk_to_file (oidc_jwk_path, oidc_jwk); + } + } + + // Generate oidc token id_token = OIDC_generate_id_token_rsa (&ticket.audience, &ticket.identity, cl, @@ -2298,7 +2336,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, (NULL != nonce) ? nonce : NULL, oidc_jwk); } - else if (strcmp(jwa, JWT_ALG_VALUE_HMAC)) + else if ( ! strcmp (jwa, JWT_ALG_VALUE_HMAC)) { // TODO OPTIONAL acr,amr,azp if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, @@ -2328,7 +2366,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free (jwt_secret); } - else + else { // TODO: OPTION NOT FOUND ERROR } @@ -2652,6 +2690,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, { // Generate and save a new key oidc_jwk = generate_jwk (); + oidc_directory = get_oidc_dir_path(cls); // Create new oidc directory if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) @@ -2675,7 +2714,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); json_decref (oidc_jwk); GNUNET_free (oidc_jwk_pub_str); - free (oidc_jwk_pub_str); + GNUNET_free (oidc_jwk_pub_str); cleanup_handle (handle); } -- cgit v1.2.3