From c0465ff926f1b87a375ff320d367cbbabfddb38f Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Wed, 30 Dec 2020 20:58:55 +0900 Subject: RECLAIM: Fix quirky OIDC address handling --- src/reclaim/json_reclaim.c | 2 + src/reclaim/oidc_helper.c | 57 +++++++++++++++++++++++------ src/reclaim/plugin_reclaim_credential_jwt.c | 39 +++++++++++++++++++- 3 files changed, 86 insertions(+), 12 deletions(-) diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c index 6c945036a..4eeb22bee 100644 --- a/src/reclaim/json_reclaim.c +++ b/src/reclaim/json_reclaim.c @@ -95,6 +95,7 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) } attr = GNUNET_RECLAIM_attribute_new (name_str, NULL, type, data, data_size); + GNUNET_free (data); if ((NULL != cred_str) && (0 != strlen (cred_str))) { GNUNET_STRINGS_string_to_data (cred_str, @@ -334,6 +335,7 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe return GNUNET_SYSERR; } cred = GNUNET_RECLAIM_credential_new (name_str, type, data, data_size); + GNUNET_free (data); if ((NULL == id_str) || (0 == strlen (id_str))) memset (&cred->id, 0, sizeof (cred->id)); else diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 84a90833c..bd3a8ee05 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -223,6 +223,8 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, i++; } + int addr_is_aggregated = GNUNET_NO; + int addr_is_normal = GNUNET_NO; for (le = attrs->list_head; NULL != le; le = le->next) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -230,7 +232,6 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, le->attribute->name); if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) { - attr_val_str = GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type, le->attribute->data, @@ -238,13 +239,22 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, /** * There is this wierd quirk that the individual address claim(s) must be * inside a JSON object of the "address" claim. - * FIXME: Possibly include formatted claim here */ if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name)) { + if (GNUNET_YES == addr_is_aggregated) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Address is set as aggregated claim. Skipping self-issued value...\n"); + GNUNET_free (attr_val_str); + continue; + } + addr_is_normal = GNUNET_YES; + if (NULL == addr_claim) { addr_claim = json_object (); + json_object_set_new (body, "address", addr_claim); } json_object_set_new (addr_claim, le->attribute->name, json_string (attr_val_str)); @@ -276,17 +286,42 @@ generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, le->attribute->name); continue; } - // Presentation exists, hence take the respective source str - GNUNET_asprintf (&source_name, - "src%d", - j); - json_object_set_new (aggr_names, le->attribute->name, - json_string (source_name)); - GNUNET_free (source_name); + /** + * There is this wierd quirk that the individual address claim(s) must be + * inside a JSON object of the "address" claim. + */ + if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name)) + { + if (GNUNET_YES == addr_is_normal) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Address is already set as normal claim. Skipping attested value...\n"); + continue; + } + addr_is_aggregated = GNUNET_YES; + /** This is/can only be set once! **/ + if (NULL != addr_claim) + continue; + addr_claim = json_object (); + GNUNET_asprintf (&source_name, + "src%d", + j); + json_object_set_new (aggr_names, "address", + json_string (source_name)); + GNUNET_free (source_name); + } + else + { + // Presentation exists, hence take the respective source str + GNUNET_asprintf (&source_name, + "src%d", + j); + json_object_set_new (aggr_names, le->attribute->name, + json_string (source_name)); + GNUNET_free (source_name); + } } } - if (NULL != addr_claim) - json_object_set_new (body, "address", addr_claim); if (0 != i) { json_object_set_new (body, "_claim_names", aggr_names); diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c index c1e12f4a0..aac0a6ea5 100644 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ b/src/reclaim/plugin_reclaim_credential_jwt.c @@ -160,6 +160,7 @@ jwt_parse_attributes (void *cls, char *val_str = NULL; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); char *decoded_jwt; + char *tmp; json_t *json_val; json_error_t *json_err = NULL; @@ -175,7 +176,10 @@ jwt_parse_attributes (void *cls, json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); GNUNET_free (decoded_jwt); const char *key; + const char *addr_key; json_t *value; + json_t *addr_value; + json_object_foreach (json_val, key, value) { if (0 == strcmp ("iss", key)) continue; @@ -189,12 +193,45 @@ jwt_parse_attributes (void *cls, continue; if (0 == strcmp ("aud", key)) continue; + if (0 == strcmp ("address", key)) + { + if (!json_is_object(value)) { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "address claim in wrong format!"); + continue; + } + json_object_foreach (value, addr_key, addr_value) { + val_str = json_dumps (addr_value, JSON_ENCODE_ANY); + tmp = val_str; + //Remove leading " from jasson conversion + if (tmp[0] == '"') + tmp++; + //Remove trailing " from jansson conversion + if (tmp[strlen(tmp)-1] == '"') + tmp[strlen(tmp)-1] = '\0'; + GNUNET_RECLAIM_attribute_list_add (attrs, + addr_key, + NULL, + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + tmp, + strlen (val_str)); + GNUNET_free (val_str); + } + continue; + } val_str = json_dumps (value, JSON_ENCODE_ANY); + tmp = val_str; + //Remove leading " from jasson conversion + if (tmp[0] == '"') + tmp++; + //Remove trailing " from jansson conversion + if (tmp[strlen(tmp)-1] == '"') + tmp[strlen(tmp)-1] = '\0'; GNUNET_RECLAIM_attribute_list_add (attrs, key, NULL, GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME - val_str, + tmp, strlen (val_str)); GNUNET_free (val_str); } -- cgit v1.2.3