From 45a04d9f5558f666c01f7fd0844be964bf610c9a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 15 Apr 2019 10:24:25 +0200 Subject: RECLAIM/OIDC: Formatting --- src/reclaim/plugin_rest_openid_connect.c | 1034 ++++++++++++------------------ 1 file changed, 405 insertions(+), 629 deletions(-) (limited to 'src') diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index e755f079b..761c9e83d 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . @@ -24,22 +24,21 @@ * @brief GNUnet Namestore REST plugin * */ - #include "platform.h" -#include "gnunet_rest_plugin.h" -#include "gnunet_identity_service.h" +#include +#include + #include "gnunet_gns_service.h" #include "gnunet_gnsrecord_lib.h" +#include "gnunet_identity_service.h" #include "gnunet_namestore_service.h" -#include "gnunet_rest_lib.h" -#include "microhttpd.h" -#include -#include -#include "gnunet_signatures.h" #include "gnunet_reclaim_attribute_lib.h" #include "gnunet_reclaim_service.h" +#include "gnunet_rest_lib.h" +#include "gnunet_rest_plugin.h" +#include "gnunet_signatures.h" +#include "microhttpd.h" #include "oidc_helper.h" - /** * REST root namespace */ @@ -206,20 +205,12 @@ #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" - /** * OIDC ignored parameter array */ -static char* OIDC_ignored_parameter_array [] = -{ - "display", - "prompt", - "ui_locales", - "response_mode", - "id_token_hint", - "login_hint", - "acr_values" -}; +static char *OIDC_ignored_parameter_array[] = { + "display", "prompt", "ui_locales", "response_mode", + "id_token_hint", "login_hint", "acr_values"}; /** * OIDC Hash map that keeps track of issued cookies @@ -237,7 +228,8 @@ struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; struct GNUNET_CONTAINER_MultiHashMap *OIDC_used_ticket_map; /** - * Hash map that links the issued access token to the corresponding ticket and ego + * Hash map that links the issued access token to the corresponding ticket and + * ego */ struct GNUNET_CONTAINER_MultiHashMap *OIDC_access_token_map; @@ -249,7 +241,7 @@ const struct GNUNET_CONFIGURATION_Handle *cfg; /** * HTTP methods allows for this plugin */ -static char* allow_methods; +static char *allow_methods; /** * @brief struct returned by the initialization function of the plugin @@ -313,7 +305,6 @@ struct OIDC_Variables * The response JSON */ json_t *response; - }; /** @@ -499,7 +490,6 @@ struct RequestHandle * Reponse code */ int response_code; - }; /** @@ -513,8 +503,7 @@ cleanup_handle (struct RequestHandle *handle) struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; struct EgoEntry *ego_entry; struct EgoEntry *ego_tmp; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); if (NULL != handle->timeout_task) GNUNET_SCHEDULER_cancel (handle->timeout_task); if (NULL != handle->identity_handle) @@ -538,8 +527,7 @@ cleanup_handle (struct RequestHandle *handle) if (NULL != handle->namestore_handle) GNUNET_NAMESTORE_disconnect (handle->namestore_handle); - if (NULL != handle->oidc) - { + if (NULL != handle->oidc) { GNUNET_free_non_null (handle->oidc->client_id); GNUNET_free_non_null (handle->oidc->login_identity); GNUNET_free_non_null (handle->oidc->nonce); @@ -550,11 +538,8 @@ cleanup_handle (struct RequestHandle *handle) json_decref (handle->oidc->response); GNUNET_free (handle->oidc); } - if ( NULL != handle->attr_list ) - { - for (claim_entry = handle->attr_list->list_head; - NULL != claim_entry;) - { + if (NULL != handle->attr_list) { + for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;) { claim_tmp = claim_entry; claim_entry = claim_entry->next; GNUNET_free (claim_tmp->claim); @@ -562,9 +547,7 @@ cleanup_handle (struct RequestHandle *handle) } GNUNET_free (handle->attr_list); } - for (ego_entry = handle->ego_head; - NULL != ego_entry;) - { + for (ego_entry = handle->ego_head; NULL != ego_entry;) { ego_tmp = ego_entry; ego_entry = ego_entry->next; GNUNET_free (ego_tmp->identifier); @@ -594,21 +577,19 @@ do_error (void *cls) struct MHD_Response *resp; char *json_error; - GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", - handle->emsg, - (NULL != handle->edesc) ? handle->edesc : "", - (NULL != handle->oidc->state) ? ", \"state\":\"" : "", - (NULL != handle->oidc->state) ? handle->oidc->state : "", - (NULL != handle->oidc->state) ? "\"" : ""); - if ( 0 == handle->response_code ) + GNUNET_asprintf ( + &json_error, + "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", + handle->emsg, (NULL != handle->edesc) ? handle->edesc : "", + (NULL != handle->oidc->state) ? ", \"state\":\"" : "", + (NULL != handle->oidc->state) ? handle->oidc->state : "", + (NULL != handle->oidc->state) ? "\"" : ""); + if (0 == handle->response_code) handle->response_code = MHD_HTTP_BAD_REQUEST; resp = GNUNET_REST_create_response (json_error); if (MHD_HTTP_UNAUTHORIZED == handle->response_code) - MHD_add_response_header (resp, - MHD_HTTP_HEADER_WWW_AUTHENTICATE, - "Basic"); - MHD_add_response_header (resp, - MHD_HTTP_HEADER_CONTENT_TYPE, + MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic"); + MHD_add_response_header (resp, MHD_HTTP_HEADER_CONTENT_TYPE, "application/json"); handle->proc (handle->proc_cls, resp, handle->response_code); GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); @@ -630,12 +611,9 @@ do_userinfo_error (void *cls) char *error; GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"", - handle->emsg, - (NULL != handle->edesc) ? handle->edesc : ""); + handle->emsg, (NULL != handle->edesc) ? handle->edesc : ""); resp = GNUNET_REST_create_response (""); - MHD_add_response_header (resp, - MHD_HTTP_HEADER_WWW_AUTHENTICATE, - "Bearer"); + MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); handle->proc (handle->proc_cls, resp, handle->response_code); GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); GNUNET_free (error); @@ -652,9 +630,8 @@ do_redirect_error (void *cls) { struct RequestHandle *handle = cls; struct MHD_Response *resp; - char* redirect; - GNUNET_asprintf (&redirect, - "%s?error=%s&error_description=%s%s%s", + char *redirect; + GNUNET_asprintf (&redirect, "%s?error=%s&error_description=%s%s%s", handle->oidc->redirect_uri, handle->emsg, handle->edesc, (NULL != handle->oidc->state) ? "&state=" : "", (NULL != handle->oidc->state) ? handle->oidc->state : ""); @@ -687,7 +664,7 @@ do_timeout (void *cls) static void return_userinfo_response (void *cls) { - char* result_str; + char *result_str; struct RequestHandle *handle = cls; struct MHD_Response *resp; @@ -705,7 +682,7 @@ return_userinfo_response (void *cls) * @param string the string to encode * @return base64 encoded string */ -static char* +static char * base64_encode (const char *s) { char *enc; @@ -720,13 +697,12 @@ base64_encode (const char *s) GNUNET_assert ((3 > num_pads) && (0 <= num_pads)); if (0 == num_pads) return enc; - enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads*2); + enc_urlencode = GNUNET_malloc (strlen (enc) + num_pads * 2); strcpy (enc_urlencode, enc); GNUNET_free (enc); tmp = strchr (enc_urlencode, '='); - for (i = 0; i < num_pads; i++) - { - strcpy (tmp, "%3D"); //replace '=' with '%3D' + for (i = 0; i < num_pads; i++) { + strcpy (tmp, "%3D"); // replace '=' with '%3D' tmp += 3; } return enc_urlencode; @@ -740,18 +716,15 @@ base64_encode (const char *s) * @param cls the RequestHandle */ static void -options_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, +options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) { struct MHD_Response *resp; struct RequestHandle *handle = cls; - //For now, independent of path return all options + // For now, independent of path return all options resp = GNUNET_REST_create_response (NULL); - MHD_add_response_header (resp, - "Access-Control-Allow-Methods", - allow_methods); + MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); cleanup_handle (handle); return; @@ -772,36 +745,30 @@ cookie_identity_interpretation (struct RequestHandle *handle) char *token; char *value; - //gets identity of login try with cookie + // gets identity of login try with cookie GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), &cache_key); - if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, - &cache_key) ) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "No cookie found\n"); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->header_param_map, &cache_key)) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); return; } - //splits cookies and find 'Identity' cookie - tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); + // splits cookies and find 'Identity' cookie + tmp_cookies = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->header_param_map, &cache_key); cookies = GNUNET_strdup (tmp_cookies); token = strtok (cookies, delimiter); handle->oidc->user_cancelled = GNUNET_NO; handle->oidc->login_identity = NULL; - if (NULL == token) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to parse cookie: %s\n", + if (NULL == token) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to parse cookie: %s\n", cookies); GNUNET_free (cookies); return; } - while (NULL != token) - { - if (0 == strcmp (token, - OIDC_COOKIE_HEADER_ACCESS_DENIED)) - { + while (NULL != token) { + if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) { handle->oidc->user_cancelled = GNUNET_YES; GNUNET_free (cookies); return; @@ -810,33 +777,29 @@ cookie_identity_interpretation (struct RequestHandle *handle) break; token = strtok (NULL, delimiter); } - if (NULL == token) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No cookie value to process: %s\n", + if (NULL == token) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No cookie value to process: %s\n", cookies); GNUNET_free (cookies); return; } - GNUNET_CRYPTO_hash (token, strlen (token), - &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Found cookie `%s', but no corresponding expiration entry present...\n", - token); + GNUNET_CRYPTO_hash (token, strlen (token), &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, + &cache_key)) { + GNUNET_log ( + GNUNET_ERROR_TYPE_WARNING, + "Found cookie `%s', but no corresponding expiration entry present...\n", + token); GNUNET_free (cookies); return; } - relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, - &cache_key); + relog_time = + GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); current_time = GNUNET_TIME_absolute_get (); // 30 min after old login -> redirect to login - if ( current_time.abs_value_us > relog_time->abs_value_us ) - { + if (current_time.abs_value_us > relog_time->abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Found cookie `%s', but it is expired.\n", - token); + "Found cookie `%s', but it is expired.\n", token); GNUNET_free (cookies); return; } @@ -856,30 +819,22 @@ login_redirect (void *cls) struct MHD_Response *resp; struct RequestHandle *handle = cls; - if ( GNUNET_OK - == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", - "address", &login_base_url) ) - { + if (GNUNET_OK == + GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", + "address", &login_base_url)) { GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", - login_base_url, - OIDC_RESPONSE_TYPE_KEY, - handle->oidc->response_type, - OIDC_CLIENT_ID_KEY, - handle->oidc->client_id, - OIDC_REDIRECT_URI_KEY, - handle->oidc->redirect_uri, - OIDC_SCOPE_KEY, - handle->oidc->scope, - OIDC_STATE_KEY, + login_base_url, OIDC_RESPONSE_TYPE_KEY, + handle->oidc->response_type, OIDC_CLIENT_ID_KEY, + handle->oidc->client_id, OIDC_REDIRECT_URI_KEY, + handle->oidc->redirect_uri, OIDC_SCOPE_KEY, + handle->oidc->scope, OIDC_STATE_KEY, (NULL != handle->oidc->state) ? handle->oidc->state : "", OIDC_NONCE_KEY, (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); resp = GNUNET_REST_create_response (""); MHD_add_response_header (resp, "Location", new_redirect); GNUNET_free (login_base_url); - } - else - { + } else { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); handle->edesc = GNUNET_strdup ("gnunet configuration failed"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; @@ -909,8 +864,7 @@ oidc_iteration_error (void *cls) * parameter. Otherwise redirects with error */ static void -oidc_ticket_issue_cb (void* cls, - const struct GNUNET_RECLAIM_Ticket *ticket) +oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) { struct RequestHandle *handle = cls; struct MHD_Response *resp; @@ -921,37 +875,29 @@ oidc_ticket_issue_cb (void* cls, handle->idp_op = NULL; handle->ticket = *ticket; - if (NULL == ticket) - { + if (NULL == ticket) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - //TODO change if more attributes are needed (see max_age) - code_json_string = OIDC_build_authz_code (&handle->priv_key, - &handle->ticket, + ticket_str = GNUNET_STRINGS_data_to_string_alloc ( + &handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); + // TODO change if more attributes are needed (see max_age) + code_json_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, handle->oidc->nonce); code_base64_final_string = base64_encode (code_json_string); - if ( (NULL != handle->redirect_prefix) && - (NULL != handle->redirect_suffix) && - (NULL != handle->tld) ) - { + if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && + (NULL != handle->tld)) { GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", - handle->redirect_prefix, - handle->tld, - handle->redirect_suffix, - handle->oidc->response_type, + handle->redirect_prefix, handle->tld, + handle->redirect_suffix, handle->oidc->response_type, code_base64_final_string, handle->oidc->state); } else { GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", - handle->oidc->redirect_uri, - handle->oidc->response_type, + handle->oidc->redirect_uri, handle->oidc->response_type, code_base64_final_string, handle->oidc->state); - } resp = GNUNET_REST_create_response (""); MHD_add_response_header (resp, "Location", redirect_uri); @@ -969,19 +915,15 @@ oidc_collect_finished_cb (void *cls) struct RequestHandle *handle = cls; handle->attr_it = NULL; handle->ticket_it = NULL; - if (NULL == handle->attr_list->list_head) - { + if (NULL == handle->attr_list->list_head) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); handle->edesc = GNUNET_strdup ("The requested scope is not available."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, - &handle->priv_key, - &handle->oidc->client_pkey, - handle->attr_list, - &oidc_ticket_issue_cb, - handle); + handle->idp_op = GNUNET_RECLAIM_ticket_issue ( + handle->idp, &handle->priv_key, &handle->oidc->client_pkey, + handle->attr_list, &oidc_ticket_issue_cb, handle); } @@ -995,28 +937,24 @@ oidc_attr_collect (void *cls, { struct RequestHandle *handle = cls; struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; - char* scope_variables; - char* scope_variable; - char delimiter[]=" "; + char *scope_variables; + char *scope_variable; + char delimiter[] = " "; - if ( (NULL == attr->name) || (NULL == attr->data) ) - { + if ((NULL == attr->name) || (NULL == attr->data)) { GNUNET_RECLAIM_get_attributes_next (handle->attr_it); return; } scope_variables = GNUNET_strdup (handle->oidc->scope); scope_variable = strtok (scope_variables, delimiter); - while (NULL != scope_variable) - { - if ( 0 == strcmp (attr->name, scope_variable) ) - { + while (NULL != scope_variable) { + if (0 == strcmp (attr->name, scope_variable)) { break; } scope_variable = strtok (NULL, delimiter); } - if ( NULL == scope_variable ) - { + if (NULL == scope_variable) { GNUNET_RECLAIM_get_attributes_next (handle->attr_it); GNUNET_free (scope_variables); return; @@ -1044,50 +982,41 @@ code_redirect (void *cls) struct GNUNET_HashCode cache_key; char *identity_cookie; - GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); + GNUNET_asprintf (&identity_cookie, "Identity=%s", + handle->oidc->login_identity); GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); GNUNET_free (identity_cookie); - //No login time for identity -> redirect to login - if ( GNUNET_YES - == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, - &cache_key) ) - { - relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, - &cache_key); + // No login time for identity -> redirect to login + if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, + &cache_key)) { + relog_time = + GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); current_time = GNUNET_TIME_absolute_get (); // 30 min after old login -> redirect to login - if ( current_time.abs_value_us <= relog_time->abs_value_us ) - { - if ( GNUNET_OK - != GNUNET_CRYPTO_ecdsa_public_key_from_string ( - handle->oidc->login_identity, - strlen (handle->oidc->login_identity), &pubkey) ) - { + if (current_time.abs_value_us <= relog_time->abs_value_us) { + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string ( + handle->oidc->login_identity, + strlen (handle->oidc->login_identity), &pubkey)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); - handle->edesc = GNUNET_strdup ("The cookie of a login identity is not valid"); + handle->edesc = + GNUNET_strdup ("The cookie of a login identity is not valid"); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } // iterate over egos and compare their public key - for (handle->ego_entry = handle->ego_head; - NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) - { + for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; + handle->ego_entry = handle->ego_entry->next) { GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); - if ( 0 == memcmp (&ego_pkey, - &pubkey, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); + if (0 == memcmp (&ego_pkey, &pubkey, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { + handle->priv_key = + *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); handle->idp = GNUNET_RECLAIM_connect (cfg); - handle->attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); - handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, - &handle->priv_key, - &oidc_iteration_error, - handle, - &oidc_attr_collect, - handle, - &oidc_collect_finished_cb, - handle); + handle->attr_list = + GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + handle->attr_it = GNUNET_RECLAIM_get_attributes_start ( + handle->idp, &handle->priv_key, &oidc_iteration_error, handle, + &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); return; } } @@ -1103,28 +1032,20 @@ build_redirect (void *cls) { struct RequestHandle *handle = cls; struct MHD_Response *resp; - char* redirect_uri; - - if (GNUNET_YES == handle->oidc->user_cancelled) - { - if ( (NULL != handle->redirect_prefix) && - (NULL != handle->redirect_suffix) && - (NULL != handle->tld) ) - { - GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", - handle->redirect_prefix, - handle->tld, - handle->redirect_suffix, - "access_denied", - "User denied access", - handle->oidc->state); - } else { - GNUNET_asprintf (&redirect_uri, "%s?error=%s&error_description=%s&state=%s", - handle->oidc->redirect_uri, - "access_denied", - "User denied access", - handle->oidc->state); + char *redirect_uri; + if (GNUNET_YES == handle->oidc->user_cancelled) { + if ((NULL != handle->redirect_prefix) && + (NULL != handle->redirect_suffix) && (NULL != handle->tld)) { + GNUNET_asprintf ( + &redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", + handle->redirect_prefix, handle->tld, handle->redirect_suffix, + "access_denied", "User denied access", handle->oidc->state); + } else { + GNUNET_asprintf (&redirect_uri, + "%s?error=%s&error_description=%s&state=%s", + handle->oidc->redirect_uri, "access_denied", + "User denied access", handle->oidc->state); } resp = GNUNET_REST_create_response (""); MHD_add_response_header (resp, "Location", redirect_uri); @@ -1138,8 +1059,7 @@ build_redirect (void *cls) static void -lookup_redirect_uri_result (void *cls, - uint32_t rd_count, +lookup_redirect_uri_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct RequestHandle *handle = cls; @@ -1149,58 +1069,47 @@ lookup_redirect_uri_result (void *cls, struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; handle->gns_op = NULL; - if (0 == rd_count) - { + if (0 == rd_count) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); - handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); + handle->edesc = GNUNET_strdup ( + "Server cannot generate ticket, redirect uri not found."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - for (int i = 0; i < rd_count; i++) - { + for (int i = 0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) continue; - if (0 != strncmp (rd[i].data, - handle->oidc->redirect_uri, - rd[i].data_size)) + if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) continue; - tmp = GNUNET_strndup (rd[i].data, - rd[i].data_size); - if (NULL == strstr (tmp, - handle->oidc->client_id)) - { + tmp = GNUNET_strndup (rd[i].data, rd[i].data_size); + if (NULL == strstr (tmp, handle->oidc->client_id)) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Redirect uri %s does not contain client_id %s", - tmp, + "Redirect uri %s does not contain client_id %s", tmp, handle->oidc->client_id); } else { - pos = strrchr (tmp, - (unsigned char) '.'); + pos = strrchr (tmp, (unsigned char)'.'); *pos = '\0'; handle->redirect_prefix = GNUNET_strdup (tmp); tmp_key_str = pos + 1; - pos = strchr (tmp_key_str, - (unsigned char) '/'); + pos = strchr (tmp_key_str, (unsigned char)'/'); *pos = '\0'; handle->redirect_suffix = GNUNET_strdup (pos + 1); - GNUNET_STRINGS_string_to_data (tmp_key_str, - strlen (tmp_key_str), - &redirect_zone, - sizeof (redirect_zone)); + GNUNET_STRINGS_string_to_data (tmp_key_str, strlen (tmp_key_str), + &redirect_zone, sizeof (redirect_zone)); } GNUNET_SCHEDULER_add_now (&build_redirect, handle); GNUNET_free (tmp); return; } handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); - handle->edesc = GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); + handle->edesc = + GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); } - /** * Initiate redirect back to client. */ @@ -1210,14 +1119,10 @@ client_redirect (void *cls) struct RequestHandle *handle = cls; /* Lookup client redirect uri to verify request */ - handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, - GNUNET_GNS_EMPTY_LABEL_AT, - &handle->oidc->client_pkey, - GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, - GNUNET_GNS_LO_DEFAULT, - &lookup_redirect_uri_result, - handle); - + handle->gns_op = GNUNET_GNS_lookup ( + handle->gns_handle, GNUNET_GNS_EMPTY_LABEL_AT, &handle->oidc->client_pkey, + GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_GNS_LO_DEFAULT, + &lookup_redirect_uri_result, handle); } @@ -1234,75 +1139,70 @@ build_authz_response (void *cls) struct GNUNET_HashCode cache_key; char *expected_scope; - char delimiter[]=" "; + char delimiter[] = " "; int number_of_ignored_parameter, iterator; // REQUIRED value: redirect_uri GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); - handle->edesc=GNUNET_strdup ("missing parameter redirect_uri"); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); + handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } handle->oidc->redirect_uri = - GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key)); + GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key)); // REQUIRED value: response_type GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); - handle->edesc=GNUNET_strdup ("missing parameter response_type"); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); + handle->edesc = GNUNET_strdup ("missing parameter response_type"); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key); + handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key); handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); // REQUIRED value: scope GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); - handle->edesc=GNUNET_strdup ("missing parameter scope"); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); + handle->edesc = GNUNET_strdup ("missing parameter scope"); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key); + handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key); handle->oidc->scope = GNUNET_strdup (handle->oidc->scope); - //OPTIONAL value: nonce + // OPTIONAL value: nonce GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); - if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key); + if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { + handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key); handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); } - //TODO check other values if needed - number_of_ignored_parameter = sizeof (OIDC_ignored_parameter_array) / sizeof (char *); - for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) - { + // TODO check other values if needed + number_of_ignored_parameter = + sizeof (OIDC_ignored_parameter_array) / sizeof (char *); + for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) { GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], strlen (OIDC_ignored_parameter_array[iterator]), &cache_key); - if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); + if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", OIDC_ignored_parameter_array[iterator]); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); @@ -1311,38 +1211,37 @@ build_authz_response (void *cls) } // Checks if response_type is 'code' - if (0 != strcmp (handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); - handle->edesc=GNUNET_strdup ("The authorization server does not support " - "obtaining this authorization code."); + if (0 != strcmp (handle->oidc->response_type, + OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); + handle->edesc = GNUNET_strdup ("The authorization server does not support " + "obtaining this authorization code."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } // Checks if scope contains 'openid' expected_scope = GNUNET_strdup (handle->oidc->scope); - char* test; + char *test; test = strtok (expected_scope, delimiter); - while (NULL != test) - { - if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) + while (NULL != test) { + if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) break; test = strtok (NULL, delimiter); } - if (NULL == test) - { + if (NULL == test) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); - handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " - "malformed."); + handle->edesc = + GNUNET_strdup ("The requested scope is invalid, unknown, or " + "malformed."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); GNUNET_free (expected_scope); return; } GNUNET_free (expected_scope); - if ( (NULL == handle->oidc->login_identity) && - (GNUNET_NO == handle->oidc->user_cancelled)) + if ((NULL == handle->oidc->login_identity) && + (GNUNET_NO == handle->oidc->user_cancelled)) GNUNET_SCHEDULER_add_now (&login_redirect, handle); else GNUNET_SCHEDULER_add_now (&client_redirect, handle); @@ -1352,27 +1251,19 @@ build_authz_response (void *cls) * Iterate over tlds in config */ static void -tld_iter (void *cls, - const char *section, - const char *option, - const char *value) +tld_iter (void *cls, const char *section, const char *option, const char *value) { struct RequestHandle *handle = cls; struct GNUNET_CRYPTO_EcdsaPublicKey pkey; - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_public_key_from_string (value, - strlen (value), - &pkey)) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Skipping non key %s\n", - value); + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string ( + value, strlen (value), &pkey)) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); return; } if (0 == memcmp (&pkey, &handle->oidc->client_pkey, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - handle->tld = GNUNET_strdup (option+1); + handle->tld = GNUNET_strdup (option + 1); } /** @@ -1384,8 +1275,7 @@ tld_iter (void *cls, */ static void authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) + const char *url, void *cls) { struct RequestHandle *handle = cls; struct GNUNET_HashCode cache_key; @@ -1395,36 +1285,33 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, cookie_identity_interpretation (handle); - //RECOMMENDED value: state - REQUIRED for answers + // RECOMMENDED value: state - REQUIRED for answers GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); - if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->oidc->state = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key); + if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { + handle->oidc->state = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key); handle->oidc->state = GNUNET_strdup (handle->oidc->state); } // REQUIRED value: client_id GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("missing parameter client_id"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key)); + handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key)); - if ( GNUNET_OK - != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, - strlen (handle->oidc->client_id), - &handle->oidc->client_pkey) ) - { + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string ( + handle->oidc->client_id, + strlen (handle->oidc->client_id), + &handle->oidc->client_pkey)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); handle->edesc = GNUNET_strdup ("The client is not authorized to request an " "authorization code using this method."); @@ -1434,8 +1321,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } - if ( NULL == handle->ego_head ) - { + if (NULL == handle->ego_head) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); handle->edesc = GNUNET_strdup ("Egos are missing"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; @@ -1444,26 +1330,21 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } handle->ego_entry = handle->ego_head; - handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); - //If we know this identity, translated the corresponding TLD - //TODO: We might want to have a reverse lookup functionality for TLDs? - for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) - { + handle->priv_key = + *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); + // If we know this identity, translated the corresponding TLD + // TODO: We might want to have a reverse lookup functionality for TLDs? + for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) { priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); - GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, - &pkey); + GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey); if (0 == memcmp (&pkey, &handle->oidc->client_pkey, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - { + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { handle->tld = GNUNET_strdup (tmp_ego->identifier); handle->ego_entry = handle->ego_tail; } } if (NULL == handle->tld) - GNUNET_CONFIGURATION_iterate_section_values (cfg, - "gns", - tld_iter, - handle); + GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle); if (NULL == handle->tld) handle->tld = GNUNET_strdup (handle->oidc->client_id); GNUNET_SCHEDULER_add_now (&build_authz_response, handle); @@ -1477,8 +1358,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, * @param cls the RequestHandle */ static void -login_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, +login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) { struct MHD_Response *resp = GNUNET_REST_create_response (""); @@ -1486,49 +1366,43 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, struct GNUNET_HashCode cache_key; struct GNUNET_TIME_Absolute *current_time; struct GNUNET_TIME_Absolute *last_time; - char* cookie; - char* header_val; + char *cookie; + char *header_val; json_t *root; json_error_t error; json_t *identity; - char term_data[handle->rest_handle->data_size+1]; + char term_data[handle->rest_handle->data_size + 1]; term_data[handle->rest_handle->data_size] = '\0'; - GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); + GNUNET_memcpy (term_data, handle->rest_handle->data, + handle->rest_handle->data_size); root = json_loads (term_data, JSON_DECODE_ANY, &error); identity = json_object_get (root, "identity"); - if (!json_is_string (identity)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error parsing json string from %s\n", + if (!json_is_string (identity)) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error parsing json string from %s\n", term_data); handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); json_decref (root); GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); return; } - GNUNET_asprintf (&cookie, - "Identity=%s", - json_string_value (identity)); - GNUNET_asprintf (&header_val, - "%s;Max-Age=%d", - cookie, + GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); + GNUNET_asprintf (&header_val, "%s;Max-Age=%d", cookie, OIDC_COOKIE_EXPIRATION); MHD_add_response_header (resp, "Set-Cookie", header_val); MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); - if (0 != strcmp (json_string_value (identity), - "Denied")) - { + if (0 != strcmp (json_string_value (identity), "Denied")) { current_time = GNUNET_new (struct GNUNET_TIME_Absolute); - *current_time = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), - OIDC_COOKIE_EXPIRATION)); - last_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); + *current_time = + GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply ( + GNUNET_TIME_relative_get_second_ (), OIDC_COOKIE_EXPIRATION)); + last_time = + GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); GNUNET_free_non_null (last_time); - GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, - &cache_key, - current_time, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); + GNUNET_CONTAINER_multihashmap_put ( + OIDC_cookie_jar_map, &cache_key, current_time, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); } handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); GNUNET_free (cookie); @@ -1551,80 +1425,65 @@ check_authorization (struct RequestHandle *handle, int client_exists = GNUNET_NO; GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, - strlen (OIDC_AUTHORIZATION_HEADER_KEY), - &cache_key); - if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, - &cache_key) ) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); - handle->edesc=GNUNET_strdup ("missing authorization"); + strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->header_param_map, &cache_key)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + handle->edesc = GNUNET_strdup ("missing authorization"); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } - authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, - &cache_key); + authorization = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->header_param_map, &cache_key); - //split header in "Basic" and [content] + // split header in "Basic" and [content] credentials = strtok (authorization, " "); - if (0 != strcmp ("Basic", credentials)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + if (0 != strcmp ("Basic", credentials)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } credentials = strtok (NULL, " "); - if (NULL == credentials) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + if (NULL == credentials) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } - GNUNET_STRINGS_base64_decode (credentials, - strlen (credentials), - (void**)&basic_authorization); + GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), + (void **)&basic_authorization); - if ( NULL == basic_authorization ) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + if (NULL == basic_authorization) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } client_id = strtok (basic_authorization, ":"); - if ( NULL == client_id ) - { + if (NULL == client_id) { GNUNET_free_non_null (basic_authorization); - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } pass = strtok (NULL, ":"); - if (NULL == pass) - { + if (NULL == pass) { GNUNET_free_non_null (basic_authorization); - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } - //check client password - if ( GNUNET_OK - == GNUNET_CONFIGURATION_get_value_string (cfg, - "reclaim-rest-plugin", - "psw", - &expected_pass) ) - { - if (0 != strcmp (expected_pass, pass)) - { + // check client password + if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string ( + cfg, "reclaim-rest-plugin", "psw", &expected_pass)) { + if (0 != strcmp (expected_pass, pass)) { GNUNET_free_non_null (basic_authorization); GNUNET_free (expected_pass); - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } GNUNET_free (expected_pass); - } - else - { + } else { GNUNET_free_non_null (basic_authorization); handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); handle->edesc = GNUNET_strdup ("gnunet configuration failed"); @@ -1632,26 +1491,21 @@ check_authorization (struct RequestHandle *handle, return GNUNET_SYSERR; } - //check client_id - for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; ) - { - if (0 == strcmp (handle->ego_entry->keystring, client_id)) - { + // check client_id + for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;) { + if (0 == strcmp (handle->ego_entry->keystring, client_id)) { client_exists = GNUNET_YES; break; } handle->ego_entry = handle->ego_entry->next; } - if (GNUNET_NO == client_exists) - { + if (GNUNET_NO == client_exists) { GNUNET_free_non_null (basic_authorization); - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; return GNUNET_SYSERR; } - GNUNET_STRINGS_string_to_data (client_id, - strlen (client_id), - cid, + GNUNET_STRINGS_string_to_data (client_id, strlen (client_id), cid, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); GNUNET_free (basic_authorization); @@ -1665,13 +1519,11 @@ ego_exists (struct RequestHandle *handle, struct EgoEntry *ego_entry; struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) - { + for (ego_entry = handle->ego_head; NULL != ego_entry; + ego_entry = ego_entry->next) { GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); - if (0 == memcmp (&pub_key, - test_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - { + if (0 == memcmp (&pub_key, test_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { break; } } @@ -1682,7 +1534,7 @@ ego_exists (struct RequestHandle *handle, static void store_ticket_reference (const struct RequestHandle *handle, - const char* access_token, + const char *access_token, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_CRYPTO_EcdsaPublicKey *cid) { @@ -1691,21 +1543,15 @@ store_ticket_reference (const struct RequestHandle *handle, char *ticket_string; char *client_id; - GNUNET_CRYPTO_hash (access_token, - strlen (access_token), - &cache_key); - client_id = GNUNET_STRINGS_data_to_string_alloc (cid, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - GNUNET_asprintf (&id_ticket_combination, - "%s;%s", - client_id, - ticket_string); - GNUNET_CONTAINER_multihashmap_put (OIDC_access_token_map, - &cache_key, - id_ticket_combination, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); + GNUNET_CRYPTO_hash (access_token, strlen (access_token), &cache_key); + client_id = GNUNET_STRINGS_data_to_string_alloc ( + cid, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + ticket_string = GNUNET_STRINGS_data_to_string_alloc ( + ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); + GNUNET_asprintf (&id_ticket_combination, "%s;%s", client_id, ticket_string); + GNUNET_CONTAINER_multihashmap_put ( + OIDC_access_token_map, &cache_key, id_ticket_combination, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); GNUNET_free (client_id); GNUNET_free (ticket_string); @@ -1719,8 +1565,7 @@ store_ticket_reference (const struct RequestHandle *handle, * @param cls the RequestHandle */ static void -token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, +token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) { struct RequestHandle *handle = cls; @@ -1742,9 +1587,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, /* * Check Authorization */ - if (GNUNET_SYSERR == check_authorization (handle, - &cid)) - { + if (GNUNET_SYSERR == check_authorization (handle, &cid)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "OIDC authorization for token endpoint failed\n"); GNUNET_SCHEDULER_add_now (&do_error, handle); @@ -1755,28 +1598,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, * Check parameter */ - //TODO Do not allow multiple equal parameter names - //REQUIRED grant_type - GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); - if (GNUNET_NO == - GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { + // TODO Do not allow multiple equal parameter names + // REQUIRED grant_type + GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), + &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("missing parameter grant_type"); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key); + grant_type = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key); - //REQUIRED code + // REQUIRED code GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); - if (GNUNET_NO == - GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("missing parameter code"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1786,13 +1626,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, &cache_key); - //REQUIRED redirect_uri + // REQUIRED redirect_uri GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), &cache_key); - if (GNUNET_NO == - GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key) ) - { + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1800,21 +1638,17 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - //Check parameter grant_type == "authorization_code" - if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) - { - handle->emsg=GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); + // Check parameter grant_type == "authorization_code" + if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) { + handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); return; } GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); - if (GNUNET_SYSERR == - GNUNET_CONTAINER_multihashmap_put (OIDC_used_ticket_map, - &cache_key, - &i, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) - { + if (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_put ( + OIDC_used_ticket_map, &cache_key, &i, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("Cannot use the same code more than once"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1822,12 +1656,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - //decode code - if (GNUNET_OK != OIDC_parse_authz_code (&cid, - code, - &ticket, - &nonce)) - { + // decode code + if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, &ticket, &nonce)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("invalid code"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1835,13 +1665,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - //create jwt + // create jwt if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_time (cfg, - "reclaim-rest-plugin", - "expiration_time", - &expiration_time)) - { + GNUNET_CONFIGURATION_get_value_time ( + cfg, "reclaim-rest-plugin", "expiration_time", &expiration_time)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); handle->edesc = GNUNET_strdup ("gnunet configuration failed"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; @@ -1851,22 +1678,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } - //TODO OPTIONAL acr,amr,azp - if (GNUNET_NO == ego_exists (handle, - &ticket->audience)) - { + // TODO OPTIONAL acr,amr,azp + if (GNUNET_NO == ego_exists (handle, &ticket->audience)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("invalid code..."); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); GNUNET_free (ticket); } - if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_string (cfg, - "reclaim-rest-plugin", - "jwt_secret", - &jwt_secret) ) - { + if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string ( + cfg, "reclaim-rest-plugin", "jwt_secret", &jwt_secret)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("No signing secret configured!"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; @@ -1874,24 +1695,16 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free (ticket); return; } - //TODO We should collect the attributes here. cl always empty + // TODO We should collect the attributes here. cl always empty cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); - id_token = OIDC_id_token_new (&ticket->audience, - &ticket->identity, - cl, + id_token = OIDC_id_token_new (&ticket->audience, &ticket->identity, cl, &expiration_time, - (NULL != nonce) ? nonce : NULL, - jwt_secret); + (NULL != nonce) ? nonce : NULL, jwt_secret); access_token = OIDC_access_token_new (); - OIDC_build_token_response (access_token, - id_token, - &expiration_time, + OIDC_build_token_response (access_token, id_token, &expiration_time, &json_response); - store_ticket_reference (handle, - access_token, - ticket, - &cid); + store_ticket_reference (handle, access_token, ticket, &cid); resp = GNUNET_REST_create_response (json_response); MHD_add_response_header (resp, "Cache-Control", "no-store"); MHD_add_response_header (resp, "Pragma", "no-cache"); @@ -1909,26 +1722,21 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, * Collects claims and stores them in handle */ static void -consume_ticket (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, +consume_ticket (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) { struct RequestHandle *handle = cls; char *tmp_value; json_t *value; - if (NULL == identity) - { + if (NULL == identity) { GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); return; } - tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, - attr->data, + tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, attr->data, attr->data_size); value = json_string (tmp_value); - json_object_set_new (handle->oidc->response, - attr->name, - value); + json_object_set_new (handle->oidc->response, attr->name, value); GNUNET_free (tmp_value); } @@ -1941,9 +1749,9 @@ consume_ticket (void *cls, */ static void userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, void *cls) + const char *url, void *cls) { - //TODO expiration time + // TODO expiration time struct RequestHandle *handle = cls; char delimiter[] = " "; char delimiter_db[] = ";"; @@ -1953,12 +1761,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, struct GNUNET_RECLAIM_Ticket *ticket; GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, - strlen (OIDC_AUTHORIZATION_HEADER_KEY), - &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, - &cache_key) ) - { + strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->header_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("No Access Token"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -1966,13 +1771,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } authorization = GNUNET_CONTAINER_multihashmap_get ( - handle->rest_handle->header_param_map, &cache_key); + handle->rest_handle->header_param_map, &cache_key); - //split header in "Bearer" and access_token + // split header in "Bearer" and access_token authorization = GNUNET_strdup (authorization); authorization_type = strtok (authorization, delimiter); - if ( 0 != strcmp ("Bearer", authorization_type) ) - { + if (0 != strcmp ("Bearer", authorization_type)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("No Access Token"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -1981,8 +1785,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } authorization_access_token = strtok (NULL, delimiter); - if ( NULL == authorization_access_token ) - { + if (NULL == authorization_access_token) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("No Access Token"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -1992,11 +1795,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } GNUNET_CRYPTO_hash (authorization_access_token, - strlen (authorization_access_token), - &cache_key); - if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map, - &cache_key) ) - { + strlen (authorization_access_token), &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains ( + OIDC_access_token_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("The Access Token expired"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -2005,12 +1806,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - client_ticket = GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, - &cache_key); + client_ticket = + GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key); client_ticket = GNUNET_strdup (client_ticket); - client = strtok (client_ticket,delimiter_db); - if (NULL == client) - { + client = strtok (client_ticket, delimiter_db); + if (NULL == client) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("The Access Token expired"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -2020,13 +1820,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } handle->ego_entry = handle->ego_head; - for (; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) - { - if (0 == strcmp (handle->ego_entry->keystring,client)) + for (; NULL != handle->ego_entry; + handle->ego_entry = handle->ego_entry->next) { + if (0 == strcmp (handle->ego_entry->keystring, client)) break; } - if (NULL == handle->ego_entry) - { + if (NULL == handle->ego_entry) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("The Access Token expired"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -2036,8 +1835,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } ticket_str = strtok (NULL, delimiter_db); - if (NULL == ticket_str) - { + if (NULL == ticket_str) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("The Access Token expired"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -2047,12 +1845,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); - if ( GNUNET_OK - != GNUNET_STRINGS_string_to_data (ticket_str, - strlen (ticket_str), - ticket, - sizeof (struct GNUNET_RECLAIM_Ticket))) - { + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (ticket_str, strlen (ticket_str), ticket, + sizeof (struct GNUNET_RECLAIM_Ticket))) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); handle->edesc = GNUNET_strdup ("The Access Token expired"); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -2065,18 +1860,14 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->idp = GNUNET_RECLAIM_connect (cfg); handle->oidc->response = json_object (); - json_object_set_new (handle->oidc->response, - "sub", + json_object_set_new (handle->oidc->response, "sub", json_string (handle->ego_entry->keystring)); - handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, - GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), - ticket, - consume_ticket, - handle); + handle->idp_op = GNUNET_RECLAIM_ticket_consume ( + handle->idp, GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), + ticket, consume_ticket, handle); GNUNET_free (ticket); GNUNET_free (authorization); GNUNET_free (client_ticket); - } @@ -2090,22 +1881,18 @@ init_cont (struct RequestHandle *handle) { struct GNUNET_REST_RequestHandlerError err; static const struct GNUNET_REST_RequestHandler handlers[] = { - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, - {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, - &options_cont}, - GNUNET_REST_HANDLER_END - }; - - if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, - handlers, - &err, - handle)) - { + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, + &authorize_endpoint}, // url-encoded + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont}, + GNUNET_REST_HANDLER_END}; + + if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, handlers, + &err, handle)) { handle->response_code = err.error_code; GNUNET_SCHEDULER_add_now (&do_error, handle); } @@ -2145,17 +1932,14 @@ init_cont (struct RequestHandle *handle) * must thus no longer be used */ static void -list_ego (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, +list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier) { struct RequestHandle *handle = cls; struct EgoEntry *ego_entry; struct GNUNET_CRYPTO_EcdsaPublicKey pk; - if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) - { + if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) { handle->state = ID_REST_STATE_POST_INIT; init_cont (handle); return; @@ -2163,18 +1947,17 @@ list_ego (void *cls, if (ID_REST_STATE_INIT == handle->state) { ego_entry = GNUNET_new (struct EgoEntry); GNUNET_IDENTITY_ego_get_public_key (ego, &pk); - ego_entry->keystring = - GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); + ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); ego_entry->ego = ego; ego_entry->identifier = GNUNET_strdup (identifier); - GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, - handle->ego_tail, + GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, handle->ego_tail, ego_entry); return; } /* Ego renamed or added */ if (identifier != NULL) { - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { + for (ego_entry = handle->ego_head; NULL != ego_entry; + ego_entry = ego_entry->next) { if (ego_entry->ego == ego) { /* Rename */ GNUNET_free (ego_entry->identifier); @@ -2186,30 +1969,28 @@ list_ego (void *cls, /* Add */ ego_entry = GNUNET_new (struct EgoEntry); GNUNET_IDENTITY_ego_get_public_key (ego, &pk); - ego_entry->keystring = - GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); + ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); ego_entry->ego = ego; ego_entry->identifier = GNUNET_strdup (identifier); - GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, - handle->ego_tail, + GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head, handle->ego_tail, ego_entry); } } else { /* Delete */ - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { + for (ego_entry = handle->ego_head; NULL != ego_entry; + ego_entry = ego_entry->next) { if (ego_entry->ego == ego) break; } if (NULL != ego_entry) - GNUNET_CONTAINER_DLL_remove (handle->ego_head,handle->ego_tail, ego_entry); + GNUNET_CONTAINER_DLL_remove (handle->ego_head, handle->ego_tail, + ego_entry); } - } static void rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, - GNUNET_REST_ResultProcessor proc, - void *proc_cls) + GNUNET_REST_ResultProcessor proc, void *proc_cls) { struct RequestHandle *handle = GNUNET_new (struct RequestHandle); handle->oidc = GNUNET_new (struct OIDC_Variables); @@ -2220,7 +2001,8 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, if (NULL == OIDC_used_ticket_map) OIDC_used_ticket_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); if (NULL == OIDC_access_token_map) - OIDC_access_token_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); + OIDC_access_token_map = + GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); handle->response_code = 0; handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; handle->proc_cls = proc_cls; @@ -2229,21 +2011,15 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, handle->rest_handle = rest_handle; handle->url = GNUNET_strdup (rest_handle->url); - if (handle->url[strlen (handle->url)-1] == '/') - handle->url[strlen (handle->url)-1] = '\0'; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connecting...\n"); - handle->identity_handle = GNUNET_IDENTITY_connect (cfg, - &list_ego, - handle); + if (handle->url[strlen (handle->url) - 1] == '/') + handle->url[strlen (handle->url) - 1] = '\0'; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); + handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle); handle->gns_handle = GNUNET_GNS_connect (cfg); handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); handle->timeout_task = - GNUNET_SCHEDULER_add_delayed (handle->timeout, - &do_timeout, - handle); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connected\n"); + GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); } /** @@ -2260,23 +2036,19 @@ libgnunet_plugin_rest_openid_connect_init (void *cls) cfg = cls; if (NULL != plugin.cfg) - return NULL; /* can only initialize once! */ + return NULL; /* can only initialize once! */ memset (&plugin, 0, sizeof (struct Plugin)); plugin.cfg = cfg; api = GNUNET_new (struct GNUNET_REST_Plugin); api->cls = &plugin; api->name = GNUNET_REST_API_NS_OIDC; api->process_request = &rest_identity_process_request; - GNUNET_asprintf (&allow_methods, - "%s, %s, %s, %s, %s", - MHD_HTTP_METHOD_GET, - MHD_HTTP_METHOD_POST, - MHD_HTTP_METHOD_PUT, - MHD_HTTP_METHOD_DELETE, - MHD_HTTP_METHOD_OPTIONS); + GNUNET_asprintf (&allow_methods, "%s, %s, %s, %s, %s", MHD_HTTP_METHOD_GET, + MHD_HTTP_METHOD_POST, MHD_HTTP_METHOD_PUT, + MHD_HTTP_METHOD_DELETE, MHD_HTTP_METHOD_OPTIONS); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - _("Identity Provider REST API initialized\n")); + _ ("Identity Provider REST API initialized\n")); return api; } @@ -2296,25 +2068,29 @@ libgnunet_plugin_rest_openid_connect_done (void *cls) struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; void *value = NULL; - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); + hashmap_it = + GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map); while (GNUNET_YES == GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) GNUNET_free_non_null (value); GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); + hashmap_it = + GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); while (GNUNET_YES == GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) GNUNET_free_non_null (value); GNUNET_CONTAINER_multihashmap_destroy (OIDC_identity_grants); - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); + hashmap_it = + GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_used_ticket_map); while (GNUNET_YES == GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) GNUNET_free_non_null (value); GNUNET_CONTAINER_multihashmap_destroy (OIDC_used_ticket_map); - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); + hashmap_it = + GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map); while (GNUNET_YES == GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) GNUNET_free_non_null (value); -- cgit v1.2.3