[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated: gracely handle missing PKCE
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated: gracely handle missing PKCE params in token request |
|
Date: |
Tue, 17 Sep 2019 16:12:58 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 97164b43a gracely handle missing PKCE params in token request
97164b43a is described below
commit 97164b43a8b69cc1bf07c3384586f58c99873ce8
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Tue Sep 17 16:10:56 2019 +0200
gracely handle missing PKCE params in token request
---
src/reclaim/oidc_helper.c | 725 +++++------
src/reclaim/plugin_rest_openid_connect.c | 2041 +++++++++++++++---------------
2 files changed, 1390 insertions(+), 1376 deletions(-)
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 83b8e8cb3..6bcae21d4 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -31,7 +31,7 @@
#include "gnunet_reclaim_service.h"
#include "gnunet_signatures.h"
#include "oidc_helper.h"
-//#include "benchmark.h"
+// #include "benchmark.h"
#include <gcrypt.h>
GNUNET_NETWORK_STRUCT_BEGIN
@@ -39,7 +39,8 @@ GNUNET_NETWORK_STRUCT_BEGIN
/**
* The signature used to generate the authorization code
*/
-struct OIDC_Parameters {
+struct OIDC_Parameters
+{
/**
* The reclaim ticket
*/
@@ -64,41 +65,41 @@ struct OIDC_Parameters {
GNUNET_NETWORK_STRUCT_END
static char *
-create_jwt_header(void)
+create_jwt_header (void)
{
json_t *root;
char *json_str;
- root = json_object();
- json_object_set_new(root, JWT_ALG, json_string(JWT_ALG_VALUE));
- json_object_set_new(root, JWT_TYP, json_string(JWT_TYP_VALUE));
+ root = json_object ();
+ json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
+ json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
- json_str = json_dumps(root, JSON_INDENT(0) | JSON_COMPACT);
- json_decref(root);
+ json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT);
+ json_decref (root);
return json_str;
}
static void
-replace_char(char *str, char find, char replace)
+replace_char (char *str, char find, char replace)
{
- char *current_pos = strchr(str, find);
+ char *current_pos = strchr (str, find);
while (current_pos)
- {
- *current_pos = replace;
- current_pos = strchr(current_pos, find);
- }
+ {
+ *current_pos = replace;
+ current_pos = strchr (current_pos, find);
+ }
}
// RFC4648
static void
-fix_base64(char *str)
+fix_base64 (char *str)
{
// Replace + with -
- replace_char(str, '+', '-');
+ replace_char (str, '+', '-');
// Replace / with _
- replace_char(str, '/', '_');
+ replace_char (str, '/', '_');
}
/**
@@ -112,12 +113,12 @@ fix_base64(char *str)
* @return a new base64-encoded JWT string.
*/
char *
-OIDC_id_token_new(const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
- const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
- const struct GNUNET_TIME_Relative *expiration_time,
- const char *nonce,
- const char *secret_key)
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ const char *nonce,
+ const char *secret_key)
{
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
struct GNUNET_HashCode signature;
@@ -136,108 +137,108 @@ OIDC_id_token_new(const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
json_t *body;
// iat REQUIRED time now
- time_now = GNUNET_TIME_absolute_get();
+ time_now = GNUNET_TIME_absolute_get ();
// exp REQUIRED time expired from config
- exp_time = GNUNET_TIME_absolute_add(time_now, *expiration_time);
+ exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
// auth_time only if max_age
// nonce only if nonce
// OPTIONAL acr,amr,azp
subject =
- GNUNET_STRINGS_data_to_string_alloc(sub_key,
- sizeof(struct
- GNUNET_CRYPTO_EcdsaPublicKey));
+ GNUNET_STRINGS_data_to_string_alloc (sub_key,
+ sizeof(struct
+ GNUNET_CRYPTO_EcdsaPublicKey));
audience =
- GNUNET_STRINGS_data_to_string_alloc(aud_key,
- sizeof(struct
- GNUNET_CRYPTO_EcdsaPublicKey));
- header = create_jwt_header();
- body = json_object();
+ GNUNET_STRINGS_data_to_string_alloc (aud_key,
+ sizeof(struct
+ GNUNET_CRYPTO_EcdsaPublicKey));
+ header = create_jwt_header ();
+ body = json_object ();
// iss REQUIRED case sensitive server uri with https
// The issuer is the local reclaim instance (e.g.
// https://reclaim.id/api/openid)
- json_object_set_new(body, "iss", json_string(SERVER_ADDRESS));
+ json_object_set_new (body, "iss", json_string (SERVER_ADDRESS));
// sub REQUIRED public key identity, not exceed 255 ASCII length
- json_object_set_new(body, "sub", json_string(subject));
+ json_object_set_new (body, "sub", json_string (subject));
// aud REQUIRED public key client_id must be there
- json_object_set_new(body, "aud", json_string(audience));
+ json_object_set_new (body, "aud", json_string (audience));
// iat
- json_object_set_new(body,
- "iat",
- json_integer(time_now.abs_value_us / (1000 * 1000)));
+ json_object_set_new (body,
+ "iat",
+ json_integer (time_now.abs_value_us / (1000 * 1000)));
// exp
- json_object_set_new(body,
- "exp",
- json_integer(exp_time.abs_value_us / (1000 * 1000)));
+ json_object_set_new (body,
+ "exp",
+ json_integer (exp_time.abs_value_us / (1000 * 1000)));
// nbf
- json_object_set_new(body,
- "nbf",
- json_integer(time_now.abs_value_us / (1000 * 1000)));
+ json_object_set_new (body,
+ "nbf",
+ json_integer (time_now.abs_value_us / (1000 * 1000)));
// nonce
if (NULL != nonce)
- json_object_set_new(body, "nonce", json_string(nonce));
+ json_object_set_new (body, "nonce", json_string (nonce));
for (le = attrs->list_head; NULL != le; le = le->next)
- {
- attr_val_str =
- GNUNET_RECLAIM_ATTRIBUTE_value_to_string(le->claim->type,
- le->claim->data,
- le->claim->data_size);
- json_object_set_new(body, le->claim->name, json_string(attr_val_str));
- GNUNET_free(attr_val_str);
- }
- body_str = json_dumps(body, JSON_INDENT(0) | JSON_COMPACT);
- json_decref(body);
-
- GNUNET_STRINGS_base64_encode(header, strlen(header), &header_base64);
- fix_base64(header_base64);
-
- GNUNET_STRINGS_base64_encode(body_str, strlen(body_str), &body_base64);
- fix_base64(body_base64);
-
- GNUNET_free(subject);
- GNUNET_free(audience);
+ {
+ attr_val_str =
+ GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
+ le->claim->data,
+ le->claim->data_size);
+ json_object_set_new (body, le->claim->name, json_string (attr_val_str));
+ GNUNET_free (attr_val_str);
+ }
+ body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
+ json_decref (body);
+
+ GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64);
+ fix_base64 (header_base64);
+
+ GNUNET_STRINGS_base64_encode (body_str, strlen (body_str), &body_base64);
+ fix_base64 (body_base64);
+
+ GNUNET_free (subject);
+ GNUNET_free (audience);
/**
* Creating the JWT signature. This might not be
* standards compliant, check.
*/
- GNUNET_asprintf(&signature_target, "%s.%s", header_base64, body_base64);
- GNUNET_CRYPTO_hmac_raw(secret_key,
- strlen(secret_key),
- signature_target,
- strlen(signature_target),
- &signature);
- GNUNET_STRINGS_base64_encode((const char *)&signature,
- sizeof(struct GNUNET_HashCode),
- &signature_base64);
- fix_base64(signature_base64);
-
- GNUNET_asprintf(&result,
- "%s.%s.%s",
- header_base64,
- body_base64,
- signature_base64);
-
- GNUNET_free(signature_target);
- GNUNET_free(header);
- GNUNET_free(body_str);
- GNUNET_free(signature_base64);
- GNUNET_free(body_base64);
- GNUNET_free(header_base64);
+ GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
+ GNUNET_CRYPTO_hmac_raw (secret_key,
+ strlen (secret_key),
+ signature_target,
+ strlen (signature_target),
+ &signature);
+ GNUNET_STRINGS_base64_encode ((const char *) &signature,
+ sizeof(struct GNUNET_HashCode),
+ &signature_base64);
+ fix_base64 (signature_base64);
+
+ GNUNET_asprintf (&result,
+ "%s.%s.%s",
+ header_base64,
+ body_base64,
+ signature_base64);
+
+ GNUNET_free (signature_target);
+ GNUNET_free (header);
+ GNUNET_free (body_str);
+ GNUNET_free (signature_base64);
+ GNUNET_free (body_base64);
+ GNUNET_free (header_base64);
return result;
}
/* Converts a hex character to its integer value */
static char
-from_hex(char ch)
+from_hex (char ch)
{
- return isdigit(ch) ? ch - '0' : tolower(ch) - 'a' + 10;
+ return isdigit (ch) ? ch - '0' : tolower (ch) - 'a' + 10;
}
/* Converts an integer value to its hex character*/
static char
-to_hex(char code)
+to_hex (char code)
{
static char hex[] = "0123456789abcdef";
@@ -247,27 +248,27 @@ to_hex(char code)
/* Returns a url-encoded version of str */
/* IMPORTANT: be sure to free() the returned string after use */
static char *
-url_encode(const char *str)
+url_encode (const char *str)
{
- char *pstr = (char *)str;
- char *buf = GNUNET_malloc(strlen(str) * 3 + 1);
+ char *pstr = (char *) str;
+ char *buf = GNUNET_malloc (strlen (str) * 3 + 1);
char *pbuf = buf;
while (*pstr)
+ {
+ if (isalnum (*pstr) || (*pstr == '-') || (*pstr == '_') || (*pstr == '.')
||
+ (*pstr == '~') )
+ *pbuf++ = *pstr;
+ else if (*pstr == ' ')
+ *pbuf++ = '+';
+ else
{
- if (isalnum(*pstr) || *pstr == '-' || *pstr == '_' || *pstr == '.' ||
- *pstr == '~')
- *pbuf++ = *pstr;
- else if (*pstr == ' ')
- *pbuf++ = '+';
- else
- {
- *pbuf++ = '%';
- *pbuf++ = to_hex(*pstr >> 4);
- *pbuf++ = to_hex(*pstr & 15);
- }
- pstr++;
+ *pbuf++ = '%';
+ *pbuf++ = to_hex (*pstr >> 4);
+ *pbuf++ = to_hex (*pstr & 15);
}
+ pstr++;
+ }
*pbuf = '\0';
return buf;
}
@@ -276,32 +277,32 @@ url_encode(const char *str)
/* Returns a url-decoded version of str */
/* IMPORTANT: be sure to free() the returned string after use */
static char *
-url_decode(const char *str)
+url_decode (const char *str)
{
- char *pstr = (char *)str;
- char *buf = GNUNET_malloc(strlen(str) + 1);
+ char *pstr = (char *) str;
+ char *buf = GNUNET_malloc (strlen (str) + 1);
char *pbuf = buf;
while (*pstr)
+ {
+ if (*pstr == '%')
+ {
+ if (pstr[1] && pstr[2])
+ {
+ *pbuf++ = from_hex (pstr[1]) << 4 | from_hex (pstr[2]);
+ pstr += 2;
+ }
+ }
+ else if (*pstr == '+')
+ {
+ *pbuf++ = ' ';
+ }
+ else
{
- if (*pstr == '%')
- {
- if (pstr[1] && pstr[2])
- {
- *pbuf++ = from_hex(pstr[1]) << 4 | from_hex(pstr[2]);
- pstr += 2;
- }
- }
- else if (*pstr == '+')
- {
- *pbuf++ = ' ';
- }
- else
- {
- *pbuf++ = *pstr;
- }
- pstr++;
+ *pbuf++ = *pstr;
}
+ pstr++;
+ }
*pbuf = '\0';
return buf;
}
@@ -313,14 +314,14 @@ url_decode(const char *str)
* @return base64 encoded string
*/
static char *
-base64_and_urlencode(const char *data, size_t data_size)
+base64_and_urlencode (const char *data, size_t data_size)
{
char *enc;
char *urlenc;
- GNUNET_STRINGS_base64_encode(data, data_size, &enc);
- urlenc = url_encode(enc);
- GNUNET_free(enc);
+ GNUNET_STRINGS_base64_encode (data, data_size, &enc);
+ urlenc = url_encode (enc);
+ GNUNET_free (enc);
return urlenc;
}
@@ -332,111 +333,111 @@ base64_and_urlencode(const char *data, size_t data_size)
* @return base64 encoded string
*/
static char *
-base64url_encode(const char *data, size_t data_size)
+base64url_encode (const char *data, size_t data_size)
{
char *enc;
size_t pos;
- GNUNET_STRINGS_base64_encode(data, data_size, &enc);
- //Replace with correct characters for base64url
+ GNUNET_STRINGS_base64_encode (data, data_size, &enc);
+ // Replace with correct characters for base64url
pos = 0;
while ('\0' != enc[pos])
+ {
+ if ('+' == enc[pos])
+ enc[pos] = '-';
+ if ('/' == enc[pos])
+ enc[pos] = '_';
+ if ('=' == enc[pos])
{
- if ('+' == enc[pos])
- enc[pos] = '-';
- if ('/' == enc[pos])
- enc[pos] = '_';
- if ('=' == enc[pos])
- {
- enc[pos] = '\0';
- break;
- }
- pos++;
+ enc[pos] = '\0';
+ break;
}
+ pos++;
+ }
return enc;
}
static void
-derive_aes_key(struct GNUNET_CRYPTO_SymmetricSessionKey *key,
- struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- struct GNUNET_HashCode *key_material)
+derive_aes_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key,
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ struct GNUNET_HashCode *key_material)
{
static const char ctx_key[] = "reclaim-aes-ctx-key";
static const char ctx_iv[] = "reclaim-aes-ctx-iv";
- GNUNET_CRYPTO_kdf(key,
- sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
- ctx_key,
- strlen(ctx_key),
- key_material,
- sizeof(struct GNUNET_HashCode),
- NULL);
- GNUNET_CRYPTO_kdf(iv,
- sizeof(
- struct GNUNET_CRYPTO_SymmetricInitializationVector),
- ctx_iv,
- strlen(ctx_iv),
- key_material,
- sizeof(struct GNUNET_HashCode),
- NULL);
+ GNUNET_CRYPTO_kdf (key,
+ sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
+ ctx_key,
+ strlen (ctx_key),
+ key_material,
+ sizeof(struct GNUNET_HashCode),
+ NULL);
+ GNUNET_CRYPTO_kdf (iv,
+ sizeof(
+ struct GNUNET_CRYPTO_SymmetricInitializationVector),
+ ctx_iv,
+ strlen (ctx_iv),
+ key_material,
+ sizeof(struct GNUNET_HashCode),
+ NULL);
}
static void
-calculate_key_priv(struct GNUNET_CRYPTO_SymmetricSessionKey *key,
- struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
- const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub)
+calculate_key_priv (struct GNUNET_CRYPTO_SymmetricSessionKey *key,
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
+ const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub)
{
struct GNUNET_HashCode key_material;
- GNUNET_CRYPTO_ecdsa_ecdh(ecdsa_priv, ecdh_pub, &key_material);
- derive_aes_key(key, iv, &key_material);
+ GNUNET_CRYPTO_ecdsa_ecdh (ecdsa_priv, ecdh_pub, &key_material);
+ derive_aes_key (key, iv, &key_material);
}
static void
-calculate_key_pub(struct GNUNET_CRYPTO_SymmetricSessionKey *key,
- struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub,
- const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv)
+calculate_key_pub (struct GNUNET_CRYPTO_SymmetricSessionKey *key,
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub,
+ const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv)
{
struct GNUNET_HashCode key_material;
- GNUNET_CRYPTO_ecdh_ecdsa(ecdh_priv, ecdsa_pub, &key_material);
- derive_aes_key(key, iv, &key_material);
+ GNUNET_CRYPTO_ecdh_ecdsa (ecdh_priv, ecdsa_pub, &key_material);
+ derive_aes_key (key, iv, &key_material);
}
static void
-decrypt_payload(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
- const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub,
- const char *ct,
- size_t ct_len,
- char *buf)
+decrypt_payload (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
+ const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pub,
+ const char *ct,
+ size_t ct_len,
+ char *buf)
{
struct GNUNET_CRYPTO_SymmetricSessionKey key;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
- calculate_key_priv(&key, &iv, ecdsa_priv, ecdh_pub);
- GNUNET_break(GNUNET_CRYPTO_symmetric_decrypt(ct, ct_len, &key, &iv, buf));
+ calculate_key_priv (&key, &iv, ecdsa_priv, ecdh_pub);
+ GNUNET_break (GNUNET_CRYPTO_symmetric_decrypt (ct, ct_len, &key, &iv, buf));
}
static void
-encrypt_payload(const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub,
- const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv,
- const char *payload,
- size_t payload_len,
- char *buf)
+encrypt_payload (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub,
+ const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_priv,
+ const char *payload,
+ size_t payload_len,
+ char *buf)
{
struct GNUNET_CRYPTO_SymmetricSessionKey key;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
- calculate_key_pub(&key, &iv, ecdsa_pub, ecdh_priv);
- GNUNET_break(
- GNUNET_CRYPTO_symmetric_encrypt(payload, payload_len, &key, &iv, buf));
+ calculate_key_pub (&key, &iv, ecdsa_pub, ecdh_priv);
+ GNUNET_break (
+ GNUNET_CRYPTO_symmetric_encrypt (payload, payload_len, &key, &iv, buf));
}
/**
@@ -451,11 +452,11 @@ encrypt_payload(const struct GNUNET_CRYPTO_EcdsaPublicKey
*ecdsa_pub,
* @return a new authorization code (caller must free)
*/
char *
-OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
- const struct GNUNET_RECLAIM_Ticket *ticket,
- struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
- const char *nonce_str,
- const char *code_challenge)
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const char *nonce_str,
+ const char *code_challenge)
{
struct OIDC_Parameters params;
char *code_payload;
@@ -475,98 +476,99 @@ OIDC_build_authz_code(const struct
GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
/** PLAINTEXT **/
// Assign ticket
- memset(¶ms, 0, sizeof(params));
+ memset (¶ms, 0, sizeof(params));
params.ticket = *ticket;
// Assign nonce
nonce = 0;
payload_len = sizeof(struct OIDC_Parameters);
- if (NULL != nonce_str && strcmp("", nonce_str) != 0)
+ if ((NULL != nonce_str)&& (strcmp ("", nonce_str) != 0))
+ {
+ if ((1 != sscanf (nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX))
{
- if ((1 != sscanf(nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX))
- {
- GNUNET_break(0);
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Invalid nonce %s\n", nonce_str);
- return NULL;
- }
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
- "Got nonce: %u from %s\n",
- nonce,
- nonce_str);
+ GNUNET_break (0);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid nonce %s\n", nonce_str);
+ return NULL;
}
- nonce_tmp = htonl(nonce);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Got nonce: %u from %s\n",
+ nonce,
+ nonce_str);
+ }
+ nonce_tmp = htonl (nonce);
params.nonce = nonce_tmp;
// Assign code challenge
if (NULL != code_challenge)
- code_challenge_len = strlen(code_challenge);
+ code_challenge_len = strlen (code_challenge);
payload_len += code_challenge_len;
- params.code_challenge_len = htonl(code_challenge_len);
+ params.code_challenge_len = htonl (code_challenge_len);
// Assign attributes
if (NULL != attrs)
- {
- // Get length
- attr_list_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size(attrs);
- params.attr_list_len = htonl(attr_list_len);
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
- "Length of serialized attributes: %lu\n",
- attr_list_len);
- // Get serialized attributes
- payload_len += attr_list_len;
- }
+ {
+ // Get length
+ attr_list_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
+ params.attr_list_len = htonl (attr_list_len);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Length of serialized attributes: %lu\n",
+ attr_list_len);
+ // Get serialized attributes
+ payload_len += attr_list_len;
+ }
// Get plaintext length
- payload = GNUNET_malloc(payload_len);
- memcpy(payload, ¶ms, sizeof(params));
+ payload = GNUNET_malloc (payload_len);
+ memcpy (payload, ¶ms, sizeof(params));
tmp = payload + sizeof(params);
if (0 < code_challenge_len)
- {
- memcpy(tmp, code_challenge, code_challenge_len);
- tmp += code_challenge_len;
- }
+ {
+ memcpy (tmp, code_challenge, code_challenge_len);
+ tmp += code_challenge_len;
+ }
if (0 < attr_list_len)
- GNUNET_RECLAIM_ATTRIBUTE_list_serialize(attrs, tmp);
+ GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, tmp);
/** END **/
/** ENCRYPT **/
// Get length
- code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) +
- payload_len + sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
- "Length of data to encode: %lu\n",
- code_payload_len);
+ code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+ + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)
+ + payload_len + sizeof(struct
+ GNUNET_CRYPTO_EcdsaSignature);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Length of data to encode: %lu\n",
+ code_payload_len);
// Generate ECDH key
- ecdh_priv = GNUNET_CRYPTO_ecdhe_key_create();
- GNUNET_CRYPTO_ecdhe_key_get_public(ecdh_priv, &ecdh_pub);
+ ecdh_priv = GNUNET_CRYPTO_ecdhe_key_create ();
+ GNUNET_CRYPTO_ecdhe_key_get_public (ecdh_priv, &ecdh_pub);
// Initialize code payload
- code_payload = GNUNET_malloc(code_payload_len);
- GNUNET_assert(NULL != code_payload);
- purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)code_payload;
- purpose->size = htonl(sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof(ecdh_pub) + payload_len);
- purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+ code_payload = GNUNET_malloc (code_payload_len);
+ GNUNET_assert (NULL != code_payload);
+ purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
+ purpose->size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+ + sizeof(ecdh_pub) + payload_len);
+ purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
// Store pubkey
- buf_ptr = (char *)&purpose[1];
- memcpy(buf_ptr, &ecdh_pub, sizeof(ecdh_pub));
+ buf_ptr = (char *) &purpose[1];
+ memcpy (buf_ptr, &ecdh_pub, sizeof(ecdh_pub));
buf_ptr += sizeof(ecdh_pub);
// Encrypt plaintext and store
- encrypt_payload(&ticket->audience, ecdh_priv, payload, payload_len, buf_ptr);
- GNUNET_free(ecdh_priv);
- GNUNET_free(payload);
+ encrypt_payload (&ticket->audience, ecdh_priv, payload, payload_len,
buf_ptr);
+ GNUNET_free (ecdh_priv);
+ GNUNET_free (payload);
buf_ptr += payload_len;
// Sign and store signature
if (GNUNET_SYSERR ==
- GNUNET_CRYPTO_ecdsa_sign(issuer,
- purpose,
- (struct GNUNET_CRYPTO_EcdsaSignature *)
- buf_ptr))
- {
- GNUNET_break(0);
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
- GNUNET_free(code_payload);
- return NULL;
- }
- code_str = base64_and_urlencode(code_payload, code_payload_len);
- GNUNET_free(code_payload);
+ GNUNET_CRYPTO_ecdsa_sign (issuer,
+ purpose,
+ (struct GNUNET_CRYPTO_EcdsaSignature *)
+ buf_ptr))
+ {
+ GNUNET_break (0);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
+ GNUNET_free (code_payload);
+ return NULL;
+ }
+ code_str = base64_and_urlencode (code_payload, code_payload_len);
+ GNUNET_free (code_payload);
return code_str;
}
@@ -585,12 +587,12 @@ OIDC_build_authz_code(const struct
GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
* @return GNUNET_OK if successful, else GNUNET_SYSERR
*/
int
-OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
- const char *code,
- const char *code_verifier,
- struct GNUNET_RECLAIM_Ticket *ticket,
- struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs,
- char **nonce_str)
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
+ const char *code,
+ const char *code_verifier,
+ struct GNUNET_RECLAIM_Ticket *ticket,
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs,
+ char **nonce_str)
{
char *code_payload;
char *ptr;
@@ -610,103 +612,110 @@ OIDC_parse_authz_code(const struct
GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
uint32_t nonce = 0;
struct OIDC_Parameters *params;
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code);
code_payload = NULL;
code_payload_len =
- GNUNET_STRINGS_base64_decode(code, strlen(code), (void **)&code_payload);
- if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) +
- sizeof(struct OIDC_Parameters) +
- sizeof(struct GNUNET_CRYPTO_EcdsaSignature))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
- GNUNET_free_non_null(code_payload);
- return GNUNET_SYSERR;
- }
-
- purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)code_payload;
+ GNUNET_STRINGS_base64_decode (code, strlen (code), (void **)
&code_payload);
+ if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+ + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)
+ + sizeof(struct OIDC_Parameters)
+ + sizeof(struct GNUNET_CRYPTO_EcdsaSignature))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
+ GNUNET_free_non_null (code_payload);
+ return GNUNET_SYSERR;
+ }
+
+ purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
plaintext_len = code_payload_len;
plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose);
- ptr = (char *)&purpose[1];
+ ptr = (char *) &purpose[1];
// Public ECDH key
- ecdh_pub = (struct GNUNET_CRYPTO_EcdhePublicKey *)ptr;
+ ecdh_pub = (struct GNUNET_CRYPTO_EcdhePublicKey *) ptr;
ptr += sizeof(struct GNUNET_CRYPTO_EcdhePublicKey);
plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdhePublicKey);
// Decrypt ciphertext
plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
- plaintext = GNUNET_malloc(plaintext_len);
- decrypt_payload(ecdsa_priv, ecdh_pub, ptr, plaintext_len, plaintext);
- //ptr = plaintext;
+ plaintext = GNUNET_malloc (plaintext_len);
+ decrypt_payload (ecdsa_priv, ecdh_pub, ptr, plaintext_len, plaintext);
+ // ptr = plaintext;
ptr += plaintext_len;
- signature = (struct GNUNET_CRYPTO_EcdsaSignature *)ptr;
- params = (struct OIDC_Parameters *)plaintext;
+ signature = (struct GNUNET_CRYPTO_EcdsaSignature *) ptr;
+ params = (struct OIDC_Parameters *) plaintext;
// cmp code_challenge code_verifier
- code_challenge_len = ntohl(params->code_challenge_len);
+ code_challenge_len = ntohl (params->code_challenge_len);
if (0 != code_challenge_len) /* Only check if this code requires a CV */
+ {
+ if (NULL == code_verifier)
{
- code_verifier_hash = GNUNET_malloc(256 / 8);
- // hash code verifier
- gcry_md_hash_buffer(GCRY_MD_SHA256,
- code_verifier_hash,
- code_verifier,
- strlen(code_verifier));
- // encode code verifier
- expected_code_challenge = base64url_encode(code_verifier_hash, 256 / 8);
- code_challenge = (char *)¶ms[1];
- GNUNET_free(code_verifier_hash);
- if ((strlen(expected_code_challenge) != code_challenge_len) ||
- (0 !=
- strncmp(expected_code_challenge, code_challenge,
code_challenge_len)))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
- "Invalid code verifier! Expected: %s, Got: %.*s\n",
- expected_code_challenge,
- code_challenge_len,
- code_challenge);
- GNUNET_free_non_null(code_payload);
- GNUNET_free(expected_code_challenge);
- return GNUNET_SYSERR;
- }
- GNUNET_free(expected_code_challenge);
- }
- // Ticket
- memcpy(ticket, ¶ms->ticket, sizeof(params->ticket));
- // Nonce
- nonce = ntohl(params->nonce); //ntohl (*((uint32_t *) ptr));
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %u\n", nonce);
- // Signature
- GNUNET_CRYPTO_ecdsa_key_get_public(ecdsa_priv, &ecdsa_pub);
- if (0 != GNUNET_memcmp(&ecdsa_pub, &ticket->audience))
- {
- GNUNET_free(code_payload);
- GNUNET_free(plaintext);
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
- "Audience in ticket does not match client!\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Expected code verifier!\n");
+ GNUNET_free_non_null (code_payload);
return GNUNET_SYSERR;
}
- if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
- purpose,
- signature,
- &ticket->identity))
+ code_verifier_hash = GNUNET_malloc (256 / 8);
+ // hash code verifier
+ gcry_md_hash_buffer (GCRY_MD_SHA256,
+ code_verifier_hash,
+ code_verifier,
+ strlen (code_verifier));
+ // encode code verifier
+ expected_code_challenge = base64url_encode (code_verifier_hash, 256 / 8);
+ code_challenge = (char *) ¶ms[1];
+ GNUNET_free (code_verifier_hash);
+ if ((strlen (expected_code_challenge) != code_challenge_len) ||
+ (0 !=
+ strncmp (expected_code_challenge, code_challenge,
code_challenge_len)))
{
- GNUNET_free(code_payload);
- GNUNET_free(plaintext);
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code
invalid!\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Invalid code verifier! Expected: %s, Got: %.*s\n",
+ expected_code_challenge,
+ code_challenge_len,
+ code_challenge);
+ GNUNET_free_non_null (code_payload);
+ GNUNET_free (expected_code_challenge);
return GNUNET_SYSERR;
}
+ GNUNET_free (expected_code_challenge);
+ }
+ // Ticket
+ memcpy (ticket, ¶ms->ticket, sizeof(params->ticket));
+ // Nonce
+ nonce = ntohl (params->nonce); // ntohl (*((uint32_t *) ptr));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %u\n", nonce);
+ // Signature
+ GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub);
+ if (0 != GNUNET_memcmp (&ecdsa_pub, &ticket->audience))
+ {
+ GNUNET_free (code_payload);
+ GNUNET_free (plaintext);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Audience in ticket does not match client!\n");
+ return GNUNET_SYSERR;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
+ purpose,
+ signature,
+ &ticket->identity))
+ {
+ GNUNET_free (code_payload);
+ GNUNET_free (plaintext);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n");
+ return GNUNET_SYSERR;
+ }
// Attributes
- attrs_ser = ((char *)¶ms[1]) + code_challenge_len;
- attrs_ser_len = ntohl(params->attr_list_len);
- *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize(attrs_ser, attrs_ser_len);
+ attrs_ser = ((char *) ¶ms[1]) + code_challenge_len;
+ attrs_ser_len = ntohl (params->attr_list_len);
+ *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser,
attrs_ser_len);
*nonce_str = NULL;
if (nonce != 0)
- GNUNET_asprintf(nonce_str, "%u", nonce);
- GNUNET_free(code_payload);
- GNUNET_free(plaintext);
+ GNUNET_asprintf (nonce_str, "%u", nonce);
+ GNUNET_free (code_payload);
+ GNUNET_free (plaintext);
return GNUNET_OK;
}
@@ -721,42 +730,42 @@ OIDC_parse_authz_code(const struct
GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
* @param token_response where to store the response
*/
void
-OIDC_build_token_response(const char *access_token,
- const char *id_token,
- const struct GNUNET_TIME_Relative *expiration_time,
- char **token_response)
+OIDC_build_token_response (const char *access_token,
+ const char *id_token,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ char **token_response)
{
json_t *root_json;
- root_json = json_object();
-
- GNUNET_assert(NULL != access_token);
- GNUNET_assert(NULL != id_token);
- GNUNET_assert(NULL != expiration_time);
- json_object_set_new(root_json, "access_token", json_string(access_token));
- json_object_set_new(root_json, "token_type", json_string("Bearer"));
- json_object_set_new(root_json,
- "expires_in",
- json_integer(expiration_time->rel_value_us /
- (1000 * 1000)));
- json_object_set_new(root_json, "id_token", json_string(id_token));
- *token_response = json_dumps(root_json, JSON_INDENT(0) | JSON_COMPACT);
- json_decref(root_json);
+ root_json = json_object ();
+
+ GNUNET_assert (NULL != access_token);
+ GNUNET_assert (NULL != id_token);
+ GNUNET_assert (NULL != expiration_time);
+ json_object_set_new (root_json, "access_token", json_string (access_token));
+ json_object_set_new (root_json, "token_type", json_string ("Bearer"));
+ json_object_set_new (root_json,
+ "expires_in",
+ json_integer (expiration_time->rel_value_us
+ / (1000 * 1000)));
+ json_object_set_new (root_json, "id_token", json_string (id_token));
+ *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
+ json_decref (root_json);
}
/**
* Generate a new access token
*/
char *
-OIDC_access_token_new()
+OIDC_access_token_new ()
{
char *access_token;
uint64_t random_number;
random_number =
- GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
- GNUNET_STRINGS_base64_encode(&random_number,
- sizeof(uint64_t),
- &access_token);
+ GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
+ GNUNET_STRINGS_base64_encode (&random_number,
+ sizeof(uint64_t),
+ &access_token);
return access_token;
}
diff --git a/src/reclaim/plugin_rest_openid_connect.c
b/src/reclaim/plugin_rest_openid_connect.c
index 3f1dba254..a4a368ab5 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -250,14 +250,16 @@ static char *allow_methods;
/**
* @brief struct returned by the initialization function of the plugin
*/
-struct Plugin {
+struct Plugin
+{
const struct GNUNET_CONFIGURATION_Handle *cfg;
};
/**
* OIDC needed variables
*/
-struct OIDC_Variables {
+struct OIDC_Variables
+{
/**
* The RP client public key
*/
@@ -322,7 +324,8 @@ struct OIDC_Variables {
/**
* The ego list
*/
-struct EgoEntry {
+struct EgoEntry
+{
/**
* DLL
*/
@@ -350,7 +353,8 @@ struct EgoEntry {
};
-struct RequestHandle {
+struct RequestHandle
+{
/**
* Ego list
*/
@@ -507,75 +511,75 @@ struct RequestHandle {
* @param handle Handle to clean up
*/
static void
-cleanup_handle(struct RequestHandle *handle)
+cleanup_handle (struct RequestHandle *handle)
{
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
struct EgoEntry *ego_entry;
struct EgoEntry *ego_tmp;
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
if (NULL != handle->timeout_task)
- GNUNET_SCHEDULER_cancel(handle->timeout_task);
+ GNUNET_SCHEDULER_cancel (handle->timeout_task);
if (NULL != handle->identity_handle)
- GNUNET_IDENTITY_disconnect(handle->identity_handle);
+ GNUNET_IDENTITY_disconnect (handle->identity_handle);
if (NULL != handle->attr_it)
- GNUNET_RECLAIM_get_attributes_stop(handle->attr_it);
+ GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
if (NULL != handle->ticket_it)
- GNUNET_RECLAIM_ticket_iteration_stop(handle->ticket_it);
+ GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
if (NULL != handle->idp)
- GNUNET_RECLAIM_disconnect(handle->idp);
- GNUNET_free_non_null(handle->url);
- GNUNET_free_non_null(handle->tld);
- GNUNET_free_non_null(handle->redirect_prefix);
- GNUNET_free_non_null(handle->redirect_suffix);
- GNUNET_free_non_null(handle->emsg);
- GNUNET_free_non_null(handle->edesc);
+ GNUNET_RECLAIM_disconnect (handle->idp);
+ GNUNET_free_non_null (handle->url);
+ GNUNET_free_non_null (handle->tld);
+ GNUNET_free_non_null (handle->redirect_prefix);
+ GNUNET_free_non_null (handle->redirect_suffix);
+ GNUNET_free_non_null (handle->emsg);
+ GNUNET_free_non_null (handle->edesc);
if (NULL != handle->gns_op)
- GNUNET_GNS_lookup_cancel(handle->gns_op);
+ GNUNET_GNS_lookup_cancel (handle->gns_op);
if (NULL != handle->gns_handle)
- GNUNET_GNS_disconnect(handle->gns_handle);
+ GNUNET_GNS_disconnect (handle->gns_handle);
if (NULL != handle->namestore_handle)
- GNUNET_NAMESTORE_disconnect(handle->namestore_handle);
+ GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
if (NULL != handle->oidc)
- {
- GNUNET_free_non_null(handle->oidc->client_id);
- GNUNET_free_non_null(handle->oidc->login_identity);
- GNUNET_free_non_null(handle->oidc->nonce);
- GNUNET_free_non_null(handle->oidc->redirect_uri);
- GNUNET_free_non_null(handle->oidc->response_type);
- GNUNET_free_non_null(handle->oidc->scope);
- GNUNET_free_non_null(handle->oidc->state);
- json_decref(handle->oidc->response);
- GNUNET_free(handle->oidc);
- }
+ {
+ GNUNET_free_non_null (handle->oidc->client_id);
+ GNUNET_free_non_null (handle->oidc->login_identity);
+ GNUNET_free_non_null (handle->oidc->nonce);
+ GNUNET_free_non_null (handle->oidc->redirect_uri);
+ GNUNET_free_non_null (handle->oidc->response_type);
+ GNUNET_free_non_null (handle->oidc->scope);
+ GNUNET_free_non_null (handle->oidc->state);
+ json_decref (handle->oidc->response);
+ GNUNET_free (handle->oidc);
+ }
if (NULL != handle->attr_list)
+ {
+ for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;)
{
- for (claim_entry = handle->attr_list->list_head; NULL != claim_entry;)
- {
- claim_tmp = claim_entry;
- claim_entry = claim_entry->next;
- GNUNET_free(claim_tmp->claim);
- GNUNET_free(claim_tmp);
- }
- GNUNET_free(handle->attr_list);
+ claim_tmp = claim_entry;
+ claim_entry = claim_entry->next;
+ GNUNET_free (claim_tmp->claim);
+ GNUNET_free (claim_tmp);
}
+ GNUNET_free (handle->attr_list);
+ }
for (ego_entry = handle->ego_head; NULL != ego_entry;)
- {
- ego_tmp = ego_entry;
- ego_entry = ego_entry->next;
- GNUNET_free(ego_tmp->identifier);
- GNUNET_free(ego_tmp->keystring);
- GNUNET_free(ego_tmp);
- }
- GNUNET_free(handle);
+ {
+ ego_tmp = ego_entry;
+ ego_entry = ego_entry->next;
+ GNUNET_free (ego_tmp->identifier);
+ GNUNET_free (ego_tmp->keystring);
+ GNUNET_free (ego_tmp);
+ }
+ GNUNET_free (handle);
}
static void
-cleanup_handle_delayed(void *cls)
+cleanup_handle_delayed (void *cls)
{
- cleanup_handle(cls);
+ cleanup_handle (cls);
}
@@ -585,30 +589,30 @@ cleanup_handle_delayed(void *cls)
* @param cls the `struct RequestHandle`
*/
static void
-do_error(void *cls)
+do_error (void *cls)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
char *json_error;
- GNUNET_asprintf(&json_error,
- "{ \"error\" : \"%s\", \"error_description\" :
\"%s\"%s%s%s}",
- handle->emsg,
- (NULL != handle->edesc) ? handle->edesc : "",
- (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
- (NULL != handle->oidc->state) ? handle->oidc->state : "",
- (NULL != handle->oidc->state) ? "\"" : "");
+ GNUNET_asprintf (&json_error,
+ "{ \"error\" : \"%s\", \"error_description\" :
\"%s\"%s%s%s}",
+ handle->emsg,
+ (NULL != handle->edesc) ? handle->edesc : "",
+ (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
+ (NULL != handle->oidc->state) ? handle->oidc->state : "",
+ (NULL != handle->oidc->state) ? "\"" : "");
if (0 == handle->response_code)
handle->response_code = MHD_HTTP_BAD_REQUEST;
- resp = GNUNET_REST_create_response(json_error);
+ resp = GNUNET_REST_create_response (json_error);
if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
- MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
- MHD_add_response_header(resp,
- MHD_HTTP_HEADER_CONTENT_TYPE,
- "application/json");
- handle->proc(handle->proc_cls, resp, handle->response_code);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
- GNUNET_free(json_error);
+ MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
+ MHD_add_response_header (resp,
+ MHD_HTTP_HEADER_CONTENT_TYPE,
+ "application/json");
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (json_error);
}
@@ -619,21 +623,21 @@ do_error(void *cls)
* @param cls the `struct RequestHandle`
*/
static void
-do_userinfo_error(void *cls)
+do_userinfo_error (void *cls)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
char *error;
- GNUNET_asprintf(&error,
- "error=\"%s\", error_description=\"%s\"",
- handle->emsg,
- (NULL != handle->edesc) ? handle->edesc : "");
- resp = GNUNET_REST_create_response("");
- MHD_add_response_header(resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
- handle->proc(handle->proc_cls, resp, handle->response_code);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
- GNUNET_free(error);
+ GNUNET_asprintf (&error,
+ "error=\"%s\", error_description=\"%s\"",
+ handle->emsg,
+ (NULL != handle->edesc) ? handle->edesc : "");
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (error);
}
@@ -643,24 +647,24 @@ do_userinfo_error(void *cls)
* @param cls the `struct RequestHandle`
*/
static void
-do_redirect_error(void *cls)
+do_redirect_error (void *cls)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
char *redirect;
- GNUNET_asprintf(&redirect,
- "%s?error=%s&error_description=%s%s%s",
- handle->oidc->redirect_uri,
- handle->emsg,
- handle->edesc,
- (NULL != handle->oidc->state) ? "&state=" : "",
- (NULL != handle->oidc->state) ? handle->oidc->state : "");
- resp = GNUNET_REST_create_response("");
- MHD_add_response_header(resp, "Location", redirect);
- handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
- GNUNET_free(redirect);
+ GNUNET_asprintf (&redirect,
+ "%s?error=%s&error_description=%s%s%s",
+ handle->oidc->redirect_uri,
+ handle->emsg,
+ handle->edesc,
+ (NULL != handle->oidc->state) ? "&state=" : "",
+ (NULL != handle->oidc->state) ? handle->oidc->state : "");
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (redirect);
}
/**
@@ -669,12 +673,12 @@ do_redirect_error(void *cls)
* @param cls the `struct RequestHandle`
*/
static void
-do_timeout(void *cls)
+do_timeout (void *cls)
{
struct RequestHandle *handle = cls;
handle->timeout_task = NULL;
- do_error(handle);
+ do_error (handle);
}
/**
@@ -683,18 +687,18 @@ do_timeout(void *cls)
* @param cls the request handle
*/
static void
-return_userinfo_response(void *cls)
+return_userinfo_response (void *cls)
{
char *result_str;
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
- result_str = json_dumps(handle->oidc->response, 0);
+ result_str = json_dumps (handle->oidc->response, 0);
- resp = GNUNET_REST_create_response(result_str);
- handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_free(result_str);
- cleanup_handle(handle);
+ resp = GNUNET_REST_create_response (result_str);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free (result_str);
+ cleanup_handle (handle);
}
@@ -706,18 +710,18 @@ return_userinfo_response(void *cls)
* @param cls the RequestHandle
*/
static void
-options_cont(struct GNUNET_REST_RequestHandle *con_handle,
- const char *url,
- void *cls)
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
{
struct MHD_Response *resp;
struct RequestHandle *handle = cls;
// For now, independent of path return all options
- resp = GNUNET_REST_create_response(NULL);
- MHD_add_response_header(resp, "Access-Control-Allow-Methods", allow_methods);
- handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
- cleanup_handle(handle);
+ resp = GNUNET_REST_create_response (NULL);
+ MHD_add_response_header (resp, "Access-Control-Allow-Methods",
allow_methods);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ cleanup_handle (handle);
return;
}
@@ -726,7 +730,7 @@ options_cont(struct GNUNET_REST_RequestHandle *con_handle,
* Interprets cookie header and pass its identity keystring to handle
*/
static void
-cookie_identity_interpretation(struct RequestHandle *handle)
+cookie_identity_interpretation (struct RequestHandle *handle)
{
struct GNUNET_HashCode cache_key;
char *cookies;
@@ -737,143 +741,144 @@ cookie_identity_interpretation(struct RequestHandle
*handle)
char *value;
// gets identity of login try with cookie
- GNUNET_CRYPTO_hash(OIDC_COOKIE_HEADER_KEY,
- strlen(OIDC_COOKIE_HEADER_KEY),
- &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle
- ->header_param_map,
- &cache_key))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
- return;
- }
+ GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY,
+ strlen (OIDC_COOKIE_HEADER_KEY),
+ &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
+ ->header_param_map,
+ &cache_key))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
+ return;
+ }
// splits cookies and find 'Identity' cookie
tmp_cookies =
- GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map,
- &cache_key);
- cookies = GNUNET_strdup(tmp_cookies);
- token = strtok(cookies, delimiter);
+ GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+ &cache_key);
+ cookies = GNUNET_strdup (tmp_cookies);
+ token = strtok (cookies, delimiter);
handle->oidc->user_cancelled = GNUNET_NO;
handle->oidc->login_identity = NULL;
if (NULL == token)
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
- "Unable to parse cookie: %s\n",
- cookies);
- GNUNET_free(cookies);
- return;
- }
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse cookie: %s\n",
+ cookies);
+ GNUNET_free (cookies);
+ return;
+ }
while (NULL != token)
+ {
+ if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED))
{
- if (0 == strcmp(token, OIDC_COOKIE_HEADER_ACCESS_DENIED))
- {
- handle->oidc->user_cancelled = GNUNET_YES;
- GNUNET_free(cookies);
- return;
- }
- if (NULL != strstr(token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
- break;
- token = strtok(NULL, delimiter);
- }
- if (NULL == token)
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
- "No cookie value to process: %s\n",
- cookies);
- GNUNET_free(cookies);
+ handle->oidc->user_cancelled = GNUNET_YES;
+ GNUNET_free (cookies);
return;
}
- GNUNET_CRYPTO_hash(token, strlen(token), &cache_key);
+ if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
+ break;
+ token = strtok (NULL, delimiter);
+ }
+ if (NULL == token)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "No cookie value to process: %s\n",
+ cookies);
+ GNUNET_free (cookies);
+ return;
+ }
+ GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
if (GNUNET_NO ==
- GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key))
- {
- GNUNET_log(
- GNUNET_ERROR_TYPE_WARNING,
- "Found cookie `%s', but no corresponding expiration entry
present...\n",
- token);
- GNUNET_free(cookies);
- return;
- }
+ GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key))
+ {
+ GNUNET_log (
+ GNUNET_ERROR_TYPE_WARNING,
+ "Found cookie `%s', but no corresponding expiration entry present...\n",
+ token);
+ GNUNET_free (cookies);
+ return;
+ }
relog_time =
- GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key);
- current_time = GNUNET_TIME_absolute_get();
+ GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
+ current_time = GNUNET_TIME_absolute_get ();
// 30 min after old login -> redirect to login
if (current_time.abs_value_us > relog_time->abs_value_us)
- {
- GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
- "Found cookie `%s', but it is expired.\n",
- token);
- GNUNET_free(cookies);
- return;
- }
- value = strtok(token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
- GNUNET_assert(NULL != value);
- handle->oidc->login_identity = GNUNET_strdup(value);
- GNUNET_free(cookies);
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Found cookie `%s', but it is expired.\n",
+ token);
+ GNUNET_free (cookies);
+ return;
+ }
+ value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
+ GNUNET_assert (NULL != value);
+ handle->oidc->login_identity = GNUNET_strdup (value);
+ GNUNET_free (cookies);
}
/**
* Redirects to login page stored in configuration file
*/
static void
-login_redirect(void *cls)
+login_redirect (void *cls)
{
char *login_base_url;
char *new_redirect;
struct MHD_Response *resp;
struct RequestHandle *handle = cls;
- if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg,
- "reclaim-rest-plugin",
- "address",
- &login_base_url))
- {
- GNUNET_asprintf(&new_redirect,
- "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
- login_base_url,
- OIDC_RESPONSE_TYPE_KEY,
- handle->oidc->response_type,
- OIDC_CLIENT_ID_KEY,
- handle->oidc->client_id,
- OIDC_REDIRECT_URI_KEY,
- handle->oidc->redirect_uri,
- OIDC_SCOPE_KEY,
- handle->oidc->scope,
- OIDC_STATE_KEY,
- (NULL != handle->oidc->state) ? handle->oidc->state : "",
- OIDC_CODE_CHALLENGE_KEY,
- (NULL != handle->oidc->code_challenge) ?
handle->oidc->code_challenge : "",
- OIDC_NONCE_KEY,
- (NULL != handle->oidc->nonce) ? handle->oidc->nonce :
"");
- resp = GNUNET_REST_create_response("");
- MHD_add_response_header(resp, "Location", new_redirect);
- GNUNET_free(login_base_url);
- }
+ if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
+
"reclaim-rest-plugin",
+ "address",
+ &login_base_url))
+ {
+ GNUNET_asprintf (&new_redirect,
+ "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
+ login_base_url,
+ OIDC_RESPONSE_TYPE_KEY,
+ handle->oidc->response_type,
+ OIDC_CLIENT_ID_KEY,
+ handle->oidc->client_id,
+ OIDC_REDIRECT_URI_KEY,
+ handle->oidc->redirect_uri,
+ OIDC_SCOPE_KEY,
+ handle->oidc->scope,
+ OIDC_STATE_KEY,
+ (NULL != handle->oidc->state) ? handle->oidc->state : "",
+ OIDC_CODE_CHALLENGE_KEY,
+ (NULL != handle->oidc->code_challenge) ?
+ handle->oidc->code_challenge : "",
+ OIDC_NONCE_KEY,
+ (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "");
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", new_redirect);
+ GNUNET_free (login_base_url);
+ }
else
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
- handle->edesc = GNUNET_strdup("gnunet configuration failed");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
- handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_free(new_redirect);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_free (new_redirect);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
}
/**
* Does internal server error when iteration failed.
*/
static void
-oidc_iteration_error(void *cls)
+oidc_iteration_error (void *cls)
{
struct RequestHandle *handle = cls;
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
}
@@ -882,7 +887,7 @@ oidc_iteration_error(void *cls)
* parameter. Otherwise redirects with error
*/
static void
-oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
+oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
@@ -892,72 +897,72 @@ oidc_ticket_issue_cb(void *cls, const struct
GNUNET_RECLAIM_Ticket *ticket)
handle->idp_op = NULL;
if (NULL == ticket)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
- handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
+ handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
handle->ticket = *ticket;
ticket_str =
- GNUNET_STRINGS_data_to_string_alloc(&handle->ticket,
- sizeof(struct GNUNET_RECLAIM_Ticket));
+ GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
+ sizeof(struct GNUNET_RECLAIM_Ticket));
// TODO change if more attributes are needed (see max_age)
- code_string = OIDC_build_authz_code(&handle->priv_key,
- &handle->ticket,
- handle->attr_list,
- handle->oidc->nonce,
- handle->oidc->code_challenge);
+ code_string = OIDC_build_authz_code (&handle->priv_key,
+ &handle->ticket,
+ handle->attr_list,
+ handle->oidc->nonce,
+ handle->oidc->code_challenge);
if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
(NULL != handle->tld))
- {
- GNUNET_asprintf(&redirect_uri,
- "%s.%s/%s?%s=%s&state=%s",
- handle->redirect_prefix,
- handle->tld,
- handle->redirect_suffix,
- handle->oidc->response_type,
- code_string,
- handle->oidc->state);
- }
+ {
+ GNUNET_asprintf (&redirect_uri,
+ "%s.%s/%s?%s=%s&state=%s",
+ handle->redirect_prefix,
+ handle->tld,
+ handle->redirect_suffix,
+ handle->oidc->response_type,
+ code_string,
+ handle->oidc->state);
+ }
else
- {
- GNUNET_asprintf(&redirect_uri,
- "%s?%s=%s&state=%s",
- handle->oidc->redirect_uri,
- handle->oidc->response_type,
- code_string,
- handle->oidc->state);
- }
- resp = GNUNET_REST_create_response("");
- MHD_add_response_header(resp, "Location", redirect_uri);
- handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
- GNUNET_free(redirect_uri);
- GNUNET_free(ticket_str);
- GNUNET_free(code_string);
+ {
+ GNUNET_asprintf (&redirect_uri,
+ "%s?%s=%s&state=%s",
+ handle->oidc->redirect_uri,
+ handle->oidc->response_type,
+ code_string,
+ handle->oidc->state);
+ }
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect_uri);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (redirect_uri);
+ GNUNET_free (ticket_str);
+ GNUNET_free (code_string);
}
static void
-oidc_collect_finished_cb(void *cls)
+oidc_collect_finished_cb (void *cls)
{
struct RequestHandle *handle = cls;
handle->attr_it = NULL;
handle->ticket_it = NULL;
if (NULL == handle->attr_list->list_head)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE);
- handle->edesc = GNUNET_strdup("The requested scope is not available.");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
- handle->idp_op = GNUNET_RECLAIM_ticket_issue(handle->idp,
- &handle->priv_key,
- &handle->oidc->client_pkey,
- handle->attr_list,
- &oidc_ticket_issue_cb,
- handle);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
+ handle->edesc = GNUNET_strdup ("The requested scope is not available.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
+ &handle->priv_key,
+ &handle->oidc->client_pkey,
+ handle->attr_list,
+ &oidc_ticket_issue_cb,
+ handle);
}
@@ -965,9 +970,9 @@ oidc_collect_finished_cb(void *cls)
* Collects all attributes for an ego if in scope parameter
*/
static void
-oidc_attr_collect(void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+oidc_attr_collect (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
{
struct RequestHandle *handle = cls;
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
@@ -976,38 +981,38 @@ oidc_attr_collect(void *cls,
char delimiter[] = " ";
if ((NULL == attr->name) || (NULL == attr->data))
- {
- GNUNET_RECLAIM_get_attributes_next(handle->attr_it);
- return;
- }
+ {
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+ return;
+ }
- scope_variables = GNUNET_strdup(handle->oidc->scope);
- scope_variable = strtok(scope_variables, delimiter);
+ scope_variables = GNUNET_strdup (handle->oidc->scope);
+ scope_variable = strtok (scope_variables, delimiter);
while (NULL != scope_variable)
- {
- if (0 == strcmp(attr->name, scope_variable))
- break;
- scope_variable = strtok(NULL, delimiter);
- }
+ {
+ if (0 == strcmp (attr->name, scope_variable))
+ break;
+ scope_variable = strtok (NULL, delimiter);
+ }
if (NULL == scope_variable)
- {
- GNUNET_RECLAIM_get_attributes_next(handle->attr_it);
- GNUNET_free(scope_variables);
- return;
- }
- GNUNET_free(scope_variables);
-
- le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
- le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new(attr->name,
- attr->type,
- attr->data,
- attr->data_size);
+ {
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+ GNUNET_free (scope_variables);
+ return;
+ }
+ GNUNET_free (scope_variables);
+
+ le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
+ attr->type,
+ attr->data,
+ attr->data_size);
le->claim->id = attr->id;
le->claim->version = attr->version;
- GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
- handle->attr_list->list_tail,
- le);
- GNUNET_RECLAIM_get_attributes_next(handle->attr_it);
+ GNUNET_CONTAINER_DLL_insert (handle->attr_list->list_head,
+ handle->attr_list->list_tail,
+ le);
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
}
@@ -1015,7 +1020,7 @@ oidc_attr_collect(void *cls,
* Checks time and cookie and redirects accordingly
*/
static void
-code_redirect(void *cls)
+code_redirect (void *cls)
{
struct RequestHandle *handle = cls;
struct GNUNET_TIME_Absolute current_time;
@@ -1025,111 +1030,111 @@ code_redirect(void *cls)
struct GNUNET_HashCode cache_key;
char *identity_cookie;
- GNUNET_asprintf(&identity_cookie,
- "Identity=%s",
- handle->oidc->login_identity);
- GNUNET_CRYPTO_hash(identity_cookie, strlen(identity_cookie), &cache_key);
- GNUNET_free(identity_cookie);
+ GNUNET_asprintf (&identity_cookie,
+ "Identity=%s",
+ handle->oidc->login_identity);
+ GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
+ GNUNET_free (identity_cookie);
// No login time for identity -> redirect to login
if (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_contains(OIDC_cookie_jar_map, &cache_key))
- {
- relog_time =
- GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key);
- current_time = GNUNET_TIME_absolute_get();
- // 30 min after old login -> redirect to login
- if (current_time.abs_value_us <= relog_time->abs_value_us)
+ GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key))
+ {
+ relog_time =
+ GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
+ current_time = GNUNET_TIME_absolute_get ();
+ // 30 min after old login -> redirect to login
+ if (current_time.abs_value_us <= relog_time->abs_value_us)
+ {
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc
+ ->login_identity,
+ strlen (
+ handle->oidc
+ ->login_identity),
+ &pubkey))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE);
+ handle->edesc =
+ GNUNET_strdup ("The cookie of a login identity is not valid");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ // iterate over egos and compare their public key
+ for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
+ handle->ego_entry = handle->ego_entry->next)
+ {
+ GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
+ if (0 == GNUNET_memcmp (&ego_pkey, &pubkey))
{
- if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc
- ->login_identity,
- strlen(
- handle->oidc
- ->login_identity),
- &pubkey))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_COOKIE);
- handle->edesc =
- GNUNET_strdup("The cookie of a login identity is not valid");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
- // iterate over egos and compare their public key
- for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
- handle->ego_entry = handle->ego_entry->next)
- {
- GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,
&ego_pkey);
- if (0 == GNUNET_memcmp(&ego_pkey, &pubkey))
- {
- handle->priv_key =
-
*GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego);
- handle->idp = GNUNET_RECLAIM_connect(cfg);
- handle->attr_list =
- GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
- handle->attr_it =
- GNUNET_RECLAIM_get_attributes_start(handle->idp,
- &handle->priv_key,
- &oidc_iteration_error,
- handle,
- &oidc_attr_collect,
- handle,
-
&oidc_collect_finished_cb,
- handle);
- return;
- }
- }
- GNUNET_SCHEDULER_add_now(&login_redirect, handle);
+ handle->priv_key =
+ *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->attr_list =
+ GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ handle->attr_it =
+ GNUNET_RECLAIM_get_attributes_start (handle->idp,
+ &handle->priv_key,
+ &oidc_iteration_error,
+ handle,
+ &oidc_attr_collect,
+ handle,
+ &oidc_collect_finished_cb,
+ handle);
return;
}
+ }
+ GNUNET_SCHEDULER_add_now (&login_redirect, handle);
+ return;
}
+ }
}
static void
-build_redirect(void *cls)
+build_redirect (void *cls)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
char *redirect_uri;
if (GNUNET_YES == handle->oidc->user_cancelled)
- {
- if ((NULL != handle->redirect_prefix) &&
- (NULL != handle->redirect_suffix) && (NULL != handle->tld))
- {
- GNUNET_asprintf(&redirect_uri,
- "%s.%s/%s?error=%s&error_description=%s&state=%s",
- handle->redirect_prefix,
- handle->tld,
- handle->redirect_suffix,
- "access_denied",
- "User denied access",
- handle->oidc->state);
- }
- else
- {
- GNUNET_asprintf(&redirect_uri,
- "%s?error=%s&error_description=%s&state=%s",
- handle->oidc->redirect_uri,
- "access_denied",
- "User denied access",
- handle->oidc->state);
- }
- resp = GNUNET_REST_create_response("");
- MHD_add_response_header(resp, "Location", redirect_uri);
- handle->proc(handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
- GNUNET_free(redirect_uri);
- return;
- }
- GNUNET_SCHEDULER_add_now(&code_redirect, handle);
+ {
+ if ((NULL != handle->redirect_prefix) &&
+ (NULL != handle->redirect_suffix) && (NULL != handle->tld))
+ {
+ GNUNET_asprintf (&redirect_uri,
+ "%s.%s/%s?error=%s&error_description=%s&state=%s",
+ handle->redirect_prefix,
+ handle->tld,
+ handle->redirect_suffix,
+ "access_denied",
+ "User denied access",
+ handle->oidc->state);
+ }
+ else
+ {
+ GNUNET_asprintf (&redirect_uri,
+ "%s?error=%s&error_description=%s&state=%s",
+ handle->oidc->redirect_uri,
+ "access_denied",
+ "User denied access",
+ handle->oidc->state);
+ }
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect_uri);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (redirect_uri);
+ return;
+ }
+ GNUNET_SCHEDULER_add_now (&code_redirect, handle);
}
static void
-lookup_redirect_uri_result(void *cls,
- uint32_t rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
+lookup_redirect_uri_result (void *cls,
+ uint32_t rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
{
struct RequestHandle *handle = cls;
char *tmp;
@@ -1139,66 +1144,66 @@ lookup_redirect_uri_result(void *cls,
handle->gns_op = NULL;
if (0 == rd_count)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
- handle->edesc =
- GNUNET_strdup("Server cannot generate ticket, redirect uri not
found.");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
+ handle->edesc =
+ GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
for (int i = 0; i < rd_count; i++)
- {
- if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
+ {
+ if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
+ continue;
+ if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size))
+ continue;
+ tmp = GNUNET_strndup (rd[i].data, rd[i].data_size);
+ if (NULL == strstr (tmp, handle->oidc->client_id))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Redirect uri %s does not contain client_id %s\n",
+ tmp,
+ handle->oidc->client_id);
+ }
+ else
+ {
+ pos = strrchr (tmp, (unsigned char) '.');
+ if (NULL == pos)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Redirect uri %s contains client_id but is malformed\n",
+ tmp);
+ GNUNET_free (tmp);
continue;
- if (0 != strncmp(rd[i].data, handle->oidc->redirect_uri,
rd[i].data_size))
+ }
+ *pos = '\0';
+ handle->redirect_prefix = GNUNET_strdup (tmp);
+ tmp_key_str = pos + 1;
+ pos = strchr (tmp_key_str, (unsigned char) '/');
+ if (NULL == pos)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Redirect uri %s contains client_id but is malformed\n",
+ tmp);
+ GNUNET_free (tmp);
continue;
- tmp = GNUNET_strndup(rd[i].data, rd[i].data_size);
- if (NULL == strstr(tmp, handle->oidc->client_id))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
- "Redirect uri %s does not contain client_id %s\n",
- tmp,
- handle->oidc->client_id);
- }
- else
- {
- pos = strrchr(tmp, (unsigned char)'.');
- if (NULL == pos)
- {
- GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
- "Redirect uri %s contains client_id but is
malformed\n",
- tmp);
- GNUNET_free(tmp);
- continue;
- }
- *pos = '\0';
- handle->redirect_prefix = GNUNET_strdup(tmp);
- tmp_key_str = pos + 1;
- pos = strchr(tmp_key_str, (unsigned char)'/');
- if (NULL == pos)
- {
- GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
- "Redirect uri %s contains client_id but is
malformed\n",
- tmp);
- GNUNET_free(tmp);
- continue;
- }
- *pos = '\0';
- handle->redirect_suffix = GNUNET_strdup(pos + 1);
-
- GNUNET_STRINGS_string_to_data(tmp_key_str,
- strlen(tmp_key_str),
- &redirect_zone,
- sizeof(redirect_zone));
- }
- GNUNET_SCHEDULER_add_now(&build_redirect, handle);
- GNUNET_free(tmp);
- return;
- }
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
+ }
+ *pos = '\0';
+ handle->redirect_suffix = GNUNET_strdup (pos + 1);
+
+ GNUNET_STRINGS_string_to_data (tmp_key_str,
+ strlen (tmp_key_str),
+ &redirect_zone,
+ sizeof(redirect_zone));
+ }
+ GNUNET_SCHEDULER_add_now (&build_redirect, handle);
+ GNUNET_free (tmp);
+ return;
+ }
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
handle->edesc =
- GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
+ GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
}
@@ -1206,37 +1211,37 @@ lookup_redirect_uri_result(void *cls,
* Initiate redirect back to client.
*/
static void
-client_redirect(void *cls)
+client_redirect (void *cls)
{
struct RequestHandle *handle = cls;
/* Lookup client redirect uri to verify request */
handle->gns_op =
- GNUNET_GNS_lookup(handle->gns_handle,
- GNUNET_GNS_EMPTY_LABEL_AT,
- &handle->oidc->client_pkey,
- GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
- GNUNET_GNS_LO_DEFAULT,
- &lookup_redirect_uri_result,
- handle);
+ GNUNET_GNS_lookup (handle->gns_handle,
+ GNUNET_GNS_EMPTY_LABEL_AT,
+ &handle->oidc->client_pkey,
+ GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
+ GNUNET_GNS_LO_DEFAULT,
+ &lookup_redirect_uri_result,
+ handle);
}
static char *
-get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
+get_url_parameter_copy (const struct RequestHandle *handle, const char *key)
{
struct GNUNET_HashCode hc;
char *value;
- GNUNET_CRYPTO_hash(key, strlen(key), &hc);
- if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle
- ->url_param_map,
- &hc))
+ GNUNET_CRYPTO_hash (key, strlen (key), &hc);
+ if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
+ ->url_param_map,
+ &hc))
return NULL;
value =
- GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &hc);
+ GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
&hc);
if (NULL == value)
return NULL;
- return GNUNET_strdup(value);
+ return GNUNET_strdup (value);
}
@@ -1247,7 +1252,7 @@ get_url_parameter_copy(const struct RequestHandle
*handle, const char *key)
* @param cls the `struct RequestHandle`
*/
static void
-build_authz_response(void *cls)
+build_authz_response (void *cls)
{
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
@@ -1259,117 +1264,117 @@ build_authz_response(void *cls)
// REQUIRED value: redirect_uri
handle->oidc->redirect_uri =
- get_url_parameter_copy(handle, OIDC_REDIRECT_URI_KEY);
+ get_url_parameter_copy (handle, OIDC_REDIRECT_URI_KEY);
if (NULL == handle->oidc->redirect_uri)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
// REQUIRED value: response_type
handle->oidc->response_type =
- get_url_parameter_copy(handle, OIDC_RESPONSE_TYPE_KEY);
+ get_url_parameter_copy (handle, OIDC_RESPONSE_TYPE_KEY);
if (NULL == handle->oidc->response_type)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("missing parameter response_type");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("missing parameter response_type");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
// REQUIRED value: scope
- handle->oidc->scope = get_url_parameter_copy(handle, OIDC_SCOPE_KEY);
+ handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
if (NULL == handle->oidc->scope)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE);
- handle->edesc = GNUNET_strdup("missing parameter scope");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
+ handle->edesc = GNUNET_strdup ("missing parameter scope");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
// OPTIONAL value: nonce
- handle->oidc->nonce = get_url_parameter_copy(handle, OIDC_NONCE_KEY);
+ handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY);
// TODO check other values if needed
number_of_ignored_parameter =
sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
- {
- GNUNET_CRYPTO_hash(OIDC_ignored_parameter_array[iterator],
- strlen(OIDC_ignored_parameter_array[iterator]),
- &cache_key);
- if (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle
- ->url_param_map,
- &cache_key))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_ACCESS_DENIED);
- GNUNET_asprintf(&handle->edesc,
- "Server will not handle parameter: %s",
- OIDC_ignored_parameter_array[iterator]);
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
+ {
+ GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
+ strlen (OIDC_ignored_parameter_array[iterator]),
+ &cache_key);
+ if (GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
+ ->url_param_map,
+ &cache_key))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED);
+ GNUNET_asprintf (&handle->edesc,
+ "Server will not handle parameter: %s",
+ OIDC_ignored_parameter_array[iterator]);
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
}
+ }
// We only support authorization code flows.
- if (0 != strcmp(handle->oidc->response_type,
- OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE);
- handle->edesc = GNUNET_strdup("The authorization server does not support
"
- "obtaining this authorization code.");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- return;
- }
+ if (0 != strcmp (handle->oidc->response_type,
+ OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE);
+ handle->edesc = GNUNET_strdup ("The authorization server does not support "
+ "obtaining this authorization code.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
// Checks if scope contains 'openid'
- expected_scope = GNUNET_strdup(handle->oidc->scope);
+ expected_scope = GNUNET_strdup (handle->oidc->scope);
char *test;
- test = strtok(expected_scope, delimiter);
+ test = strtok (expected_scope, delimiter);
while (NULL != test)
- {
- if (0 == strcmp(OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
- break;
- test = strtok(NULL, delimiter);
- }
+ {
+ if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
+ break;
+ test = strtok (NULL, delimiter);
+ }
if (NULL == test)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_SCOPE);
- handle->edesc =
- GNUNET_strdup("The requested scope is invalid, unknown, or
malformed.");
- GNUNET_SCHEDULER_add_now(&do_redirect_error, handle);
- GNUNET_free(expected_scope);
- return;
- }
-
- GNUNET_free(expected_scope);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE);
+ handle->edesc =
+ GNUNET_strdup ("The requested scope is invalid, unknown, or malformed.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ GNUNET_free (expected_scope);
+ return;
+ }
+
+ GNUNET_free (expected_scope);
if ((NULL == handle->oidc->login_identity) &&
(GNUNET_NO == handle->oidc->user_cancelled))
- GNUNET_SCHEDULER_add_now(&login_redirect, handle);
+ GNUNET_SCHEDULER_add_now (&login_redirect, handle);
else
- GNUNET_SCHEDULER_add_now(&client_redirect, handle);
+ GNUNET_SCHEDULER_add_now (&client_redirect, handle);
}
/**
* Iterate over tlds in config
*/
static void
-tld_iter(void *cls, const char *section, const char *option, const char *value)
+tld_iter (void *cls, const char *section, const char *option, const char
*value)
{
struct RequestHandle *handle = cls;
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_public_key_from_string(value, strlen(value), &pkey))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
- return;
- }
- if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey))
- handle->tld = GNUNET_strdup(option + 1);
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (value, strlen (value),
&pkey))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
+ return;
+ }
+ if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
+ handle->tld = GNUNET_strdup (option + 1);
}
/**
@@ -1380,70 +1385,71 @@ tld_iter(void *cls, const char *section, const char
*option, const char *value)
* @param cls the RequestHandle
*/
static void
-authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
- const char *url,
- void *cls)
+authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
{
struct RequestHandle *handle = cls;
struct EgoEntry *tmp_ego;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
- cookie_identity_interpretation(handle);
+ cookie_identity_interpretation (handle);
// RECOMMENDED value: state - REQUIRED for answers
- handle->oidc->state = get_url_parameter_copy(handle, OIDC_STATE_KEY);
+ handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY);
// REQUIRED value: client_id
- handle->oidc->client_id = get_url_parameter_copy(handle, OIDC_CLIENT_ID_KEY);
+ handle->oidc->client_id = get_url_parameter_copy (handle,
OIDC_CLIENT_ID_KEY);
if (NULL == handle->oidc->client_id)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("missing parameter client_id");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("missing parameter client_id");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
// OPTIONAL value: code_challenge
- handle->oidc->code_challenge = get_url_parameter_copy(handle,
OIDC_CODE_CHALLENGE_KEY);
+ handle->oidc->code_challenge = get_url_parameter_copy (handle,
+
OIDC_CODE_CHALLENGE_KEY);
if (NULL == handle->oidc->code_challenge)
- {
- GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
- "OAuth authorization request does not contain PKCE
parameters!\n");
- }
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "OAuth authorization request does not contain PKCE
parameters!\n");
+ }
if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_public_key_from_string(handle->oidc->client_id,
- strlen(
- handle->oidc->client_id),
- &handle->oidc->client_pkey))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
- handle->edesc = GNUNET_strdup("The client is not authorized to request
an "
- "authorization code using this method.");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
+ strlen (
+ handle->oidc->client_id),
+ &handle->oidc->client_pkey))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
+ handle->edesc = GNUNET_strdup ("The client is not authorized to request an
"
+ "authorization code using this method.");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
// If we know this identity, translated the corresponding TLD
// TODO: We might want to have a reverse lookup functionality for TLDs?
for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
+ {
+ priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
+ GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey);
+ if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
{
- priv_key = GNUNET_IDENTITY_ego_get_private_key(tmp_ego->ego);
- GNUNET_CRYPTO_ecdsa_key_get_public(priv_key, &pkey);
- if (0 == GNUNET_memcmp(&pkey, &handle->oidc->client_pkey))
- {
- handle->tld = GNUNET_strdup(tmp_ego->identifier);
- handle->ego_entry = handle->ego_tail;
- }
+ handle->tld = GNUNET_strdup (tmp_ego->identifier);
+ handle->ego_entry = handle->ego_tail;
}
+ }
if (NULL == handle->tld)
- GNUNET_CONFIGURATION_iterate_section_values(cfg, "gns", tld_iter, handle);
+ GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle);
if (NULL == handle->tld)
- handle->tld = GNUNET_strdup(handle->oidc->client_id);
- GNUNET_SCHEDULER_add_now(&build_authz_response, handle);
+ handle->tld = GNUNET_strdup (handle->oidc->client_id);
+ GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
}
/**
@@ -1454,11 +1460,11 @@ authorize_endpoint(struct GNUNET_REST_RequestHandle
*con_handle,
* @param cls the RequestHandle
*/
static void
-login_cont(struct GNUNET_REST_RequestHandle *con_handle,
- const char *url,
- void *cls)
+login_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
{
- struct MHD_Response *resp = GNUNET_REST_create_response("");
+ struct MHD_Response *resp = GNUNET_REST_create_response ("");
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
struct GNUNET_TIME_Absolute *current_time;
@@ -1471,54 +1477,54 @@ login_cont(struct GNUNET_REST_RequestHandle *con_handle,
char term_data[handle->rest_handle->data_size + 1];
term_data[handle->rest_handle->data_size] = '\0';
- GNUNET_memcpy(term_data,
- handle->rest_handle->data,
- handle->rest_handle->data_size);
- root = json_loads(term_data, JSON_DECODE_ANY, &error);
- identity = json_object_get(root, "identity");
- if (!json_is_string(identity))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
- "Error parsing json string from %s\n",
- term_data);
- handle->proc(handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
- json_decref(root);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
- return;
- }
- GNUNET_asprintf(&cookie, "Identity=%s", json_string_value(identity));
- GNUNET_asprintf(&header_val,
- "%s;Max-Age=%d",
- cookie,
- OIDC_COOKIE_EXPIRATION);
- MHD_add_response_header(resp, "Set-Cookie", header_val);
- MHD_add_response_header(resp, "Access-Control-Allow-Methods", "POST");
- GNUNET_CRYPTO_hash(cookie, strlen(cookie), &cache_key);
-
- if (0 != strcmp(json_string_value(identity), "Denied"))
- {
- current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
- *current_time = GNUNET_TIME_relative_to_absolute(
- GNUNET_TIME_relative_multiply(GNUNET_TIME_relative_get_second_(),
- OIDC_COOKIE_EXPIRATION));
- last_time =
- GNUNET_CONTAINER_multihashmap_get(OIDC_cookie_jar_map, &cache_key);
- GNUNET_free_non_null(last_time);
- GNUNET_CONTAINER_multihashmap_put(OIDC_cookie_jar_map,
- &cache_key,
- current_time,
-
GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
- }
- handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_free(cookie);
- GNUNET_free(header_val);
- json_decref(root);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
+ GNUNET_memcpy (term_data,
+ handle->rest_handle->data,
+ handle->rest_handle->data_size);
+ root = json_loads (term_data, JSON_DECODE_ANY, &error);
+ identity = json_object_get (root, "identity");
+ if (! json_is_string (identity))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Error parsing json string from %s\n",
+ term_data);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
+ json_decref (root);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ return;
+ }
+ GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
+ GNUNET_asprintf (&header_val,
+ "%s;Max-Age=%d",
+ cookie,
+ OIDC_COOKIE_EXPIRATION);
+ MHD_add_response_header (resp, "Set-Cookie", header_val);
+ MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
+ GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
+
+ if (0 != strcmp (json_string_value (identity), "Denied"))
+ {
+ current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
+ *current_time = GNUNET_TIME_relative_to_absolute (
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
+ OIDC_COOKIE_EXPIRATION));
+ last_time =
+ GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
+ GNUNET_free_non_null (last_time);
+ GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map,
+ &cache_key,
+ current_time,
+
GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+ }
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free (cookie);
+ GNUNET_free (header_val);
+ json_decref (root);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
}
static int
-check_authorization(struct RequestHandle *handle,
- struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+check_authorization (struct RequestHandle *handle,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
{
struct GNUNET_HashCode cache_key;
char *authorization;
@@ -1528,146 +1534,146 @@ check_authorization(struct RequestHandle *handle,
char *pass;
char *expected_pass;
- GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY,
- strlen(OIDC_AUTHORIZATION_HEADER_KEY),
- &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle
- ->header_param_map,
- &cache_key))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->edesc = GNUNET_strdup("missing authorization");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
+ GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
+ strlen (OIDC_AUTHORIZATION_HEADER_KEY),
+ &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
+ ->header_param_map,
+ &cache_key))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->edesc = GNUNET_strdup ("missing authorization");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
authorization =
- GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map,
- &cache_key);
+ GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+ &cache_key);
// split header in "Basic" and [content]
- credentials = strtok(authorization, " ");
- if ((NULL == credentials) || (0 != strcmp("Basic", credentials)))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
- credentials = strtok(NULL, " ");
+ credentials = strtok (authorization, " ");
+ if ((NULL == credentials) || (0 != strcmp ("Basic", credentials)))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ credentials = strtok (NULL, " ");
if (NULL == credentials)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
- GNUNET_STRINGS_base64_decode(credentials,
- strlen(credentials),
- (void **)&basic_authorization);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ GNUNET_STRINGS_base64_decode (credentials,
+ strlen (credentials),
+ (void **) &basic_authorization);
if (NULL == basic_authorization)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
- client_id = strtok(basic_authorization, ":");
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ client_id = strtok (basic_authorization, ":");
if (NULL == client_id)
- {
- GNUNET_free_non_null(basic_authorization);
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
- pass = strtok(NULL, ":");
+ {
+ GNUNET_free_non_null (basic_authorization);
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ pass = strtok (NULL, ":");
if (NULL == pass)
- {
- GNUNET_free_non_null(basic_authorization);
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
+ {
+ GNUNET_free_non_null (basic_authorization);
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
// check client password
- if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string(cfg,
- "reclaim-rest-plugin",
- "OIDC_CLIENT_SECRET",
- &expected_pass))
- {
- if (0 != strcmp(expected_pass, pass))
- {
- GNUNET_free_non_null(basic_authorization);
- GNUNET_free(expected_pass);
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
- GNUNET_free(expected_pass);
- }
- else
- {
- GNUNET_free_non_null(basic_authorization);
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
- handle->edesc = GNUNET_strdup("gnunet configuration failed");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
+
"reclaim-rest-plugin",
+ "OIDC_CLIENT_SECRET",
+ &expected_pass))
+ {
+ if (0 != strcmp (expected_pass, pass))
+ {
+ GNUNET_free_non_null (basic_authorization);
+ GNUNET_free (expected_pass);
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
return GNUNET_SYSERR;
}
+ GNUNET_free (expected_pass);
+ }
+ else
+ {
+ GNUNET_free_non_null (basic_authorization);
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ return GNUNET_SYSERR;
+ }
// check client_id
for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
handle->ego_entry = handle->ego_entry->next)
- {
- if (0 == strcmp(handle->ego_entry->keystring, client_id))
- break;
- }
+ {
+ if (0 == strcmp (handle->ego_entry->keystring, client_id))
+ break;
+ }
if (NULL == handle->ego_entry)
- {
- GNUNET_free_non_null(basic_authorization);
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_CLIENT);
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- return GNUNET_SYSERR;
- }
- GNUNET_STRINGS_string_to_data(client_id,
- strlen(client_id),
- cid,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
-
- GNUNET_free(basic_authorization);
+ {
+ GNUNET_free_non_null (basic_authorization);
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ GNUNET_STRINGS_string_to_data (client_id,
+ strlen (client_id),
+ cid,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+
+ GNUNET_free (basic_authorization);
return GNUNET_OK;
}
const struct EgoEntry *
-find_ego(struct RequestHandle *handle,
- struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
+find_ego (struct RequestHandle *handle,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
{
struct EgoEntry *ego_entry;
struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
for (ego_entry = handle->ego_head; NULL != ego_entry;
ego_entry = ego_entry->next)
- {
- GNUNET_IDENTITY_ego_get_public_key(ego_entry->ego, &pub_key);
- if (0 == GNUNET_memcmp(&pub_key, test_key))
- return ego_entry;
- }
+ {
+ GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
+ if (0 == GNUNET_memcmp (&pub_key, test_key))
+ return ego_entry;
+ }
return NULL;
}
static void
-persist_access_token(const struct RequestHandle *handle,
- const char *access_token,
- const struct GNUNET_RECLAIM_Ticket *ticket)
+persist_access_token (const struct RequestHandle *handle,
+ const char *access_token,
+ const struct GNUNET_RECLAIM_Ticket *ticket)
{
struct GNUNET_HashCode hc;
struct GNUNET_RECLAIM_Ticket *ticketbuf;
- GNUNET_CRYPTO_hash(access_token, strlen(access_token), &hc);
- ticketbuf = GNUNET_new(struct GNUNET_RECLAIM_Ticket);
+ GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
+ ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
*ticketbuf = *ticket;
- GNUNET_assert(GNUNET_SYSERR !=
- GNUNET_CONTAINER_multihashmap_put(
- OIDC_access_token_map,
- &hc,
- ticketbuf,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+ GNUNET_assert (GNUNET_SYSERR !=
+ GNUNET_CONTAINER_multihashmap_put (
+ OIDC_access_token_map,
+ &hc,
+ ticketbuf,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
}
/**
@@ -1678,9 +1684,9 @@ persist_access_token(const struct RequestHandle *handle,
* @param cls the RequestHandle
*/
static void
-token_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
- const char *url,
- void *cls)
+token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
{
struct RequestHandle *handle = cls;
const struct EgoEntry *ego_entry;
@@ -1703,13 +1709,13 @@ token_endpoint(struct GNUNET_REST_RequestHandle
*con_handle,
/*
* Check Authorization
*/
- if (GNUNET_SYSERR == check_authorization(handle, &cid))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
- "OIDC authorization for token endpoint failed\n");
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ if (GNUNET_SYSERR == check_authorization (handle, &cid))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "OIDC authorization for token endpoint failed\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
/*
* Check parameter
@@ -1717,148 +1723,147 @@ token_endpoint(struct GNUNET_REST_RequestHandle
*con_handle,
// TODO Do not allow multiple equal parameter names
// REQUIRED grant_type
- GNUNET_CRYPTO_hash(OIDC_GRANT_TYPE_KEY,
- strlen(OIDC_GRANT_TYPE_KEY),
- &cache_key);
- grant_type = get_url_parameter_copy(handle, OIDC_GRANT_TYPE_KEY);
+ GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY,
+ strlen (OIDC_GRANT_TYPE_KEY),
+ &cache_key);
+ grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY);
if (NULL == grant_type)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("missing parameter grant_type");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("missing parameter grant_type");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
// Check parameter grant_type == "authorization_code"
- if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_free(grant_type);
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
- GNUNET_free(grant_type);
+ if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_free (grant_type);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ GNUNET_free (grant_type);
// REQUIRED code
- code = get_url_parameter_copy(handle, OIDC_CODE_KEY);
+ code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
if (NULL == code)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("missing parameter code");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
- ego_entry = find_ego(handle, &cid);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("missing parameter code");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ ego_entry = find_ego (handle, &cid);
if (NULL == ego_entry)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("Unknown client");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_free(code);
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
- privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("Unknown client");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_free (code);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
// REQUIRED code verifier
- code_verifier = get_url_parameter_copy(handle, OIDC_CODE_VERIFIER_KEY);
+ code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
if (NULL == code_verifier)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("missing parameter code_verifier");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "OAuth authorization request does not contain PKCE
parameters!\n");
+
+ }
// decode code
- if (GNUNET_OK != OIDC_parse_authz_code(privkey, code, code_verifier,
&ticket, &cl, &nonce))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("invalid code");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_free(code);
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
- GNUNET_free(code);
+ if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier,
&ticket,
+ &cl, &nonce))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("invalid code");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_free (code);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ GNUNET_free (code);
// create jwt
- if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time(cfg,
- "reclaim-rest-plugin",
- "expiration_time",
- &expiration_time))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_SERVER_ERROR);
- handle->edesc = GNUNET_strdup("gnunet configuration failed");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg,
+ "reclaim-rest-plugin",
+ "expiration_time",
+ &expiration_time))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
// TODO OPTIONAL acr,amr,azp
- if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string(cfg,
- "reclaim-rest-plugin",
- "jwt_secret",
- &jwt_secret))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_REQUEST);
- handle->edesc = GNUNET_strdup("No signing secret configured!");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- return;
- }
- id_token = OIDC_id_token_new(&ticket.audience,
- &ticket.identity,
- cl,
- &expiration_time,
- (NULL != nonce) ? nonce : NULL,
- jwt_secret);
- access_token = OIDC_access_token_new();
- OIDC_build_token_response(access_token,
- id_token,
- &expiration_time,
- &json_response);
-
- persist_access_token(handle, access_token, &ticket);
- resp = GNUNET_REST_create_response(json_response);
- MHD_add_response_header(resp, "Cache-Control", "no-store");
- MHD_add_response_header(resp, "Pragma", "no-cache");
- MHD_add_response_header(resp, "Content-Type", "application/json");
- handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl);
- GNUNET_free(access_token);
- GNUNET_free(json_response);
- GNUNET_free(id_token);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg,
+
"reclaim-rest-plugin",
+ "jwt_secret",
+ &jwt_secret))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
+ handle->edesc = GNUNET_strdup ("No signing secret configured!");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ id_token = OIDC_id_token_new (&ticket.audience,
+ &ticket.identity,
+ cl,
+ &expiration_time,
+ (NULL != nonce) ? nonce : NULL,
+ jwt_secret);
+ access_token = OIDC_access_token_new ();
+ OIDC_build_token_response (access_token,
+ id_token,
+ &expiration_time,
+ &json_response);
+
+ persist_access_token (handle, access_token, &ticket);
+ resp = GNUNET_REST_create_response (json_response);
+ MHD_add_response_header (resp, "Cache-Control", "no-store");
+ MHD_add_response_header (resp, "Pragma", "no-cache");
+ MHD_add_response_header (resp, "Content-Type", "application/json");
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (cl);
+ GNUNET_free (access_token);
+ GNUNET_free (json_response);
+ GNUNET_free (id_token);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
}
/**
* Collects claims and stores them in handle
*/
static void
-consume_ticket(void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+consume_ticket (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
{
struct RequestHandle *handle = cls;
char *tmp_value;
json_t *value;
if (NULL == identity)
- {
- GNUNET_SCHEDULER_add_now(&return_userinfo_response, handle);
- return;
- }
- tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string(attr->type,
- attr->data,
- attr->data_size);
- value = json_string(tmp_value);
- json_object_set_new(handle->oidc->response, attr->name, value);
- GNUNET_free(tmp_value);
+ {
+ GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
+ return;
+ }
+ tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+ attr->data,
+ attr->data_size);
+ value = json_string (tmp_value);
+ json_object_set_new (handle->oidc->response, attr->name, value);
+ GNUNET_free (tmp_value);
}
/**
@@ -1869,9 +1874,9 @@ consume_ticket(void *cls,
* @param cls the RequestHandle
*/
static void
-userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle,
- const char *url,
- void *cls)
+userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
{
// TODO expiration time
struct RequestHandle *handle = cls;
@@ -1884,87 +1889,87 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle
*con_handle,
const struct EgoEntry *ego_entry;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
- GNUNET_CRYPTO_hash(OIDC_AUTHORIZATION_HEADER_KEY,
- strlen(OIDC_AUTHORIZATION_HEADER_KEY),
- &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle
- ->header_param_map,
- &cache_key))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN);
- handle->edesc = GNUNET_strdup("No Access Token");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle);
- return;
- }
+ GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
+ strlen (OIDC_AUTHORIZATION_HEADER_KEY),
+ &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
+ ->header_param_map,
+ &cache_key))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
+ handle->edesc = GNUNET_strdup ("No Access Token");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ return;
+ }
authorization =
- GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->header_param_map,
- &cache_key);
+ GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+ &cache_key);
// split header in "Bearer" and access_token
- authorization = GNUNET_strdup(authorization);
- authorization_type = strtok(authorization, delimiter);
+ authorization = GNUNET_strdup (authorization);
+ authorization_type = strtok (authorization, delimiter);
if ((NULL == authorization_type) ||
- (0 != strcmp("Bearer", authorization_type)))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN);
- handle->edesc = GNUNET_strdup("No Access Token");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
- authorization_access_token = strtok(NULL, delimiter);
+ (0 != strcmp ("Bearer", authorization_type)))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
+ handle->edesc = GNUNET_strdup ("No Access Token");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free (authorization);
+ return;
+ }
+ authorization_access_token = strtok (NULL, delimiter);
if (NULL == authorization_access_token)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN);
- handle->edesc = GNUNET_strdup("Access token missing");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
-
- GNUNET_CRYPTO_hash(authorization_access_token,
- strlen(authorization_access_token),
- &cache_key);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
+ handle->edesc = GNUNET_strdup ("Access token missing");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free (authorization);
+ return;
+ }
+
+ GNUNET_CRYPTO_hash (authorization_access_token,
+ strlen (authorization_access_token),
+ &cache_key);
if (GNUNET_NO ==
- GNUNET_CONTAINER_multihashmap_contains(OIDC_access_token_map,
- &cache_key))
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN);
- handle->edesc = GNUNET_strdup("The access token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
+ GNUNET_CONTAINER_multihashmap_contains (OIDC_access_token_map,
+ &cache_key))
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
+ handle->edesc = GNUNET_strdup ("The access token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free (authorization);
+ return;
+ }
ticket =
- GNUNET_CONTAINER_multihashmap_get(OIDC_access_token_map, &cache_key);
- GNUNET_assert(NULL != ticket);
- ego_entry = find_ego(handle, &ticket->audience);
+ GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key);
+ GNUNET_assert (NULL != ticket);
+ ego_entry = find_ego (handle, &ticket->audience);
if (NULL == ego_entry)
- {
- handle->emsg = GNUNET_strdup(OIDC_ERROR_KEY_INVALID_TOKEN);
- handle->edesc = GNUNET_strdup("The access token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now(&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
-
- handle->idp = GNUNET_RECLAIM_connect(cfg);
- handle->oidc->response = json_object();
- json_object_set_new(handle->oidc->response,
- "sub",
- json_string(ego_entry->keystring));
- privkey = GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego);
- handle->idp_op = GNUNET_RECLAIM_ticket_consume(handle->idp,
- privkey,
- ticket,
- consume_ticket,
- handle);
- GNUNET_free(authorization);
+ {
+ handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
+ handle->edesc = GNUNET_strdup ("The access token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free (authorization);
+ return;
+ }
+
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->oidc->response = json_object ();
+ json_object_set_new (handle->oidc->response,
+ "sub",
+ json_string (ego_entry->keystring));
+ privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+ handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
+ privkey,
+ ticket,
+ consume_ticket,
+ handle);
+ GNUNET_free (authorization);
}
@@ -1974,14 +1979,14 @@ userinfo_endpoint(struct GNUNET_REST_RequestHandle
*con_handle,
* @param handle the request handle
*/
static void
-init_cont(struct RequestHandle *handle)
+init_cont (struct RequestHandle *handle)
{
struct GNUNET_REST_RequestHandlerError err;
static const struct GNUNET_REST_RequestHandler handlers[] =
{ { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint },
{ MHD_HTTP_METHOD_POST,
- GNUNET_REST_API_NS_AUTHORIZE,
- &authorize_endpoint }, // url-encoded
+ GNUNET_REST_API_NS_AUTHORIZE,
+ &authorize_endpoint }, // url-encoded
{ MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont },
{ MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
{ MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
@@ -1990,11 +1995,11 @@ init_cont(struct RequestHandle *handle)
GNUNET_REST_HANDLER_END };
if (GNUNET_NO ==
- GNUNET_REST_handle_request(handle->rest_handle, handlers, &err, handle))
- {
- handle->response_code = err.error_code;
- GNUNET_SCHEDULER_add_now(&do_error, handle);
- }
+ GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
+ {
+ handle->response_code = err.error_code;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ }
}
/**
@@ -2031,91 +2036,91 @@ init_cont(struct RequestHandle *handle)
* must thus no longer be used
*/
static void
-list_ego(void *cls,
- struct GNUNET_IDENTITY_Ego *ego,
- void **ctx,
- const char *identifier)
+list_ego (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *identifier)
{
struct RequestHandle *handle = cls;
struct EgoEntry *ego_entry;
struct GNUNET_CRYPTO_EcdsaPublicKey pk;
if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
- {
- handle->state = ID_REST_STATE_POST_INIT;
- init_cont(handle);
- return;
- }
- GNUNET_assert(NULL != ego);
+ {
+ handle->state = ID_REST_STATE_POST_INIT;
+ init_cont (handle);
+ return;
+ }
+ GNUNET_assert (NULL != ego);
if (ID_REST_STATE_INIT == handle->state)
- {
- ego_entry = GNUNET_new(struct EgoEntry);
- GNUNET_IDENTITY_ego_get_public_key(ego, &pk);
- ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk);
- ego_entry->ego = ego;
- ego_entry->identifier = GNUNET_strdup(identifier);
- GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,
- handle->ego_tail,
- ego_entry);
- return;
- }
+ {
+ ego_entry = GNUNET_new (struct EgoEntry);
+ GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
+ ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+ ego_entry->ego = ego;
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head,
+ handle->ego_tail,
+ ego_entry);
+ return;
+ }
/* Ego renamed or added */
if (identifier != NULL)
+ {
+ for (ego_entry = handle->ego_head; NULL != ego_entry;
+ ego_entry = ego_entry->next)
+ {
+ if (ego_entry->ego == ego)
+ {
+ /* Rename */
+ GNUNET_free (ego_entry->identifier);
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ break;
+ }
+ }
+ if (NULL == ego_entry)
{
- for (ego_entry = handle->ego_head; NULL != ego_entry;
- ego_entry = ego_entry->next)
- {
- if (ego_entry->ego == ego)
- {
- /* Rename */
- GNUNET_free(ego_entry->identifier);
- ego_entry->identifier = GNUNET_strdup(identifier);
- break;
- }
- }
- if (NULL == ego_entry)
- {
- /* Add */
- ego_entry = GNUNET_new(struct EgoEntry);
- GNUNET_IDENTITY_ego_get_public_key(ego, &pk);
- ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string(&pk);
- ego_entry->ego = ego;
- ego_entry->identifier = GNUNET_strdup(identifier);
- GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,
- handle->ego_tail,
- ego_entry);
- }
+ /* Add */
+ ego_entry = GNUNET_new (struct EgoEntry);
+ GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
+ ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+ ego_entry->ego = ego;
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ GNUNET_CONTAINER_DLL_insert_tail (handle->ego_head,
+ handle->ego_tail,
+ ego_entry);
}
+ }
else
+ {
+ /* Delete */
+ for (ego_entry = handle->ego_head; NULL != ego_entry;
+ ego_entry = ego_entry->next)
{
- /* Delete */
- for (ego_entry = handle->ego_head; NULL != ego_entry;
- ego_entry = ego_entry->next)
- {
- if (ego_entry->ego == ego)
- break;
- }
- if (NULL != ego_entry)
- GNUNET_CONTAINER_DLL_remove(handle->ego_head,
- handle->ego_tail,
- ego_entry);
+ if (ego_entry->ego == ego)
+ break;
}
+ if (NULL != ego_entry)
+ GNUNET_CONTAINER_DLL_remove (handle->ego_head,
+ handle->ego_tail,
+ ego_entry);
+ }
}
static void
-rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
- GNUNET_REST_ResultProcessor proc,
- void *proc_cls)
+rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
+ GNUNET_REST_ResultProcessor proc,
+ void *proc_cls)
{
- struct RequestHandle *handle = GNUNET_new(struct RequestHandle);
+ struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
- handle->oidc = GNUNET_new(struct OIDC_Variables);
+ handle->oidc = GNUNET_new (struct OIDC_Variables);
if (NULL == OIDC_cookie_jar_map)
- OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO);
+ OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
if (NULL == OIDC_access_token_map)
OIDC_access_token_map =
- GNUNET_CONTAINER_multihashmap_create(10, GNUNET_NO);
+ GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
handle->response_code = 0;
handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
handle->proc_cls = proc_cls;
@@ -2123,16 +2128,16 @@ rest_identity_process_request(struct
GNUNET_REST_RequestHandle *rest_handle,
handle->state = ID_REST_STATE_INIT;
handle->rest_handle = rest_handle;
- handle->url = GNUNET_strdup(rest_handle->url);
- if (handle->url[strlen(handle->url) - 1] == '/')
- handle->url[strlen(handle->url) - 1] = '\0';
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
- handle->identity_handle = GNUNET_IDENTITY_connect(cfg, &list_ego, handle);
- handle->gns_handle = GNUNET_GNS_connect(cfg);
- handle->namestore_handle = GNUNET_NAMESTORE_connect(cfg);
+ handle->url = GNUNET_strdup (rest_handle->url);
+ if (handle->url[strlen (handle->url) - 1] == '/')
+ handle->url[strlen (handle->url) - 1] = '\0';
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
+ handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle);
+ handle->gns_handle = GNUNET_GNS_connect (cfg);
+ handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
handle->timeout_task =
- GNUNET_SCHEDULER_add_delayed(handle->timeout, &do_timeout, handle);
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
+ GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
}
/**
@@ -2142,7 +2147,7 @@ rest_identity_process_request(struct
GNUNET_REST_RequestHandle *rest_handle,
* @return NULL on error, otherwise the plugin context
*/
void *
-libgnunet_plugin_rest_openid_connect_init(void *cls)
+libgnunet_plugin_rest_openid_connect_init (void *cls)
{
static struct Plugin plugin;
struct GNUNET_REST_Plugin *api;
@@ -2150,22 +2155,22 @@ libgnunet_plugin_rest_openid_connect_init(void *cls)
cfg = cls;
if (NULL != plugin.cfg)
return NULL; /* can only initialize once! */
- memset(&plugin, 0, sizeof(struct Plugin));
+ memset (&plugin, 0, sizeof(struct Plugin));
plugin.cfg = cfg;
- api = GNUNET_new(struct GNUNET_REST_Plugin);
+ api = GNUNET_new (struct GNUNET_REST_Plugin);
api->cls = &plugin;
api->name = GNUNET_REST_API_NS_OIDC;
api->process_request = &rest_identity_process_request;
- GNUNET_asprintf(&allow_methods,
- "%s, %s, %s, %s, %s",
- MHD_HTTP_METHOD_GET,
- MHD_HTTP_METHOD_POST,
- MHD_HTTP_METHOD_PUT,
- MHD_HTTP_METHOD_DELETE,
- MHD_HTTP_METHOD_OPTIONS);
-
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
- _("OpenID Connect REST API initialized\n"));
+ GNUNET_asprintf (&allow_methods,
+ "%s, %s, %s, %s, %s",
+ MHD_HTTP_METHOD_GET,
+ MHD_HTTP_METHOD_POST,
+ MHD_HTTP_METHOD_PUT,
+ MHD_HTTP_METHOD_DELETE,
+ MHD_HTTP_METHOD_OPTIONS);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ _ ("OpenID Connect REST API initialized\n"));
return api;
}
@@ -2177,7 +2182,7 @@ libgnunet_plugin_rest_openid_connect_init(void *cls)
* @return always NULL
*/
void *
-libgnunet_plugin_rest_openid_connect_done(void *cls)
+libgnunet_plugin_rest_openid_connect_done (void *cls)
{
struct GNUNET_REST_Plugin *api = cls;
struct Plugin *plugin = api->cls;
@@ -2187,24 +2192,24 @@ libgnunet_plugin_rest_openid_connect_done(void *cls)
struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
void *value = NULL;
hashmap_it =
- GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_cookie_jar_map);
+ GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_cookie_jar_map);
while (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value))
- GNUNET_free_non_null(value);
- GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it);
- GNUNET_CONTAINER_multihashmap_destroy(OIDC_cookie_jar_map);
+ GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
+ GNUNET_free_non_null (value);
+ GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
+ GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map);
hashmap_it =
- GNUNET_CONTAINER_multihashmap_iterator_create(OIDC_access_token_map);
+ GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_access_token_map);
while (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_iterator_next(hashmap_it, NULL, value))
- GNUNET_free_non_null(value);
- GNUNET_CONTAINER_multihashmap_destroy(OIDC_access_token_map);
- GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it);
- GNUNET_free_non_null(allow_methods);
- GNUNET_free(api);
- GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
- "OpenID Connect REST plugin is finished\n");
+ GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
+ GNUNET_free_non_null (value);
+ GNUNET_CONTAINER_multihashmap_destroy (OIDC_access_token_map);
+ GNUNET_CONTAINER_multihashmap_iterator_destroy (hashmap_it);
+ GNUNET_free_non_null (allow_methods);
+ GNUNET_free (api);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "OpenID Connect REST plugin is finished\n");
return NULL;
}
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet] branch master updated: gracely handle missing PKCE params in token request,
gnunet <=