*/
struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+ /**
+ * A ticket
+ */
+ struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+
/**
* Desired timeout for the lookup (default is no timeout).
*/
GNUNET_SCHEDULER_add_now (&do_error, handle);
}
+static void get_client_name_result (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char *ticket_str;
+ char *redirect_uri;
+ char *code_json_string;
+ char *code_base64_final_string;
+ char *redirect_path;
+ char *tmp;
+ ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
+ sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+ //TODO change if more attributes are needed (see max_age)
+ GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}",
+ ticket_str,
+ (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "",
+ (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
+ (NULL != handle->oidc->nonce) ? "\"" : "");
+ code_base64_final_string = base_64_encode(code_json_string);
+ tmp = GNUNET_strdup (handle->oidc->redirect_uri);
+ redirect_path = strtok (tmp, "/");
+ redirect_path = strtok (NULL, "/");
+ redirect_path = strtok (NULL, "/");
+ GNUNET_asprintf (&redirect_uri, "https://%s.gnu/%s?%s=%s&state=%s",
+ label,
+ redirect_path,
+ handle->oidc->response_type,
+ code_base64_final_string, handle->oidc->state);
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect_uri);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (tmp);
+ GNUNET_free (redirect_uri);
+ GNUNET_free (ticket_str);
+ GNUNET_free (code_json_string);
+ GNUNET_free (code_base64_final_string);
+ return;
+}
+
+static void
+get_client_name_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+}
+
/**
* Issues ticket and redirects to relying party with the authorization code as
* parameter. Otherwise redirects with error
*/
static void
oidc_ticket_issue_cb (void* cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+ const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
{
struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
- char *ticket_str;
- char *redirect_uri;
- char *code_json_string;
- char *code_base64_final_string;
handle->idp_op = NULL;
- resp = GNUNET_REST_create_response ("");
+ handle->ticket = *ticket;
if (NULL != ticket) {
- ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
- //TODO change if more attributes are needed (see max_age)
- GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}",
- ticket_str,
- (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "",
- (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
- (NULL != handle->oidc->nonce) ? "\"" : "");
- code_base64_final_string = base_64_encode(code_json_string);
- GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s",
- handle->oidc->redirect_uri,
- handle->oidc->response_type,
- code_base64_final_string, handle->oidc->state);
- MHD_add_response_header (resp, "Location", redirect_uri);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- GNUNET_free (redirect_uri);
- GNUNET_free (ticket_str);
- GNUNET_free (code_json_string);
- GNUNET_free (code_base64_final_string);
+ GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
+ &handle->priv_key,
+ &handle->oidc->client_pkey,
+ &get_client_name_error,
+ handle,
+ &get_client_name_result,
+ handle);
return;
}
handle->emsg = GNUNET_strdup("server_error");
return;
}
handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp,
- &handle->priv_key,
- &handle->oidc->client_pkey,
- handle->attr_list,
- &oidc_ticket_issue_cb,
- handle);
+ &handle->priv_key,
+ &handle->oidc->client_pkey,
+ handle->attr_list,
+ &oidc_ticket_issue_cb,
+ handle);
}
*/
static void
oidc_attr_collect (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
{
struct RequestHandle *handle = cls;
struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type,
- attr->data, attr->data_size);
+ attr->data, attr->data_size);
GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
- handle->attr_list->list_tail, le);
+ handle->attr_list->list_tail, le);
GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
}
GNUNET_free(identity_cookie);
//No login time for identity -> redirect to login
if ( GNUNET_YES
- == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time,
- &cache_key) )
+ == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time,
+ &cache_key) )
{
relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time,
- &cache_key);
+ &cache_key);
current_time = GNUNET_TIME_absolute_get ();
// 30 min after old login -> redirect to login
if ( current_time.abs_value_us <= relog_time->abs_value_us )
{
if ( GNUNET_OK
- != GNUNET_CRYPTO_ecdsa_public_key_from_string (
- handle->oidc->login_identity,
- strlen (handle->oidc->login_identity), &pubkey) )
+ != GNUNET_CRYPTO_ecdsa_public_key_from_string (
+ handle->oidc->login_identity,
+ strlen (handle->oidc->login_identity), &pubkey) )
{
- handle->emsg = GNUNET_strdup("invalid_cookie");
- handle->edesc = GNUNET_strdup(
- "The cookie of a login identity is not valid");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
+ handle->emsg = GNUNET_strdup("invalid_cookie");
+ handle->edesc = GNUNET_strdup(
+ "The cookie of a login identity is not valid");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
}
// iterate over egos and compare their public key
for (handle->ego_entry = handle->ego_head;
- NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
+ NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
{
- GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
- if ( 0
- == memcmp (&ego_pkey, &pubkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
- handle->ego_entry->ego);
- handle->resp_object = GNUNET_JSONAPI_document_new ();
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->attr_list = GNUNET_new(
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (
- handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
- &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
- return;
- }
+ GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
+ if ( 0
+ == memcmp (&ego_pkey, &pubkey,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ {
+ handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
+ handle->ego_entry->ego);
+ handle->resp_object = GNUNET_JSONAPI_document_new ();
+ handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+ handle->attr_list = GNUNET_new(
+ struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+ handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (
+ handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
+ &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
+ return;
+ }
}
handle->emsg = GNUNET_strdup("invalid_cookie");
handle->edesc = GNUNET_strdup(
- "The cookie of the login identity is not valid");
+ "The cookie of the login identity is not valid");
GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
return;
}
*/
static void
namestore_iteration_callback (
- void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
- const char *rname, unsigned int rd_len,
- const struct GNUNET_GNSRECORD_Data *rd)
+ void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+ const char *rname, unsigned int rd_len,
+ const struct GNUNET_GNSRECORD_Data *rd)
{
struct RequestHandle *handle = cls;
struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
if ( NULL != handle->oidc->login_identity )
{
GNUNET_CRYPTO_ecdsa_public_key_from_string (
- handle->oidc->login_identity,
- strlen (handle->oidc->login_identity),
- &login_identity_pkey);
+ handle->oidc->login_identity,
+ strlen (handle->oidc->login_identity),
+ &login_identity_pkey);
GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
- ¤t_zone_pkey);
+ ¤t_zone_pkey);
if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
{
- if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- handle->oidc->is_client_trusted = GNUNET_YES;
- }
+ if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ {
+ handle->oidc->is_client_trusted = GNUNET_YES;
+ }
}
}
else
{
if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
{
- handle->oidc->is_client_trusted = GNUNET_YES;
+ handle->oidc->is_client_trusted = GNUNET_YES;
}
}
}
{
handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key,
- &oidc_iteration_error, handle, &namestore_iteration_callback, handle,
- &namestore_iteration_finished, handle);
+ &oidc_iteration_error, handle, &namestore_iteration_callback, handle,
+ &namestore_iteration_finished, handle);
return;
}
if (GNUNET_NO == handle->oidc->is_client_trusted)
{
handle->emsg = GNUNET_strdup("unauthorized_client");
handle->edesc = GNUNET_strdup("The client is not authorized to request an "
- "authorization code using this method.");
+ "authorization code using this method.");
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
// REQUIRED value: redirect_uri
GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
- &cache_key);
+ &cache_key);
if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->emsg=GNUNET_strdup("invalid_request");
handle->edesc=GNUNET_strdup("missing parameter redirect_uri");
return;
}
handle->oidc->redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->oidc->client_id);
// verify the redirect uri matches https://<client_id>.zkey[/xyz]
GNUNET_free(expected_redirect_uri);
// REQUIRED value: response_type
GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
- &cache_key);
+ &cache_key);
if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->emsg=GNUNET_strdup("invalid_request");
handle->edesc=GNUNET_strdup("missing parameter response_type");
return;
}
handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type);
// REQUIRED value: scope
GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->emsg=GNUNET_strdup("invalid_request");
handle->edesc=GNUNET_strdup("missing parameter scope");
return;
}
handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
handle->oidc->scope = GNUNET_strdup(handle->oidc->scope);
//OPTIONAL value: nonce
GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key);
if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
}
for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
{
GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
- strlen(OIDC_ignored_parameter_array[iterator]),
- &cache_key);
+ strlen(OIDC_ignored_parameter_array[iterator]),
+ &cache_key);
if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->emsg=GNUNET_strdup("access_denied");
GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s",
- OIDC_ignored_parameter_array[iterator]);
+ OIDC_ignored_parameter_array[iterator]);
GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
return;
}
{
handle->emsg=GNUNET_strdup("unsupported_response_type");
handle->edesc=GNUNET_strdup("The authorization server does not support "
- "obtaining this authorization code.");
+ "obtaining this authorization code.");
GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
return;
}
{
handle->emsg = GNUNET_strdup("invalid_scope");
handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or "
- "malformed.");
+ "malformed.");
GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
GNUNET_free(expected_scope);
return;
*/
static void
authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
+ const char* url,
+ void *cls)
{
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
//RECOMMENDED value: state - REQUIRED for answers
GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
handle->oidc->state = GNUNET_strdup (handle->oidc->state);
}
// REQUIRED value: client_id
GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
- &cache_key);
+ &cache_key);
if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
+ &cache_key))
{
handle->emsg=GNUNET_strdup("invalid_request");
handle->edesc=GNUNET_strdup("missing parameter client_id");
return;
}
handle->oidc->client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
handle->oidc->client_id = GNUNET_strdup (handle->oidc->client_id);
if ( GNUNET_OK
- != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
- strlen (handle->oidc->client_id),
- &handle->oidc->client_pkey) )
+ != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
+ strlen (handle->oidc->client_id),
+ &handle->oidc->client_pkey) )
{
handle->emsg = GNUNET_strdup("unauthorized_client");
handle->edesc = GNUNET_strdup("The client is not authorized to request an "
- "authorization code using this method.");
+ "authorization code using this method.");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
// Checks if client_id is valid:
handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (
- handle->namestore_handle, &handle->priv_key, &oidc_iteration_error,
- handle, &namestore_iteration_callback, handle,
- &namestore_iteration_finished, handle);
+ handle->namestore_handle, &handle->priv_key, &oidc_iteration_error,
+ handle, &namestore_iteration_callback, handle,
+ &namestore_iteration_finished, handle);
}
/**
json_t *root;
json_error_t error;
json_t *identity;
- root = json_loads (handle->rest_handle->data, 0, &error);
+ char term_data[handle->rest_handle->data_size+1];
+ term_data[handle->rest_handle->data_size] = '\0';
+ GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size);
+ root = json_loads (term_data, JSON_DECODE_ANY, &error);
identity = json_object_get (root, "identity");
if ( json_is_string(identity) )
{
current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
*current_time = GNUNET_TIME_relative_to_absolute (
- GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (),
- 30));
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (),
+ 30));
last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
if (NULL != last_time)
{
GNUNET_free(last_time);
}
GNUNET_CONTAINER_multihashmap_put (
- OIDC_identity_login_time, &cache_key, current_time,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+ OIDC_identity_login_time, &cache_key, current_time,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
GNUNET_free(cookie);
* Check Authorization
*/
GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
- strlen (OIDC_AUTHORIZATION_HEADER_KEY),
- &cache_key);
+ strlen (OIDC_AUTHORIZATION_HEADER_KEY),
+ &cache_key);
if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
- &cache_key) )
+ &cache_key) )
{
handle->emsg=GNUNET_strdup("invalid_client");
handle->edesc=GNUNET_strdup("missing authorization");
//check client password
if ( GNUNET_OK
- == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
- "psw", &expected_psw) )
+ == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
+ "psw", &expected_psw) )
{
if (0 != strcmp (expected_psw, psw))
{
//REQUIRED grant_type
GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key);
if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->url_param_map, &cache_key) )
+ == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->url_param_map, &cache_key) )
{
GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
return;
}
grant_type = GNUNET_CONTAINER_multihashmap_get (
- handle->rest_handle->url_param_map, &cache_key);
+ handle->rest_handle->url_param_map, &cache_key);
//REQUIRED code
GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->url_param_map, &cache_key) )
+ == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->url_param_map, &cache_key) )
{
GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
return;
}
code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
- &cache_key);
+ &cache_key);
//REQUIRED redirect_uri
GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
- &cache_key);
+ &cache_key);
if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->url_param_map, &cache_key) )
+ == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->url_param_map, &cache_key) )
{
GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
return;
}
redirect_uri = GNUNET_CONTAINER_multihashmap_get (
- handle->rest_handle->url_param_map, &cache_key);
+ handle->rest_handle->url_param_map, &cache_key);
//Check parameter grant_type == "authorization_code"
GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
int i = 1;
if ( GNUNET_SYSERR
- == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
- &cache_key,
- &i,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
+ == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
+ &cache_key,
+ &i,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
{
GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
if ( GNUNET_OK
- != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string),
- strlen (json_string_value(ticket_string)),
- ticket,
- sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
+ != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string),
+ strlen (json_string_value(ticket_string)),
+ ticket,
+ sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
{
GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
//create jwt
unsigned long long int expiration_time;
if ( GNUNET_OK
- != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
- "expiration_time", &expiration_time) )
+ != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
+ "expiration_time", &expiration_time) )
{
GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("server_error");
struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
//aud REQUIRED public key client_id must be there
GNUNET_IDENTITY_ATTRIBUTE_list_add(cl,
- "aud",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- client_id,
- strlen(client_id));
+ "aud",
+ GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+ client_id,
+ strlen(client_id));
//exp REQUIRED time expired from config
struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
- GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
- expiration_time));
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
+ expiration_time));
const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "exp",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- exp_time_string,
- strlen(exp_time_string));
+ "exp",
+ GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+ exp_time_string,
+ strlen(exp_time_string));
//iat REQUIRED time now
struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "iat",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- time_now_string,
- strlen(time_now_string));
+ "iat",
+ GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+ time_now_string,
+ strlen(time_now_string));
//nonce only if nonce is provided
if ( NULL != nonce && json_is_string(nonce) )
{
GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "nonce",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- json_string_value(nonce),
- strlen(json_string_value(nonce)));
+ "nonce",
+ GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+ json_string_value(nonce),
+ strlen(json_string_value(nonce)));
}
//auth_time only if max_age is provided
if ( NULL != max_age && json_is_string(max_age) )
{
GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "auth_time",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- json_string_value(max_age),
- strlen(json_string_value(max_age)));
+ "auth_time",
+ GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+ json_string_value(max_age),
+ strlen(json_string_value(max_age)));
}
//TODO OPTIONAL acr,amr,azp
return;
}
char *id_token = jwt_create_from_list(&ticket->audience,
- cl,
- GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego));
+ cl,
+ GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego));
//Create random access_token
char* access_token_number;
GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
-
+
//TODO OPTIONAL add refresh_token and scope
GNUNET_asprintf (&json_response,
- "{ \"access_token\" : \"%s\", "
- "\"token_type\" : \"Bearer\", "
- "\"expires_in\" : %d, "
- "\"id_token\" : \"%s\"}",
- access_token,
- expiration_time,
- id_token);
+ "{ \"access_token\" : \"%s\", "
+ "\"token_type\" : \"Bearer\", "
+ "\"expires_in\" : %d, "
+ "\"id_token\" : \"%s\"}",
+ access_token,
+ expiration_time,
+ id_token);
GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
char *id_ticket_combination;
GNUNET_asprintf(&id_ticket_combination,
- "%s;%s",
- client_id,
- json_string_value(ticket_string));
+ "%s;%s",
+ client_id,
+ json_string_value(ticket_string));
GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
- &cache_key,
- id_ticket_combination,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+ &cache_key,
+ id_ticket_combination,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
resp = GNUNET_REST_create_response (json_response);
MHD_add_response_header (resp, "Cache-Control", "no-store");
*/
static void
consume_ticket (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
{
struct RequestHandle *handle = cls;
}
json_object_set_new (handle->oidc->response,
- attr->name,
- json_string(attr->data));
+ attr->name,
+ json_string(attr->data));
}
/**
*/
static void
userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url, void *cls)
+ const char* url, void *cls)
{
//TODO expiration time
struct RequestHandle *handle = cls;
struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
- strlen (OIDC_AUTHORIZATION_HEADER_KEY),
- &cache_key);
+ strlen (OIDC_AUTHORIZATION_HEADER_KEY),
+ &cache_key);
if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->header_param_map, &cache_key) )
+ == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->header_param_map, &cache_key) )
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("No Access Token");
return;
}
authorization = GNUNET_CONTAINER_multihashmap_get (
- handle->rest_handle->header_param_map, &cache_key);
+ handle->rest_handle->header_param_map, &cache_key);
//split header in "Bearer" and access_token
authorization = GNUNET_strdup(authorization);
}
GNUNET_CRYPTO_hash (authorization_access_token,
- strlen (authorization_access_token),
- &cache_key);
+ strlen (authorization_access_token),
+ &cache_key);
if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token,
- &cache_key) )
+ &cache_key) )
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("The Access Token expired");
}
client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token,
- &cache_key);
+ &cache_key);
client_ticket = GNUNET_strdup(client_ticket);
client = strtok(client_ticket,delimiter_db);
if (NULL == client)
}
ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
if ( GNUNET_OK
- != GNUNET_STRINGS_string_to_data (ticket_str,
- strlen (ticket_str),
- ticket,
- sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
+ != GNUNET_STRINGS_string_to_data (ticket_str,
+ strlen (ticket_str),
+ ticket,
+ sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->oidc->response = json_object();
json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring));
handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (
- handle->idp,
- GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
- ticket,
- consume_ticket,
- handle);
+ handle->idp,
+ GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
+ ticket,
+ consume_ticket,
+ handle);
GNUNET_free(ticket);
GNUNET_free(authorization);
GNUNET_free(client_ticket);
struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
void *value = NULL;
hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (
- OIDC_identity_login_time);
+ OIDC_identity_login_time);
while (GNUNET_YES ==
GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
{
projects / oweals / gnunet.git / commitdiff