*/
/**
* @author Martin Schanzenbach
+ * @author Philippe Buschmann
* @file identity/plugin_rest_identity.c
* @brief GNUnet Namestore REST plugin
*
{
const struct GNUNET_CONFIGURATION_Handle *cfg;
};
+
/**
* OIDC needed variables
*/
/**
- * Task run on error, sends error message. Cleans up everything.
+ * Task run on error in userinfo endpoint, sends error header. Cleans up
+ * everything
*
* @param cls the `struct RequestHandle`
*/
/**
- * Task run on error, sends error message. Cleans up everything.
+ * Task run on error, sends error message and redirects. Cleans up everything.
*
* @param cls the `struct RequestHandle`
*/
cleanup_handle (handle);
}
+/**
+ * Returns base64 encoded string without padding
+ *
+ * @param string the string to encode
+ * @return base64 encoded string
+ */
static char*
base_64_encode(char *string)
{
}
/**
- * Cookie interpretation
+ * Interprets cookie header and pass its identity keystring to handle
*/
static void
cookie_identity_interpretation (struct RequestHandle *handle)
{
struct GNUNET_HashCode cache_key;
- char* cookies;
+ char *cookies;
struct GNUNET_TIME_Absolute current_time, *relog_time;
char delimiter[] = "; ";
}
/**
- * Login redirection
+ * Redirects to login page stored in configuration file
*/
static void
login_redirection(void *cls)
}
/**
- * Function called if we had an error in zone-to-name mapping.
+ * Does internal server error when iteration failed.
*/
static void
oidc_iteration_error (void *cls)
GNUNET_SCHEDULER_add_now (&do_error, handle);
}
+/**
+ * Issues ticket and redirects to relying party with the authorization code as
+ * parameter. Otherwise redirects with error
+ */
static void
oidc_ticket_issue_cb (void* cls,
const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
/**
- * Collect all attributes for an ego
+ * Collects all attributes for an ego if in scope parameter
*/
static void
oidc_attr_collect (void *cls,
/**
- * Cookie and Time check
+ * Checks time and cookie and redirects accordingly
*/
static void
login_check (void *cls)
}
/**
- * Create a response with requested records
+ * Searches for client_id in namestore. If found trust status stored in handle
+ * Else continues to search
*
* @param handle the RequestHandle
*/
return;
}
+/**
+ * Responds to token url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
static void
token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
const char* url,
void *cls)
{
//TODO static strings
-
- //TODO WWW-Authenticate 401
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
char *authorization, *credentials;
}
//TODO OPTIONAL acr,amr,azp
- //TODO lookup client for client == audience of ticket
struct EgoEntry *ego_entry;
for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
{
MHD_add_response_header (resp, "Content-Type", "application/json");
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- //TODO one time ticket/code
-
- //TODO free
GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
GNUNET_free(access_token_number);
GNUNET_free(access_token);
GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
}
-
+/**
+ * Collects claims and stores them in handle
+ */
static void
consume_ticket (void *cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
json_string(attr->data));
}
+/**
+ * Responds to userinfo GET and url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
static void
userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
const char* url, void *cls)
{
+ //TODO expiration time
struct RequestHandle *handle = cls;
char delimiter[] = " ";
char delimiter_db[] = ";";
struct GNUNET_HashCode cache_key;
char *authorization, *authorization_type, *authorization_access_token;
- char *client_ticket;
+ char *client_ticket, *client, *ticket_str;
struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
handle->rest_handle->header_param_map, &cache_key);
//split header in "Bearer" and access_token
+ authorization = GNUNET_strdup(authorization);
authorization_type = strtok (authorization, delimiter);
if ( 0 != strcmp ("Bearer", authorization_type) )
{
handle->edesc = GNUNET_strdup("No Access Token");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
return;
}
authorization_access_token = strtok (NULL, delimiter);
handle->edesc = GNUNET_strdup("No Access Token");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
return;
}
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
return;
}
client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token,
&cache_key);
-
- client_ticket = strtok(client_ticket,delimiter_db);
- if (NULL == client_ticket)
+ client_ticket = GNUNET_strdup(client_ticket);
+ client = strtok(client_ticket,delimiter_db);
+ if (NULL == client)
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
handle->ego_entry = handle->ego_head;
for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
{
- if (0 == strcmp(handle->ego_entry->keystring,client_ticket))
+ if (0 == strcmp(handle->ego_entry->keystring,client))
{
break;
}
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
- client_ticket = strtok(NULL, delimiter_db);
- if (NULL == client_ticket)
+ ticket_str = strtok(NULL, delimiter_db);
+ if (NULL == ticket_str)
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
if ( GNUNET_OK
- != GNUNET_STRINGS_string_to_data (client_ticket,
- strlen (client_ticket),
+ != GNUNET_STRINGS_string_to_data (ticket_str,
+ strlen (ticket_str),
ticket,
sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
{
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
GNUNET_free(ticket);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
consume_ticket,
handle);
GNUNET_free(ticket);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
}
projects / oweals / gnunet.git / commitdiff