/**
* Create a JWT from attributes
*
- * @param aud_key the public of the subject
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
* @param attrs the attribute list
- * @param priv_key the key used to sign the JWT
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
* @return a new base64-encoded JWT string.
*/
char*
jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ const char *nonce,
const char *secret_key)
{
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
struct GNUNET_HashCode signature;
+ struct GNUNET_TIME_Absolute exp_time;
+ struct GNUNET_TIME_Absolute time_now;
char* audience;
char* subject;
char* header;
char* signature_base64;
char* attr_val_str;
json_t* body;
-
- //exp REQUIRED time expired from config
+
//iat REQUIRED time now
+ time_now = GNUNET_TIME_absolute_get();
+ //exp REQUIRED time expired from config
+ exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
//auth_time only if max_age
//nonce only if nonce
// OPTIONAL acr,amr,azp
//aud REQUIRED public key client_id must be there
json_object_set_new (body,
"aud", json_string (audience));
+ //iat
+ json_object_set_new (body,
+ "iat", json_integer (time_now.abs_value_us));
+ //exp
+ json_object_set_new (body,
+ "exp", json_integer (exp_time.abs_value_us));
+ //nbf
+ json_object_set_new (body,
+ "nbf", json_integer (time_now.abs_value_us));
+ //nonce
+ if (NULL != nonce)
+ json_object_set_new (body,
+ "nonce", json_string (nonce));
+
for (le = attrs->list_head; NULL != le; le = le->next)
{
attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
#ifndef JWT_H
#define JWT_H
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param nonce the nonce, may be NULL
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
char*
jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
- const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
- const char* secret_key);
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ const char *nonce,
+ const char *secret_key);
#endif
{
"display",
"prompt",
- "max_age",
"ui_locales",
"response_mode",
"id_token_hint",
int client_exists = GNUNET_NO;
struct MHD_Response *resp;
char* code_output;
- json_t *root, *ticket_string, *nonce, *max_age;
+ json_t *root;
+ json_t *ticket_string;
+ json_t *nonce;
json_error_t error;
char *json_response;
char *jwt_secret;
GNUNET_free(code_output);
ticket_string = json_object_get (root, "ticket");
nonce = json_object_get (root, "nonce");
- max_age = json_object_get (root, "max_age");
if(ticket_string == NULL && !json_is_string(ticket_string))
{
}
//create jwt
- unsigned long long int expiration_time;
+ struct GNUNET_TIME_Relative expiration_time;
if ( GNUNET_OK
- != GNUNET_CONFIGURATION_get_value_number(cfg, "reclaim-rest-plugin",
+ != GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin",
"expiration_time", &expiration_time) )
{
GNUNET_free_non_null(user_psw);
}
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
- //aud REQUIRED public key client_id must be there
- GNUNET_RECLAIM_ATTRIBUTE_list_add(cl,
- "aud",
- GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
- client_id,
- strlen(client_id));
- //exp REQUIRED time expired from config
- struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
- GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
- expiration_time));
- const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
- GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
- "exp",
- GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
- exp_time_string,
- strlen(exp_time_string));
- //iat REQUIRED time now
- struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
- const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
- GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
- "iat",
- GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
- time_now_string,
- strlen(time_now_string));
- //nonce only if nonce is provided
- if ( NULL != nonce && json_is_string(nonce) )
- {
- GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
- "nonce",
- GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
- json_string_value(nonce),
- strlen(json_string_value(nonce)));
- }
- //auth_time only if max_age is provided
- if ( NULL != max_age && json_is_string(max_age) )
- {
- GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
- "auth_time",
- GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
- json_string_value(max_age),
- strlen(json_string_value(max_age)));
- }
+
//TODO OPTIONAL acr,amr,azp
struct EgoEntry *ego_entry;
char *id_token = jwt_create_from_list(&ticket->audience,
&pk,
cl,
+ &expiration_time,
+ (NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL,
jwt_secret);
//Create random access_token
ADDRESS = https://reclaim.ui/#/login
PSW = secret
JWT_SECRET = secret
-EXPIRATION_TIME = 3600
+EXPIRATION_TIME = 1d
[reclaim-sqlite]
FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db
projects / oweals / gnunet.git / commitdiff