--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2018 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @author Martin Schanzenbach
+ * @file identity/plugin_rest_attestation_openid.c
+ * @brief GNUnet Reclaim Attestation Plugin
+ *
+ */
+#include "platform.h"
+#include <inttypes.h>
+#include <jansson.h>
+
+#include "gnunet_identity_service.h"
+#include "gnunet_namestore_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_rest_lib.h"
+#include "gnunet_rest_plugin.h"
+#include "microhttpd.h"
+
+/**
+ * Root URL
+ */
+#define GNUNET_REST_API_NS_ATTESTATION "/reclaim_attestation"
+
+/**
+ * Login URL
+ */
+#define GNUNET_REST_API_NS_ATTESTATION_OPENID "/reclaim_attestation/openid"
+
+/**
+ * The configuration handle
+ */
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * HTTP methods allows for this plugin
+ */
+static char *allow_methods;
+
+
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+ const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+
+struct RequestHandle
+{
+ /**
+ * Selected ego
+ */
+ struct GNUNET_IDENTITY_Ego *ego;
+
+ /**
+ * Requested ego name
+ */
+ char *ego_name;
+
+ /**
+ * The processing state
+ */
+ int state;
+
+ /**
+ * Handle to Identity service.
+ */
+ struct GNUNET_IDENTITY_Handle *identity_handle;
+
+ /**
+ * Rest connection
+ */
+ struct GNUNET_REST_RequestHandle *rest_handle;
+
+ /**
+ * Handle to NAMESTORE
+ */
+ struct GNUNET_NAMESTORE_Handle *namestore_handle;
+
+ /**
+ * Iterator for NAMESTORE
+ */
+ struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it;
+
+ /**
+ * Identity Provider
+ */
+ struct GNUNET_RECLAIM_Handle *idp;
+
+ /**
+ * Idp Operation
+ */
+ struct GNUNET_RECLAIM_Operation *idp_op;
+
+ /**
+ * Desired timeout for the lookup (default is no timeout).
+ */
+ struct GNUNET_TIME_Relative timeout;
+
+ /**
+ * ID of a task associated with the resolution process.
+ */
+ struct GNUNET_SCHEDULER_Task *timeout_task;
+
+ /**
+ * The plugin result processor
+ */
+ GNUNET_REST_ResultProcessor proc;
+
+ /**
+ * The closure of the result processor
+ */
+ void *proc_cls;
+
+ /**
+ * The url
+ */
+ char *url;
+
+ /**
+ * Error response message
+ */
+ char *emsg;
+
+ /**
+ * Error response description
+ */
+ char *edesc;
+
+ /**
+ * Reponse code
+ */
+ int response_code;
+};
+
+
+
+/**
+ * Cleanup lookup handle
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
+ if (NULL != handle->timeout_task)
+ GNUNET_SCHEDULER_cancel (handle->timeout_task);
+ if (NULL != handle->identity_handle)
+ GNUNET_IDENTITY_disconnect (handle->identity_handle);
+ GNUNET_free_non_null (handle->url);
+ GNUNET_free_non_null (handle->emsg);
+ GNUNET_free_non_null (handle->edesc);
+ if (NULL != handle->namestore_handle)
+ GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
+ GNUNET_free (handle);
+}
+
+
+
+/**
+ * Task run on error, sends error message. Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char *json_error;
+
+ GNUNET_asprintf (&json_error,
+ "{ \"error\" : \"%s\", \"error_description\" : \"%s\"}",
+ (NULL != handle->emsg) ? handle->emsg : "Unknown",
+ (NULL != handle->edesc) ? handle->edesc : "");
+ if (0 == handle->response_code)
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ resp = GNUNET_REST_create_response (json_error);
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);
+ GNUNET_free (json_error);
+}
+
+
+
+static void
+handle_login (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ struct GNUNET_HashCode hc;
+ char *idp;
+ char *config_section;
+ char *authz_url;
+
+ //Get the idp URL parameter
+ GNUNET_CRYPTO_hash ("idp", strlen ("idp"), &hc);
+ if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (con_handle
+ ->url_param_map,
+ &hc))
+ {
+ handle->emsg = GNUNET_strdup ("Unknown IDP");
+ handle->edesc = GNUNET_strdup ("No ``idp'' query parameter given");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ idp = GNUNET_CONTAINER_multihashmap_get (con_handle->url_param_map, &hc);
+ //Get the idp config setting
+ GNUNET_asprintf (&config_section, "reclaim-idp-%s", idp);
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg,
+ config_section,
+ "AUTHZ_REDIRECT",
+ &authz_url))
+ {
+ handle->emsg = GNUNET_strdup ("Unknown IDP");
+ handle->edesc = GNUNET_strdup ("No AUTHZ_REDIRECT configured in config");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ //FIXME add PKCE challenge
+ //FIXME store ego, pkce (and state for redirect back?)
+ //FIXME do we want to read client id, secret etc from config separately?
+ handle->response_code = MHD_HTTP_FOUND;
+ //TODO add location header with authz url
+ //
+ resp = GNUNET_REST_create_response (NULL);
+ MHD_add_response_header (resp, "Location", authz_url);
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);
+}
+
+/**
+ * Respond to OPTIONS request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
+{
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ // For now, independent of path return all options
+ resp = GNUNET_REST_create_response (NULL);
+ MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ cleanup_handle (handle);
+ return;
+}
+
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the request handle
+ */
+static void
+get_ego_cont (struct RequestHandle *handle)
+{
+ struct GNUNET_REST_RequestHandlerError err;
+ static const struct GNUNET_REST_RequestHandler handlers[] =
+ { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_ATTESTATION_OPENID, &handle_login },
+ { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_ATTESTATION, &options_cont },
+ GNUNET_REST_HANDLER_END };
+
+ GNUNET_IDENTITY_disconnect (handle->identity_handle);
+ handle->identity_handle = NULL;
+ if (GNUNET_NO ==
+ GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
+ {
+ handle->response_code = err.error_code;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ }
+}
+
+
+/**
+ * If listing is enabled, prints information about the egos.
+ *
+ * This function is initially called for all egos and then again
+ * whenever a ego's identifier changes or if it is deleted. At the
+ * end of the initial pass over all egos, the function is once called
+ * with 'NULL' for 'ego'. That does NOT mean that the callback won't
+ * be invoked in the future or that there was an error.
+ *
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
+ * this function is only called ONCE, and 'NULL' being passed in
+ * 'ego' does indicate an error (i.e. name is taken or no default
+ * value is known). If 'ego' is non-NULL and if '*ctx'
+ * is set in those callbacks, the value WILL be passed to a subsequent
+ * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
+ * that one was not NULL).
+ *
+ * When an identity is renamed, this function is called with the
+ * (known) ego but the NEW identifier.
+ *
+ * When an identity is deleted, this function is called with the
+ * (known) ego and "NULL" for the 'identifier'. In this case,
+ * the 'ego' is henceforth invalid (and the 'ctx' should also be
+ * cleaned up).
+ *
+ * @param cls closure
+ * @param ego ego handle
+ * @param ctx context for application to store data for this ego
+ * (during the lifetime of this process, initially NULL)
+ * @param identifier identifier assigned by the user for this ego,
+ * NULL if the user just deleted the ego and it
+ * must thus no longer be used
+ */
+static void
+get_ego (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *identifier)
+{
+ struct RequestHandle *handle = cls;
+
+ if (NULL == ego)
+ {
+ if (NULL == handle->ego)
+ {
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ get_ego_cont (handle);
+ return;
+ }
+ GNUNET_assert (NULL != ego);
+ if (NULL == identifier)
+ return;
+ GNUNET_assert (NULL != handle->ego_name);
+ if (0 == strcmp (identifier, handle->ego_name))
+ {
+ handle->ego = ego;
+ return;
+ }
+}
+
+
+
+
+static void
+rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
+ GNUNET_REST_ResultProcessor proc,
+ void *proc_cls)
+{
+ struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+ struct GNUNET_HashCode hc;
+
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
+ handle->proc_cls = proc_cls;
+ handle->proc = proc;
+ handle->rest_handle = rest_handle;
+ //Get the id URL parameter
+ GNUNET_CRYPTO_hash ("ego", strlen ("ego"), &hc);
+ if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (rest_handle
+ ->url_param_map,
+ &hc))
+ {
+ handle->emsg = GNUNET_strdup ("No ego");
+ handle->edesc = GNUNET_strdup ("No ego query parameter given");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->ego_name = GNUNET_CONTAINER_multihashmap_get (rest_handle->url_param_map, &hc);
+
+ handle->url = GNUNET_strdup (rest_handle->url);
+ if (handle->url[strlen (handle->url) - 1] == '/')
+ handle->url[strlen (handle->url) - 1] = '\0';
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
+ handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
+ //handle->timeout_task = FIXME
+ // GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
+ handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &get_ego, handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
+}
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls Config info
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_attestation_openid_init (void *cls)
+{
+ static struct Plugin plugin;
+ struct GNUNET_REST_Plugin *api;
+
+ cfg = cls;
+ if (NULL != plugin.cfg)
+ return NULL; /* can only initialize once! */
+ memset (&plugin, 0, sizeof(struct Plugin));
+ plugin.cfg = cfg;
+ api = GNUNET_new (struct GNUNET_REST_Plugin);
+ api->cls = &plugin;
+ api->name = GNUNET_REST_API_NS_ATTESTATION;
+ api->process_request = &rest_identity_process_request;
+ GNUNET_asprintf (&allow_methods,
+ "%s, %s, %s, %s, %s",
+ MHD_HTTP_METHOD_GET,
+ MHD_HTTP_METHOD_POST,
+ MHD_HTTP_METHOD_PUT,
+ MHD_HTTP_METHOD_DELETE,
+ MHD_HTTP_METHOD_OPTIONS);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ _ ("OpenID Attestation REST API initialized\n"));
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_attestation_openid_done (void *cls)
+{
+ struct GNUNET_REST_Plugin *api = cls;
+ struct Plugin *plugin = api->cls;
+
+ plugin->cfg = NULL;
+
+ GNUNET_free_non_null (allow_methods);
+ GNUNET_free (api);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "OpenID Attestations REST plugin is finished\n");
+ return NULL;
+}
+
+/* end of plugin_rest_attestation_openid.c */
projects / oweals / gnunet.git / commitdiff