From: Schanzenbach, Martin Date: Sat, 26 Oct 2019 17:55:14 +0000 (+0200) Subject: remove unneeded file X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=dd849de797deb2cae16b30e9f073d2e43626dca2;p=oweals%2Fgnunet.git remove unneeded file --- diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am index 851b0d71e..839768f92 100644 --- a/src/reclaim/Makefile.am +++ b/src/reclaim/Makefile.am @@ -13,7 +13,8 @@ if HAVE_MHD if HAVE_JSON REST_PLUGIN = \ libgnunet_plugin_rest_openid_connect.la \ - libgnunet_plugin_rest_reclaim.la + libgnunet_plugin_rest_reclaim.la \ + libgnunet_plugin_rest_attestation_openid.la endif endif @@ -59,6 +60,22 @@ libgnunet_plugin_rest_reclaim_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) libgnunet_plugin_rest_reclaim_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) +libgnunet_plugin_rest_attestation_openid_la_SOURCES = \ + plugin_rest_attestation_openid.c +libgnunet_plugin_rest_attestation_openid_la_LIBADD = \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + libgnunetreclaim.la \ + $(top_builddir)/src/json/libgnunetjson.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson $(MHD_LIBS) +libgnunet_plugin_rest_attestation_openid_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) +libgnunet_plugin_rest_attestation_openid_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) + + libgnunet_plugin_rest_openid_connect_la_SOURCES = \ plugin_rest_openid_connect.c \ diff --git a/src/reclaim/plugin_rest_attestation_openid.c b/src/reclaim/plugin_rest_attestation_openid.c new file mode 100644 index 000000000..f323b0b74 --- /dev/null +++ b/src/reclaim/plugin_rest_attestation_openid.c @@ -0,0 +1,465 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2018 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + + SPDX-License-Identifier: AGPL3.0-or-later + */ + +/** + * @author Martin Schanzenbach + * @file identity/plugin_rest_attestation_openid.c + * @brief GNUnet Reclaim Attestation Plugin + * + */ +#include "platform.h" +#include +#include + +#include "gnunet_identity_service.h" +#include "gnunet_namestore_service.h" +#include "gnunet_reclaim_attribute_lib.h" +#include "gnunet_reclaim_service.h" +#include "gnunet_rest_lib.h" +#include "gnunet_rest_plugin.h" +#include "microhttpd.h" + +/** + * Root URL + */ +#define GNUNET_REST_API_NS_ATTESTATION "/reclaim_attestation" + +/** + * Login URL + */ +#define GNUNET_REST_API_NS_ATTESTATION_OPENID "/reclaim_attestation/openid" + +/** + * The configuration handle + */ +const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * HTTP methods allows for this plugin + */ +static char *allow_methods; + + + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + + +struct RequestHandle +{ + /** + * Selected ego + */ + struct GNUNET_IDENTITY_Ego *ego; + + /** + * Requested ego name + */ + char *ego_name; + + /** + * The processing state + */ + int state; + + /** + * Handle to Identity service. + */ + struct GNUNET_IDENTITY_Handle *identity_handle; + + /** + * Rest connection + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** + * Handle to NAMESTORE + */ + struct GNUNET_NAMESTORE_Handle *namestore_handle; + + /** + * Iterator for NAMESTORE + */ + struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it; + + /** + * Identity Provider + */ + struct GNUNET_RECLAIM_Handle *idp; + + /** + * Idp Operation + */ + struct GNUNET_RECLAIM_Operation *idp_op; + + /** + * Desired timeout for the lookup (default is no timeout). + */ + struct GNUNET_TIME_Relative timeout; + + /** + * ID of a task associated with the resolution process. + */ + struct GNUNET_SCHEDULER_Task *timeout_task; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * The url + */ + char *url; + + /** + * Error response message + */ + char *emsg; + + /** + * Error response description + */ + char *edesc; + + /** + * Reponse code + */ + int response_code; +}; + + + +/** + * Cleanup lookup handle + * @param handle Handle to clean up + */ +static void +cleanup_handle (void *cls) +{ + struct RequestHandle *handle = cls; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); + if (NULL != handle->timeout_task) + GNUNET_SCHEDULER_cancel (handle->timeout_task); + if (NULL != handle->identity_handle) + GNUNET_IDENTITY_disconnect (handle->identity_handle); + GNUNET_free_non_null (handle->url); + GNUNET_free_non_null (handle->emsg); + GNUNET_free_non_null (handle->edesc); + if (NULL != handle->namestore_handle) + GNUNET_NAMESTORE_disconnect (handle->namestore_handle); + GNUNET_free (handle); +} + + + +/** + * Task run on error, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *json_error; + + GNUNET_asprintf (&json_error, + "{ \"error\" : \"%s\", \"error_description\" : \"%s\"}", + (NULL != handle->emsg) ? handle->emsg : "Unknown", + (NULL != handle->edesc) ? handle->edesc : ""); + if (0 == handle->response_code) + handle->response_code = MHD_HTTP_BAD_REQUEST; + resp = GNUNET_REST_create_response (json_error); + handle->proc (handle->proc_cls, resp, handle->response_code); + GNUNET_SCHEDULER_add_now (&cleanup_handle, handle); + GNUNET_free (json_error); +} + + + +static void +handle_login (struct GNUNET_REST_RequestHandle *con_handle, + const char *url, + void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + struct GNUNET_HashCode hc; + char *idp; + char *config_section; + char *authz_url; + + //Get the idp URL parameter + GNUNET_CRYPTO_hash ("idp", strlen ("idp"), &hc); + if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (con_handle + ->url_param_map, + &hc)) + { + handle->emsg = GNUNET_strdup ("Unknown IDP"); + handle->edesc = GNUNET_strdup ("No ``idp'' query parameter given"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + idp = GNUNET_CONTAINER_multihashmap_get (con_handle->url_param_map, &hc); + //Get the idp config setting + GNUNET_asprintf (&config_section, "reclaim-idp-%s", idp); + if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, + config_section, + "AUTHZ_REDIRECT", + &authz_url)) + { + handle->emsg = GNUNET_strdup ("Unknown IDP"); + handle->edesc = GNUNET_strdup ("No AUTHZ_REDIRECT configured in config"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + //FIXME add PKCE challenge + //FIXME store ego, pkce (and state for redirect back?) + //FIXME do we want to read client id, secret etc from config separately? + handle->response_code = MHD_HTTP_FOUND; + //TODO add location header with authz url + // + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, "Location", authz_url); + handle->proc (handle->proc_cls, resp, handle->response_code); + GNUNET_SCHEDULER_add_now (&cleanup_handle, handle); +} + +/** + * Respond to OPTIONS request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char *url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + // For now, independent of path return all options + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + cleanup_handle (handle); + return; +} + + + +/** + * Handle rest request + * + * @param handle the request handle + */ +static void +get_ego_cont (struct RequestHandle *handle) +{ + struct GNUNET_REST_RequestHandlerError err; + static const struct GNUNET_REST_RequestHandler handlers[] = + { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_ATTESTATION_OPENID, &handle_login }, + { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_ATTESTATION, &options_cont }, + GNUNET_REST_HANDLER_END }; + + GNUNET_IDENTITY_disconnect (handle->identity_handle); + handle->identity_handle = NULL; + if (GNUNET_NO == + GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) + { + handle->response_code = err.error_code; + GNUNET_SCHEDULER_add_now (&do_error, handle); + } +} + + +/** + * If listing is enabled, prints information about the egos. + * + * This function is initially called for all egos and then again + * whenever a ego's identifier changes or if it is deleted. At the + * end of the initial pass over all egos, the function is once called + * with 'NULL' for 'ego'. That does NOT mean that the callback won't + * be invoked in the future or that there was an error. + * + * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', + * this function is only called ONCE, and 'NULL' being passed in + * 'ego' does indicate an error (i.e. name is taken or no default + * value is known). If 'ego' is non-NULL and if '*ctx' + * is set in those callbacks, the value WILL be passed to a subsequent + * call to the identity callback of 'GNUNET_IDENTITY_connect' (if + * that one was not NULL). + * + * When an identity is renamed, this function is called with the + * (known) ego but the NEW identifier. + * + * When an identity is deleted, this function is called with the + * (known) ego and "NULL" for the 'identifier'. In this case, + * the 'ego' is henceforth invalid (and the 'ctx' should also be + * cleaned up). + * + * @param cls closure + * @param ego ego handle + * @param ctx context for application to store data for this ego + * (during the lifetime of this process, initially NULL) + * @param identifier identifier assigned by the user for this ego, + * NULL if the user just deleted the ego and it + * must thus no longer be used + */ +static void +get_ego (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *identifier) +{ + struct RequestHandle *handle = cls; + + if (NULL == ego) + { + if (NULL == handle->ego) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + get_ego_cont (handle); + return; + } + GNUNET_assert (NULL != ego); + if (NULL == identifier) + return; + GNUNET_assert (NULL != handle->ego_name); + if (0 == strcmp (identifier, handle->ego_name)) + { + handle->ego = ego; + return; + } +} + + + + +static void +rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); + struct GNUNET_HashCode hc; + + handle->response_code = MHD_HTTP_BAD_REQUEST; + handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->rest_handle = rest_handle; + //Get the id URL parameter + GNUNET_CRYPTO_hash ("ego", strlen ("ego"), &hc); + if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (rest_handle + ->url_param_map, + &hc)) + { + handle->emsg = GNUNET_strdup ("No ego"); + handle->edesc = GNUNET_strdup ("No ego query parameter given"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->ego_name = GNUNET_CONTAINER_multihashmap_get (rest_handle->url_param_map, &hc); + + handle->url = GNUNET_strdup (rest_handle->url); + if (handle->url[strlen (handle->url) - 1] == '/') + handle->url[strlen (handle->url) - 1] = '\0'; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); + handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); + //handle->timeout_task = FIXME + // GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); + handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &get_ego, handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n"); +} + +/** + * Entry point for the plugin. + * + * @param cls Config info + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_attestation_openid_init (void *cls) +{ + static struct Plugin plugin; + struct GNUNET_REST_Plugin *api; + + cfg = cls; + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof(struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_ATTESTATION; + api->process_request = &rest_identity_process_request; + GNUNET_asprintf (&allow_methods, + "%s, %s, %s, %s, %s", + MHD_HTTP_METHOD_GET, + MHD_HTTP_METHOD_POST, + MHD_HTTP_METHOD_PUT, + MHD_HTTP_METHOD_DELETE, + MHD_HTTP_METHOD_OPTIONS); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + _ ("OpenID Attestation REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_attestation_openid_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + + plugin->cfg = NULL; + + GNUNET_free_non_null (allow_methods); + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "OpenID Attestations REST plugin is finished\n"); + return NULL; +} + +/* end of plugin_rest_attestation_openid.c */ diff --git a/src/reclaim/reclaim.conf b/src/reclaim/reclaim.conf index 8655f2e0b..5c9b598ec 100644 --- a/src/reclaim/reclaim.conf +++ b/src/reclaim/reclaim.conf @@ -17,3 +17,6 @@ ADDRESS = https://ui.reclaim/#/login OIDC_CLIENT_SECRET = secret JWT_SECRET = secret EXPIRATION_TIME = 1d + +[reclaim-idp-google] +AUTHZ_REDIRECT=http://localhost:4000