From 94c9fde8f4136432bb4cbc99ba5102702279df14 Mon Sep 17 00:00:00 2001
From: "Schanzenbach, Martin" <martin.schanzenbach@aisec.fraunhofer.de>
Date: Mon, 23 Jul 2018 22:10:47 +0200
Subject: [PATCH] switch to gnsrecord reclaim records for OIDC clients

---
 src/include/gnunet_gnsrecord_lib.h       | 10 ++++
 src/reclaim/plugin_gnsrecord_reclaim.c   |  6 +++
 src/reclaim/plugin_rest_openid_connect.c | 65 ++++++++++++++----------
 3 files changed, 53 insertions(+), 28 deletions(-)

diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 20846238b..693cc6cdb 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -131,6 +131,16 @@ extern "C"
  */
 #define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551
 
+/**
+ * Record type for reclaim OIDC clients
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT 65552
+
+/**
+ * Record type for reclaim OIDC redirect URIs
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT 65553
+
 /**
  * Flags that can be set for a record.
  */
diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c
index 0322df752..181a4bbc2 100644
--- a/src/reclaim/plugin_gnsrecord_reclaim.c
+++ b/src/reclaim/plugin_gnsrecord_reclaim.c
@@ -57,6 +57,8 @@ value_to_string (void *cls,
       return GNUNET_strndup (data, data_size);
     case GNUNET_GNSRECORD_TYPE_ABE_KEY:
     case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
       return GNUNET_STRINGS_data_to_string_alloc (data, data_size); 
     case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED
         ecdhe_privkey = data;
@@ -118,6 +120,8 @@ string_to_value (void *cls,
       return GNUNET_OK;
     case GNUNET_GNSRECORD_TYPE_ABE_KEY:
     case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
       return GNUNET_STRINGS_string_to_data (s,
                                             strlen (s),
                                             *data,
@@ -181,6 +185,8 @@ static struct {
   { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY },
   { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER },
   { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA },
+  { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT },
+  { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT },
   { NULL, UINT32_MAX }
 };
 
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 1846df901..99459427c 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -886,38 +886,47 @@ lookup_redirect_uri_result (void *cls,
   struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
 
   handle->gns_op = NULL;
-  if (1 != rd_count)
+  if (0 == rd_count)
   {
     handle->emsg = GNUNET_strdup("server_error");
     handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
     GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
     return;
   }
-  tmp = GNUNET_strdup (rd->data);
-  pos = strrchr (tmp,
-                 (unsigned char) '.');
-  *pos = '\0';
-  handle->redirect_prefix = GNUNET_strdup (tmp);
-  tmp_key_str = pos + 1;
-  pos = strchr (tmp_key_str,
-                (unsigned char) '/');
-  *pos = '\0';
-  handle->redirect_suffix = GNUNET_strdup (pos + 1);
-  
-  GNUNET_STRINGS_string_to_data (tmp_key_str,
-                                 strlen (tmp_key_str),
-                                 &redirect_zone,
-                                 sizeof (redirect_zone));
-
-  GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
-                                 &handle->priv_key,
-                                 &redirect_zone,
-                                 &get_client_name_error,
-                                 handle,
-                                 &get_client_name_result,
-                                 handle);
-  GNUNET_free (tmp);
-
+  for (int i = 0; i < rd_count; i++)
+  {
+    if (0 != strcmp (rd[0].data,
+                     handle->oidc->redirect_uri))
+      continue;
+    tmp = GNUNET_strdup (rd[0].data);
+    pos = strrchr (tmp,
+                   (unsigned char) '.');
+    *pos = '\0';
+    handle->redirect_prefix = GNUNET_strdup (tmp);
+    tmp_key_str = pos + 1;
+    pos = strchr (tmp_key_str,
+                  (unsigned char) '/');
+    *pos = '\0';
+    handle->redirect_suffix = GNUNET_strdup (pos + 1);
+
+    GNUNET_STRINGS_string_to_data (tmp_key_str,
+                                   strlen (tmp_key_str),
+                                   &redirect_zone,
+                                   sizeof (redirect_zone));
+
+    GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
+                                   &handle->priv_key,
+                                   &redirect_zone,
+                                   &get_client_name_error,
+                                   handle,
+                                   &get_client_name_result,
+                                   handle);
+    GNUNET_free (tmp);
+    return;
+  }
+  handle->emsg = GNUNET_strdup("server_error");
+  handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
+  GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
 
 /**
@@ -940,9 +949,9 @@ oidc_ticket_issue_cb (void* cls,
     return;
   }
   handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle,
-                                      handle->oidc->redirect_uri,
+                                      "+",
                                       &handle->oidc->client_pkey,
-                                      GNUNET_DNSPARSER_TYPE_TXT,
+                                      GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
                                       GNUNET_GNS_LO_DEFAULT,
                                       &lookup_redirect_uri_result,
                                       handle);
-- 
2.25.1