GNUnet 0.25.2-1-g44a9a8846
 
Loading...
Searching...
No Matches
oidc_helper.h File Reference
Include dependency graph for oidc_helper.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define JWT_ALG   "alg"
 
#define JWT_TYP   "typ"
 
#define JWT_TYP_VALUE   "jwt"
 
#define JWT_ALG_VALUE_HMAC   "HS512"
 
#define JWT_ALG_VALUE_RSA   "RS256"
 
#define SERVER_ADDRESS   "http://localhost:7776"
 

Enumerations

enum  OIDC_VerificationOptions { OIDC_VERIFICATION_DEFAULT = 0 , OIDC_VERIFICATION_NO_CODE_VERIFIER = 1 }
 

Functions

char * OIDC_generate_id_token_rsa (const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const json_t *secret_rsa_key)
 Create a JWT using RSA256 algorithm from attributes.
 
char * OIDC_generate_id_token_hmac (const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
 Create a JWT using HMAC (HS256) from attributes.
 
char * OIDC_build_authz_code (const struct GNUNET_CRYPTO_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce, const char *code_challenge)
 Builds an OIDC authorization code including a reclaim ticket and nonce.
 
int OIDC_parse_authz_code (const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *cid, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce, enum OIDC_VerificationOptions opts, char **emsg)
 Parse reclaim ticket and nonce from authorization code.
 
void OIDC_build_token_response (const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
 Build a token response for a token request TODO: Maybe we should add the scope here?
 
char * OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket, const char *rp_uri)
 Generate a new access token.
 
int OIDC_access_token_parse (const char *token, struct GNUNET_RECLAIM_Ticket **ticket, char **rp_uri)
 Parse an access token.
 
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request (const char *scopes, const char *attr)
 Checks if a claim is implicitly requested through standard scope(s)
 
char * OIDC_generate_userinfo (const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
 Generate userinfo JSON as string.
 

Macro Definition Documentation

◆ JWT_ALG

#define JWT_ALG   "alg"

Definition at line 32 of file oidc_helper.h.

◆ JWT_TYP

#define JWT_TYP   "typ"

Definition at line 33 of file oidc_helper.h.

◆ JWT_TYP_VALUE

#define JWT_TYP_VALUE   "jwt"

Definition at line 34 of file oidc_helper.h.

◆ JWT_ALG_VALUE_HMAC

#define JWT_ALG_VALUE_HMAC   "HS512"

Definition at line 36 of file oidc_helper.h.

◆ JWT_ALG_VALUE_RSA

#define JWT_ALG_VALUE_RSA   "RS256"

Definition at line 37 of file oidc_helper.h.

◆ SERVER_ADDRESS

#define SERVER_ADDRESS   "http://localhost:7776"

Definition at line 39 of file oidc_helper.h.

Enumeration Type Documentation

◆ OIDC_VerificationOptions

Enumerator
OIDC_VERIFICATION_DEFAULT 

Strict verification.

OIDC_VERIFICATION_NO_CODE_VERIFIER 

Do not check code verifier even if expected.

Definition at line 41 of file oidc_helper.h.

42{
47
52};
@ OIDC_VERIFICATION_NO_CODE_VERIFIER
Do not check code verifier even if expected.
Definition oidc_helper.h:51
@ OIDC_VERIFICATION_DEFAULT
Strict verification.
Definition oidc_helper.h:46

Function Documentation

◆ OIDC_generate_id_token_rsa()

char * OIDC_generate_id_token_rsa ( const char *  rp_uri,
const struct GNUNET_CRYPTO_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const struct GNUNET_TIME_Relative expiration_time,
const char *  nonce,
const json_t *  secret_rsa_key 
)

Create a JWT using RSA256 algorithm from attributes.

Parameters
rp_urithe RP URI
sub_keythe public key of the subject
attrsthe attribute list
presentationscredential presentation list (may be empty)
expiration_timethe validity of the token
secret_rsa_keythe key used to sign the JWT
Returns
a new base64-encoded JWT string.

Definition at line 417 of file oidc_helper.c.

425{
426 json_t *jws;
427 char *body_str;
428 char *result;
429
430 // Generate the body of the JSON Web Signature
431 body_str = generate_id_token_body (rp_uri,
432 sub_key,
433 attrs,
434 presentations,
435 expiration_time,
436 nonce);
437
438 if (NULL == body_str)
439 {
441 "Body for the JWS could not be generated\n");
442 return NULL;
443 }
444
445 // Creating the JSON Web Signature.
446 jws = json_pack ("{s:o}", "payload",
447 jose_b64_enc (body_str, strlen (body_str)));
448 GNUNET_free (body_str);
449
450 if (! jose_jws_sig (NULL, jws, NULL, secret_rsa_key))
451 {
453 "Signature generation failed\n");
454 return NULL;
455 }
456
457 // Encoding JSON as compact JSON Web Signature
458 GNUNET_asprintf (&result, "%s.%s.%s",
459 json_string_value (json_object_get (jws, "protected")),
460 json_string_value (json_object_get (jws, "payload")),
461 json_string_value (json_object_get (jws, "signature")) );
462
463 json_decref (jws);
464 return result;
465}
static int result
Global testing status.
#define GNUNET_log(kind,...)
@ GNUNET_ERROR_TYPE_ERROR
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
#define GNUNET_free(ptr)
Wrapper around free.
static char * generate_id_token_body(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce)

References generate_id_token_body(), GNUNET_asprintf(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, and result.

Referenced by token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_generate_id_token_hmac()

char * OIDC_generate_id_token_hmac ( const char *  rp_uri,
const struct GNUNET_CRYPTO_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const struct GNUNET_TIME_Relative expiration_time,
const char *  nonce,
const char *  secret_key 
)

Create a JWT using HMAC (HS256) from attributes.

Parameters
rp_urithe RP URI
sub_keythe public key of the subject
attrsthe attribute list
presentationscredential presentation list (may be empty)
expiration_timethe validity of the token
secret_keythe key used to sign the JWT
Returns
a new base64-encoded JWT string.

Creating the JWT signature. This might not be standards compliant, check.

Definition at line 469 of file oidc_helper.c.

477{
478 struct GNUNET_HashCode signature;
479 char *header;
480 char *header_base64;
481 char *body_str;
482 char *body_base64;
483 char *signature_target;
484 char *signature_base64;
485 char *result;
486
487 // Generate and encode Header
488 header = create_jwt_hmac_header ();
489 if (NULL == header)
490 {
492 "Header for the JWS could not be generated\n");
493 return NULL;
494 }
495 GNUNET_STRINGS_base64url_encode (header, strlen (header), &header_base64);
496 GNUNET_free (header);
497 fix_base64 (header_base64);
498
499 // Generate and encode the body of the JSON Web Signature
500 body_str = generate_id_token_body (rp_uri,
501 sub_key,
502 attrs,
503 presentations,
504 expiration_time,
505 nonce);
506
507 if (NULL == body_str)
508 {
510 "Body for the JWS could not be generated\n");
511 GNUNET_free (header_base64);
512 return NULL;
513 }
514
515 GNUNET_STRINGS_base64url_encode (body_str, strlen (body_str), &body_base64);
516 fix_base64 (body_base64);
517
522 GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
523 GNUNET_CRYPTO_hmac_raw (secret_key,
524 strlen (secret_key),
525 signature_target,
526 strlen (signature_target),
527 &signature);
528 GNUNET_STRINGS_base64url_encode ((const char *) &signature,
529 sizeof(struct GNUNET_HashCode),
530 &signature_base64);
531 fix_base64 (signature_base64);
532
534 "%s.%s.%s",
535 header_base64,
536 body_base64,
537 signature_base64);
538
539 GNUNET_free (header_base64);
540 GNUNET_free (body_str);
541 GNUNET_free (body_base64);
542 GNUNET_free (signature_target);
543 GNUNET_free (signature_base64);
544 return result;
545}
void GNUNET_CRYPTO_hmac_raw(const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104) TODO: Shouldn't this be the standard hmac function and the abo...
size_t GNUNET_STRINGS_base64url_encode(const void *in, size_t len, char **output)
Encode into Base64url.
Definition strings.c:1667
static void fix_base64(char *str)
static char * create_jwt_hmac_header(void)
A 512-bit hashcode.

References create_jwt_hmac_header(), fix_base64(), generate_id_token_body(), GNUNET_asprintf(), GNUNET_CRYPTO_hmac_raw(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_STRINGS_base64url_encode(), and result.

Referenced by token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_build_authz_code()

char * OIDC_build_authz_code ( const struct GNUNET_CRYPTO_PrivateKey issuer,
const struct GNUNET_RECLAIM_Ticket ticket,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const char *  nonce_str,
const char *  code_challenge 
)

Builds an OIDC authorization code including a reclaim ticket and nonce.

Parameters
issuerthe issuer
ticketthe ticket to include in the code
attrslist of attributes to share
presentationscredential presentation list
noncethe nonce to include in the code
code_challengePKCE code challenge
optsverification options
Returns
a new authorization code (caller must free)
Parameters
issuerthe issuer of the ticket, used to sign the ticket and nonce
ticketthe ticket to include in the code
attrslist of attributes which are shared
presentationscredential presentation list (may be empty)
noncethe nonce to include in the code
code_challengePKCE code challenge
Returns
a new authorization code (caller must free)

PLAINTEXT

END

Definition at line 561 of file oidc_helper.c.

568{
569 struct OIDC_Parameters params;
570 char *code_payload;
571 char *payload;
572 char *tmp;
573 char *code_str;
574 char *buf_ptr = NULL;
575 size_t payload_len;
576 size_t code_payload_len;
577 size_t attr_list_len = 0;
578 size_t pres_list_len = 0;
579 size_t code_challenge_len = 0;
580 uint32_t nonce_len = 0;
582
584 // Assign ticket
585 memset (&params, 0, sizeof(params));
586 memcpy (params.ticket.gns_name, ticket->gns_name, strlen (ticket->gns_name)
587 + 1);
588 // Assign nonce
589 payload_len = sizeof(struct OIDC_Parameters);
590 if ((NULL != nonce_str) && (strcmp ("", nonce_str) != 0))
591 {
592 nonce_len = strlen (nonce_str);
593 payload_len += nonce_len;
594 }
595 params.nonce_len = htonl (nonce_len);
596 // Assign code challenge
597 if (NULL != code_challenge)
598 code_challenge_len = strlen (code_challenge);
599 payload_len += code_challenge_len;
600 params.code_challenge_len = htonl (code_challenge_len);
601 // Assign attributes
602 if (NULL != attrs)
603 {
604 // Get length
606 params.attr_list_len = htonl (attr_list_len);
608 "Length of serialized attributes: %lu\n",
610 // Get serialized attributes
611 payload_len += attr_list_len;
612 }
613 if (NULL != presentations)
614 {
615 // Get length
616 // FIXME only add presentations relevant for attribute list!!!
617 // This is important because of the distinction between id_token and
618 // userinfo in OIDC
621 params.pres_list_len = htonl (pres_list_len);
623 "Length of serialized presentations: %lu\n",
625 // Get serialized attributes
626 payload_len += pres_list_len;
627 }
628
629 // Get plaintext length
630 payload = GNUNET_malloc (payload_len);
631 memcpy (payload, &params, sizeof(params));
632 tmp = payload + sizeof(params);
633 if (0 < code_challenge_len)
634 {
635 memcpy (tmp, code_challenge, code_challenge_len);
636 tmp += code_challenge_len;
637 }
638 if (0 < nonce_len)
639 {
640 memcpy (tmp, nonce_str, nonce_len);
641 tmp += nonce_len;
642 }
643 if (0 < attr_list_len)
645 tmp += attr_list_len;
646 if (0 < pres_list_len)
648 tmp += pres_list_len;
649
652 // Get length
653 code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
654 + payload_len + sizeof(struct
657 "Length of data to encode: %lu\n",
658 code_payload_len);
659
660 // Initialize code payload
661 code_payload = GNUNET_malloc (code_payload_len);
662 GNUNET_assert (NULL != code_payload);
663 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
664 purpose->size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
665 + payload_len);
667 // Store pubkey
668 buf_ptr = (char *) &purpose[1];
669 memcpy (buf_ptr, payload, payload_len);
671 buf_ptr += payload_len;
672 // Sign and store signature
673 if (GNUNET_SYSERR ==
674 GNUNET_CRYPTO_sign_ (issuer,
675 purpose,
676 (struct GNUNET_CRYPTO_Signature *)
677 buf_ptr))
678 {
679 GNUNET_break (0);
680 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
681 GNUNET_free (code_payload);
682 return NULL;
683 }
684 GNUNET_STRINGS_base64url_encode (code_payload, code_payload_len, &code_str);
685 GNUNET_free (code_payload);
686 return code_str;
687}
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
static unsigned long long payload
How much data are we currently storing in the database?
#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN
Signature for a GNUid Ticket (Reclaim)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_sign_(const struct GNUNET_CRYPTO_PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_Signature *sig)
Sign a given block.
@ GNUNET_SYSERR
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_DEBUG
#define GNUNET_malloc(size)
Wrapper around malloc.
size_t GNUNET_RECLAIM_attribute_list_serialize(const struct GNUNET_RECLAIM_AttributeList *attrs, char *result)
Serialize an attribute list.
size_t GNUNET_RECLAIM_presentation_list_serialize(const struct GNUNET_RECLAIM_PresentationList *presentations, char *result)
Serialize a presentation list.
size_t GNUNET_RECLAIM_presentation_list_serialize_get_size(const struct GNUNET_RECLAIM_PresentationList *presentations)
Get required size for serialization buffer.
size_t GNUNET_RECLAIM_attribute_list_serialize_get_size(const struct GNUNET_RECLAIM_AttributeList *attrs)
Get required size for serialization buffer.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
An identity signature as per LSD0001.
char gns_name[63 *2+2]
The ticket.
The signature used to generate the authorization code.
Definition oidc_helper.c:46
uint32_t pres_list_len
The length of the presentation list.
Definition oidc_helper.c:70
uint32_t nonce_len
The nonce length.
Definition oidc_helper.c:55
uint32_t attr_list_len
The length of the attributes list.
Definition oidc_helper.c:65
uint32_t code_challenge_len
The length of the PKCE code_challenge.
Definition oidc_helper.c:60

References OIDC_Parameters::attr_list_len, OIDC_Parameters::code_challenge_len, GNUNET_RECLAIM_Ticket::gns_name, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_sign_(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_RECLAIM_attribute_list_serialize(), GNUNET_RECLAIM_attribute_list_serialize_get_size(), GNUNET_RECLAIM_presentation_list_serialize(), GNUNET_RECLAIM_presentation_list_serialize_get_size(), GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, GNUNET_STRINGS_base64url_encode(), GNUNET_SYSERR, OIDC_Parameters::nonce_len, payload, OIDC_Parameters::pres_list_len, GNUNET_CRYPTO_EccSignaturePurpose::purpose, ticket, and OIDC_Parameters::ticket.

Referenced by oidc_ticket_issue_cb().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_parse_authz_code()

int OIDC_parse_authz_code ( const char *  rp_uri,
const struct GNUNET_CRYPTO_PublicKey cid,
const char *  code,
const char *  code_verifier,
struct GNUNET_RECLAIM_Ticket ticket,
struct GNUNET_RECLAIM_AttributeList **  attrs,
struct GNUNET_RECLAIM_PresentationList **  presentations,
char **  nonce_str,
enum OIDC_VerificationOptions  opts,
char **  emsg 
)

Parse reclaim ticket and nonce from authorization code.

This also verifies the signature in the code.

Parameters
rp_urithe RP URI
codethe string representation of the code
code_verfierPKCE code verifier
ticketwhere to store the ticket
attrsthe attributes found in the code
presentationscredential presentation list
noncewhere to store the nonce
Returns
GNUNET_OK if successful, else GNUNET_SYSERR

This also verifies the signature in the code.

Parameters
audiencethe expected audience of the code
codethe string representation of the code
code_verfierPKCE code verifier. Optional, must be provided if used in request.
ticketwhere to store the ticket
attrsthe attributes in the code
presentationscredential presentation list
nonce_strwhere to store the nonce (if contained)
Returns
GNUNET_OK if successful, else GNUNET_SYSERR

Definition at line 748 of file oidc_helper.c.

757{
758 char *code_payload;
759 char *ptr;
760 char *plaintext;
761 char *attrs_ser;
762 char *presentations_ser;
763 char *code_challenge;
765 struct GNUNET_CRYPTO_Signature *signature;
766 struct GNUNET_CRYPTO_PublicKey iss;
767 uint32_t code_challenge_len;
768 uint32_t attrs_ser_len;
769 uint32_t pres_ser_len;
770 size_t plaintext_len;
771 size_t code_payload_len;
772 uint32_t nonce_len = 0;
773 struct OIDC_Parameters *params;
774
775
777 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code);
778 code_payload = NULL;
779 code_payload_len =
780 GNUNET_STRINGS_base64url_decode (code, strlen (code),
781 (void **) &code_payload);
782 if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
783 + sizeof(struct OIDC_Parameters)
784 + sizeof(struct GNUNET_CRYPTO_Signature))
785 {
786 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
787 GNUNET_free (code_payload);
788 return GNUNET_SYSERR;
789 }
790
791 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
792 plaintext_len = code_payload_len;
793 plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose);
794 ptr = (char *) &purpose[1];
795 plaintext_len -= sizeof(struct GNUNET_CRYPTO_Signature);
796 plaintext = ptr;
797 ptr += plaintext_len;
798 signature = (struct GNUNET_CRYPTO_Signature *) ptr;
799 params = (struct OIDC_Parameters *) plaintext;
800
801 // cmp code_challenge code_verifier
802 code_challenge_len = ntohl (params->code_challenge_len);
803 code_challenge = ((char *) &params[1]);
805 {
806 if (GNUNET_OK != check_code_challenge (code_challenge,
808 code_verifier))
809 {
810 GNUNET_asprintf (emsg, "Code verifier `%s' invalid for challenge `%s'",
811 code_verifier, code_challenge);
812 GNUNET_free (code_payload);
813 return GNUNET_SYSERR;
814 }
815 }
816 nonce_len = ntohl (params->nonce_len);
817 if (0 != nonce_len)
818 {
819 *nonce_str = GNUNET_strndup (code_challenge + code_challenge_len,
820 nonce_len);
821 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %s\n", *nonce_str);
822 }
823
824 // Ticket
825 memcpy (ticket, &params->ticket, sizeof(params->ticket));
826 // Signature
827 // GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub);
828 if (GNUNET_OK !=
831 purpose,
832 signature,
833 &iss))
834 {
835 GNUNET_free (code_payload);
836 if (NULL != *nonce_str)
837 GNUNET_free (*nonce_str);
838 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n");
839 *emsg = GNUNET_strdup ("Signature verification failed");
840 return GNUNET_SYSERR;
841 }
842 // Attributes
843 attrs_ser = ((char *) &params[1]) + code_challenge_len + nonce_len;
844 attrs_ser_len = ntohl (params->attr_list_len);
845 *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len);
846 presentations_ser = ((char*) attrs_ser) + attrs_ser_len;
847 pres_ser_len = ntohl (params->pres_list_len);
848 *presentations =
850 pres_ser_len);
851
852 GNUNET_free (code_payload);
853 return GNUNET_OK;
854}
enum GNUNET_GenericReturnValue GNUNET_GNS_parse_ztld(const char *name, struct GNUNET_CRYPTO_PublicKey *ztld_key)
Try to parse the zTLD into a public key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_signature_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_Signature *sig, const struct GNUNET_CRYPTO_PublicKey *pub)
Verify a given signature.
@ GNUNET_OK
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
struct GNUNET_RECLAIM_PresentationList * GNUNET_RECLAIM_presentation_list_deserialize(const char *data, size_t data_size)
Deserialize a presentation list.
struct GNUNET_RECLAIM_AttributeList * GNUNET_RECLAIM_attribute_list_deserialize(const char *data, size_t data_size)
Deserialize an attribute list.
size_t GNUNET_STRINGS_base64url_decode(const char *data, size_t len, void **out)
Decode from Base64url.
Definition strings.c:1778
static enum GNUNET_GenericReturnValue check_code_challenge(const char *code_challenge, uint32_t code_challenge_len, const char *code_verifier)
An identity key as per LSD0001.
struct GNUNET_RECLAIM_Ticket ticket
The reclaim ticket.
Definition oidc_helper.c:50

References OIDC_Parameters::attr_list_len, check_code_challenge(), OIDC_Parameters::code_challenge_len, GNUNET_RECLAIM_Ticket::gns_name, GNUNET_asprintf(), GNUNET_CRYPTO_signature_verify_(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_GNS_parse_ztld(), GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_deserialize(), GNUNET_RECLAIM_presentation_list_deserialize(), GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, GNUNET_strdup, GNUNET_STRINGS_base64url_decode(), GNUNET_strndup, GNUNET_SYSERR, OIDC_Parameters::nonce_len, OIDC_VERIFICATION_NO_CODE_VERIFIER, OIDC_Parameters::pres_list_len, GNUNET_CRYPTO_EccSignaturePurpose::purpose, ticket, and OIDC_Parameters::ticket.

Referenced by consume_fail(), and token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_build_token_response()

void OIDC_build_token_response ( const char *  access_token,
const char *  id_token,
const struct GNUNET_TIME_Relative expiration_time,
char **  token_response 
)

Build a token response for a token request TODO: Maybe we should add the scope here?

Parameters
access_tokenthe access token to include
id_tokenthe id_token to include
expiration_timethe expiration time of the token(s)
token_responsewhere to store the response

Definition at line 867 of file oidc_helper.c.

871{
872 json_t *root_json;
873
874 root_json = json_object ();
875
876 GNUNET_assert (NULL != access_token);
877 GNUNET_assert (NULL != id_token);
878 GNUNET_assert (NULL != expiration_time);
879 json_object_set_new (root_json, "access_token", json_string (access_token));
880 json_object_set_new (root_json, "token_type", json_string ("Bearer"));
881 json_object_set_new (root_json,
882 "expires_in",
883 json_integer (expiration_time->rel_value_us
884 / (1000 * 1000)));
885 json_object_set_new (root_json, "id_token", json_string (id_token));
886 *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
887 json_decref (root_json);
888}
uint64_t rel_value_us
The actual value.

References GNUNET_assert, and GNUNET_TIME_Relative::rel_value_us.

Referenced by token_endpoint().

Here is the caller graph for this function:

◆ OIDC_access_token_new()

char * OIDC_access_token_new ( const struct GNUNET_RECLAIM_Ticket ticket,
const char *  rp_uri 
)

Generate a new access token.

Definition at line 895 of file oidc_helper.c.

897{
898 char *access_token;
899 char *tkt_b64;
900
902 sizeof(*ticket),
903 &tkt_b64);
904 GNUNET_asprintf (&access_token, "%s-%s", tkt_b64, rp_uri);
905 GNUNET_free (tkt_b64);
906 return access_token;
907}
size_t GNUNET_STRINGS_base64_encode(const void *in, size_t len, char **output)
Encode into Base64.
Definition strings.c:1618

References GNUNET_asprintf(), GNUNET_free, GNUNET_STRINGS_base64_encode(), and ticket.

Referenced by token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_access_token_parse()

int OIDC_access_token_parse ( const char *  token,
struct GNUNET_RECLAIM_Ticket **  ticket,
char **  rp_uri 
)

Parse an access token.

Definition at line 914 of file oidc_helper.c.

917{
918 size_t sret;
919 char *decoded;
920 char *tmp;
921 char *tkt_str;
922 char *rp_uri_str;
923 tmp = GNUNET_strdup (token);
924 tkt_str = strtok (tmp, "-");
925 GNUNET_assert (NULL != tkt_str); // FIXME handle
926 rp_uri_str = strtok (NULL, "-");
927 GNUNET_assert (NULL != rp_uri_str); // FIXME handle
928 sret = GNUNET_STRINGS_base64_decode (tkt_str,
929 strlen (tkt_str),
930 (void**) &decoded);
931 if (sizeof (struct GNUNET_RECLAIM_Ticket) != sret)
932 {
933 GNUNET_free (decoded);
934 GNUNET_free (tmp);
935 return GNUNET_SYSERR;
936 }
937 *ticket = (struct GNUNET_RECLAIM_Ticket *) decoded;
938 *rp_uri = GNUNET_strdup (rp_uri_str);
939 GNUNET_free (tmp);
940 return GNUNET_OK;
941}
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
Definition strings.c:1720
The authorization ticket.

References GNUNET_assert, GNUNET_free, GNUNET_OK, GNUNET_strdup, GNUNET_STRINGS_base64_decode(), GNUNET_SYSERR, and ticket.

Referenced by userinfo_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_check_scopes_for_claim_request()

enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request ( const char *  scopes,
const char *  attr 
)

Checks if a claim is implicitly requested through standard scope(s)

Parameters
scopesthe scopes which have been requested
attrthe attribute name to check
Returns
GNUNET_YES if attribute is implicitly requested

Checks if a claim is implicitly requested through standard scope(s)

Parameters
scopesthe scopes which have been requested
attrthe attribute name to check
Returns
GNUNET_YES if attribute is implicitly requested

attribute matches requested scope

Definition at line 953 of file oidc_helper.c.

955{
956 char *scope_variables;
957 char *scope_variable;
958 char delimiter[] = " ";
959 int i;
960
961 scope_variables = GNUNET_strdup (scopes);
962 scope_variable = strtok (scope_variables, delimiter);
963 while (NULL != scope_variable)
964 {
965 if (0 == strcmp ("profile", scope_variable))
966 {
967 for (i = 0; i < 14; i++)
968 {
969 if (0 == strcmp (attr, OIDC_profile_claims[i]))
970 {
971 GNUNET_free (scope_variables);
972 return GNUNET_YES;
973 }
974 }
975 }
976 else if (0 == strcmp ("address", scope_variable))
977 {
978 for (i = 0; i < 5; i++)
979 {
980 if (0 == strcmp (attr, OIDC_address_claims[i]))
981 {
982 GNUNET_free (scope_variables);
983 return GNUNET_YES;
984 }
985 }
986 }
987 else if (0 == strcmp ("email", scope_variable))
988 {
989 for (i = 0; i < 2; i++)
990 {
991 if (0 == strcmp (attr, OIDC_email_claims[i]))
992 {
993 GNUNET_free (scope_variables);
994 return GNUNET_YES;
995 }
996 }
997 }
998 else if (0 == strcmp ("phone", scope_variable))
999 {
1000 for (i = 0; i < 2; i++)
1001 {
1002 if (0 == strcmp (attr, OIDC_phone_claims[i]))
1003 {
1004 GNUNET_free (scope_variables);
1005 return GNUNET_YES;
1006 }
1007 }
1008
1009 }
1010 else if (0 == strcmp (attr, scope_variable))
1011 {
1013 GNUNET_free (scope_variables);
1014 return GNUNET_YES;
1015 }
1016 scope_variable = strtok (NULL, delimiter);
1017 }
1018 GNUNET_free (scope_variables);
1019 return GNUNET_NO;
1020
1021}
@ GNUNET_YES
@ GNUNET_NO
static char OIDC_email_claims[2][16]
Standard claims represented by the "email" scope in OIDC.
Definition oidc_helper.c:87
static char OIDC_address_claims[5][32]
Standard claims represented by the "address" scope in OIDC.
static char OIDC_phone_claims[2][32]
Standard claims represented by the "phone" scope in OIDC.
Definition oidc_helper.c:94
static GNUNET_NETWORK_STRUCT_END char OIDC_profile_claims[14][32]
Standard claims represented by the "profile" scope in OIDC.
Definition oidc_helper.c:78

References GNUNET_free, GNUNET_NO, GNUNET_strdup, GNUNET_YES, OIDC_address_claims, OIDC_email_claims, OIDC_phone_claims, and OIDC_profile_claims.

Referenced by attr_in_claims_request().

Here is the caller graph for this function:

◆ OIDC_generate_userinfo()

char * OIDC_generate_userinfo ( const struct GNUNET_CRYPTO_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations 
)

Generate userinfo JSON as string.

Parameters
sub_keythe subject (user)
attrsuser attribute list
presentationscredential presentation list
Returns
Userinfo JSON
Parameters
sub_keythe subject (user)
attrsuser attribute list
presentationscredential presentation list (may be empty)
Returns
Userinfo JSON

Definition at line 342 of file oidc_helper.c.

346{
347 char *body_str;
348 json_t*body = generate_userinfo_json (sub_key,
349 attrs,
350 presentations);
351 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
352 json_decref (body);
353 return body_str;
354}
static json_t * generate_userinfo_json(const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)

References generate_userinfo_json().

Referenced by consume_fail(), and consume_ticket().

Here is the call graph for this function:
Here is the caller graph for this function: