GNUnet  0.11.x
Data Structures | Macros | Functions | Variables
plugin_rest_openid_connect.c File Reference
#include "platform.h"
#include <inttypes.h>
#include <jansson.h>
#include "gnunet_buffer_lib.h"
#include "gnunet_strings_lib.h"
#include "gnunet_gns_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_identity_service.h"
#include "gnunet_namestore_service.h"
#include "gnunet_reclaim_lib.h"
#include "gnunet_reclaim_service.h"
#include "gnunet_rest_lib.h"
#include "gnunet_rest_plugin.h"
#include "gnunet_signatures.h"
#include "microhttpd.h"
#include "oidc_helper.h"
Include dependency graph for plugin_rest_openid_connect.c:

Go to the source code of this file.

Data Structures

struct  Plugin
 Handle for a plugin. More...
 
struct  OIDC_Variables
 OIDC needed variables. More...
 
struct  EgoEntry
 The ego list. More...
 
struct  RequestHandle
 The request handle. More...
 

Macros

#define GNUNET_REST_API_NS_OIDC   "/openid"
 REST root namespace. More...
 
#define GNUNET_REST_API_NS_OIDC_CONFIG   "/.well-known/openid-configuration"
 OIDC config. More...
 
#define GNUNET_REST_API_NS_AUTHORIZE   "/openid/authorize"
 Authorize endpoint. More...
 
#define GNUNET_REST_API_NS_TOKEN   "/openid/token"
 Token endpoint. More...
 
#define GNUNET_REST_API_NS_USERINFO   "/openid/userinfo"
 UserInfo endpoint. More...
 
#define GNUNET_REST_API_NS_LOGIN   "/openid/login"
 Login namespace. More...
 
#define ID_REST_STATE_INIT   0
 State while collecting all egos. More...
 
#define ID_REST_STATE_POST_INIT   1
 Done collecting egos. More...
 
#define OIDC_GRANT_TYPE_KEY   "grant_type"
 OIDC grant_type key. More...
 
#define OIDC_GRANT_TYPE_VALUE   "authorization_code"
 OIDC grant_type key. More...
 
#define OIDC_CODE_KEY   "code"
 OIDC code key. More...
 
#define OIDC_RESPONSE_TYPE_KEY   "response_type"
 OIDC response_type key. More...
 
#define OIDC_CLIENT_ID_KEY   "client_id"
 OIDC client_id key. More...
 
#define OIDC_SCOPE_KEY   "scope"
 OIDC scope key. More...
 
#define OIDC_REDIRECT_URI_KEY   "redirect_uri"
 OIDC redirect_uri key. More...
 
#define OIDC_STATE_KEY   "state"
 OIDC state key. More...
 
#define OIDC_NONCE_KEY   "nonce"
 OIDC nonce key. More...
 
#define OIDC_CLAIMS_KEY   "claims"
 OIDC claims key. More...
 
#define OIDC_CODE_CHALLENGE_KEY   "code_challenge"
 OIDC PKCE code challenge. More...
 
#define OIDC_CODE_VERIFIER_KEY   "code_verifier"
 OIDC PKCE code verifier. More...
 
#define OIDC_COOKIE_EXPIRATION   3
 OIDC cookie expiration (in seconds) More...
 
#define OIDC_COOKIE_HEADER_KEY   "cookie"
 OIDC cookie header key. More...
 
#define OIDC_AUTHORIZATION_HEADER_KEY   "authorization"
 OIDC cookie header information key. More...
 
#define OIDC_COOKIE_HEADER_INFORMATION_KEY   "Identity="
 OIDC cookie header information key. More...
 
#define OIDC_COOKIE_HEADER_ACCESS_DENIED   "Identity=Denied"
 OIDC cookie header if user cancelled. More...
 
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE   "code"
 OIDC expected response_type while authorizing. More...
 
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE   "openid"
 OIDC expected scope part while authorizing. More...
 
#define OIDC_ERROR_KEY_INVALID_CLIENT   "invalid_client"
 OIDC error key for invalid client. More...
 
#define OIDC_ERROR_KEY_INVALID_SCOPE   "invalid_scope"
 OIDC error key for invalid scopes. More...
 
#define OIDC_ERROR_KEY_INVALID_REQUEST   "invalid_request"
 OIDC error key for invalid requests. More...
 
#define OIDC_ERROR_KEY_INVALID_TOKEN   "invalid_token"
 OIDC error key for invalid tokens. More...
 
#define OIDC_ERROR_KEY_INVALID_COOKIE   "invalid_cookie"
 OIDC error key for invalid cookies. More...
 
#define OIDC_ERROR_KEY_SERVER_ERROR   "server_error"
 OIDC error key for generic server errors. More...
 
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE   "unsupported_grant_type"
 OIDC error key for unsupported grants. More...
 
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE   "unsupported_response_type"
 OIDC error key for unsupported response types. More...
 
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT   "unauthorized_client"
 OIDC error key for unauthorized clients. More...
 
#define OIDC_ERROR_KEY_ACCESS_DENIED   "access_denied"
 OIDC error key for denied access. More...
 
#define CONSUME_TIMEOUT
 How long to wait for a consume in userinfo endpoint. More...
 

Functions

static void cleanup_handle (struct RequestHandle *handle)
 Cleanup lookup handle. More...
 
static void do_error (void *cls)
 Task run on error, sends error message. More...
 
static void do_userinfo_error (void *cls)
 Task run on error in userinfo endpoint, sends error header. More...
 
static void do_redirect_error (void *cls)
 Task run on error, sends error message and redirects. More...
 
static void do_timeout (void *cls)
 Task run on timeout, sends error message. More...
 
static void options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Respond to OPTIONS request. More...
 
static void cookie_identity_interpretation (struct RequestHandle *handle)
 Interprets cookie header and pass its identity keystring to handle. More...
 
static void login_redirect (void *cls)
 Redirects to login page stored in configuration file. More...
 
static void oidc_iteration_error (void *cls)
 Does internal server error when iteration failed. More...
 
static void oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_PresentationList *pres)
 Issues ticket and redirects to relying party with the authorization code as parameter. More...
 
static struct GNUNET_RECLAIM_AttributeListattribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b)
 
static void oidc_cred_collect_finished_cb (void *cls)
 
static void oidc_cred_collect (void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Credential *cred)
 Collects all attributes for an ego if in scope parameter. More...
 
static void oidc_attr_collect_finished_cb (void *cls)
 
static int attr_in_claims_request (struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
 
static int attr_in_idtoken_request (struct RequestHandle *handle, const char *attr_name)
 
static int attr_in_userinfo_request (struct RequestHandle *handle, const char *attr_name)
 
static void oidc_attr_collect (void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
 Collects all attributes for an ego if in scope parameter. More...
 
static void code_redirect (void *cls)
 Checks time and cookie and redirects accordingly. More...
 
static void build_redirect (void *cls)
 
static void lookup_redirect_uri_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
 
static void client_redirect (void *cls)
 Initiate redirect back to client. More...
 
static char * get_url_parameter_copy (const struct RequestHandle *handle, const char *key)
 
static void build_authz_response (void *cls)
 Iteration over all results finished, build final response. More...
 
static void tld_iter (void *cls, const char *section, const char *option, const char *value)
 Iterate over tlds in config. More...
 
static void authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to authorization GET and url-encoded POST request. More...
 
static void login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Combines an identity with a login time and responds OK to login request. More...
 
static int parse_credentials_basic_auth (struct RequestHandle *handle, char **client_id, char **client_secret)
 
static int parse_credentials_post_body (struct RequestHandle *handle, char **client_id, char **client_secret)
 
static int check_authorization (struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *cid)
 
const struct EgoEntryfind_ego (struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *test_key)
 
static void token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to token url-encoded POST request. More...
 
static void consume_ticket (void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Presentation *pres)
 Collects claims and stores them in handle. More...
 
static void consume_timeout (void *cls)
 
static void userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to userinfo GET and url-encoded POST request. More...
 
static void list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
 If listing is enabled, prints information about the egos. More...
 
static void oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 
static void oidc_config_cors (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Respond to OPTIONS request. More...
 
static enum GNUNET_GenericReturnValue rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
 
void * libgnunet_plugin_rest_openid_connect_init (void *cls)
 Entry point for the plugin. More...
 
static int cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value)
 
void * libgnunet_plugin_rest_openid_connect_done (void *cls)
 Exit point from the plugin. More...
 

Variables

static char * OIDC_ignored_parameter_array []
 OIDC ignored parameter array. More...
 
struct GNUNET_CONTAINER_MultiHashMapoidc_code_cache
 OIDC hashmap for cached access tokens and codes. More...
 
struct GNUNET_CONTAINER_MultiHashMapOIDC_cookie_jar_map
 OIDC hashmap that keeps track of issued cookies. More...
 
const struct GNUNET_CONFIGURATION_Handlecfg
 The configuration handle. More...
 
static char * allow_methods
 HTTP methods allows for this plugin. More...
 
static struct EgoEntryego_head
 Ego list. More...
 
static struct EgoEntryego_tail
 Ego list. More...
 
static int state
 The processing state. More...
 
static struct GNUNET_IDENTITY_Handleidentity_handle
 Handle to Identity service. More...
 
static struct GNUNET_GNS_Handlegns_handle
 GNS handle. More...
 
static struct GNUNET_RECLAIM_Handleidp
 Identity Provider. More...
 
static struct RequestHandlerequests_head
 DLL. More...
 
static struct RequestHandlerequests_tail
 DLL. More...
 

Macro Definition Documentation

◆ GNUNET_REST_API_NS_OIDC

#define GNUNET_REST_API_NS_OIDC   "/openid"

REST root namespace.

Definition at line 48 of file plugin_rest_openid_connect.c.

Referenced by libgnunet_plugin_rest_openid_connect_init(), and rest_identity_process_request().

◆ GNUNET_REST_API_NS_OIDC_CONFIG

#define GNUNET_REST_API_NS_OIDC_CONFIG   "/.well-known/openid-configuration"

OIDC config.

Definition at line 53 of file plugin_rest_openid_connect.c.

Referenced by rest_identity_process_request().

◆ GNUNET_REST_API_NS_AUTHORIZE

#define GNUNET_REST_API_NS_AUTHORIZE   "/openid/authorize"

Authorize endpoint.

Definition at line 58 of file plugin_rest_openid_connect.c.

Referenced by rest_identity_process_request().

◆ GNUNET_REST_API_NS_TOKEN

#define GNUNET_REST_API_NS_TOKEN   "/openid/token"

Token endpoint.

Definition at line 63 of file plugin_rest_openid_connect.c.

Referenced by rest_identity_process_request().

◆ GNUNET_REST_API_NS_USERINFO

#define GNUNET_REST_API_NS_USERINFO   "/openid/userinfo"

UserInfo endpoint.

Definition at line 68 of file plugin_rest_openid_connect.c.

Referenced by rest_identity_process_request().

◆ GNUNET_REST_API_NS_LOGIN

#define GNUNET_REST_API_NS_LOGIN   "/openid/login"

Login namespace.

Definition at line 73 of file plugin_rest_openid_connect.c.

Referenced by rest_identity_process_request().

◆ ID_REST_STATE_INIT

#define ID_REST_STATE_INIT   0

State while collecting all egos.

Definition at line 78 of file plugin_rest_openid_connect.c.

Referenced by libgnunet_plugin_rest_openid_connect_init(), and list_ego().

◆ ID_REST_STATE_POST_INIT

#define ID_REST_STATE_POST_INIT   1

Done collecting egos.

Definition at line 83 of file plugin_rest_openid_connect.c.

Referenced by list_ego().

◆ OIDC_GRANT_TYPE_KEY

#define OIDC_GRANT_TYPE_KEY   "grant_type"

OIDC grant_type key.

Definition at line 88 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_GRANT_TYPE_VALUE

#define OIDC_GRANT_TYPE_VALUE   "authorization_code"

OIDC grant_type key.

Definition at line 93 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_CODE_KEY

#define OIDC_CODE_KEY   "code"

OIDC code key.

Definition at line 98 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_RESPONSE_TYPE_KEY

#define OIDC_RESPONSE_TYPE_KEY   "response_type"

OIDC response_type key.

Definition at line 103 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CLIENT_ID_KEY

#define OIDC_CLIENT_ID_KEY   "client_id"

OIDC client_id key.

Definition at line 108 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), check_authorization(), and login_redirect().

◆ OIDC_SCOPE_KEY

#define OIDC_SCOPE_KEY   "scope"

OIDC scope key.

Definition at line 113 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_REDIRECT_URI_KEY

#define OIDC_REDIRECT_URI_KEY   "redirect_uri"

OIDC redirect_uri key.

Definition at line 118 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_STATE_KEY

#define OIDC_STATE_KEY   "state"

OIDC state key.

Definition at line 123 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_NONCE_KEY

#define OIDC_NONCE_KEY   "nonce"

OIDC nonce key.

Definition at line 128 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CLAIMS_KEY

#define OIDC_CLAIMS_KEY   "claims"

OIDC claims key.

Definition at line 133 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CODE_CHALLENGE_KEY

#define OIDC_CODE_CHALLENGE_KEY   "code_challenge"

OIDC PKCE code challenge.

Definition at line 138 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_CODE_VERIFIER_KEY

#define OIDC_CODE_VERIFIER_KEY   "code_verifier"

OIDC PKCE code verifier.

Definition at line 143 of file plugin_rest_openid_connect.c.

Referenced by check_authorization(), and token_endpoint().

◆ OIDC_COOKIE_EXPIRATION

#define OIDC_COOKIE_EXPIRATION   3

OIDC cookie expiration (in seconds)

Definition at line 148 of file plugin_rest_openid_connect.c.

Referenced by login_cont().

◆ OIDC_COOKIE_HEADER_KEY

#define OIDC_COOKIE_HEADER_KEY   "cookie"

OIDC cookie header key.

Definition at line 153 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_AUTHORIZATION_HEADER_KEY

#define OIDC_AUTHORIZATION_HEADER_KEY   "authorization"

OIDC cookie header information key.

Definition at line 158 of file plugin_rest_openid_connect.c.

Referenced by parse_credentials_basic_auth(), and userinfo_endpoint().

◆ OIDC_COOKIE_HEADER_INFORMATION_KEY

#define OIDC_COOKIE_HEADER_INFORMATION_KEY   "Identity="

OIDC cookie header information key.

Definition at line 163 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_COOKIE_HEADER_ACCESS_DENIED

#define OIDC_COOKIE_HEADER_ACCESS_DENIED   "Identity=Denied"

OIDC cookie header if user cancelled.

Definition at line 168 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE

#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE   "code"

OIDC expected response_type while authorizing.

Definition at line 173 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_EXPECTED_AUTHORIZATION_SCOPE

#define OIDC_EXPECTED_AUTHORIZATION_SCOPE   "openid"

OIDC expected scope part while authorizing.

Definition at line 178 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_ERROR_KEY_INVALID_CLIENT

#define OIDC_ERROR_KEY_INVALID_CLIENT   "invalid_client"

OIDC error key for invalid client.

Definition at line 183 of file plugin_rest_openid_connect.c.

Referenced by check_authorization().

◆ OIDC_ERROR_KEY_INVALID_SCOPE

#define OIDC_ERROR_KEY_INVALID_SCOPE   "invalid_scope"

OIDC error key for invalid scopes.

Definition at line 188 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and oidc_attr_collect_finished_cb().

◆ OIDC_ERROR_KEY_INVALID_REQUEST

#define OIDC_ERROR_KEY_INVALID_REQUEST   "invalid_request"

OIDC error key for invalid requests.

Definition at line 193 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), build_authz_response(), consume_timeout(), and token_endpoint().

◆ OIDC_ERROR_KEY_INVALID_TOKEN

#define OIDC_ERROR_KEY_INVALID_TOKEN   "invalid_token"

OIDC error key for invalid tokens.

Definition at line 198 of file plugin_rest_openid_connect.c.

Referenced by consume_timeout(), and userinfo_endpoint().

◆ OIDC_ERROR_KEY_INVALID_COOKIE

#define OIDC_ERROR_KEY_INVALID_COOKIE   "invalid_cookie"

OIDC error key for invalid cookies.

Definition at line 203 of file plugin_rest_openid_connect.c.

Referenced by code_redirect().

◆ OIDC_ERROR_KEY_SERVER_ERROR

#define OIDC_ERROR_KEY_SERVER_ERROR   "server_error"

◆ OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE

#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE   "unsupported_grant_type"

OIDC error key for unsupported grants.

Definition at line 213 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE

#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE   "unsupported_response_type"

OIDC error key for unsupported response types.

Definition at line 218 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT

#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT   "unauthorized_client"

OIDC error key for unauthorized clients.

Definition at line 223 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint().

◆ OIDC_ERROR_KEY_ACCESS_DENIED

#define OIDC_ERROR_KEY_ACCESS_DENIED   "access_denied"

OIDC error key for denied access.

Definition at line 228 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ CONSUME_TIMEOUT

#define CONSUME_TIMEOUT
Value:
#define GNUNET_TIME_UNIT_SECONDS
One second.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
Definition: time.c:442

How long to wait for a consume in userinfo endpoint.

Definition at line 233 of file plugin_rest_openid_connect.c.

Referenced by userinfo_endpoint().

Function Documentation

◆ cleanup_handle()

static void cleanup_handle ( struct RequestHandle handle)
static

Cleanup lookup handle.

Parameters
handleHandle to clean up

Definition at line 580 of file plugin_rest_openid_connect.c.

References RequestHandle::access_token, RequestHandle::attr_idtoken_list, RequestHandle::attr_it, RequestHandle::attr_userinfo_list, OIDC_Variables::claims, OIDC_Variables::client_id, OIDC_Variables::code_challenge, RequestHandle::consume_timeout_op, RequestHandle::cred_it, RequestHandle::credentials, RequestHandle::edesc, RequestHandle::emsg, RequestHandle::gns_op, GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_lookup_cancel(), GNUNET_log, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_credential_list_destroy(), GNUNET_RECLAIM_get_attributes_stop(), GNUNET_RECLAIM_get_credentials_stop(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_RECLAIM_ticket_iteration_stop(), GNUNET_SCHEDULER_cancel(), RequestHandle::idp_op, OIDC_Variables::login_identity, OIDC_Variables::nonce, RequestHandle::oidc, RequestHandle::presentations, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, OIDC_Variables::scope, OIDC_Variables::state, RequestHandle::ticket_it, RequestHandle::timeout_task, RequestHandle::tld, and RequestHandle::url.

Referenced by build_redirect(), consume_ticket(), consume_timeout(), do_error(), do_redirect_error(), do_userinfo_error(), libgnunet_plugin_rest_openid_connect_done(), login_cont(), login_redirect(), oidc_config_cors(), oidc_config_endpoint(), oidc_ticket_issue_cb(), options_cont(), and token_endpoint().

581 {
582 
583  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
584  if (NULL != handle->timeout_task)
586  if (NULL != handle->attr_it)
588  if (NULL != handle->cred_it)
590  if (NULL != handle->ticket_it)
592  if (NULL != handle->idp_op)
593  GNUNET_RECLAIM_cancel (handle->idp_op);
594  if (NULL != handle->consume_timeout_op)
596  GNUNET_free (handle->url);
597  GNUNET_free (handle->tld);
598  GNUNET_free (handle->redirect_prefix);
599  GNUNET_free (handle->redirect_suffix);
600  GNUNET_free (handle->emsg);
601  GNUNET_free (handle->edesc);
602  if (NULL != handle->gns_op)
604  if (NULL != handle->oidc)
605  {
606  GNUNET_free (handle->oidc->client_id);
607  GNUNET_free (handle->oidc->login_identity);
608  GNUNET_free (handle->oidc->nonce);
609  GNUNET_free (handle->oidc->redirect_uri);
610  GNUNET_free (handle->oidc->response_type);
611  GNUNET_free (handle->oidc->scope);
612  GNUNET_free (handle->oidc->state);
613  if (NULL != handle->oidc->claims)
614  GNUNET_free (handle->oidc->claims);
615  if (NULL != handle->oidc->code_challenge)
616  GNUNET_free (handle->oidc->code_challenge);
617  GNUNET_free (handle->oidc);
618  }
619  if (NULL!=handle->attr_idtoken_list)
621  if (NULL!=handle->attr_userinfo_list)
623  if (NULL!=handle->credentials)
625  if (NULL!=handle->presentations)
629  handle);
630  if (NULL != handle->access_token)
631  GNUNET_free (handle->access_token);
632  GNUNET_free (handle);
633 }
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
void GNUNET_RECLAIM_get_credentials_stop(struct GNUNET_RECLAIM_CredentialIterator *ait)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1509
char * nonce
The OIDC nonce.
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
static struct RequestHandle * requests_tail
DLL.
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
void GNUNET_RECLAIM_cancel(struct GNUNET_RECLAIM_Operation *op)
Cancel an identity provider operation.
Definition: reclaim_api.c:1089
void GNUNET_RECLAIM_ticket_iteration_stop(struct GNUNET_RECLAIM_TicketIterator *it)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1701
static struct RequestHandle * requests_head
DLL.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
char * response_type
The OIDC response type.
struct GNUNET_RECLAIM_PresentationList * presentations
Presentations.
struct GNUNET_RECLAIM_CredentialList * credentials
Credentials.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
char * tld
The tld for redirect.
void GNUNET_RECLAIM_credential_list_destroy(struct GNUNET_RECLAIM_CredentialList *credentials)
Destroy claim list.
char * access_token
The passed access token.
char * claims
The OIDC claims.
void GNUNET_RECLAIM_presentation_list_destroy(struct GNUNET_RECLAIM_PresentationList *presentations)
Destroy presentations list.
struct GNUNET_RECLAIM_CredentialIterator * cred_it
Credential iterator.
struct GNUNET_SCHEDULER_Task * consume_timeout_op
Timeout task for consume.
char * state
The OIDC state.
char * redirect_prefix
The redirect prefix.
void GNUNET_RECLAIM_get_attributes_stop(struct GNUNET_RECLAIM_AttributeIterator *it)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1398
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
char * redirect_suffix
The redirect suffix.
#define GNUNET_log(kind,...)
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
void * GNUNET_GNS_lookup_cancel(struct GNUNET_GNS_LookupRequest *lr)
Cancel pending lookup request.
Definition: gns_api.c:314
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
char * login_identity
The identity chosen by the user to login.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:972
char * url
The url.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_error()

static void do_error ( void *  cls)
static

Task run on error, sends error message.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 642 of file plugin_rest_openid_connect.c.

References cleanup_handle(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::response_code, and OIDC_Variables::state.

Referenced by authorize_endpoint(), build_authz_response(), consume_timeout(), do_timeout(), login_redirect(), oidc_iteration_error(), and token_endpoint().

643 {
644  struct RequestHandle *handle = cls;
645  struct MHD_Response *resp;
646  char *json_error;
647 
648  GNUNET_asprintf (&json_error,
649  "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
650  handle->emsg,
651  (NULL != handle->edesc) ? handle->edesc : "",
652  (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
653  (NULL != handle->oidc->state) ? handle->oidc->state : "",
654  (NULL != handle->oidc->state) ? "\"" : "");
655  if (0 == handle->response_code)
656  handle->response_code = MHD_HTTP_BAD_REQUEST;
657  resp = GNUNET_REST_create_response (json_error);
658  if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
659  MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
660  MHD_add_response_header (resp,
661  MHD_HTTP_HEADER_CONTENT_TYPE,
662  "application/json");
663  handle->proc (handle->proc_cls, resp, handle->response_code);
664  cleanup_handle (handle);
665  GNUNET_free (json_error);
666 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * emsg
Error response message.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
int response_code
Response code.
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
char * state
The OIDC state.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_userinfo_error()

static void do_userinfo_error ( void *  cls)
static

Task run on error in userinfo endpoint, sends error header.

Cleans up everything

Parameters
clsthe struct RequestHandle

Definition at line 676 of file plugin_rest_openid_connect.c.

References cleanup_handle(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_REST_create_response(), handle, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::response_code.

Referenced by consume_timeout(), and userinfo_endpoint().

677 {
678  struct RequestHandle *handle = cls;
679  struct MHD_Response *resp;
680  char *error;
681 
683  "Error: %s\n", handle->edesc);
684  GNUNET_asprintf (&error,
685  "error=\"%s\", error_description=\"%s\"",
686  handle->emsg,
687  (NULL != handle->edesc) ? handle->edesc : "");
688  resp = GNUNET_REST_create_response ("");
689  MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
690  handle->proc (handle->proc_cls, resp, handle->response_code);
691  cleanup_handle (handle);
692  GNUNET_free (error);
693 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
char * emsg
Error response message.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
int response_code
Response code.
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_log(kind,...)
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_redirect_error()

static void do_redirect_error ( void *  cls)
static

Task run on error, sends error message and redirects.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 702 of file plugin_rest_openid_connect.c.

References cleanup_handle(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, OIDC_Variables::redirect_uri, and OIDC_Variables::state.

Referenced by build_authz_response(), code_redirect(), lookup_redirect_uri_result(), oidc_attr_collect_finished_cb(), and oidc_ticket_issue_cb().

703 {
704  struct RequestHandle *handle = cls;
705  struct MHD_Response *resp;
706  char *redirect;
707 
708  GNUNET_asprintf (&redirect,
709  "%s?error=%s&error_description=%s%s%s",
710  handle->oidc->redirect_uri,
711  handle->emsg,
712  handle->edesc,
713  (NULL != handle->oidc->state) ? "&state=" : "",
714  (NULL != handle->oidc->state) ? handle->oidc->state : "");
715  resp = GNUNET_REST_create_response ("");
716  MHD_add_response_header (resp, "Location", redirect);
717  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
718  cleanup_handle (handle);
719  GNUNET_free (redirect);
720 }
char * redirect_uri
The OIDC redirect uri.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * emsg
Error response message.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
char * state
The OIDC state.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_timeout()

static void do_timeout ( void *  cls)
static

Task run on timeout, sends error message.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 729 of file plugin_rest_openid_connect.c.

References do_error(), handle, and RequestHandle::timeout_task.

Referenced by rest_identity_process_request().

730 {
731  struct RequestHandle *handle = cls;
732 
733  handle->timeout_task = NULL;
734  do_error (handle);
735 }
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void do_error(void *cls)
Task run on error, sends error message.
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ options_cont()

static void options_cont ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Respond to OPTIONS request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 746 of file plugin_rest_openid_connect.c.

References allow_methods, cleanup_handle(), GNUNET_REST_create_response(), handle, RequestHandle::proc, and RequestHandle::proc_cls.

Referenced by rest_identity_process_request().

749 {
750  struct MHD_Response *resp;
751  struct RequestHandle *handle = cls;
752 
753  // For now, independent of path return all options
754  resp = GNUNET_REST_create_response (NULL);
755  MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
756  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
757  cleanup_handle (handle);
758  return;
759 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
static char * allow_methods
HTTP methods allows for this plugin.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cookie_identity_interpretation()

static void cookie_identity_interpretation ( struct RequestHandle handle)
static

Interprets cookie header and pass its identity keystring to handle.

Definition at line 766 of file plugin_rest_openid_connect.c.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NO, GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, GNUNET_REST_RequestHandle::header_param_map, OIDC_Variables::login_identity, RequestHandle::oidc, OIDC_COOKIE_HEADER_ACCESS_DENIED, OIDC_COOKIE_HEADER_INFORMATION_KEY, OIDC_COOKIE_HEADER_KEY, RequestHandle::rest_handle, OIDC_Variables::user_cancelled, and value.

Referenced by authorize_endpoint().

767 {
768  struct GNUNET_HashCode cache_key;
769  char *cookies;
770  struct GNUNET_TIME_Absolute current_time, *relog_time;
771  char delimiter[] = "; ";
772  char *tmp_cookies;
773  char *token;
774  char *value;
775 
776  // gets identity of login try with cookie
778  strlen (OIDC_COOKIE_HEADER_KEY),
779  &cache_key);
782  &cache_key))
783  {
784  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
785  return;
786  }
787  // splits cookies and find 'Identity' cookie
788  tmp_cookies =
790  &cache_key);
791  cookies = GNUNET_strdup (tmp_cookies);
792  token = strtok (cookies, delimiter);
793  handle->oidc->user_cancelled = GNUNET_NO;
794  handle->oidc->login_identity = NULL;
795  if (NULL == token)
796  {
798  "Unable to parse cookie: %s\n",
799  cookies);
800  GNUNET_free (cookies);
801  return;
802  }
803 
804  while (NULL != token)
805  {
806  if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED))
807  {
808  handle->oidc->user_cancelled = GNUNET_YES;
809  GNUNET_free (cookies);
810  return;
811  }
812  if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
813  break;
814  token = strtok (NULL, delimiter);
815  }
816  if (NULL == token)
817  {
819  "No cookie value to process: %s\n",
820  cookies);
821  GNUNET_free (cookies);
822  return;
823  }
824  GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
825  if (GNUNET_NO ==
827  {
828  GNUNET_log (
830  "Found cookie `%s', but no corresponding expiration entry present...\n",
831  token);
832  GNUNET_free (cookies);
833  return;
834  }
835  relog_time =
837  current_time = GNUNET_TIME_absolute_get ();
838  // 30 min after old login -> redirect to login
839  if (current_time.abs_value_us > relog_time->abs_value_us)
840  {
842  "Found cookie `%s', but it is expired.\n",
843  token);
844  GNUNET_free (cookies);
845  return;
846  }
847  value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
848  GNUNET_assert (NULL != value);
849  handle->oidc->login_identity = GNUNET_strdup (value);
850  GNUNET_free (cookies);
851 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define OIDC_COOKIE_HEADER_INFORMATION_KEY
OIDC cookie header information key.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED
OIDC cookie header if user cancelled.
int user_cancelled
User cancelled authorization/login.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
uint64_t abs_value_us
The actual value.
struct OIDC_Variables * oidc
OIDC variables.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * value
Value of the record to add/remove.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
#define GNUNET_log(kind,...)
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC hashmap that keeps track of issued cookies.
#define OIDC_COOKIE_HEADER_KEY
OIDC cookie header key.
#define GNUNET_free(ptr)
Wrapper around free.
char * login_identity
The identity chosen by the user to login.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ login_redirect()

static void login_redirect ( void *  cls)
static

Redirects to login page stored in configuration file.

Definition at line 858 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, cleanup_handle(), OIDC_Variables::client_id, OIDC_Variables::code_challenge, do_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_buffer_reap_str(), GNUNET_buffer_write_fstr(), GNUNET_buffer_write_str(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_free, GNUNET_OK, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_urlencode(), handle, OIDC_Variables::nonce, RequestHandle::oidc, OIDC_CLAIMS_KEY, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, OIDC_STATE_KEY, RequestHandle::proc, RequestHandle::proc_cls, OIDC_Variables::redirect_uri, RequestHandle::response_code, OIDC_Variables::response_type, OIDC_Variables::scope, and OIDC_Variables::state.

Referenced by build_authz_response(), and code_redirect().

859 {
860  char *login_base_url;
861  char *new_redirect;
862  char *tmp;
863  struct MHD_Response *resp;
864  struct GNUNET_Buffer buf = { 0 };
865  struct RequestHandle *handle = cls;
866 
868  "reclaim-rest-plugin",
869  "address",
870  &login_base_url))
871  {
872  GNUNET_buffer_write_str (&buf, login_base_url);
874  "?%s=%s",
876  handle->oidc->response_type);
878  "&%s=%s",
880  handle->oidc->client_id);
882  strlen (handle->oidc->redirect_uri),
883  &tmp);
885  "&%s=%s",
887  tmp);
888  GNUNET_free (tmp);
890  strlen (handle->oidc->scope),
891  &tmp);
893  "&%s=%s",
895  tmp);
896  GNUNET_free (tmp);
897  if (NULL != handle->oidc->state)
898  {
900  strlen (handle->oidc->state),
901  &tmp);
903  "&%s=%s",
905  handle->oidc->state);
906  GNUNET_free (tmp);
907  }
908  if (NULL != handle->oidc->code_challenge)
909  {
911  "&%s=%s",
913  handle->oidc->code_challenge);
914  }
915  if (NULL != handle->oidc->nonce)
916  {
918  "&%s=%s",
920  handle->oidc->nonce);
921  }
922  if (NULL != handle->oidc->claims)
923  {
925  strlen (handle->oidc->claims),
926  &tmp);
928  "&%s=%s",
930  tmp);
931  GNUNET_free (tmp);
932  }
933  new_redirect = GNUNET_buffer_reap_str (&buf);
934  resp = GNUNET_REST_create_response ("");
935  MHD_add_response_header (resp, "Location", new_redirect);
936  GNUNET_free (login_base_url);
937  }
938  else
939  {
941  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
942  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
944  return;
945  }
946  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
947  GNUNET_free (new_redirect);
948  cleanup_handle (handle);
949 }
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
#define OIDC_NONCE_KEY
OIDC nonce key.
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
char * nonce
The OIDC nonce.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
char * GNUNET_buffer_reap_str(struct GNUNET_Buffer *buf)
Clear the buffer and return the string it contained.
Definition: buffer.c:123
#define OIDC_CLAIMS_KEY
OIDC claims key.
void GNUNET_buffer_write_fstr(struct GNUNET_Buffer *buf, const char *fmt,...) __attribute__((format(printf
Write a 0-terminated formatted string to a buffer, excluding the 0-terminator.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
#define OIDC_STATE_KEY
OIDC state key.
The request handle.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static char buf[2048]
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
int response_code
Response code.
char * claims
The OIDC claims.
size_t GNUNET_STRINGS_urlencode(const char *data, size_t len, char **out)
url/percent encode (RFC3986).
Definition: strings.c:2147
char * state
The OIDC state.
static void do_error(void *cls)
Task run on error, sends error message.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
Common buffer management functions.
void GNUNET_buffer_write_str(struct GNUNET_Buffer *buf, const char *str)
Write a 0-terminated string to a buffer, excluding the 0-terminator.
Definition: buffer.c:103
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_iteration_error()

static void oidc_iteration_error ( void *  cls)
static

Does internal server error when iteration failed.

Definition at line 956 of file plugin_rest_openid_connect.c.

References do_error(), RequestHandle::emsg, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, OIDC_ERROR_KEY_SERVER_ERROR, and RequestHandle::response_code.

Referenced by code_redirect(), and oidc_attr_collect_finished_cb().

957 {
958  struct RequestHandle *handle = cls;
959 
961  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
963 }
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
The request handle.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
static void do_error(void *cls)
Task run on error, sends error message.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_ticket_issue_cb()

static void oidc_ticket_issue_cb ( void *  cls,
const struct GNUNET_RECLAIM_Ticket ticket,
const struct GNUNET_RECLAIM_PresentationList pres 
)
static

Issues ticket and redirects to relying party with the authorization code as parameter.

Otherwise redirects with error

Definition at line 971 of file plugin_rest_openid_connect.c.

References RequestHandle::attr_idtoken_list, cleanup_handle(), OIDC_Variables::code_challenge, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_data_to_string_alloc(), handle, RequestHandle::idp_op, OIDC_Variables::nonce, RequestHandle::oidc, OIDC_build_authz_code(), OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::priv_key, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, OIDC_Variables::state, ticket, RequestHandle::ticket, and RequestHandle::tld.

Referenced by oidc_cred_collect_finished_cb().

974 {
975  struct RequestHandle *handle = cls;
976  struct MHD_Response *resp;
977  char *ticket_str;
978  char *redirect_uri;
979  char *code_string;
980 
981  handle->idp_op = NULL;
982  if (NULL == ticket)
983  {
985  handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
987  return;
988  }
989  handle->ticket = *ticket;
990  ticket_str =
992  sizeof(struct GNUNET_RECLAIM_Ticket));
993  code_string = OIDC_build_authz_code (&handle->priv_key,
994  &handle->ticket,
995  handle->attr_idtoken_list,
996  pres,
997  handle->oidc->nonce,
998  handle->oidc->code_challenge);
999  if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
1000  (NULL != handle->tld))
1001  {
1002  GNUNET_asprintf (&redirect_uri,
1003  "%s.%s/%s%s%s=%s&state=%s",
1004  handle->redirect_prefix,
1005  handle->tld,
1006  handle->redirect_suffix,
1007  (NULL == strchr (handle->redirect_suffix, '?') ? "?" :
1008  "&"),
1009  handle->oidc->response_type,
1010  code_string,
1011  handle->oidc->state);
1012  }
1013  else
1014  {
1015  GNUNET_asprintf (&redirect_uri,
1016  "%s%s%s=%s&state=%s",
1017  handle->oidc->redirect_uri,
1018  (NULL == strchr (handle->oidc->redirect_uri, '?') ? "?" :
1019  "&"),
1020  handle->oidc->response_type,
1021  code_string,
1022  handle->oidc->state);
1023  }
1024  resp = GNUNET_REST_create_response ("");
1025  MHD_add_response_header (resp, "Location", redirect_uri);
1026  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1027  cleanup_handle (handle);
1028  GNUNET_free (redirect_uri);
1029  GNUNET_free (ticket_str);
1030  GNUNET_free (code_string);
1031 }
char * redirect_uri
The OIDC redirect uri.
The authorization ticket.
char * nonce
The OIDC nonce.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * response_type
The OIDC response type.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
char * tld
The tld for redirect.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
char * OIDC_build_authz_code(const struct GNUNET_IDENTITY_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
Definition: oidc_helper.c:489
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
char * state
The OIDC state.
char * redirect_prefix
The redirect prefix.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
char * redirect_suffix
The redirect suffix.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_IDENTITY_PrivateKey priv_key
Pointer to ego private key.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:937
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attribute_list_merge()

static struct GNUNET_RECLAIM_AttributeList* attribute_list_merge ( struct GNUNET_RECLAIM_AttributeList list_a,
struct GNUNET_RECLAIM_AttributeList list_b 
)
static

Attribute already in list

Attribute already in list

Definition at line 1035 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_AttributeListEntry::attribute, credential, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_YES, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, and GNUNET_RECLAIM_Attribute::type.

Referenced by oidc_cred_collect_finished_cb().

1037 {
1038  struct GNUNET_RECLAIM_AttributeList *merged_list;
1039  struct GNUNET_RECLAIM_AttributeListEntry *le_a;
1040  struct GNUNET_RECLAIM_AttributeListEntry *le_b;
1041  struct GNUNET_RECLAIM_AttributeListEntry *le_m;
1042 
1043  merged_list = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
1044  for (le_a = list_a->list_head; NULL != le_a; le_a = le_a->next)
1045  {
1048  &le_a->attribute->
1049  credential,
1050  le_a->attribute->type,
1051  le_a->attribute->data,
1052  le_a->attribute->data_size);
1053  le_m->attribute->id = le_a->attribute->id;
1054  le_m->attribute->flag = le_a->attribute->flag;
1055  le_m->attribute->credential = le_a->attribute->credential;
1056  GNUNET_CONTAINER_DLL_insert (merged_list->list_head,
1057  merged_list->list_tail,
1058  le_m);
1059  }
1060  le_m = NULL;
1061  for (le_b = list_b->list_head; NULL != le_b; le_b = le_b->next)
1062  {
1063  for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next)
1064  {
1066  &le_b->attribute->id))
1067  break;
1068  }
1069  if (NULL != le_m)
1070  continue;
1073  &le_b->attribute->
1074  credential,
1075  le_b->attribute->type,
1076  le_b->attribute->data,
1077  le_b->attribute->data_size);
1078  le_m->attribute->id = le_b->attribute->id;
1079  le_m->attribute->flag = le_b->attribute->flag;
1080  le_m->attribute->credential = le_b->attribute->credential;
1081  GNUNET_CONTAINER_DLL_insert (merged_list->list_head,
1082  merged_list->list_tail,
1083  le_m);
1084  }
1085  return merged_list;
1086 }
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *credential, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
const char * name
The name of the attribute.
A list of GNUNET_RECLAIM_Attribute structures.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
struct GNUNET_RECLAIM_Identifier id
ID.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
static struct GNUNET_RECLAIM_Identifier credential
Credential ID.
#define GNUNET_RECLAIM_id_is_equal(a, b)
const void * data
Binary value stored as attribute value.
uint32_t type
Type of Claim.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_cred_collect_finished_cb()

static void oidc_cred_collect_finished_cb ( void *  cls)
static

Definition at line 1090 of file plugin_rest_openid_connect.c.

References RequestHandle::attr_idtoken_list, RequestHandle::attr_userinfo_list, GNUNET_RECLAIM_AttributeListEntry::attribute, attribute_list_merge(), OIDC_Variables::client_pkey, RequestHandle::cred_it, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_ticket_issue(), handle, RequestHandle::idp_op, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, RequestHandle::oidc, oidc_ticket_issue_cb(), and RequestHandle::priv_key.

Referenced by oidc_attr_collect_finished_cb().

1091 {
1092  struct RequestHandle *handle = cls;
1093  struct GNUNET_RECLAIM_AttributeList *merged_list;
1094  struct GNUNET_RECLAIM_AttributeListEntry *le_m;
1095 
1096  handle->cred_it = NULL;
1097  merged_list = attribute_list_merge (handle->attr_idtoken_list,
1098  handle->attr_userinfo_list);
1099  for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next)
1101  "List Attibute in ticket to issue: %s\n",
1102  le_m->attribute->name);
1104  &handle->priv_key,
1105  &handle->oidc->client_pkey,
1106  merged_list,
1108  handle);
1110 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
static struct GNUNET_RECLAIM_AttributeList * attribute_list_merge(struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b)
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
const char * name
The name of the attribute.
A list of GNUNET_RECLAIM_Attribute structures.
struct OIDC_Variables * oidc
OIDC variables.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
static void oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_PresentationList *pres)
Issues ticket and redirects to relying party with the authorization code as parameter.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
struct GNUNET_RECLAIM_CredentialIterator * cred_it
Credential iterator.
struct GNUNET_IDENTITY_PublicKey client_pkey
The RP client public key.
#define GNUNET_log(kind,...)
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_IDENTITY_PrivateKey priv_key
Pointer to ego private key.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_issue(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *iss, const struct GNUNET_IDENTITY_PublicKey *rp, const struct GNUNET_RECLAIM_AttributeList *attrs, GNUNET_RECLAIM_IssueTicketCallback cb, void *cb_cls)
Issues a ticket to a relying party.
Definition: reclaim_api.c:1542
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_cred_collect()

static void oidc_cred_collect ( void *  cls,
const struct GNUNET_IDENTITY_PublicKey identity,
const struct GNUNET_RECLAIM_Credential cred 
)
static

Collects all attributes for an ego if in scope parameter.

Credential already in list

Credential matches for attribute, add

Definition at line 1117 of file plugin_rest_openid_connect.c.

References RequestHandle::attr_idtoken_list, GNUNET_RECLAIM_AttributeListEntry::attribute, RequestHandle::cred_it, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_CredentialListEntry::credential, RequestHandle::credentials, GNUNET_RECLAIM_Credential::data, GNUNET_RECLAIM_Credential::data_size, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_NO, GNUNET_RECLAIM_credential_new(), GNUNET_RECLAIM_get_credentials_next(), GNUNET_RECLAIM_id_is_equal, handle, GNUNET_RECLAIM_Credential::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_CredentialList::list_head, GNUNET_RECLAIM_CredentialList::list_tail, GNUNET_RECLAIM_Credential::name, GNUNET_RECLAIM_AttributeListEntry::next, GNUNET_RECLAIM_CredentialListEntry::next, and GNUNET_RECLAIM_Credential::type.

Referenced by oidc_attr_collect_finished_cb().

1120 {
1121  struct RequestHandle *handle = cls;
1124 
1125  for (ale = handle->credentials->list_head; NULL != ale; ale = ale->next)
1126  {
1128  &cred->id))
1129  continue;
1132  return;
1133  }
1134 
1135  for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next)
1136  {
1138  &cred->id))
1139  continue;
1143  cred->type,
1144  cred->data,
1145  cred->data_size);
1147  handle->credentials->list_tail,
1148  ale);
1149  }
1151 }
void GNUNET_RECLAIM_get_credentials_next(struct GNUNET_RECLAIM_CredentialIterator *ait)
Calls the record processor specified in GNUNET_RECLAIM_get_credentials_start for the next record...
Definition: reclaim_api.c:1487
struct GNUNET_RECLAIM_Identifier id
ID.
uint32_t type
Type/Format of Claim.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_RECLAIM_Credential * credential
The credential.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_CredentialListEntry * list_tail
List tail.
struct GNUNET_RECLAIM_CredentialListEntry * next
DLL.
const void * data
Binary value stored as credential value.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_CredentialList * credentials
Credentials.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_CredentialListEntry * list_head
List head.
const char * name
The name of the credential.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
struct GNUNET_RECLAIM_CredentialIterator * cred_it
Credential iterator.
#define GNUNET_RECLAIM_id_is_equal(a, b)
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_RECLAIM_Credential * GNUNET_RECLAIM_credential_new(const char *name, uint32_t type, const void *data, size_t data_size)
Create a new credential.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attr_collect_finished_cb()

static void oidc_attr_collect_finished_cb ( void *  cls)
static

Definition at line 1155 of file plugin_rest_openid_connect.c.

References RequestHandle::attr_idtoken_list, RequestHandle::attr_it, RequestHandle::cred_it, RequestHandle::credentials, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_new, GNUNET_RECLAIM_get_credentials_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, GNUNET_RECLAIM_AttributeList::list_head, oidc_cred_collect(), oidc_cred_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_SCOPE, oidc_iteration_error(), RequestHandle::priv_key, and RequestHandle::ticket_it.

Referenced by code_redirect().

1156 {
1157  struct RequestHandle *handle = cls;
1158 
1159  handle->attr_it = NULL;
1160  handle->ticket_it = NULL;
1161  if (NULL == handle->attr_idtoken_list->list_head)
1162  {
1164  handle->edesc = GNUNET_strdup ("The requested scope is not available.");
1166  return;
1167  }
1169  handle->cred_it =
1171  &handle->priv_key,
1173  handle,
1175  handle,
1177  handle);
1178 
1179 }
static void oidc_cred_collect_finished_cb(void *cls)
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
struct GNUNET_RECLAIM_CredentialIterator * GNUNET_RECLAIM_get_credentials_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_CredentialResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all credentials for a local identity.
Definition: reclaim_api.c:1440
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
The request handle.
struct GNUNET_RECLAIM_CredentialList * credentials
Credentials.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_RECLAIM_CredentialIterator * cred_it
Credential iterator.
static void oidc_cred_collect(void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Credential *cred)
Collects all attributes for an ego if in scope parameter.
A list of GNUNET_RECLAIM_Credential structures.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_IDENTITY_PrivateKey priv_key
Pointer to ego private key.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attr_in_claims_request()

static int attr_in_claims_request ( struct RequestHandle handle,
const char *  attr_name,
const char *  claims_parameter 
)
static

Check if attribute is requested through a scope

Try claims parameter if not in scope

Definition at line 1183 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, GNUNET_NO, GNUNET_YES, Plugin::key, RequestHandle::oidc, OIDC_check_scopes_for_claim_request(), ret, OIDC_Variables::scope, and value.

Referenced by attr_in_idtoken_request(), and attr_in_userinfo_request().

1186 {
1187  int ret = GNUNET_NO;
1188  json_t *root;
1189  json_error_t error;
1190  json_t *claims_j;
1191  const char *key;
1192  json_t *value;
1193 
1196  attr_name))
1197  return GNUNET_YES;
1198 
1200  if (NULL != handle->oidc->claims)
1201  {
1202  root = json_loads (handle->oidc->claims, JSON_DECODE_ANY, &error);
1203  claims_j = json_object_get (root, claims_parameter);
1204  /* obj is a JSON object */
1205  if (NULL != claims_j)
1206  {
1207  json_object_foreach (claims_j, key, value) {
1208  if (0 != strcmp (attr_name, key))
1209  continue;
1210  ret = GNUNET_YES;
1211  break;
1212  }
1213  }
1214  json_decref (root);
1215  }
1216  return ret;
1217 }
char * scope
The list of oidc scopes.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
struct OIDC_Variables * oidc
OIDC variables.
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request(const char *scopes, const char *attr)
Checks if a claim is implicitly requested through standard scope(s) or explicitly through non-standar...
Definition: oidc_helper.c:860
static char * value
Value of the record to add/remove.
static char * attr_name
The attribute.
char * claims
The OIDC claims.
struct GNUNET_HashCode key
The key used in the DHT.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attr_in_idtoken_request()

static int attr_in_idtoken_request ( struct RequestHandle handle,
const char *  attr_name 
)
static

Definition at line 1221 of file plugin_rest_openid_connect.c.

References attr_in_claims_request().

Referenced by oidc_attr_collect().

1223 {
1224  return attr_in_claims_request (handle, attr_name, "id_token");
1225 }
static char * attr_name
The attribute.
static int attr_in_claims_request(struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attr_in_userinfo_request()

static int attr_in_userinfo_request ( struct RequestHandle handle,
const char *  attr_name 
)
static

Definition at line 1229 of file plugin_rest_openid_connect.c.

References attr_in_claims_request().

Referenced by oidc_attr_collect().

1231 {
1232  return attr_in_claims_request (handle, attr_name, "userinfo");
1233 }
static char * attr_name
The attribute.
static int attr_in_claims_request(struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attr_collect()

static void oidc_attr_collect ( void *  cls,
const struct GNUNET_IDENTITY_PublicKey identity,
const struct GNUNET_RECLAIM_Attribute attr 
)
static

Collects all attributes for an ego if in scope parameter.

Definition at line 1240 of file plugin_rest_openid_connect.c.

References RequestHandle::attr_idtoken_list, attr_in_idtoken_request(), attr_in_userinfo_request(), RequestHandle::attr_it, RequestHandle::attr_userinfo_list, GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_get_attributes_next(), GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, and GNUNET_RECLAIM_Attribute::type.

Referenced by code_redirect().

1243 {
1244  struct RequestHandle *handle = cls;
1246  if (GNUNET_YES == attr_in_idtoken_request (handle, attr->name))
1247  {
1250  &attr->credential,
1251  attr->type,
1252  attr->data,
1253  attr->data_size);
1254  le->attribute->id = attr->id;
1255  le->attribute->flag = attr->flag;
1256  le->attribute->credential = attr->credential;
1258  handle->attr_idtoken_list->list_tail,
1259  le);
1260  }
1261  if (GNUNET_YES == attr_in_userinfo_request (handle, attr->name))
1262  {
1265  &attr->credential,
1266  attr->type,
1267  attr->data,
1268  attr->data_size);
1269  le->attribute->id = attr->id;
1270  le->attribute->flag = attr->flag;
1271  le->attribute->credential = attr->credential;
1273  handle->attr_userinfo_list->list_tail,
1274  le);
1275  }
1276 
1278 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *credential, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
const char * name
The name of the attribute.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void GNUNET_RECLAIM_get_attributes_next(struct GNUNET_RECLAIM_AttributeIterator *it)
Calls the record processor specified in GNUNET_RECLAIM_get_attributes_start for the next record...
Definition: reclaim_api.c:1377
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
static int attr_in_userinfo_request(struct RequestHandle *handle, const char *attr_name)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_Identifier id
ID.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
const void * data
Binary value stored as attribute value.
static int attr_in_idtoken_request(struct RequestHandle *handle, const char *attr_name)
uint32_t type
Type of Claim.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ code_redirect()

static void code_redirect ( void *  cls)
static

Checks time and cookie and redirects accordingly.

Definition at line 1285 of file plugin_rest_openid_connect.c.

References GNUNET_TIME_Absolute::abs_value_us, RequestHandle::attr_idtoken_list, RequestHandle::attr_it, RequestHandle::attr_userinfo_list, do_redirect_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::ego_entry, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_IDENTITY_public_key_from_string(), GNUNET_memcmp, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_get_attributes_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, OIDC_Variables::login_identity, login_redirect(), EgoEntry::next, RequestHandle::oidc, oidc_attr_collect(), oidc_attr_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_COOKIE, oidc_iteration_error(), and RequestHandle::priv_key.

Referenced by build_redirect().

1286 {
1287  struct RequestHandle *handle = cls;
1288  struct GNUNET_TIME_Absolute current_time;
1289  struct GNUNET_TIME_Absolute *relog_time;
1291  struct GNUNET_IDENTITY_PublicKey ego_pkey;
1292  struct GNUNET_HashCode cache_key;
1293  char *identity_cookie;
1294 
1295  GNUNET_asprintf (&identity_cookie,
1296  "Identity=%s",
1297  handle->oidc->login_identity);
1298  GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
1299  GNUNET_free (identity_cookie);
1300  // No login time for identity -> redirect to login
1301  if (GNUNET_YES ==
1303  {
1304  relog_time =
1306  current_time = GNUNET_TIME_absolute_get ();
1307  // 30 min after old login -> redirect to login
1308  if (current_time.abs_value_us <= relog_time->abs_value_us)
1309  {
1310  if (GNUNET_OK !=
1312  ->login_identity,
1313  &pubkey))
1314  {
1316  handle->edesc =
1317  GNUNET_strdup ("The cookie of a login identity is not valid");
1319  return;
1320  }
1321  // iterate over egos and compare their public key
1322  for (handle->ego_entry = ego_head; NULL != handle->ego_entry;
1323  handle->ego_entry = handle->ego_entry->next)
1324  {
1325  GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
1326  if (0 == GNUNET_memcmp (&ego_pkey, &pubkey))
1327  {
1328  handle->priv_key =
1330  handle->attr_idtoken_list =
1332  handle->attr_userinfo_list =
1334  handle->attr_it =
1336  &handle->priv_key,
1338  handle,
1340  handle,
1342  handle);
1343  return;
1344  }
1345  }
1347  return;
1348  }
1349  }
1350 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
A list of GNUNET_RECLAIM_Attribute structures.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_IDENTITY_PublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:652
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
uint64_t abs_value_us
The actual value.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
struct GNUNET_RECLAIM_AttributeIterator * GNUNET_RECLAIM_get_attributes_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttributeResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attributes for a local identity.
Definition: reclaim_api.c:1331
#define OIDC_ERROR_KEY_INVALID_COOKIE
OIDC error key for invalid cookies.
static struct GNUNET_IDENTITY_PublicKey pubkey
Public key of the zone to look in.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_public_key_from_string(const char *str, struct GNUNET_IDENTITY_PublicKey *key)
Parses a (Base32) string representation of the public key.
static void oidc_attr_collect(void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
Collects all attributes for an ego if in scope parameter.
static struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
An identity key as per LSD0001.
const struct GNUNET_IDENTITY_PrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:639
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_IDENTITY_PrivateKey priv_key
Pointer to ego private key.
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC hashmap that keeps track of issued cookies.
struct EgoEntry * ego_entry
IDENTITY Operation.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct EgoEntry * next
DLL.
static struct EgoEntry * ego_head
Ego list.
#define GNUNET_free(ptr)
Wrapper around free.
static void oidc_attr_collect_finished_cb(void *cls)
char * login_identity
The identity chosen by the user to login.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ build_redirect()

static void build_redirect ( void *  cls)
static

Definition at line 1354 of file plugin_rest_openid_connect.c.

References cleanup_handle(), code_redirect(), GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_YES, handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::state, RequestHandle::tld, and OIDC_Variables::user_cancelled.

Referenced by lookup_redirect_uri_result().

1355 {
1356  struct RequestHandle *handle = cls;
1357  struct MHD_Response *resp;
1358  char *redirect_uri;
1359 
1360  if (GNUNET_YES == handle->oidc->user_cancelled)
1361  {
1362  if ((NULL != handle->redirect_prefix) &&
1363  (NULL != handle->redirect_suffix) && (NULL != handle->tld))
1364  {
1365  GNUNET_asprintf (&redirect_uri,
1366  "%s.%s/%s?error=%s&error_description=%s&state=%s",
1367  handle->redirect_prefix,
1368  handle->tld,
1369  handle->redirect_suffix,
1370  "access_denied",
1371  "User denied access",
1372  handle->oidc->state);
1373  }
1374  else
1375  {
1376  GNUNET_asprintf (&redirect_uri,
1377  "%s?error=%s&error_description=%s&state=%s",
1378  handle->oidc->redirect_uri,
1379  "access_denied",
1380  "User denied access",
1381  handle->oidc->state);
1382  }
1383  resp = GNUNET_REST_create_response ("");
1384  MHD_add_response_header (resp, "Location", redirect_uri);
1385  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1386  cleanup_handle (handle);
1387  GNUNET_free (redirect_uri);
1388  return;
1389  }
1391 }
char * redirect_uri
The OIDC redirect uri.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
int user_cancelled
User cancelled authorization/login.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
char * tld
The tld for redirect.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
static void code_redirect(void *cls)
Checks time and cookie and redirects accordingly.
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
char * state
The OIDC state.
char * redirect_prefix
The redirect prefix.
char * redirect_suffix
The redirect suffix.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ lookup_redirect_uri_result()

static void lookup_redirect_uri_result ( void *  cls,
uint32_t  rd_count,
const struct GNUNET_GNSRECORD_Data rd 
)
static

Definition at line 1395 of file plugin_rest_openid_connect.c.

References build_redirect(), OIDC_Variables::client_id, data, data_size, GNUNET_GNSRECORD_Data::data_size, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, RequestHandle::gns_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_log, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_strndup, handle, RequestHandle::oidc, OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, and OIDC_Variables::redirect_uri.

Referenced by client_redirect().

1398 {
1399  struct RequestHandle *handle = cls;
1400  char *tmp;
1401  char *tmp_key_str;
1402  char *pos;
1403  struct GNUNET_IDENTITY_PublicKey redirect_zone;
1404 
1405  handle->gns_op = NULL;
1406  if (0 == rd_count)
1407  {
1409  handle->edesc =
1410  GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1412  return;
1413  }
1414  for (int i = 0; i < rd_count; i++)
1415  {
1416  if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
1417  continue;
1418  if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size))
1419  continue;
1420  tmp = GNUNET_strndup (rd[i].data, rd[i].data_size);
1421  if (NULL == strstr (tmp, handle->oidc->client_id))
1422  {
1424  "Redirect uri %s does not contain client_id %s\n",
1425  tmp,
1426  handle->oidc->client_id);
1427  }
1428  else
1429  {
1430  pos = strrchr (tmp, (unsigned char) '.');
1431  if (NULL == pos)
1432  {
1434  "Redirect uri %s contains client_id but is malformed\n",
1435  tmp);
1436  GNUNET_free (tmp);
1437  continue;
1438  }
1439  *pos = '\0';
1440  handle->redirect_prefix = GNUNET_strdup (tmp);
1441  tmp_key_str = pos + 1;
1442  pos = strchr (tmp_key_str, (unsigned char) '/');
1443  if (NULL == pos)
1444  {
1446  "Redirect uri %s contains client_id but is malformed\n",
1447  tmp);
1448  GNUNET_free (tmp);
1449  continue;
1450  }
1451  *pos = '\0';
1452  handle->redirect_suffix = GNUNET_strdup (pos + 1);
1453 
1454  GNUNET_STRINGS_string_to_data (tmp_key_str,
1455  strlen (tmp_key_str),
1456  &redirect_zone,
1457  sizeof(redirect_zone));
1458  }
1460  GNUNET_free (tmp);
1461  return;
1462  }
1464  handle->edesc =
1465  GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1467 }
static void build_redirect(void *cls)
char * redirect_uri
The OIDC redirect uri.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
static size_t data_size
Number of bytes in data.
Definition: gnunet-abd.c:187
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
size_t data_size
Number of bytes in data.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
char * redirect_prefix
The redirect prefix.
An identity key as per LSD0001.
char * redirect_suffix
The redirect suffix.
#define GNUNET_log(kind,...)
uint32_t data
The data value.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:972
#define GNUNET_free(ptr)
Wrapper around free.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ client_redirect()

static void client_redirect ( void *  cls)
static

Initiate redirect back to client.

Definition at line 1474 of file plugin_rest_openid_connect.c.

References OIDC_Variables::client_pkey, RequestHandle::gns_op, GNUNET_GNS_EMPTY_LABEL_AT, GNUNET_GNS_LO_DEFAULT, GNUNET_GNS_lookup(), GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, handle, lookup_redirect_uri_result(), and RequestHandle::oidc.

Referenced by build_authz_response().

1475 {
1476  struct RequestHandle *handle = cls;
1477 
1478  /* Lookup client redirect uri to verify request */
1479  handle->gns_op =
1482  &handle->oidc->client_pkey,
1486  handle);
1487 }
static struct GNUNET_GNS_Handle * gns_handle
GNS handle.
struct GNUNET_GNS_LookupRequest * GNUNET_GNS_lookup(struct GNUNET_GNS_Handle *handle, const char *name, const struct GNUNET_IDENTITY_PublicKey *zone, uint32_t type, enum GNUNET_GNS_LocalOptions options, GNUNET_GNS_LookupResultProcessor proc, void *proc_cls)
Perform an asynchronous lookup operation on the GNS.
Definition: gns_api.c:412
#define GNUNET_GNS_EMPTY_LABEL_AT
String we use to indicate an empty label (top-level entry in the zone).
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
static void lookup_redirect_uri_result(void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
struct GNUNET_IDENTITY_PublicKey client_pkey
The RP client public key.
Defaults, look in cache, then in DHT.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_url_parameter_copy()

static char* get_url_parameter_copy ( const struct RequestHandle handle,
const char *  key 
)
static

Definition at line 1491 of file plugin_rest_openid_connect.c.

References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_STRINGS_urldecode(), GNUNET_YES, res, RequestHandle::rest_handle, GNUNET_REST_RequestHandle::url_param_map, and value.

Referenced by authorize_endpoint(), build_authz_response(), check_authorization(), and token_endpoint().

1492 {
1493  struct GNUNET_HashCode hc;
1494  char *value;
1495  char *res;
1496 
1497  GNUNET_CRYPTO_hash (key, strlen (key), &hc);
1499  ->url_param_map,
1500  &hc))
1501  return NULL;
1502  value =
1504  if (NULL == value)
1505  return NULL;
1506  GNUNET_STRINGS_urldecode (value, strlen (value), &res);
1507  return res;
1508 }
size_t GNUNET_STRINGS_urldecode(const char *data, size_t len, char **out)
url/percent encode (RFC3986).
Definition: strings.c:2103
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * value
Value of the record to add/remove.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
static int res
struct GNUNET_HashCode key
The key used in the DHT.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ build_authz_response()

static void build_authz_response ( void *  cls)
static

Iteration over all results finished, build final response.

Parameters
clsthe struct RequestHandle

Definition at line 1518 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, client_redirect(), do_error(), do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_YES, handle, iterator(), OIDC_Variables::login_identity, login_redirect(), OIDC_Variables::nonce, RequestHandle::oidc, OIDC_CLAIMS_KEY, OIDC_ERROR_KEY_ACCESS_DENIED, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_SCOPE, OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_SCOPE, OIDC_ignored_parameter_array, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, RequestHandle::rest_handle, OIDC_Variables::scope, GNUNET_REST_RequestHandle::url_param_map, and OIDC_Variables::user_cancelled.

Referenced by authorize_endpoint().

1519 {
1520  struct RequestHandle *handle = cls;
1521  struct GNUNET_HashCode cache_key;
1522 
1523  char *expected_scope;
1524  char delimiter[] = " ";
1525  int number_of_ignored_parameter, iterator;
1526 
1527 
1528  // REQUIRED value: redirect_uri
1529  handle->oidc->redirect_uri =
1531  if (NULL == handle->oidc->redirect_uri)
1532  {
1534  handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1536  return;
1537  }
1538 
1539  // REQUIRED value: response_type
1540  handle->oidc->response_type =
1542  if (NULL == handle->oidc->response_type)
1543  {
1545  handle->edesc = GNUNET_strdup ("missing parameter response_type");
1547  return;
1548  }
1549 
1550  // REQUIRED value: scope
1551  handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1552  if (NULL == handle->oidc->scope)
1553  {
1555  handle->edesc = GNUNET_strdup ("missing parameter scope");
1557  return;
1558  }
1559 
1560  // OPTIONAL value: nonce
1561  handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY);
1562 
1563  // OPTIONAL value: claims
1564  handle->oidc->claims = get_url_parameter_copy (handle, OIDC_CLAIMS_KEY);
1565 
1566  // TODO check other values if needed
1567  number_of_ignored_parameter =
1568  sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
1569  for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
1570  {
1572  strlen (OIDC_ignored_parameter_array[iterator]),
1573  &cache_key);
1574  if (GNUNET_YES ==
1576  ->url_param_map,
1577  &cache_key))
1578  {
1580  GNUNET_asprintf (&handle->edesc,
1581  "Server will not handle parameter: %s",
1582  OIDC_ignored_parameter_array[iterator]);
1584  return;
1585  }
1586  }
1587 
1588  // We only support authorization code flows.
1589  if (0 != strcmp (handle->oidc->response_type,
1591  {
1593  handle->edesc = GNUNET_strdup ("The authorization server does not support "
1594  "obtaining this authorization code.");
1596  return;
1597  }
1598 
1599  // Checks if scope contains 'openid'
1600  expected_scope = GNUNET_strdup (handle->oidc->scope);
1601  char *test;
1602  test = strtok (expected_scope, delimiter);
1603  while (NULL != test)
1604  {
1605  if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
1606  break;
1607  test = strtok (NULL, delimiter);
1608  }
1609  if (NULL == test)
1610  {
1612  handle->edesc =
1613  GNUNET_strdup ("The requested scope is invalid, unknown, or malformed.");
1615  GNUNET_free (expected_scope);
1616  return;
1617  }
1618 
1619  GNUNET_free (expected_scope);
1620  if ((NULL == handle->oidc->login_identity) &&
1621  (GNUNET_NO == handle->oidc->user_cancelled))
1623  else
1625 }
static int iterator(void *cls, const struct GNUNET_PeerIdentity *key, void *value)
Iterator over hash map entries.
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
#define OIDC_NONCE_KEY
OIDC nonce key.
char * nonce
The OIDC nonce.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE
OIDC expected response_type while authorizing.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
#define OIDC_CLAIMS_KEY
OIDC claims key.
int user_cancelled
User cancelled authorization/login.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
char * emsg
Error response message.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE
OIDC error key for unsupported response types.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
char * claims
The OIDC claims.
#define OIDC_ERROR_KEY_ACCESS_DENIED
OIDC error key for denied access.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE
OIDC expected scope part while authorizing.
static char * OIDC_ignored_parameter_array[]
OIDC ignored parameter array.
static void client_redirect(void *cls)
Initiate redirect back to client.
static void do_error(void *cls)
Task run on error, sends error message.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define GNUNET_free(ptr)
Wrapper around free.
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
char * login_identity
The identity chosen by the user to login.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ tld_iter()

static void tld_iter ( void *  cls,
const char *  section,
const char *  option,
const char *  value 
)
static

Iterate over tlds in config.

Definition at line 1632 of file plugin_rest_openid_connect.c.

References OIDC_Variables::client_pkey, GNUNET_ERROR_TYPE_DEBUG, GNUNET_IDENTITY_public_key_from_string(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_strdup, handle, RequestHandle::oidc, and RequestHandle::tld.

Referenced by authorize_endpoint().

1633 {
1634  struct RequestHandle *handle = cls;
1636 
1637  if (GNUNET_OK !=
1639  {
1640  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
1641  return;
1642  }
1643  if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1644  handle->tld = GNUNET_strdup (option + 1);
1645 }
static char * pkey
Public key of the zone to look in, in ASCII.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
static char * value
Value of the record to add/remove.
char * tld
The tld for redirect.
static char * option
Name of the option.
Definition: gnunet-config.c:38
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_public_key_from_string(const char *str, struct GNUNET_IDENTITY_PublicKey *key)
Parses a (Base32) string representation of the public key.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
An identity key as per LSD0001.
struct GNUNET_IDENTITY_PublicKey client_pkey
The RP client public key.
#define GNUNET_log(kind,...)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ authorize_endpoint()

static void authorize_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to authorization GET and url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1656 of file plugin_rest_openid_connect.c.

References build_authz_response(), OIDC_Variables::client_id, OIDC_Variables::client_pkey, OIDC_Variables::code_challenge, cookie_identity_interpretation(), do_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::ego_entry, ego_tail, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_CONFIGURATION_iterate_section_values(), GNUNET_ERROR_TYPE_WARNING, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_IDENTITY_key_get_public(), GNUNET_IDENTITY_public_key_from_string(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, EgoEntry::identifier, EgoEntry::next, RequestHandle::oidc, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT, OIDC_STATE_KEY, RequestHandle::response_code, OIDC_Variables::state, RequestHandle::tld, and tld_iter().

Referenced by rest_identity_process_request().

1659 {
1660  struct RequestHandle *handle = cls;
1661  struct EgoEntry *tmp_ego;
1662  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
1664 
1666 
1667  // RECOMMENDED value: state - REQUIRED for answers
1668  handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY);
1669 
1670  // REQUIRED value: client_id
1672  if (NULL == handle->oidc->client_id)
1673  {
1675  handle->edesc = GNUNET_strdup ("missing parameter client_id");
1676  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1678  return;
1679  }
1680 
1681  // OPTIONAL value: code_challenge
1682  handle->oidc->code_challenge = get_url_parameter_copy (handle,
1684  if (NULL == handle->oidc->code_challenge)
1685  {
1687  "OAuth authorization request does not contain PKCE parameters!\n");
1688  }
1689 
1690  if (GNUNET_OK !=
1692  &handle->oidc->client_pkey))
1693  {
1695  handle->edesc = GNUNET_strdup ("The client is not authorized to request an "
1696  "authorization code using this method.");
1697  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1699  return;
1700  }
1701 
1702  // If we know this identity, translated the corresponding TLD
1703  // TODO: We might want to have a reverse lookup functionality for TLDs?
1704  for (tmp_ego = ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
1705  {
1706  priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
1707  GNUNET_IDENTITY_key_get_public (priv_key, &pkey);
1708  if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1709  {
1710  handle->tld = GNUNET_strdup (tmp_ego->identifier);
1711  handle->ego_entry = ego_tail;
1712  }
1713  }
1714  if (NULL == handle->tld)
1716  if (NULL == handle->tld)
1717  handle->tld = GNUNET_strdup (handle->oidc->client_id);
1719 }
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
static char * pkey
Public key of the zone to look in, in ASCII.
void GNUNET_CONFIGURATION_iterate_section_values(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, GNUNET_CONFIGURATION_Iterator iter, void *iter_cls)
Iterate over values of a section in the configuration.
static void cookie_identity_interpretation(struct RequestHandle *handle)
Interprets cookie header and pass its identity keystring to handle.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT
OIDC error key for unauthorized clients.
A private key for an identity as per LSD0001.
static void tld_iter(void *cls, const char *section, const char *option, const char *value)
Iterate over tlds in config.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
#define OIDC_STATE_KEY
OIDC state key.
static struct EgoEntry * ego_tail
Ego list.
The request handle.
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
char * tld
The tld for redirect.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_key_get_public(const struct GNUNET_IDENTITY_PrivateKey *privkey, struct GNUNET_IDENTITY_PublicKey *key)
Retrieves the public key representation of a private key.
Definition: identity_api.c:175
int response_code
Response code.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_public_key_from_string(const char *str, struct GNUNET_IDENTITY_PublicKey *key)
Parses a (Base32) string representation of the public key.
static void build_authz_response(void *cls)
Iteration over all results finished, build final response.
char * state
The OIDC state.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
char * identifier
Ego Identifier.
static void do_error(void *cls)
Task run on error, sends error message.
An identity key as per LSD0001.
struct GNUNET_IDENTITY_PublicKey client_pkey
The RP client public key.
const struct GNUNET_IDENTITY_PrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:639
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
char * code_challenge
The PKCE code_challenge.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct EgoEntry * next
DLL.
static struct EgoEntry * ego_head
Ego list.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ login_cont()

static void login_cont ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Combines an identity with a login time and responds OK to login request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1730 of file plugin_rest_openid_connect.c.

References cleanup_handle(), GNUNET_REST_RequestHandle::data, GNUNET_REST_RequestHandle::data_size, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_memcpy, GNUNET_new, GNUNET_REST_create_response(), GNUNET_TIME_relative_get_second_(), GNUNET_TIME_relative_multiply(), GNUNET_TIME_relative_to_absolute(), handle, identity, OIDC_COOKIE_EXPIRATION, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::rest_handle.

Referenced by rest_identity_process_request().

1733 {
1734  struct MHD_Response *resp = GNUNET_REST_create_response ("");
1735  struct RequestHandle *handle = cls;
1736  struct GNUNET_HashCode cache_key;
1737  struct GNUNET_TIME_Absolute *current_time;
1738  struct GNUNET_TIME_Absolute *last_time;
1739  char *cookie;
1740  char *header_val;
1741  json_t *root;
1742  json_error_t error;
1743  json_t *identity;
1744  char term_data[handle->rest_handle->data_size + 1];
1745 
1746  term_data[handle->rest_handle->data_size] = '\0';
1747  GNUNET_memcpy (term_data,
1748  handle->rest_handle->data,
1749  handle->rest_handle->data_size);
1750  root = json_loads (term_data, JSON_DECODE_ANY, &error);
1751  identity = json_object_get (root, "identity");
1752  if (! json_is_string (identity))
1753  {
1755  "Error parsing json string from %s\n",
1756  term_data);
1757  handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1758  json_decref (root);
1759  cleanup_handle (handle);
1760  return;
1761  }
1762  GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
1763  GNUNET_asprintf (&header_val,
1764  "%s;Max-Age=%d",
1765  cookie,
1767  MHD_add_response_header (resp, "Set-Cookie", header_val);
1768  MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
1769  GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
1770 
1771  if (0 != strcmp (json_string_value (identity), "Denied"))
1772  {
1773  current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
1774  *current_time = GNUNET_TIME_relative_to_absolute (
1777  last_time =
1779  GNUNET_free (last_time);
1781  &cache_key,
1782  current_time,
1784  }
1785  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1786  GNUNET_free (cookie);
1787  GNUNET_free (header_val);
1788  json_decref (root);
1789  cleanup_handle (handle);
1790 }
If a value with the given key exists, replace it.
size_t data_size
The POST data size.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:246
#define OIDC_COOKIE_EXPIRATION
OIDC cookie expiration (in seconds)
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void * proc_cls
The closure of the result processor.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
Definition: time.c:442
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
const char * data
The POST data.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_get_second_(void)
Return relative time of 1s.
Definition: time.c:183
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_log(kind,...)
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC hashmap that keeps track of issued cookies.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ parse_credentials_basic_auth()

static int parse_credentials_basic_auth ( struct RequestHandle handle,
char **  client_id,
char **  client_secret 
)
static

Definition at line 1794 of file plugin_rest_openid_connect.c.

References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_base64_decode(), GNUNET_SYSERR, GNUNET_REST_RequestHandle::header_param_map, OIDC_AUTHORIZATION_HEADER_KEY, and RequestHandle::rest_handle.

Referenced by check_authorization().

1797 {
1798  struct GNUNET_HashCode cache_key;
1799  char *authorization;
1800  char *credentials;
1801  char *basic_authorization;
1802  char *client_id_tmp;
1803  char *pass;
1804 
1807  &cache_key);
1809  ->header_param_map,
1810  &cache_key))
1811  return GNUNET_SYSERR;
1812  authorization =
1814  &cache_key);
1815 
1816  // split header in "Basic" and [content]
1817  credentials = strtok (authorization, " ");
1818  if ((NULL == credentials) || (0 != strcmp ("Basic", credentials)))
1819  return GNUNET_SYSERR;
1820  credentials = strtok (NULL, " ");
1821  if (NULL == credentials)
1822  return GNUNET_SYSERR;
1823  GNUNET_STRINGS_base64_decode (credentials,
1824  strlen (credentials),
1825  (void **) &basic_authorization);
1826 
1827  if (NULL == basic_authorization)
1828  return GNUNET_SYSERR;
1829  client_id_tmp = strtok (basic_authorization, ":");
1830  if (NULL == client_id_tmp)
1831  {
1832  GNUNET_free (basic_authorization);
1833  return GNUNET_SYSERR;
1834  }
1835  pass = strtok (NULL, ":");
1836  if (NULL == pass)
1837  {
1838  GNUNET_free (basic_authorization);
1839  return GNUNET_SYSERR;
1840  }
1841  *client_id = strdup (client_id_tmp);
1842  *client_secret = strdup (pass);
1843  GNUNET_free (basic_authorization);
1844  return GNUNET_OK;
1845 }
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
Definition: strings.c:1978
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ parse_credentials_post_body()

static int parse_credentials_post_body ( struct RequestHandle handle,
char **  client_id,
char **  client_secret 
)
static

Definition at line 1849 of file plugin_rest_openid_connect.c.

References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, RequestHandle::rest_handle, and GNUNET_REST_RequestHandle::url_param_map.

Referenced by check_authorization().

1852 {
1853  struct GNUNET_HashCode cache_key;
1854  char *client_id_tmp;
1855  char *pass;
1856 
1857  GNUNET_CRYPTO_hash ("client_id",
1858  strlen ("client_id"),
1859  &cache_key);
1861  ->url_param_map,
1862  &cache_key))
1863  return GNUNET_SYSERR;
1864  client_id_tmp = GNUNET_CONTAINER_multihashmap_get (
1865  handle->rest_handle->url_param_map,
1866  &cache_key);
1867  if (NULL == client_id_tmp)
1868  return GNUNET_SYSERR;
1869  *client_id = strdup (client_id_tmp);
1870  GNUNET_CRYPTO_hash ("client_secret",
1871  strlen ("client_secret"),
1872  &cache_key);
1874  ->url_param_map,
1875  &cache_key))
1876  {
1877  GNUNET_free (*client_id);
1878  *client_id = NULL;
1879  return GNUNET_SYSERR;
1880  }
1882  &cache_key);
1883  if (NULL == pass) {
1884  GNUNET_free (*client_id);
1885  *client_id = NULL;
1886  return GNUNET_SYSERR;
1887  }
1888  *client_secret = strdup (pass);
1889  return GNUNET_OK;
1890 }
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_authorization()

static int check_authorization ( struct RequestHandle handle,
struct GNUNET_IDENTITY_PublicKey cid 
)
static

Allow public clients with PKCE

Definition at line 1894 of file plugin_rest_openid_connect.c.

References RequestHandle::edesc, RequestHandle::ego_entry, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_SYSERR, GNUNET_YES, EgoEntry::keystring, EgoEntry::next, OIDC_CLIENT_ID_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_CLIENT, OIDC_ERROR_KEY_SERVER_ERROR, parse_credentials_basic_auth(), parse_credentials_post_body(), RequestHandle::public_client, and RequestHandle::response_code.

Referenced by token_endpoint().

1896 {
1897  char *expected_pass;
1898  char *received_cid;
1899  char *received_cpw;
1900  char *pkce_cv;
1901 
1902  if (GNUNET_OK == parse_credentials_basic_auth (handle,
1903  &received_cid,
1904  &received_cpw))
1905  {
1907  "Received client credentials in HTTP AuthZ header\n");
1908  }
1909  else if (GNUNET_OK == parse_credentials_post_body (handle,
1910  &received_cid,
1911  &received_cpw))
1912  {
1914  "Received client credentials in POST body\n");
1915  }
1916  else
1917  {
1919  pkce_cv = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
1920  if (NULL == pkce_cv)
1921  {
1923  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1924  return GNUNET_SYSERR;
1925  }
1926  handle->public_client = GNUNET_YES;
1927  GNUNET_free (pkce_cv);
1928  received_cid = get_url_parameter_copy (handle, OIDC_CLIENT_ID_KEY);
1929  GNUNET_STRINGS_string_to_data (received_cid,
1930  strlen (received_cid),
1931  cid,
1932  sizeof(struct GNUNET_IDENTITY_PublicKey));
1933  GNUNET_free (received_cid);
1934  return GNUNET_OK;
1935 
1936  }
1937 
1938  // check client password
1940  "reclaim-rest-plugin",
1941  "OIDC_CLIENT_SECRET",
1942  &expected_pass))
1943  {
1944  if (0 != strcmp (expected_pass, received_cpw))
1945  {
1946  GNUNET_free (expected_pass);
1948  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1949  GNUNET_free (received_cpw);
1950  GNUNET_free (received_cid);
1951  return GNUNET_SYSERR;
1952  }
1953  GNUNET_free (expected_pass);
1954  }
1955  else
1956  {
1957  GNUNET_free (received_cpw);
1958  GNUNET_free (received_cid);
1960  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1961  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1962  return GNUNET_SYSERR;
1963  }
1964  // check client_id
1965  for (handle->ego_entry = ego_head; NULL != handle->ego_entry;
1966  handle->ego_entry = handle->ego_entry->next)
1967  {
1968  if (0 == strcmp (handle->ego_entry->keystring, received_cid))
1969  break;
1970  }
1971  if (NULL == handle->ego_entry)
1972  {
1973  GNUNET_free (received_cpw);
1974  GNUNET_free (received_cid);
1976  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1977  return GNUNET_SYSERR;
1978  }
1979  GNUNET_STRINGS_string_to_data (received_cid,
1980  strlen (received_cid),
1981  cid,
1982  sizeof(struct GNUNET_IDENTITY_PublicKey));
1983 
1984  GNUNET_free (received_cpw);
1985  GNUNET_free (received_cid);
1986  return GNUNET_OK;
1987 }
static int parse_credentials_basic_auth(struct RequestHandle *handle, char **client_id, char **client_secret)
static int parse_credentials_post_body(struct RequestHandle *handle, char **client_id, char **client_secret)
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
char * emsg
Error response message.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
#define OIDC_CODE_VERIFIER_KEY
OIDC PKCE code verifier.
int response_code
Response code.
char * keystring
Public key string.
An identity key as per LSD0001.
#define OIDC_ERROR_KEY_INVALID_CLIENT
OIDC error key for invalid client.
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
struct EgoEntry * ego_entry
IDENTITY Operation.
int public_client
Public client.
struct EgoEntry * next
DLL.
static struct EgoEntry * ego_head
Ego list.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:972
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ find_ego()

const struct EgoEntry* find_ego ( struct RequestHandle handle,
struct GNUNET_IDENTITY_PublicKey test_key 
)

Definition at line 1991 of file plugin_rest_openid_connect.c.

References EgoEntry::ego, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, and EgoEntry::next.

Referenced by token_endpoint(), and userinfo_endpoint().

1993 {
1994  struct EgoEntry *ego_entry;
1995  struct GNUNET_IDENTITY_PublicKey pub_key;
1996 
1997  for (ego_entry = ego_head; NULL != ego_entry;
1998  ego_entry = ego_entry->next)
1999  {
2000  GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
2001  if (0 == GNUNET_memcmp (&pub_key, test_key))
2002  return ego_entry;
2003  }
2004  return NULL;
2005 }
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_IDENTITY_PublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:652
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
An identity key as per LSD0001.
struct EgoEntry * next
DLL.
static struct EgoEntry * ego_head
Ego list.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ token_endpoint()

static void token_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to token url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 2016 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Ticket::audience, check_authorization(), cleanup_handle(), do_error(), RequestHandle::edesc, RequestHandle::emsg, find_ego(), get_url_parameter_copy(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_SYSERR, handle, GNUNET_RECLAIM_Ticket::identity, OIDC_access_token_new(), OIDC_build_token_response(), OIDC_CODE_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE, OIDC_generate_id_token(), OIDC_GRANT_TYPE_KEY, OIDC_GRANT_TYPE_VALUE, OIDC_parse_authz_code(), OIDC_VERIFICATION_DEFAULT, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::response_code.

Referenced by rest_identity_process_request().

2019 {
2020  struct RequestHandle *handle = cls;
2021  const struct EgoEntry *ego_entry;
2022  struct GNUNET_TIME_Relative expiration_time;
2023  struct GNUNET_RECLAIM_AttributeList *cl = NULL;
2024  struct GNUNET_RECLAIM_PresentationList *pl = NULL;
2026  struct GNUNET_IDENTITY_PublicKey cid;
2027  struct GNUNET_HashCode cache_key;
2028  struct MHD_Response *resp;
2029  char *grant_type;
2030  char *code;
2031  char *json_response;
2032  char *id_token;
2033  char *access_token;
2034  char *jwt_secret;
2035  char *nonce = NULL;
2036  char *code_verifier;
2037 
2038  /*
2039  * Check Authorization
2040  */
2041  if (GNUNET_SYSERR == check_authorization (handle, &cid))
2042  {
2044  "OIDC authorization for token endpoint failed\n");
2046  return;
2047  }
2048 
2049  /*
2050  * Check parameter
2051  */
2052 
2053  // TODO Do not allow multiple equal parameter names
2054  // REQUIRED grant_type
2056  strlen (OIDC_GRANT_TYPE_KEY),
2057  &cache_key);
2058  grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY);
2059  if (NULL == grant_type)
2060  {
2062  handle->edesc = GNUNET_strdup ("missing parameter grant_type");
2063  handle->response_code = MHD_HTTP_BAD_REQUEST;
2065  return;
2066  }
2067 
2068  // Check parameter grant_type == "authorization_code"
2069  if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
2070  {
2072  handle->response_code = MHD_HTTP_BAD_REQUEST;
2073  GNUNET_free (grant_type);
2075  return;
2076  }
2077  GNUNET_free (grant_type);
2078  // REQUIRED code
2079  code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
2080  if (NULL == code)
2081  {
2083  handle->edesc = GNUNET_strdup ("missing parameter code");
2084  handle->response_code = MHD_HTTP_BAD_REQUEST;
2086  return;
2087  }
2088  ego_entry = find_ego (handle, &cid);
2089  if (NULL == ego_entry)
2090  {
2092  handle->edesc = GNUNET_strdup ("Unknown client");
2093  handle->response_code = MHD_HTTP_BAD_REQUEST;
2094  GNUNET_free (code);
2096  return;
2097  }
2098 
2099  // REQUIRED code verifier
2100  code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
2101  if (NULL == code_verifier)
2102  {
2104  "OAuth authorization request does not contain PKCE parameters!\n");
2105 
2106  }
2107 
2108  // decode code
2109  if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket,
2110  &cl, &pl, &nonce,
2112  {
2114  handle->edesc = GNUNET_strdup ("invalid code");
2115  handle->response_code = MHD_HTTP_BAD_REQUEST;
2116  GNUNET_free (code);
2117  if (NULL != code_verifier)
2118  GNUNET_free (code_verifier);
2120  return;
2121  }
2122  if (NULL != code_verifier)
2123  GNUNET_free (code_verifier);
2124 
2125  // create jwt
2127  "reclaim-rest-plugin",
2128  "expiration_time",
2129  &expiration_time))
2130  {
2132  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
2133  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2134  GNUNET_free (code);
2135  if (NULL != nonce)
2136  GNUNET_free (nonce);
2138  return;
2139  }
2140 
2141 
2142  // TODO OPTIONAL acr,amr,azp
2144  "reclaim-rest-plugin",
2145  "jwt_secret",
2146  &jwt_secret))
2147  {
2149  handle->edesc = GNUNET_strdup ("No signing secret configured!");
2150  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2151  GNUNET_free (code);
2152  if (NULL != nonce)
2153  GNUNET_free (nonce);
2155  return;
2156  }
2157  id_token = OIDC_generate_id_token (&ticket.audience,
2158  &ticket.identity,
2159  cl,
2160  pl,
2161  &expiration_time,
2162  (NULL != nonce) ? nonce : NULL,
2163  jwt_secret);
2164  GNUNET_free (jwt_secret);
2165  if (NULL != nonce)
2166  GNUNET_free (nonce);
2167  access_token = OIDC_access_token_new (&ticket);
2168  /* Store mapping from access token to code so we can later
2169  * fall back on the provided attributes in userinfo
2170  */
2171  GNUNET_CRYPTO_hash (access_token,
2172  strlen (access_token),
2173  &cache_key);
2175  &cache_key);
2177  &cache_key,
2178  code,
2180  /* If there was a previus code in there, free the old value */
2181  if (NULL != tmp_at)
2182  {
2184  "OIDC access token already issued. Cleanup.\n");
2185  GNUNET_free (tmp_at);
2186  }
2187 
2188  OIDC_build_token_response (access_token,
2189  id_token,
2190  &expiration_time,
2191  &json_response);
2192 
2193  resp = GNUNET_REST_create_response (json_response);
2194  MHD_add_response_header (resp, "Cache-Control", "no-store");
2195  MHD_add_response_header (resp, "Pragma", "no-cache");
2196  MHD_add_response_header (resp, "Content-Type", "application/json");
2197  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2200  GNUNET_free (access_token);
2201  GNUNET_free (json_response);
2202  GNUNET_free (id_token);
2203  cleanup_handle (handle);
2204 }
struct GNUNET_CONTAINER_MultiHashMap * oidc_code_cache
OIDC hashmap for cached access tokens and codes.
The authorization ticket.
If a value with the given key exists, replace it.
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
#define OIDC_GRANT_TYPE_KEY
OIDC grant_type key.
#define OIDC_CODE_KEY
OIDC code key.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *test_key)
int OIDC_parse_authz_code(const struct GNUNET_IDENTITY_PublicKey *audience, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str, enum OIDC_VerificationOptions opts)
Parse reclaim ticket and nonce from authorization code.
Definition: oidc_helper.c:675
A list of GNUNET_RECLAIM_Attribute structures.
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
Definition: oidc_helper.c:796
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE
OIDC error key for unsupported grants.
The ego list.
static int check_authorization(struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *cid)
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_PublicKey identity
The ticket issuer (= the user)
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
char * OIDC_access_token_new(const struct GNUNET_RECLAIM_Ticket *ticket)
Generate a new access token.
Definition: oidc_helper.c:824
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define OIDC_CODE_VERIFIER_KEY
OIDC PKCE code verifier.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
A 512-bit hashcode.
int response_code
Response code.
char * OIDC_generate_id_token(const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT from attributes.
Definition: oidc_helper.c:371
void GNUNET_RECLAIM_presentation_list_destroy(struct GNUNET_RECLAIM_PresentationList *presentations)
Destroy presentations list.
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
Strict verification.
Definition: oidc_helper.h:46
static void do_error(void *cls)
Task run on error, sends error message.
An identity key as per LSD0001.
A list of GNUNET_RECLAIM_Presentation structures.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_time(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, struct GNUNET_TIME_Relative *time)
Get a configuration value that should be a relative time.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
struct GNUNET_IDENTITY_PublicKey audience
The ticket audience (= relying party)
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_GRANT_TYPE_VALUE
OIDC grant_type key.
#define GNUNET_free(ptr)
Wrapper around free.
Time for relative time used by GNUnet, in microseconds.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ consume_ticket()

static void consume_ticket ( void *  cls,
const struct GNUNET_IDENTITY_PublicKey identity,
const struct GNUNET_RECLAIM_Attribute attr,
const struct GNUNET_RECLAIM_Presentation pres 
)
static

Collects claims and stores them in handle.

already in list

Credential matches for attribute, add

Definition at line 2211 of file plugin_rest_openid_connect.c.

References RequestHandle::attr_userinfo_list, GNUNET_RECLAIM_AttributeListEntry::attribute, cleanup_handle(), RequestHandle::consume_timeout_op, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Presentation::credential_id, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Presentation::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Presentation::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_RECLAIM_presentation_new(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_cancel(), handle, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_Ticket::identity, RequestHandle::idp_op, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_PresentationList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_PresentationList::list_tail, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_PresentationListEntry::next, OIDC_generate_userinfo(), GNUNET_RECLAIM_PresentationListEntry::presentation, RequestHandle::presentations, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::ticket, GNUNET_RECLAIM_Attribute::type, and GNUNET_RECLAIM_Presentation::type.

Referenced by userinfo_endpoint().

2215 {
2216  struct RequestHandle *handle = cls;
2219  struct MHD_Response *resp;
2220  char *result_str;
2221 
2222  if (NULL != handle->consume_timeout_op)
2224  handle->consume_timeout_op = NULL;
2225  handle->idp_op = NULL;
2226 
2227  if (NULL == identity)
2228  {
2229  result_str = OIDC_generate_userinfo (&handle->ticket.identity,
2230  handle->attr_userinfo_list,
2231  handle->presentations);
2232  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str);
2233  resp = GNUNET_REST_create_response (result_str);
2234  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2235  GNUNET_free (result_str);
2236  cleanup_handle (handle);
2237  return;
2238  }
2241  &attr->credential,
2242  attr->type,
2243  attr->data,
2244  attr->data_size);
2245  ale->attribute->id = attr->id;
2246  ale->attribute->flag = attr->flag;
2247  ale->attribute->credential = attr->credential;
2249  handle->attr_userinfo_list->list_tail,
2250  ale);
2251  if (NULL == pres)
2252  return;
2253  for (atle = handle->presentations->list_head;
2254  NULL != atle; atle = atle->next)
2255  {
2257  &atle->presentation->credential_id,
2258  &pres->credential_id))
2259  continue;
2260  break;
2261  }
2262  if (NULL == atle)
2263  {
2267  pres->data,
2268  pres->data_size);
2269  atle->presentation->credential_id = pres->credential_id;
2271  handle->presentations->list_tail,
2272  atle);
2273  }
2274 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *credential, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
uint32_t type
Type/Format of Claim.
const char * name
The name of the attribute.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
struct GNUNET_RECLAIM_PresentationListEntry * next
DLL.
struct GNUNET_RECLAIM_PresentationListEntry * list_head
List head.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
void * proc_cls
The closure of the result processor.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_PresentationList * presentations
Presentations.
struct GNUNET_IDENTITY_PublicKey identity
The ticket issuer (= the user)
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_Identifier credential_id
The credential id of which this is a presentation.
const void * data
Binary value stored as presentation value.
struct GNUNET_RECLAIM_Identifier id
ID.
size_t data_size
Number of bytes in data.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
size_t data_size
Number of bytes in data.
struct GNUNET_SCHEDULER_Task * consume_timeout_op
Timeout task for consume.
struct GNUNET_RECLAIM_Presentation * presentation
The credential.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
struct GNUNET_RECLAIM_Presentation * GNUNET_RECLAIM_presentation_new(uint32_t type, const void *data, size_t data_size)
#define GNUNET_RECLAIM_id_is_equal(a, b)
#define GNUNET_log(kind,...)
const void * data
Binary value stored as attribute value.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
uint32_t type
Type of Claim.
struct GNUNET_RECLAIM_PresentationListEntry * list_tail
List tail.
char * OIDC_generate_userinfo(const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Generate userinfo JSON as string.
Definition: oidc_helper.c:344
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
#define GNUNET_free(ptr)
Wrapper around free.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:972
Here is the call graph for this function:
Here is the caller graph for this function:

◆ consume_timeout()

static void consume_timeout ( void *  cls)
static

Definition at line 2278 of file plugin_rest_openid_connect.c.

References RequestHandle::access_token, GNUNET_RECLAIM_Ticket::audience, cleanup_handle(), RequestHandle::consume_timeout_op, do_error(), do_userinfo_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, GNUNET_RECLAIM_Ticket::identity, RequestHandle::idp_op, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_TOKEN, OIDC_generate_userinfo(), OIDC_parse_authz_code(), OIDC_VERIFICATION_NO_CODE_VERIFIER, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::response_code, and RequestHandle::ticket.

Referenced by userinfo_endpoint().

2279 {
2280  struct RequestHandle *handle = cls;
2281  struct GNUNET_HashCode cache_key;
2282  struct GNUNET_RECLAIM_AttributeList *cl = NULL;
2283  struct GNUNET_RECLAIM_PresentationList *pl = NULL;
2285  char *nonce;
2286  char *cached_code;
2287 
2288  handle->consume_timeout_op = NULL;
2289  if (NULL != handle->idp_op)
2290  GNUNET_RECLAIM_cancel (handle->idp_op);
2291  handle->idp_op = NULL;
2292 
2294  "Ticket consumptioned timed out. Using cache...\n");
2296  strlen (handle->access_token),
2297  &cache_key);
2299  &cache_key);
2300  if (NULL == cached_code)
2301  {
2303  handle->edesc = GNUNET_strdup ("No Access Token in cache!");
2304  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2306  return;
2307  }
2308 
2309  // decode code
2311  cached_code, NULL, &ticket,
2312  &cl, &pl, &nonce,
2314  {
2316  handle->edesc = GNUNET_strdup ("invalid code");
2317  handle->response_code = MHD_HTTP_BAD_REQUEST;
2318  GNUNET_free (cached_code);
2319  if (NULL != nonce)
2320  GNUNET_free (nonce);
2322  return;
2323  }
2324 
2325  struct MHD_Response *resp;
2326  char *result_str;
2327 
2328  result_str = OIDC_generate_userinfo (&handle->ticket.identity,
2329  cl,
2330  pl);
2331  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str);
2332  resp = GNUNET_REST_create_response (result_str);
2333  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2334  GNUNET_free (result_str);
2335  GNUNET_free (nonce);
2338  cleanup_handle (handle);
2339 }
struct GNUNET_CONTAINER_MultiHashMap * oidc_code_cache
OIDC hashmap for cached access tokens and codes.
Do not check code verifier even if expected.
Definition: oidc_helper.h:51
The authorization ticket.
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void GNUNET_RECLAIM_cancel(struct GNUNET_RECLAIM_Operation *op)
Cancel an identity provider operation.
Definition: reclaim_api.c:1089
int OIDC_parse_authz_code(const struct GNUNET_IDENTITY_PublicKey *audience, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str, enum OIDC_VerificationOptions opts)
Parse reclaim ticket and nonce from authorization code.
Definition: oidc_helper.c:675
A list of GNUNET_RECLAIM_Attribute structures.
#define OIDC_ERROR_KEY_INVALID_TOKEN
OIDC error key for invalid tokens.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_PublicKey identity
The ticket issuer (= the user)
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
char * access_token
The passed access token.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
A 512-bit hashcode.
int response_code
Response code.
void GNUNET_RECLAIM_presentation_list_destroy(struct GNUNET_RECLAIM_PresentationList *presentations)
Destroy presentations list.
struct GNUNET_SCHEDULER_Task * consume_timeout_op
Timeout task for consume.
static void do_error(void *cls)
Task run on error, sends error message.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
A list of GNUNET_RECLAIM_Presentation structures.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
struct GNUNET_IDENTITY_PublicKey audience
The ticket audience (= relying party)
#define GNUNET_log(kind,...)
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
char * OIDC_generate_userinfo(const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Generate userinfo JSON as string.
Definition: oidc_helper.c:344
#define GNUNET_free(ptr)
Wrapper around free.
static void do_userinfo_error(void *cls)
Task run on error in userinfo endpoint, sends error header.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ userinfo_endpoint()

static void userinfo_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to userinfo GET and url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 2350 of file plugin_rest_openid_connect.c.

References RequestHandle::access_token, RequestHandle::attr_userinfo_list, GNUNET_RECLAIM_Ticket::audience, consume_ticket(), CONSUME_TIMEOUT, consume_timeout(), RequestHandle::consume_timeout_op, do_userinfo_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::emsg, find_ego(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_RECLAIM_ticket_consume(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, GNUNET_REST_RequestHandle::header_param_map, RequestHandle::idp_op, OIDC_access_token_parse(), OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_TOKEN, RequestHandle::presentations, RequestHandle::response_code, RequestHandle::rest_handle, ticket, and RequestHandle::ticket.

Referenced by rest_identity_process_request().

2353 {
2354  // TODO expiration time
2355  struct RequestHandle *handle = cls;
2356  struct GNUNET_RECLAIM_Ticket *ticket;
2357  char delimiter[] = " ";
2358  struct GNUNET_HashCode cache_key;
2359  char *authorization;
2360  char *authorization_type;
2361  char *authorization_access_token;
2362  const struct EgoEntry *aud_ego;
2363  const struct GNUNET_IDENTITY_PrivateKey *privkey;
2364 
2365  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting userinfo\n");
2368  &cache_key);
2370  ->header_param_map,
2371  &cache_key))
2372  {
2374  handle->edesc = GNUNET_strdup ("No Access Token");
2375  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2377  return;
2378  }
2379  authorization =
2381  &cache_key);
2382 
2383  // split header in "Bearer" and access_token
2384  authorization = GNUNET_strdup (authorization);
2385  authorization_type = strtok (authorization, delimiter);
2386  if ((NULL == authorization_type) ||
2387  (0 != strcmp ("Bearer", authorization_type)))
2388  {
2390  handle->edesc = GNUNET_strdup ("No Access Token");
2391  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2393  GNUNET_free (authorization);
2394  return;
2395  }
2396  authorization_access_token = strtok (NULL, delimiter);
2397  if (NULL == authorization_access_token)
2398  {
2400  handle->edesc = GNUNET_strdup ("Access token missing");
2401  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2403  GNUNET_free (authorization);
2404  return;
2405  }
2406 
2407  if (GNUNET_OK != OIDC_access_token_parse (authorization_access_token,
2408  &ticket))
2409  {
2411  handle->edesc = GNUNET_strdup ("The access token is invalid");
2412  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2414  GNUNET_free (authorization);
2415  return;
2416 
2417  }
2418  GNUNET_assert (NULL != ticket);
2419  handle->ticket = *ticket;
2420  GNUNET_free (ticket);
2421  aud_ego = find_ego (handle, &handle->ticket.audience);
2422  if (NULL == aud_ego)
2423  {
2425  handle->edesc = GNUNET_strdup ("The access token expired");
2426  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2428  GNUNET_free (authorization);
2429  return;
2430  }
2431  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Consuming ticket\n");
2432  privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego);
2433  handle->attr_userinfo_list =
2435  handle->presentations =
2437 
2438  /* If the consume takes too long, we use values from the cache */
2439  handle->access_token = GNUNET_strdup (authorization_access_token);
2441  &consume_timeout,
2442  handle);
2444  privkey,
2445  &handle->ticket,
2446  &consume_ticket,
2447  handle);
2448  GNUNET_free (authorization);
2449 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
The authorization ticket.
static void consume_timeout(void *cls)
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *test_key)
A private key for an identity as per LSD0001.
A list of GNUNET_RECLAIM_Attribute structures.
#define CONSUME_TIMEOUT
How long to wait for a consume in userinfo endpoint.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_consume(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *identity, const struct GNUNET_RECLAIM_Ticket *ticket, GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls)
Consumes an issued ticket.
Definition: reclaim_api.c:1591
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define OIDC_ERROR_KEY_INVALID_TOKEN
OIDC error key for invalid tokens.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
The ego list.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
struct GNUNET_RECLAIM_PresentationList * presentations
Presentations.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1269
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
char * access_token
The passed access token.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int response_code
Response code.
static struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct GNUNET_SCHEDULER_Task * consume_timeout_op
Timeout task for consume.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
A list of GNUNET_RECLAIM_Presentation structures.
static void consume_ticket(void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Presentation *pres)
Collects claims and stores them in handle.
const struct GNUNET_IDENTITY_PrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:639
struct GNUNET_IDENTITY_PublicKey audience
The ticket audience (= relying party)
#define GNUNET_log(kind,...)
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
int OIDC_access_token_parse(const char *token, struct GNUNET_RECLAIM_Ticket **ticket)
Parse an access token.
Definition: oidc_helper.c:839
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
#define GNUNET_free(ptr)
Wrapper around free.
static void do_userinfo_error(void *cls)
Task run on error in userinfo endpoint, sends error header.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ list_ego()

static void list_ego ( void *  cls,
struct GNUNET_IDENTITY_Ego ego,
void **  ctx,
const char *  identifier 
)
static

If listing is enabled, prints information about the egos.

This function is initially called for all egos and then again whenever a ego's identifier changes or if it is deleted. At the end of the initial pass over all egos, the function is once called with 'NULL' for 'ego'. That does NOT mean that the callback won't be invoked in the future or that there was an error.

When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this function is only called ONCE, and 'NULL' being passed in 'ego' does indicate an error (i.e. name is taken or no default value is known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the value WILL be passed to a subsequent call to the identity callback of 'GNUNET_IDENTITY_connect' (if that one was not NULL).

When an identity is renamed, this function is called with the (known) ego but the NEW identifier.

When an identity is deleted, this function is called with the (known) ego and "NULL" for the 'identifier'. In this case, the 'ego' is henceforth invalid (and the 'ctx' should also be cleaned up).

Parameters
clsclosure
egoego handle
ctxcontext for application to store data for this ego (during the lifetime of this process, initially NULL)
identifieridentifier assigned by the user for this ego, NULL if the user just deleted the ego and it must thus no longer be used

Definition at line 2486 of file plugin_rest_openid_connect.c.

References EgoEntry::ego, GNUNET_CONTAINER_DLL_insert_tail, GNUNET_CONTAINER_DLL_remove, GNUNET_free, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_IDENTITY_public_key_to_string(), GNUNET_new, GNUNET_strdup, ID_REST_STATE_INIT, ID_REST_STATE_POST_INIT, EgoEntry::identifier, EgoEntry::keystring, EgoEntry::next, and state.

Referenced by libgnunet_plugin_rest_openid_connect_init().

2490 {
2491  struct EgoEntry *ego_entry;
2493 
2494  if (NULL == ego)
2495  {
2497  return;
2498  }
2499  if (ID_REST_STATE_INIT == state)
2500 
2501  {
2502  ego_entry = GNUNET_new (struct EgoEntry);
2505  ego_entry->ego = ego;
2506  ego_entry->identifier = GNUNET_strdup (identifier);
2508  ego_tail,
2509  ego_entry);
2510  return;
2511  }
2512  /* Ego renamed or added */
2513  if (identifier != NULL)
2514  {
2515  for (ego_entry = ego_head; NULL != ego_entry;
2516  ego_entry = ego_entry->next)
2517  {
2518  if (ego_entry->ego == ego)
2519  {
2520  /* Rename */
2521  GNUNET_free (ego_entry->identifier);
2522  ego_entry->identifier = GNUNET_strdup (identifier);
2523  break;
2524  }
2525  }
2526  if (NULL == ego_entry)
2527  {
2528  /* Add */
2529  ego_entry = GNUNET_new (struct EgoEntry);
2532  ego_entry->ego = ego;
2533  ego_entry->identifier = GNUNET_strdup (identifier);
2535  ego_tail,
2536  ego_entry);
2537  }
2538  }
2539  else
2540  {
2541  /* Delete */
2542  for (ego_entry = ego_head; NULL != ego_entry;
2543  ego_entry = ego_entry->next)
2544  {
2545  if (ego_entry->ego == ego)
2546  break;
2547  }
2548  if (NULL == ego_entry)
2549  return; /* Not found */
2550 
2552  ego_tail,
2553  ego_entry);
2554  GNUNET_free (ego_entry->identifier);
2555  GNUNET_free (ego_entry->keystring);
2556  GNUNET_free (ego_entry);
2557  return;
2558  }
2559 }
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
char * GNUNET_IDENTITY_public_key_to_string(const struct GNUNET_IDENTITY_PublicKey *key)
Creates a (Base32) string representation of the public key.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int state
The processing state.
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_IDENTITY_PublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:652
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static struct EgoEntry * ego_tail
Ego list.
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
char * keystring
Public key string.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
char * identifier
Ego Identifier.
An identity key as per LSD0001.
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
#define ID_REST_STATE_INIT
State while collecting all egos.
struct EgoEntry * next
DLL.