GNUnet  0.11.x
Data Structures | Macros | Functions | Variables
plugin_rest_openid_connect.c File Reference
#include "platform.h"
#include <inttypes.h>
#include <jansson.h>
#include "gnunet_gns_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_identity_service.h"
#include "gnunet_namestore_service.h"
#include "gnunet_reclaim_lib.h"
#include "gnunet_reclaim_service.h"
#include "gnunet_rest_lib.h"
#include "gnunet_rest_plugin.h"
#include "gnunet_signatures.h"
#include "microhttpd.h"
#include "oidc_helper.h"
Include dependency graph for plugin_rest_openid_connect.c:

Go to the source code of this file.

Data Structures

struct  Plugin
 Handle for a plugin. More...
 
struct  OIDC_Variables
 OIDC needed variables. More...
 
struct  EgoEntry
 The ego list. More...
 
struct  RequestHandle
 The request handle. More...
 

Macros

#define GNUNET_REST_API_NS_OIDC   "/openid"
 REST root namespace. More...
 
#define GNUNET_REST_API_NS_AUTHORIZE   "/openid/authorize"
 Authorize endpoint. More...
 
#define GNUNET_REST_API_NS_TOKEN   "/openid/token"
 Token endpoint. More...
 
#define GNUNET_REST_API_NS_USERINFO   "/openid/userinfo"
 UserInfo endpoint. More...
 
#define GNUNET_REST_API_NS_LOGIN   "/openid/login"
 Login namespace. More...
 
#define ID_REST_STATE_INIT   0
 State while collecting all egos. More...
 
#define ID_REST_STATE_POST_INIT   1
 Done collecting egos. More...
 
#define OIDC_GRANT_TYPE_KEY   "grant_type"
 OIDC grant_type key. More...
 
#define OIDC_GRANT_TYPE_VALUE   "authorization_code"
 OIDC grant_type key. More...
 
#define OIDC_CODE_KEY   "code"
 OIDC code key. More...
 
#define OIDC_RESPONSE_TYPE_KEY   "response_type"
 OIDC response_type key. More...
 
#define OIDC_CLIENT_ID_KEY   "client_id"
 OIDC client_id key. More...
 
#define OIDC_SCOPE_KEY   "scope"
 OIDC scope key. More...
 
#define OIDC_REDIRECT_URI_KEY   "redirect_uri"
 OIDC redirect_uri key. More...
 
#define OIDC_STATE_KEY   "state"
 OIDC state key. More...
 
#define OIDC_NONCE_KEY   "nonce"
 OIDC nonce key. More...
 
#define OIDC_CLAIMS_KEY   "claims"
 OIDC claims key. More...
 
#define OIDC_CODE_CHALLENGE_KEY   "code_challenge"
 OIDC PKCE code challenge. More...
 
#define OIDC_CODE_VERIFIER_KEY   "code_verifier"
 OIDC PKCE code verifier. More...
 
#define OIDC_COOKIE_EXPIRATION   3
 OIDC cookie expiration (in seconds) More...
 
#define OIDC_COOKIE_HEADER_KEY   "cookie"
 OIDC cookie header key. More...
 
#define OIDC_AUTHORIZATION_HEADER_KEY   "authorization"
 OIDC cookie header information key. More...
 
#define OIDC_COOKIE_HEADER_INFORMATION_KEY   "Identity="
 OIDC cookie header information key. More...
 
#define OIDC_COOKIE_HEADER_ACCESS_DENIED   "Identity=Denied"
 OIDC cookie header if user cancelled. More...
 
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE   "code"
 OIDC expected response_type while authorizing. More...
 
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE   "openid"
 OIDC expected scope part while authorizing. More...
 
#define OIDC_ERROR_KEY_INVALID_CLIENT   "invalid_client"
 OIDC error key for invalid client. More...
 
#define OIDC_ERROR_KEY_INVALID_SCOPE   "invalid_scope"
 OIDC error key for invalid scopes. More...
 
#define OIDC_ERROR_KEY_INVALID_REQUEST   "invalid_request"
 OIDC error key for invalid requests. More...
 
#define OIDC_ERROR_KEY_INVALID_TOKEN   "invalid_token"
 OIDC error key for invalid tokens. More...
 
#define OIDC_ERROR_KEY_INVALID_COOKIE   "invalid_cookie"
 OIDC error key for invalid cookies. More...
 
#define OIDC_ERROR_KEY_SERVER_ERROR   "server_error"
 OIDC error key for generic server errors. More...
 
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE   "unsupported_grant_type"
 OIDC error key for unsupported grants. More...
 
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE   "unsupported_response_type"
 OIDC error key for unsupported response types. More...
 
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT   "unauthorized_client"
 OIDC error key for unauthorized clients. More...
 
#define OIDC_ERROR_KEY_ACCESS_DENIED   "access_denied"
 OIDC error key for denied access. More...
 

Functions

static void cleanup_handle (struct RequestHandle *handle)
 Cleanup lookup handle. More...
 
static void cleanup_handle_delayed (void *cls)
 
static void do_error (void *cls)
 Task run on error, sends error message. More...
 
static void do_userinfo_error (void *cls)
 Task run on error in userinfo endpoint, sends error header. More...
 
static void do_redirect_error (void *cls)
 Task run on error, sends error message and redirects. More...
 
static void do_timeout (void *cls)
 Task run on timeout, sends error message. More...
 
static void return_userinfo_response (void *cls)
 Return attributes for claim. More...
 
static void options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Respond to OPTIONS request. More...
 
static void cookie_identity_interpretation (struct RequestHandle *handle)
 Interprets cookie header and pass its identity keystring to handle. More...
 
static void login_redirect (void *cls)
 Redirects to login page stored in configuration file. More...
 
static void oidc_iteration_error (void *cls)
 Does internal server error when iteration failed. More...
 
static void oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
 Issues ticket and redirects to relying party with the authorization code as parameter. More...
 
static void oidc_attest_collect_finished_cb (void *cls)
 
static void oidc_attest_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attestation *attest)
 Collects all attributes for an ego if in scope parameter. More...
 
static void oidc_attr_collect_finished_cb (void *cls)
 
static void oidc_attr_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
 Collects all attributes for an ego if in scope parameter. More...
 
static void code_redirect (void *cls)
 Checks time and cookie and redirects accordingly. More...
 
static void build_redirect (void *cls)
 
static void lookup_redirect_uri_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
 
static void client_redirect (void *cls)
 Initiate redirect back to client. More...
 
static char * get_url_parameter_copy (const struct RequestHandle *handle, const char *key)
 
static void build_authz_response (void *cls)
 Iteration over all results finished, build final response. More...
 
static void tld_iter (void *cls, const char *section, const char *option, const char *value)
 Iterate over tlds in config. More...
 
static void authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to authorization GET and url-encoded POST request. More...
 
static void login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Combines an identity with a login time and responds OK to login request. More...
 
static int check_authorization (struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
 
const struct EgoEntryfind_ego (struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
 
static void persist_access_token (const struct RequestHandle *handle, const char *access_token, const struct GNUNET_RECLAIM_Ticket *ticket)
 
static void token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to token url-encoded POST request. More...
 
static void consume_ticket (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Attestation *attest)
 Collects claims and stores them in handle. More...
 
static void userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to userinfo GET and url-encoded POST request. More...
 
static void init_cont (struct RequestHandle *handle)
 Handle rest request. More...
 
static void list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
 If listing is enabled, prints information about the egos. More...
 
static void rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
 
void * libgnunet_plugin_rest_openid_connect_init (void *cls)
 Entry point for the plugin. More...
 
void * libgnunet_plugin_rest_openid_connect_done (void *cls)
 Exit point from the plugin. More...
 

Variables

static char * OIDC_ignored_parameter_array []
 OIDC ignored parameter array. More...
 
struct GNUNET_CONTAINER_MultiHashMapOIDC_cookie_jar_map
 OIDC Hash map that keeps track of issued cookies. More...
 
struct GNUNET_CONTAINER_MultiHashMapOIDC_access_token_map
 Hash map that links the issued access token to the corresponding ticket and ego. More...
 
const struct GNUNET_CONFIGURATION_Handlecfg
 The configuration handle. More...
 
static char * allow_methods
 HTTP methods allows for this plugin. More...
 

Macro Definition Documentation

◆ GNUNET_REST_API_NS_OIDC

#define GNUNET_REST_API_NS_OIDC   "/openid"

REST root namespace.

Definition at line 45 of file plugin_rest_openid_connect.c.

Referenced by init_cont(), and libgnunet_plugin_rest_openid_connect_init().

◆ GNUNET_REST_API_NS_AUTHORIZE

#define GNUNET_REST_API_NS_AUTHORIZE   "/openid/authorize"

Authorize endpoint.

Definition at line 50 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ GNUNET_REST_API_NS_TOKEN

#define GNUNET_REST_API_NS_TOKEN   "/openid/token"

Token endpoint.

Definition at line 55 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ GNUNET_REST_API_NS_USERINFO

#define GNUNET_REST_API_NS_USERINFO   "/openid/userinfo"

UserInfo endpoint.

Definition at line 60 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ GNUNET_REST_API_NS_LOGIN

#define GNUNET_REST_API_NS_LOGIN   "/openid/login"

Login namespace.

Definition at line 65 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ ID_REST_STATE_INIT

#define ID_REST_STATE_INIT   0

State while collecting all egos.

Definition at line 70 of file plugin_rest_openid_connect.c.

Referenced by list_ego(), and rest_identity_process_request().

◆ ID_REST_STATE_POST_INIT

#define ID_REST_STATE_POST_INIT   1

Done collecting egos.

Definition at line 75 of file plugin_rest_openid_connect.c.

Referenced by list_ego().

◆ OIDC_GRANT_TYPE_KEY

#define OIDC_GRANT_TYPE_KEY   "grant_type"

OIDC grant_type key.

Definition at line 80 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_GRANT_TYPE_VALUE

#define OIDC_GRANT_TYPE_VALUE   "authorization_code"

OIDC grant_type key.

Definition at line 85 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_CODE_KEY

#define OIDC_CODE_KEY   "code"

OIDC code key.

Definition at line 90 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_RESPONSE_TYPE_KEY

#define OIDC_RESPONSE_TYPE_KEY   "response_type"

OIDC response_type key.

Definition at line 95 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CLIENT_ID_KEY

#define OIDC_CLIENT_ID_KEY   "client_id"

OIDC client_id key.

Definition at line 100 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_SCOPE_KEY

#define OIDC_SCOPE_KEY   "scope"

OIDC scope key.

Definition at line 105 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), build_authz_response(), and login_redirect().

◆ OIDC_REDIRECT_URI_KEY

#define OIDC_REDIRECT_URI_KEY   "redirect_uri"

OIDC redirect_uri key.

Definition at line 110 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_STATE_KEY

#define OIDC_STATE_KEY   "state"

OIDC state key.

Definition at line 115 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_NONCE_KEY

#define OIDC_NONCE_KEY   "nonce"

OIDC nonce key.

Definition at line 120 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CLAIMS_KEY

#define OIDC_CLAIMS_KEY   "claims"

OIDC claims key.

Definition at line 125 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CODE_CHALLENGE_KEY

#define OIDC_CODE_CHALLENGE_KEY   "code_challenge"

OIDC PKCE code challenge.

Definition at line 130 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_CODE_VERIFIER_KEY

#define OIDC_CODE_VERIFIER_KEY   "code_verifier"

OIDC PKCE code verifier.

Definition at line 135 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_COOKIE_EXPIRATION

#define OIDC_COOKIE_EXPIRATION   3

OIDC cookie expiration (in seconds)

Definition at line 140 of file plugin_rest_openid_connect.c.

Referenced by login_cont().

◆ OIDC_COOKIE_HEADER_KEY

#define OIDC_COOKIE_HEADER_KEY   "cookie"

OIDC cookie header key.

Definition at line 145 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_AUTHORIZATION_HEADER_KEY

#define OIDC_AUTHORIZATION_HEADER_KEY   "authorization"

OIDC cookie header information key.

Definition at line 150 of file plugin_rest_openid_connect.c.

Referenced by check_authorization(), and userinfo_endpoint().

◆ OIDC_COOKIE_HEADER_INFORMATION_KEY

#define OIDC_COOKIE_HEADER_INFORMATION_KEY   "Identity="

OIDC cookie header information key.

Definition at line 155 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_COOKIE_HEADER_ACCESS_DENIED

#define OIDC_COOKIE_HEADER_ACCESS_DENIED   "Identity=Denied"

OIDC cookie header if user cancelled.

Definition at line 160 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE

#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE   "code"

OIDC expected response_type while authorizing.

Definition at line 165 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_EXPECTED_AUTHORIZATION_SCOPE

#define OIDC_EXPECTED_AUTHORIZATION_SCOPE   "openid"

OIDC expected scope part while authorizing.

Definition at line 170 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_ERROR_KEY_INVALID_CLIENT

#define OIDC_ERROR_KEY_INVALID_CLIENT   "invalid_client"

OIDC error key for invalid client.

Definition at line 175 of file plugin_rest_openid_connect.c.

Referenced by check_authorization().

◆ OIDC_ERROR_KEY_INVALID_SCOPE

#define OIDC_ERROR_KEY_INVALID_SCOPE   "invalid_scope"

OIDC error key for invalid scopes.

Definition at line 180 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and oidc_attr_collect_finished_cb().

◆ OIDC_ERROR_KEY_INVALID_REQUEST

#define OIDC_ERROR_KEY_INVALID_REQUEST   "invalid_request"

OIDC error key for invalid requests.

Definition at line 185 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), build_authz_response(), and token_endpoint().

◆ OIDC_ERROR_KEY_INVALID_TOKEN

#define OIDC_ERROR_KEY_INVALID_TOKEN   "invalid_token"

OIDC error key for invalid tokens.

Definition at line 190 of file plugin_rest_openid_connect.c.

Referenced by userinfo_endpoint().

◆ OIDC_ERROR_KEY_INVALID_COOKIE

#define OIDC_ERROR_KEY_INVALID_COOKIE   "invalid_cookie"

OIDC error key for invalid cookies.

Definition at line 195 of file plugin_rest_openid_connect.c.

Referenced by code_redirect().

◆ OIDC_ERROR_KEY_SERVER_ERROR

#define OIDC_ERROR_KEY_SERVER_ERROR   "server_error"

◆ OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE

#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE   "unsupported_grant_type"

OIDC error key for unsupported grants.

Definition at line 205 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE

#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE   "unsupported_response_type"

OIDC error key for unsupported response types.

Definition at line 210 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT

#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT   "unauthorized_client"

OIDC error key for unauthorized clients.

Definition at line 215 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint().

◆ OIDC_ERROR_KEY_ACCESS_DENIED

#define OIDC_ERROR_KEY_ACCESS_DENIED   "access_denied"

OIDC error key for denied access.

Definition at line 220 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

Function Documentation

◆ cleanup_handle()

static void cleanup_handle ( struct RequestHandle handle)
static

Cleanup lookup handle.

Parameters
handleHandle to clean up

Definition at line 536 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, RequestHandle::attests_list, RequestHandle::attr_it, RequestHandle::attr_list, OIDC_Variables::client_id, RequestHandle::edesc, RequestHandle::ego_head, RequestHandle::emsg, RequestHandle::gns_handle, RequestHandle::gns_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_free_non_null, GNUNET_GNS_disconnect(), GNUNET_GNS_lookup_cancel(), GNUNET_IDENTITY_disconnect(), GNUNET_log, GNUNET_NAMESTORE_disconnect(), GNUNET_RECLAIM_attestation_list_destroy(), GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_disconnect(), GNUNET_RECLAIM_get_attestations_stop(), GNUNET_RECLAIM_get_attributes_stop(), GNUNET_RECLAIM_ticket_iteration_stop(), GNUNET_SCHEDULER_cancel(), EgoEntry::identifier, RequestHandle::identity_handle, RequestHandle::idp, EgoEntry::keystring, OIDC_Variables::login_identity, RequestHandle::namestore_handle, EgoEntry::next, OIDC_Variables::nonce, RequestHandle::oidc, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::response, OIDC_Variables::response_type, OIDC_Variables::scope, OIDC_Variables::state, RequestHandle::ticket_it, RequestHandle::timeout_task, RequestHandle::tld, and RequestHandle::url.

Referenced by cleanup_handle_delayed(), options_cont(), and return_userinfo_response().

537 {
538  struct EgoEntry *ego_entry;
539  struct EgoEntry *ego_tmp;
540 
541  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
542  if (NULL != handle->timeout_task)
544  if (NULL != handle->identity_handle)
546  if (NULL != handle->attr_it)
548  if (NULL != handle->attest_it)
550  if (NULL != handle->ticket_it)
552  if (NULL != handle->idp)
553  GNUNET_RECLAIM_disconnect (handle->idp);
554  GNUNET_free_non_null (handle->url);
555  GNUNET_free_non_null (handle->tld);
558  GNUNET_free_non_null (handle->emsg);
559  GNUNET_free_non_null (handle->edesc);
560  if (NULL != handle->gns_op)
562  if (NULL != handle->gns_handle)
564 
565  if (NULL != handle->namestore_handle)
567  if (NULL != handle->oidc)
568  {
571  GNUNET_free_non_null (handle->oidc->nonce);
574  GNUNET_free_non_null (handle->oidc->scope);
575  GNUNET_free_non_null (handle->oidc->state);
576  json_decref (handle->oidc->response);
577  GNUNET_free (handle->oidc);
578  }
581 
582  for (ego_entry = handle->ego_head; NULL != ego_entry;)
583  {
584  ego_tmp = ego_entry;
585  ego_entry = ego_entry->next;
586  GNUNET_free (ego_tmp->identifier);
587  GNUNET_free (ego_tmp->keystring);
588  GNUNET_free (ego_tmp);
589  }
590  GNUNET_free (handle);
591 }
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
char * nonce
The OIDC nonce.
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
void GNUNET_RECLAIM_attestation_list_destroy(struct GNUNET_RECLAIM_AttestationList *attestations)
Destroy claim list.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
void GNUNET_RECLAIM_disconnect(struct GNUNET_RECLAIM_Handle *h)
Disconnect from identity provider service.
Definition: reclaim_api.c:1066
void GNUNET_RECLAIM_ticket_iteration_stop(struct GNUNET_RECLAIM_TicketIterator *it)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1661
#define GNUNET_free_non_null(ptr)
Free the memory pointed to by ptr if ptr is not NULL.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The ego list.
char * response_type
The OIDC response type.
void GNUNET_NAMESTORE_disconnect(struct GNUNET_NAMESTORE_Handle *h)
Disconnect from the namestore service (and free associated resources).
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
void GNUNET_GNS_disconnect(struct GNUNET_GNS_Handle *handle)
Shutdown connection with the GNS service.
Definition: gns_api.c:290
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
char * tld
The tld for redirect.
void GNUNET_IDENTITY_disconnect(struct GNUNET_IDENTITY_Handle *h)
Disconnect from identity service.
Definition: identity_api.c:837
char * keystring
Public key string.
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
char * state
The OIDC state.
char * identifier
Ego Identifier.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
char * redirect_prefix
The redirect prefix.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
struct EgoEntry * ego_head
Ego list.
void GNUNET_RECLAIM_get_attributes_stop(struct GNUNET_RECLAIM_AttributeIterator *it)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1360
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
char * redirect_suffix
The redirect suffix.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
#define GNUNET_log(kind,...)
void * GNUNET_GNS_lookup_cancel(struct GNUNET_GNS_LookupRequest *lr)
Cancel pending lookup request.
Definition: gns_api.c:314
json_t * response
The response JSON.
struct EgoEntry * next
DLL.
void GNUNET_RECLAIM_get_attestations_stop(struct GNUNET_RECLAIM_AttestationIterator *ait)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1471
struct GNUNET_IDENTITY_Handle * identity_handle
Handle to Identity service.
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_NAMESTORE_Handle * namestore_handle
Handle to NAMESTORE.
char * login_identity
The identity chosen by the user to login.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:974
char * url
The url.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cleanup_handle_delayed()

static void cleanup_handle_delayed ( void *  cls)
static

Definition at line 595 of file plugin_rest_openid_connect.c.

References cleanup_handle().

Referenced by build_redirect(), do_error(), do_redirect_error(), do_userinfo_error(), login_cont(), login_redirect(), oidc_ticket_issue_cb(), and token_endpoint().

596 {
597  cleanup_handle (cls);
598 }
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_error()

static void do_error ( void *  cls)
static

Task run on error, sends error message.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 607 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::response_code, and OIDC_Variables::state.

Referenced by authorize_endpoint(), build_authz_response(), do_timeout(), init_cont(), login_redirect(), oidc_iteration_error(), and token_endpoint().

608 {
609  struct RequestHandle *handle = cls;
610  struct MHD_Response *resp;
611  char *json_error;
612 
613  GNUNET_asprintf (&json_error,
614  "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
615  handle->emsg,
616  (NULL != handle->edesc) ? handle->edesc : "",
617  (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
618  (NULL != handle->oidc->state) ? handle->oidc->state : "",
619  (NULL != handle->oidc->state) ? "\"" : "");
620  if (0 == handle->response_code)
621  handle->response_code = MHD_HTTP_BAD_REQUEST;
622  resp = GNUNET_REST_create_response (json_error);
623  if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
624  MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
625  MHD_add_response_header (resp,
626  MHD_HTTP_HEADER_CONTENT_TYPE,
627  "application/json");
628  handle->proc (handle->proc_cls, resp, handle->response_code);
630  GNUNET_free (json_error);
631 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_userinfo_error()

static void do_userinfo_error ( void *  cls)
static

Task run on error in userinfo endpoint, sends error header.

Cleans up everything

Parameters
clsthe struct RequestHandle

Definition at line 641 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), handle, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::response_code.

Referenced by userinfo_endpoint().

642 {
643  struct RequestHandle *handle = cls;
644  struct MHD_Response *resp;
645  char *error;
646 
647  GNUNET_asprintf (&error,
648  "error=\"%s\", error_description=\"%s\"",
649  handle->emsg,
650  (NULL != handle->edesc) ? handle->edesc : "");
651  resp = GNUNET_REST_create_response ("");
652  MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
653  handle->proc (handle->proc_cls, resp, handle->response_code);
655  GNUNET_free (error);
656 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_redirect_error()

static void do_redirect_error ( void *  cls)
static

Task run on error, sends error message and redirects.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 665 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, OIDC_Variables::redirect_uri, and OIDC_Variables::state.

Referenced by build_authz_response(), code_redirect(), lookup_redirect_uri_result(), oidc_attr_collect_finished_cb(), and oidc_ticket_issue_cb().

666 {
667  struct RequestHandle *handle = cls;
668  struct MHD_Response *resp;
669  char *redirect;
670 
671  GNUNET_asprintf (&redirect,
672  "%s?error=%s&error_description=%s%s%s",
673  handle->oidc->redirect_uri,
674  handle->emsg,
675  handle->edesc,
676  (NULL != handle->oidc->state) ? "&state=" : "",
677  (NULL != handle->oidc->state) ? handle->oidc->state : "");
678  resp = GNUNET_REST_create_response ("");
679  MHD_add_response_header (resp, "Location", redirect);
680  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
682  GNUNET_free (redirect);
683 }
char * redirect_uri
The OIDC redirect uri.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_timeout()

static void do_timeout ( void *  cls)
static

Task run on timeout, sends error message.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 692 of file plugin_rest_openid_connect.c.

References do_error(), handle, and RequestHandle::timeout_task.

Referenced by rest_identity_process_request().

693 {
694  struct RequestHandle *handle = cls;
695 
696  handle->timeout_task = NULL;
697  do_error (handle);
698 }
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void do_error(void *cls)
Task run on error, sends error message.
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ return_userinfo_response()

static void return_userinfo_response ( void *  cls)
static

Return attributes for claim.

Parameters
clsthe request handle

Definition at line 707 of file plugin_rest_openid_connect.c.

References cleanup_handle(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_REST_create_response(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, and OIDC_Variables::response.

Referenced by consume_ticket().

708 {
709  char *result_str;
710  struct RequestHandle *handle = cls;
711  struct MHD_Response *resp;
712 
713  result_str = json_dumps (handle->oidc->response, 0);
714  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,"ID-Token: %s\n",result_str);
715  resp = GNUNET_REST_create_response (result_str);
716  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
717  GNUNET_free (result_str);
718  cleanup_handle (handle);
719 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_log(kind,...)
json_t * response
The response JSON.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ options_cont()

static void options_cont ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Respond to OPTIONS request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 730 of file plugin_rest_openid_connect.c.

References allow_methods, cleanup_handle(), GNUNET_REST_create_response(), handle, RequestHandle::proc, and RequestHandle::proc_cls.

Referenced by init_cont().

733 {
734  struct MHD_Response *resp;
735  struct RequestHandle *handle = cls;
736 
737  // For now, independent of path return all options
738  resp = GNUNET_REST_create_response (NULL);
739  MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
740  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
741  cleanup_handle (handle);
742  return;
743 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
static char * allow_methods
HTTP methods allows for this plugin.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cookie_identity_interpretation()

static void cookie_identity_interpretation ( struct RequestHandle handle)
static

Interprets cookie header and pass its identity keystring to handle.

Definition at line 750 of file plugin_rest_openid_connect.c.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NO, GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, GNUNET_REST_RequestHandle::header_param_map, OIDC_Variables::login_identity, RequestHandle::oidc, OIDC_COOKIE_HEADER_ACCESS_DENIED, OIDC_COOKIE_HEADER_INFORMATION_KEY, OIDC_COOKIE_HEADER_KEY, RequestHandle::rest_handle, OIDC_Variables::user_cancelled, and value.

Referenced by authorize_endpoint().

751 {
752  struct GNUNET_HashCode cache_key;
753  char *cookies;
754  struct GNUNET_TIME_Absolute current_time, *relog_time;
755  char delimiter[] = "; ";
756  char *tmp_cookies;
757  char *token;
758  char *value;
759 
760  // gets identity of login try with cookie
762  strlen (OIDC_COOKIE_HEADER_KEY),
763  &cache_key);
766  &cache_key))
767  {
768  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
769  return;
770  }
771  // splits cookies and find 'Identity' cookie
772  tmp_cookies =
774  &cache_key);
775  cookies = GNUNET_strdup (tmp_cookies);
776  token = strtok (cookies, delimiter);
777  handle->oidc->user_cancelled = GNUNET_NO;
778  handle->oidc->login_identity = NULL;
779  if (NULL == token)
780  {
782  "Unable to parse cookie: %s\n",
783  cookies);
784  GNUNET_free (cookies);
785  return;
786  }
787 
788  while (NULL != token)
789  {
790  if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED))
791  {
792  handle->oidc->user_cancelled = GNUNET_YES;
793  GNUNET_free (cookies);
794  return;
795  }
796  if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
797  break;
798  token = strtok (NULL, delimiter);
799  }
800  if (NULL == token)
801  {
803  "No cookie value to process: %s\n",
804  cookies);
805  GNUNET_free (cookies);
806  return;
807  }
808  GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
809  if (GNUNET_NO ==
811  {
812  GNUNET_log (
814  "Found cookie `%s', but no corresponding expiration entry present...\n",
815  token);
816  GNUNET_free (cookies);
817  return;
818  }
819  relog_time =
821  current_time = GNUNET_TIME_absolute_get ();
822  // 30 min after old login -> redirect to login
823  if (current_time.abs_value_us > relog_time->abs_value_us)
824  {
826  "Found cookie `%s', but it is expired.\n",
827  token);
828  GNUNET_free (cookies);
829  return;
830  }
831  value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
832  GNUNET_assert (NULL != value);
833  handle->oidc->login_identity = GNUNET_strdup (value);
834  GNUNET_free (cookies);
835 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_NO
Definition: gnunet_common.h:86
#define OIDC_COOKIE_HEADER_INFORMATION_KEY
OIDC cookie header information key.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED
OIDC cookie header if user cancelled.
int user_cancelled
User cancelled authorization/login.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
uint64_t abs_value_us
The actual value.
struct OIDC_Variables * oidc
OIDC variables.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * value
Value of the record to add/remove.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
#define GNUNET_log(kind,...)
Time for absolute times used by GNUnet, in microseconds.
#define GNUNET_YES
Definition: gnunet_common.h:85
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
#define OIDC_COOKIE_HEADER_KEY
OIDC cookie header key.
#define GNUNET_free(ptr)
Wrapper around free.
char * login_identity
The identity chosen by the user to login.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ login_redirect()

static void login_redirect ( void *  cls)
static

Redirects to login page stored in configuration file.

Definition at line 842 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, cleanup_handle_delayed(), OIDC_Variables::client_id, OIDC_Variables::code_challenge, do_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_free, GNUNET_OK, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, OIDC_Variables::nonce, RequestHandle::oidc, OIDC_CLAIMS_KEY, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, OIDC_STATE_KEY, RequestHandle::proc, RequestHandle::proc_cls, OIDC_Variables::redirect_uri, RequestHandle::response_code, OIDC_Variables::response_type, OIDC_Variables::scope, and OIDC_Variables::state.

Referenced by build_authz_response(), and code_redirect().

843 {
844  char *login_base_url;
845  char *new_redirect;
846  struct MHD_Response *resp;
847  struct RequestHandle *handle = cls;
848 
850  "reclaim-rest-plugin",
851  "address",
852  &login_base_url))
853  {
854  GNUNET_asprintf (&new_redirect,
855  "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
856  login_base_url,
858  handle->oidc->response_type,
860  handle->oidc->client_id,
862  handle->oidc->redirect_uri,
864  handle->oidc->scope,
866  (NULL != handle->oidc->state) ? handle->oidc->state : "",
868  (NULL != handle->oidc->code_challenge) ?
869  handle->oidc->code_challenge : "",
871  (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
873  (NULL != handle->oidc->claims) ? handle->oidc->claims :
874  "");
875  resp = GNUNET_REST_create_response ("");
876  MHD_add_response_header (resp, "Location", new_redirect);
877  GNUNET_free (login_base_url);
878  }
879  else
880  {
882  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
883  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
885  return;
886  }
887  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
888  GNUNET_free (new_redirect);
890 }
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
#define OIDC_NONCE_KEY
OIDC nonce key.
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
char * nonce
The OIDC nonce.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
#define OIDC_CLAIMS_KEY
OIDC claims key.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
#define OIDC_STATE_KEY
OIDC state key.
The request handle.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
char * claims
The OIDC claims.
char * state
The OIDC state.
static void do_error(void *cls)
Task run on error, sends error message.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_iteration_error()

static void oidc_iteration_error ( void *  cls)
static

Does internal server error when iteration failed.

Definition at line 897 of file plugin_rest_openid_connect.c.

References do_error(), RequestHandle::emsg, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, OIDC_ERROR_KEY_SERVER_ERROR, and RequestHandle::response_code.

Referenced by code_redirect(), and oidc_attr_collect_finished_cb().

898 {
899  struct RequestHandle *handle = cls;
900 
902  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
904 }
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
The request handle.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
static void do_error(void *cls)
Task run on error, sends error message.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_ticket_issue_cb()

static void oidc_ticket_issue_cb ( void *  cls,
const struct GNUNET_RECLAIM_Ticket ticket 
)
static

Issues ticket and redirects to relying party with the authorization code as parameter.

Otherwise redirects with error

Definition at line 912 of file plugin_rest_openid_connect.c.

References RequestHandle::attests_list, RequestHandle::attr_list, cleanup_handle_delayed(), OIDC_Variables::code_challenge, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_data_to_string_alloc(), handle, RequestHandle::idp_op, OIDC_Variables::nonce, RequestHandle::oidc, OIDC_build_authz_code(), OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::priv_key, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, OIDC_Variables::state, ticket, RequestHandle::ticket, and RequestHandle::tld.

Referenced by oidc_attest_collect_finished_cb(), and oidc_attr_collect_finished_cb().

913 {
914  struct RequestHandle *handle = cls;
915  struct MHD_Response *resp;
916  char *ticket_str;
917  char *redirect_uri;
918  char *code_string;
919 
920  handle->idp_op = NULL;
921  if (NULL == ticket)
922  {
924  handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
926  return;
927  }
928  handle->ticket = *ticket;
929  ticket_str =
931  sizeof(struct GNUNET_RECLAIM_Ticket));
932  // TODO change if more attributes are needed (see max_age)
933  code_string = OIDC_build_authz_code (&handle->priv_key,
934  &handle->ticket,
935  handle->attr_list,
936  handle->attests_list,
937  handle->oidc->nonce,
938  handle->oidc->code_challenge);
939  if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
940  (NULL != handle->tld))
941  {
942  GNUNET_asprintf (&redirect_uri,
943  "%s.%s/%s?%s=%s&state=%s",
944  handle->redirect_prefix,
945  handle->tld,
946  handle->redirect_suffix,
947  handle->oidc->response_type,
948  code_string,
949  handle->oidc->state);
950  }
951  else
952  {
953  GNUNET_asprintf (&redirect_uri,
954  "%s?%s=%s&state=%s",
955  handle->oidc->redirect_uri,
956  handle->oidc->response_type,
957  code_string,
958  handle->oidc->state);
959  }
960  resp = GNUNET_REST_create_response ("");
961  MHD_add_response_header (resp, "Location", redirect_uri);
962  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
964  GNUNET_free (redirect_uri);
965  GNUNET_free (ticket_str);
966  GNUNET_free (code_string);
967 }
char * redirect_uri
The OIDC redirect uri.
The authorization ticket.
char * nonce
The OIDC nonce.
char * OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_AttestationList *attests, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
Definition: oidc_helper.c:431
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * response_type
The OIDC response type.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
char * tld
The tld for redirect.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
char * state
The OIDC state.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
static void cleanup_handle_delayed(void *cls)
char * redirect_prefix
The redirect prefix.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
char * redirect_suffix
The redirect suffix.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:935
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attest_collect_finished_cb()

static void oidc_attest_collect_finished_cb ( void *  cls)
static

Definition at line 971 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, RequestHandle::attr_list, OIDC_Variables::client_pkey, GNUNET_RECLAIM_ticket_issue(), handle, RequestHandle::idp, RequestHandle::idp_op, RequestHandle::oidc, oidc_ticket_issue_cb(), and RequestHandle::priv_key.

Referenced by oidc_attr_collect_finished_cb().

972 {
973  struct RequestHandle *handle = cls;
974 
975  handle->attest_it = NULL;
976  handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
977  &handle->priv_key,
978  &handle->oidc->client_pkey,
979  handle->attr_list,
981  handle);
982 }
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
static void oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
Issues ticket and redirects to relying party with the authorization code as parameter.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_issue(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, const struct GNUNET_RECLAIM_AttributeList *attrs, GNUNET_RECLAIM_TicketCallback cb, void *cb_cls)
Issues a ticket to a relying party.
Definition: reclaim_api.c:1504
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attest_collect()

static void oidc_attest_collect ( void *  cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey identity,
const struct GNUNET_RECLAIM_Attestation attest 
)
static

Collects all attributes for an ego if in scope parameter.

Definition at line 989 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, GNUNET_RECLAIM_Attribute::attestation, GNUNET_RECLAIM_AttestationListEntry::attestation, RequestHandle::attests_list, RequestHandle::attr_list, GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attestation::data, GNUNET_RECLAIM_Attestation::data_size, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_NO, GNUNET_RECLAIM_attestation_new(), GNUNET_RECLAIM_get_attestations_next(), GNUNET_RECLAIM_id_is_equal, handle, GNUNET_RECLAIM_Attestation::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttestationList::list_head, GNUNET_RECLAIM_AttestationList::list_tail, GNUNET_RECLAIM_Attestation::name, GNUNET_RECLAIM_AttributeListEntry::next, and GNUNET_RECLAIM_Attestation::type.

Referenced by oidc_attr_collect_finished_cb().

992 {
993  struct RequestHandle *handle = cls;
995 
996  for (le = handle->attr_list->list_head; NULL != le; le = le->next)
997  {
999  &attest->id))
1000  {
1004  attest->type,
1005  attest->data,
1006  attest->data_size);
1008  handle->attests_list->list_tail,
1009  ale);
1010  }
1011  }
1013 }
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
struct GNUNET_RECLAIM_Attestation * attestation
The attestation.
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void GNUNET_RECLAIM_get_attestations_next(struct GNUNET_RECLAIM_AttestationIterator *ait)
Calls the record processor specified in #GNUNET_RECLAIM_get_attestation_start for the next record...
Definition: reclaim_api.c:1449
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Attestation * GNUNET_RECLAIM_attestation_new(const char *name, uint32_t type, const void *data, size_t data_size)
Create a new attestation.
const char * name
The name of the attribute.
struct GNUNET_RECLAIM_Identifier id
ID.
uint32_t type
Type/Format of Claim.
struct GNUNET_RECLAIM_AttestationListEntry * list_head
List head.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
const void * data
Binary value stored as attribute value.
struct GNUNET_RECLAIM_AttestationListEntry * list_tail
List tail.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
#define GNUNET_RECLAIM_id_is_equal(a, b)
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attr_collect_finished_cb()

static void oidc_attr_collect_finished_cb ( void *  cls)
static

Definition at line 1017 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, RequestHandle::attests_list, RequestHandle::attr_it, RequestHandle::attr_list, OIDC_Variables::client_pkey, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_new, GNUNET_RECLAIM_get_attestations_start(), GNUNET_RECLAIM_ticket_issue(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, RequestHandle::idp, RequestHandle::idp_op, GNUNET_RECLAIM_AttributeList::list_head, RequestHandle::oidc, oidc_attest_collect(), oidc_attest_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_SCOPE, oidc_iteration_error(), oidc_ticket_issue_cb(), RequestHandle::priv_key, and RequestHandle::ticket_it.

Referenced by code_redirect().

1018 {
1019  struct RequestHandle *handle = cls;
1020 
1021  handle->attr_it = NULL;
1022  handle->ticket_it = NULL;
1023  if (NULL == handle->attr_list->list_head)
1024  {
1026  handle->edesc = GNUNET_strdup ("The requested scope is not available.");
1028  return;
1029  }
1031  handle->attest_it =
1033  &handle->priv_key,
1035  handle,
1037  handle,
1039  handle);
1040 
1041  handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
1042  &handle->priv_key,
1043  &handle->oidc->client_pkey,
1044  handle->attr_list,
1046  handle);
1047 }
struct GNUNET_RECLAIM_AttestationIterator * GNUNET_RECLAIM_get_attestations_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttestationResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attestations for a local identity.
Definition: reclaim_api.c:1402
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
static void oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
Issues ticket and redirects to relying party with the authorization code as parameter.
A list of GNUNET_RECLAIM_Attestation structures.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void oidc_attest_collect(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attestation *attest)
Collects all attributes for an ego if in scope parameter.
static void oidc_attest_collect_finished_cb(void *cls)
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_issue(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, const struct GNUNET_RECLAIM_AttributeList *attrs, GNUNET_RECLAIM_TicketCallback cb, void *cb_cls)
Issues a ticket to a relying party.
Definition: reclaim_api.c:1504
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attr_collect()

static void oidc_attr_collect ( void *  cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey identity,
const struct GNUNET_RECLAIM_Attribute attr 
)
static

Collects all attributes for an ego if in scope parameter.

Definition at line 1054 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Attribute::attestation, RequestHandle::attr_it, RequestHandle::attr_list, GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_free, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_get_attributes_next(), GNUNET_strdup, handle, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, RequestHandle::oidc, OIDC_Variables::scope, and GNUNET_RECLAIM_Attribute::type.

Referenced by code_redirect().

1057 {
1058  struct RequestHandle *handle = cls;
1060  char *scope_variables;
1061  char *scope_variable;
1062  char delimiter[] = " ";
1063 
1064  scope_variables = GNUNET_strdup (handle->oidc->scope);
1065  scope_variable = strtok (scope_variables, delimiter);
1066  while (NULL != scope_variable)
1067  {
1068  if (0 == strcmp (attr->name, scope_variable))
1069  break;
1070  scope_variable = strtok (NULL, delimiter);
1071  }
1072  if (NULL == scope_variable)
1073  {
1075  GNUNET_free (scope_variables);
1076  // We can ignore this
1077  return;
1078  }
1079  GNUNET_free (scope_variables);
1082  &attr->attestation,
1083  attr->type,
1084  attr->data,
1085  attr->data_size);
1086  le->attribute->id = attr->id;
1087  le->attribute->flag = attr->flag;
1088  le->attribute->attestation = attr->attestation;
1090  handle->attr_list->list_tail,
1091  le);
1093 }
char * scope
The list of oidc scopes.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
const char * name
The name of the attribute.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void GNUNET_RECLAIM_get_attributes_next(struct GNUNET_RECLAIM_AttributeIterator *it)
Calls the record processor specified in GNUNET_RECLAIM_get_attributes_start for the next record...
Definition: reclaim_api.c:1339
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
struct OIDC_Variables * oidc
OIDC variables.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_Identifier id
ID.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *attestation, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
const void * data
Binary value stored as attribute value.
uint32_t type
Type of Claim.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ code_redirect()

static void code_redirect ( void *  cls)
static

Checks time and cookie and redirects accordingly.

Definition at line 1100 of file plugin_rest_openid_connect.c.

References GNUNET_TIME_Absolute::abs_value_us, RequestHandle::attr_it, RequestHandle::attr_list, do_redirect_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::ego_entry, RequestHandle::ego_head, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_ecdsa_public_key_from_string(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_connect(), GNUNET_RECLAIM_get_attributes_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, RequestHandle::idp, OIDC_Variables::login_identity, login_redirect(), EgoEntry::next, RequestHandle::oidc, oidc_attr_collect(), oidc_attr_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_COOKIE, oidc_iteration_error(), and RequestHandle::priv_key.

Referenced by build_redirect().

1101 {
1102  struct RequestHandle *handle = cls;
1103  struct GNUNET_TIME_Absolute current_time;
1104  struct GNUNET_TIME_Absolute *relog_time;
1106  struct GNUNET_CRYPTO_EcdsaPublicKey ego_pkey;
1107  struct GNUNET_HashCode cache_key;
1108  char *identity_cookie;
1109 
1110  GNUNET_asprintf (&identity_cookie,
1111  "Identity=%s",
1112  handle->oidc->login_identity);
1113  GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
1114  GNUNET_free (identity_cookie);
1115  // No login time for identity -> redirect to login
1116  if (GNUNET_YES ==
1118  {
1119  relog_time =
1121  current_time = GNUNET_TIME_absolute_get ();
1122  // 30 min after old login -> redirect to login
1123  if (current_time.abs_value_us <= relog_time->abs_value_us)
1124  {
1125  if (GNUNET_OK !=
1127  ->login_identity,
1128  strlen (
1129  handle->oidc
1130  ->login_identity),
1131  &pubkey))
1132  {
1134  handle->edesc =
1135  GNUNET_strdup ("The cookie of a login identity is not valid");
1137  return;
1138  }
1139  // iterate over egos and compare their public key
1140  for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1141  handle->ego_entry = handle->ego_entry->next)
1142  {
1143  GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
1144  if (0 == GNUNET_memcmp (&ego_pkey, &pubkey))
1145  {
1146  handle->priv_key =
1148  handle->idp = GNUNET_RECLAIM_connect (cfg);
1149  handle->attr_list =
1151  handle->attr_it =
1153  &handle->priv_key,
1155  handle,
1157  handle,
1159  handle);
1160  return;
1161  }
1162  }
1164  return;
1165  }
1166  }
1167 }
struct GNUNET_RECLAIM_AttributeIterator * GNUNET_RECLAIM_get_attributes_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttributeResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attributes for a local identity.
Definition: reclaim_api.c:1293
static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey
Public key of the zone to look in.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:555
A list of GNUNET_RECLAIM_Attribute structures.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_new(type)
Allocate a struct or union of the given type.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
uint64_t abs_value_us
The actual value.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
static void oidc_attr_collect(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
Collects all attributes for an ego if in scope parameter.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
#define OIDC_ERROR_KEY_INVALID_COOKIE
OIDC error key for invalid cookies.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
void GNUNET_IDENTITY_ego_get_public_key(const struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:568
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct GNUNET_RECLAIM_AttributeList * attr_list
Attribute claim list.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:357
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
Time for absolute times used by GNUnet, in microseconds.
#define GNUNET_YES
Definition: gnunet_common.h:85
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
struct EgoEntry * ego_entry
IDENTITY Operation.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct GNUNET_RECLAIM_Handle * GNUNET_RECLAIM_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the re:claimID service.
Definition: reclaim_api.c:1026
struct EgoEntry * next
DLL.
#define GNUNET_free(ptr)
Wrapper around free.
static void oidc_attr_collect_finished_cb(void *cls)
char * login_identity
The identity chosen by the user to login.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ build_redirect()

static void build_redirect ( void *  cls)
static

Definition at line 1171 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), code_redirect(), GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_YES, handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::state, RequestHandle::tld, and OIDC_Variables::user_cancelled.

Referenced by lookup_redirect_uri_result().

1172 {
1173  struct RequestHandle *handle = cls;
1174  struct MHD_Response *resp;
1175  char *redirect_uri;
1176 
1177  if (GNUNET_YES == handle->oidc->user_cancelled)
1178  {
1179  if ((NULL != handle->redirect_prefix) &&
1180  (NULL != handle->redirect_suffix) && (NULL != handle->tld))
1181  {
1182  GNUNET_asprintf (&redirect_uri,
1183  "%s.%s/%s?error=%s&error_description=%s&state=%s",
1184  handle->redirect_prefix,
1185  handle->tld,
1186  handle->redirect_suffix,
1187  "access_denied",
1188  "User denied access",
1189  handle->oidc->state);
1190  }
1191  else
1192  {
1193  GNUNET_asprintf (&redirect_uri,
1194  "%s?error=%s&error_description=%s&state=%s",
1195  handle->oidc->redirect_uri,
1196  "access_denied",
1197  "User denied access",
1198  handle->oidc->state);
1199  }
1200  resp = GNUNET_REST_create_response ("");
1201  MHD_add_response_header (resp, "Location", redirect_uri);
1202  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1204  GNUNET_free (redirect_uri);
1205  return;
1206  }
1208 }
char * redirect_uri
The OIDC redirect uri.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
int user_cancelled
User cancelled authorization/login.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
char * tld
The tld for redirect.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void code_redirect(void *cls)
Checks time and cookie and redirects accordingly.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
char * redirect_prefix
The redirect prefix.
char * redirect_suffix
The redirect suffix.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_YES
Definition: gnunet_common.h:85
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ lookup_redirect_uri_result()

static void lookup_redirect_uri_result ( void *  cls,
uint32_t  rd_count,
const struct GNUNET_GNSRECORD_Data rd 
)
static

Definition at line 1212 of file plugin_rest_openid_connect.c.

References build_redirect(), OIDC_Variables::client_id, data, data_size, GNUNET_GNSRECORD_Data::data_size, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, RequestHandle::gns_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_log, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_strndup, handle, RequestHandle::oidc, OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, and OIDC_Variables::redirect_uri.

Referenced by client_redirect().

1215 {
1216  struct RequestHandle *handle = cls;
1217  char *tmp;
1218  char *tmp_key_str;
1219  char *pos;
1220  struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
1221 
1222  handle->gns_op = NULL;
1223  if (0 == rd_count)
1224  {
1226  handle->edesc =
1227  GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1229  return;
1230  }
1231  for (int i = 0; i < rd_count; i++)
1232  {
1233  if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
1234  continue;
1235  if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size))
1236  continue;
1237  tmp = GNUNET_strndup (rd[i].data, rd[i].data_size);
1238  if (NULL == strstr (tmp, handle->oidc->client_id))
1239  {
1241  "Redirect uri %s does not contain client_id %s\n",
1242  tmp,
1243  handle->oidc->client_id);
1244  }
1245  else
1246  {
1247  pos = strrchr (tmp, (unsigned char) '.');
1248  if (NULL == pos)
1249  {
1251  "Redirect uri %s contains client_id but is malformed\n",
1252  tmp);
1253  GNUNET_free (tmp);
1254  continue;
1255  }
1256  *pos = '\0';
1257  handle->redirect_prefix = GNUNET_strdup (tmp);
1258  tmp_key_str = pos + 1;
1259  pos = strchr (tmp_key_str, (unsigned char) '/');
1260  if (NULL == pos)
1261  {
1263  "Redirect uri %s contains client_id but is malformed\n",
1264  tmp);
1265  GNUNET_free (tmp);
1266  continue;
1267  }
1268  *pos = '\0';
1269  handle->redirect_suffix = GNUNET_strdup (pos + 1);
1270 
1271  GNUNET_STRINGS_string_to_data (tmp_key_str,
1272  strlen (tmp_key_str),
1273  &redirect_zone,
1274  sizeof(redirect_zone));
1275  }
1277  GNUNET_free (tmp);
1278  return;
1279  }
1281  handle->edesc =
1282  GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1284 }
static void build_redirect(void *cls)
char * redirect_uri
The OIDC redirect uri.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
static size_t data_size
Number of bytes in data.
Definition: gnunet-abd.c:187
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
size_t data_size
Number of bytes in data.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
char * redirect_prefix
The redirect prefix.
char * redirect_suffix
The redirect suffix.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
uint32_t data
The data value.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:970
#define GNUNET_free(ptr)
Wrapper around free.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ client_redirect()

static void client_redirect ( void *  cls)
static

Initiate redirect back to client.

Definition at line 1291 of file plugin_rest_openid_connect.c.

References OIDC_Variables::client_pkey, RequestHandle::gns_handle, RequestHandle::gns_op, GNUNET_GNS_EMPTY_LABEL_AT, GNUNET_GNS_LO_DEFAULT, GNUNET_GNS_lookup(), GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, handle, lookup_redirect_uri_result(), and RequestHandle::oidc.

Referenced by build_authz_response().

1292 {
1293  struct RequestHandle *handle = cls;
1294 
1295  /* Lookup client redirect uri to verify request */
1296  handle->gns_op =
1297  GNUNET_GNS_lookup (handle->gns_handle,
1299  &handle->oidc->client_pkey,
1303  handle);
1304 }
#define GNUNET_GNS_EMPTY_LABEL_AT
String we use to indicate an empty label (top-level entry in the zone).
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
static void lookup_redirect_uri_result(void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
Defaults, look in cache, then in DHT.
struct GNUNET_GNS_LookupRequest * GNUNET_GNS_lookup(struct GNUNET_GNS_Handle *handle, const char *name, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, uint32_t type, enum GNUNET_GNS_LocalOptions options, GNUNET_GNS_LookupResultProcessor proc, void *proc_cls)
Perform an asynchronous lookup operation on the GNS.
Definition: gns_api.c:412
Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_url_parameter_copy()

static char* get_url_parameter_copy ( const struct RequestHandle handle,
const char *  key 
)
static

Definition at line 1308 of file plugin_rest_openid_connect.c.

References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_strdup, GNUNET_YES, RequestHandle::rest_handle, GNUNET_REST_RequestHandle::url_param_map, and value.

Referenced by authorize_endpoint(), build_authz_response(), and token_endpoint().

1309 {
1310  struct GNUNET_HashCode hc;
1311  char *value;
1312 
1313  GNUNET_CRYPTO_hash (key, strlen (key), &hc);
1315  ->url_param_map,
1316  &hc))
1317  return NULL;
1318  value =
1320  if (NULL == value)
1321  return NULL;
1322  return GNUNET_strdup (value);
1323 }
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * value
Value of the record to add/remove.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
struct GNUNET_HashCode key
The key used in the DHT.
#define GNUNET_YES
Definition: gnunet_common.h:85
Here is the call graph for this function:
Here is the caller graph for this function:

◆ build_authz_response()

static void build_authz_response ( void *  cls)
static

Iteration over all results finished, build final response.

Parameters
clsthe struct RequestHandle

Definition at line 1333 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, client_redirect(), do_error(), do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_YES, handle, iterator(), OIDC_Variables::login_identity, login_redirect(), OIDC_Variables::nonce, RequestHandle::oidc, OIDC_CLAIMS_KEY, OIDC_ERROR_KEY_ACCESS_DENIED, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_SCOPE, OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_SCOPE, OIDC_ignored_parameter_array, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, RequestHandle::rest_handle, OIDC_Variables::scope, GNUNET_REST_RequestHandle::url_param_map, and OIDC_Variables::user_cancelled.

Referenced by authorize_endpoint().

1334 {
1335  struct RequestHandle *handle = cls;
1336  struct GNUNET_HashCode cache_key;
1337 
1338  char *expected_scope;
1339  char delimiter[] = " ";
1340  int number_of_ignored_parameter, iterator;
1341 
1342 
1343  // REQUIRED value: redirect_uri
1344  handle->oidc->redirect_uri =
1346  if (NULL == handle->oidc->redirect_uri)
1347  {
1349  handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1351  return;
1352  }
1353 
1354  // REQUIRED value: response_type
1355  handle->oidc->response_type =
1357  if (NULL == handle->oidc->response_type)
1358  {
1360  handle->edesc = GNUNET_strdup ("missing parameter response_type");
1362  return;
1363  }
1364 
1365  // REQUIRED value: scope
1366  handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1367  if (NULL == handle->oidc->scope)
1368  {
1370  handle->edesc = GNUNET_strdup ("missing parameter scope");
1372  return;
1373  }
1374 
1375  // OPTIONAL value: nonce
1376  handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY);
1377 
1378  // OPTIONAL value: claims
1379  handle->oidc->claims = get_url_parameter_copy (handle, OIDC_CLAIMS_KEY);
1380 
1381  // TODO check other values if needed
1382  number_of_ignored_parameter =
1383  sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
1384  for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
1385  {
1387  strlen (OIDC_ignored_parameter_array[iterator]),
1388  &cache_key);
1389  if (GNUNET_YES ==
1391  ->url_param_map,
1392  &cache_key))
1393  {
1395  GNUNET_asprintf (&handle->edesc,
1396  "Server will not handle parameter: %s",
1397  OIDC_ignored_parameter_array[iterator]);
1399  return;
1400  }
1401  }
1402 
1403  // We only support authorization code flows.
1404  if (0 != strcmp (handle->oidc->response_type,
1406  {
1408  handle->edesc = GNUNET_strdup ("The authorization server does not support "
1409  "obtaining this authorization code.");
1411  return;
1412  }
1413 
1414  // Checks if scope contains 'openid'
1415  expected_scope = GNUNET_strdup (handle->oidc->scope);
1416  char *test;
1417  test = strtok (expected_scope, delimiter);
1418  while (NULL != test)
1419  {
1420  if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
1421  break;
1422  test = strtok (NULL, delimiter);
1423  }
1424  if (NULL == test)
1425  {
1427  handle->edesc =
1428  GNUNET_strdup ("The requested scope is invalid, unknown, or malformed.");
1430  GNUNET_free (expected_scope);
1431  return;
1432  }
1433 
1434  GNUNET_free (expected_scope);
1435  if ((NULL == handle->oidc->login_identity) &&
1436  (GNUNET_NO == handle->oidc->user_cancelled))
1438  else
1440 }
static int iterator(void *cls, const struct GNUNET_PeerIdentity *key, void *value)
Iterator over hash map entries.
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
#define OIDC_NONCE_KEY
OIDC nonce key.
char * nonce
The OIDC nonce.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE
OIDC expected response_type while authorizing.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
#define OIDC_CLAIMS_KEY
OIDC claims key.
#define GNUNET_NO
Definition: gnunet_common.h:86
int user_cancelled
User cancelled authorization/login.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE
OIDC error key for unsupported response types.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
char * claims
The OIDC claims.
#define OIDC_ERROR_KEY_ACCESS_DENIED
OIDC error key for denied access.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE
OIDC expected scope part while authorizing.
static char * OIDC_ignored_parameter_array[]
OIDC ignored parameter array.
static void client_redirect(void *cls)
Initiate redirect back to client.
static void do_error(void *cls)
Task run on error, sends error message.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define GNUNET_YES
Definition: gnunet_common.h:85
#define GNUNET_free(ptr)
Wrapper around free.
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
char * login_identity
The identity chosen by the user to login.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ tld_iter()

static void tld_iter ( void *  cls,
const char *  section,
const char *  option,
const char *  value 
)
static

Iterate over tlds in config.

Definition at line 1447 of file plugin_rest_openid_connect.c.

References OIDC_Variables::client_pkey, GNUNET_CRYPTO_ecdsa_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_strdup, handle, RequestHandle::oidc, and RequestHandle::tld.

Referenced by authorize_endpoint().

1448 {
1449  struct RequestHandle *handle = cls;
1451 
1452  if (GNUNET_OK !=
1454  {
1455  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
1456  return;
1457  }
1458  if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1459  handle->tld = GNUNET_strdup (option + 1);
1460 }
static char * pkey
Public key of the zone to look in, in ASCII.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
static char * value
Value of the record to add/remove.
char * tld
The tld for redirect.
static char * option
Name of the option.
Definition: gnunet-config.c:38
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:357
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ authorize_endpoint()

static void authorize_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to authorization GET and url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1471 of file plugin_rest_openid_connect.c.

References build_authz_response(), OIDC_Variables::client_id, OIDC_Variables::client_pkey, OIDC_Variables::code_challenge, cookie_identity_interpretation(), do_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::ego_entry, RequestHandle::ego_head, RequestHandle::ego_tail, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_CONFIGURATION_iterate_section_values(), GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_ecdsa_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, EgoEntry::identifier, EgoEntry::next, RequestHandle::oidc, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT, OIDC_SCOPE_KEY, OIDC_STATE_KEY, RequestHandle::response_code, OIDC_Variables::scope, OIDC_Variables::state, RequestHandle::tld, and tld_iter().

Referenced by init_cont().

1474 {
1475  struct RequestHandle *handle = cls;
1476  struct EgoEntry *tmp_ego;
1477  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
1479 
1481 
1482  // RECOMMENDED value: state - REQUIRED for answers
1483  handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY);
1484 
1485  // REQUIRED value: client_id
1487  if (NULL == handle->oidc->client_id)
1488  {
1490  handle->edesc = GNUNET_strdup ("missing parameter client_id");
1491  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1493  return;
1494  }
1495 
1496  // OPTIONAL value: code_challenge
1497  handle->oidc->code_challenge = get_url_parameter_copy (handle,
1499  if (NULL == handle->oidc->code_challenge)
1500  {
1502  "OAuth authorization request does not contain PKCE parameters!\n");
1503  }
1504 
1505  if (GNUNET_OK !=
1507  strlen (
1508  handle->oidc->client_id),
1509  &handle->oidc->client_pkey))
1510  {
1512  handle->edesc = GNUNET_strdup ("The client is not authorized to request an "
1513  "authorization code using this method.");
1514  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1516  return;
1517  }
1518 
1519  // If we know this identity, translated the corresponding TLD
1520  // TODO: We might want to have a reverse lookup functionality for TLDs?
1521  for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
1522  {
1523  priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
1525  if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1526  {
1527  handle->tld = GNUNET_strdup (tmp_ego->identifier);
1528  handle->ego_entry = handle->ego_tail;
1529  }
1530  }
1531  handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1533  handle->oidc->scope));
1534  if (NULL == handle->tld)
1536  if (NULL == handle->tld)
1537  handle->tld = GNUNET_strdup (handle->oidc->client_id);
1539 }
char * scope
The list of oidc scopes.
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
static char * pkey
Public key of the zone to look in, in ASCII.
struct EgoEntry * ego_tail
Ego list.
void GNUNET_CONFIGURATION_iterate_section_values(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, GNUNET_CONFIGURATION_Iterator iter, void *iter_cls)
Iterate over values of a section in the configuration.
static void cookie_identity_interpretation(struct RequestHandle *handle)
Interprets cookie header and pass its identity keystring to handle.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT
OIDC error key for unauthorized clients.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:555
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static void tld_iter(void *cls, const char *section, const char *option, const char *value)
Iterate over tlds in config.
Private ECC key encoded for transmission.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
#define OIDC_STATE_KEY
OIDC state key.
The request handle.
The ego list.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
char * tld
The tld for redirect.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:172
static void build_authz_response(void *cls)
Iteration over all results finished, build final response.
char * state
The OIDC state.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
char * identifier
Ego Identifier.
static void do_error(void *cls)
Task run on error, sends error message.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:357
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
char * code_challenge
The PKCE code_challenge.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct EgoEntry * next
DLL.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ login_cont()

static void login_cont ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Combines an identity with a login time and responds OK to login request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1550 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), GNUNET_REST_RequestHandle::data, GNUNET_REST_RequestHandle::data_size, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_free_non_null, GNUNET_log, GNUNET_memcpy, GNUNET_new, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_TIME_relative_get_second_(), GNUNET_TIME_relative_multiply(), GNUNET_TIME_relative_to_absolute(), handle, identity, OIDC_COOKIE_EXPIRATION, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::rest_handle.

Referenced by init_cont().

1553 {
1554  struct MHD_Response *resp = GNUNET_REST_create_response ("");
1555  struct RequestHandle *handle = cls;
1556  struct GNUNET_HashCode cache_key;
1557  struct GNUNET_TIME_Absolute *current_time;
1558  struct GNUNET_TIME_Absolute *last_time;
1559  char *cookie;
1560  char *header_val;
1561  json_t *root;
1562  json_error_t error;
1563  json_t *identity;
1564  char term_data[handle->rest_handle->data_size + 1];
1565 
1566  term_data[handle->rest_handle->data_size] = '\0';
1567  GNUNET_memcpy (term_data,
1568  handle->rest_handle->data,
1569  handle->rest_handle->data_size);
1570  root = json_loads (term_data, JSON_DECODE_ANY, &error);
1571  identity = json_object_get (root, "identity");
1572  if (! json_is_string (identity))
1573  {
1575  "Error parsing json string from %s\n",
1576  term_data);
1577  handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1578  json_decref (root);
1580  return;
1581  }
1582  GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
1583  GNUNET_asprintf (&header_val,
1584  "%s;Max-Age=%d",
1585  cookie,
1587  MHD_add_response_header (resp, "Set-Cookie", header_val);
1588  MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
1589  GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
1590 
1591  if (0 != strcmp (json_string_value (identity), "Denied"))
1592  {
1593  current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
1594  *current_time = GNUNET_TIME_relative_to_absolute (
1597  last_time =
1599  GNUNET_free_non_null (last_time);
1601  &cache_key,
1602  current_time,
1604  }
1605  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1606  GNUNET_free (cookie);
1607  GNUNET_free (header_val);
1608  json_decref (root);
1610 }
If a value with the given key exists, replace it.
size_t data_size
The POST data size.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:246
#define OIDC_COOKIE_EXPIRATION
OIDC cookie expiration (in seconds)
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_free_non_null(ptr)
Free the memory pointed to by ptr if ptr is not NULL.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void * proc_cls
The closure of the result processor.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
Definition: time.c:442
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
const char * data
The POST data.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
static void cleanup_handle_delayed(void *cls)
struct GNUNET_TIME_Relative GNUNET_TIME_relative_get_second_(void)
Return relative time of 1s.
Definition: time.c:183
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_log(kind,...)
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_authorization()

static int check_authorization ( struct RequestHandle handle,
struct GNUNET_CRYPTO_EcdsaPublicKey cid 
)
static

Definition at line 1614 of file plugin_rest_openid_connect.c.

References RequestHandle::edesc, RequestHandle::ego_entry, RequestHandle::ego_head, RequestHandle::emsg, GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_free_non_null, GNUNET_NO, GNUNET_OK, GNUNET_strdup, GNUNET_STRINGS_base64_decode(), GNUNET_STRINGS_string_to_data(), GNUNET_SYSERR, GNUNET_REST_RequestHandle::header_param_map, EgoEntry::keystring, EgoEntry::next, OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_CLIENT, OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::response_code, and RequestHandle::rest_handle.

Referenced by token_endpoint().

1616 {
1617  struct GNUNET_HashCode cache_key;
1618  char *authorization;
1619  char *credentials;
1620  char *basic_authorization;
1621  char *client_id;
1622  char *pass;
1623  char *expected_pass;
1624 
1627  &cache_key);
1629  ->header_param_map,
1630  &cache_key))
1631  {
1633  handle->edesc = GNUNET_strdup ("missing authorization");
1634  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1635  return GNUNET_SYSERR;
1636  }
1637  authorization =
1639  &cache_key);
1640 
1641  // split header in "Basic" and [content]
1642  credentials = strtok (authorization, " ");
1643  if ((NULL == credentials) || (0 != strcmp ("Basic", credentials)))
1644  {
1646  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1647  return GNUNET_SYSERR;
1648  }
1649  credentials = strtok (NULL, " ");
1650  if (NULL == credentials)
1651  {
1653  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1654  return GNUNET_SYSERR;
1655  }
1656  GNUNET_STRINGS_base64_decode (credentials,
1657  strlen (credentials),
1658  (void **) &basic_authorization);
1659 
1660  if (NULL == basic_authorization)
1661  {
1663  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1664  return GNUNET_SYSERR;
1665  }
1666  client_id = strtok (basic_authorization, ":");
1667  if (NULL == client_id)
1668  {
1669  GNUNET_free_non_null (basic_authorization);
1671  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1672  return GNUNET_SYSERR;
1673  }
1674  pass = strtok (NULL, ":");
1675  if (NULL == pass)
1676  {
1677  GNUNET_free_non_null (basic_authorization);
1679  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1680  return GNUNET_SYSERR;
1681  }
1682 
1683  // check client password
1685  "reclaim-rest-plugin",
1686  "OIDC_CLIENT_SECRET",
1687  &expected_pass))
1688  {
1689  if (0 != strcmp (expected_pass, pass))
1690  {
1691  GNUNET_free_non_null (basic_authorization);
1692  GNUNET_free (expected_pass);
1694  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1695  return GNUNET_SYSERR;
1696  }
1697  GNUNET_free (expected_pass);
1698  }
1699  else
1700  {
1701  GNUNET_free_non_null (basic_authorization);
1703  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1704  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1705  return GNUNET_SYSERR;
1706  }
1707 
1708  // check client_id
1709  for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1710  handle->ego_entry = handle->ego_entry->next)
1711  {
1712  if (0 == strcmp (handle->ego_entry->keystring, client_id))
1713  break;
1714  }
1715  if (NULL == handle->ego_entry)
1716  {
1717  GNUNET_free_non_null (basic_authorization);
1719  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1720  return GNUNET_SYSERR;
1721  }
1722  GNUNET_STRINGS_string_to_data (client_id,
1723  strlen (client_id),
1724  cid,
1725  sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
1726 
1727  GNUNET_free (basic_authorization);
1728  return GNUNET_OK;
1729 }
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_free_non_null(ptr)
Free the memory pointed to by ptr if ptr is not NULL.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int response_code
Response code.
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
Definition: strings.c:1976
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
char * keystring
Public key string.
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct EgoEntry * ego_head
Ego list.
#define OIDC_ERROR_KEY_INVALID_CLIENT
OIDC error key for invalid client.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct EgoEntry * next
DLL.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:970
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ find_ego()

const struct EgoEntry* find_ego ( struct RequestHandle handle,
struct GNUNET_CRYPTO_EcdsaPublicKey test_key 
)

Definition at line 1733 of file plugin_rest_openid_connect.c.

References EgoEntry::ego, RequestHandle::ego_head, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, and EgoEntry::next.

Referenced by token_endpoint(), and userinfo_endpoint().

1735 {
1736  struct EgoEntry *ego_entry;
1737  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
1738 
1739  for (ego_entry = handle->ego_head; NULL != ego_entry;
1740  ego_entry = ego_entry->next)
1741  {
1742  GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
1743  if (0 == GNUNET_memcmp (&pub_key, test_key))
1744  return ego_entry;
1745  }
1746  return NULL;
1747 }
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
void GNUNET_IDENTITY_ego_get_public_key(const struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:568
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
struct EgoEntry * next
DLL.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ persist_access_token()

static void persist_access_token ( const struct RequestHandle handle,
const char *  access_token,
const struct GNUNET_RECLAIM_Ticket ticket 
)
static

Definition at line 1751 of file plugin_rest_openid_connect.c.

References GNUNET_assert, GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CRYPTO_hash(), GNUNET_new, GNUNET_SYSERR, and ticket.

Referenced by token_endpoint().

1754 {
1755  struct GNUNET_HashCode hc;
1756  struct GNUNET_RECLAIM_Ticket *ticketbuf;
1757 
1758  GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
1759  ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
1760  *ticketbuf = *ticket;
1764  &hc,
1765  ticketbuf,
1767 }
The authorization ticket.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
A 512-bit hashcode.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ token_endpoint()

static void token_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to token url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1778 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Ticket::audience, check_authorization(), cleanup_handle_delayed(), do_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::emsg, find_ego(), get_url_parameter_copy(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attestation_list_destroy(), GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_SYSERR, handle, GNUNET_RECLAIM_Ticket::identity, OIDC_access_token_new(), OIDC_build_token_response(), OIDC_CODE_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE, OIDC_GRANT_TYPE_KEY, OIDC_GRANT_TYPE_VALUE, OIDC_id_token_new(), OIDC_parse_authz_code(), persist_access_token(), RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::response_code.

Referenced by init_cont().

1781 {
1782  struct RequestHandle *handle = cls;
1783  const struct EgoEntry *ego_entry;
1784  struct GNUNET_TIME_Relative expiration_time;
1785  struct GNUNET_RECLAIM_AttributeList *cl;
1786  struct GNUNET_RECLAIM_AttestationList *al;
1788  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1789  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
1790  struct GNUNET_HashCode cache_key;
1791  struct MHD_Response *resp;
1792  char *grant_type;
1793  char *code;
1794  char *json_response;
1795  char *id_token;
1796  char *access_token;
1797  char *jwt_secret;
1798  char *nonce;
1799  char *code_verifier;
1800 
1801  /*
1802  * Check Authorization
1803  */
1804  if (GNUNET_SYSERR == check_authorization (handle, &cid))
1805  {
1807  "OIDC authorization for token endpoint failed\n");
1809  return;
1810  }
1811 
1812  /*
1813  * Check parameter
1814  */
1815 
1816  // TODO Do not allow multiple equal parameter names
1817  // REQUIRED grant_type
1819  strlen (OIDC_GRANT_TYPE_KEY),
1820  &cache_key);
1821  grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY);
1822  if (NULL == grant_type)
1823  {
1825  handle->edesc = GNUNET_strdup ("missing parameter grant_type");
1826  handle->response_code = MHD_HTTP_BAD_REQUEST;
1828  return;
1829  }
1830 
1831  // Check parameter grant_type == "authorization_code"
1832  if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
1833  {
1835  handle->response_code = MHD_HTTP_BAD_REQUEST;
1836  GNUNET_free (grant_type);
1838  return;
1839  }
1840  GNUNET_free (grant_type);
1841  // REQUIRED code
1842  code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
1843  if (NULL == code)
1844  {
1846  handle->edesc = GNUNET_strdup ("missing parameter code");
1847  handle->response_code = MHD_HTTP_BAD_REQUEST;
1849  return;
1850  }
1851  ego_entry = find_ego (handle, &cid);
1852  if (NULL == ego_entry)
1853  {
1855  handle->edesc = GNUNET_strdup ("Unknown client");
1856  handle->response_code = MHD_HTTP_BAD_REQUEST;
1857  GNUNET_free (code);
1859  return;
1860  }
1861  privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
1862 
1863  // REQUIRED code verifier
1864  code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
1865  if (NULL == code_verifier)
1866  {
1868  "OAuth authorization request does not contain PKCE parameters!\n");
1869 
1870  }
1871 
1872  // decode code
1873  if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket,
1874  &cl, &al, &nonce))
1875  {
1877  handle->edesc = GNUNET_strdup ("invalid code");
1878  handle->response_code = MHD_HTTP_BAD_REQUEST;
1879  GNUNET_free (code);
1881  return;
1882  }
1883  GNUNET_free (code);
1884 
1885  // create jwt
1887  "reclaim-rest-plugin",
1888  "expiration_time",
1889  &expiration_time))
1890  {
1892  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1893  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1895  return;
1896  }
1897 
1898 
1899  // TODO OPTIONAL acr,amr,azp
1901  "reclaim-rest-plugin",
1902  "jwt_secret",
1903  &jwt_secret))
1904  {
1906  handle->edesc = GNUNET_strdup ("No signing secret configured!");
1907  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1909  return;
1910  }
1911  id_token = OIDC_id_token_new (&ticket.audience,
1912  &ticket.identity,
1913  cl,
1914  al,
1915  &expiration_time,
1916  (NULL != nonce) ? nonce : NULL,
1917  jwt_secret);
1918  access_token = OIDC_access_token_new ();
1919  OIDC_build_token_response (access_token,
1920  id_token,
1921  &expiration_time,
1922  &json_response);
1923 
1924  persist_access_token (handle, access_token, &ticket);
1925  resp = GNUNET_REST_create_response (json_response);
1926  MHD_add_response_header (resp, "Cache-Control", "no-store");
1927  MHD_add_response_header (resp, "Pragma", "no-cache");
1928  MHD_add_response_header (resp, "Content-Type", "application/json");
1929  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1932  GNUNET_free (access_token);
1933  GNUNET_free (json_response);
1934  GNUNET_free (id_token);
1936 }
The authorization ticket.
int GNUNET_CONFIGURATION_get_value_time(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, struct GNUNET_TIME_Relative *time)
Get a configuration value that should be a relative time.
char * OIDC_id_token_new(const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_AttestationList *attests, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT from attributes.
Definition: oidc_helper.c:124
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
#define OIDC_GRANT_TYPE_KEY
OIDC grant_type key.
void GNUNET_RECLAIM_attestation_list_destroy(struct GNUNET_RECLAIM_AttestationList *attestations)
Destroy claim list.
static void persist_access_token(const struct RequestHandle *handle, const char *access_token, const struct GNUNET_RECLAIM_Ticket *ticket)
#define OIDC_CODE_KEY
OIDC code key.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:555
A list of GNUNET_RECLAIM_Attribute structures.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
A list of GNUNET_RECLAIM_Attestation structures.
Private ECC key encoded for transmission.
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
Definition: oidc_helper.c:729
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE
OIDC error key for unsupported grants.
The ego list.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
int OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_AttestationList **attests, char **nonce_str)
Parse reclaim ticket and nonce from authorization code.
Definition: oidc_helper.c:584
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define OIDC_CODE_VERIFIER_KEY
OIDC PKCE code verifier.
A 512-bit hashcode.
int response_code
Response code.
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
struct GNUNET_CRYPTO_EcdsaPublicKey identity
The ticket issuer (= the user)
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
static int check_authorization(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
static void do_error(void *cls)
Task run on error, sends error message.
static void cleanup_handle_delayed(void *cls)
char * OIDC_access_token_new()
Generate a new access token.
Definition: oidc_helper.c:757
struct GNUNET_CRYPTO_EcdsaPublicKey audience
The ticket audience (= relying party)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_GRANT_TYPE_VALUE
OIDC grant_type key.
#define GNUNET_free(ptr)
Wrapper around free.
Time for relative time used by GNUnet, in microseconds.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ consume_ticket()

static void consume_ticket ( void *  cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey identity,
const struct GNUNET_RECLAIM_Attribute attr,
const struct GNUNET_RECLAIM_Attestation attest 
)
static

Collects claims and stores them in handle.

Definition at line 1943 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Attribute::attestation, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attestation::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attestation::data_size, GNUNET_asprintf(), GNUNET_free, GNUNET_RECLAIM_attestation_value_to_string(), GNUNET_RECLAIM_attribute_value_to_string(), GNUNET_RECLAIM_id_is_zero, GNUNET_SCHEDULER_add_now(), GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::name, RequestHandle::oidc, OIDC_Variables::response, return_userinfo_response(), GNUNET_RECLAIM_Attribute::type, GNUNET_RECLAIM_Attestation::type, and value.

Referenced by userinfo_endpoint().

1947 {
1948  struct RequestHandle *handle = cls;
1949  if (NULL == identity)
1950  {
1952  return;
1953  }
1955  {
1956  char *tmp_value;
1957  json_t *value;
1959  attr->data,
1960  attr->data_size);
1961  value = json_string (tmp_value);
1962  json_object_set_new (handle->oidc->response, attr->name, value);
1963  GNUNET_free (tmp_value);
1964  return;
1965  }
1966  json_t *claim_sources;
1967  json_t *claim_sources_jwt;
1968  json_t *claim_names;
1969  char *attest_val_str;
1970  claim_sources = json_object_get (handle->oidc->response,"_claim_sources");
1971  claim_names = json_object_get (handle->oidc->response,"_claim_names");
1972  attest_val_str =
1974  attest->data,
1975  attest->data_size);
1976  if ((NULL == claim_sources) && (NULL == claim_names) )
1977  {
1978  claim_sources = json_object ();
1979  claim_names = json_object ();
1980  }
1981  char *source_name;
1982  int i = 0;
1983  GNUNET_asprintf (&source_name, "src%d", i);
1984  while (NULL != (claim_sources_jwt = json_object_get (claim_sources,
1985  source_name)))
1986  {
1987  if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,
1988  "JWT")),
1989  attest_val_str))
1990  {
1991  // Adapt only the claim names
1992  json_object_set_new (claim_names, attr->data,
1993  json_string (source_name));
1994  json_object_set (handle->oidc->response,
1995  "_claim_names", claim_names);
1996  break;
1997  }
1998  i++;
1999  GNUNET_free (source_name);
2000  GNUNET_asprintf (&source_name, "src%d", i);
2001  }
2002 
2003  // Create new one
2004  if (NULL == claim_sources_jwt)
2005  {
2006  claim_sources_jwt = json_object ();
2007  // Set the JWT for names
2008  json_object_set_new (claim_names, attr->data,
2009  json_string (source_name));
2010  // Set the JWT for the inner source
2011  json_object_set_new (claim_sources_jwt, "JWT",
2012  json_string (attest_val_str));
2013  // Set the JWT for the source
2014  json_object_set_new (claim_sources, source_name, claim_sources_jwt);
2015  // Set as claims
2016  json_object_set (handle->oidc->response, "_claim_names", claim_names);
2017  json_object_set (handle->oidc->response, "_claim_sources",claim_sources);
2018  }
2019 
2020  json_decref (claim_sources);
2021  json_decref (claim_names);
2022  json_decref (claim_sources_jwt);
2023  GNUNET_free (attest_val_str);
2024 }
const char * name
The name of the attribute.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * GNUNET_RECLAIM_attestation_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the &#39;claim&#39; of an attestation to a string.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
static char * value
Value of the record to add/remove.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
size_t data_size
Number of bytes in data.
size_t data_size
Number of bytes in data.
uint32_t type
Type/Format of Claim.
static void return_userinfo_response(void *cls)
Return attributes for claim.
const void * data
Binary value stored as attribute value.
const void * data
Binary value stored as attribute value.
char * GNUNET_RECLAIM_attribute_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the &#39;claim&#39; of an attribute to a string.
uint32_t type
Type of Claim.
json_t * response
The response JSON.
#define GNUNET_YES
Definition: gnunet_common.h:85
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_RECLAIM_id_is_zero(a)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ userinfo_endpoint()

static void userinfo_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to userinfo GET and url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 2035 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Ticket::audience, consume_ticket(), do_userinfo_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::emsg, find_ego(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_NO, GNUNET_RECLAIM_connect(), GNUNET_RECLAIM_ticket_consume(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, GNUNET_REST_RequestHandle::header_param_map, RequestHandle::idp, RequestHandle::idp_op, EgoEntry::keystring, RequestHandle::oidc, OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_TOKEN, OIDC_Variables::response, RequestHandle::response_code, RequestHandle::rest_handle, and ticket.

Referenced by init_cont().

2038 {
2039  // TODO expiration time
2040  struct RequestHandle *handle = cls;
2041  char delimiter[] = " ";
2042  struct GNUNET_HashCode cache_key;
2043  char *authorization;
2044  char *authorization_type;
2045  char *authorization_access_token;
2046  struct GNUNET_RECLAIM_Ticket *ticket;
2047  const struct EgoEntry *ego_entry;
2048  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
2049 
2052  &cache_key);
2054  ->header_param_map,
2055  &cache_key))
2056  {
2058  handle->edesc = GNUNET_strdup ("No Access Token");
2059  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2061  return;
2062  }
2063  authorization =
2065  &cache_key);
2066 
2067  // split header in "Bearer" and access_token
2068  authorization = GNUNET_strdup (authorization);
2069  authorization_type = strtok (authorization, delimiter);
2070  if ((NULL == authorization_type) ||
2071  (0 != strcmp ("Bearer", authorization_type)))
2072  {
2074  handle->edesc = GNUNET_strdup ("No Access Token");
2075  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2077  GNUNET_free (authorization);
2078  return;
2079  }
2080  authorization_access_token = strtok (NULL, delimiter);
2081  if (NULL == authorization_access_token)
2082  {
2084  handle->edesc = GNUNET_strdup ("Access token missing");
2085  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2087  GNUNET_free (authorization);
2088  return;
2089  }
2090 
2091  GNUNET_CRYPTO_hash (authorization_access_token,
2092  strlen (authorization_access_token),
2093  &cache_key);
2094  if (GNUNET_NO ==
2096  &cache_key))
2097  {
2099  handle->edesc = GNUNET_strdup ("The access token expired");
2100  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2102  GNUNET_free (authorization);
2103  return;
2104  }
2105  ticket =
2107  GNUNET_assert (NULL != ticket);
2108  ego_entry = find_ego (handle, &ticket->audience);
2109  if (NULL == ego_entry)
2110  {
2112  handle->edesc = GNUNET_strdup ("The access token expired");
2113  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2115  GNUNET_free (authorization);
2116  return;
2117  }
2118 
2119  handle->idp = GNUNET_RECLAIM_connect (cfg);
2120  handle->oidc->response = json_object ();
2121  json_object_set_new (handle->oidc->response,
2122  "sub",
2123  json_string (ego_entry->keystring));
2124  privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
2125  handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
2126  privkey,
2127  ticket,
2129  handle);
2130  GNUNET_free (authorization);
2131 }
The authorization ticket.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_consume(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_RECLAIM_Ticket *ticket, GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls)
Consumes an issued ticket.
Definition: reclaim_api.c:1553
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:555
#define GNUNET_NO
Definition: gnunet_common.h:86
Private ECC key encoded for transmission.
#define OIDC_ERROR_KEY_INVALID_TOKEN
OIDC error key for invalid tokens.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
The ego list.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static void consume_ticket(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Attestation *attest)
Collects claims and stores them in handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int response_code
Response code.
char * keystring
Public key string.
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct GNUNET_CRYPTO_EcdsaPublicKey audience
The ticket audience (= relying party)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
json_t * response
The response JSON.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct GNUNET_RECLAIM_Handle * GNUNET_RECLAIM_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the re:claimID service.
Definition: reclaim_api.c:1026
#define GNUNET_free(ptr)
Wrapper around free.
static void do_userinfo_error(void *cls)
Task run on error in userinfo endpoint, sends error header.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_cont()

static void init_cont ( struct RequestHandle handle)
static

Handle rest request.

Parameters
handlethe request handle

Definition at line 2140 of file plugin_rest_openid_connect.c.

References authorize_endpoint(), do_error(), GNUNET_REST_RequestHandlerError::error_code, GNUNET_NO, GNUNET_REST_API_NS_AUTHORIZE, GNUNET_REST_API_NS_LOGIN, GNUNET_REST_API_NS_OIDC, GNUNET_REST_API_NS_TOKEN, GNUNET_REST_API_NS_USERINFO, GNUNET_REST_handle_request(), GNUNET_REST_HANDLER_END, GNUNET_SCHEDULER_add_now(), login_cont(), options_cont(), RequestHandle::response_code, RequestHandle::rest_handle, token_endpoint(), and userinfo_endpoint().

Referenced by list_ego().

2141 {
2143  static const struct GNUNET_REST_RequestHandler handlers[] =
2144  { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint },
2145  { MHD_HTTP_METHOD_POST,
2147  &authorize_endpoint }, // url-encoded
2148  { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont },
2149  { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
2150  { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
2151  { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
2152  { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont },
2154 
2155  if (GNUNET_NO ==
2156  GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
2157  {
2158  handle->response_code = err.error_code;
2160  }
2161 }
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_REST_HANDLER_END
static struct GNUNET_CADET_MessageHandler handlers[]
Handlers, for diverse services.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
#define GNUNET_REST_API_NS_AUTHORIZE
Authorize endpoint.
int GNUNET_REST_handle_request(struct GNUNET_REST_RequestHandle *conn, const struct GNUNET_REST_RequestHandler *handlers, struct GNUNET_REST_RequestHandlerError *err, void *cls)
Definition: rest.c:77
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
int response_code
Response code.
static void login_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Combines an identity with a login time and responds OK to login request.
static void userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to userinfo GET and url-encoded POST request.
#define GNUNET_REST_API_NS_LOGIN
Login namespace.
#define GNUNET_REST_API_NS_OIDC
REST root namespace.
static void authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to authorization GET and url-encoded POST request.
static void do_error(void *cls)
Task run on error, sends error message.
static void options_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Respond to OPTIONS request.
static void token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to token url-encoded POST request.
#define GNUNET_REST_API_NS_USERINFO
UserInfo endpoint.
#define GNUNET_REST_API_NS_TOKEN
Token endpoint.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ list_ego()

static void list_ego ( void *  cls,
struct GNUNET_IDENTITY_Ego ego,
void **  ctx,
const char *  identifier 
)
static

If listing is enabled, prints information about the egos.

This function is initially called for all egos and then again whenever a ego's identifier changes or if it is deleted. At the end of the initial pass over all egos, the function is once called with 'NULL' for 'ego'. That does NOT mean that the callback won't be invoked in the future or that there was an error.

When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this function is only called ONCE, and 'NULL' being passed in 'ego' does indicate an error (i.e. name is taken or no default value is known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the value WILL be passed to a subsequent call to the identity callback of 'GNUNET_IDENTITY_connect' (if that one was not NULL).

When an identity is renamed, this function is called with the (known) ego but the NEW identifier.

When an identity is deleted, this function is called with the (known) ego and "NULL" for the 'identifier'. In this case, the 'ego' is henceforth invalid (and the 'ctx' should also be cleaned up).

Parameters
clsclosure
egoego handle
ctxcontext for application to store data for this ego (during the lifetime of this process, initially NULL)
identifieridentifier assigned by the user for this ego, NULL if the user just deleted the ego and it must thus no longer be used

Definition at line 2198 of file plugin_rest_openid_connect.c.

References EgoEntry::ego, RequestHandle::ego_head, RequestHandle::ego_tail, GNUNET_assert, GNUNET_CONTAINER_DLL_insert_tail, GNUNET_CONTAINER_DLL_remove, GNUNET_CRYPTO_ecdsa_public_key_to_string(), GNUNET_free, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_new, GNUNET_strdup, handle, ID_REST_STATE_INIT, ID_REST_STATE_POST_INIT, EgoEntry::identifier, init_cont(), EgoEntry::keystring, EgoEntry::next, and RequestHandle::state.

Referenced by rest_identity_process_request().

2202 {
2203  struct RequestHandle *handle = cls;
2204  struct EgoEntry *ego_entry;
2206 
2207  if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
2208  {
2209  handle->state = ID_REST_STATE_POST_INIT;
2210  init_cont (handle);
2211  return;
2212  }
2213  GNUNET_assert (NULL != ego);
2214  if (ID_REST_STATE_INIT == handle->state)
2215 
2216  {
2217  ego_entry = GNUNET_new (struct EgoEntry);
2220  ego_entry->ego = ego;
2221  ego_entry->identifier = GNUNET_strdup (identifier);
2223  handle->ego_tail,
2224  ego_entry);
2225  return;
2226  }
2227  /* Ego renamed or added */
2228  if (identifier != NULL)
2229  {
2230  for (ego_entry = handle->ego_head; NULL != ego_entry;
2231  ego_entry = ego_entry->next)
2232  {
2233  if (ego_entry->ego == ego)
2234  {
2235  /* Rename */
2236  GNUNET_free (ego_entry->identifier);
2237  ego_entry->identifier = GNUNET_strdup (identifier);
2238  break;
2239  }
2240  }
2241  if (NULL == ego_entry)
2242  {
2243  /* Add */
2244  ego_entry = GNUNET_new (struct EgoEntry);
2247  ego_entry->ego = ego;
2248  ego_entry->identifier = GNUNET_strdup (identifier);
2250  handle->ego_tail,
2251  ego_entry);
2252  }
2253  }
2254  else
2255  {
2256  /* Delete */
2257  for (ego_entry = handle->ego_head; NULL != ego_entry;
2258  ego_entry = ego_entry->next)
2259  {
2260  if (ego_entry->ego == ego)
2261  break;
2262  }
2263  if (NULL != ego_entry)
2265  handle->ego_tail,
2266  ego_entry);
2267  }
2268 }
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
struct EgoEntry * ego_tail
Ego list.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
The request handle.
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void init_cont(struct RequestHandle *handle)
Handle rest request.
int state
The processing state.
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:223
char * keystring
Public key string.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
void GNUNET_IDENTITY_ego_get_public_key(const struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:568
char * identifier
Ego Identifier.
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define ID_REST_STATE_INIT
State while collecting all egos.
struct EgoEntry * next
DLL.
#define ID_REST_STATE_POST_INIT
Done collecting egos.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ rest_identity_process_request()

static void rest_identity_process_request ( struct GNUNET_REST_RequestHandle rest_handle,
GNUNET_REST_ResultProcessor  proc,
void *  proc_cls 
)
static

Definition at line 2272 of file plugin_rest_openid_connect.c.

References do_timeout(), RequestHandle::gns_handle, GNUNET_CONTAINER_multihashmap_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_GNS_connect(), GNUNET_IDENTITY_connect(), GNUNET_log, GNUNET_NAMESTORE_connect(), GNUNET_new, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_strdup, GNUNET_TIME_UNIT_FOREVER_REL, handle, ID_REST_STATE_INIT, RequestHandle::identity_handle, list_ego(), RequestHandle::namestore_handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::response_code, RequestHandle::rest_handle, RequestHandle::state, RequestHandle::timeout, RequestHandle::timeout_task, GNUNET_REST_RequestHandle::url, and RequestHandle::url.

Referenced by libgnunet_plugin_rest_openid_connect_init().

2275 {
2276  struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
2277 
2278  handle->oidc = GNUNET_new (struct OIDC_Variables);
2279  if (NULL == OIDC_cookie_jar_map)
2281  if (NULL == OIDC_access_token_map)
2284  handle->response_code = 0;
2286  handle->proc_cls = proc_cls;
2287  handle->proc = proc;
2288  handle->state = ID_REST_STATE_INIT;
2289  handle->rest_handle = rest_handle;
2290 
2291  handle->url = GNUNET_strdup (rest_handle->url);
2292  if (handle->url[strlen (handle->url) - 1] == '/')
2293  handle->url[strlen (handle->url) - 1] = '\0';
2294  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
2295  handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle);
2296  handle->gns_handle = GNUNET_GNS_connect (cfg);
2298  handle->timeout_task =
2299  GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
2300  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
2301 }
struct GNUNET_IDENTITY_Handle * GNUNET_IDENTITY_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_IDENTITY_Callback cb, void *cb_cls)
Connect to the identity service.
Definition: identity_api.c:527
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
OIDC needed variables.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1271
static void do_timeout(void *cls)
Task run on timeout, sends error message.
const char * url
The url as string.
struct GNUNET_TIME_Relative timeout
Desired timeout for the lookup (default is no timeout).
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_TIME_UNIT_FOREVER_REL
Constant used to specify "forever".
struct GNUNET_GNS_Handle * GNUNET_GNS_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Initialize the connection with the GNS service.
Definition: gns_api.c:268
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
int response_code
Response code.
int state
The processing state.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
struct GNUNET_NAMESTORE_Handle * GNUNET_NAMESTORE_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the namestore service.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
static void list_ego(void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
If listing is enabled, prints information about the egos.
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define ID_REST_STATE_INIT
State while collecting all egos.
struct GNUNET_CONTAINER_MultiHashMap * GNUNET_CONTAINER_multihashmap_create(unsigned int len, int do_not_copy_keys)
Create a multi hash map.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
struct GNUNET_IDENTITY_Handle * identity_handle
Handle to Identity service.
struct GNUNET_NAMESTORE_Handle * namestore_handle
Handle to NAMESTORE.
char * url
The url.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ libgnunet_plugin_rest_openid_connect_init()

void* libgnunet_plugin_rest_openid_connect_init ( void *  cls)

Entry point for the plugin.

Parameters
clsConfig info
Returns
NULL on error, otherwise the plugin context

Definition at line 2311 of file plugin_rest_openid_connect.c.

References _, allow_methods, Plugin::api, Plugin::cfg, GNUNET_REST_Plugin::cls, GNUNET_asprintf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_new, GNUNET_REST_API_NS_OIDC, GNUNET_REST_Plugin::name, plugin, GNUNET_REST_Plugin::process_request, and rest_identity_process_request().

2312 {
2313  static struct Plugin plugin;
2314  struct GNUNET_REST_Plugin *api;
2315 
2316  cfg = cls;
2317  if (NULL != plugin.cfg)
2318  return NULL; /* can only initialize once! */
2319  memset (&plugin, 0, sizeof(struct Plugin));
2320  plugin.cfg = cfg;
2321  api = GNUNET_new (struct GNUNET_REST_Plugin);
2322  api->cls = &plugin;
2326  "%s, %s, %s, %s, %s",
2327  MHD_HTTP_METHOD_GET,
2328  MHD_HTTP_METHOD_POST,
2329  MHD_HTTP_METHOD_PUT,
2330  MHD_HTTP_METHOD_DELETE,
2331  MHD_HTTP_METHOD_OPTIONS);
2332 
2334  _ ("OpenID Connect REST API initialized\n"));
2335  return api;
2336 }
void * cls
The closure of the plugin.
struct returned by the initialization function of the plugin
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static void rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
void(* process_request)(struct GNUNET_REST_RequestHandle *handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
Function to process a REST call.
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * name
Plugin name.
static char * plugin
Solver plugin name as string.
#define GNUNET_REST_API_NS_OIDC
REST root namespace.
static char * allow_methods
HTTP methods allows for this plugin.
Handle for a plugin.
Definition: block.c:37
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
Here is the call graph for this function:

◆ libgnunet_plugin_rest_openid_connect_done()

void* libgnunet_plugin_rest_openid_connect_done ( void *  cls)

Exit point from the plugin.

Parameters
clsthe plugin context (as returned by "init")
Returns
always NULL

Definition at line 2346 of file plugin_rest_openid_connect.c.

References allow_methods, Plugin::api, Plugin::cfg, GNUNET_REST_Plugin::cls, GNUNET_CONTAINER_multihashmap_destroy(), GNUNET_CONTAINER_multihashmap_iterator_create(), GNUNET_CONTAINER_multihashmap_iterator_destroy(), GNUNET_CONTAINER_multihashmap_iterator_next(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_free_non_null, GNUNET_log, GNUNET_YES, plugin, and value.

2347 {
2348  struct GNUNET_REST_Plugin *api = cls;
2349  struct Plugin *plugin = api->cls;
2350 
2351  plugin->cfg = NULL;
2352 
2353  struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
2354  void *value = NULL;
2355  hashmap_it =
2357  while (GNUNET_YES ==
2358  GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2359  GNUNET_free_non_null (value);
2362 
2363  hashmap_it =
2365  while (GNUNET_YES ==
2366  GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
2367  GNUNET_free_non_null (value);
2371  GNUNET_free (api);
2373  "OpenID Connect REST plugin is finished\n");
2374  return NULL;
2375 }
void GNUNET_CONTAINER_multihashmap_iterator_destroy(struct GNUNET_CONTAINER_MultiHashMapIterator *iter)
Destroy a multihashmap iterator.
int GNUNET_CONTAINER_multihashmap_iterator_next(struct GNUNET_CONTAINER_MultiHashMapIterator *iter, struct GNUNET_HashCode *key, const void **value)
Retrieve the next element from the hash map at the iterator&#39;s position.
struct GNUNET_CONTAINER_MultiHashMapIterator * GNUNET_CONTAINER_multihashmap_iterator_create(const struct GNUNET_CONTAINER_MultiHashMap *map)
Create an iterator for a multihashmap.
void * cls
The closure of the plugin.
const struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
struct returned by the initialization function of the plugin
#define GNUNET_free_non_null(ptr)
Free the memory pointed to by ptr if ptr is not NULL.
static char * value
Value of the record to add/remove.
void GNUNET_CONTAINER_multihashmap_destroy(struct GNUNET_CONTAINER_MultiHashMap *map)
Destroy a hash map.
static char * plugin
Solver plugin name as string.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
static char * allow_methods
HTTP methods allows for this plugin.
Handle for a plugin.
Definition: block.c:37
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:85
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

Variable Documentation

◆ OIDC_ignored_parameter_array

char* OIDC_ignored_parameter_array[]
static
Initial value:
= { "display",
"prompt",
"ui_locales",
"response_mode",
"id_token_hint",
"login_hint",
"acr_values" }

OIDC ignored parameter array.

Definition at line 226 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_cookie_jar_map

struct GNUNET_CONTAINER_MultiHashMap* OIDC_cookie_jar_map

OIDC Hash map that keeps track of issued cookies.

Definition at line 237 of file plugin_rest_openid_connect.c.

◆ OIDC_access_token_map

struct GNUNET_CONTAINER_MultiHashMap* OIDC_access_token_map

Hash map that links the issued access token to the corresponding ticket and ego.

Definition at line 243 of file plugin_rest_openid_connect.c.

◆ cfg

const struct GNUNET_CONFIGURATION_Handle* cfg

The configuration handle.

Handle to our configuration.

Definition at line 248 of file plugin_rest_openid_connect.c.

◆ allow_methods

char* allow_methods
static

HTTP methods allows for this plugin.

Definition at line 253 of file plugin_rest_openid_connect.c.

Referenced by libgnunet_plugin_rest_openid_connect_done(), libgnunet_plugin_rest_openid_connect_init(), and options_cont().