GNUnet  0.11.x
Data Structures | Macros | Functions | Variables
plugin_rest_openid_connect.c File Reference
#include "platform.h"
#include <inttypes.h>
#include <jansson.h>
#include "gnunet_gns_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_identity_service.h"
#include "gnunet_namestore_service.h"
#include "gnunet_reclaim_lib.h"
#include "gnunet_reclaim_service.h"
#include "gnunet_rest_lib.h"
#include "gnunet_rest_plugin.h"
#include "gnunet_signatures.h"
#include "microhttpd.h"
#include "oidc_helper.h"
Include dependency graph for plugin_rest_openid_connect.c:

Go to the source code of this file.

Data Structures

struct  Plugin
 Handle for a plugin. More...
 
struct  OIDC_Variables
 OIDC needed variables. More...
 
struct  EgoEntry
 The ego list. More...
 
struct  RequestHandle
 The request handle. More...
 

Macros

#define GNUNET_REST_API_NS_OIDC   "/openid"
 REST root namespace. More...
 
#define GNUNET_REST_API_NS_AUTHORIZE   "/openid/authorize"
 Authorize endpoint. More...
 
#define GNUNET_REST_API_NS_TOKEN   "/openid/token"
 Token endpoint. More...
 
#define GNUNET_REST_API_NS_USERINFO   "/openid/userinfo"
 UserInfo endpoint. More...
 
#define GNUNET_REST_API_NS_LOGIN   "/openid/login"
 Login namespace. More...
 
#define ID_REST_STATE_INIT   0
 State while collecting all egos. More...
 
#define ID_REST_STATE_POST_INIT   1
 Done collecting egos. More...
 
#define OIDC_GRANT_TYPE_KEY   "grant_type"
 OIDC grant_type key. More...
 
#define OIDC_GRANT_TYPE_VALUE   "authorization_code"
 OIDC grant_type key. More...
 
#define OIDC_CODE_KEY   "code"
 OIDC code key. More...
 
#define OIDC_RESPONSE_TYPE_KEY   "response_type"
 OIDC response_type key. More...
 
#define OIDC_CLIENT_ID_KEY   "client_id"
 OIDC client_id key. More...
 
#define OIDC_SCOPE_KEY   "scope"
 OIDC scope key. More...
 
#define OIDC_REDIRECT_URI_KEY   "redirect_uri"
 OIDC redirect_uri key. More...
 
#define OIDC_STATE_KEY   "state"
 OIDC state key. More...
 
#define OIDC_NONCE_KEY   "nonce"
 OIDC nonce key. More...
 
#define OIDC_CLAIMS_KEY   "claims"
 OIDC claims key. More...
 
#define OIDC_CODE_CHALLENGE_KEY   "code_challenge"
 OIDC PKCE code challenge. More...
 
#define OIDC_CODE_VERIFIER_KEY   "code_verifier"
 OIDC PKCE code verifier. More...
 
#define OIDC_COOKIE_EXPIRATION   3
 OIDC cookie expiration (in seconds) More...
 
#define OIDC_COOKIE_HEADER_KEY   "cookie"
 OIDC cookie header key. More...
 
#define OIDC_AUTHORIZATION_HEADER_KEY   "authorization"
 OIDC cookie header information key. More...
 
#define OIDC_COOKIE_HEADER_INFORMATION_KEY   "Identity="
 OIDC cookie header information key. More...
 
#define OIDC_COOKIE_HEADER_ACCESS_DENIED   "Identity=Denied"
 OIDC cookie header if user cancelled. More...
 
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE   "code"
 OIDC expected response_type while authorizing. More...
 
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE   "openid"
 OIDC expected scope part while authorizing. More...
 
#define OIDC_ERROR_KEY_INVALID_CLIENT   "invalid_client"
 OIDC error key for invalid client. More...
 
#define OIDC_ERROR_KEY_INVALID_SCOPE   "invalid_scope"
 OIDC error key for invalid scopes. More...
 
#define OIDC_ERROR_KEY_INVALID_REQUEST   "invalid_request"
 OIDC error key for invalid requests. More...
 
#define OIDC_ERROR_KEY_INVALID_TOKEN   "invalid_token"
 OIDC error key for invalid tokens. More...
 
#define OIDC_ERROR_KEY_INVALID_COOKIE   "invalid_cookie"
 OIDC error key for invalid cookies. More...
 
#define OIDC_ERROR_KEY_SERVER_ERROR   "server_error"
 OIDC error key for generic server errors. More...
 
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE   "unsupported_grant_type"
 OIDC error key for unsupported grants. More...
 
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE   "unsupported_response_type"
 OIDC error key for unsupported response types. More...
 
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT   "unauthorized_client"
 OIDC error key for unauthorized clients. More...
 
#define OIDC_ERROR_KEY_ACCESS_DENIED   "access_denied"
 OIDC error key for denied access. More...
 

Functions

static void cleanup_handle (struct RequestHandle *handle)
 Cleanup lookup handle. More...
 
static void cleanup_handle_delayed (void *cls)
 
static void do_error (void *cls)
 Task run on error, sends error message. More...
 
static void do_userinfo_error (void *cls)
 Task run on error in userinfo endpoint, sends error header. More...
 
static void do_redirect_error (void *cls)
 Task run on error, sends error message and redirects. More...
 
static void do_timeout (void *cls)
 Task run on timeout, sends error message. More...
 
static void return_userinfo_response (void *cls)
 Return attributes for claim. More...
 
static void options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Respond to OPTIONS request. More...
 
static void cookie_identity_interpretation (struct RequestHandle *handle)
 Interprets cookie header and pass its identity keystring to handle. More...
 
static void login_redirect (void *cls)
 Redirects to login page stored in configuration file. More...
 
static void oidc_iteration_error (void *cls)
 Does internal server error when iteration failed. More...
 
static void oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
 Issues ticket and redirects to relying party with the authorization code as parameter. More...
 
static struct GNUNET_RECLAIM_AttributeListattribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b)
 
static void oidc_attest_collect_finished_cb (void *cls)
 
static void oidc_attest_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attestation *attest)
 Collects all attributes for an ego if in scope parameter. More...
 
static void oidc_attr_collect_finished_cb (void *cls)
 
static int attr_in_claims_request (struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
 
static int attr_in_idtoken_request (struct RequestHandle *handle, const char *attr_name)
 
static int attr_in_userinfo_request (struct RequestHandle *handle, const char *attr_name)
 
static void oidc_attr_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
 Collects all attributes for an ego if in scope parameter. More...
 
static void code_redirect (void *cls)
 Checks time and cookie and redirects accordingly. More...
 
static void build_redirect (void *cls)
 
static void lookup_redirect_uri_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
 
static void client_redirect (void *cls)
 Initiate redirect back to client. More...
 
static char * get_url_parameter_copy (const struct RequestHandle *handle, const char *key)
 
static void build_authz_response (void *cls)
 Iteration over all results finished, build final response. More...
 
static void tld_iter (void *cls, const char *section, const char *option, const char *value)
 Iterate over tlds in config. More...
 
static void authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to authorization GET and url-encoded POST request. More...
 
static void login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Combines an identity with a login time and responds OK to login request. More...
 
static int check_authorization (struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
 
const struct EgoEntryfind_ego (struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
 
static void persist_access_token (const struct RequestHandle *handle, const char *access_token, const struct GNUNET_RECLAIM_Ticket *ticket)
 
static void token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to token url-encoded POST request. More...
 
static void consume_ticket (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Attestation *attest)
 Collects claims and stores them in handle. More...
 
static void userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
 Responds to userinfo GET and url-encoded POST request. More...
 
static void init_cont (struct RequestHandle *handle)
 Handle rest request. More...
 
static void list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
 If listing is enabled, prints information about the egos. More...
 
static void rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
 
void * libgnunet_plugin_rest_openid_connect_init (void *cls)
 Entry point for the plugin. More...
 
void * libgnunet_plugin_rest_openid_connect_done (void *cls)
 Exit point from the plugin. More...
 

Variables

static char * OIDC_ignored_parameter_array []
 OIDC ignored parameter array. More...
 
struct GNUNET_CONTAINER_MultiHashMapOIDC_cookie_jar_map
 OIDC Hash map that keeps track of issued cookies. More...
 
struct GNUNET_CONTAINER_MultiHashMapOIDC_access_token_map
 Hash map that links the issued access token to the corresponding ticket and ego. More...
 
const struct GNUNET_CONFIGURATION_Handlecfg
 The configuration handle. More...
 
static char * allow_methods
 HTTP methods allows for this plugin. More...
 

Macro Definition Documentation

◆ GNUNET_REST_API_NS_OIDC

#define GNUNET_REST_API_NS_OIDC   "/openid"

REST root namespace.

Definition at line 45 of file plugin_rest_openid_connect.c.

Referenced by init_cont(), and libgnunet_plugin_rest_openid_connect_init().

◆ GNUNET_REST_API_NS_AUTHORIZE

#define GNUNET_REST_API_NS_AUTHORIZE   "/openid/authorize"

Authorize endpoint.

Definition at line 50 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ GNUNET_REST_API_NS_TOKEN

#define GNUNET_REST_API_NS_TOKEN   "/openid/token"

Token endpoint.

Definition at line 55 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ GNUNET_REST_API_NS_USERINFO

#define GNUNET_REST_API_NS_USERINFO   "/openid/userinfo"

UserInfo endpoint.

Definition at line 60 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ GNUNET_REST_API_NS_LOGIN

#define GNUNET_REST_API_NS_LOGIN   "/openid/login"

Login namespace.

Definition at line 65 of file plugin_rest_openid_connect.c.

Referenced by init_cont().

◆ ID_REST_STATE_INIT

#define ID_REST_STATE_INIT   0

State while collecting all egos.

Definition at line 70 of file plugin_rest_openid_connect.c.

Referenced by list_ego(), and rest_identity_process_request().

◆ ID_REST_STATE_POST_INIT

#define ID_REST_STATE_POST_INIT   1

Done collecting egos.

Definition at line 75 of file plugin_rest_openid_connect.c.

Referenced by list_ego().

◆ OIDC_GRANT_TYPE_KEY

#define OIDC_GRANT_TYPE_KEY   "grant_type"

OIDC grant_type key.

Definition at line 80 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_GRANT_TYPE_VALUE

#define OIDC_GRANT_TYPE_VALUE   "authorization_code"

OIDC grant_type key.

Definition at line 85 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_CODE_KEY

#define OIDC_CODE_KEY   "code"

OIDC code key.

Definition at line 90 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_RESPONSE_TYPE_KEY

#define OIDC_RESPONSE_TYPE_KEY   "response_type"

OIDC response_type key.

Definition at line 95 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CLIENT_ID_KEY

#define OIDC_CLIENT_ID_KEY   "client_id"

OIDC client_id key.

Definition at line 100 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_SCOPE_KEY

#define OIDC_SCOPE_KEY   "scope"

OIDC scope key.

Definition at line 105 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), build_authz_response(), and login_redirect().

◆ OIDC_REDIRECT_URI_KEY

#define OIDC_REDIRECT_URI_KEY   "redirect_uri"

OIDC redirect_uri key.

Definition at line 110 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_STATE_KEY

#define OIDC_STATE_KEY   "state"

OIDC state key.

Definition at line 115 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_NONCE_KEY

#define OIDC_NONCE_KEY   "nonce"

OIDC nonce key.

Definition at line 120 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CLAIMS_KEY

#define OIDC_CLAIMS_KEY   "claims"

OIDC claims key.

Definition at line 125 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and login_redirect().

◆ OIDC_CODE_CHALLENGE_KEY

#define OIDC_CODE_CHALLENGE_KEY   "code_challenge"

OIDC PKCE code challenge.

Definition at line 130 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), and login_redirect().

◆ OIDC_CODE_VERIFIER_KEY

#define OIDC_CODE_VERIFIER_KEY   "code_verifier"

OIDC PKCE code verifier.

Definition at line 135 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_COOKIE_EXPIRATION

#define OIDC_COOKIE_EXPIRATION   3

OIDC cookie expiration (in seconds)

Definition at line 140 of file plugin_rest_openid_connect.c.

Referenced by login_cont().

◆ OIDC_COOKIE_HEADER_KEY

#define OIDC_COOKIE_HEADER_KEY   "cookie"

OIDC cookie header key.

Definition at line 145 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_AUTHORIZATION_HEADER_KEY

#define OIDC_AUTHORIZATION_HEADER_KEY   "authorization"

OIDC cookie header information key.

Definition at line 150 of file plugin_rest_openid_connect.c.

Referenced by check_authorization(), and userinfo_endpoint().

◆ OIDC_COOKIE_HEADER_INFORMATION_KEY

#define OIDC_COOKIE_HEADER_INFORMATION_KEY   "Identity="

OIDC cookie header information key.

Definition at line 155 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_COOKIE_HEADER_ACCESS_DENIED

#define OIDC_COOKIE_HEADER_ACCESS_DENIED   "Identity=Denied"

OIDC cookie header if user cancelled.

Definition at line 160 of file plugin_rest_openid_connect.c.

Referenced by cookie_identity_interpretation().

◆ OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE

#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE   "code"

OIDC expected response_type while authorizing.

Definition at line 165 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_EXPECTED_AUTHORIZATION_SCOPE

#define OIDC_EXPECTED_AUTHORIZATION_SCOPE   "openid"

OIDC expected scope part while authorizing.

Definition at line 170 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_ERROR_KEY_INVALID_CLIENT

#define OIDC_ERROR_KEY_INVALID_CLIENT   "invalid_client"

OIDC error key for invalid client.

Definition at line 175 of file plugin_rest_openid_connect.c.

Referenced by check_authorization().

◆ OIDC_ERROR_KEY_INVALID_SCOPE

#define OIDC_ERROR_KEY_INVALID_SCOPE   "invalid_scope"

OIDC error key for invalid scopes.

Definition at line 180 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response(), and oidc_attr_collect_finished_cb().

◆ OIDC_ERROR_KEY_INVALID_REQUEST

#define OIDC_ERROR_KEY_INVALID_REQUEST   "invalid_request"

OIDC error key for invalid requests.

Definition at line 185 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint(), build_authz_response(), and token_endpoint().

◆ OIDC_ERROR_KEY_INVALID_TOKEN

#define OIDC_ERROR_KEY_INVALID_TOKEN   "invalid_token"

OIDC error key for invalid tokens.

Definition at line 190 of file plugin_rest_openid_connect.c.

Referenced by userinfo_endpoint().

◆ OIDC_ERROR_KEY_INVALID_COOKIE

#define OIDC_ERROR_KEY_INVALID_COOKIE   "invalid_cookie"

OIDC error key for invalid cookies.

Definition at line 195 of file plugin_rest_openid_connect.c.

Referenced by code_redirect().

◆ OIDC_ERROR_KEY_SERVER_ERROR

#define OIDC_ERROR_KEY_SERVER_ERROR   "server_error"

◆ OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE

#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE   "unsupported_grant_type"

OIDC error key for unsupported grants.

Definition at line 205 of file plugin_rest_openid_connect.c.

Referenced by token_endpoint().

◆ OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE

#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE   "unsupported_response_type"

OIDC error key for unsupported response types.

Definition at line 210 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

◆ OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT

#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT   "unauthorized_client"

OIDC error key for unauthorized clients.

Definition at line 215 of file plugin_rest_openid_connect.c.

Referenced by authorize_endpoint().

◆ OIDC_ERROR_KEY_ACCESS_DENIED

#define OIDC_ERROR_KEY_ACCESS_DENIED   "access_denied"

OIDC error key for denied access.

Definition at line 220 of file plugin_rest_openid_connect.c.

Referenced by build_authz_response().

Function Documentation

◆ cleanup_handle()

static void cleanup_handle ( struct RequestHandle handle)
static

Cleanup lookup handle.

Parameters
handleHandle to clean up

Definition at line 541 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, RequestHandle::attests_list, RequestHandle::attr_idtoken_list, RequestHandle::attr_it, RequestHandle::attr_userinfo_list, OIDC_Variables::client_id, RequestHandle::edesc, RequestHandle::ego_head, RequestHandle::ego_tail, RequestHandle::emsg, RequestHandle::gns_handle, RequestHandle::gns_op, GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_disconnect(), GNUNET_GNS_lookup_cancel(), GNUNET_IDENTITY_disconnect(), GNUNET_log, GNUNET_NAMESTORE_disconnect(), GNUNET_RECLAIM_attestation_list_destroy(), GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_disconnect(), GNUNET_RECLAIM_get_attestations_stop(), GNUNET_RECLAIM_get_attributes_stop(), GNUNET_RECLAIM_ticket_iteration_stop(), GNUNET_SCHEDULER_cancel(), EgoEntry::identifier, RequestHandle::identity_handle, RequestHandle::idp, RequestHandle::idp_op, EgoEntry::keystring, OIDC_Variables::login_identity, RequestHandle::namestore_handle, OIDC_Variables::nonce, RequestHandle::oidc, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::response, OIDC_Variables::response_type, OIDC_Variables::scope, OIDC_Variables::state, RequestHandle::ticket_it, RequestHandle::timeout_task, RequestHandle::tld, and RequestHandle::url.

Referenced by cleanup_handle_delayed(), options_cont(), and return_userinfo_response().

542 {
543  struct EgoEntry *ego_entry;
544 
545  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
546  if (NULL != handle->timeout_task)
548  if (NULL != handle->identity_handle)
550  if (NULL != handle->attr_it)
552  if (NULL != handle->attest_it)
554  if (NULL != handle->ticket_it)
556  if (NULL != handle->idp_op)
557  GNUNET_RECLAIM_cancel (handle->idp_op);
558  if (NULL != handle->idp)
559  GNUNET_RECLAIM_disconnect (handle->idp);
560  GNUNET_free (handle->url);
561  GNUNET_free (handle->tld);
562  GNUNET_free (handle->redirect_prefix);
563  GNUNET_free (handle->redirect_suffix);
564  GNUNET_free (handle->emsg);
565  GNUNET_free (handle->edesc);
566  if (NULL != handle->gns_op)
568  if (NULL != handle->gns_handle)
570 
571  if (NULL != handle->namestore_handle)
573  if (NULL != handle->oidc)
574  {
575  GNUNET_free (handle->oidc->client_id);
576  GNUNET_free (handle->oidc->login_identity);
577  GNUNET_free (handle->oidc->nonce);
578  GNUNET_free (handle->oidc->redirect_uri);
579  GNUNET_free (handle->oidc->response_type);
580  GNUNET_free (handle->oidc->scope);
581  GNUNET_free (handle->oidc->state);
582  json_decref (handle->oidc->response);
583  GNUNET_free (handle->oidc);
584  }
585  if (NULL!=handle->attr_idtoken_list)
587  if (NULL!=handle->attr_userinfo_list)
589  if (NULL!=handle->attests_list)
591 
592  while (NULL != (ego_entry = handle->ego_head))
593  {
595  handle->ego_tail,
596  ego_entry);
597  GNUNET_free (ego_entry->identifier);
598  GNUNET_free (ego_entry->keystring);
599  GNUNET_free (ego_entry);
600  }
601  GNUNET_free (handle);
602 }
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
struct EgoEntry * ego_tail
Ego list.
char * nonce
The OIDC nonce.
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
void GNUNET_RECLAIM_attestation_list_destroy(struct GNUNET_RECLAIM_AttestationList *attestations)
Destroy claim list.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
void GNUNET_RECLAIM_disconnect(struct GNUNET_RECLAIM_Handle *h)
Disconnect from identity provider service.
Definition: reclaim_api.c:1066
void GNUNET_RECLAIM_cancel(struct GNUNET_RECLAIM_Operation *op)
Cancel an identity provider operation.
Definition: reclaim_api.c:1051
void GNUNET_RECLAIM_ticket_iteration_stop(struct GNUNET_RECLAIM_TicketIterator *it)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1661
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The ego list.
char * response_type
The OIDC response type.
void GNUNET_NAMESTORE_disconnect(struct GNUNET_NAMESTORE_Handle *h)
Disconnect from the namestore service (and free associated resources).
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
void GNUNET_GNS_disconnect(struct GNUNET_GNS_Handle *handle)
Shutdown connection with the GNS service.
Definition: gns_api.c:290
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
char * tld
The tld for redirect.
void GNUNET_IDENTITY_disconnect(struct GNUNET_IDENTITY_Handle *h)
Disconnect from identity service.
Definition: identity_api.c:884
char * keystring
Public key string.
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
char * state
The OIDC state.
char * identifier
Ego Identifier.
char * redirect_prefix
The redirect prefix.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
struct EgoEntry * ego_head
Ego list.
void GNUNET_RECLAIM_get_attributes_stop(struct GNUNET_RECLAIM_AttributeIterator *it)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1360
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
char * redirect_suffix
The redirect suffix.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
#define GNUNET_log(kind,...)
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
void * GNUNET_GNS_lookup_cancel(struct GNUNET_GNS_LookupRequest *lr)
Cancel pending lookup request.
Definition: gns_api.c:314
json_t * response
The response JSON.
void GNUNET_RECLAIM_get_attestations_stop(struct GNUNET_RECLAIM_AttestationIterator *ait)
Stops iteration and releases the handle for further calls.
Definition: reclaim_api.c:1471
struct GNUNET_IDENTITY_Handle * identity_handle
Handle to Identity service.
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_NAMESTORE_Handle * namestore_handle
Handle to NAMESTORE.
char * login_identity
The identity chosen by the user to login.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:972
char * url
The url.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cleanup_handle_delayed()

static void cleanup_handle_delayed ( void *  cls)
static

Definition at line 606 of file plugin_rest_openid_connect.c.

References cleanup_handle().

Referenced by build_redirect(), do_error(), do_redirect_error(), do_userinfo_error(), login_cont(), login_redirect(), oidc_ticket_issue_cb(), and token_endpoint().

607 {
608  cleanup_handle (cls);
609 }
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_error()

static void do_error ( void *  cls)
static

Task run on error, sends error message.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 618 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::response_code, and OIDC_Variables::state.

Referenced by authorize_endpoint(), build_authz_response(), do_timeout(), init_cont(), login_redirect(), oidc_iteration_error(), and token_endpoint().

619 {
620  struct RequestHandle *handle = cls;
621  struct MHD_Response *resp;
622  char *json_error;
623 
624  GNUNET_asprintf (&json_error,
625  "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
626  handle->emsg,
627  (NULL != handle->edesc) ? handle->edesc : "",
628  (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
629  (NULL != handle->oidc->state) ? handle->oidc->state : "",
630  (NULL != handle->oidc->state) ? "\"" : "");
631  if (0 == handle->response_code)
632  handle->response_code = MHD_HTTP_BAD_REQUEST;
633  resp = GNUNET_REST_create_response (json_error);
634  if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
635  MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Basic");
636  MHD_add_response_header (resp,
637  MHD_HTTP_HEADER_CONTENT_TYPE,
638  "application/json");
639  handle->proc (handle->proc_cls, resp, handle->response_code);
641  GNUNET_free (json_error);
642 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_userinfo_error()

static void do_userinfo_error ( void *  cls)
static

Task run on error in userinfo endpoint, sends error header.

Cleans up everything

Parameters
clsthe struct RequestHandle

Definition at line 652 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), handle, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::response_code.

Referenced by userinfo_endpoint().

653 {
654  struct RequestHandle *handle = cls;
655  struct MHD_Response *resp;
656  char *error;
657 
658  GNUNET_asprintf (&error,
659  "error=\"%s\", error_description=\"%s\"",
660  handle->emsg,
661  (NULL != handle->edesc) ? handle->edesc : "");
662  resp = GNUNET_REST_create_response ("");
663  MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer");
664  handle->proc (handle->proc_cls, resp, handle->response_code);
666  GNUNET_free (error);
667 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_redirect_error()

static void do_redirect_error ( void *  cls)
static

Task run on error, sends error message and redirects.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 676 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, OIDC_Variables::redirect_uri, and OIDC_Variables::state.

Referenced by build_authz_response(), code_redirect(), lookup_redirect_uri_result(), oidc_attr_collect_finished_cb(), and oidc_ticket_issue_cb().

677 {
678  struct RequestHandle *handle = cls;
679  struct MHD_Response *resp;
680  char *redirect;
681 
682  GNUNET_asprintf (&redirect,
683  "%s?error=%s&error_description=%s%s%s",
684  handle->oidc->redirect_uri,
685  handle->emsg,
686  handle->edesc,
687  (NULL != handle->oidc->state) ? "&state=" : "",
688  (NULL != handle->oidc->state) ? handle->oidc->state : "");
689  resp = GNUNET_REST_create_response ("");
690  MHD_add_response_header (resp, "Location", redirect);
691  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
693  GNUNET_free (redirect);
694 }
char * redirect_uri
The OIDC redirect uri.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_timeout()

static void do_timeout ( void *  cls)
static

Task run on timeout, sends error message.

Cleans up everything.

Parameters
clsthe struct RequestHandle

Definition at line 703 of file plugin_rest_openid_connect.c.

References do_error(), handle, and RequestHandle::timeout_task.

Referenced by rest_identity_process_request().

704 {
705  struct RequestHandle *handle = cls;
706 
707  handle->timeout_task = NULL;
708  do_error (handle);
709 }
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void do_error(void *cls)
Task run on error, sends error message.
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ return_userinfo_response()

static void return_userinfo_response ( void *  cls)
static

Return attributes for claim.

Parameters
clsthe request handle

Definition at line 718 of file plugin_rest_openid_connect.c.

References cleanup_handle(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_REST_create_response(), handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, and OIDC_Variables::response.

Referenced by consume_ticket().

719 {
720  char *result_str;
721  struct RequestHandle *handle = cls;
722  struct MHD_Response *resp;
723 
724  result_str = json_dumps (handle->oidc->response, 0);
725  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,"ID-Token: %s\n",result_str);
726  resp = GNUNET_REST_create_response (result_str);
727  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
728  GNUNET_free (result_str);
729  cleanup_handle (handle);
730 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_log(kind,...)
json_t * response
The response JSON.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ options_cont()

static void options_cont ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Respond to OPTIONS request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 741 of file plugin_rest_openid_connect.c.

References allow_methods, cleanup_handle(), GNUNET_REST_create_response(), handle, RequestHandle::proc, and RequestHandle::proc_cls.

Referenced by init_cont().

744 {
745  struct MHD_Response *resp;
746  struct RequestHandle *handle = cls;
747 
748  // For now, independent of path return all options
749  resp = GNUNET_REST_create_response (NULL);
750  MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
751  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
752  cleanup_handle (handle);
753  return;
754 }
GNUNET_REST_ResultProcessor proc
The plugin result processor.
void * proc_cls
The closure of the result processor.
The request handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
static char * allow_methods
HTTP methods allows for this plugin.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cookie_identity_interpretation()

static void cookie_identity_interpretation ( struct RequestHandle handle)
static

Interprets cookie header and pass its identity keystring to handle.

Definition at line 761 of file plugin_rest_openid_connect.c.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NO, GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, GNUNET_REST_RequestHandle::header_param_map, OIDC_Variables::login_identity, RequestHandle::oidc, OIDC_COOKIE_HEADER_ACCESS_DENIED, OIDC_COOKIE_HEADER_INFORMATION_KEY, OIDC_COOKIE_HEADER_KEY, RequestHandle::rest_handle, OIDC_Variables::user_cancelled, and value.

Referenced by authorize_endpoint().

762 {
763  struct GNUNET_HashCode cache_key;
764  char *cookies;
765  struct GNUNET_TIME_Absolute current_time, *relog_time;
766  char delimiter[] = "; ";
767  char *tmp_cookies;
768  char *token;
769  char *value;
770 
771  // gets identity of login try with cookie
773  strlen (OIDC_COOKIE_HEADER_KEY),
774  &cache_key);
777  &cache_key))
778  {
779  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
780  return;
781  }
782  // splits cookies and find 'Identity' cookie
783  tmp_cookies =
785  &cache_key);
786  cookies = GNUNET_strdup (tmp_cookies);
787  token = strtok (cookies, delimiter);
788  handle->oidc->user_cancelled = GNUNET_NO;
789  handle->oidc->login_identity = NULL;
790  if (NULL == token)
791  {
793  "Unable to parse cookie: %s\n",
794  cookies);
795  GNUNET_free (cookies);
796  return;
797  }
798 
799  while (NULL != token)
800  {
801  if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED))
802  {
803  handle->oidc->user_cancelled = GNUNET_YES;
804  GNUNET_free (cookies);
805  return;
806  }
807  if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY))
808  break;
809  token = strtok (NULL, delimiter);
810  }
811  if (NULL == token)
812  {
814  "No cookie value to process: %s\n",
815  cookies);
816  GNUNET_free (cookies);
817  return;
818  }
819  GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
820  if (GNUNET_NO ==
822  {
823  GNUNET_log (
825  "Found cookie `%s', but no corresponding expiration entry present...\n",
826  token);
827  GNUNET_free (cookies);
828  return;
829  }
830  relog_time =
832  current_time = GNUNET_TIME_absolute_get ();
833  // 30 min after old login -> redirect to login
834  if (current_time.abs_value_us > relog_time->abs_value_us)
835  {
837  "Found cookie `%s', but it is expired.\n",
838  token);
839  GNUNET_free (cookies);
840  return;
841  }
842  value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
843  GNUNET_assert (NULL != value);
844  handle->oidc->login_identity = GNUNET_strdup (value);
845  GNUNET_free (cookies);
846 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define OIDC_COOKIE_HEADER_INFORMATION_KEY
OIDC cookie header information key.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED
OIDC cookie header if user cancelled.
int user_cancelled
User cancelled authorization/login.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
uint64_t abs_value_us
The actual value.
struct OIDC_Variables * oidc
OIDC variables.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * value
Value of the record to add/remove.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
#define GNUNET_log(kind,...)
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
#define OIDC_COOKIE_HEADER_KEY
OIDC cookie header key.
#define GNUNET_free(ptr)
Wrapper around free.
char * login_identity
The identity chosen by the user to login.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ login_redirect()

static void login_redirect ( void *  cls)
static

Redirects to login page stored in configuration file.

Definition at line 853 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, cleanup_handle_delayed(), OIDC_Variables::client_id, OIDC_Variables::code_challenge, do_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_free, GNUNET_OK, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, OIDC_Variables::nonce, RequestHandle::oidc, OIDC_CLAIMS_KEY, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, OIDC_STATE_KEY, RequestHandle::proc, RequestHandle::proc_cls, OIDC_Variables::redirect_uri, RequestHandle::response_code, OIDC_Variables::response_type, OIDC_Variables::scope, and OIDC_Variables::state.

Referenced by build_authz_response(), and code_redirect().

854 {
855  char *login_base_url;
856  char *new_redirect;
857  struct MHD_Response *resp;
858  struct RequestHandle *handle = cls;
859 
861  "reclaim-rest-plugin",
862  "address",
863  &login_base_url))
864  {
865  GNUNET_asprintf (&new_redirect,
866  "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
867  login_base_url,
869  handle->oidc->response_type,
871  handle->oidc->client_id,
873  handle->oidc->redirect_uri,
875  handle->oidc->scope,
877  (NULL != handle->oidc->state) ? handle->oidc->state : "",
879  (NULL != handle->oidc->code_challenge) ?
880  handle->oidc->code_challenge : "",
882  (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
884  (NULL != handle->oidc->claims) ? handle->oidc->claims :
885  "");
886  resp = GNUNET_REST_create_response ("");
887  MHD_add_response_header (resp, "Location", new_redirect);
888  GNUNET_free (login_base_url);
889  }
890  else
891  {
893  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
894  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
896  return;
897  }
898  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
899  GNUNET_free (new_redirect);
901 }
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
#define OIDC_NONCE_KEY
OIDC nonce key.
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
char * nonce
The OIDC nonce.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
#define OIDC_CLAIMS_KEY
OIDC claims key.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
#define OIDC_STATE_KEY
OIDC state key.
The request handle.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
char * claims
The OIDC claims.
char * state
The OIDC state.
static void do_error(void *cls)
Task run on error, sends error message.
static void cleanup_handle_delayed(void *cls)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_iteration_error()

static void oidc_iteration_error ( void *  cls)
static

Does internal server error when iteration failed.

Definition at line 908 of file plugin_rest_openid_connect.c.

References do_error(), RequestHandle::emsg, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, OIDC_ERROR_KEY_SERVER_ERROR, and RequestHandle::response_code.

Referenced by code_redirect(), and oidc_attr_collect_finished_cb().

909 {
910  struct RequestHandle *handle = cls;
911 
913  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
915 }
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
The request handle.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
static void do_error(void *cls)
Task run on error, sends error message.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_ticket_issue_cb()

static void oidc_ticket_issue_cb ( void *  cls,
const struct GNUNET_RECLAIM_Ticket ticket 
)
static

Issues ticket and redirects to relying party with the authorization code as parameter.

Otherwise redirects with error

Definition at line 923 of file plugin_rest_openid_connect.c.

References RequestHandle::attests_list, RequestHandle::attr_idtoken_list, cleanup_handle_delayed(), OIDC_Variables::code_challenge, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_data_to_string_alloc(), handle, RequestHandle::idp_op, OIDC_Variables::nonce, RequestHandle::oidc, OIDC_build_authz_code(), OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::priv_key, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, OIDC_Variables::state, ticket, RequestHandle::ticket, and RequestHandle::tld.

Referenced by oidc_attest_collect_finished_cb().

924 {
925  struct RequestHandle *handle = cls;
926  struct MHD_Response *resp;
927  char *ticket_str;
928  char *redirect_uri;
929  char *code_string;
930 
931  handle->idp_op = NULL;
932  if (NULL == ticket)
933  {
935  handle->edesc = GNUNET_strdup ("Server cannot generate ticket.");
937  return;
938  }
939  handle->ticket = *ticket;
940  ticket_str =
942  sizeof(struct GNUNET_RECLAIM_Ticket));
943  code_string = OIDC_build_authz_code (&handle->priv_key,
944  &handle->ticket,
945  handle->attr_idtoken_list,
946  handle->attests_list,
947  handle->oidc->nonce,
948  handle->oidc->code_challenge);
949  if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) &&
950  (NULL != handle->tld))
951  {
952  GNUNET_asprintf (&redirect_uri,
953  "%s.%s/%s?%s=%s&state=%s",
954  handle->redirect_prefix,
955  handle->tld,
956  handle->redirect_suffix,
957  handle->oidc->response_type,
958  code_string,
959  handle->oidc->state);
960  }
961  else
962  {
963  GNUNET_asprintf (&redirect_uri,
964  "%s?%s=%s&state=%s",
965  handle->oidc->redirect_uri,
966  handle->oidc->response_type,
967  code_string,
968  handle->oidc->state);
969  }
970  resp = GNUNET_REST_create_response ("");
971  MHD_add_response_header (resp, "Location", redirect_uri);
972  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
974  GNUNET_free (redirect_uri);
975  GNUNET_free (ticket_str);
976  GNUNET_free (code_string);
977 }
char * redirect_uri
The OIDC redirect uri.
The authorization ticket.
char * nonce
The OIDC nonce.
char * OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_AttestationList *attests, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
Definition: oidc_helper.c:424
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * response_type
The OIDC response type.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
char * tld
The tld for redirect.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
char * redirect_prefix
The redirect prefix.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
char * redirect_suffix
The redirect suffix.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:935
char * code_challenge
The PKCE code_challenge.
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attribute_list_merge()

static struct GNUNET_RECLAIM_AttributeList* attribute_list_merge ( struct GNUNET_RECLAIM_AttributeList list_a,
struct GNUNET_RECLAIM_AttributeList list_b 
)
static

Attribute already in list

Attribute already in list

Definition at line 981 of file plugin_rest_openid_connect.c.

References attestation, GNUNET_RECLAIM_Attribute::attestation, GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_YES, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, and GNUNET_RECLAIM_Attribute::type.

Referenced by oidc_attest_collect_finished_cb().

983 {
984  struct GNUNET_RECLAIM_AttributeList *merged_list;
988 
989  merged_list = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
990  for (le_a = list_a->list_head; NULL != le_a; le_a = le_a->next)
991  {
994  &le_a->attribute->
995  attestation,
996  le_a->attribute->type,
997  le_a->attribute->data,
998  le_a->attribute->data_size);
999  le_m->attribute->id = le_a->attribute->id;
1000  le_m->attribute->flag = le_a->attribute->flag;
1001  le_m->attribute->attestation = le_a->attribute->attestation;
1002  GNUNET_CONTAINER_DLL_insert (merged_list->list_head,
1003  merged_list->list_tail,
1004  le_m);
1005  }
1006  le_m = NULL;
1007  for (le_b = list_b->list_head; NULL != le_b; le_b = le_b->next)
1008  {
1009  for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next)
1010  {
1012  &le_b->attribute->id))
1013  break;
1014  }
1015  if (NULL != le_m)
1016  continue;
1019  &le_b->attribute->
1020  attestation,
1021  le_b->attribute->type,
1022  le_b->attribute->data,
1023  le_b->attribute->data_size);
1024  le_m->attribute->id = le_b->attribute->id;
1025  le_m->attribute->flag = le_b->attribute->flag;
1026  le_m->attribute->attestation = le_b->attribute->attestation;
1027  GNUNET_CONTAINER_DLL_insert (merged_list->list_head,
1028  merged_list->list_tail,
1029  le_m);
1030  }
1031  return merged_list;
1032 }
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
const char * name
The name of the attribute.
A list of GNUNET_RECLAIM_Attribute structures.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
struct GNUNET_RECLAIM_Identifier id
ID.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *attestation, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
static struct GNUNET_RECLAIM_Identifier attestation
Attestation ID.
#define GNUNET_RECLAIM_id_is_equal(a, b)
const void * data
Binary value stored as attribute value.
uint32_t type
Type of Claim.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attest_collect_finished_cb()

static void oidc_attest_collect_finished_cb ( void *  cls)
static

Definition at line 1036 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, RequestHandle::attr_idtoken_list, RequestHandle::attr_userinfo_list, attribute_list_merge(), OIDC_Variables::client_pkey, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_ticket_issue(), handle, RequestHandle::idp, RequestHandle::idp_op, RequestHandle::oidc, oidc_ticket_issue_cb(), and RequestHandle::priv_key.

Referenced by oidc_attr_collect_finished_cb().

1037 {
1038  struct RequestHandle *handle = cls;
1039  struct GNUNET_RECLAIM_AttributeList *merged_list;
1040 
1041  handle->attest_it = NULL;
1042  merged_list = attribute_list_merge (handle->attr_idtoken_list,
1043  handle->attr_userinfo_list);
1044  handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
1045  &handle->priv_key,
1046  &handle->oidc->client_pkey,
1047  merged_list,
1049  handle);
1051 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
static struct GNUNET_RECLAIM_AttributeList * attribute_list_merge(struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b)
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
static void oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
Issues ticket and redirects to relying party with the authorization code as parameter.
A list of GNUNET_RECLAIM_Attribute structures.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_issue(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, const struct GNUNET_RECLAIM_AttributeList *attrs, GNUNET_RECLAIM_TicketCallback cb, void *cb_cls)
Issues a ticket to a relying party.
Definition: reclaim_api.c:1504
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attest_collect()

static void oidc_attest_collect ( void *  cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey identity,
const struct GNUNET_RECLAIM_Attestation attest 
)
static

Collects all attributes for an ego if in scope parameter.

Attestation already in list

Attestation matches for attribute, add

Definition at line 1058 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, GNUNET_RECLAIM_Attribute::attestation, GNUNET_RECLAIM_AttestationListEntry::attestation, RequestHandle::attests_list, RequestHandle::attr_idtoken_list, GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attestation::data, GNUNET_RECLAIM_Attestation::data_size, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_NO, GNUNET_RECLAIM_attestation_new(), GNUNET_RECLAIM_get_attestations_next(), GNUNET_RECLAIM_id_is_equal, handle, GNUNET_RECLAIM_Attestation::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttestationList::list_head, GNUNET_RECLAIM_AttestationList::list_tail, GNUNET_RECLAIM_Attestation::name, GNUNET_RECLAIM_AttributeListEntry::next, GNUNET_RECLAIM_AttestationListEntry::next, and GNUNET_RECLAIM_Attestation::type.

Referenced by oidc_attr_collect_finished_cb().

1061 {
1062  struct RequestHandle *handle = cls;
1065 
1066  for (ale = handle->attests_list->list_head; NULL != ale; ale = ale->next)
1067  {
1069  &attest->id))
1070  continue;
1073  return;
1074  }
1075 
1076  for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next)
1077  {
1079  &attest->id))
1080  continue;
1084  attest->type,
1085  attest->data,
1086  attest->data_size);
1088  handle->attests_list->list_tail,
1089  ale);
1090  }
1092 }
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
struct GNUNET_RECLAIM_Attestation * attestation
The attestation.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void GNUNET_RECLAIM_get_attestations_next(struct GNUNET_RECLAIM_AttestationIterator *ait)
Calls the record processor specified in #GNUNET_RECLAIM_get_attestation_start for the next record...
Definition: reclaim_api.c:1449
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Attestation * GNUNET_RECLAIM_attestation_new(const char *name, uint32_t type, const void *data, size_t data_size)
Create a new attestation.
const char * name
The name of the attribute.
struct GNUNET_RECLAIM_Identifier id
ID.
uint32_t type
Type/Format of Claim.
struct GNUNET_RECLAIM_AttestationListEntry * list_head
List head.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
const void * data
Binary value stored as attribute value.
struct GNUNET_RECLAIM_AttestationListEntry * list_tail
List tail.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
#define GNUNET_RECLAIM_id_is_equal(a, b)
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
struct GNUNET_RECLAIM_AttestationListEntry * next
DLL.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attr_collect_finished_cb()

static void oidc_attr_collect_finished_cb ( void *  cls)
static

Definition at line 1096 of file plugin_rest_openid_connect.c.

References RequestHandle::attest_it, RequestHandle::attests_list, RequestHandle::attr_idtoken_list, RequestHandle::attr_it, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, GNUNET_new, GNUNET_RECLAIM_get_attestations_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, RequestHandle::idp, GNUNET_RECLAIM_AttributeList::list_head, oidc_attest_collect(), oidc_attest_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_SCOPE, oidc_iteration_error(), RequestHandle::priv_key, and RequestHandle::ticket_it.

Referenced by code_redirect().

1097 {
1098  struct RequestHandle *handle = cls;
1099 
1100  handle->attr_it = NULL;
1101  handle->ticket_it = NULL;
1102  if (NULL == handle->attr_idtoken_list->list_head)
1103  {
1105  handle->edesc = GNUNET_strdup ("The requested scope is not available.");
1107  return;
1108  }
1110  handle->attest_it =
1112  &handle->priv_key,
1114  handle,
1116  handle,
1118  handle);
1119 
1120 }
struct GNUNET_RECLAIM_AttestationIterator * GNUNET_RECLAIM_get_attestations_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttestationResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attestations for a local identity.
Definition: reclaim_api.c:1402
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
A list of GNUNET_RECLAIM_Attestation structures.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
The request handle.
char * emsg
Error response message.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void oidc_attest_collect(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attestation *attest)
Collects all attributes for an ego if in scope parameter.
static void oidc_attest_collect_finished_cb(void *cls)
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attr_in_claims_request()

static int attr_in_claims_request ( struct RequestHandle handle,
const char *  attr_name,
const char *  claims_parameter 
)
static

Try claims parameter if no in scope

Definition at line 1124 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, GNUNET_free, GNUNET_NO, GNUNET_strdup, GNUNET_YES, Plugin::key, RequestHandle::oidc, ret, OIDC_Variables::scope, and value.

Referenced by attr_in_idtoken_request(), and attr_in_userinfo_request().

1127 {
1128  char *scope_variables;
1129  char *scope_variable;
1130  char delimiter[] = " ";
1131  int ret = GNUNET_NO;
1132  json_t *root;
1133  json_error_t error;
1134  json_t *claims_j;
1135  const char *key;
1136  json_t *value;
1137 
1138  scope_variables = GNUNET_strdup (handle->oidc->scope);
1139  scope_variable = strtok (scope_variables, delimiter);
1140  while (NULL != scope_variable)
1141  {
1142  if (0 == strcmp (attr_name, scope_variable))
1143  break;
1144  scope_variable = strtok (NULL, delimiter);
1145  }
1146  if (NULL != scope_variable)
1147  ret = GNUNET_YES;
1148  GNUNET_free (scope_variables);
1149 
1151  if ((NULL != handle->oidc->claims) &&
1152  (GNUNET_YES != ret))
1153  {
1154  root = json_loads (handle->oidc->claims, JSON_DECODE_ANY, &error);
1155  claims_j = json_object_get (root, claims_parameter);
1156  /* obj is a JSON object */
1157  if (NULL != claims_j)
1158  {
1159  json_object_foreach (claims_j, key, value) {
1160  if (0 != strcmp (attr_name, key))
1161  continue;
1162  ret = GNUNET_YES;
1163  break;
1164  }
1165  }
1166  json_decref (root);
1167  }
1168  return ret;
1169 }
char * scope
The list of oidc scopes.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
struct OIDC_Variables * oidc
OIDC variables.
static char * value
Value of the record to add/remove.
static char * attr_name
The attribute.
char * claims
The OIDC claims.
struct GNUNET_HashCode key
The key used in the DHT.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ attr_in_idtoken_request()

static int attr_in_idtoken_request ( struct RequestHandle handle,
const char *  attr_name 
)
static

Definition at line 1173 of file plugin_rest_openid_connect.c.

References attr_in_claims_request().

Referenced by oidc_attr_collect().

1175 {
1176  return attr_in_claims_request (handle, attr_name, "id_token");
1177 }
static char * attr_name
The attribute.
static int attr_in_claims_request(struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attr_in_userinfo_request()

static int attr_in_userinfo_request ( struct RequestHandle handle,
const char *  attr_name 
)
static

Definition at line 1181 of file plugin_rest_openid_connect.c.

References attr_in_claims_request().

Referenced by oidc_attr_collect().

1183 {
1184  return attr_in_claims_request (handle, attr_name, "userinfo");
1185 }
static char * attr_name
The attribute.
static int attr_in_claims_request(struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ oidc_attr_collect()

static void oidc_attr_collect ( void *  cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey identity,
const struct GNUNET_RECLAIM_Attribute attr 
)
static

Collects all attributes for an ego if in scope parameter.

Definition at line 1192 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Attribute::attestation, RequestHandle::attr_idtoken_list, attr_in_idtoken_request(), attr_in_userinfo_request(), RequestHandle::attr_it, RequestHandle::attr_userinfo_list, GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_get_attributes_next(), GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, and GNUNET_RECLAIM_Attribute::type.

Referenced by code_redirect().

1195 {
1196  struct RequestHandle *handle = cls;
1198  if (GNUNET_YES == attr_in_idtoken_request (handle, attr->name))
1199  {
1202  &attr->attestation,
1203  attr->type,
1204  attr->data,
1205  attr->data_size);
1206  le->attribute->id = attr->id;
1207  le->attribute->flag = attr->flag;
1208  le->attribute->attestation = attr->attestation;
1210  handle->attr_idtoken_list->list_tail,
1211  le);
1212  }
1213  if (GNUNET_YES == attr_in_userinfo_request (handle, attr->name))
1214  {
1217  &attr->attestation,
1218  attr->type,
1219  attr->data,
1220  attr->data_size);
1221  le->attribute->id = attr->id;
1222  le->attribute->flag = attr->flag;
1223  le->attribute->attestation = attr->attestation;
1225  handle->attr_userinfo_list->list_tail,
1226  le);
1227  }
1228 
1230 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
const char * name
The name of the attribute.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void GNUNET_RECLAIM_get_attributes_next(struct GNUNET_RECLAIM_AttributeIterator *it)
Calls the record processor specified in GNUNET_RECLAIM_get_attributes_start for the next record...
Definition: reclaim_api.c:1339
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
The request handle.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
static int attr_in_userinfo_request(struct RequestHandle *handle, const char *attr_name)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_RECLAIM_Identifier id
ID.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *attestation, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
const void * data
Binary value stored as attribute value.
static int attr_in_idtoken_request(struct RequestHandle *handle, const char *attr_name)
uint32_t type
Type of Claim.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ code_redirect()

static void code_redirect ( void *  cls)
static

Checks time and cookie and redirects accordingly.

Definition at line 1237 of file plugin_rest_openid_connect.c.

References GNUNET_TIME_Absolute::abs_value_us, RequestHandle::attr_idtoken_list, RequestHandle::attr_it, RequestHandle::attr_userinfo_list, do_redirect_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::ego_entry, RequestHandle::ego_head, RequestHandle::emsg, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_ecdsa_public_key_from_string(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_connect(), GNUNET_RECLAIM_get_attributes_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, RequestHandle::idp, OIDC_Variables::login_identity, login_redirect(), EgoEntry::next, RequestHandle::oidc, oidc_attr_collect(), oidc_attr_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_COOKIE, oidc_iteration_error(), and RequestHandle::priv_key.

Referenced by build_redirect().

1238 {
1239  struct RequestHandle *handle = cls;
1240  struct GNUNET_TIME_Absolute current_time;
1241  struct GNUNET_TIME_Absolute *relog_time;
1243  struct GNUNET_CRYPTO_EcdsaPublicKey ego_pkey;
1244  struct GNUNET_HashCode cache_key;
1245  char *identity_cookie;
1246 
1247  GNUNET_asprintf (&identity_cookie,
1248  "Identity=%s",
1249  handle->oidc->login_identity);
1250  GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
1251  GNUNET_free (identity_cookie);
1252  // No login time for identity -> redirect to login
1253  if (GNUNET_YES ==
1255  {
1256  relog_time =
1258  current_time = GNUNET_TIME_absolute_get ();
1259  // 30 min after old login -> redirect to login
1260  if (current_time.abs_value_us <= relog_time->abs_value_us)
1261  {
1262  if (GNUNET_OK !=
1264  ->login_identity,
1265  strlen (
1266  handle->oidc
1267  ->login_identity),
1268  &pubkey))
1269  {
1271  handle->edesc =
1272  GNUNET_strdup ("The cookie of a login identity is not valid");
1274  return;
1275  }
1276  // iterate over egos and compare their public key
1277  for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1278  handle->ego_entry = handle->ego_entry->next)
1279  {
1280  GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
1281  if (0 == GNUNET_memcmp (&ego_pkey, &pubkey))
1282  {
1283  handle->priv_key =
1285  handle->idp = GNUNET_RECLAIM_connect (cfg);
1286  handle->attr_idtoken_list =
1288  handle->attr_userinfo_list =
1290  handle->attr_it =
1292  &handle->priv_key,
1294  handle,
1296  handle,
1298  handle);
1299  return;
1300  }
1301  }
1303  return;
1304  }
1305  }
1306 }
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
struct GNUNET_RECLAIM_AttributeIterator * GNUNET_RECLAIM_get_attributes_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttributeResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attributes for a local identity.
Definition: reclaim_api.c:1293
static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey
Public key of the zone to look in.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:595
A list of GNUNET_RECLAIM_Attribute structures.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
uint64_t abs_value_us
The actual value.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
static void oidc_attr_collect(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
Collects all attributes for an ego if in scope parameter.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_COOKIE
OIDC error key for invalid cookies.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:366
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
struct EgoEntry * ego_entry
IDENTITY Operation.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct GNUNET_RECLAIM_Handle * GNUNET_RECLAIM_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the re:claimID service.
Definition: reclaim_api.c:1026
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:608
struct EgoEntry * next
DLL.
#define GNUNET_free(ptr)
Wrapper around free.
static void oidc_attr_collect_finished_cb(void *cls)
char * login_identity
The identity chosen by the user to login.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ build_redirect()

static void build_redirect ( void *  cls)
static

Definition at line 1310 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), code_redirect(), GNUNET_asprintf(), GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_YES, handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, OIDC_Variables::redirect_uri, OIDC_Variables::state, RequestHandle::tld, and OIDC_Variables::user_cancelled.

Referenced by lookup_redirect_uri_result().

1311 {
1312  struct RequestHandle *handle = cls;
1313  struct MHD_Response *resp;
1314  char *redirect_uri;
1315 
1316  if (GNUNET_YES == handle->oidc->user_cancelled)
1317  {
1318  if ((NULL != handle->redirect_prefix) &&
1319  (NULL != handle->redirect_suffix) && (NULL != handle->tld))
1320  {
1321  GNUNET_asprintf (&redirect_uri,
1322  "%s.%s/%s?error=%s&error_description=%s&state=%s",
1323  handle->redirect_prefix,
1324  handle->tld,
1325  handle->redirect_suffix,
1326  "access_denied",
1327  "User denied access",
1328  handle->oidc->state);
1329  }
1330  else
1331  {
1332  GNUNET_asprintf (&redirect_uri,
1333  "%s?error=%s&error_description=%s&state=%s",
1334  handle->oidc->redirect_uri,
1335  "access_denied",
1336  "User denied access",
1337  handle->oidc->state);
1338  }
1339  resp = GNUNET_REST_create_response ("");
1340  MHD_add_response_header (resp, "Location", redirect_uri);
1341  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1343  GNUNET_free (redirect_uri);
1344  return;
1345  }
1347 }
char * redirect_uri
The OIDC redirect uri.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
int user_cancelled
User cancelled authorization/login.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
char * tld
The tld for redirect.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void code_redirect(void *cls)
Checks time and cookie and redirects accordingly.
char * state
The OIDC state.
static void cleanup_handle_delayed(void *cls)
char * redirect_prefix
The redirect prefix.
char * redirect_suffix
The redirect suffix.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ lookup_redirect_uri_result()

static void lookup_redirect_uri_result ( void *  cls,
uint32_t  rd_count,
const struct GNUNET_GNSRECORD_Data rd 
)
static

Definition at line 1351 of file plugin_rest_openid_connect.c.

References build_redirect(), OIDC_Variables::client_id, data, data_size, GNUNET_GNSRECORD_Data::data_size, do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, RequestHandle::gns_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_log, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_strndup, handle, RequestHandle::oidc, OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::redirect_prefix, RequestHandle::redirect_suffix, and OIDC_Variables::redirect_uri.

Referenced by client_redirect().

1354 {
1355  struct RequestHandle *handle = cls;
1356  char *tmp;
1357  char *tmp_key_str;
1358  char *pos;
1359  struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
1360 
1361  handle->gns_op = NULL;
1362  if (0 == rd_count)
1363  {
1365  handle->edesc =
1366  GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1368  return;
1369  }
1370  for (int i = 0; i < rd_count; i++)
1371  {
1372  if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
1373  continue;
1374  if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size))
1375  continue;
1376  tmp = GNUNET_strndup (rd[i].data, rd[i].data_size);
1377  if (NULL == strstr (tmp, handle->oidc->client_id))
1378  {
1380  "Redirect uri %s does not contain client_id %s\n",
1381  tmp,
1382  handle->oidc->client_id);
1383  }
1384  else
1385  {
1386  pos = strrchr (tmp, (unsigned char) '.');
1387  if (NULL == pos)
1388  {
1390  "Redirect uri %s contains client_id but is malformed\n",
1391  tmp);
1392  GNUNET_free (tmp);
1393  continue;
1394  }
1395  *pos = '\0';
1396  handle->redirect_prefix = GNUNET_strdup (tmp);
1397  tmp_key_str = pos + 1;
1398  pos = strchr (tmp_key_str, (unsigned char) '/');
1399  if (NULL == pos)
1400  {
1402  "Redirect uri %s contains client_id but is malformed\n",
1403  tmp);
1404  GNUNET_free (tmp);
1405  continue;
1406  }
1407  *pos = '\0';
1408  handle->redirect_suffix = GNUNET_strdup (pos + 1);
1409 
1410  GNUNET_STRINGS_string_to_data (tmp_key_str,
1411  strlen (tmp_key_str),
1412  &redirect_zone,
1413  sizeof(redirect_zone));
1414  }
1416  GNUNET_free (tmp);
1417  return;
1418  }
1420  handle->edesc =
1421  GNUNET_strdup ("Server cannot generate ticket, redirect uri not found.");
1423 }
static void build_redirect(void *cls)
char * redirect_uri
The OIDC redirect uri.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
static size_t data_size
Number of bytes in data.
Definition: gnunet-abd.c:187
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
size_t data_size
Number of bytes in data.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
char * redirect_prefix
The redirect prefix.
char * redirect_suffix
The redirect suffix.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
uint32_t data
The data value.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:970
#define GNUNET_free(ptr)
Wrapper around free.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ client_redirect()

static void client_redirect ( void *  cls)
static

Initiate redirect back to client.

Definition at line 1430 of file plugin_rest_openid_connect.c.

References OIDC_Variables::client_pkey, RequestHandle::gns_handle, RequestHandle::gns_op, GNUNET_GNS_EMPTY_LABEL_AT, GNUNET_GNS_LO_DEFAULT, GNUNET_GNS_lookup(), GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, handle, lookup_redirect_uri_result(), and RequestHandle::oidc.

Referenced by build_authz_response().

1431 {
1432  struct RequestHandle *handle = cls;
1433 
1434  /* Lookup client redirect uri to verify request */
1435  handle->gns_op =
1436  GNUNET_GNS_lookup (handle->gns_handle,
1438  &handle->oidc->client_pkey,
1442  handle);
1443 }
#define GNUNET_GNS_EMPTY_LABEL_AT
String we use to indicate an empty label (top-level entry in the zone).
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
static void lookup_redirect_uri_result(void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
Defaults, look in cache, then in DHT.
struct GNUNET_GNS_LookupRequest * GNUNET_GNS_lookup(struct GNUNET_GNS_Handle *handle, const char *name, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, uint32_t type, enum GNUNET_GNS_LocalOptions options, GNUNET_GNS_LookupResultProcessor proc, void *proc_cls)
Perform an asynchronous lookup operation on the GNS.
Definition: gns_api.c:412
Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_url_parameter_copy()

static char* get_url_parameter_copy ( const struct RequestHandle handle,
const char *  key 
)
static

Definition at line 1447 of file plugin_rest_openid_connect.c.

References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_strdup, GNUNET_YES, RequestHandle::rest_handle, GNUNET_REST_RequestHandle::url_param_map, and value.

Referenced by authorize_endpoint(), build_authz_response(), and token_endpoint().

1448 {
1449  struct GNUNET_HashCode hc;
1450  char *value;
1451 
1452  GNUNET_CRYPTO_hash (key, strlen (key), &hc);
1454  ->url_param_map,
1455  &hc))
1456  return NULL;
1457  value =
1459  if (NULL == value)
1460  return NULL;
1461  return GNUNET_strdup (value);
1462 }
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * value
Value of the record to add/remove.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
struct GNUNET_HashCode key
The key used in the DHT.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ build_authz_response()

static void build_authz_response ( void *  cls)
static

Iteration over all results finished, build final response.

Parameters
clsthe struct RequestHandle

Definition at line 1472 of file plugin_rest_openid_connect.c.

References OIDC_Variables::claims, client_redirect(), do_error(), do_redirect_error(), RequestHandle::edesc, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_YES, handle, iterator(), OIDC_Variables::login_identity, login_redirect(), OIDC_Variables::nonce, RequestHandle::oidc, OIDC_CLAIMS_KEY, OIDC_ERROR_KEY_ACCESS_DENIED, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_SCOPE, OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_SCOPE, OIDC_ignored_parameter_array, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, OIDC_Variables::redirect_uri, OIDC_Variables::response_type, RequestHandle::rest_handle, OIDC_Variables::scope, GNUNET_REST_RequestHandle::url_param_map, and OIDC_Variables::user_cancelled.

Referenced by authorize_endpoint().

1473 {
1474  struct RequestHandle *handle = cls;
1475  struct GNUNET_HashCode cache_key;
1476 
1477  char *expected_scope;
1478  char delimiter[] = " ";
1479  int number_of_ignored_parameter, iterator;
1480 
1481 
1482  // REQUIRED value: redirect_uri
1483  handle->oidc->redirect_uri =
1485  if (NULL == handle->oidc->redirect_uri)
1486  {
1488  handle->edesc = GNUNET_strdup ("missing parameter redirect_uri");
1490  return;
1491  }
1492 
1493  // REQUIRED value: response_type
1494  handle->oidc->response_type =
1496  if (NULL == handle->oidc->response_type)
1497  {
1499  handle->edesc = GNUNET_strdup ("missing parameter response_type");
1501  return;
1502  }
1503 
1504  // REQUIRED value: scope
1505  handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1506  if (NULL == handle->oidc->scope)
1507  {
1509  handle->edesc = GNUNET_strdup ("missing parameter scope");
1511  return;
1512  }
1513 
1514  // OPTIONAL value: nonce
1515  handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY);
1516 
1517  // OPTIONAL value: claims
1518  handle->oidc->claims = get_url_parameter_copy (handle, OIDC_CLAIMS_KEY);
1519 
1520  // TODO check other values if needed
1521  number_of_ignored_parameter =
1522  sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
1523  for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
1524  {
1526  strlen (OIDC_ignored_parameter_array[iterator]),
1527  &cache_key);
1528  if (GNUNET_YES ==
1530  ->url_param_map,
1531  &cache_key))
1532  {
1534  GNUNET_asprintf (&handle->edesc,
1535  "Server will not handle parameter: %s",
1536  OIDC_ignored_parameter_array[iterator]);
1538  return;
1539  }
1540  }
1541 
1542  // We only support authorization code flows.
1543  if (0 != strcmp (handle->oidc->response_type,
1545  {
1547  handle->edesc = GNUNET_strdup ("The authorization server does not support "
1548  "obtaining this authorization code.");
1550  return;
1551  }
1552 
1553  // Checks if scope contains 'openid'
1554  expected_scope = GNUNET_strdup (handle->oidc->scope);
1555  char *test;
1556  test = strtok (expected_scope, delimiter);
1557  while (NULL != test)
1558  {
1559  if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope))
1560  break;
1561  test = strtok (NULL, delimiter);
1562  }
1563  if (NULL == test)
1564  {
1566  handle->edesc =
1567  GNUNET_strdup ("The requested scope is invalid, unknown, or malformed.");
1569  GNUNET_free (expected_scope);
1570  return;
1571  }
1572 
1573  GNUNET_free (expected_scope);
1574  if ((NULL == handle->oidc->login_identity) &&
1575  (GNUNET_NO == handle->oidc->user_cancelled))
1577  else
1579 }
static int iterator(void *cls, const struct GNUNET_PeerIdentity *key, void *value)
Iterator over hash map entries.
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
#define OIDC_NONCE_KEY
OIDC nonce key.
char * nonce
The OIDC nonce.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE
OIDC expected response_type while authorizing.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
#define OIDC_CLAIMS_KEY
OIDC claims key.
int user_cancelled
User cancelled authorization/login.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * emsg
Error response message.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE
OIDC error key for unsupported response types.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
char * claims
The OIDC claims.
#define OIDC_ERROR_KEY_ACCESS_DENIED
OIDC error key for denied access.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE
OIDC expected scope part while authorizing.
static char * OIDC_ignored_parameter_array[]
OIDC ignored parameter array.
static void client_redirect(void *cls)
Initiate redirect back to client.
static void do_error(void *cls)
Task run on error, sends error message.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define GNUNET_free(ptr)
Wrapper around free.
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
char * login_identity
The identity chosen by the user to login.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ tld_iter()

static void tld_iter ( void *  cls,
const char *  section,
const char *  option,
const char *  value 
)
static

Iterate over tlds in config.

Definition at line 1586 of file plugin_rest_openid_connect.c.

References OIDC_Variables::client_pkey, GNUNET_CRYPTO_ecdsa_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_strdup, handle, RequestHandle::oidc, and RequestHandle::tld.

Referenced by authorize_endpoint().

1587 {
1588  struct RequestHandle *handle = cls;
1590 
1591  if (GNUNET_OK !=
1593  {
1594  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
1595  return;
1596  }
1597  if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1598  handle->tld = GNUNET_strdup (option + 1);
1599 }
static char * pkey
Public key of the zone to look in, in ASCII.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
static char * value
Value of the record to add/remove.
char * tld
The tld for redirect.
static char * option
Name of the option.
Definition: gnunet-config.c:38
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:366
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ authorize_endpoint()

static void authorize_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to authorization GET and url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1610 of file plugin_rest_openid_connect.c.

References build_authz_response(), OIDC_Variables::client_id, OIDC_Variables::client_pkey, OIDC_Variables::code_challenge, cookie_identity_interpretation(), do_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::ego_entry, RequestHandle::ego_head, RequestHandle::ego_tail, RequestHandle::emsg, get_url_parameter_copy(), GNUNET_CONFIGURATION_iterate_section_values(), GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_ecdsa_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, EgoEntry::identifier, EgoEntry::next, RequestHandle::oidc, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT, OIDC_SCOPE_KEY, OIDC_STATE_KEY, RequestHandle::response_code, OIDC_Variables::scope, OIDC_Variables::state, RequestHandle::tld, and tld_iter().

Referenced by init_cont().

1613 {
1614  struct RequestHandle *handle = cls;
1615  struct EgoEntry *tmp_ego;
1616  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
1618 
1620 
1621  // RECOMMENDED value: state - REQUIRED for answers
1622  handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY);
1623 
1624  // REQUIRED value: client_id
1626  if (NULL == handle->oidc->client_id)
1627  {
1629  handle->edesc = GNUNET_strdup ("missing parameter client_id");
1630  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1632  return;
1633  }
1634 
1635  // OPTIONAL value: code_challenge
1636  handle->oidc->code_challenge = get_url_parameter_copy (handle,
1638  if (NULL == handle->oidc->code_challenge)
1639  {
1641  "OAuth authorization request does not contain PKCE parameters!\n");
1642  }
1643 
1644  if (GNUNET_OK !=
1646  strlen (
1647  handle->oidc->client_id),
1648  &handle->oidc->client_pkey))
1649  {
1651  handle->edesc = GNUNET_strdup ("The client is not authorized to request an "
1652  "authorization code using this method.");
1653  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1655  return;
1656  }
1657 
1658  // If we know this identity, translated the corresponding TLD
1659  // TODO: We might want to have a reverse lookup functionality for TLDs?
1660  for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
1661  {
1662  priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
1664  if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
1665  {
1666  handle->tld = GNUNET_strdup (tmp_ego->identifier);
1667  handle->ego_entry = handle->ego_tail;
1668  }
1669  }
1670  handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1671  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scope: %s\n", handle->oidc->scope);
1672  if (NULL == handle->tld)
1674  if (NULL == handle->tld)
1675  handle->tld = GNUNET_strdup (handle->oidc->client_id);
1677 }
char * scope
The list of oidc scopes.
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
static char * pkey
Public key of the zone to look in, in ASCII.
struct EgoEntry * ego_tail
Ego list.
void GNUNET_CONFIGURATION_iterate_section_values(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, GNUNET_CONFIGURATION_Iterator iter, void *iter_cls)
Iterate over values of a section in the configuration.
static void cookie_identity_interpretation(struct RequestHandle *handle)
Interprets cookie header and pass its identity keystring to handle.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT
OIDC error key for unauthorized clients.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:595
static void tld_iter(void *cls, const char *section, const char *option, const char *value)
Iterate over tlds in config.
Private ECC key encoded for transmission.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
#define OIDC_STATE_KEY
OIDC state key.
The request handle.
The ego list.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
char * emsg
Error response message.
char * client_id
The OIDC client id of the RP.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
char * tld
The tld for redirect.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
int response_code
Response code.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:176
static void build_authz_response(void *cls)
Iteration over all results finished, build final response.
char * state
The OIDC state.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
char * identifier
Ego Identifier.
static void do_error(void *cls)
Task run on error, sends error message.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:366
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_SCOPE_KEY
OIDC scope key.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
char * code_challenge
The PKCE code_challenge.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct EgoEntry * next
DLL.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ login_cont()

static void login_cont ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Combines an identity with a login time and responds OK to login request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1688 of file plugin_rest_openid_connect.c.

References cleanup_handle_delayed(), GNUNET_REST_RequestHandle::data, GNUNET_REST_RequestHandle::data_size, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_memcpy, GNUNET_new, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_TIME_relative_get_second_(), GNUNET_TIME_relative_multiply(), GNUNET_TIME_relative_to_absolute(), handle, identity, OIDC_COOKIE_EXPIRATION, RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::rest_handle.

Referenced by init_cont().

1691 {
1692  struct MHD_Response *resp = GNUNET_REST_create_response ("");
1693  struct RequestHandle *handle = cls;
1694  struct GNUNET_HashCode cache_key;
1695  struct GNUNET_TIME_Absolute *current_time;
1696  struct GNUNET_TIME_Absolute *last_time;
1697  char *cookie;
1698  char *header_val;
1699  json_t *root;
1700  json_error_t error;
1701  json_t *identity;
1702  char term_data[handle->rest_handle->data_size + 1];
1703 
1704  term_data[handle->rest_handle->data_size] = '\0';
1705  GNUNET_memcpy (term_data,
1706  handle->rest_handle->data,
1707  handle->rest_handle->data_size);
1708  root = json_loads (term_data, JSON_DECODE_ANY, &error);
1709  identity = json_object_get (root, "identity");
1710  if (! json_is_string (identity))
1711  {
1713  "Error parsing json string from %s\n",
1714  term_data);
1715  handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1716  json_decref (root);
1718  return;
1719  }
1720  GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
1721  GNUNET_asprintf (&header_val,
1722  "%s;Max-Age=%d",
1723  cookie,
1725  MHD_add_response_header (resp, "Set-Cookie", header_val);
1726  MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
1727  GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
1728 
1729  if (0 != strcmp (json_string_value (identity), "Denied"))
1730  {
1731  current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
1732  *current_time = GNUNET_TIME_relative_to_absolute (
1735  last_time =
1737  GNUNET_free (last_time);
1739  &cache_key,
1740  current_time,
1742  }
1743  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1744  GNUNET_free (cookie);
1745  GNUNET_free (header_val);
1746  json_decref (root);
1748 }
If a value with the given key exists, replace it.
size_t data_size
The POST data size.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:246
#define OIDC_COOKIE_EXPIRATION
OIDC cookie expiration (in seconds)
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
void * proc_cls
The closure of the result processor.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
Definition: time.c:442
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
const char * data
The POST data.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
static void cleanup_handle_delayed(void *cls)
struct GNUNET_TIME_Relative GNUNET_TIME_relative_get_second_(void)
Return relative time of 1s.
Definition: time.c:183
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
#define GNUNET_log(kind,...)
Time for absolute times used by GNUnet, in microseconds.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_authorization()

static int check_authorization ( struct RequestHandle handle,
struct GNUNET_CRYPTO_EcdsaPublicKey cid 
)
static

Definition at line 1752 of file plugin_rest_openid_connect.c.

References RequestHandle::edesc, RequestHandle::ego_entry, RequestHandle::ego_head, RequestHandle::emsg, GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_strdup, GNUNET_STRINGS_base64_decode(), GNUNET_STRINGS_string_to_data(), GNUNET_SYSERR, GNUNET_REST_RequestHandle::header_param_map, EgoEntry::keystring, EgoEntry::next, OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_CLIENT, OIDC_ERROR_KEY_SERVER_ERROR, RequestHandle::response_code, and RequestHandle::rest_handle.

Referenced by token_endpoint().

1754 {
1755  struct GNUNET_HashCode cache_key;
1756  char *authorization;
1757  char *credentials;
1758  char *basic_authorization;
1759  char *client_id;
1760  char *pass;
1761  char *expected_pass;
1762 
1765  &cache_key);
1767  ->header_param_map,
1768  &cache_key))
1769  {
1771  handle->edesc = GNUNET_strdup ("missing authorization");
1772  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1773  return GNUNET_SYSERR;
1774  }
1775  authorization =
1777  &cache_key);
1778 
1779  // split header in "Basic" and [content]
1780  credentials = strtok (authorization, " ");
1781  if ((NULL == credentials) || (0 != strcmp ("Basic", credentials)))
1782  {
1784  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1785  return GNUNET_SYSERR;
1786  }
1787  credentials = strtok (NULL, " ");
1788  if (NULL == credentials)
1789  {
1791  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1792  return GNUNET_SYSERR;
1793  }
1794  GNUNET_STRINGS_base64_decode (credentials,
1795  strlen (credentials),
1796  (void **) &basic_authorization);
1797 
1798  if (NULL == basic_authorization)
1799  {
1801  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1802  return GNUNET_SYSERR;
1803  }
1804  client_id = strtok (basic_authorization, ":");
1805  if (NULL == client_id)
1806  {
1807  GNUNET_free (basic_authorization);
1809  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1810  return GNUNET_SYSERR;
1811  }
1812  pass = strtok (NULL, ":");
1813  if (NULL == pass)
1814  {
1815  GNUNET_free (basic_authorization);
1817  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1818  return GNUNET_SYSERR;
1819  }
1820 
1821  // check client password
1823  "reclaim-rest-plugin",
1824  "OIDC_CLIENT_SECRET",
1825  &expected_pass))
1826  {
1827  if (0 != strcmp (expected_pass, pass))
1828  {
1829  GNUNET_free (basic_authorization);
1830  GNUNET_free (expected_pass);
1832  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1833  return GNUNET_SYSERR;
1834  }
1835  GNUNET_free (expected_pass);
1836  }
1837  else
1838  {
1839  GNUNET_free (basic_authorization);
1841  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1842  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1843  return GNUNET_SYSERR;
1844  }
1845 
1846  // check client_id
1847  for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
1848  handle->ego_entry = handle->ego_entry->next)
1849  {
1850  if (0 == strcmp (handle->ego_entry->keystring, client_id))
1851  break;
1852  }
1853  if (NULL == handle->ego_entry)
1854  {
1855  GNUNET_free (basic_authorization);
1857  handle->response_code = MHD_HTTP_UNAUTHORIZED;
1858  return GNUNET_SYSERR;
1859  }
1860  GNUNET_STRINGS_string_to_data (client_id,
1861  strlen (client_id),
1862  cid,
1863  sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
1864 
1865  GNUNET_free (basic_authorization);
1866  return GNUNET_OK;
1867 }
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int response_code
Response code.
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
Definition: strings.c:1976
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
char * keystring
Public key string.
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct EgoEntry * ego_head
Ego list.
#define OIDC_ERROR_KEY_INVALID_CLIENT
OIDC error key for invalid client.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct EgoEntry * next
DLL.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:970
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ find_ego()

const struct EgoEntry* find_ego ( struct RequestHandle handle,
struct GNUNET_CRYPTO_EcdsaPublicKey test_key 
)

Definition at line 1871 of file plugin_rest_openid_connect.c.

References EgoEntry::ego, RequestHandle::ego_head, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, and EgoEntry::next.

Referenced by token_endpoint(), and userinfo_endpoint().

1873 {
1874  struct EgoEntry *ego_entry;
1875  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
1876 
1877  for (ego_entry = handle->ego_head; NULL != ego_entry;
1878  ego_entry = ego_entry->next)
1879  {
1880  GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
1881  if (0 == GNUNET_memcmp (&pub_key, test_key))
1882  return ego_entry;
1883  }
1884  return NULL;
1885 }
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:608
struct EgoEntry * next
DLL.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ persist_access_token()

static void persist_access_token ( const struct RequestHandle handle,
const char *  access_token,
const struct GNUNET_RECLAIM_Ticket ticket 
)
static

Definition at line 1889 of file plugin_rest_openid_connect.c.

References GNUNET_assert, GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CRYPTO_hash(), GNUNET_new, GNUNET_SYSERR, and ticket.

Referenced by token_endpoint().

1892 {
1893  struct GNUNET_HashCode hc;
1894  struct GNUNET_RECLAIM_Ticket *ticketbuf;
1895 
1896  GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
1897  ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
1898  *ticketbuf = *ticket;
1902  &hc,
1903  ticketbuf,
1905 }
The authorization ticket.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
A 512-bit hashcode.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ token_endpoint()

static void token_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to token url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 1916 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Ticket::audience, check_authorization(), cleanup_handle_delayed(), do_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::emsg, find_ego(), get_url_parameter_copy(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attestation_list_destroy(), GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_SYSERR, handle, GNUNET_RECLAIM_Ticket::identity, OIDC_access_token_new(), OIDC_build_token_response(), OIDC_CODE_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE, OIDC_GRANT_TYPE_KEY, OIDC_GRANT_TYPE_VALUE, OIDC_id_token_new(), OIDC_parse_authz_code(), persist_access_token(), RequestHandle::proc, RequestHandle::proc_cls, and RequestHandle::response_code.

Referenced by init_cont().

1919 {
1920  struct RequestHandle *handle = cls;
1921  const struct EgoEntry *ego_entry;
1922  struct GNUNET_TIME_Relative expiration_time;
1923  struct GNUNET_RECLAIM_AttributeList *cl = NULL;
1924  struct GNUNET_RECLAIM_AttestationList *al = NULL;
1926  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
1927  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
1928  struct GNUNET_HashCode cache_key;
1929  struct MHD_Response *resp;
1930  char *grant_type;
1931  char *code;
1932  char *json_response;
1933  char *id_token;
1934  char *access_token;
1935  char *jwt_secret;
1936  char *nonce;
1937  char *code_verifier;
1938 
1939  /*
1940  * Check Authorization
1941  */
1942  if (GNUNET_SYSERR == check_authorization (handle, &cid))
1943  {
1945  "OIDC authorization for token endpoint failed\n");
1947  return;
1948  }
1949 
1950  /*
1951  * Check parameter
1952  */
1953 
1954  // TODO Do not allow multiple equal parameter names
1955  // REQUIRED grant_type
1957  strlen (OIDC_GRANT_TYPE_KEY),
1958  &cache_key);
1959  grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY);
1960  if (NULL == grant_type)
1961  {
1963  handle->edesc = GNUNET_strdup ("missing parameter grant_type");
1964  handle->response_code = MHD_HTTP_BAD_REQUEST;
1966  return;
1967  }
1968 
1969  // Check parameter grant_type == "authorization_code"
1970  if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type))
1971  {
1973  handle->response_code = MHD_HTTP_BAD_REQUEST;
1974  GNUNET_free (grant_type);
1976  return;
1977  }
1978  GNUNET_free (grant_type);
1979  // REQUIRED code
1980  code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
1981  if (NULL == code)
1982  {
1984  handle->edesc = GNUNET_strdup ("missing parameter code");
1985  handle->response_code = MHD_HTTP_BAD_REQUEST;
1987  return;
1988  }
1989  ego_entry = find_ego (handle, &cid);
1990  if (NULL == ego_entry)
1991  {
1993  handle->edesc = GNUNET_strdup ("Unknown client");
1994  handle->response_code = MHD_HTTP_BAD_REQUEST;
1995  GNUNET_free (code);
1997  return;
1998  }
1999  privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
2000 
2001  // REQUIRED code verifier
2002  code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY);
2003  if (NULL == code_verifier)
2004  {
2006  "OAuth authorization request does not contain PKCE parameters!\n");
2007 
2008  }
2009 
2010  // decode code
2011  if (GNUNET_OK != OIDC_parse_authz_code (privkey, code, code_verifier, &ticket,
2012  &cl, &al, &nonce))
2013  {
2015  handle->edesc = GNUNET_strdup ("invalid code");
2016  handle->response_code = MHD_HTTP_BAD_REQUEST;
2017  GNUNET_free (code);
2019  return;
2020  }
2021  GNUNET_free (code);
2022 
2023  // create jwt
2025  "reclaim-rest-plugin",
2026  "expiration_time",
2027  &expiration_time))
2028  {
2030  handle->edesc = GNUNET_strdup ("gnunet configuration failed");
2031  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2033  return;
2034  }
2035 
2036 
2037  // TODO OPTIONAL acr,amr,azp
2039  "reclaim-rest-plugin",
2040  "jwt_secret",
2041  &jwt_secret))
2042  {
2044  handle->edesc = GNUNET_strdup ("No signing secret configured!");
2045  handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2047  return;
2048  }
2049  id_token = OIDC_id_token_new (&ticket.audience,
2050  &ticket.identity,
2051  cl,
2052  al,
2053  &expiration_time,
2054  (NULL != nonce) ? nonce : NULL,
2055  jwt_secret);
2056  access_token = OIDC_access_token_new ();
2057  OIDC_build_token_response (access_token,
2058  id_token,
2059  &expiration_time,
2060  &json_response);
2061 
2062  persist_access_token (handle, access_token, &ticket);
2063  resp = GNUNET_REST_create_response (json_response);
2064  MHD_add_response_header (resp, "Cache-Control", "no-store");
2065  MHD_add_response_header (resp, "Pragma", "no-cache");
2066  MHD_add_response_header (resp, "Content-Type", "application/json");
2067  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2070  GNUNET_free (access_token);
2071  GNUNET_free (json_response);
2072  GNUNET_free (id_token);
2074 }
The authorization ticket.
int GNUNET_CONFIGURATION_get_value_time(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, struct GNUNET_TIME_Relative *time)
Get a configuration value that should be a relative time.
char * OIDC_id_token_new(const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_AttestationList *attests, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT from attributes.
Definition: oidc_helper.c:124
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
#define OIDC_GRANT_TYPE_KEY
OIDC grant_type key.
void GNUNET_RECLAIM_attestation_list_destroy(struct GNUNET_RECLAIM_AttestationList *attestations)
Destroy claim list.
static void persist_access_token(const struct RequestHandle *handle, const char *access_token, const struct GNUNET_RECLAIM_Ticket *ticket)
#define OIDC_CODE_KEY
OIDC code key.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:595
A list of GNUNET_RECLAIM_Attribute structures.
A list of GNUNET_RECLAIM_Attestation structures.
Private ECC key encoded for transmission.
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
Definition: oidc_helper.c:732
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
char * edesc
Error response description.
The request handle.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE
OIDC error key for unsupported grants.
The ego list.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
int OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_AttestationList **attests, char **nonce_str)
Parse reclaim ticket and nonce from authorization code.
Definition: oidc_helper.c:580
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define OIDC_CODE_VERIFIER_KEY
OIDC PKCE code verifier.
A 512-bit hashcode.
int response_code
Response code.
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
struct GNUNET_CRYPTO_EcdsaPublicKey identity
The ticket issuer (= the user)
static int check_authorization(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
static void do_error(void *cls)
Task run on error, sends error message.
static void cleanup_handle_delayed(void *cls)
char * OIDC_access_token_new()
Generate a new access token.
Definition: oidc_helper.c:760
struct GNUNET_CRYPTO_EcdsaPublicKey audience
The ticket audience (= relying party)
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Definition: rest.c:57
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_GRANT_TYPE_VALUE
OIDC grant_type key.
#define GNUNET_free(ptr)
Wrapper around free.
Time for relative time used by GNUnet, in microseconds.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ consume_ticket()

static void consume_ticket ( void *  cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey identity,
const struct GNUNET_RECLAIM_Attribute attr,
const struct GNUNET_RECLAIM_Attestation attest 
)
static

Collects claims and stores them in handle.

Definition at line 2081 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Attribute::attestation, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attestation::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attestation::data_size, GNUNET_asprintf(), GNUNET_free, GNUNET_RECLAIM_attestation_value_to_string(), GNUNET_RECLAIM_attribute_value_to_string(), GNUNET_RECLAIM_id_is_zero, GNUNET_SCHEDULER_add_now(), GNUNET_YES, handle, RequestHandle::idp_op, GNUNET_RECLAIM_Attribute::name, RequestHandle::oidc, OIDC_Variables::response, return_userinfo_response(), GNUNET_RECLAIM_Attribute::type, GNUNET_RECLAIM_Attestation::type, and value.

Referenced by userinfo_endpoint().

2085 {
2086  struct RequestHandle *handle = cls;
2087  handle->idp_op = NULL;
2088 
2089  if (NULL == identity)
2090  {
2092  return;
2093  }
2095  {
2096  char *tmp_value;
2097  json_t *value;
2099  attr->data,
2100  attr->data_size);
2101  value = json_string (tmp_value);
2102  json_object_set_new (handle->oidc->response, attr->name, value);
2103  GNUNET_free (tmp_value);
2104  return;
2105  }
2106  json_t *claim_sources;
2107  json_t *claim_sources_jwt;
2108  json_t *claim_names;
2109  char *attest_val_str;
2110  claim_sources = json_object_get (handle->oidc->response,"_claim_sources");
2111  claim_names = json_object_get (handle->oidc->response,"_claim_names");
2112  attest_val_str =
2114  attest->data,
2115  attest->data_size);
2116  if ((NULL == claim_sources) && (NULL == claim_names) )
2117  {
2118  claim_sources = json_object ();
2119  claim_names = json_object ();
2120  }
2121  char *source_name;
2122  int i = 0;
2123  GNUNET_asprintf (&source_name, "src%d", i);
2124  while (NULL != (claim_sources_jwt = json_object_get (claim_sources,
2125  source_name)))
2126  {
2127  if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,
2128  "JWT")),
2129  attest_val_str))
2130  {
2131  // Adapt only the claim names
2132  json_object_set_new (claim_names, attr->data,
2133  json_string (source_name));
2134  json_object_set (handle->oidc->response,
2135  "_claim_names", claim_names);
2136  break;
2137  }
2138  i++;
2139  GNUNET_free (source_name);
2140  GNUNET_asprintf (&source_name, "src%d", i);
2141  }
2142 
2143  // Create new one
2144  if (NULL == claim_sources_jwt)
2145  {
2146  claim_sources_jwt = json_object ();
2147  // Set the JWT for names
2148  json_object_set_new (claim_names, attr->data,
2149  json_string (source_name));
2150  // Set the JWT for the inner source
2151  json_object_set_new (claim_sources_jwt, "JWT",
2152  json_string (attest_val_str));
2153  // Set the JWT for the source
2154  json_object_set_new (claim_sources, source_name, claim_sources_jwt);
2155  // Set as claims
2156  json_object_set (handle->oidc->response, "_claim_names", claim_names);
2157  json_object_set (handle->oidc->response, "_claim_sources",claim_sources);
2158  }
2159 
2160  json_decref (claim_sources);
2161  json_decref (claim_names);
2162  json_decref (claim_sources_jwt);
2163  GNUNET_free (attest_val_str);
2164 }
const char * name
The name of the attribute.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
char * GNUNET_RECLAIM_attestation_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the &#39;claim&#39; of an attestation to a string.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
static char * value
Value of the record to add/remove.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
size_t data_size
Number of bytes in data.
size_t data_size
Number of bytes in data.
uint32_t type
Type/Format of Claim.
static void return_userinfo_response(void *cls)
Return attributes for claim.
const void * data
Binary value stored as attribute value.
const void * data
Binary value stored as attribute value.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
char * GNUNET_RECLAIM_attribute_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the &#39;claim&#39; of an attribute to a string.
uint32_t type
Type of Claim.
json_t * response
The response JSON.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_RECLAIM_id_is_zero(a)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ userinfo_endpoint()

static void userinfo_endpoint ( struct GNUNET_REST_RequestHandle con_handle,
const char *  url,
void *  cls 
)
static

Responds to userinfo GET and url-encoded POST request.

Parameters
con_handlethe connection handle
urlthe url
clsthe RequestHandle

Definition at line 2175 of file plugin_rest_openid_connect.c.

References GNUNET_RECLAIM_Ticket::audience, consume_ticket(), do_userinfo_error(), RequestHandle::edesc, EgoEntry::ego, RequestHandle::emsg, find_ego(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_NO, GNUNET_RECLAIM_connect(), GNUNET_RECLAIM_ticket_consume(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, GNUNET_REST_RequestHandle::header_param_map, RequestHandle::idp, RequestHandle::idp_op, EgoEntry::keystring, RequestHandle::oidc, OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_TOKEN, OIDC_Variables::response, RequestHandle::response_code, RequestHandle::rest_handle, and ticket.

Referenced by init_cont().

2178 {
2179  // TODO expiration time
2180  struct RequestHandle *handle = cls;
2181  char delimiter[] = " ";
2182  struct GNUNET_HashCode cache_key;
2183  char *authorization;
2184  char *authorization_type;
2185  char *authorization_access_token;
2186  struct GNUNET_RECLAIM_Ticket *ticket;
2187  const struct EgoEntry *ego_entry;
2188  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
2189 
2192  &cache_key);
2194  ->header_param_map,
2195  &cache_key))
2196  {
2198  handle->edesc = GNUNET_strdup ("No Access Token");
2199  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2201  return;
2202  }
2203  authorization =
2205  &cache_key);
2206 
2207  // split header in "Bearer" and access_token
2208  authorization = GNUNET_strdup (authorization);
2209  authorization_type = strtok (authorization, delimiter);
2210  if ((NULL == authorization_type) ||
2211  (0 != strcmp ("Bearer", authorization_type)))
2212  {
2214  handle->edesc = GNUNET_strdup ("No Access Token");
2215  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2217  GNUNET_free (authorization);
2218  return;
2219  }
2220  authorization_access_token = strtok (NULL, delimiter);
2221  if (NULL == authorization_access_token)
2222  {
2224  handle->edesc = GNUNET_strdup ("Access token missing");
2225  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2227  GNUNET_free (authorization);
2228  return;
2229  }
2230 
2231  GNUNET_CRYPTO_hash (authorization_access_token,
2232  strlen (authorization_access_token),
2233  &cache_key);
2234  if (GNUNET_NO ==
2236  &cache_key))
2237  {
2239  handle->edesc = GNUNET_strdup ("The access token expired");
2240  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2242  GNUNET_free (authorization);
2243  return;
2244  }
2245  ticket =
2247  GNUNET_assert (NULL != ticket);
2248  ego_entry = find_ego (handle, &ticket->audience);
2249  if (NULL == ego_entry)
2250  {
2252  handle->edesc = GNUNET_strdup ("The access token expired");
2253  handle->response_code = MHD_HTTP_UNAUTHORIZED;
2255  GNUNET_free (authorization);
2256  return;
2257  }
2258 
2259  handle->idp = GNUNET_RECLAIM_connect (cfg);
2260  handle->oidc->response = json_object ();
2261  json_object_set_new (handle->oidc->response,
2262  "sub",
2263  json_string (ego_entry->keystring));
2264  privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
2265  handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
2266  privkey,
2267  ticket,
2269  handle);
2270  GNUNET_free (authorization);
2271 }
The authorization ticket.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_consume(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_RECLAIM_Ticket *ticket, GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls)
Consumes an issued ticket.
Definition: reclaim_api.c:1553
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
Definition: identity_api.c:595
Private ECC key encoded for transmission.
#define OIDC_ERROR_KEY_INVALID_TOKEN
OIDC error key for invalid tokens.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
The ego list.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
char * emsg
Error response message.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
static void consume_ticket(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Attestation *attest)
Collects claims and stores them in handle.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
A 512-bit hashcode.
int response_code
Response code.
char * keystring
Public key string.
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct GNUNET_CRYPTO_EcdsaPublicKey audience
The ticket audience (= relying party)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
json_t * response
The response JSON.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
struct GNUNET_RECLAIM_Handle * GNUNET_RECLAIM_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the re:claimID service.
Definition: reclaim_api.c:1026
#define GNUNET_free(ptr)
Wrapper around free.
static void do_userinfo_error(void *cls)
Task run on error in userinfo endpoint, sends error header.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_cont()

static void init_cont ( struct RequestHandle handle)
static

Handle rest request.

Parameters
handlethe request handle

Definition at line 2280 of file plugin_rest_openid_connect.c.

References authorize_endpoint(), do_error(), GNUNET_REST_RequestHandlerError::error_code, GNUNET_NO, GNUNET_REST_API_NS_AUTHORIZE, GNUNET_REST_API_NS_LOGIN, GNUNET_REST_API_NS_OIDC, GNUNET_REST_API_NS_TOKEN, GNUNET_REST_API_NS_USERINFO, GNUNET_REST_handle_request(), GNUNET_REST_HANDLER_END, GNUNET_SCHEDULER_add_now(), login_cont(), options_cont(), RequestHandle::response_code, RequestHandle::rest_handle, token_endpoint(), and userinfo_endpoint().

Referenced by list_ego().

2281 {
2283  static const struct GNUNET_REST_RequestHandler handlers[] =
2284  { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint },
2285  { MHD_HTTP_METHOD_POST,
2287  &authorize_endpoint }, // url-encoded
2288  { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont },
2289  { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
2290  { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
2291  { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
2292  { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont },
2294 
2295  if (GNUNET_NO ==
2296  GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
2297  {
2298  handle->response_code = err.error_code;
2300  }
2301 }
#define GNUNET_REST_HANDLER_END
static struct GNUNET_CADET_MessageHandler handlers[]
Handlers, for diverse services.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1296
#define GNUNET_REST_API_NS_AUTHORIZE
Authorize endpoint.
int GNUNET_REST_handle_request(struct GNUNET_REST_RequestHandle *conn, const struct GNUNET_REST_RequestHandler *handlers, struct GNUNET_REST_RequestHandlerError *err, void *cls)
Definition: rest.c:77
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
int response_code
Response code.
static void login_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Combines an identity with a login time and responds OK to login request.
static void userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to userinfo GET and url-encoded POST request.
#define GNUNET_REST_API_NS_LOGIN
Login namespace.
#define GNUNET_REST_API_NS_OIDC
REST root namespace.
static void authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to authorization GET and url-encoded POST request.
static void do_error(void *cls)
Task run on error, sends error message.
static void options_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Respond to OPTIONS request.
static void token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to token url-encoded POST request.
#define GNUNET_REST_API_NS_USERINFO
UserInfo endpoint.
#define GNUNET_REST_API_NS_TOKEN
Token endpoint.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ list_ego()

static void list_ego ( void *  cls,
struct GNUNET_IDENTITY_Ego ego,
void **  ctx,
const char *  identifier 
)
static

If listing is enabled, prints information about the egos.

This function is initially called for all egos and then again whenever a ego's identifier changes or if it is deleted. At the end of the initial pass over all egos, the function is once called with 'NULL' for 'ego'. That does NOT mean that the callback won't be invoked in the future or that there was an error.

When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this function is only called ONCE, and 'NULL' being passed in 'ego' does indicate an error (i.e. name is taken or no default value is known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the value WILL be passed to a subsequent call to the identity callback of 'GNUNET_IDENTITY_connect' (if that one was not NULL).

When an identity is renamed, this function is called with the (known) ego but the NEW identifier.

When an identity is deleted, this function is called with the (known) ego and "NULL" for the 'identifier'. In this case, the 'ego' is henceforth invalid (and the 'ctx' should also be cleaned up).

Parameters
clsclosure
egoego handle
ctxcontext for application to store data for this ego (during the lifetime of this process, initially NULL)
identifieridentifier assigned by the user for this ego, NULL if the user just deleted the ego and it must thus no longer be used

Definition at line 2338 of file plugin_rest_openid_connect.c.

References EgoEntry::ego, RequestHandle::ego_head, RequestHandle::ego_tail, GNUNET_assert, GNUNET_CONTAINER_DLL_insert_tail, GNUNET_CONTAINER_DLL_remove, GNUNET_CRYPTO_ecdsa_public_key_to_string(), GNUNET_free, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_new, GNUNET_strdup, handle, ID_REST_STATE_INIT, ID_REST_STATE_POST_INIT, EgoEntry::identifier, init_cont(), EgoEntry::keystring, EgoEntry::next, and RequestHandle::state.

Referenced by rest_identity_process_request().

2342 {
2343  struct RequestHandle *handle = cls;
2344  struct EgoEntry *ego_entry;
2346 
2347  if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
2348  {
2349  handle->state = ID_REST_STATE_POST_INIT;
2350  init_cont (handle);
2351  return;
2352  }
2353  GNUNET_assert (NULL != ego);
2354  if (ID_REST_STATE_INIT == handle->state)
2355 
2356  {
2357  ego_entry = GNUNET_new (struct EgoEntry);
2360  ego_entry->ego = ego;
2361  ego_entry->identifier = GNUNET_strdup (identifier);
2363  handle->ego_tail,
2364  ego_entry);
2365  return;
2366  }
2367  /* Ego renamed or added */
2368  if (identifier != NULL)
2369  {
2370  for (ego_entry = handle->ego_head; NULL != ego_entry;
2371  ego_entry = ego_entry->next)
2372  {
2373  if (ego_entry->ego == ego)
2374  {
2375  /* Rename */
2376  GNUNET_free (ego_entry->identifier);
2377  ego_entry->identifier = GNUNET_strdup (identifier);
2378  break;
2379  }
2380  }
2381  if (NULL == ego_entry)
2382  {
2383  /* Add */
2384  ego_entry = GNUNET_new (struct EgoEntry);
2387  ego_entry->ego = ego;
2388  ego_entry->identifier = GNUNET_strdup (identifier);
2390  handle->ego_tail,
2391  ego_entry);
2392  }
2393  }
2394  else
2395  {
2396  /* Delete */
2397  for (ego_entry = handle->ego_head; NULL != ego_entry;
2398  ego_entry = ego_entry->next)
2399  {
2400  if (ego_entry->ego == ego)
2401  break;
2402  }
2403  if (NULL == ego_entry)
2404  return; /* Not found */
2405 
2407  handle->ego_tail,
2408  ego_entry);
2409  GNUNET_free (ego_entry->identifier);
2410  GNUNET_free (ego_entry->keystring);
2411  GNUNET_free (ego_entry);
2412  return;
2413  }
2414 }
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
struct EgoEntry * ego_tail
Ego list.
struct GNUNET_CRYPTO_EcdsaPrivateKey pk
Private key from command line option, or NULL.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
The request handle.
The ego list.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static void init_cont(struct RequestHandle *handle)
Handle rest request.
int state
The processing state.
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:232
char * keystring
Public key string.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
char * identifier
Ego Identifier.
struct EgoEntry * ego_head
Ego list.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define ID_REST_STATE_INIT
State while collecting all egos.
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
Definition: identity_api.c:608
struct EgoEntry * next
DLL.
#define ID_REST_STATE_POST_INIT
Done collecting egos.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ rest_identity_process_request()

static void rest_identity_process_request ( struct GNUNET_REST_RequestHandle rest_handle,
GNUNET_REST_ResultProcessor  proc,
void *  proc_cls 
)
static

Definition at line 2418 of file plugin_rest_openid_connect.c.

References do_timeout(), RequestHandle::gns_handle, GNUNET_CONTAINER_multihashmap_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_GNS_connect(), GNUNET_IDENTITY_connect(), GNUNET_log, GNUNET_NAMESTORE_connect(), GNUNET_new, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_strdup, GNUNET_TIME_UNIT_FOREVER_REL, handle, ID_REST_STATE_INIT, RequestHandle::identity_handle, list_ego(), RequestHandle::namestore_handle, RequestHandle::oidc, RequestHandle::proc, RequestHandle::proc_cls, RequestHandle::response_code, RequestHandle::rest_handle, RequestHandle::state, RequestHandle::timeout, RequestHandle::timeout_task, GNUNET_REST_RequestHandle::url, and RequestHandle::url.

Referenced by libgnunet_plugin_rest_openid_connect_init().

2421 {
2422  struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
2423 
2424  handle->oidc = GNUNET_new (struct OIDC_Variables);
2425  if (NULL == OIDC_cookie_jar_map)
2427  GNUNET_NO);
2428  if (NULL == OIDC_access_token_map)
2431  handle->response_code = 0;
2433  handle->proc_cls = proc_cls;
2434  handle->proc = proc;
2435  handle->state = ID_REST_STATE_INIT;
2436  handle->rest_handle = rest_handle;
2437 
2438  handle->url = GNUNET_strdup (rest_handle->url);
2439  if (handle->url[strlen (handle->url) - 1] == '/')
2440  handle->url[strlen (handle->url) - 1] = '\0';
2441  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n");
2442  handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle);
2443  handle->gns_handle = GNUNET_GNS_connect (cfg);
2445  handle->timeout_task =
2446  GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
2447  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connected\n");
2448 }
struct GNUNET_IDENTITY_Handle * GNUNET_IDENTITY_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_IDENTITY_Callback cb, void *cb_cls)
Connect to the identity service.
Definition: identity_api.c:566
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
void * proc_cls
The closure of the result processor.
struct OIDC_Variables * oidc
OIDC variables.
The request handle.
OIDC needed variables.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1269
static void do_timeout(void *cls)
Task run on timeout, sends error message.
const char * url
The url as string.
struct GNUNET_TIME_Relative timeout
Desired timeout for the lookup (default is no timeout).
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
#define GNUNET_TIME_UNIT_FOREVER_REL
Constant used to specify "forever".
struct GNUNET_GNS_Handle * GNUNET_GNS_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Initialize the connection with the GNS service.
Definition: gns_api.c:268
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
int response_code
Response code.
int state
The processing state.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
struct GNUNET_NAMESTORE_Handle * GNUNET_NAMESTORE_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the namestore service.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
static void list_ego(void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
If listing is enabled, prints information about the egos.
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define ID_REST_STATE_INIT
State while collecting all egos.
struct GNUNET_CONTAINER_MultiHashMap * GNUNET_CONTAINER_multihashmap_create(unsigned int len, int do_not_copy_keys)
Create a multi hash map.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
struct GNUNET_IDENTITY_Handle * identity_handle
Handle to Identity service.
struct GNUNET_NAMESTORE_Handle * namestore_handle
Handle to NAMESTORE.
char * url
The url.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ libgnunet_plugin_rest_openid_connect_init()

void* libgnunet_plugin_rest_openid_connect_init ( void *  cls)

Entry point for the plugin.

Parameters
clsConfig info
Returns
NULL on error, otherwise the plugin context

Definition at line 2458 of file plugin_rest_openid_connect.c.

References _, allow_methods, Plugin::api, Plugin::cfg, GNUNET_REST_Plugin::cls, GNUNET_asprintf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_new, GNUNET_REST_API_NS_OIDC, GNUNET_REST_Plugin::name, plugin, GNUNET_REST_Plugin::process_request, and rest_identity_process_request().

2459 {
2460  static struct Plugin plugin;
2461  struct GNUNET_REST_Plugin *api;
2462 
2463  cfg = cls;
2464  if (NULL != plugin.cfg)
2465  return NULL; /* can only initialize once! */
2466  memset (&plugin, 0, sizeof(struct Plugin));
2467  plugin.cfg = cfg;
2468  api = GNUNET_new (struct GNUNET_REST_Plugin);
2469  api->cls = &plugin;
2473  "%s, %s, %s, %s, %s",
2474  MHD_HTTP_METHOD_GET,
2475  MHD_HTTP_METHOD_POST,
2476  MHD_HTTP_METHOD_PUT,
2477  MHD_HTTP_METHOD_DELETE,
2478  MHD_HTTP_METHOD_OPTIONS);
2479 
2481  _ ("OpenID Connect REST API initialized\n"));
2482  return api;
2483 }
void * cls
The closure of the plugin.
struct returned by the initialization function of the plugin
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static void rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
void(* process_request)(struct GNUNET_REST_RequestHandle *handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
Function to process a REST call.
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
char * name
Plugin name.
static char * plugin
Solver plugin name as string.
#define GNUNET_REST_API_NS_OIDC
REST root namespace.
static char * allow_methods
HTTP methods allows for this plugin.
Handle for a plugin.
Definition: block.c:37
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
Here is the call graph for this function:

◆ libgnunet_plugin_rest_openid_connect_done()

void* libgnunet_plugin_rest_openid_connect_done ( void *  cls)

Exit point from the plugin.

Parameters
clsthe plugin context (as returned by "init")
Returns
always NULL

Definition at line 2493 of file plugin_rest_openid_connect.c.

References allow_methods, Plugin::api, Plugin::cfg, GNUNET_REST_Plugin::cls, GNUNET_CONTAINER_multihashmap_destroy(), GNUNET_CONTAINER_multihashmap_iterator_create(), GNUNET_CONTAINER_multihashmap_iterator_destroy(), GNUNET_CONTAINER_multihashmap_iterator_next(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_YES, plugin, and value.

2494 {
2495  struct GNUNET_REST_Plugin *api = cls;
2496  struct Plugin *plugin = api->cls;
2497 
2498  plugin->cfg = NULL;
2499 
2500  struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
2501  void *value = NULL;
2502  hashmap_it =
2504  while (GNUNET_YES ==
2506  value))
2507  GNUNET_free (value);
2510 
2511  hashmap_it =
2513  while (GNUNET_YES ==
2515  value))
2516  GNUNET_free (value);
2520  GNUNET_free (api);
2522  "OpenID Connect REST plugin is finished\n");
2523  return NULL;
2524 }
void GNUNET_CONTAINER_multihashmap_iterator_destroy(struct GNUNET_CONTAINER_MultiHashMapIterator *iter)
Destroy a multihashmap iterator.
int GNUNET_CONTAINER_multihashmap_iterator_next(struct GNUNET_CONTAINER_MultiHashMapIterator *iter, struct GNUNET_HashCode *key, const void **value)
Retrieve the next element from the hash map at the iterator&#39;s position.
struct GNUNET_CONTAINER_MultiHashMapIterator * GNUNET_CONTAINER_multihashmap_iterator_create(const struct GNUNET_CONTAINER_MultiHashMap *map)
Create an iterator for a multihashmap.
void * cls
The closure of the plugin.
const struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
struct returned by the initialization function of the plugin
static char * value
Value of the record to add/remove.
void GNUNET_CONTAINER_multihashmap_destroy(struct GNUNET_CONTAINER_MultiHashMap *map)
Destroy a hash map.
static char * plugin
Solver plugin name as string.