31 #include <jose/jose.h>
43 #include "gnunet_signatures.h"
44 #include "microhttpd.h"
50 #define GNUNET_REST_API_NS_OIDC "/openid"
55 #define GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration"
60 #define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize"
65 #define GNUNET_REST_API_NS_TOKEN "/openid/token"
70 #define GNUNET_REST_API_JWKS "/jwks.json"
75 #define GNUNET_REST_API_NS_USERINFO "/openid/userinfo"
80 #define GNUNET_REST_API_NS_LOGIN "/openid/login"
85 #define ID_REST_STATE_INIT 0
90 #define ID_REST_STATE_POST_INIT 1
95 #define OIDC_GRANT_TYPE_KEY "grant_type"
100 #define OIDC_GRANT_TYPE_VALUE "authorization_code"
105 #define OIDC_CODE_KEY "code"
110 #define OIDC_RESPONSE_TYPE_KEY "response_type"
115 #define OIDC_CLIENT_ID_KEY "client_id"
120 #define OIDC_SCOPE_KEY "scope"
125 #define OIDC_REDIRECT_URI_KEY "redirect_uri"
130 #define OIDC_STATE_KEY "state"
135 #define OIDC_NONCE_KEY "nonce"
140 #define OIDC_CLAIMS_KEY "claims"
145 #define OIDC_CODE_CHALLENGE_KEY "code_challenge"
150 #define OIDC_CODE_VERIFIER_KEY "code_verifier"
155 #define OIDC_COOKIE_EXPIRATION 3
160 #define OIDC_COOKIE_HEADER_KEY "cookie"
165 #define OIDC_AUTHORIZATION_HEADER_KEY "authorization"
170 #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity="
175 #define OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied"
180 #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code"
185 #define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid"
190 #define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client"
195 #define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope"
200 #define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request"
205 #define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token"
210 #define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie"
215 #define OIDC_ERROR_KEY_SERVER_ERROR "server_error"
220 #define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type"
225 #define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type"
230 #define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client"
235 #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied"
240 #define OIDC_JWK_RSA_FILENAME "jwk_rsa.json"
245 #define CONSUME_TIMEOUT GNUNET_TIME_relative_multiply ( \
246 GNUNET_TIME_UNIT_SECONDS,2)
606 if (NULL !=
handle->timeout_task)
608 if (NULL !=
handle->attr_it)
610 if (NULL !=
handle->cred_it)
612 if (NULL !=
handle->ticket_it)
614 if (NULL !=
handle->idp_op)
616 if (NULL !=
handle->consume_timeout_op)
624 if (NULL !=
handle->gns_op)
635 if (NULL !=
handle->oidc->claims)
637 if (NULL !=
handle->oidc->code_challenge)
641 if (NULL!=
handle->attr_idtoken_list)
643 if (NULL!=
handle->attr_userinfo_list)
645 if (NULL!=
handle->credentials)
647 if (NULL!=
handle->presentations)
652 if (NULL !=
handle->access_token)
667 struct MHD_Response *resp;
671 "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
674 (NULL !=
handle->oidc->state) ?
", \"state\":\"" :
"",
675 (NULL !=
handle->oidc->state) ?
handle->oidc->state :
"",
676 (NULL !=
handle->oidc->state) ?
"\"" :
"");
677 if (0 ==
handle->response_code)
678 handle->response_code = MHD_HTTP_BAD_REQUEST;
680 if (MHD_HTTP_UNAUTHORIZED ==
handle->response_code)
682 MHD_add_response_header (resp,
683 MHD_HTTP_HEADER_WWW_AUTHENTICATE,
686 MHD_HTTP_HEADER_CONTENT_TYPE,
687 "application/json"));
704 struct MHD_Response *resp;
708 "Error: %s\n",
handle->edesc);
710 "error=\"%s\", error_description=\"%s\"",
715 MHD_add_response_header (resp,
716 MHD_HTTP_HEADER_WWW_AUTHENTICATE,
733 struct MHD_Response *resp;
737 "%s?error=%s&error_description=%s%s%s",
738 handle->oidc->redirect_uri,
741 (NULL !=
handle->oidc->state) ?
"&state=" :
"",
742 (NULL !=
handle->oidc->state) ?
handle->oidc->state :
"");
745 "Location", redirect));
762 handle->timeout_task = NULL;
779 struct MHD_Response *resp;
784 MHD_add_response_header (resp,
"Access-Control-Allow-Methods",
allow_methods);
800 char delimiter[] =
"; ";
821 token = strtok (cookies, delimiter);
823 handle->oidc->login_identity = NULL;
827 "Unable to parse cookie: %s\n",
833 while (NULL != token)
843 token = strtok (NULL, delimiter);
848 "No cookie value to process: %s\n",
859 "Found cookie `%s', but no corresponding expiration entry present...\n",
871 "Found cookie `%s', but it is expired.\n",
897 jwk = json_load_file (
filename, JSON_DECODE_ANY, &error);
902 (
"Could not read OIDC RSA key from config file; %s\n"),
920 if (json_dump_file (jwk,
filename, JSON_INDENT (2)))
923 (
"Could not write OIDC RSA key to file %s\n"),
940 jwk = json_pack (
"{s:s,s:i}",
"kty",
"RSA",
"bits", 2048);
941 jose_jwk_gen (NULL, jwk);
954 char *oidc_directory;
959 "reclaim-rest-plugin",
966 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
971 return oidc_directory;
982 char *oidc_directory;
991 return oidc_jwk_path;
1001 char *login_base_url;
1004 struct MHD_Response *resp;
1009 "reclaim-rest-plugin",
1017 handle->oidc->response_type);
1021 handle->oidc->client_id);
1023 strlen (
handle->oidc->redirect_uri),
1031 strlen (
handle->oidc->scope),
1038 if (NULL !=
handle->oidc->state)
1041 strlen (
handle->oidc->state),
1049 if (NULL !=
handle->oidc->code_challenge)
1054 handle->oidc->code_challenge);
1056 if (NULL !=
handle->oidc->nonce)
1063 if (NULL !=
handle->oidc->claims)
1066 strlen (
handle->oidc->claims),
1076 MHD_add_response_header (resp,
"Location", new_redirect);
1083 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1102 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1118 struct MHD_Response *resp;
1137 handle->attr_idtoken_list,
1140 handle->oidc->code_challenge);
1141 if ((NULL !=
handle->redirect_prefix) && (NULL !=
handle->redirect_suffix) &&
1145 "%s.%s/%s%s%s=%s&state=%s",
1149 (NULL == strchr (
handle->redirect_suffix,
'?') ?
"?" :
1151 handle->oidc->response_type,
1158 "%s%s%s=%s&state=%s",
1159 handle->oidc->redirect_uri,
1160 (NULL == strchr (
handle->oidc->redirect_uri,
'?') ?
"?" :
1162 handle->oidc->response_type,
1168 "Location", redirect_uri));
1187 for (le_a = list_a->
list_head; NULL != le_a; le_a = le_a->
next)
1204 for (le_b = list_b->
list_head; NULL != le_b; le_b = le_b->
next)
1206 for (le_m = merged_list->
list_head; NULL != le_m; le_m = le_m->
next)
1241 handle->attr_userinfo_list);
1242 for (le_m = merged_list->
list_head; NULL != le_m; le_m = le_m->
next)
1244 "List Attribute in ticket to issue: %s\n",
1248 &
handle->oidc->client_pkey,
1268 for (ale =
handle->credentials->list_head; NULL != ale; ale = ale->
next)
1278 for (le =
handle->attr_idtoken_list->list_head; NULL != le; le = le->
next)
1290 handle->credentials->list_tail,
1303 handle->ticket_it = NULL;
1304 if (NULL ==
handle->attr_idtoken_list->list_head)
1328 const char *claims_parameter)
1343 if (NULL !=
handle->oidc->claims)
1345 root = json_loads (
handle->oidc->claims, JSON_DECODE_ANY, &error);
1346 claims_j = json_object_get (root, claims_parameter);
1348 if (NULL != claims_j)
1350 json_object_foreach (claims_j,
key,
value) {
1401 handle->attr_idtoken_list->list_tail,
1416 handle->attr_userinfo_list->list_tail,
1436 char *identity_cookie;
1440 handle->oidc->login_identity);
1460 GNUNET_strdup (
"The cookie of a login identity is not valid");
1473 handle->attr_idtoken_list =
1475 handle->attr_userinfo_list =
1500 struct MHD_Response *resp;
1505 if ((NULL !=
handle->redirect_prefix) &&
1506 (NULL !=
handle->redirect_suffix) && (NULL !=
handle->tld))
1509 "%s.%s/%s?error=%s&error_description=%s&state=%s",
1514 "User denied access",
1520 "%s?error=%s&error_description=%s&state=%s",
1521 handle->oidc->redirect_uri,
1523 "User denied access",
1555 GNUNET_strdup (
"Server cannot generate ticket, redirect uri not found.");
1559 for (
int i = 0; i < rd_count; i++)
1566 if (NULL == strstr (tmp,
handle->oidc->client_id))
1569 "Redirect uri %s does not contain client_id %s\n",
1571 handle->oidc->client_id);
1575 pos = strrchr (tmp, (
unsigned char)
'.');
1579 "Redirect uri %s contains client_id but is malformed\n",
1586 tmp_key_str = pos + 1;
1587 pos = strchr (tmp_key_str, (
unsigned char)
'/');
1591 "Redirect uri %s contains client_id but is malformed\n",
1600 strlen (tmp_key_str),
1602 sizeof(redirect_zone));
1610 GNUNET_strdup (
"Server cannot generate ticket, redirect uri not found.");
1627 &
handle->oidc->client_pkey,
1668 char *expected_scope;
1669 char delimiter[] =
" ";
1670 int number_of_ignored_parameter,
iterator;
1674 handle->oidc->redirect_uri =
1676 if (NULL ==
handle->oidc->redirect_uri)
1685 handle->oidc->response_type =
1687 if (NULL ==
handle->oidc->response_type)
1697 if (NULL ==
handle->oidc->scope)
1712 number_of_ignored_parameter =
1726 "Server will not handle parameter: %s",
1734 if (0 != strcmp (
handle->oidc->response_type,
1739 "obtaining this authorization code.");
1747 test = strtok (expected_scope, delimiter);
1748 while (NULL != test)
1752 test = strtok (NULL, delimiter);
1758 GNUNET_strdup (
"The requested scope is invalid, unknown, or malformed.");
1765 if ((NULL ==
handle->oidc->login_identity) &&
1777 tld_iter (
void *cls,
const char *section,
const char *option,
const char *
value)
1817 if (NULL ==
handle->oidc->client_id)
1821 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1829 if (NULL ==
handle->oidc->code_challenge)
1832 "OAuth authorization request does not contain PKCE parameters!\n");
1837 &
handle->oidc->client_pkey))
1841 "authorization code using this method.");
1842 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1849 for (tmp_ego =
ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->
next)
1889 char term_data[
handle->rest_handle->data_size + 1];
1891 term_data[
handle->rest_handle->data_size] =
'\0';
1893 handle->rest_handle->data,
1894 handle->rest_handle->data_size);
1895 root = json_loads (term_data, JSON_DECODE_ANY, &error);
1896 identity = json_object_get (root,
"identity");
1900 "Error parsing json string from %s\n",
1902 handle->proc (
handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1913 "Set-Cookie", header_val));
1915 MHD_add_response_header (resp,
1916 "Access-Control-Allow-Methods",
1920 if (0 != strcmp (json_string_value (
identity),
"Denied"))
1945 char **client_secret)
1948 char *authorization;
1950 char *basic_authorization;
1951 char *client_id_tmp;
1966 credentials = strtok (authorization,
" ");
1967 if ((NULL == credentials) || (0 != strcmp (
"Basic", credentials)))
1969 credentials = strtok (NULL,
" ");
1970 if (NULL == credentials)
1973 strlen (credentials),
1974 (
void **) &basic_authorization);
1976 if (NULL == basic_authorization)
1978 client_id_tmp = strtok (basic_authorization,
":");
1979 if (NULL == client_id_tmp)
1984 pass = strtok (NULL,
":");
1990 *client_id = strdup (client_id_tmp);
1991 *client_secret = strdup (pass);
2000 char **client_secret)
2003 char *client_id_tmp;
2007 strlen (
"client_id"),
2014 handle->rest_handle->url_param_map,
2016 if (NULL == client_id_tmp)
2018 *client_id = strdup (client_id_tmp);
2020 strlen (
"client_secret"),
2038 *client_secret = strdup (pass);
2047 char *expected_pass;
2057 "Received client credentials in HTTP AuthZ header\n");
2064 "Received client credentials in POST body\n");
2070 if (NULL == pkce_cv)
2073 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2080 strlen (received_cid),
2090 "reclaim-rest-plugin",
2091 "OIDC_CLIENT_HMAC_SECRET",
2094 if (0 != strcmp (expected_pass, received_cpw))
2098 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2111 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2118 if (0 == strcmp (
handle->ego_entry->keystring, received_cid))
2121 if (NULL ==
handle->ego_entry)
2126 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2130 strlen (received_cid),
2147 for (ego_entry =
ego_head; NULL != ego_entry;
2148 ego_entry = ego_entry->
next)
2171 const struct EgoEntry *ego_entry = NULL;
2178 struct MHD_Response *resp = NULL;
2179 char *grant_type = NULL;
2181 char *json_response = NULL;
2182 char *id_token = NULL;
2183 char *access_token = NULL;
2185 char *jwt_secret = NULL;
2187 char *code_verifier = NULL;
2189 char *oidc_jwk_path = NULL;
2190 char *oidc_directory = NULL;
2191 char *tmp_at = NULL;
2199 "OIDC authorization for token endpoint failed\n");
2214 if (NULL == grant_type)
2218 handle->response_code = MHD_HTTP_BAD_REQUEST;
2227 handle->response_code = MHD_HTTP_BAD_REQUEST;
2239 handle->response_code = MHD_HTTP_BAD_REQUEST;
2244 if (NULL == ego_entry)
2248 handle->response_code = MHD_HTTP_BAD_REQUEST;
2256 if (NULL == code_verifier)
2259 "OAuth authorization request does not contain PKCE parameters!\n");
2270 handle->response_code = MHD_HTTP_BAD_REQUEST;
2272 if (NULL != code_verifier)
2277 if (NULL != code_verifier)
2282 "reclaim-rest-plugin",
2288 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2300 "reclaim-rest-plugin",
2301 "oidc_json_web_algorithm",
2305 "Could not read OIDC JSON Web Algorithm config attribute."
2306 "Defaulting to RS256.");
2327 (
"Failed to create directory `%s' for storing oidc data\n"),
2342 (NULL != nonce) ? nonce : NULL,
2349 "reclaim-rest-plugin",
2355 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2370 (NULL != nonce) ? nonce : NULL,
2388 strlen (access_token),
2410 "OIDC access token already issued. Cleanup.\n");
2424 "Pragma",
"no-cache"));
2427 "application/json"));
2450 struct MHD_Response *resp;
2455 if (NULL !=
handle->consume_timeout_op)
2457 handle->consume_timeout_op = NULL;
2464 strlen (
handle->access_token),
2468 if (NULL != cached_code)
2480 handle->attr_userinfo_list,
2499 handle->attr_userinfo_list->list_tail,
2501 if (NULL == presentation)
2503 for (atle =
handle->presentations->list_head;
2504 NULL != atle; atle = atle->
next)
2522 handle->presentations->list_tail,
2536 struct MHD_Response *resp;
2542 handle->consume_timeout_op = NULL;
2543 if (NULL !=
handle->idp_op)
2548 "Ticket consumptioned timed out. Using cache...\n");
2550 strlen (
handle->access_token),
2554 if (NULL == cached_code)
2558 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2571 cached_code, NULL, &
ticket,
2577 handle->response_code = MHD_HTTP_BAD_REQUEST;
2616 char delimiter[] =
" ";
2618 char *authorization;
2619 char *authorization_type;
2620 char *authorization_access_token;
2634 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2644 authorization_type = strtok (authorization, delimiter);
2645 if ((NULL == authorization_type) ||
2646 (0 != strcmp (
"Bearer", authorization_type)))
2650 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2655 authorization_access_token = strtok (NULL, delimiter);
2656 if (NULL == authorization_access_token)
2660 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2671 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2681 if (NULL == aud_ego)
2685 handle->response_code = MHD_HTTP_UNAUTHORIZED;
2692 handle->attr_userinfo_list =
2722 char *oidc_directory;
2723 char *oidc_jwk_path;
2724 char *oidc_jwk_pub_str;
2726 struct MHD_Response *resp;
2743 (
"Failed to create directory `%s' for storing oidc data\n"),
2756 oidc_jwk_pub_str = json_dumps (
oidc_jwk, JSON_INDENT (1));
2801 const char *identifier)
2817 ego_entry->
ego = ego;
2825 if (identifier != NULL)
2827 for (ego_entry =
ego_head; NULL != ego_entry;
2828 ego_entry = ego_entry->
next)
2830 if (ego_entry->
ego == ego)
2838 if (NULL == ego_entry)
2844 ego_entry->
ego = ego;
2854 for (ego_entry =
ego_head; NULL != ego_entry;
2855 ego_entry = ego_entry->
next)
2857 if (ego_entry->
ego == ego)
2860 if (NULL == ego_entry)
2879 json_t *oidc_config;
2880 json_t *auth_methods;
2883 json_t *response_types;
2885 json_t *claim_types;
2886 char *oidc_config_str;
2887 struct MHD_Response *resp;
2890 oidc_config = json_object ();
2892 json_object_set_new (oidc_config,
2893 "issuer", json_string (
"http://localhost:7776"));
2894 json_object_set_new (oidc_config,
2895 "authorization_endpoint",
2896 json_string (
"https://api.reclaim/openid/authorize"));
2897 json_object_set_new (oidc_config,
2899 json_string (
"http://localhost:7776/openid/token"));
2900 auth_methods = json_array ();
2901 json_array_append_new (auth_methods,
2902 json_string (
"client_secret_basic"));
2903 json_array_append_new (auth_methods,
2904 json_string (
"client_secret_post"));
2905 json_object_set_new (oidc_config,
2906 "token_endpoint_auth_methods_supported",
2908 sig_algs = json_array ();
2909 json_array_append_new (sig_algs,
2910 json_string (
"HS512"));
2911 json_array_append_new (sig_algs,
2912 json_string (
"RS256"));
2913 json_object_set_new (oidc_config,
2914 "id_token_signing_alg_values_supported",
2916 json_object_set_new (oidc_config,
2918 json_string (
"http://localhost:7776/jwks.json"));
2919 json_object_set_new (oidc_config,
2920 "userinfo_endpoint",
2921 json_string (
"http://localhost:7776/openid/userinfo"));
2922 scopes = json_array ();
2923 json_array_append_new (scopes,
2924 json_string (
"openid"));
2925 json_array_append_new (scopes,
2926 json_string (
"profile"));
2927 json_array_append_new (scopes,
2928 json_string (
"email"));
2929 json_array_append_new (scopes,
2930 json_string (
"address"));
2931 json_array_append_new (scopes,
2932 json_string (
"phone"));
2933 json_object_set_new (oidc_config,
2936 response_types = json_array ();
2937 json_array_append_new (response_types,
2938 json_string (
"code"));
2939 json_object_set_new (oidc_config,
2940 "response_types_supported",
2942 sub_types = json_array ();
2943 json_array_append_new (sub_types,
2944 json_string (
"public"));
2945 json_object_set_new (oidc_config,
2946 "subject_types_supported",
2948 claim_types = json_array ();
2949 json_array_append_new (claim_types,
2950 json_string (
"normal"));
2951 json_array_append_new (claim_types,
2952 json_string (
"aggregated"));
2953 json_object_set_new (oidc_config,
2954 "claim_types_supported",
2956 json_object_set_new (oidc_config,
2957 "claims_parameter_supported",
2959 oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1));
2962 json_decref (oidc_config);
2980 struct MHD_Response *resp;
2986 MHD_add_response_header (resp,
2987 "Access-Control-Allow-Methods",
2990 MHD_add_response_header (resp,
2991 "Access-Control-Allow-Origin",
3008 { MHD_HTTP_METHOD_POST,
3030 handle->response_code = 0;
3032 handle->proc_cls = proc_cls;
3034 handle->rest_handle = rest_handle;
3076 "reclaim-rest-plugin",
3077 "OIDC_USERINFO_CONSUME_TIMEOUT",
3086 "%s, %s, %s, %s, %s",
3087 MHD_HTTP_METHOD_GET,
3088 MHD_HTTP_METHOD_POST,
3089 MHD_HTTP_METHOD_PUT,
3090 MHD_HTTP_METHOD_DELETE,
3091 MHD_HTTP_METHOD_OPTIONS);
3094 _ (
"OpenID Connect REST API initialized\n"));
3145 while (NULL != (ego_entry =
ego_head))
3156 "OpenID Connect REST plugin is finished\n");
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Used reclaimID OIDC client redirect URIs.
static int ret
Return value of the commandline.
static size_t data_size
Number of bytes in data.
static struct GNUNET_CADET_MessageHandler handlers[]
Handlers, for diverse services.
struct Plugin * plugin
The process handle to the testbed service.
struct GNUNET_HashCode key
The key used in the DHT.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
uint32_t data
The data value.
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
static char * pkey
Public key of the zone to look in, in ASCII.
static struct GNUNET_IDENTITY_PublicKey pubkey
Public key of the zone to look in.
static char * value
Value of the record to add/remove.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
static char * attr_name
The attribute.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
static struct GNUNET_RECLAIM_Identifier credential
Credential ID.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
API that can be used to manipulate GNS record data.
Identity service; implements identity management for GNUnet.
API that can be used to store naming information on a GNUnet node;.
Identity attribute definitions.
reclaim service; implements identity and personal data sharing for GNUnet
API for helper library to parse/create REST.
GNUnet service REST plugin header.
Strings and string handling functions.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_time(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, struct GNUNET_TIME_Relative *time)
Get a configuration value that should be a relative time.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
void GNUNET_CONFIGURATION_iterate_section_values(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, GNUNET_CONFIGURATION_Iterator iter, void *iter_cls)
Iterate over values of a section in the configuration.
enum GNUNET_GenericReturnValue GNUNET_DISK_directory_create(const char *dir)
Implementation of "mkdir -p".
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
struct GNUNET_GNS_LookupRequest * GNUNET_GNS_lookup(struct GNUNET_GNS_Handle *handle, const char *name, const struct GNUNET_IDENTITY_PublicKey *zone, uint32_t type, enum GNUNET_GNS_LocalOptions options, GNUNET_GNS_LookupResultProcessor proc, void *proc_cls)
Perform an asynchronous lookup operation on the GNS.
void GNUNET_GNS_disconnect(struct GNUNET_GNS_Handle *handle)
Shutdown connection with the GNS service.
void * GNUNET_GNS_lookup_cancel(struct GNUNET_GNS_LookupRequest *lr)
Cancel pending lookup request.
struct GNUNET_GNS_Handle * GNUNET_GNS_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Initialize the connection with the GNS service.
@ GNUNET_GNS_LO_DEFAULT
Defaults, look in cache, then in DHT.
#define GNUNET_GNS_EMPTY_LABEL_AT
String we use to indicate an empty label (top-level entry in the zone).
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
enum GNUNET_GenericReturnValue GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL).
enum GNUNET_GenericReturnValue GNUNET_CONTAINER_multihashmap_remove(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, const void *value)
Remove the given key-value pair from the map.
enum GNUNET_GenericReturnValue GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
struct GNUNET_CONTAINER_MultiHashMap * GNUNET_CONTAINER_multihashmap_create(unsigned int len, int do_not_copy_keys)
Create a multi hash map.
int GNUNET_CONTAINER_multihashmap_iterate(struct GNUNET_CONTAINER_MultiHashMap *map, GNUNET_CONTAINER_MulitHashMapIteratorCallback it, void *it_cls)
Iterate over all entries in the map.
void GNUNET_CONTAINER_multihashmap_destroy(struct GNUNET_CONTAINER_MultiHashMap *map)
Destroy a hash map.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static int iterator(void *cls, const struct GNUNET_PeerIdentity *key, void *value)
Iterator over hash map entries.
@ GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE
If a value with the given key exists, replace it.
const struct GNUNET_IDENTITY_PrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_public_key_from_string(const char *str, struct GNUNET_IDENTITY_PublicKey *key)
Parses a (Base32) string representation of the public key.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_key_get_public(const struct GNUNET_IDENTITY_PrivateKey *privkey, struct GNUNET_IDENTITY_PublicKey *key)
Retrieves the public key representation of a private key.
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_IDENTITY_PublicKey *pk)
Get the identifier (public key) of an ego.
char * GNUNET_IDENTITY_public_key_to_string(const struct GNUNET_IDENTITY_PublicKey *key)
Creates a (Base32) string representation of the public key.
struct GNUNET_IDENTITY_Handle * GNUNET_IDENTITY_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_IDENTITY_Callback cb, void *cb_cls)
Connect to the identity service.
void GNUNET_IDENTITY_disconnect(struct GNUNET_IDENTITY_Handle *h)
Disconnect from identity service.
char * GNUNET_buffer_reap_str(struct GNUNET_Buffer *buf)
Clear the buffer and return the string it contained.
#define GNUNET_log(kind,...)
void GNUNET_buffer_write_fstr(struct GNUNET_Buffer *buf, const char *fmt,...) __attribute__((format(printf
Write a 0-terminated formatted string to a buffer, excluding the 0-terminator.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
void GNUNET_buffer_write_str(struct GNUNET_Buffer *buf, const char *str)
Write a 0-terminated string to a buffer, excluding the 0-terminator.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
GNUNET_GenericReturnValue
Named constants for return values.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_DEBUG
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_RECLAIM_id_is_equal(a, b)
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
struct GNUNET_RECLAIM_Credential * GNUNET_RECLAIM_credential_new(const char *name, uint32_t type, const void *data, size_t data_size)
Create a new credential.
void GNUNET_RECLAIM_credential_list_destroy(struct GNUNET_RECLAIM_CredentialList *credentials)
Destroy claim list.
void GNUNET_RECLAIM_presentation_list_destroy(struct GNUNET_RECLAIM_PresentationList *presentations)
Destroy presentations list.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *credential, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
struct GNUNET_RECLAIM_Presentation * GNUNET_RECLAIM_presentation_new(uint32_t type, const void *data, size_t data_size)
void GNUNET_RECLAIM_disconnect(struct GNUNET_RECLAIM_Handle *h)
Disconnect from identity provider service.
struct GNUNET_RECLAIM_AttributeIterator * GNUNET_RECLAIM_get_attributes_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttributeResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attributes for a local identity.
void GNUNET_RECLAIM_cancel(struct GNUNET_RECLAIM_Operation *op)
Cancel an identity provider operation.
void GNUNET_RECLAIM_get_attributes_stop(struct GNUNET_RECLAIM_AttributeIterator *it)
Stops iteration and releases the handle for further calls.
void GNUNET_RECLAIM_get_credentials_next(struct GNUNET_RECLAIM_CredentialIterator *ait)
Calls the record processor specified in GNUNET_RECLAIM_get_credentials_start for the next record.
struct GNUNET_RECLAIM_CredentialIterator * GNUNET_RECLAIM_get_credentials_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_CredentialResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all credentials for a local identity.
void GNUNET_RECLAIM_get_attributes_next(struct GNUNET_RECLAIM_AttributeIterator *it)
Calls the record processor specified in GNUNET_RECLAIM_get_attributes_start for the next record.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_issue(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *iss, const struct GNUNET_IDENTITY_PublicKey *rp, const struct GNUNET_RECLAIM_AttributeList *attrs, GNUNET_RECLAIM_IssueTicketCallback cb, void *cb_cls)
Issues a ticket to a relying party.
struct GNUNET_RECLAIM_Handle * GNUNET_RECLAIM_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the re:claimID service.
void GNUNET_RECLAIM_get_credentials_stop(struct GNUNET_RECLAIM_CredentialIterator *ait)
Stops iteration and releases the handle for further calls.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_consume(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_IDENTITY_PrivateKey *identity, const struct GNUNET_RECLAIM_Ticket *ticket, GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls)
Consumes an issued ticket.
void GNUNET_RECLAIM_ticket_iteration_stop(struct GNUNET_RECLAIM_TicketIterator *it)
Stops iteration and releases the handle for further calls.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
int GNUNET_REST_handle_request(struct GNUNET_REST_RequestHandle *conn, const struct GNUNET_REST_RequestHandler *handlers, struct GNUNET_REST_RequestHandlerError *err, void *cls)
void(* GNUNET_REST_ResultProcessor)(void *cls, struct MHD_Response *resp, int status)
Iterator called on obtained result for a REST result.
#define GNUNET_REST_HANDLER_END
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
size_t GNUNET_STRINGS_urldecode(const char *data, size_t len, char **out)
url/percent encode (RFC3986).
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
size_t GNUNET_STRINGS_urlencode(const char *data, size_t len, char **out)
url/percent encode (RFC3986).
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
#define GNUNET_TIME_UNIT_FOREVER_REL
Constant used to specify "forever".
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_get_second_(void)
Return relative time of 1s.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
char * OIDC_generate_id_token_hmac(const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT using HMAC (HS256) from attributes.
char * OIDC_generate_userinfo(const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Generate userinfo JSON as string.
char * OIDC_access_token_new(const struct GNUNET_RECLAIM_Ticket *ticket)
Generate a new access token.
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request(const char *scopes, const char *attr)
Checks if a claim is implicitly requested through standard scope(s) or explicitly through non-standar...
char * OIDC_build_authz_code(const struct GNUNET_IDENTITY_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
int OIDC_parse_authz_code(const struct GNUNET_IDENTITY_PublicKey *audience, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str, enum OIDC_VerificationOptions opts)
Parse reclaim ticket and nonce from authorization code.
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
int OIDC_access_token_parse(const char *token, struct GNUNET_RECLAIM_Ticket **ticket)
Parse an access token.
char * OIDC_generate_id_token_rsa(const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const json_t *secret_rsa_key)
Create a JWT using RSA256 algorithm from attributes.
helper library for OIDC related functions
#define JWT_ALG_VALUE_RSA
@ OIDC_VERIFICATION_NO_CODE_VERIFIER
Do not check code verifier even if expected.
@ OIDC_VERIFICATION_DEFAULT
Strict verification.
#define JWT_ALG_VALUE_HMAC
static struct EgoEntry * ego_tail
Ego list.
#define OIDC_SCOPE_KEY
OIDC scope key.
static void consume_fail(void *cls)
json_t * read_jwk_from_file(const char *filename)
Read the the JSON Web Key in the given file and return it.
char * get_oidc_jwk_path(void *cls)
Return the path to the RSA JWK key file.
static int attr_in_userinfo_request(struct RequestHandle *handle, const char *attr_name)
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
#define GNUNET_REST_API_NS_OIDC_CONFIG
OIDC config.
static struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
struct GNUNET_CONTAINER_MultiHashMap * oidc_code_cache
OIDC hashmap for cached access tokens and codes.
static void cookie_identity_interpretation(struct RequestHandle *handle)
Interprets cookie header and pass its identity keystring to handle.
json_t * generate_jwk()
Generate a new RSA JSON Web Key.
static struct GNUNET_GNS_Handle * gns_handle
GNS handle.
static int write_jwk_to_file(const char *filename, json_t *jwk)
Write the JWK to file.
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
static int attr_in_claims_request(struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
static void oidc_attr_collect(void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
Collects all attributes for an ego if in scope parameter.
#define GNUNET_REST_API_NS_LOGIN
Login namespace.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT
OIDC error key for unauthorized clients.
#define GNUNET_REST_API_NS_OIDC
REST root namespace.
static char * OIDC_ignored_parameter_array[]
OIDC ignored parameter array.
static void do_timeout(void *cls)
Task run on timeout, sends error message.
char * get_oidc_dir_path(void *cls)
Return the path to the oidc directory path.
static int parse_credentials_post_body(struct RequestHandle *handle, char **client_id, char **client_secret)
static void token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to token url-encoded POST request.
static void userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to userinfo GET and url-encoded POST request.
static void jwks_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to /jwks.json.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE
OIDC error key for unsupported grants.
#define OIDC_ERROR_KEY_INVALID_TOKEN
OIDC error key for invalid tokens.
static struct GNUNET_TIME_Relative consume_timeout
Timeout for consume call on userinfo.
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
#define OIDC_CLAIMS_KEY
OIDC claims key.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC hashmap that keeps track of issued cookies.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
#define OIDC_COOKIE_EXPIRATION
OIDC cookie expiration (in seconds)
#define OIDC_ERROR_KEY_ACCESS_DENIED
OIDC error key for denied access.
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *test_key)
static void login_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Combines an identity with a login time and responds OK to login request.
#define OIDC_COOKIE_HEADER_KEY
OIDC cookie header key.
#define GNUNET_REST_API_JWKS
JSON Web Keys endpoint.
#define OIDC_JWK_RSA_FILENAME
OIDC key store file name.
#define ID_REST_STATE_INIT
State while collecting all egos.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
static void code_redirect(void *cls)
Checks time and cookie and redirects accordingly.
static struct RequestHandle * requests_head
DLL.
static void options_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Respond to OPTIONS request.
#define OIDC_NONCE_KEY
OIDC nonce key.
#define OIDC_ERROR_KEY_INVALID_CLIENT
OIDC error key for invalid client.
void * libgnunet_plugin_rest_openid_connect_done(void *cls)
Exit point from the plugin.
static int parse_credentials_basic_auth(struct RequestHandle *handle, char **client_id, char **client_secret)
static void oidc_cred_collect(void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Credential *cred)
Collects all attributes for an ego if in scope parameter.
#define OIDC_GRANT_TYPE_KEY
OIDC grant_type key.
static int state
The processing state.
#define OIDC_ERROR_KEY_INVALID_COOKIE
OIDC error key for invalid cookies.
static struct EgoEntry * ego_head
Ego list.
static void list_ego(void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
If listing is enabled, prints information about the egos.
static void oidc_cred_collect_finished_cb(void *cls)
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
static char * allow_methods
HTTP methods allows for this plugin.
static void oidc_config_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED
OIDC cookie header if user cancelled.
#define GNUNET_REST_API_NS_TOKEN
Token endpoint.
#define CONSUME_TIMEOUT
How long to wait for a consume in userinfo endpoint.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE
OIDC expected scope part while authorizing.
static void build_authz_response(void *cls)
Iteration over all results finished, build final response.
static void do_userinfo_error(void *cls)
Task run on error in userinfo endpoint, sends error header.
static void oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_PresentationList *presentation)
Issues ticket and redirects to relying party with the authorization code as parameter.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
static struct RequestHandle * requests_tail
DLL.
#define OIDC_COOKIE_HEADER_INFORMATION_KEY
OIDC cookie header information key.
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
#define OIDC_STATE_KEY
OIDC state key.
static struct GNUNET_IDENTITY_Handle * identity_handle
Handle to Identity service.
static void tld_iter(void *cls, const char *section, const char *option, const char *value)
Iterate over tlds in config.
void * libgnunet_plugin_rest_openid_connect_init(void *cls)
Entry point for the plugin.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE
OIDC expected response_type while authorizing.
static int check_authorization(struct RequestHandle *handle, struct GNUNET_IDENTITY_PublicKey *cid)
#define GNUNET_REST_API_NS_USERINFO
UserInfo endpoint.
static struct GNUNET_RECLAIM_AttributeList * attribute_list_merge(struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b)
#define GNUNET_REST_API_NS_AUTHORIZE
Authorize endpoint.
static void oidc_config_cors(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Respond to OPTIONS request.
#define OIDC_CODE_KEY
OIDC code key.
#define OIDC_CODE_VERIFIER_KEY
OIDC PKCE code verifier.
static void authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to authorization GET and url-encoded POST request.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
#define OIDC_GRANT_TYPE_VALUE
OIDC grant_type key.
json_t * oidc_jwk
The RSA key used by the oidc enpoint.
#define ID_REST_STATE_POST_INIT
Done collecting egos.
static int cleanup_hashmap(void *cls, const struct GNUNET_HashCode *key, void *value)
static void lookup_redirect_uri_result(void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
static enum GNUNET_GenericReturnValue rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
static void build_redirect(void *cls)
static void oidc_attr_collect_finished_cb(void *cls)
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE
OIDC error key for unsupported response types.
static void consume_ticket(void *cls, const struct GNUNET_IDENTITY_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Presentation *presentation)
Collects claims and stores them in handle.
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
static void do_error(void *cls)
Task run on error, sends error message.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
static void client_redirect(void *cls)
Initiate redirect back to client.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
static int attr_in_idtoken_request(struct RequestHandle *handle, const char *attr_name)
char * identifier
Ego Identifier.
struct EgoEntry * prev
DLL.
char * keystring
Public key string.
struct EgoEntry * next
DLL.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
void * cls
Closure for all of the callbacks.
Dynamically growing buffer.
Internal representation of the hash map.
size_t data_size
Number of bytes in data.
Connection to the GNS service.
Handle to a lookup request.
Handle for an operation with the identity service.
A private key for an identity as per LSD0001.
An identity key as per LSD0001.
Handle for a attribute iterator operation.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
A list of GNUNET_RECLAIM_Attribute structures.
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
const char * name
The name of the attribute.
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
struct GNUNET_RECLAIM_Identifier id
ID.
uint32_t type
Type of Claim.
const void * data
Binary value stored as attribute value.
size_t data_size
Number of bytes in data.
Handle for a credential iterator operation.
struct GNUNET_RECLAIM_CredentialListEntry * next
DLL.
struct GNUNET_RECLAIM_Credential * credential
The credential.
A list of GNUNET_RECLAIM_Credential structures.
uint32_t type
Type/Format of Claim.
const char * name
The name of the credential.
const void * data
Binary value stored as credential value.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Identifier id
ID.
Handle for an operation with the service.
struct GNUNET_RECLAIM_Presentation * presentation
The credential.
struct GNUNET_RECLAIM_PresentationListEntry * next
DLL.
A list of GNUNET_RECLAIM_Presentation structures.
A credential presentation.
const void * data
Binary value stored as presentation value.
uint32_t type
Type/Format of Claim.
struct GNUNET_RECLAIM_Identifier credential_id
The credential id of which this is a presentation.
Handle for a ticket iterator operation.
The authorization ticket.
struct GNUNET_IDENTITY_PublicKey audience
The ticket audience (= relying party)
struct GNUNET_IDENTITY_PublicKey identity
The ticket issuer (= the user)
struct returned by the initialization function of the plugin
void * cls
The closure of the plugin.
enum GNUNET_GenericReturnValue(* process_request)(struct GNUNET_REST_RequestHandle *handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
Function to process a REST call.
const char * url
The url as string.
void(* proc)(struct GNUNET_REST_RequestHandle *handle, const char *url, void *cls)
Namespace to handle.
Entry in list of pending tasks.
Time for absolute times used by GNUnet, in microseconds.
uint64_t abs_value_us
The actual value.
Time for relative time used by GNUnet, in microseconds.
char * login_identity
The identity chosen by the user to login.
char * client_id
The OIDC client id of the RP.
char * response_type
The OIDC response type.
int user_cancelled
User cancelled authorization/login.
struct GNUNET_IDENTITY_PublicKey client_pkey
The RP client public key.
char * redirect_uri
The OIDC redirect uri.
char * claims
The OIDC claims.
char * code_challenge
The PKCE code_challenge.
char * scope
The list of oidc scopes.
char * code_verifier
The PKCE code_verifier.
char * nonce
The OIDC nonce.
char * state
The OIDC state.
struct GNUNET_BLOCK_PluginFunctions * api
Plugin API.
const struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
char * emsg
Error response message.
struct GNUNET_IDENTITY_Operation * op
IDENTITY Operation.
struct RequestHandle * prev
DLL.
struct GNUNET_RECLAIM_PresentationList * presentations
Presentations.
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
int response_code
Response code.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
void * proc_cls
The closure of the result processor.
char * access_token
The passed access token.
char * redirect_prefix
The redirect prefix.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
char * redirect_suffix
The redirect suffix.
struct RequestHandle * next
DLL.
struct GNUNET_IDENTITY_PrivateKey priv_key
Pointer to ego private key.
struct GNUNET_RECLAIM_CredentialIterator * cred_it
Credential iterator.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
int public_client
Public client.
char * tld
The tld for redirect.
struct OIDC_Variables * oidc
OIDC variables.
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
struct GNUNET_RECLAIM_CredentialList * credentials
Credentials.
struct GNUNET_SCHEDULER_Task * consume_timeout_op
Timeout task for consume.
struct GNUNET_TIME_Relative timeout
Desired timeout for the lookup (default is no timeout).
char * edesc
Error response description.
1.9.1