40 #include "microhttpd.h" 45 #define GNUNET_REST_API_NS_OIDC "/openid" 50 #define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" 55 #define GNUNET_REST_API_NS_TOKEN "/openid/token" 60 #define GNUNET_REST_API_NS_USERINFO "/openid/userinfo" 65 #define GNUNET_REST_API_NS_LOGIN "/openid/login" 70 #define ID_REST_STATE_INIT 0 75 #define ID_REST_STATE_POST_INIT 1 80 #define OIDC_GRANT_TYPE_KEY "grant_type" 85 #define OIDC_GRANT_TYPE_VALUE "authorization_code" 90 #define OIDC_CODE_KEY "code" 95 #define OIDC_RESPONSE_TYPE_KEY "response_type" 100 #define OIDC_CLIENT_ID_KEY "client_id" 105 #define OIDC_SCOPE_KEY "scope" 110 #define OIDC_REDIRECT_URI_KEY "redirect_uri" 115 #define OIDC_STATE_KEY "state" 120 #define OIDC_NONCE_KEY "nonce" 125 #define OIDC_CLAIMS_KEY "claims" 130 #define OIDC_CODE_CHALLENGE_KEY "code_challenge" 135 #define OIDC_CODE_VERIFIER_KEY "code_verifier" 140 #define OIDC_COOKIE_EXPIRATION 3 145 #define OIDC_COOKIE_HEADER_KEY "cookie" 150 #define OIDC_AUTHORIZATION_HEADER_KEY "authorization" 155 #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" 160 #define OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" 165 #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" 170 #define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" 175 #define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" 180 #define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" 185 #define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" 190 #define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" 195 #define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" 200 #define OIDC_ERROR_KEY_SERVER_ERROR "server_error" 205 #define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" 210 #define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" 215 #define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" 220 #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" 556 if (NULL != handle->
idp_op)
558 if (NULL != handle->
idp)
566 if (NULL != handle->
gns_op)
573 if (NULL != handle->
oidc)
592 while (NULL != (ego_entry = handle->
ego_head))
621 struct MHD_Response *resp;
625 "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
628 (NULL != handle->
oidc->
state) ?
", \"state\":\"" :
"",
630 (NULL != handle->
oidc->
state) ?
"\"" :
"");
635 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE,
"Basic");
636 MHD_add_response_header (resp,
637 MHD_HTTP_HEADER_CONTENT_TYPE,
655 struct MHD_Response *resp;
659 "error=\"%s\", error_description=\"%s\"",
661 (NULL != handle->
edesc) ? handle->
edesc :
"");
663 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE,
"Bearer");
679 struct MHD_Response *resp;
683 "%s?error=%s&error_description=%s%s%s",
687 (NULL != handle->
oidc->
state) ?
"&state=" :
"",
690 MHD_add_response_header (resp,
"Location", redirect);
722 struct MHD_Response *resp;
745 struct MHD_Response *resp;
750 MHD_add_response_header (resp,
"Access-Control-Allow-Methods",
allow_methods);
766 char delimiter[] =
"; ";
787 token = strtok (cookies, delimiter);
793 "Unable to parse cookie: %s\n",
799 while (NULL != token)
809 token = strtok (NULL, delimiter);
814 "No cookie value to process: %s\n",
825 "Found cookie `%s', but no corresponding expiration entry present...\n",
837 "Found cookie `%s', but it is expired.\n",
855 char *login_base_url;
857 struct MHD_Response *resp;
861 "reclaim-rest-plugin",
866 "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
887 MHD_add_response_header (resp,
"Location", new_redirect);
926 struct MHD_Response *resp;
950 (NULL != handle->
tld))
953 "%s.%s/%s?%s=%s&state=%s",
971 MHD_add_response_header (resp,
"Location", redirect_uri);
990 for (le_a = list_a->
list_head; NULL != le_a; le_a = le_a->
next)
1007 for (le_b = list_b->
list_head; NULL != le_b; le_b = le_b->
next)
1009 for (le_m = merged_list->
list_head; NULL != le_m; le_m = le_m->
next)
1126 const char *claims_parameter)
1128 char *scope_variables;
1129 char *scope_variable;
1130 char delimiter[] =
" ";
1139 scope_variable = strtok (scope_variables, delimiter);
1140 while (NULL != scope_variable)
1142 if (0 == strcmp (attr_name, scope_variable))
1144 scope_variable = strtok (NULL, delimiter);
1146 if (NULL != scope_variable)
1154 root = json_loads (handle->
oidc->
claims, JSON_DECODE_ANY, &error);
1155 claims_j = json_object_get (root, claims_parameter);
1157 if (NULL != claims_j)
1159 json_object_foreach (claims_j, key, value) {
1160 if (0 != strcmp (attr_name, key))
1245 char *identity_cookie;
1272 GNUNET_strdup (
"The cookie of a login identity is not valid");
1313 struct MHD_Response *resp;
1322 "%s.%s/%s?error=%s&error_description=%s&state=%s",
1327 "User denied access",
1333 "%s?error=%s&error_description=%s&state=%s",
1336 "User denied access",
1340 MHD_add_response_header (resp,
"Location", redirect_uri);
1366 GNUNET_strdup (
"Server cannot generate ticket, redirect uri not found.");
1370 for (
int i = 0; i < rd_count; i++)
1380 "Redirect uri %s does not contain client_id %s\n",
1386 pos = strrchr (tmp, (
unsigned char)
'.');
1390 "Redirect uri %s contains client_id but is malformed\n",
1397 tmp_key_str = pos + 1;
1398 pos = strchr (tmp_key_str, (
unsigned char)
'/');
1402 "Redirect uri %s contains client_id but is malformed\n",
1411 strlen (tmp_key_str),
1413 sizeof(redirect_zone));
1421 GNUNET_strdup (
"Server cannot generate ticket, redirect uri not found.");
1477 char *expected_scope;
1478 char delimiter[] =
" ";
1479 int number_of_ignored_parameter,
iterator;
1521 number_of_ignored_parameter =
1523 for (iterator = 0; iterator < number_of_ignored_parameter; iterator++)
1535 "Server will not handle parameter: %s",
1548 "obtaining this authorization code.");
1556 test = strtok (expected_scope, delimiter);
1557 while (NULL != test)
1561 test = strtok (NULL, delimiter);
1567 GNUNET_strdup (
"The requested scope is invalid, unknown, or malformed.");
1641 "OAuth authorization request does not contain PKCE parameters!\n");
1652 "authorization code using this method.");
1660 for (tmp_ego = handle->
ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->
next)
1672 if (NULL == handle->
tld)
1674 if (NULL == handle->
tld)
1708 root = json_loads (term_data, JSON_DECODE_ANY, &error);
1709 identity = json_object_get (root,
"identity");
1710 if (! json_is_string (identity))
1713 "Error parsing json string from %s\n",
1715 handle->
proc (handle->
proc_cls, resp, MHD_HTTP_BAD_REQUEST);
1720 GNUNET_asprintf (&cookie,
"Identity=%s", json_string_value (identity));
1725 MHD_add_response_header (resp,
"Set-Cookie", header_val);
1726 MHD_add_response_header (resp,
"Access-Control-Allow-Methods",
"POST");
1729 if (0 != strcmp (json_string_value (identity),
"Denied"))
1756 char *authorization;
1758 char *basic_authorization;
1761 char *expected_pass;
1780 credentials = strtok (authorization,
" ");
1781 if ((NULL == credentials) || (0 != strcmp (
"Basic", credentials)))
1787 credentials = strtok (NULL,
" ");
1788 if (NULL == credentials)
1795 strlen (credentials),
1796 (
void **) &basic_authorization);
1798 if (NULL == basic_authorization)
1804 client_id = strtok (basic_authorization,
":");
1805 if (NULL == client_id)
1812 pass = strtok (NULL,
":");
1823 "reclaim-rest-plugin",
1824 "OIDC_CLIENT_SECRET",
1827 if (0 != strcmp (expected_pass, pass))
1877 for (ego_entry = handle->
ego_head; NULL != ego_entry;
1878 ego_entry = ego_entry->
next)
1890 const char *access_token,
1901 OIDC_access_token_map,
1929 struct MHD_Response *resp;
1932 char *json_response;
1937 char *code_verifier;
1945 "OIDC authorization for token endpoint failed\n");
1960 if (NULL == grant_type)
1989 ego_entry =
find_ego (handle, &cid);
1990 if (NULL == ego_entry)
2003 if (NULL == code_verifier)
2006 "OAuth authorization request does not contain PKCE parameters!\n");
2025 "reclaim-rest-plugin",
2039 "reclaim-rest-plugin",
2054 (NULL != nonce) ? nonce : NULL,
2064 MHD_add_response_header (resp,
"Cache-Control",
"no-store");
2065 MHD_add_response_header (resp,
"Pragma",
"no-cache");
2066 MHD_add_response_header (resp,
"Content-Type",
"application/json");
2089 if (NULL == identity)
2101 value = json_string (tmp_value);
2106 json_t *claim_sources;
2107 json_t *claim_sources_jwt;
2108 json_t *claim_names;
2109 char *attest_val_str;
2110 claim_sources = json_object_get (handle->
oidc->
response,
"_claim_sources");
2111 claim_names = json_object_get (handle->
oidc->
response,
"_claim_names");
2116 if ((NULL == claim_sources) && (NULL == claim_names) )
2118 claim_sources = json_object ();
2119 claim_names = json_object ();
2124 while (NULL != (claim_sources_jwt = json_object_get (claim_sources,
2127 if (0 == strcmp (json_string_value (json_object_get (claim_sources_jwt,
2132 json_object_set_new (claim_names, attr->
data,
2133 json_string (source_name));
2135 "_claim_names", claim_names);
2144 if (NULL == claim_sources_jwt)
2146 claim_sources_jwt = json_object ();
2148 json_object_set_new (claim_names, attr->
data,
2149 json_string (source_name));
2151 json_object_set_new (claim_sources_jwt,
"JWT",
2152 json_string (attest_val_str));
2154 json_object_set_new (claim_sources, source_name, claim_sources_jwt);
2156 json_object_set (handle->
oidc->
response,
"_claim_names", claim_names);
2157 json_object_set (handle->
oidc->
response,
"_claim_sources",claim_sources);
2160 json_decref (claim_sources);
2161 json_decref (claim_names);
2162 json_decref (claim_sources_jwt);
2181 char delimiter[] =
" ";
2183 char *authorization;
2184 char *authorization_type;
2185 char *authorization_access_token;
2209 authorization_type = strtok (authorization, delimiter);
2210 if ((NULL == authorization_type) ||
2211 (0 != strcmp (
"Bearer", authorization_type)))
2220 authorization_access_token = strtok (NULL, delimiter);
2221 if (NULL == authorization_access_token)
2232 strlen (authorization_access_token),
2249 if (NULL == ego_entry)
2285 { MHD_HTTP_METHOD_POST,
2287 &authorize_endpoint },
2341 const char *identifier)
2360 ego_entry->
ego = ego;
2368 if (identifier != NULL)
2370 for (ego_entry = handle->
ego_head; NULL != ego_entry;
2371 ego_entry = ego_entry->
next)
2373 if (ego_entry->
ego == ego)
2381 if (NULL == ego_entry)
2387 ego_entry->
ego = ego;
2397 for (ego_entry = handle->
ego_head; NULL != ego_entry;
2398 ego_entry = ego_entry->
next)
2400 if (ego_entry->
ego == ego)
2403 if (NULL == ego_entry)
2425 if (NULL == OIDC_cookie_jar_map)
2428 if (NULL == OIDC_access_token_map)
2429 OIDC_access_token_map =
2439 if (handle->
url[strlen (handle->
url) - 1] ==
'/')
2440 handle->
url[strlen (handle->
url) - 1] =
'\0';
2460 static struct Plugin plugin;
2464 if (NULL != plugin.
cfg)
2466 memset (&plugin, 0,
sizeof(
struct Plugin));
2473 "%s, %s, %s, %s, %s",
2474 MHD_HTTP_METHOD_GET,
2475 MHD_HTTP_METHOD_POST,
2476 MHD_HTTP_METHOD_PUT,
2477 MHD_HTTP_METHOD_DELETE,
2478 MHD_HTTP_METHOD_OPTIONS);
2481 _ (
"OpenID Connect REST API initialized\n"));
2522 "OpenID Connect REST plugin is finished\n");
struct GNUNET_IDENTITY_Handle * GNUNET_IDENTITY_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_IDENTITY_Callback cb, void *cb_cls)
Connect to the identity service.
static void build_redirect(void *cls)
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
static int iterator(void *cls, const struct GNUNET_PeerIdentity *key, void *value)
Iterator over hash map entries.
struct GNUNET_RECLAIM_AttributeList * attr_userinfo_list
Attribute claim list for userinfo.
Connection to the GNS service.
void GNUNET_CONTAINER_multihashmap_iterator_destroy(struct GNUNET_CONTAINER_MultiHashMapIterator *iter)
Destroy a multihashmap iterator.
char * redirect_uri
The OIDC redirect uri.
char * scope
The list of oidc scopes.
The authorization ticket.
#define OIDC_NONCE_KEY
OIDC nonce key.
void(* GNUNET_REST_ResultProcessor)(void *cls, struct MHD_Response *resp, int status)
Iterator called on obtained result for a REST result.
int GNUNET_CONTAINER_multihashmap_iterator_next(struct GNUNET_CONTAINER_MultiHashMapIterator *iter, struct GNUNET_HashCode *key, const void **value)
Retrieve the next element from the hash map at the iterator's position.
#define OIDC_CODE_CHALLENGE_KEY
OIDC PKCE code challenge.
struct GNUNET_RECLAIM_AttributeIterator * GNUNET_RECLAIM_get_attributes_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttributeResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attributes for a local identity.
int GNUNET_CONFIGURATION_get_value_time(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, struct GNUNET_TIME_Relative *time)
Get a configuration value that should be a relative time.
char * OIDC_id_token_new(const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_AttestationList *attests, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT from attributes.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_consume(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_RECLAIM_Ticket *ticket, GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls)
Consumes an issued ticket.
struct EgoEntry * ego_tail
Ego list.
struct GNUNET_RECLAIM_AttestationIterator * GNUNET_RECLAIM_get_attestations_start(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, GNUNET_RECLAIM_AttestationResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls)
List all attestations for a local identity.
void GNUNET_CONFIGURATION_iterate_section_values(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, GNUNET_CONFIGURATION_Iterator iter, void *iter_cls)
Iterate over values of a section in the configuration.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
If a value with the given key exists, replace it.
static struct GNUNET_RECLAIM_AttributeList * attribute_list_merge(struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b)
char * nonce
The OIDC nonce.
void GNUNET_RECLAIM_attribute_list_destroy(struct GNUNET_RECLAIM_AttributeList *attrs)
Destroy claim list.
#define GNUNET_GNS_EMPTY_LABEL_AT
String we use to indicate an empty label (top-level entry in the zone).
#define OIDC_GRANT_TYPE_KEY
OIDC grant_type key.
void GNUNET_RECLAIM_attestation_list_destroy(struct GNUNET_RECLAIM_AttestationList *attestations)
Destroy claim list.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE
OIDC expected response_type while authorizing.
char * OIDC_build_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_AttestationList *attests, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
struct GNUNET_CONTAINER_MultiHashMapIterator * GNUNET_CONTAINER_multihashmap_iterator_create(const struct GNUNET_CONTAINER_MultiHashMap *map)
Create an iterator for a multihashmap.
void * cls
The closure of the plugin.
size_t data_size
The POST data size.
struct GNUNET_RECLAIM_AttributeIterator * attr_it
Attribute iterator.
const char * name
The name of the attribute.
static void cookie_identity_interpretation(struct RequestHandle *handle)
Interprets cookie header and pass its identity keystring to handle.
static void persist_access_token(const struct RequestHandle *handle, const char *access_token, const struct GNUNET_RECLAIM_Ticket *ticket)
#define OIDC_CODE_KEY
OIDC code key.
struct GNUNET_RECLAIM_AttestationIterator * attest_it
Attestation iterator.
GNUNET_REST_ResultProcessor proc
The plugin result processor.
#define OIDC_ERROR_KEY_SERVER_ERROR
OIDC error key for generic server errors.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
static size_t data_size
Number of bytes in data.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define OIDC_REDIRECT_URI_KEY
OIDC redirect_uri key.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT
OIDC error key for unauthorized clients.
struct GNUNET_GNS_LookupRequest * gns_op
GNS lookup op.
#define OIDC_CLAIMS_KEY
OIDC claims key.
const struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Handle to a lookup request.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_IDENTITY_ego_get_private_key(const struct GNUNET_IDENTITY_Ego *ego)
Obtain the ECC key associated with a ego.
void GNUNET_RECLAIM_disconnect(struct GNUNET_RECLAIM_Handle *h)
Disconnect from identity provider service.
#define OIDC_COOKIE_EXPIRATION
OIDC cookie expiration (in seconds)
void GNUNET_RECLAIM_cancel(struct GNUNET_RECLAIM_Operation *op)
Cancel an identity provider operation.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
struct returned by the initialization function of the plugin
static void oidc_ticket_issue_cb(void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
Issues ticket and redirects to relying party with the authorization code as parameter.
struct GNUNET_RECLAIM_Attestation * attestation
The attestation.
static int ret
Return value of the commandline.
helper library for OIDC related functions
#define OIDC_COOKIE_HEADER_INFORMATION_KEY
OIDC cookie header information key.
A list of GNUNET_RECLAIM_Attribute structures.
void GNUNET_RECLAIM_ticket_iteration_stop(struct GNUNET_RECLAIM_TicketIterator *it)
Stops iteration and releases the handle for further calls.
size_t data_size
Number of bytes in data.
A list of GNUNET_RECLAIM_Attestation structures.
static void tld_iter(void *cls, const char *section, const char *option, const char *value)
Iterate over tlds in config.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED
OIDC cookie header if user cancelled.
int user_cancelled
User cancelled authorization/login.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static void rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
Private ECC key encoded for transmission.
void GNUNET_RECLAIM_get_attributes_next(struct GNUNET_RECLAIM_AttributeIterator *it)
Calls the record processor specified in GNUNET_RECLAIM_get_attributes_start for the next record...
#define OIDC_ERROR_KEY_INVALID_TOKEN
OIDC error key for invalid tokens.
void * libgnunet_plugin_rest_openid_connect_init(void *cls)
Entry point for the plugin.
Handle for an operation with the service.
int GNUNET_CONTAINER_multihashmap_contains(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Check if the map contains any value under the given key (including values that are NULL)...
void(* process_request)(struct GNUNET_REST_RequestHandle *handle, GNUNET_REST_ResultProcessor proc, void *proc_cls)
Function to process a REST call.
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static void login_redirect(void *cls)
Redirects to login page stored in configuration file.
void * proc_cls
The closure of the result processor.
uint64_t abs_value_us
The actual value.
char * edesc
Error response description.
struct OIDC_Variables * oidc
OIDC variables.
void GNUNET_RECLAIM_get_attestations_next(struct GNUNET_RECLAIM_AttestationIterator *ait)
Calls the record processor specified in #GNUNET_RECLAIM_get_attestation_start for the next record...
Internal representation of the hash map.
Handle for an operation with the identity service.
#define GNUNET_REST_HANDLER_END
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
struct GNUNET_BLOCK_PluginFunctions * api
Plugin API.
#define OIDC_STATE_KEY
OIDC state key.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
void * GNUNET_CONTAINER_multihashmap_get(const struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key)
Given a key find a value in the map matching the key.
static char * section
Name of the section.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE
OIDC error key for unsupported grants.
char * response_type
The OIDC response type.
#define OIDC_RESPONSE_TYPE_KEY
OIDC response_type key.
char * GNUNET_RECLAIM_attestation_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of an attestation to a string.
struct GNUNET_RECLAIM_Identifier attestation
Referenced ID of Attestation (may be 0 if self-attested)
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey
The RP client public key.
struct GNUNET_IDENTITY_Ego * ego
The Ego.
void GNUNET_NAMESTORE_disconnect(struct GNUNET_NAMESTORE_Handle *h)
Disconnect from the namestore service (and free associated resources).
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
Handle for a zone iterator operation.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
int OIDC_parse_authz_code(const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_AttestationList **attests, char **nonce_str)
Parse reclaim ticket and nonce from authorization code.
Handle for a attribute iterator operation.
enum State state
current state of profiling
static void do_timeout(void *cls)
Task run on timeout, sends error message.
const struct EgoEntry * find_ego(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
static struct GNUNET_TIME_Relative timeout
Desired timeout for the lookup (default is no timeout).
static char * value
Value of the record to add/remove.
char * emsg
Error response message.
static void oidc_attr_collect(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr)
Collects all attributes for an ego if in scope parameter.
struct GNUNET_CONTAINER_MultiHashMap * url_param_map
Map of url parameters.
static char * attr_name
The attribute.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
const char * url
The url as string.
char * client_id
The OIDC client id of the RP.
Connection to the NAMESTORE service.
void GNUNET_CONTAINER_multihashmap_destroy(struct GNUNET_CONTAINER_MultiHashMap *map)
Destroy a hash map.
struct GNUNET_RECLAIM_AttributeListEntry * list_tail
List tail.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
void GNUNET_GNS_disconnect(struct GNUNET_GNS_Handle *handle)
Shutdown connection with the GNS service.
#define OIDC_ERROR_KEY_INVALID_COOKIE
OIDC error key for invalid cookies.
#define OIDC_ERROR_KEY_INVALID_REQUEST
OIDC error key for invalid requests.
struct GNUNET_TIME_Relative timeout
Desired timeout for the lookup (default is no timeout).
static void lookup_redirect_uri_result(void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
struct GNUNET_RECLAIM_TicketIterator * ticket_it
Ticket iterator.
char * tld
The tld for redirect.
static int attr_in_userinfo_request(struct RequestHandle *handle, const char *attr_name)
static char * get_url_parameter_copy(const struct RequestHandle *handle, const char *key)
static char * option
Name of the option.
static void consume_ticket(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Attestation *attest)
Collects claims and stores them in handle.
static struct GNUNET_IDENTITY_Handle * identity_handle
Identity handle.
#define GNUNET_REST_API_NS_AUTHORIZE
Authorize endpoint.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
#define GNUNET_TIME_UNIT_FOREVER_REL
Constant used to specify "forever".
static void oidc_attest_collect(void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attestation *attest)
Collects all attributes for an ego if in scope parameter.
void GNUNET_IDENTITY_disconnect(struct GNUNET_IDENTITY_Handle *h)
Disconnect from identity service.
struct GNUNET_RECLAIM_Identifier id
ID.
struct GNUNET_GNS_Handle * GNUNET_GNS_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Initialize the connection with the GNS service.
size_t data_size
Number of bytes in data.
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE
OIDC error key for unsupported response types.
#define OIDC_CODE_VERIFIER_KEY
OIDC PKCE code verifier.
size_t data_size
Number of bytes in data.
static void init_cont(struct RequestHandle *handle)
Handle rest request.
int GNUNET_REST_handle_request(struct GNUNET_REST_RequestHandle *conn, const struct GNUNET_REST_RequestHandler *handlers, struct GNUNET_REST_RequestHandlerError *err, void *cls)
static void cleanup_handle(struct RequestHandle *handle)
Cleanup lookup handle.
struct GNUNET_REST_RequestHandle * rest_handle
Rest connection.
int response_code
Response code.
int state
The processing state.
struct GNUNET_RECLAIM_Attestation * GNUNET_RECLAIM_attestation_new(const char *name, uint32_t type, const void *data, size_t data_size)
Create a new attestation.
static void login_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Combines an identity with a login time and responds OK to login request.
static void code_redirect(void *cls)
Checks time and cookie and redirects accordingly.
static char * plugin
Solver plugin name as string.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
const char * name
The name of the attribute.
struct GNUNET_RECLAIM_Identifier id
ID.
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
int GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
const char * data
The POST data.
char * claims
The OIDC claims.
struct GNUNET_CRYPTO_EcdsaPublicKey identity
The ticket issuer (= the user)
uint32_t type
Type/Format of Claim.
char * keystring
Public key string.
static void oidc_attest_collect_finished_cb(void *cls)
struct GNUNET_RECLAIM_Handle * idp
Identity Provider.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_access_token_map
Hash map that links the issued access token to the corresponding ticket and ego.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
static void return_userinfo_response(void *cls)
Return attributes for claim.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
#define OIDC_ERROR_KEY_ACCESS_DENIED
OIDC error key for denied access.
struct GNUNET_RECLAIM_AttestationListEntry * list_head
List head.
static void userinfo_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to userinfo GET and url-encoded POST request.
struct GNUNET_NAMESTORE_Handle * GNUNET_NAMESTORE_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the namestore service.
#define OIDC_AUTHORIZATION_HEADER_KEY
OIDC cookie header information key.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
Cursor into a multihashmap.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE
OIDC expected scope part while authorizing.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
#define GNUNET_REST_API_NS_LOGIN
Login namespace.
static struct GNUNET_SCHEDULER_Task * timeout_task
Task to be run on timeout.
static char * OIDC_ignored_parameter_array[]
OIDC ignored parameter array.
static struct Ego * ego_head
Head of DLL of all egos.
static int check_authorization(struct RequestHandle *handle, struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
static void build_authz_response(void *cls)
Iteration over all results finished, build final response.
char * state
The OIDC state.
int GNUNET_CONTAINER_multihashmap_put(struct GNUNET_CONTAINER_MultiHashMap *map, const struct GNUNET_HashCode *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new(const char *attr_name, const struct GNUNET_RECLAIM_Identifier *attestation, uint32_t type, const void *data, size_t data_size)
Create a new attribute claim.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
#define GNUNET_REST_API_NS_OIDC
REST root namespace.
static void client_redirect(void *cls)
Initiate redirect back to client.
static void authorize_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to authorization GET and url-encoded POST request.
char * identifier
Ego Identifier.
static void do_error(void *cls)
Task run on error, sends error message.
#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT
Record type for reclaim OIDC redirect URIs.
const void * data
Binary value stored as attribute value.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
static void cleanup_handle_delayed(void *cls)
char * redirect_prefix
The redirect prefix.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_get_second_(void)
Return relative time of 1s.
static struct GNUNET_RECLAIM_Identifier attestation
Attestation ID.
static char * allow_methods
HTTP methods allows for this plugin.
struct GNUNET_RECLAIM_Ticket ticket
A ticket.
char * OIDC_access_token_new()
Generate a new access token.
struct GNUNET_RECLAIM_AttestationListEntry * list_tail
List tail.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
struct GNUNET_GNS_Handle * gns_handle
GNS handle.
struct EgoEntry * ego_head
Ego list.
static int attr_in_claims_request(struct RequestHandle *handle, const char *attr_name, const char *claims_parameter)
static void options_cont(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Respond to OPTIONS request.
void GNUNET_RECLAIM_get_attributes_stop(struct GNUNET_RECLAIM_AttributeIterator *it)
Stops iteration and releases the handle for further calls.
Handle for a attestation iterator operation.
struct GNUNET_CRYPTO_EcdsaPublicKey audience
The ticket audience (= relying party)
struct GNUNET_SCHEDULER_Task * timeout_task
ID of a task associated with the resolution process.
static void list_ego(void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier)
If listing is enabled, prints information about the egos.
static void token_endpoint(struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls)
Responds to token url-encoded POST request.
char * redirect_suffix
The redirect suffix.
struct GNUNET_RECLAIM_AttestationList * attests_list
Attestation list.
#define OIDC_ERROR_KEY_INVALID_CLIENT
OIDC error key for invalid client.
struct MHD_Response * GNUNET_REST_create_response(const char *data)
Create REST MHD response.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_RECLAIM_id_is_equal(a, b)
Handle for a ticket iterator operation.
#define GNUNET_log(kind,...)
const struct GNUNET_CONFIGURATION_Handle * cfg
The configuration handle.
Entry in list of pending tasks.
struct GNUNET_RECLAIM_AttributeList * attr_idtoken_list
Attribute claim list for id_token.
const void * data
Binary value stored as attribute value.
#define OIDC_SCOPE_KEY
OIDC scope key.
static int attr_in_idtoken_request(struct RequestHandle *handle, const char *attr_name)
struct GNUNET_RECLAIM_Operation * idp_op
Idp Operation.
void * GNUNET_GNS_lookup_cancel(struct GNUNET_GNS_LookupRequest *lr)
Cancel pending lookup request.
#define OIDC_GRANT_TYPE_VALUE
OIDC grant_type key.
char * GNUNET_RECLAIM_attribute_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of an attribute to a string.
#define ID_REST_STATE_INIT
State while collecting all egos.
struct GNUNET_CONTAINER_MultiHashMap * GNUNET_CONTAINER_multihashmap_create(unsigned int len, int do_not_copy_keys)
Create a multi hash map.
uint32_t type
Type of Claim.
struct GNUNET_NAMESTORE_ZoneIterator * namestore_handle_it
Iterator for NAMESTORE.
#define OIDC_CLIENT_ID_KEY
OIDC client_id key.
char * code_verifier
The PKCE code_verifier.
Time for absolute times used by GNUnet, in microseconds.
json_t * response
The response JSON.
struct GNUNET_CONTAINER_MultiHashMap * header_param_map
Map of headers.
Defaults, look in cache, then in DHT.
struct EgoEntry * prev
DLL.
struct GNUNET_CONTAINER_MultiHashMap * OIDC_cookie_jar_map
OIDC Hash map that keeps track of issued cookies.
struct GNUNET_RECLAIM_AttestationListEntry * next
DLL.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
void * libgnunet_plugin_rest_openid_connect_done(void *cls)
Exit point from the plugin.
static struct Ego * ego_tail
Tail of DLL of all egos.
static struct GNUNET_ARM_Operation * op
Current operation.
char * code_challenge
The PKCE code_challenge.
struct EgoEntry * ego_entry
IDENTITY Operation.
struct GNUNET_GNS_LookupRequest * GNUNET_GNS_lookup(struct GNUNET_GNS_Handle *handle, const char *name, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, uint32_t type, enum GNUNET_GNS_LocalOptions options, GNUNET_GNS_LookupResultProcessor proc, void *proc_cls)
Perform an asynchronous lookup operation on the GNS.
static void oidc_iteration_error(void *cls)
Does internal server error when iteration failed.
struct GNUNET_RECLAIM_Handle * GNUNET_RECLAIM_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Connect to the re:claimID service.
uint32_t data
The data value.
#define OIDC_COOKIE_HEADER_KEY
OIDC cookie header key.
void GNUNET_IDENTITY_ego_get_public_key(struct GNUNET_IDENTITY_Ego *ego, struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
Get the identifier (public key) of an ego.
struct EgoEntry * next
DLL.
#define GNUNET_REST_API_NS_USERINFO
UserInfo endpoint.
void GNUNET_RECLAIM_get_attestations_stop(struct GNUNET_RECLAIM_AttestationIterator *ait)
Stops iteration and releases the handle for further calls.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
struct GNUNET_RECLAIM_Operation * GNUNET_RECLAIM_ticket_issue(struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, const struct GNUNET_RECLAIM_AttributeList *attrs, GNUNET_RECLAIM_TicketCallback cb, void *cb_cls)
Issues a ticket to a relying party.
struct GNUNET_IDENTITY_Handle * identity_handle
Handle to Identity service.
#define ID_REST_STATE_POST_INIT
Done collecting egos.
#define GNUNET_free(ptr)
Wrapper around free.
Time for relative time used by GNUnet, in microseconds.
static void oidc_attr_collect_finished_cb(void *cls)
#define OIDC_ERROR_KEY_INVALID_SCOPE
OIDC error key for invalid scopes.
#define GNUNET_RECLAIM_id_is_zero(a)
#define GNUNET_REST_API_NS_TOKEN
Token endpoint.
struct GNUNET_NAMESTORE_Handle * namestore_handle
Handle to NAMESTORE.
char * login_identity
The identity chosen by the user to login.
struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key
Pointer to ego private key.
static void do_userinfo_error(void *cls)
Task run on error in userinfo endpoint, sends error header.
static void do_redirect_error(void *cls)
Task run on error, sends error message and redirects.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
1.8.13