#include "platform.h"
#include <inttypes.h>
#include <jansson.h>
#include <jose/jose.h>
#include "gnunet_util_lib.h"
#include "gnunet_gns_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_identity_service.h"
#include "gnunet_reclaim_lib.h"
#include "gnunet_reclaim_service.h"
#include "gnunet_rest_lib.h"
#include "gnunet_rest_plugin.h"
#include "microhttpd.h"
#include "oidc_helper.h"
#include "openid_plugin.h"
Go to the source code of this file.
Data Structures | |
struct | Plugin |
Handle for a plugin. More... | |
struct | OIDC_Variables |
OIDC needed variables. More... | |
struct | EgoEntry |
The default namestore ego. More... | |
struct | RequestHandle |
The request handle. More... | |
Macros | |
#define | GNUNET_REST_API_NS_OIDC "/openid" |
REST root namespace. More... | |
#define | GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration" |
OIDC config. More... | |
#define | GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" |
Authorize endpoint. More... | |
#define | GNUNET_REST_API_NS_TOKEN "/openid/token" |
Token endpoint. More... | |
#define | GNUNET_REST_API_JWKS "/jwks.json" |
JSON Web Keys endpoint. More... | |
#define | GNUNET_REST_API_NS_USERINFO "/openid/userinfo" |
UserInfo endpoint. More... | |
#define | GNUNET_REST_API_NS_LOGIN "/openid/login" |
Login namespace. More... | |
#define | ID_REST_STATE_INIT 0 |
State while collecting all egos. More... | |
#define | ID_REST_STATE_POST_INIT 1 |
Done collecting egos. More... | |
#define | OIDC_GRANT_TYPE_KEY "grant_type" |
OIDC grant_type key. More... | |
#define | OIDC_GRANT_TYPE_VALUE "authorization_code" |
OIDC grant_type key. More... | |
#define | OIDC_CODE_KEY "code" |
OIDC code key. More... | |
#define | OIDC_RESPONSE_TYPE_KEY "response_type" |
OIDC response_type key. More... | |
#define | OIDC_CLIENT_ID_KEY "client_id" |
OIDC client_id key. More... | |
#define | OIDC_SCOPE_KEY "scope" |
OIDC scope key. More... | |
#define | OIDC_REDIRECT_URI_KEY "redirect_uri" |
OIDC redirect_uri key. More... | |
#define | OIDC_STATE_KEY "state" |
OIDC state key. More... | |
#define | OIDC_NONCE_KEY "nonce" |
OIDC nonce key. More... | |
#define | OIDC_CLAIMS_KEY "claims" |
OIDC claims key. More... | |
#define | OIDC_CODE_CHALLENGE_KEY "code_challenge" |
OIDC PKCE code challenge. More... | |
#define | OIDC_CODE_VERIFIER_KEY "code_verifier" |
OIDC PKCE code verifier. More... | |
#define | OIDC_COOKIE_EXPIRATION 3 |
OIDC cookie expiration (in seconds) More... | |
#define | OIDC_COOKIE_HEADER_KEY "cookie" |
OIDC cookie header key. More... | |
#define | OIDC_AUTHORIZATION_HEADER_KEY "authorization" |
OIDC cookie header information key. More... | |
#define | OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" |
OIDC cookie header information key. More... | |
#define | OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" |
OIDC cookie header if user cancelled. More... | |
#define | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" |
OIDC expected response_type while authorizing. More... | |
#define | OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" |
OIDC expected scope part while authorizing. More... | |
#define | OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" |
OIDC error key for invalid client. More... | |
#define | OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" |
OIDC error key for invalid scopes. More... | |
#define | OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" |
OIDC error key for invalid requests. More... | |
#define | OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" |
OIDC error key for invalid tokens. More... | |
#define | OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" |
OIDC error key for invalid cookies. More... | |
#define | OIDC_ERROR_KEY_SERVER_ERROR "server_error" |
OIDC error key for generic server errors. More... | |
#define | OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" |
OIDC error key for unsupported grants. More... | |
#define | OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" |
OIDC error key for unsupported response types. More... | |
#define | OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" |
OIDC error key for unauthorized clients. More... | |
#define | OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" |
OIDC error key for denied access. More... | |
#define | OIDC_JWK_RSA_FILENAME "jwk_rsa.json" |
OIDC key store file name. More... | |
#define | CONSUME_TIMEOUT |
How long to wait for a consume in userinfo endpoint. More... | |
Functions | |
static void | cleanup_handle (struct RequestHandle *handle) |
Cleanup lookup handle. More... | |
static void | do_error (void *cls) |
Task run on error, sends error message. More... | |
static void | do_userinfo_error (void *cls) |
Task run on error in userinfo endpoint, sends error header. More... | |
static void | do_redirect_error (void *cls) |
Task run on error, sends error message and redirects. More... | |
static void | do_timeout (void *cls) |
Task run on timeout, sends error message. More... | |
static void | options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Respond to OPTIONS request. More... | |
static void | cookie_identity_interpretation (struct RequestHandle *handle) |
Interprets cookie header and pass its identity keystring to handle. More... | |
static json_t * | read_jwk_from_file (const char *filename) |
Read the the JSON Web Key in the given file and return it. More... | |
static int | write_jwk_to_file (const char *filename, json_t *jwk) |
Write the JWK to file. More... | |
static json_t * | generate_jwk () |
Generate a new RSA JSON Web Key. More... | |
static char * | get_oidc_dir_path (void *cls) |
Return the path to the oidc directory path. More... | |
static char * | get_oidc_jwk_path (void *cls) |
Return the path to the RSA JWK key file. More... | |
static void | login_redirect (void *cls) |
Redirects to login page stored in configuration file. More... | |
static void | oidc_iteration_error (void *cls) |
Does internal server error when iteration failed. More... | |
static void | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_PresentationList *presentation) |
Issues ticket and redirects to relying party with the authorization code as parameter. More... | |
static struct GNUNET_RECLAIM_AttributeList * | attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b) |
static void | oidc_cred_collect_finished_cb (void *cls) |
static void | oidc_cred_collect (void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, const struct GNUNET_RECLAIM_Credential *cred) |
Collects all attributes for an ego if in scope parameter. More... | |
static void | oidc_attr_collect_finished_cb (void *cls) |
static int | attr_in_claims_request (struct RequestHandle *handle, const char *attr_name, const char *claims_parameter) |
static int | attr_in_idtoken_request (struct RequestHandle *handle, const char *attr_name) |
static int | attr_in_userinfo_request (struct RequestHandle *handle, const char *attr_name) |
static void | oidc_attr_collect (void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr) |
Collects all attributes for an ego if in scope parameter. More... | |
static void | code_redirect (void *cls) |
Checks time and cookie and redirects accordingly. More... | |
static void | build_redirect (void *cls) |
static void | lookup_redirect_uri_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) |
static void | client_redirect (void *cls) |
Initiate redirect back to client. More... | |
static char * | get_url_parameter_copy (const struct RequestHandle *handle, const char *key) |
static void | build_authz_response (void *cls) |
Iteration over all results finished, build final response. More... | |
static void | tld_iter (void *cls, const char *section, const char *option, const char *value) |
Iterate over tlds in config. More... | |
static void | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to authorization GET and url-encoded POST request. More... | |
static void | login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Combines an identity with a login time and responds OK to login request. More... | |
static int | parse_credentials_basic_auth (struct RequestHandle *handle, char **client_id, char **client_secret) |
static int | parse_credentials_post_body (struct RequestHandle *handle, char **client_id, char **client_secret) |
static int | check_authorization (struct RequestHandle *handle, struct GNUNET_CRYPTO_PublicKey *cid) |
static const struct EgoEntry * | find_ego (struct RequestHandle *handle, struct GNUNET_CRYPTO_PublicKey *test_key) |
static void | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to token url-encoded POST request. More... | |
static void | consume_ticket (void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Presentation *presentation) |
Collects claims and stores them in handle. More... | |
static void | consume_fail (void *cls) |
static void | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to userinfo GET and url-encoded POST request. More... | |
static void | jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to /jwks.json. More... | |
static void | list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier) |
If listing is enabled, prints information about the egos. More... | |
static void | oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
static void | oidc_config_cors (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Respond to OPTIONS request. More... | |
enum GNUNET_GenericReturnValue | REST_openid_process_request (void *plugin, struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls) |
Function processing the REST call. More... | |
void * | REST_openid_init (const struct GNUNET_CONFIGURATION_Handle *c) |
Entry point for the plugin. More... | |
static int | cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value) |
void | REST_openid_done (struct GNUNET_REST_Plugin *api) |
Exit point from the plugin. More... | |
Variables | |
static const char * | OIDC_ignored_parameter_array [] |
OIDC ignored parameter array. More... | |
struct GNUNET_CONTAINER_MultiHashMap * | oidc_code_cache |
OIDC hashmap for cached access tokens and codes. More... | |
struct GNUNET_CONTAINER_MultiHashMap * | OIDC_cookie_jar_map |
OIDC hashmap that keeps track of issued cookies. More... | |
const struct GNUNET_CONFIGURATION_Handle * | oid_cfg |
The configuration handle. More... | |
static char * | allow_methods |
HTTP methods allows for this plugin. More... | |
static struct EgoEntry * | ego_head |
Ego list. More... | |
static struct EgoEntry * | ego_tail |
Ego list. More... | |
static int | state |
The processing state. More... | |
static struct GNUNET_IDENTITY_Handle * | identity_handle |
Handle to Identity service. More... | |
static struct GNUNET_GNS_Handle * | gns_handle |
GNS handle. More... | |
static struct GNUNET_RECLAIM_Handle * | idp |
Identity Provider. More... | |
static struct GNUNET_TIME_Relative | consume_timeout |
Timeout for consume call on userinfo. More... | |
json_t * | oidc_jwk |
The RSA key used by the oidc endpoint. More... | |
static struct RequestHandle * | requests_head |
DLL. More... | |
static struct RequestHandle * | requests_tail |
DLL. More... | |
#define GNUNET_REST_API_NS_OIDC "/openid" |
REST root namespace.
Definition at line 48 of file openid_plugin.c.
#define GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration" |
OIDC config.
Definition at line 53 of file openid_plugin.c.
#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" |
Authorize endpoint.
Definition at line 58 of file openid_plugin.c.
#define GNUNET_REST_API_NS_TOKEN "/openid/token" |
Token endpoint.
Definition at line 63 of file openid_plugin.c.
#define GNUNET_REST_API_JWKS "/jwks.json" |
JSON Web Keys endpoint.
Definition at line 68 of file openid_plugin.c.
#define GNUNET_REST_API_NS_USERINFO "/openid/userinfo" |
UserInfo endpoint.
Definition at line 73 of file openid_plugin.c.
#define GNUNET_REST_API_NS_LOGIN "/openid/login" |
Login namespace.
Definition at line 78 of file openid_plugin.c.
#define ID_REST_STATE_INIT 0 |
State while collecting all egos.
Definition at line 83 of file openid_plugin.c.
#define ID_REST_STATE_POST_INIT 1 |
Done collecting egos.
Definition at line 88 of file openid_plugin.c.
#define OIDC_GRANT_TYPE_KEY "grant_type" |
OIDC grant_type key.
Definition at line 93 of file openid_plugin.c.
#define OIDC_GRANT_TYPE_VALUE "authorization_code" |
OIDC grant_type key.
Definition at line 98 of file openid_plugin.c.
#define OIDC_CODE_KEY "code" |
OIDC code key.
Definition at line 103 of file openid_plugin.c.
#define OIDC_RESPONSE_TYPE_KEY "response_type" |
OIDC response_type key.
Definition at line 108 of file openid_plugin.c.
#define OIDC_CLIENT_ID_KEY "client_id" |
OIDC client_id key.
Definition at line 113 of file openid_plugin.c.
#define OIDC_SCOPE_KEY "scope" |
OIDC scope key.
Definition at line 118 of file openid_plugin.c.
#define OIDC_REDIRECT_URI_KEY "redirect_uri" |
OIDC redirect_uri key.
Definition at line 123 of file openid_plugin.c.
#define OIDC_STATE_KEY "state" |
OIDC state key.
Definition at line 128 of file openid_plugin.c.
#define OIDC_NONCE_KEY "nonce" |
OIDC nonce key.
Definition at line 133 of file openid_plugin.c.
#define OIDC_CLAIMS_KEY "claims" |
OIDC claims key.
Definition at line 138 of file openid_plugin.c.
#define OIDC_CODE_CHALLENGE_KEY "code_challenge" |
OIDC PKCE code challenge.
Definition at line 143 of file openid_plugin.c.
#define OIDC_CODE_VERIFIER_KEY "code_verifier" |
OIDC PKCE code verifier.
Definition at line 148 of file openid_plugin.c.
#define OIDC_COOKIE_EXPIRATION 3 |
OIDC cookie expiration (in seconds)
Definition at line 153 of file openid_plugin.c.
#define OIDC_COOKIE_HEADER_KEY "cookie" |
OIDC cookie header key.
Definition at line 158 of file openid_plugin.c.
#define OIDC_AUTHORIZATION_HEADER_KEY "authorization" |
OIDC cookie header information key.
Definition at line 163 of file openid_plugin.c.
#define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" |
OIDC cookie header information key.
Definition at line 168 of file openid_plugin.c.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" |
OIDC cookie header if user cancelled.
Definition at line 173 of file openid_plugin.c.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" |
OIDC expected response_type while authorizing.
Definition at line 178 of file openid_plugin.c.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" |
OIDC expected scope part while authorizing.
Definition at line 183 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" |
OIDC error key for invalid client.
Definition at line 188 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" |
OIDC error key for invalid scopes.
Definition at line 193 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" |
OIDC error key for invalid requests.
Definition at line 198 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" |
OIDC error key for invalid tokens.
Definition at line 203 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" |
OIDC error key for invalid cookies.
Definition at line 208 of file openid_plugin.c.
#define OIDC_ERROR_KEY_SERVER_ERROR "server_error" |
OIDC error key for generic server errors.
Definition at line 213 of file openid_plugin.c.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" |
OIDC error key for unsupported grants.
Definition at line 218 of file openid_plugin.c.
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" |
OIDC error key for unsupported response types.
Definition at line 223 of file openid_plugin.c.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" |
OIDC error key for unauthorized clients.
Definition at line 228 of file openid_plugin.c.
#define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" |
OIDC error key for denied access.
Definition at line 233 of file openid_plugin.c.
#define OIDC_JWK_RSA_FILENAME "jwk_rsa.json" |
OIDC key store file name.
Definition at line 238 of file openid_plugin.c.
#define CONSUME_TIMEOUT |
How long to wait for a consume in userinfo endpoint.
Definition at line 243 of file openid_plugin.c.
|
static |
Cleanup lookup handle.
handle | Handle to clean up |
Definition at line 600 of file openid_plugin.c.
References GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_lookup_cancel(), GNUNET_log, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_credential_list_destroy(), GNUNET_RECLAIM_get_attributes_stop(), GNUNET_RECLAIM_get_credentials_stop(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_RECLAIM_ticket_iteration_stop(), GNUNET_SCHEDULER_cancel(), handle, requests_head, and requests_tail.
Referenced by build_redirect(), consume_fail(), consume_ticket(), do_error(), do_redirect_error(), do_userinfo_error(), jwks_endpoint(), login_cont(), login_redirect(), oidc_config_cors(), oidc_config_endpoint(), oidc_ticket_issue_cb(), options_cont(), REST_openid_done(), and token_endpoint().
|
static |
Task run on error, sends error message.
Cleans up everything.
cls | the struct RequestHandle |
Definition at line 662 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), and handle.
Referenced by authorize_endpoint(), build_authz_response(), consume_fail(), do_timeout(), get_oidc_dir_path(), login_redirect(), oidc_iteration_error(), and token_endpoint().
|
static |
Task run on error in userinfo endpoint, sends error header.
Cleans up everything
cls | the struct RequestHandle |
Definition at line 699 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_REST_create_response(), and handle.
Referenced by consume_fail(), and userinfo_endpoint().
|
static |
Task run on error, sends error message and redirects.
Cleans up everything.
cls | the struct RequestHandle |
Definition at line 728 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), and handle.
Referenced by build_authz_response(), code_redirect(), lookup_redirect_uri_result(), oidc_attr_collect_finished_cb(), and oidc_ticket_issue_cb().
|
static |
Task run on timeout, sends error message.
Cleans up everything.
cls | the struct RequestHandle |
Definition at line 756 of file openid_plugin.c.
References do_error(), and handle.
Referenced by REST_openid_process_request().
|
static |
Respond to OPTIONS request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 773 of file openid_plugin.c.
References allow_methods, cleanup_handle(), GNUNET_REST_create_response(), and handle.
Referenced by REST_openid_process_request().
|
static |
Interprets cookie header and pass its identity keystring to handle.
Definition at line 793 of file openid_plugin.c.
References GNUNET_TIME_Absolute::abs_value_us, GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NO, GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, OIDC_COOKIE_HEADER_ACCESS_DENIED, OIDC_COOKIE_HEADER_INFORMATION_KEY, OIDC_COOKIE_HEADER_KEY, OIDC_cookie_jar_map, and value.
Referenced by authorize_endpoint().
|
static |
Read the the JSON Web Key in the given file and return it.
Return NULL and emit warning if JSON can not be decoded or the key is invalid
filename | the file to read the JWK from |
Definition at line 890 of file openid_plugin.c.
References filename, GNUNET_ERROR_TYPE_WARNING, and GNUNET_log.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
Write the JWK to file.
If unsuccessful emit warning
filename | the name of the file the JWK is written to |
jwk | the JWK that is going to be written |
Definition at line 916 of file openid_plugin.c.
References filename, GNUNET_ERROR_TYPE_WARNING, GNUNET_log, and GNUNET_OK.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
Generate a new RSA JSON Web Key.
Definition at line 937 of file openid_plugin.c.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
Return the path to the oidc directory path.
cls | the RequestHandle |
Definition at line 953 of file openid_plugin.c.
References do_error(), GNUNET_CONFIGURATION_get_value_filename(), GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, oid_cfg, and OIDC_ERROR_KEY_SERVER_ERROR.
Referenced by get_oidc_jwk_path(), jwks_endpoint(), and token_endpoint().
|
static |
Return the path to the RSA JWK key file.
cls | the RequestHandle |
Definition at line 982 of file openid_plugin.c.
References get_oidc_dir_path(), GNUNET_asprintf(), and OIDC_JWK_RSA_FILENAME.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
Redirects to login page stored in configuration file.
Definition at line 1001 of file openid_plugin.c.
References cleanup_handle(), do_error(), GNUNET_buffer_reap_str(), GNUNET_buffer_write_fstr(), GNUNET_buffer_write_str(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_free, GNUNET_OK, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_urlencode(), handle, oid_cfg, OIDC_CLAIMS_KEY, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, and OIDC_STATE_KEY.
Referenced by build_authz_response(), and code_redirect().
|
static |
Does internal server error when iteration failed.
Definition at line 1099 of file openid_plugin.c.
References do_error(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, and OIDC_ERROR_KEY_SERVER_ERROR.
Referenced by code_redirect(), and oidc_attr_collect_finished_cb().
|
static |
Issues ticket and redirects to relying party with the authorization code as parameter.
Otherwise redirects with error
Definition at line 1114 of file openid_plugin.c.
References cleanup_handle(), do_redirect_error(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_data_to_string_alloc(), handle, OIDC_build_authz_code(), OIDC_ERROR_KEY_SERVER_ERROR, and ticket.
Referenced by oidc_cred_collect_finished_cb().
|
static |
Attribute already in list
Attribute already in list
Definition at line 1180 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, credential, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_YES, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, and GNUNET_RECLAIM_Attribute::type.
Referenced by oidc_cred_collect_finished_cb().
|
static |
Definition at line 1235 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, attribute_list_merge(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_ticket_issue(), handle, idp, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, and oidc_ticket_issue_cb().
Referenced by oidc_attr_collect_finished_cb().
|
static |
Collects all attributes for an ego if in scope parameter.
Credential already in list
Credential matches for attribute, add
Definition at line 1262 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, cred, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_CredentialListEntry::credential, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_NO, GNUNET_RECLAIM_credential_new(), GNUNET_RECLAIM_get_credentials_next(), GNUNET_RECLAIM_id_is_equal, handle, GNUNET_RECLAIM_Credential::id, GNUNET_RECLAIM_AttributeListEntry::next, and GNUNET_RECLAIM_CredentialListEntry::next.
Referenced by oidc_attr_collect_finished_cb().
|
static |
Definition at line 1300 of file openid_plugin.c.
References do_redirect_error(), GNUNET_new, GNUNET_RECLAIM_get_credentials_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, idp, oidc_cred_collect(), oidc_cred_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_SCOPE, and oidc_iteration_error().
Referenced by code_redirect().
|
static |
Check if attribute is requested through a scope
Try claims parameter if not in scope
Definition at line 1328 of file openid_plugin.c.
References attr_name, GNUNET_NO, GNUNET_YES, handle, key, OIDC_check_scopes_for_claim_request(), ret, and value.
Referenced by attr_in_idtoken_request(), and attr_in_userinfo_request().
|
static |
Definition at line 1366 of file openid_plugin.c.
References attr_in_claims_request(), attr_name, and handle.
Referenced by oidc_attr_collect().
|
static |
Definition at line 1374 of file openid_plugin.c.
References attr_in_claims_request(), attr_name, and handle.
Referenced by oidc_attr_collect().
|
static |
Collects all attributes for an ego if in scope parameter.
Definition at line 1385 of file openid_plugin.c.
References attr_in_idtoken_request(), attr_in_userinfo_request(), GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_get_attributes_next(), GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_Attribute::name, and GNUNET_RECLAIM_Attribute::type.
Referenced by code_redirect().
|
static |
Checks time and cookie and redirects accordingly.
Definition at line 1430 of file openid_plugin.c.
References GNUNET_TIME_Absolute::abs_value_us, do_redirect_error(), ego_head, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_get_attributes_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, idp, login_redirect(), oidc_attr_collect(), oidc_attr_collect_finished_cb(), OIDC_cookie_jar_map, OIDC_ERROR_KEY_INVALID_COOKIE, oidc_iteration_error(), and pubkey.
Referenced by build_redirect().
|
static |
Definition at line 1499 of file openid_plugin.c.
References cleanup_handle(), code_redirect(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_YES, and handle.
Referenced by lookup_redirect_uri_result().
|
static |
Definition at line 1542 of file openid_plugin.c.
References build_redirect(), data, data_size, GNUNET_GNSRECORD_Data::data_size, do_redirect_error(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_log, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_strndup, handle, OIDC_ERROR_KEY_SERVER_ERROR, rd, and rd_count.
Referenced by client_redirect().
|
static |
Initiate redirect back to client.
Definition at line 1621 of file openid_plugin.c.
References gns_handle, GNUNET_GNS_EMPTY_LABEL_AT, GNUNET_GNS_LO_DEFAULT, GNUNET_GNS_lookup(), GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, handle, and lookup_redirect_uri_result().
Referenced by build_authz_response().
|
static |
Definition at line 1638 of file openid_plugin.c.
References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_STRINGS_urldecode(), GNUNET_YES, handle, key, res, and value.
Referenced by authorize_endpoint(), build_authz_response(), check_authorization(), consume_fail(), and token_endpoint().
|
static |
Iteration over all results finished, build final response.
cls | the struct RequestHandle |
Definition at line 1665 of file openid_plugin.c.
References client_redirect(), do_error(), do_redirect_error(), get_url_parameter_copy(), GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_YES, handle, login_redirect(), OIDC_CLAIMS_KEY, OIDC_ERROR_KEY_ACCESS_DENIED, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_SCOPE, OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_SCOPE, OIDC_ignored_parameter_array, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, and OIDC_SCOPE_KEY.
Referenced by authorize_endpoint().
|
static |
Iterate over tlds in config.
Definition at line 1779 of file openid_plugin.c.
References GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_strdup, handle, pkey, and value.
Referenced by authorize_endpoint().
|
static |
Responds to authorization GET and url-encoded POST request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 1803 of file openid_plugin.c.
References build_authz_response(), cookie_identity_interpretation(), do_error(), EgoEntry::ego, ego_head, ego_tail, get_url_parameter_copy(), GNUNET_CONFIGURATION_iterate_section_values(), GNUNET_CRYPTO_key_get_public(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_WARNING, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, EgoEntry::identifier, EgoEntry::next, oid_cfg, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT, OIDC_STATE_KEY, pkey, and tld_iter().
Referenced by REST_openid_process_request().
|
static |
Combines an identity with a login time and responds OK to login request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 1878 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_memcpy, GNUNET_new, GNUNET_REST_create_response(), GNUNET_TIME_relative_get_second_(), GNUNET_TIME_relative_multiply(), GNUNET_TIME_relative_to_absolute(), handle, identity, OIDC_COOKIE_EXPIRATION, and OIDC_cookie_jar_map.
Referenced by REST_openid_process_request().
|
static |
Definition at line 1946 of file openid_plugin.c.
References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_base64_decode(), GNUNET_SYSERR, handle, and OIDC_AUTHORIZATION_HEADER_KEY.
Referenced by check_authorization().
|
static |
Definition at line 2001 of file openid_plugin.c.
References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, and handle.
Referenced by check_authorization().
|
static |
Allow public clients with PKCE
Definition at line 2047 of file openid_plugin.c.
References ego_head, get_url_parameter_copy(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_SYSERR, GNUNET_YES, handle, oid_cfg, OIDC_CLIENT_ID_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_CLIENT, OIDC_ERROR_KEY_SERVER_ERROR, parse_credentials_basic_auth(), and parse_credentials_post_body().
Referenced by token_endpoint().
|
static |
Definition at line 2144 of file openid_plugin.c.
References EgoEntry::ego, ego_head, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, and EgoEntry::next.
Referenced by token_endpoint().
|
static |
Responds to token url-encoded POST request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Store mapping from access token to code so we can later fall back on the provided attributes in userinfo one time.
Note to future self: This cache has the following purpose: Some OIDC plugins call the userendpoint right after receiving an ID token and access token. There are reasons why this would make sense. Others not so much. In any case, in order to smoothen out the user experience upon login (authorization), we speculatively cache the next userinfo response in case the actual resolution through reclaim/GNS takes too long.
Definition at line 2169 of file openid_plugin.c.
References check_authorization(), cleanup_handle(), do_error(), find_ego(), generate_jwk(), get_oidc_dir_path(), get_oidc_jwk_path(), get_url_parameter_copy(), GNUNET_RECLAIM_Ticket::gns_name, GNUNET_assert, GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_DISK_directory_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNS_parse_ztld(), GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_SYSERR, handle, JWT_ALG_VALUE_HMAC, JWT_ALG_VALUE_RSA, oid_cfg, OIDC_access_token_new(), OIDC_build_token_response(), OIDC_CLIENT_ID_KEY, oidc_code_cache, OIDC_CODE_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE, OIDC_generate_id_token_hmac(), OIDC_generate_id_token_rsa(), OIDC_GRANT_TYPE_KEY, OIDC_GRANT_TYPE_VALUE, OIDC_parse_authz_code(), OIDC_VERIFICATION_DEFAULT, read_jwk_from_file(), ticket, and write_jwk_to_file().
Referenced by REST_openid_process_request().
|
static |
Collects claims and stores them in handle.
We received a reply. In any case clear the cache.
already in list
Credential matches for attribute, add
Definition at line 2456 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, cleanup_handle(), GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Presentation::credential_id, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Presentation::data, data_size, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_assert, GNUNET_CONTAINER_DLL_insert, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_remove(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_RECLAIM_presentation_new(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_cancel(), GNUNET_strdup, GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::id, identity, key, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_PresentationListEntry::next, oidc_code_cache, OIDC_generate_userinfo(), GNUNET_RECLAIM_PresentationListEntry::presentation, GNUNET_RECLAIM_Attribute::type, and GNUNET_RECLAIM_Presentation::type.
Referenced by userinfo_endpoint().
|
static |
Remove the cached item
Definition at line 2553 of file openid_plugin.c.
References cleanup_handle(), do_error(), do_userinfo_error(), get_url_parameter_copy(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_remove(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_YES, handle, key, OIDC_CLIENT_ID_KEY, oidc_code_cache, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_TOKEN, OIDC_generate_userinfo(), OIDC_parse_authz_code(), OIDC_VERIFICATION_NO_CODE_VERIFIER, and ticket.
Referenced by userinfo_endpoint().
|
static |
Responds to userinfo GET and url-encoded POST request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 2652 of file openid_plugin.c.
References consume_fail(), consume_ticket(), consume_timeout, do_userinfo_error(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_RECLAIM_ticket_consume(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, idp, OIDC_access_token_parse(), OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_TOKEN, and ticket.
Referenced by REST_openid_process_request().
|
static |
Responds to /jwks.json.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 2753 of file openid_plugin.c.
References cleanup_handle(), generate_jwk(), get_oidc_dir_path(), get_oidc_jwk_path(), GNUNET_DISK_directory_create(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_REST_create_response(), handle, read_jwk_from_file(), and write_jwk_to_file().
Referenced by REST_openid_process_request().
|
static |
If listing is enabled, prints information about the egos.
This function is initially called for all egos and then again whenever a ego's identifier changes or if it is deleted. At the end of the initial pass over all egos, the function is once called with 'NULL' for 'ego'. That does NOT mean that the callback won't be invoked in the future or that there was an error.
When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this function is only called ONCE, and 'NULL' being passed in 'ego' does indicate an error (for example because name is taken or no default value is known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the value WILL be passed to a subsequent call to the identity callback of 'GNUNET_IDENTITY_connect' (if that one was not NULL).
When an identity is renamed, this function is called with the (known) ego but the NEW identifier.
When an identity is deleted, this function is called with the (known) ego and "NULL" for the 'identifier'. In this case, the 'ego' is henceforth invalid (and the 'ctx' should also be cleaned up).
cls | closure |
ego | ego handle |
ctx | context for application to store data for this ego (during the lifetime of this process, initially NULL) |
identifier | identifier assigned by the user for this ego, NULL if the user just deleted the ego and it must thus no longer be used |
Definition at line 2834 of file openid_plugin.c.
References EgoEntry::ego, ego_head, ego_tail, GNUNET_CONTAINER_DLL_insert_tail, GNUNET_CONTAINER_DLL_remove, GNUNET_CRYPTO_public_key_to_string(), GNUNET_free, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_new, GNUNET_strdup, ID_REST_STATE_INIT, ID_REST_STATE_POST_INIT, EgoEntry::identifier, EgoEntry::keystring, EgoEntry::next, pk, and state.
Referenced by REST_openid_init().
|
static |
Definition at line 2911 of file openid_plugin.c.
References cleanup_handle(), GNUNET_free, GNUNET_REST_create_response(), and handle.
Referenced by REST_openid_process_request().
|
static |
Respond to OPTIONS request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 3012 of file openid_plugin.c.
References allow_methods, cleanup_handle(), GNUNET_assert, GNUNET_REST_create_response(), and handle.
Referenced by REST_openid_process_request().
enum GNUNET_GenericReturnValue REST_openid_process_request | ( | void * | plugin, |
struct GNUNET_REST_RequestHandle * | conndata_handle, | ||
GNUNET_REST_ResultProcessor | proc, | ||
void * | proc_cls | ||
) |
Function processing the REST call.
method | HTTP method |
url | URL of the HTTP request |
data | body of the HTTP request (optional) |
data_size | length of the body |
proc | callback function for the result |
proc_cls | closure for proc |
Definition at line 3036 of file openid_plugin.c.
References authorize_endpoint(), do_timeout(), GNUNET_CONTAINER_DLL_insert, GNUNET_CONTAINER_multihashmap_create(), GNUNET_new, GNUNET_NO, GNUNET_REST_API_JWKS, GNUNET_REST_API_NS_AUTHORIZE, GNUNET_REST_API_NS_LOGIN, GNUNET_REST_API_NS_OIDC, GNUNET_REST_API_NS_OIDC_CONFIG, GNUNET_REST_API_NS_TOKEN, GNUNET_REST_API_NS_USERINFO, GNUNET_REST_handle_request(), GNUNET_REST_HANDLER_END, GNUNET_SCHEDULER_add_delayed(), GNUNET_strdup, GNUNET_TIME_UNIT_FOREVER_REL, GNUNET_YES, handle, handlers, jwks_endpoint(), login_cont(), oidc_code_cache, oidc_config_cors(), oidc_config_endpoint(), OIDC_cookie_jar_map, options_cont(), GNUNET_REST_RequestHandler::proc, requests_head, requests_tail, token_endpoint(), GNUNET_REST_RequestHandle::url, and userinfo_endpoint().
Referenced by run().
void * REST_openid_init | ( | const struct GNUNET_CONFIGURATION_Handle * | c | ) |
Entry point for the plugin.
cls | Config info |
Definition at line 3095 of file openid_plugin.c.
References _, allow_methods, GNUNET_REST_Plugin::cls, CONSUME_TIMEOUT, consume_timeout, gns_handle, GNUNET_asprintf(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_GNS_connect(), GNUNET_IDENTITY_connect(), GNUNET_log, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_connect(), GNUNET_REST_API_NS_OIDC, ID_REST_STATE_INIT, identity_handle, idp, list_ego(), GNUNET_REST_Plugin::name, oid_cfg, plugin, and state.
Referenced by run().
|
static |
Definition at line 3136 of file openid_plugin.c.
References GNUNET_free, GNUNET_YES, and value.
Referenced by REST_openid_done().
void REST_openid_done | ( | struct GNUNET_REST_Plugin * | api | ) |
Exit point from the plugin.
cls | the plugin context (as returned by "init") |
Definition at line 3144 of file openid_plugin.c.
References allow_methods, Plugin::api, cleanup_handle(), cleanup_hashmap(), GNUNET_BLOCK_PluginFunctions::cls, ego_head, ego_tail, gns_handle, GNUNET_CONTAINER_DLL_remove, GNUNET_CONTAINER_multihashmap_destroy(), GNUNET_CONTAINER_multihashmap_iterate(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_disconnect(), GNUNET_IDENTITY_disconnect(), GNUNET_log, GNUNET_RECLAIM_disconnect(), EgoEntry::identifier, identity_handle, idp, EgoEntry::keystring, oidc_code_cache, OIDC_cookie_jar_map, plugin, and requests_head.
Referenced by do_shutdown().
|
static |
OIDC ignored parameter array.
Definition at line 249 of file openid_plugin.c.
Referenced by build_authz_response().
struct GNUNET_CONTAINER_MultiHashMap* oidc_code_cache |
OIDC hashmap for cached access tokens and codes.
Definition at line 260 of file openid_plugin.c.
Referenced by consume_fail(), consume_ticket(), REST_openid_done(), REST_openid_process_request(), and token_endpoint().
struct GNUNET_CONTAINER_MultiHashMap* OIDC_cookie_jar_map |
OIDC hashmap that keeps track of issued cookies.
Definition at line 265 of file openid_plugin.c.
Referenced by code_redirect(), cookie_identity_interpretation(), login_cont(), REST_openid_done(), and REST_openid_process_request().
const struct GNUNET_CONFIGURATION_Handle* oid_cfg |
The configuration handle.
Definition at line 270 of file openid_plugin.c.
Referenced by authorize_endpoint(), check_authorization(), get_oidc_dir_path(), login_redirect(), REST_openid_init(), and token_endpoint().
|
static |
HTTP methods allows for this plugin.
Definition at line 275 of file openid_plugin.c.
Referenced by oidc_config_cors(), options_cont(), REST_openid_done(), and REST_openid_init().
|
static |
Ego list.
Definition at line 280 of file openid_plugin.c.
Referenced by authorize_endpoint(), check_authorization(), code_redirect(), find_ego(), list_ego(), and REST_openid_done().
|
static |
Ego list.
Definition at line 285 of file openid_plugin.c.
Referenced by authorize_endpoint(), list_ego(), and REST_openid_done().
|
static |
The processing state.
Definition at line 290 of file openid_plugin.c.
Referenced by list_ego(), and REST_openid_init().
|
static |
Handle to Identity service.
Definition at line 295 of file openid_plugin.c.
Referenced by REST_openid_done(), and REST_openid_init().
|
static |
GNS handle.
Definition at line 300 of file openid_plugin.c.
Referenced by client_redirect(), REST_openid_done(), and REST_openid_init().
|
static |
Identity Provider.
Definition at line 305 of file openid_plugin.c.
Referenced by cleanup_client(), client_connect_cb(), client_disconnect_cb(), code_redirect(), handle_attribute_delete_message(), handle_attribute_store_message(), handle_consume_ticket_message(), handle_credential_delete_message(), handle_credential_iteration_next(), handle_credential_iteration_start(), handle_credential_iteration_stop(), handle_credential_store_message(), handle_issue_ticket_message(), handle_iteration_next(), handle_iteration_start(), handle_iteration_stop(), handle_revoke_ticket_message(), oidc_attr_collect_finished_cb(), oidc_cred_collect_finished_cb(), REST_openid_done(), REST_openid_init(), and userinfo_endpoint().
|
static |
Timeout for consume call on userinfo.
Definition at line 310 of file openid_plugin.c.
Referenced by REST_openid_init(), and userinfo_endpoint().
json_t* oidc_jwk |
The RSA key used by the oidc endpoint.
Definition at line 323 of file openid_plugin.c.
|
static |
DLL.
Definition at line 587 of file openid_plugin.c.
Referenced by cleanup_handle(), REST_openid_done(), and REST_openid_process_request().
|
static |
DLL.
Definition at line 592 of file openid_plugin.c.
Referenced by cleanup_handle(), and REST_openid_process_request().