#include "platform.h"
#include <inttypes.h>
#include <jansson.h>
#include <jose/jose.h>
#include "gnunet_util_lib.h"
#include "gnunet_gns_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_identity_service.h"
#include "gnunet_reclaim_lib.h"
#include "gnunet_reclaim_service.h"
#include "gnunet_rest_lib.h"
#include "gnunet_rest_plugin.h"
#include "microhttpd.h"
#include "oidc_helper.h"
Go to the source code of this file.
Data Structures | |
struct | Plugin |
Handle for a plugin. More... | |
struct | OIDC_Variables |
OIDC needed variables. More... | |
struct | EgoEntry |
The default namestore ego. More... | |
struct | RequestHandle |
The request handle. More... | |
Macros | |
#define | GNUNET_REST_API_NS_OIDC "/openid" |
REST root namespace. More... | |
#define | GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration" |
OIDC config. More... | |
#define | GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" |
Authorize endpoint. More... | |
#define | GNUNET_REST_API_NS_TOKEN "/openid/token" |
Token endpoint. More... | |
#define | GNUNET_REST_API_JWKS "/jwks.json" |
JSON Web Keys endpoint. More... | |
#define | GNUNET_REST_API_NS_USERINFO "/openid/userinfo" |
UserInfo endpoint. More... | |
#define | GNUNET_REST_API_NS_LOGIN "/openid/login" |
Login namespace. More... | |
#define | ID_REST_STATE_INIT 0 |
State while collecting all egos. More... | |
#define | ID_REST_STATE_POST_INIT 1 |
Done collecting egos. More... | |
#define | OIDC_GRANT_TYPE_KEY "grant_type" |
OIDC grant_type key. More... | |
#define | OIDC_GRANT_TYPE_VALUE "authorization_code" |
OIDC grant_type key. More... | |
#define | OIDC_CODE_KEY "code" |
OIDC code key. More... | |
#define | OIDC_RESPONSE_TYPE_KEY "response_type" |
OIDC response_type key. More... | |
#define | OIDC_CLIENT_ID_KEY "client_id" |
OIDC client_id key. More... | |
#define | OIDC_SCOPE_KEY "scope" |
OIDC scope key. More... | |
#define | OIDC_REDIRECT_URI_KEY "redirect_uri" |
OIDC redirect_uri key. More... | |
#define | OIDC_STATE_KEY "state" |
OIDC state key. More... | |
#define | OIDC_NONCE_KEY "nonce" |
OIDC nonce key. More... | |
#define | OIDC_CLAIMS_KEY "claims" |
OIDC claims key. More... | |
#define | OIDC_CODE_CHALLENGE_KEY "code_challenge" |
OIDC PKCE code challenge. More... | |
#define | OIDC_CODE_VERIFIER_KEY "code_verifier" |
OIDC PKCE code verifier. More... | |
#define | OIDC_COOKIE_EXPIRATION 3 |
OIDC cookie expiration (in seconds) More... | |
#define | OIDC_COOKIE_HEADER_KEY "cookie" |
OIDC cookie header key. More... | |
#define | OIDC_AUTHORIZATION_HEADER_KEY "authorization" |
OIDC cookie header information key. More... | |
#define | OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" |
OIDC cookie header information key. More... | |
#define | OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" |
OIDC cookie header if user cancelled. More... | |
#define | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" |
OIDC expected response_type while authorizing. More... | |
#define | OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" |
OIDC expected scope part while authorizing. More... | |
#define | OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" |
OIDC error key for invalid client. More... | |
#define | OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" |
OIDC error key for invalid scopes. More... | |
#define | OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" |
OIDC error key for invalid requests. More... | |
#define | OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" |
OIDC error key for invalid tokens. More... | |
#define | OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" |
OIDC error key for invalid cookies. More... | |
#define | OIDC_ERROR_KEY_SERVER_ERROR "server_error" |
OIDC error key for generic server errors. More... | |
#define | OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" |
OIDC error key for unsupported grants. More... | |
#define | OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" |
OIDC error key for unsupported response types. More... | |
#define | OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" |
OIDC error key for unauthorized clients. More... | |
#define | OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" |
OIDC error key for denied access. More... | |
#define | OIDC_JWK_RSA_FILENAME "jwk_rsa.json" |
OIDC key store file name. More... | |
#define | CONSUME_TIMEOUT |
How long to wait for a consume in userinfo endpoint. More... | |
Functions | |
static void | cleanup_handle (struct RequestHandle *handle) |
Cleanup lookup handle. More... | |
static void | do_error (void *cls) |
Task run on error, sends error message. More... | |
static void | do_userinfo_error (void *cls) |
Task run on error in userinfo endpoint, sends error header. More... | |
static void | do_redirect_error (void *cls) |
Task run on error, sends error message and redirects. More... | |
static void | do_timeout (void *cls) |
Task run on timeout, sends error message. More... | |
static void | options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Respond to OPTIONS request. More... | |
static void | cookie_identity_interpretation (struct RequestHandle *handle) |
Interprets cookie header and pass its identity keystring to handle. More... | |
json_t * | read_jwk_from_file (const char *filename) |
Read the the JSON Web Key in the given file and return it. More... | |
static int | write_jwk_to_file (const char *filename, json_t *jwk) |
Write the JWK to file. More... | |
json_t * | generate_jwk () |
Generate a new RSA JSON Web Key. More... | |
char * | get_oidc_dir_path (void *cls) |
Return the path to the oidc directory path. More... | |
char * | get_oidc_jwk_path (void *cls) |
Return the path to the RSA JWK key file. More... | |
static void | login_redirect (void *cls) |
Redirects to login page stored in configuration file. More... | |
static void | oidc_iteration_error (void *cls) |
Does internal server error when iteration failed. More... | |
static void | oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_PresentationList *presentation) |
Issues ticket and redirects to relying party with the authorization code as parameter. More... | |
static struct GNUNET_RECLAIM_AttributeList * | attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, struct GNUNET_RECLAIM_AttributeList *list_b) |
static void | oidc_cred_collect_finished_cb (void *cls) |
static void | oidc_cred_collect (void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, const struct GNUNET_RECLAIM_Credential *cred) |
Collects all attributes for an ego if in scope parameter. More... | |
static void | oidc_attr_collect_finished_cb (void *cls) |
static int | attr_in_claims_request (struct RequestHandle *handle, const char *attr_name, const char *claims_parameter) |
static int | attr_in_idtoken_request (struct RequestHandle *handle, const char *attr_name) |
static int | attr_in_userinfo_request (struct RequestHandle *handle, const char *attr_name) |
static void | oidc_attr_collect (void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr) |
Collects all attributes for an ego if in scope parameter. More... | |
static void | code_redirect (void *cls) |
Checks time and cookie and redirects accordingly. More... | |
static void | build_redirect (void *cls) |
static void | lookup_redirect_uri_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) |
static void | client_redirect (void *cls) |
Initiate redirect back to client. More... | |
static char * | get_url_parameter_copy (const struct RequestHandle *handle, const char *key) |
static void | build_authz_response (void *cls) |
Iteration over all results finished, build final response. More... | |
static void | tld_iter (void *cls, const char *section, const char *option, const char *value) |
Iterate over tlds in config. More... | |
static void | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to authorization GET and url-encoded POST request. More... | |
static void | login_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Combines an identity with a login time and responds OK to login request. More... | |
static int | parse_credentials_basic_auth (struct RequestHandle *handle, char **client_id, char **client_secret) |
static int | parse_credentials_post_body (struct RequestHandle *handle, char **client_id, char **client_secret) |
static int | check_authorization (struct RequestHandle *handle, struct GNUNET_CRYPTO_PublicKey *cid) |
const struct EgoEntry * | find_ego (struct RequestHandle *handle, struct GNUNET_CRYPTO_PublicKey *test_key) |
static void | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to token url-encoded POST request. More... | |
static void | consume_ticket (void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, const struct GNUNET_RECLAIM_Presentation *presentation) |
Collects claims and stores them in handle. More... | |
static void | consume_fail (void *cls) |
static void | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to userinfo GET and url-encoded POST request. More... | |
static void | jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Responds to /jwks.json. More... | |
static void | list_ego (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *identifier) |
If listing is enabled, prints information about the egos. More... | |
static void | oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
static void | oidc_config_cors (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) |
Respond to OPTIONS request. More... | |
enum GNUNET_GenericReturnValue | REST_openid_process_request (void *plugin, struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls) |
Function processing the REST call. More... | |
void * | REST_openid_init (const struct GNUNET_CONFIGURATION_Handle *c) |
Entry point for the plugin. More... | |
static int | cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value) |
void * | REST_openid_done (void *cls) |
Exit point from the plugin. More... | |
Variables | |
static char * | OIDC_ignored_parameter_array [] |
OIDC ignored parameter array. More... | |
struct GNUNET_CONTAINER_MultiHashMap * | oidc_code_cache |
OIDC hashmap for cached access tokens and codes. More... | |
struct GNUNET_CONTAINER_MultiHashMap * | OIDC_cookie_jar_map |
OIDC hashmap that keeps track of issued cookies. More... | |
const struct GNUNET_CONFIGURATION_Handle * | oid_cfg |
The configuration handle. More... | |
static char * | allow_methods |
HTTP methods allows for this plugin. More... | |
static struct EgoEntry * | ego_head |
Ego list. More... | |
static struct EgoEntry * | ego_tail |
Ego list. More... | |
static int | state |
The processing state. More... | |
static struct GNUNET_IDENTITY_Handle * | identity_handle |
Handle to Identity service. More... | |
static struct GNUNET_GNS_Handle * | gns_handle |
GNS handle. More... | |
static struct GNUNET_RECLAIM_Handle * | idp |
Identity Provider. More... | |
static struct GNUNET_TIME_Relative | consume_timeout |
Timeout for consume call on userinfo. More... | |
json_t * | oidc_jwk |
The RSA key used by the oidc enpoint. More... | |
static struct RequestHandle * | requests_head |
DLL. More... | |
static struct RequestHandle * | requests_tail |
DLL. More... | |
#define GNUNET_REST_API_NS_OIDC "/openid" |
REST root namespace.
Definition at line 47 of file openid_plugin.c.
#define GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration" |
OIDC config.
Definition at line 52 of file openid_plugin.c.
#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" |
Authorize endpoint.
Definition at line 57 of file openid_plugin.c.
#define GNUNET_REST_API_NS_TOKEN "/openid/token" |
Token endpoint.
Definition at line 62 of file openid_plugin.c.
#define GNUNET_REST_API_JWKS "/jwks.json" |
JSON Web Keys endpoint.
Definition at line 67 of file openid_plugin.c.
#define GNUNET_REST_API_NS_USERINFO "/openid/userinfo" |
UserInfo endpoint.
Definition at line 72 of file openid_plugin.c.
#define GNUNET_REST_API_NS_LOGIN "/openid/login" |
Login namespace.
Definition at line 77 of file openid_plugin.c.
#define ID_REST_STATE_INIT 0 |
State while collecting all egos.
Definition at line 82 of file openid_plugin.c.
#define ID_REST_STATE_POST_INIT 1 |
Done collecting egos.
Definition at line 87 of file openid_plugin.c.
#define OIDC_GRANT_TYPE_KEY "grant_type" |
OIDC grant_type key.
Definition at line 92 of file openid_plugin.c.
#define OIDC_GRANT_TYPE_VALUE "authorization_code" |
OIDC grant_type key.
Definition at line 97 of file openid_plugin.c.
#define OIDC_CODE_KEY "code" |
OIDC code key.
Definition at line 102 of file openid_plugin.c.
#define OIDC_RESPONSE_TYPE_KEY "response_type" |
OIDC response_type key.
Definition at line 107 of file openid_plugin.c.
#define OIDC_CLIENT_ID_KEY "client_id" |
OIDC client_id key.
Definition at line 112 of file openid_plugin.c.
#define OIDC_SCOPE_KEY "scope" |
OIDC scope key.
Definition at line 117 of file openid_plugin.c.
#define OIDC_REDIRECT_URI_KEY "redirect_uri" |
OIDC redirect_uri key.
Definition at line 122 of file openid_plugin.c.
#define OIDC_STATE_KEY "state" |
OIDC state key.
Definition at line 127 of file openid_plugin.c.
#define OIDC_NONCE_KEY "nonce" |
OIDC nonce key.
Definition at line 132 of file openid_plugin.c.
#define OIDC_CLAIMS_KEY "claims" |
OIDC claims key.
Definition at line 137 of file openid_plugin.c.
#define OIDC_CODE_CHALLENGE_KEY "code_challenge" |
OIDC PKCE code challenge.
Definition at line 142 of file openid_plugin.c.
#define OIDC_CODE_VERIFIER_KEY "code_verifier" |
OIDC PKCE code verifier.
Definition at line 147 of file openid_plugin.c.
#define OIDC_COOKIE_EXPIRATION 3 |
OIDC cookie expiration (in seconds)
Definition at line 152 of file openid_plugin.c.
#define OIDC_COOKIE_HEADER_KEY "cookie" |
OIDC cookie header key.
Definition at line 157 of file openid_plugin.c.
#define OIDC_AUTHORIZATION_HEADER_KEY "authorization" |
OIDC cookie header information key.
Definition at line 162 of file openid_plugin.c.
#define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" |
OIDC cookie header information key.
Definition at line 167 of file openid_plugin.c.
#define OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" |
OIDC cookie header if user cancelled.
Definition at line 172 of file openid_plugin.c.
#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" |
OIDC expected response_type while authorizing.
Definition at line 177 of file openid_plugin.c.
#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" |
OIDC expected scope part while authorizing.
Definition at line 182 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" |
OIDC error key for invalid client.
Definition at line 187 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" |
OIDC error key for invalid scopes.
Definition at line 192 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" |
OIDC error key for invalid requests.
Definition at line 197 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" |
OIDC error key for invalid tokens.
Definition at line 202 of file openid_plugin.c.
#define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" |
OIDC error key for invalid cookies.
Definition at line 207 of file openid_plugin.c.
#define OIDC_ERROR_KEY_SERVER_ERROR "server_error" |
OIDC error key for generic server errors.
Definition at line 212 of file openid_plugin.c.
#define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" |
OIDC error key for unsupported grants.
Definition at line 217 of file openid_plugin.c.
#define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" |
OIDC error key for unsupported response types.
Definition at line 222 of file openid_plugin.c.
#define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" |
OIDC error key for unauthorized clients.
Definition at line 227 of file openid_plugin.c.
#define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" |
OIDC error key for denied access.
Definition at line 232 of file openid_plugin.c.
#define OIDC_JWK_RSA_FILENAME "jwk_rsa.json" |
OIDC key store file name.
Definition at line 237 of file openid_plugin.c.
#define CONSUME_TIMEOUT |
How long to wait for a consume in userinfo endpoint.
Definition at line 242 of file openid_plugin.c.
|
static |
Cleanup lookup handle.
handle | Handle to clean up |
Definition at line 599 of file openid_plugin.c.
References GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_lookup_cancel(), GNUNET_log, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_credential_list_destroy(), GNUNET_RECLAIM_get_attributes_stop(), GNUNET_RECLAIM_get_credentials_stop(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_RECLAIM_ticket_iteration_stop(), GNUNET_SCHEDULER_cancel(), handle, requests_head, and requests_tail.
Referenced by build_redirect(), consume_fail(), consume_ticket(), do_error(), do_redirect_error(), do_userinfo_error(), jwks_endpoint(), login_cont(), login_redirect(), oidc_config_cors(), oidc_config_endpoint(), oidc_ticket_issue_cb(), options_cont(), REST_openid_done(), and token_endpoint().
|
static |
Task run on error, sends error message.
Cleans up everything.
cls | the struct RequestHandle |
Definition at line 661 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), handle, MHD_HTTP_BAD_REQUEST, and MHD_HTTP_UNAUTHORIZED.
Referenced by authorize_endpoint(), build_authz_response(), consume_fail(), do_timeout(), get_oidc_dir_path(), login_redirect(), oidc_iteration_error(), and token_endpoint().
|
static |
Task run on error in userinfo endpoint, sends error header.
Cleans up everything
cls | the struct RequestHandle |
Definition at line 698 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_REST_create_response(), and handle.
Referenced by consume_fail(), and userinfo_endpoint().
|
static |
Task run on error, sends error message and redirects.
Cleans up everything.
cls | the struct RequestHandle |
Definition at line 727 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), handle, and MHD_HTTP_FOUND.
Referenced by build_authz_response(), code_redirect(), lookup_redirect_uri_result(), oidc_attr_collect_finished_cb(), and oidc_ticket_issue_cb().
|
static |
Task run on timeout, sends error message.
Cleans up everything.
cls | the struct RequestHandle |
Definition at line 755 of file openid_plugin.c.
References do_error(), and handle.
Referenced by REST_openid_process_request().
|
static |
Respond to OPTIONS request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 772 of file openid_plugin.c.
References allow_methods, cleanup_handle(), GNUNET_REST_create_response(), handle, and MHD_HTTP_OK.
Referenced by REST_openid_process_request().
|
static |
Interprets cookie header and pass its identity keystring to handle.
Definition at line 792 of file openid_plugin.c.
References GNUNET_TIME_Absolute::abs_value_us, GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NO, GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, OIDC_COOKIE_HEADER_ACCESS_DENIED, OIDC_COOKIE_HEADER_INFORMATION_KEY, OIDC_COOKIE_HEADER_KEY, OIDC_cookie_jar_map, and value.
Referenced by authorize_endpoint().
json_t * read_jwk_from_file | ( | const char * | filename | ) |
Read the the JSON Web Key in the given file and return it.
Return NULL and emit warning if JSON can not be decoded or the key is invalid
filename | the file to read the JWK from |
Definition at line 889 of file openid_plugin.c.
References filename, GNUNET_ERROR_TYPE_WARNING, and GNUNET_log.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
Write the JWK to file.
If unsuccessful emit warning
filename | the name of the file the JWK is writen to |
jwk | the JWK that is going to be written |
Definition at line 915 of file openid_plugin.c.
References filename, GNUNET_ERROR_TYPE_WARNING, GNUNET_log, and GNUNET_OK.
Referenced by jwks_endpoint(), and token_endpoint().
json_t * generate_jwk | ( | ) |
Generate a new RSA JSON Web Key.
Definition at line 936 of file openid_plugin.c.
Referenced by jwks_endpoint(), and token_endpoint().
char * get_oidc_dir_path | ( | void * | cls | ) |
Return the path to the oidc directory path.
cls | the RequestHandle |
Definition at line 952 of file openid_plugin.c.
References do_error(), GNUNET_CONFIGURATION_get_value_filename(), GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, MHD_HTTP_INTERNAL_SERVER_ERROR, oid_cfg, and OIDC_ERROR_KEY_SERVER_ERROR.
Referenced by get_oidc_jwk_path(), jwks_endpoint(), and token_endpoint().
char * get_oidc_jwk_path | ( | void * | cls | ) |
Return the path to the RSA JWK key file.
cls | the RequestHandle |
Definition at line 981 of file openid_plugin.c.
References get_oidc_dir_path(), GNUNET_asprintf(), and OIDC_JWK_RSA_FILENAME.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
Redirects to login page stored in configuration file.
Definition at line 1000 of file openid_plugin.c.
References cleanup_handle(), do_error(), GNUNET_buffer_reap_str(), GNUNET_buffer_write_fstr(), GNUNET_buffer_write_str(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_free, GNUNET_OK, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_urlencode(), handle, MHD_HTTP_FOUND, MHD_HTTP_INTERNAL_SERVER_ERROR, oid_cfg, OIDC_CLAIMS_KEY, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, OIDC_SCOPE_KEY, and OIDC_STATE_KEY.
Referenced by build_authz_response(), and code_redirect().
|
static |
Does internal server error when iteration failed.
Definition at line 1098 of file openid_plugin.c.
References do_error(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, MHD_HTTP_INTERNAL_SERVER_ERROR, and OIDC_ERROR_KEY_SERVER_ERROR.
Referenced by code_redirect(), and oidc_attr_collect_finished_cb().
|
static |
Issues ticket and redirects to relying party with the authorization code as parameter.
Otherwise redirects with error
Definition at line 1113 of file openid_plugin.c.
References cleanup_handle(), do_redirect_error(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_data_to_string_alloc(), handle, MHD_HTTP_FOUND, OIDC_build_authz_code(), OIDC_ERROR_KEY_SERVER_ERROR, and ticket.
Referenced by oidc_cred_collect_finished_cb().
|
static |
Attribute already in list
Attribute already in list
Definition at line 1179 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, credential, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_YES, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_AttributeList::list_tail, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, and GNUNET_RECLAIM_Attribute::type.
Referenced by oidc_cred_collect_finished_cb().
|
static |
Definition at line 1234 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, attribute_list_merge(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_ticket_issue(), handle, idp, GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, and oidc_ticket_issue_cb().
Referenced by oidc_attr_collect_finished_cb().
|
static |
Collects all attributes for an ego if in scope parameter.
Credential already in list
Credential matches for attribute, add
Definition at line 1261 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_CredentialListEntry::credential, GNUNET_RECLAIM_Credential::data, GNUNET_RECLAIM_Credential::data_size, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_NO, GNUNET_RECLAIM_credential_new(), GNUNET_RECLAIM_get_credentials_next(), GNUNET_RECLAIM_id_is_equal, handle, GNUNET_RECLAIM_Credential::id, GNUNET_RECLAIM_Credential::name, GNUNET_RECLAIM_AttributeListEntry::next, GNUNET_RECLAIM_CredentialListEntry::next, and GNUNET_RECLAIM_Credential::type.
Referenced by oidc_attr_collect_finished_cb().
|
static |
Definition at line 1299 of file openid_plugin.c.
References do_redirect_error(), GNUNET_new, GNUNET_RECLAIM_get_credentials_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, idp, oidc_cred_collect(), oidc_cred_collect_finished_cb(), OIDC_ERROR_KEY_INVALID_SCOPE, and oidc_iteration_error().
Referenced by code_redirect().
|
static |
Check if attribute is requested through a scope
Try claims parameter if not in scope
Definition at line 1327 of file openid_plugin.c.
References attr_name, GNUNET_NO, GNUNET_YES, handle, key, OIDC_check_scopes_for_claim_request(), ret, and value.
Referenced by attr_in_idtoken_request(), and attr_in_userinfo_request().
|
static |
Definition at line 1365 of file openid_plugin.c.
References attr_in_claims_request(), attr_name, and handle.
Referenced by oidc_attr_collect().
|
static |
Definition at line 1373 of file openid_plugin.c.
References attr_in_claims_request(), attr_name, and handle.
Referenced by oidc_attr_collect().
|
static |
Collects all attributes for an ego if in scope parameter.
Definition at line 1384 of file openid_plugin.c.
References attr_in_idtoken_request(), attr_in_userinfo_request(), GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_CONTAINER_DLL_insert, GNUNET_new, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_get_attributes_next(), GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::id, GNUNET_RECLAIM_Attribute::name, and GNUNET_RECLAIM_Attribute::type.
Referenced by code_redirect().
|
static |
Checks time and cookie and redirects accordingly.
Definition at line 1429 of file openid_plugin.c.
References GNUNET_TIME_Absolute::abs_value_us, do_redirect_error(), ego_head, GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_free, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_get_attributes_start(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_TIME_absolute_get(), GNUNET_YES, handle, idp, login_redirect(), oidc_attr_collect(), oidc_attr_collect_finished_cb(), OIDC_cookie_jar_map, OIDC_ERROR_KEY_INVALID_COOKIE, oidc_iteration_error(), and pubkey.
Referenced by build_redirect().
|
static |
Definition at line 1498 of file openid_plugin.c.
References cleanup_handle(), code_redirect(), GNUNET_asprintf(), GNUNET_assert, GNUNET_free, GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_YES, handle, and MHD_HTTP_FOUND.
Referenced by lookup_redirect_uri_result().
|
static |
Definition at line 1541 of file openid_plugin.c.
References build_redirect(), data, data_size, GNUNET_GNSRECORD_Data::data_size, do_redirect_error(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_log, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_strndup, handle, OIDC_ERROR_KEY_SERVER_ERROR, rd, and rd_count.
Referenced by client_redirect().
|
static |
Initiate redirect back to client.
Definition at line 1620 of file openid_plugin.c.
References gns_handle, GNUNET_GNS_EMPTY_LABEL_AT, GNUNET_GNS_LO_DEFAULT, GNUNET_GNS_lookup(), GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, handle, and lookup_redirect_uri_result().
Referenced by build_authz_response().
|
static |
Definition at line 1637 of file openid_plugin.c.
References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_STRINGS_urldecode(), GNUNET_YES, handle, key, res, and value.
Referenced by authorize_endpoint(), build_authz_response(), check_authorization(), consume_fail(), and token_endpoint().
|
static |
Iteration over all results finished, build final response.
cls | the struct RequestHandle |
Definition at line 1664 of file openid_plugin.c.
References client_redirect(), do_error(), do_redirect_error(), get_url_parameter_copy(), GNUNET_asprintf(), GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_YES, handle, login_redirect(), OIDC_CLAIMS_KEY, OIDC_ERROR_KEY_ACCESS_DENIED, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_SCOPE, OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE, OIDC_EXPECTED_AUTHORIZATION_SCOPE, OIDC_ignored_parameter_array, OIDC_NONCE_KEY, OIDC_REDIRECT_URI_KEY, OIDC_RESPONSE_TYPE_KEY, and OIDC_SCOPE_KEY.
Referenced by authorize_endpoint().
|
static |
Iterate over tlds in config.
Definition at line 1778 of file openid_plugin.c.
References GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_strdup, handle, pkey, and value.
Referenced by authorize_endpoint().
|
static |
Responds to authorization GET and url-encoded POST request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 1802 of file openid_plugin.c.
References build_authz_response(), cookie_identity_interpretation(), do_error(), EgoEntry::ego, ego_head, ego_tail, get_url_parameter_copy(), GNUNET_CONFIGURATION_iterate_section_values(), GNUNET_CRYPTO_key_get_public(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_WARNING, GNUNET_IDENTITY_ego_get_private_key(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, EgoEntry::identifier, MHD_HTTP_INTERNAL_SERVER_ERROR, EgoEntry::next, oid_cfg, OIDC_CLIENT_ID_KEY, OIDC_CODE_CHALLENGE_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT, OIDC_STATE_KEY, pkey, and tld_iter().
Referenced by REST_openid_process_request().
|
static |
Combines an identity with a login time and responds OK to login request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 1877 of file openid_plugin.c.
References cleanup_handle(), GNUNET_asprintf(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_memcpy, GNUNET_new, GNUNET_REST_create_response(), GNUNET_TIME_relative_get_second_(), GNUNET_TIME_relative_multiply(), GNUNET_TIME_relative_to_absolute(), handle, identity, MHD_HTTP_BAD_REQUEST, MHD_HTTP_OK, OIDC_COOKIE_EXPIRATION, and OIDC_cookie_jar_map.
Referenced by REST_openid_process_request().
|
static |
Definition at line 1945 of file openid_plugin.c.
References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_base64_decode(), GNUNET_SYSERR, handle, and OIDC_AUTHORIZATION_HEADER_KEY.
Referenced by check_authorization().
|
static |
Definition at line 2000 of file openid_plugin.c.
References GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_free, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, and handle.
Referenced by check_authorization().
|
static |
Allow public clients with PKCE
Definition at line 2046 of file openid_plugin.c.
References ego_head, get_url_parameter_copy(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_SYSERR, GNUNET_YES, handle, MHD_HTTP_INTERNAL_SERVER_ERROR, MHD_HTTP_UNAUTHORIZED, oid_cfg, OIDC_CLIENT_ID_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_CLIENT, OIDC_ERROR_KEY_SERVER_ERROR, parse_credentials_basic_auth(), and parse_credentials_post_body().
Referenced by token_endpoint().
const struct EgoEntry * find_ego | ( | struct RequestHandle * | handle, |
struct GNUNET_CRYPTO_PublicKey * | test_key | ||
) |
Definition at line 2143 of file openid_plugin.c.
References EgoEntry::ego, ego_head, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_memcmp, and EgoEntry::next.
Referenced by token_endpoint().
|
static |
Responds to token url-encoded POST request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Store mapping from access token to code so we can later fall back on the provided attributes in userinfo one time.
Note to future self: This cache has the following purpose: Some OIDC plugins call the userendpoint right after receiving an ID token and access token. There are reasons why this would make sense. Others not so much. In any case, in order to smoothen out the user experience upon login (authorization), we speculatively cache the next userinfo response in case the actual resolution through reclaim/GNS takes too long.
Definition at line 2168 of file openid_plugin.c.
References check_authorization(), cleanup_handle(), do_error(), find_ego(), generate_jwk(), get_oidc_dir_path(), get_oidc_jwk_path(), get_url_parameter_copy(), GNUNET_RECLAIM_Ticket::gns_name, GNUNET_assert, GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_DISK_directory_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_SYSERR, handle, JWT_ALG_VALUE_HMAC, JWT_ALG_VALUE_RSA, key, MHD_HTTP_BAD_REQUEST, MHD_HTTP_INTERNAL_SERVER_ERROR, MHD_HTTP_OK, oid_cfg, OIDC_access_token_new(), OIDC_build_token_response(), OIDC_CLIENT_ID_KEY, oidc_code_cache, OIDC_CODE_KEY, OIDC_CODE_VERIFIER_KEY, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_SERVER_ERROR, OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE, OIDC_generate_id_token_hmac(), OIDC_generate_id_token_rsa(), OIDC_GRANT_TYPE_KEY, OIDC_GRANT_TYPE_VALUE, oidc_jwk, OIDC_parse_authz_code(), OIDC_VERIFICATION_DEFAULT, read_jwk_from_file(), ticket, and write_jwk_to_file().
Referenced by REST_openid_process_request().
|
static |
Collects claims and stores them in handle.
We received a reply. In any case clear the cache.
already in list
Credential matches for attribute, add
Definition at line 2457 of file openid_plugin.c.
References GNUNET_RECLAIM_AttributeListEntry::attribute, cleanup_handle(), GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Presentation::credential_id, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Presentation::data, data_size, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Attribute::flag, GNUNET_assert, GNUNET_CONTAINER_DLL_insert, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_remove(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_RECLAIM_attribute_new(), GNUNET_RECLAIM_id_is_equal, GNUNET_RECLAIM_presentation_new(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_cancel(), GNUNET_strdup, GNUNET_YES, handle, GNUNET_RECLAIM_Attribute::id, identity, key, MHD_HTTP_OK, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_PresentationListEntry::next, oidc_code_cache, OIDC_generate_userinfo(), GNUNET_RECLAIM_PresentationListEntry::presentation, GNUNET_RECLAIM_Attribute::type, and GNUNET_RECLAIM_Presentation::type.
Referenced by userinfo_endpoint().
|
static |
Remove the cached item
Definition at line 2553 of file openid_plugin.c.
References cleanup_handle(), do_error(), do_userinfo_error(), get_url_parameter_copy(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_get(), GNUNET_CONTAINER_multihashmap_remove(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_from_string(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_RECLAIM_attribute_list_destroy(), GNUNET_RECLAIM_cancel(), GNUNET_RECLAIM_presentation_list_destroy(), GNUNET_REST_create_response(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, GNUNET_STRINGS_string_to_data(), GNUNET_YES, handle, key, MHD_HTTP_BAD_REQUEST, MHD_HTTP_OK, MHD_HTTP_UNAUTHORIZED, OIDC_CLIENT_ID_KEY, oidc_code_cache, OIDC_ERROR_KEY_INVALID_REQUEST, OIDC_ERROR_KEY_INVALID_TOKEN, OIDC_generate_userinfo(), OIDC_parse_authz_code(), OIDC_VERIFICATION_NO_CODE_VERIFIER, and ticket.
Referenced by userinfo_endpoint().
|
static |
Responds to userinfo GET and url-encoded POST request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 2648 of file openid_plugin.c.
References consume_fail(), consume_ticket(), consume_timeout, do_userinfo_error(), GNUNET_assert, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_get(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_RECLAIM_ticket_consume(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_add_now(), GNUNET_strdup, handle, idp, MHD_HTTP_UNAUTHORIZED, OIDC_access_token_parse(), OIDC_AUTHORIZATION_HEADER_KEY, OIDC_ERROR_KEY_INVALID_TOKEN, and ticket.
Referenced by REST_openid_process_request().
|
static |
Responds to /jwks.json.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 2744 of file openid_plugin.c.
References cleanup_handle(), generate_jwk(), get_oidc_dir_path(), get_oidc_jwk_path(), GNUNET_DISK_directory_create(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_REST_create_response(), handle, MHD_HTTP_OK, oidc_jwk, read_jwk_from_file(), and write_jwk_to_file().
Referenced by REST_openid_process_request().
|
static |
If listing is enabled, prints information about the egos.
This function is initially called for all egos and then again whenever a ego's identifier changes or if it is deleted. At the end of the initial pass over all egos, the function is once called with 'NULL' for 'ego'. That does NOT mean that the callback won't be invoked in the future or that there was an error.
When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this function is only called ONCE, and 'NULL' being passed in 'ego' does indicate an error (for example because name is taken or no default value is known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the value WILL be passed to a subsequent call to the identity callback of 'GNUNET_IDENTITY_connect' (if that one was not NULL).
When an identity is renamed, this function is called with the (known) ego but the NEW identifier.
When an identity is deleted, this function is called with the (known) ego and "NULL" for the 'identifier'. In this case, the 'ego' is henceforth invalid (and the 'ctx' should also be cleaned up).
cls | closure |
ego | ego handle |
ctx | context for application to store data for this ego (during the lifetime of this process, initially NULL) |
identifier | identifier assigned by the user for this ego, NULL if the user just deleted the ego and it must thus no longer be used |
Definition at line 2825 of file openid_plugin.c.
References EgoEntry::ego, ego_head, ego_tail, GNUNET_CONTAINER_DLL_insert_tail, GNUNET_CONTAINER_DLL_remove, GNUNET_CRYPTO_public_key_to_string(), GNUNET_free, GNUNET_IDENTITY_ego_get_public_key(), GNUNET_new, GNUNET_strdup, ID_REST_STATE_INIT, ID_REST_STATE_POST_INIT, EgoEntry::identifier, EgoEntry::keystring, EgoEntry::next, pk, and state.
Referenced by REST_openid_init().
|
static |
Definition at line 2902 of file openid_plugin.c.
References cleanup_handle(), GNUNET_free, GNUNET_REST_create_response(), handle, and MHD_HTTP_OK.
Referenced by REST_openid_process_request().
|
static |
Respond to OPTIONS request.
con_handle | the connection handle |
url | the url |
cls | the RequestHandle |
Definition at line 3003 of file openid_plugin.c.
References allow_methods, cleanup_handle(), GNUNET_assert, GNUNET_REST_create_response(), handle, and MHD_HTTP_OK.
Referenced by REST_openid_process_request().
enum GNUNET_GenericReturnValue REST_openid_process_request | ( | void * | plugin, |
struct GNUNET_REST_RequestHandle * | conndata_handle, | ||
GNUNET_REST_ResultProcessor | proc, | ||
void * | proc_cls | ||
) |
Function processing the REST call.
method | HTTP method |
url | URL of the HTTP request |
data | body of the HTTP request (optional) |
data_size | length of the body |
proc | callback function for the result |
proc_cls | closure for proc |
Definition at line 3027 of file openid_plugin.c.
References authorize_endpoint(), do_timeout(), GNUNET_CONTAINER_DLL_insert, GNUNET_CONTAINER_multihashmap_create(), GNUNET_new, GNUNET_NO, GNUNET_REST_API_JWKS, GNUNET_REST_API_NS_AUTHORIZE, GNUNET_REST_API_NS_LOGIN, GNUNET_REST_API_NS_OIDC, GNUNET_REST_API_NS_OIDC_CONFIG, GNUNET_REST_API_NS_TOKEN, GNUNET_REST_API_NS_USERINFO, GNUNET_REST_handle_request(), GNUNET_REST_HANDLER_END, GNUNET_SCHEDULER_add_delayed(), GNUNET_strdup, GNUNET_TIME_UNIT_FOREVER_REL, GNUNET_YES, handle, handlers, jwks_endpoint(), login_cont(), oidc_code_cache, oidc_config_cors(), oidc_config_endpoint(), OIDC_cookie_jar_map, options_cont(), GNUNET_REST_RequestHandler::proc, requests_head, requests_tail, token_endpoint(), GNUNET_REST_RequestHandle::url, and userinfo_endpoint().
Referenced by run().
void * REST_openid_init | ( | const struct GNUNET_CONFIGURATION_Handle * | c | ) |
Entry point for the plugin.
cls | Config info |
Definition at line 3086 of file openid_plugin.c.
References _, allow_methods, GNUNET_REST_Plugin::cls, CONSUME_TIMEOUT, consume_timeout, gns_handle, GNUNET_asprintf(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_GNS_connect(), GNUNET_IDENTITY_connect(), GNUNET_log, GNUNET_new, GNUNET_OK, GNUNET_RECLAIM_connect(), GNUNET_REST_API_NS_OIDC, ID_REST_STATE_INIT, identity_handle, idp, list_ego(), GNUNET_REST_Plugin::name, oid_cfg, plugin, and state.
Referenced by run().
|
static |
Definition at line 3127 of file openid_plugin.c.
References GNUNET_free, GNUNET_YES, and value.
Referenced by REST_openid_done().
void * REST_openid_done | ( | void * | cls | ) |
Exit point from the plugin.
cls | the plugin context (as returned by "init") |
Definition at line 3141 of file openid_plugin.c.
References allow_methods, Plugin::api, cleanup_handle(), cleanup_hashmap(), GNUNET_BLOCK_PluginFunctions::cls, GNUNET_REST_Plugin::cls, ego_head, ego_tail, gns_handle, GNUNET_CONTAINER_DLL_remove, GNUNET_CONTAINER_multihashmap_destroy(), GNUNET_CONTAINER_multihashmap_iterate(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_disconnect(), GNUNET_IDENTITY_disconnect(), GNUNET_log, GNUNET_RECLAIM_disconnect(), EgoEntry::identifier, identity_handle, idp, EgoEntry::keystring, oidc_code_cache, OIDC_cookie_jar_map, plugin, and requests_head.
Referenced by do_shutdown().
|
static |
OIDC ignored parameter array.
Definition at line 248 of file openid_plugin.c.
Referenced by build_authz_response().
struct GNUNET_CONTAINER_MultiHashMap* oidc_code_cache |
OIDC hashmap for cached access tokens and codes.
Definition at line 259 of file openid_plugin.c.
Referenced by consume_fail(), consume_ticket(), REST_openid_done(), REST_openid_process_request(), and token_endpoint().
struct GNUNET_CONTAINER_MultiHashMap* OIDC_cookie_jar_map |
OIDC hashmap that keeps track of issued cookies.
Definition at line 264 of file openid_plugin.c.
Referenced by code_redirect(), cookie_identity_interpretation(), login_cont(), REST_openid_done(), and REST_openid_process_request().
const struct GNUNET_CONFIGURATION_Handle* oid_cfg |
The configuration handle.
Definition at line 269 of file openid_plugin.c.
Referenced by authorize_endpoint(), check_authorization(), get_oidc_dir_path(), login_redirect(), REST_openid_init(), and token_endpoint().
|
static |
HTTP methods allows for this plugin.
Definition at line 274 of file openid_plugin.c.
Referenced by oidc_config_cors(), options_cont(), REST_openid_done(), and REST_openid_init().
|
static |
Ego list.
Definition at line 279 of file openid_plugin.c.
Referenced by authorize_endpoint(), check_authorization(), code_redirect(), find_ego(), list_ego(), and REST_openid_done().
|
static |
Ego list.
Definition at line 284 of file openid_plugin.c.
Referenced by authorize_endpoint(), list_ego(), and REST_openid_done().
|
static |
The processing state.
Definition at line 289 of file openid_plugin.c.
Referenced by list_ego(), and REST_openid_init().
|
static |
Handle to Identity service.
Definition at line 294 of file openid_plugin.c.
Referenced by REST_openid_done(), and REST_openid_init().
|
static |
GNS handle.
Definition at line 299 of file openid_plugin.c.
Referenced by client_redirect(), REST_openid_done(), and REST_openid_init().
|
static |
Identity Provider.
Definition at line 304 of file openid_plugin.c.
Referenced by cleanup_client(), client_connect_cb(), client_disconnect_cb(), code_redirect(), handle_attribute_delete_message(), handle_attribute_store_message(), handle_consume_ticket_message(), handle_credential_delete_message(), handle_credential_iteration_next(), handle_credential_iteration_start(), handle_credential_iteration_stop(), handle_credential_store_message(), handle_issue_ticket_message(), handle_iteration_next(), handle_iteration_start(), handle_iteration_stop(), handle_revoke_ticket_message(), oidc_attr_collect_finished_cb(), oidc_cred_collect_finished_cb(), REST_openid_done(), REST_openid_init(), and userinfo_endpoint().
|
static |
Timeout for consume call on userinfo.
Definition at line 309 of file openid_plugin.c.
Referenced by REST_openid_init(), and userinfo_endpoint().
json_t* oidc_jwk |
The RSA key used by the oidc enpoint.
Definition at line 322 of file openid_plugin.c.
Referenced by jwks_endpoint(), and token_endpoint().
|
static |
DLL.
Definition at line 586 of file openid_plugin.c.
Referenced by cleanup_handle(), REST_openid_done(), and REST_openid_process_request().
|
static |
DLL.
Definition at line 591 of file openid_plugin.c.
Referenced by cleanup_handle(), and REST_openid_process_request().