76 "name",
"family_name",
"given_name",
"middle_name",
"nickname",
77 "preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
78 "zoneinfo",
"locale",
"updated_at"
85 "email",
"email_verified"
92 "phone_number",
"phone_number_verified"
99 "street_address",
"locality",
"region",
"postal_code",
"country"
106 for (i = 0; i < 5; i++)
123 root = json_object ();
127 json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT);
136 char *current_pos = strchr (str, find);
141 current_pos = strchr (current_pos, find);
172 json_t *aggr_sources;
173 json_t *aggr_sources_jwt;
174 json_t *addr_claim = NULL;
175 int num_presentations = 0;
186 body = json_object ();
187 aggr_names = json_object ();
188 aggr_sources = json_object ();
195 json_object_set_new (body,
"sub", json_string (
subject));
200 for (ple = presentations->
list_head; NULL != ple; ple = ple->
next)
207 "Adding new presentation source #%d\n", i);
208 aggr_sources_jwt = json_object ();
214 "Presentation is: %s\n", pres_val_str);
215 json_object_set_new (aggr_sources_jwt,
218 json_string (pres_val_str) );
219 json_object_set_new (aggr_sources, source_name, aggr_sources_jwt);
231 "Processing %s for userinfo body\n",
248 "Address is set as aggregated claim. Skipping self-issued value...\n");
254 if (NULL == addr_claim)
256 addr_claim = json_object ();
257 json_object_set_new (body,
"address", addr_claim);
260 json_string (attr_val_str));
266 json_string (attr_val_str));
274 for (ple = presentations->
list_head; NULL != ple; ple = ple->
next)
285 "Presentation for `%s' missing...\n",
298 "Address is already set as normal claim. Skipping attested value...\n");
303 if (NULL != addr_claim)
305 addr_claim = json_object ();
309 json_object_set_new (aggr_names,
"address",
310 json_string (source_name));
320 json_string (source_name));
327 json_object_set_new (body,
"_claim_names", aggr_names);
328 json_object_set_new (body,
"_claim_sources", aggr_sources);
353 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
378 const char *secret_key)
390 char *signature_target;
391 char *signature_base64;
415 json_object_set_new (body,
"aud", json_string (audience));
417 json_object_set_new (body,
421 json_object_set_new (body,
425 json_object_set_new (body,
430 json_object_set_new (body,
"nonce", json_string (nonce));
432 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
449 GNUNET_asprintf (&signature_target,
"%s.%s", header_base64, body_base64);
453 strlen (signature_target),
494 const char *nonce_str,
495 const char *code_challenge)
502 char *buf_ptr = NULL;
504 size_t code_payload_len;
513 memset (¶ms, 0,
sizeof(params));
517 if ((NULL != nonce_str) && (strcmp (
"", nonce_str) != 0))
524 if (NULL != code_challenge)
535 "Length of serialized attributes: %lu\n",
540 if (NULL != presentations)
550 "Length of serialized presentations: %lu\n",
558 memcpy (
payload, ¶ms,
sizeof(params));
559 tmp =
payload +
sizeof(params);
581 + payload_len + sizeof(struct
584 "Length of data to encode: %lu\n",
595 buf_ptr = (
char *) &
purpose[1];
596 memcpy (buf_ptr,
payload, payload_len);
598 buf_ptr += payload_len;
619 uint32_t code_challenge_len,
620 const char *code_verifier)
622 char *code_verifier_hash;
623 char *expected_code_challenge;
625 if (0 == code_challenge_len)
627 if (NULL == code_verifier)
630 "Expected code verifier!\n");
635 gcry_md_hash_buffer (GCRY_MD_SHA256,
638 strlen (code_verifier));
641 &expected_code_challenge);
644 strncmp (expected_code_challenge, code_challenge, code_challenge_len))
647 "Invalid code verifier! Expected: %s, Got: %.*s\n",
648 expected_code_challenge,
677 const char *code_verifier,
688 char *presentations_ser;
689 char *code_challenge;
692 uint32_t code_challenge_len;
693 uint32_t attrs_ser_len;
694 uint32_t pres_ser_len;
695 size_t plaintext_len;
696 size_t code_payload_len;
697 uint32_t nonce_len = 0;
704 (
void **) &code_payload);
715 plaintext_len = code_payload_len;
720 ptr += plaintext_len;
726 code_challenge = ((
char *) ¶ms[1]);
752 if (NULL != *nonce_str)
755 "Audience in ticket does not match client!\n");
766 if (NULL != *nonce_str)
775 presentations_ser = ((
char*) attrs_ser) + attrs_ser_len;
797 const char *id_token,
799 char **token_response)
803 root_json = json_object ();
808 json_object_set_new (root_json,
"access_token", json_string (access_token));
809 json_object_set_new (root_json,
"token_type", json_string (
"Bearer"));
810 json_object_set_new (root_json,
814 json_object_set_new (root_json,
"id_token", json_string (id_token));
815 *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
816 json_decref (root_json);
869 char *scope_variables;
870 char *scope_variable;
871 char delimiter[] =
" ";
875 scope_variable = strtok (scope_variables, delimiter);
876 while (NULL != scope_variable)
878 if (0 == strcmp (
"profile", scope_variable))
880 for (i = 0; i < 14; i++)
889 else if (0 == strcmp (
"address", scope_variable))
891 for (i = 0; i < 5; i++)
900 else if (0 == strcmp (
"email", scope_variable))
902 for (i = 0; i < 2; i++)
911 else if (0 == strcmp (
"phone", scope_variable))
913 for (i = 0; i < 2; i++)
923 else if (0 == strcmp (attr, scope_variable))
929 scope_variable = strtok (NULL, delimiter);
static char * subject
Subject pubkey string.
static int replace
Replace DID Document Flag.
struct GNUNET_RECLAIM_Attribute * claim
Claim to store.
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
static int result
Global testing status.
static unsigned long long payload
How much data are we currently storing in the database?
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
#define GNUNET_log(kind,...)
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
GNUNET_GenericReturnValue
Named constants for return values.
#define GNUNET_PACKED
gcc-ism to get packed structs.
void GNUNET_CRYPTO_hmac_raw(const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104) TODO: Shouldn't this be the standard hmac function and the abo...
#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN
Signature for a GNUid Ticket (Reclaim)
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_sign_(const struct GNUNET_IDENTITY_PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_IDENTITY_Signature *sig)
Sign a given block.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_signature_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_IDENTITY_Signature *sig, const struct GNUNET_IDENTITY_PublicKey *pub)
Verify a given signature.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_DEBUG
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_RECLAIM_id_is_equal(a, b)
#define GNUNET_RECLAIM_id_is_zero(a)
char * GNUNET_RECLAIM_attribute_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of an attribute to a string.
char * GNUNET_RECLAIM_presentation_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of a presentation to a string.
struct GNUNET_RECLAIM_AttributeList * GNUNET_RECLAIM_attribute_list_deserialize(const char *data, size_t data_size)
Deserialize an attribute list.
size_t GNUNET_RECLAIM_attribute_list_serialize(const struct GNUNET_RECLAIM_AttributeList *attrs, char *result)
Serialize an attribute list.
size_t GNUNET_RECLAIM_presentation_list_serialize(const struct GNUNET_RECLAIM_PresentationList *presentations, char *result)
Serialize a presentation list.
const char * GNUNET_RECLAIM_presentation_number_to_typename(uint32_t type)
Convert a presentation type number to the corresponding credential type string.
struct GNUNET_RECLAIM_PresentationList * GNUNET_RECLAIM_presentation_list_deserialize(const char *data, size_t data_size)
Deserialize a presentation list.
size_t GNUNET_RECLAIM_presentation_list_serialize_get_size(const struct GNUNET_RECLAIM_PresentationList *presentations)
Get required size for serialization buffer.
size_t GNUNET_RECLAIM_attribute_list_serialize_get_size(const struct GNUNET_RECLAIM_AttributeList *attrs)
Get required size for serialization buffer.
size_t GNUNET_STRINGS_base64url_decode(const char *data, size_t len, void **out)
Decode from Base64url.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
size_t GNUNET_STRINGS_base64url_encode(const void *in, size_t len, char **output)
Encode into Base64url.
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
size_t GNUNET_STRINGS_base64_encode(const void *in, size_t len, char **output)
Encode into Base64.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
char * OIDC_generate_id_token(const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT from attributes.
static void replace_char(char *str, char find, char replace)
static char OIDC_email_claims[2][16]
Standard claims represented by the "email" scope in OIDC.
static char OIDC_address_claims[5][32]
Standard claims represented by the "address" scope in OIDC.
static void fix_base64(char *str)
enum GNUNET_GenericReturnValue check_code_challenge(const char *code_challenge, uint32_t code_challenge_len, const char *code_verifier)
static json_t * generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
char * OIDC_generate_userinfo(const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Generate userinfo JSON as string.
static enum GNUNET_GenericReturnValue is_claim_in_address_scope(const char *claim)
char * OIDC_access_token_new(const struct GNUNET_RECLAIM_Ticket *ticket)
Generate a new access token.
static char * create_jwt_header(void)
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request(const char *scopes, const char *attr)
Checks if a claim is implicitly requested through standard scope(s) or explicitly through non-standar...
char * OIDC_build_authz_code(const struct GNUNET_IDENTITY_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
static char OIDC_phone_claims[2][32]
Standard claims represented by the "phone" scope in OIDC.
int OIDC_parse_authz_code(const struct GNUNET_IDENTITY_PublicKey *audience, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str, enum OIDC_VerificationOptions opts)
Parse reclaim ticket and nonce from authorization code.
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
static GNUNET_NETWORK_STRUCT_END char OIDC_profile_claims[14][32]
Standard claims represented by the "profile" scope in OIDC.
int OIDC_access_token_parse(const char *token, struct GNUNET_RECLAIM_Ticket **ticket)
Parse an access token.
helper library for OIDC related functions
@ OIDC_VERIFICATION_NO_CODE_VERIFIER
Do not check code verifier even if expected.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
A private key for an identity as per LSD0001.
An identity key as per LSD0001.
An identity signature as per LSD0001.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
A list of GNUNET_RECLAIM_Attribute structures.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
const char * name
The name of the attribute.
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
uint32_t type
Type of Claim.
const void * data
Binary value stored as attribute value.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Presentation * presentation
The credential.
struct GNUNET_RECLAIM_PresentationListEntry * next
DLL.
A list of GNUNET_RECLAIM_Presentation structures.
struct GNUNET_RECLAIM_PresentationListEntry * list_head
List head.
const void * data
Binary value stored as presentation value.
uint32_t type
Type/Format of Claim.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Identifier credential_id
The credential id of which this is a presentation.
The authorization ticket.
struct GNUNET_IDENTITY_PublicKey audience
The ticket audience (= relying party)
struct GNUNET_IDENTITY_PublicKey identity
The ticket issuer (= the user)
Time for absolute times used by GNUnet, in microseconds.
uint64_t abs_value_us
The actual value.
Time for relative time used by GNUnet, in microseconds.
uint64_t rel_value_us
The actual value.
The signature used to generate the authorization code.
struct GNUNET_RECLAIM_Ticket ticket
The reclaim ticket.
uint32_t pres_list_len
The length of the presentation list.
uint32_t nonce_len
The nonce length.
uint32_t attr_list_len
The length of the attributes list.
uint32_t code_challenge_len
The length of the PKCE code_challenge.