aboutsummaryrefslogtreecommitdiff
path: root/src/identity-provider/plugin_rest_identity_provider.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/identity-provider/plugin_rest_identity_provider.c')
-rw-r--r--src/identity-provider/plugin_rest_identity_provider.c89
1 files changed, 64 insertions, 25 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index 9ba73ff1cf..ef50077f5d 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -19,6 +19,7 @@
*/
/**
* @author Martin Schanzenbach
+ * @author Philippe Buschmann
* @file identity/plugin_rest_identity.c
* @brief GNUnet Namestore REST plugin
*
@@ -234,6 +235,7 @@ struct Plugin
{
const struct GNUNET_CONFIGURATION_Handle *cfg;
};
+
/**
* OIDC needed variables
*/
@@ -546,7 +548,8 @@ do_error (void *cls)
/**
- * Task run on error, sends error message. Cleans up everything.
+ * Task run on error in userinfo endpoint, sends error header. Cleans up
+ * everything
*
* @param cls the `struct RequestHandle`
*/
@@ -569,7 +572,7 @@ do_userinfo_error (void *cls)
/**
- * Task run on error, sends error message. Cleans up everything.
+ * Task run on error, sends error message and redirects. Cleans up everything.
*
* @param cls the `struct RequestHandle`
*/
@@ -673,6 +676,12 @@ return_userinfo_response (void *cls)
cleanup_handle (handle);
}
+/**
+ * Returns base64 encoded string without padding
+ *
+ * @param string the string to encode
+ * @return base64 encoded string
+ */
static char*
base_64_encode(char *string)
{
@@ -1328,13 +1337,13 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle,
}
/**
- * Cookie interpretation
+ * Interprets cookie header and pass its identity keystring to handle
*/
static void
cookie_identity_interpretation (struct RequestHandle *handle)
{
struct GNUNET_HashCode cache_key;
- char* cookies;
+ char *cookies;
struct GNUNET_TIME_Absolute current_time, *relog_time;
char delimiter[] = "; ";
@@ -1378,7 +1387,7 @@ cookie_identity_interpretation (struct RequestHandle *handle)
}
/**
- * Login redirection
+ * Redirects to login page stored in configuration file
*/
static void
login_redirection(void *cls)
@@ -1424,7 +1433,7 @@ login_redirection(void *cls)
}
/**
- * Function called if we had an error in zone-to-name mapping.
+ * Does internal server error when iteration failed.
*/
static void
oidc_iteration_error (void *cls)
@@ -1435,6 +1444,10 @@ oidc_iteration_error (void *cls)
GNUNET_SCHEDULER_add_now (&do_error, handle);
}
+/**
+ * Issues ticket and redirects to relying party with the authorization code as
+ * parameter. Otherwise redirects with error
+ */
static void
oidc_ticket_issue_cb (void* cls,
const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
@@ -1498,7 +1511,7 @@ oidc_collect_finished_cb (void *cls)
/**
- * Collect all attributes for an ego
+ * Collects all attributes for an ego if in scope parameter
*/
static void
oidc_attr_collect (void *cls,
@@ -1545,7 +1558,7 @@ oidc_attr_collect (void *cls,
/**
- * Cookie and Time check
+ * Checks time and cookie and redirects accordingly
*/
static void
login_check (void *cls)
@@ -1612,7 +1625,8 @@ login_check (void *cls)
}
/**
- * Create a response with requested records
+ * Searches for client_id in namestore. If found trust status stored in handle
+ * Else continues to search
*
* @param handle the RequestHandle
*/
@@ -1960,14 +1974,19 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
return;
}
+/**
+ * Responds to token url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
static void
token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
const char* url,
void *cls)
{
//TODO static strings
-
- //TODO WWW-Authenticate 401
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
char *authorization, *credentials;
@@ -2291,7 +2310,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
}
//TODO OPTIONAL acr,amr,azp
- //TODO lookup client for client == audience of ticket
struct EgoEntry *ego_entry;
for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
{
@@ -2351,9 +2369,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
MHD_add_response_header (resp, "Content-Type", "application/json");
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- //TODO one time ticket/code
-
- //TODO free
GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
GNUNET_free(access_token_number);
GNUNET_free(access_token);
@@ -2365,7 +2380,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
}
-
+/**
+ * Collects claims and stores them in handle
+ */
static void
consume_ticket (void *cls,
const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
@@ -2384,16 +2401,24 @@ consume_ticket (void *cls,
json_string(attr->data));
}
+/**
+ * Responds to userinfo GET and url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
static void
userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
const char* url, void *cls)
{
+ //TODO expiration time
struct RequestHandle *handle = cls;
char delimiter[] = " ";
char delimiter_db[] = ";";
struct GNUNET_HashCode cache_key;
char *authorization, *authorization_type, *authorization_access_token;
- char *client_ticket;
+ char *client_ticket, *client, *ticket_str;
struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
@@ -2413,6 +2438,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->rest_handle->header_param_map, &cache_key);
//split header in "Bearer" and access_token
+ authorization = GNUNET_strdup(authorization);
authorization_type = strtok (authorization, delimiter);
if ( 0 != strcmp ("Bearer", authorization_type) )
{
@@ -2420,6 +2446,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup("No Access Token");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
return;
}
authorization_access_token = strtok (NULL, delimiter);
@@ -2429,6 +2456,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup("No Access Token");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
return;
}
@@ -2442,25 +2470,28 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
return;
}
client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token,
&cache_key);
-
- client_ticket = strtok(client_ticket,delimiter_db);
- if (NULL == client_ticket)
+ client_ticket = GNUNET_strdup(client_ticket);
+ client = strtok(client_ticket,delimiter_db);
+ if (NULL == client)
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
handle->ego_entry = handle->ego_head;
for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
{
- if (0 == strcmp(handle->ego_entry->keystring,client_ticket))
+ if (0 == strcmp(handle->ego_entry->keystring,client))
{
break;
}
@@ -2471,21 +2502,25 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
- client_ticket = strtok(NULL, delimiter_db);
- if (NULL == client_ticket)
+ ticket_str = strtok(NULL, delimiter_db);
+ if (NULL == ticket_str)
{
handle->emsg = GNUNET_strdup("invalid_token");
handle->edesc = GNUNET_strdup("The Access Token expired");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
if ( GNUNET_OK
- != GNUNET_STRINGS_string_to_data (client_ticket,
- strlen (client_ticket),
+ != GNUNET_STRINGS_string_to_data (ticket_str,
+ strlen (ticket_str),
ticket,
sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
{
@@ -2494,6 +2529,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
GNUNET_free(ticket);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
return;
}
@@ -2507,6 +2544,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
consume_ticket,
handle);
GNUNET_free(ticket);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
}
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2024-11-22 06:00:47 +0000