[gnunet] branch master updated: - fix missing from oidc branch

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] branch master updated: - fix missing from oidc branch

From:	gnunet
Subject:	[gnunet] branch master updated: - fix missing from oidc branch
Date:	Wed, 15 Jun 2022 16:30:38 +0200

This is an automated email from the git hooks/post-receive script.

trizuz pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new 3627e3099 - fix missing from oidc branch
3627e3099 is described below

commit 3627e3099140350e5e48dff112b67a0796aa4d2a
Author: Tristan Schwieren <tristan.schwieren@tum.de>
AuthorDate: Wed Jun 15 16:30:23 2022 +0200

    - fix missing from oidc branch
---
 src/reclaim/oidc_helper.h                |  2 +-
 src/reclaim/plugin_rest_openid_connect.c | 53 +++++++++++++++++++++++++++-----
 2 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h
index ea106b4f2..b134c71ad 100644
--- a/src/reclaim/oidc_helper.h
+++ b/src/reclaim/oidc_helper.h
@@ -34,7 +34,7 @@
 #define JWT_ALG_VALUE_HMAC "HS512"
 #define JWT_ALG_VALUE_RSA "RS256"
 
-#define SERVER_ADDRESS "https://api.reclaim";
+#define SERVER_ADDRESS "http://localhost:7776";
 
 enum OIDC_VerificationOptions
 {
diff --git a/src/reclaim/plugin_rest_openid_connect.c 
b/src/reclaim/plugin_rest_openid_connect.c
index bb8e1cd1e..0ffe1b6c8 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -939,15 +939,14 @@ generate_jwk ()
 }
 
 /**
- * Return the path to the RSA JWK key file
+ * Return the path to the oidc directory path
  *
  * @param cls the RequestHandle
  */
 char *
-get_oidc_jwk_path (void *cls)
+get_oidc_dir_path (void *cls)
 {
   char *oidc_directory;
-  char *oidc_jwk_path;
   struct RequestHandle *handle = cls;
 
   // Read OIDC directory from config
@@ -964,6 +963,22 @@ get_oidc_jwk_path (void *cls)
     return NULL;
   }
 
+  return oidc_directory;
+}
+
+/**
+ * Return the path to the RSA JWK key file
+ *
+ * @param cls the RequestHandle
+ */
+char *
+get_oidc_jwk_path (void *cls)
+{
+  char *oidc_directory;
+  char *oidc_jwk_path;
+  
+  oidc_directory = get_oidc_dir_path(cls);
+
   // Create path to file
   GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory,
                    OIDC_JWK_RSA_FILENAME);
@@ -2167,6 +2182,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
   char *code_verifier;
   json_t *oidc_jwk;
   char *oidc_jwk_path;
+  char *oidc_directory;
 
   /*
    * Check Authorization
@@ -2285,11 +2301,33 @@ token_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
     jwa = JWT_ALG_VALUE_RSA;
   }
 
-  if (strcmp(jwa, JWT_ALG_VALUE_RSA))
+  if ( ! strcmp (jwa, JWT_ALG_VALUE_RSA))
   {
     // Replace for now
     oidc_jwk_path = get_oidc_jwk_path (cls);
     oidc_jwk = read_jwk_from_file (oidc_jwk_path);
+
+    // Check if secret JWK exists
+    if (! oidc_jwk)
+    {
+      // Generate and save a new key
+      oidc_jwk = generate_jwk ();
+      oidc_directory = get_oidc_dir_path(cls);
+
+      // Create new oidc directory
+      if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    ("Failed to create directory `%s' for storing oidc 
data\n"),
+                    oidc_directory);
+      }
+      else
+      {
+        write_jwk_to_file (oidc_jwk_path, oidc_jwk);
+      }
+    }
+
+    // Generate oidc token
     id_token = OIDC_generate_id_token_rsa (&ticket.audience,
                                            &ticket.identity,
                                            cl,
@@ -2298,7 +2336,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
                                            (NULL != nonce) ? nonce : NULL,
                                            oidc_jwk);
   }
-  else if (strcmp(jwa, JWT_ALG_VALUE_HMAC))
+  else if ( ! strcmp (jwa, JWT_ALG_VALUE_HMAC))
   {
     // TODO OPTIONAL acr,amr,azp
     if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg,
@@ -2328,7 +2366,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
 
     GNUNET_free (jwt_secret);
   }
-  else 
+  else
   {
     // TODO: OPTION NOT FOUND ERROR
   }
@@ -2652,6 +2690,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
   {
     // Generate and save a new key
     oidc_jwk = generate_jwk ();
+    oidc_directory = get_oidc_dir_path(cls);
 
     // Create new oidc directory
     if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory))
@@ -2675,7 +2714,7 @@ jwks_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
   handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
   json_decref (oidc_jwk);
   GNUNET_free (oidc_jwk_pub_str);
-  free (oidc_jwk_pub_str);
+  GNUNET_free (oidc_jwk_pub_str);
   cleanup_handle (handle);
 }
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated: - fix missing from oidc branch, gnunet <=

Prev by Date: [libmicrohttpd] 01/02: Remove double adding of MHD_HTTP_HEADER_CONNECTION response header
Next by Date: [taler-www] branch master updated (709e547 -> ede112f)
Previous by thread: [libmicrohttpd] branch master updated (ad61ffab -> 1c181be2)
Next by thread: [taler-www] branch master updated (709e547 -> ede112f)
Index(es):
- Date
- Thread