static scs_keyset_t *retr_keyset (scs_t *ctx)
{
char raw_tid[SCS_TID_MAX];
scs_atoms_t *ats = &ctx->atoms;
size_t raw_tid_len = sizeof raw_tid - 1;
/* Make sure we have room for the terminating NUL char. */
if (base64url_decode(ats->b64_tid, strlen(ats->b64_tid),
(uint8_t *) raw_tid, &raw_tid_len))
{
scs_set_error(ctx, SCS_ERR_DECODE, "Base-64 decoding of tid failed");
return NULL;
}
raw_tid[raw_tid_len] = '\0';
/* Try active keyset first. */
if (ctx->cur_keyset.active
&& !strcmp(raw_tid, ctx->cur_keyset.tid))
return &ctx->cur_keyset;
/* Then backup. */
if (ctx->prev_keyset.active
&& !strcmp(raw_tid, ctx->prev_keyset.tid))
return &ctx->prev_keyset;
/* Not found. */
scs_set_error(ctx, SCS_ERR_WRONG_TID, "tid \'%s\' not found", raw_tid);
return NULL;
}
/* Note that tid has been already decoded in order to identify the running
* keyset inside retr_keyset(). Its value is found in the selected keyset. */
static int decode_atoms (scs_t *ctx, scs_keyset_t *ks)
{
scs_atoms_t *ats = &ctx->atoms;
size_t i, tstamp_sz = sizeof(ats->tstamp), iv_sz = ks->block_sz;
enum { NUM_ATOMS = 4 };
struct {
const char *id;
uint8_t *raw;
size_t *raw_sz;
const char *enc;
size_t enc_sz;
} A[NUM_ATOMS] = {
{
"SCS DATA",
ats->data,
&ats->data_sz, /* Initially set to data_capacity. */
ats->b64_data,
strlen(ats->b64_data)
},
{
"SCS TSTAMP",
(uint8_t *) ats->tstamp,
&tstamp_sz,
ats->b64_tstamp,
strlen(ats->b64_tstamp)
},
{
"SCS IV",
ats->iv,
&iv_sz,
ats->b64_iv,
strlen(ats->b64_iv)
},
{
"SCS AUTHTAG",
ats->tag,
&ats->tag_sz,
ats->b64_tag,
strlen(ats->b64_tag)
}
};
for (i = 0; i < NUM_ATOMS; ++i)
{
if (base64url_decode(A[i].enc, A[i].enc_sz, A[i].raw, A[i].raw_sz))
{
scs_set_error(ctx, SCS_ERR_DECODE, "%s decoding failed", A[i].id);
return -1;
}
}
/* Terminate tstamp string. */
ats->tstamp[tstamp_sz] = '\0';
return 0;
}
static int strn_to_list_token(const char *str, uint64_t *rowidp, const char **afterp)
{
unsigned char token[sizeof rhizome_db_uuid.u.binary + sizeof *rowidp];
if (base64url_decode(token, sizeof token, str, 0, afterp, 0, NULL) != sizeof token)
return 0;
if (cmp_uuid_t(&rhizome_db_uuid, (serval_uuid_t *) &token) != 0)
return 0;
memcpy(rowidp, token + sizeof rhizome_db_uuid.u.binary, sizeof *rowidp);
return 1;
}
bool g_UnpackID(const string& packed_id, string& binary_id)
{
size_t binary_id_len;
base64url_decode(NULL, packed_id.length(), NULL, 0, &binary_id_len);
binary_id.resize(binary_id_len);
binary_id[0] = '\0';
unsigned char* ptr = (unsigned char*) const_cast<char*>(binary_id.data());
if (base64url_decode(packed_id.data(), packed_id.length(),
ptr, binary_id_len, NULL) != eBase64_OK)
return false;
s_Unscramble(ptr, binary_id_len);
return true;
}
VerifyResult verify_assertion_local(request_rec *r, const char *assertion)
{
char *pair;
char *last = NULL;
VerifyResult res = apr_pcalloc(r->pool, sizeof(struct _VerifyResult));
char *assertion_string = apr_pstrdup(r->pool, assertion);
char *delim = ".";
const char *assertions[16];
int i = 0;
/* XXX: Need to make sure we don't overrun assertions[] */
for (pair = apr_strtok(assertion_string, delim, &last);
pair; pair = apr_strtok(NULL, delim, &last)) {
assertions[i++] = pair;
}
ap_log_rerror(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, 0, r,
ERRTAG
"Local Assertion Verification enabled but not implemented yet");
int assertion_count = i;
json_object *json_assertions[16];
enum json_tokener_error jerr;
for (i = 0; i < assertion_count; i++) {
assertions[i] = base64url_decode(r->pool, assertions[i]);
json_assertions[i] = json_tokener_parse_verbose(assertions[i], &jerr);
if (json_tokener_success != jerr) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,
ERRTAG "json parse error %s",
json_tokener_error_desc(jerr));
ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,
ERRTAG "Raw Pair %d is %s", i, assertions[i]);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,
ERRTAG "JSON is %s",
json_object_to_json_string(json_assertions[i]));
}
}
json_object *principal =
json_object_object_get(json_assertions[1], "principal");
json_object *issuer = json_object_object_get(json_assertions[1], "iss");
json_object *expiry = json_object_object_get(json_assertions[3], "exp");
json_object *audience = json_object_object_get(json_assertions[3], "aud");
json_object *email = NULL;
/* Not fully implemented yet */
res->errorResponse = "Local verification enabled but not implemented yet";
if (principal && json_object_is_type(principal, json_type_object)) {
email = json_object_object_get(principal, "email");
if (email && json_object_is_type(email, json_type_string)) {
res->verifiedEmail = json_object_get_string(email);
}
}
if (issuer && json_object_is_type(issuer, json_type_string)) {
res->identityIssuer = json_object_get_string(issuer);
}
if (audience && json_object_is_type(audience, json_type_string)) {
const char *audience_str = json_object_get_string(audience);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,
ERRTAG "Audience is %s", audience_str);
}
if (expiry && json_object_is_type(expiry, json_type_int)) {
int64_t expiry_time = json_object_get_int64(expiry);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,
ERRTAG "Expiry is %" APR_INT64_T_FMT, expiry_time);
}
/* Fake success */
if (email && issuer) {
res->errorResponse = NULL;
}
return res;
}
int main (int argc, char **argv)
{
const char *evector[7] = {
"",
"f",
"fo",
"foo",
"foob",
"fooba",
"foobar"};
const char *dvector[7] = {
"",
"Zg",
"Zm8",
"Zm9v",
"Zm9vYg",
"Zm9vYmE",
"Zm9vYmFy"};
char dest[64] = {'\0'};
size_t dlen = 0;
int r, i;
for (i = 0; i < 7; i++) {
memset(dest, 0, 64);
r = base64url_encode(dest, 63, evector[i], strlen(evector[i]), &dlen);
if (r < 0) {
printf("FAIL encode \"%s\"\n", evector[i]);
continue;
}
if (strlen(dvector[i]) != dlen) {
printf("FAIL encode \"%s\"\n", evector[i]);
continue;
}
if (strncmp(dvector[i], dest, dlen)) {
printf("FAIL encode \"%s\"\n", evector[i]);
continue;
}
printf("PASS encode \"%s\" => \"%s\"\n", evector[i], dest);
}
for (i = 0; i < 7; i++) {
memset(dest, 0, 64);
r = base64url_decode(dest, 63, dvector[i], strlen(dvector[i]), &dlen);
if (r < 0) {
printf("FAIL decode \"%s\" r=%d\n", dvector[i], r);
continue;
}
if (strlen(evector[i]) != dlen) {
printf("FAIL decode \"%s\" => \"%s\"(%zu)\n", dvector[i], dest, dlen);
continue;
}
if (strncmp(evector[i], dest, dlen)) {
printf("FAIL decode \"%s\" =>\"%s\"\n", dvector[i], dest);
continue;
}
printf("PASS decode \"%s\" => \"%s\"\n", dvector[i], dest);
}
return 0;
}
