summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2020-01-01 00:00:00 +0100
committerVivien Kraus <vivien@planete-kraus.eu>2021-06-05 16:08:12 +0200
commit4f9d02b9b4c84d567709e0325642ac55e068a1ee (patch)
tree93e1b520f878b34da2a046cc3440fd9cec25157c /src
parent0e29ddc3c41870e14da87770a429a94f80dd4110 (diff)
Set up the project infrastructure
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am10
-rw-r--r--src/gettext.h290
-rw-r--r--src/libwebidoidc.c7
-rw-r--r--src/scm/webid-oidc/ChangeLog124
4 files changed, 431 insertions, 0 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644
index 0000000..832391d
--- /dev/null
+++ b/src/Makefile.am
@@ -0,0 +1,10 @@
+lib_LTLIBRARIES += %reldir%/libwebidoidc.la
+
+AM_CPPFLAGS += -I %reldir% -I $(srcdir)/%reldir%
+
+%canon_reldir%_libwebidoidc_la_SOURCES = %reldir%/gettext.h %reldir%/libwebidoidc.c
+%canon_reldir%_libwebidoidc_la_LIBADD = $(noinst_LTLIBRARIES) $(GUILE_LIBS) $(NETTLE_LIBS)
+
+SUFFIXES += .c .x
+.c.x:
+ $(AM_V_GEN) $(SNARF) -o $@ $< $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(AM_CPPFLAGS) $(AM_CFLAGS) $(GUILE_CFLAGS) $(NETTLE_CFLAGS)
diff --git a/src/gettext.h b/src/gettext.h
new file mode 100644
index 0000000..1382000
--- /dev/null
+++ b/src/gettext.h
@@ -0,0 +1,290 @@
+/* Convenience header for conditional use of GNU <libintl.h>.
+ Copyright (C) 1995-1998, 2000-2002, 2004-2006, 2009-2018 Free Software
+ Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
+
+#ifndef _LIBGETTEXT_H
+#define _LIBGETTEXT_H 1
+
+/* NLS can be disabled through the configure --disable-nls option
+ or through "#define ENABLE NLS 0" before including this file. */
+#if defined ENABLE_NLS && ENABLE_NLS
+
+/* Get declarations of GNU message catalog functions. */
+#include <libintl.h>
+
+/* You can set the DEFAULT_TEXT_DOMAIN macro to specify the domain used by
+ the gettext() and ngettext() macros. This is an alternative to calling
+ textdomain(), and is useful for libraries. */
+#ifdef DEFAULT_TEXT_DOMAIN
+#undef gettext
+#define gettext(Msgid) \
+ dgettext (DEFAULT_TEXT_DOMAIN, Msgid)
+#undef ngettext
+#define ngettext(Msgid1, Msgid2, N) \
+ dngettext (DEFAULT_TEXT_DOMAIN, Msgid1, Msgid2, N)
+#endif
+
+#else
+
+/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which
+ chokes if dcgettext is defined as a macro. So include it now, to make
+ later inclusions of <locale.h> a NOP. We don't include <libintl.h>
+ as well because people using "gettext.h" will not include <libintl.h>,
+ and also including <libintl.h> would fail on SunOS 4, whereas <locale.h>
+ is OK. */
+#if defined(__sun)
+#include <locale.h>
+#endif
+
+/* Many header files from the libstdc++ coming with g++ 3.3 or newer include
+ <libintl.h>, which chokes if dcgettext is defined as a macro. So include
+ it now, to make later inclusions of <libintl.h> a NOP. */
+#if defined(__cplusplus) && defined(__GNUG__) && (__GNUC__ >= 3)
+#include <cstdlib>
+#if (__GLIBC__ >= 2 && !defined __UCLIBC__) || _GLIBCXX_HAVE_LIBINTL_H
+#include <libintl.h>
+#endif
+#endif
+
+/* Disabled NLS.
+ The casts to 'const char *' serve the purpose of producing warnings
+ for invalid uses of the value returned from these functions.
+ On pre-ANSI systems without 'const', the config.h file is supposed to
+ contain "#define const". */
+#undef gettext
+#define gettext(Msgid) ((const char *) (Msgid))
+#undef dgettext
+#define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
+#undef dcgettext
+#define dcgettext(Domainname, Msgid, Category) \
+ ((void) (Category), dgettext (Domainname, Msgid))
+#undef ngettext
+#define ngettext(Msgid1, Msgid2, N) \
+ ((N) == 1 \
+ ? ((void) (Msgid2), (const char *) (Msgid1)) \
+ : ((void) (Msgid1), (const char *) (Msgid2)))
+#undef dngettext
+#define dngettext(Domainname, Msgid1, Msgid2, N) \
+ ((void) (Domainname), ngettext (Msgid1, Msgid2, N))
+#undef dcngettext
+#define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \
+ ((void) (Category), dngettext (Domainname, Msgid1, Msgid2, N))
+#undef textdomain
+#define textdomain(Domainname) ((const char *) (Domainname))
+#undef bindtextdomain
+#define bindtextdomain(Domainname, Dirname) \
+ ((void) (Domainname), (const char *) (Dirname))
+#undef bind_textdomain_codeset
+#define bind_textdomain_codeset(Domainname, Codeset) \
+ ((void) (Domainname), (const char *) (Codeset))
+
+#endif
+
+/* Prefer gnulib's setlocale override over libintl's setlocale override. */
+#ifdef GNULIB_defined_setlocale
+#undef setlocale
+#define setlocale rpl_setlocale
+#endif
+
+/* A pseudo function call that serves as a marker for the automated
+ extraction of messages, but does not call gettext(). The run-time
+ translation is done at a different place in the code.
+ The argument, String, should be a literal string. Concatenated strings
+ and other string expressions won't work.
+ The macro's expansion is not parenthesized, so that it is suitable as
+ initializer for static 'char[]' or 'const char[]' variables. */
+#define gettext_noop(String) String
+
+/* The separator between msgctxt and msgid in a .mo file. */
+#define GETTEXT_CONTEXT_GLUE "\004"
+
+/* Pseudo function calls, taking a MSGCTXT and a MSGID instead of just a
+ MSGID. MSGCTXT and MSGID must be string literals. MSGCTXT should be
+ short and rarely need to change.
+ The letter 'p' stands for 'particular' or 'special'. */
+#ifdef DEFAULT_TEXT_DOMAIN
+#define pgettext(Msgctxt, Msgid) \
+ pgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#else
+#define pgettext(Msgctxt, Msgid) \
+ pgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#endif
+#define dpgettext(Domainname, Msgctxt, Msgid) \
+ pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#define dcpgettext(Domainname, Msgctxt, Msgid, Category) \
+ pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, Category)
+#ifdef DEFAULT_TEXT_DOMAIN
+#define npgettext(Msgctxt, Msgid, MsgidPlural, N) \
+ npgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#else
+#define npgettext(Msgctxt, Msgid, MsgidPlural, N) \
+ npgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#endif
+#define dnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N) \
+ npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#define dcnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N, Category) \
+ npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, Category)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+pgettext_aux (const char *domain,
+ const char *msg_ctxt_id, const char *msgid, int category)
+{
+ const char *translation = dcgettext (domain, msg_ctxt_id, category);
+ if (translation == msg_ctxt_id)
+ return msgid;
+ else
+ return translation;
+}
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+npgettext_aux (const char *domain,
+ const char *msg_ctxt_id, const char *msgid,
+ const char *msgid_plural, unsigned long int n, int category)
+{
+ const char *translation =
+ dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
+ if (translation == msg_ctxt_id || translation == msgid_plural)
+ return (n == 1 ? msgid : msgid_plural);
+ else
+ return translation;
+}
+
+/* The same thing extended for non-constant arguments. Here MSGCTXT and MSGID
+ can be arbitrary expressions. But for string literals these macros are
+ less efficient than those above. */
+
+#include <string.h>
+
+#if (((__GNUC__ >= 3 || __GNUG__ >= 2) && !defined __STRICT_ANSI__) \
+ /* || (__STDC_VERSION__ == 199901L && !defined __HP_cc)
+ || (__STDC_VERSION__ >= 201112L && !defined __STDC_NO_VLA__) */ )
+#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 1
+#else
+#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 0
+#endif
+
+#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+#include <stdlib.h>
+#endif
+
+#define pgettext_expr(Msgctxt, Msgid) \
+ dcpgettext_expr (NULL, Msgctxt, Msgid, LC_MESSAGES)
+#define dpgettext_expr(Domainname, Msgctxt, Msgid) \
+ dcpgettext_expr (Domainname, Msgctxt, Msgid, LC_MESSAGES)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+dcpgettext_expr (const char *domain,
+ const char *msgctxt, const char *msgid, int category)
+{
+ size_t msgctxt_len = strlen (msgctxt) + 1;
+ size_t msgid_len = strlen (msgid) + 1;
+ const char *translation;
+#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+ char msg_ctxt_id[msgctxt_len + msgid_len];
+#else
+ char buf[1024];
+ char *msg_ctxt_id =
+ (msgctxt_len + msgid_len <= sizeof (buf)
+ ? buf : (char *) malloc (msgctxt_len + msgid_len));
+ if (msg_ctxt_id != NULL)
+#endif
+ {
+ int found_translation;
+ memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
+ msg_ctxt_id[msgctxt_len - 1] = '\004';
+ memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
+ translation = dcgettext (domain, msg_ctxt_id, category);
+ found_translation = (translation != msg_ctxt_id);
+#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+ if (msg_ctxt_id != buf)
+ free (msg_ctxt_id);
+#endif
+ if (found_translation)
+ return translation;
+ }
+ return msgid;
+}
+
+#define npgettext_expr(Msgctxt, Msgid, MsgidPlural, N) \
+ dcnpgettext_expr (NULL, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES)
+#define dnpgettext_expr(Domainname, Msgctxt, Msgid, MsgidPlural, N) \
+ dcnpgettext_expr (Domainname, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+dcnpgettext_expr (const char *domain,
+ const char *msgctxt, const char *msgid,
+ const char *msgid_plural, unsigned long int n, int category)
+{
+ size_t msgctxt_len = strlen (msgctxt) + 1;
+ size_t msgid_len = strlen (msgid) + 1;
+ const char *translation;
+#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+ char msg_ctxt_id[msgctxt_len + msgid_len];
+#else
+ char buf[1024];
+ char *msg_ctxt_id =
+ (msgctxt_len + msgid_len <= sizeof (buf)
+ ? buf : (char *) malloc (msgctxt_len + msgid_len));
+ if (msg_ctxt_id != NULL)
+#endif
+ {
+ int found_translation;
+ memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
+ msg_ctxt_id[msgctxt_len - 1] = '\004';
+ memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
+ translation =
+ dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
+ found_translation = !(translation == msg_ctxt_id
+ || translation == msgid_plural);
+#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+ if (msg_ctxt_id != buf)
+ free (msg_ctxt_id);
+#endif
+ if (found_translation)
+ return translation;
+ }
+ return (n == 1 ? msgid : msgid_plural);
+}
+
+#endif /* _LIBGETTEXT_H */
diff --git a/src/libwebidoidc.c b/src/libwebidoidc.c
new file mode 100644
index 0000000..213cbcd
--- /dev/null
+++ b/src/libwebidoidc.c
@@ -0,0 +1,7 @@
+#define N_(s)
+
+void
+init_webidoidc (void)
+{
+ N_("This is the main function.");
+}
diff --git a/src/scm/webid-oidc/ChangeLog b/src/scm/webid-oidc/ChangeLog
new file mode 100644
index 0000000..1223e69
--- /dev/null
+++ b/src/scm/webid-oidc/ChangeLog
@@ -0,0 +1,124 @@
+2021-04-30 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * reverse-proxy.scm (make-reverse-proxy): Make the auth header
+ lowercase, so that all capitalizations of that header in the
+ incoming requests are dropped.
+
+2021-04-26 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * identity-provider.scm (make-identity-provider): while saving the
+ key to file, close the port so that it gets flushed.
+
+2021-04-22 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * oidc-configuration.scm (get-oidc-configuration): accept hosts as
+ URIs (discard everything but the host).
+
+ * token-endpoint.scm (make-token-endpoint): use (webid-oidc
+ oidc-id-token) to issue the ID token.
+
+ * oidc-id-token.scm (issue-id-token): fix function.
+ (id-token-payload?): now the std uses a "webid" claim for the
+ webid of the user, fix that.
+
+ * token-endpoint.scm (make-token-endpoint): also return the ID
+ token.
+
+ * oidc-id-token.scm (id-token-decode): this function still used a
+ cache and current-time arguments.
+
+2021-03-30 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * hello-world.scm (webid-oidc): remove the hello world.
+
+ * resource.scm: don’t provide a Linked Data Platform
+ implementation here.
+
+ * resource-server.scm (make-authenticator): The server’s public
+ URI is now exported, so you don’t rely on the Host header anymore.
+
+ * dpop-proof.scm (uris-compatible): Check decoded paths, so if
+ some characters are encoded they are equal to their decoded
+ counterparts.
+
+2021-03-13 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * resource.scm (default-root-acl): The root authorization
+ statements need not be inherited, they are by default.
+
+2021-02-27 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * hello-world.scm (main): Use an explicit caching and loggin
+ http-get.
+ (main): Add a content-type to the “unauthorized” response.
+
+ * resource-server.scm (make-authenticator): http-get and
+ current-time are now authenticator parameters, not request
+ parameters.
+
+ * provider-confirmation.scm (get-provider-confirmations): Don't
+ try to cache.
+
+ * identity-provider.scm (make-identity-provider): The identity
+ provider only uses the cache through the http-get argument.
+ (main): Use a caching http-get.
+
+ * token-endpoint.scm (make-token-endpoint): make the current-time
+ argument an endpoint parameter, not a handler parameter.
+
+ * authorization-endpoint.scm (make-authorization-endpoint): No
+ need for an explicit cache, since we have http-get.
+ (make-authorization-endpoint): Pass current-time as an endpoint
+ parameter, not a handler parameter, because it should be
+ synchronized with that of the internal http-get with cache.
+ (make-authorization-endpoint): get-client-manifest is simpler.
+
+ * client-manifest.scm (get-client-manifest): Same simplification
+ as for get-jwks.
+
+ * oidc-configuration.scm (get-oidc-configuration): Same
+ siplifications as for get-jwks.
+
+ * jwk.scm (get-jwks): Simplification, the cache is managed through
+ the http-get argument.
+
+ * Makefile.am (dist_webidoidcmod_DATA): Use the new guile web-client with cache
+
+2021-02-17 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * authorization-page.scm (with-locale): Avoid deadlock when
+ setlocale throws.
+
+2021-02-07 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * authorization-endpoint.scm (make-authorization-endpoint): use
+ the new modules.
+
+ * Makefile.am (webidoidcgo_DATA): compile the new modules to
+ generate the authorization pages.
+
+ * Makefile.am (dist_webidoidcmod_DATA): distribute the new modules
+ to generate the authorization pages.
+
+ * authorization-page.scm: wrapper of the unsafe module in a
+ thread-safe fashion.
+
+ * authorization-page-unsafe.scm: new module.
+
+ * dpop-proof.scm (uris-compatible): Also check userinfo for
+ equality.
+
+2020-12-05 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * dpop-proof.scm (dpop-proof-decode): Accept a predicate to decode
+ a dpop proof, so that we can use it for the token endpoint.
+
+2020-12-02 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * jws.scm (jws-decode): In order to verify OIDC ID tokens, the key
+ lookup function now takes a full JWS and not only the header.
+
+2020-11-29 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * jws.scm (jws-decode): The JWS can be verified using a JWKS or multiple keys.
+