Set up the project infrastructure

4 files changed, 431 insertions, 0 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644
index 0000000..832391d
--- /dev/null
+++ b/src/Makefile.am
@@ -0,0 +1,10 @@
+lib_LTLIBRARIES += %reldir%/libwebidoidc.la
+
+AM_CPPFLAGS += -I %reldir% -I $(srcdir)/%reldir%
+
+%canon_reldir%_libwebidoidc_la_SOURCES = %reldir%/gettext.h %reldir%/libwebidoidc.c
+%canon_reldir%_libwebidoidc_la_LIBADD = $(noinst_LTLIBRARIES) $(GUILE_LIBS) $(NETTLE_LIBS)
+
+SUFFIXES += .c .x
+.c.x:
+	$(AM_V_GEN) $(SNARF) -o $@ $< $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(AM_CPPFLAGS) $(AM_CFLAGS) $(GUILE_CFLAGS) $(NETTLE_CFLAGS)
diff --git a/src/gettext.h b/src/gettext.h
new file mode 100644
index 0000000..1382000
--- /dev/null
+++ b/src/gettext.h
@@ -0,0 +1,290 @@
+/* Convenience header for conditional use of GNU <libintl.h>.
+   Copyright (C) 1995-1998, 2000-2002, 2004-2006, 2009-2018 Free Software
+   Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+#ifndef _LIBGETTEXT_H
+#define _LIBGETTEXT_H 1
+
+/* NLS can be disabled through the configure --disable-nls option
+   or through "#define ENABLE NLS 0" before including this file.  */
+#if defined ENABLE_NLS && ENABLE_NLS
+
+/* Get declarations of GNU message catalog functions.  */
+#include <libintl.h>
+
+/* You can set the DEFAULT_TEXT_DOMAIN macro to specify the domain used by
+   the gettext() and ngettext() macros.  This is an alternative to calling
+   textdomain(), and is useful for libraries.  */
+#ifdef DEFAULT_TEXT_DOMAIN
+#undef gettext
+#define gettext(Msgid) \
+     dgettext (DEFAULT_TEXT_DOMAIN, Msgid)
+#undef ngettext
+#define ngettext(Msgid1, Msgid2, N) \
+     dngettext (DEFAULT_TEXT_DOMAIN, Msgid1, Msgid2, N)
+#endif
+
+#else
+
+/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which
+   chokes if dcgettext is defined as a macro.  So include it now, to make
+   later inclusions of <locale.h> a NOP.  We don't include <libintl.h>
+   as well because people using "gettext.h" will not include <libintl.h>,
+   and also including <libintl.h> would fail on SunOS 4, whereas <locale.h>
+   is OK.  */
+#if defined(__sun)
+#include <locale.h>
+#endif
+
+/* Many header files from the libstdc++ coming with g++ 3.3 or newer include
+   <libintl.h>, which chokes if dcgettext is defined as a macro.  So include
+   it now, to make later inclusions of <libintl.h> a NOP.  */
+#if defined(__cplusplus) && defined(__GNUG__) && (__GNUC__ >= 3)
+#include <cstdlib>
+#if (__GLIBC__ >= 2 && !defined __UCLIBC__) || _GLIBCXX_HAVE_LIBINTL_H
+#include <libintl.h>
+#endif
+#endif
+
+/* Disabled NLS.
+   The casts to 'const char *' serve the purpose of producing warnings
+   for invalid uses of the value returned from these functions.
+   On pre-ANSI systems without 'const', the config.h file is supposed to
+   contain "#define const".  */
+#undef gettext
+#define gettext(Msgid) ((const char *) (Msgid))
+#undef dgettext
+#define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
+#undef dcgettext
+#define dcgettext(Domainname, Msgid, Category) \
+    ((void) (Category), dgettext (Domainname, Msgid))
+#undef ngettext
+#define ngettext(Msgid1, Msgid2, N) \
+    ((N) == 1 \
+     ? ((void) (Msgid2), (const char *) (Msgid1)) \
+     : ((void) (Msgid1), (const char *) (Msgid2)))
+#undef dngettext
+#define dngettext(Domainname, Msgid1, Msgid2, N) \
+    ((void) (Domainname), ngettext (Msgid1, Msgid2, N))
+#undef dcngettext
+#define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \
+    ((void) (Category), dngettext (Domainname, Msgid1, Msgid2, N))
+#undef textdomain
+#define textdomain(Domainname) ((const char *) (Domainname))
+#undef bindtextdomain
+#define bindtextdomain(Domainname, Dirname) \
+    ((void) (Domainname), (const char *) (Dirname))
+#undef bind_textdomain_codeset
+#define bind_textdomain_codeset(Domainname, Codeset) \
+    ((void) (Domainname), (const char *) (Codeset))
+
+#endif
+
+/* Prefer gnulib's setlocale override over libintl's setlocale override.  */
+#ifdef GNULIB_defined_setlocale
+#undef setlocale
+#define setlocale rpl_setlocale
+#endif
+
+/* A pseudo function call that serves as a marker for the automated
+   extraction of messages, but does not call gettext().  The run-time
+   translation is done at a different place in the code.
+   The argument, String, should be a literal string.  Concatenated strings
+   and other string expressions won't work.
+   The macro's expansion is not parenthesized, so that it is suitable as
+   initializer for static 'char[]' or 'const char[]' variables.  */
+#define gettext_noop(String) String
+
+/* The separator between msgctxt and msgid in a .mo file.  */
+#define GETTEXT_CONTEXT_GLUE "\004"
+
+/* Pseudo function calls, taking a MSGCTXT and a MSGID instead of just a
+   MSGID.  MSGCTXT and MSGID must be string literals.  MSGCTXT should be
+   short and rarely need to change.
+   The letter 'p' stands for 'particular' or 'special'.  */
+#ifdef DEFAULT_TEXT_DOMAIN
+#define pgettext(Msgctxt, Msgid) \
+   pgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#else
+#define pgettext(Msgctxt, Msgid) \
+   pgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#endif
+#define dpgettext(Domainname, Msgctxt, Msgid) \
+  pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#define dcpgettext(Domainname, Msgctxt, Msgid, Category) \
+  pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, Category)
+#ifdef DEFAULT_TEXT_DOMAIN
+#define npgettext(Msgctxt, Msgid, MsgidPlural, N) \
+   npgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#else
+#define npgettext(Msgctxt, Msgid, MsgidPlural, N) \
+   npgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#endif
+#define dnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N) \
+  npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#define dcnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N, Category) \
+  npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, Category)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+pgettext_aux (const char *domain,
+	      const char *msg_ctxt_id, const char *msgid, int category)
+{
+  const char *translation = dcgettext (domain, msg_ctxt_id, category);
+  if (translation == msg_ctxt_id)
+    return msgid;
+  else
+    return translation;
+}
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+npgettext_aux (const char *domain,
+	       const char *msg_ctxt_id, const char *msgid,
+	       const char *msgid_plural, unsigned long int n, int category)
+{
+  const char *translation =
+    dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
+  if (translation == msg_ctxt_id || translation == msgid_plural)
+    return (n == 1 ? msgid : msgid_plural);
+  else
+    return translation;
+}
+
+/* The same thing extended for non-constant arguments.  Here MSGCTXT and MSGID
+   can be arbitrary expressions.  But for string literals these macros are
+   less efficient than those above.  */
+
+#include <string.h>
+
+#if (((__GNUC__ >= 3 || __GNUG__ >= 2) && !defined __STRICT_ANSI__) \
+     /* || (__STDC_VERSION__ == 199901L && !defined __HP_cc)
+        || (__STDC_VERSION__ >= 201112L && !defined __STDC_NO_VLA__) */ )
+#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 1
+#else
+#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 0
+#endif
+
+#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+#include <stdlib.h>
+#endif
+
+#define pgettext_expr(Msgctxt, Msgid) \
+  dcpgettext_expr (NULL, Msgctxt, Msgid, LC_MESSAGES)
+#define dpgettext_expr(Domainname, Msgctxt, Msgid) \
+  dcpgettext_expr (Domainname, Msgctxt, Msgid, LC_MESSAGES)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+dcpgettext_expr (const char *domain,
+		 const char *msgctxt, const char *msgid, int category)
+{
+  size_t msgctxt_len = strlen (msgctxt) + 1;
+  size_t msgid_len = strlen (msgid) + 1;
+  const char *translation;
+#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+  char msg_ctxt_id[msgctxt_len + msgid_len];
+#else
+  char buf[1024];
+  char *msg_ctxt_id =
+    (msgctxt_len + msgid_len <= sizeof (buf)
+     ? buf : (char *) malloc (msgctxt_len + msgid_len));
+  if (msg_ctxt_id != NULL)
+#endif
+    {
+      int found_translation;
+      memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
+      msg_ctxt_id[msgctxt_len - 1] = '\004';
+      memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
+      translation = dcgettext (domain, msg_ctxt_id, category);
+      found_translation = (translation != msg_ctxt_id);
+#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+      if (msg_ctxt_id != buf)
+	free (msg_ctxt_id);
+#endif
+      if (found_translation)
+	return translation;
+    }
+  return msgid;
+}
+
+#define npgettext_expr(Msgctxt, Msgid, MsgidPlural, N) \
+  dcnpgettext_expr (NULL, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES)
+#define dnpgettext_expr(Domainname, Msgctxt, Msgid, MsgidPlural, N) \
+  dcnpgettext_expr (Domainname, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+dcnpgettext_expr (const char *domain,
+		  const char *msgctxt, const char *msgid,
+		  const char *msgid_plural, unsigned long int n, int category)
+{
+  size_t msgctxt_len = strlen (msgctxt) + 1;
+  size_t msgid_len = strlen (msgid) + 1;
+  const char *translation;
+#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+  char msg_ctxt_id[msgctxt_len + msgid_len];
+#else
+  char buf[1024];
+  char *msg_ctxt_id =
+    (msgctxt_len + msgid_len <= sizeof (buf)
+     ? buf : (char *) malloc (msgctxt_len + msgid_len));
+  if (msg_ctxt_id != NULL)
+#endif
+    {
+      int found_translation;
+      memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
+      msg_ctxt_id[msgctxt_len - 1] = '\004';
+      memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
+      translation =
+	dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
+      found_translation = !(translation == msg_ctxt_id
+			    || translation == msgid_plural);
+#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
+      if (msg_ctxt_id != buf)
+	free (msg_ctxt_id);
+#endif
+      if (found_translation)
+	return translation;
+    }
+  return (n == 1 ? msgid : msgid_plural);
+}
+
+#endif /* _LIBGETTEXT_H */
diff --git a/src/libwebidoidc.c b/src/libwebidoidc.c
new file mode 100644
index 0000000..213cbcd
--- /dev/null
+++ b/src/libwebidoidc.c
@@ -0,0 +1,7 @@
+#define N_(s)
+
+void
+init_webidoidc (void)
+{
+  N_("This is the main function.");
+}
diff --git a/src/scm/webid-oidc/ChangeLog b/src/scm/webid-oidc/ChangeLog
new file mode 100644
index 0000000..1223e69
--- /dev/null
+++ b/src/scm/webid-oidc/ChangeLog
@@ -0,0 +1,124 @@
+2021-04-30  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* reverse-proxy.scm (make-reverse-proxy): Make the auth header
+	lowercase, so that all capitalizations of that header in the
+	incoming requests are dropped.
+
+2021-04-26  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* identity-provider.scm (make-identity-provider): while saving the
+	key to file, close the port so that it gets flushed.
+
+2021-04-22  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* oidc-configuration.scm (get-oidc-configuration): accept hosts as
+	URIs (discard everything but the host).
+
+	* token-endpoint.scm (make-token-endpoint): use (webid-oidc
+	oidc-id-token) to issue the ID token.
+
+	* oidc-id-token.scm (issue-id-token): fix function.
+	(id-token-payload?): now the std uses a "webid" claim for the
+	webid of the user, fix that.
+
+	* token-endpoint.scm (make-token-endpoint): also return the ID
+	token.
+
+	* oidc-id-token.scm (id-token-decode): this function still used a
+	cache and current-time arguments.
+
+2021-03-30  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* hello-world.scm (webid-oidc): remove the hello world.
+
+	* resource.scm: don’t provide a Linked Data Platform
+	implementation here.
+
+	* resource-server.scm (make-authenticator): The server’s public
+	URI is now exported, so you don’t rely on the Host header anymore.
+
+	* dpop-proof.scm (uris-compatible): Check decoded paths, so if
+	some characters are encoded they are equal to their decoded
+	counterparts.
+
+2021-03-13  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* resource.scm (default-root-acl): The root authorization
+	statements need not be inherited, they are by default.
+
+2021-02-27  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* hello-world.scm (main): Use an explicit caching and loggin
+	http-get.
+	(main): Add a content-type to the “unauthorized” response.
+
+	* resource-server.scm (make-authenticator): http-get and
+	current-time are now authenticator parameters, not request
+	parameters.
+
+	* provider-confirmation.scm (get-provider-confirmations): Don't
+	try to cache.
+
+	* identity-provider.scm (make-identity-provider): The identity
+	provider only uses the cache through the http-get argument.
+	(main): Use a caching http-get.
+
+	* token-endpoint.scm (make-token-endpoint): make the current-time
+	argument an endpoint parameter, not a handler parameter.
+
+	* authorization-endpoint.scm (make-authorization-endpoint): No
+	need for an explicit cache, since we have http-get.
+	(make-authorization-endpoint): Pass current-time as an endpoint
+	parameter, not a handler parameter, because it should be
+	synchronized with that of the internal http-get with cache.
+	(make-authorization-endpoint): get-client-manifest is simpler.
+
+	* client-manifest.scm (get-client-manifest): Same simplification
+	as for get-jwks.
+
+	* oidc-configuration.scm (get-oidc-configuration): Same
+	siplifications as for get-jwks.
+
+	* jwk.scm (get-jwks): Simplification, the cache is managed through
+	the http-get argument.
+
+	* Makefile.am (dist_webidoidcmod_DATA): Use the new guile web-client with cache
+
+2021-02-17  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* authorization-page.scm (with-locale): Avoid deadlock when
+	setlocale throws.
+
+2021-02-07  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* authorization-endpoint.scm (make-authorization-endpoint): use
+	the new modules.
+
+	* Makefile.am (webidoidcgo_DATA): compile the new modules to
+	generate the authorization pages.
+
+	* Makefile.am (dist_webidoidcmod_DATA): distribute the new modules
+	to generate the authorization pages.
+
+	* authorization-page.scm: wrapper of the unsafe module in a
+	thread-safe fashion.
+
+	* authorization-page-unsafe.scm: new module.
+
+	* dpop-proof.scm (uris-compatible): Also check userinfo for
+	equality.
+
+2020-12-05  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* dpop-proof.scm (dpop-proof-decode): Accept a predicate to decode
+	a dpop proof, so that we can use it for the token endpoint.
+
+2020-12-02  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* jws.scm (jws-decode): In order to verify OIDC ID tokens, the key
+	lookup function now takes a full JWS and not only the header.
+
+2020-11-29  Vivien Kraus  <vivien@planete-kraus.eu>
+
+	* jws.scm (jws-decode): The JWS can be verified using a JWKS or multiple keys.
+