From df646a0cc8f1fefd7204e08eb6754c5a85cd022a Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Tue, 1 Dec 2020 19:46:24 +0100 Subject: Add an authorization code data structure --- doc/webid-oidc.texi | 26 ++++ po/fr.po | 249 +++++++++++++++--------------- po/webid-oidc.pot | 220 ++++++++++++++------------ src/scm/webid-oidc/Makefile.am | 6 +- src/scm/webid-oidc/authorization-code.scm | 151 ++++++++++++++++++ src/scm/webid-oidc/errors.scm | 87 +++++++++++ 6 files changed, 519 insertions(+), 220 deletions(-) create mode 100644 src/scm/webid-oidc/authorization-code.scm diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi index 9f456f3..f8e4208 100644 --- a/doc/webid-oidc.texi +++ b/doc/webid-oidc.texi @@ -512,6 +512,27 @@ The @var{value} string is not an encoding of a valid DPoP proof. The @var{dpop-proof} cannot be signed. @end deftp +@deftp {exception type} ¬-an-authorization-code @var{value} @var{cause} +The @var{value} is not an authorization code. +@end deftp + +@deftp {exception type} ¬-an-authorization-code-header @var{value} @var{cause} +The @var{value} is not an authorization code header. +@end deftp + +@deftp {exception type} ¬-an-authorization-code-payload @var{value} @var{cause} +The @var{value} is not an authorization code payload. +@end deftp + +@deftp {exception type} &cannot-decode-authorization-code @var{value} @var{cause} +The @var{value} string is not an encoding of a valid authorization +code. +@end deftp + +@deftp {exception type} &cannot-encode-authorization-code @var{authorization-code} @var{key} @var{cause} +The @var{authorization-code} cannot be signed. +@end deftp + @node Cannot fetch data on the web @section Cannot fetch data on the web In the client (local and public parts), resource server and identity @@ -603,6 +624,11 @@ The client @var{manifest} is being fetched at @var{id}, but it is valid for another client @var{advertised-id}. @end deftp +@deftp {exception type} &authorization-code-expired @var{exp} @var{current-time} +The authorization code has expired at @var{exp}, it is now +@var{current-time}. +@end deftp + @node GNU Free Documentation License @appendix GNU Free Documentation License diff --git a/po/fr.po b/po/fr.po index b510987..50cffce 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2,7 +2,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-05 16:14+0200\n" +"POT-Creation-Date: 2021-06-05 16:15+0200\n" "PO-Revision-Date: 2021-06-05 11:07+0200\n" "Last-Translator: Vivien Kraus \n" "Language-Team: French \n" @@ -126,101 +126,101 @@ msgstr "Utilisation : generate-random [NOMBRE D'OCTETS]\n" msgid "Usage: generate-key [NUMBER OF BITS | CURVE]\n" msgstr "Utilisation : generate-key [NOMBRE DE BITS | COURBE]\n" -#: src/scm/webid-oidc/errors.scm:630 +#: src/scm/webid-oidc/errors.scm:698 msgid "that’s how it is" msgstr "c’est comme ça" -#: src/scm/webid-oidc/errors.scm:635 +#: src/scm/webid-oidc/errors.scm:703 #, scheme-format msgid "the value ~s is not a base64 string (because ~a)" msgstr "la valeur ~s n’est pas une chaîne base64 (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:638 +#: src/scm/webid-oidc/errors.scm:706 #, scheme-format msgid "the value ~s is not JSON (because ~a)" msgstr "la valeur ~s n’est pas du JSON (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:641 +#: src/scm/webid-oidc/errors.scm:709 #, scheme-format msgid "the value ~s is not Turtle (because ~a)" msgstr "la valeur ~s n’est pas du Turtle (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:644 +#: src/scm/webid-oidc/errors.scm:712 #, scheme-format msgid "the value ~s does not identify an elleptic curve" msgstr "la valeur ~s n’identifie pas une courbe elliptique" -#: src/scm/webid-oidc/errors.scm:649 +#: src/scm/webid-oidc/errors.scm:717 #, scheme-format msgid "the value ~s does not identify a JWK (because ~a)" msgstr "la valeur ~s n’identifie pas une JWK (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:651 +#: src/scm/webid-oidc/errors.scm:719 #, scheme-format msgid "the value ~s does not identify a JWK" msgstr "la valeur ~s n’identifie pas une JWK" -#: src/scm/webid-oidc/errors.scm:656 +#: src/scm/webid-oidc/errors.scm:724 #, scheme-format msgid "the value ~s does not identify a public JWK (because ~a)" msgstr "la valeur ~s n’identifie pas une JWK publique (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:658 +#: src/scm/webid-oidc/errors.scm:726 #, scheme-format msgid "the value ~s does not identify a public JWK" msgstr "la valeur ~s n’identifie pas une JWK publique" -#: src/scm/webid-oidc/errors.scm:663 +#: src/scm/webid-oidc/errors.scm:731 #, scheme-format msgid "the value ~s does not identify a private JWK (because ~a)" msgstr "la valeur ~s n’identifie pas une JWK privée (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:665 +#: src/scm/webid-oidc/errors.scm:733 #, scheme-format msgid "the value ~s does not identify a private JWK" msgstr "la valeur ~s n’identifie pas une JWK privée" -#: src/scm/webid-oidc/errors.scm:670 +#: src/scm/webid-oidc/errors.scm:738 #, scheme-format msgid "the value ~s does not identify a JWKS (because ~a)" msgstr "la valeur ~s n’identifie pas un JWKS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:672 +#: src/scm/webid-oidc/errors.scm:740 #, scheme-format msgid "the value ~s does not identify a JWKS" msgstr "la valeur ~s n’identifie pas un JWKS" -#: src/scm/webid-oidc/errors.scm:675 +#: src/scm/webid-oidc/errors.scm:743 #, scheme-format msgid "the value ~s does not identify a hash algorithm" msgstr "la valeur ~s n’identifie pas un algorithme de hachage" -#: src/scm/webid-oidc/errors.scm:678 +#: src/scm/webid-oidc/errors.scm:746 #, scheme-format msgid "the value ~s is not an alist or misses key ~s" msgstr "la valeur ~s n’est pas une alist ou il manque la clé ~s" -#: src/scm/webid-oidc/errors.scm:681 +#: src/scm/webid-oidc/errors.scm:749 #, scheme-format msgid "the value ~s is not a JWS header (because ~a)" msgstr "la valeur ~s n’est pas un header JWS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:684 +#: src/scm/webid-oidc/errors.scm:752 #, scheme-format msgid "the value ~s is not a JWS payload (because ~a)" msgstr "la valeur ~s n’est pas un contenu JWS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:687 +#: src/scm/webid-oidc/errors.scm:755 #, scheme-format msgid "the value ~s is not a JWS (because ~a)" msgstr "la valeur ~s n’est pas un JWS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:690 +#: src/scm/webid-oidc/errors.scm:758 #, scheme-format msgid "the string ~s cannot be split in 3 parts with ~s" msgstr "la chaîne ~s ne peut pas être découpée en 3 parties avec ~s" -#: src/scm/webid-oidc/errors.scm:693 +#: src/scm/webid-oidc/errors.scm:761 #, scheme-format msgid "" "all key candidates failed to verify signature ~s with algorithm ~s and " @@ -229,17 +229,17 @@ msgstr "" "aucune clé candidate n’a pu vérifier la signature ~s avec l’algorithme ~s et " "le contenu ~a (il y en avait ~a : ~s)" -#: src/scm/webid-oidc/errors.scm:696 +#: src/scm/webid-oidc/errors.scm:764 #, scheme-format msgid "I cannot decode JWS ~a (because ~a)" msgstr "je n’ai pas pu décoder le JWS encodé par ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:699 +#: src/scm/webid-oidc/errors.scm:767 #, scheme-format msgid "I cannot encode JWS ~a (because ~a)" msgstr "je n’ai pas pu encoder le JWS ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:702 +#: src/scm/webid-oidc/errors.scm:770 #, scheme-format msgid "" "the server request unexpectedly failed with code ~a and reason phrase ~s" @@ -247,341 +247,372 @@ msgstr "" "la requête au serveur a échoué de façon inattendue avec un code ~a et une " "raison ~s" -#: src/scm/webid-oidc/errors.scm:707 +#: src/scm/webid-oidc/errors.scm:775 #, scheme-format msgid "the header ~a should not have the value ~s" msgstr "l’en-tête ~a ne devrait pas avoir la valeur ~s" -#: src/scm/webid-oidc/errors.scm:709 +#: src/scm/webid-oidc/errors.scm:777 #, scheme-format msgid "the header ~a should be present" msgstr "l’en-tête ~a devrait être présent" -#: src/scm/webid-oidc/errors.scm:712 +#: src/scm/webid-oidc/errors.scm:780 #, scheme-format msgid "the server response wasn't expected: ~s (because ~a)" msgstr "la réponse du serveur est inattendue : ~s (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:718 +#: src/scm/webid-oidc/errors.scm:786 #, scheme-format msgid "the value ~s is not an OIDC configuration (because ~a)" msgstr "la valeur ~s n’est pas une configuration OIDC (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:723 +#: src/scm/webid-oidc/errors.scm:791 #, scheme-format msgid "the webid field is incorrect: ~s" msgstr "le champ webid est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:724 +#: src/scm/webid-oidc/errors.scm:792 msgid "the webid field is missing" msgstr "le champ webid est manquant" -#: src/scm/webid-oidc/errors.scm:728 +#: src/scm/webid-oidc/errors.scm:796 #, scheme-format msgid "the iss field is incorrect: ~s" msgstr "le champ iss est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:729 +#: src/scm/webid-oidc/errors.scm:797 msgid "the iss field is missing" msgstr "le champ iss est manquant" -#: src/scm/webid-oidc/errors.scm:733 +#: src/scm/webid-oidc/errors.scm:801 #, scheme-format msgid "the aud field is incorrect: ~s" msgstr "le champ aud est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:734 +#: src/scm/webid-oidc/errors.scm:802 msgid "the aud field is missing" msgstr "le champ aud est manquant" -#: src/scm/webid-oidc/errors.scm:738 +#: src/scm/webid-oidc/errors.scm:806 #, scheme-format msgid "the iat field is incorrect: ~s" msgstr "le champ iat est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:739 +#: src/scm/webid-oidc/errors.scm:807 msgid "the iat field is missing" msgstr "le champ iat est manquant" -#: src/scm/webid-oidc/errors.scm:743 +#: src/scm/webid-oidc/errors.scm:811 #, scheme-format msgid "the exp field is incorrect: ~s" msgstr "le champ exp est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:744 +#: src/scm/webid-oidc/errors.scm:812 msgid "the exp field is missing" msgstr "le champ exp est manquant" -#: src/scm/webid-oidc/errors.scm:748 +#: src/scm/webid-oidc/errors.scm:816 #, scheme-format msgid "the cnf/jkt field is incorrect: ~s" msgstr "le champ cnf/jkt est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:749 +#: src/scm/webid-oidc/errors.scm:817 msgid "the cnf/jkt field is missing" msgstr "le champ cnf/jkt est manquant" -#: src/scm/webid-oidc/errors.scm:753 +#: src/scm/webid-oidc/errors.scm:821 #, scheme-format msgid "the client-id field is incorrect: ~s" msgstr "le champ client-id est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:754 +#: src/scm/webid-oidc/errors.scm:822 msgid "the client-id field is missing" msgstr "le champ client-id est manquant" -#: src/scm/webid-oidc/errors.scm:758 +#: src/scm/webid-oidc/errors.scm:826 #, scheme-format msgid "the redirect_uris field is incorrect: ~s" msgstr "le champ redirect_uris est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:759 +#: src/scm/webid-oidc/errors.scm:827 msgid "the redirect_uris field is missing" msgstr "le champ redirect_uris est manquant" -#: src/scm/webid-oidc/errors.scm:763 +#: src/scm/webid-oidc/errors.scm:831 #, scheme-format msgid "the typ field is incorrect: ~s" msgstr "le champ typ est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:764 +#: src/scm/webid-oidc/errors.scm:832 msgid "the typ field is missing" msgstr "le champ typ est manquant" -#: src/scm/webid-oidc/errors.scm:768 +#: src/scm/webid-oidc/errors.scm:836 #, scheme-format msgid "the jwk field is incorrect: ~s (because ~a)" msgstr "le champ jwk est incorrect : ~s (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:770 +#: src/scm/webid-oidc/errors.scm:838 msgid "the jwk field is missing" msgstr "le champ jwk est manquant" -#: src/scm/webid-oidc/errors.scm:774 +#: src/scm/webid-oidc/errors.scm:842 #, scheme-format msgid "the jti field is incorrect: ~s" msgstr "le champ jti est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:775 +#: src/scm/webid-oidc/errors.scm:843 msgid "the jti field is missing" msgstr "le champ jti est manquant" -#: src/scm/webid-oidc/errors.scm:779 +#: src/scm/webid-oidc/errors.scm:847 #, scheme-format msgid "the htm field is incorrect: ~s" msgstr "le champ htm est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:780 +#: src/scm/webid-oidc/errors.scm:848 msgid "the htm field is missing" msgstr "le champ htm est manquant" -#: src/scm/webid-oidc/errors.scm:784 +#: src/scm/webid-oidc/errors.scm:852 #, scheme-format msgid "the htu field is incorrect: ~s" msgstr "le champ htu est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:785 +#: src/scm/webid-oidc/errors.scm:853 msgid "the htu field is missing" msgstr "le champ htu est manquant" -#: src/scm/webid-oidc/errors.scm:787 +#: src/scm/webid-oidc/errors.scm:855 #, scheme-format msgid "~s is not an access token (because ~a)" msgstr "~s n’est pas un jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:790 +#: src/scm/webid-oidc/errors.scm:858 #, scheme-format msgid "~s is not an access token header (because ~a)" msgstr "~s n’est pas un en-tête de jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:793 +#: src/scm/webid-oidc/errors.scm:861 #, scheme-format msgid "~s is not an access token payload (because ~a)" msgstr "~s n’est pas un contenu de jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:796 +#: src/scm/webid-oidc/errors.scm:864 #, scheme-format msgid "~s is not a DPoP proof (because ~a)" msgstr "~s n’est pas une preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:799 +#: src/scm/webid-oidc/errors.scm:867 #, scheme-format msgid "~s is not a DPoP proof header (because ~a)" msgstr "~s n’est pas un en-tête de preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:802 +#: src/scm/webid-oidc/errors.scm:870 #, scheme-format msgid "~s is not a DPoP proof payload (because ~a)" msgstr "~s n’est pas un contenu de preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:805 +#: src/scm/webid-oidc/errors.scm:873 #, scheme-format msgid "I cannot fetch the issuer configuration of ~a (because ~a)" msgstr "" "je n’ai pas pu récupérer la configuration de l’émetteur ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:812 +#: src/scm/webid-oidc/errors.scm:880 #, scheme-format msgid "I cannot fetch the JWKS of ~a at ~a (because ~a)" msgstr "je n’ai pas pu récupérer le JWKS de ~a à ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:823 +#: src/scm/webid-oidc/errors.scm:891 #, scheme-format msgid "the HTTP method is signed for ~s, but ~s was requested" msgstr "la méthode HTTP a été signée pour ~s, mais ~s a été demandé" -#: src/scm/webid-oidc/errors.scm:826 +#: src/scm/webid-oidc/errors.scm:894 #, scheme-format msgid "the HTTP uri is signed for ~a, but ~a was requested" msgstr "l’uri HTTP a été signé pour ~a, mais ~a a été demandé" -#: src/scm/webid-oidc/errors.scm:829 +#: src/scm/webid-oidc/errors.scm:897 #, scheme-format msgid "the date is ~a, but the DPoP proof is signed in the future at ~a" msgstr "la date est ~a, mais la preuve DPoP a été signée dans le futur à ~a" -#: src/scm/webid-oidc/errors.scm:833 +#: src/scm/webid-oidc/errors.scm:901 #, scheme-format msgid "the date is ~a, but the DPoP proof was signed too long ago at ~a" msgstr "" "la date est ~a, mais la preuve DPoP a été signée il y a trop longtemps à ~a" -#: src/scm/webid-oidc/errors.scm:842 +#: src/scm/webid-oidc/errors.scm:910 #, scheme-format msgid "the key ~s does not hash to ~a" msgstr "la clé ~s ne donne pas un hash de ~a" -#: src/scm/webid-oidc/errors.scm:844 +#: src/scm/webid-oidc/errors.scm:912 #, scheme-format msgid "the key confirmation of ~s failed (because ~a)" msgstr "la confirmation de clé de ~s a échoué (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:846 +#: src/scm/webid-oidc/errors.scm:914 #, scheme-format msgid "the key confirmation of ~s failed" msgstr "la confirmation de la clé ~s a échoué" -#: src/scm/webid-oidc/errors.scm:848 +#: src/scm/webid-oidc/errors.scm:916 #, scheme-format msgid "the jti ~s has already been found (because ~a)" msgstr "le jti ~s a déjà été trouvé (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:851 +#: src/scm/webid-oidc/errors.scm:919 #, scheme-format msgid "I cannot decode ~s as an access token (because ~a)" msgstr "je n’ai pas pu décoder ~s comme jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:854 +#: src/scm/webid-oidc/errors.scm:922 #, scheme-format msgid "I cannot encode ~s as an access token with key ~s (because ~a)" msgstr "" "je n’ai pas pu encoder ~s comme un jeton d’accès avec la clé ~s (parce que " "~a)" -#: src/scm/webid-oidc/errors.scm:857 +#: src/scm/webid-oidc/errors.scm:925 #, scheme-format msgid "I cannot decode ~s as a DPoP proof (because ~a)" msgstr "je n’ai pas pu décoder ~s comme preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:860 +#: src/scm/webid-oidc/errors.scm:928 #, scheme-format msgid "I cannot encode ~s as a DPoP proof (because ~a)" msgstr "je n’ai pas pu encoder ~s comme une preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:863 +#: src/scm/webid-oidc/errors.scm:931 #, scheme-format msgid "I could not fetch a RDF graph at ~a (because ~a)" msgstr "je n’ai pas pu récupérer de graphe RDF à ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:866 +#: src/scm/webid-oidc/errors.scm:934 #, scheme-format msgid "~s is not a client manifest (because ~a)" msgstr "~s n’est pas un manifeste client (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:869 +#: src/scm/webid-oidc/errors.scm:937 #, scheme-format msgid "~s does not authorize redirection URI ~a" msgstr "~s n’autorise pas l’URI de redirection ~a" -#: src/scm/webid-oidc/errors.scm:872 +#: src/scm/webid-oidc/errors.scm:940 msgid "I cannot serve a public manifest" msgstr "je ne peux pas servir un manifeste public" -#: src/scm/webid-oidc/errors.scm:874 +#: src/scm/webid-oidc/errors.scm:942 #, scheme-format msgid "~a does not have a client manifest registration triple" msgstr "~a n’a pas de triplet d’enregistrement de manifeste client" -#: src/scm/webid-oidc/errors.scm:877 +#: src/scm/webid-oidc/errors.scm:945 #, scheme-format msgid "the client manifest at ~a is advertised for ~a" msgstr "le manifeste client ~a est publié pour ~a" -#: src/scm/webid-oidc/errors.scm:880 +#: src/scm/webid-oidc/errors.scm:948 #, scheme-format msgid "I could not fetch the client manifest of ~a (because ~a)" msgstr "je n’ai pas pu récupérer le manifeste client de ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:885 +#: src/scm/webid-oidc/errors.scm:951 +#, scheme-format +msgid "~s is not an authorization code (because ~a)" +msgstr "~s n’est pas un code d’autorisation (parce que ~a)" + +#: src/scm/webid-oidc/errors.scm:954 +#, scheme-format +msgid "~s is not an authorization code header (because ~a)" +msgstr "~s n’est pas un en-tête de code d’autorisation (parce que ~a)" + +#: src/scm/webid-oidc/errors.scm:957 +#, scheme-format +msgid "~s is not an authorization code payload (because ~a)" +msgstr "~s n’est pas un contenu de code d’autorisation (parce que ~a)" + +#: src/scm/webid-oidc/errors.scm:960 +#, scheme-format +msgid "the current time is ~a, and the authorization code expired at ~a" +msgstr "" +"la date est actuellement ~a, et le code d’autorisation a expiré à la date ~a" + +#: src/scm/webid-oidc/errors.scm:964 +#, scheme-format +msgid "I cannot decode ~s as an authorization code (because ~a)" +msgstr "je n’ai pas pu décoder ~s comme un code d’autorisation (parce que ~a)" + +#: src/scm/webid-oidc/errors.scm:967 +#, scheme-format +msgid "I cannot encode ~s as an authorization code (because ~a)" +msgstr "je n’ai pas pu encoder ~s comme un code d’autorisation (parce que ~a)" + +#: src/scm/webid-oidc/errors.scm:972 msgid "that’s it" msgstr "c’est tout" -#: src/scm/webid-oidc/errors.scm:889 +#: src/scm/webid-oidc/errors.scm:976 #, scheme-format msgid "~a and ~a" msgstr "~a et ~a" -#: src/scm/webid-oidc/errors.scm:892 +#: src/scm/webid-oidc/errors.scm:979 #, scheme-format msgid "~a, ~a" msgstr "~a, ~a" -#: src/scm/webid-oidc/errors.scm:896 +#: src/scm/webid-oidc/errors.scm:983 #, scheme-format msgid "the signature ~a does not match key ~s with payload ~a" msgstr "la signature ~a ne correspond pas à la clé ~s avec le contenu ~a" -#: src/scm/webid-oidc/errors.scm:899 +#: src/scm/webid-oidc/errors.scm:986 msgid "there is an undefined variable" msgstr "il y a une variable non définie" -#: src/scm/webid-oidc/errors.scm:901 +#: src/scm/webid-oidc/errors.scm:988 #, scheme-format msgid "the origin is ~a" msgstr "l’origine est ~a" -#: src/scm/webid-oidc/errors.scm:904 +#: src/scm/webid-oidc/errors.scm:991 #, scheme-format msgid "a message is attached: ~a" msgstr "un message est attaché : ~a" -#: src/scm/webid-oidc/errors.scm:907 +#: src/scm/webid-oidc/errors.scm:994 #, scheme-format msgid "the values ~s are problematic" msgstr "les valeurs ~s sont problématiques" -#: src/scm/webid-oidc/errors.scm:910 +#: src/scm/webid-oidc/errors.scm:997 msgid "there is a kind and args" msgstr "il y a un type et des arguments" -#: src/scm/webid-oidc/errors.scm:912 +#: src/scm/webid-oidc/errors.scm:999 msgid "there is an assertion failure" msgstr "il y a un échec d’assertion" -#: src/scm/webid-oidc/errors.scm:914 +#: src/scm/webid-oidc/errors.scm:1001 #, scheme-format msgid "the program quits with code ~a" msgstr "le programme quitte avec le code ~a" -#: src/scm/webid-oidc/errors.scm:917 +#: src/scm/webid-oidc/errors.scm:1004 msgid "the program cannot recover from this exception" msgstr "le programme ne peut pas récupérer après cette exception" -#: src/scm/webid-oidc/errors.scm:919 +#: src/scm/webid-oidc/errors.scm:1006 msgid "there is an error" msgstr "il y a une erreur" -#: src/scm/webid-oidc/errors.scm:921 +#: src/scm/webid-oidc/errors.scm:1008 #, scheme-format msgid "Unhandled exception type ~a." msgstr "Type d’exception non pris en charge ~a." @@ -600,34 +631,6 @@ msgstr "Type d’exception non pris en charge ~a." #~ msgid "the nonce field is missing" #~ msgstr "le champ nonce est manquant" -#, scheme-format -#~ msgid "~s is not an authorization code (because ~a)" -#~ msgstr "~s n’est pas un code d’autorisation (parce que ~a)" - -#, scheme-format -#~ msgid "~s is not an authorization code header (because ~a)" -#~ msgstr "~s n’est pas un en-tête de code d’autorisation (parce que ~a)" - -#, scheme-format -#~ msgid "~s is not an authorization code payload (because ~a)" -#~ msgstr "~s n’est pas un contenu de code d’autorisation (parce que ~a)" - -#, scheme-format -#~ msgid "the current time is ~a, and the authorization code expired at ~a" -#~ msgstr "" -#~ "la date est actuellement ~a, et le code d’autorisation a expiré à la date " -#~ "~a" - -#, scheme-format -#~ msgid "I cannot decode ~s as an authorization code (because ~a)" -#~ msgstr "" -#~ "je n’ai pas pu décoder ~s comme un code d’autorisation (parce que ~a)" - -#, scheme-format -#~ msgid "I cannot encode ~s as an authorization code (because ~a)" -#~ msgstr "" -#~ "je n’ai pas pu encoder ~s comme un code d’autorisation (parce que ~a)" - #, scheme-format #~ msgid "there is no such refresh token as ~s" #~ msgstr "il n’y a pas de jeton de rafraîchissement ~s" diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot index e9f6b2d..21b10a6 100644 --- a/po/webid-oidc.pot +++ b/po/webid-oidc.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-05 16:14+0200\n" +"POT-Creation-Date: 2021-06-05 16:15+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -122,454 +122,484 @@ msgstr "" msgid "Usage: generate-key [NUMBER OF BITS | CURVE]\n" msgstr "" -#: src/scm/webid-oidc/errors.scm:630 +#: src/scm/webid-oidc/errors.scm:698 msgid "that’s how it is" msgstr "" -#: src/scm/webid-oidc/errors.scm:635 +#: src/scm/webid-oidc/errors.scm:703 #, scheme-format msgid "the value ~s is not a base64 string (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:638 +#: src/scm/webid-oidc/errors.scm:706 #, scheme-format msgid "the value ~s is not JSON (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:641 +#: src/scm/webid-oidc/errors.scm:709 #, scheme-format msgid "the value ~s is not Turtle (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:644 +#: src/scm/webid-oidc/errors.scm:712 #, scheme-format msgid "the value ~s does not identify an elleptic curve" msgstr "" -#: src/scm/webid-oidc/errors.scm:649 +#: src/scm/webid-oidc/errors.scm:717 #, scheme-format msgid "the value ~s does not identify a JWK (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:651 +#: src/scm/webid-oidc/errors.scm:719 #, scheme-format msgid "the value ~s does not identify a JWK" msgstr "" -#: src/scm/webid-oidc/errors.scm:656 +#: src/scm/webid-oidc/errors.scm:724 #, scheme-format msgid "the value ~s does not identify a public JWK (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:658 +#: src/scm/webid-oidc/errors.scm:726 #, scheme-format msgid "the value ~s does not identify a public JWK" msgstr "" -#: src/scm/webid-oidc/errors.scm:663 +#: src/scm/webid-oidc/errors.scm:731 #, scheme-format msgid "the value ~s does not identify a private JWK (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:665 +#: src/scm/webid-oidc/errors.scm:733 #, scheme-format msgid "the value ~s does not identify a private JWK" msgstr "" -#: src/scm/webid-oidc/errors.scm:670 +#: src/scm/webid-oidc/errors.scm:738 #, scheme-format msgid "the value ~s does not identify a JWKS (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:672 +#: src/scm/webid-oidc/errors.scm:740 #, scheme-format msgid "the value ~s does not identify a JWKS" msgstr "" -#: src/scm/webid-oidc/errors.scm:675 +#: src/scm/webid-oidc/errors.scm:743 #, scheme-format msgid "the value ~s does not identify a hash algorithm" msgstr "" -#: src/scm/webid-oidc/errors.scm:678 +#: src/scm/webid-oidc/errors.scm:746 #, scheme-format msgid "the value ~s is not an alist or misses key ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:681 +#: src/scm/webid-oidc/errors.scm:749 #, scheme-format msgid "the value ~s is not a JWS header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:684 +#: src/scm/webid-oidc/errors.scm:752 #, scheme-format msgid "the value ~s is not a JWS payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:687 +#: src/scm/webid-oidc/errors.scm:755 #, scheme-format msgid "the value ~s is not a JWS (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:690 +#: src/scm/webid-oidc/errors.scm:758 #, scheme-format msgid "the string ~s cannot be split in 3 parts with ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:693 +#: src/scm/webid-oidc/errors.scm:761 #, scheme-format msgid "" "all key candidates failed to verify signature ~s with algorithm ~s and " "payload ~a (there were ~a: ~s)" msgstr "" -#: src/scm/webid-oidc/errors.scm:696 +#: src/scm/webid-oidc/errors.scm:764 #, scheme-format msgid "I cannot decode JWS ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:699 +#: src/scm/webid-oidc/errors.scm:767 #, scheme-format msgid "I cannot encode JWS ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:702 +#: src/scm/webid-oidc/errors.scm:770 #, scheme-format msgid "" "the server request unexpectedly failed with code ~a and reason phrase ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:707 +#: src/scm/webid-oidc/errors.scm:775 #, scheme-format msgid "the header ~a should not have the value ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:709 +#: src/scm/webid-oidc/errors.scm:777 #, scheme-format msgid "the header ~a should be present" msgstr "" -#: src/scm/webid-oidc/errors.scm:712 +#: src/scm/webid-oidc/errors.scm:780 #, scheme-format msgid "the server response wasn't expected: ~s (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:718 +#: src/scm/webid-oidc/errors.scm:786 #, scheme-format msgid "the value ~s is not an OIDC configuration (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:723 +#: src/scm/webid-oidc/errors.scm:791 #, scheme-format msgid "the webid field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:724 +#: src/scm/webid-oidc/errors.scm:792 msgid "the webid field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:728 +#: src/scm/webid-oidc/errors.scm:796 #, scheme-format msgid "the iss field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:729 +#: src/scm/webid-oidc/errors.scm:797 msgid "the iss field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:733 +#: src/scm/webid-oidc/errors.scm:801 #, scheme-format msgid "the aud field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:734 +#: src/scm/webid-oidc/errors.scm:802 msgid "the aud field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:738 +#: src/scm/webid-oidc/errors.scm:806 #, scheme-format msgid "the iat field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:739 +#: src/scm/webid-oidc/errors.scm:807 msgid "the iat field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:743 +#: src/scm/webid-oidc/errors.scm:811 #, scheme-format msgid "the exp field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:744 +#: src/scm/webid-oidc/errors.scm:812 msgid "the exp field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:748 +#: src/scm/webid-oidc/errors.scm:816 #, scheme-format msgid "the cnf/jkt field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:749 +#: src/scm/webid-oidc/errors.scm:817 msgid "the cnf/jkt field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:753 +#: src/scm/webid-oidc/errors.scm:821 #, scheme-format msgid "the client-id field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:754 +#: src/scm/webid-oidc/errors.scm:822 msgid "the client-id field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:758 +#: src/scm/webid-oidc/errors.scm:826 #, scheme-format msgid "the redirect_uris field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:759 +#: src/scm/webid-oidc/errors.scm:827 msgid "the redirect_uris field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:763 +#: src/scm/webid-oidc/errors.scm:831 #, scheme-format msgid "the typ field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:764 +#: src/scm/webid-oidc/errors.scm:832 msgid "the typ field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:768 +#: src/scm/webid-oidc/errors.scm:836 #, scheme-format msgid "the jwk field is incorrect: ~s (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:770 +#: src/scm/webid-oidc/errors.scm:838 msgid "the jwk field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:774 +#: src/scm/webid-oidc/errors.scm:842 #, scheme-format msgid "the jti field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:775 +#: src/scm/webid-oidc/errors.scm:843 msgid "the jti field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:779 +#: src/scm/webid-oidc/errors.scm:847 #, scheme-format msgid "the htm field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:780 +#: src/scm/webid-oidc/errors.scm:848 msgid "the htm field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:784 +#: src/scm/webid-oidc/errors.scm:852 #, scheme-format msgid "the htu field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:785 +#: src/scm/webid-oidc/errors.scm:853 msgid "the htu field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:787 +#: src/scm/webid-oidc/errors.scm:855 #, scheme-format msgid "~s is not an access token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:790 +#: src/scm/webid-oidc/errors.scm:858 #, scheme-format msgid "~s is not an access token header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:793 +#: src/scm/webid-oidc/errors.scm:861 #, scheme-format msgid "~s is not an access token payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:796 +#: src/scm/webid-oidc/errors.scm:864 #, scheme-format msgid "~s is not a DPoP proof (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:799 +#: src/scm/webid-oidc/errors.scm:867 #, scheme-format msgid "~s is not a DPoP proof header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:802 +#: src/scm/webid-oidc/errors.scm:870 #, scheme-format msgid "~s is not a DPoP proof payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:805 +#: src/scm/webid-oidc/errors.scm:873 #, scheme-format msgid "I cannot fetch the issuer configuration of ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:812 +#: src/scm/webid-oidc/errors.scm:880 #, scheme-format msgid "I cannot fetch the JWKS of ~a at ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:823 +#: src/scm/webid-oidc/errors.scm:891 #, scheme-format msgid "the HTTP method is signed for ~s, but ~s was requested" msgstr "" -#: src/scm/webid-oidc/errors.scm:826 +#: src/scm/webid-oidc/errors.scm:894 #, scheme-format msgid "the HTTP uri is signed for ~a, but ~a was requested" msgstr "" -#: src/scm/webid-oidc/errors.scm:829 +#: src/scm/webid-oidc/errors.scm:897 #, scheme-format msgid "the date is ~a, but the DPoP proof is signed in the future at ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:833 +#: src/scm/webid-oidc/errors.scm:901 #, scheme-format msgid "the date is ~a, but the DPoP proof was signed too long ago at ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:842 +#: src/scm/webid-oidc/errors.scm:910 #, scheme-format msgid "the key ~s does not hash to ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:844 +#: src/scm/webid-oidc/errors.scm:912 #, scheme-format msgid "the key confirmation of ~s failed (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:846 +#: src/scm/webid-oidc/errors.scm:914 #, scheme-format msgid "the key confirmation of ~s failed" msgstr "" -#: src/scm/webid-oidc/errors.scm:848 +#: src/scm/webid-oidc/errors.scm:916 #, scheme-format msgid "the jti ~s has already been found (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:851 +#: src/scm/webid-oidc/errors.scm:919 #, scheme-format msgid "I cannot decode ~s as an access token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:854 +#: src/scm/webid-oidc/errors.scm:922 #, scheme-format msgid "I cannot encode ~s as an access token with key ~s (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:857 +#: src/scm/webid-oidc/errors.scm:925 #, scheme-format msgid "I cannot decode ~s as a DPoP proof (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:860 +#: src/scm/webid-oidc/errors.scm:928 #, scheme-format msgid "I cannot encode ~s as a DPoP proof (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:863 +#: src/scm/webid-oidc/errors.scm:931 #, scheme-format msgid "I could not fetch a RDF graph at ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:866 +#: src/scm/webid-oidc/errors.scm:934 #, scheme-format msgid "~s is not a client manifest (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:869 +#: src/scm/webid-oidc/errors.scm:937 #, scheme-format msgid "~s does not authorize redirection URI ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:872 +#: src/scm/webid-oidc/errors.scm:940 msgid "I cannot serve a public manifest" msgstr "" -#: src/scm/webid-oidc/errors.scm:874 +#: src/scm/webid-oidc/errors.scm:942 #, scheme-format msgid "~a does not have a client manifest registration triple" msgstr "" -#: src/scm/webid-oidc/errors.scm:877 +#: src/scm/webid-oidc/errors.scm:945 #, scheme-format msgid "the client manifest at ~a is advertised for ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:880 +#: src/scm/webid-oidc/errors.scm:948 #, scheme-format msgid "I could not fetch the client manifest of ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:885 +#: src/scm/webid-oidc/errors.scm:951 +#, scheme-format +msgid "~s is not an authorization code (because ~a)" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:954 +#, scheme-format +msgid "~s is not an authorization code header (because ~a)" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:957 +#, scheme-format +msgid "~s is not an authorization code payload (because ~a)" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:960 +#, scheme-format +msgid "the current time is ~a, and the authorization code expired at ~a" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:964 +#, scheme-format +msgid "I cannot decode ~s as an authorization code (because ~a)" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:967 +#, scheme-format +msgid "I cannot encode ~s as an authorization code (because ~a)" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:972 msgid "that’s it" msgstr "" -#: src/scm/webid-oidc/errors.scm:889 +#: src/scm/webid-oidc/errors.scm:976 #, scheme-format msgid "~a and ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:892 +#: src/scm/webid-oidc/errors.scm:979 #, scheme-format msgid "~a, ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:896 +#: src/scm/webid-oidc/errors.scm:983 #, scheme-format msgid "the signature ~a does not match key ~s with payload ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:899 +#: src/scm/webid-oidc/errors.scm:986 msgid "there is an undefined variable" msgstr "" -#: src/scm/webid-oidc/errors.scm:901 +#: src/scm/webid-oidc/errors.scm:988 #, scheme-format msgid "the origin is ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:904 +#: src/scm/webid-oidc/errors.scm:991 #, scheme-format msgid "a message is attached: ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:907 +#: src/scm/webid-oidc/errors.scm:994 #, scheme-format msgid "the values ~s are problematic" msgstr "" -#: src/scm/webid-oidc/errors.scm:910 +#: src/scm/webid-oidc/errors.scm:997 msgid "there is a kind and args" msgstr "" -#: src/scm/webid-oidc/errors.scm:912 +#: src/scm/webid-oidc/errors.scm:999 msgid "there is an assertion failure" msgstr "" -#: src/scm/webid-oidc/errors.scm:914 +#: src/scm/webid-oidc/errors.scm:1001 #, scheme-format msgid "the program quits with code ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:917 +#: src/scm/webid-oidc/errors.scm:1004 msgid "the program cannot recover from this exception" msgstr "" -#: src/scm/webid-oidc/errors.scm:919 +#: src/scm/webid-oidc/errors.scm:1006 msgid "there is an error" msgstr "" -#: src/scm/webid-oidc/errors.scm:921 +#: src/scm/webid-oidc/errors.scm:1008 #, scheme-format msgid "Unhandled exception type ~a." msgstr "" diff --git a/src/scm/webid-oidc/Makefile.am b/src/scm/webid-oidc/Makefile.am index 709eb1b..6736595 100644 --- a/src/scm/webid-oidc/Makefile.am +++ b/src/scm/webid-oidc/Makefile.am @@ -10,7 +10,8 @@ dist_webidoidcmod_DATA += \ %reldir%/jti.scm \ %reldir%/dpop-proof.scm \ %reldir%/fetch.scm \ - %reldir%/client-manifest.scm + %reldir%/client-manifest.scm \ + %reldir%/authorization-code.scm webidoidcgo_DATA += \ %reldir%/errors.go \ %reldir%/stubs.go \ @@ -23,4 +24,5 @@ webidoidcgo_DATA += \ %reldir%/jti.go \ %reldir%/dpop-proof.go \ %reldir%/fetch.go \ - %reldir%/client-manifest.go + %reldir%/client-manifest.go \ + %reldir%/authorization-code.go diff --git a/src/scm/webid-oidc/authorization-code.scm b/src/scm/webid-oidc/authorization-code.scm new file mode 100644 index 0000000..ebe97c4 --- /dev/null +++ b/src/scm/webid-oidc/authorization-code.scm @@ -0,0 +1,151 @@ +(define-module (webid-oidc authorization-code) + #:use-module (webid-oidc errors) + #:use-module ((webid-oidc stubs) #:prefix stubs:) + #:use-module (webid-oidc jws) + #:use-module (webid-oidc jti) + #:use-module (web uri) + #:use-module (srfi srfi-19)) + +(define-public (the-authorization-code-header x) + (with-exception-handler + (lambda (error) + (raise-not-an-authorization-code-header x error)) + (lambda () + (the-jws-header x)))) + +(define-public (authorization-code-header? x) + (false-if-exception + (and (the-authorization-code-header x) #t))) + +(define-public (the-authorization-code-payload x) + (with-exception-handler + (lambda (error) + (raise-not-an-authorization-code-payload x error)) + (lambda () + (let ((x (the-jws-payload x))) + (let ((exp (assq-ref x 'exp)) + (jti (assq-ref x 'jti)) + (webid (assq-ref x 'webid)) + (client-id (assq-ref x 'client_id))) + (unless (integer? exp) + (raise-incorrect-exp-field exp)) + (unless (string? jti) + (raise-incorrect-jti-field jti)) + (unless (and (string? webid) (string->uri webid)) + (raise-incorrect-webid-field webid)) + (unless (and (string? client-id) (string->uri client-id)) + (raise-incorrect-client-id-field client-id)) + x))))) + +(define-public (authorization-code-payload? x) + (false-if-exception + (and (the-authorization-code-payload x) #t))) + +(define-public (the-authorization-code x) + (with-exception-handler + (lambda (error) + (raise-not-an-authorization-code x error)) + (lambda () + (cons (the-authorization-code-header (car x)) + (the-authorization-code-payload (cdr x)))))) + +(define-public (authorization-code? x) + (false-if-exception + (and (the-authorization-code x) #t))) + +(define-public (make-authorization-code header payload) + (the-authorization-code (cons header payload))) + +(define-public (make-authorization-code-header alg) + (when (symbol? alg) + (set! alg (symbol->string alg))) + (the-authorization-code-header + `((alg . ,alg)))) + +(define-public (make-authorization-code-payload exp jti sub aud) + (when (date? exp) + (set! exp (date->time-utc exp))) + (when (time? exp) + (set! exp (time-second exp))) + (when (uri? sub) + (set! sub (uri->string sub))) + (when (uri? aud) + (set! aud (uri->string aud))) + (the-authorization-code-payload + `((exp . ,exp) + (jti . ,jti) + (webid . ,sub) + (client_id . ,aud)))) + +(define-public (authorization-code-header code) + (car (the-authorization-code code))) + +(define-public (authorization-code-payload code) + (cdr (the-authorization-code code))) + +(define-public (authorization-code-alg code) + (when (authorization-code? code) + (set! code (authorization-code-header code))) + (jws-alg (the-authorization-code-header code))) + +(define-public (authorization-code-exp code) + (when (authorization-code? code) + (set! code (authorization-code-payload code))) + (time-utc->date + (make-time time-utc 0 (assq-ref + (the-authorization-code-payload code) + 'exp)))) + +(define-public (authorization-code-jti code) + (when (authorization-code? code) + (set! code (authorization-code-payload code))) + (assq-ref (the-authorization-code-payload code) 'jti)) + +(define-public (authorization-code-webid code) + (when (authorization-code? code) + (set! code (authorization-code-payload code))) + (string->uri + (assq-ref (the-authorization-code-payload code) 'webid))) + +(define-public (authorization-code-client-id code) + (when (authorization-code? code) + (set! code (authorization-code-payload code))) + (string->uri + (assq-ref (the-authorization-code-payload code) 'client_id))) + +(define-public (authorization-code-decode current-time jti-list str jwk) + (when (date? current-time) + (set! current-time (date->time-utc current-time))) + (when (time? current-time) + (set! current-time (time-second current-time))) + (with-exception-handler + (lambda (error) + (raise-cannot-decode-authorization-code str error)) + (lambda () + (let ((code (the-authorization-code (jws-decode str (lambda (x) jwk))))) + (let ((exp (time-second (date->time-utc (authorization-code-exp code))))) + (unless (<= current-time exp) + (raise-authorization-code-expired exp current-time)) + (unless (jti-check current-time (authorization-code-jti code) + jti-list + (- exp current-time)) + (with-exception-handler + (lambda (error) + (raise-jti-found (authorization-code-jti code) error)) + (lambda () + (error "the jti-check function returned #f")))) + code))))) + +(define-public (authorization-code-encode authorization-code key) + (with-exception-handler + (lambda (error) + (raise-cannot-encode-authorization-code authorization-code key error)) + (lambda () + (jws-encode authorization-code key)))) + +(define-public (issue-authorization-code alg jwk exp sub aud) + (authorization-code-encode + (make-authorization-code + (make-authorization-code-header alg) + (make-authorization-code-payload exp (stubs:random 12) sub aud)) + jwk)) diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm index d6f685a..879b23c 100644 --- a/src/scm/webid-oidc/errors.scm +++ b/src/scm/webid-oidc/errors.scm @@ -619,6 +619,74 @@ (raise-exception ((record-constructor &cannot-fetch-client-manifest) id cause))) +(define-public ¬-an-authorization-code + (make-exception-type + '¬-an-authorization-code + &external-error + '(value cause))) + +(define-public (raise-not-an-authorization-code value cause) + (raise-exception + ((record-constructor ¬-an-authorization-code) value cause))) + +(define-public ¬-an-authorization-code-header + (make-exception-type + '¬-an-authorization-code-header + &external-error + '(value cause))) + +(define-public (raise-not-an-authorization-code-header value cause) + (raise-exception + ((record-constructor ¬-an-authorization-code-header) value cause))) + +(define-public ¬-an-authorization-code-payload + (make-exception-type + '¬-an-authorization-code-payload + &external-error + '(value cause))) + +(define-public (raise-not-an-authorization-code-payload value cause) + (raise-exception + ((record-constructor ¬-an-authorization-code-payload) value cause))) + +(define-public &authorization-code-expired + (make-exception-type + '&authorization-code-expired + &external-error + '(exp current-time))) + +(define-public (raise-authorization-code-expired exp current-time) + (when (integer? exp) + (set! exp (make-time time-utc 0 exp))) + (when (time? exp) + (set! exp (time-utc->date exp))) + (when (integer? current-time) + (set! current-time (make-time time-utc 0 current-time))) + (when (time? current-time) + (set! current-time (time-utc->date current-time))) + (raise-exception + ((record-constructor &authorization-code-expired) exp current-time))) + +(define-public &cannot-decode-authorization-code + (make-exception-type + '&cannot-decode-authorization-code + &external-error + '(value cause))) + +(define-public (raise-cannot-decode-authorization-code value cause) + (raise-exception + ((record-constructor &cannot-decode-authorization-code) value cause))) + +(define-public &cannot-encode-authorization-code + (make-exception-type + '&cannot-encode-authorization-code + &external-error + '(authorization-code key cause))) + +(define-public (raise-cannot-encode-authorization-code authorization-code key cause) + (raise-exception + ((record-constructor &cannot-encode-authorization-code) authorization-code key cause))) + (define*-public (error->str err #:key (max-depth #f)) (if (record? err) (let* ((type (record-type-descriptor err)) @@ -879,6 +947,25 @@ ((&cannot-fetch-client-manifest) (format #f (G_ "I could not fetch the client manifest of ~a (because ~a)") (uri->string (get 'id)) (recurse (get 'cause)))) + ((¬-an-authorization-code) + (format #f (G_ "~s is not an authorization code (because ~a)") + (get 'value) (recurse (get 'cause)))) + ((¬-an-authorization-code-header) + (format #f (G_ "~s is not an authorization code header (because ~a)") + (get 'value) (recurse (get 'cause)))) + ((¬-an-authorization-code-payload) + (format #f (G_ "~s is not an authorization code payload (because ~a)") + (get 'value) (recurse (get 'cause)))) + ((&authorization-code-expired) + (format #f (G_ "the current time is ~a, and the authorization code expired at ~a") + (time-second (date->time-utc (get 'current-time))) + (time-second (date->time-utc (get 'exp))))) + ((&cannot-decode-authorization-code) + (format #f (G_ "I cannot decode ~s as an authorization code (because ~a)") + (get 'value) (recurse (get 'cause)))) + ((&cannot-encode-authorization-code) + (format #f (G_ "I cannot encode ~s as an authorization code (because ~a)") + (get 'value) (recurse (get 'cause)))) ((&compound-exception) (let ((components (get 'components))) (if (null? components) -- cgit v1.2.3