1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
;; disfluid, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU Affero General Public License as
;; published by the Free Software Foundation, either version 3 of the
;; License, or (at your option) any later version.
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU Affero General Public License for more details.
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
(define-module (webid-oidc provider-confirmation)
#:use-module (webid-oidc errors)
#:use-module (webid-oidc fetch)
#:use-module ((webid-oidc parameters) #:prefix p:)
#:use-module (web uri)
#:use-module (web response)
#:use-module (rnrs bytevectors)
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-26)
#:use-module (ice-9 receive)
#:use-module (ice-9 optargs)
#:use-module (ice-9 match)
#:use-module (ice-9 exceptions)
#:use-module (webid-oidc web-i18n)
#:use-module (rdf rdf)
#:use-module (turtle tordf)
#:declarative? #t
#:export
(
&unconfirmed-provider
make-unconfirmed-provider
unconfirmed-provider?
get-provider-confirmations
confirm-provider
))
(define-exception-type
&unconfirmed-provider
&external-error
make-unconfirmed-provider
unconfirmed-provider?)
(define (find-confirmations subject graph)
(let search-graph ((graph graph)
(confirmations '()))
(match graph
(() (reverse confirmations))
((hd graph ...)
(match `(,(rdf-triple-subject hd)
,(rdf-triple-predicate hd)
,(rdf-triple-object hd))
(((? (cute equal? subject <>) _)
"http://www.w3.org/ns/solid/terms#oidcIssuer"
(? string?
(= string->uri
(and (? uri? provider)
(= uri-scheme 'https)))))
(search-graph graph `(,provider ,@confirmations)))
(else
(search-graph graph confirmations)))))))
(define (serve-confirmations expiration-date subject cnf)
(let ((resource (format #f "@prefix solid: <http://www.w3.org/ns/solid/terms#> .
<~a> solid:oidcIssuer ~a .
"
(uri->string subject)
(string-join (map (lambda (uri)
(format #f "<~a>" (uri->string uri)))
cnf)
", "))))
(values (build-response #:headers `((content-type text/turtle)
(expires . ,expiration-date)))
resource)))
(define (get-provider-confirmations subject)
(unless (equal? (uri-scheme subject) 'https)
(set! subject (build-uri 'https
#:userinfo (uri-userinfo subject)
#:host (uri-host subject)
#:port (uri-port subject)
#:path (uri-path subject)
#:query (uri-query subject)
#:fragment (uri-fragment subject))))
(let ((graph (fetch subject)))
(cons (build-uri 'https
#:userinfo (uri-userinfo subject)
#:host (uri-host subject)
#:port (uri-port subject))
(find-confirmations (uri->string subject) graph))))
(define (confirm-provider subject issuer)
(unless (string=? (uri-host subject) (uri-host issuer))
(let search ((providers (get-provider-confirmations subject)))
(match providers
(()
(let ((final-message
(format #f ("~s has not set ~s as an identity provider")
(uri->string subject)
(uri->string issuer))))
(raise-exception
(make-exception
(make-unconfirmed-provider)
(make-exception-with-message final-message)))))
(((? (cute equal? <> issuer) _) . _)
#t)
((_ providers ...)
(search providers))))))
|
