123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 |
- /* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
- /*
- * Copyright (c) 2016 Red Hat, Inc.
- * Author: Nathaniel McCallum <npmccallum@redhat.com>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- #include "http.h"
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <limits.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
- #include <jose/jose.h>
- static void
- str_cleanup(char **str)
- {
- if (str)
- free(*str);
- }
- static void
- FILE_cleanup(FILE **file)
- {
- if (file && *file)
- fclose(*file);
- }
- static int
- adv(enum http_method method, const char *path, const char *body,
- regmatch_t matches[], void *misc)
- {
- __attribute__((cleanup(FILE_cleanup))) FILE *file = NULL;
- __attribute__((cleanup(str_cleanup))) char *adv = NULL;
- __attribute__((cleanup(str_cleanup))) char *thp = NULL;
- char filename[PATH_MAX] = {};
- const char *cachedir = misc;
- struct stat st = {};
- if (matches[1].rm_so < matches[1].rm_eo) {
- size_t size = matches[1].rm_eo - matches[1].rm_so;
- thp = strndup(&path[matches[1].rm_so], size);
- if (!thp)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- }
- if (snprintf(filename, sizeof(filename),
- "%s/%s.jws", cachedir, thp ? thp : "default") < 0)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- file = fopen(filename, "r");
- if (!file)
- return http_reply(HTTP_STATUS_NOT_FOUND, NULL);
- if (fstat(fileno(file), &st) != 0)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- adv = calloc(st.st_size + 1, 1);
- if (!adv)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- if (fread(adv, st.st_size, 1, file) != 1)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- return http_reply(HTTP_STATUS_OK,
- "Content-Type: application/jose+json\r\n"
- "Content-Length: %zu\r\n"
- "\r\n%s", strlen(adv), adv);
- }
- static int
- rec(enum http_method method, const char *path, const char *body,
- regmatch_t matches[], void *misc)
- {
- __attribute__((cleanup(str_cleanup))) char *enc = NULL;
- __attribute__((cleanup(str_cleanup))) char *thp = NULL;
- size_t size = matches[1].rm_eo - matches[1].rm_so;
- char filename[PATH_MAX] = {};
- const char *cachedir = misc;
- json_auto_t *jwk = NULL;
- json_auto_t *req = NULL;
- json_auto_t *rep = NULL;
- const char *alg = NULL;
- const char *kty = NULL;
- const char *d = NULL;
- /*
- * Parse and validate the request JWK
- */
- req = json_loads(body, 0, NULL);
- if (!req)
- return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
- if (!jose_jwk_prm(NULL, req, false, "deriveKey"))
- return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
- if (json_unpack(req, "{s:s,s?s}", "kty", &kty, "alg", &alg) < 0)
- return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
- if (strcmp(kty, "EC") != 0)
- return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
- if (alg && strcmp(alg, "ECMR") != 0)
- return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
- /*
- * Parse and validate the server-side JWK
- */
- thp = strndup(&path[matches[1].rm_so], size);
- if (!thp)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- if (snprintf(filename, sizeof(filename), "%s/%s.jwk", cachedir, thp) < 0)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- jwk = json_load_file(filename, 0, NULL);
- if (!jwk)
- return http_reply(HTTP_STATUS_NOT_FOUND, NULL);
- if (!jose_jwk_prm(NULL, jwk, true, "deriveKey"))
- return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
- if (json_unpack(jwk, "{s:s,s?s}", "d", &d, "alg", &alg) < 0)
- return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
- if (alg && strcmp(alg, "ECMR") != 0)
- return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
- /*
- * Perform the exchange and return
- */
- rep = jose_jwk_exc(NULL, jwk, req);
- if (!rep)
- return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
- if (json_object_set_new(rep, "alg", json_string("ECMR")) < 0)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- if (json_object_set_new(rep, "key_ops", json_pack("[s]", "deriveKey")) < 0)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- enc = json_dumps(rep, JSON_SORT_KEYS | JSON_COMPACT);
- if (!enc)
- return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
- return http_reply(HTTP_STATUS_OK,
- "Content-Type: application/jwk+json\r\n"
- "Content-Length: %zu\r\n"
- "\r\n%s", strlen(enc), enc);
- }
- static struct http_dispatch dispatch[] = {
- { adv, 1 << HTTP_GET, 2, "^/+adv/+([0-9A-Za-z_-]+)$" },
- { adv, 1 << HTTP_GET, 2, "^/+adv/*$" },
- { rec, 1 << HTTP_POST, 2, "^/+rec/+([0-9A-Za-z_-]+)$" },
- {}
- };
- int
- main(int argc, char *argv[])
- {
- struct http_state state = { .dispatch = dispatch, .misc = argv[1] };
- struct http_parser parser = { .data = &state };
- struct stat st = {};
- char req[4096] = {};
- size_t rcvd = 0;
- int r = 0;
- http_parser_init(&parser, HTTP_REQUEST);
- if (argc != 2) {
- fprintf(stderr, "Usage: %s <cachedir>\n", argv[0]);
- return EXIT_FAILURE;
- }
- if (stat(argv[1], &st) != 0) {
- fprintf(stderr, "Error calling stat() on path: %s: %m\n", argv[1]);
- return EXIT_FAILURE;
- }
- if (!S_ISDIR(st.st_mode)) {
- fprintf(stderr, "Path is not a directory: %s\n", argv[1]);
- return EXIT_FAILURE;
- }
- for (;;) {
- r = read(STDIN_FILENO, &req[rcvd], sizeof(req) - rcvd - 1);
- if (r == 0)
- return rcvd > 0 ? EXIT_FAILURE : EXIT_SUCCESS;
- if (r < 0)
- return EXIT_FAILURE;
- rcvd += r;
- r = http_parser_execute(&parser, &http_settings, req, rcvd);
- if (parser.http_errno != 0) {
- fprintf(stderr, "HTTP Parsing Error: %s\n",
- http_errno_description(parser.http_errno));
- return EXIT_FAILURE;
- }
- memmove(req, &req[r], rcvd - r);
- rcvd -= r;
- }
- return EXIT_SUCCESS;
- }
|