From 2ca7f3a4a03db3e7d7fa15504fa3d69e1c6bd217 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 31 Oct 2017 10:50:24 +0100 Subject: Split in two: agl-identity-service and uds-ble-id-init-service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The binding is splitted in two parts and packeged as widgets. The two parts are: - uds-ble-id-init-service This service provides a UDS (User Data Service) over BLE. It detects writes to the email of the user to initiate the authentication process. - agl-identity-service This service queries the Forgerock's Edge Controller to fill user data and make it available. The actual code is not fully functionnal. Signed-off-by: José Bollo --- agl-identity-service/src/agl-identity-binding.c | 322 ++++++++++++++++++++++++ 1 file changed, 322 insertions(+) create mode 100644 agl-identity-service/src/agl-identity-binding.c (limited to 'agl-identity-service/src/agl-identity-binding.c') diff --git a/agl-identity-service/src/agl-identity-binding.c b/agl-identity-service/src/agl-identity-binding.c new file mode 100644 index 0000000..1feeeb3 --- /dev/null +++ b/agl-identity-service/src/agl-identity-binding.c @@ -0,0 +1,322 @@ +/* + * Copyright (C) 2015, 2016, 2017 "IoT.bzh" + * Author: José Bollo + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#define AFB_BINDING_VERSION 2 +#include + +#include "oidc-agent.h" +#include "aia-get.h" + +static int expiration_delay = 5; + +static struct afb_event event; + +static struct json_object *current_identity; + +static const char default_endpoint[] = "https://agl-graphapi.forgerocklabs.org/getuserprofilefromtoken"; +static const char default_vin[] = "4T1BF1FK5GU260429"; +static const char *oidc_name; +static char *vin; +static char *endpoint; + +/***** configuration ********************************************/ + +static struct json_object *readjson(int fd) +{ + char *buffer; + struct stat s; + struct json_object *result = NULL; + int rc; + + rc = fstat(fd, &s); + if (rc == 0 && S_ISREG(s.st_mode)) { + buffer = alloca((size_t)(s.st_size)+1); + if (read(fd, buffer, (size_t)s.st_size) == (ssize_t)s.st_size) { + buffer[s.st_size] = 0; + result = json_tokener_parse(buffer); + } + } + close(fd); + + return result; +} + +static struct json_object *get_global_config(const char *name, const char *locale) +{ + int fd = afb_daemon_rootdir_open_locale(name, O_RDONLY, locale); + return fd < 0 ? NULL : readjson(fd); +} + +static struct json_object *get_local_config(const char *name) +{ + int fd = openat(AT_FDCWD, name, O_RDONLY, 0); + return fd < 0 ? NULL : readjson(fd); +} + +static void confsetstr(struct json_object *conf, const char *name, char **value, const char *def) +{ + struct json_object *v; + const char *s; + char *p; + + s = conf && json_object_object_get_ex(conf, name, &v) ? json_object_get_string(v) : def; + p = *value; + if (s && p != s) { + *value = strdup(s); + free(p); + } +} + +static void confsetint(struct json_object *conf, const char *name, int *value, int def) +{ + struct json_object *v; + + *value = conf && json_object_object_get_ex(conf, name, &v) ? json_object_get_int(v) : def; +} + +static void confsetoidc(struct json_object *conf, const char *name) +{ + struct json_object *idp, *appli; + + if (conf + && json_object_object_get_ex(conf, "idp", &idp) + && json_object_object_get_ex(conf, "appli", &appli)) { + if (oidc_idp_set(name, idp) && oidc_appli_set(name, name, appli, 1)) { + oidc_name = name; + } + } +} + +static void setconfig(struct json_object *conf) +{ + confsetstr(conf, "endpoint", &endpoint, endpoint ? : default_endpoint); + confsetstr(conf, "vin", &vin, vin ? : default_vin); + confsetint(conf, "delay", &expiration_delay, expiration_delay); + confsetoidc(conf, "oidc-aia"); +} + +static void readconfig() +{ + setconfig(get_global_config("config.json", NULL)); + setconfig(get_local_config("/etc/agl/identity-agent-config.json")); + setconfig(get_local_config("config.json")); +} + +/****************************************************************/ + +static struct json_object *make_event_object(const char *name, const char *id, const char *nick) +{ + struct json_object *object = json_object_new_object(); + + /* TODO: errors */ + json_object_object_add(object, "eventName", json_object_new_string(name)); + json_object_object_add(object, "accountid", json_object_new_string(id)); + if (nick) + json_object_object_add(object, "nickname", json_object_new_string(nick)); + return object; +} + +static int send_event_object(const char *name, const char *id, const char *nick) +{ + return afb_event_push(event, make_event_object(name, id, nick)); +} + +static void do_login(struct json_object *desc) +{ + struct json_object *object; + + /* switching the user */ + AFB_INFO("Switching to user %s", desc ? json_object_to_json_string(desc) : "null"); + object = current_identity; + current_identity = json_object_get(desc); + json_object_put(object); + + if (!json_object_object_get_ex(desc, "name", &object)) + object = 0; + send_event_object("login", !object ? "null" : json_object_get_string(object)? : "?", 0); +} + +static void do_logout() +{ + struct json_object *object; + + AFB_INFO("Switching to no user"); + object = current_identity; + current_identity = 0; + json_object_put(object); + + send_event_object("logout", "null", 0); +} + +/****************************************************************/ + +static char *get_upload_url(const char *key) +{ + int rc; + char *result; + + rc = asprintf(&result, "%s?vin=%s&keytoken=%s", endpoint, vin, key); + return rc >= 0 ? result : NULL; +} + +static void uploaded(void *closure, int status, const void *buffer, size_t size) +{ + struct json_object *object, *subobj; + char *url = closure; + + /* checks whether discarded */ + if (status == 0 && !buffer) + goto end; /* discarded */ + + /* scan for the status */ + if (status == 0 || !buffer) { + AFB_ERROR("uploading %s failed %s", url ? : "?", (const char*)buffer ? : ""); + goto end; + } + + /* get the object */ + AFB_DEBUG("received data: %.*s", (int)size, (char*)buffer); + object = json_tokener_parse(buffer); /* okay because 0 appended */ + + /* extract useful part */ + subobj = NULL; + if (object && !json_object_object_get_ex(object, "results", &subobj)) + subobj = NULL; + if (subobj) + subobj = json_object_array_get_idx(subobj, 0); + if (subobj && !json_object_object_get_ex(subobj, "data", &subobj)) + subobj = NULL; + if (subobj) + subobj = json_object_array_get_idx(subobj, 0); + if (subobj && !json_object_object_get_ex(subobj, "row", &subobj)) + subobj = NULL; + if (subobj) + subobj = json_object_array_get_idx(subobj, 0); + + /* is it a recognized user ? */ + if (!subobj) { + /* not recognized!! */ + AFB_INFO("unrecognized key for %s", url ? : "?"); + json_object_put(object); + goto end; + } + + do_login(subobj); + json_object_put(object); +end: + free(url); +} + +static void upload_request(const char *address) +{ + char *url = get_upload_url(address); + if (url) + aia_get(url, expiration_delay, oidc_name, oidc_name, uploaded, url); + else + AFB_ERROR("out of memory"); +} + +static void subscribe (struct afb_req request) +{ + int rc; + + rc = afb_req_subscribe(request, event); + if (rc < 0) + afb_req_fail(request, "failed", "subscribtion failed"); + else + afb_req_success(request, NULL, NULL); +} + +static void unsubscribe (struct afb_req request) +{ + afb_req_unsubscribe(request, event); + afb_req_success(request, NULL, NULL); +} + +static void login (struct afb_req request) +{ + afb_req_fail(request, "not-implemented-yet", NULL); +} + +static void logout (struct afb_req request) +{ + do_logout(); + afb_req_success(request, NULL, NULL); +} + +static void get (struct afb_req request) +{ + afb_req_success(request, json_object_get(current_identity), NULL); +} + +static void success (struct afb_req request) +{ + afb_req_success(request, NULL, NULL); +} + +static int service_init() +{ + int rc; + + event = afb_daemon_make_event("event"); + if (!afb_event_is_valid(event)) + return -1; + + readconfig(); + + return 0; +} + + +// NOTE: this sample does not use session to keep test a basic as possible +// in real application most APIs should be protected with AFB_SESSION_CHECK +static const struct afb_verb_v2 verbs[]= +{ + {"subscribe" , subscribe , NULL, "subscribe to events" , AFB_SESSION_NONE }, + {"unsubscribe", unsubscribe , NULL, "unsubscribe to events" , AFB_SESSION_NONE }, + {"login" , login , NULL, "log a user in" , AFB_SESSION_NONE }, + {"logout" , logout , NULL, "log the current user out", AFB_SESSION_NONE }, + {"get" , get , NULL, "get data" , AFB_SESSION_NONE }, + {NULL} +}; + +const struct afb_binding_v2 afbBindingV2 = +{ + .api = "identity", + .specification = NULL, + .info = "AGL identity service", + .verbs = verbs, + .preinit = NULL, + .init = service_init, + .onevent = NULL, + .noconcurrency = 0 +}; + +/* vim: set colorcolumn=80: */ + -- cgit 1.2.3-korg