refactor proto.c into subdir and files

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
OpenIDC · Jun 4, 2024 · 38bf65b · 38bf65b
1 parent aebd9ed
commit 38bf65b
Show file tree

Hide file tree

Showing 35 changed files with 3,726 additions and 3,281 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,11 @@
+TODO:
+- store token type to pass into oidc_http_get/post calls (bearer/dpop)
+- implement DPoP off|optional|required (default: off)
+- support server provided nonce
+- certify for OIDC and FAPI2
+
 06/04/2024
 - add (client) support for RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-  TODO: must support server provided nonce
 - replace multi-provider .conf "issuer_specific_redirect_uri" boolean with "response_require_iss" boolean
 - tighten up the "aud" claim validation in ID tokens
 - add support for the FAPI 2.0 Security Profile https://openid.net/specs/fapi-2_0-security-profile-ID2.html

diff --git a/Makefile.am b/Makefile.am
@@ -28,9 +28,18 @@ libauth_openidc_la_SOURCES = \
 	src/handle/revoke.c \
 	src/handle/session_management.c \
 	src/handle/userinfo.c \
+	src/proto/auth.c \
+	src/proto/discovery.c \
+	src/proto/dpop.c \
+	src/proto/jwks.c \
+	src/proto/pkce.c \
+	src/proto/proto.c \
+	src/proto/request.c \
+	src/proto/response.c \
+	src/proto/state.c \
+	src/proto/userinfo.c \
 	src/metrics.c \
 	src/oauth.c \
-	src/proto.c \
 	src/util.c \
 	src/http.c \
 	src/session.c \
@@ -81,8 +90,8 @@ noinst_HEADERS = \
 	src/cfg/parse.h \
 	src/mod_auth_openidc.h \
 	src/handle/handle.h \
+	src/proto/proto.h \
 	src/cache/cache.h \
-	src/proto.h \
 	src/oauth.h \
 	src/metadata.h \
 	src/session.h \

diff --git a/src/cfg/cfg.c b/src/cfg/cfg.c
@@ -48,7 +48,7 @@
 #include "cfg/provider.h"
 #include "jose.h"
 #include "metrics.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "session.h"
 #include "util.h"
 

diff --git a/src/cfg/oauth.c b/src/cfg/oauth.c
@@ -44,7 +44,7 @@
 #include "cfg/cfg_int.h"
 #include "cfg/parse.h"
 #include "jose.h"
-#include "proto.h"
+#include "proto/proto.h"
 
 struct oidc_oauth_t {
 

diff --git a/src/cfg/parse.c b/src/cfg/parse.c
@@ -43,7 +43,7 @@
 #include "cfg/parse.h"
 #include "cfg/dir.h"
 #include "const.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "util.h"
 #include <apr_base64.h>
 #include <apr_file_io.h>

diff --git a/src/cfg/provider.c b/src/cfg/provider.c
@@ -43,7 +43,7 @@
 #include "cfg/provider.h"
 #include "cfg/cfg_int.h"
 #include "cfg/parse.h"
-#include "proto.h"
+#include "proto/proto.h"
 
 struct oidc_provider_t {
 	char *metadata_url;

diff --git a/src/handle/authz.c b/src/handle/authz.c
@@ -46,7 +46,7 @@
 #include "metrics.h"
 #include "mod_auth_openidc.h"
 #include "pcre_subst.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "util.h"
 
 static apr_byte_t oidc_authz_match_json_string(request_rec *r, const char *spec, json_t *val, const char *key) {

diff --git a/src/handle/discovery.c b/src/handle/discovery.c
@@ -44,7 +44,7 @@
 #include "handle/handle.h"
 #include "metadata.h"
 #include "mod_auth_openidc.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "util.h"
 
 /* parameter name of the callback URL in the discovery response */
@@ -375,7 +375,7 @@ int oidc_discovery_response(request_rec *r, oidc_cfg_t *c) {
 			user = apr_psprintf(r->pool, "https://%s", user);
 
 		/* got an user identifier as input, perform OP discovery with that */
-		if (oidc_proto_url_based_discovery(r, c, user, &issuer) == FALSE) {
+		if (oidc_proto_discovery_url_based(r, c, user, &issuer) == FALSE) {
 
 			/* something did not work out, show a user facing error */
 			return oidc_util_html_send_error(r, oidc_cfg_html_error_template_get(c), "Invalid Request",
@@ -395,7 +395,7 @@ int oidc_discovery_response(request_rec *r, oidc_cfg_t *c) {
 		}
 
 		/* got an account name as input, perform OP discovery with that */
-		if (oidc_proto_account_based_discovery(r, c, issuer, &issuer) == FALSE) {
+		if (oidc_proto_discovery_account_based(r, c, issuer, &issuer) == FALSE) {
 
 			/* something did not work out, show a user facing error */
 			return oidc_util_html_send_error(r, oidc_cfg_html_error_template_get(c), "Invalid Request",

diff --git a/src/handle/dpop.c b/src/handle/dpop.c
@@ -42,7 +42,7 @@
 
 #include "handle/handle.h"
 #include "mod_auth_openidc.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "util.h"
 
 #define OIDC_DPOP_PARAM_URL "url"

diff --git a/src/handle/handle.h b/src/handle/handle.h
@@ -101,8 +101,6 @@ apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r, oidc_cfg_t *c
 						   int ttl_minimum, apr_byte_t *needs_save);
 
 // request_uri.c
-void oidc_request_uri_add_request_param(request_rec *r, struct oidc_provider_t *provider, const char *redirect_uri,
-					apr_table_t *params);
 int oidc_request_uri(request_rec *r, oidc_cfg_t *c);
 
 // request.c

diff --git a/src/handle/logout.c b/src/handle/logout.c
@@ -43,7 +43,7 @@
 #include "cfg/dir.h"
 #include "handle/handle.h"
 #include "mod_auth_openidc.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "util.h"
 
 #define OIDC_DONT_REVOKE_TOKENS_BEFORE_LOGOUT_ENVVAR "OIDC_DONT_REVOKE_TOKENS_BEFORE_LOGOUT"

diff --git a/src/handle/refresh.c b/src/handle/refresh.c
@@ -43,7 +43,7 @@
 #include "handle/handle.h"
 #include "metrics.h"
 #include "mod_auth_openidc.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "session.h"
 #include "util.h"
 

diff --git a/src/handle/request.c b/src/handle/request.c
@@ -43,7 +43,7 @@
 #include "handle/handle.h"
 #include "metrics.h"
 #include "mod_auth_openidc.h"
-#include "proto.h"
+#include "proto/proto.h"
 #include "util.h"
 
 static int oidc_request_check_cookie_domain(request_rec *r, oidc_cfg_t *c, oidc_proto_state_t *proto_state,