From: Aki Tuomi Date: Wed, 3 Jun 2020 12:35:48 +0000 (+0300) Subject: lib-oauth2: Rename algo to alg X-Git-Tag: 2.3.11.2~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66cfb35ba35218d2d93530d25e61d73b3a40d57e;p=thirdparty%2Fdovecot%2Fcore.git lib-oauth2: Rename algo to alg It's the field name. --- diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c index aaac16ead3..f8e9529031 100644 --- a/src/lib-oauth2/oauth2-jwt.c +++ b/src/lib-oauth2/oauth2-jwt.c @@ -46,23 +46,23 @@ static int get_time_field(const struct json_tree *tree, const char *key, } static int oauth2_lookup_hmac_key(const struct oauth2_settings *set, - const char *algo, const char *key_id, + const char *alg, const char *key_id, const buffer_t **hmac_key_r, const char **error_r) { const char *base64_key; - const char *cache_key_id = t_strconcat(key_id, ".", algo, NULL); + const char *cache_key_id = t_strconcat(key_id, ".", alg, NULL); if (oauth2_validation_key_cache_lookup_hmac_key(set->key_cache, cache_key_id, hmac_key_r) == 0) return 0; int ret; - const char *lookup_key = t_strconcat(DICT_PATH_SHARED, algo, "/", key_id, NULL); + const char *lookup_key = t_strconcat(DICT_PATH_SHARED, alg, "/", key_id, NULL); /* do a synchronous dict lookup */ if ((ret = dict_lookup(set->key_dict, pool_datastack_create(), lookup_key, &base64_key, error_r)) < 0) { return -1; } else if (ret == 0) { - *error_r = t_strdup_printf("%s key '%s' not found", algo, key_id); + *error_r = t_strdup_printf("%s key '%s' not found", alg, key_id); return -1; } @@ -78,23 +78,23 @@ static int oauth2_lookup_hmac_key(const struct oauth2_settings *set, } static int oauth2_validate_hmac(const struct oauth2_settings *set, - const char *algo, const char *key_id, + const char *alg, const char *key_id, const char *const *blobs, const char **error_r) { const struct hash_method *method; - if (strcmp(algo, "HS256") == 0) + if (strcmp(alg, "HS256") == 0) method = hash_method_lookup("sha256"); - else if (strcmp(algo, "HS384") == 0) + else if (strcmp(alg, "HS384") == 0) method = hash_method_lookup("sha384"); - else if (strcmp(algo, "HS512") == 0) + else if (strcmp(alg, "HS512") == 0) method = hash_method_lookup("sha512"); else { - *error_r = t_strdup_printf("unsupported algorithm '%s'", algo); + *error_r = t_strdup_printf("unsupported algorithm '%s'", alg); return -1; } const buffer_t *key; - if (oauth2_lookup_hmac_key(set, algo, key_id, &key, error_r) < 0) + if (oauth2_lookup_hmac_key(set, alg, key_id, &key, error_r) < 0) return -1; struct hmac_context ctx; hmac_init(&ctx, key->data, key->used, method); @@ -116,22 +116,22 @@ static int oauth2_validate_hmac(const struct oauth2_settings *set, } static int oauth2_lookup_pubkey(const struct oauth2_settings *set, - const char *algo, const char *key_id, + const char *alg, const char *key_id, struct dcrypt_public_key **key_r, const char **error_r) { const char *key_str; - const char *cache_key_id = t_strconcat(key_id, ".", algo, NULL); + const char *cache_key_id = t_strconcat(key_id, ".", alg, NULL); if (oauth2_validation_key_cache_lookup_pubkey(set->key_cache, cache_key_id, key_r) == 0) return 0; int ret; - const char *lookup_key = t_strconcat(DICT_PATH_SHARED, algo, "/", key_id, NULL); + const char *lookup_key = t_strconcat(DICT_PATH_SHARED, alg, "/", key_id, NULL); /* do a synchronous dict lookup */ if ((ret = dict_lookup(set->key_dict, pool_datastack_create(), lookup_key, &key_str, error_r)) < 0) { return -1; } else if (ret == 0) { - *error_r = t_strdup_printf("%s key '%s' not found", algo, key_id); + *error_r = t_strdup_printf("%s key '%s' not found", alg, key_id); return -1; } @@ -150,7 +150,7 @@ static int oauth2_lookup_pubkey(const struct oauth2_settings *set, } static int oauth2_validate_rsa_ecdsa(const struct oauth2_settings *set, - const char *algo, const char *key_id, + const char *alg, const char *key_id, const char *const *blobs, const char **error_r) { const char *method; @@ -161,13 +161,13 @@ static int oauth2_validate_rsa_ecdsa(const struct oauth2_settings *set, return -1; } - if (str_begins(algo, "RS")) { + if (str_begins(alg, "RS")) { padding = DCRYPT_PADDING_RSA_PKCS1; sig_format = DCRYPT_SIGNATURE_FORMAT_DSS; - } else if (str_begins(algo, "PS")) { + } else if (str_begins(alg, "PS")) { padding = DCRYPT_PADDING_RSA_PKCS1_PSS; sig_format = DCRYPT_SIGNATURE_FORMAT_DSS; - } else if (str_begins(algo, "ES")) { + } else if (str_begins(alg, "ES")) { padding = DCRYPT_PADDING_DEFAULT; sig_format = DCRYPT_SIGNATURE_FORMAT_X962; } else { @@ -175,14 +175,14 @@ static int oauth2_validate_rsa_ecdsa(const struct oauth2_settings *set, i_unreached(); } - if (strcmp(algo+2, "256") == 0) { + if (strcmp(alg+2, "256") == 0) { method = "sha256"; - } else if (strcmp(algo+2, "384") == 0) { + } else if (strcmp(alg+2, "384") == 0) { method = "sha384"; - } else if (strcmp(algo+2, "512") == 0) { + } else if (strcmp(alg+2, "512") == 0) { method = "sha512"; } else { - *error_r = t_strdup_printf("Unsupported algorithm '%s'", algo); + *error_r = t_strdup_printf("Unsupported algorithm '%s'", alg); return -1; } @@ -190,7 +190,7 @@ static int oauth2_validate_rsa_ecdsa(const struct oauth2_settings *set, t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); struct dcrypt_public_key *pubkey; - if (oauth2_lookup_pubkey(set, algo, key_id, &pubkey, error_r) < 0) + if (oauth2_lookup_pubkey(set, alg, key_id, &pubkey, error_r) < 0) return -1; /* data to verify */ @@ -209,16 +209,16 @@ static int oauth2_validate_rsa_ecdsa(const struct oauth2_settings *set, } static int oauth2_validate_signature(const struct oauth2_settings *set, - const char *algo, const char *key_id, + const char *alg, const char *key_id, const char *const *blobs, const char **error_r) { - if (str_begins(algo, "HS")) - return oauth2_validate_hmac(set, algo, key_id, blobs, error_r); - else if (str_begins(algo, "RS") || str_begins(algo, "PS") || - str_begins(algo, "ES")) - return oauth2_validate_rsa_ecdsa(set, algo, key_id, blobs, error_r); + if (str_begins(alg, "HS")) + return oauth2_validate_hmac(set, alg, key_id, blobs, error_r); + else if (str_begins(alg, "RS") || str_begins(alg, "PS") || + str_begins(alg, "ES")) + return oauth2_validate_rsa_ecdsa(set, alg, key_id, blobs, error_r); - *error_r = t_strdup_printf("Unsupported algorithm '%s'", algo); + *error_r = t_strdup_printf("Unsupported algorithm '%s'", alg); return -1; } @@ -255,7 +255,7 @@ oauth2_jwt_header_process(struct json_tree *tree, const char **alg_r, const char **kid_r, const char **error_r) { const char *typ = get_field(tree, "typ"); - const char *algo = get_field(tree, "alg"); + const char *alg = get_field(tree, "alg"); const char *kid = get_field(tree, "kid"); if (null_strcmp(typ, "JWT") != 0) { @@ -263,14 +263,14 @@ oauth2_jwt_header_process(struct json_tree *tree, const char **alg_r, return -1; } - if (algo == NULL) { + if (alg == NULL) { *error_r = "Cannot find 'alg' field"; return -1; } /* These are lost when tree is deinitialized. Make sure algorithm is uppercased. */ - *alg_r = t_str_ucase(algo); + *alg_r = t_str_ucase(alg); *kid_r = t_strdup(kid); return 0; } @@ -379,8 +379,8 @@ int oauth2_try_parse_jwt(const struct oauth2_settings *set, if (oauth2_json_tree_build(header, &header_tree, error_r) < 0) return -1; - const char *algo, *kid; - ret = oauth2_jwt_header_process(header_tree, &algo, &kid, error_r); + const char *alg, *kid; + ret = oauth2_jwt_header_process(header_tree, &alg, &kid, error_r); json_tree_deinit(&header_tree); if (ret < 0) return -1; @@ -396,7 +396,7 @@ int oauth2_try_parse_jwt(const struct oauth2_settings *set, } /* from now on, this is considered a JWT token. try to validate signature. */ - if (oauth2_validate_signature(set, algo, kid, blobs, error_r) < 0) + if (oauth2_validate_signature(set, alg, kid, blobs, error_r) < 0) return -1; /* then parse the actual body */