-
Notifications
You must be signed in to change notification settings - Fork 727
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Update WWW - Update version requirement of BUILD_DEPENDS - Use USES=pathfix to fix .pc installation - Use complete arguments/options - Update pkg-descr - Take maintainership Changes: https://github.com/babelouest/iddawc/releases
- Loading branch information
Showing
5 changed files
with
75 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,41 @@ | ||
PORTNAME= iddawc | ||
PORTVERSION= 1.1.8 | ||
DISTVERSIONPREFIX= v | ||
DISTVERSION= 1.1.7 | ||
CATEGORIES= security | ||
|
||
MAINTAINER= ports@FreeBSD.org | ||
COMMENT= OAuth2/OIDC Client and Relying Party library | ||
WWW= https://github.com/babelouest/iddawc | ||
WWW= https://babelouest.github.io/iddawc/ \ | ||
https://github.com/babelouest/iddawc | ||
|
||
LICENSE= LGPL21 | ||
LICENSE_FILE= ${WRKSRC}/LICENSE | ||
|
||
BUILD_DEPENDS= yder>1.4.14:devel/yder \ | ||
orcania>2.2.1:devel/orcania \ | ||
gnutls>0:security/gnutls | ||
BUILD_DEPENDS= jansson>=2.11:devel/jansson \ | ||
orcania>=2.3.2:devel/orcania \ | ||
rhonabwy>=1.1.10:security/rhonabwy \ | ||
ulfius>=2.7.12:www/ulfius \ | ||
yder>=1.4.14:devel/yder | ||
LIB_DEPENDS= libcurl.so:ftp/curl \ | ||
libjansson.so:devel/jansson \ | ||
libgnutls.so:security/gnutls \ | ||
liborcania.so:devel/orcania \ | ||
libyder.so:devel/yder \ | ||
libjansson.so:devel/jansson \ | ||
libmicrohttpd.so:www/libmicrohttpd \ | ||
liborcania.so:devel/orcania \ | ||
librhonabwy.so:security/rhonabwy \ | ||
libulfius.so:www/ulfius | ||
libulfius.so:www/ulfius \ | ||
libyder.so:devel/yder | ||
|
||
USES= cmake | ||
USES= cmake pathfix | ||
|
||
CMAKE_OFF= BUILD_IDDAWC_DOCUMENTATION BUILD_IDDAWC_TESTING BUILD_RPM DOWNLOAD_DEPENDENCIES | ||
CMAKE_ON= BUILD_IDWCC BUILD_STATIC INSTALL_HEADER SEARCH_ORCANIA_I SEARCH_RHONABWY_I SEARCH_ULFIUS_I SEARCH_YDER_I | ||
|
||
PLIST_SUB= PORTVERSION=${PORTVERSION} | ||
|
||
USE_GITHUB= yes | ||
GH_ACCOUNT= babelouest | ||
|
||
CMAKE_ARGS= -DWITH_JOURNALD=off | ||
|
||
PLIST_SUB= DISTVERSION=${DISTVERSION} | ||
post-install: | ||
${INSTALL_DATA} ${INSTALL_WRKSRC}/libiddawc.a ${STAGEDIR}${PREFIX}/lib/libiddawc.a | ||
|
||
.include <bsd.port.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
TIMESTAMP = 1670088803 | ||
SHA256 (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 7dd6cc28cd3e25bce590aab7a4f7603c1e57ad882546a622af9e77f584845ab0 | ||
SIZE (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 1488869 | ||
TIMESTAMP = 1686496690 | ||
SHA256 (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1e075ffd64b26ab042b571473d4be6d6fcfc11f348b4833c79af52d70573dc59 | ||
SIZE (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1463208 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- src/iddawc.c.orig 2022-12-17 21:23:54 UTC | ||
+++ src/iddawc.c | ||
@@ -4972,7 +4972,7 @@ int i_verify_id_token(struct _i_session * i_session) { | ||
if (alg != GNUTLS_DIG_UNKNOWN) { | ||
hash_data.data = (unsigned char*)i_session->access_token; | ||
hash_data.size = (unsigned int)o_strlen(i_session->access_token); | ||
- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { | ||
+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { | ||
if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { | ||
if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "at_hash")), hash_encoded_len) != 0) { | ||
y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token at - at_hash invalid"); | ||
@@ -5000,7 +5000,7 @@ int i_verify_id_token(struct _i_session * i_session) { | ||
if (alg != GNUTLS_DIG_UNKNOWN) { | ||
hash_data.data = (unsigned char*)i_session->code; | ||
hash_data.size = (unsigned int)o_strlen(i_session->code); | ||
- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { | ||
+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { | ||
if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { | ||
if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "c_hash")), hash_encoded_len) != 0) { | ||
y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - c_hash invalid"); | ||
@@ -5028,7 +5028,7 @@ int i_verify_id_token(struct _i_session * i_session) { | ||
if (alg != GNUTLS_DIG_UNKNOWN) { | ||
hash_data.data = (unsigned char*)i_session->state; | ||
hash_data.size = (unsigned int)o_strlen(i_session->state); | ||
- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { | ||
+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { | ||
if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { | ||
if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "s_hash")), hash_encoded_len) != 0) { | ||
y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - s_hash invalid"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,23 @@ | ||
Handles the OAuth2 and OpenID Connect authentication process flow from the | ||
client side. | ||
Iddawc is a C library used to implement OAuth2/OIDC clients according to the | ||
OAuth2 RFC and the OpenID Connect Specs. | ||
|
||
* Generates requests based on input parameters | ||
* Parses response | ||
* Validates response values | ||
It's based on Ulfius library for the HTTP requests and response management and | ||
Rhonabwy library for the JOSE management. | ||
|
||
Supported response_types: code, token, id_token, password, client_credentials, | ||
refresh_token, device_code | ||
|
||
Supported client authentication methods: client_secret_basic, | ||
client_secret_post, client_secret_jwt, private_key_jwt | ||
Iddawc supports the following features: | ||
- Loading openid-configuration endpoints and parsing the results | ||
- Making auth requests using the given parameters (client_id, client_secret, | ||
redirect_uri, etc.) and parsing the result | ||
- Making token requests using the given parameters (code, client_id, | ||
client_secret, redirect_uri, etc.) and parsing the result | ||
- Making userinfo, token introspection, token revocation requests | ||
- Parse responses, validate id_token | ||
- Registering new clients using the register endpoint if any | ||
- Sending signed and or encrypted requests in the auth and token endpoints | ||
- Client TLS Authentication available | ||
- Making Pushed Auth Requests | ||
- Making Rich Auth Requests | ||
- Adding claims to requests | ||
- Sending DPoP proofs | ||
- JWT Secured Authorization Response Mode | ||
- End session and single-logout functionalities |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters