1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 20 /*************************************************************************** 21 * Copyright (C) 2017-2021 ZmartZone Holding BV 22 * Copyright (C) 2013-2017 Ping Identity Corporation 23 * All rights reserved. 24 * 25 * DISCLAIMER OF WARRANTIES: 26 * 27 * THE SOFTWARE PROVIDED HEREUNDER IS PROVIDED ON AN "AS IS" BASIS, WITHOUT 28 * ANY WARRANTIES OR REPRESENTATIONS EXPRESS, IMPLIED OR STATUTORY; INCLUDING, 29 * WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NONINFRINGEMENT, 30 * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NOR ARE THERE ANY 31 * WARRANTIES CREATED BY A COURSE OR DEALING, COURSE OF PERFORMANCE OR TRADE 32 * USAGE. FURTHERMORE, THERE ARE NO WARRANTIES THAT THE SOFTWARE WILL MEET 33 * YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT THE OPERATION OF THE SOFTWARE 34 * WILL BE UNINTERRUPTED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR 35 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 36 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND ON ANY THEORY OF 37 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 38 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 39 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 40 * 41 * Validation and parsing of configuration values. 42 * 43 * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu 44 */ 45 46 #ifndef MOD_AUTH_OPENIDC_PARSE_H_ 47 #define MOD_AUTH_OPENIDC_PARSE_H_ 48 49 #include "apr_pools.h" 50 51 #define OIDC_CONFIG_STRING_UNSET "_UNSET_" 52 #define OIDC_CONFIG_STRING_EMPTY "" 53 #define OIDC_CONFIG_POS_INT_UNSET -1 54 55 #define OIDC_CLAIM_FORMAT_RELATIVE "relative" 56 #define OIDC_CLAIM_FORMAT_ABSOLUTE "absolute" 57 #define OIDC_CLAIM_REQUIRED_MANDATORY "mandatory" 58 #define OIDC_CLAIM_REQUIRED_OPTIONAL "optional" 59 60 #define OIDC_PKCE_METHOD_PLAIN "plain" 61 #define OIDC_PKCE_METHOD_S256 "S256" 62 #define OIDC_PKCE_METHOD_REFERRED_TB "referred_tb" 63 64 #define OIDC_ENDPOINT_AUTH_CLIENT_SECRET_BASIC "client_secret_basic" 65 66 const char *oidc_valid_url(apr_pool_t *pool, const char *arg, const char *scheme); 67 const char *oidc_valid_http_url(apr_pool_t *pool, const char *arg); 68 const char *oidc_valid_dir(apr_pool_t *pool, const char *arg); 69 const char *oidc_valid_cookie_domain(apr_pool_t *pool, const char *arg); 70 const char *oidc_valid_endpoint_auth_method(apr_pool_t *pool,const char *arg); 71 const char *oidc_valid_endpoint_auth_method_no_private_key(apr_pool_t *pool, const char *arg); 72 const char *oidc_valid_response_type(apr_pool_t *pool, const char *arg); 73 const char *oidc_valid_pkce_method(apr_pool_t *pool, const char *arg); 74 const char *oidc_valid_response_mode(apr_pool_t *pool, const char *arg); 75 const char *oidc_valid_signed_response_alg(apr_pool_t *pool, const char *arg); 76 const char *oidc_valid_encrypted_response_alg(apr_pool_t *pool, const char *arg); 77 const char *oidc_valid_encrypted_response_enc(apr_pool_t *pool, const char *arg); 78 const char *oidc_valid_claim_format(apr_pool_t *pool, const char *arg); 79 const char *oidc_valid_introspection_method(apr_pool_t *pool, const char *arg); 80 const char *oidc_valid_session_max_duration(apr_pool_t *pool, int v); 81 const char *oidc_valid_jwks_refresh_interval(apr_pool_t *pool, int v); 82 const char *oidc_valid_idtoken_iat_slack(apr_pool_t *pool, int v); 83 const char *oidc_valid_userinfo_refresh_interval(apr_pool_t *pool, int v); 84 const char *oidc_valid_userinfo_token_method(apr_pool_t *pool, const char *arg); 85 const char *oidc_valid_token_binding_policy(apr_pool_t *pool, const char *arg); 86 const char *oidc_valid_auth_request_method(apr_pool_t *pool, const char *arg); 87 const char *oidc_valid_max_number_of_state_cookies(apr_pool_t *pool, int v); 88 89 const char *oidc_parse_int(apr_pool_t *pool, const char *arg, int *int_value); 90 const char *oidc_parse_boolean(apr_pool_t *pool, const char *arg, int *bool_value); 91 92 const char *oidc_parse_cache_type(apr_pool_t *pool, const char *arg, oidc_cache_t **type); 93 const char *oidc_parse_session_type(apr_pool_t *pool, const char *arg, int *type, int *persistent); 94 const char *oidc_parse_cache_shm_entry_size_max(apr_pool_t *pool, const char *arg, int *int_value); 95 const char *oidc_parse_session_inactivity_timeout(apr_pool_t *pool, const char *arg, int *int_value); 96 const char *oidc_parse_session_max_duration(apr_pool_t *pool, const char *arg, int *int_value); 97 const char *oidc_parse_enc_kid_key_tuple(apr_pool_t *pool, const char *tuple, char **kid, char **key, int *key_len, apr_byte_t triplet); 98 const char *oidc_parse_pass_idtoken_as(apr_pool_t *pool, const char *v1, const char *v2, const char *v3, int *int_value); 99 const char *oidc_parse_pass_userinfo_as(apr_pool_t *pool, const char *v1, const char *v2, const char *v3, int *int_value); 100 const char *oidc_parse_logout_on_error_refresh_as(apr_pool_t *pool, const char *v1, int *int_value); 101 const char *oidc_parse_accept_oauth_token_in(apr_pool_t *pool, const char *arg, int *b_value, apr_hash_t *list_options); 102 const char *oidc_accept_oauth_token_in2str(apr_pool_t *pool, apr_byte_t v); 103 const char *oidc_parse_claim_required(apr_pool_t *pool, const char *arg, int *is_required); 104 const char *oidc_parse_set_claims_as(apr_pool_t *pool, const char *arg, int *in_headers, int *in_env_vars); 105 const char *oidc_parse_unauth_action(apr_pool_t *pool, const char *arg, int *action); 106 const char *oidc_parse_unautz_action(apr_pool_t *pool, const char *arg, int *action); 107 const char *oidc_parse_jwks_refresh_interval(apr_pool_t *pool, const char *arg, int *int_value); 108 const char *oidc_parse_idtoken_iat_slack(apr_pool_t *pool, const char *arg, int *int_value); 109 const char *oidc_parse_userinfo_refresh_interval(apr_pool_t *pool, const char *arg, int *int_value); 110 const char *oidc_parse_userinfo_token_method(apr_pool_t *pool, const char *arg, int *int_value); 111 const char *oidc_parse_info_hook_data(apr_pool_t *pool, const char *arg, apr_hash_t **hook_data); 112 const char *oidc_parse_token_binding_policy(apr_pool_t *pool, const char *arg, int *int_value); 113 const char *oidc_token_binding_policy2str(apr_pool_t *pool, int v); 114 const char *oidc_parse_auth_request_method(apr_pool_t *pool, const char *arg, int *method); 115 const char *oidc_parse_max_number_of_state_cookies(apr_pool_t *pool, const char *arg1, const char *arg2, int *int_value, int *bool_value); 116 const char *oidc_parse_refresh_access_token_before_expiry(apr_pool_t *pool, const char *arg, int *int_value); 117 const char *oidc_parse_set_state_input_headers_as(apr_pool_t *pool, const char *arg, apr_byte_t *state_input_headers); 118 119 typedef const char *(*oidc_valid_int_function_t)(apr_pool_t *, int); 120 typedef const char *(*oidc_valid_function_t)(apr_pool_t *, const char *); 121 const char *oidc_valid_string_in_array(apr_pool_t *pool, json_t *json, const char *key, oidc_valid_function_t valid_function, char **value, apr_byte_t optional, const char *preference); 122 123 #endif /* MOD_AUTH_OPENIDC_PARSE_H_ */ 124