Merge branch 'jul/oidc-auth-code-verification' into 'master'

Add authorization code verification method

See merge request TankerHQ/sdk-rust!178

Author: tux3

Cargo.toml

@@ -34,9 +34,13 @@ base64 = "<0.20"
 # This dep really depends on feature http, but can't express that due to https://github.com/rust-lang/cargo/issues/6915
 async-std = { version = "1.12.0", features = ["attributes"] }
 
+# Self reference to enable "test only" features
+tankersdk = { path = ".", features = ["experimental-oidc"], default-features = false }
+
 [features]
 default = ["http"]
 http = ["tokio/rt-multi-thread", "dep:reqwest", "dep:bytes"]
+experimental-oidc = []
 # Use system certificate store in addition to WebPKI roots.
 # Rustls only supports the sytem store on Windows/Linux/Mac, but this feature also enables the SSL_CERT_FILE env var.
 # If you use self-signed certificates, enable this feature and add your cert to SSL_CERT_FILE or to the system store.

src/core.rs

@@ -368,6 +368,21 @@ impl Core {
     pub fn prehash_password(password: &str) -> Result<String, Error> {
         block_on(CTankerLib::get().prehash_password(password))
     }
+
+    #[cfg(feature = "experimental-oidc")]
+    pub async fn authenticate_with_idp(
+        &self,
+        provider_id: &str,
+        cookie: &str,
+    ) -> Result<Verification, Error> {
+        let provider_id = CString::new(provider_id).unwrap();
+        let cookie = CString::new(cookie).unwrap();
+        Ok(unsafe {
+            CTankerLib::get()
+                .authenticate_with_idp(self.ctanker, provider_id.as_ref(), cookie.as_ref())
+                .await?
+        })
+    }
 }
 
 impl Drop for Core {

src/ctanker.rs

@@ -20,32 +20,40 @@ macro_rules! tanker_call_ext {
 }
 
 mod cfuture;
-
 pub(crate) use cfuture::*;
-use std::marker::PhantomData;
 
-mod cstream;
+#[cfg(feature = "http")]
+pub mod chttp;
+#[cfg(feature = "http")]
+pub(crate) use chttp::*;
 
+mod cstream;
 pub use cstream::*;
 
+use crate::http::HttpClient;
+use crate::{
+    AttachResult, EncryptionOptions, Error, ErrorCode, LogRecord, LogRecordLevel, Options, Padding,
+    SharingOptions, Status, VerificationMethod, VerificationOptions,
+};
+use lazy_static::lazy_static;
+use num_enum::UnsafeFromPrimitive;
+use std::convert::TryFrom;
+use std::ffi::{c_void, CStr, CString};
+use std::marker::PhantomData;
+use std::os::raw::c_char;
+use std::ptr::NonNull;
+use std::sync::{Arc, Mutex, Once};
+
 use self::bindings::*;
 
 pub type CVerification = tanker_verification;
 pub type CEmailVerification = tanker_email_verification;
 pub type CPhoneNumberVerification = tanker_phone_number_verification;
+pub type COIDCAuthorizationCodeVerification = tanker_oidc_authorization_code_verification;
 pub type CVerificationMethod = tanker_verification_method;
 pub type CPreverifiedOIDCVerification = tanker_preverified_oidc_verification;
 pub type CEncSessPtr = *mut tanker_encryption_session_t;
 pub type LogHandlerCallback = Box<dyn Fn(LogRecord) + Send>;
-#[cfg(feature = "http")]
-pub type CHttpRequestHandle = *mut tanker_http_request_handle_t;
-
-#[derive(Debug)]
-#[cfg_attr(not(feature = "http"), allow(dead_code))]
-pub struct CHttpRequest(pub(crate) *mut tanker_http_request_t);
-
-// SAFETY: ctanker is thread-safe
-unsafe impl Send for CHttpRequest {}
 
 #[derive(Copy, Clone, Debug)]
 pub struct CTankerPtr(pub(crate) *mut tanker_t);
@@ -62,19 +70,6 @@ unsafe impl Send for CVerificationPtr {}
 // SAFETY: ctanker is thread-safe
 unsafe impl Send for tanker_http_options {}
 
-use crate::http::HttpClient;
-use crate::{
-    AttachResult, EncryptionOptions, Error, ErrorCode, LogRecord, LogRecordLevel, Options, Padding,
-    SharingOptions, Status, VerificationMethod, VerificationOptions,
-};
-use lazy_static::lazy_static;
-use num_enum::UnsafeFromPrimitive;
-use std::convert::TryFrom;
-use std::ffi::{c_void, CStr, CString};
-use std::os::raw::c_char;
-use std::ptr::NonNull;
-use std::sync::{Arc, Mutex, Once};
-
 pub(crate) static RUST_SDK_VERSION: &str = env!("CARGO_PKG_VERSION");
 pub(crate) static RUST_SDK_TYPE: &str = "client-rust";
 
@@ -128,50 +123,6 @@ unsafe extern "C" fn log_handler_thunk(clog: *const tanker_log_record) {
     callback(record);
 }
 
-#[cfg(feature = "http")]
-unsafe extern "C" fn send_http_request(
-    creq_ptr: *mut tanker_http_request,
-    data: *mut c_void,
-) -> CHttpRequestHandle {
-    let client = data as *const HttpClient;
-
-    // client is an Arc on the Rust side, but it's a raw pointer held by native, so Rust can't
-    // fully track its lifetime. Since Arc::drop will decrement the count, we must increment it
-    unsafe { Arc::increment_strong_count(client) };
-
-    // SAFETY: data is set to an Arc<HttpClient> in the tanker_options struct,
-    // and we trust native to not send requests after Core has been dropped
-    let client = unsafe { Arc::from_raw(client) };
-
-    // SAFETY: We trust the request struct from native
-    let req = unsafe { crate::http::HttpRequest::new(CHttpRequest(creq_ptr)) };
-    let req_handle = client.send_request(req);
-
-    // NOTE: If/when strict provenance is stabilized, this should be a std::ptr::invalid()
-    req_handle as CHttpRequestHandle
-}
-
-#[cfg(feature = "http")]
-unsafe extern "C" fn cancel_http_request(
-    creq_ptr: *mut tanker_http_request,
-    handle: CHttpRequestHandle,
-    data: *mut c_void,
-) {
-    let client = data as *const HttpClient;
-
-    // client is an Arc on the Rust side, but it's a raw pointer held by native, so Rust can't
-    // fully track its lifetime. Since Arc::drop will decrement the count, we must increment it
-    unsafe { Arc::increment_strong_count(client) };
-
-    // SAFETY: data is set to an Arc<HttpClient> in the tanker_options struct,
-    // and we trust native to not send requests after Core has been dropped
-    let client = unsafe { Arc::from_raw(client) };
-
-    // SAFETY: We trust the request struct from native
-    let req = unsafe { crate::http::HttpRequest::new(CHttpRequest(creq_ptr)) };
-    client.cancel_request(req, handle as usize);
-}
-
 pub struct CTankerLib {
     #[cfg(target_family = "windows")]
     ctanker_api: ctanker_api,
@@ -217,8 +168,8 @@ impl CTankerLib {
         let http_options = match http_client {
             #[cfg(feature = "http")]
             Some(client) => tanker_http_options {
-                send_request: Some(send_http_request),
-                cancel_request: Some(cancel_http_request),
+                send_request: Some(chttp::send_http_request),
+                cancel_request: Some(chttp::cancel_http_request),
                 data: Arc::as_ptr(&client) as *mut c_void,
             },
             _ => tanker_http_options {
@@ -262,34 +213,6 @@ impl CTankerLib {
         let _: Result<(), _> = fut.await; // Ignore errors, nothing useful we can do if destroy() fails
     }
 
-    #[cfg(feature = "http")]
-    pub unsafe fn http_handle_response(
-        &self,
-        request: CHttpRequest,
-        response: crate::http::HttpResponse,
-    ) {
-        let mut cresponse = tanker_http_response_t {
-            error_msg: response
-                .error_msg
-                .as_ref()
-                .map(|s| s.as_ptr())
-                .unwrap_or(std::ptr::null()),
-            content_type: response
-                .content_type
-                .as_ref()
-                .map(|s| s.as_ptr())
-                .unwrap_or(std::ptr::null()),
-            body: response
-                .body
-                .as_ref()
-                .map(|s| s.as_ptr() as *const c_char)
-                .unwrap_or(std::ptr::null()),
-            body_size: response.body.as_ref().map(|v| v.len()).unwrap_or(0) as i64,
-            status_code: response.status_code as i32,
-        };
-        unsafe { tanker_call!(self, tanker_http_handle_response(request.0, &mut cresponse)) };
-    }
-
     pub unsafe fn status(&self, ctanker: CTankerPtr) -> Status {
         let status = unsafe { tanker_call!(self, tanker_status(ctanker.0)) };
         // SAFETY: The native lib never returns invalid status codes
@@ -642,6 +565,36 @@ impl CTankerLib {
         fut.await
     }
 
+    #[cfg(feature = "experimental-oidc")]
+    pub async unsafe fn authenticate_with_idp(
+        &self,
+        ctanker: CTankerPtr,
+        provider_id: &CStr,
+        cookie: &CStr,
+    ) -> Result<crate::Verification, Error> {
+        let fut = unsafe {
+            CFuture::<*mut tanker_oidc_authorization_code_verification>::new(tanker_call!(
+                self,
+                tanker_authenticate_with_idp(ctanker.0, provider_id.as_ptr(), cookie.as_ptr(),)
+            ))
+        };
+        let cresult: &mut tanker_oidc_authorization_code_verification = unsafe { &mut *fut.await? };
+
+        // SAFETY: If we get a valid OIDCAuthorizationCode verification method, every field is a valid string
+        let c_authorization_code = unsafe { CStr::from_ptr(cresult.authorization_code) };
+        let authorization_code = c_authorization_code.to_str().unwrap().into();
+        let c_state = unsafe { CStr::from_ptr(cresult.state) };
+        let state = c_state.to_str().unwrap().into();
+
+        unsafe { tanker_call!(self, tanker_free_authenticate_with_idp_result(cresult)) }
+
+        Ok(crate::Verification::OIDCAuthorizationCode {
+            provider_id: provider_id.to_str().unwrap().into(),
+            authorization_code,
+            state,
+        })
+    }
+
     pub async unsafe fn encryption_session_open(
         &self,
         ctanker: CTankerPtr,

src/ctanker/chttp.rs

@@ -0,0 +1,88 @@
+use crate::ctanker::*;
+
+pub type CHttpRequestHandle = *mut tanker_http_request_handle_t;
+pub type CHttpHeader = tanker_http_header;
+
+#[derive(Debug)]
+pub struct CHttpRequest(pub(crate) *mut tanker_http_request_t);
+
+// SAFETY: ctanker is thread-safe
+unsafe impl Send for CHttpRequest {}
+
+pub unsafe extern "C" fn send_http_request(
+    creq_ptr: *mut tanker_http_request,
+    data: *mut c_void,
+) -> CHttpRequestHandle {
+    let client = data as *const HttpClient;
+
+    // client is an Arc on the Rust side, but it's a raw pointer held by native, so Rust can't
+    // fully track its lifetime. Since Arc::drop will decrement the count, we must increment it
+    unsafe { Arc::increment_strong_count(client) };
+
+    // SAFETY: data is set to an Arc<HttpClient> in the tanker_options struct,
+    // and we trust native to not send requests after Core has been dropped
+    let client = unsafe { Arc::from_raw(client) };
+
+    // SAFETY: We trust the request struct from native
+    let req = unsafe { crate::http::request::HttpRequest::new(CHttpRequest(creq_ptr)) };
+    let req_handle = client.send_request(req);
+
+    // NOTE: If/when strict provenance is stabilized, this should be a std::ptr::invalid()
+    req_handle as CHttpRequestHandle
+}
+
+pub unsafe extern "C" fn cancel_http_request(
+    creq_ptr: *mut tanker_http_request,
+    handle: CHttpRequestHandle,
+    data: *mut c_void,
+) {
+    let client = data as *const HttpClient;
+
+    // client is an Arc on the Rust side, but it's a raw pointer held by native, so Rust can't
+    // fully track its lifetime. Since Arc::drop will decrement the count, we must increment it
+    unsafe { Arc::increment_strong_count(client) };
+
+    // SAFETY: data is set to an Arc<HttpClient> in the tanker_options struct,
+    // and we trust native to not send requests after Core has been dropped
+    let client = unsafe { Arc::from_raw(client) };
+
+    // SAFETY: We trust the request struct from native
+    let req = unsafe { crate::http::request::HttpRequest::new(CHttpRequest(creq_ptr)) };
+    client.cancel_request(req, handle as usize);
+}
+
+impl CTankerLib {
+    pub unsafe fn http_handle_response(
+        &self,
+        request: CHttpRequest,
+        response: crate::http::response::HttpResponse,
+    ) {
+        let cheaders = response
+            .headers
+            .iter()
+            .map(|header| tanker_http_header_t {
+                name: header.name.as_ptr() as *const c_char,
+                value: header.value.as_ptr() as *const c_char,
+            })
+            .collect::<Vec<_>>();
+
+        let mut cresponse = tanker_http_response_t {
+            error_msg: response
+                .error_msg
+                .as_ref()
+                .map(|s| s.as_ptr())
+                .unwrap_or(std::ptr::null()),
+            headers: cheaders.as_ptr() as *mut tanker_http_header_t,
+            num_headers: response.headers.len() as i32,
+            body: response
+                .body
+                .as_ref()
+                .map(|s| s.as_ptr() as *const c_char)
+                .unwrap_or(std::ptr::null()),
+            body_size: response.body.as_ref().map(|v| v.len()).unwrap_or(0) as i64,
+            status_code: response.status_code as i32,
+        };
+
+        unsafe { tanker_call!(self, tanker_http_handle_response(request.0, &mut cresponse)) };
+    }
+}

src/http.rs

@@ -1,49 +1,6 @@
-#[cfg_attr(not(feature = "http"), path = "http/client_disabled.rs")]
 mod client;
-pub use client::HttpClient;
-
-#[cfg(feature = "http")]
-mod response;
-#[cfg(feature = "http")]
-pub use response::HttpResponse;
+pub mod request;
+pub mod response;
 
-#[cfg(feature = "http")]
+pub use client::HttpClient;
 pub type HttpRequestId = usize;
-
-use crate::ctanker::CHttpRequest;
-
-// NOTE: The member lifetimes are marked as 'static, but they really have the lifetime of crequest,
-//       which cannot easily be expressed (lifetime is essentially 'self, without self-references).
-#[derive(Debug)]
-#[cfg_attr(not(feature = "http"), allow(dead_code))]
-pub struct HttpRequest {
-    pub(crate) crequest: CHttpRequest,
-    pub(crate) method: &'static str,
-    pub(crate) url: &'static str,
-    pub(crate) instance_id: &'static str,
-    pub(crate) authorization: Option<&'static str>,
-    pub(crate) body: &'static [u8],
-}
-
-#[cfg(feature = "http")]
-impl HttpRequest {
-    pub unsafe fn new(crequest: CHttpRequest) -> Self {
-        use std::ffi::CStr;
-
-        // SAFETY: We trust that native strings are UTF-8 and the pointer/sizes are valid
-        let creq = unsafe { &*crequest.0 };
-        let authorization = if creq.authorization.is_null() {
-            None
-        } else {
-            Some(CStr::from_ptr(creq.authorization).to_str().unwrap())
-        };
-        Self {
-            crequest,
-            method: CStr::from_ptr(creq.method).to_str().unwrap(),
-            url: CStr::from_ptr(creq.url).to_str().unwrap(),
-            instance_id: CStr::from_ptr(creq.instance_id).to_str().unwrap(),
-            authorization,
-            body: std::slice::from_raw_parts(creq.body as *const u8, creq.body_size as usize),
-        }
-    }
-}