make outgoing_proxy an endpoint property

Signed-off-by: Hans Zandbelt <[email protected]>

ChangeLog

@@ -1,4 +1,7 @@
-10/21/2021
+10/12/2021
+- make outgoing_proxy an endpoint property
+
+10/11/2021
 - add outgoing_proxy option to verify context
 - correct remote_user debug printout
 - release 1.4.3.1

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([liboauth2],[1.4.3.1],[[email protected]])
+AC_INIT([liboauth2],[1.4.3.2-dev],[[email protected]])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIR([m4])

include/oauth2/cfg.h

@@ -134,6 +134,7 @@ oauth2_flag_t
 oauth2_cfg_endpoint_get_ssl_verify(const oauth2_cfg_endpoint_t *cfg);
 oauth2_uint_t
 oauth2_cfg_endpoint_get_http_timeout(const oauth2_cfg_endpoint_t *cfg);
+const char *oauth2_cfg_endpoint_get_outgoing_proxy(const oauth2_cfg_endpoint_t *cfg);
 
 /*
  * token verify

src/cfg/proto_cfg.c

@@ -37,6 +37,7 @@ oauth2_cfg_endpoint_t *oauth2_cfg_endpoint_init(oauth2_log_t *log)
 	endpoint->auth = NULL;
 	endpoint->ssl_verify = OAUTH2_CFG_FLAG_UNSET;
 	endpoint->http_timeout = OAUTH2_CFG_UINT_UNSET;
+	endpoint->outgoing_proxy = NULL;
 
 end:
 
@@ -53,6 +54,8 @@ void oauth2_cfg_endpoint_free(oauth2_log_t *log,
 		oauth2_mem_free(endpoint->url);
 	if (endpoint->auth)
 		oauth2_cfg_endpoint_auth_free(log, endpoint->auth);
+	if (endpoint->outgoing_proxy)
+		oauth2_mem_free(endpoint->outgoing_proxy);
 
 	oauth2_mem_free(endpoint);
 
@@ -74,6 +77,7 @@ oauth2_cfg_endpoint_clone(oauth2_log_t *log, const oauth2_cfg_endpoint_t *src)
 	dst->auth = oauth2_cfg_endpoint_auth_clone(log, src->auth);
 	dst->ssl_verify = src->ssl_verify;
 	dst->http_timeout = src->http_timeout;
+	dst->outgoing_proxy = oauth2_strdup(src->outgoing_proxy);
 
 end:
 	return dst;
@@ -135,8 +139,19 @@ char *oauth2_cfg_set_endpoint(oauth2_log_t *log, oauth2_cfg_endpoint_t *cfg,
 		if (rv)
 			goto end;
 	}
+	oauth2_mem_free(key);
 
+	key = oauth2_stradd(NULL, prefix ? prefix : NULL, prefix ? "." : NULL,
+			    "outgoing_proxy");
+	value = oauth2_nv_list_get(log, params, key);
+	if (value) {
+		rv = oauth2_strdup(oauth2_cfg_set_str_slot(
+		    cfg, offsetof(oauth2_cfg_endpoint_t, outgoing_proxy), value));
+		if (rv)
+			goto end;
+	}
 	oauth2_mem_free(key);
+
 	key = NULL;
 
 end:
@@ -183,6 +198,11 @@ oauth2_cfg_endpoint_get_http_timeout(const oauth2_cfg_endpoint_t *cfg)
 	return cfg->http_timeout;
 }
 
+const char *oauth2_cfg_endpoint_get_outgoing_proxy(const oauth2_cfg_endpoint_t *cfg)
+{
+	return cfg ? cfg->outgoing_proxy : NULL;
+}
+
 #define OAUTH2_CFG_ROPC_CLIENT_ID_DEFAULT NULL
 #define OAUTH2_CFG_ROPC_USERNAME_DEFAULT NULL
 #define OAUTH2_CFG_ROPC_PASSWORD_DEFAULT NULL

src/cfg_int.h

@@ -49,6 +49,7 @@ typedef struct oauth2_cfg_endpoint_t {
 	oauth2_cfg_endpoint_auth_t *auth;
 	oauth2_flag_t ssl_verify;
 	oauth2_uint_t http_timeout;
+	char *outgoing_proxy;
 } oauth2_cfg_endpoint_t;
 
 /*

src/jose.c

@@ -606,14 +606,12 @@ bool oauth2_jose_hash2s(oauth2_log_t *log, const char *digest, const char *src,
 
 _OAUTH2_CFG_CTX_INIT_START(oauth2_uri_ctx)
 ctx->endpoint = NULL;
-ctx->outgoing_proxy = NULL;
 ctx->cache = NULL;
 ctx->expiry_s = OAUTH2_CFG_UINT_UNSET;
 _OAUTH2_CFG_CTX_INIT_END
 
 _OAUTH2_CFG_CTX_CLONE_START(oauth2_uri_ctx)
 dst->endpoint = oauth2_cfg_endpoint_clone(log, src->endpoint);
-dst->outgoing_proxy = oauth2_strdup(src->outgoing_proxy);
 dst->cache = src->cache;
 dst->expiry_s = src->expiry_s;
 _OAUTH2_CFG_CTX_CLONE_END
@@ -1741,11 +1739,6 @@ char *oauth2_jose_options_uri_ctx(oauth2_log_t *log, const char *value,
 	ctx->endpoint = oauth2_cfg_endpoint_init(log);
 	rv = oauth2_cfg_set_endpoint(log, ctx->endpoint, value, params, prefix);
 
-	key = oauth2_stradd(NULL, prefix, ".", "outgoing_proxy");
-	ctx->outgoing_proxy =
-	    oauth2_strdup(oauth2_nv_list_get(log, params, key));
-	oauth2_mem_free(key);
-
 	key = oauth2_stradd(NULL, prefix, ".", "cache");
 	ctx->cache =
 	    oauth2_cache_obtain(log, oauth2_nv_list_get(log, params, key));
@@ -2030,7 +2023,7 @@ char *oauth2_jose_resolve_from_uri(oauth2_log_t *log, oauth2_uri_ctx_t *uri_ctx,
 		    log, ctx,
 		    oauth2_cfg_endpoint_get_ssl_verify(uri_ctx->endpoint));
 		oauth2_http_call_ctx_outgoing_proxy_set(
-		    log, ctx, uri_ctx->outgoing_proxy);
+		    log, ctx, oauth2_cfg_endpoint_get_outgoing_proxy(uri_ctx->endpoint));
 
 		rc = oauth2_http_get(
 		    log, oauth2_cfg_endpoint_get_url(uri_ctx->endpoint), NULL,

src/jose_int.h

@@ -40,7 +40,6 @@ typedef struct oauth2_jose_jwk_list_t {
 
 typedef struct oauth2_uri_ctx_t {
 	oauth2_cfg_endpoint_t *endpoint;
-	char *outgoing_proxy;
 	oauth2_cache_t *cache;
 	oauth2_time_t expiry_s;
 } oauth2_uri_ctx_t;

src/oauth2.c

@@ -319,6 +319,8 @@ static bool _oauth2_introspect_verify(oauth2_log_t *log,
 		log, http_ctx,
 		oauth2_cfg_endpoint_get_ssl_verify(ctx->endpoint)) == false)
 		goto end;
+	oauth2_http_call_ctx_outgoing_proxy_set(
+	    log, http_ctx, oauth2_cfg_endpoint_get_outgoing_proxy(ctx->endpoint));
 
 	params = oauth2_nv_list_init(log);
 	if (params == NULL)

src/proto.c

@@ -468,6 +468,12 @@ bool oauth2_ropc_exec(oauth2_log_t *log, oauth2_cfg_ropc_t *cfg,
 	if (ctx == NULL)
 		goto end;
 
+	oauth2_http_call_ctx_ssl_verify_set(
+	    log, ctx,
+	    oauth2_cfg_endpoint_get_ssl_verify(token_endpoint));
+	oauth2_http_call_ctx_outgoing_proxy_set(
+	    log, ctx, oauth2_cfg_endpoint_get_outgoing_proxy(token_endpoint));
+
 	if (oauth2_http_ctx_auth_add(
 		log, ctx, oauth2_cfg_endpoint_get_auth(token_endpoint),
 		params) == false)

test/Dockerfile

@@ -20,10 +20,10 @@ RUN cd /root/nginx && ./configure --with-debug
 ENV FLAVOR bionic
 ENV CJOSE_VERSION 0.6.1.5
 
-ENV CJOSE_PKG libcjose0_${CJOSE_VERSION}-1~${FLAVOR}+1_amd64.deb
+ENV CJOSE_PKG libcjose0_${CJOSE_VERSION}-1~${FLAVOR}+1_arm64.deb
 RUN curl -s -L -o ~/${CJOSE_PKG} https://mod-auth-openidc.org/download/${CJOSE_PKG}
 RUN dpkg -i ~/${CJOSE_PKG}
-ENV CJOSE_PKG libcjose-dev_${CJOSE_VERSION}-1~${FLAVOR}+1_amd64.deb
+ENV CJOSE_PKG libcjose-dev_${CJOSE_VERSION}-1~${FLAVOR}+1_arm64.deb
 RUN curl -s -L -o ~/${CJOSE_PKG} https://mod-auth-openidc.org/download/${CJOSE_PKG}
 RUN dpkg -i ~/${CJOSE_PKG}
 RUN apt-get update && apt-get install -y -f