From 347c10da2b01b481e5a4c765b61076ecc8aae90a Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Tue, 12 Oct 2021 10:59:00 +0200
Subject: [PATCH] make outgoing_proxy an endpoint property

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
---
 ChangeLog            |  5 ++++-
 configure.ac         |  2 +-
 include/oauth2/cfg.h |  1 +
 src/cfg/proto_cfg.c  | 20 ++++++++++++++++++++
 src/cfg_int.h        |  1 +
 src/jose.c           |  9 +--------
 src/jose_int.h       |  1 -
 src/oauth2.c         |  2 ++
 src/proto.c          |  6 ++++++
 test/Dockerfile      |  4 ++--
 10 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3f0facf..05b7f86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-10/21/2021
+10/12/2021
+- make outgoing_proxy an endpoint property
+
+10/11/2021
 - add outgoing_proxy option to verify context
 - correct remote_user debug printout
 - release 1.4.3.1
diff --git a/configure.ac b/configure.ac
index 5b9d09f..043ee02 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([liboauth2],[1.4.3.1],[hans.zandbelt@zmartzone.eu])
+AC_INIT([liboauth2],[1.4.3.2-dev],[hans.zandbelt@zmartzone.eu])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/include/oauth2/cfg.h b/include/oauth2/cfg.h
index a6a5bb6..4d2de1c 100644
--- a/include/oauth2/cfg.h
+++ b/include/oauth2/cfg.h
@@ -134,6 +134,7 @@ oauth2_flag_t
 oauth2_cfg_endpoint_get_ssl_verify(const oauth2_cfg_endpoint_t *cfg);
 oauth2_uint_t
 oauth2_cfg_endpoint_get_http_timeout(const oauth2_cfg_endpoint_t *cfg);
+const char *oauth2_cfg_endpoint_get_outgoing_proxy(const oauth2_cfg_endpoint_t *cfg);
 
 /*
  * token verify
diff --git a/src/cfg/proto_cfg.c b/src/cfg/proto_cfg.c
index b6f792a..b50cfec 100644
--- a/src/cfg/proto_cfg.c
+++ b/src/cfg/proto_cfg.c
@@ -37,6 +37,7 @@ oauth2_cfg_endpoint_t *oauth2_cfg_endpoint_init(oauth2_log_t *log)
 	endpoint->auth = NULL;
 	endpoint->ssl_verify = OAUTH2_CFG_FLAG_UNSET;
 	endpoint->http_timeout = OAUTH2_CFG_UINT_UNSET;
+	endpoint->outgoing_proxy = NULL;
 
 end:
 
@@ -53,6 +54,8 @@ void oauth2_cfg_endpoint_free(oauth2_log_t *log,
 		oauth2_mem_free(endpoint->url);
 	if (endpoint->auth)
 		oauth2_cfg_endpoint_auth_free(log, endpoint->auth);
+	if (endpoint->outgoing_proxy)
+		oauth2_mem_free(endpoint->outgoing_proxy);
 
 	oauth2_mem_free(endpoint);
 
@@ -74,6 +77,7 @@ oauth2_cfg_endpoint_clone(oauth2_log_t *log, const oauth2_cfg_endpoint_t *src)
 	dst->auth = oauth2_cfg_endpoint_auth_clone(log, src->auth);
 	dst->ssl_verify = src->ssl_verify;
 	dst->http_timeout = src->http_timeout;
+	dst->outgoing_proxy = oauth2_strdup(src->outgoing_proxy);
 
 end:
 	return dst;
@@ -135,8 +139,19 @@ char *oauth2_cfg_set_endpoint(oauth2_log_t *log, oauth2_cfg_endpoint_t *cfg,
 		if (rv)
 			goto end;
 	}
+	oauth2_mem_free(key);
 
+	key = oauth2_stradd(NULL, prefix ? prefix : NULL, prefix ? "." : NULL,
+			    "outgoing_proxy");
+	value = oauth2_nv_list_get(log, params, key);
+	if (value) {
+		rv = oauth2_strdup(oauth2_cfg_set_str_slot(
+		    cfg, offsetof(oauth2_cfg_endpoint_t, outgoing_proxy), value));
+		if (rv)
+			goto end;
+	}
 	oauth2_mem_free(key);
+
 	key = NULL;
 
 end:
@@ -183,6 +198,11 @@ oauth2_cfg_endpoint_get_http_timeout(const oauth2_cfg_endpoint_t *cfg)
 	return cfg->http_timeout;
 }
 
+const char *oauth2_cfg_endpoint_get_outgoing_proxy(const oauth2_cfg_endpoint_t *cfg)
+{
+	return cfg ? cfg->outgoing_proxy : NULL;
+}
+
 #define OAUTH2_CFG_ROPC_CLIENT_ID_DEFAULT NULL
 #define OAUTH2_CFG_ROPC_USERNAME_DEFAULT NULL
 #define OAUTH2_CFG_ROPC_PASSWORD_DEFAULT NULL
diff --git a/src/cfg_int.h b/src/cfg_int.h
index d71c515..de87add 100644
--- a/src/cfg_int.h
+++ b/src/cfg_int.h
@@ -49,6 +49,7 @@ typedef struct oauth2_cfg_endpoint_t {
 	oauth2_cfg_endpoint_auth_t *auth;
 	oauth2_flag_t ssl_verify;
 	oauth2_uint_t http_timeout;
+	char *outgoing_proxy;
 } oauth2_cfg_endpoint_t;
 
 /*
diff --git a/src/jose.c b/src/jose.c
index b755275..d0a8485 100644
--- a/src/jose.c
+++ b/src/jose.c
@@ -606,14 +606,12 @@ bool oauth2_jose_hash2s(oauth2_log_t *log, const char *digest, const char *src,
 
 _OAUTH2_CFG_CTX_INIT_START(oauth2_uri_ctx)
 ctx->endpoint = NULL;
-ctx->outgoing_proxy = NULL;
 ctx->cache = NULL;
 ctx->expiry_s = OAUTH2_CFG_UINT_UNSET;
 _OAUTH2_CFG_CTX_INIT_END
 
 _OAUTH2_CFG_CTX_CLONE_START(oauth2_uri_ctx)
 dst->endpoint = oauth2_cfg_endpoint_clone(log, src->endpoint);
-dst->outgoing_proxy = oauth2_strdup(src->outgoing_proxy);
 dst->cache = src->cache;
 dst->expiry_s = src->expiry_s;
 _OAUTH2_CFG_CTX_CLONE_END
@@ -1741,11 +1739,6 @@ char *oauth2_jose_options_uri_ctx(oauth2_log_t *log, const char *value,
 	ctx->endpoint = oauth2_cfg_endpoint_init(log);
 	rv = oauth2_cfg_set_endpoint(log, ctx->endpoint, value, params, prefix);
 
-	key = oauth2_stradd(NULL, prefix, ".", "outgoing_proxy");
-	ctx->outgoing_proxy =
-	    oauth2_strdup(oauth2_nv_list_get(log, params, key));
-	oauth2_mem_free(key);
-
 	key = oauth2_stradd(NULL, prefix, ".", "cache");
 	ctx->cache =
 	    oauth2_cache_obtain(log, oauth2_nv_list_get(log, params, key));
@@ -2030,7 +2023,7 @@ char *oauth2_jose_resolve_from_uri(oauth2_log_t *log, oauth2_uri_ctx_t *uri_ctx,
 		    log, ctx,
 		    oauth2_cfg_endpoint_get_ssl_verify(uri_ctx->endpoint));
 		oauth2_http_call_ctx_outgoing_proxy_set(
-		    log, ctx, uri_ctx->outgoing_proxy);
+		    log, ctx, oauth2_cfg_endpoint_get_outgoing_proxy(uri_ctx->endpoint));
 
 		rc = oauth2_http_get(
 		    log, oauth2_cfg_endpoint_get_url(uri_ctx->endpoint), NULL,
diff --git a/src/jose_int.h b/src/jose_int.h
index c3c7303..7d1ea51 100644
--- a/src/jose_int.h
+++ b/src/jose_int.h
@@ -40,7 +40,6 @@ typedef struct oauth2_jose_jwk_list_t {
 
 typedef struct oauth2_uri_ctx_t {
 	oauth2_cfg_endpoint_t *endpoint;
-	char *outgoing_proxy;
 	oauth2_cache_t *cache;
 	oauth2_time_t expiry_s;
 } oauth2_uri_ctx_t;
diff --git a/src/oauth2.c b/src/oauth2.c
index 38dd6f1..6c4d678 100644
--- a/src/oauth2.c
+++ b/src/oauth2.c
@@ -319,6 +319,8 @@ static bool _oauth2_introspect_verify(oauth2_log_t *log,
 		log, http_ctx,
 		oauth2_cfg_endpoint_get_ssl_verify(ctx->endpoint)) == false)
 		goto end;
+	oauth2_http_call_ctx_outgoing_proxy_set(
+	    log, http_ctx, oauth2_cfg_endpoint_get_outgoing_proxy(ctx->endpoint));
 
 	params = oauth2_nv_list_init(log);
 	if (params == NULL)
diff --git a/src/proto.c b/src/proto.c
index 3a4b461..e767452 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -468,6 +468,12 @@ bool oauth2_ropc_exec(oauth2_log_t *log, oauth2_cfg_ropc_t *cfg,
 	if (ctx == NULL)
 		goto end;
 
+	oauth2_http_call_ctx_ssl_verify_set(
+	    log, ctx,
+	    oauth2_cfg_endpoint_get_ssl_verify(token_endpoint));
+	oauth2_http_call_ctx_outgoing_proxy_set(
+	    log, ctx, oauth2_cfg_endpoint_get_outgoing_proxy(token_endpoint));
+
 	if (oauth2_http_ctx_auth_add(
 		log, ctx, oauth2_cfg_endpoint_get_auth(token_endpoint),
 		params) == false)
diff --git a/test/Dockerfile b/test/Dockerfile
index 13206df..da55c57 100644
--- a/test/Dockerfile
+++ b/test/Dockerfile
@@ -20,10 +20,10 @@ RUN cd /root/nginx && ./configure --with-debug
 ENV FLAVOR bionic
 ENV CJOSE_VERSION 0.6.1.5
 
-ENV CJOSE_PKG libcjose0_${CJOSE_VERSION}-1~${FLAVOR}+1_amd64.deb
+ENV CJOSE_PKG libcjose0_${CJOSE_VERSION}-1~${FLAVOR}+1_arm64.deb
 RUN curl -s -L -o ~/${CJOSE_PKG} https://mod-auth-openidc.org/download/${CJOSE_PKG}
 RUN dpkg -i ~/${CJOSE_PKG}
-ENV CJOSE_PKG libcjose-dev_${CJOSE_VERSION}-1~${FLAVOR}+1_amd64.deb
+ENV CJOSE_PKG libcjose-dev_${CJOSE_VERSION}-1~${FLAVOR}+1_arm64.deb
 RUN curl -s -L -o ~/${CJOSE_PKG} https://mod-auth-openidc.org/download/${CJOSE_PKG}
 RUN dpkg -i ~/${CJOSE_PKG}
 RUN apt-get update && apt-get install -y -f